feat: set accessed bit to allocated frames in page_load and get_usr_kpage

Implement helper functions for managing the supplemental page table

See merge request lab2425_autumn/pintos_22!55

.gitlab-ci.yml

@@ -37,4 +37,4 @@ test_vm:
   extends: .pintos_tests
   variables:
     DIR: vm
-    IGNORE: (tests/vm/pt-grow-stack|tests/vm/pt-grow-pusha|tests/vm/pt-big-stk-obj|tests/vm/pt-overflowstk|tests/vm/pt-write-code2|tests/vm/pt-grow-stk-sc|tests/vm/page-linear|tests/vm/page-parallel|tests/vm/page-merge-seq|tests/vm/page-merge-par|tests/vm/page-merge-stk|tests/vm/page-merge-mm|tests/vm/mmap-read|tests/vm/mmap-close|tests/vm/mmap-overlap|tests/vm/mmap-twice|tests/vm/mmap-write|tests/vm/mmap-exit|tests/vm/mmap-shuffle|tests/vm/mmap-clean|tests/vm/mmap-inherit|tests/vm/mmap-misalign|tests/vm/mmap-null|tests/vm/mmap-over-code|tests/vm/mmap-over-data|tests/vm/mmap-over-stk|tests/vm/mmap-remove)
+    IGNORE: (tests/vm/page-parallel|tests/vm/page-merge-seq|tests/vm/page-merge-par|tests/vm/page-merge-stk|tests/vm/page-merge-mm|tests/vm/mmap-read|tests/vm/mmap-close|tests/vm/mmap-overlap|tests/vm/mmap-twice|tests/vm/mmap-write|tests/vm/mmap-exit|tests/vm/mmap-shuffle|tests/vm/mmap-clean|tests/vm/mmap-inherit|tests/vm/mmap-misalign|tests/vm/mmap-null|tests/vm/mmap-over-code|tests/vm/mmap-over-data|tests/vm/mmap-over-stk|tests/vm/mmap-remove)

src/Makefile.build

@@ -63,7 +63,9 @@ userprog_SRC += userprog/tss.c		# TSS management.
 
 # Virtual memory code.
 vm_SRC += vm/frame.c                    # Frame table manager.
+vm_SRC += vm/page.c                     # Page table manager.
 vm_SRC += devices/swap.c		# Swap block manager.
+vm_SRC += vm/stackgrowth.c              # Stack growth functions.
 #vm_SRC = vm/file.c			# Some other file.
 
 # Filesystem code.

src/threads/thread.c

@@ -15,6 +15,7 @@
 #include "threads/switch.h"
 #include "threads/synch.h"
 #include "threads/vaddr.h"
+#include "vm/page.h"
 #ifdef USERPROG
 #include "userprog/process.h"
 #include "userprog/syscall.h"
@@ -262,9 +263,14 @@ thread_create (const char *name, int priority,
   /* Initialize the thread's file descriptor table. */
   t->fd_counter = MINIMUM_USER_FD;
 
-  if (!hash_init (&t->open_files, fd_hash, fd_less, NULL)
-      || !hash_init (&t->child_results, process_result_hash,
-                     process_result_less, t))
+  bool success = hash_init (&t->open_files, fd_hash, fd_less, NULL);
+  success = success && hash_init (&t->child_results, process_result_hash,
+                                  process_result_less, t);
+#ifdef VM
+  success = success && hash_init (&t->pages, page_hash, page_less, NULL);
+#endif
+
+  if (!success)
     {
       palloc_free_page (t);
       free (t->result);

src/threads/thread.h

@@ -143,6 +143,12 @@ struct thread
     struct hash open_files;             /* Hash Table of FD -> Struct File. */
 #endif
 
+#ifdef VM
+  struct hash pages;                    /* Table of open user pages. */
+#endif
+
+    void *curr_esp;
+
     /* Owned by thread.c. */
     unsigned magic;                     /* Detects stack overflow. */
   };

src/userprog/exception.c

@@ -1,15 +1,25 @@
 #include "userprog/exception.h"
 #include <inttypes.h>
 #include <stdio.h>
+#include "stdbool.h"
 #include "userprog/gdt.h"
 #include "threads/interrupt.h"
 #include "threads/thread.h"
+#ifdef VM
+#include "vm/stackgrowth.h"
+#include "vm/frame.h"
+#include "vm/page.h"
+#include "devices/swap.h"
+#include "threads/vaddr.h"
+#include "userprog/pagedir.h"
+#endif
 
 /* Number of page faults processed. */
 static long long page_fault_cnt;
 
 static void kill (struct intr_frame *);
 static void page_fault (struct intr_frame *);
+bool try_fetch_page (void *upage, bool write);
 
 /* Registers handlers for interrupts that can be caused by user
    programs.
@@ -145,6 +155,49 @@ page_fault (struct intr_frame *f)
   write = (f->error_code & PF_W) != 0;
   user = (f->error_code & PF_U) != 0;
 
+#ifdef VM
+  void *upage = pg_round_down (fault_addr);
+  if (not_present && is_user_vaddr(upage))
+    {
+      struct thread *t = thread_current ();
+      void *esp = user ? f->esp : t->curr_esp;
+
+      /* Check if the non-present user page is in the swap partition.
+         If so, swap it back into main memory, updating the PTE for
+         the faulted virtual address to point to the newly allocated
+         frame. */
+      if (page_in_swap (t, fault_addr))
+        {
+          size_t swap_slot = page_get_swap (t, fault_addr);
+          void *kpage = frame_alloc (0, upage, t);
+          swap_in (kpage, swap_slot);
+
+          bool writeable = pagedir_is_writable (t->pagedir, upage);
+          if (pagedir_set_page (t->pagedir, upage, kpage, writeable)) return;
+        }
+
+      /* Handle user page faults that need to be resolved by dynamic
+         stack growth by checking if this is such a fault and responding
+         accordingly. */
+      if (handle_stack_fault (fault_addr, esp)) return;
+
+      /* Handle user page faults that need to be resolved by lazy loading
+         of executable files by checking if they contain entries in the
+         SPT hash map and responding accordingly. */
+      if (try_fetch_page (upage, write))
+        return;
+    }
+
+  /* Allows for page faults within a kernel context to communicate with
+     user pages for sending error codes. */
+  if (!user)
+    {
+      f->eip = (void *)f->eax;
+      f->eax = 0xffffffff;
+      return;
+    }
+#endif
+
   /* To implement virtual memory, delete the rest of the function
      body, and replace it with code that brings in the page to
      which fault_addr refers. */
@@ -156,3 +209,35 @@ page_fault (struct intr_frame *f)
   kill (f);
 }
 
