Safety-critical embedded software has to satisfy stringent quality requirements. For example, one such requirement, imposed by the relevant safety standard (ISO26262), is that no critical run-time errors must occur. In the last years, we introduced sound static analysis methods and tools in the development process for large-scale software with several million lines of code. They are used to prove highly automated the absence of run-time errors – especially caused by integration. The talk will report on this experience and give an outlook about future challenges.