Update fd_hash to use the fd itself as the hash value for performance, w/ G & E

Remove args-ovf user program binary, replacing with source for testing

See merge request lab2425_autumn/pintos_22!44

src/examples/Makefile

@@ -4,7 +4,7 @@ SRCDIR = ..
 # To add a new test, put its name on the PROGS list
 # and then add a name_SRC line that lists its source files.
 PROGS = cat cmp cp echo halt hex-dump mcat mcp rm \
-	bubsort insult lineup matmult recursor
+	bubsort insult lineup matmult recursor args-ovf
 
 # Should work from task 2 onward.
 cat_SRC = cat.c
@@ -18,6 +18,7 @@ lineup_SRC = lineup.c
 ls_SRC = ls.c
 recursor_SRC = recursor.c
 rm_SRC = rm.c
+args-ovf_SRC = args-ovf.c
 
 # Should work in task 3; also in task 4 if VM is included.
 bubsort_SRC = bubsort.c

src/tests/userprog/Make.tests

@@ -9,14 +9,14 @@ sc-bad-arg sc-bad-num sc-boundary sc-boundary-2 halt exit create-normal		\
 create-empty create-null create-bad-ptr create-long create-exists	\
 create-bound open-normal open-missing open-boundary open-empty		\
 open-null open-bad-ptr open-twice close-normal close-twice close-stdin	\
-close-stdout close-bad-fd read-normal read-bad-ptr read-boundary	\
+close-stdout close-bad-fd read-normal read-bad-ptr read-bad-buf read-boundary	\
-read-zero read-stdout read-bad-fd write-normal write-bad-ptr		\
+read-zero read-stdout read-bad-fd write-normal write-bad-ptr write-bad-buf	\
 write-boundary write-zero write-stdin write-bad-fd exec-once exec-arg	\
 exec-large-arg exec-multiple exec-missing exec-over-arg exec-over-args \
 exec-bad-ptr wait-simple wait-twice wait-killed wait-load-kill \
 wait-bad-pid wait-bad-child multi-recurse multi-child-fd rox-simple	\
 rox-child rox-multichild bad-read bad-write bad-read2 bad-write2        \
-bad-jump bad-jump2 bad-maths)
+bad-jump bad-jump2 bad-maths overflow-stack)
 
 tests/userprog_PROGS = $(tests/userprog_TESTS) $(addprefix \
 tests/userprog/,child-simple child-args child-bad child-close child-rox exec-exit)
@@ -36,6 +36,7 @@ tests/userprog/bad-read2_SRC = tests/userprog/bad-read2.c tests/main.c
 tests/userprog/bad-write2_SRC = tests/userprog/bad-write2.c tests/main.c
 tests/userprog/bad-jump2_SRC = tests/userprog/bad-jump2.c tests/main.c
 tests/userprog/bad-maths_SRC = tests/userprog/bad-maths.c tests/main.c
+tests/userprog/overflow-stack_SRC = tests/userprog/overflow-stack.c tests/main.c
 tests/userprog/sc-boundary_SRC = tests/userprog/sc-boundary.c	\
 tests/userprog/boundary.c tests/main.c
 tests/userprog/sc-boundary-2_SRC = tests/userprog/sc-boundary-2.c	\
@@ -66,6 +67,7 @@ tests/userprog/close-stdout_SRC = tests/userprog/close-stdout.c tests/main.c
 tests/userprog/close-bad-fd_SRC = tests/userprog/close-bad-fd.c tests/main.c
 tests/userprog/read-normal_SRC = tests/userprog/read-normal.c tests/main.c
 tests/userprog/read-bad-ptr_SRC = tests/userprog/read-bad-ptr.c tests/main.c
+tests/userprog/read-bad-buf_SRC = tests/userprog/read-bad-buf.c tests/main.c
 tests/userprog/read-boundary_SRC = tests/userprog/read-boundary.c	\
 tests/userprog/boundary.c tests/main.c
 tests/userprog/read-zero_SRC = tests/userprog/read-zero.c tests/main.c
@@ -73,6 +75,7 @@ tests/userprog/read-stdout_SRC = tests/userprog/read-stdout.c tests/main.c
 tests/userprog/read-bad-fd_SRC = tests/userprog/read-bad-fd.c tests/main.c
 tests/userprog/write-normal_SRC = tests/userprog/write-normal.c tests/main.c
 tests/userprog/write-bad-ptr_SRC = tests/userprog/write-bad-ptr.c tests/main.c
+tests/userprog/write-bad-buf_SRC = tests/userprog/write-bad-buf.c tests/main.c
 tests/userprog/write-boundary_SRC = tests/userprog/write-boundary.c	\
 tests/userprog/boundary.c tests/main.c
 tests/userprog/write-zero_SRC = tests/userprog/write-zero.c tests/main.c
@@ -122,10 +125,12 @@ tests/userprog/close-normal_PUTFILES += tests/userprog/sample.txt
 tests/userprog/close-twice_PUTFILES += tests/userprog/sample.txt
 tests/userprog/read-normal_PUTFILES += tests/userprog/sample.txt
 tests/userprog/read-bad-ptr_PUTFILES += tests/userprog/sample.txt
+tests/userprog/read-bad-buf_PUTFILES += tests/userprog/sample.txt
 tests/userprog/read-boundary_PUTFILES += tests/userprog/sample.txt
 tests/userprog/read-zero_PUTFILES += tests/userprog/sample.txt
 tests/userprog/write-normal_PUTFILES += tests/userprog/sample.txt
 tests/userprog/write-bad-ptr_PUTFILES += tests/userprog/sample.txt
+tests/userprog/write-bad-buf_PUTFILES += tests/userprog/sample.txt
 tests/userprog/write-boundary_PUTFILES += tests/userprog/sample.txt
 tests/userprog/write-zero_PUTFILES += tests/userprog/sample.txt
 tests/userprog/multi-child-fd_PUTFILES += tests/userprog/sample.txt

src/tests/userprog/Rubric.robustnessCR

@@ -1,5 +1,9 @@
-Full robustness of argument passing code:
+Full robustness of argument passing and syscall handling code:
-- Test user stack overflow robustness of "exec" system calls.
+- Test user stack overflow robustness of "exec" system calls and user code.
 5	exec-over-arg
 5	exec-over-args
+5	overflow-stack
 