+#ifdef VM
+bool
+try_fetch_page (void *upage, bool write)
+{
+  /* Check if the page is in the supplemental page table. That is, it is a page
+     that is expected to be in memory. */
+  struct page_entry *page = page_get (upage);
+  if (page == NULL)
+    return false;
+
+  /* An attempt to write to a non-writeable should fail. */
+  if (write && !page->writable)
+    return false;
+
+  /* Load the page into memory based on the type of data it is expecting. */
+  bool success = false;
+  switch (page->type) {
+    case PAGE_EXECUTABLE:
+      success = page_load (page, page->writable);
+      break;
+    default:
+      return false;
+  }
+
+  if (success && page->writable &&
+      !pagedir_is_writable(thread_current()->pagedir, upage))
+    pagedir_set_writable(thread_current()->pagedir, upage, true);
+
+  return success;
+}
+#endif
+

src/userprog/exception.h

@@ -1,6 +1,8 @@
 #ifndef USERPROG_EXCEPTION_H
 #define USERPROG_EXCEPTION_H
 
+#include <stdbool.h>
+
 /* Page fault error code bits that describe the cause of the exception.  */
 #define PF_P 0x1    /* 0: not-present page. 1: access rights violation. */
 #define PF_W 0x2    /* 0: read, 1: write. */
@@ -8,5 +10,7 @@
 
 void exception_init (void);
 void exception_print_stats (void);
+bool
+try_fetch_page (void *upage, bool write);
 
 #endif /* userprog/exception.h */

src/userprog/pagedir.c

@@ -7,7 +7,6 @@
 #include "threads/palloc.h"
 
 static uint32_t *active_pd (void);
-static void invalidate_pagedir (uint32_t *);
 
 /* Creates a new page directory that has mappings for kernel
    virtual addresses, but none for user virtual addresses.
@@ -53,7 +52,7 @@ pagedir_destroy (uint32_t *pd)
    on CREATE.  If CREATE is true, then a new page table is
    created and a pointer into it is returned.  Otherwise, a null
    pointer is returned. */
-static uint32_t *
+uint32_t *
 lookup_page (uint32_t *pd, const void *vaddr, bool create)
 {
   uint32_t *pt, *pde;
@@ -278,7 +277,7 @@ active_pd (void)
    This function invalidates the TLB if PD is the active page
    directory.  (If PD is not active then its entries are not in
    the TLB, so there is no need to invalidate anything.) */
-static void
+void
 invalidate_pagedir (uint32_t *pd) 
 {
   if (active_pd () == pd) 

src/userprog/pagedir.h

@@ -6,6 +6,7 @@
 
 uint32_t *pagedir_create (void);
 void pagedir_destroy (uint32_t *pd);
+uint32_t *lookup_page (uint32_t *pd, const void *vaddr, bool create);
 bool pagedir_set_page (uint32_t *pd, void *upage, void *kpage, bool rw);
 void *pagedir_get_page (uint32_t *pd, const void *upage);
 void pagedir_clear_page (uint32_t *pd, void *upage);
@@ -16,5 +17,6 @@ void pagedir_set_accessed (uint32_t *pd, const void *upage, bool accessed);
 bool pagedir_is_writable (uint32_t *pd, const void *upage);
 void pagedir_set_writable (uint32_t *pd, const void *upage, bool writable);
 void pagedir_activate (uint32_t *pd);
+void invalidate_pagedir (uint32_t *pd);
 
 #endif /* userprog/pagedir.h */

src/userprog/process.c

@@ -24,6 +24,7 @@
 #include "threads/vaddr.h"
 #include "threads/synch.h"
 #include "devices/timer.h"
+#include "vm/page.h"
 #ifdef VM
 #include "vm/frame.h"
 #endif
@@ -116,9 +117,9 @@ process_execute (const char *cmd)
   return tid;
 }
 
-static void *get_usr_kpage (enum palloc_flags flags);
+static void *get_usr_kpage (enum palloc_flags flags, void *upage);
 static void free_usr_kpage (void *kpage);
-static bool install_page (void *upage, void *kpage, bool writable);
+bool install_page (void *upage, void *kpage, bool writable);
 
 static bool process_init_stack (char *cmd_saveptr, void **esp, char *file_name);
 static void *push_to_stack (void **esp, void *data, size_t data_size);
@@ -257,12 +258,13 @@ process_init_stack (char *cmd_saveptr, void **esp, char *file_name)
         int pages_needed = DIV_CEIL (overflow_bytes, PGSIZE);
 
         /* Allocate the pages and map them to the user process. */
+        void *upage;
+        uint8_t *kpage;
         for (int i = 1; i < pages_needed + 1; i++)
           {
-            uint8_t *kpage = get_usr_kpage (PAL_ZERO);
-            if (!install_page (((uint8_t *) PHYS_BASE) - PGSIZE * (i + 1),
-                               kpage, true))
-              return false;
+            upage = ((uint8_t *) PHYS_BASE) - PGSIZE * (i + 1);
+            kpage = get_usr_kpage (PAL_ZERO, upage);
+            if (!install_page (upage, kpage, true)) return false;
           }
       }
 
