PyCG: Practical Call Graph Generation in Python
Call graphs play an important role in different contexts, such as profiling and vulnerability propagation analysis. Generating call graphs in an efficient manner can be a challenging task when it comes to high-level languages that are modular and incorporate dynamic features and higher-order functio...
Uloženo v:
| Vydáno v: | Proceedings / International Conference on Software Engineering s. 1646 - 1657 |
|---|---|
| Hlavní autoři: | , , , , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
01.05.2021
|
| Témata: | |
| ISBN: | 1665402962, 9781665402965 |
| ISSN: | 1558-1225 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Call graphs play an important role in different contexts, such as profiling and vulnerability propagation analysis. Generating call graphs in an efficient manner can be a challenging task when it comes to high-level languages that are modular and incorporate dynamic features and higher-order functions. Despite the language's popularity, there have been very few tools aiming to generate call graphs for Python programs. Worse, these tools suffer from several effectiveness issues that limit their practicality in realistic programs. We propose a pragmatic, static approach for call graph generation in Python. We compute all assignment relations between program identifiers of functions, variables, classes, and modules through an inter-procedural analysis. Based on these assignment relations, we produce the resulting call graph by resolving all calls to potentially invoked functions. Notably, the underlying analysis is designed to be efficient and scalable, handling several Python features, such as modules, generators, function closures, and multiple inheritance. We have evaluated our prototype implementation, which we call PyCG, using two benchmarks: a micro-benchmark suite containing small Python programs and a set of macro-benchmarks with several popular real-world Python packages. Our results indicate that PyCG can efficiently handle thousands of lines of code in less than a second (0.38 seconds for 1k LoC on average). Further, it outperforms the state-of-the-art for Python in both precision and recall: PyCG achieves high rates of precision ~99.2% and adequate recall ~69.9%. Finally, we demonstrate how PyCG can aid dependency impact analysis by showcasing a potential enhancement to GitHub's "security advisory" notification service using a real-world example. |
|---|---|
| AbstractList | Call graphs play an important role in different contexts, such as profiling and vulnerability propagation analysis. Generating call graphs in an efficient manner can be a challenging task when it comes to high-level languages that are modular and incorporate dynamic features and higher-order functions. Despite the language's popularity, there have been very few tools aiming to generate call graphs for Python programs. Worse, these tools suffer from several effectiveness issues that limit their practicality in realistic programs. We propose a pragmatic, static approach for call graph generation in Python. We compute all assignment relations between program identifiers of functions, variables, classes, and modules through an inter-procedural analysis. Based on these assignment relations, we produce the resulting call graph by resolving all calls to potentially invoked functions. Notably, the underlying analysis is designed to be efficient and scalable, handling several Python features, such as modules, generators, function closures, and multiple inheritance. We have evaluated our prototype implementation, which we call PyCG, using two benchmarks: a micro-benchmark suite containing small Python programs and a set of macro-benchmarks with several popular real-world Python packages. Our results indicate that PyCG can efficiently handle thousands of lines of code in less than a second (0.38 seconds for 1k LoC on average). Further, it outperforms the state-of-the-art for Python in both precision and recall: PyCG achieves high rates of precision ~99.2% and adequate recall ~69.9%. Finally, we demonstrate how PyCG can aid dependency impact analysis by showcasing a potential enhancement to GitHub's "security advisory" notification service using a real-world example. |
| Author | Louridas, Panos Salis, Vitalis Spinellis, Diomidis Mitropoulos, Dimitris Sotiropoulos, Thodoris |