+- Test syscall user provided buffer validity checks.
+5	read-bad-buf
+5	write-bad-buf

src/tests/userprog/exec-bad-ptr.ck

@@ -2,11 +2,7 @@
 use strict;
 use warnings;
 use tests::tests;
-check_expected ([<<'EOF', <<'EOF']);
+check_expected ([<<'EOF']);
-(exec-bad-ptr) begin
-(exec-bad-ptr) end
-exec-bad-ptr: exit(0)
-EOF
 (exec-bad-ptr) begin
 exec-bad-ptr: exit(-1)
 EOF

src/tests/userprog/open-bad-ptr.ck

@@ -2,11 +2,7 @@
 use strict;
 use warnings;
 use tests::tests;
-check_expected ([<<'EOF', <<'EOF']);
+check_expected ([<<'EOF']);
-(open-bad-ptr) begin
-(open-bad-ptr) end
-open-bad-ptr: exit(0)
-EOF
 (open-bad-ptr) begin
 open-bad-ptr: exit(-1)
 EOF

src/tests/userprog/overflow-stack.c

@@ -0,0 +1,17 @@
+/* Attempt to overflow the user stack by allocating a 4kB buffer and writing into it.
+   The process must be terminated with -1 exit code until stack growth has been implemented in Task 3
+*/
+
+#include <string.h>
+#include <syscall.h>
+#include "tests/lib.h"
+#include "tests/main.h"
+
+void
+test_main (void)
+{
+  char stack_obj[4096];
+  memset (stack_obj, 'a', sizeof stack_obj);
+  memset (stack_obj+10, '\0', 1);
+  msg ("buffer: %s", stack_obj);
+}

src/tests/userprog/overflow-stack.ck

@@ -0,0 +1,14 @@
+# -*- perl -*-
+use strict;
+use warnings;
+use tests::tests;
+check_expected (IGNORE_USER_FAULTS => 1, [<<'EOF',<<'EOF']);
+(overflow-stack) begin
+overflow-stack: exit(-1)
+EOF
+(overflow-stack) begin
+(overflow-stack) buffer: aaaaaaaaaa
+(overflow-stack) end
+overflow-stack: exit(0)
+EOF
+pass;

src/tests/userprog/read-bad-buf.c

@@ -0,0 +1,17 @@
+/* Passes a buffer to the read system call that starts in valid memory, but runs into kernel space.
+   The process must be terminated with -1 exit code.
+*/
+
+#include <syscall.h>
+#include "tests/lib.h"
+#include "tests/main.h"
+
+void
+test_main (void)
+{
+  int handle;
+  CHECK ((handle = open ("sample.txt")) > 1, "open \"sample.txt\"");
+
+  read (handle, (char *) 0xbfffffe0, 100);
+  fail ("should not have survived read()");
+}

src/tests/userprog/read-bad-buf.ck

@@ -0,0 +1,10 @@
+# -*- perl -*-
+use strict;
+use warnings;
+use tests::tests;
+check_expected (IGNORE_KERNEL_FAULTS => 1, [<<'EOF']);
+(read-bad-buf) begin
+(read-bad-buf) open "sample.txt"
+read-bad-buf: exit(-1)
+EOF
+pass;

src/tests/userprog/read-bad-ptr.ck

@@ -2,12 +2,7 @@
 use strict;
 use warnings;
 use tests::tests;
-check_expected ([<<'EOF', <<'EOF']);
+check_expected ([<<'EOF']);
-(read-bad-ptr) begin
-(read-bad-ptr) open "sample.txt"
-(read-bad-ptr) end
-read-bad-ptr: exit(0)
-EOF
 (read-bad-ptr) begin
 (read-bad-ptr) open "sample.txt"
 read-bad-ptr: exit(-1)

src/tests/userprog/write-bad-buf.c

@@ -0,0 +1,17 @@
+/* Passes a buffer to the write system call that starts in valid memory, but runs into kernel space.
+   The process must be terminated with -1 exit code.
+*/
+
+#include <syscall.h>
+#include "tests/lib.h"
+#include "tests/main.h"
+
+void
+test_main (void)
+{
+  int handle;
+  CHECK ((handle = open ("sample.txt")) > 1, "open \"sample.txt\"");
+
+  write (handle, (char *) 0xbffffff0, 32);
+  fail ("should have exited with -1");
+}

src/tests/userprog/write-bad-buf.ck

@@ -0,0 +1,10 @@
+# -*- perl -*-
+use strict;
+use warnings;
+use tests::tests;
+check_expected (IGNORE_KERNEL_FAULTS => 1, [<<'EOF']);
+(write-bad-buf) begin
+(write-bad-buf) open "sample.txt"
+write-bad-buf: exit(-1)
+EOF
+pass;

src/tests/userprog/write-bad-ptr.ck

@@ -2,12 +2,7 @@
 use strict;
 use warnings;
 use tests::tests;
-check_expected ([<<'EOF', <<'EOF']);
+check_expected ([<<'EOF']);
-(write-bad-ptr) begin
-(write-bad-ptr) open "sample.txt"
-(write-bad-ptr) end
-write-bad-ptr: exit(0)
-EOF
 (write-bad-ptr) begin
 (write-bad-ptr) open "sample.txt"
 write-bad-ptr: exit(-1)

src/threads/synch.c

@@ -119,14 +119,14 @@ sema_up (struct semaphore *sema)
 
   old_level = intr_disable ();
   if (!list_empty (&sema->waiters))
-  {
+    {
-    /* Enforces wake-up of the highest priority thread waiting for the
+      /* Enforces wake-up of the highest priority thread waiting for the
-       semaphore. */
+         semaphore. */
-    struct list_elem *e = list_max (&sema->waiters, priority_less, NULL);
+      struct list_elem *e = list_max (&sema->waiters, priority_less, NULL);
-    list_remove (e);
+      list_remove (e);
-    thread_unblock (list_entry (e, struct thread, elem));
+      thread_unblock (list_entry (e, struct thread, elem));
-    thread_unblocked = true;
+      thread_unblocked = true;
-  }
+    }
   sema->value++;
   intr_set_level (old_level);
 
