a³ release 11.08

Targets

  • a³ for ARM7 has been renamed into a³ for ARM. It now supports stack analysis for instruction sets up to ARMv7, including Thumb2 (Cortex A-8 etc.).
  • Added Green Hills compiler support for StackAnalyzer for ARM, currently only for Thumb2 code (e.g. for Cortex-M3).

Toolchain

  • Implemented a new, iterative decoding strategy that uses value-analysis information to resolve computed-call and branch targets. This feature significantly reduces the manual annotation effort, especially for computed calls and branches whose targets are stored in constant arrays/tables.

    By default, iterative decoding is always enabled. This can be changed via Option”  Configuration”  Analyses”  Advanced”  Decoding: Enable iterative decoding”.

    If activated, the control-flow reconstruction and value/stack analysis steps in the tool chain iterate if new control-flow relevant information (i.e. a computed branch/call target) is found by the value analysis. This information is given back to the decoder as an automatic annotation and restarts the decoding step again. The procedure is repeated until no further control-flow relevant information is found by the value analyzer. A set of all collected automatic annotations can be seen in the “Automatic annotations” view grouped under the aiT or Stack Analysis item.

    This toolchain loop leads to changes to IDs of routines and contexts in the XML report. The new IDs look as follows:

    • d1_r1: decode round 1, routine 1
    • d1_r1_c1_value: decode round 1, routine 1, context 1, value analysis

    For compatibility reasons, d0_ is skipped. For analyses with no loop between decoding and value analysis, IDs still start with r<x>.

  • Improved “flexible” mapping. Will only explore routines that are feasible for the loop/value/stack analysis. This greatly improves analysis runtime and memory consumption for software with data-dependent control flow, like code generated from MATLAB state machines.
  • Removed the pre-decode phase to speed up analysis.
  • PowerPC: separate powerspeculator run no longer required in the toolchain for PowerPCs with speculative execution (MPC603e/MPC7448/MPC755/PPC750).
  • MPC5xx: reduced the number of hardware and software restrictions. See user manual/factsheets for details.

GUI

  • aiT now allows to define an expected result for the WCET analysis. The computed result is checked against the expected result, and an error is issued if it does not match. You can specify an upper limit, a lower limit, or a range for the WCET which must be met. The limits can be specified in cycles or time units.
  • Improved Messages view:
    • New entry in the context menu allows going to the selected point in the graph.
    • Added buttons for navigation between error messages and warnings in analysis results.
    • Improved text selection.
  • Improved performance: no automatic loading of symbols/sections and debug information. This information is now loaded on-demand, by clicking on the “Extract” button.
  • Interactive stack analysis available. You can now explore value analysis results (i.e. the static register and memory cell contents) from within a stack analysis, provided that the ValueAnalyzer feature is unlocked in your license.
  • Stack analysis now allows to compute the N worst-case stack usage paths. The extended output is available in the report file as well as in separate GDL graph files.
  • Better handling of end addresses for sections in Section view.
  • Added possibility to search within specified columns in Symbols, Sections, Variables and Functions views.
  • Highlighting of search results in the Functions and Variables view.
  • Further general improvements to Symbols, Variables, Functions and Sections views.
  • Improved search capabilities in text editors:
    • search field automatically prefilled with the currently selected text
    • consistent coloring
  • Better handling of machine-setting files and improved annotation generation for machine settings.
  • Only non-default settings are saved in the APX files.
  • Text editor now allows specifying if tabs should be converted to spaces, and whether trailing spaces should be removed.
  • MPC5xx: the hardware configuration wizard now correctly sets up the configuration of the external transfer acknowledge bit (i.e., the SETA bit of BR[0..3] memory controller registers).

AIS

  • MPC and i386: dropped support for the “cyclic burst” annotation, because this preference is now automatically derived from processor settings.
  • Reintroduce the global mapping parameter “max-length = x” to restrict call string length of the analyses.
  • Updated description of timing specifications for loops. (Only max allowed; for busy-waiting loop annotations actual computed time may be lower than the annotated time.)

