a³ Release 15.10 ---------------- Targets ------- * TimingProfiler for V850 E1, V850 E2 and RH850 is now available. a³ for V850 has been renamed to a³ for V850/RH850, as TimingProfiler for RH850 is now included in this package. * StackAnalyzer for AMD K6-2E+ is now available. * Support for e500 has been discontinued. Integration with dSPACE TargetLink ---------------------------------- The handling of interpolation routines has been improved. GUI --- * Major revamp of the user interface. See www.absint.com/releasenotes/a3/15.10/gallery.htm for a quick introduction with screenshots. * The new Macros view lists macros from source code, extracted from DWARF debug info if available. * Improved DWARF debug information view: * much faster visualization of the debug information, reduced memory consumption and enhanced performance * path replacements are applied to enable links between the DWARF view and the source code * extended search capabilties * In the DWARF view, searching for an address will now also look for it inside global variables or functions. * The "Variable usage (context)" view now offers a context menu for jumping from a variable to the instructions that access it in the call graph or disassembly. * Faster loading of graph visualization when source code is displayed. * In the Graph view, recursive functions can now be highlighted using a dropdown in the toolbar. * By default, the Message view no longer shows notes and progress indicators. Only errors, warnings and infos are shown. Notes and progress can still be shown on request. * New option "Extract constant memory regions" to consider sections and global variables as constant (non-writable) if they are marked as constant in the DWARF debug information. If the executable reader finds any data values in such constant regions, these values will be used in resolving computed branches and calls, and in value analysis. * TriCore: you can now specify the CSFR base address, i.e. the base address that is used by "mfcr" and "mtcr" instructions to compute the addresses of the memory-mapped Core Special Function Registers (CSFRs). AIS annotations --------------- * New AIS2 annotations: * stack effect increases or decreases the stack level. # increases the stack level by 8 bytes instruction "updateState" -> call(3) { stack effect: 8 bytes; } # decreases the stack level by 64 bytes routine "triggerUpdate" { stack effect: -64 bytes; } * possibly exits instructs the value analysis to handle each loop-iteration end as a potential exit of the analyzed program. loop "process.L1" { bound: 0 .. 10; possibly exits; } In this example, the routine "process" contains a single endless loop. Without the new "possibly exits" annotation in place, the value analysis would consider the loop to be a deadend and mark it as infeasible. With the annotation, however, the value analysis will treat the ends of the first ten loop iterations as potential program exits, allowing you to obtain analysis results for these ten iterations. * suppress message for suppressing a message with a given ID (for example, a decoder warning that the binary is non-statically linked). suppress message: 1033; * functor to access values of enumerator constants. For example, given the C enumerated type declaration enum cardsuit { CLUBS = 1, DIAMONDS = 2, HEARTS = 4, SPADES = 8 }; the new AIS2 enum functor enum("HEARTS") will yield the value of HEARTS, i.e. 4. * support for regular expressions for annotating multiple program points or areas at once. # annotate handleInput0 through handleInput9 # and handleMessage0 through handleMessage9 routine match("handle(Input|Message[0-9])") { # ... } * annotation to assert that a call instruction does call a specific set of routines. # assert that call targets cmk, cma, and cmo exist instruction -> call(2) assert calls: "cmk", "cma", "cmo"; * Improved flexibility of the area contains data annotation. * AIS1 and AIS2 area annotations can now be mixed without any restrictions. * The annotation instruction <ProgramPoint> end; is now written as end: <ProgramPoint>; This allows multiple program ends to be specified in a single annotation, for example: end: 0x4040, 0x192c; Decoding -------- * Improved extraction of DWARF debug information. * Improved handling of call target annotations using AIS2 complex area definitions referring to arrays of packed structure types. * Improved automatic decoding of computed call tables using DWARF debug information where available. * Improved Intel HEX reader. * Improved handling of sizes for architectures with non-byte quanta (one address space step ≠ 8 bit). * ARM: * Improved automatic switch table decoding. * Improved automatic decoding of computed call tables. * Improved handling of IT blocks containing illegal or unsupported instructions. * Improved automatic detection of instruction set (ARM or THUMB) for routines. * Improved output of mnemonics including their guard in THUMB IT blocks. * C16x: * Improved automatic switch table decoding. * Improved guessing of stack and data page pointers. * Fixed symbol table entries by discarding their size information if the symbol size exceeds the page. * FR81: further improved switch table decoding of Fujitsu FR81 compiler. * PPC: improved automatic decoding of switch and call tables for GHS. * SPARC: * Improved automatic switch table decoding. * Improved resolution of computed calls via function pointers. * TriCore: * Improved decoding of code optimized with Tasking compiler (code factorization/ .cocofun*). * Improved automatic decoding of switch tables for GCC. * V850: * The SYSCALL base pointer (SCBP) can now be specified in the Hardware view to resolve syscalls automatically during decoding. * Improved switch table resolution. * Improved call table patterns. * Improved guessing of the ROM SDA base. * x86: * New and improved decoder. * Generalized iterative decoding. * Improved support for GCC 4.9.x. Stack and value analysis ------------------------ * Stack analysis and value analysis for ARM, M68020, and x86 have been ported to the new EVA value analysis framework. This implies changes in analysis behavior and precision, see the corresponding notes in release 14.10 at www.absint.com/releasenotes/a3/14.10/#analyses. * EVA targets (currently ARM, C28x, FR81, M68020, PowerPC, SPARC, TriCore, V850, and x86): * Improved stack analysis, faster value analysis, more precise loop analysis. * Improved analysis precision for: * recursive programs * complex conditions * saturated arithmetic operations * division overflow * zero/sign extension * 64-bit load/stores of 32-bit register pairs * user-given annotations "instruction X accesses Y" * accesses to spanning multiple constant/read-only memory regions * the last loop iteration of loops annotated by the