Cross-language code intelligence auditing and automatic repair system, method, device, processor and computer readable storage medium thereof

By combining a unified intermediate representation across languages ​​with a large language model, repair patches are generated and verified, solving the accuracy and automatic repair loop problems of SAST in multilingual environments, and achieving the effects of unified risk governance and continuous learning.

CN122152667APending Publication Date: 2026-06-05SIGNAL FLAG SMART TECH (SHANGHAI) CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SIGNAL FLAG SMART TECH (SHANGHAI) CO LTD
Filing Date
2026-03-04
Publication Date
2026-06-05

Smart Images

  • Figure CN122152667A_ABST
    Figure CN122152667A_ABST
Patent Text Reader

Abstract

The present application relates to a cross-language code intelligent auditing and automatic repair system. The system forms a quality and safety governance closed loop through code acquisition and preprocessing, multi-language unified intermediate representation (fusion AST / CFG / DFG / call graph / symbol table), general rule library detection, AI semantic enhancement, repair patch generation and multi-level verification, and feedback learning. The core is to constrain the repair generation of large language models with an interpretable evidence chain, and through automatic verification and failure rollback mechanism containing syntax, test, performance and security, the correctness and minimum change of the patch are ensured. The present application also relates to a corresponding method, device, processor and computer readable storage medium thereof. The cross-language code intelligent auditing and automatic repair system, method, device, processor and storage medium thereof adopt the present application, realize consistent risk detection across languages, significantly reduce the false positive rate and the risk of introducing new defects by repair, and maintain long-term effectiveness through a continuous learning mechanism.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of software engineering quality assurance and information security technology, specifically to a cross-language code intelligent auditing and automatic repair system, method, device, processor, and computer-readable storage medium that combines static code analysis and large language model reasoning. Background Technology

[0002] Existing Static Application Security Testing (SAST) and code review solutions largely rely on rule matching, making it difficult to maintain consistent accuracy across multiple languages ​​and frameworks. Furthermore, traditional solutions often only provide alerts, lacking a verifiable, automated remediation loop. With the development of large-scale models, while code remediation suggestions can be generated, the lack of static evidence chain constraints and automated verification mechanisms can easily introduce new defects or cause uncontrollable changes. Therefore, a system and methodology are needed that can perform unified cross-language analysis, combine rule-based evidence chains with controlled generation of large-scale models, and possess a verification and continuous learning loop. Summary of the Invention

[0003] The purpose of this invention is to overcome the shortcomings of the prior art and provide a cross-language intelligent code auditing and automatic repair system, method, apparatus, processor, and computer-readable storage medium thereof. Through code acquisition and preprocessing, multi-language adaptation and unified intermediate representation, universal rule base detection, AI semantic enhancement, patch generation and verification, and feedback learning and rule evolution, a closed loop of quality and security governance covering the code lifecycle is formed.

[0004] To achieve the above objectives, the cross-language code intelligent auditing and automatic repair system, method, apparatus, processor, and computer-readable storage medium of the present invention are as follows: The main feature of this cross-language code intelligent auditing and automatic repair system is that the system includes: The code acquisition and preprocessing module is used to acquire source code and perform encoding detection, normalization, and dependency resolution. The multi-language scanning module is used to convert source code from different programming languages ​​into a unified intermediate representation. The general rule detection module, based on a unified intermediate representation, performs detection on a predefined rule base and outputs an evidence chain and risk level that includes node location and context slices. The AI ​​semantic enhancement module receives the evidence chain and, under the constraints of the evidence chain, calls a large language model to perform risk semantic judgment and false alarm filtering. The patch generation and verification module is used to generate at least one patch based on the evidence chain, and to perform multi-level verification on the patch in sequence, including syntax checking, test regression, and performance baseline evaluation; if the verification fails, the patch is automatically rolled back and a new round of patch generation is triggered. The results display and collaboration module is used to visually present problem location, evidence chain, and patch comparison, and provides patch application, rollback, and approval tracking functions; and The feedback learning module is used to collect data on repair adoption rate, rollback reasons, and false alarm annotations, and update the rule detection threshold, large language model prompt word template, and model routing strategy accordingly.

