HT-2021-000363 - [2025] EWHC 532 (TCC)

The allegation is that Winsopia used the z/XDC tool to analyse the COBOL v 4.2 and COBOL v 5.2 compilers, amounting to reverse engineering of the same. The defendants’ case is that the compilers are not ICA Programs and the analysis was permitted observation, study and testing under Article 5(3) of the Software Directive.

As set out above, z/XDC is a commercially available debugging tool that enables a breakpoint to be set at a specific point in a load module, stopping execution and transferring control to XDC. It allows the user to step through the code examining the execution of each instruction, view data areas and registers, disassemble object code and display dumps of memory.

Mr Lynch’s evidence is that Mr Rastall requested him to investigate and report on how executable load modules compiled under the COBOL compiler are constructed. The first report was produced on about 6 August 2015 in respect of the COBOL compiler v4.2 and included the following:

“This document contains the findings from the analysis of the object code generated by the COBOL compiler.

This analysis was undertaken in support of the Load Module Compiler project which aims to write a product to analyse COBOL load modules and construct new C language source code based upon the contents of the COBOL load module.

All of the analysis of the COBOL compiler’s object code was done using COBOL 4.2. Other versions and releases may produce different structures or generate different object code.

Research into the latest COBOL compiler, version 5, has discovered a new runtime parameter … To properly analyse and understand the code this new compiler generates we will need to install the latest version of the compiler, version 5.2, as soon as reasonably possible.

The COBOL language contains many different language constructs not all of which have been analysed thus far. The contents of this document will almost certainly change as more programs are analysed… ”

Mr Lynch described the methods used to analyse the compiler, namely, compiler listings together with XDC:

“Additional analysis was done using a bespoke Assembler program that loads a specified COBOL program into storage without executing the program, and then invokes the XDC the Debugging product to analyse the COBOL program. This allows the analyst to view the COBOL program in storage and set execution break points to stop execution of the COBOL program at specified points. Once an execution break point is then reached storage contents and registers can be analysed and the COBOL program can be stepped through one instruction at a time if required.”

In addition to a description of the compiler options, the report contained a detailed analysis of program initialisation, addresses for storage areas, base register usage and branch instruction sequences. In particular, the report included details as to:

The second report was produced by Mr Lynch on 24 November 2015 and involved a similar analysis in respect of COBOL compiler v 5, including a detailed explanation of the changes between versions 4.2 and 5 of the compiler.

The experts’ second joint statement included the following agreed statements:

The allegation is that Winsopia used XDC to reverse engineer Enterprise COBOL v4 and v5.

The defendants’ case is that the COBOL runtime and code generated by the compilers are not ICA Programs, there was no reverse engineering and Winsopia’s acts fell within the scope of its rights under Article 5(3) of the Software Directive.

The issues in dispute are:

The Enterprise COBOL v 4 and v 5 are ICA Programs. The compilers were provided as components of the ICA Programs. For the reasons set out above, the compilers fall within the definition of ICA Programs within the meaning of the ICA. The defendants submit that Winsopia’s use of XDC was limited to its analysis of the interfaces contained within a test program and the user CSECTs in that test program, none of which is an ICA Program. I reject that submission. It is clear from the Lynch reports that the analysis was not concerned with the test program; in each case, the test program was prepared so that Mr Lynch could analyse the code generated by the compiler. The purpose of such analysis was to understand the structure and content of the same, the instructions generated that are relevant to initialisation and how they interact with the initialisation routines at runtime.

Mr Lynch was clear in cross-examination that he used XDC, not as a debugging tool, but to examine the operation of the COBOL compilers. He viewed a disassembled representation of each instruction in sequence during program execution, including branching instructions. He used XDC to step through the initialisation code that the COBOL compiler generates and inserts into the load module to initialise COBOL applications. He analysed the interaction between the initialisation code and IBM CSECTs in the load module during initialisation. He analysed a number of runtime data structures, including how the initialisation code and IBM CSECTs manipulate these structures during initialisation. He also confirmed that XDC displays assembler code on the screen. This amounted to disassembly and reverse engineering of COBOL v4 and v5.

The defendants submit that Winsopia’s activities fell within Article 5(3) of the Software Directive on the ground that Winsopia was performing characterisation testing of two versions of the COBOL compiler: to understand how different compiler options affected the object code that was output; how the resulting user CSECTs in customer application are structured; and to study the initialisation interfaces. I reject that argument. It is clear from the reports that Mr Lynch carried out a detailed analysis of the execution of each instruction within the load module. Mr Stephens agreed in cross-examination that Mr Lynch was using XDC to study the initialisation process. Such analysis investigated, not just the output of the program but how the program achieved its output, that is expression of the program, rather than its functioning.

In summary on this issue: