Calculate McCabe cyclomatic complexity from edges, nodes, and connected components. Classify code complexity and risk levels.
Cyclomatic complexity, introduced by Thomas McCabe in 1976, measures the number of linearly independent paths through a program's source code. It is one of the most widely used software metrics for estimating code complexity, testability, and maintenance risk.
The metric is calculated from the control flow graph of a function: M = E − N + 2P, where E is the number of edges, N is the number of nodes, and P is the number of connected components. In practice, it equals the number of decision points (if, else, for, while, case) plus one.
This calculator lets you compute cyclomatic complexity and classifies the result into risk categories. Functions with complexity under 10 are simple and easy to test. Those between 11 and 20 are moderately complex. Above 20, the code becomes difficult to understand and test thoroughly.
By calculating this metric accurately, DevOps and engineering professionals gain actionable insights that drive system reliability, scalability, and operational excellence across environments.
Cyclomatic complexity is the standard metric for identifying functions that are too complex to maintain safely. This calculator provides instant classification and testing guidance based on the metric value. Data-driven tracking enables evidence-based infrastructure decisions, reducing the risk of over-provisioning costs or under-provisioning that leads to performance bottlenecks. This quantitative approach replaces reactive troubleshooting with proactive monitoring, enabling engineering teams to maintain service level objectives and minimize unplanned system downtime.
M = E − N + 2P where E = edges, N = nodes, P = connected components Simplified: M = decision_points + 1 Minimum test cases needed = M
Result: Complexity = 5 (Simple, low risk)
M = 15 − 12 + 2(1) = 5. A complexity of 5 is classified as simple (1–10 range). The function needs at least 5 test cases for complete path coverage. This is well-structured, maintainable code.
Thomas McCabe's cyclomatic complexity has been a cornerstone of software quality measurement since 1976. Its enduring relevance comes from its simplicity and strong correlation with defect rates. Functions with complexity above 10 consistently show 2–3× higher defect density in empirical studies.
The standard thresholds are: 1–10 (simple, low risk), 11–20 (moderate, medium risk), 21–50 (complex, high risk), and 50+ (untestable, very high risk). These thresholds are widely adopted in static analysis tools and coding standards across the industry.
Integrate complexity checks into your CI/CD pipeline. Set a threshold (typically 10–15) and flag functions that exceed it during code review. This prevents complexity from creeping up over time and keeps the codebase maintainable.
1–10 is simple and low risk. 11–20 is moderate complexity. 21–50 is high complexity with elevated testing difficulty. Above 50 is very high risk and should be refactored immediately.
Count each if, else if, for, while, do-while, case (in switch), catch, and logical operators (&& and ||) in conditional expressions. Add 1 to the total. This gives the same result as the graph formula for a single function.
It measures structural complexity, which correlates with defect density and testing difficulty. However, it doesn't capture domain complexity or code readability. Use it alongside other metrics like cognitive complexity for a complete picture.
The cyclomatic complexity number equals the minimum number of test cases needed for complete path coverage. A function with complexity 10 needs at least 10 tests to cover every independent execution path.
Common techniques include extracting methods, replacing conditionals with polymorphism, using lookup tables instead of switch statements, applying the strategy pattern, and breaking large functions into smaller focused ones. Comparing your results against established benchmarks provides valuable context for evaluating whether your figures fall within the expected range.
Cognitive complexity (used by SonarQube) measures how hard code is for humans to understand, penalizing nested structures more heavily. Cyclomatic complexity measures the number of paths. Both are valuable but measure different aspects of code complexity.