@@ -134,12 +134,12 @@ sema_up (struct semaphore *sema)
      priority that the current running thread, including the case when called
      within an interrupt handler. */
   if (thread_unblocked)
-  {
+    {
-    if (intr_context ())
+      if (intr_context ())
-      intr_yield_on_return ();
+        intr_yield_on_return ();
-    else
+      else
-      thread_yield ();
+        thread_yield ();
-  }
+    }
 }
 
 static void sema_test_helper (void *sema_);
@@ -212,6 +212,7 @@ donate_priority (struct thread *donee) {
   ASSERT (intr_get_level () == INTR_OFF);
 
   struct thread *donor = thread_current ();
+  list_remove (&donor->donor_elem);
   list_push_back (&donee->donors_list, &donor->donor_elem);
   
   while (donee != NULL)
@@ -260,6 +261,7 @@ lock_acquire (struct lock *lock)
   ASSERT (!lock_held_by_current_thread (lock));
 
   struct thread *t = thread_current ();
+  ASSERT (t->waiting_lock == NULL);
 
   enum intr_level old_level = intr_disable ();
   if (lock->holder != NULL)
@@ -341,7 +343,6 @@ lock_release (struct lock *lock)
      released, transfer the remaining orphaned donors to its donor list. */
   if (max_donor != NULL)
     {
-      list_remove (&max_donor->donor_elem);
       while (!list_empty (&orphan_list))
         list_push_back (&max_donor->donors_list, list_pop_front (&orphan_list));
     }

src/threads/thread.c

@@ -373,7 +373,9 @@ thread_exit (void)
      and schedule another process.  That process will destroy us
      when it calls thread_schedule_tail(). */
   intr_disable ();
-  list_remove (&thread_current()->allelem);
+  struct thread *t = thread_current ();
+  list_remove (&t->allelem);
+  list_remove (&t->donor_elem);
   thread_current ()->status = THREAD_DYING;
   schedule ();
   NOT_REACHED ();
@@ -679,12 +681,14 @@ init_thread (struct thread *t, const char *name, int nice, int priority,
   t->base_priority
       = thread_mlfqs ? calculate_bsd_priority (recent_cpu, nice) : priority;
   list_init (&t->donors_list);
+  list_push_back (&t->donors_list, &t->donor_elem);
   t->waiting_lock = NULL;
 
   t->nice = nice;
   t->recent_cpu = recent_cpu;
   t->priority = t->base_priority;
 
+  t->fd_counter = MINIMUM_USER_FD;
   t->exit_status = -1;
   list_init (&t->child_results);
 

src/threads/thread.h

@@ -32,6 +32,9 @@ typedef int tid_t;
 #define NICE_DEFAULT 0 /* Default niceness. */
 #define NICE_MAX 20    /* Highest niceness. */
 
+/* File Descriptors. */
+#define MINIMUM_USER_FD 2 /* Minimum file descriptor for user programs. */
+
 /* A process result, synchronised between parent and child. */
 struct process_result
 {
@@ -137,7 +140,9 @@ struct thread
 #ifdef USERPROG
     /* Owned by userprog/process.c. */
     uint32_t *pagedir;                  /* Page directory. */
-    struct hash open_files;             /* Hash Table of FD -> Struct File */
+    unsigned int fd_counter;            /* File descriptor counter for thread's
+                                           open files. */
+    struct hash open_files;             /* Hash Table of FD -> Struct File. */
 #endif
 
     /* Owned by thread.c. */

src/userprog/process.c

@@ -8,6 +8,7 @@
 #include <string.h>
 #include "userprog/gdt.h"
 #include "userprog/pagedir.h"
+#include "userprog/syscall.h"
 #include "userprog/tss.h"
 #include "filesys/directory.h"
 #include "filesys/file.h"
@@ -27,6 +28,10 @@
    (for the purposes of alignment). */
 #define WORD_SIZE 4
 
+/* Defines non-negative integer division wherein the result is always rounded
+   up. */
+#define DIV_CEIL(x, y) ((x + (y - 1)) / y)
+
 /* Keeps track of the position of pointers to user program arguments
    within a linked list. */
 struct arg_elem
@@ -39,13 +44,14 @@ struct arg_elem
    that executes process_start for the purpose of starting a user process. */
 struct process_start_data
   {
-    char *cmd; /* Pointer to a copy of the command used to execute the process.
-                  Allocated a page that must be freed by process_start. */
     char *cmd_saveptr; /* Value pointed to by 'saveptr' argument used by
                           successive calls to strtok_r to split 'cmd' into
                           tokens while maintaining state. */
     char file_name[FNAME_MAX_LEN + 1]; /* Name of the file of the process to
                                       be started. */
+    bool success; /* Indicates whether the process was successfully loaded. */
+    struct semaphore loaded; /* Semaphore used to signal that the process has
+                                finished attempting to load. */
   };
 
 static thread_func start_process NO_RETURN;
@@ -60,12 +66,7 @@ process_execute (const char *cmd)
 {
   char *cmd_copy;
   tid_t tid;
-  
+  struct process_start_data data;
-  struct process_start_data *data = malloc (sizeof (struct process_start_data));
-  if (data == NULL)
-    {
-      return TID_ERROR;
-    }
 
