a³ Release 15.10
----------------


Targets
-------
* TimingProfiler for V850 E1, V850 E2 and RH850 is now available.
  a³ for V850 has been renamed to a³ for V850/RH850,
  as TimingProfiler for RH850 is now included in this package.

* StackAnalyzer for AMD K6-2E+ is now available.

* Support for e500 has been discontinued.


Integration with dSPACE TargetLink
----------------------------------
The handling of interpolation routines has been improved.


GUI
---
* Major revamp of the user interface.
  See www.absint.com/releasenotes/a3/15.10/gallery.htm
  for a quick introduction with screenshots.

* The new Macros view lists macros from source code,
  extracted from DWARF debug info if available.

* Improved DWARF debug information view:
  * much faster visualization of the debug information,
    reduced memory consumption and enhanced performance
  * path replacements are applied to enable links
    between the DWARF view and the source code
  * extended search capabilties

* In the DWARF view, searching for an address will now also look
  for it inside global variables or functions.

* The "Variable usage (context)" view now offers a context menu
  for jumping from a variable to the instructions that access it
  in the call graph or disassembly.

* Faster loading of graph visualization when source code
  is displayed.

* In the Graph view, recursive functions can now be highlighted
  using a dropdown in the toolbar.

* By default, the Message view no longer shows notes and progress
  indicators. Only errors, warnings and infos are shown. Notes and
  progress can still be shown on request.

* New option "Extract constant memory regions" to consider sections
  and global variables as constant (non-writable) if they are marked
  as constant in the DWARF debug information. If the executable reader
  finds any data values in such constant regions, these values will be
  used in resolving computed branches and calls, and in value analysis.

* TriCore: you can now specify the CSFR base address, i.e. the base
  address that is used by "mfcr" and "mtcr" instructions to compute
  the addresses of the memory-mapped Core Special Function Registers (CSFRs).


AIS annotations
---------------
* New AIS2 annotations:

  * stack effect
    increases or decreases the stack level.

      # increases the stack level by 8 bytes
      instruction "updateState" -> call(3) {
        stack effect: 8 bytes;
      }

      # decreases the stack level by 64 bytes
      routine "triggerUpdate" {
        stack effect: -64 bytes;
      }

  * possibly exits
    instructs the value analysis to handle each loop-iteration end
    as a potential exit of the analyzed program.

      loop "process.L1" {
        bound: 0 .. 10;
        possibly exits;
      }

    In this example, the routine "process" contains a single endless loop.
    Without the new "possibly exits" annotation in place, the value analysis
    would consider the loop to be a deadend and mark it as infeasible.
    With the annotation, however, the value analysis will treat the ends
    of the first ten loop iterations as potential program exits, allowing
    you to obtain analysis results for these ten iterations.

  * suppress message
    for suppressing a message with a given ID (for example,
    a decoder warning that the binary is non-statically linked).

      suppress message: 1033;

  * functor to access values of enumerator constants.
    For example, given the C enumerated type declaration

    enum cardsuit {
      CLUBS  = 1,
      DIAMONDS = 2,
      HEARTS = 4,
      SPADES = 8
    };

    the new AIS2 enum functor

      enum("HEARTS")

    will yield the value of HEARTS, i.e. 4.

  * support for regular expressions for annotating multiple program points
    or areas at once.

      # annotate handleInput0 through handleInput9
      # and handleMessage0 through handleMessage9

      routine match("handle(Input|Message[0-9])") {
        # ...
      }

  * annotation to assert that a call instruction does call
    a specific set of routines.

      # assert that call targets cmk, cma, and cmo exist
      instruction -> call(2) assert calls: "cmk", "cma", "cmo";

* Improved flexibility of the area contains data annotation.

* AIS1 and AIS2 area annotations can now be mixed without any restrictions.

* The annotation

    instruction <ProgramPoint> end;

  is now written as

    end: <ProgramPoint>;

  This allows multiple program ends to be specified in a single annotation,
  for example:

    end: 0x4040, 0x192c;


Decoding
--------
* Improved extraction of DWARF debug information.

* Improved handling of call target annotations using
  AIS2 complex area definitions referring to arrays of packed structure types.

* Improved automatic decoding of computed call tables
  using DWARF debug information where available.

* Improved Intel HEX reader.

* Improved handling of sizes for architectures with non-byte quanta
 (one address space step ≠ 8 bit).

* ARM:
  * Improved automatic switch table decoding.
  * Improved automatic decoding of computed call tables.
  * Improved handling of IT blocks containing illegal
    or unsupported instructions.
  * Improved automatic detection of instruction set (ARM or THUMB)
    for routines.
  * Improved output of mnemonics including their guard in THUMB IT blocks.

* C16x:
  * Improved automatic switch table decoding.
  * Improved guessing of stack and data page pointers.
  * Fixed symbol table entries by discarding their size information
    if the symbol size exceeds the page.

* FR81: further improved switch table decoding of Fujitsu FR81 compiler.

* PPC: improved automatic decoding of switch and call tables for GHS.

* SPARC:
  * Improved automatic switch table decoding.
  * Improved resolution of computed calls via function pointers.

* TriCore:
  * Improved decoding of code optimized with Tasking compiler
   (code factorization/ .cocofun*).
  * Improved automatic decoding of switch tables for GCC.

* V850:
  * The SYSCALL base pointer (SCBP) can now be specified in the Hardware
    view to resolve syscalls automatically during decoding.
  * Improved switch table resolution.
  * Improved call table patterns.
  * Improved guessing of the ROM SDA base.

* x86:
  * New and improved decoder.
  * Generalized iterative decoding.
  * Improved support for GCC 4.9.x.


Stack and value analysis
------------------------
* Stack analysis and value analysis for ARM, M68020, and x86
  have been ported to the new EVA value analysis framework.
  This implies changes in analysis behavior and precision,
  see the corresponding notes in release 14.10 at
  www.absint.com/releasenotes/a3/14.10/#analyses.

* EVA targets
 (currently ARM, C28x, FR81, M68020, PowerPC, SPARC, TriCore, V850, and x86):

  * Improved stack analysis, faster value analysis, more precise loop analysis.
  * Improved analysis precision for:
    * recursive programs
    * complex conditions
    * saturated arithmetic operations
    * division overflow
    * zero/sign extension
    * 64-bit load/stores of 32-bit register pairs
    * user-given annotations "instruction X accesses Y"
    * accesses to spanning multiple constant/read-only memory regions
    * the last loop iteration of loops annotated by the user
     (not executing parts that lead to the next iteration
      that is not feasible anymore)
    * guarded execution and conditional moves
    * conditional returns and multiple loop exits

  * Further improved the precision by intersecting callee save values
    with values propagated from the called routine.

* New option to allow the use of DWARF debug information to restrict
  array accesses during the value analysis. If this option is enabled,
  the DWARF debug information is used to determine which array an access
  belongs to; if it is less precise than the complete array range,
  it will be restricted to a valid range. Restricted accesses will be
  labeled as such in the text and XML report, for both stack and
  value analysis. Stack analysis will output only the restricted
  accesses (marked as "restricted" in the text report, and with
  the bool "restricted_only" in the XML report).

* Text and XML reports for value analysis now include
  the written and read values for memory accesses. The interactive
  value analysis also allows viewing this information per context.

* Improved output of accesses variables in value analysis reports
  and interactive analysis. For example, instead of

    instruction 0xffc0048e writes to [0x00000680]:4
    (part of '_Array2Glob' / part of 'Array2Glob')

  you will get the concrete element that is hit, if possible:

    instruction 0xffc0048e writes to [0x00000680]:4
    ('Array2Glob[8][7]')

* The GUI now allows specifying not only the threshold for imprecise reads
  but also for imprecise writes.

* The GUI now allows specifying the widening delay.
  This enables finetuning the number of fixed-point iteration steps
  after which the widening is applied at a widening point (e.g. a loop head).

* At widening points (e.g. start/end blocks of loops or routines),
  the interactive value analysis view now enables querying which registers
  or memory cells got lost because of the widening.

* More precise handling of returns with multiple return targets
 (e.g. loops with multiple exits and calls that either return normally
  or immediately).

* Reintroduced support for stack-modifying loops. Stack analysis
  is now possible after fully unrolling such loops.

* If a register is marked as preservable for an external routine,
  its sub-registers will now be preserved as well.

* Improved handling of multiple executables with overlapping sections.

