Further Reading: Code Review and Static Analysis

Books

  • Fowler, M. Refactoring: Improving the Design of Existing Code. 2nd ed. Addison-Wesley, 2018. — The definitive guide to refactoring. While examples are in JavaScript, the principles apply directly to COBOL paragraph restructuring.

  • Martin, R.C. Clean Code: A Handbook of Agile Software Craftsmanship. Prentice Hall, 2008. — Principles of code quality that transcend language boundaries. Chapter on naming conventions is particularly applicable to COBOL.

  • Feathers, M. Working Effectively with Legacy Code. Prentice Hall, 2004. — Strategies for improving code quality in systems without tests — the exact situation most COBOL shops face.

  • McCabe, T. Structured Testing: A Testing Methodology Using the Cyclomatic Complexity Metric. NIST Special Publication 500-235, 1996. — The original formal treatment of cyclomatic complexity and its relationship to testing.

Tools

  • SonarQube: sonarqube.org — Industry-standard code quality platform. The COBOL plugin is commercial but provides comprehensive analysis.

  • IBM Application Discovery and Delivery Intelligence (ADDI): IBM's enterprise tool for analyzing COBOL applications, including cross-reference, impact analysis, and dead code detection.

  • Micro Focus Enterprise Analyzer: Commercial tool for visualizing and analyzing COBOL application portfolios.

  • GnuCOBOL: gnucobol.sourceforge.io — Free compiler with useful warning flags for basic static analysis.

Articles and Papers

  • Fagan, M.E. "Design and Code Inspections to Reduce Errors in Program Development." IBM Systems Journal, 15(3), 1976. — The foundational paper on formal code inspection, written at IBM where much of the world's COBOL was being developed.

  • Capers Jones. "Software Defect Origins and Removal Methods." Crosstalk, 2012. — Comprehensive data on defect detection rates for different quality practices including review and static analysis.

  • Halstead, M. Elements of Software Science. Elsevier, 1977. — The original work on software complexity metrics.

Standards

  • IEEE 1028-2008: Standard for Software Reviews and Audits. Formal standard for conducting code reviews, including roles, processes, and documentation requirements.

  • ISO/IEC 25010:2011: Systems and software quality models. Defines quality characteristics including maintainability, which is the primary concern of code review.

Online Resources

  • CAST Software Intelligence: castsoftware.com — Enterprise software analysis platform with COBOL support, including technical debt measurement.

  • Open Mainframe Project: openmainframeproject.org — Community resources for mainframe code quality and modernization.