| Author_xml | – sequence: 1 givenname: Vitalis surname: Salis fullname: Salis, Vitalis email: vitsalis@gmail.com organization: Athens University of Economics and Business; National Technical University of Athens – sequence: 2 givenname: Thodoris surname: Sotiropoulos fullname: Sotiropoulos, Thodoris email: theosotr@aueb.gr organization: Athens University of Economics and Business – sequence: 3 givenname: Panos surname: Louridas fullname: Louridas, Panos email: louridas@aueb.gr organization: Athens University of Economics and Business – sequence: 4 givenname: Diomidis surname: Spinellis fullname: Spinellis, Diomidis email: dds@aueb.gr organization: Athens University of Economics and Business – sequence: 5 givenname: Dimitris surname: Mitropoulos fullname: Mitropoulos, Dimitris email: dimitro@aueb.gr organization: Athens University of Economics and Business; National Infrastructures for Research and Technology - GRNET |
| BookMark | eNotz81Kw0AUQOEBK9jWPoEu5gWSzr3zk7nuJNS0UDCgrsvNZEIDMSlJNnl7BV2d3QdnI1b90EchnkGlAIr2p_zjYDQpTFEhpEqBcXdiA85Zo5AcrsQarPUJINoHsZumtlLGZATKmbXYl0tevMhy5DC3gTuZc9fJYuTbVRaxjyPP7dDLtpflMl-H_lHcN9xNcfffrfh6O3zmx-T8Xpzy13PC6O2cZJQBsXc1kIlck67IEDTaZlWoq-gBnVfBQ2hsXfkaow5EUGvMDDM2qLfi6c9tY4yX29h-87hc6HdJZU7_APvxRJQ |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/ICSE43902.2021.00146 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EndPage | 1657 |
| ExternalDocumentID | 9402076 |
| Genre | orig-research |
| GroupedDBID | -~X .4S .DC 123 23M 29O 5VS 6IE 6IF 6IH 6IK 6IL 6IM 6IN 8US AAJGR AAWTH ABLEC ADZIZ AFFNX ALMA_UNASSIGNED_HOLDINGS APO ARCSS AVWKF BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO EDO FEDTE I-F I07 IEGSK IJVOP IPLJI M43 OCL RIE RIL RIO RNS XOL |
| ID | FETCH-LOGICAL-a285t-79719a86d194ead93b9491f357bcdbe812680c81cf5db8d2e3c991d3274aa2f23 |
| IEDL.DBID | RIE |
| ISBN | 1665402962 9781665402965 |
| ISICitedReferencesCount | 60 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000684601800133&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1558-1225 |
| IngestDate | Wed Aug 27 02:50:26 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a285t-79719a86d194ead93b9491f357bcdbe812680c81cf5db8d2e3c991d3274aa2f23 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_9402076 |
| PublicationCentury | 2000 |
| PublicationDate | 2021-May |
| PublicationDateYYYYMMDD | 2021-05-01 |
| PublicationDate_xml | – month: 05 year: 2021 text: 2021-May |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings / International Conference on Software Engineering |
| PublicationTitleAbbrev | ICSE |
| PublicationYear | 2021 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssib044791064 ssj0006499 |
| Score | 2.492498 |
| Snippet | Call graphs play an important role in different contexts, such as profiling and vulnerability propagation analysis. Generating call graphs in an efficient... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1646 |
| SubjectTerms | Benchmark testing Call Graph Inter procedural Analysis Program Analysis Prototypes Python Software engineering Task analysis Vulnerability Propagation |
| Title | PyCG: Practical Call Graph Generation in Python |
| URI | https://ieeexplore.ieee.org/document/9402076 |
| WOSCitedRecordID | wos000684601800133&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwED61FQNTgRbxlgdGQmPHiW3WqC1IqIoESN2q-BGpUpWiPpD67_ElaWFgYUsy2b5zvjv7vu8A7uM8VIWJTKCkZgG3VAeaORnEofVoRnVoXGXpVzGZyOlUZS14OHBhnHNV8Zl7xMfqLt8uzRaPygYKkx2RtKEthKi5Wnvf4Vx44MPQv_kLJ7zqHenh0mdJ3mmR1IWddkOmEtZoPe3f44ZTR0M1eEnfhh6kK5IWo3hRgbHxr84rFfCMuv8b8gn0fxh8JDtg0ym0XHkG3X0LB9Ls6B4Msl06fiK1apE3F0nzxYKMUcWa1IrUaDgyL0m2Q5WBPnyMhu_pc9D0UAhyJuNNIJSgKpeJpYp7p1GRVlzRIoqFNlY7D--JDI2kpoitlpa5yPiI0UY-Wc1zVrDoHDrlsnQXQCIsGBU-AbQ856G1CkOt2O93yq1OVHIJPZz_7LOWyZg1U7_6-_M1HOMC17WDN9DZrLbuFo7M12a-Xt1Vtv0GWima6A |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwED6VggRTgRbxxgMjobFjJzZr1JcoVSSK1K2KH5EqVWlVWqT-e-wkLQwsbEkm23fOd2ff9x3AI0t9kalAeYJL4lGNpSeJ4R7ztUUzLH1lCksPo9GITyYiqcHTngtjjCmKz8yzeyzu8vVCbdxRWVu4ZCcKD-CQUUpwydbaeQ-lkYU-F_xX_-GQFt0jLWDaPMm6raN1uV67PhEhqdSedu-sYtVhX7QH8XvHwnRB0yLYXVW46PhX75UCerqN_w36FFo_HD6U7NHpDGomP4fGrokDqvZ0E9rJNu69oFK3yBoMxel8jnpOxxqVmtTOdGiWo2TrdAZa8NHtjOO-V3VR8FLC2dqLRIRFykONBbVuIwIpqMBZwCKptDQW4EPuK45VxrTkmphA2ZhRBzZdTVOSkeAC6vkiN5eAAlcyGtkUUNOU-loLF2wxu-Mx1TIU4RU03fyny1IoY1pN_frvzw9w3B-_DafDwej1Bk7cYpeVhLdQX6825g6O1Nd69rm6L-z8DaUBni8 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%2F+International+Conference+on+Software+Engineering&rft.atitle=PyCG%3A+Practical+Call+Graph+Generation+in+Python&rft.au=Salis%2C+Vitalis&rft.au=Sotiropoulos%2C+Thodoris&rft.au=Louridas%2C+Panos&rft.au=Spinellis%2C+Diomidis&rft.date=2021-05-01&rft.pub=IEEE&rft.isbn=9781665402965&rft.issn=1558-1225&rft.spage=1646&rft.epage=1657&rft_id=info:doi/10.1109%2FICSE43902.2021.00146&rft.externalDocID=9402076 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1558-1225&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1558-1225&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1558-1225&client=summon |