1 /* Copyright (c) 2007-2014. The SimGrid Team.
2 * All rights reserved. */
4 /* This program is free software; you can redistribute it and/or modify it
5 * under the terms of the license (GNU LGPL) which comes with this package. */
10 #include "simgrid_config.h"
16 #include <elfutils/libdw.h>
19 #include "mc/datatypes.h"
21 #include "xbt/config.h"
22 #include "xbt/function_types.h"
23 #include "xbt/mmalloc.h"
24 #include "../simix/smx_private.h"
25 #include "../xbt/mmalloc/mmprivate.h"
26 #include "xbt/automaton.h"
29 #include "msg/datatypes.h"
30 #include "xbt/strbuff.h"
31 #include "xbt/parmap.h"
34 typedef struct s_dw_frame s_dw_frame_t, *dw_frame_t;
35 typedef struct s_mc_function_index_item s_mc_function_index_item_t, *mc_function_index_item_t;
37 /****************************** Snapshots ***********************************/
39 #define NB_REGIONS 3 /* binary data (data + BSS) (type = 2), libsimgrid data (data + BSS) (type = 1), std_heap (type = 0)*/
41 typedef struct s_mc_mem_region{
46 // Size of the data region:
48 // For per-page snapshots, this is an array to the number of
50 } s_mc_mem_region_t, *mc_mem_region_t;
52 static inline bool mc_region_contain(mc_mem_region_t region, void* p)
54 return p >= region->start_addr &&
55 p < (void*)((char*) region->start_addr + region->size);
60 * Some parts of the snapshot are ignored by zeroing them out: the real
61 * values is stored here.
63 typedef struct s_mc_snapshot_ignored_data {
67 } s_mc_snapshot_ignored_data_t, *mc_snapshot_ignored_data_t;
69 typedef struct s_mc_snapshot{
70 size_t heap_bytes_used;
71 mc_mem_region_t regions[NB_REGIONS];
72 xbt_dynar_t enabled_processes;
73 mc_mem_region_t* privatization_regions;
74 int privatization_index;
77 xbt_dynar_t to_ignore;
79 xbt_dynar_t ignored_data;
80 } s_mc_snapshot_t, *mc_snapshot_t;
82 mc_mem_region_t mc_get_snapshot_region(void* addr, mc_snapshot_t snapshot);
84 static inline mc_mem_region_t mc_get_region_hinted(void* addr, mc_snapshot_t snapshot, mc_mem_region_t region)
86 if (mc_region_contain(region, addr))
89 return mc_get_snapshot_region(addr, snapshot);
92 /** Information about a given stack frame
95 typedef struct s_mc_stack_frame {
96 /** Instruction pointer */
100 unw_word_t frame_base;
103 unw_cursor_t unw_cursor;
104 } s_mc_stack_frame_t, *mc_stack_frame_t;
106 typedef struct s_mc_snapshot_stack{
107 xbt_dynar_t local_variables;
108 xbt_dynar_t stack_frames; // mc_stack_frame_t
109 }s_mc_snapshot_stack_t, *mc_snapshot_stack_t;
111 typedef struct s_mc_global_t{
112 mc_snapshot_t snapshot;
116 int initial_communications_pattern_done;
117 int comm_deterministic;
118 int send_deterministic;
119 }s_mc_global_t, *mc_global_t;
121 typedef struct s_mc_checkpoint_ignore_region{
124 }s_mc_checkpoint_ignore_region_t, *mc_checkpoint_ignore_region_t;
128 static void* mc_snapshot_get_heap_end(mc_snapshot_t snapshot);
130 mc_snapshot_t SIMIX_pre_mc_snapshot(smx_simcall_t simcall);
131 mc_snapshot_t MC_take_snapshot(int num_state);
132 void MC_restore_snapshot(mc_snapshot_t);
133 void MC_free_snapshot(mc_snapshot_t);
135 int mc_important_snapshot(mc_snapshot_t snapshot);
137 size_t* mc_take_page_snapshot_region(void* data, size_t page_count, uint64_t* pagemap, size_t* reference_pages);
138 void mc_free_page_snapshot_region(size_t* pagenos, size_t page_count);
139 void mc_restore_page_snapshot_region(mc_mem_region_t region, size_t page_count, uint64_t* pagemap, mc_mem_region_t reference_region);
141 mc_mem_region_t mc_region_new_sparse(int type, void *start_addr, size_t size, mc_mem_region_t ref_reg);
142 void mc_region_restore_sparse(mc_mem_region_t reg, mc_mem_region_t ref_reg);
143 void mc_softdirty_reset();
145 typedef struct s_mc_pages_store s_mc_pages_store_t, * mc_pages_store_t;
146 mc_pages_store_t mc_pages_store_new();
147 const void* mc_page_store_get_page(mc_pages_store_t page_store, size_t pageno);
