Quiz: Code Review and Static Analysis

Multiple Choice

1. Which of the following is the most common category of defect found in COBOL production code?

a) Syntax errors b) Uninitialized fields c) Missing IDENTIFICATION DIVISION d) Incorrect PROGRAM-ID

2. What risk does a missing scope terminator (END-IF) create?

a) The program will not compile b) A subsequent statement may be incorrectly included in or excluded from the IF scope c) The program will ABEND at runtime d) The compiler will generate a warning but the code will run correctly

3. Why should numeric fields used in arithmetic be defined as COMP or COMP-3 rather than DISPLAY?

a) DISPLAY fields cannot be used in arithmetic b) COMP/COMP-3 fields use less storage c) The CPU can perform arithmetic on COMP/COMP-3 natively without conversion, improving performance d) Both b and c

4. What does a cyclomatic complexity of 25 indicate about a paragraph?

a) It has 25 lines of code b) It has approximately 25 independent execution paths and should be refactored c) It has been modified 25 times d) It uses 25 data items

5. In the Maintainability Index formula MI = 171 - 5.2ln(V) - 0.23CC - 16.2*ln(LOC), what happens to MI as cyclomatic complexity (CC) increases?

a) MI increases (more maintainable) b) MI decreases (less maintainable) c) MI is not affected by CC d) MI increases up to a point, then decreases

6. What is "dead code" in a COBOL program?

a) Code that has syntax errors b) Code that exists in the source but is never executed c) Code written by developers who have retired d) Code that runs only during error conditions

7. Which compiler option produces a cross-reference listing useful for identifying unused data items?

a) OPTIMIZE b) XREF c) SSRANGE d) TEST

8. What is the recommended maximum paragraph length in the coding standards described in this chapter?

a) 25 lines b) 50 lines c) 100 lines d) No limit as long as it is well-documented

9. SonarQube classifies code issues into which categories?

a) Errors, Warnings, Notes b) Bugs, Vulnerabilities, Code Smells, Security Hotspots c) Critical, Major, Minor, Trivial d) Syntax, Logic, Performance, Security

10. What is the "boy scout rule" in the context of COBOL maintenance?

a) Always write code outdoors b) Leave the code better than you found it — fix issues opportunistically when modifying nearby code c) Clean up all technical debt before adding new features d) Never modify code written by someone else

Short Answer

11. Explain the difference between a bug found by static analysis and a bug found by code review. Give one example of each that static analysis would miss but a reviewer would catch, and vice versa.

12. A colleague writes: 01 WS-AMOUNT PIC 9(5)V99. and then uses it to store values up to $500,000. What is the defect, and what is the correct PIC clause?

13. Describe three types of dead code that can accumulate in a long-lived COBOL program. For each type, explain how it gets there and how to detect it.

14. Why is the PERFORM THRU construct considered risky? Describe a scenario where it introduces a defect.

15. A program has a technical debt score of 200 person-hours. Management asks whether to address it now or defer. What factors should influence this decision?

True/False

16. Code review catches 60-90% of defects, making it more effective than testing alone. (True/False)

17. A cyclomatic complexity of 5 indicates a high-risk paragraph that needs immediate refactoring. (True/False)

18. Commented-out code should be left in place as documentation of previous approaches. (True/False)

19. The GnuCOBOL compiler can provide static analysis warnings without any additional commercial tools. (True/False)

20. Copy/paste duplication in COBOL can be addressed by extracting shared code into copybooks with REPLACING. (True/False)

Answer key available in Appendix G.