@@ -363,6 +365,9 @@ process_exit (void)
 
   /* Clean up all open files */
   hash_destroy (&cur->open_files, fd_cleanup);
+#ifdef VM
+  hash_destroy (&cur->pages, page_cleanup);
+#endif
 
   /* Close the executable file, implicitly allowing it to be written to. */
   if (cur->exec_file != NULL)
@@ -620,7 +625,9 @@ load (const char *file_name, void (**eip) (void), void **esp)
 
  done:
   /* We arrive here whether the load is successful or not. */
+#ifndef VM
   file_close (file);
+#endif
   lock_release (&filesys_lock);
   return success;
 }
@@ -688,12 +695,34 @@ validate_segment (const struct Elf32_Phdr *phdr, struct file *file)
    or disk read error occurs. */
 static bool
 load_segment (struct file *file, off_t ofs, uint8_t *upage,
-              uint32_t read_bytes, uint32_t zero_bytes, bool writable) 
+              uint32_t read_bytes, uint32_t zero_bytes, bool writable)
 {
   ASSERT ((read_bytes + zero_bytes) % PGSIZE == 0);
   ASSERT (pg_ofs (upage) == 0);
   ASSERT (ofs % PGSIZE == 0);
 
+#ifdef VM
+  while (read_bytes > 0 || zero_bytes > 0)
+    {
+      /* Calculate how to fill this page.
+         We will read PAGE_READ_BYTES bytes from FILE
+         and zero the final PAGE_ZERO_BYTES bytes. */
+      size_t page_read_bytes = read_bytes < PGSIZE ? read_bytes : PGSIZE;
+      size_t page_zero_bytes = PGSIZE - page_read_bytes;
+
+      /* Add the page metadata to the SPT to be lazy loaded later on */
+      if (page_insert (file, ofs, upage, page_read_bytes, page_zero_bytes,
+                       writable, PAGE_EXECUTABLE) == NULL)
+        return false;
+
+      /* Advance. */
+      read_bytes -= page_read_bytes;
+      zero_bytes -= page_zero_bytes;
+      ofs += PGSIZE;
+      upage += PGSIZE;
+    }
+  return true;
+#else
   file_seek (file, ofs);
   while (read_bytes > 0 || zero_bytes > 0) 
     {
@@ -710,7 +739,7 @@ load_segment (struct file *file, off_t ofs, uint8_t *upage,
       if (kpage == NULL){
         
         /* Get a new page of memory. */
-        kpage = get_usr_kpage (0);
+        kpage = get_usr_kpage (0, upage);
         if (kpage == NULL){
           return false;
         }
@@ -743,6 +772,7 @@ load_segment (struct file *file, off_t ofs, uint8_t *upage,
       upage += PGSIZE;
     }
   return true;
+#endif
 }
 
 /* Create a minimal stack by mapping a zeroed page at the top of
@@ -752,11 +782,13 @@ setup_stack (void **esp)
 {
   uint8_t *kpage;
   bool success = false;
-
-  kpage = get_usr_kpage (PAL_ZERO);
+  
+  void *upage = ((uint8_t *) PHYS_BASE) - PGSIZE;
+  
+  kpage = get_usr_kpage (PAL_ZERO, upage);
   if (kpage != NULL) 
     {
-      success = install_page (((uint8_t *) PHYS_BASE) - PGSIZE, kpage, true);
+      success = install_page (upage, kpage, true);
       if (success)
         *esp = PHYS_BASE;
       else
@@ -765,14 +797,21 @@ setup_stack (void **esp)
   return success;
 }
 
-/* Claims a page from the user pool and returns its kernel address,
-   updating the frame table if VM is enabled. */
+/* Claims a page from the user pool for ownership by the current thread
+   and returns its kernel address, updating the frame table if VM
+   is enabled. Requires the intended virtual address for where the page
+   will be installed. */
 static void *
-get_usr_kpage (enum palloc_flags flags)
+get_usr_kpage (enum palloc_flags flags, void *upage)
 {
   void *page;
 #ifdef VM
-  page = frame_alloc (flags);
+  struct thread *t = thread_current ();
+  if (pagedir_get_page (t->pagedir, upage) != NULL)
+    return NULL;
+  else
+    page = frame_alloc (flags, upage, t);
+  pagedir_set_accessed (t->pagedir, upage, true);
 #else
   page = palloc_get_page (flags | PAL_USER);
 #endif
@@ -800,7 +839,7 @@ free_usr_kpage (void *kpage)
    with palloc_get_page().
    Returns true on success, false if UPAGE is already mapped or
    if memory allocation fails. */
-static bool
+bool
 install_page (void *upage, void *kpage, bool writable)
 {
   struct thread *t = thread_current ();

src/userprog/process.h

@@ -8,4 +8,6 @@ int process_wait (tid_t);
 void process_exit (void);
 void process_activate (void);
 
+bool install_page (void *upage, void *kpage, bool writable);
+
 #endif /* userprog/process.h */

src/userprog/syscall.c

@@ -11,6 +11,7 @@
 #include "userprog/process.h"
 #include "userprog/pagedir.h"
 #include <stdio.h>
+#include <stdbool.h>
 #include <syscall-nr.h>
 
 #define MAX_SYSCALL_ARGS 3
@@ -46,8 +47,11 @@ static unsigned syscall_tell (int fd);
 static void syscall_close (int fd);
 
 static struct open_file *fd_get_file (int fd);
-static void validate_user_pointer (const void *start, size_t size);
-static void validate_user_string (const char *str);
+static void validate_user_pointer (const void *ptr, size_t size,
+                                   bool check_write);
+static void validate_user_string (const char *str, bool check_write);
+static int get_user (const uint8_t *);
+static bool put_user (uint8_t *, uint8_t);
 