149 static inline bool mc_snapshot_region_linear(mc_mem_region_t region) {
150 return !region || !region->data;
153 void* mc_snapshot_read_region(void* addr, mc_mem_region_t region, void* target, size_t size);
154 void* mc_snapshot_read(void* addr, mc_snapshot_t snapshot, void* target, size_t size);
155 int mc_snapshot_region_memcp(
156 void* addr1, mc_mem_region_t region1,
157 void* addr2, mc_mem_region_t region2, size_t size);
158 int mc_snapshot_memcp(
159 void* addr1, mc_snapshot_t snapshot1,
160 void* addr2, mc_snapshot_t snapshot2, size_t size);
162 static void* mc_snapshot_read_pointer(void* addr, mc_snapshot_t snapshot);
164 /** @brief State of the model-checker (global variables for the model checker)
166 * Each part of the state of the model chercker represented as a global
167 * variable prevents some sharing between snapshots and must be ignored.
168 * By moving as much state as possible in this structure allocated
169 * on the model-chercker heap, we avoid those issues.
171 typedef struct s_mc_model_checker {
172 // This is the parent snapshot of the current state:
173 mc_snapshot_t parent_snapshot;
174 mc_pages_store_t pages;
177 } s_mc_model_checker_t, *mc_model_checker_t;
179 extern mc_model_checker_t mc_model_checker;
181 void* mc_translate_address_region(uintptr_t addr, mc_mem_region_t region);
183 /** \brief Translate a pointer from process address space to snapshot address space
185 * The address space contains snapshot of the main/application memory:
186 * this function finds the address in a given snaphot for a given
187 * real/application address.
189 * For read only memory regions and other regions which are not int the
190 * snapshot, the address is not changed.
192 * \param addr Application address
193 * \param snapshot The snapshot of interest (if NULL no translation is done)
194 * \return Translated address in the snapshot address space
196 void* mc_translate_address(uintptr_t addr, mc_snapshot_t snapshot);
198 extern xbt_dynar_t mc_checkpoint_ignore;
200 /********************************* MC Global **********************************/
202 extern double *mc_time;
203 extern FILE *dot_output;
204 extern const char* colors[13];
205 extern xbt_parmap_t parmap;
207 extern int user_max_depth_reached;
209 int MC_deadlock_check(void);
210 void MC_replay(xbt_fifo_t stack, int start);
211 void MC_replay_liveness(xbt_fifo_t stack, int all_stack);
212 void MC_wait_for_requests(void);
213 void MC_show_deadlock(smx_simcall_t req);
214 void MC_show_stack_safety(xbt_fifo_t stack);
215 void MC_dump_stack_safety(xbt_fifo_t stack);
216 int SIMIX_pre_mc_random(smx_simcall_t simcall, int min, int max);
218 extern xbt_fifo_t mc_stack;
219 int get_search_interval(xbt_dynar_t list, void *ref, int *min, int *max);
222 /********************************* Requests ***********************************/
224 int MC_request_depend(smx_simcall_t req1, smx_simcall_t req2);
225 char* MC_request_to_string(smx_simcall_t req, int value);
226 unsigned int MC_request_testany_fail(smx_simcall_t req);
227 /*int MC_waitany_is_enabled_by_comm(smx_req_t req, unsigned int comm);*/
228 int MC_request_is_visible(smx_simcall_t req);
229 int MC_request_is_enabled(smx_simcall_t req);
230 int MC_request_is_enabled_by_idx(smx_simcall_t req, unsigned int idx);
231 int MC_process_is_enabled(smx_process_t process);
232 char *MC_request_get_dot_output(smx_simcall_t req, int value);
235 /******************************** States **************************************/
237 extern mc_global_t initial_global_state;
239 /* Possible exploration status of a process in a state */
241 MC_NOT_INTERLEAVE=0, /* Do not interleave (do not execute) */
242 MC_INTERLEAVE, /* Interleave the process (one or more request) */
243 MC_MORE_INTERLEAVE, /* Interleave twice the process (for mc_random simcall) */
244 MC_DONE /* Already interleaved */
