Software & Services Group PinADX: Customizable Debugging with Dynamic Instrumentation Gregory Lueck, Harish Patil, Cristiano Pereira Intel Corporation.

Slides:



Advertisements
Similar presentations
Software & Services Group PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs Harish Patil, Cristiano Pereira,
Advertisements

RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Pin : Building Customized Program Analysis Tools with Dynamic Instrumentation Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff.
Debugging What can debuggers do? Run programs Make the program stops on specified places or on specified conditions Give information about current variables’
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-4, 2011 ProcControlAPI and StackwalkerAPI Integration into Dyninst Todd Frederick and Dan.
© 2003 Xilinx, Inc. All Rights Reserved Debugging.
Pipelined Profiling and Analysis on Multi-core Systems Qin Zhao Ioana Cutcutache Weng-Fai Wong PiPA.
Continuously Recording Program Execution for Deterministic Replay Debugging.
PC hardware and x86 3/3/08 Frans Kaashoek MIT
Threads 1 CS502 Spring 2006 Threads CS-502 Spring 2006.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
CSE 303 Lecture 13a Debugging C programs
Programming & Development of Mobile & Embedded Systems Lin Zhong ELEC424, Fall 2010.
Fast Dynamic Binary Translation for the Kernel Piyus Kedia and Sorav Bansal IIT Delhi.
Embedded Systems Principle of Debugger. Reference Materials kl.de/avr_projects/arm_projects/#winarmhttp://
Gdb is the GNU debugger on our CS machines. gdb is most effective when it is debugging a program that has debugging symbols linked in to it. With gcc and.
Main sponsor PicassoMonet + RembrandtMatejko + Canaletto How Debuggers Work Karl Rehmer Failures Come in Flavors Michael Nygard REST in Java Stefan Tilkov.
Memory & Storage Architecture Seoul National University GDB commands Hyeon-gyu School of Computer Science and Engineering.
6.828: PC hardware and x86 Frans Kaashoek
Analyzing parallel programs with Pin Moshe Bach, Mark Charney, Robert Cohn, Elena Demikhovsky, Tevi Devor, Kim Hazelwood, Aamer Jaleel, Chi- Keung Luk,
CSC 310 – Imperative Programming Languages, Spring, 2009 Virtual Machines and Threaded Intermediate Code (instead of PR Chapter 5 on Target Machine Architecture)
- 1 - Copyright © 2006 Intel Corporation. All Rights Reserved. Using the Pin Instrumentation Tool for Computer Architecture Research Aamer Jaleel, Chi-Keung.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
29th ACSAC (December, 2013) SPIDER: Stealthy Binary Program Instrumentation and Debugging via Hardware Virtualization Zhui Deng, Xiangyu Zhang, and Dongyan.
1 Instrumentation of Intel® Itanium® Linux* Programs with Pin download: Robert Cohn MMDC Intel * Other names and brands.
Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Presenter: Jianyong Dai Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookhot.
Module 6: Debugging a Windows CE Image.  Overview Debug Zones IDE Debug Setup IDE Debug Commands Platform Builder Integrated Kernel Debugger Other Debugging.
Debugging and Profiling With some help from Software Carpentry resources.
Scalable Support for Multithreaded Applications on Dynamic Binary Instrumentation Systems Kim Hazelwood Greg Lueck Robert Cohn.