   /* Make a copy of command.
      Otherwise there's a race between the caller and load(). */
@@ -79,17 +80,34 @@ process_execute (const char *cmd)
 
   /* Retrieve first argument of command, which is the file name
      of the process. */
-  char *file_name = strtok_r (cmd_copy, " ", &data->cmd_saveptr);
+  char *file_name = strtok_r (cmd_copy, " ", &data.cmd_saveptr);
+
+  /* Validates that the current file to be executed can be opened/exists. */
+  lock_acquire (&filesys_lock);
+  struct file *file = filesys_open (file_name);
+  lock_release (&filesys_lock);
+  if (file == NULL)
+    return TID_ERROR;
 
   /* Create a new thread to execute the command, by initializing
      it running the function 'start_process' with the appropriate
      arguments. For details of arguments, see 'start_process'. */
-  data->cmd = cmd_copy;
+  strlcpy (data.file_name, file_name, FNAME_MAX_LEN + 1);
-  strlcpy (data->file_name, file_name, FNAME_MAX_LEN + 1);
+  sema_init (&data.loaded, 0);
+  data.success = false;
 
-  tid = thread_create (file_name, PRI_DEFAULT, start_process, data);
+  tid = thread_create (file_name, PRI_DEFAULT, start_process, &data);
-  if (tid == TID_ERROR)
+
-    palloc_free_page (cmd_copy); 
+  /* Wait until process file has finished attempting to load via the child
+     thread before reporting success of starting execution. */
+  if (tid != TID_ERROR)
+    {
+      sema_down (&data.loaded);
+      if (!data.success)
+        tid = TID_ERROR;
+    }
+
+  palloc_free_page (cmd_copy);
   return tid;
 }
 
@@ -101,14 +119,15 @@ static void *push_to_stack (void **esp, void *data, size_t data_size);
 /* Make the current thread execute 'cmd', passing in a copy of the
    command string used for processing, the saveptr used by strtok_r
    (in order to further tokenize the same command and retrieve its
-   arguments), as well as the name of the file being executed. This
+   arguments), the name of the file being executed, and a semaphore that
-   involves loading the specified file and starting it running. */
+   calls sema_up to indicate that the 'success' variable passed to it
+   has been updated to indicate whether the process file loading succeeded. 
+   This involves loading the specified file and calling its main () function
+   with the specified command arguments. */
 static void
 start_process (void *proc_start_data)
 {
   struct intr_frame if_;
-  bool success;
-
   struct process_start_data *data = proc_start_data;
 
   /* Initialize interrupt frame and load executable. */
@@ -116,33 +135,46 @@ start_process (void *proc_start_data)
   if_.gs = if_.fs = if_.es = if_.ds = if_.ss = SEL_UDSEG;
   if_.cs = SEL_UCSEG;
   if_.eflags = FLAG_IF | FLAG_MBS;
-  success = load (data->file_name, &if_.eip, &if_.esp);
 
-  /* If load failed, quit. */
+  /* Acquire the file system lock to prevent race conditions. */
-  if (!success) 
+  lock_acquire (&filesys_lock);
-    {
-      palloc_free_page (data->cmd);
-      goto fail;
-    }
 
-  /* Initialize user process stack and free page used to store the
-     command that executed the process. */
-  success = process_init_stack (data->cmd_saveptr, &if_.esp, data->file_name);
-  palloc_free_page (data->cmd);
-  
-  /* If stack initialization failed, free resources and quit. */
-  if (!success)
-    {
-      process_exit ();
-      goto fail;
-    }
-
-  /* NOTE: Currently, the file being executed is closed in load () and then 
-           reopened here. Because load is an exported public function, this
-           might be necessary. */
   struct file *exec_file = filesys_open (data->file_name);
-  thread_current ()->exec_file = exec_file;
+  if (exec_file == NULL)
+    {
+      /* If the executable file cannot be opened, free resources and quit. */
+      lock_release (&filesys_lock);
+      sema_up (&data->loaded);
+      thread_exit ();
+    }
+
+  /* Deny write to the executable file to prevent writing to it and release the
+     file system lock. */
   file_deny_write (exec_file);
+  lock_release (&filesys_lock);
+
+  thread_current ()->exec_file = exec_file;
+
+  /* Load the ELF executable file, and store the success of the operation in
+     the 'success' variable in data. */
+  data->success = load (data->file_name, &if_.eip, &if_.esp);
+
+  /* If load was sucessful, initialize user process stack and free page used
+ to store the command that executed the process. */
+  if (data->success)
+    {
+      data->success =
+        process_init_stack (data->cmd_saveptr, &if_.esp, data->file_name);
+    }
+
+  /* Signal that the process has finished attempting to load. */
+  bool success = data->success;
+  sema_up (&data->loaded);
+  
+  /* If the load was unsuccessful or if it was but the stack initialization
+     failed, exit the thread. */
+  if (!success)
+      thread_exit ();
 
   /* Start the user process by simulating a return from an
      interrupt, implemented by intr_exit (in
@@ -152,11 +184,6 @@ start_process (void *proc_start_data)
      and jump to it. */
   asm volatile ("movl %0, %%esp; jmp intr_exit" : : "g" (&if_) : "memory");
   NOT_REACHED ();
-
-/* If starting the process failed, free its common resources and exit. */
- fail:
-  free (data);
-  thread_exit ();
 }
 
