Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A more interesting comparison than with Coccinelle is with semgrep (https://semgrep.dev/) since it also supports semantic/structural pattern matching over a number of languages, but also adds in a bunch of Boolean logic into the mix, as well as some more advanced semantic features like constant propagation.

Curious whether the teams behind these tools are aware of each other? I suppose it's unlikely that they're not.



Comby works with C++, which to me is a great advantage.


Semgrep has "experimental" support for C++. My understanding is that the major gap with both C & C++ support is macros, which are really hard.


yeah i just discovered semgrep a week ago! i'll have to download this and compare.

i found the CLI features lacking in semgrep (vs using a yaml config), so maybe this will have more support there.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: