diff --git a/tracing/analysis.cc b/tracing/analysis.cc
index e71a830c..1a23d756 100644
--- a/tracing/analysis.cc
+++ b/tracing/analysis.cc
@@ -14,7 +14,9 @@
 
 #include "./tracing/analysis.h"
 
-#include "./tracing/disassembler.h"
+#include <algorithm>
+#include <string>
+
 #include "./tracing/execution_trace.h"
 #include "./tracing/unicorn_tracer.h"
 #include "./util/arch.h"
@@ -55,13 +57,7 @@ absl::Status TraceSnippetWithSkip(const std::string& instructions,
 
 template <typename Arch>
 absl::StatusOr<FaultInjectionResult> AnalyzeSnippetWithFaultInjection(
-    const std::string& instructions, Disassembler& disas,
-    ExecutionTrace<Arch>& execution_trace) {
-  // Capture an unmodified trace.
-  UnicornTracer<Arch> tracer;
-  RETURN_IF_NOT_OK(tracer.InitSnippet(instructions));
-  RETURN_IF_NOT_OK(CaptureTrace(tracer, disas, execution_trace));
-
+    const std::string& instructions, ExecutionTrace<Arch>& execution_trace) {
   size_t expected_instructions_executed = execution_trace.NumInstructions();
   UContext<Arch> expected_ucontext = execution_trace.LastContext();
 
@@ -99,11 +95,11 @@ absl::StatusOr<FaultInjectionResult> AnalyzeSnippetWithFaultInjection(
 }
 
 // Instantiate concrete instances of exported functions.
-template absl::StatusOr<FaultInjectionResult> AnalyzeSnippetWithFaultInjection<
-    X86_64>(const std::string& instructions, Disassembler& disas,
-            ExecutionTrace<X86_64>& execution_trace);
-template absl::StatusOr<FaultInjectionResult> AnalyzeSnippetWithFaultInjection<
-    AArch64>(const std::string& instructions, Disassembler& disas,
-             ExecutionTrace<AArch64>& execution_trace);
+template absl::StatusOr<FaultInjectionResult>
+AnalyzeSnippetWithFaultInjection<X86_64>(
+    const std::string& instructions, ExecutionTrace<X86_64>& execution_trace);
+template absl::StatusOr<FaultInjectionResult>
+AnalyzeSnippetWithFaultInjection<AArch64>(
+    const std::string& instructions, ExecutionTrace<AArch64>& execution_trace);
 
 }  // namespace silifuzz
diff --git a/tracing/analysis.h b/tracing/analysis.h
index 61c54fcb..1fa39e8c 100644
--- a/tracing/analysis.h
+++ b/tracing/analysis.h
@@ -33,14 +33,14 @@ struct FaultInjectionResult {
 };
 
 // Perform fault analysis on the snippet `instructions`.
+// `execution_trace` must contain a valid trace. If this function is successful,
+// the trace is annotated with which instructions were critical in detecting
+// faults.
 // If successful, this function returns aggregate statistics about the fault
 // injection.
-// A full trace is returned in `execution_trace` with annotations on which
-// instructions were critical in detecting faults.
 template <typename Arch>
 absl::StatusOr<FaultInjectionResult> AnalyzeSnippetWithFaultInjection(
-    const std::string& instructions, Disassembler& disas,
-    ExecutionTrace<Arch>& execution_trace);
+    const std::string& instructions, ExecutionTrace<Arch>& execution_trace);
 
 }  // namespace silifuzz
 
diff --git a/tracing/trace_tool.cc b/tracing/trace_tool.cc
index 2b5daacd..e72eab70 100644
--- a/tracing/trace_tool.cc
+++ b/tracing/trace_tool.cc
@@ -257,10 +257,13 @@ absl::Status AnalyzeSnippet(const std::string& instructions,
                             size_t max_instructions, LinePrinter& out) {
   DefaultDisassembler<Arch> disas;
   ExecutionTrace<Arch> execution_trace(max_instructions);
+  UnicornTracer<Arch> tracer;
+  RETURN_IF_NOT_OK(tracer.InitSnippet(instructions));
+  RETURN_IF_NOT_OK(CaptureTrace(tracer, disas, execution_trace));
 
-  ASSIGN_OR_RETURN_IF_NOT_OK(FaultInjectionResult result,
-                             AnalyzeSnippetWithFaultInjection<Arch>(
-                                 instructions, disas, execution_trace));
+  ASSIGN_OR_RETURN_IF_NOT_OK(
+      FaultInjectionResult result,
+      AnalyzeSnippetWithFaultInjection<Arch>(instructions, execution_trace));
   out.Line("Detected ", result.fault_detection_count, "/",
            result.fault_injection_count, " faults - ",
            static_cast<int>(100 * result.sensitivity), "% sensitive");