公开(公告)号：US12118350B1

公开(公告)日：2024-10-15

申请号：US17491088

申请日：2021-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Rajdeep Mukherjee ,  Hoan Anh Nguyen ,  Pranav Garg ,  Omer Tripp ,  Sengamedu Hanumantha Rao Srinivasan

IPC: G06F8/71 ,  G06F8/20 ,  G06F16/901

CPC classification number: G06F8/71 ,  G06F8/20 ,  G06F16/9024

Abstract: Code changes may be hierarchically clustered to discover coding practices. Code change graphs for changes to code in a source code repository may be clustered according to hierarchy of different features determined for the source code into groups. The code change graphs in the groups may then be indexed according their similarity with other code change graphs in the groups. Then one or more coding practices corresponding to the indexed code changes may be provided.

公开(公告)号：US11914993B1

公开(公告)日：2024-02-27

申请号：US17364768

申请日：2021-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Pranav Garg ,  Sengamedu Hanumantha Rao Srinivasan ,  Benjamin Robert Liblit ,  Rajdeep Mukherjee ,  Omer Tripp ,  Neela Sawant

IPC: G06F8/77 ,  G06N20/00

CPC classification number: G06F8/77 ,  G06N20/00

Abstract: An aggregate representation of a collection of source code examples is constructed. The collection includes positive examples that conform to a coding practice and negative examples do not conform to the coding practice. The aggregate representation includes nodes corresponding to source code elements, and edges representing relationships between code elements. Using an iterative analysis of the aggregate representation, a rule to automatically detect non-conformance is generated. The rule is used to provide an indication that a set of source code is non-conformant.

公开(公告)号：US11586437B1

公开(公告)日：2023-02-21

申请号：US17218590

申请日：2021-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Omer Tripp ,  Rajdeep Mukherjee ,  Michael Wilson ,  Yingjun Lyu

IPC: G06F9/44 ,  G06F8/75 ,  G06F9/54 ,  G06N20/00

Abstract: Techniques for program verification are described. An exemplary method includes receiving a request to evaluate code based on a customized rule, the customized rule comprising one or more conditions for which the customized rule is applicable and one or more postconditions to indicate at least one check to perform for a given node in a graph for the code, wherein an application of the customized rule performs one or more of: an interleave between a backward analysis and forward analysis based on user-specified conditions, an analysis between sub-graphs by a query from a first sub-graph to a second sub-graph, and an operation on a sub-graph, storage of a result of the operation on the sub-graph, and usage of the stored result in a subsequent operation; generating a graph for the code; and evaluating the code by applying the customized rule to the generated graph.

公开(公告)号：US11630919B1

公开(公告)日：2023-04-18

申请号：US16587361

申请日：2019-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Omer Tripp ,  Srinivasan Sengamedu Hanumantha Rao ,  Qiang Zhou

IPC: G06F21/62 ,  G06F21/57 ,  G06K9/62 ,  G06F8/60 ,  G06F11/30

Abstract: Techniques for management of sensitive data using static code analysis are described. A method of management of sensitive data using static code analysis includes obtaining a representation at least a portion of code, statically analyzing at least the portion of code to generate one or more candidate vectors based at least on one or more patterns, sending the one or more candidate vectors to a sensitive data model, and receiving an inference response indicating, for each of the one or more candidate vectors, whether at least a portion of the candidate vector includes sensitive data and a corresponding confidence score.

公开(公告)号：US12050968B1

公开(公告)日：2024-07-30

申请号：US16694925

申请日：2019-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Omer Tripp ,  Qiang Zhou

IPC: G06N20/00 ,  G06N7/01

CPC classification number: G06N20/00 ,  G06N7/01

Abstract: Techniques for analyzing code are described. In some instances, a code analysis service is implemented by one or more electronic devices, the code analysis service including instructions that upon execution cause the code analysis service to: perform a program analysis to mine a code segment of the stored code to generate a descriptor of each input in the code segment that appears to be have insufficient input validation; assess that an input has insufficient validation and determining a classification of input validation to use by determining a category of input validation to apply to the input; acquire suggestion for the determined category; and provide the acquired suggestion for the determined category.

公开(公告)号：US12007877B1

公开(公告)日：2024-06-11

申请号：US17708269

申请日：2022-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Pranav Garg ,  Sengamedu Hanumantha Rao Srinivasan ,  Omer Tripp ,  Abhin Sharma

IPC: G06F9/44 ,  G06F11/36

CPC classification number: G06F11/3664 ,  G06F11/3688

Abstract: Techniques for providing a visual code review editor are described. An electronic device is caused to display a graphical user interface including an editor portion to edit code review rules used by a code review service of a cloud provider network. The editor portion of the graphical user interface is caused to display a first graph associated with a first code review rule, the first graph including a first node, a second node, and a first edge connecting the first node and the second node. An indication that a third node has been added to the graph via the editor portion of the graphical user interface is received. The first code review rule is updated by the code review service to reflect the addition of the third node, the first code review rule is in a text format.

公开(公告)号：US10997054B1

公开(公告)日：2021-05-04

申请号：US16694907

申请日：2019-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Omer Tripp ,  Qiang Zhou

IPC: G06F9/44 ,  G06F11/36 ,  G06F16/9035 ,  G06F16/907 ,  G06N20/00

Abstract: Techniques for analyzing code are described. In some instances, a code analysis service is to perform a series of comparisons, one or more per path segment of an index structure of non-defective code samples, using a token derived from a defective code segment of the stored code, to determine one or more paths in the index, wherein each path is to point to code that is similar to the defective code segment; and provide, in response to the series of comparisons, at least one of: a location of the code determined to be similar to the defective code segment and the code determined to be similar.