 /* Helper function that initializes the stack of a newly created 
@@ -164,6 +191,10 @@ start_process (void *proc_start_data)
 static bool
 process_init_stack (char *cmd_saveptr, void **esp, char *file_name)
   {
+    ASSERT (cmd_saveptr != NULL);
+    ASSERT (esp != NULL);
+    ASSERT (file_name != NULL);
+
     /* Load command line argument *data* to user process stack.
        This can't cause overflow due to enforcing that the size of
        command line input must fit in a page. Also keep track
@@ -175,8 +206,12 @@ process_init_stack (char *cmd_saveptr, void **esp, char *file_name)
     int arg_count = 0;
     while (arg != NULL)
       {
+        /* filename has already been validated to be a safe-to-access string,
+           so we can safely use strlen here. Filename has already been
+           split from the command line arguments. */
         push_to_stack (esp, arg, (strlen (arg) + 1) * sizeof (char));
-        
+
+        /* Try to allocate memory for the argument pointer. */
         struct arg_elem *arg_elem = malloc (sizeof (struct arg_elem));
         if (arg_elem == NULL)
           {
@@ -185,9 +220,11 @@ process_init_stack (char *cmd_saveptr, void **esp, char *file_name)
             return false;
           }
 
+        /* Store the argument pointer in the linked list. */
         arg_elem->arg = *esp;
         list_push_front (&arg_list, &arg_elem->elem);
 
+        /* Increment the argument count and get the next argument. */
         arg_count++;
         arg = strtok_r (NULL, " ", &cmd_saveptr);
       }
@@ -203,13 +240,22 @@ process_init_stack (char *cmd_saveptr, void **esp, char *file_name)
                             + return_addr_size;
 
     /* If pushing the rest of the data required for the stack would cause
-       overflow, allocate an extra page that is contiguous within the
+       overflow, allocate as many extra pages as needed to the user process
-       virtual address space (below the current address range). */ 
+       contiguously in the virtual address space below the initial page. */
-    if (PHYS_BASE - *esp + remaining_size > PGSIZE)
+    int overflow_bytes = (PHYS_BASE - *esp) + remaining_size - PGSIZE;
+    if (overflow_bytes > 0)
       {
-        uint8_t *kpage = palloc_get_page (PAL_USER | PAL_ZERO);
+        /* Calculate the number of pages needed to allocate. */
-        if (!install_page (((uint8_t *) PHYS_BASE) - PGSIZE * 2, kpage, true))
+        int pages_needed = DIV_CEIL (overflow_bytes, PGSIZE);
-          return false;
+
+        /* Allocate the pages and map them to the user process. */
+        for (int i = 1; i < pages_needed + 1; i++)
+          {
+            uint8_t *kpage = palloc_get_page (PAL_USER | PAL_ZERO);
+            if (!install_page (((uint8_t *) PHYS_BASE) - PGSIZE * (i + 1),
+                               kpage, true))
+              return false;
+          }
       }
 
     /* Align stack pointer to word size before pushing argv elements for
@@ -267,11 +313,12 @@ push_to_stack (void **esp, void *data, size_t data_size)
  * This function will be implemented in task 2.
  * For now, it does nothing. */
 int
-process_wait (tid_t child_tid UNUSED) 
+process_wait (tid_t child_tid)
 {
   struct process_result *child_result = NULL;
   struct list_elem *e;
   struct thread *cur = thread_current ();
+
   for (e = list_begin (&cur->child_results);
        e != list_end (&cur->child_results); e = list_next (e))
     {
@@ -279,27 +326,40 @@ process_wait (tid_t child_tid UNUSED)
           = list_entry (e, struct process_result, elem);
       if (result->tid == child_tid)
         {
+          /* Found the child process. */
           child_result = result;
           break;
         }
-      /* List is ordered, allowing us to break early. */
+
+      /* List is ordered, allowing us to break early if the child_tid is
+         greater than the current result's tid. */
       else if (result->tid > child_tid)
         break;
     }
+
+  /* If the child process was not found, return -1. */
   if (child_result == NULL)
     return -1;
+
   /* Wait for child to die. */
   sema_down (&child_result->sema);
+
   /* We need lock release in process_exit, so we need to acquire (and possibly
      wait) for it here to ensure we don't free the lock memory before it is
      released in process_exit. */
   lock_acquire (&child_result->lock);
+
   /* To prevent waiting for child twice, remove it from the list.
      No need to use lock since this is the only thread with access to
      the struct process_result now. */
   list_remove (&child_result->elem);
+
+  /* Get the exit status of the child */
   int exit_status = child_result->exit_status;
+
+  /* Release the lock */
   lock_release (&child_result->lock);
+
   free (child_result);
   return exit_status;
 }
@@ -312,7 +372,18 @@ process_exit (void)
   uint32_t *pd;
 
   printf ("%s: exit(%d)\n", cur->name, cur->exit_status);
-  file_close (cur->exec_file);
+
+  /* Clean up all open files */
+  hash_destroy (&cur->open_files, fd_cleanup);
+
+  /* Close the executable file, implicitly allowing it to be written to. */
+  if (cur->exec_file != NULL)
+    {
+      /* Acquire the file system lock to prevent race conditions. */
+      lock_acquire (&filesys_lock);
+      file_close (cur->exec_file);
+      lock_release (&filesys_lock);
+    }
 
   /* Update process result. */
   if (cur->result != NULL)
@@ -337,10 +408,11 @@ process_exit (void)
   /* Free child process results or signal parent's death. */
   struct list_elem *e;
   for (e = list_begin (&cur->child_results);
-       e != list_end (&cur->child_results); e = list_next (e))
+       e != list_end (&cur->child_results);)
     {
       struct process_result *result
           = list_entry (e, struct process_result, elem);
+      struct list_elem *next = list_next (e);
       lock_acquire (&result->lock);
       /* Child has died (and was not waited for). Free the result. */
       if (sema_try_down (&result->sema))
@@ -354,6 +426,7 @@ process_exit (void)
           sema_up (&result->sema);
           lock_release (&result->lock);
         }
+      e = next;
     }
 
