Cyclomatic Complexity

A measure of the logical complexity of an algorithm, used in white-box testing.

Cyclomatic Complexity: Defined


Cyclomatic complexity is used to gauge the overall intricacy of an application or specific functionality within it. The software metric quantitatively measures a program's logical strength based on existing decision paths in the source code. It is computed by using the control flow graph, where each node on the graph represents indivisible groups or commands within the program.

For example, an application consisting of zero decision points (IF, FOR, etc.) has an intricacy score of 1 because it contains a single path in the source code. If the program contains an IF statement consisting of one condition, the code would contain a total of two paths: TRUE or FALSE. The cyclomatic complexity algorithm is used to derive a measurable value based on the number of edges and nodes within the graph as well as the total count of connected components or exit nodes. It is represented as shown below:

Complexity (M) = Edges (E) – Nodes (N) + Exit Nodes (P)

Individual programs, subroutines, or methods always have one exit node, thus resulting in the value of P equaling one. This value remains consistent unless multiple applications with several exit points are to be assessed at the same time.

Cyclomatic Complexity's impact on your Software Quality

This software measurement aids in limiting routine complexity during the development process and makes it easier to split modules into smaller, easier-to-manage components. Programs with a level below 10 are considered to be within the cyclomatic complexity acceptable range. This measurement can be used to identify areas of improvement at the source-code level. Risk is assessed based on the provided value:

  • 01 to 10 – Minimal Risk
  • 11 to 20 – Moderate Risk
  • 21 to 50 – High Risk
  • Over 50 – Very High Risk

Using Cyclomatic complexity as a primary measure of an application or system helps organizations identify high-risk applications and develop improvement approaches for decreasing the threats, maintenance time, productivity issues, and technical debt. Understanding a system’s complexity provides insight regarding where a developed program needs additional work in order for it to be deployed successfully within a multi-tiered, multiple technology infrastructure.

Do you know the complexity of your applications?

Are your applications more complex than they have to be to meet business or user needs? Imagine having the necessary knowledge for properly assessing developer or vendor productivity for each implemented application in your organization. Cyclomatic complexity analysis provides a measurement for conveying the intricacy level of source code being implemented by your development team and is combined with application type, operating domain, and total size to provide a useful measurement of software risk and quality within an organization. CAST uses cyclomatic complexity along with additional complexity measures (CAST Complexity) when assessing the amount, density, and risk of your source code to aid in accurately gauging current code quality for improved productivity.

Understanding the complexity of your critical systems is simple. Take a look at the kind of insight into the structure of your code that CAST can generate today.