[0005] Preferably, the unified intermediate representation constructed by the multilingual scanning module includes at least: Abstract Syntax Tree (AST) is used to represent the syntactic structure of code. A control flow graph (CFG) is used to represent the program execution path. Data flow diagrams (DFG) or static single-assignment forms (SSA) are used to represent the relationship between variable definitions and usage. A call graph is used to represent the call relationships between functions or methods; The symbol table is used to record the type and scope information of symbols such as variables and functions; The unified intermediate representation supports consistent detection of resource leaks, sensitive information leaks, and injection vulnerabilities in Java, Python, C / C++, Go, and JavaScript / TypeScript.

[0006] Preferably, the detection rule types executed by the general rule detection module include at least one of the following: resource lifecycle anomalies, logical errors, SQL injection, command injection, deserialization vulnerabilities, hard-coded sensitive information, and architectural conflicts.

[0007] Preferably, the repair generation and verification module includes: The patch generation unit uses a combination of rule template matching and large language model generation to generate candidate repair patches under the constraints of the evidence chain and the principle of minimum modification. The multi-level verification unit executes the following in sequence: syntax / compilation verification, unit test / regression test verification, critical path performance baseline comparison verification, and security policy and coding standard compliance verification. The rollback and retry unit automatically undoes the applied patch when any verification step fails, and regenerates the patch after adjusting the generation strategy based on the failure feedback.

[0008] Preferably, the feedback learning module is specifically used for: Adjust the confidence threshold for the corresponding rule detection based on the records of patch acceptance and rejection; Based on the reasons for patch verification failure, optimize the prompt word template for the large language model repair task; Based on historical performance data, different tasks are dynamically routed to different large language model instances or versions.

[0009] Preferably, the system further includes an incremental scanning module for: Receive code commit diff sets and project dependency information; Construct a dependency graph based on project dependencies; The set of files and symbols affected by the changes is derived using a graph traversal algorithm, and only this set is scanned and analyzed.

[0010] Preferably, the system further includes a notification service module, which is used to configure multi-level alarm policies according to the project, programming language and risk level, route alarms to the audit results via email, and generate traceable audit logs.

[0011] The method for intelligent auditing and automatic repair of cross-language code using the system described above is characterized by the following steps: (1) Obtain the source code of the target code repository and perform preprocessing; (2) Parse and convert source code from different programming languages ​​into a unified intermediate representation; (3) Static analysis is performed based on a unified intermediate representation and a general rule base to generate a chain of evidence and risk level that can be traced back to a specific code node; (4) Using a large language model, semantic enhancement and false alarm filtering are performed on the analysis results under the constraints of the aforementioned chain of evidence; (5) Based on the aforementioned chain of evidence and the principle of minimum modification, generate one or more repair patches; (6) Perform multi-level automatic verification, from syntax to performance, on the generated patches; (7) If the verification passes, output the repair patch and comparison results; if the verification fails, roll back the patch and return to step (5), and regenerate based on the feedback. (8) Collect adoption, rollback and false alarm data during the repair process for continuous optimization of rule base, prompt words and model strategy.

[0012] Preferably, the unified intermediate representation constructed in step (2) is a graph structure representation that integrates the Abstract Syntax Tree (AST), Control Flow Graph (CFG), Data Flow Graph (DFG) or Static Single Assignment Form (SSA), Call Graph, and Symbol Table, and is used as the sole basis for all subsequent detection and repair operations.

[0013] Preferably, the method for generating the chain of evidence in step (3) includes: For security vulnerabilities, taint analysis algorithms are executed to trace the complete data flow path from the source of contamination to the point of danger convergence, forming a source-to-sink path evidence chain; For resource leaks, perform path coverage analysis based on the control flow graph to check whether the resource acquisition point to release point is covered on all reachable paths.

[0014] Preferably, the generation of the repair patch in step (5) adopts a hybrid strategy, specifically: For rules with a defined repair mode, the aforementioned Abstract Syntax Tree (AST) rewrite template is directly invoked to generate patches; For complex or context-dependent problems, the evidence chain, risk context, constraints, and prohibited items are combined into cue words, a large language model is called to generate patches, and the edit distance of the abstract syntax tree (AST) is used as the main evaluation metric for minimum changes.

