ASM Scope : a program understanding tool

Table of Contents

How ASM Scope helps you
Why use ASM Scope
Getting ASM Scope

Most organizations and programmers favor high-level languages over assembly for new developments; they see assembly as verbose, complex, non-portable and error prone. Nevertheless, embedded engineers often need to work with assembly programs, for good reasons.

A program understanding tool like ASM Scope can save the embedded engineer many hours of tedious work. This tool “reads” a computer program and makes sense of it without executing it on the target CPU — just like a programmer would. ASM Scopedigests” the code and displays it in a format that reveals the structure and the logic of the program, including a call graph. Afterwards, ASM Scope answers queries about the program control flow, execution flow and register usage for large subroutines (or for a few lines of code). In short, ASM Scope combines visualization and static analysis in one powerful package.

If you are an engineer, you probably know that having the right tools not only improves your productivity, but turns a boring job into an exciting one; read the technical details to see if ASM Scope is for you, and check out A tale of two engineers.

If you are a manager, consider this: would you rather have a tired, unmotivated guy reading long assembly listings over and over, or a bright, productive engineer building the firmware for the product your firm sells ? Using the right tool when warranted can make all the difference.

Keep in mind that you can test drive ASM Scope online before purchasing and see for yourself how useful this tool really is.

How ASM Scope helps you

ASM Scope  screenshot

ASM Scope helps in two ways:

  1. By displaying the program in a format that helps you understand and navigate the code: a call graph keeps you from getting lost in big programs, and a bookmark pane with subroutine entry points helps you move around quickly.

  2. By carrying out complex analyses (such as register usage) that would be tedious and error-prone if you were to do them manually.

Unlike a profiler, debugger or simulator, ASM Scope gets to look at the entire program, not just the part of the code that each set of inputs exercises.

Structure and navigation

Assembly listings have a “spaghetti” look that is hard to follow and can be confusing. This is especially true when you are working on disassembled object code, where the author's initial formatting and organization are lost. Even if you have the original source code, browsing a long file with lots of routines will be hard if all you have is a text editor (even a powerful one with syntax highlighting).

ASM Scope makes assemby easy on your eyes because it lets you display and navigate code in an intelligent way; it can do so because it understands the structure of the assembly program. Source code is made up of modules (files); modules are made up of routines; routines are made up of control structures (loops, if-then-else branches etc). ASM Scope identifies the entry point and extent of each routine, and creates bookmarks to point to those routines. Additionally, ASM Scope recognizes control structures and displays them distinctly.

Assembly code tends to be verbose. It's hard to follow routines that span several screenfulls of code, because the level of detail is distracting and the big picture becomes hard to see. Code folding solves the problem by letting you collapse entire sections of code into a single expandable fold: click the fold, and it expands; click again, and it collapses. Folds can be nested. ASM Scope pre-defines folds for modules, routines, and control structures, and also lets you define your own folds.

Control flow

A good road atlas doesn't just have a collection of city maps and a textual city name index; it also has a zoomed-out map of the region, showing all the cities and the roads connecting them. The overview map covers all the detail maps. Similarly, instead of making you read the code to figure out the relationship between the subroutines, ASM Scope figures out which routines call other subroutines, and

  • displays a call graph.

  • shows you where a subroutine is called from, or where a jump or call statement points to.

ASM Scope  call graph

You can use cross-referencing information to verify that a subroutine is called “properly” each time. An assembly subroutine may assume that certain registers contain certain values, and other registers hold parameters; by inspecting all calls to the subroutine, you can spot places where the assumptions fail.

Execution flow

You are reading a routine, following the execution flow. You encounter a branch; you can't mentally follow both paths — you have to take the first path to the end, backtrack to the bifurcation point, then follow the second path, just to see what lines of code might be executed. This gets more and more tedious as you encounter more “forks in the road”, and you quickly discover that you can no longer keep track of which paths you have visited and which ones you have not. ASM Scope can scout all roads (including the one less traveled that you may have missed), mark each line of code that it sees, and come back to report its findings by highlighting the visited statements. This is called Subroutine flood-fill; you can dispatch this scout at any point in the program (not just at subroutine entry points), and tell it whether to follow calls to other subroutines or not.

