-
21.发明公开
公开(公告)号:EP2350867A2
公开(公告)日:2011-08-03
申请号:EP09818475.7
申请日:2009-09-30
摘要: Embodiments of tree-based directed graph programming structures for a declarative programming language are provided. In various embodiments, complex graph structured data, referred to as "DGraphs" herein in one non-limiting implementation, is authored using a compact, human friendly syntax without the use of explicit identifiers. In one non-limiting aspect, the syntax includes support for conformance relationships, also referred to as factored relationships. In another non-limiting aspect, the semistructured graph data is a tree-based representation and the syntax includes lexical resolution of references or lexical scoping, and/or non local initialization.
-
公开(公告)号:EP2199906A1
公开(公告)日:2010-06-23
申请号:EP09009756.9
申请日:2009-07-28
申请人: SAP AG
摘要: The subject matter disclosed herein provides methods and apparatus, including computer program products, for navigating abstract syntax trees. In one aspect there is provided a method. The method may include receiving a plurality of nodes, the nodes configured as an abstract syntax tree representing program code. The method may also include identifying at least one node from the plurality of nodes by navigating the plurality of nodes using a path expression. Related systems, apparatus, methods, and/or articles are also described.
摘要翻译: 本文公开的主题提供了用于导航抽象语法树的方法和装置,包括计算机程序产品。 在一个方面,提供了一种方法。 该方法可以包括接收多个节点,所述节点被配置为表示程序代码的抽象语法树。 该方法还可以包括通过使用路径表达式导航多个节点来从多个节点中识别至少一个节点。 还描述了相关系统,装置,方法和/或制品。
-
公开(公告)号:EP1627303A2
公开(公告)日:2006-02-22
申请号:EP04759886.7
申请日:2004-04-15
申请人: Ounce Labs, Inc.
发明人: BERG, Ryan, James , ROSE, Larry , PEYTON, John , DAHANY, John, J. , GOTTLIEB, Robert , REHBEIN, Chris
IPC分类号: G06F9/44
CPC分类号: G06F21/577 , G06F8/43 , G06F11/3604
摘要: A method and system detect vulnerabilities in source code. Source code (134) is processed by a parser (136) into an intermediate representation. Models (e.g., in the form of lattices) are derived (138) for the variables in the code and for the variables and/or expressions using in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules in a vulnerability database (142), about the routines to determine (140) if the routine call possesses one or more pre-selected vulnerabilities.
-
公开(公告)号:EP4369180A3
公开(公告)日:2024-05-22
申请号:EP24164113.3
申请日:2014-11-17
申请人: Google LLC
发明人: RAJANNA, Ramakrishna , GUPTA, Deepank , VELAYUTHAM, Arul Siva Murugan , SHEOPORY, Abhishek , AGARWAL, Ankit
摘要: Techniques and systems for creating a function call graph for a codebase are disclosed. Graph creation includes identifying functions (1001) in the codebase by a function signature and representing a function (1070) as a first node in the call graph. For that function, identifying (1200) call-to functions, call-from functions, and inheritance parents and children, and a base class from the function signature of that function; adding child nodes (1020) to the first node based on the identified call-to and call-from functions; for an interface call (1010) to a base class method in the function, adding child nodes (1020) to the first node based on implementations of an override of the base class method (1090); for an added child node, removing that child node from the first node if a source file that includes an implementation of an override and a source code file that includes the function don't share at least one common binary file (1100)-(1150).
-
公开(公告)号:EP4369180A2
公开(公告)日:2024-05-15
申请号:EP24164113.3
申请日:2014-11-17
申请人: Google LLC
发明人: RAJANNA, Ramakrishna , GUPTA, Deepank , VELAYUTHAM, Arul Siva Murugan , SHEOPORY, Abhishek , AGARWAL, Ankit
IPC分类号: G06F8/41
摘要: Techniques and systems for creating a function call graph for a codebase are disclosed. Graph creation includes identifying functions (1001) in the codebase by a function signature and representing a function (1070) as a first node in the call graph. For that function, identifying (1200) call-to functions, call-from functions, and inheritance parents and children, and a base class from the function signature of that function; adding child nodes (1020) to the first node based on the identified call-to and call-from functions; for an interface call (1010) to a base class method in the function, adding child nodes (1020) to the first node based on implementations of an override of the base class method (1090); for an added child node, removing that child node from the first node if a source file that includes an implementation of an override and a source code file that includes the function don't share at least one common binary file (1100)-(1150).
-
公开(公告)号:EP3189422A1
公开(公告)日:2017-07-12
申请号:EP15771760.4
申请日:2015-09-02
发明人: STANFILL, Craig W. , SHAPIRO, Richard , WEISS, Adam , ROBERTS, Andrew F. , WHOLEY, III, Joseph Skeffington , GOULD, Joel , KUKOLICH, Stephen A.
CPC分类号: G06F8/43 , G06F8/34 , G06F8/433 , G06F8/447 , G06F9/44505 , G06F9/44521 , G06F9/4494 , G06F9/5066 , G06F13/36
摘要: A graph-based program specification includes components corresponding to tasks and directed links between ports of the components, including: a first type of link configuration defined by respective output and input ports of linked components, and a second type of link configuration defined by respective output and input ports of linked components. A compiler recognizes different types of link configurations and provides in a target program specification occurrences of a target primitive for executing a function for each occurrence of a data element flowing over a link of the second type. A computing node initiates execution of the target program specification, and determines at runtime, for components associated with the occurrences of the target primitive, an order in which instances of tasks corresponding to the components are to be invoked, and/or a computing node on which instances of tasks corresponding to the components are to be executed.
