RSS

Pyro Caml Continuous Profiler for OCaml

j12y1 pts0 comments

Announcing Pyro Caml: The First Continuous Profiler for OCaml | Semgrep | Semgrep

At RSA, we launched Semgrep Multimodal to combine AI reasoning with rule-based detection Learn More →

Products

Semgrep Code<br>Find and fix the issues that matter in your code (SAST)

Semgrep Supply Chain<br>Fix vulnerabilities in open source  dependencies and block malware

Semgrep Secrets<br>Find and fix hardcoded secrets with semantic analysis

Multimodal<br>Combine AI reasoning with rule-based analysis for detection, triage, and remediation

Semgrep AppSec Platform<br>Automate, manage, and enforce security across your organization

Semgrep Workflows<br>Build and deploy security pipelines that combine static analysis with AI at scale

Product Updates<br>Stay up to date on changes to the Semgrep platform, big and small

Solutions

Semgrep Guardian<br>Scan and fix AI-generated code the moment it's written

Open-Source Malware Protection<br>Protect against software supply chain attacks

Static application security testing<br>Increase security while accelerating development

OWASP Top 10<br>Prevent the most critical web application security risks

Secure Guardrails<br>Protect Your Code with Secure Guardrails

Fintech<br>Mitigate software supply chain risks

SaaS & Cloud<br>Increase security while accelerating development

Resources

Docs<br>Want to read all the docs? Start here

Blog<br>Get the latest news about Semgrep

ROI Calculator<br>See how Semgrep can save you time and money

Community Slack<br>Join the friendly Slack group to ask questions or share feedback

Events<br>Join us at a Semgrep Event!

Case Studies<br>See why users love Semgrep

Video Library<br>View our library of on-demand webinars

Community Edition

Company

About<br>The Semgrep story & values

Careers<br>Join the team!

Partners<br>Become a Semgrep partner

Pricing

Sign in

Product support

Contact us

Book demo

Try for free

Announcements

Announcing Pyro Caml: A Continuous Profiler for OCaml

Semgrep is open-sourcing Pyro Caml 1.0.0, the first continuous profiler for OCaml, built to run in production under gVisor, sample call stacks via Memprof, and ship data to Pyroscope. This is part one of a three-part series on how Semgrep is improving performance.

Austin Theriault

June 2nd, 2026

The core SAST engine of Semgrep is written in OCaml. There are a lot of good technical and historical reasons for this that I’ll leave for another time. An important consequence of using a language with a (relatively) small ecosystem like OCaml is that there aren’t a lot of libraries for things like observability, which are critical for running industrial software like Semgrep on hundreds of thousands of code repositories, and keeping it both reliable and performant.<br>We’ve made heavy use of existing libraries like the OCaml OpenTelemetry library, and have contributed to, and written, some of our own. Last year I gave a workshop at FunOCaml explaining how we use and benefit from observability, and how you too can implement it in your OCaml program. After the workshop though, I had multiple people come up to me and ask “what about continuous profiling?”, to which my answer was, “it just doesn’t exist yet”. Well, 7 months later, I’m happy to announce that we’re releasing 1.0.0 of Pyro Caml, a continuous profiler for OCaml.<br>What is Continuous Profiling?<br>Before we dive into the technical details, we must first understand the difference between a normal profiler and one that is continuous. Profiling is a form of dynamic analysis that measures aspects of a program like time complexity, instruction usage, or where in the code time is spent. OCaml has a handful of profilers, such as the built-in ocamlprof, magic-trace, or olly, to name just a few. What differentiates a continuous profiler is that it is not run directly by the developer, but instead runs in production, continuously profiling the program, and reporting that data back to a central location.<br>For us this distinction is incredibly important. We had gotten by with the other profilers mentioned, along with more general profilers like prof, but that only got us so far. Semgrep runs static analysis on code, and in general, we try to avoid giving our engineers easy access to the user code we analyze. So if we can’t get a local copy of the source code to profile on our own machines, continuous profiling becomes the only option. Additionally, metrics and tracing only help root out performance problems when you know where to look, and that becomes rarer as a code base matures. We must profile while customers scan their code, or else we are destined to live in the dark.*<br>Requirements for a Continuous Profiler<br>So we know a continuous profiler is an incredibly helpful tool, but Semgrep has some additional restrictions.<br>Runs under gVisor<br>We’re a security company, so we like to keep things secure, which means when we scan someone’s code, we sandbox the scan using gVisor, which implements the Linux API in userspace. One part of the Linux API it does NOT implement, is perf_event_open**, which is...

semgrep continuous code ocaml profiler security

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.