Why Intel Pin cannot identify the image/routine of some executed instructions?

Question

I am creating a large pintool and I have two questions:

---

The tool (abridged below to the relevant part only) sometimes cannot identify the image/routine for particular executed instructions. Does anybody know when/why can that happen?

---

The tool (when instrumenting a Barnes-Hut benchmark) always terminates with an out-of-memory (OOM) error after running for a while (although the benchmark, when run standalone, completes successfully). Which tools to use to debug/trace the OOM error of Pin-instrumented applications?

int main(int argc, char *argv[])
{
    PIN_InitSymbols();
    if( PIN_Init(argc, argv) )
    {
    return 0;
    }

    INS_AddInstrumentFunction(Instruction, 0);

    PIN_StartProgram();

    return 0;
}

VOID Instruction(INS ins, VOID *v)
{
    INS_InsertPredicatedCall( ins,
    IPOINT_BEFORE, 
    (AFUNPTR) handle_ins_execution,
    IARG_INST_PTR,
    .....);
}


VOID handle_ins_execution (ADDRINT   addr, ...)
{
    PIN_LockClient();
    IMG img = IMG_FindByAddress(addr);
    RTN rtn = RTN_FindByAddress(addr);
    PIN_UnlockClient();
    if( IMG_Valid(img) ) {
    std::cerr << "From Image  : " << IMG_Name( img ) << std::endl;
    } else {
    std::cerr << "From Image  : " << "(UKNOWN)" << std::endl;
    }
    if( RTN_Valid(rtn) ) {
    std::cerr << "From Routine  : " << RTN_Name(rtn) << std::endl;
    } else {
    std::cerr << "From Routine  : " << "(UKNOWN)" << std::endl;
    }
}

Answer 1

I recently asked this on the PinHeads forum, and I'm awaiting a response. What I have read in the documentation is that the IMG_FindByAddress function operates by looking "for each image, check if the address is within the mapped memory region of one of its segments." It may be possible that instructions are executed that are not within the valid ranges.

The best way to know what image it is in for cases like this is to look at the context. My pintool (based on DebugTrace) continues to run even without knowing what image it is in. You can look at the log entries before and after this occurs. I see this all the time in dydl on OSX.