[0015] Preferably, the multi-level verification in step (6) includes at least: Level 1: Language syntax / compilation check; Level 2: Execute existing unit test / regression test suites; Level 3: Compare the performance metrics of key functions before and after the repair to ensure that no performance degradation has been introduced; Level 4: Check whether the patch conforms to the predefined security policy and code style.

[0016] The main feature of this cross-language code intelligent auditing and automatic repair device is that the device includes: A processor is configured to execute computer-executable instructions; The memory stores one or more computer-executable instructions, which, when executed by the processor, implement the steps of the cross-language code intelligent auditing and automatic repair method described above.

[0017] The processor for intelligent cross-language code auditing and automatic repair is characterized in that the processor is configured to execute computer-executable instructions, and when the computer-executable instructions are executed by the processor, the steps of the aforementioned method for intelligent cross-language code auditing and automatic repair are implemented.

[0018] The computer-readable storage medium is characterized in that it stores a computer program that can be executed by a processor to implement the steps of the cross-language code intelligent auditing and automatic repair method described above.

[0019] The cross-language code intelligent auditing and automatic repair system, method, apparatus, processor, and computer-readable storage medium of the present invention, which combine static code analysis and large language model reasoning, have the following beneficial effects: Achieving unified risk governance and consistent output in multilingual projects significantly reduces false positives and false negatives.

[0020] Provide executable patches and establish verification and rollback mechanisms to shorten the repair cycle and reduce the risk of introducing new defects.

[0021] Improve the performance of large-scale codebase scanning through incremental scanning and caching optimization.

[0022] Maintain long-term effectiveness and enterprise-level feasibility through continuous learning and rule evolution. Attached Figure Description

[0023] Figure 1 This is a schematic diagram of the overall architecture of the cross-language code intelligent auditing and automatic repair system of the present invention.

[0024] Figure 2 This is a flowchart illustrating the cross-language code intelligent auditing and automatic repair method of the present invention.

[0025] Figure 3 This diagram illustrates the core algorithm (taint analysis) of the present invention and provides an example of the evidence chain output.

[0026] Figure 4 This is an example diagram of the scanning results (resource leakage) in a specific embodiment of the present invention.

[0027] Figure 5 This is a comparative example diagram of the repair of a resource leak in a specific embodiment of the present invention.

[0028] Figure 6 This is an example diagram of the scanning results in another specific embodiment of the present invention (SQL injection).

[0029] Figure 7 This is a comparative example of the repair of SQL injection in another specific embodiment of the present invention. Detailed Implementation

[0030] To more clearly describe the technical content of the present invention, the following description is provided in conjunction with specific embodiments.

[0031] Before describing the embodiments of the present invention in detail, it should be noted that, in the following, the terms “comprising,” “including,” or any other variations are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed or inherent to such process, method, article, or apparatus.

[0032] The core of this invention lies in: based on a cross-language unified intermediate representation (IR), an evidence chain is output through an interpretable static analysis algorithm, and a large model is called to generate a repair patch under the constraint of the evidence chain and minimum modification; then, a closed loop is formed through automatic verification and failure rollback, thereby achieving "interpretability, verifiability, automatic repair, and sustainable evolution".

[0033] In a specific embodiment of the present invention, the implementation process of this technical solution is as follows: 1. Receive project configuration: repository address, commit scope, scanning strategy (incremental / full), language and rule set selection.

[0034] 2. Code Acquisition and Preprocessing: Download / synchronize code, perform code detection and standardization, resolve dependencies and generate a dependency graph of the scope of influence.

[0035] 3. Multilingual parsing: Construct AST / CFG / DFG / call graphs and symbol tables for the target language and convert them into a unified intermediate representation.

[0036] 4. Rule detection: Execute rules for resource leakage, logical errors, SQL type anomalies, sensitive information leakage, architectural conflicts, and security vulnerabilities, and output the evidence chain and risk level.

[0037] 5. AI Semantic Enhancement: Combining rule-based evidence chains and context windows, the scope and severity of impact are assessed, and semantic judgments are performed on boundary scenarios to filter false alarms.

[0038] 6. Repair Patch Generation: Based on rule template repair and large model multi-solution generation, priority is given to the smallest changes and explanations are provided.

