aiT Screenshots

aiT is available as an a³ module, i.e. it can be combined with other analyzers from AbsInt in a single intuitive user interface.

Configuration screen: selecting files for analysis. aiT directly analyzes binary executables. This means that no modification of your toolchain or the system’s operational behavior and performance is required.

aiT accepts optional user annotations for the analyzed files, such as targets of indirect function calls, upper bounds on loop iteration counts, recursion depth, code snippets that should not be analyzed, infeasible code, and so on. You can either provide the annotations in a separate text file, or simply use the fully integrated annotations wizard that will generate such a file automatically based on your input.

Annotations are only required if the information cannot be detected automatically by aiT, e.g. for dynamic program properties. Furthermore, the amount of required annotations is dramatically reduced by several advanced techniques such as automatic loop-bound and array-call recognition.

Annotations wizard

Sample annotations

Analysis results: the computed WCET is given in CPU cycles and microseconds. aiT-computed bounds are valid for all inputs and execution scenarios.

Double-clicking on the analysis results opens the call graph of the analyzed application.

Call graph with WCET analysis results. Each routine is annotated by its relative contribution to the overall WCET. The worst-case execution path can be immediately recognized thanks to customizable color coding.

The routines can be interactively unfolded to inspect the control flow within them.

Control flow graph with WCET analysis results. For each edge, sum # describes the maximum number of traversals in the worst case, while max t describes the maximum execution time of the basic block from which the edge originates. Infeasible parts of the analyzed program (dead code) are grayed out. Analysis details (such as WCET contribution in different contexts) can be viewed in additional information windows. Context menus enable jumping from anywhere in the graph to the corresponding line in the C or assembly code.

Grayed-out infeasible code

Additional information windows

For each instruction, the set of all possible pipeline states can be shown as desired.

Visualization of the behavior of cache and pipeline over time. Each horizontal layer corresponds to one CPU cycle. Branches in the tree represent different execution scenarios, e.g. a cache hit and a cache miss at a memory access if both cases have to be analyzed. aiT automatically checks all possibilities.

Sample pipeline analysis results legend (MPC5xx)

1. Start state*
2. Intermediate state*
3. End state*
4. State description
5. Flash A
6. Flash B
7. Memory controller
8. L2U
9. Fetch
10. Dispatch
11. Execute
12. Write-back
13. Decode buffer
14. Prefetch queue
15. History queue

* Relative to the instruction to be analyzed.

Difference analysis: this experimental feature allows to graphically compare two WCET analysis graphs starting at the same entry point. This is especially helpful for comparing different analysis setups (different annotations, hard­ware settings, etc.).

The color scheme used for visualization is fully customizable, providing for full accessibility on black-and-white screens or for color-blind users.

The most recently added “Sections” view allows you to view all sections of the binary and inspect their content like in a hex editor. It also enables you to find out the memory content for a given address area.