Static defect analysis techniques are very useful in detecting defects at the early stage of software development process,which can improve the software quality effectively. The static code defect analysis tools such as FINDBUGS, J LINT, ESC/JAVA, PMD, and COVERITY can detect plenty of real defects, which has already been demonstrated'-1"3-'. However,these tools don't provide sufficient usability and effectiveness,which restricts their further applicatioa The insufficient usability lies in two points. The first point is that each standalone tool is only good at detecting some certain types of defects, which means that developers need to use more tools to get a more comprehensive defect report The second point is that developers need to manually setup, configure,and execute each standalone tool one by one,which is a very time-consuming process. The insufficient effectiveness lies in that: the static analysis warnings provided by these tools usually contain lots of false positives and also many trivial warnings that are not very important and won't be fixed by developers. In order to solve these issues, we proposed and implemented an extensible static defect analysis service:Code Defect Analysis Service (CODAS). Based on a highly extensible architecture,CODAS encapsulates and integrates multiple defect analysis tools seamlessly and also provides an effective warning prioritization algorithm, which synthesizes the advantages of different tools and improves their usability and effectiveness largely.%利用静态代码缺陷分析技术对软件进行早期缺陷检测,是提高软件质量的重要途径.静态代码缺陷分析工具(如FINDBUGS,JLINT,ESC/JAVA,PMD,COVERITY等)已经被证实可以成功地识别出大量的软件潜在缺陷[1-3].然而,这类工具在可用性和有效性方面的不足严重限制了它们的进一步广泛使用.可用性不足包括a)每个独立缺陷检测工具只擅于检测特定类型的缺陷,需要配合使用才能全面检测缺陷;b)每个缺陷检测工具的安装、配置和运行占用了用户大量的时间、精力.有效性不足包括静态缺陷分析结果往往存在大量误报,并且会包括许多不重要的(不会引起程序员修复行为的)缺陷报告.为了解决上述问题,提出并构建了一个易扩展的“静态代码缺陷分析”服务(Code Defect Analysis Service,CODAS).CODAS基于一个高度可扩展的架构设计,对多个独立的缺陷检测工具进行了封装和集成,并对缺陷检测报告进行了有效汇总和排序,从而充分发挥了各个独立工具的优势,大大提升了静态缺陷分析工具的可用性和有效性.
展开▼