245 } e_mc_process_state_t;
247 /* On every state, each process has an entry of the following type */
248 typedef struct mc_procstate{
249 e_mc_process_state_t state; /* Exploration control information */
250 unsigned int interleave_count; /* Number of times that the process was
252 } s_mc_procstate_t, *mc_procstate_t;
254 /* An exploration state is composed of: */
255 typedef struct mc_state {
256 unsigned long max_pid; /* Maximum pid at state's creation time */
257 mc_procstate_t proc_status; /* State's exploration status by process */
258 s_smx_action_t internal_comm; /* To be referenced by the internal_req */
259 s_smx_simcall_t internal_req; /* Internal translation of request */
260 s_smx_simcall_t executed_req; /* The executed request of the state */
261 int req_num; /* The request number (in the case of a
262 multi-request like waitany ) */
263 mc_snapshot_t system_state; /* Snapshot of system state */
265 } s_mc_state_t, *mc_state_t;
267 mc_state_t MC_state_new(void);
268 void MC_state_delete(mc_state_t state);
269 void MC_state_interleave_process(mc_state_t state, smx_process_t process);
270 unsigned int MC_state_interleave_size(mc_state_t state);
271 int MC_state_process_is_done(mc_state_t state, smx_process_t process);
272 void MC_state_set_executed_request(mc_state_t state, smx_simcall_t req, int value);
273 smx_simcall_t MC_state_get_executed_request(mc_state_t state, int *value);
274 smx_simcall_t MC_state_get_internal_request(mc_state_t state);
275 smx_simcall_t MC_state_get_request(mc_state_t state, int *value);
276 void MC_state_remove_interleave_process(mc_state_t state, smx_process_t process);
279 /****************************** Statistics ************************************/
281 typedef struct mc_stats {
282 unsigned long state_size;
283 unsigned long visited_states;
284 unsigned long visited_pairs;
285 unsigned long expanded_states;
286 unsigned long expanded_pairs;
287 unsigned long executed_transitions;
288 } s_mc_stats_t, *mc_stats_t;
290 extern mc_stats_t mc_stats;
292 void MC_print_statistics(mc_stats_t);
295 /********************************** MEMORY ******************************/
296 /* The possible memory modes for the modelchecker are standard and raw. */
297 /* Normally the system should operate in std, for switching to raw mode */
298 /* you must wrap the code between MC_SET_RAW_MODE and MC_UNSET_RAW_MODE */
300 extern void *std_heap;
301 extern void *mc_heap;
304 /* FIXME: Horrible hack! because the mmalloc library doesn't provide yet of */
305 /* an API to query about the status of a heap, we simply call mmstats and */
306 /* because I now how does structure looks like, then I redefine it here */
308 /* struct mstats { */
309 /* size_t bytes_total; /\* Total size of the heap. *\/ */
310 /* size_t chunks_used; /\* Chunks allocated by the user. *\/ */
311 /* size_t bytes_used; /\* Byte total of user-allocated chunks. *\/ */
312 /* size_t chunks_free; /\* Chunks in the free list. *\/ */
313 /* size_t bytes_free; /\* Byte total of chunks in the free list. *\/ */
316 #define MC_SET_MC_HEAP mmalloc_set_current_heap(mc_heap)
317 #define MC_SET_STD_HEAP mmalloc_set_current_heap(std_heap)
320 /******************************* MEMORY MAPPINGS ***************************/
321 /* These functions and data structures implements a binary interface for */
322 /* the proc maps ascii interface */
324 /* Each field is defined as documented in proc's manual page */
325 typedef struct s_map_region {
327 void *start_addr; /* Start address of the map */
328 void *end_addr; /* End address of the map */
329 int prot; /* Memory protection */
330 int flags; /* Additional memory flags */
331 void *offset; /* Offset in the file/whatever */
332 char dev_major; /* Major of the device */
333 char dev_minor; /* Minor of the device */
334 unsigned long inode; /* Inode in the device */
335 char *pathname; /* Path name of the mapped file */
