a³ Release 20.10

New target

aiT WCET Analyzer is now available for MPC5777C.

Improved workspaces

* Workspaces can now be saved even while analyses are still running,
  so you can store partial results of the already finished ones.
* The extension .apz is now used for workspaces 
  to distinguish them from normal .apx project files.
* Workspace APZ files are movable, i.e. the file names within a workspace 
  are now relative to the location of the workspace as a whole.

General improvements

* The pipeline and path analysis phases have been combined 
  for better performance. This results in new configuration values 
  for the "Path analysis variant":

  * Auto 
  * Basic block level
  * Pipeline state level

  The new default is "Auto", which heuristically decides whether 
  the more precise Pipeline state level is feasible or not.
  Explicitly specifying the desired level overrules the heuristics.
* The current status of the ALM server in XML format 
  can now be accessed by appending /?xml to the URL:

    http://<your license server name>:42425/?xml
* Improved ORTI importer by always attempting to lookup entry points 
  via symbol table if lookup via RUNNINGTASK enum attribute doesn't work.
* Improved rendering of the online-help PDF viewer.

Improved DWARF handling

* Improved reading of DWARFv2 and C++ DWARF debug information.
* Improved handling of source-code information from DWARF.
* The DWARF view has been fully merged into the Symbols view.
* The search limits in the new Symbols view have been increased 
  to make DWARF search results available earlier.
* Iterative decoding now uses the DWARF debug information 
  to improve automatic decoding of C++ virtual member function calls.
* Function-local static variables are no longer considered for extracting 
  constant memory regions from DWARF.
* The option Setup → Source files → "Strip compilation path" 
  to strip the compilation path mentioned in the DWARF debug information 
  is now enabled by default.
* Improved handling of DWARFv2 generated by the GHS compiler.

Qualification Support Kits

* New compiler-specific QSKs for:
  * aiT for ARM with TI 20.2.1.LTS
  * aiT for e200 with GHS 2019.1.4
  * StackAnalyzer for C16x with Tasking VX 3.1r2

* New board-specific QSKs for:
  * aiT for tms570lc4357
  * aiT for MPC5777C

* Improvements:
  * Increased mapping parameters (max length and default unroll) 
    for compiler-specific test cases.
  * Enhanced error messaging 
    for test run specification errors (.config files).
  * Renamed outdated term "Revision" for baseline information 
    on title page of TOR/VTP documents to "Build".
  * Update qk_ais2_wcet_code_snippets to cover new variant 
    of code snippet annotations.
  * Update qk_ais2_program_point_base_source to cover usage 
    of match functor inside program point base specifications.
  * Update qk_ais2_area_definitions_simple to cover usage 
    of match functor inside section() functor for area construction.
  * Update qk_ais2_expression_enum_values to cover all possible 
    usages of the enumerator values.

* New test cases:

  qk_ais2_no_value_token_allocation                   all architectures
  qk_ais2_allow_decoder_to_read_from_writable_memory  all except dsPIC
  qk_ais2_routine_snippet_timing                      all WCET
  qk_setting_output_variable_usage_statistics         all WCET
  qk_setting_output_object_size_statistics            all WCET

* Known issue: The Software Verification Results document (part of QSLCD) 
  is currently contained in the QSK product archive and not in the special 
  SVR product archive.


* For the analysis overview under Home → Overview, 
  you can now configure what columns it should display.
* The expected result field now supports AIS expressions.
* New default font for text editors and graphs.
* Improved search performance in text editor views.
* Interactive analyses are now automatically terminated 
  when the associated analysis is removed from the project.
* The Memory Usage view now displays two different memory sizes:

  * "Resident", which is the usage of actual physical RAM
  * "Virtual", which is just the mapped stuff and things in swap

* The analysis concurrency level can now be changed during analysis,
  by right-clicking on the progress bar at the bottom of the main window.
*"Find in symbols" now switches to the configuration of the analysis 
  in the Symbols view.
* Edit analyses dialog now allows more options.
* The option Setup → Source files → "Strip compilation path" 
  to strip the compilation path mentioned in the DWARF debug information 
  is now enabled by default.
* Function-local static variables are no longer considered for Setup → 
  Decoding → "DWARF Debug Information" → "Extract constant 
  memory regions".
* Improved handling for 64-bit values for configured (stack) register(s) 
  and stack area.
* Improved visualization of collapsed analyses items. 
* Workspaces can now be saved even while analyses are still running,
  so you can store partial results of the already finished ones.

