[pintos-anon] / solutions / p3.patch

diff --git a/src/Makefile.build b/src/Makefile.build
index e997d27..1057023 100644
--- a/src/Makefile.build
+++ b/src/Makefile.build
@@ -62,7 +62,9 @@ userprog_SRC += userprog/gdt.c                # GDT initialization.
 userprog_SRC += userprog/tss.c         # TSS management.
 
 # No virtual memory code yet.
-#vm_SRC = vm/file.c                    # Some file.
+vm_SRC = vm/page.c
+vm_SRC += vm/frame.c
+vm_SRC += vm/swap.c
 
 # Filesystem code.
 filesys_SRC  = filesys/filesys.c       # Filesystem core.
diff --git a/src/devices/timer.c b/src/devices/timer.c
index 1aebae7..4b920e9 100644
--- a/src/devices/timer.c
+++ b/src/devices/timer.c
@@ -206,7 +206,6 @@ timer_interrupt (struct intr_frame *args UNUSED)
       if (ticks < t->wakeup_time) 
         break;
       sema_up (&t->timer_sema);
-      thread_yield_to_higher_priority ();
       list_pop_front (&wait_list);
     }
 }
diff --git a/src/threads/fixed-point.h b/src/threads/fixed-point.h
deleted file mode 100644
index ca88f97..0000000
--- a/src/threads/fixed-point.h
+++ /dev/null
@@ -1,120 +0,0 @@
-#ifndef THREADS_FIXED_POINT_H
-#define THREADS_FIXED_POINT_H
-
-#include <debug.h>
-
-/* Parameters. */
-#define FIX_BITS 32             /* Total bits per fixed-point number. */
-#define FIX_P 16                /* Number of integer bits. */
-#define FIX_Q 16                /* Number of fractional bits. */
-#define FIX_F (1 << FIX_Q)      /* pow(2, FIX_Q). */
-
-#define FIX_MIN_INT (-FIX_MAX_INT)      /* Smallest representable integer. */
-#define FIX_MAX_INT ((1 << FIX_P) - 1)  /* Largest representable integer. */
-
-/* A fixed-point number. */
-typedef struct 
-  {
-    int f;
-  }
-fixed_point_t;
-
-/* Returns a fixed-point number with F as its internal value. */
-static inline fixed_point_t
-__mk_fix (int f) 
-{
-  fixed_point_t x;
-  x.f = f;
-  return x;
-}
-
-/* Returns fixed-point number corresponding to integer N. */
-static inline fixed_point_t
-fix_int (int n) 
-{
-  ASSERT (n >= FIX_MIN_INT && n <= FIX_MAX_INT);
-  return __mk_fix (n * FIX_F);
-}
-
-/* Returns fixed-point number corresponding to N divided by D. */
-static inline fixed_point_t
-fix_frac (int n, int d) 
-{
-  ASSERT (d != 0);
-  ASSERT (n / d >= FIX_MIN_INT && n / d <= FIX_MAX_INT);
-  return __mk_fix ((long long) n * FIX_F / d);
-}
-
-/* Returns X rounded to the nearest integer. */
-static inline int
-fix_round (fixed_point_t x) 
-{
-  return (x.f + FIX_F / 2) / FIX_F;
-}
-
-/* Returns X truncated down to the nearest integer. */
-static inline int
-fix_trunc (fixed_point_t x) 
-{
-  return x.f / FIX_F;
-}
-
-/* Returns X + Y. */
-static inline fixed_point_t
-fix_add (fixed_point_t x, fixed_point_t y) 
-{
-  return __mk_fix (x.f + y.f);
-}
-
-/* Returns X - Y. */
-static inline fixed_point_t
-fix_sub (fixed_point_t x, fixed_point_t y) 
-{
-  return __mk_fix (x.f - y.f);
-}
-
-/* Returns X * Y. */
-static inline fixed_point_t
-fix_mul (fixed_point_t x, fixed_point_t y) 
-{
-  return __mk_fix ((long long) x.f * y.f / FIX_F);
-}
-
-/* Returns X * N. */
-static inline fixed_point_t
-fix_scale (fixed_point_t x, int n) 
-{
-  ASSERT (n >= 0);
-  return __mk_fix (x.f * n);
-}
-
-/* Returns X / Y. */
-static inline fixed_point_t
-fix_div (fixed_point_t x, fixed_point_t y) 
-{
-  return __mk_fix ((long long) x.f * FIX_F / y.f);
-}
-
-/* Returns X / N. */
-static inline fixed_point_t
-fix_unscale (fixed_point_t x, int n) 
-{
-  ASSERT (n > 0);
-  return __mk_fix (x.f / n);
-}
-
-/* Returns 1 / X. */
-static inline fixed_point_t
-fix_inv (fixed_point_t x) 
-{
-  return fix_div (fix_int (1), x);
-}
-
-/* Returns -1 if X < Y, 0 if X == Y, 1 if X > Y. */
-static inline int
-fix_compare (fixed_point_t x, fixed_point_t y) 
-{
-  return x.f < y.f ? -1 : x.f > y.f;
-}
-
-#endif /* threads/fixed-point.h */
diff --git a/src/threads/init.c b/src/threads/init.c
index cebec2c..9729de7 100644
--- a/src/threads/init.c
+++ b/src/threads/init.c
@@ -37,6 +37,8 @@
 #include "filesys/filesys.h"
 #include "filesys/fsutil.h"
 #endif
+#include "vm/frame.h"
+#include "vm/swap.h"
 
 /* Page directory with kernel mappings only. */
 uint32_t *init_page_dir;
@@ -127,6 +129,9 @@ main (void)
   filesys_init (format_filesys);
 #endif
 
+  frame_init ();
+  swap_init ();
+
   printf ("Boot complete.\n");
   
   /* Run actions specified on kernel command line. */
diff --git a/src/threads/interrupt.c b/src/threads/interrupt.c
index e3b90dc..f897882 100644
--- a/src/threads/interrupt.c
+++ b/src/threads/interrupt.c
@@ -360,6 +360,8 @@ intr_handler (struct intr_frame *frame)
       in_external_intr = true;
       yield_on_return = false;
     }
+  else 
+    thread_current ()->user_esp = frame->esp;
 
   /* Invoke the interrupt's handler. */
   handler = intr_handlers[frame->vec_no];
diff --git a/src/threads/synch.c b/src/threads/synch.c
index 53197bb..317c68a 100644
--- a/src/threads/synch.c
+++ b/src/threads/synch.c
@@ -113,28 +113,10 @@ sema_up (struct semaphore *sema)
   ASSERT (sema != NULL);
 
   old_level = intr_disable ();
-  sema->value++;
   if (!list_empty (&sema->waiters)) 
-    {
-      /* Find highest-priority waiting thread. */
-      struct thread *max = list_entry (list_max (&sema->waiters,
-                                                 thread_lower_priority, NULL),
-                                       struct thread, elem);
-
-      /* Remove `max' from wait list and unblock. */
-      list_remove (&max->elem);
-      thread_unblock (max);
-
-      /* Yield to a higher-priority thread, if we're running in a
-         context where it makes sense to do so.
-         
-         Kind of a funny interaction with donation here.
-         We only support donation for locks, and locks turn off
-         interrupts before calling us, so we automatically don't
-         do the yield here, delegating to lock_release(). */
-      if (!intr_context () && old_level == INTR_ON)
-        thread_yield_to_higher_priority ();
-    }
+    thread_unblock (list_entry (list_pop_front (&sema->waiters),
+                                struct thread, elem));
+  sema->value++;
   intr_set_level (old_level);
 }
 
@@ -210,33 +192,12 @@ lock_init (struct lock *lock)
 void
 lock_acquire (struct lock *lock)
 {
-  enum intr_level old_level;
-
   ASSERT (lock != NULL);
   ASSERT (!intr_context ());
   ASSERT (!lock_held_by_current_thread (lock));
 
-  old_level = intr_disable ();
-
-  if (lock->holder != NULL) 
-    {
-      /* Donate our priority to the thread holding the lock.
-         First, update the data structures. */
-      struct thread *donor = thread_current ();
-      donor->want_lock = lock;
-      donor->donee = lock->holder;
-      list_push_back (&lock->holder->donors, &donor->donor_elem);
-      
-      /* Now implement the priority donation itself
-         by recomputing the donee's priority
-         and cascading the donation as far as necessary. */
-      if (donor->donee != NULL)
-        thread_recompute_priority (donor->donee);
-    }
-
   sema_down (&lock->semaphore);
   lock->holder = thread_current ();
-  intr_set_level (old_level);
 }
 