 /* A struct defining a syscall_function pointer along with its arity. */
 struct syscall_arguments
@@ -96,8 +100,9 @@ static void
 syscall_handler (struct intr_frame *f)
 {
   /* First, read the system call number from the stack. */
-  validate_user_pointer (f->esp, sizeof (uintptr_t));
-  uintptr_t syscall_number = *(int *) f->esp;
+  validate_user_pointer (f->esp, sizeof (uintptr_t), false);
+  uintptr_t syscall_number = *(int *)f->esp;
+  thread_current ()->curr_esp = f->esp;
 
   /* Ensures the number corresponds to a system call that can be handled. */
   if (syscall_number >= LOOKUP_SIZE)
@@ -107,11 +112,10 @@ syscall_handler (struct intr_frame *f)
 
   /* Next, read and copy the arguments from the stack pointer. */
   validate_user_pointer (f->esp + sizeof (uintptr_t),
-                         syscall.arity * sizeof (uintptr_t));
-
-  uintptr_t args[MAX_SYSCALL_ARGS] = {0};
+                         syscall.arity * sizeof (uintptr_t), false);
+  uintptr_t args[MAX_SYSCALL_ARGS] = { 0 };
   for (int i = 0; i < syscall.arity && i < MAX_SYSCALL_ARGS; i++)
-    args[i] = *(uintptr_t *) (f->esp + sizeof (uintptr_t) * (i + 1));
+    args[i] = *(uintptr_t *)(f->esp + sizeof (uintptr_t) * (i + 1));
 
   /* Call the function that handles this system call with the arguments. When
      there is a return value it is stored in f->eax. */
@@ -140,8 +144,7 @@ syscall_exit (int status)
 static pid_t
 syscall_exec (const char *cmd_line)
 {
-  /* Validate the user string before executing the process. */
-  validate_user_string (cmd_line);
+  validate_user_string (cmd_line, false);
 
   return process_execute (cmd_line); /* Returns the PID of the new process */
 }
@@ -160,8 +163,7 @@ syscall_wait (pid_t pid)
 static bool
 syscall_create (const char *file, unsigned initial_size)
 {
-  /* Validate the user string before creating the file. */
-  validate_user_string (file);
+  validate_user_string (file, false);
 
   /* Acquire the file system lock to prevent race conditions. */
   lock_acquire (&filesys_lock);
@@ -178,8 +180,7 @@ syscall_create (const char *file, unsigned initial_size)
 static bool
 syscall_remove (const char *file)
 {
-  /* Validate the user string before removing the file. */
-  validate_user_string (file);
+  validate_user_string (file, false);
 
   /* Acquire the file system lock to prevent race conditions. */
   lock_acquire (&filesys_lock);
@@ -197,8 +198,7 @@ syscall_remove (const char *file)
 static int
 syscall_open (const char *file)
 {
-  /* Validate the user string before opening the file. */
-  validate_user_string (file);
+  validate_user_string (file, false);
 
   /* Acquire the file system lock to prevent race conditions. */
   lock_acquire (&filesys_lock);
@@ -264,8 +264,7 @@ syscall_read (int fd, void *buffer, unsigned size)
   if (fd < STDIN_FILENO || fd == STDOUT_FILENO)
     return EXIT_FAILURE;
 
-  /* Validate the user buffer for the provided size before reading. */
-  validate_user_pointer (buffer, size);
+  validate_user_pointer (buffer, size, true);
 
   if (fd == STDIN_FILENO)
     {
@@ -308,8 +307,7 @@ syscall_write (int fd, const void *buffer, unsigned size)
   if (fd <= 0)
     return 0;
 
-  /* Validate the user buffer for the provided size before writing. */
-  validate_user_pointer (buffer, size);
+  validate_user_pointer (buffer, size, false);
 
   if (fd == STDOUT_FILENO)
     {
@@ -451,63 +449,91 @@ fd_get_file (int fd)
   return hash_entry (e, struct open_file, elem);
 }
 
-/* Validates if a block of memory starting at START and of size SIZE bytes is
-   fully contained within user virtual memory. Kills the thread (by exiting with
-   failure) if the memory is invalid. Otherwise, returns (nothing) normally.
-   If the size is 0, the function does no checks and returns the given ptr. */
+/* Validates if a block of memory starting at PTR and of size SIZE bytes is
+   fully contained within valid user virtual memory. thread_exit () if the
+   memory is invalid.
+   If the size is 0, the function does no checks and returns PTR. */
 static void
-validate_user_pointer (const void *start, size_t size)
+validate_user_pointer (const void *ptr, size_t size, bool check_write)
 {
-  /* If the size is 0, we do not need to check anything. */
   if (size == 0)
     return;
-
-  const void *end = start + size - 1;
-
-  /* Check if the start and end pointers are valid user virtual addresses. */
-  if (start == NULL || !is_user_vaddr (start) || !is_user_vaddr (end))
+  /* ptr < ptr + size - 1, so sufficient to check that (ptr + size -1) is a
+     valid user virtual memory address. */
+  void *last = ptr + size - 1;
+  if (!is_user_vaddr (last))
     syscall_exit (EXIT_FAILURE);
-
-  /* We now need to check if the entire memory block is mapped to physical
-     memory by the page table. */
-  for (const void *ptr = pg_round_down (start); ptr <= end; ptr += PGSIZE)
-    if (pagedir_get_page (thread_current ()->pagedir, ptr) == NULL)
-      syscall_exit (EXIT_FAILURE);
+  ptr = pg_round_down (ptr);
+  while (ptr <= last)
+    {
+      int result;
+      /* Check read access to pointer. */
+      if ((result = get_user (ptr)) == -1)
+        syscall_exit (EXIT_FAILURE);
+      /* Check write access to pointer (if required). */
+      if (check_write && !put_user (ptr, result))
+        syscall_exit (EXIT_FAILURE);
+      ptr += PGSIZE;
+    }
 }
 