A Tutorial on Introduction to gdb By Sasanka Madiraju Graduate Assistant Center for Computation and Technology.
CSE 332: C++ debugging Why Debug a Program? When your program crashes –Finding out where it crashed –Examining program memory at that point When a bug.
Debugging Xin Tong. GDB GNU Project debugger Allows you to see what is going on `inside' another program while it executes or crashed. (Faster than printing.
Debugging parallel programs. Breakpoint debugging Probably the most widely familiar method of debugging programs is breakpoint debugging. In this method,
Debugging Computer Networks Sep. 26, 2007 Seunghwan Hong.
JIT Instrumentation – A Novel Approach To Dynamically Instrument Operating Systems Marek Olszewski Keir Mierle Adam Czajkowski Angela Demke Brown University.
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 11 – gdb and Debugging.
Shellcode Development -Femi Oloyede -Pallavi Murudkar.
Unit - V. Debugging GNU Debugger helps you in getting information about the following: 1.If a core dump happened, then what statement or expression did.
Source Level Debugging of Parallel Programs Roland Wismüller LRR-TUM, TU München Germany.
17/02/2016S. Ponce / EP-LBC1 Debugging Under Linux Sebastien Ponce Friday, 8 March 2002.
© 2002 IBM Corporation Confidential | Date | Other Information, if necessary Copyright © 2009 Ericsson, Made available under the Eclipse Public License.
Introduction Ken Ryall – Nokia Warren Paul – Nokia Daymon Rogers – Freescale John Cortell - Freescale.
CS252: Systems Programming Ninghui Li Based on Slides by Gustavo Rodriguez-Rivera Topic 2: Program Structure and Using GDB.
CSE 332: C++ expressions Expressions: Operators and Operands Operators obey arity, associativity, and precedence int result = 2 * 3 + 5; // assigns 11.
1 ROGUE Dynamic Optimization Framework Using Pin Vijay Janapa Reddi PhD. Candidate - Electrical And Computer Engineering University of Colorado at Boulder.
 Wind River Systems, Inc Chapter - 4 CrossWind.
Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 4, 2010 CSCE 212Honors Computer Organization.
Qin Zhao1, Joon Edward Sim2, WengFai Wong1,2 1SingaporeMIT Alliance 2Department of Computer Science National University of Singapore
Introduction to Operating Systems Concepts
Instruction Set Architecture
Dynamic Analysis ddaa.
Recitation: Attack Lab
PinADX: Customizable Debugging with Dynamic Instrumentation
CSCE 212Honors Computer Organization
Debugging with gdb gdb is the GNU debugger on our CS machines.
Instruction-level Tracing: Framework & Applications
Recitation: Attack Lab
C Prog. To Object Code text text binary binary Code in files p1.c p2.c
When your program crashes
Efficient x86 Instrumentation:
Getting Started Download the tarball for this session. It will include the following files: driver 64-bit executable driver.c C driver source bomb.h declaration.
CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.
Code Composer Essentials 3.0
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CSE 303 Concepts and Tools for Software Development
CSCE 212Honors Computer Organization
Getting Started Download the tarball for this session. It will include the following files: driver 64-bit executable driver.c C driver source bomb.h declaration.
Dynamic Binary Translators and Instrumenters
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2010.
Presentation transcript:

Software & Services Group PinADX: Customizable Debugging with Dynamic Instrumentation Gregory Lueck, Harish Patil, Cristiano Pereira Intel Corporation CGO 2012, San Jose, USA 1

Software & Services Group Hypothetical Problem 1 2 (gdb) run Program received signal SIGSEGV, Segmentation fault. 0x in ?? () (gdb) bt #0 0x in ?? () #1 0x in ?? () (gdb) run Program received signal SIGSEGV, Segmentation fault. 0x in ?? () (gdb) bt #0 0x in ?? () #1 0x in ?? () Crash with bad PC and no stack trace Corrupted return address someplace... Want to stop BEFORE bad “ret” instruction

Software & Services Group Hypothetical Problem 2 3 thread stack ? ? ? ?... Massively threaded application How much stack space needed? At what point does each thread use its max stack?

Software & Services Group Traditional Debugger Breakpoints? 4 Original Application … 1.Debugger catches trap 2.Check if “ret” is to good PC 3.If yes, resume How can debugger find all “ret” instructions? Horribly slow to trap on each return Foo: ret Bar: … ret Application In Debugger … Foo: trap Bar: … trap Overwrite each “ret” with trap ret

Software & Services Group Dynamic Binary Instrumenation (DBI) 5 Application if (return to bad PC) Breakpoint() Application if (stack too big) Breakpoint() Much faster – avoids trap overhead DBI can find all “ret” instructions reliably General approach – solves stack problem (and others) BUT difficult to integrate with debugger sub 0x60, %sp … Foo: ret Bar: … ret Foo: Bar: sub 0x10, %sp … … Instrumentation

Software & Services Group Pin Overview Tool JIT compiler Application Code Cache Traces Tool controls instrumentation (e.g. “if return to bad PC”) JIT compiler fetches application instructions, calls tool to instrument Instrumented instructions stored in code cache for efficiency Fetch Instrument Optimize Store & execute 6

Software & Services Group Original CodeCode Cache JIT Compiler Overview 1’ ’ 6’ Pin 4 3’ 5’ Tool inserts instrumentation (e.g. check if return to bad PC) Dynamic recompilation makes debugging hard 7

Software & Services Group Process running under Pin PinADX Architecture 8 Tool Pin Application Debugger PinADX presents “pure” view of application. Hides effect of instrumentation and recompilation. Tool extends debugger via instrumentation. PinADX core GDB or Microsoft Visual Studio 11 Supports Linux & Windows

Software & Services Group Rest of the Talk Introduction / Motivation Example: Using “Stack Debugger” extension Example: Authoring “Stack Debugger” extension Implementing PinADX 9

Software & Services Group $ gdb./my-application (gdb) target remote :1234 (gdb) break PrintHello Breakpoint 1 at 0x4004dd: file hw.c, line 13 (gdb) cont Breakpoint 1, PrintHello () at hw.c:13 (gdb) backtrace #0 PrintHello () at hw.c:13 #1 main () at hw.c:7 (gdb) x/2i $pc => 0x4004dd : mov $0x4005e8,%edi 0x4004e2 : callq 0x4003b8 Example – Stack Debugger 10 $ pin –appdebug –t stack-debugger.so --./my-application Application stopped until continued from debugger. Start GDB, then issue this command at the (gdb) prompt: target remote :1234 Run application under Pin Debugger connected to Pin (gdb) cont Breakpoint 1, PrintHello () at hw.c:13 (gdb) backtrace #0 PrintHello () at hw.c:13 #1 main () at hw.c:7 (gdb) x/2i $pc => 0x4004dd : mov $0x4005e8,%edi 0x4004e2 : callq 0x4003b8 (gdb) break PrintHello Breakpoint 1 at 0x4004dd: file hw.c, line 13

Software & Services Group (gdb) monitor stackbreak 4000 Break when thread uses 4000 stack bytes (gdb) cont Stopped: Thread uses 4004 bytes of stack (gdb) backtrace #0 0x3f in _dl_runtime_resolve () #1 0x e7 in PrintHello () at hw.c:13 #2 0x d2 in main () at hw.c:7 (gdb) monitor stackbreak Break when thread uses stack bytes (gdb) break exit Breakpoint 2 at 0x7fffe60f9650 (gdb) cont Breakpoint 2, 0x7fffe60f9650 in exit () (gdb) monitor stats Maximum stack usage: 8560 bytes. Example – Stack Debugger 11 Stop when application uses too much stack (gdb) monitor stackbreak 4000 Break when thread uses 4000 stack bytes (gdb) cont Stopped: Thread uses 4004 bytes of stack (gdb) monitor stackbreak Break when thread uses stack bytes (gdb) break exit Breakpoint 2 at 0x7fffe60f9650 (gdb) cont Breakpoint 2, 0x7fffe60f9650 in exit () (gdb) backtrace #0 0x3f in _dl_runtime_resolve () #1 0x e7 in PrintHello () at hw.c:13 #2 0x d2 in main () at hw.c:7 (gdb) monitor stats Maximum stack usage: 8560 bytes.