 /* Tries to acquires LOCK and returns true if successful or false
@@ -267,39 +228,11 @@ lock_try_acquire (struct lock *lock)
 void
 lock_release (struct lock *lock) 
 {
-  enum intr_level old_level;
-  struct thread *t = thread_current ();
-  struct list_elem *e;
-
   ASSERT (lock != NULL);
   ASSERT (lock_held_by_current_thread (lock));
 
-  old_level = intr_disable ();
-
-  /* Return donations to threads that want this lock. */
-  for (e = list_begin (&t->donors); e != list_end (&t->donors); ) 
-    {
-      struct thread *donor = list_entry (e, struct thread, donor_elem);
-      if (donor->want_lock == lock) 
-        {
-          donor->donee = NULL;
-          e = list_remove (e);
-        }
-      else
-        e = list_next (e);
-    }
-
-  /* Release lock. */
   lock->holder = NULL;
   sema_up (&lock->semaphore);
-
-  /* Recompute our priority based on our remaining donations,
-     then yield to a higher-priority ready thread if one now
-     exists. */
-  thread_recompute_priority (t);
-  thread_yield_to_higher_priority ();
-
-  intr_set_level (old_level);
 }
 
 /* Returns true if the current thread holds LOCK, false
@@ -318,7 +251,6 @@ struct semaphore_elem
   {
     struct list_elem elem;              /* List element. */
     struct semaphore semaphore;         /* This semaphore. */
-    struct thread *thread;              /* Thread. */
   };
 
 /* Initializes condition variable COND.  A condition variable
@@ -363,26 +295,12 @@ cond_wait (struct condition *cond, struct lock *lock)
   ASSERT (lock_held_by_current_thread (lock));
   
   sema_init (&waiter.semaphore, 0);
-  waiter.thread = thread_current ();
   list_push_back (&cond->waiters, &waiter.elem);
   lock_release (lock);
   sema_down (&waiter.semaphore);
   lock_acquire (lock);
 }
 
-static bool
-semaphore_elem_lower_priority (const struct list_elem *a_,
-                               const struct list_elem *b_,
-                               void *aux UNUSED) 
-{
-  const struct semaphore_elem *a
-    = list_entry (a_, struct semaphore_elem, elem);
-  const struct semaphore_elem *b
-    = list_entry (b_, struct semaphore_elem, elem);
-
-  return a->thread->priority < b->thread->priority;
-}
-
 /* If any threads are waiting on COND (protected by LOCK), then
    this function signals one of them to wake up from its wait.
    LOCK must be held before calling this function.
@@ -399,12 +317,8 @@ cond_signal (struct condition *cond, struct lock *lock UNUSED)
   ASSERT (lock_held_by_current_thread (lock));
 
   if (!list_empty (&cond->waiters)) 
-    {
-      struct list_elem *max
-        = list_max (&cond->waiters, semaphore_elem_lower_priority, NULL);
-      list_remove (max);
-      sema_up (&list_entry (max, struct semaphore_elem, elem)->semaphore); 
-    }
+    sema_up (&list_entry (list_pop_front (&cond->waiters),
+                          struct semaphore_elem, elem)->semaphore);
 }
 
 /* Wakes up all threads, if any, waiting on COND (protected by
diff --git a/src/threads/thread.c b/src/threads/thread.c
index 9fa7f1c..f9f2310 100644
--- a/src/threads/thread.c
+++ b/src/threads/thread.c
@@ -5,13 +5,11 @@
 #include <stdio.h>
 #include <string.h>
 #include "threads/flags.h"
-#include "threads/init.h"
 #include "threads/interrupt.h"
 #include "threads/intr-stubs.h"
 #include "threads/palloc.h"
 #include "threads/switch.h"
 #include "threads/synch.h"
-#include "devices/timer.h"
 #include "threads/vaddr.h"
 #ifdef USERPROG
 #include "userprog/process.h"
@@ -56,7 +54,6 @@ static long long user_ticks;    /* # of timer ticks in user programs. */
 /* Scheduling. */
 #define TIME_SLICE 4            /* # of timer ticks to give each thread. */
 static unsigned thread_ticks;   /* # of timer ticks since last yield. */
-static fixed_point_t load_avg;  /* Load average. */
 
 /* If false (default), use round-robin scheduler.
    If true, use multi-level feedback queue scheduler.
@@ -68,7 +65,8 @@ static void kernel_thread (thread_func *, void *aux);
 static void idle (void *aux UNUSED);
 static struct thread *running_thread (void);
 static struct thread *next_thread_to_run (void);
-static void init_thread (struct thread *, const char *name, int priority);
+static void init_thread (struct thread *, const char *name, int priority,
+                         tid_t);
 static bool is_thread (struct thread *) UNUSED;
 static void *alloc_frame (struct thread *, size_t size);
 static void schedule (void);
@@ -96,13 +94,11 @@ thread_init (void)
   lock_init (&tid_lock);
   list_init (&ready_list);
   list_init (&all_list);
-  load_avg = fix_int (0);
 
   /* Set up a thread structure for the running thread. */
   initial_thread = running_thread ();
-  init_thread (initial_thread, "main", PRI_DEFAULT);
+  init_thread (initial_thread, "main", PRI_DEFAULT, 0);
   initial_thread->status = THREAD_RUNNING;
-  initial_thread->tid = allocate_tid ();
 }
 
 /* Starts preemptive thread scheduling by enabling interrupts.
@@ -122,18 +118,6 @@ thread_start (void)
   sema_down (&idle_started);
 }
 
-/* Adjust recent CPU of a thread based on load factor
-   and recompute its priority. */
-static void
-adjust_recent_cpu (struct thread *t, void *aux)
-{
-  fixed_point_t load_factor = *(fixed_point_t *)aux;
-
-  t->recent_cpu = fix_add (fix_mul (load_factor, t->recent_cpu),
-                           fix_int (t->nice));
-  thread_recompute_priority (t);
-}
-
 /* Called by the timer interrupt handler at each timer tick.
    Thus, this function runs in an external interrupt context. */
 void
@@ -151,41 +135,9 @@ thread_tick (void)
   else
     kernel_ticks++;
 
-  if (thread_mlfqs) 
-    {
-      /* Update load average. */
-      if (timer_ticks () % TIMER_FREQ == 0) 
-        {
-          size_t ready_threads = list_size (&ready_list);
-          if (t != idle_thread)
-            ready_threads++;
-
-          load_avg = fix_add (fix_mul (fix_frac (59, 60), load_avg),
-                              fix_mul (fix_frac (1, 60), fix_int (ready_threads)));
-        }
-
-      /* Increment running process's recent_cpu. */
-      if (t != idle_thread)
-        t->recent_cpu = fix_add (t->recent_cpu, fix_int (1));
-
-      /* Update recent_cpu and thread priorities once per second. */
-      if (timer_ticks () % TIMER_FREQ == 0) 
-        {
-          fixed_point_t twice_load = fix_scale (load_avg, 2);
-          fixed_point_t twice_load_plus_1 = fix_add (twice_load, fix_int (1));
-          fixed_point_t load_factor = fix_div (twice_load, twice_load_plus_1);
-
-          thread_foreach (adjust_recent_cpu, &load_factor);
-        }
-    }
-
-  /* Switch threads if time slice has expired. */
-  if (++thread_ticks >= TIME_SLICE) 
-    {
-      if (thread_mlfqs)
-        thread_recompute_priority (thread_current ());
-      intr_yield_on_return (); 
-    }
+  /* Enforce preemption. */
+  if (++thread_ticks >= TIME_SLICE)
+    intr_yield_on_return ();
 }
 
 /* Prints thread statistics. */
@@ -215,7 +167,6 @@ tid_t
 thread_create (const char *name, int priority,
                thread_func *function, void *aux) 
 {
-  struct thread *cur = thread_current ();
   struct thread *t;
   struct kernel_thread_frame *kf;
   struct switch_entry_frame *ef;
@@ -230,10 +181,8 @@ thread_create (const char *name, int priority,
     return TID_ERROR;
 
   /* Initialize thread. */
-  init_thread (t, name, thread_mlfqs ? cur->priority : priority);
-  tid = t->tid = allocate_tid ();
-  t->nice = cur->nice;
-  t->recent_cpu = cur->recent_cpu;
+  init_thread (t, name, priority, allocate_tid ());
+  tid = t->tid;
 
   /* Stack frame for kernel_thread(). */
   kf = alloc_frame (t, sizeof *kf);
@@ -252,8 +201,6 @@ thread_create (const char *name, int priority,
 
