Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

• Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
• Code is considered more complex for each "break in the linear flow of the code"
• Code is considered more complex when "flow breaking structures are nested"

Further reading

• Cognitive Complexity docs
• Cognitive Complexity: A new way of measuring understandability

Unused parameters are misleading. Whatever the value passed to such parameters is, the behavior will be the same.

Noncompliant Code Example

function doSomething($a, $b) { // "$a" is unused
  return compute($b);
}

Compliant Solution

function doSomething($b) {
  return compute($b);
}

Exceptions

Functions in classes that override a class or implement interfaces are ignored.

class C extends B {

  function doSomething($a, $b) {     // no issue reported on $b
    compute($a);
  }

}

See

• MISRA C++:2008, 0-1-11 - There shall be no unused parameters (named or unnamed) in nonvirtual functions.
• MISRA C:2012, 2.7 - There should be no unused parameters in functions
• CERT, MSC12-C. - Detect and remove code that has no effect or is never executed
• CERT, MSC12-CPP. - Detect and remove code that has no effect

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

Unused parameters are misleading. Whatever the value passed to such parameters is, the behavior will be the same.

Noncompliant Code Example

function doSomething($a, $b) { // "$a" is unused
  return compute($b);
}

Compliant Solution

function doSomething($b) {
  return compute($b);
}

Exceptions

Functions in classes that override a class or implement interfaces are ignored.

class C extends B {

  function doSomething($a, $b) {     // no issue reported on $b
    compute($a);
  }

}

See

• MISRA C++:2008, 0-1-11 - There shall be no unused parameters (named or unnamed) in nonvirtual functions.
• MISRA C:2012, 2.7 - There should be no unused parameters in functions
• CERT, MSC12-C. - Detect and remove code that has no effect or is never executed
• CERT, MSC12-CPP. - Detect and remove code that has no effect

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Programmers should not comment out code as it bloats programs and reduces readability.

Unused code should be deleted and can be retrieved from source control history if required.

See

• MISRA C:2004, 2.4 - Sections of code should not be "commented out".
• MISRA C++:2008, 2-7-2 - Sections of code shall not be "commented out" using C-style comments.
• MISRA C++:2008, 2-7-3 - Sections of code should not be "commented out" using C++ comments.
• MISRA C:2012, Dir. 4.4 - Sections of code should not be "commented out"