COBOL is... Alive!
Multiple vendor extensions and lack of structure
The COBOL plugin embeds more than 130 rules, but before talking about those rules, let's talk about the wide range of different COBOL dialects that are supported by the plugin. Indeed, since 1959 several specifications of the language and preprocessor behavior have been published, and most COBOL compilers have extended those specifications. So providing an accurate COBOL source code analyser means supporting most of those dialects: IBM Enterprise Cobol, HP Tandem, Bull GCos, IBM Cobol II, IBM Cobol 400, IBM ILE Cobol, Microfocus AcuCobol, OpenCobol, ... which is the case for our plugin Moreover for those of you who are not familiar with COBOL source code: let's imagine a C source file containing 20,000 lines of code, no functions, and just some labels to group statements and to make it possible to "emulate" the concept of function. Said like this, I guess everyone can understand how easy it can be to write unmaintainable and unreliable COBOL programs.
Need for tooling
Starting from this observation, managing a portfolio of thousands of COBOL programs, each one containing thousands of COBOL lines of code, without any tooling to automatically detect quality defects and potential bugs is a bit risky. The SonarSource COBOL plugin allows to continuously analyse millions lines of COBOL code to detect such issues and here are several examples of the rules provided by the plugin:
- Detection of unused paragraphs, sections and data items.
- Detection of incorrect PERFORM ... THRU ... control flow, where the starting procedure is located after the ending one in the source code, thus leading to unexpected behavior.
- Tracking of GO TO statements that transfer control outside of the current module, leading to unstructured code.
- Copy of a data item (variable) into another, smaller data item, which can lead to data loss.
- Copy of an alphanumeric data item to a numeric one, which can also lead to data loss.
- Tracking of EVALUATE statements not having the WHEN OTHER clause (similar to an if without an else).
- Detection of files which are opened but never closed.
And among those 130+ rules, 30+ target the SQL code which can be embedded into COBOL programs. One such rule tracks LIKE conditions starting with *. Another tracks the use of arithmetic expressions and scalar functions in WHEREconditions. And last but not least, here are some other key features of this SonarSource COBOL plugin :
- Copybooks are analysed in the context of each COBOL program and issues are reported directly on those copybooks.
- Remediation cost to fix issues is computed with help of the SQALE method: www.sqale.org.
- Even on big COBOL applications containing thousands of COBOL programs and so potentially millions of lines of code and thousands of issues, tracking only new issues on new or updated source code is easy.
- Duplications in PROCEDURE DIVISION and among all COBOL programs can also be tracked easily.
- To make sure that code complies with internal coding practices, a Java API allows the development of custom rules.
How hard it is to evaluate this COBOL plugin ?
- Just download the jar file of the plugin from the plugin page or upload the plugin from your SonarQube update center: http://www.sonarsource.com/products/plugins/languages/cobol/
- Ask for an evaluation license
- And start analysing your own COBOL source code
So YES, Cobol is alive, and the SonarSource COBOL plugin helps make it even more maintainable and reliable.