-
公开(公告)号:EP3189417A1
公开(公告)日:2017-07-12
申请号:EP15763745.5
申请日:2015-09-02
发明人: STANFILL, Craig W. , SHAPIRO, Richard , WEISS, Adam , ROBERTS, Andrew F. , WHOLEY, III, Joseph Skeffington , GOULD, Joel , KUKOLICH, Stephen A.
CPC分类号: G06F8/43 , G06F8/34 , G06F8/433 , G06F8/447 , G06F9/44505 , G06F9/44521 , G06F9/4494 , G06F9/5066 , G06F13/36
摘要: A graph-based program specification includes components corresponding to tasks and directed links between ports of the components, including: a first type of link configuration defined by respective output and input ports of linked components, and a second type of link configuration defined by respective output and input ports of linked components. A compiler recognizes different types of link configurations and provides in a target program specification occurrences of a target primitive for executing a function for each occurrence of a data element flowing over a link of the second type. A computing node initiates execution of the target program specification, and determines at runtime, for components associated with the occurrences of the target primitive, an order in which instances of tasks corresponding to the components are to be invoked, and/or a computing node on which instances of tasks corresponding to the components are to be executed.
摘要翻译: 基于图的程序规范包括对应于组件的端口之间的任务和有向链接的组件,包括:由链接组件的相应输出端口和输入端口定义的第一类型链接配置,以及由相应输出定义的第二类型链接配置 并输入链接组件的端口。 编译器识别不同类型的链接配置,并在目标程序规范中提供目标基元的出现,以用于执行针对在第二类型的链接上流动的数据元素的每次出现的函数。 计算节点启动目标程序规范的执行,并且在运行时确定与目标基元的出现相关联的组件,其中调用与组件相对应的任务的实例的次序,和/或计算节点开启 哪些与组件对应的任务实例将被执行。
-
28.发明公开PROCEDE ET DISPOSITIF POUR GERER LES AMBIGÜITES DANS L'ANALYSE D'UN CODE SOURCE 审中-公开方法和设备的源代码分析驾驭歧义
公开(公告)号:EP3117307A1
公开(公告)日:2017-01-18
申请号:EP15709632.2
申请日:2015-02-27
发明人: GOUBIER, Thierry
IPC分类号: G06F9/45
摘要: The device according to the present invention enables a lexical analyser to generate selective tokens for a syntactic analyser, differentiating ambiguous lexical entities. In particular, the device is used to remove ambiguities in the C language grammar defined in the ISO/ANSI C standard.
摘要翻译: 一种装置,允许一个词法分析器以产生选择性令牌一个句法分析器,鉴别暧昧词法实体。 特别地,该装置是适用于在ISO / ANSI C标准中定义的C语言的语法去除模糊度。
-
29.发明公开ANALYZING TARGET SOFTWARE FOR SECURITY VULNERABILITIES 审中-公开ANALYZE VON TARGETSOFTWAREFÜRSICHERHEITSLÜCKEN
公开(公告)号:EP3019994A1
公开(公告)日:2016-05-18
申请号:EP13889177.5
申请日:2013-07-12
IPC分类号: G06F21/50
CPC分类号: G06F21/577 , G06F8/43 , G06F8/77 , G06F2221/033
摘要: A method of analyzing target software for security vulnerabilities comprises, with a processor, scanning a codebase of a target software using a static analysis scan to identify a number of security flaws, and calculating a number of code metrics of the codebase of the target software for a number of iterations over a period of time to obtain a number of historical scans.
摘要翻译: 分析用于安全漏洞的目标软件的方法包括:使用处理器,使用静态分析扫描来扫描目标软件的代码库,以识别多个安全漏洞,以及计算目标软件的代码库的代码度量的数量,用于 在一段时间内进行一些迭代,以获得许多历史扫描。
-
公开(公告)号:EP2937779A1
公开(公告)日:2015-10-28
申请号:EP15164947.2
申请日:2015-04-24
申请人: Semmle Limited
发明人: Henriksen, Anders Starcke , Baars, Arthur , Avgustinov, Pavel , Tibble, Julian , Schaefer, Max , de Moor, Oege
CPC分类号: G06F8/71 , G06F8/43 , G06F8/75 , G06F8/77 , G06F11/3616 , G06F17/30106 , G06Q10/06398
摘要: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for matching and attributing code violations. One of the methods includes receiving a snapshot S of a code base of source code and a different snapshot T of the code base. Data representing first violations in the snapshot S and second violations in the snapshot T is received. Pairs of matching violations are determined using performing two or more matching processes, including performing a first matching process, the first matching process determining first pairs of matching violations according to a first matching algorithm and performing a second matching process, the second matching process determining second pairs of matching violations according to a second matching algorithm from violations not matched by the first matching process. The first pairs of matching violations and the second pairs of matching violations are included in the determined pairs of matching violations.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于匹配和归因于代码违例。 其中一种方法包括接收源代码的代码库和代码库的不同快照T的快照S. 收到表示快照S中第一次违规的数据和快照T中的第二次违规。 通过执行两个或更多个匹配过程来确定对匹配违规,包括执行第一匹配过程,第一匹配过程根据第一匹配算法确定第一对匹配违规,并执行第二匹配过程,第二匹配过程确定第二匹配过程 根据第二匹配算法从违反第一匹配过程不匹配的匹配违规对。 在确定的匹配违规对中包括第一对匹配违规和第二对匹配违规。
-
-
-
-
-
-
-
-
-
搜索结果
34 条记录 (耗时 0.02 秒)