[0039] 7. Validation loop: Perform syntax checking, test regression, and performance / readability evaluation; if it fails, roll back and adjust the prompt words / rules before triggering regeneration.

[0040] 8. Delivery and Collaboration: Supports one-click application / rollback, batch repair and approval tracking in the interface for problem location and patch comparison; outputs reports and accumulates knowledge base.

[0041] The core algorithm and key data structures used in this technical solution will be explained in detail below: (I) Incremental Scanning and Influence Range Derivation Algorithm Input: Commit scope / diff set (file-level diff), and project dependency information (build files, imports / includes, module references).

[0042] Construct a dependency graph: nodes are files / modules / symbols, and edges are references / calls / inclusions; perform graph traversal on changed nodes to obtain the affected set (avoiding a full scan).

[0043] Output: The set of affected files + the set of affected symbols, which serve as the minimum input for subsequent parsing and rule detection.

[0044] (II) Unified Intermediate Representation (IR) Construction Algorithm AST: Parses the syntax of different languages ​​into an abstract syntax tree, which is used for structured matching and rewriting.

[0045] CFG: Constructs a control flow graph to depict branching / looping / abnormal paths, used for resource lifecycle and transaction boundary analysis.

[0046] DFG: Construct a data flow graph or SSA to characterize variable definitions and use chains for taint propagation and sensitive information leakage detection.

[0047] Call graph: Constructs cross-process call relationships to support the scope of influence and evidence chain location across files / functions.

[0048] (III) Taint Analysis and Cross-Process Data Flow Algorithms (Security and Leakage) Source: External input (HTTP parameters, configuration reads, environment variables, file / network input, etc.).

[0049] Sink: Dangerous call points (SQL concatenation execution, command execution, deserialization, log-sensitive output, etc.).

[0050] Propagation: Based on DFG / SSA, it tracks the flow of assignment, concatenation, function parameter passing, and return values.

[0051] Output: The evidence chain from Source to Sink (including variables / statements / functions passed through), along with the confidence level and risk level.

[0052] (iv) Resource lifecycle analysis algorithm (resource leakage / lock not released) Acquisition point identification: resource creation statements such as open / connect / new / lock; Release point identification: release statements such as close / dispose / unlock / defer / RAII.

[0053] Path coverage: Based on CFG enumeration of normal and abnormal paths, check whether the release point on each reachable path is covered.

[0054] Remediation strategy: Prioritize language-native safety constructs (Java try-with-resources, Python with, Go defer, C++ RAII) for minimal modifications.

[0055] (v) Risk classification and remediation priority calculation Severity: Rule type, Sink danger level, reachability, and whether it crosses boundaries (cross network / cross process / cross tenant).

[0056] Confidence level: Completeness of the chain of evidence, degree of satisfaction of type constraints, and weight of historical false alarm feedback.

[0057] Priority: Overall severity, scope of impact (affected files / call chain depth), and cost of remediation (estimated number of lines to be changed / complexity).

[0058] (vi) Patch generation algorithm (rule template + controlled generation of large model) Template Repair: For deterministic patterns (such as resources not being closed), use AST rewrite template to directly generate patches.

[0059] Large model repair: The input includes the chain of evidence, context window, constraints (minimum changes, maintain interface, maintain semantics), and prohibitions (do not introduce new dependencies / do not change external behavior).

[0060] Minimum change constraint: Candidate patches are sorted using AST edit distance / number of lines changed as the objective function, and patches with smaller changes and verifiable results are given priority.

[0061] (vii) Automatic verification and failure fallback algorithm Syntax / Compilation Verification: Language-level syntax checking and compilation (optional).

[0062] Test verification: Unit testing / regression testing (optional), record failed test cases as feedback.

[0063] Performance and readability: Baseline comparison of the critical path (optional) and check coding standards.

[0064] Rollback and Regeneration: If verification fails, the patch will be automatically rolled back, and the prompt words / rule constraints will be adjusted before regeneration.

[0065] (viii) Data structure of scan results and repair results (example) Question object: {ruleId, language, filePath, startLine, endLine, severity,confidence, title, description, evidencePath, remediationHint} Chain of evidence: Recorded as a path sequence (function → statement → variable) with a summary of reachability and branch conditions.