   /* Destroy the current process's page directory and switch back
@@ -472,6 +545,7 @@ load (const char *file_name, void (**eip) (void), void **esp)
   off_t file_ofs;
   bool success = false;
   int i;
+  lock_acquire (&filesys_lock);
 
   /* Allocate and activate page directory. */
   t->pagedir = pagedir_create ();
@@ -571,6 +645,7 @@ load (const char *file_name, void (**eip) (void), void **esp)
  done:
   /* We arrive here whether the load is successful or not. */
   file_close (file);
+  lock_release (&filesys_lock);
   return success;
 }
 

src/userprog/syscall.c

@@ -13,8 +13,8 @@
 #include <stdio.h>
 #include <syscall-nr.h>
 
-static struct lock filesys_lock;
+#define MAX_SYSCALL_ARGS 3
-static unsigned fd_counter = MIN_USER_FD;
+#define EXIT_FAILURE -1
 
 struct open_file
   {
@@ -46,18 +46,19 @@ static unsigned syscall_tell (int fd);
 static void syscall_close (int fd);
 
 static struct open_file *fd_get_file (int fd);
-static void *validate_user_pointer (const void *ptr, size_t size);
+static void validate_user_pointer (const void *start, size_t size);
+static void validate_user_string (const char *str);
 
 /* A struct defining a syscall_function pointer along with its arity. */
-typedef struct
+struct syscall_arguments
   {
     syscall_function function;    /* Function pointer. */
     int arity;                    /* Number of arguments of the function. */
-  } syscall_arguments;
+  };
 
 /* A look-up table mapping numbers to system call functions with their number of
    arguments. */
-static const syscall_arguments syscall_lookup[] =
+static const struct syscall_arguments syscall_lookup[] =
 {
   [SYS_HALT] = {(syscall_function) syscall_halt, 0},
   [SYS_EXIT] = {(syscall_function) syscall_exit, 1},
@@ -77,8 +78,7 @@ static const syscall_arguments syscall_lookup[] =
 /* The number of syscall functions (i.e, number of elements) within the
    syscall_lookup table. */
 static const int LOOKUP_SIZE
-  = sizeof (syscall_lookup) / sizeof (syscall_arguments);
+  = sizeof (syscall_lookup) / sizeof (struct syscall_arguments);
-
 
 /* Initialises the syscall handling system, as well as a global lock to
    synchronise all file access between processes. */
@@ -89,28 +89,29 @@ syscall_init (void)
   lock_init (&filesys_lock);
 }
 
-/* Function that takes a interrupt frame containing a syscall and its args.
+/* Function that takes an interrupt frame containing a syscall and its args.
    Validates the arguments and pointers before calling the relevant
    high-level system call function, storing its output (if any) in f->eax */
 static void
 syscall_handler (struct intr_frame *f)
 {
   /* First, read the system call number from the stack. */
-  validate_user_pointer (f->esp, 1);
+  validate_user_pointer (f->esp, sizeof (uintptr_t));
-  unsigned syscall_number = *(int *) f->esp;
+  uintptr_t syscall_number = *(int *) f->esp;
 
   /* Ensures the number corresponds to a system call that can be handled. */
   if (syscall_number >= LOOKUP_SIZE)
-    thread_exit ();
+    syscall_exit (EXIT_FAILURE);
 
-  syscall_arguments syscall = syscall_lookup[syscall_number];
+  struct syscall_arguments syscall = syscall_lookup[syscall_number];
 
   /* Next, read and copy the arguments from the stack pointer. */
   validate_user_pointer (f->esp + sizeof (uintptr_t),
                          syscall.arity * sizeof (uintptr_t));
-  uintptr_t args[3] = {0};
+
-  for (int i=0; i < syscall.arity; i++)
+  uintptr_t args[MAX_SYSCALL_ARGS] = {0};
-      args[i] = *(uintptr_t *) (f->esp + sizeof (uintptr_t) * (i + 1));
+  for (int i = 0; i < syscall.arity && i < MAX_SYSCALL_ARGS; i++)
+    args[i] = *(uintptr_t *) (f->esp + sizeof (uintptr_t) * (i + 1));
 
   /* Call the function that handles this system call with the arguments. When
      there is a return value it is stored in f->eax. */
@@ -135,19 +136,14 @@ syscall_exit (int status)
 }
 
 /* Executes a given command with the relevant args, by calling process_execute.
-   Acquires the filesystem lock as process_execute accesses the file system.
+   Returns PID for the process that is running the CMD_LINE. */
-   Returns PID for the process that is running the CMD_LINE
- */
 static pid_t
 syscall_exec (const char *cmd_line)
 {
-  validate_user_pointer (cmd_line, 1);
+  /* Validate the user string before executing the process. */
+  validate_user_string (cmd_line);
 
-  lock_acquire (&filesys_lock);
+  return process_execute (cmd_line); /* Returns the PID of the new process */
-  pid_t pid = process_execute(cmd_line);
-  lock_release (&filesys_lock);
-
-  return pid;
 }
 
 /* Handles the syscall of wait. Effectively a wrapper for process_wait as the
@@ -155,21 +151,24 @@ syscall_exec (const char *cmd_line)
 static int
 syscall_wait (pid_t pid)
 {
-  return process_wait (pid);
+  return process_wait (pid); /* Returns the exit status of the waited process */
 }
 
 /* Handles the syscall for file creation. First validates the user file
    pointer. Acquires the file system lock to prevent synchronisation issues,
    and then uses FILESYS_CREATE to create the file, returning the same status */
 static bool
-syscall_create (const char *file UNUSED, unsigned initial_size UNUSED)
+syscall_create (const char *file, unsigned initial_size)
 {
-  validate_user_pointer (file, 1);
+  /* Validate the user string before creating the file. */
+  validate_user_string (file);
 
+  /* Acquire the file system lock to prevent race conditions. */
   lock_acquire (&filesys_lock);
   bool status = filesys_create (file, initial_size);
   lock_release (&filesys_lock);
 