   /* Add to run queue. */
   thread_unblock (t);
-  if (priority > thread_get_priority ())
-    thread_yield ();
 
   return tid;
 }
@@ -274,19 +221,6 @@ thread_block (void)
   schedule ();
 }
 
-/* Returns true if A has lower priority than B,
-   within a list of threads. */
-bool
-thread_lower_priority (const struct list_elem *a_,
-                        const struct list_elem *b_,
-                        void *aux UNUSED) 
-{
-  const struct thread *a = list_entry (a_, struct thread, elem);
-  const struct thread *b = list_entry (b_, struct thread, elem);
-
-  return a->priority < b->priority;
-}
-
 /* Transitions a blocked thread T to the ready-to-run state.
    This is an error if T is not blocked.  (Use thread_yield() to
    make the running thread ready.)
@@ -349,11 +283,11 @@ thread_exit (void)
 {
   ASSERT (!intr_context ());
 
+  syscall_exit ();
 #ifdef USERPROG
   process_exit ();
 #endif
-  syscall_exit ();
-  
+
   /* Remove thread from all threads list, set our status to dying,
      and schedule another process.  That process will destroy us
      when it calls thread_schedule_tail(). */
@@ -399,26 +333,11 @@ thread_foreach (thread_action_func *func, void *aux)
     }
 }
 
-static void
-recompute_priority_chain (void) 
-{
-  enum intr_level old_level = intr_disable ();
-  thread_recompute_priority (thread_current ());
-  thread_yield_to_higher_priority ();
-  intr_set_level (old_level);
-}
-
-/* Sets the current thread's priority to PRIORITY. */
+/* Sets the current thread's priority to NEW_PRIORITY. */
 void
-thread_set_priority (int priority) 
+thread_set_priority (int new_priority) 
 {
-  if (!thread_mlfqs) 
-    {
-      struct thread *t = thread_current ();
-
-      t->normal_priority = priority;
-      recompute_priority_chain ();
-    }
+  thread_current ()->priority = new_priority;
 }
 
 /* Returns the current thread's priority. */
@@ -430,98 +349,33 @@ thread_get_priority (void)
 
 /* Sets the current thread's nice value to NICE. */
 void
-thread_set_nice (int nice) 
+thread_set_nice (int nice UNUSED) 
 {
-  thread_current ()->nice = nice;
-  recompute_priority_chain ();
+  /* Not yet implemented. */
 }
 
 /* Returns the current thread's nice value. */
 int
 thread_get_nice (void) 
 {
-  return thread_current ()->nice;
+  /* Not yet implemented. */
+  return 0;
 }
 
+/* Returns 100 times the system load average. */
 int
 thread_get_load_avg (void) 
 {
-  int load_avg_int;
-  enum intr_level level = intr_disable ();
-  load_avg_int = fix_round (fix_scale (load_avg, 100));
-  intr_set_level (level);
-  return load_avg_int;
+  /* Not yet implemented. */
+  return 0;
 }
 
+/* Returns 100 times the current thread's recent_cpu value. */
 int
 thread_get_recent_cpu (void) 
 {
-  int recent_cpu_int;
-  enum intr_level level = intr_disable ();
-  recent_cpu_int = fix_round (fix_scale (thread_current ()->recent_cpu, 100));
-  intr_set_level (level);
-  return recent_cpu_int;
-}
-
-/* Returns true if thread A has lower priority than thread B,
-   within a list of donors. */
-static bool
-donated_lower_priority (const struct list_elem *a_,
-                        const struct list_elem *b_,
-                        void *aux UNUSED) 
-{
-  const struct thread *a = list_entry (a_, struct thread, donor_elem);
-  const struct thread *b = list_entry (b_, struct thread, donor_elem);
-
-  return a->priority < b->priority;
-}
-
-/* Recomputes T's priority in terms of its normal priority and
-   its donors' priorities, if any,
-   and cascades the donation as necessary. */
-void
-thread_recompute_priority (struct thread *t) 
-{
-  int old_priority = t->priority;
-  int default_priority = t->normal_priority;
-  int donation = PRI_MIN;
-  if (thread_mlfqs) 
-    {
-      default_priority = PRI_MAX - fix_round (t->recent_cpu) / 4 - t->nice * 2;
-      if (default_priority < PRI_MIN)
-        default_priority = PRI_MIN;
-      else if (default_priority > PRI_MAX)
-        default_priority = PRI_MAX; 
-    }
-  if (!list_empty (&t->donors))
-    donation = list_entry (list_max (&t->donors, donated_lower_priority, NULL),
-                           struct thread, donor_elem)->priority;
-  t->priority = donation > default_priority ? donation : default_priority;
-  if (t->priority > old_priority && t->donee != NULL)
-    thread_recompute_priority (t->donee);
-}
-
-/* If the ready list contains a thread with a higher priority,
-   yields to it. */
-void
-thread_yield_to_higher_priority (void)
-{
-  enum intr_level old_level = intr_disable ();
-  if (!list_empty (&ready_list)) 
-    {
-      struct thread *cur = thread_current ();
-      struct thread *max = list_entry (list_max (&ready_list,
-                                                 thread_lower_priority, NULL),
-                                       struct thread, elem);
-      if (max->priority > cur->priority)
-        {
-          if (intr_context ())
-            intr_yield_on_return ();
-          else
-            thread_yield (); 
-        }
-    }
-  intr_set_level (old_level);
+  /* Not yet implemented. */
+  return 0;
 }
 \f
 /* Idle thread.  Executes when no other thread is ready to run.
@@ -597,7 +451,7 @@ is_thread (struct thread *t)
 /* Does basic initialization of T as a blocked thread named
    NAME. */
 static void
-init_thread (struct thread *t, const char *name, int priority)
+init_thread (struct thread *t, const char *name, int priority, tid_t tid)
 {
   enum intr_level old_level;
 
@@ -606,17 +460,22 @@ init_thread (struct thread *t, const char *name, int priority)
   ASSERT (name != NULL);
 
   memset (t, 0, sizeof *t);
+  t->tid = tid;
   t->status = THREAD_BLOCKED;
   strlcpy (t->name, name, sizeof t->name);
   t->stack = (uint8_t *) t + PGSIZE;
-  t->priority = t->normal_priority = priority;
-  list_init (&t->children);
+  t->priority = priority;
+  t->exit_code = -1;
   t->wait_status = NULL;
+  list_init (&t->children);
+  sema_init (&t->timer_sema, 0);
+  t->pagedir = NULL;
+  t->pages = NULL;
+  t->bin_file = NULL;
   list_init (&t->fds);
+  list_init (&t->mappings);
   t->next_handle = 2;
   t->magic = THREAD_MAGIC;
-  sema_init (&t->timer_sema, 0);
-  list_init (&t->donors);
   old_level = intr_disable ();
   list_push_back (&all_list, &t->allelem);
   intr_set_level (old_level);
@@ -645,14 +504,8 @@ next_thread_to_run (void)
 {
   if (list_empty (&ready_list))
     return idle_thread;
-  else 
-    {
-      struct thread *max
-        = list_entry (list_max (&ready_list, thread_lower_priority, NULL),
-                      struct thread, elem);
-      list_remove (&max->elem);
-      return max;
-    }
+  else
+    return list_entry (list_pop_front (&ready_list), struct thread, elem);
 }
 
 /* Completes a thread switch by activating the new thread's page
diff --git a/src/threads/thread.h b/src/threads/thread.h
index 2c85d88..b9e7b0c 100644
--- a/src/threads/thread.h
+++ b/src/threads/thread.h
@@ -2,10 +2,10 @@
 #define THREADS_THREAD_H
 
 #include <debug.h>
+#include <hash.h>
 #include <list.h>
 #include <stdint.h>
 #include "threads/synch.h"
-#include "threads/fixed-point.h"
 
 /* States in a thread's life cycle. */
 enum thread_status
@@ -89,19 +89,11 @@ struct thread
     enum thread_status status;          /* Thread state. */
     char name[16];                      /* Name (for debugging purposes). */
     uint8_t *stack;                     /* Saved stack pointer. */
-
-    /* Scheduler data. */
-    int priority;                       /* Priority, including donations. */
-    int normal_priority;                /* Priority, without donations. */
-    struct list donors;                 /* Threads donating priority to us. */
-    struct list_elem donor_elem;        /* Element in donors list. */
-    struct thread *donee;               /* Thread we're donating to. */
-    struct lock *want_lock;             /* Lock we're waiting to acquire. */
-    int nice;                           /* Niceness. */
-    fixed_point_t recent_cpu;           /* Recent amount of CPU time. */    
+    int priority;                       /* Priority. */
     struct list_elem allelem;           /* List element for all threads list. */
 
