Comments on identifying risky areas
ecp@acm.org (Erik Petersen) writes:
"Algorithmic complexity is also good measure of risk."
Brian Marick replies:
"I agree. My hesitation with complexity metrics like McCabe's is that they're often misused in the same way that coverage is misused. One useful objective number comes to dominate, even eliminate, useful subjective opinions. I recall once reading a paper discussing the 'complexity' of common UNIX utilities. As it happened, I was working at a UNIX porting shop at the time, and people there were porting some of those very same utilities. One of the least complex (according to the paper) of the utilities was actually horrendously complex (according to the person who was struggling to port it). The mismatch was due to the fact that the complexity metric took into account only control-flow complexity, not bizarre use of variables, and totally missed an idiosyncratic (to say the least) use of C preprocessor macros that made the code hard to understand."