Pin
|
Classes | |
struct | PIN_MEM_ACCESS_INFO |
struct | PIN_MULTI_MEM_ACCESS_INFO |
class | IMULTI_ELEMENT_OPERAND |
union | PIN_MEM_TRANS_FLAGS |
class | ISCATTERED_MEMORY_REWRITE |
Macros | |
#define | PIN_FAST_ANALYSIS_CALL |
Typedefs | |
typedef IARGLIST_CLASS * | IARGLIST |
Functions | |
VOID | IARGLIST_AddArguments (IARGLIST args,...) |
IARGLIST | IARGLIST_Alloc () |
VOID | IARGLIST_Free (IARGLIST args) |
Variables | |
const int | MAX_MULTI_MEMOPS = 16 |
See INS_InsertCall.
All argument lists must end with IARG_END. Please see the Examples for further information.
When IARG_CONTEXT is used in probe mode, it is impossible to get certain register values correct. The values in these registers are meaningless when IARG_CONTEXT is used in probe mode:
REG_SEG_GS_BASE
REG_SEG_FS_BASE
REG_INST_G0 - REG_INST_G19
Using IARG_RETURN_REGS, IARG_REG_REFERENCE, IARG_CONST_CONTEXT and IARG_PARTIAL_CONTEXT is not supported in Probe mode.
The IARG_CONTEXT, IARG_CONST_CONTEXT and IARG_PARTIAL_CONTEXT IARG_TYPE cannot be inlined. Using these CONTEXT IARG_TYPE will prevent the analysis routine from being inlined.
#define PIN_FAST_ANALYSIS_CALL |
Use a faster linkage for calls to analysis functions. Add PIN_FAST_ANALYSIS_CALL to the declaration between the return type and the function name. You must also add IARG_FAST_ANALYSIS_CALL to the InsertCall. For example:
@begincode VOID PIN_FAST_ANALYSIS_CALL docount(int j);
INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(docount), IARG_FAST_ANALYSIS_CALL, IARG_UINT32, 3, IARG_END);
You will gain the most benefit from using PIN_FAST_ANALYSIS_CALL if
typedef IARGLIST_CLASS* IARGLIST |
List of IARG_TYPE elements. See IARGLIST_Alloc() for its use.
enum CALL_ORDER |
Predefined values for IARG_CALL_ORDER. Controls the order of analysis call invocations when an instruction has multiple analysis calls. CALL_ORDER_DEFAULT is the default call order when IARG_CALL_ORDER is not specified. You can use integral values relative to the predefined values to have a fine-grained control over the instrumentation order (e.g., CALL_ORDER_DEFAULT + 5, CALL_ORDER_LAST - 10, etc).
Pin guarantees that multiple analysis calls with the same CALL_ORDER on the same instruction, added in the context of the same instrumentation callback (e.g,. INS_INSTRUMENT_CALLBACK), will be invoked according to their insertion order. For all other cases, the invocation order for analysis calls with the same CALL_ORDER on the same instruction depends on the implementation and may change without notice.
Enumerator | |
---|---|
CALL_ORDER_FIRST | Execute this call first. Value is 100. |
CALL_ORDER_DEFAULT | Default when IARG_CALL_ORDER is not specified. Value is 200. |
CALL_ORDER_LAST | Execute this call last. Value is 300. |
enum IARG_TYPE |
Determines the arguments that are passed to the analysis call. All argument lists must end with IARG_END.
