Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pin : Building Customized Program Analysis Tools with Dynamic Instrumentation Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff.

Published byKaiden Pepper Modified over 9 years ago

Similar presentations

Presentation on theme: "Pin : Building Customized Program Analysis Tools with Dynamic Instrumentation Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff."— Presentation transcript:

1 Pin : Building Customized Program Analysis Tools with Dynamic Instrumentation Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, Kim Hazelwood

2 What is Pin ? Dynamic binary instrumentation system. JIT compiler. Pintools for writing instrumentation routines. Rich API for pintools. Call-based model of instrumentation.

3 Design goals Transparency  Application observes same addresses (code/data) and values (register/memory). Ease-of-use  Architecture knowledge not required.  Manual inlining of instrumentation instructions not required.  Manual save/restore of architectural state not required. Portability  Architecture independent API for pintools. Efficiency  Optimized instrumentation. Robustness  Handle binaries with mixed code and data.  Handle variable length instructions. Process attaching/detaching Support instrumentation at instruction/basic block/routine levels.

4 System Overview

5

6 Instrumentation with Pin Attach to process using ptrace. Intercept execution of first/next instruction. Loop until process terminate or detach from process  Generate new code(trace) for straight-line code sequence starting from instruction.  Insert calls to instrumentation routines into jitted trace.  Trace stored in code cache and executed.  Branche(s) in trace transfer control back to Pin.  Repeat starting with branch target instruction.

7 Trace code management Software based cache:  entryIaddr : original instruction address of trace entry.  entrySct: static context of trace. Register bindings. Recent call sites (call stack).  Two traces are compatible if they have same entryIaddr and same entrySct or only register binding differences.  JIT generates new trace only if no compatible trace exists in code cache. Hash table:  Trace entry address.  Trace entry liveness information.

8 Support for multithreaded applications Thread local storage for virtual register spilling. Pin steals physical register(%ebx,%r7) as pointer to spill area. Application is assumed to be single threaded until thread-create syscall is intercepted. Spill area accessed using absolute addressing for single threaded application.

9 Optimized Instrumentation Trace linking Register re-allocation Inlining X86 eflags liveness analysis Instruction scheduling

10 Trace Linking Branch directly from trace exit to target trace. Trivial for direct branches but difficult for indirect branches. Optimization techniques  Target prediction.  Per indirect jump hashtable.  Function cloning for returns using call stack.

11

12 Register re-allocation Obtain registers for JIT without overwriting application’s scratch registers. Interprocedural register allocation. Register liveness analysis. Reconciliation of register bindings.

13

14 Other instrumentation optimizations Inline analysis routines  Avoid call/return to/from bridge routine.  Avoid call/return to/from analysis routine.  Rename caller-save registers, avoid explicit save/restore. x86 eflags liveness analysis  Avoid save/restore of dead eflags. Pintool API (IPOINT_ANYWHERE)  Schedule analysis routine to avoid save/restore of eflags.

15 Experimental Evaluation IA32, EM64T, Itanium, and ARM ports. Instrumentation optimizations. Comparison with Valgrind and DynamoRIO.  Performance without instrumentation.  Performance with basic block counting instrumentation.

16

17

18

19 Sample Pintools Opcodemix.  Determine dynamic mix of opcode of execution.  Useful for architectural and compiler comparison studies. PinPoints.  Automated collection and validation of representative instruction traces.

20 Questions and Discussions

Download ppt "Pin : Building Customized Program Analysis Tools with Dynamic Instrumentation Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff."

Similar presentations

Profiler In software engineering, profiling (program profiling, software profiling) is a form of dynamic program analysis that measures, for example,

Profiler In software engineering, profiling ("program profiling", "software profiling") is a form of dynamic program analysis that measures, for example,
Instrumentation of Linux Programs with Pin Robert Cohn & C-K Luk Platform Technology & Architecture Development Enterprise Platform Group Intel Corporation.

Instrumentation of Linux Programs with Pin Robert Cohn & C-K Luk Platform Technology & Architecture Development Enterprise Platform Group Intel Corporation.
Evaluating Indirect Branch Handling Mechanisms in Software Dynamic Translation Systems Jason D. Hiser, Daniel Williams, Wei Hu, Jack W. Davidson, Jason.

