Ask HN: 为什么 Python 中的死代码检测比大多数工具承认的更难？

I’ve been thinking about why dead code detection (and static analysis in general) feels so unreliable in Python compared to other languages. I understand that Python is generally dynamic in nature.<p>In theory it should be simple(again in theory): parse the AST, build a call graph, find symbols with zero references. In practice it breaks down quickly because of many things like:<p>1. dynamic dispatch (getattr, registries, plugin systems)<p>2. framework entrypoints (Flask&#x2F;FastAPI routes, Django views, pytest fixtures)<p>3. decorators and implicit naming conventions<p>4. code invoked only via tests or runtime configuration<p>Most tools seem to pick one of two bad tradeoffs:<p>1. be conservative and miss lots of genuinely dead code<p>or<p>2. be aggressive and flag false positives that people stop trusting<p>What’s worked best for me so far is treating the code as sort of a confidence score, plus some layering in limited runtime info (e.g. what actually executed during tests) instead of relying on 100% static analysis.<p>Curious how others handle this in real codebases..<p>Do yall just accept false positives? or do yall ignore dead code detection entirely? have anyone seen approaches that actually scale? I am aware that sonarqube is very noisy.<p>I built a library with a vsce extension, mainly to explore these tradeoffs (link below if relevant), but I’m more interested in how others think about the problem. Also hope I&#x27;m in the right channel<p>Repo for context: https:&#x2F;&#x2F;github.com&#x2F;duriantaco&#x2F;skylos