Here's another scenario: suppose a complex subroutine has a cleanup section that must execute prior to its completion, but you suspect that sometime the cleanup section doesn't execute. You use the Subroutine flood-fill tool to select an execution scope, then use the Exits analysis tool to find statements where execution flow leaves that scope; these can be be either

  • the boundary of the scope, where execution “falls out”.

  • return-from-subroutine statements.

  • jumps outside of the scope.

You will easily catch any statements that bypass the cleanup section.

Data flow

In assembly, data flows between registers, memory locations and possibly peripherals. ASM Scope can track data that flows to and from registers. Because registers are frequently assigned “roles” (such as “register i0 is the base of the input coefficients array”), and because they are in limited supply, conflicts may easily arise.

When you call an assembly subroutine, you often view it as a black box, with inputs, outputs and possible side effects. ASM Scope can determine, for each routine:

  • what registers it alters, and what statement assigns the final value to each modified register: these registers are the black box outputs

  • what registers the subroutine reads before writing, and what statement reads the initial value: these registers are the black box inputs

Using data flow analysis, you may discover that you forgot to initialize an input register before calling a subroutine, or that your subroutine overwrites an important register that you forgot to save on the stack.

When analysing data flow, ASM Scope takes into account all possible paths of execution, as explained in Execution flow. For example, if a routine assigns a register final values on two mutually exclusive branch paths, ASM Scope will highlight both statements when queried about outputs. This means you will never miss an important special case of a routine just because it is “hidden” in an unexpected part of the code.

More features

You have seen some of the more important features of ASM Scope , as well as how they help you do your job. To learn more about ASM Scope , please register for the free online trial or read the users' manual.

If you need a specific feature that is not yet implemented in ASM Scope , we encourage you to review our roadmap and submit a request. We will take your comments into account when developing future releases; if you do not want to wait for an upgrade, we may be able to enter a contract to customize ASM Scope for your needs.

Why use ASM Scope

Whether you are an engineer or a manager, you might be tempted to reduce the benefits of ASM Scope to a simple formula, such as “using this tool cuts debugging time by x percent in the average case”. While your formula may be true quantitatively, it would miss a qualitative difference: burdening an engineer with difficult, unpleasant tasks can turn a creative and motivated person into a slug — or the other way round.

A tale of two engineers

An engineer forced to map out an assembly program by hand will spend considerable time staring at cryptic-looking assembly code, trying to shut down the creative part of his brain and get into “chore mode”. After that, he will read the code several times to get a feeling for its structure and take the time to write down his observations. By the time he starts the actual debugging or reverse-engineering, he will be bored, tired, and numb from doing “grunt work” — yet he may still have only a vague understanding of the overall structure of the program.

Without a program understanding tool, the engineer will instinctively limit his investigations to simple inspection checks or checks that he can perform with a text editor; instead of following the most promising leads, he will run the most accessible tests first. Faced with a tight deadline, the embedded engineer may well find himself unable to hunt down the critical bug that he was assigned; the deadline will pass and the schedule will slip yet again. This may prevent the company from shipping the initial version of the product, causing it to lose investors and market opportunities, or it could delay a bugfix release, costing the company valuable customers.

By contrast, an engineer with access to a program understanding tool like ASM Scope will have a clear picture of how the various pieces of the program fit together from the beginning. He will start the actual work with a fresh, agile mind and with the confidence that he has the right tools. He will be able to test complex hypotheses without worrying that the checks are tedious to perform. In short, he will be able to focus on the task at hand and not on the shortcomings of an inadequate development envtaironment.

Getting ASM Scope

In case you need a test drive, we provide a trial version of ASM Scope for free. This version demonstrates most of the features of ASM Scope , but has certain limitations that do not apply to the full version. You will still be able to see how well ASM Scope works with assembly programs that you supply, and we think you will agree that this tool can save your time, simplify your job and enable you to gain deeper insight into assembly code.