Evaluating Indirect Branch Handling Mechanisms in Software Dynamic Translation Systems Jason D. Hiser, Daniel Williams, Wei Hu, Jack W. Davidson, Jason.
1 Enterprise Platforms Group Pinpointing Representative Portions of Large Intel Itanium Programs with Dynamic Instrumentation Harish Patil, Robert Cohn,

1 Enterprise Platforms Group Pinpointing Representative Portions of Large Intel Itanium Programs with Dynamic Instrumentation Harish Patil, Robert Cohn,
CPE 731 Advanced Computer Architecture Instruction Level Parallelism Part I Dr. Gheith Abandah Adapted from the slides of Prof. David Patterson, University.

CPE 731 Advanced Computer Architecture Instruction Level Parallelism Part I Dr. Gheith Abandah Adapted from the slides of Prof. David Patterson, University.
CSI 3120, Implementing subprograms, page 1 Implementing subprograms The environment in block-structured languages The structure of the activation stack.

CSI 3120, Implementing subprograms, page 1 Implementing subprograms The environment in block-structured languages The structure of the activation stack.
Comprehensive Kernel Instrumentation via Dynamic Binary Translation Peter Feiner, Angela Demke Brown, Ashvin Goel University of Toronto Presenter: Chuong.

Comprehensive Kernel Instrumentation via Dynamic Binary Translation Peter Feiner, Angela Demke Brown, Ashvin Goel University of Toronto Presenter: Chuong.
Limits on ILP. Achieving Parallelism Techniques – Scoreboarding / Tomasulo’s Algorithm – Pipelining – Speculation – Branch Prediction But how much more.

Limits on ILP. Achieving Parallelism Techniques – Scoreboarding / Tomasulo’s Algorithm – Pipelining – Speculation – Branch Prediction But how much more.
SuperPin: Parallelizing Dynamic Instrumentation for Real-Time Performance Steven Wallace and Kim Hazelwood.

SuperPin: Parallelizing Dynamic Instrumentation for Real-Time Performance Steven Wallace and Kim Hazelwood.
The PinPoints Toolkit for Finding Representative Regions of Large Programs Harish Patil Platform Technology & Architecture Development Enterprise Platform.

The PinPoints Toolkit for Finding Representative Regions of Large Programs Harish Patil Platform Technology & Architecture Development Enterprise Platform.
Chapter 9 Subprogram Control Consider program as a tree- –Each parent calls (transfers control to) child –Parent resumes when child completes –Copy rule.

Chapter 9 Subprogram Control Consider program as a tree- –Each parent calls (transfers control to) child –Parent resumes when child completes –Copy rule.
Intermediate code generation. Code Generation Create linear representation of program Result can be machine code, assembly code, code for an abstract.

Intermediate code generation. Code Generation Create linear representation of program Result can be machine code, assembly code, code for an abstract.
1 Storage Registers vs. memory Access to registers is much faster than access to memory Goal: store as much data as possible in registers Limitations/considerations:

1 Storage Registers vs. memory Access to registers is much faster than access to memory Goal: store as much data as possible in registers Limitations/considerations:
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
1 Handling nested procedures Method 1 : static (access) links –Reference to the frame of the lexically enclosing procedure –Static chains of such links.

1 Handling nested procedures Method 1 : static (access) links –Reference to the frame of the lexically enclosing procedure –Static chains of such links.
Cpeg421-08S/final-review1 Course Review Tom St. John.

Cpeg421-08S/final-review1 Course Review Tom St. John.
EECC722 - Shaaban #1 Lec # 10 Fall2000 10-25-2000 Conventional & Block-based Trace Caches In high performance superscalar processors the instruction fetch.

EECC722 - Shaaban #1 Lec # 10 Fall Conventional & Block-based Trace Caches In high performance superscalar processors the instruction fetch.
Run time vs. Compile time

Run time vs. Compile time
San Diego Supercomputer Center Performance Modeling and Characterization Lab PMaC Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation.

San Diego Supercomputer Center Performance Modeling and Characterization Lab PMaC Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation.
PZ09A Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ09A - Activation records Programming Language Design.

PZ09A Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ09A - Activation records Programming Language Design.

Similar presentations

Ads by Google