Scalpel: The Python Static Analysis Framework
2022-07-14 , The Auditorium

As the most popular programming language nowadays, it has been pointed out that Python static code analysis has not yet received enough attention from the research and OSS community. For instance, to the best of our knowledge, there is no general static analysis framework proposed to facilitate the implementation of dedicated Python static analyzers (e.g., compared to the Java Soot/WALA framework).

Easy to use and fast to prototyping, what makes Python stand out is bringing challenges to static analysis tasks. To fill this gap, we design and implement Scalpel (A Python Static Analysis Framework) and make it publicly available as an open-source project. The Scalpel framework has already integrated a number of fundamental static analysis functions (e.g., call graph constructions, control-flow graph constructions, alias analysis, etc.) that are ready to be reused by developers to implement client applications focusing on statically resolving dedicated Python problems such as detecting bugs or fixing vulnerabilities. In addition, documentation and the user guide are provided for users.

The objective of the Scalpel framework is to (1) improve Python software quality and (2) support addressing research challenges (e.g. API studies) in software engineering research;


Scalpel is a Python Static Analysis Framework. It provides essential program analysis functions for facilitating the implementation of client applications focusing on statically resolving dedicated problems.

We aim to provide Scalpel as a generic Python static analysis framework that includes as many functions as possible (e.g., to easily build inter-function control-flow graph, to interpret the import relationship of different Python modules, etc.) towards facilitating developers to implement their dedicated problem-focused static analyzers.

Scalpel’s Github page has received around 100 stars from researchers and practitioners around the world in only three-month after being made public.


Expected audience expertise: Domain:

none

Abstract as a tweet:

As the star of programming languages, let’s use “Scapel” to make it healthier.

Expected audience expertise: Python:

some

Jiawei Wang is a Ph.D. student at Monash University and a member of SMart software Analysis and Trustworthy computing Lab. He works on static analysis for Python Programs and has published four top conference papers in the domain of software engineering research with a focus on Python code quality issues among open source projects.

Currently, he works on the Scalpel project, aiming to provide fundamental tools to address problems in the Python eco-system such as dependency issues, bug detection for machine learning applications.