Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PoC - Static analyzer for Python #390

Open
josh-berry opened this issue Sep 26, 2023 · 2 comments
Open

PoC - Static analyzer for Python #390

josh-berry opened this issue Sep 26, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@josh-berry
Copy link
Contributor

No description provided.

@josh-berry josh-berry added the enhancement New feature or request label Sep 26, 2023
@dandavison
Copy link
Contributor

dandavison commented Aug 21, 2024

Ultimately, we want static analysis for Temporal SDKs to be both runnable as a standalone process and easily integratable into LSP-based IDE tooling.

One possibility here would be mypy plugins. However, it's not clear that mypy is going to be dominant in the future of Python type-checking: Microsoft subsequently created Pyright, which is more closely associated with and widely deployed in developer LSP tooling due to VSCode (as well as a bit faster and perhaps has some other advantages). However, my impression is that Pyright will not provide extensibility of the sort that we need.

Now, Astral are creating a new Python type-checker. Astral's ruff linter and formatter has been extremely well received, and they have created LSP tools to go with it. Clearly, their type checker will be integrated into their LSP solution. (They've also released a competitor to pip/poetry/pyenv etc).

I think that we should watch this space. In particular to understand whether Astral are creating type-checking technology that is extensible in a way that we can make use of, and if so when it would make sense to start prototyping.

@cretz
Copy link
Member

cretz commented Aug 21, 2024

Basically there are two static analyzers needed IMO:

  • General purpose Python static analyzer that catches people making thread-blocking calls (directly or transitively) in an async def function
  • Temporal-specific Python static analyzer that catches people making illegal calls (directly or transitively) in a workflow

The first one should be a general product/repo IMO, but they both need a call graph so there is an opportunity for code sharing.

I have POC'd this with MyPy plugins by the way. You can build a reasonable call graph but storing it in cache is difficult because they only allow you to set some plugin metadata at a higher level not a per function level (read https://github.com/python/mypy/blob/master/mypy/plugin.py). It can be hacked, but I think we should contribute a very small PR to MyPy to allow plugins to store a metadata dict on more specific objects.

I have researched a good bit about Python call graph builders and there are no good/fast modern ones. And I've only found MyPy to provide extensibility and semantic analysis to build proper call graphs (this can't be done without static analysis). It will be great if Ruff gets this analysis, we could definitely build on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants