Many think of the cloud largely as an operational deployment target for workloads, but it's also a place where a whole lot of code exists. Code optimization – making that code run better and improving overall performance – is what Amazon is aiming to do with its new CodeGuru service.
Amazon Web Services (AWS) CEO Andy Jassy (pictured) announced Amazon CodeGuru on Dec. 3 during his opening keynote at this week's re:Invent 2019 conference in Las Vegas.
"The question that dominates our conversations, as we're thinking about what to work on and spend resources on next, is what else can we build that can give value to you … in places where we've done this over a long period of time?" Jassy said. "One of the areas, as we were racking our brains, that we thought we might be able to help further … is code review."
Jassy noted that finding bugs in code and optimizing running code can be a difficult and time-consuming manual process. Code review also requires experienced staff, which can often be in short supply. Here is where CodeGuru can be of help, Jassy said, with the machine learning-powered service not only automating reviews but also identifying what he referred to as the "most expensive" lines of code in an application or service. Expensive code is inefficient and unproductive code that consumes resources and slows productivity.
How CodeGuru Works
CodeGuru supports GitHub and the AWS CodeCommit version control repositories. As developers commit code into the repository, an automated scan can be triggered.
Jassy explained that CodeGuru goes through models and algorithms that have been built from millions of code reviews that Amazon has done over the last 20 years. Additionally, it takes advantage of experience gained from machine learning training that AWS has done across 10,000 of the most popular open-source projects.
The automated scan supplies an assessment of the code and where there is a problem. CodeGuru provides human readable comments explaining what the issue is and the specific line of code at issue. CodeGuru also identifies if coding best practices are being adhered to – for example, if code has the correct pagination, if error handling has been configured properly and if API features are being used in a suboptimal way. In addition, it is able to identify code concurrency issues as well as if there are unsanitized inputs that could potentially lead to injection or denial-of-service attacks.
Another core element of CodeGuru is the code profiler, which helps with code optimization by identifying inefficient and unproductive lines of code. The profiler includes a small agent that is installed alongside an application, which then observes behavior and operating characteristics. CodeGuru reports back, providing detailed information on performance items such as latency and CPU utilization, and it helps to identify potential issues and how to fix them.
While CodeGuru is only now being publicly revealed, Jassy noted that Amazon has been using the profiling capabilities internally at Amazon for several years.
"We have 80,000 applications internally that are using the profiler part of CodeGuru, and it has led to tens of millions of dollars of savings for us," he said.