Despite being the most popular programming language, Python has not yet received enough attention from the community. To the best of our knowledge, there is no general static analysis framework proposed to facilitate the implementation of dedicated Python static analyzers. To fill this gap, we design and implement such a framework (named Scalpel) and make it publicly available as an open-source project. The Scalpel framework has already integrated a number of fundamental static analysis functions (e.g., call graph constructions, control-flow graph constructions, alias analysis, etc.) that are ready to be reused by developers to implement client applications focusing on statically resolving dedicated Python problems such as detecting bugs or fixing vulnerabilities.
翻译:Python尽管是最受欢迎的编程语言,但尚未得到社区的足够重视。据我们所知,目前没有提出一般的静态分析框架,以便利实施专门的Python静态分析器。为填补这一空白,我们设计和实施这样一个框架(称为Scalpel),并将其作为开放源项目公开提供。Scalpel框架已经纳入了若干基本的静态分析功能(如呼唤图构造、控制流图构造、别名分析等),这些功能可供开发者重新使用,以便实施客户应用程序,重点是静态解决专门Python问题,如发现错误或解决脆弱性。