a³ Release 21.04

Revamped Disassembly view

Improved DWARF handling

Improved Graph view

General
GUI
Annotations
Analyses
Video
Plain text

New targets

aiT WCET Analyzer for ColdFire MCF5307
aiT WCET Analyzer for AURIX TC233, TC265, TC297, TC377, and TC387
StackAnalyzer, ValueAnalyzer, and TimingProfiler for Nios II
TimeWeaver for M68k
All tools for TriCore now support the GHS compiler

Improved workspaces

The compression ratio and speed for APZ files has been improved.

General improvements

Reduced memory consumption of analyses.

Windows support

This is the last release to officially support Windows 7. Future releases will require at least Windows 10.

Qualification Support Kits

New board-specific QSKs for:
- aiT for TriCore (TC377)
- aiT for M68020 (MCF5307)
Improvements:
- Added the DO-330 objectives 6.2.1ff to the table of addressed DO-330 objectives in the VTP document.
- Adapted the alignment-related test cases qk_ais2_alignment_specification and qk_setting_assume_aligned_data_accesses to work with the machine type "Generic ARMv5".
- Updated the test cases qk_setting_instruction_cache_mode, qk_setting_data_cache_mode, and qk_setting_cache_specification to check for expected cache miss output in XML report files:
- Updated the test cases qk_ais2_memory_values and qk_ais2_area_definitions_simple to cover the match functor.
Updated the test case qk_ais2_conditional_annotation_scopes to cover cascaded if-then-else statements and the new variant of functor analysisType().
Updated qk_ais2_expression_pp_area_operators to cover the functor 'interval' and usage of the functor 'entries' that evaluates in value analysis phase.
Updated qk_ais2_expression_symbolic to check for redefinitions.
Updated qk_ais2_expression_pp_area_operators to cover the functor attribute.
qk_ais2_alignment_specification is now being excluded for ARM machine types that do not support this feature.
Updated qk_ais2_context_specification_max_length and qk_ais2_context_specification_default_unroll to cover interval values in mapping annotations.

New test cases:

qk_ais2_pre_included_ais_file qk_ais2_attribute_predefined qk_computation_sum	all architectures
qk_ais2_macro qk_ais2_evalc	all except C16x and C28x
qk_ais2_preserves_stack	all except C16x, C28x, dsPIC, i386
qk_setting_area_properties_cached qk_setting_area_properties_locked qk_setting_area_properties_writeback qk_setting_instruction_cache_mode qk_setting_data_cache_mode qk_setting_area_properties_emif qk_measurement_r5f_ldr_emif_*	ARM (tms570lc4357)
qk_setting_btv qk_setting_psw_isp	TriCore

GUI

Entries in the configuration picker are now properly sorted.
Improved handling of paged addresses for the “Find in symbols” context-menu entry.
The Home → Overview page can now be configured to show the number of decoding rounds, warnings and errors. This is done by right-clicking on the table header and selecting “Edit columns…”.
The AIS editor view marks lines with associated info, warning or error message appropriately.
Improved navigation of messages with multiple locations in message view.
Improved parallel analysis execution.
Improved handling of analysis inter-dependencies.

Visualization and results

Graph History view, accessible via the hourglass button in Graph views. Elements can be added and removed there.
Improved heuristics to map source code locations to control-flow graph.
The view for loop bound stats now includes user-annotated loop bounds.
Improved performance of interactive value analysis for analyses with many calling contexts.

Improved Symbols view

Improved filtering and searching by address in the Symbols view.
For TimeWeaver, symbol table entries shown in the Symbols view can now again be filtered using potential entry points found in trace files specified under Setup → Files → Trace files.
Improved mass generation of analysis items from the Symbols view.

