Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

• Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
• Code is considered more complex for each "break in the linear flow of the code"
• Code is considered more complex when "flow breaking structures are nested"

Further reading

• Cognitive Complexity docs
• Cognitive Complexity: A new way of measuring understandability

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

• Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
• Code is considered more complex for each "break in the linear flow of the code"
• Code is considered more complex when "flow breaking structures are nested"

Further reading

• Cognitive Complexity docs
• Cognitive Complexity: A new way of measuring understandability

Having too many return statements in a function increases the function's essential complexity because the flow of execution is broken each time a return statement is encountered. This makes it harder to read and understand the logic of the function.

Noncompliant Code Example

With the default threshold of 3:

function myFunction(){ // Noncompliant as there are 4 return statements
  if (condition1) {
    return true;
  } else {
    if (condition2) {
      return false;
    } else {
      return true;
    }
  }
  return false;
}

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

private methods that are never executed are dead code: unnecessary, inoperative code that should be removed. Cleaning out dead code decreases the size of the maintained codebase, making it easier to understand the program and preventing bugs from being introduced.

Noncompliant Code Example

public class Foo
{
  private function Foo() {}   // Compliant, private empty constructor intentionally used to prevent any direct instantiation of a class.

  public static function doSomething()
  {
    $foo = new Foo();
    ...
  }

  private function unusedPrivateFunction() {  // Noncompliant
  }
}

Compliant Solution

public class Foo
{
  private function Foo(){}   // Compliant, private empty constructor intentionally used to prevent any direct instantiation of a class.

  public static function doSomething()
  {
    $foo = new Foo();
  }
}

See

• CERT, MSC07-CPP. - Detect and remove dead code

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

private methods that are never executed are dead code: unnecessary, inoperative code that should be removed. Cleaning out dead code decreases the size of the maintained codebase, making it easier to understand the program and preventing bugs from being introduced.

Noncompliant Code Example

public class Foo
{
  private function Foo() {}   // Compliant, private empty constructor intentionally used to prevent any direct instantiation of a class.

  public static function doSomething()
  {
    $foo = new Foo();
    ...
  }

  private function unusedPrivateFunction() {  // Noncompliant
  }
}

Compliant Solution

public class Foo
{
  private function Foo(){}   // Compliant, private empty constructor intentionally used to prevent any direct instantiation of a class.

  public static function doSomething()
  {
    $foo = new Foo();
  }
}

See

• CERT, MSC07-CPP. - Detect and remove dead code

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Having two cases in a switch statement or two branches in an if chain with the same implementation is at best duplicate code, and at worst a coding error. If the same logic is truly needed for both instances, then in an if chain they should be combined, or for a switch, one should fall through to the other.

Noncompliant Code Example

switch ($i) {
  case 1:
    doSomething();
    break;
  case 2:
    doSomethingDifferent();
    break;
  case 3:  // Noncompliant; duplicates case 1's implementation
    doSomething();
    break;
  default:
    doTheRest();
}

if ($a >= 0 && $a < 10) {
  doTheThing();
else if ($a >= 10 && $a < 20) {
  doTheOtherThing();
}
else if ($a >= 20 && $a < 50) {
  doTheThing();  // Noncompliant; duplicates first condition
}
else {
  doTheRest();
}

if ($b == 0) {
  doOneMoreThing();
}
else {
  doOneMoreThing(); // Noncompliant; duplicates then-branch
}

var b = a ? 12 > 4 : 4;  // Noncompliant; always results in the same value

Compliant Solution

switch ($i) {
  case 1:
  case 3:
    doSomething();
    break;
  case 2:
    doSomethingDifferent();
    break;
  default:
    doTheRest();
}

if (($a >= 0 && $a < 10) || ($a >= 20 && $a < 50)) {
  doTheThing();
else if ($a >= 10 && $a < 20) {
  doTheOtherThing();
}
else {
  doTheRest();
}

doOneMoreThing();

b = 4;

or

switch ($i) {
  case 1:
    doSomething();
    break;
  case 2:
    doSomethingDifferent();
    break;
  case 3:
    doThirdThing();
    break;
  default:
    doTheRest();
}

if ($a >= 0 && $a < 10) {
  doTheThing();
else if ($a >= 10 && $a < 20) {
  doTheOtherThing();
}
else if ($a >= 20 && $a < 50) {
  doTheThirdThing();
}
else {
  doTheRest();
}

if ($b == 0) {
  doOneMoreThing();
}
else {
  doTheRest();
}

int b = a ? 12 > 4 : 8;

Exceptions

Blocks in an if chain that contain a single line of code are ignored, as are blocks in a switch statement that contain a single line of code with or without a following break.