Software & Services Group Rest of the Talk Introduction / Motivation Example: Using “Stack Debugger” extension Example: Authoring “Stack Debugger” extension Implementing PinADX 12

Software & Services Group Stack Debugger – Instrumentation 13 Thread Start: […] sub$0x60, %esp cmp%esi, %edx jle size = StackBase - %esp; if (size > MaxStack) MaxStack = size; if (size > StackLimit) TriggerBreakpoint(); StackBase = %esp; MaxStack = 0; After each stack-changing instruction Record initial stack

Software & Services Group VOID Instruction(INS ins, VOID *) { if (INS_RegWContain(ins, REG_STACK_PTR)) { IPOINT where = (INS_HasFallThrough(ins)) ? IPOINT_AFTER : IPOINT_TAKEN_BRANCH; INS_InsertCall(ins, where, (AFUNPTR)OnStackChange, IARG_REG_VALUE, REG_STACK_PTR, IARG_THREAD_ID, IARG_CONTEXT, IARG_END); } } VOID OnStackChange(ADDRINT sp, THREADID tid, CONTEXT *ctxt) { size_t size = StackBase - sp; if (size > StackMax) StackMax = size; if (size > StackLimit) { ostringstream os; os << "Stopped: Thread uses " << size << " stack bytes."; PIN_ApplicationBreakpoint(ctxt, tid, FALSE, os.str()); } } Stack Debugger – Implementation 14 Instrumentation Analysis Instrument only instructions that change $SP Call after each instruction

Software & Services Group int main() { […] PIN_AddDebugInterpreter(HandleDebugCommand, 0); } BOOL HandleDebugCommand(const string &cmd, string *result) { if (cmd == "stats") { ostringstream os; os << "Maximum stack usage: " << StackMax << " bytes.\n"; *result = os.str(); return TRUE; } else if (cmd.find("stackbreak ") == 0) { StackLimit = /* parse limit */; ostringstream os; os << "Break when thread uses " << limit << " stack bytes."; *result = os.str(); return TRUE; } return FALSE; // Unknown command } Stack Debugger – Implementation 15

Software & Services Group Visual Studio IDE Extension 16

Software & Services Group Other Debugger Extensions Intel Inspector XE Product –Memory Checker –Thread Checker Intel SDE: Instruction emulation Debug from log file (PinPlay, CGO 2010) Dynamic slicing (Rajiv Gupta, UC Riverside) Cmp$im: Cache simulator Write your own! 17

Software & Services Group Rest of the Talk Introduction / Motivation Example: Using “Stack Debugger” extension Example: Authoring “Stack Debugger” extension Implementing PinADX 18

Software & Services Group Process running under Pin PinADX Architecture 19 Tool Pin Application Debugger PinADX presents “pure” view of application. Hides effect of instrumentation and recompilation. Tool extends debugger via instrumentation. PinADX core GDB or Microsoft Visual Studio 11

Software & Services Group Communication Details 20 Very low level Symbol processing in debugger Expression evaluation in debugger Extension of GDB’s remote debugging protocol Commands Read / write registers, memory Set breakpoints Continue, single-step, stop Notifications Breakpoint triggered Caught signal Application exited Debugger PinADX core Pin

Software & Services Group Communication Details 21 Breakpoint alternatives Insert real INT3 trap instruction Virtualize inside Pin VM See paper for details Commands Read / write registers, memory Set breakpoints Continue, single-step, stop Notifications Breakpoint triggered Caught signal Application exited Debugger PinADX core Pin

Software & Services Group set breakpoint at 4 continue Code CacheOriginal Code Breakpoint 1’ breakpoint notification Execution stops in Pin Waits for GDB to continue BP 2’ 3’ PinADX core Debugger 22

Software & Services Group Code CacheOriginal Code Single Step 1’ step complete notification Debugger Execution stops in Pin Waits for GDB to continue do single-step PinADX core 23

Software & Services Group Thanks Mark Charney – SDE software emulator Andria Pazarloglou – Created VS11 GUI plugin Gregg Miskelly – Microsoft VS11 debugger architect Robert Cohn – Father of Pin 24

Software & Services Group Summary DBI can implement powerful debugger features API allows Pin tools to extend debugger easily Multi-platform –Linux: GDB –Windows: Microsoft Visual Studio 11 (soon) Works with off-the-shelf debuggers 25

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.