Back to glossary

nSLOC

Table of Contents

What is nSLOC?

When analyzing a smart contract's codebase, it's essential to assess its complexity accurately. Traditional line counts often include comments, documentation, and empty lines, which can obscure the true nature of the code. This is where nSLOC becomes invaluable.

nSLOC stands for Normalized Source Lines of Code, a metric that counts only the lines of code in a program that contain executable instructions. 

This metric excludes comments, documentation, and blank lines, thereby providing a more accurate measure of the code's true size and complexity. 

By focusing on the essential logic, nSLOC helps developers and auditors better understand the intricacies of the code, making it easier to identify potential issues and areas for improvement.

Why is nSLOC important?

In the context of smart contract development, understanding code complexity is critical. 

Once deployed, smart contracts are immutable. And any errors or inefficiencies in the code are permanent. By using nSLOC, developers can ensure that the core logic of their contracts is as straightforward and error-free as possible, reducing the risk of vulnerabilities and improving the overall security and maintainability of the codebase.

During code reviews nSLOC :

  • provides a clear metric to evaluate the actual complexity of the code. This helps reviewers focus on the most critical parts of the codebase, ensuring thorough and efficient reviews.
  • aids in identifying redundant or overly complex code that can be refactored for better performance and security. By stripping away comments and empty lines, auditors can more easily spot potential vulnerabilities and logic errors.
  • facilitates in creating a more secure and robust codebase by highlighting the essential logic that needs to be scrutinized.

Additionally, nSLOC can be used to estimate the effort required for development and maintenance. This is particularly useful for project managers to allocate resources and plan timelines effectively. It also helps in comparing the complexity of different projects or modules, aiding in better decision-making and prioritization. 

By providing a clear and focused measure of code complexity, nSLOC plays a crucial role in enhancing the quality, security, and maintainability of smart contracts in the web3 ecosystem.

How does nSLOC work?

Consider the following Solidity code snippet:

1    // This function transfers tokens from one address to another
2    /**
3     * @notice Transfers `_amount` tokens from `_from` to `_to`
4     * @param _from The address to transfer tokens from
5     * @param _to The address to transfer tokens to
6     * @param _amount The amount of tokens to transfer
7     */
8    function transfer(address _from, address _to, uint256 _amount) public {
9        // Ensure the sender has enough tokens
10       require(balanceOf[_from] >= _amount, "Insufficient balance");
11       // Subtract the amount from the sender's balance
12       balanceOf[_from] -= _amount;
13       // Add the amount to the recipient's balance
14       balanceOf[_to] += _amount;
15       // Emit a transfer event
16       emit Transfer(_from, _to, _amount);
17 }

A standard line count indicates that this function has 17 lines. However, when evaluated using nSLOC, the function has only 6 lines. This is because comments and documentation are excluded, focusing only on the lines that contain executable logic. 

The nSLOC for this function, after removing non-essential lines, is as follows:

function transfer(address _from, address _to, uint256 _amount)public {
    require(balanceOf[_from] >= _amount, "Insufficient balance");
    balanceOf[_from] -= _amount;
    balanceOf[_to] += _amount;
    emit Transfer(_from, _to, _amount);
}

Counting the lines of code above, there are 6. This reflects the code’s true complexity.

What are the benefits of using nSLOC?

  • Accurate assessment of complexity: nSLOC provides a better representation of a codebase’s complexity, which is crucial for thorough code reviews.
  • Enhanced code security: By stripping away non-executable lines, nSLOC makes it easier to spot potential vulnerabilities and logic errors, contributing to a more secure smart contract.
  • Improved resource allocation: Project managers can use nSLOC to estimate development and maintenance efforts more accurately, allowing for better resource planning and timeline management.
  • Facilitated comparison: nSLOC enables easier comparison of different projects or modules, helping in decision-making and prioritization.

How to calculate the nSloc of a codebase

Image of the output of nSLOC calculation of the example code above using cloc.

Output of nSLOC calculation of the example code above using cloc.

To streamline the process of calculating nSLOC, several tools can automate the task and provide detailed insights Here are three such tools:

Aderyn is an open-source developer tool built with Rust. It serves as a static analyzer for Solidity smart contracts, aiding protocol engineers and security researchers in identifying vulnerabilities within codebases.

cloc (Count Lines of Code) is a popular tool that not only counts lines of code but also differentiates between comment lines, blank lines, and actual source code. It supports a wide variety of programming languages and is highly customizable. 

Users can generate reports in various formats, making it easy to integrate into different workflows. cloc is particularly useful for gaining a high-level overview of a project's structure and complexity. GitHub link

Watch a demo of how to install and use cloc on a Cyfrin Updraft smart contract security course.

scc (SLOC, cloc, and code) is a fast, cross-platform tool that combines the functionalities of SLOC, cloc, and code analysis into one package. It provides accurate counts of source lines, comments, and blank lines, while also offering language detection and the ability to handle large codebases efficiently.  

scc is known for its speed and minimal resource usage, making it ideal for continuous integration pipelines and large projects. GitHub link

Tokei is a robust and high-performance tool written in Rust, designed to accurately count lines of code, including nSLOC, across numerous programming languages. It provides detailed reports and supports multiple output formats, such as JSON and YAML, for easy integration with other tools. 

Tokei is recognized for its speed and precision, making it a reliable choice for developers who need a comprehensive analysis of their codebase. GitHub link

Related Terms

No items found.
Cyfrin Updraft
Learn smart contract development, how to write secure smart contracts, and scalable protocols from world's leading experts.
Join Cyfrin Updraft for free
Paper plane icon
Weekly newsletter
Carefully crafted, short smart contract security tips and news freshly delivered every week.

Read about our

privacy policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share this blog post