Jump to content

Pin (computer program)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by AnomieBOT (talk | contribs) at 20:58, 26 February 2016 (Dating maintenance tags: {{Who}}). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Pin
Developer(s)Intel
Stable release
2.12 / November 2013, 20 (20-11-2013)
Operating systemLinux, Windows, OSX, Android
PlatformIA-32, x86-64, Intel Xeon Phi
TypeInstrumentation framework, Profiler
LicenseProprietary, free, but you cannot redistribute Pin or pintool binaries
Websitewww.intel.com/software/pintool

Pin is a platform for creating analysis tools. A pin tool comprises instrumentation, analysis and callback routines. Instrumentation routines are called when code that has not yet been recompiled is about to be run, and enable the insertion of analysis routines. Analysis routines are called when the code associated with them is run. Callback routines are only called when specific conditions are met, or when a certain event has occurred. Pin provides an extensive application programming interface (API) for instrumentation at different abstraction levels, from one instruction to an entire binary module. It also supports callbacks for many events such as library loads, system calls, signals/exceptions and thread creation events.

Pin performs instrumentation by taking control of the program just after it loads into the memory. Then just-in-time recompiles (JIT) small sections of the binary code using pin just before it is ran. New instructions to perform analysis are added to the recompiled code. These new instructions come from the Pintool. A large array of optimization techniques are used to obtain the lowest possible running time and memory use overhead. As of June 2010, Pin's average base overhead is 30 percent (without running a pintool).[1]

Features

Instrumentation modes

Pin supports two modes of instrumentation called JIT mode and Probe mode. JIT mode supports all features of Pin, while Probe mode supports a limited feature set but is far faster, adding almost no overhead to program's running time. JIT mode uses a just-in-time compiler to recompile all program code and insert instrumentation, while Probe mode uses code trampolines for instrumentation.

Platform independence

Pin was designed for tool portability, and despite JIT compiling from one ISA to the same ISA (and not using a single intermediate representation for all code), most of its APIs are architecture and operating system independent. It was also designed to be portable itself, carefully isolating platform-specific code from generic code, allowing the fast adaptation of Pin to new platforms. Approximately half of the code is generic and the rest is either architecture or OS dependent.[2]

Optimizations

Pin uses many techniques to optimize instrumentation and analysis code, using techniques such as inlining, liveness analysis and smart register spilling. Pin performs these optimizations automatically whenever possible, without needing users to insert any extra code to allow inlining. Naturally, some optimizations still require user hints, and some code structures are easier to inline than others. Direct linking of jitted code sections, a technique called trace linking, and register binding reconciliation, which minimizes register spilling and remapping, are also used.

Ease of use

Pin’s API and implementation are focused on making pin tools easy to write. Pin takes full responsibility for assuring that the instrumentation code from the pin tool does not affect the application state. Also, the API enables instrumentation code to request many pieces of information from Pin. For example, the instrumentation code in the pin tool can use the Pin API to get the memory address being accessed by an instruction, without having to examine the instruction in detail.

Tools

There are many Pintools that are used for varying tasks.

  • Components of Intel Parallel Studio make heavy use of pintools for memory debugging, performance analysis, multithreading correctness analysis and parallelization preparation.
  • Intel Software Development Emulator is a pintool that enables the development of applications using instruction set extensions that are not currently implemented in hardware.
  • CMP$IM is a cache profiler built using pin.[3]
  • PinPlay enables the capture and deterministic replay of the running of multithreaded programs under pin. Capturing the running of a program helps developers overcome the non-determinism inherent in multithreading.[4]
  • Pin itself comes with many example tools that make use of its abilities. These tools are licensed under a BSD-like license.

Uses as a Defence Mechanism

Some scholars[who?] think that one can use Pin tool or binary instrumentation techniques to detect malware. Unlike traditional antiviruses where scanning files is used to detect viruses, one can use tools like Pin tool to scan program's resources to detect abnormalities; thus detect malware.

Utilizing System Resource Monitoring

Unlike traditional techniques of scanning files, this approach doesn’t need to be updated regularly and uses a more efficient way to detect malwares rather than burdening the processor by scanning all the files. This approach keeps track of the system’s resources used by a program and terminates the program if its resource usage goes beyond a given threshold limit. The good thing about this approach is that it can be implemented inside a program itself or in an antivirus.

Other Alternatives to Pin Tool

There are many other tools available to collect resource usage of running programs on the system such as Bell Lab’s strapon tool and Dyninst tool etc. Bell Lab’s tool uses the strap on technology which runs a tool to collect resources simultaneously with the program but this tool is only compatible with the programs which allow other programs to run simultaneously with them.[5] Furthermore, Dyninst tool uses binary rewriting of the program’s executable and implementable commands inside the program to check for resource usage and is very efficient. However, it is very unstable as it is a relatively new tool and crashes on large scale programs.[6] Lastly, Intel Pin tool uses static binary instrumentation and runs the program as a part of itself while keeping track of all its resources.[7] This approach is more suitable for an antivirus as it can easily run all the processes under itself and can kill programs if they reach a maximum allocated limit as defined by the antivirus.

See also

Notes

  1. ^ Analyzing Parallel Programs with Pin
  2. ^ Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation
  3. ^ CMP$im: A Pin-Based On-The-Fly Multi-Core Cache Simulator
  4. ^ PinPlay: a framework for deterministic replay and reproducible analysis of parallel programs
  5. ^ Gupta, Chandrashekhar (2007). "Building secure products and solutions. Bell Labs Technical Journal". doi:10.1002/bltj.20247. {{cite journal}}: Cite journal requires |journal= (help)
  6. ^ Lee, Schulz (2007). "Dynamic binary instrumentation and data aggregation on large scale systems". International Journal of Parallel Programming.
  7. ^ Bach, M.; Charney, M.; Cohn, R.; Demikhovsky, E.; Devor, T.; Hazelwood, K.; Jaleel, A.; Luk, Chi-Keung; Lyons, G. (March 2010). "Analyzing Parallel Programs with PIN". Computer. 43 (3): 34–41. doi:10.1109/MC.2010.60. ISSN 0018-9162. Retrieved 2015-04-27.

References