Static code analysis and bug detection are integral to modern software engineering, providing a systematic approach to identify defects and security vulnerabilities without executing the code.

But static analysis scales extremely well, because it sets "rules" about undesirable architecture or code behavior, and automatically scans the system for these classes of bugs.

Ultimately, writing a good static analysis tool is hard, and there are plenty of cases where it’s likely to trip up and give an invalid result.