关键词: 静态分析，代码缺陷分析，易扩展，服务

Abstract: Static defect analysis techniques are very useful in detecting defects at the early stage of software development process,which can improve the software quality effectively. I}he static code defect analysis tools such as FIND BUGS, JLINT, ESC/JAVA, PMD, and COVERI"hY can detect plenty of real defects, which has already been demonstrat ed .However,these tools don't provide sufficient usability and effectiveness, which restricts their further application. I}he insufficient usability lies in two points. The first point is that each standalone tool is only good at detecting some certain types of defects,which means that developers need to use more tools to get a more comprehensive defect report. The second point is that developers need to manually setup, configure, and execute each standalone tool one by one,which is a very time-consuming process. The insufficient effectiveness lies in that:the static analysis warnings provided by these tools usually contain lots of false positives and also many trivial warnings that arc not very important and won't be fixed by developers. In order to solve these issues,we proposed and implemented an extensible static defect analysis service; Code Defect Analysis Service (CODAS). Based on a highly extensible architecture, CODAS encapsulates and integrates multiple defect analysis tools seamlessly and also provides an effective warning prioritization algorithm, which synthesizes the advantages of different tools and improves their usability and effectiveness largely.

Key words: Static analysis, Code dcfcct analysis, Extcnsiblc, Online service