     /* Owned by process.c. */
+    int exit_code;                      /* Exit code. */
     struct wait_status *wait_status;    /* This process's completion status. */
     struct list children;               /* Completion status of children. */
 
@@ -110,18 +102,19 @@ struct thread
 
     /* Alarm clock. */
     int64_t wakeup_time;                /* Time to wake this thread up. */
-    struct list_elem timer_elem;        /* Element in wait_list. */
+    struct list_elem timer_elem;        /* Element in timer_wait_list. */
     struct semaphore timer_sema;        /* Semaphore. */
- 
-#ifdef USERPROG
+
     /* Owned by userprog/process.c. */
     uint32_t *pagedir;                  /* Page directory. */
-#endif
-    struct file *bin_file;              /* Executable. */
+    struct hash *pages;                 /* Page table. */
+    struct file *bin_file;              /* The binary executable. */
 
     /* Owned by syscall.c. */
     struct list fds;                    /* List of file descriptors. */
+    struct list mappings;               /* Memory-mapped files. */
     int next_handle;                    /* Next handle value. */
+    void *user_esp;                     /* User's stack pointer. */
 
     /* Owned by thread.c. */
     unsigned magic;                     /* Detects stack overflow. */
@@ -165,10 +158,6 @@ const char *thread_name (void);
 
 void thread_exit (void) NO_RETURN;
 void thread_yield (void);
-void thread_yield_to_higher_priority (void);
-void thread_recompute_priority (struct thread *);
-bool thread_lower_priority (const struct list_elem *, const struct list_elem *,
-                            void *aux);
 
 /* Performs some operation on thread t, given auxiliary data AUX. */
 typedef void thread_action_func (struct thread *t, void *aux);
diff --git a/src/userprog/exception.c b/src/userprog/exception.c
index 3682478..9cfcf93 100644
--- a/src/userprog/exception.c
+++ b/src/userprog/exception.c
@@ -4,6 +4,7 @@
 #include "userprog/gdt.h"
 #include "threads/interrupt.h"
 #include "threads/thread.h"
+#include "vm/page.h"
 
 /* Number of page faults processed. */
 static long long page_fault_cnt;
@@ -148,17 +149,14 @@ page_fault (struct intr_frame *f)
   write = (f->error_code & PF_W) != 0;
   user = (f->error_code & PF_U) != 0;
 
-  /* Handle bad dereferences from system call implementations. */
-  if (!user) 
+  /* Allow the pager to try to handle it. */
+  if (user && not_present)
     {
-      f->eip = (void (*) (void)) f->eax;
-      f->eax = 0;
+      if (!page_in (fault_addr))
+        thread_exit ();
       return;
     }
 
-  /* To implement virtual memory, delete the rest of the function
-     body, and replace it with code that brings in the page to
-     which fault_addr refers. */
   printf ("Page fault at %p: %s error %s page in %s context.\n",
           fault_addr,
           not_present ? "not present" : "rights violation",
diff --git a/src/userprog/pagedir.c b/src/userprog/pagedir.c
index a6a87b8..eed41b5 100644
--- a/src/userprog/pagedir.c
+++ b/src/userprog/pagedir.c
@@ -35,15 +35,7 @@ pagedir_destroy (uint32_t *pd)
   ASSERT (pd != init_page_dir);
   for (pde = pd; pde < pd + pd_no (PHYS_BASE); pde++)
     if (*pde & PTE_P) 
-      {
-        uint32_t *pt = pde_get_pt (*pde);
-        uint32_t *pte;
-        
-        for (pte = pt; pte < pt + PGSIZE / sizeof *pte; pte++)
-          if (*pte & PTE_P) 
-            palloc_free_page (pte_get_page (*pte));
-        palloc_free_page (pt);
-      }
+      palloc_free_page (pde_get_pt (*pde));
   palloc_free_page (pd);
 }
 
diff --git a/src/userprog/process.c b/src/userprog/process.c
index 06ff27e..7a15814 100644
--- a/src/userprog/process.c
+++ b/src/userprog/process.c
@@ -18,6 +18,8 @@
 #include "threads/palloc.h"
 #include "threads/thread.h"
 #include "threads/vaddr.h"
+#include "vm/page.h"
+#include "vm/frame.h"
 
 static thread_func start_process NO_RETURN;
 static bool load (const char *cmd_line, void (**eip) (void), void **esp);
@@ -58,7 +60,7 @@ process_execute (const char *file_name)
       sema_down (&exec.load_done);
       if (exec.success)
         list_push_back (&thread_current ()->children, &exec.wait_status->elem);
-      else
+      else 
         tid = TID_ERROR;
     }
 
@@ -95,7 +97,6 @@ start_process (void *exec_)
       lock_init (&exec->wait_status->lock);
       exec->wait_status->ref_cnt = 2;
       exec->wait_status->tid = thread_current ()->tid;
-      exec->wait_status->exit_code = -1;
       sema_init (&exec->wait_status->dead, 0);
     }
   
@@ -167,14 +168,13 @@ process_exit (void)
   struct list_elem *e, *next;
   uint32_t *pd;
 
-  /* Close executable (and allow writes). */
-  file_close (cur->bin_file);
+  printf ("%s: exit(%d)\n", cur->name, cur->exit_code);
 
   /* Notify parent that we're dead. */
   if (cur->wait_status != NULL) 
     {
       struct wait_status *cs = cur->wait_status;
-      printf ("%s: exit(%d)\n", cur->name, cs->exit_code);
+      cs->exit_code = cur->exit_code;
       sema_up (&cs->dead);
       release_child (cs);
     }
@@ -187,7 +187,13 @@ process_exit (void)
       next = list_remove (e);
       release_child (cs);
     }
+
+  /* Destroy the page hash table. */
+  page_exit ();
   
+  /* Close executable (and allow writes). */
+  file_close (cur->bin_file);
+
   /* Destroy the current process's page directory and switch back
      to the kernel-only page directory. */
   pd = cur->pagedir;
@@ -313,6 +319,12 @@ load (const char *cmd_line, void (**eip) (void), void **esp)
     goto done;
   process_activate ();
 
+  /* Create page hash table. */
+  t->pages = malloc (sizeof *t->pages);
+  if (t->pages == NULL)
+    goto done;
+  hash_init (t->pages, page_hash, page_less, NULL);
+
   /* Extract file_name from command line. */
   while (*cmd_line == ' ')
     cmd_line++;
@@ -328,7 +340,7 @@ load (const char *cmd_line, void (**eip) (void), void **esp)
       printf ("load: %s: open failed\n", file_name);
       goto done; 
     }
-  file_deny_write (file);
+  file_deny_write (t->bin_file);
 
   /* Read and verify executable header. */
   if (file_read (file, &ehdr, sizeof ehdr) != sizeof ehdr
@@ -418,8 +430,6 @@ load (const char *cmd_line, void (**eip) (void), void **esp)
 \f
 /* load() helpers. */
 
-static bool install_page (void *upage, void *kpage, bool writable);
-
 /* Checks whether PHDR describes a valid, loadable segment in
    FILE and returns true if so, false otherwise. */
 static bool
@@ -487,38 +497,22 @@ load_segment (struct file *file, off_t ofs, uint8_t *upage,
   ASSERT (pg_ofs (upage) == 0);
   ASSERT (ofs % PGSIZE == 0);
 