-/* Validates if a string is fully contained within user virtual memory. Kills
-   the thread (by exiting with failure) if the memory is invalid. Otherwise,
-   returns (nothing) normally. */
+/* Validates of a C-string starting at ptr is fully contained within valid
+   user virtual memory. thread_exit () if the memory is invalid. */
 static void
-validate_user_string (const char *str)
+validate_user_string (const char *ptr, bool check_write)
 {
-  /* Check if the string pointer is a valid user virtual address. */
-  if (str == NULL || !is_user_vaddr (str))
-    syscall_exit (EXIT_FAILURE);
+  size_t offset = (uintptr_t) ptr % PGSIZE;
 
-  /* Calculate the offset of the string within the (first) page. */
-  size_t offset = (uintptr_t) str % PGSIZE;
-
-  /* We move page by page, checking if the page is mapped to physical memory. */
   for (;;)
-  {
-    void *page = pg_round_down (str);
+    {
+      void *page = pg_round_down (ptr);
 
-    /* If we reach addresses that are not mapped to physical memory before the
-       end of the string, the thread is terminated. */
-    if (!is_user_vaddr(page) ||
-        pagedir_get_page (thread_current ()->pagedir, page) == NULL)
-      syscall_exit (EXIT_FAILURE);
+      if (!is_user_vaddr (page))
+        syscall_exit (EXIT_FAILURE);
+      if (!is_user_vaddr (ptr))
+        syscall_exit (EXIT_FAILURE);
+      int result;
+      if ((result = get_user ((const uint8_t *)ptr)) == -1)
+        syscall_exit (EXIT_FAILURE);
+      if (check_write && !put_user ((uint8_t *)ptr, result))
+        syscall_exit (EXIT_FAILURE);
 
-    while (offset < PGSIZE)
+      while (offset < PGSIZE)
       {
-        if (*str == '\0')
+        if (*ptr == '\0')
           return; /* We reached the end of the string without issues. */
 
-        str++;
+        ptr++;
         offset++;
       }
 
-    offset = 0; /* Next page will start at the beginning. */
-  }
+      offset = 0;
+
+    }
+}
+
+/* PROVIDED BY SPEC.
+   Reads a byte at user virtual address UADDR.
+   UADDR must be below PHYS_BASE.
+   Returns the byte value if successful, -1 if a segfault occurred. */
+static int
+get_user (const uint8_t *uaddr)
+{
+  int result;
+  asm ("movl $1f, %0; movzbl %1, %0; 1:" : "=&a"(result) : "m"(*uaddr));
+  return result;
+}
+
+/* PROVIDED BY SPEC.
+   Writes BYTE to user address UDST.
+   UDST must be below PHYS_BASE.
+   Returns true if successful, false if a segfault occurred. */
+static bool
+put_user (uint8_t *udst, uint8_t byte)
+{
+  int error_code;
+  asm ("movl $1f, %0; movb %b2, %1; 1:"
+       : "=&a"(error_code), "=m"(*udst)
+       : "q"(byte));
+  return error_code != -1;
 }

src/vm/frame.c

@@ -1,34 +1,42 @@
 #include <debug.h>
 #include <hash.h>
 #include <list.h>
+#include <string.h>
 
 #include "frame.h"
+#include "page.h"
 #include "threads/malloc.h"
+#include "threads/vaddr.h"
+#include "userprog/pagedir.h"
 #include "threads/synch.h"
+#include "devices/swap.h"
 
 /* Hash table that maps every active frame's kernel virtual address
    to its corresponding 'frame_metadata'.*/
 struct hash frame_table;
 
-/* Linked list of frame_metadata whose pages are predicted to currently
-   be in the working set of a process. They are not considered for
-   eviction, but are considered for demotion to the 'inactive' list. */
-struct list active_list;
+/* Linked list used to represent the circular queue in the 'clock'
+   algorithm for page eviction. Iterating from the element that is
+   currently pointed at by 'next_victim' yields an ordering of the entries
+   from oldest to newest (in terms of when they were added or checked
+   for having been referenced by a process). */
+struct list lru_list;
 
-/* Linked list of frame_metadata whose pages are predicted to leave the
-   working set of their processes soon, so are considered for eviction.
-   Pages are considered for eviction from the tail end, and are initially
-   demoted to 'inactive' at the head. */
-struct list inactive_list;
+/* The next element in lru_list to be considered for eviction (oldest added
+   or referenced page in the circular queue). If this page has has an
+   'accessed' bit of 0 when considering eviction, then it will be the next
+   victim. Otherwise, the next element in the queue is similarly considered. */
+struct list_elem *next_victim = NULL;
 
 /* Synchronisation variables. */
-/* Ensures mutual exclusion to accessing the 'head' and first element of
-   'inactive_list', which is accessed every time a frame is allocated. */
-struct lock inactive_head_lock;
+/* Protects access to 'lru_list'. */
+struct lock lru_lock;
 
 struct frame_metadata
   {
      void *frame;  /* The kernel virtual address holding the frame. */
+     void *upage; /* The user virtual address pointing to the frame. */
+     struct thread *owner; /* Pointer to the thread that owns the frame. */
      struct hash_elem hash_elem;  /* Tracks the position of the frame metadata
                                      within 'frame_table', whose key is the 
                                      kernel virtual address of the frame. */
@@ -40,56 +48,109 @@ struct frame_metadata
 hash_hash_func frame_metadata_hash;
 hash_less_func frame_metadata_less;
 
+static struct list_elem *lru_next (struct list_elem *e);
+static struct list_elem *lru_prev (struct list_elem *e);
+static struct frame_metadata *get_victim (void);
+
 /* Initialize the frame system by initializing the frame (hash) table with
    the frame_metadata hashing and comparison functions, as well as initializing
-   the active & inactive lists. Also initializes the system's synchronisation
-   primitives. */
+   'lru_list' and its associated synchronisation primitives. */
 void
 frame_init (void)
 {
   hash_init (&frame_table, frame_metadata_hash, frame_metadata_less, NULL);
-  list_init (&active_list);
-  list_init (&inactive_list);
 
