Software Complexity Is Killing Us


While you're reading this article, if you come across words – and even sentences – that you don’t understand, there's a high chance you feel like developers do when they're looking at lines of code with a high level of nested complexity. A high level of software complexity can make it difficult to determine architectural hotspots where risk and cost emanate.

Also known as the “arrow anti-pattern,” nested complexity is the use of multiple kinds of control statements (IF, WHILE, FOREACH, SWITCH, etc.) within code. The more nested complexity you have, the less understandable the code will be, leading to greater probability of software risk and regression.

Code Complexity: A Real-Life Problem

From my own coding experience, I've always been surprised by our natural capability to produce extremely complex logic, which can easily be lost, even after a short 10-minute break in coding. Where I am in the path of my own dark code logic? I wrote this batch script only one week ago!

So, just imagine how hard it is to fix an urgent bug that occurred in production of your business-critical application. Especially if:

  1. The code is very complex
  2. You're not the one who wrote this code
  3. People who coded that script left the organization years ago
  4. The code is not well-documented and method or function names are not very explicit
  5. The application is still in active development and requires code changes on a regular basis

Code complexity dramatically increases unpredictable maintenance efforts, costs and delay, while exposing the organization to a possible loss of stability. Nested complexity can impact long-term quality characteristics of software, such as changeability, transferability and robustness. It’s not uncommon to come across business applications that suffer from this kind of ailment: hard to move, unable to evolve, prematurely old and retired.

Looking at Appmarq statistics on the rule "Avoid Artifacts with High Depth of Code" illuminates interesting insights on how developers comply with this programming practice. 11

This rule has been run on more than 1,100 applications that implement a wide variety of technologies: JEE, COBOL, C/C++ and C#, SAP/ABAP and some database-related programming languages such as PL/SQL, Microsoft and Sybase T-SQL, DB2. In the retail example referenced below, the code depth parameter used is 5, meaning a violation is triggered each time a code artifact reaches a level of 5 nested condition statements.

Globally, Appmarq reveals that most of software components comply with this quality rule, since the overall compliance ratio is at 98.37%. This is a pretty good score compared to other good software programming practices. In a total of 28 million possible cases, only 467 thousands objects were found to be defective. However, this complexity phenomenon tends to impact most applications. For example, the average application today includes about 419 defects.

Retail Organizations Distribute More Complex Applications

According to Appmarq, development teams in the Retail industry seem to deliver applications with higher nested complexity. With an average of 396 defects by application, this vertical only complies with 96.74%, while other industries score better with an overall compliance ratio above 98%. Conversely, Media (99.54%), Utilities (99.30%), Government (99.05%) and Energy (98.87%) record the highest ratios.

Technically speaking, applications that are implemented with JavaScript and C tend to comprise the most complex code, recording 90.50% and 91.76%, respectively, with an average of 200 defects per application. Conversely, the highest scoring technologies are C# (99.55%), SQL Server (99.43%), Visual Basic and JEE (98.96%).

But when looking at the average defect density at the application level, these statistics tell a different story. SAP-customized systems in ABAP have the highest density with an average of 306 violations by application (compared to COBOL-based applications, which record only 73 issues on average).

Understanding that code complexity can drastically impact the changeability and reliability of software, it is critical to evaluate the quality of core applications before embarking on digital transformation initiatives and modernizing old code to new platforms. Ensuring that your complexity metrics don’t spiral out of control is one of the key ways to remain agile and move faster than your competitors.


Michael Muller
Michael Muller Product Owner Cloud-Based Software Analytics & Benchmarking at CAST
Michael Muller is a 15-year veteran in the software quality and measurement space. His areas of expertise include code quality, technical debt assessment, software quality remediation strategy, and application portfolio management. Michael manages the Appmarq product and benchmark database and is part of the CAST Research Labs analysis team that generates the industry-renowned CRASH reports.
Load more reviews
Thank you for the review! Your review must be approved first
You've already submitted a review for this item