Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

• Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
• Code is considered more complex for each "break in the linear flow of the code"
• Code is considered more complex when "flow breaking structures are nested"

Further reading

• Cognitive Complexity docs
• Cognitive Complexity: A new way of measuring understandability

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

• Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
• Code is considered more complex for each "break in the linear flow of the code"
• Code is considered more complex when "flow breaking structures are nested"

Further reading

• Cognitive Complexity docs
• Cognitive Complexity: A new way of measuring understandability

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

• Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
• Code is considered more complex for each "break in the linear flow of the code"
• Code is considered more complex when "flow breaking structures are nested"

Further reading

• Cognitive Complexity docs
• Cognitive Complexity: A new way of measuring understandability

A class that grows too much tends to aggregate too many responsibilities and inevitably becomes harder to understand and therefore to maintain. Above a specific threshold, it is strongly advised to refactor the class into smaller ones which focus on well defined topics.

Cognitive Complexity is a measure of how hard the control flow of a function is to understand. Functions with high Cognitive Complexity will be difficult to maintain.

See

• Cognitive Complexity

If you throw a general exception type, such as ErrorException, RuntimeException, or Exception in a library or framework, it forces consumers to catch all exceptions, including unknown exceptions that they do not know how to handle.

Instead, either throw a subtype that already exists in the Standard PHP Library, or create your own type that derives from Exception.

Noncompliant Code Example

throw new Exception();  // Noncompliant

Compliant Solution

throw new InvalidArgumentException();
// or
throw new UnexpectedValueException();

See

• MITRE, CWE-397 - Declaration of Throws for Generic Exception
• CERT, ERR07-J. - Do not throw RuntimeException, Exception, or Throwable

private methods that are never executed are dead code: unnecessary, inoperative code that should be removed. Cleaning out dead code decreases the size of the maintained codebase, making it easier to understand the program and preventing bugs from being introduced.

Noncompliant Code Example

public class Foo
{
  private function Foo() {}   // Compliant, private empty constructor intentionally used to prevent any direct instantiation of a class.

  public static function doSomething()
  {
    $foo = new Foo();
    ...
  }

  private function unusedPrivateFunction() {  // Noncompliant
  }
}

Compliant Solution

public class Foo
{
  private function Foo(){}   // Compliant, private empty constructor intentionally used to prevent any direct instantiation of a class.

  public static function doSomething()
  {
    $foo = new Foo();
  }
}

See

• CERT, MSC07-CPP. - Detect and remove dead code

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Programmers should not comment out code as it bloats programs and reduces readability.

Unused code should be deleted and can be retrieved from source control history if required.

See

• MISRA C:2004, 2.4 - Sections of code should not be "commented out".
• MISRA C++:2008, 2-7-2 - Sections of code shall not be "commented out" using C-style comments.
• MISRA C++:2008, 2-7-3 - Sections of code should not be "commented out" using C++ comments.
• MISRA C:2012, Dir. 4.4 - Sections of code should not be "commented out"

Merging collapsible if statements increases the code's readability.

Noncompliant Code Example

if (condition1) {
  if (condition2) {
    ...
  }
}

Compliant Solution

if (condition1 && condition2) {
  ...
}

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Programmers should not comment out code as it bloats programs and reduces readability.

Unused code should be deleted and can be retrieved from source control history if required.

See

• MISRA C:2004, 2.4 - Sections of code should not be "commented out".
• MISRA C++:2008, 2-7-2 - Sections of code shall not be "commented out" using C-style comments.
• MISRA C++:2008, 2-7-3 - Sections of code should not be "commented out" using C++ comments.
• MISRA C:2012, Dir. 4.4 - Sections of code should not be "commented out"

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.