a³ Release 11.08
----------------
Targets
-------
* a³ for ARM7 has been renamed into a³ for ARM. It now supports stack analysis
for instruction sets up to ARMv7, including Thumb2 (Cortex A-8 etc.).
* Added Green Hills compiler support for StackAnalyzer for ARM,
currently only for Thumb2 code (e.g. for Cortex M3 processor).
Toolchain
---------
* Implemented a new, iterative decoding strategy that uses value-analysis
information to resolve computed-call and branch targets. This feature
significantly reduces the manual annotation effort, especially for computed
calls and branches whose targets are stored in constant arrays/tables.
By default, iterative decoding is always enabled. This can be changed via
"Option" -> "Configuration" -> "Analyses" -> "Advanced" -> "Decoding: Enable
iterative decoding".
If activated, the control-flow reconstruction and value/stack analysis
steps in the tool chain iterate if new control-flow relevant information
(i.e. a computed branch/call target) is found by the value analysis.
This information is given back to the decoder as an automatic annotation
and restarts the decoding step again. The procedure is repeated until
no further control-flow relevant information is found by the value analyzer.
A set of all collected automatic annotations can be seen in the "Automatic
annotations" view grouped under the aiT or Stack Analysis item.
This toolchain loop leads to changes to IDs of routines and contexts
in the XML report. The new IDs look as follows:
d1_r1: decode round 1, routine 1
d1_r1_c1_value: decode round 1, routine 1, context 1, value analysis
For compatibility reasons, d0_ is skipped. For analyses with no loop between
decoding and value analysis, IDs still start with r<x>.
* Improved "flexible" mapping. Will only explore routines that are feasible
for the loop/value/stack analysis. This greatly improves analysis runtime
and memory consumption for software with data-dependent control flow, like
code generated from MATLAB state machines.
* Removed the pre-decode phase to speed up analysis.
* PowerPC: separate powerspeculator run no longer required in the toolchain
for PowerPCs with speculative execution (MPC603e/MPC7448/MPC755/PPC750).
* MPC5xx: reduced the number of hardware and software restrictions.
See user manual/factsheets for details.
GUI
---
* aiT now allows to define an expected result for the WCET analysis.
The computed result is checked against the expected result, and an error
is issued if it does not match. You can specify an upper limit, a lower
limit, or a range for the WCET which must be met. The limits can be specified
in cycles or time units.
* Improved Messages view:
* New entry in the context menu allows going to the selected point
in the graph.
* Added buttons for navigation between error messages and warnings
in analysis results.
* Improved text selection.
* Improved performance: no automatic loading of symbols/sections and
debug information. This information is now loaded on-demand, by clicking
on the "Extract" button.
* Interactive stack analysis available. You can now explore value-analysis
results (i.e. the static register and memory cell contents) from within
a stack analysis, provided that the ValueAnalyzer feature is unlocked
in your license.
* Stack analysis now allows to compute the N worst-case stack usage paths.
The extended output is available in the report file as well as in separate
GDL graph files.
* Better handling of end addresses for sections in Section view.
* Added possibility to search within specified columns in Symbols, Sections,
Variables, and Functions views.
* Highlighting of search results in the Functions and Variables view.
* Further general improvements to Symbols, Variables, Functions,
and Sections views.
* Improved search capabilities in text editors:
* search field automatically prefilled with the currently selected text
* consistent coloring
* Better handling of machine-setting files and improved annotation generation
for machine settings.
* Only non-default settings are saved in the APX files.
* Text editor now allows specifying if tabs should be converted to spaces,
and whether trailing spaces should be removed.
* MPC5xx: the hardware configuration wizard now correctly sets up
the configuration of the external transfer acknowledge bit
(i.e., the SETA bit of BR[0..3] memory controller registers).
AIS
---
* MPC and i386: dropped support for the "cyclic burst" annotation, because
this preference is now automatically derived from processor settings.
* Reintroduce the global mapping parameter "max-length = x" to restrict
call string length of the analyses.
* Updated description of timing specifications for loops. (Only max allowed;
for busy-waiting loop annotations actual computed time may be lower than
the annotated time.)
Decoding
--------
* Decoding no longer warns about unresolved computed calls or branches.
(Info messages are still available). If they are reachable, the value analysis
will emit the needed warnings.
* Continue analysis and control flow graph/disassembly output even on errors.
* Keep names for routines even if they are not inside the binary
or in a non-executable or unnamed section.
* @static names without filename for data symbols.
* Name of :Anon_ routines changed:
* for flat architectures like PPC: Anon_ffff to :Anon_0xfff
* for paged architectures like C16x: Anon_ff00ff to Anon_0xff:0xff
* Improved the annotation wizard output for routines not starting with their
lowest address.
