Static analysis can discover a variety of defects and weaknesses in system source code, even before the code is ready to run. Runtime analysis, on the other hand, looks at running software to detect problems as they occur, usually through sophisticated instrumentation. Some may argue that one form of analysis precludes the other, but developers can combine both techniques to achieve faster development and testing as well as higher product quality.

This paper discusses both techniques, beginning with static analysis, which prevents problems from entering the main code stream and ensures that any new code is up to standard. The paper then explores runtime analysis, which developers can perform during module development and system integration to catch any problems missed by static analysis. Also addressed is how developers can combine static and runtime analysis to prevent regressions as a product matures.