339 typedef struct s_memory_map {
341 s_map_region_t *regions; /* Pointer to an array of regions */
342 int mapsize; /* Number of regions in the memory */
344 } s_memory_map_t, *memory_map_t;
347 void MC_init_memory_map_info(void);
348 memory_map_t MC_get_memory_map(void);
349 void MC_free_memory_map(memory_map_t map);
351 extern char *libsimgrid_path;
353 /********************************** Snapshot comparison **********************************/
355 typedef struct s_mc_comparison_times{
356 double nb_processes_comparison_time;
357 double bytes_used_comparison_time;
358 double stacks_sizes_comparison_time;
359 double binary_global_variables_comparison_time;
360 double libsimgrid_global_variables_comparison_time;
361 double heap_comparison_time;
362 double stacks_comparison_time;
363 }s_mc_comparison_times_t, *mc_comparison_times_t;
365 extern __thread mc_comparison_times_t mc_comp_times;
366 extern __thread double mc_snapshot_comparison_time;
368 int snapshot_compare(void *state1, void *state2);
369 int SIMIX_pre_mc_compare_snapshots(smx_simcall_t simcall, mc_snapshot_t s1, mc_snapshot_t s2);
370 void print_comparison_times(void);
375 /********************************** Safety verification **************************************/
383 extern e_mc_reduce_t mc_reduce_kind;
384 extern xbt_dict_t first_enabled_state;
386 void MC_pre_modelcheck_safety(void);
387 void MC_modelcheck_safety(void);
389 typedef struct s_mc_visited_state{
390 mc_snapshot_t system_state;
391 size_t heap_bytes_used;
394 int other_num; // dot_output for
395 }s_mc_visited_state_t, *mc_visited_state_t;
397 extern xbt_dynar_t visited_states;
398 int is_visited_state(void);
399 void visited_state_free(mc_visited_state_t state);
400 void visited_state_free_voidp(void *s);
402 /********************************** Liveness verification **************************************/
404 extern xbt_automaton_t _mc_property_automaton;
406 typedef struct s_mc_pair{
409 mc_state_t graph_state; /* System state included */
410 xbt_automaton_state_t automaton_state;
411 xbt_dynar_t atomic_propositions;
413 }s_mc_pair_t, *mc_pair_t;
415 typedef struct s_mc_visited_pair{
417 int other_num; /* Dot output for */
419 mc_state_t graph_state; /* System state included */
420 xbt_automaton_state_t automaton_state;
421 xbt_dynar_t atomic_propositions;
422 size_t heap_bytes_used;
424 int acceptance_removed;
426 }s_mc_visited_pair_t, *mc_visited_pair_t;
428 mc_pair_t MC_pair_new(void);
429 void MC_pair_delete(mc_pair_t);
430 void mc_pair_free_voidp(void *p);
431 mc_visited_pair_t MC_visited_pair_new(int pair_num, xbt_automaton_state_t automaton_state, xbt_dynar_t atomic_propositions);
432 void MC_visited_pair_delete(mc_visited_pair_t p);
434 void MC_pre_modelcheck_liveness(void);
435 void MC_modelcheck_liveness(void);
436 void MC_show_stack_liveness(xbt_fifo_t stack);
437 void MC_dump_stack_liveness(xbt_fifo_t stack);
439 extern xbt_dynar_t visited_pairs;
440 int is_visited_pair(mc_visited_pair_t pair, int pair_num, xbt_automaton_state_t automaton_state, xbt_dynar_t atomic_propositions);
443 /********************************** Variables with DWARF **********************************/
445 #define MC_OBJECT_INFO_EXECUTABLE 1
447 struct s_mc_object_info {
450 char *start_exec, *end_exec; // Executable segment
451 char *start_rw, *end_rw; // Read-write segment
452 char *start_ro, *end_ro; // read-only segment
453 xbt_dict_t subprograms; // xbt_dict_t<origin as hexadecimal string, dw_frame_t>
454 xbt_dynar_t global_variables; // xbt_dynar_t<dw_variable_t>
455 xbt_dict_t types; // xbt_dict_t<origin as hexadecimal string, dw_type_t>
456 xbt_dict_t full_types_by_name; // xbt_dict_t<name, dw_type_t> (full defined type only)
458 // Here we sort the minimal information for an efficient (and cache-efficient)
459 // lookup of a function given an instruction pointer.
