.:: APARTS / Tool integration ::.
Tool Integration
The two partners in the APARTS project have each developed their
own analysis tool, with somewhat different and even complementary capabilities:
- The SWEET
tool from Mälardalen University excels at control-flow analysis, finding
loop bounds, infeasible paths, and other kinds of "flow facts" which can be
useful for several kinds of program analyses, of which WCET analysis is
one. SWEET accepts a program in the ALF language and models the program's
computations in various ways, based on abstract interpretation and abstract
execution, and using several forms of abstract numerical domains. However,
to analyse a program in C, it must be translated into ALF; to analyse a
program in its executable form (which is usually necessary for WCET
analysis), the machine-language program must first be translatated into
ALF.
- The Bound-T tool from Tidorum Ltd
analyses machine-code programs for several target-processor architectures,
producing WCET bounds and stack-usage bounds. The tool's analyses of the
computation are not based on abstract interpretation, but on a more
"analytical" approach in which the program's integer computations are
modelled as a system of affine integer equations and inequations
(technically speaking, a Presburger Arithmetic model), from which various
analysis results such as loop-bounds can be extracted by a solver. Thus,
its control-flow analysis is in many cases weaker than that of SWEET, but
in other cases it can be faster than SWEET's analysis.
Within the APARTS project we will develop and implement an integration of
SWEET and Bound-T such that:
- Bound-T can translate its internal program model into ALF, which
SWEET can then analyse. This provides a front-end for SWEET to read
machine-language programs of several target processor types.
- SWEET's analysis results (variable-value bounds, flow facts)
can be returned to Bound-T, for use in
further analysis phases, for example to calculate a WCET bound
by combining the flow facts from SWEET with Bound-T's knowledge of the
execution time taken by each basic block of code.
- In particular, when the program under analysis contains dynamic
control flow (indirect jumps or indirect calls through pointers), SWEET's
more powerful and global value-analysis will be used to resolve the
possible targets of the dynamic control flow, from which Bound-T can then
continue to reconstruct the control-flow graphs and call-graphs of the
program under analysis.