+  /* Return the status of the file creation. */
   return status;
 }
 
@@ -179,12 +178,15 @@ syscall_create (const char *file UNUSED, unsigned initial_size UNUSED)
 static bool
 syscall_remove (const char *file)
 {
-  validate_user_pointer (file, 1);
+  /* Validate the user string before removing the file. */
+  validate_user_string (file);
 
+  /* Acquire the file system lock to prevent race conditions. */
   lock_acquire (&filesys_lock);
   bool status = filesys_remove (file);
   lock_release (&filesys_lock);
 
+  /* Return the status of the file removal. */
   return status;
 }
 
@@ -195,23 +197,32 @@ syscall_remove (const char *file)
 static int
 syscall_open (const char *file)
 {
-  validate_user_pointer (file, 1);
+  /* Validate the user string before opening the file. */
+  validate_user_string (file);
 
+  /* Acquire the file system lock to prevent race conditions. */
   lock_acquire (&filesys_lock);
   struct file *ptr = filesys_open (file);
   lock_release (&filesys_lock);
+
+  /* If the file could not be opened, return failure. */
   if (ptr == NULL)
-    return -1;
+    return EXIT_FAILURE;
 
   /* Allocate space for a struct representing a mapping from an FD to a struct
      file. */
   struct open_file *file_info
     = (struct open_file*) malloc (sizeof (struct open_file));
   if (file_info == NULL)
-    return -1;
+    {
+      /* If we could not allocate memory for the file_info struct, close the
+         file and return failure. */
+      file_close (ptr);
+      return EXIT_FAILURE;
+    }
 
   /* Populate the above struct, with a unique FD and the current open file */
-  file_info->fd = fd_counter++;
+  file_info->fd = thread_current ()->fd_counter++;
   file_info->file = ptr;
 
   /* Add the new FD->file mapping to the hashtable for the current thread */
@@ -227,14 +238,17 @@ syscall_open (const char *file)
 static int
 syscall_filesize (int fd)
 {
+  /* Try to get the file from the FD. If it does not exist, return failure. */
   struct open_file *file_info = fd_get_file (fd);
   if (file_info == NULL)
-      return -1;
+      return EXIT_FAILURE;
 
+  /* Acquire the file system lock to prevent any race conditions. */
   lock_acquire (&filesys_lock);
   int bytes = file_length (file_info->file);
   lock_release (&filesys_lock);
 
+  /* Return the number of bytes in the file. */
   return bytes;
 }
 
@@ -247,9 +261,10 @@ syscall_read (int fd, void *buffer, unsigned size)
 {
   /* Only console (fd = 0) or other files, not including STDOUT, (fd > 1) are
      allowed. */
-  if (fd < 0 || fd == STDOUT_FILENO)
+  if (fd < STDIN_FILENO || fd == STDOUT_FILENO)
-    return -1;
+    return EXIT_FAILURE;
 
+  /* Validate the user buffer for the provided size before reading. */
   validate_user_pointer (buffer, size);
 
   if (fd == STDIN_FILENO)
@@ -259,18 +274,24 @@ syscall_read (int fd, void *buffer, unsigned size)
       for (int i = 0; i < size; i++)
         write_buffer[i] = input_getc ();
 
+      /* In case of console, read is always (eventually) successful. So return
+         the size for the number of bytes read. */
       return size;
     }
   else
     {
       /* Reading from a file. */
+      /* Find the file from the FD. If it does not exist, return failure. */
       struct open_file *file_info = fd_get_file (fd);
       if (file_info == NULL)
-        return -1;
+        return EXIT_FAILURE;
 
+      /* Acquire the file system lock to prevent race-conditions. */
       lock_acquire (&filesys_lock);
       int bytes_written = file_read (file_info->file, buffer, size);
       lock_release (&filesys_lock);
+
+      /* Return the number of bytes read. */
       return bytes_written;
     }
 }
@@ -287,25 +308,32 @@ syscall_write (int fd, const void *buffer, unsigned size)
   if (fd <= 0)
     return 0;
 
+  /* Validate the user buffer for the provided size before writing. */
   validate_user_pointer (buffer, size);
 
   if (fd == STDOUT_FILENO)
     {
       /* Writing to the console. */
       putbuf (buffer, size);
+
+      /* In case of console, write is always successful. So return the size for
+         the number of bytes written. */
       return size;
     }
   else
     {
       /* Writing to a file. */
+      /* Find the file from the FD. If it does not exist, return failure. */
       struct open_file *file_info = fd_get_file (fd);
       if (file_info == NULL)
         return 0;
 
+      /* Acquire the file system lock to prevent race conditions. */
       lock_acquire (&filesys_lock);
       int bytes = file_write (file_info->file, buffer, size);
       lock_release (&filesys_lock);
 
+      /* Return the number of bytes written. */
       return bytes;
     }
 }
@@ -317,9 +345,11 @@ syscall_write (int fd, const void *buffer, unsigned size)
 static void
 syscall_seek (int fd, unsigned position)
 {
+  /* Find the file from the FD. If it does not exist, do nothing. */
   struct open_file *file_info = fd_get_file (fd);
   if (file_info != NULL)
   {
+    /* File exists: Acquire the file system lock to prevent race conditions. */
     lock_acquire (&filesys_lock);
     file_seek (file_info->file, position);
     lock_release (&filesys_lock);
@@ -332,14 +362,17 @@ syscall_seek (int fd, unsigned position)
 static unsigned
 syscall_tell (int fd)
 {
+  /* Find the file from the FD. If it does not exist, return 0. */
   struct open_file *file_info = fd_get_file (fd);
   if (file_info == NULL)
     return 0;
 
+  /* Acquire the file system lock to prevent race conditions. */
   lock_acquire (&filesys_lock);
   unsigned pos = file_tell (file_info->file);
   lock_release (&filesys_lock);
 