460 // The entries are sorted by low_pc and a binary search can be used to look them up.
461 xbt_dynar_t functions_index;
464 mc_object_info_t MC_new_object_info(void);
465 mc_object_info_t MC_find_object_info(memory_map_t maps, char* name, int executable);
466 void MC_free_object_info(mc_object_info_t* p);
468 void MC_dwarf_get_variables(mc_object_info_t info);
469 void MC_dwarf_get_variables_libdw(mc_object_info_t info);
470 const char* MC_dwarf_attrname(int attr);
471 const char* MC_dwarf_tagname(int tag);
473 dw_frame_t MC_find_function_by_ip(void* ip);
474 mc_object_info_t MC_ip_find_object_info(void* ip);
476 extern mc_object_info_t mc_libsimgrid_info;
477 extern mc_object_info_t mc_binary_info;
478 extern mc_object_info_t mc_object_infos[2];
479 extern size_t mc_object_infos_size;
481 void MC_find_object_address(memory_map_t maps, mc_object_info_t result);
482 void MC_post_process_types(mc_object_info_t info);
483 void MC_post_process_object_info(mc_object_info_t info);
487 /** \brief a DWARF expression with optional validity contraints */
488 typedef struct s_mc_expression {
491 // Optional validity:
492 void* lowpc, *highpc;
493 } s_mc_expression_t, *mc_expression_t;
495 /** A location list (list of location expressions) */
496 typedef struct s_mc_location_list {
498 mc_expression_t locations;
499 } s_mc_location_list_t, *mc_location_list_t;
501 uintptr_t mc_dwarf_resolve_location(mc_expression_t expression, mc_object_info_t object_info, unw_cursor_t* c, void* frame_pointer_address, mc_snapshot_t snapshot);
502 uintptr_t mc_dwarf_resolve_locations(mc_location_list_t locations, mc_object_info_t object_info, unw_cursor_t* c, void* frame_pointer_address, mc_snapshot_t snapshot);
504 void mc_dwarf_expression_clear(mc_expression_t expression);
505 void mc_dwarf_expression_init(mc_expression_t expression, size_t len, Dwarf_Op* ops);
507 void mc_dwarf_location_list_clear(mc_location_list_t list);
509 void mc_dwarf_location_list_init_from_expression(mc_location_list_t target, size_t len, Dwarf_Op* ops);
510 void mc_dwarf_location_list_init(mc_location_list_t target, mc_object_info_t info, Dwarf_Die* die, Dwarf_Attribute* attr);
512 // ***** Variables and functions
516 Dwarf_Off id; /* Offset in the section (in hexadecimal form) */
517 char *name; /* Name of the type */
518 int byte_size; /* Size in bytes */
519 int element_count; /* Number of elements for array type */
520 char *dw_type_id; /* DW_AT_type id */
521 xbt_dynar_t members; /* if DW_TAG_structure_type, DW_TAG_class_type, DW_TAG_union_type*/
524 // Location (for members) is either of:
525 struct s_mc_expression location;
528 dw_type_t subtype; // DW_AT_type
529 dw_type_t full_type; // The same (but more complete) type
532 void* mc_member_resolve(const void* base, dw_type_t type, dw_type_t member, mc_snapshot_t snapshot);
534 typedef struct s_dw_variable{
535 Dwarf_Off dwarf_offset; /* Global offset of the field. */
542 s_mc_location_list_t locations;
546 mc_object_info_t object_info;
548 }s_dw_variable_t, *dw_variable_t;
555 s_mc_location_list_t frame_base;
556 xbt_dynar_t /* <dw_variable_t> */ variables; /* Cannot use dict, there may be several variables with the same name (in different lexical blocks)*/
557 unsigned long int id; /* DWARF offset of the subprogram */
558 xbt_dynar_t /* <dw_frame_t> */ scopes;
559 Dwarf_Off abstract_origin_id;
560 mc_object_info_t object_info;
563 struct s_mc_function_index_item {
564 void* low_pc, *high_pc;
568 void mc_frame_free(dw_frame_t freme);
570 void dw_type_free(dw_type_t t);
571 void dw_variable_free(dw_variable_t v);
572 void dw_variable_free_voidp(void *t);
574 void MC_dwarf_register_global_variable(mc_object_info_t info, dw_variable_t variable);
