This is generally through the use of (often custom) analyzers. I would wager, though I have little empirical evidence, that most non-trivial zero days of large software like this are not strictly manually discovered.
Not sure the point of this comparison. Using compilers to build software has been all but required for a long time, and exploit discovery can be done just by using the software in unexpected ways, or by using complex reverse engineering and analysis tools.