Pin (computer program)
Pin is a platform for creating analysis tools. A pin tool comprises instrumentation, analysis and callback routines. Instrumentation routines are called when code that has not yet been recompiled is about to be run, and enable the insertion of analysis routines. Analysis routines are called when the code associated with them is run. Callback routines are only called when specific conditions are met, or when a certain event has occurred. Pin provides an extensive application programming interface (API) for instrumentation at different abstraction levels, from one instruction to an entire binary module. It also supports callbacks for many events such as library loads, system calls, signals/exceptions and thread creation events. In 2020, it received the Programming Languages Software Award from ACM SIGPLAN.[1] Pin performs instrumentation by taking control of the program just after it loads into the memory. Then just-in-time recompiles (JIT) small sections of the binary code using pin just before it is run. New instructions to perform analysis are added to the recompiled code. These new instructions come from the Pintool. A large array of optimization techniques are used to obtain the lowest possible running time and memory use overhead. As of June 2010, Pin's average base overhead is 30 percent (without running a pintool).[2] FeaturesInstrumentation modesPin supports two modes of instrumentation called JIT mode and Probe mode. JIT mode supports all features of Pin, while Probe mode supports a limited feature set but is far faster, adding almost no overhead to program's running time. JIT mode uses a just-in-time compiler to recompile all program code and insert instrumentation, while Probe mode uses code trampolines for instrumentation. Platform independencePin was designed for tool portability, and despite JIT compiling from one ISA to the same ISA (and not using a single intermediate representation for all code), most of its APIs are architecture and operating system independent. It was also designed to be portable itself, carefully isolating platform-specific code from generic code, allowing the fast adaptation of Pin to new platforms. Approximately half of the code is generic and the rest is either architecture or OS dependent.[3] OptimizationsPin uses many techniques to optimize instrumentation and analysis code, using techniques such as inlining, liveness analysis and smart register spilling. Pin performs these optimizations automatically whenever possible, without needing users to insert any extra code to allow inlining. Naturally, some optimizations still require user hints, and some code structures are easier to inline than others. Direct linking of jitted code sections, a technique called trace linking, and register binding reconciliation, which minimizes register spilling and remapping, are also used. Ease of usePin’s API and implementation are focused on making pin tools easy to write. Pin takes full responsibility for assuring that the instrumentation code from the pin tool does not affect the application state. Also, the API enables instrumentation code to request many pieces of information from Pin. For example, the instrumentation code in the pin tool can use the Pin API to get the memory address being accessed by an instruction, without having to examine the instruction in detail. ToolsThere are many Pintools that are used for varying tasks.
Alternatives to Pin ToolThere are many other tools available to collect resource usage of running programs on the system such as Bell Lab’s strapon tool and Dyninst tool etc. Bell Lab’s tool uses the strap on technology which runs a tool to collect resources simultaneously with the program but this tool is only compatible with the programs which allow other programs to run simultaneously with them.[6] Furthermore, Dyninst tool uses binary rewriting of the program’s executable and implementable commands inside the program to check for resource usage and is very efficient. However, it is very unstable as it is a relatively new tool and crashes on large scale programs.[7] Lastly, Intel Pin tool uses static binary instrumentation and runs the program as a part of itself while keeping track of all its resources.[8] This approach is more suitable for an antivirus as it can easily run all the processes under itself and can kill programs if they reach a maximum allocated limit as defined by the antivirus. See alsoNotes
References
External links
|