[0066] Patch targets: unified diff format or AST change set (node ​​replacement / insertion / deletion), with rollback support.

[0067] In one specific embodiment of the present invention, the following example is used to illustrate how the system locates problems (scan results) and how to generate verifiable repair patches (repair results).

[0068] Example 1: Java file stream resource leak (before scanning / after repair) (1) Code before scanning (risk of resource leakage): FileInputStream in = new FileInputStream(path); byte[] buf = new byte

[1024] ; int n = in.read(buf); / / ... An exception during processing may result in in not being closed... (2) Code after repair (try-with-resources, overriding the abnormal path): try (FileInputStream in = new FileInputStream(path)) { byte[] buf = new byte

[1024] ; int n = in.read(buf); / / ... } Example 2: Go resource release (before scanning / after repair) (1) Code before scanning (resources not closed with defer): f, _ := os.Open(path) / / ... using f ... / / Missing f.Close() (2) Code after repair (defer guarantees release): f, _ := os.Open(path) defer f.Close() / / ... using f ... Example 3: SQL Injection (taint analysis and location + parameterized repair) (1) Code before scanning (untrusted input participates in SQL concatenation and enters the execution point): String id = request.getParameter("id"); String sql = "SELECT FROM user WHERE id=" + id; Statement st = conn.createStatement(); ResultSet rs = st.executeQuery(sql); return map(rs); (2) Code after repair (parameterized PreparedStatement to prevent taints from entering the Sink): String id = request.getParameter("id"); String sql = "SELECT FROM user WHERE id=?"; PreparedStatement ps = conn.prepareStatement(sql); ps.setString(1, id); ResultSet rs = ps.executeQuery(); return map(rs); See the relevant algorithm calculation results and code comparison. Figures 4 to 7 As shown: Figure 4 The algorithm output for resource leak detection is shown as follows: rule-hit objects, evidence chain (abnormal path), location row number, and risk score.

[0069] Figure 5 The code snippet shows a comparison of resource leak repair: the abnormal code block vs. the repaired code block, with highlights of the differences (minimum changes).

[0070] Figure 6 The algorithm outputs the SQL injection taint path: Source→Sink evidence chain, location row number, and risk score.

[0071] Figure 7 Demonstrates a comparison of SQL injection repair methods: string concatenation → pre-compiled parameterization, with highlights of the differences (minimum changes).

[0072] In practical applications, this invention has the following technological innovations: Cross-language unification: Through unified intermediate representations such as AST / CFG / DFG / call graph / symbol table, it supports consistent output for Java, Python, C / C++, Go, JS / TS.

[0073] Rule + AI hybrid: The rule engine provides an interpretable chain of evidence, and large models generate minimal modification patches and explanations under the constraints of the chain of evidence.

[0074] Validation loop: Perform syntax, logic, testing, performance, and readability validation on the patch. If it fails, roll back and trigger a regeneration.

[0075] Continuous learning: Based on adoption / rejection / rollback feedback, update rule thresholds, prompt word templates, and model routes to reduce false alarms and improve coverage.

[0076] Any process or method description in the flowchart or otherwise herein can be understood as representing a module, segment, or portion of code comprising one or more executable instructions for implementing a particular logical function or process, and the scope of the preferred embodiments of the invention includes additional implementations in which functions may be performed not in the order shown or discussed, including substantially simultaneously or in reverse order depending on the functions involved, as will be understood by those skilled in the art to which embodiments of the invention pertain.

[0077] It should be understood that various parts of the present invention can be implemented using hardware, software, firmware, or a combination thereof. In the above embodiments, multiple steps or methods can be implemented using software or firmware stored in memory and executed by a suitable instruction execution device.

[0078] Those skilled in the art will understand that all or part of the steps of the methods in the above embodiments can be implemented by a program instructing related hardware. The program can be stored in a computer-readable storage medium, and when executed, the program includes one or a combination of the steps of the method embodiments.

[0079] The storage media mentioned above can be read-only memory, disk, or optical disk, etc.