* Greatly improved the decoding of switch table patterns by generalizing
the switch-table resolving code. The enhanced pattern decoder allows for
more generic decoder patterns that are able to resolve more switch-table
patterns. Furthermore, the report now features the name of the decoding
pattern that was used to resolved a computed branch (similar to computed
calls).
* Improved support for "area is copied from" for paged architectures.
It will relocate symbols, too.
* The decoder now attempts to produce symbolic annotations hints for
unresolved computed calls that potentially call NULL pointers, such as:
instruction "<routine name>"
+ <index> computed calls via "<record name>"
[<elements>]
struct <record size> bytes
offset <record offset> bytes
access <pointer size> bytes
null;
* ARM:
* Support for ARMv7 ISA (including Thumb2).
* Improved stack pointer guessing for the TI compiler.
* Improved switch table decoding for the TI compiler.
* Better handling of Symbols with lowest bit set.
* Better handling of mixed ARM/Thumb code.
* C16x:
* Better handling of __icall. The trampoline routines are no longer excluded
from the control flow graph. This allows for more precise pipeline analysis
later on.
* Distinguish long addressing mode and short reg addressing mode in the
mnemonics shown in the Disassembly and Graph views. Short form uses
the prefix "REG:".
* HCS12:
* More switch table patterns.
* Better handling of symbols with linear address only (HCS12X/Cosmic).
* PPC:
* Simplified PowerPC instruction set selection, only differentiate between
PowerPC and PowerPC VLE. Unsupported instruction during decoding: dcread
in normal encoding, only supported in alternative encoding because of
clash with icbtls.
* Added support for XCOFF32 binaries.
* Greatly improved the computation of computed-call targets (all compilers).
* Improved switch table decoding (all compilers).
* Better handling of WindRiver tail-call and code-sharing optimizations.
* Added auto-detection of VLE sections in ELF binaries following EABI.
* Allowed decoding of the "wait" instruction.
* Added support for more VLE extension instructions:
* evfsmadd
* evfsmsub
* evfsnmadd
* evfsnmsub
* efsmadd
* efsmsub
* efsnmadd
* efsnmsub
* V850: extended decoding of computed calls via function pointer tables.
Stack, loop, and value analysis
-------------------------------
* Improved StackAnalyzer performance.
* Improved detection of infeasible paths at computed branches/calls.
Warning if analysis detects that no call target is feasible.
* StackAnalyzer will no longer terminate with fatal error on unbound recursions
or stack-effect loops, but report the stack usage as unknown and allow for
interactive analysis if the ValueAnalyzer feature is available.
* Unresolved branches are now a non-fatal error after which the analysis
will continue. This will help you inspect the intermediate results.
* Improved precision of loop analysis.
* ARM:
* Support for ARMv7 ISA (including Thumb2).
* Improved precision of feasibility checks
for some computed-branch instructions.
* Improve precision of bitwise rotate instructions.
* Improved precision of branch splitting.
* HCS12: fixed semantics of the gld* <address> instruction,
set condition flags.
* PowerPC:
* Better handling of _restfprs_* and similar compiler-generated methods.
* Improved handling of conditional calls.
* Improved handling of speculation and computed-call target check.
* V850:
* Improved precision of value analysis by better handling
of the jmp instruction.
* Improved loop analysis.
* Improved unresolved-call handling.
Path analysis
-------------
* Path analysis will not complain about missing loop bound
if the loop is fully unrolled.
* For irreducible (multi-entry) loops, if none of the flow constraints
matches a block inside the loop, an info is shown in the path analysis.
* WCET contributions are also computed for snippets
with side entrances and exits.
Cache and pipeline analysis
---------------------------
* Statistics about cache hits/misses on the WCET path both in the GDL
visualization (global and per control flow edge) and in the text
and XML reports (global).
* More precise PPC-PLRU must cache analysis.
* Am486: improved pipeline model.
* TriCore: improved handling of instructions that are decoded at the same time
as control-flow changing instructions.
* PowerPC: added support for L1 instruction cache locking in MPC603e, MPC755,
MPC755s, MPC7448, MPC7448s und PPC750. See user manual for details.
* PowerPC 755(s)/750/7448(s): improved dispatch_stall feature
for folded branches.
* PowerPC 755(s)/750/603e: saved space in processor states, resulting in:
1. faster computation
2. a minor increase in the computed WCET bound due to enhanced state merging
* PowerPC 603e/750/755(s)/7448(s): default memory access regions are created
if not explicitly specified by the user.
Visualization and reporting
---------------------------
* Correctly hide infeasible routines.
* Better handling of external routines.
* Correctly color blocks featuring AIS annotations.
* Fine-grained XML report output settings. Allows to set message verbosity,
enable/disable context sensitive information, and filter individual tags.
==============================================================================
Last modified on 10 August 2011 by alex@absint.com.
Copyright 2011 AbsInt. http://www.absint.com/
==============================================================================
An HTML version of these release notes is available at
http://www.absint.com/releasenotes/a3/11.08/