-  file_seek (file, ofs);
   while (read_bytes > 0 || zero_bytes > 0) 
     {
-      /* Calculate how to fill this page.
-         We will read PAGE_READ_BYTES bytes from FILE
-         and zero the final PAGE_ZERO_BYTES bytes. */
       size_t page_read_bytes = read_bytes < PGSIZE ? read_bytes : PGSIZE;
       size_t page_zero_bytes = PGSIZE - page_read_bytes;
-
-      /* Get a page of memory. */
-      uint8_t *kpage = palloc_get_page (PAL_USER);
-      if (kpage == NULL)
+      struct page *p = page_allocate (upage, !writable);
+      if (p == NULL)
         return false;
-
-      /* Load this page. */
-      if (file_read (file, kpage, page_read_bytes) != (int) page_read_bytes)
-        {
-          palloc_free_page (kpage);
-          return false; 
-        }
-      memset (kpage + page_read_bytes, 0, page_zero_bytes);
-
-      /* Add the page to the process's address space. */
-      if (!install_page (upage, kpage, writable)) 
+      if (page_read_bytes > 0) 
         {
-          palloc_free_page (kpage);
-          return false; 
+          p->file = file;
+          p->file_offset = ofs;
+          p->file_bytes = page_read_bytes;
         }
-
-      /* Advance. */
       read_bytes -= page_read_bytes;
       zero_bytes -= page_zero_bytes;
+      ofs += page_read_bytes;
       upage += PGSIZE;
     }
   return true;
@@ -535,7 +529,7 @@ reverse (int argc, char **argv)
       argv[argc - 1] = tmp;
     }
 }
-
+ 
 /* Pushes the SIZE bytes in BUF onto the stack in KPAGE, whose
    page-relative stack pointer is *OFS, and then adjusts *OFS
    appropriately.  The bytes pushed are rounded to a 32-bit
@@ -611,37 +605,19 @@ init_cmd_line (uint8_t *kpage, uint8_t *upage, const char *cmd_line,
 static bool
 setup_stack (const char *cmd_line, void **esp) 
 {
-  uint8_t *kpage;
-  bool success = false;
-
-  kpage = palloc_get_page (PAL_USER | PAL_ZERO);
-  if (kpage != NULL) 
+  struct page *page = page_allocate (((uint8_t *) PHYS_BASE) - PGSIZE, false);
+  if (page != NULL) 
     {
-      uint8_t *upage = ((uint8_t *) PHYS_BASE) - PGSIZE;
-      if (install_page (upage, kpage, true))
-        success = init_cmd_line (kpage, upage, cmd_line, esp);
-      else
-        palloc_free_page (kpage);
+      page->frame = frame_alloc_and_lock (page);
+      if (page->frame != NULL)
+        {
+          bool ok;
+          page->read_only = false;
+          page->private = false;
+          ok = init_cmd_line (page->frame->base, page->addr, cmd_line, esp);
+          frame_unlock (page->frame);
+          return ok;
+        }
     }
-  return success;
-}
-
-/* Adds a mapping from user virtual address UPAGE to kernel
-   virtual address KPAGE to the page table.
-   If WRITABLE is true, the user process may modify the page;
-   otherwise, it is read-only.
-   UPAGE must not already be mapped.
-   KPAGE should probably be a page obtained from the user pool
-   with palloc_get_page().
-   Returns true on success, false if UPAGE is already mapped or
-   if memory allocation fails. */
-static bool
-install_page (void *upage, void *kpage, bool writable)
-{
-  struct thread *t = thread_current ();
-
-  /* Verify that there's not already a page at that virtual
-     address, then map our page there. */
-  return (pagedir_get_page (t->pagedir, upage) == NULL
-          && pagedir_set_page (t->pagedir, upage, kpage, writable));
+  return false;
 }
diff --git a/src/userprog/syscall.c b/src/userprog/syscall.c
index ef31316..e6be702 100644
--- a/src/userprog/syscall.c
+++ b/src/userprog/syscall.c
@@ -6,6 +6,7 @@
 #include "userprog/pagedir.h"
 #include "devices/input.h"
 #include "devices/shutdown.h"
+#include "filesys/directory.h"
 #include "filesys/filesys.h"
 #include "filesys/file.h"
 #include "threads/interrupt.h"
@@ -13,6 +14,7 @@
 #include "threads/palloc.h"
 #include "threads/thread.h"
 #include "threads/vaddr.h"
+#include "vm/page.h"
  
  
 static int sys_halt (void);
@@ -28,11 +30,12 @@ static int sys_write (int handle, void *usrc_, unsigned size);
 static int sys_seek (int handle, unsigned position);
 static int sys_tell (int handle);
 static int sys_close (int handle);
+static int sys_mmap (int handle, void *addr);
+static int sys_munmap (int mapping);
  
 static void syscall_handler (struct intr_frame *);
 static void copy_in (void *, const void *, size_t);
- 
-/* Serializes file system operations. */
+
 static struct lock fs_lock;
  
 void
@@ -71,6 +74,8 @@ syscall_handler (struct intr_frame *f)
       {2, (syscall_function *) sys_seek},
       {1, (syscall_function *) sys_tell},
       {1, (syscall_function *) sys_close},
+      {2, (syscall_function *) sys_mmap},
+      {1, (syscall_function *) sys_munmap},
     };
 
   const struct syscall *sc;
@@ -93,39 +98,6 @@ syscall_handler (struct intr_frame *f)
   f->eax = sc->func (args[0], args[1], args[2]);
 }
  
-/* Returns true if UADDR is a valid, mapped user address,
-   false otherwise. */
-static bool
-verify_user (const void *uaddr) 
-{
-  return (uaddr < PHYS_BASE
-          && pagedir_get_page (thread_current ()->pagedir, uaddr) != NULL);
-}
- 
-/* Copies a byte from user address USRC to kernel address DST.
-   USRC must be below PHYS_BASE.
-   Returns true if successful, false if a segfault occurred. */
-static inline bool
-get_user (uint8_t *dst, const uint8_t *usrc)
-{
-  int eax;
-  asm ("movl $1f, %%eax; movb %2, %%al; movb %%al, %0; 1:"
-       : "=m" (*dst), "=&a" (eax) : "m" (*usrc));
-  return eax != 0;
-}
- 
-/* Writes BYTE to user address UDST.
-   UDST must be below PHYS_BASE.
-   Returns true if successful, false if a segfault occurred. */
-static inline bool
-put_user (uint8_t *udst, uint8_t byte)
-{
-  int eax;
-  asm ("movl $1f, %%eax; movb %b2, %0; 1:"
-       : "=m" (*udst), "=&a" (eax) : "q" (byte));
-  return eax != 0;
-}
- 
 /* Copies SIZE bytes from user address USRC to kernel address
    DST.
    Call thread_exit() if any of the user accesses are invalid. */
@@ -134,10 +106,22 @@ copy_in (void *dst_, const void *usrc_, size_t size)
 {
   uint8_t *dst = dst_;
   const uint8_t *usrc = usrc_;
- 
-  for (; size > 0; size--, dst++, usrc++) 
-    if (usrc >= (uint8_t *) PHYS_BASE || !get_user (dst, usrc)) 
-      thread_exit ();
+
+  while (size > 0) 
+    {
+      size_t chunk_size = PGSIZE - pg_ofs (usrc);
+      if (chunk_size > size)
+        chunk_size = size;
+      
+      if (!page_lock (usrc, false))
+        thread_exit ();
+      memcpy (dst, usrc, chunk_size);
+      page_unlock (usrc);
+
+      dst += chunk_size;
+      usrc += chunk_size;
+      size -= chunk_size;
+    }
 }
  
 /* Creates a copy of user string US in kernel memory
@@ -149,25 +133,40 @@ static char *
 copy_in_string (const char *us) 
 {
   char *ks;
+  char *upage;
   size_t length;
  
   ks = palloc_get_page (0);
   if (ks == NULL) 
     thread_exit ();
- 
-  for (length = 0; length < PGSIZE; length++)
+
+  length = 0;
+  for (;;) 
     {
-      if (us >= (char *) PHYS_BASE || !get_user (ks + length, us++)) 
+      upage = pg_round_down (us);
+      if (!page_lock (upage, false))
+        goto lock_error;
+
+      for (; us < upage + PGSIZE; us++) 
         {
-          palloc_free_page (ks);
-          thread_exit (); 
+          ks[length++] = *us;
+          if (*us == '\0') 
+            {
+              page_unlock (upage);
+              return ks; 
+            }
+          else if (length >= PGSIZE) 
+            goto too_long_error;
         }
-       
-      if (ks[length] == '\0')
-        return ks;
+
+      page_unlock (upage);
     }
-  ks[PGSIZE - 1] = '\0';
-  return ks;
+
+ too_long_error:
+  page_unlock (upage);
+ lock_error:
+  palloc_free_page (ks);
+  thread_exit ();
 }
  