Enumerator | |
---|---|
IARG_ADDRINT | Type: ADDRINT. Constant value (additional arg required) |
IARG_PTR | Type: "VOID *". Constant value (additional pointer arg required) |
IARG_BOOL | Type: BOOL. Constant (additional BOOL arg required) |
IARG_UINT32 | Type: UINT32. Constant (additional integer arg required) |
IARG_UINT64 | Type: UINT64. Constant (additional UINT64 arg required) |
IARG_INST_PTR | Type: ADDRINT. The address of the instrumented instruction. This value does not change at IPOINT_AFTER. This is simply shorthand for |
IARG_REG_VALUE | Type: ADDRINT for integer registers. Value of a register (additional register arg required) REG: Register Object Basically, this cannot be used to retrieve the value of registers whose size is larger than ADDRINT (e.g. x87 FPU/XMM/YMM/ZMM/opmask) or registers which are not architectural (REG_PIN_*), but there are some exceptions to this rule. |
IARG_REG_REFERENCE | Type: UINT8*. Pointer to buffer holding the content of the requested register. buffer size is the size of the requested register. Register is specified in additional argument. Register is updated back to the relevant application register (Meaning if you change values in the mentioned pointer they will be propagated to the relevant application register). If you're not interested in modifying the register value, but only read its value use IARG_REG_CONST_REFERENCE instead. Not supported in Probe mode or with the Buffering APIs.
|
IARG_REG_CONST_REFERENCE | Type: UINT8*. Pointer to buffer holding the content of the requested register. buffer size is the size of the requested register. Register is specified in additional argument. Registers are not updated back to the relevant application register (Meaning if you change values in the mentioned pointer they will not be propagated to the relevant application register). If you're interested in modifying the register value, use IARG_REG_REFERENCE instead. Not supported with the Buffering APIs.
|
IARG_MEMORYREAD_EA | Type: ADDRINT. Effective address of a memory read, only valid if INS_IsMemoryRead is true and at IPOINT_BEFORE. |
IARG_MEMORYREAD2_EA | Type: ADDRINT. Effective address of a 2nd memory read (e.g. 2nd operand in cmps on ia32), only valid at IPOINT_BEFORE. |
IARG_MEMORYWRITE_EA | Type: ADDRINT. Effective address of a memory write, only valid at IPOINT_BEFORE. |
IARG_MEMORYREAD_SIZE | Type: UINT32. Size in bytes of memory read. This IARG is applicable for all instructions for which INS_hasKnownMemorySize returns TRUE. For other instructions e.g. vgather/vscatter see IARG_MULTI_ELEMENT_OPERAND. For the varying memory size read instruction, XRSTOR, the size is based on the XSAVE area header. If the header indicates compact mode it will provide the compact size. Otherwise it will provide the standard size. The minimum size for the XRSTOR instruction (not including FXRSTOR) is 576 (i.e the XSAVE area size up to and including the header). |
IARG_MEMORYWRITE_SIZE | Type: UINT32. Size in bytes of memory write. This IARG is applicable for all instructions for which INS_hasKnownMemorySize returns TRUE. For other instructions e.g. vgather/vscatter see IARG_MULTI_ELEMENT_OPERAND. For varying size memory write instructions, the supported instructions are the XSAVE family of instructions. For XSAVE, the size of the XSAVE area used is based on user request and supported features in the machine. This will provide the exact size used. For XSAVEOPT, the size is calculated the same as if XSAVE was used. This may provide in some cases an upper bound to the actual used memory. For XSAVEC, in IPOINT_BEFORE the size is calculated based on user request only. This may provide in some cases an upper bound to the actual size. If used in IPOINT_AFTER it will provide the exact compact size as defined in the XSAVE area header. The minimum size for the XSAVE family write instructions (not including FXSAVE) is 576 (i.e the XSAVE area size up to and including the header). |
IARG_MEMORYREAD_PTR | Actual address of the memory access; same as IARG_MEMORYREAD_EA, unless the memory address is translated by MEMORY_ADDR_TRANS_CALLBACK, or the memory operand is rewritten by INS_RewriteMemoryOperand |
IARG_MEMORYREAD2_PTR | Actual address of the memory access; same as IARG_MEMORYREAD2_EA, unless the memory address is translated by MEMORY_ADDR_TRANS_CALLBACK, or the memory operand is rewritten by INS_RewriteMemoryOperand |
IARG_MEMORYWRITE_PTR | Actual address of the memory access. Same as IARG_MEMORYWRITE_EA, unless the memory address is translated by MEMORY_ADDR_TRANS_CALLBACK, or the memory operand is rewritten by INS_RewriteMemoryOperand |
IARG_MEMORYOP_PTR | Actual address of the memory access. Same as IARG_MEMORYOP_EA, unless the memory address is translated by MEMORY_ADDR_TRANS_CALLBACK, or the memory operand is rewritten by INS_RewriteMemoryOperand. |
IARG_MULTI_MEMORYACCESS_EA | Type: PIN_MULTI_MEM_ACCESS_INFO* the addresses read by the various vgather* instructions, Also available for regular memory instructions |
IARG_MULTI_ELEMENT_OPERAND | Type: IMULTI_ELEMENT_OPERAND * . Information about a multi element operand (implemented for IPOINT_BEFORE). The operand index is required as the next argument. |
IARG_REWRITE_SCATTERED_MEMOP | Type: ISCATTERED_MEMORY_REWRITE * . Interface that allows rewriting elemenets addresses for instructions with scattered memory access (implemented for IPOINT_BEFORE). Only valid for instructions where INS_IsValidForIarg for this IARG returns TRUE. |
IARG_EXPLICIT_MEMORY_EA | Type: ADDRINT. Effective address of the explicit memory operand. Useful for instrumenting LEA instructions. |
IARG_BRANCH_TAKEN | Type: BOOL. Non zero if a branch is taken. Argument is invalid for XBEGIN and XEND instructions. |
IARG_BRANCH_TARGET_ADDR | Type: ADDRINT. Target address of branch instruction. |
IARG_FALLTHROUGH_ADDR | Type: ADDRINT. Fall through address of the instrumented object. |
IARG_EXECUTING | Type: BOOL. False if the instruction will not be executed because of predication, otherwise true. |
IARG_FIRST_REP_ITERATION | Type: BOOL. True if INS_HasRealRep(ins) and this the first iteration of the REP sequence, otherwise false.
|
IARG_PREDICATE | Reserved. Do not use. |
IARG_STACK_VALUE | Reserved. Do not use. |
IARG_STACK_REFERENCE | Reserved. Do not use. |
IARG_MEMORY_VALUE | Reserved. IA32(e) only. |
IARG_MEMORY_REFERENCE | Reserved. IA32(e) only. |
IARG_SYSCALL_NUMBER | Type: ADDRINT. System call number. Valid for IPOINT_BEFORE at the system call instruction. |
IARG_SYSARG_REFERENCE | Type: "ADDRINT *". Pointer to system call argument n. Valid for IPOINT_BEFORE at the system call instruction. (First argument number is 0.) |
IARG_SYSARG_VALUE | Type: ADDRINT. System call argument n. Valid for IPOINT_BEFORE at the system call instruction. (First argument number is 0.) |
IARG_SYSRET_VALUE | Type: ADDRINT. System call return value. On Linux and macOS* the value is -1 if the system call failed. (IPOINT_AFTER only) |
IARG_SYSRET_ERRNO | Type: INT32. System call errno (IPOINT_AFTER_only). |
IARG_FUNCARG_CALLSITE_REFERENCE | Type: "ADDRINT *". Pointer to integer argument n. Valid only at the call site. (First argument number is 0.) |
IARG_FUNCARG_CALLSITE_VALUE | Type: ADDRINT. Integer argument n. Valid only at the call site. (First argument number is 0.) |
IARG_FUNCARG_ENTRYPOINT_REFERENCE | Type: "ADDRINT *". Pointer to integer argument n. Valid only at the entry point of a routine. (First argument number is 0.) |
IARG_FUNCARG_ENTRYPOINT_VALUE | Type: ADDRINT. Integer argument n. Valid only at the entry point of a routine. (First argument number is 0.) |
IARG_FUNCRET_EXITPOINT_REFERENCE | Type: "ADDRINT *". Pointer to function result. Valid only at return instruction. |