575 void MC_register_variable(mc_object_info_t info, dw_frame_t frame, dw_variable_t variable);
576 void MC_dwarf_register_non_global_variable(mc_object_info_t info, dw_frame_t frame, dw_variable_t variable);
577 void MC_dwarf_register_variable(mc_object_info_t info, dw_frame_t frame, dw_variable_t variable);
579 /** Find the DWARF offset for this ELF object
581 * An offset is applied to address found in DWARF:
584 * <li>for an executable obejct, addresses are virtual address
585 * (there is no offset) i.e. \f$\text{virtual address} = \{dwarf address}\f$;</li>
586 * <li>for a shared object, the addreses are offset from the begining
587 * of the shared object (the base address of the mapped shared
588 * object must be used as offset
589 * i.e. \f$\text{virtual address} = \text{shared object base address}
590 * + \text{dwarf address}\f$.</li>
593 void* MC_object_base_address(mc_object_info_t info);
595 /********************************** DWARF **********************************/
597 #define MC_EXPRESSION_STACK_SIZE 64
599 #define MC_EXPRESSION_OK 0
600 #define MC_EXPRESSION_E_UNSUPPORTED_OPERATION 1
601 #define MC_EXPRESSION_E_STACK_OVERFLOW 2
602 #define MC_EXPRESSION_E_STACK_UNDERFLOW 3
603 #define MC_EXPRESSION_E_MISSING_STACK_CONTEXT 4
604 #define MC_EXPRESSION_E_MISSING_FRAME_BASE 5
605 #define MC_EXPRESSION_E_NO_BASE_ADDRESS 6
607 typedef struct s_mc_expression_state {
608 uintptr_t stack[MC_EXPRESSION_STACK_SIZE];
611 unw_cursor_t* cursor;
613 mc_snapshot_t snapshot;
614 mc_object_info_t object_info;
615 } s_mc_expression_state_t, *mc_expression_state_t;
617 int mc_dwarf_execute_expression(size_t n, const Dwarf_Op* ops, mc_expression_state_t state);
619 void* mc_find_frame_base(dw_frame_t frame, mc_object_info_t object_info, unw_cursor_t* unw_cursor);
621 /********************************** Miscellaneous **********************************/
623 typedef struct s_local_variable{
624 dw_frame_t subprogram;
630 }s_local_variable_t, *local_variable_t;
632 /********************************* Communications pattern ***************************/
634 typedef struct s_mc_comm_pattern{
637 e_smx_comm_type_t type;
638 unsigned long src_proc;
639 unsigned long dst_proc;
640 const char *src_host;
641 const char *dst_host;
645 }s_mc_comm_pattern_t, *mc_comm_pattern_t;
647 extern xbt_dynar_t communications_pattern;
648 extern xbt_dynar_t incomplete_communications_pattern;
650 void get_comm_pattern(xbt_dynar_t communications_pattern, smx_simcall_t request, int call);
651 void complete_comm_pattern(xbt_dynar_t list, smx_action_t comm);
652 void MC_pre_modelcheck_comm_determinism(void);
653 void MC_modelcheck_comm_determinism(void);
655 /* *********** Sets *********** */
657 typedef struct s_mc_address_set *mc_address_set_t;
659 mc_address_set_t mc_address_set_new();
660 void mc_address_set_free(mc_address_set_t* p);
661 void mc_address_add(mc_address_set_t p, const void* value);
662 bool mc_address_test(mc_address_set_t p, const void* value);
664 /* *********** Hash *********** */
666 /** \brief Hash the current state
667 * \param num_state number of states
668 * \param stacks stacks (mc_snapshot_stak_t) used fot the stack unwinding informations
669 * \result resulting hash
671 uint64_t mc_hash_processes_state(int num_state, xbt_dynar_t stacks);
675 inline static void* mc_snapshot_get_heap_end(mc_snapshot_t snapshot) {
677 xbt_die("snapshot is NULL");
678 void** addr = &((xbt_mheap_t)std_heap)->breakval;
679 return mc_snapshot_read_pointer(addr, snapshot);
682 static inline void* mc_snapshot_read_pointer(void* addr, mc_snapshot_t snapshot)
685 return *(void**) mc_snapshot_read(addr, snapshot, &res, sizeof(void*));