* Faster analysis and optimized memory usage through
  generational garbage collection.

* Improved analysis precision of user-annotated loops that are fully unrolled.

* Iterative decoding now automatically uses larger sets of constants
  to collect targets for multiple calling contexts.

* Improved relational analysis by keeping track of equations
  containing unknown memory values.

* StackAnalyzer now incorporates the relative stack heights
  at the end block of a routine. This change might affect routines
  that end with a tail call.

* Improved speculative execution in the presence of guarded instructions.

* Improved branch splitting for complex branching conditions
 (like shifted registers).

* Improved branch splitting precision for sub-registers.

* Other branch splitting precision improvements, e.g.
  for alignment checks in memcpy-like loops.

* Improved notification about loss of precision due to a destroyed
  saved stack pointer.

* Inform user about potential loss of precision if large parts
  of knowledge about memory contents is lost:

    eva-kalray: note #3096: in "./suites/a3/kalray/k1dp/ccsuite_o2/s4/aes.c",
    line 265:
    In routine 'rijndaelKeySched.L10', at address 0xda8:
    Losing precision since the instruction 0xda8: 'sb.add.x1 r0[r17] = r5;;'
    destroys 100% of the known memory content (35 cells).
    (context '0x2140->"rijndaelVTKAT.clone.0", 0x1ba4->"makeKey",
    0x16b0->"rijndaelKeySched", 0xc28->"rijndaelKeySched.L3"[1],
    0xd64->"rijndaelKeySched.L10"[4..]')

* AIS annotations can now be created for start and end blocks
  in the interactive value analysis.

* C28x: improved precision for conditional xcall/xret.

* FR81:
  * Improved division precision.
  * Analyzer assumes calling conventions for software
    interrupts via int.

* PowerPC
  * Improved precision for bool data type and boolean logic.
  * Improved model for conditional branch and link:
    update link register if condition is false, too.
  * For the stwcx instruction, the analysis
    now models the reservation failed case, too.

* TriCore:
  * Improved handling of code compacted by the Tasking compiler
   (containing .cocofun* code factor routines).
  * Improved division precision.
  * Improved handling of PCXI subregisters.

* V850: improved calling conventions for syscall.


Cache and pipeline analysis
---------------------------
* Improved performance of the pipeline analysis framework.

* Am486: improved pipeline model.

* ARM Cortex-R4F:
  * Improved handling of speculative memory accesses in the pipeline model.
  * Improved pipeline model for guarded execution.
  * Pipeline analysis informs about not supported definitive misaligned accesses.

* i386:
  * Improved pipeline model.
  * Improved handling of data dependencies.

* M68020:
  * Improved pipeline model.
  * Improved alignment handling of imprecise memory accesses.

* e300, PPC750, MPC7448, 7448s, 755, 755s:
  * Removed split type "PCI jitter". Those splits are now accounted
    by the split type "jitter".
  * Splits caused by imprecise target latencies of memory accesses
    are now accounted for by the split type "variant execution time".


Path analysis
-------------
* Faster prediction-file-based path analysis and snippet WCET evaluation.

* Improved numerical stability of the CPLEX ILP solver driver.

* Global snippet evaluations are now possible if the start and the end
  are not in the same routine. Still the snippet must be a single-entry
  single-exit region (see the user manual).


Visualization and reporting
---------------------------
* By default, only the output of the final decoding and analysis round
  for iterative decoding is printed to text/XML reports. The GUI offers
  an option for enabling the output of all rounds.

* Callstrings will now show the address of the call instruction rather than
  that of the call block, and only report the current unroll iteration
  of loops, indicating cumulative contexts with a "..".

  Old: call block address, current iteration, default/max unrolling

    ..., 0x30->"main.L1"[1/2..]
    ..., 0x30->"main.L1"[2/2..]

  New: call instruction address, current iteration, ".." for cumulative

    ..., 0x34->"main.L1"[1]
    ..., 0x34->"main.L1"[2..]

* Implemented driver tool to perform XQueries.



==============================================================================
Last modified on 13 October 2015 by alex@absint.com.
Copyright 2015 AbsInt. www.absint.com
==============================================================================
An HTML version of these release notes is available at
www.absint.com/releasenotes/a3/15.10