IARG_FUNCRET_EXITPOINT_VALUE | Type: ADDRINT. Function result. Valid only at return instruction. |
IARG_RETURN_IP | Type: ADDRINT. Return address for function call, valid only at the function entry point. |
IARG_ORIG_FUNCPTR | Type: AFUNPTR. Function pointer to the relocated entry of the original uninstrumented function. |
IARG_PROTOTYPE | Type: PROTO. The function prototype of the application function. See PROTO API. |
IARG_THREAD_ID | Type: THREADID. Application thread id. |
IARG_CONTEXT | Type: Context manipulation API *. Handle to access a context (architectural state). When passed at IPOINT_AFTER or IPOINT_TAKEN_BRANCH, PC points to the next instruction. Upon return from the analysis routine, Pin ignores any changes you've made to the Context manipulation API. If you want to change register values, use IARG_REG_REFERENCE, IARG_RETURN_REGS, or PIN_ExecuteAt. See Probe Mode Considerations for probe mode restrictions. Not supported with the Buffering APIs. |
IARG_CONST_CONTEXT | Type: Context manipulation API *. Like IARG_CONTEXT, but tool receives a read-only Context manipulation API*. PIN_SetContextReg, PIN_SetContextRegval and PIN_SetContextFPState will not work with IARG_CONST_CONTEXT. The overhead of IARG_CONST_CONTEXT is considerably lower than that of IARG_CONTEXT. Tools that need a Context manipulation API* and only read from it should use IARG_CONST_CONTEXT. Tools that need a Context manipulation API* and only occasionally write into it should also use IARG_CONST_CONTEXT (by using PIN_SaveContext() - see below). One example of a tool that needs a Context manipulation API * and only occasionally writes into it, would be an emulator that would need to write into the Context manipulation API * only when an exception occurs, and then raise an exception with the Context manipulation API *. PIN_SaveContext can be used by the tool to get a writable copy of the Context manipulation API *. IARG_CONST_CONTEXT is available only in Jit mode. |
IARG_PARTIAL_CONTEXT | Type: Context manipulation API *. Additional two REGSET * arguments are needed 'inSet' and 'outSet'. Like IARG_CONTEXT, but tool needs to define also which registers set it needs to read (inSet) and which registers set it may write (outSet). PIN_SetContextReg, PIN_SetContextRegval and PIN_SetContextFPState will work only on registers that are in the outSet. These functions will change the actual application registers so there is no need to perform PIN_ExecuteAt as need to be done with IARG_CONTEXT. PIN_GetContextReg, PIN_GetContextRegval and PIN_GetContextFPState will return unexpected values for registers not defined in the 'inSet'. The overhead of IARG_PARTIAL_CONTEXT may lower than that of IARG_CONTEXT as there is no need to perform PIN_ExecuteAt to update registers. Tools that know which application registers are needed to be read should use IARG_PARTIAL_CONTEXT instead of IARG_CONST_CONTEXT. Thus may reduce the overhead as not fully updated context for read need to be provided. Tools that know which application registers are needed to be written other than REG_INST_PTR should use IARG_PARTIAL_CONTEXT instead of combination of IARG_CONTEXT and the use of PIN_ExecuteAt for registers update. If REG_INST_PTR needs to be updated PIN_ExecuteAt still needs to be used. Any updates to a register from the outSet of an IARG_PARTIAL_CONTEXT will be propagated to the application upon return from the analysis routine. Tools that want to update Context manipulation API registers without affecting application registers should use IARG_CONTEXT. IARG_PARTIAL_CONTEXT is available only in Jit mode. |
