TL;DR
Scalpel is an open-source Python static analysis framework that provides essential tools like call graph and alias analysis to help developers create custom analyzers for bug detection and vulnerability fixing.
Contribution
This paper introduces Scalpel, the first comprehensive static analysis framework for Python, enabling easier development of dedicated analyzers.
Findings
Includes fundamental static analysis functions like call graph and control-flow graph construction.
Facilitates implementation of custom Python static analyzers for bug detection.
Open-source availability encourages community adoption and extension.
Abstract
Despite being the most popular programming language, Python has not yet received enough attention from the community. To the best of our knowledge, there is no general static analysis framework proposed to facilitate the implementation of dedicated Python static analyzers. To fill this gap, we design and implement such a framework (named Scalpel) and make it publicly available as an open-source project. The Scalpel framework has already integrated a number of fundamental static analysis functions (e.g., call graph constructions, control-flow graph constructions, alias analysis, etc.) that are ready to be reused by developers to implement client applications focusing on statically resolving dedicated Python problems such as detecting bugs or fixing vulnerabilities.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
