Targets
Qualification Support Kits (QSKs)
The qualification dialog now supports additional QSK archives for installation.
XTC Handling
Added support for the --timeout
switch in the GUI.
Stack and value analysis
- Changes to calling conventions for stack and value analysis. The automatic classification of routines
as satisfying or violating calling conventions has changed:
- Dummy calls and calls which return immediately are always classified to be
violating the calling conventions. This classification cannot be changed by the
user.
- Other routines that don't assign unknown values to the stack pointer and which
are terminated by an explicit return instruction are automatically classified as
satisfying the calling conventions. This classification can be overwritten by the
user to "violates calling conventions".
- The user is responsible to mark decoded routines that do not preserve the values
of callee saved registers as violating the calling conventions if they are not
automatically classified as such routines (i.e. if they are not dummy calls
or returning immediately).
- Stack analysis:
- Other general changes:
- Loops that are never left are no longer marked as infeasible but can end program execution after each iteration.
This allows more flexible handling of such loops, like using "additional starts" to analyze the functions called inside such loops.
- The value analysis may invalidate computed register contents or computed call targets during iterative decoding if it detects that other values are possible.
- Warnings about misaligned memory accesses are postponed from the loop analysis to the value analysis step to avoid unnecessary messages.
- Improved analysis performance if sets of intervals are used.
- Better loop bound detection for multi-entry loops.
- Improved handling of integer division instructions.
- Better output for infeasible computed control-flow transition, now including modulo information.
- Better handling of incorrectly decoded binaries in the value analyzer. Location of incorrectly decoded instruction will be given and path to this instruction is made infeasible.
- Better information if an "additionally takes" or "snippet/loop xxx takes" annotation doesn't
evaluate to a finite positive range, for example:
Unable to evaluate the additional cycles expression to a finite positive range, result is [0..inf].
Assuming [0, 0] cycles as execution time.
- Fixed Issue #10533:
Wrong "is entered with" annotation can lead to crash after error was issued.
No wrong results possible, only crash.
- Compute more precise value ranges for registers/memory cells modified in loops
if they relate to the loop counter.
- If ValueAnalyzer license available, ValueAnalyzer features like the "should be reachable" feature will be honored during normal stack and loop/value analysis, too.
- C16x
- Improvements for handling of speculative execution in value analyzer.
- Reset addressing mode flags after call to external routine that obeys calling conventions.
- Fixed StackAnalysis problem with "Disable User Stackpointer"
- HCS12: Improved loop analysis.
- M68020
- StackAnalyzer and ValueAnalyzer support for Coldfire.
- Improved loop analysis.
- PPC
- Improvements for handling of speculative execution in value analyzer.
- More precise handling of frame pointer for GCC compiled binaries.
- Improved loop analysis.
- SPARC: Improved loop analysis.
- TriCore:
- Support of TriCore 1.6.1 instruction set for stack and value analysis.
- Improved loop analysis.
- V850
- Supports E3 instruction set for stack and value analysis.
- Improved loop analysis.
- Fixed Issue #10680: Interactive value analysis caused abnormal termination of the value analysis if either "Generic V850 E1/ES" or "Generic V850 E2" has been selected in the machine settings dialog.
Pipeline analysis
- Generic SDR/DDR-Memory Controller: Introduced address offset for start of SDR/DDR memory region. The specified address must be aligned to the width of the specified region.
- Am486
- Improved pipeline model with respect to the floating point unit.
- Support for denormalized floating point numbers.
- C16x:
- Improved handling of speculative execution.
- Improved pipeline model.
- Support of SCXT SFR,#const instructions
- LEON2: Improved LEON2 pipeline analysis model.
- LEON3:
- Fixed handling of pending stores in store buffer.
- Reworked and simplified floating-point unit model.
- Optimized memory usage of analysis.
- MPC55xx/MPC56xx: Now supporting virtual addressing via the translation lookaside buffer (TLB).
See screenshot.
- MPC755/PPC750/MPC603e: Fixed corner case for "feature dispatch stall" handling.
(Before the fix, the situation was detected and an error reported.)
- MPC755s/PPC750/MPC603e/MPC7448s: Optimize microarchitecture model of generic MCU.
- MPC7448: Refined processor core model concerning undocumented hardware behavior (delayed TS emission).
- TriCore
- Improved flash page buffer hit/miss classification.
- Significantly reduced memory consumption of TriCore pipeline analysis.
- V850/E1F: Improved pipeline model.
Path analysis
Semantic changes to busy waiting loop annotation "loop "test" + 1 loop takes max 1000 cycles":
Timing specifications for loops are implemented by pretending that the loop is not executed at all, and assigning the specified time to the loop call node of the loop in its host routine.
This avoids ILP complexity and makes busy waiting loop annotations faster to solve.
Visualization and reporting
- For each unresolved computed call, a³ now introduces a virtual call target named
:UnresolvedTarget_A
where A
is the address of the call.
The virtual call target disappears when the computed call is resolved by annotations
that inform a³ about the call targets.
- If the unresolved computed call is not resolved by providing its targets,
but by declaring that its targets should not be analyzed, then the virtual call
target
:UnresolvedTarget_A
is renamed into :NotAnalyzedTarget_A
.
- The user can now choose between three different levels for the visualization of infeasible routines:
hide all infeasible routines, show top-level infeasible routines, show all infeasible routines.
(See screenshot).
- StackAnalyzer now marks infeasible parts of the control-flow graph
(see screenshot).
- The user may now obtain a full (static) XML representation of the call graph.
For this purpose the GUI features an “Output call graph in XML report”
under “Analyses” → “Reporting” → “XML Reporting”.
- Improved WCET path to XML export. The XML report contains information that allows the user to identify the WCET path through the source code.
- Better marking of fatal errors caused by pedantic mode.