IARG_PRESERVE | Type: REGSET *. Used to specify registers whose values will be the same upon return from the analysis routine. Should be used to specify caller-saved registers which are preserved by the analysis routine. When a non-inlinable analysis routine preserves caller-saved registers, Pin can avoid generating code to preserve these registers, across the analysis call, if they are specified in the IARG_PRESERVE. e.g. if a non-inlinable analysis routine preserves the values in the x87 registers, then Pin can avoid generating code to preserve these registers, across the analysis call, if REG_X87 is specified in the IARG_PRESERVE e.g. if a non-inlinable analysis routine preserves the values in XMM caller saved registers, then Pin can avoid generating code to preserve these registers, across the analysis call, if those preserved XMM registers are specified in the IARG_PRESERVE IARG_PRESERVE must be followed by a REGSET* that points to the REGSET containing the registers preserved. See the (REGSET_*) functions defined under REG: Register Object for REGSET construction and manipulation. |
IARG_CHECK_INLINE | Type: BOOL. Used to mark analysis routine that is expected to be inlined. If the analysis ruotine is not inlinable and -assert_check_inline has been passed then Pin will assert. |
IARG_RETURN_REGS | Register to write analysis function return value (additional register arg required). Not supported in Probe mode. |
IARG_CALL_ORDER | Type: CALL_ORDER. Determine order of analysis calls. See CALL_ORDER. |
IARG_IARGLIST | Type: IARGLIST. List of IARGS which can be constructed one IARG at a time. |
IARG_FAST_ANALYSIS_CALL | No type: Use a fast linkage to call the analysis function. See PIN_FAST_ANALYSIS_CALL. |
IARG_EXPOSE | Type: REGSET *. The only supported register for now is REG_MXCSR. In case it is not included into the register set then an error is issued. . Upon entry to the analysis routine, the MXCSR physical register value is loaded with the application value. . Upon termination of the routine the physical MXCSR register including the changes are visible by the application. . As a side effect, the analysis routine will never be inlined. IARG_EXPOSE must be followed by a REGSET* that points to the REGSET containing the registers exposed, REG_MXCSR must be included and be the only one. |
IARG_MEMORYOP_EA | Type: ADDRINT. Effective address of a memory op (memory op index is next arg); only valid at IPOINT_BEFORE. |
IARG_MEMORYOP_SIZE | Type: UINT32. Size of a memory op (memory op index is next arg) |
IARG_MEMORYOP_MASKED_ON | Type: BOOL. TRUE if the this memory op (memory op index is next arg) is masked on; only valid at IPOINT_BEFORE. |
IARG_TSC | Type: UINT64. Time Stamp Counter value at the point of entering the analysis call. |
IARG_FILE_NAME | Reserved for internal use only. |
IARG_LINE_NO | Reserved for internal use only. |
IARG_LAST | Reserved for internal use only. |
enum IPOINT |
Determines where the analysis call is inserted relative to the instrumented object. Instrumented object can be: INS, BBL, TRACE, RTN. This is used in instrumentation functions, for example see TRACE_InsertCall().
Enumerator | |
---|---|
IPOINT_BEFORE | Insert a call before the first instruction of the instrumented object. Always valid. |
IPOINT_AFTER | Insert a call on the fall-through path of the last instruction of the instrumented object (if such fall-through exists). |
IPOINT_ANYWHERE | Insert a call anywhere inside the instrumented object. |
IPOINT_TAKEN_BRANCH | Insert a call on the taken edge of control-flow instructions of the instrumented object. |
enum PIN_MEMOP_ENUM |
used in the Type whose address is passed to analysis routine when IARG_MULTI_MEMORYACCESS_EA is requested
Element Access type used in IMULTI_ELEMENT_OPERAND
VOID IARGLIST_AddArguments | ( | IARGLIST | args, |
... | |||
) |
Add an argument to an IARGLIST.
IARGLIST IARGLIST_Alloc | ( | ) |
Allocate a container to hold instrumentation arguments. Pass to *_InsertCall by using IARG_LIST
VOID IARGLIST_Free | ( | IARGLIST | args | ) |
Free a container to hold instrumentation arguments. Pass to *_InsertCall by using IARG_LIST