-
公开(公告)号:US11461124B2
公开(公告)日:2022-10-04
申请号:US16778437
申请日:2020-01-31
IPC分类号: G06F9/455
摘要: A system for providing security mechanisms for secure execution of program code is described. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and allocate computing resources for executing the program code on one of the virtual machine instances. One mechanism involves executing program code according to a user-specified security policy. Another mechanism involves executing program code that may be configured to communicate or interface with an auxiliary service. Another mechanism involves splitting and executing program code in a plurality of portions, where some portions of the program code are executed in association with a first level of trust and some portions of the program code are executed with different levels of trust.
-
公开(公告)号:US11243953B2
公开(公告)日:2022-02-08
申请号:US16144997
申请日:2018-09-27
IPC分类号: G06F16/24 , G06F16/2455 , G06F16/951
摘要: Systems and methods are described for providing an implementation of the MapReduce programming model utilizing tasks executing on an on-demand code execution system, utilizing a stream data processing system as an intermediary between map and reduce function. A map task implementing a map function can process portions of a data set, to generate outputs associated with different values for a measured attribute of the data set. Executions of the map task can publish outputs to a data stream on the stream data processing system, which stream is configured to utilize the measured attribute as a partition key for the stream. Based on the partition key, the stream data processing system can divide the stream into sub-streams, each containing a relevant subset of the outputs. The on-demand code execution system can execute a reduce task to apply the reduce function to the outputs of each sub-stream, thereby completing the MapReduce process.
-
3.发明授权公开(公告)号:US11099917B2
公开(公告)日:2021-08-24
申请号:US16144905
申请日:2018-09-27
摘要: Systems and methods are described for providing maintaining state information during processing of data sets via execution of code on an on-demand code execution system. Rather than requiring that execution environments of such a system to maintain state, an intermediary device is disclosed which retrieves calls to the system from a call queue and iteratively submits the calls to the system. Each call within the queue corresponds to a data item of the data set to be analyzed. As calls are submitted to the system, the intermediary device submits state information within the call reflecting a state of processing the data set. A response to the call includes state information updated based on processing of a data item in the call. Thus, state information is maintained for processing the data set, without requiring persistence of state information within individual execution environments.
-
公开(公告)号:US20210081233A1
公开(公告)日:2021-03-18
申请号:US17107663
申请日:2020-11-30
摘要: Systems and methods are described for providing auxiliary functions in an on-demand code execution system in a manner that enables efficient execution of code. A user may generate a task on the system by submitting code. The system may determine the auxiliary functions that the submitted code may require when executed on the system, and may provide these auxiliary functions by provisioning or configuring sidecar virtualized execution environments that work in conjunction with the main virtualized execution environment executing the submitted code. Sidecar virtualized execution environments may be identified and obtained from a library of preconfigured sidecar virtualized execution environments, or a sidecar agent that provides the auxiliary function may be identified from a library, and then a virtualized execution environment may be provisioned with the agent and/or configured to work in conjunction with the main virtualized execution environment.
-
公开(公告)号:US10891145B2
公开(公告)日:2021-01-12
申请号:US15085902
申请日:2016-03-30
IPC分类号: G06F12/08 , G06F9/455 , G06F12/0875
摘要: Systems and methods are described for transforming a data set within a data source into a series of task calls to an on-demand code execution environment or other distributed code execution environment. Such environments utilize pre-initialized virtual machine instances to enable execution of user-specified code in a rapid manner, without delays typically caused by initialization of the virtual machine instances, and are often used to process data in near-real time, as it is created. However, limitations in computing resources may inhibit a user from utilizing an on-demand code execution environment to simultaneously process a large, existing data set. The present application provides a task generation system that can iteratively retrieve data items from an existing data set and generate corresponding task calls to the on-demand computing environment, while ensuring that at least one task call for each data item within the existing data set is made.
-
公开(公告)号:US10853115B2
公开(公告)日:2020-12-01
申请号:US16017954
申请日:2018-06-25
摘要: Systems and methods are described for providing auxiliary functions in an on-demand code execution system in a manner that enables efficient execution of code. A user may generate a task on the system by submitting code. The system may determine the auxiliary functions that the submitted code may require when executed on the system, and may provide these auxiliary functions by provisioning sidecar virtual machine instances that work in conjunction with the virtual machine instance executing the submitted code. The sidecars may provide auxiliary functions on a per-task, per-user, or per-request basis, and the lifecycles of the sidecars may be determined based on the lifecycles of the virtual machine instances that execute submitted code. Auxiliary functions may thus be provided only when needed, and may be provided securely by preventing a user from accessing the sidecars of other users.
-
公开(公告)号:US10776091B1
公开(公告)日:2020-09-15
申请号:US15905342
申请日:2018-02-26
发明人: Timothy Allen Wagner , Marc John Brooker , Bryan Nicholas Moffatt , Robison Rodrigues dos Santos , Niranjan Jayakar
摘要: Systems and methods are described for providing logging functionalities to code executing in an on-demand code execution system while minimizing the need to define such functionalities within the code. A logging endpoint is provided that can be called by an execution of code and passed information for logging. The logging endpoint can enrich the information with additional information, such as information regarding a state of an execution environment for the code (which additional information may not be accessible to the execution of code itself). The logging endpoint can then facilitate storage of the enriched logging information, such as by handling authentication to a storage endpoint. Thus, users of the system may author code that provides robust logging functionalities while minimizing the implementation of such functionalities within the authored code.
-
公开(公告)号:US20200142724A1
公开(公告)日:2020-05-07
申请号:US16544696
申请日:2019-08-19
摘要: A system for providing a stateful virtual compute system is provided. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and select a virtual machine instance to execute the program code on the selected virtual machine instance. The system may further associate the selected virtual machine instance with shared resources and allow program codes executed in the selected virtual machine instance to access the shared resources.
-
公开(公告)号:US10572375B1
公开(公告)日:2020-02-25
申请号:US15888540
申请日:2018-02-05
发明人: Timothy Allen Wagner
IPC分类号: G06F11/36 , G06F9/54 , G06F16/951 , G06N20/00
摘要: Systems and methods are described for conducting static analysis of code invoking network-based services to identify, without requiring execution of the code, errors that may be introduced due to the invocations of the network-based services. A system is provided that may analyze code to detect both direct invocations of services, as well as indirect invocations caused by the direct invocations. The system can model inputs and outputs of directly or indirectly invoked services to identify errors in parameters passed to those services, even when the errors are not apparent from an analysis of the code in isolation. In some instances, the system can traverse a “call graph” of all services invoked by code either directly or indirectly to trace parameter errors through multiple levels of indirection.
-
公开(公告)号:US10387177B2
公开(公告)日:2019-08-20
申请号:US15450795
申请日:2017-03-06
摘要: A system for providing a stateful virtual compute system is provided. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and select a virtual machine instance to execute the program code on the selected virtual machine instance. The system may further associate the selected virtual machine instance with shared resources and allow program codes executed in the selected virtual machine instance to access the shared resources.
-
-
-
-
-
-
-
-
-
搜索结果
130 条记录 (耗时 0.042 秒)
