Danny, I am the CEO and founder of Semmle. I will refrain from arguing about the value of our product and technology. However, I must correct your statement about Fermín which is utterly false. He took a huge pay cut to come to Semmle. Please stick to facts when talking about people.

Disclosure: I’m the founder of Semmle. As noted above, this conversation is a dup but I wanted to answer the questions that came up. Semmle’s core technology is an engine for variant analysis - finding all instances of a mistake that led to an incident, especially for security. Here's how Microsoft uses Semmle: https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerabi... . The engine does support inter-procedural data flow analysis and simulates execution in that sense. For examples of such data flow analysis on Java, see https://lgtm.com/blog/apache_struts_CVE-2018-11776-part2.