Decoding

  • Decoding no longer warns about unresolved computed calls or branches. (Info messages are still available). If they are reachable, the value analysis will emit the needed warnings.
  • Continue analysis and control flow graph/disassembly output even on errors.
  • Keep names for routines even if they are not inside the binary or in a non-executable or unnamed section.
  • @static names without filename for data symbols.
  • Name of :Anon_ routines changed:
    • for flat architectures like PPC: Anon_ffff to :Anon_0xfff
    • for paged architectures like C16x: Anon_ff00ff to Anon_0xff:0xff
  • Improved the annotation wizard output for routines not starting with their lowest address.
  • Greatly improved the decoding of switch table patterns by generalizing the switch table resolving code. The enhanced pattern decoder allows for more generic decoder patterns that are able to resolve more switch table patterns. Furthermore, the report now features the name of the decoding pattern that was used to resolved a computed branch (similar to computed calls).
  • Improved support for “area is copied from” for paged architectures. It will relocate symbols, too.
  • The decoder now attempts to produce symbolic annotations hints for unresolved computed calls that potentially call NULL pointers, such as:
    instruction "<routine name>"
               + <index> computed calls via "<record name>"
                [<elements>]
      struct <record size> bytes
      offset <record offset> bytes
      access <pointer size> bytes
      null;
  • ARM:
    • Support for ARMv7 ISA (including Thumb2).
    • Improved stack pointer guessing for the TI compiler.
    • Improved switch table decoding for the TI compiler.
    • Better handling of Symbols with lowest bit set.
    • Better handling of mixed ARM/Thumb code.
  • C16x:
    • Better handling of __icall. The trampoline routines are no longer excluded from the control flow graph. This allows for more precise pipeline analysis later on.
    • Distinguish long addressing mode and short reg addressing mode in the mnemonics shown in the Disassembly and Graph views. Short form uses the prefix REG:.
  • HCS12:
    • More switch table patterns.
    • Better handling of symbols with linear address only (HCS12X with Cosmic compiler).
  • PPC:
    • Simplified PowerPC instruction set selection, only differentiate between PowerPC and PowerPC VLE. Unsupported instruction during decoding: dcread in normal encoding, only supported in alternative encoding because of clash with icbtls.
    • Added support for XCOFF32 binaries.
    • Greatly improved the computation of computed-call targets (all compilers).
    • Improved switch table decoding (all compilers).
    • Better handling of WindRiver tail-call and code-sharing optimizations.
    • Added auto-detection of VLE sections in ELF binaries following EABI.
    • Allowed decoding of the “wait” instruction.
    • Added support for more VLE extension instructions:
      • evfsmadd
      • evfsmsub
      • evfsnmadd
      • evfsnmsub
      • efsmadd
      • efsmsub
      • efsnmadd
      • efsnmsub
  • V850: extended decoding of computed calls via function pointer tables.

Stack, loop, and value analysis

  • Improved StackAnalyzer performance.
  • Improved detection of infeasible paths at computed branches/calls. Warning if analysis detects that no call target is feasible.
  • StackAnalyzer will no longer terminate with fatal error on unbound recursions or stack-effect loops, but report the stack usage as unknown and allow for interactive analysis if the ValueAnalyzer feature is available.
  • Unresolved branches are now a non-fatal error after which the analysis will continue. This will help you inspect the intermediate results.
  • Improved precision of loop analysis.
  • ARM:
    • Support for ARMv7 ISA (including Thumb2).
    • Improved precision of feasibility checks for some computed-branch instructions.
    • Improve precision of bitwise rotate instructions.
    • Improved precision of branch splitting.
  • HCS12: fixed semantics of the gld* <address> instruction, set condition flags.
  • PowerPC:
    • Better handling of _restfprs_* and similar compiler-generated methods.
    • Improved handling of conditional calls.
    • Improved handling of speculation and computed-call target check.
  • V850:
    • Improved precision of value analysis by better handling of the jmp instruction.
    • Improved loop analysis.
    • Improved unresolved-call handling.

Path analysis

  • Path analysis will not complain about missing loop bound if the loop is fully unrolled.
  • For irreducible (multi-entry) loops, if none of the flow constraints matches a block inside the loop, an info is shown in the path analysis.
  • WCET contributions are also computed for snippets with side entrances and exits.

Cache and pipeline analysis

  • Statistics about cache hits/misses on the WCET path both in the GDL visualization (global and per control flow edge) and in the text and XML reports (global).
  • More precise PPC-PLRU must cache analysis.
  • Am486: improved pipeline model.
  • TriCore: improved handling of instructions that are decoded at the same time as control-flow changing instructions.
  • PowerPC: added support for L1 instruction cache locking in MPC603e, MPC755, MPC755s, MPC7448, MPC7448s und PPC750. See user manual for details.
  • PowerPC 755(s)/750/7448(s): improved dispatch_stall feature for folded branches.
  • PowerPC 755(s)/750/603e: saved space in processor states, resulting in:
    1. faster computation
    2. a minor increase in the computed WCET bound due to enhanced state merging
  • PowerPC 603e/750/755(s)/7448(s): default memory access regions are created if not explicitly specified by the user.

Visualization and reporting

  • Correctly hide infeasible routines.
  • Better handling of external routines.
  • Correctly color blocks featuring AIS annotations.
  • Fine-grained XML report output settings. You can now tweak message verbosity, enable/disable context sensitive information, and filter individual tags.