DRAFT DRAFT DRAFT

Legacy System Analysis: Tools and Techniques for Insight# IntroductionImagine you're an archaeologist diving into COBOL code.

Your mission? Understand the system, find pitfalls, and plan modernization. This chapter is your toolkit. Like a doctor needs tools, you need methods to dissect these systems. We'll explore static, dynamic analysis, database schema extraction, and automated documentation. These provide insights for informed decisions. Without them, you're flying blind. Let's illuminate!

Static Code Analysis for COBOL:# Uncovering Hidden IssuesThink of COBOL code as city blueprints. Static analysis

is like a building inspector reviewing plans before construction. Inspectors check for weaknesses without running the program. Static analysis finds problems in COBOL code without executing it. This section guides you in using static analysis to find hidden issues. We'll cover: principles of static analysis; its benefits; using tools to find defects, vulnerabilities, and 'code smells'; and customizing analysis rules. We'll also touch on how AI improves static analysis. Let's learn how to keep our COBOL 'buildings' safe.

Principles of Static Code AnalysisStatic code analysis examines source code for issues

before running it. It's a preemptive strike against bugs. Key benefit: early problem detection, saving time/money. It improves code quality, security, and standards. Think of it as an advanced spell checker. Analysis tools use rules and patterns to identify code smells or anti-patterns. These include:

• Dead Code: Code never executed.
• Duplicate Code: Redundant blocks needing refactoring.
• Complex Code: Hard to understand.
• Unused Variables: Declared but never used.
• Magic Numbers: Hardcoded values lacking context. Let's look at a magic number example.

COBOL Code Smell Example: Magic Number```cobol IDENTIFICATION DIVISION. PROGRAM-ID. EXAMPLE-SMELL. DATA DIVISION. WORKING-STORAGE SECTION. 01 WS-AMOUNT PIC 9(5). 01 WS-INTEREST-RATE CONSTANT AS 0.05. PROCEDURE DIVISION. * Magic number 0.05 lacks context * COMPUTE WS-AMOUNT = * WS-AMOUNT * 0.05. * * Fixed version using a constant: COMPUTE WS-AMOUNT = WS-AMOUNT * WS-INTEREST-RATE. DISPLAY 'Amount: ' WS-AMOUNT. STOP RUN.

In the original code (commented out), 0.05 is a magic number. Defining it as a named constant (WS-INTEREST-RATE) provides context, improves readability, and simplifies updates.

Identifying Code Defects and Vulnerabilities

Static analysis also detects defects causing runtime errors or security breaches. Examples:

• Potential Null Pointer Issues: Accessing uninitialized data.