I did research with Dawson Engler where we used Metacompilation to find bugs in software. This compile-time analysis is especially good at finding bugs in systems-level software where runtime analysis is difficult or impossible. Metacompilation finds serious errors like memory corruption, security holes, and deadlock.

Publications:

• RacerX: Effective, Static Detection of Race Conditions and Deadlocks (postscript) (PDF)
  Dawson Engler and Ken Ashcraft. Appeared in SOSP 2003.
• Using Programmer-Written Compiler Extensions to Catch Security Holes (postscript) ( PDF)
  Ken Ashcraft and Dawson Engler. Appeared in IEEE Security and Privacy 2002. Uses metacompilation extensions to find over 100 security holes in Linux and BSD.