首页 | 本学科首页   官方微博 | 高级检索  
     

CODAS:一个易扩展的静态代码缺陷分析服务
引用本文:梁广泰,王千祥.CODAS:一个易扩展的静态代码缺陷分析服务[J].计算机科学,2012,39(1):14-18.
作者姓名:梁广泰  王千祥
作者单位:北京大学信息科学技术学院软件研究所高可信软件技术教育部重点实验室 北京100871
基金项目:国家973项目,国家自然科学基金,国家自然科学基金重点项目,国家创新研究群体科学基金
摘    要:利用静态代码缺陷分析技术对软件进行早期缺陷检测,是提高软件质量的重要途径。静态代码缺陷分析工具(如FINDBUGS,JLINT,ESC/JAVA,PMD,COVERITY等)已经被证实可以成功地识别出大量的软件潜在缺陷1-3]。然而,这类工具在可用性和有效性方面的不足严重限制了它们的进一步广泛使用。可用性不足包括a)每个独立缺陷检测工具只擅于检测特定类型的缺陷,需要配合使用才能全面检测缺陷;b)每个缺陷检测工具的安装、配置和运行占用了用户大量的时间、精力。有效性不足包括静态缺陷分析结果往往存在大量误报,并且会包括许多不重要的(不会引起程序员修复行为的)缺陷报告。为了解决上述问题,提出并构建了一个易扩展的"静态代码缺陷分析"服务(Code Defect Analysis Service,CODAS)。CODAS基于一个高度可扩展的架构设计,对多个独立的缺陷检测工具进行了封装和集成,并对缺陷检测报告进行了有效汇总和排序,从而充分发挥了各个独立工具的优势,大大提升了静态缺陷分析工具的可用性和有效性。

关 键 词:静态分析  代码缺陷分析  易扩展  服务

CODAS;An Extensible Static Code Defect Analysis Service
LIANG Guang-tai , WANG Qian-xiang.CODAS;An Extensible Static Code Defect Analysis Service[J].Computer Science,2012,39(1):14-18.
Authors:LIANG Guang-tai  WANG Qian-xiang
Affiliation:(Key Laboratory of High Confidence Software Technologyies,Ministry of Education,Institute of Software, School of Electronics Engineering & Computer Science,Peking University,Beijing 100871,China)
Abstract:Static defect analysis techniques are very useful in detecting defects at the early stage of software development process,which can improve the software quality effectively. I}he static code defect analysis tools such as FIND BUGS, JLINT, ESC/JAVA, PMD, and COVERI"hY can detect plenty of real defects, which has already been demonstrat ed .However,these tools don't provide sufficient usability and effectiveness, which restricts their further application. I}he insufficient usability lies in two points. The first point is that each standalone tool is only good at detecting some certain types of defects,which means that developers need to use more tools to get a more comprehensive defect report. The second point is that developers need to manually setup, configure, and execute each standalone tool one by one,which is a very time-consuming process. The insufficient effectiveness lies in that:the static analysis warnings provided by these tools usually contain lots of false positives and also many trivial warnings that arc not very important and won't be fixed by developers. In order to solve these issues,we proposed and implemented an extensible static defect analysis service; Code Defect Analysis Service (CODAS). Based on a highly extensible architecture, CODAS encapsulates and integrates multiple defect analysis tools seamlessly and also provides an effective warning prioritization algorithm, which synthesizes the advantages of different tools and improves their usability and effectiveness largely.
Keywords:Static analysis  Code dcfcct analysis  Extcnsiblc  Online service
本文献已被 CNKI 万方数据 等数据库收录!
点击此处可从《计算机科学》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号