The present invention is directed to automatically analyzing
software systems for identifying faults or bugs and / or detection of malicious code. In various embodiments, the present invention measures
code coverage for high priority invocable program elements, uses a relaxed coverage
estimation technique that, instead of guaranteeing which code units will be executed, guarantees that at least a certain number of code units will be executed, determines and solves constraints in code to identify infeasible paths containing one or more selected nodes, determines, for a composite
data type, a range of values for each of at least two non-composite data fields, and / or translates, prior to code analysis complex code into simpler code having fewer operators.