-  lock_init (&inactive_head_lock);
+  list_init (&lru_list);
+  lock_init (&lru_lock);
 }
 
+/* TODO: Consider synchronisation more closely (i.e. just for hash
+         table). */
 /* Attempt to allocate a frame for a user process, either by direct
    allocation of a user page if there is sufficient RAM, or by
    evicting a currently active page if memory allocated for user
    processes is fulled and storing it in swap. If swap is full in
    the former case, panic the kernel. */
 void *
-frame_alloc (enum palloc_flags flags)
+frame_alloc (enum palloc_flags flags, void *upage, struct thread *owner)
 {
+  struct frame_metadata *frame_metadata;
   flags |= PAL_USER;
-
+  
+  lock_acquire (&lru_lock);
   void *frame = palloc_get_page (flags);
+
+  /* If a frame couldn't be allocated we must be out of main memory. Thus,
+     obtain a victim page to replace with our page, and swap the victim
+     into disk. */
   if (frame == NULL)
     {
-      /* TODO: Find victim page to replace, and swap it with this new page. */
-      return NULL;
+      /* 1. Obtain victim. */
+      if (next_victim == NULL)
+        PANIC ("Couldn't allocate a single page to main memory!\n");
+
+      struct frame_metadata *victim = get_victim ();
+      ASSERT (victim != NULL); /* get_victim () should never return null. */
+
+      /* 2. Swap out victim into disk. */
+      /* Mark page as 'not present' and flag the page directory as having
+         been modified *before* eviction begins to prevent the owner of the
+         victim page from accessing/modifying it mid-eviction. */
+      pagedir_clear_page (victim->owner->pagedir, victim->upage);
+
+      // TODO: Lock PTE of victim page for victim process.
+
+      size_t swap_slot = swap_out (victim->frame);
+      page_set_swap (victim->owner, victim->upage, swap_slot);
+
+      /* If zero flag is set, zero out the victim page. */
+      if (flags & PAL_ZERO)
+        memset (victim->frame, 0, PGSIZE);
+
+      /* 3. Indicate that the new frame's metadata will be stored
+            inside the same structure that stored the victim's metadata.
+            As both the new frame and the victim frame share the same kernel
+            virtual address, the hash map need not be updated, and neither
+            the list_elem value as both share the same lru_list position. */
+      frame_metadata = victim;
     }
 
-  struct frame_metadata *frame_metadata =
-    malloc (sizeof (struct frame_metadata));
-  frame_metadata->frame = frame;
+  /* If sufficient main memory allows the frame to be directly allocated,
+     we must update the frame table with a new entry, and grow lru_list. */
+  else
+    {
+      /* Must own lru_lock here, as otherwise there is a race condition
+         with next_victim either being NULL or uninitialized. */
+      frame_metadata = malloc (sizeof (struct frame_metadata));
+      frame_metadata->frame = frame;
 
-  /* Newly faulted pages begin at the head of the inactive list. */
-  lock_acquire (&inactive_head_lock);
-  list_push_front (&inactive_list, &frame_metadata->list_elem);
-  lock_release (&inactive_head_lock);
+      /* Newly allocated frames are pushed to the back of the circular queue
+         represented by lru_list. Must explicitly handle the case where the
+         circular queue is empty (when next_victim == NULL). */
+      if (next_victim == NULL)
+        {
+          list_push_back (&lru_list, &frame_metadata->list_elem);
+          next_victim = &frame_metadata->list_elem;
+        }
+      else
+        {
+          struct list_elem *lru_tail = lru_prev (next_victim);
+          list_insert (lru_tail, &frame_metadata->list_elem);
+        }
 
-  /* Finally, insert frame metadata within the frame table, with the key as its
-     allocated kernel address. */
-  hash_replace (&frame_table, &frame_metadata->hash_elem);
+      hash_insert (&frame_table, &frame_metadata->hash_elem);
+    }
 
-  return frame;
+  frame_metadata->upage = upage;
+  frame_metadata->owner = owner;
+  lock_release (&lru_lock);
+
+  return frame_metadata->frame;
 }
 
 /* Attempt to deallocate a frame for a user process by removing it from the
-   frame table as well as active/inactive list, and freeing the underlying
-   page memory. Panics if the frame isn't active in memory. */
+   frame table as well as lru_list, and freeing the underlying page
+   memory & metadata struct. Panics if the frame isn't active in memory. */
 void
 frame_free (void *frame)
   {
@@ -98,17 +159,58 @@ frame_free (void *frame)
 
     struct hash_elem *e =
       hash_delete (&frame_table, &key_metadata.hash_elem);
-    if (e == NULL) PANIC ("Attempted to free a frame without a corresponding "
-                          "kernel address!\n");
+    if (e == NULL) PANIC ("Attempted to free a frame at kernel address %p, "
+                          "but this address is not allocated!\n", frame);
 
     struct frame_metadata *frame_metadata =
       hash_entry (e, struct frame_metadata, hash_elem);
     
+    lock_acquire (&lru_lock);
     list_remove (&frame_metadata->list_elem);
+
+    /* If we're freeing the frame marked as the next victim, update
+       next_victim to either be the next least recently used page, or NULL
+       if no pages are loaded in main memory. */
+    if (&frame_metadata->list_elem == next_victim)
+      {
+        if (list_empty (&lru_list))
+          next_victim = NULL;
+        else
+          next_victim = lru_next (next_victim);
+      }
+    lock_release (&lru_lock);
+
     free (frame_metadata);
     palloc_free_page (frame);
   }
 