[0080] In the description of this specification, references to terms such as "an embodiment," "some embodiments," "example," "specific example," or "embodiment," etc., indicate that a specific feature, structure, material, or characteristic described in connection with that embodiment or example is included in at least one embodiment or example of the invention. In this specification, illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples.

[0081] Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention. Those skilled in the art can make changes, modifications, substitutions and variations to the above embodiments within the scope of the present invention.

[0082] The cross-language code intelligent auditing and automatic repair system, method, apparatus, processor, and computer-readable storage medium of the present invention, which combine static code analysis and large language model reasoning, have the following beneficial effects: Achieving unified risk governance and consistent output in multilingual projects significantly reduces false positives and false negatives.

[0083] Provide executable patches and establish verification and rollback mechanisms to shorten the repair cycle and reduce the risk of introducing new defects.

[0084] Improve the performance of large-scale codebase scanning through incremental scanning and caching optimization.

[0085] Maintain long-term effectiveness and enterprise-level feasibility through continuous learning and rule evolution.

[0086] In this specification, the invention has been described with reference to specific embodiments thereof. However, it will be apparent that various modifications and variations can be made without departing from the spirit and scope of the invention. Therefore, the specification and drawings should be considered illustrative rather than restrictive.

Claims

1. A cross-language code intelligent auditing and automatic repair system, characterized in that, include: The code acquisition and preprocessing module is used to acquire source code and perform encoding detection, normalization, and dependency resolution. The multi-language scanning module is used to convert source code from different programming languages ​​into a unified intermediate representation. The general rule detection module, based on a unified intermediate representation, performs detection on a predefined rule base and outputs an evidence chain and risk level that includes node location and context slices. The AI ​​semantic enhancement module receives the evidence chain and, under the constraints of the evidence chain, calls a large language model to perform risk semantic judgment and false alarm filtering. The repair generation and verification module is used to generate at least one repair patch based on the evidence chain, and to perform multi-level verification on the patch in sequence, including syntax checking, test regression, and performance baseline evaluation. If verification fails, the patch will be automatically rolled back and a new round of patch generation will be triggered. The Results Display and Collaboration module is used to visually display problem location, evidence chain, and comparison of fixes, and provides patch application, rollback, and approval tracking functions. as well as The feedback learning module is used to collect data on repair adoption rate, rollback reasons, and false alarm annotations, and update the rule detection threshold, large language model prompt word template, and model routing strategy accordingly.

2. The cross-language code intelligent auditing and automatic repair system according to claim 1, characterized in that, The unified intermediate representation constructed by the multilingual scanning module includes at least: Abstract Syntax Tree (AST) is used to represent the syntactic structure of code. A control flow graph (CFG) is used to represent the program execution path. Data flow diagrams (DFG) or static single-assignment forms (SSA) are used to represent the relationship between variable definitions and usage. A call graph is used to represent the call relationships between functions or methods; The symbol table is used to record the type and scope information of symbols such as variables and functions; The unified intermediate representation supports consistent detection of resource leaks, sensitive information leaks, and injection vulnerabilities in Java, Python, C / C++, Go, and JavaScript / TypeScript.

3. The cross-language code intelligent auditing and automatic repair system according to claim 1, characterized in that, The detection rule types executed by the general rule detection module include at least one of the following: resource lifecycle anomalies, logical errors, SQL injection, command injection, deserialization vulnerabilities, hard-coded sensitive information, and architectural conflicts.

4. The cross-language code intelligent auditing and automatic repair system according to claim 1, characterized in that, The repair generation and verification module includes: The patch generation unit uses a combination of rule template matching and large language model generation to generate candidate repair patches under the constraints of the evidence chain and the principle of minimum modification. The multi-level verification unit executes the following in sequence: syntax / compilation verification, unit test / regression test verification, critical path performance baseline comparison verification, and security policy and coding standard compliance verification. The rollback and retry unit automatically undoes the applied patch when any verification step fails, and regenerates the patch after adjusting the generation strategy based on the failure feedback.

5. The cross-language code intelligent auditing and automatic repair system according to claim 1, characterized in that, The feedback learning module is specifically used for: Adjust the confidence threshold for the corresponding rule detection based on the records of patch acceptance and rejection; Based on the reasons for patch verification failure, optimize the prompt word template for the large language model repair task; Based on historical performance data, different tasks are dynamically routed to different large language model instances or versions.

