In spite of the dynamic nature of their favorite language, some Python developer have a huge desire to statically analyse it. This can indeed be useful for linters, type inference, auto-completion and all the tooling some developers expect from modern IDE. We all know that lazy binding prevents even the simplest function call or attribute lookup to be reliably analyzed. Yet we try. And Python as this fabulous ast module, saving us from writing a parser! Isn't that a strong incentive to do static analysis?
This talk presents two modules developers can build upon to build such analyzers:
- gast, a generalization of the Python AST that provides a common API for all the variant of the Python AST, from python 2.7 to Python 3.8
- beniget, an analyzer of the Python AST (built upon gast) that provides a useful and well-known abstraction to understand programs: use-def chains
Built upon these two modules, memestra is a static analyzer of deprecated function calls, developed in partnership with QuantStack. A tool which, given a module, reports any use of deprecated APIs. Let's explore how such a module can be built and unveil the mysteries of static analysis.