Visualization and results

* Restructured context menu in Graph view.
* Infeasible callers and call targets in the context menu 
  are now marked by the suffix "(infeasible)".
* Call nodes of trampoline routines are now shown in the call graph.
* Annotation hints are now also included in the "Copy AIS annotations" menu.
* From graph search for memory reads/writes it is now possible to jump 
  from the search results to interactive VA via context menu.
* XML result file warning/error counters are now kept 
  for all analyses, even if not all of them are re-run.
* Variable usage statistics will allow non-allocated objects 
  to be counted, too, if no allocated objects are found for an access.
* Completely revamped Disassembly view.


* The Symbols view now unites the information from DWARF and the symbol table.
* Increased search limits in DWARF view to make full search results available earlier.
* Improved handling of non-byte addresses in the Sections view.


The GUI now automatically annotates the base address 
of the core special function register (CSFR) 
depending on the selected core.


* AIS files are no longer required to have the file name suffix .ais.
* AIS1 annotations are no longer supported.
* Improved performance and reduced memory consumption of AIS2 expression resolver.

* New annotation for initialization analysis to not collect all seen values 
  for a variable but dump the values seen at some program point for the given variables:
    routine "init" dump: "msg_length"
    instruction "init" -> write(3) dump: "can_msg_buffer";

  See the user manual for more details.

* New annotation preserves: stack;. See the user manual for details.

* New area attribute for specifying if the decoder is allowed 
  to read the contents of writable sections.
    attribute "allow_decoder_to_read_from_writable_memory": false|true;

* Improvement to collect initialization analysis. If the initialization task 
  itself needs some of the collected information, the new annotation
    iterative collect initialization;
  allows to enable an iterative collect analysis that will use the collected 
  content it produces itself during the iterative decoding phase. This allows 
  e.g. to collect function pointers to further init functions that are later 
  used by the init function itself to trigger more initialization code.

* Extended the enum functor to allow for lookup 
  via enum types and regular expressions:
    # lookup by enumerator name

    # lookup by enumerator name regex

    # lookup by enum type name

    # lookup by enum type name regex

    # lookup by enumerator name and enum type name
    enum("<name>", type("<type>"))

    # lookup by enumerator name regex and enum type name
    enum(match("<name_regex>"), type("<type>"))

    # lookup by enumerator name and enum type name regex
    enum("<name>", type(match("<type_regex>")))

    # lookup by enumerator name regex and enum type name regex
    enum(match("<name_regex>"), type(match("<type_regex>")))

* The mapping parameters "max length" and "max unroll" can now handle 
  expressions that evaluate to intervals or sets of values.

  In that case the effective parameter value will implicitly be the maximum. 
    max length: [3, inf];
  yields a resulting maximum call string length of inf , i.e., unbounded.
    default unroll: -5..8;
  yields an upper bound for the number of individual loop contexts of 8.

* Improved handling of "instruction <pp> returns to: ...;" annotation 
  in the presence of a "instruction <pp> target not analyzed;" annotation 
  for the same program point <pp>.

* Improved handling for sets of values in mem functor 
  and array program point specification.


* C++ virtual member functions can now be resolved automatically
  by the iterative decoding. Using DWARF debug information, 
  the value analysis keeps track of potential class types 
  to allow the decoder to determine the called virtual member functions.
  Currently supported architectures are: ARM (thumb, arm, aarch64), 
  PowerPC, RISC-V, SPARC, V850, and TriCore.
* Virtual member function program point specifications 
  now resolve by reading the associated vtable contents.
* Improved function type signature verification of call targets.
* Improved annotations hints for accesses to writable/volatile memory 
  to be more symbolic.
  In other words, instead of something like
    area 0x9004aa44 width 4 { volatile: true; }
  the hints will now say something like
    area ("MemoryBlockInfo"."HandlerFunction_pt") { volatile: true; }
* Allocated sections that contain no data will be handled 
  like not allocated sections.
* Improved handling of:
  * non-quanta dividable sections sizes in binaries
  * computed calls where some call targets never return 
    and others return normally
  * suppress message when attached to routine scopes
* Improved resolving of computed calls in general.
* Function-local static variables are no longer 
  considered for Setup → Decoding → "DWARF Debug Information" 
  → "Extract constant memory regions".

Control-flow, stack, and value analysis

* Greatly improved stack analysis runtime for highly recursive programs.

* ARM:
  * Improved stack analysis for programs using a frame pointer.
  * The svc trap instruction will call the trap routine "svc". 
    Previous versions used "swi0x..." as the name for this.

* AArch64: Improved decoding for GHS switch tables.

* C16x: Improved handling of TASKING code optimizations.

* PowerPC: Improved DiabData switch table decoding.

  * Improved iterative decoding
  * Improved decoding of JMPL+RETT pairs
  * Improved register dependency handling for save/restore/rett

* TriCore:
  * The analyzer now automatically applies a stack-height annotation 
    if PSW.IS is zero and the target of SYSCALL/TRAPSV/TRAPV is external,
    in order to prevent an unknown user stack result due to the switch 
    to interrupt stack. Example:

      isa-tricore: Info #3080: In routine 'test_trap', at address 0x80005918:
      The relative stack height becomes unknown.
      The value analysis results might be imprecise.