 /* Halt system call. */
@@ -181,7 +180,7 @@ sys_halt (void)
 static int
 sys_exit (int exit_code) 
 {
-  thread_current ()->wait_status->exit_code = exit_code;
+  thread_current ()->exit_code = exit_code;
   thread_exit ();
   NOT_REACHED ();
 }
@@ -192,7 +191,7 @@ sys_exec (const char *ufile)
 {
   tid_t tid;
   char *kfile = copy_in_string (ufile);
- 
+
   lock_acquire (&fs_lock);
   tid = process_execute (kfile);
   lock_release (&fs_lock);
@@ -215,11 +214,11 @@ sys_create (const char *ufile, unsigned initial_size)
 {
   char *kfile = copy_in_string (ufile);
   bool ok;
-   
+
   lock_acquire (&fs_lock);
   ok = filesys_create (kfile, initial_size);
   lock_release (&fs_lock);
- 
+
   palloc_free_page (kfile);
  
   return ok;
@@ -231,16 +230,16 @@ sys_remove (const char *ufile)
 {
   char *kfile = copy_in_string (ufile);
   bool ok;
-   
+
   lock_acquire (&fs_lock);
   ok = filesys_remove (kfile);
   lock_release (&fs_lock);
- 
+
   palloc_free_page (kfile);
  
   return ok;
 }
- 
+\f
 /* A file descriptor, for binding a file handle to a file. */
 struct file_descriptor
   {
@@ -320,18 +319,7 @@ sys_read (int handle, void *udst_, unsigned size)
   struct file_descriptor *fd;
   int bytes_read = 0;
 
-  /* Handle keyboard reads. */
-  if (handle == STDIN_FILENO) 
-    {
-      for (bytes_read = 0; (size_t) bytes_read < size; bytes_read++)
-        if (udst >= (uint8_t *) PHYS_BASE || !put_user (udst++, input_getc ()))
-          thread_exit ();
-      return bytes_read;
-    }
-
-  /* Handle all other reads. */
   fd = lookup_fd (handle);
-  lock_acquire (&fs_lock);
   while (size > 0) 
     {
       /* How much to read into this page? */
@@ -339,32 +327,49 @@ sys_read (int handle, void *udst_, unsigned size)
       size_t read_amt = size < page_left ? size : page_left;
       off_t retval;
 
-      /* Check that touching this page is okay. */
-      if (!verify_user (udst)) 
+      /* Read from file into page. */
+      if (handle != STDIN_FILENO) 
         {
+          if (!page_lock (udst, true)) 
+            thread_exit (); 
+          lock_acquire (&fs_lock);
+          retval = file_read (fd->file, udst, read_amt);
           lock_release (&fs_lock);
-          thread_exit ();
+          page_unlock (udst);
         }
-
-      /* Read from file into page. */
-      retval = file_read (fd->file, udst, read_amt);
+      else 
+        {
+          size_t i;
+          
+          for (i = 0; i < read_amt; i++) 
+            {
+              char c = input_getc ();
+              if (!page_lock (udst, true)) 
+                thread_exit ();
+              udst[i] = c;
+              page_unlock (udst);
+            }
+          bytes_read = read_amt;
+        }
+      
+      /* Check success. */
       if (retval < 0)
         {
           if (bytes_read == 0)
             bytes_read = -1; 
           break;
         }
-      bytes_read += retval;
-
-      /* If it was a short read we're done. */
-      if (retval != (off_t) read_amt)
-        break;
+      bytes_read += retval; 
+      if (retval != (off_t) read_amt) 
+        {
+          /* Short read, so we're done. */
+          break; 
+        }
 
       /* Advance. */
       udst += retval;
       size -= retval;
     }
-  lock_release (&fs_lock);
    
   return bytes_read;
 }
@@ -381,7 +386,6 @@ sys_write (int handle, void *usrc_, unsigned size)
   if (handle != STDOUT_FILENO)
     fd = lookup_fd (handle);
 
-  lock_acquire (&fs_lock);
   while (size > 0) 
     {
       /* How much bytes to write to this page? */
@@ -389,21 +393,21 @@ sys_write (int handle, void *usrc_, unsigned size)
       size_t write_amt = size < page_left ? size : page_left;
       off_t retval;
 
-      /* Check that we can touch this user page. */
-      if (!verify_user (usrc)) 
-        {
-          lock_release (&fs_lock);
-          thread_exit ();
-        }
-
-      /* Do the write. */
+      /* Write from page into file. */
+      if (!page_lock (usrc, false)) 
+        thread_exit ();
+      lock_acquire (&fs_lock);
       if (handle == STDOUT_FILENO)
         {
-          putbuf (usrc, write_amt);
+          putbuf ((char *) usrc, write_amt);
           retval = write_amt;
         }
       else
         retval = file_write (fd->file, usrc, write_amt);
+      lock_release (&fs_lock);
+      page_unlock (usrc);
+
+      /* Handle return value. */
       if (retval < 0) 
         {
           if (bytes_written == 0)
@@ -420,7 +424,6 @@ sys_write (int handle, void *usrc_, unsigned size)
       usrc += retval;
       size -= retval;
     }
-  lock_release (&fs_lock);
  
   return bytes_written;
 }
@@ -435,7 +438,7 @@ sys_seek (int handle, unsigned position)
   if ((off_t) position >= 0)
     file_seek (fd->file, position);
   lock_release (&fs_lock);
- 
+
   return 0;
 }
  
@@ -449,7 +452,7 @@ sys_tell (int handle)
   lock_acquire (&fs_lock);
   position = file_tell (fd->file);
   lock_release (&fs_lock);
- 
+
   return position;
 }
  
@@ -465,8 +468,110 @@ sys_close (int handle)
   free (fd);
   return 0;
 }
+\f
+/* Binds a mapping id to a region of memory and a file. */
+struct mapping
+  {
+    struct list_elem elem;      /* List element. */
+    int handle;                 /* Mapping id. */
+    struct file *file;          /* File. */
+    uint8_t *base;              /* Start of memory mapping. */
+    size_t page_cnt;            /* Number of pages mapped. */
+  };
+
+/* Returns the file descriptor associated with the given handle.
+   Terminates the process if HANDLE is not associated with a
+   memory mapping. */
+static struct mapping *
+lookup_mapping (int handle) 
+{
+  struct thread *cur = thread_current ();
+  struct list_elem *e;
+   
+  for (e = list_begin (&cur->mappings); e != list_end (&cur->mappings);
+       e = list_next (e))
+    {
+      struct mapping *m = list_entry (e, struct mapping, elem);
+      if (m->handle == handle)
+        return m;
+    }
+ 
+  thread_exit ();
+}
+
+/* Remove mapping M from the virtual address space,
+   writing back any pages that have changed. */
+static void
+unmap (struct mapping *m) 
+{
+  list_remove (&m->elem);
+  while (m->page_cnt-- > 0) 
+    {
+      page_deallocate (m->base);
+      m->base += PGSIZE;
+    }
+  file_close (m->file);
+  free (m);
+}
  
-/* On thread exit, close all open files. */
+/* Mmap system call. */
+static int
+sys_mmap (int handle, void *addr)
+{
+  struct file_descriptor *fd = lookup_fd (handle);
+  struct mapping *m = malloc (sizeof *m);
+  size_t offset;
+  off_t length;
+
+  if (m == NULL || addr == NULL || pg_ofs (addr) != 0)
+    return -1;
+
+  m->handle = thread_current ()->next_handle++;
+  lock_acquire (&fs_lock);
+  m->file = file_reopen (fd->file);
+  lock_release (&fs_lock);
+  if (m->file == NULL) 
+    {
+      free (m);
+      return -1;
+    }
+  m->base = addr;
+  m->page_cnt = 0;
+  list_push_front (&thread_current ()->mappings, &m->elem);
+
+  offset = 0;
+  lock_acquire (&fs_lock);
+  length = file_length (m->file);
+  lock_release (&fs_lock);
+  while (length > 0)
+    {
+      struct page *p = page_allocate ((uint8_t *) addr + offset, false);
+      if (p == NULL)
+        {
+          unmap (m);
+          return -1;
+        }
+      p->private = false;
+      p->file = m->file;
+      p->file_offset = offset;
+      p->file_bytes = length >= PGSIZE ? PGSIZE : length;
+      offset += p->file_bytes;
+      length -= p->file_bytes;
+      m->page_cnt++;
+    }
+  
+  return m->handle;
+}
+
+/* Munmap system call. */
+static int
+sys_munmap (int mapping) 
+{
+  unmap (lookup_mapping (mapping));
+  return 0;
+}
+\f 
+/* On thread exit, close all open files and unmap all mappings. */
 void
 syscall_exit (void) 
 {
@@ -475,12 +580,19 @@ syscall_exit (void)
    
