Astrée Release 13.04

* Improved precision when handling strict float comparisons 
 (!=, <, >) in octagons.

* Synthetic (internal) variables are now automatically inserted 
  into octagon packs.

* Trace partitions created in a function call can now survive the function
  return if the call is preceded by "__ASTREE_partition_control".

* Context descriptions (e.g. in alarm messages) now also contain 
  loops that are not unrolled. Such loops appear as "loop@XXX>=1".
* Implemented the evaluation of constant conditional expressions 
 (e.g. const int i8 = 0 ? -1 : 7) when running the analyzer with 
  constant folding disabled (simplify=no).
* Improved the use of octagon constraints when reporting potential 
  runtime errors. This allows the analyzer to automatically remove 
  alarms for code such as if (a - b > 0) { d = c / (a - b); }

* Improved location information in some alarms to precisely refer 
  to a certain operand in a comparison or arithmetic expression.
* Improved the precision of modulo computations with pointers such that
  the result of evaluating expressions like ((unsigned int) ptr % 4)
  is in the expected positive range ([0,3] in this example).

* The precision of notifications about potential ambiguities due to
  side effects in expressions has been improved, so that the analyzer 
  now reports fewer false positives. The corresponding message 
  has been renamed from "Potential side effects in expression" 
  into "Potential ambiguity due to side effects in expression".
* A new category of alarms, ALARM(D), has been added to represent 
  messages about uninitialized variables. As messages of this kind 
  do not represent run-time errors, they do not influence the behavior
  of the traffic lights. As long as there are no errors and only 
  alarms of class D, the traffic lights remain green.
* The identifiers "asm" and "packed" are no longer treated as keywords.

* The analyzer now allows the construction of pointers to undefined
  functions. Such pointers are then invalid.

* The analyzer now warns about incompatible combinations of options.

* New options:

  * fold-contiguous-fields
    allows to treat sets of contiguous structure fields of the same type
    as arrays for the purpose of smashing.

  * warn-on-undefined-remainder
    enables warnings when computing (signed INT_MIN % (-1)) 
    which is undefined according to the 2011 revision of the C norm.
  * export-fold
    controls whether all contexts should be joined before exporting 
    invariants in order to reduce memory consumption, thus enabling 
    the use of tool tips and the watch window for much larger projects.
  * dump-dataflow
    allows to specify whether data flow information should be collected 
    during the analysis run.
  * fields-in-octagon-packs=yes
    allows adding structure fields to octagon packs.
  * interproc-oct-packs
    allows interprocedural octagon packs.

* The "__ASTREE_absolute_address" directive now accepts absolute 
  address specifications with standard suffixes like 0xfffff0000u.
* Added new directive "__ASTREE_check" which behaves like "__ASTREE_assert",
  except that it doesn't restrict the ranges of checked variables.
* The "__ASTREE_partition_begin" directive has been optimized 
  for enum types. Instead of partitioning all possible integer values, 
  it partitions the possible enum values and the ranges between them. 
  Thus, partitioning according to variables of enum type becomes feasible 
  even if the analyzer must assume a large number of potential values 
  for these variables.
* Fixed the order in which AAL annotations from different annotation 
  blocks are inserted.

* A single click on a file in the Project tree opens it only if 
  the file has already been downloaded from the server. Downloading 
  a file from the server is triggered by a double click.
* The result views now use the system default for mouse clicks. 
  On most systems items now react on double click.

* Inline assembly statements which are not filtered but automatically 
  ignored by the analyzer, e.g. __asm("addl $4, %esp"); are now also 
  marked in the GUI as being filtered.

* The watch feature has been generalized to display not only plain 
  variables but also more general lvalue expressions, e.g. *var, 
  var.field, var->field, var[N], etc.

* The original source view can now display HTML formatted source files 
  generated by TargetLink or Embedded Coder. Thus it becomes possible 
  to jump from the original source code view in Astrée directly into
  the Matlab model.

* The editor tab size can now be configured in the preferences dialog.

* When synchronizing files between the local machine and the server, 
  error messages of the GUI now state which local files are missing 
  and which local files are identical to the server files.

* The Preprocessing view now accepts defines that include whitespace 
  characters (e.g. "UINT=unsigned int").

* When setting up a new project, the list of files to analyze can now 
  be given as a text file. Each file must appear on a separate line.

* Improved client–server communication to prevent 
  unexpected connection aborts.
* The server now takes additional precautions to avoid damaging 
  its configuration files when the hard drive is full.
* User-specific information is now attached to a certain Astrée 
  installation instead of a host name. Hence, the local settings 
  of users are now preserved even if the host name changes.

Qualification Support Kits
Fixed misspellings and inconsistencies in the VTP and TOR documents 
and the test reports.

Other improvements
* All defines in the example C stub library are now guarded 
  to prevent collisions when preprocessing source code which 
  sets standard defines before including standard headers.
* When running an analysis in batch mode with the option -u, 
  the execution now stops with an error code (an exit code 
  that is not equal to 0) if some local files are missing. 
  In addition, a detailed description of the error is printed 
  into the report file (specified via the option --report-file).

Bug fixes
* Fixed assertion failures when activating dynamic smashing 
  and uninitialized warnings.

* Fixed Boolean packing heuristic to avoid very high analysis times
  on certain code.

* Fixed evaluation of assignments in which one or several variables appear 
  on both sides and a post increment operator appears on the right-hand side
 (e.g. i = A[i]++).

* The list of files to exclude from the total coverage computation 
  had not been stored on the server. This has been fixed.
* Fixed handling of local settings to avoid that they are:
  * lost after upgrade to release 12.10,
  * overwritten when modifying an analysis with the same user 
    from a different machine, or
  * not copied when creating a new revision of a project.

* Fixed sporadic issues with the highlighting of failed assert directives 
  that were inserted via the AAL annotation language.

* Corrected some cases when the mapping to original sources 
  was not working as expected.
* Fixed unjustified messages about "definite runtime errors" 
  that could occur in rare cases when the octagon domain was enabled.
* Fixed the display of original source code in case of parse errors.

Last modified on 19 April 2013 by
Copyright 2013 AbsInt.
An HTML version of these release notes is available at