      Annotation proposal:
      instruction "test_trap" -> computed(2) { stack effect: <int> bytes; }
      isa-tricore: Info #3094: In routine 'test_trap', at address 0x80005918:
      Automatically applied a stack height annotation of [8] bytes.
  * The decoder can now automatically resolve syscalls and overflow traps 
    if the user specifies the Base Trap Vector Table Pointer (BTV) 
    in the hardware configuration of the UI.
  * Allow manual and automatic resolution for software traps
   (class 5 and 6 traps) caused by the instructions SYSCALL,
    TRAPSV, TRAPV independently of the value of PSW.IS.
  * Improved modelling of free list update during CSA restore.
  * Improved handling of TriCore calling conventions
  * Improved automatic stack height annotations.
  * The registers PSW.PRS, PSW.S, PSW.FX, PSW.CDE, PSW.CDC, 
    PCXI.PCPN, PCXI.PIE, PCXI.UL, and ICR are not explicitly modelled. 
    They behave as if they always contain an unknown value.
  * Improved guessing of CSA base address. 
    The analysis assumes that at least one CSA is used 
    for the outermost call or trap.
  * Virtual trap routines "trapv" and "trapsv" are used as targets 
    of instruction "trapv" and "trapsv" if the target is not explicitly 
  * Improved switch table decoding for the Tasking compiler
  * Improved switch table and call table decoding for GCC

* RH850/V850:
  * Improved analysis precision for the registers EIWR and FEWR
  * Improved handling of the instruction STC.W during value analysis
  * Improved GHS switch table decoding

Value analysis

* The register-relative memory info is now sharpened for conditional 
  branches, too. Contradictions between absolute and relative memory info 
  that were previously reported as errors are now output as normal 
  information messages, since they are now likely to be emitted 
  for infeasible branches.
* Improved memory usage for analyses that use larger value set sizes.
* Improved both the analysis performance and the precision for 
  branch splitting.
* Optimized tracking of register relations over function calls.

* Improved precision for: 
  * writes to registers that have sub-registers
  * multiplication of the same register/memory cell
  * analyses with short call strings
  * pointer alignment operations
  * interval intersection
  * "collect initialization"
  * register-relative memory analysis
  * bit-wise and operations if value sets are enabled
  * register tainting

* Further improved precision by allowing higher value set size limits,
  e.g. for resolving computed control flow and loading constant/read-only 
  memory content.

* Output statistics about the distribution of analysis iterations 
  over the analyzed routines. This allows to see in which routines 
  most analysis runtime is approximately spend.
    isa-c16x: Info: Value analyzer iteration statistics
         (percent of processed nodes * contexts / routine):
     29% of iteration in '__flsbuf'
     10% of iteration in '_inSet'
     10% of iteration in '_UpSet.L1'
      7% of iteration in '_addSet'
      7% of iteration in '_putSet.L2'
      5% of iteration in '_cleanup.L1'

* Reduced loss of information during widening phase.
* Improved handling of memory tainting.
* Register taint information is used to keep more relational info 
  over function calls.

Cache and pipeline analysis

* Am486: Improved pipeline model. 

* ARM: 
  * Cortex-R5F: Improved stability of value partitioning. 
    This improves the pipeline state filtering that in earlier versions
    could lead to an error message during the pipeline analysis phase.
  * LH79520 (ARM720T): Higher precision for code executed from external memory.
  * Improved handling of BKPT, SEV, SVC, WFE, WFI instructions 
    for Cortex-M0, Cortex-M1, Cortex-M3 and Cortex-M4 pipeline analyses.

* C16x: Improved timing model for c166sv2 pipeline with respect to
  return stack speculation resolution that could lead to error messages.
* e300, PPC750, MPC755s, MPC7448s: Improved precision on SDRAM burst 
  handling. Read delay is only applied once for column address strobe. 
  Each subsequent DRAM cycle delivers a data strobe until the corresponding
  burst has been finished.

TimeWeaver analysis

* Improved handling of external routines.
* Improved handling of trace snippet ends.


* Output full context mapping for ValueAnalyzer analyses only in the 
  XML report (if context sensitive info enabled), not the textual reports.
* Only output context sensitive timing analysis results for routines 
  and contexts with non-zero contribution to the textual reports.


* Improved reading of DWARFv2 debug information.
* Improved reading of C++ DWARF debug information.
* Improved handling of GHS compiler-generated DWARFv2 debug information.
* Improved handling of source-code information from DWARF debug information.

Last updated on 30 October 2020 by alex@absint.com. Copyright 2020 AbsInt.
An HTML version of these release notes is available at