Annotations

New global "Pre-included AIS file" can be specified in the Files view. In contrast to the other AIS files, it is loaded before the GUI fields are read. Therefore, definitions in this file are visible in the GUI fields containing AIS expressions.
New predefined global attributes "architecture", "analysis_id", "analysis_type", "analysis_configuration", and "analysis_group". Their values are visible in the report files (provided that "Dump AIS annotations" is activated). For example the attribute "architecture" allows cross-platform AIS files:
```
routine "Proc1" {
    not analyzed;
    obeys calling conventions;
    stack usage: 64 bytes;
    if (attribute("architecture") == "tricore") {
        stack "csa" usage: 128 bytes;
    }
}
```
The above annotation can be used for multiple architectures such as PPC and TriCore without any additional annotation effort.
The values of these attributes can be accessed by the new AIS expression attribute("name"), e.g. attribute("analysis_id").
Attribute definitions can be preceded by "immutable" with the effect that these attributes cannot be redefined.
New AIS2 functor macro("<name>", <programpoint>) to extract #define information from DWARF debug information.
New AIS2 functor evalC("<expr>") to evaluate a C constant, e.g. obtained using the new 'macro' functor:
```
loop "processData.L1" bound: 0 .. evalC(macro("BUFFER_SIZE"));
```
AIS2 expressions are now able to perform simple string comparisons: The functor analysisType(a) is now replaced by analysisType() == a.
Improved heuristics to resolve program points that refer to source code.
Improved handling of "target not analyzed" annotation in case computed call instruction is duplicated.
Annotation hints that are offset-based are now always generated in a scoped annotation form, such as:
```
routine "<name>" instruction -> "<offset>" bytes { ... }
```
Improved partial resolving for program point specifications inside try { ... } scopes.
Changed semantics of "assert reachable":
- "assert reachable: true" is now fulfilled if any feasible non-speculative context exists
- "assert reachable: false" is now fulfilled if no feasible non-speculative context exists
Example output:
*
* Assertions about Infeasibility
*

* reachability for routine 'exit_ok'

is not reachable (but expected to => ASSERTION FAILED)

* reachability for routine 'exit_evil'

* in context '0x3e807c->"exit_evil"':
may be reachable (but is expected to be not => ASSERTION PROBABLY FAILED)
New AIS2 annotation that allows to add comments to program points in the graph visualization:
```
routine "ISR2_minmax" instruction -> 0 bytes comment: "Hello World!";
```
The initialization dump annotation
```
routine "init_task_function" dump: "reg_msg_handlers";
```
is now supported for the entry routine of an analysis.
Symbol names can be suffixed with "@executable@" to select a specific symbol in case multiple binaries contain symbols with the same name.
Regular expression match may now be used in complex area definitions. For example,
```
area ("IOFields"[].match(".+data.+")) volatile;
```
will match all structure members that contain the string "data".
Improved partial evaluation of mem-functor arguments.
Improved handling of overlapping area annotations.
Improved partial resolving of annotation scopes.
"interval" functor added to AIS2 to convert an expression to an interval.

Decoding

General improvemens to the automatic resolution of computed calls, C++ virtual member function calls, and computed control-flow transitions.
Improved automatic decoding of computed control-flow transitions and virtual member functions calls by allowing the pattern matcher to handle multiple code paths per routine.
Improved automatic resolving of C++ virtual member function calls by making use of register-relative type information provided by DWARF debug information.
The C++ Call Target Analyzer has been replaced by an automatic C++ virtual member function call target resolver based on DWARF debug information. Access to source code is no longer required for a³ for binary tools to resolve C++ virtual member functions.
Improved output of targets for computed branches/calls/returns by removing duplicated targets and sorting the targets by address.
Improved handling of 64-bit ELF files.

Control-flow, stack, and value analysis

ARM:
- Improved handling of IAR compiler optimizations.
- Improved decoding of modern vector instructions.
- Improved decoding of modern floating point instructions.
- Fixed textual disassembly for some instructions (semantics have not been affected).
- Fixed decoding of immediate constant in addresses used by vldr.16/vstr.16.
TriCore:
- The BTV register is assumed to be constant if a value has been specified for it in the GUI.
- Improved heuristics to guess stack pointer.
- Improved automatic resolving of computed control-flow transitions.
- Improved NULL pointer check detection when automatically resolving computed branches and calls.
- Improved switch table decoding for the Tasking compiler.
- By default, the analysis now assumes that code factoring routines of the Diabdata compiler do not violate the calling conventions.
RH850/V850: Improved handling of CALLT/CTRET.