+/* TODO: Account for page aliases when checking accessed bit. */
+/* A pre-condition for calling this function is that the calling thread
+   owns lru_lock and that lru_list is non-empty. */
+static struct frame_metadata *
+get_victim (void)
+  {
+    struct list_elem *e = next_victim;
+    struct frame_metadata *frame_metadata;
+    uint32_t *pd;
+    void *upage;
+    for (;;)
+      {
+        frame_metadata = list_entry (e, struct frame_metadata, list_elem);
+        pd = frame_metadata->owner->pagedir;
+        upage = frame_metadata->upage;
+        e = lru_next (e);
+
+        if (!pagedir_is_accessed (pd, upage))
+          break;
+
+        pagedir_set_accessed (pd, upage, false);
+      }
+
+    next_victim = e;
+    return frame_metadata;
+  }
+
 /* Hash function for frame metadata, used for storing entries in the
    frame table. */
 unsigned
@@ -135,3 +237,26 @@ frame_metadata_less (const struct hash_elem *a_, const struct hash_elem *b_,
     return a->frame < b->frame;
   }
 
+/* Returns the next recently used element after the one provided, which
+   is achieved by iterating through lru_list like a circular queue
+   (wrapping around the list at the tail). */
+static struct list_elem *
+lru_next (struct list_elem *e)
+{
+  if (!list_empty (&lru_list) && e == list_back (&lru_list))
+    return list_front (&lru_list);
+
+  return list_next (e);
+}
+
+/* Returns the previous recently used element after the one provided, which
+   is achieved by iterating through lru_list like a circular queue
+   (wrapping around the list at the head). */
+static struct list_elem *
+lru_prev (struct list_elem *e)
+{
+  if (!list_empty (&lru_list) && e == list_front (&lru_list))
+    return list_back (&lru_list);
+
+  return list_prev (e);
+}

src/vm/frame.h

@@ -1,10 +1,11 @@
 #ifndef VM_FRAME_H
 #define VM_FRAME_H
 
+#include "threads/thread.h"
 #include "threads/palloc.h"
 
 void frame_init (void);
-void *frame_alloc (enum palloc_flags);
+void *frame_alloc (enum palloc_flags, void *, struct thread *);
 void frame_free (void *frame);
 
 #endif /* vm/frame.h */

src/vm/page.c

@@ -0,0 +1,158 @@
+#include "page.h"
+#include <string.h>
+#include <stdio.h>
+#include "filesys/file.h"
+#include "threads/pte.h"
+#include "threads/malloc.h"
+#include "threads/palloc.h"
+#include "userprog/process.h"
+#include "userprog/pagedir.h"
+#include "vm/frame.h"
+
+#define SWAP_FLAG_BIT 9
+#define ADDR_START_BIT 12
+
+/* Hashing function needed for the SPT table. Returns a hash for an entry,
+   based on its upage. */
+unsigned
+page_hash (const struct hash_elem *e, UNUSED void *aux)
+{
+  struct page_entry *page = hash_entry (e, struct page_entry, elem);
+  return hash_ptr (page->upage);
+}
+
+/* Comparator function for the SPT table. Compares two entries based on their
+   upages. */
+bool
+page_less (const struct hash_elem *a_, const struct hash_elem *b_,
+           void *aux UNUSED)
+{
+  const struct page_entry *a = hash_entry (a_, struct page_entry, elem);
+  const struct page_entry *b = hash_entry (b_, struct page_entry, elem);
+
+  return a->upage < b->upage;
+}
+
+/* Allocate and insert a new page entry into the thread's page table. */
+struct page_entry *
+page_insert (struct file *file, off_t ofs, void *upage, uint32_t read_bytes,
+             uint32_t zero_bytes, bool writable, enum page_type type)
+{
+  struct page_entry *page = malloc(sizeof (struct page_entry));
+  if (page == NULL)
+    return NULL;
+
+  page->file = file;
+  page->offset = ofs;
+  page->upage = upage;
+  page->read_bytes = read_bytes;
+  page->zero_bytes = zero_bytes;
+  page->writable = writable;
+  page->type = type;
+
+  hash_insert (&thread_current ()->pages, &page->elem);
+  return page;
+}
+
+/* Gets a page_entry from the starting address of the page. Returns NULL if no
+   such page_entry exists in the hash map.*/
+struct page_entry *
+page_get (void *upage)
+{
+  struct page_entry fake_page_entry;
+  fake_page_entry.upage = upage;
+
+  struct hash_elem *e
+    = hash_find (&thread_current ()->pages, &fake_page_entry.elem);
+
+  if (e == NULL)
+      return NULL;
+
+  return hash_entry (e, struct page_entry, elem);
+}
+
+bool
+page_load (struct page_entry *page, bool writable)
+{
+  /* Allocate a frame for the page. If a frame allocation fails, then
+     frame_alloc should try to evict a page. If it is still NULL, the OS
+     panics as this should not happen if eviction is working correctly. */
+  struct thread *t = thread_current ();
+  void *frame = frame_alloc (0, page->upage, t);
+  pagedir_set_accessed (t->pagedir, page->upage, true);
+  if (frame == NULL)
+    PANIC ("Could not allocate a frame to load page into memory.");
+
+  /* Map the page to the frame. */
+  if (!install_page (page->upage, frame, writable))
+    {
+      frame_free (frame);
+      return false;
+    }
+
+  /* Move the file pointer to the correct location in the file. Then, read the
+     data from the file into the frame. Checks that we were able to read the
+     expected number of bytes. */
+  file_seek (page->file, page->offset);
+  if (file_read (page->file, frame, page->read_bytes) != (int) page->read_bytes)
+  {
+    frame_free (frame);
+    return false;
+  }
+
+  /* Zero out the remaining bytes in the frame. */
+  memset (frame + page->read_bytes, 0, page->zero_bytes);
+
+  /* Mark the page as loaded successfully. */
+  return true;
+}
+
+/* Function to clean up a page_entry. Given the elem of that page_entry, frees
+   the page_entry itself. */
+void
+page_cleanup (struct hash_elem *e, void *aux UNUSED)
+{
+  free (hash_entry (e, struct page_entry, elem));
+}
+
+/* Updates the 'owner' thread's page table entry for virtual address 'upage'
+   to flag the page as being stored in swap, and stores the specified swap slot
+   value in the entry at the address bits for later retrieval from disk. */
+void
+page_set_swap (struct thread *owner, void *upage, size_t swap_slot)
+{
+  uint32_t *pte = lookup_page (owner->pagedir, upage, false);
+
+  /* Store the provided swap slot in the address bits of the page table
+     entry, truncating excess bits. */
+  *pte |= (1 << SWAP_FLAG_BIT);
+  uint32_t swap_slot_bits = (swap_slot << ADDR_START_BIT) & PTE_ADDR;
+  *pte = (*pte & PTE_FLAGS) | swap_slot_bits;
+
+  invalidate_pagedir (owner->pagedir);
+}
+
+/* Returns true iff the page with user address 'upage' owned by 'owner' 
+   is flagged to be in the swap disk via the owner's page table. */
+bool
+page_in_swap (struct thread *owner, void *upage)
+{
+   uint32_t *pte = lookup_page (owner->pagedir, upage, false);
+   return pte != NULL &&
+          (*pte & (1 << SWAP_FLAG_BIT)) != 0;
+}
+
+/* Given that the page with user address 'upage' owned by 'owner' is flagged
+   to be in the swap disk via the owner's page table, returns its stored
+   swap slot. Otherwise panics the kernel. */
+size_t
+page_get_swap (struct thread *owner, void *upage)
+{
+   uint32_t *pte = lookup_page (owner->pagedir, upage, false);
+
+   ASSERT (pte != NULL);
+   ASSERT ((*pte & PTE_P) == 0);
+
+   /* Masks the address bits and returns truncated value. */
+   return ((*pte & PTE_ADDR) >> ADDR_START_BIT);
+}