   for (e = list_begin (&cur->fds); e != list_end (&cur->fds); e = next)
     {
-      struct file_descriptor *fd;
-      fd = list_entry (e, struct file_descriptor, elem);
+      struct file_descriptor *fd = list_entry (e, struct file_descriptor, elem);
       next = list_next (e);
       lock_acquire (&fs_lock);
       file_close (fd->file);
       lock_release (&fs_lock);
       free (fd);
     }
+   
+  for (e = list_begin (&cur->mappings); e != list_end (&cur->mappings);
+       e = next)
+    {
+      struct mapping *m = list_entry (e, struct mapping, elem);
+      next = list_next (e);
+      unmap (m);
+    }
 }
diff --git a/src/vm/frame.c b/src/vm/frame.c
new file mode 100644
index 0000000..ef55376
--- /dev/null
+++ b/src/vm/frame.c
@@ -0,0 +1,162 @@
+#include "vm/frame.h"
+#include <stdio.h>
+#include "vm/page.h"
+#include "devices/timer.h"
+#include "threads/init.h"
+#include "threads/malloc.h"
+#include "threads/palloc.h"
+#include "threads/synch.h"
+#include "threads/vaddr.h"
+
+static struct frame *frames;
+static size_t frame_cnt;
+
+static struct lock scan_lock;
+static size_t hand;
+
+/* Initialize the frame manager. */
+void
+frame_init (void) 
+{
+  void *base;
+
+  lock_init (&scan_lock);
+  
+  frames = malloc (sizeof *frames * init_ram_pages);
+  if (frames == NULL)
+    PANIC ("out of memory allocating page frames");
+
+  while ((base = palloc_get_page (PAL_USER)) != NULL) 
+    {
+      struct frame *f = &frames[frame_cnt++];
+      lock_init (&f->lock);
+      f->base = base;
+      f->page = NULL;
+    }
+}
+
+/* Tries to allocate and lock a frame for PAGE.
+   Returns the frame if successful, false on failure. */
+static struct frame *
+try_frame_alloc_and_lock (struct page *page) 
+{
+  size_t i;
+
+  lock_acquire (&scan_lock);
+
+  /* Find a free frame. */
+  for (i = 0; i < frame_cnt; i++)
+    {
+      struct frame *f = &frames[i];
+      if (!lock_try_acquire (&f->lock))
+        continue;
+      if (f->page == NULL) 
+        {
+          f->page = page;
+          lock_release (&scan_lock);
+          return f;
+        } 
+      lock_release (&f->lock);
+    }
+
+  /* No free frame.  Find a frame to evict. */
+  for (i = 0; i < frame_cnt * 2; i++) 
+    {
+      /* Get a frame. */
+      struct frame *f = &frames[hand];
+      if (++hand >= frame_cnt)
+        hand = 0;
+
+      if (!lock_try_acquire (&f->lock))
+        continue;
+
+      if (f->page == NULL) 
+        {
+          f->page = page;
+          lock_release (&scan_lock);
+          return f;
+        } 
+
+      if (page_accessed_recently (f->page)) 
+        {
+          lock_release (&f->lock);
+          continue;
+        }
+          
+      lock_release (&scan_lock);
+      
+      /* Evict this frame. */
+      if (!page_out (f->page))
+        {
+          lock_release (&f->lock);
+          return NULL;
+        }
+
+      f->page = page;
+      return f;
+    }
+
+  lock_release (&scan_lock);
+  return NULL;
+}
+
+
+/* Tries really hard to allocate and lock a frame for PAGE.
+   Returns the frame if successful, false on failure. */
+struct frame *
+frame_alloc_and_lock (struct page *page) 
+{
+  size_t try;
+
+  for (try = 0; try < 3; try++) 
+    {
+      struct frame *f = try_frame_alloc_and_lock (page);
+      if (f != NULL) 
+        {
+          ASSERT (lock_held_by_current_thread (&f->lock));
+          return f; 
+        }
+      timer_msleep (1000);
+    }
+
+  return NULL;
+}
+
+/* Locks P's frame into memory, if it has one.
+   Upon return, p->frame will not change until P is unlocked. */
+void
+frame_lock (struct page *p) 
+{
+  /* A frame can be asynchronously removed, but never inserted. */
+  struct frame *f = p->frame;
+  if (f != NULL) 
+    {
+      lock_acquire (&f->lock);
+      if (f != p->frame)
+        {
+          lock_release (&f->lock);
+          ASSERT (p->frame == NULL); 
+        } 
+    }
+}
+
+/* Releases frame F for use by another page.
+   F must be locked for use by the current process.
+   Any data in F is lost. */
+void
+frame_free (struct frame *f)
+{
+  ASSERT (lock_held_by_current_thread (&f->lock));
+          
+  f->page = NULL;
+  lock_release (&f->lock);
+}
+
+/* Unlocks frame F, allowing it to be evicted.
+   F must be locked for use by the current process. */
+void
+frame_unlock (struct frame *f) 
+{
+  ASSERT (lock_held_by_current_thread (&f->lock));
+  lock_release (&f->lock);
+}
diff --git a/src/vm/frame.h b/src/vm/frame.h
new file mode 100644
index 0000000..496f623
--- /dev/null
+++ b/src/vm/frame.h
@@ -0,0 +1,23 @@
+#ifndef VM_FRAME_H
+#define VM_FRAME_H
+
+#include <stdbool.h>
+#include "threads/synch.h"
+
+/* A physical frame. */
+struct frame 
+  {
+    struct lock lock;           /* Prevent simultaneous access. */
+    void *base;                 /* Kernel virtual base address. */
+    struct page *page;          /* Mapped process page, if any. */
+  };
+
+void frame_init (void);
+
+struct frame *frame_alloc_and_lock (struct page *);
+void frame_lock (struct page *);
+
+void frame_free (struct frame *);
+void frame_unlock (struct frame *);
+
+#endif /* vm/frame.h */
diff --git a/src/vm/page.c b/src/vm/page.c
new file mode 100644
index 0000000..f08bcf8
--- /dev/null
+++ b/src/vm/page.c
@@ -0,0 +1,293 @@
+#include "vm/page.h"
+#include <stdio.h>
+#include <string.h>
+#include "vm/frame.h"
+#include "vm/swap.h"
+#include "filesys/file.h"
+#include "threads/malloc.h"
+#include "threads/thread.h"
+#include "userprog/pagedir.h"
+#include "threads/vaddr.h"
+
+/* Maximum size of process stack, in bytes. */
+#define STACK_MAX (1024 * 1024)
+
+/* Destroys a page, which must be in the current process's
+   page table.  Used as a callback for hash_destroy(). */
+static void
+destroy_page (struct hash_elem *p_, void *aux UNUSED)
+{
+  struct page *p = hash_entry (p_, struct page, hash_elem);
+  frame_lock (p);
+  if (p->frame)
+    frame_free (p->frame);
+  free (p);
+}
+
+/* Destroys the current process's page table. */
+void
+page_exit (void) 
+{
+  struct hash *h = thread_current ()->pages;
+  if (h != NULL)
+    hash_destroy (h, destroy_page);
+}
+
+/* Returns the page containing the given virtual ADDRESS,
+   or a null pointer if no such page exists.
+   Allocates stack pages as necessary. */
+static struct page *
+page_for_addr (const void *address) 
+{
+  if (address < PHYS_BASE) 
+    {
+      struct page p;
+      struct hash_elem *e;
+
+      /* Find existing page. */
+      p.addr = (void *) pg_round_down (address);
+      e = hash_find (thread_current ()->pages, &p.hash_elem);
+      if (e != NULL)
+        return hash_entry (e, struct page, hash_elem);
+
+      /* No page.  Expand stack? */
+      if (address >= PHYS_BASE - STACK_MAX
+          && address >= thread_current ()->user_esp - 32)
+        return page_allocate ((void *) address, false);
+    }
+  return NULL;
+}
+
+/* Locks a frame for page P and pages it in.
+   Returns true if successful, false on failure. */
+static bool
+do_page_in (struct page *p)
+{
+  /* Get a frame for the page. */
+  p->frame = frame_alloc_and_lock (p);
+  if (p->frame == NULL)
+    return false;
+
+  /* Copy data into the frame. */
+  if (p->sector != (block_sector_t) -1) 
+    {
+      /* Get data from swap. */
+      swap_in (p); 
+    }
+  else if (p->file != NULL) 
+    {
+      /* Get data from file. */
+      off_t read_bytes = file_read_at (p->file, p->frame->base,
+                                        p->file_bytes, p->file_offset);
+      off_t zero_bytes = PGSIZE - read_bytes;
+      memset (p->frame->base + read_bytes, 0, zero_bytes);
+      if (read_bytes != p->file_bytes)
+        printf ("bytes read (%"PROTd") != bytes requested (%"PROTd")\n",