6. The cross-language code intelligent auditing and automatic repair system according to claim 1, characterized in that, The system also includes an incremental scanning module, used for: Receive code commit diff sets and project dependency information; Construct a dependency graph based on project dependencies; The set of files and symbols affected by the changes is derived using a graph traversal algorithm, and only this set is scanned and analyzed.

7. The cross-language code intelligent auditing and automatic repair system according to claim 1, characterized in that, The system also includes a notification service module, which is used to configure multi-level alarm policies according to projects, programming languages ​​and risk levels, route alarms to audit results via email, and generate traceable audit logs.

8. A method for implementing intelligent auditing and automatic repair of cross-language code using the system described in claim 1, characterized in that, The method includes the following steps: (1) Obtain the source code of the target code repository and perform preprocessing; (2) Parse and convert source code from different programming languages ​​into a unified intermediate representation; (3) Static analysis is performed based on a unified intermediate representation and a general rule base to generate a chain of evidence and risk level that can be traced back to a specific code node; (4) Using a large language model, semantic enhancement and false alarm filtering are performed on the analysis results under the constraints of the aforementioned chain of evidence; (5) Based on the aforementioned chain of evidence and the principle of minimum modification, generate one or more repair patches; (6) Perform multi-level automatic verification, from syntax to performance, on the generated patches; (7) If the verification passes, output the repair patch and comparison results; if the verification fails, roll back the patch and return to step (5), and regenerate based on the feedback. (8) Collect adoption, rollback and false alarm data during the repair process for continuous optimization of rule base, prompt words and model strategy.

9. The method for realizing intelligent auditing and automatic repair of cross-language code according to claim 8, characterized in that, The unified intermediate representation constructed in step (2) is a graph structure representation that integrates the Abstract Syntax Tree (AST), Control Flow Graph (CFG), Data Flow Graph (DFG) or Static Single Assignment Form (SSA), Call Graph, and Symbol Table, and is used as the sole basis for all subsequent detection and repair operations.

10. The method for realizing intelligent auditing and automatic repair of cross-language code according to claim 8, characterized in that, The method for generating the chain of evidence in step (3) includes: For security vulnerabilities, taint analysis algorithms are executed to trace the complete data flow path from the source of contamination to the point of danger convergence, forming a source-to-sink path evidence chain; For resource leaks, perform path coverage analysis based on the control flow graph to check whether the resource acquisition point to release point is covered on all reachable paths.

11. The method for realizing intelligent auditing and automatic repair of cross-language code according to claim 9, characterized in that, The generation of the repair patch in step (5) adopts a hybrid strategy, specifically: For rules with a defined repair mode, the aforementioned Abstract Syntax Tree (AST) rewrite template is directly invoked to generate patches; For complex or context-dependent problems, the evidence chain, risk context, constraints, and prohibited items are combined into cue words, a large language model is called to generate patches, and the edit distance of the abstract syntax tree (AST) is used as the main evaluation metric for minimum changes.

12. The method for realizing intelligent auditing and automatic repair of cross-language code according to claim 8, characterized in that, The multi-level verification in step (6) includes at least: Level 1: Language syntax / compilation check; Level 2: Execute existing unit test / regression test suites; Level 3: Compare the performance metrics of key functions before and after the repair to ensure that no performance degradation has been introduced; Level 4: Check whether the patch conforms to the predefined security policy and code style.

13. A device for intelligent auditing and automatic repair of cross-language code, characterized in that, The device includes: A processor is configured to execute computer-executable instructions; A memory that stores one or more computer-executable instructions, which, when executed by the processor, implement the steps of the method for intelligent auditing and automatic repair of cross-language code as described in any one of claims 8 to 12.

14. A processor for intelligent auditing and automatic repair of cross-language code, characterized in that, The processor is configured to execute computer-executable instructions, which, when executed by the processor, implement the steps of the method for cross-language code intelligent auditing and automatic repair as described in any one of claims 8 to 12.

15. A computer-readable storage medium, characterized in that, It stores a computer program that can be executed by a processor to implement the steps of the method for cross-language code intelligent auditing and automatic repair as described in any one of claims 8 to 12.