| Jerry, | | It is always possible that I misunderstand the McCabe | score which may come from the fact that so many build | environments compute it along with producing the binary, | i.e., independent of human eyeballs. If complexity | scoring requires human eyeballs or the presence of the | designer's flow charts, then will we ever get meaningful | numbers (sans artificial intelilgence) for code we did | not write ourselves? [...yes, this parallels the many | arguments about how can you trust crypto code you didn't | write, either...] | | If McCabe scoring is your area, do you agree with the | rule that a McCabe score of <10 is essential -- an argument | that I am quoting from some NASA spec I read a while ago | and can dig up again if that turns out to be necessary. It's not really my area, sorry. I'm just looking at this from a very general point of view. The point of McCabe and similar measures is to point you to areas likely to contain bugs, or that are likely to be particularly costly to implement. Since it's *humans* who actually implement (and produced bugs), a meaningful measure can't depend on things that human beings don't see. This kind of analysis can be very powerful. Everyone has heard of Galileo's experiment dropping balls of different weights and proving they hit the ground at the same time - but how many people are aware of his theoretical argument that this must be the case? It's very simple: Suppose a 2lb ball drops faster than a 1lb ball. Take the 2lb ball and pull it into a dumbell shape, with (almost) 1lb at each end, but the ends very close together. Presumably, it still drops at the speed of a 2lb ball. Now pull the halves apart a bit at a time, gradually thining out the connecting segment. Eventually, you have two 1lb ball connected by a thread. Does that drop at the speed of the individual 1lb balls, or at the speed of a 2lb ball? Clearly, it has to be both - the 1lb and 2lb balls must drop at the *same* speed!
I pretty sure the build environments that give you McCabe measures automatically are pulling the information from the control flow analysis in compiler front ends. This is where basic blocks and the edges connecting them are first extracted. Computing McCabe is trivial at this point - and the structure it is computed on will correspond pretty directly to what a human being would have perceived. As various optimizations are applied, the structure will change - and there is no reason to believe that the McCabe measure won't change along the way, since preserving McCabe is hardly a goal of optimizing transformations. | Always ready for re-education, but wary of the best | being the enemy of the good, | | --dan -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]