user (not executing parts that lead to the next iteration that is not feasible anymore) * guarded execution and conditional moves * conditional returns and multiple loop exits * Further improved the precision by intersecting callee save values with values propagated from the called routine. * New option to allow the use of DWARF debug information to restrict array accesses during the value analysis. If this option is enabled, the DWARF debug information is used to determine which array an access belongs to; if it is less precise than the complete array range, it will be restricted to a valid range. Restricted accesses will be labeled as such in the text and XML report, for both stack and value analysis. Stack analysis will output only the restricted accesses (marked as "restricted" in the text report, and with the bool "restricted_only" in the XML report). * Text and XML reports for value analysis now include the written and read values for memory accesses. The interactive value analysis also allows viewing this information per context. * Improved output of accesses variables in value analysis reports and interactive analysis. For example, instead of instruction 0xffc0048e writes to [0x00000680]:4 (part of '_Array2Glob' / part of 'Array2Glob') you will get the concrete element that is hit, if possible: instruction 0xffc0048e writes to [0x00000680]:4 ('Array2Glob[8][7]') * The GUI now allows specifying not only the threshold for imprecise reads but also for imprecise writes. * The GUI now allows specifying the widening delay. This enables finetuning the number of fixed-point iteration steps after which the widening is applied at a widening point (e.g. a loop head). * At widening points (e.g. start/end blocks of loops or routines), the interactive value analysis view now enables querying which registers or memory cells got lost because of the widening. * More precise handling of returns with multiple return targets (e.g. loops with multiple exits and calls that either return normally or immediately). * Reintroduced support for stack-modifying loops. Stack analysis is now possible after fully unrolling such loops. * If a register is marked as preservable for an external routine, its sub-registers will now be preserved as well. * Improved handling of multiple executables with overlapping sections. * Faster analysis and optimized memory usage through generational garbage collection. * Improved analysis precision of user-annotated loops that are fully unrolled. * Iterative decoding now automatically uses larger sets of constants to collect targets for multiple calling contexts. * Improved relational analysis by keeping track of equations containing unknown memory values. * StackAnalyzer now incorporates the relative stack heights at the end block of a routine. This change might affect routines that end with a tail call. * Improved speculative execution in the presence of guarded instructions. * Improved branch splitting for complex branching conditions (like shifted registers). * Improved branch splitting precision for sub-registers. * Other branch splitting precision improvements, e.g. for alignment checks in memcpy-like loops. * Improved notification about loss of precision due to a destroyed saved stack pointer. * Inform user about potential loss of precision if large parts of knowledge about memory contents is lost: eva-kalray: note #3096: in "./suites/a3/kalray/k1dp/ccsuite_o2/s4/aes.c", line 265: In routine 'rijndaelKeySched.L10', at address 0xda8: Losing precision since the instruction 0xda8: 'sb.add.x1 r0[r17] = r5;;' destroys 100% of the known memory content (35 cells). (context '0x2140->"rijndaelVTKAT.clone.0", 0x1ba4->"makeKey", 0x16b0->"rijndaelKeySched", 0xc28->"rijndaelKeySched.L3"[1], 0xd64->"rijndaelKeySched.L10"[4..]') * AIS annotations can now be created for start and end blocks in the interactive value analysis. * C28x: improved precision for conditional xcall/xret. * FR81: * Improved division precision. * Analyzer assumes calling conventions for software interrupts via int. * PowerPC * Improved precision for bool data type and boolean logic. * Improved model for conditional branch and link: update link register if condition is false, too. * For the stwcx instruction, the analysis now models the reservation failed case, too. * TriCore: * Improved handling of code compacted by the Tasking compiler (containing .cocofun* code factor routines). * Improved division precision. * Improved handling of PCXI subregisters. * V850: improved calling conventions for syscall. Cache and pipeline analysis --------------------------- * Improved performance of the pipeline analysis framework. * Am486: improved pipeline model. * ARM Cortex-R4F: * Improved handling of speculative memory accesses in the pipeline model. * Improved pipeline model for guarded execution. * Pipeline analysis informs about not supported definitive misaligned accesses. * i386: * Improved pipeline model. * Improved handling of data dependencies. * M68020: * Improved pipeline model. * Improved alignment handling of imprecise memory accesses. * e300, PPC750, MPC7448, 7448s, 755, 755s: * Removed split type "PCI jitter". Those splits are now accounted by the split type "jitter". * Splits caused by imprecise target latencies of memory accesses are now accounted for by the split type "variant execution time". Path analysis ------------- * Faster prediction-file-based path analysis and snippet WCET evaluation. * Improved numerical stability of the CPLEX ILP solver driver. * Global snippet evaluations are now possible if the start and the end are not in the same routine. Still the snippet must be a single-entry single-exit region (see the user manual). Visualization and reporting --------------------------- * By default, only the output of the final decoding and analysis round for iterative decoding is printed to text/XML reports. The GUI offers an option for enabling the output of all rounds. * Callstrings will now show the address of the call instruction rather than that of the call block, and only report the current unroll iteration of loops, indicating cumulative contexts with a "..". Old: call block address, current iteration, default/max unrolling ..., 0x30->"main.L1"[1/2..] ..., 0x30->"main.L1"[2/2..] New: call instruction address, current iteration, ".." for cumulative ..., 0x34->"main.L1"[1] ..., 0x34->"main.L1"[2..] * Implemented driver tool to perform XQueries. ============================================================================== Last modified on 13 October 2015 by alex@absint.com. Copyright 2015 AbsInt. www.absint.com ============================================================================== An HTML version of these release notes is available at www.absint.com/releasenotes/a3/15.10