+  /* Return the current position in the file. */
   return pos;
 }
 
@@ -349,14 +382,21 @@ syscall_tell (int fd)
 static void
 syscall_close (int fd)
 {
+  /* Find the file from the FD. If it does not exist, do nothing. */
   struct open_file *file_info = fd_get_file (fd);
   if (file_info != NULL)
     {
+      /* File exists */
+      /* First, remove the file from the hash table of open files. */
       hash_delete (&thread_current ()->open_files, &file_info->elem);
 
+      /* Then, close the file, acquiring the file system lock to prevent race
+         conditions. */
       lock_acquire (&filesys_lock);
       file_close (file_info->file);
       lock_release (&filesys_lock);
+
+      /* Free the memory allocated for the file_info struct. */
       free (file_info);
     }
 }
@@ -366,7 +406,12 @@ syscall_close (int fd)
 unsigned
 fd_hash (const struct hash_elem *element, void *aux UNUSED)
 {
-  return hash_int (hash_entry (element, struct open_file, elem)->fd);
+  /* We use the FD as the hash value. This is because the FD is incremented
+     sequentially and is therefore unique for each file. It positively affects
+     the performance of the hash table: 1. It is unique so no need to call
+     expensive hash functions. 2. It being sequential means that the hash table
+     is more likely to be weight balanced. */
+  return hash_entry (element, struct open_file, elem)->fd;
 }
 
 /* Comparator function for the open_file table. Compares two entries based on
@@ -381,6 +426,20 @@ fd_less (const struct hash_elem *a_, const struct hash_elem *b_,
   return a->fd < b->fd;
 }
 
+/* Function to clean up an open file entry. Closes the file and frees the
+   associated memory. */
+void
+fd_cleanup (struct hash_elem *e, void *aux UNUSED)
+{
+  struct open_file *file_info = hash_entry (e, struct open_file, elem);
+
+  lock_acquire (&filesys_lock);
+  file_close (file_info->file);
+  lock_release (&filesys_lock);
+
+  free (file_info);
+}
+
 /* Gets a file from its descriptor (FD number). If there is no file with the fd
    FD it returns NULL. */
 static struct open_file *
@@ -400,18 +459,63 @@ fd_get_file (int fd)
   return hash_entry (e, struct open_file, elem);
 }
 
-/* Validates if a block of memory starting at PTR and of size SIZE bytes is
+/* Validates if a block of memory starting at START and of size SIZE bytes is
-   fully contained within user virtual memory. Kills the thread (by calling
+   fully contained within user virtual memory. Kills the thread (by exiting with
-   thread_exit) if the memory is invalid. Otherwise, returns the PTR given.
+   failure) if the memory is invalid. Otherwise, returns (nothing) normally.
-   If the size is 0, the function does no checks and returns PTR.*/
+   If the size is 0, the function does no checks and returns the given ptr. */
-static void *
+static void
-validate_user_pointer (const void *ptr, size_t size)
+validate_user_pointer (const void *start, size_t size)
 {
-  if (size > 0 && (ptr == NULL ||
+  /* If the size is 0, we do not need to check anything. */
-                   !is_user_vaddr (ptr) ||
+  if (size == 0)
-                   !is_user_vaddr (ptr + size - 1) ||
+    return;
-                   pagedir_get_page (thread_current()->pagedir, ptr) == NULL))
-    thread_exit ();
 
-  return (void *) ptr;
+  const void *end = start + size - 1;
+
+  /* Check if the start and end pointers are valid user virtual addresses. */
+  if (start == NULL || !is_user_vaddr (start) || !is_user_vaddr (end))
+    syscall_exit (EXIT_FAILURE);
+
+  /* We now need to check if the entire memory block is mapped to physical
+     memory by the page table. */
+  for (const void *ptr = pg_round_down (start); ptr <= end; ptr += PGSIZE)
+    if (pagedir_get_page (thread_current ()->pagedir, ptr) == NULL)
+      syscall_exit (EXIT_FAILURE);
+}
+
+/* Validates if a string is fully contained within user virtual memory. Kills
+   the thread (by exiting with failure) if the memory is invalid. Otherwise,
+   returns (nothing) normally. */
+static void
+validate_user_string (const char *str)
+{
+  /* Check if the string pointer is a valid user virtual address. */
+  if (str == NULL || !is_user_vaddr (str))
+    syscall_exit (EXIT_FAILURE);
+
+  /* Calculate the offset of the string within the (first) page. */
+  size_t offset = (uintptr_t) str % PGSIZE;
+
+  /* We move page by page, checking if the page is mapped to physical memory. */
+  for (;;)
+  {
+    void *page = pg_round_down (str);
+
+    /* If we reach addresses that are not mapped to physical memory before the
+       end of the string, the thread is terminated. */
+    if (!is_user_vaddr(page) ||
+        pagedir_get_page (thread_current ()->pagedir, page) == NULL)
+      syscall_exit (EXIT_FAILURE);
+
+    while (offset < PGSIZE)
+      {
+        if (*str == '\0')
+          return; /* We reached the end of the string without issues. */
+
+        str++;
+        offset++;
+      }
+
+    offset = 0; /* Next page will start at the beginning. */
+  }
 }

src/userprog/syscall.h

@@ -2,14 +2,16 @@
 #define USERPROG_SYSCALL_H
 
 #include <hash.h>
-
+#include "threads/synch.h"
-#define MIN_USER_FD 2
 
 typedef int pid_t;
 
+struct lock filesys_lock;
+
 void syscall_init (void);
 
 unsigned fd_hash (const struct hash_elem *element, void *aux);
 bool fd_less (const struct hash_elem *a, const struct hash_elem *b, void *aux);
+void fd_cleanup (struct hash_elem *e, void *aux);
 
 #endif /* userprog/syscall.h */