For over 20 years, software engineers have used code smells to detect problems in their source code. Why? Because smells are early warnings! Research indicates that code smells correlate to maintainability and production issues, which means detecting code smells prior to releasing code into production helps improve system maintainability and reliability. Therefore, automatic detection of code smells is a valuable early warning system that can benefit virtually every development organization.

1. EXCUSE ME BUT…YOUR CODE SMELLS

2. Unlike touch and taste, the sense of smell can detect odors
from a distance. This certainly comes in handy to prevent us
from eating something poisonous, or giving advance warning
of danger in our environment.
So what does this have to do with code?
For over 20 years, software engineers have used code smells
to detect problems in their source code. Why? Because
smells are early warnings!
A code smell is any symptom in the source code of an
application or system that indicates a deeper problem,
such as weaknesses in design or system vulnerabilities
that may increase the risk of future failures.
DON’T TAKE IT PERSONALLY
A human
nose can
detect over
10,000
different
smells!

3. A code smell hints that something is wrong in the source
code that runs your system. Good software engineers
employ automated code smelling tools such as code
quality analysis to detect, identify, and track down these
potential weaknesses in their code.
Functional testing is not enough.
Functional testing only evaluates a system's compliance
with its specified requirements, while automated tools
examine the actual code to highlight weakness, and
identify high value targets for refactoring. According to
Capers Jones, “A synergistic combination of formal
inspections, static analysis, and formal testing can achieve
combined defect removal efficiency levels of 99%.”
WHAT’S IN A CODE SMELL?
Kent Beck
coined
the term
Code Smell
- Refactoring: Improving
the Design of Existing Code

4. Like the seven primary smells that your
nose can identify, code smells can be
classified to help you understand the
type of issues that may be present in
source code.
Research indicates that code smells correlate to maintainability
and production issues, which means detecting code smells
prior to releasing code into production helps improve system
maintainability and reliability.
Therefore, automatic detection of code smells is a valuable
early warning system that can benefit virtually every
development organization.
OH MY….WHAT’S THAT SMELL?
7 Types of
Smells
• Camphoric (Mothballs)
• Musky (Perfume)
• Roses (Floral)
• Pepperminty
• Etheral (Dry Cleaning Fluid)
• Pungent (Vinegar)
• Putrid (Rotten Eggs)
7 Examples of
Code Smells
• Duplicated code
• Long methods
• Large class
• Too many parameters
• Inappropriate intimacy
• Contrived complexity
• Excessively long identifiers

5. 1010101010101101010101
0101010101011010101010
1010101010010101111010
1010101010101010101010
1010101010101011010101
0101011010101010101010
1010110101010101010101
0100101011110101010101
0101010101010101010101
0101010110101010101011
0101010101010101010110
Code smells can be
detected by a static code
quality agent that can read
source code. The agent
builds a representation of
the code, then checks it
against a set of patterns.
HOW TO SMELL YOUR CODE
POOR GOOD EXCELLENT
Size
Complexity
Best Practices
Stability
Maintainability
The agent looks at the
occurrences of bad code
patterns. The presence of one
instance of a pattern doesn’t
mean the code smells;
however, many occurrences
may trigger a threshold that
indicates the code is starting
to smell.
The agent aggregates the
results of the pattern detection
and generates code quality
metrics (ie. number of lines of
code, comment density, code
complexity). These metrics and
indicators are used to determine
how much and what type of
risky behaviors have been
detected in the code.

6. The annual impact of bad software is estimated to be $59
billion and over 90% of the vulnerabilities that cause these
defects are in source code.
Analyzing critical systems to detect code smells prior to
release provides benefits well beyond simple functional
testing. Automated code smell detection is a fast, reliable
risk reduction tool that should applied to all critical systems
to ensure early identification of potential issues and prevent
costly system outages and repair efforts.
THE IMPORTANCE OF SMELL
Early
Warning
Indicators
Recent high-profile IT failures that may have benefitted from code-smelling.

7. MY CODE STINKS…NOW WHAT?
Transparency into the state of critical systems is difficult, yet
crucial to any organization. Once you’ve scanned your critical
systems, the next step is to determine root cause. Code can
go bad at many levels – programmer, process, architectural,
and even organizational. The key is that by analyzing and
measuring your code regularly you have the visibility and
facts needed to isolate root cause.
Bad things happen to good code.
Even great code will start to smell bad over time as fixes and
enhancements are introduced into the code base. However,
there are simple precautions you can take to detect potential
vulnerabilities early.
Gain
Visibility &
Monitor
Regularly

8. WAKE UP AND SMELL YOUR CODE!
Mission critical applications come with risks that have
significant business consequences. The conditions that
produce these risks grows steadily worse, as applications
become larger and more complex and demand from the
market to be more agile to compete increases. These are
perfect conditions that lead to headline making disasters
and end careers.
You must find ways to control the internal quality of your
systems. Identifying code smells through automated code
quality analysis is a scalable and effective method to
monitor critical systems evolution, improve maintainability,
and reduce the likelihood of production outages.
Identify &
Prevent Risk

9. START SMELLING LIKE A ROSE
Get visibility – Chance are you have no idea what your
code smells like. Have your teams perform code quality
analysis to establish a baseline of internal structural
quality.
Monitor – Insist that product teams regularly measure
and report on the internal quality of mission critical
systems. Require clear plans to mitigate these
vulnerabilities.
Communicate – Use this information as the foundation of
a continuing dialogue with your team to close process
gaps and develop needed skill sets.
Ask CAST for help – We’ve been helping clients prevent
bad code from impacting good businesses for over 15
years.
Try
CAST HIGHLIGHT!
www.casthighlight.com/demo
Rapid Application Portfolio
Analysis