src/vm/page.h

@@ -0,0 +1,39 @@
+#ifndef VM_PAGE_H
+#define VM_PAGE_H
+
+#include "threads/thread.h"
+#include "filesys/off_t.h"
+
+enum page_type {
+  PAGE_EXECUTABLE,
+  PAGE_EMPTY
+};
+
+struct page_entry {
+  enum page_type type; /* Type of Data that should go into the page */
+  void *upage;         /* Start Address of the User Page (Key of hash table). */
+
+  /* File Data */
+  struct file *file;   /* Pointer to the file for executables. */
+  off_t offset;        /* Offset of the page content within the file. */
+  uint32_t read_bytes; /* Number of bytes to read within the page. */
+  uint32_t zero_bytes; /* Number of bytes to zero within the page. */
+  bool writable;       /* Flag for whether this page is writable or not. */
+
+  struct hash_elem elem; /* An elem for the hash table. */
+};
+
+unsigned page_hash (const struct hash_elem *e, void *aux);
+bool page_less (const struct hash_elem *a_, const struct hash_elem *b_,
+                void *aux);
+struct page_entry *page_insert (struct file *file, off_t ofs, void *upage,
+                                uint32_t read_bytes, uint32_t zero_bytes,
+                                bool writable, enum page_type type);
+struct page_entry *page_get (void *upage);
+bool page_load (struct page_entry *page, bool writable);
+void page_cleanup (struct hash_elem *e, void *aux);
+void page_set_swap (struct thread *, void *, size_t);
+bool page_in_swap (struct thread *, void *);
+size_t page_get_swap (struct thread *, void *);
+
+#endif /* vm/frame.h */

src/vm/stackgrowth.c

@@ -0,0 +1,59 @@
+#include <stdio.h>
+#include "stackgrowth.h"
+#include "frame.h"
+#include "threads/palloc.h"
+#include "threads/thread.h"
+#include "threads/vaddr.h"
+#include "userprog/pagedir.h"
+
+#define MAX_STACK_ACCESS_DIST 32
+
+static bool is_stack_fault (const void *addr, const void *esp);
+static bool grow_stack (const void *addr);
+
+/* Determine whether a particular page fault occured due to a stack
+   access below the stack pointer that should induce stack growth, and
+   if so grow the stack by a single page (capped at MAX_STACK_SIZE). */
+bool
+handle_stack_fault (const void *ptr, const void *esp)
+{
+  return is_stack_fault (ptr, esp) && grow_stack (ptr);
+}
+
+/* Determines whether a particular page fault appears to be caused by
+   a stack access that should induce dynamic stack growth. Stack size
+   is capped at MAX_STACK_SIZE. */
+static bool
+is_stack_fault (const void *addr, const void *esp)
+{
+  return ((uint32_t*)addr >= ((uint32_t*)esp - MAX_STACK_ACCESS_DIST) &&
+          ((PHYS_BASE - pg_round_down (addr)) <= MAX_STACK_SIZE));
+}
+
+/* Grows the stack of the process running inside the current thread by a single
+   page given a user virtual address inside of the page wherein the new section
+   of the stack should be allocated. */
+static bool
+grow_stack (const void *addr)
+{
+  struct thread *t = thread_current ();
+  void *last_page = pg_round_down (addr);
+
+  /* This function should only be called when dealing with a faulting stack
+     access that induces stack growth, so the provided address shouldn't be
+     present in a page within the current thread's page directory. */
+  ASSERT (pagedir_get_page (t->pagedir, last_page) == NULL);
+
+  uint8_t *new_page = frame_alloc (PAL_ZERO, last_page, t);
+  if (new_page == NULL)
+    return false;
+
+  if (!pagedir_set_page (t->pagedir, last_page, new_page, true))
+  {
+    frame_free (new_page);
+    return false;
+  }
+
+  return true;
+}
+

src/vm/stackgrowth.h

@@ -0,0 +1,10 @@
+#ifndef VM_GROWSTACK_H
+#define VM_GROWSTACK_H
+
+#include <stdio.h>
+
+#define MAX_STACK_SIZE 8388608 // (8MB)
+
+bool handle_stack_fault (const void *ptr, const void *esp);
+
+#endif /* vm/frame.h */