General improvements to value analysis

Improved precision for:
- registers with sub-registers
- type case options (truncation, zero or sign extension)
- address alignment
Improved precision of "iterative collect initialization" by delaying the output of full-range values until there is a value in an earlier iteration that might need to be invalidated.
Further improved precision by not cutting call strings for leaf routines.
Improved reporting of loop bounds for loops that are infeasible due to user given loop bound of [0].
Added location of annotation to more warning messages in case it is related to an annotation. Example:
isa-fr81: Warning #3073: In "test.c", line 6:
In routine 'testFunc', at address 0x101364:
In "routine_accesses.ais", line 4, column 26:
The memory access annotation restricts the write access to an area which is outside the computed memory area.
Assuming infeasible path.
computed: [0x00100fd0]
specified: [0x00100ff0]
Improved value analysis stability when analyzing all labels or functions.
Improved handling of local call string length adjustments via annotations like
```
routine "test" mapping { max length: 5; }
```
Better conflict checking for "enter with" and "exit with" annotations regarding sub-registers:
#3153: Overlapping register 'is' has a contradiction between analyzed value [0x1] and restriction to [0x0].
In file foo.c:208, at 0x800017dc (test_function)
In context any-history

#3153: 'enter with' annotation for register 'psw' with value [0x00000400] causes contradictions.
Assuming infeasible path.
In file psw_is_conflict.ais:1:45
In file foo.c:208, at 0x800017dc (test_function)
In context any-history
The maximum number of elements that are stored in the register-relative memory info can now be configured by the user in the GUI.
The assertion violation reporting for annotations like
```
routine "test" area 0x003fff00 to 0x003fffff {
   assert readable: false;
   assert writable: true;
}
```
is extended to output the computed access range of the access that violates the given constraints.
Improved array heuristics for access sharpening in the case that multiple arrays are possibly accessed.
Improved handling of large unsigned 64-bit values in area contains annotations.

Cache and pipeline analysis

ARM:
- General improvements to the Cortex-R4F and -R5F pipeline analysis model.
- The R4F pipeline model is now more robust.
- The R5F pipeline model now supports write-back locked annotations.
- TMS570LC4357 (Cortex-R5F): Added validated support for:
  - code and data located in non-cached L2 Flash or L2 RAM memory areas
  - static branch prediction set to 'always not taken'
  - L2 flash banks with disabled prefetch mode.
- Implemented support for the external memory interface (EMIF) of the TMS570LC4357 board.
TriCore:
- Clarified that WCET analysis only supports CSAs allocated to core-local scratch pad memory.
- Improvements to aiT for TriCore AURIX 1st and 2nd GEN:
  - PFLASH and DFLASH memory timings now discern between wait and error correction cycles in the textual report.
  - Improved modeling of ret/rfe instructions.
  - Improved local WCET access heuristics.
  - Accesses that trigger a cache line fill will no longer account for both cache miss and cache hit (after line fill is completed) in cache statistics.
- AURIX 1st GEN: Improved TC2xx pipeline model.
- Validated aiT for TriCore TC377 and TC387.
- Improved handling of non-global worst-case pipeline analysis more in the presence of data access alignment errors.

Path analysis

Improved performance of ILP solving for longest path determination.
Inform the user if the default loop bound conflicts with analyzed results, in such cases infeasibilities might occur.
c33pipe: Warning #7177: In "do_char_007.c", line 10:
In routine '_main.L1', at address 0x80000d:
In context '..., 0x800000->"_main.L1"[1]':
For loop '_main.L1' the default loop bound of 4 contradicts the analyzed result that the loop cannot be left until round 5 at the earliest.

Annotation proposal:
loop "_main.L1" {
bound: 0 .. <int>;
#mapping default unroll: <int>;
#takes: <int> <unit>; # To address busy-waiting loops
}

TimeWeaver

Added support for M68k.
Added support for GHS TimeMachine TraceList CSV export traces.
More robust interactive tracing via Infineon DAS.
TimeWeaver now reports which trace formats have been detected when using automatic trace format detection.
Symbol table entries shown in the Symbols view can now again be filtered using potential entry points found in trace files specified under Setup → Files → Trace files

Reporting

Now ensuring that the reporting order of parallel analyses is deterministic.
Improved the XML report output of object size statistics.

DWARF

Improved type handling.
Improved symbol name demangling.
Proper support for the DW_TAG_namespace with the DW_AT_extension attribute.
Improved handling of C++ DWARF debug information.
New AIS2 functor 'macro("<name>", <programpoint>)' to extract #define information from DWARF debug information.

a³ release 21.04