+                read_bytes, p->file_bytes);
+    }
+  else 
+    {
+      /* Provide all-zero page. */
+      memset (p->frame->base, 0, PGSIZE);
+    }
+
+  return true;
+}
+
+/* Faults in the page containing FAULT_ADDR.
+   Returns true if successful, false on failure. */
+bool
+page_in (void *fault_addr) 
+{
+  struct page *p;
+  bool success;
+
+  /* Can't handle page faults without a hash table. */
+  if (thread_current ()->pages == NULL) 
+    return false;
+
+  p = page_for_addr (fault_addr);
+  if (p == NULL) 
+    return false; 
+
+  frame_lock (p);
+  if (p->frame == NULL)
+    {
+      if (!do_page_in (p))
+        return false;
+    }
+  ASSERT (lock_held_by_current_thread (&p->frame->lock));
+    
+  /* Install frame into page table. */
+  success = pagedir_set_page (thread_current ()->pagedir, p->addr,
+                              p->frame->base, !p->read_only);
+
+  /* Release frame. */
+  frame_unlock (p->frame);
+
+  return success;
+}
+
+/* Evicts page P.
+   P must have a locked frame.
+   Return true if successful, false on failure. */
+bool
+page_out (struct page *p) 
+{
+  bool dirty;
+  bool ok;
+
+  ASSERT (p->frame != NULL);
+  ASSERT (lock_held_by_current_thread (&p->frame->lock));
+
+  /* Mark page not present in page table, forcing accesses by the
+     process to fault.  This must happen before checking the
+     dirty bit, to prevent a race with the process dirtying the
+     page. */
+  pagedir_clear_page (p->thread->pagedir, p->addr);
+
+  /* Has the frame been modified? */
+  dirty = pagedir_is_dirty (p->thread->pagedir, p->addr);
+
+  /* Write frame contents to disk if necessary. */
+  if (p->file != NULL) 
+    {
+      if (dirty) 
+        {
+          if (p->private)
+            ok = swap_out (p);
+          else 
+            ok = file_write_at (p->file, p->frame->base, p->file_bytes,
+                                p->file_offset) == p->file_bytes;
+        }
+      else
+        ok = true;
+    }
+  else
+    ok = swap_out (p);
+  if (ok) 
+    {
+      //memset (p->frame->base, 0xcc, PGSIZE);
+      p->frame = NULL; 
+    }
+  return ok;
+}
+
+/* Returns true if page P's data has been accessed recently,
+   false otherwise.
+   P must have a frame locked into memory. */
+bool
+page_accessed_recently (struct page *p) 
+{
+  bool was_accessed;
+
+  ASSERT (p->frame != NULL);
+  ASSERT (lock_held_by_current_thread (&p->frame->lock));
+
+  was_accessed = pagedir_is_accessed (p->thread->pagedir, p->addr);
+  if (was_accessed)
+    pagedir_set_accessed (p->thread->pagedir, p->addr, false);
+  return was_accessed;
+}
+
+/* Adds a mapping for user virtual address VADDR to the page hash
+   table.  Fails if VADDR is already mapped or if memory
+   allocation fails. */
+struct page *
+page_allocate (void *vaddr, bool read_only)
+{
+  struct thread *t = thread_current ();
+  struct page *p = malloc (sizeof *p);
+  if (p != NULL) 
+    {
+      p->addr = pg_round_down (vaddr);
+
+      p->read_only = read_only;
+      p->private = !read_only;
+
+      p->frame = NULL;
+
+      p->sector = (block_sector_t) -1;
+
+      p->file = NULL;
+      p->file_offset = 0;
+      p->file_bytes = 0;
+
+      p->thread = thread_current ();
+
+      if (hash_insert (t->pages, &p->hash_elem) != NULL) 
+        {
+          /* Already mapped. */
+          free (p);
+          p = NULL;
+        }
+    }
+  return p;
+}
+
+/* Evicts the page containing address VADDR
+   and removes it from the page table. */
+void
+page_deallocate (void *vaddr) 
+{
+  struct page *p = page_for_addr (vaddr);
+  ASSERT (p != NULL);
+  frame_lock (p);
+  if (p->frame)
+    {
+      struct frame *f = p->frame;
+      if (p->file && !p->private) 
+        page_out (p); 
+      frame_free (f);
+    }
+  hash_delete (thread_current ()->pages, &p->hash_elem);
+  free (p);
+}
+
+/* Returns a hash value for the page that E refers to. */
+unsigned
+page_hash (const struct hash_elem *e, void *aux UNUSED) 
+{
+  const struct page *p = hash_entry (e, struct page, hash_elem);
+  return ((uintptr_t) p->addr) >> PGBITS;
+}
+
+/* Returns true if page A precedes page B. */
+bool
+page_less (const struct hash_elem *a_, const struct hash_elem *b_,
+           void *aux UNUSED) 
+{
+  const struct page *a = hash_entry (a_, struct page, hash_elem);
+  const struct page *b = hash_entry (b_, struct page, hash_elem);
+  
+  return a->addr < b->addr;
+}
+
+/* Tries to lock the page containing ADDR into physical memory.
+   If WILL_WRITE is true, the page must be writeable;
+   otherwise it may be read-only.
+   Returns true if successful, false on failure. */
+bool
+page_lock (const void *addr, bool will_write) 
+{
+  struct page *p = page_for_addr (addr);
+  if (p == NULL || (p->read_only && will_write))
+    return false;
+  
+  frame_lock (p);
+  if (p->frame == NULL)
+    return (do_page_in (p)
+            && pagedir_set_page (thread_current ()->pagedir, p->addr,
+                                 p->frame->base, !p->read_only)); 
+  else
+    return true;
+}
+
+/* Unlocks a page locked with page_lock(). */
+void
+page_unlock (const void *addr) 
+{
+  struct page *p = page_for_addr (addr);
+  ASSERT (p != NULL);
+  frame_unlock (p->frame);
+}
diff --git a/src/vm/page.h b/src/vm/page.h
new file mode 100644
index 0000000..b71b9da
--- /dev/null
+++ b/src/vm/page.h
@@ -0,0 +1,50 @@
+#ifndef VM_PAGE_H
+#define VM_PAGE_H
+
+#include <hash.h>
+#include "devices/block.h"
+#include "filesys/off_t.h"
+#include "threads/synch.h"
+
+/* Virtual page. */
+struct page 
+  {
+    /* Immutable members. */
+    void *addr;                 /* User virtual address. */
+    bool read_only;             /* Read-only page? */
+    struct thread *thread;      /* Owning thread. */
+
+    /* Accessed only in owning process context. */
+    struct hash_elem hash_elem; /* struct thread `pages' hash element. */
+
+    /* Set only in owning process context with frame->frame_lock held.
+       Cleared only with scan_lock and frame->frame_lock held. */
+    struct frame *frame;        /* Page frame. */
+
+    /* Swap information, protected by frame->frame_lock. */
+    block_sector_t sector;       /* Starting sector of swap area, or -1. */
+    
+    /* Memory-mapped file information, protected by frame->frame_lock. */
+    bool private;               /* False to write back to file,
+                                   true to write back to swap. */
+    struct file *file;          /* File. */
+    off_t file_offset;          /* Offset in file. */
+    off_t file_bytes;           /* Bytes to read/write, 1...PGSIZE. */
+  };
+
+void page_exit (void);
+
+struct page *page_allocate (void *, bool read_only);
+void page_deallocate (void *vaddr);
+
+bool page_in (void *fault_addr);
+bool page_out (struct page *);
+bool page_accessed_recently (struct page *);
+
+bool page_lock (const void *, bool will_write);
+void page_unlock (const void *);
+
+hash_hash_func page_hash;
+hash_less_func page_less;
+
+#endif /* vm/page.h */
diff --git a/src/vm/swap.c b/src/vm/swap.c
new file mode 100644
index 0000000..76fcf71
--- /dev/null
+++ b/src/vm/swap.c
@@ -0,0 +1,85 @@
+#include "vm/swap.h"
+#include <bitmap.h>
+#include <debug.h>
+#include <stdio.h>
+#include "vm/frame.h"
+#include "vm/page.h"
+#include "threads/synch.h"
+#include "threads/vaddr.h"
+
+/* The swap device. */
+static struct block *swap_device;
+
+/* Used swap pages. */
+static struct bitmap *swap_bitmap;
+
+/* Protects swap_bitmap. */
+static struct lock swap_lock;
+
+/* Number of sectors per page. */
+#define PAGE_SECTORS (PGSIZE / BLOCK_SECTOR_SIZE)
+
+/* Sets up swap. */
+void
+swap_init (void) 
+{
+  swap_device = block_get_role (BLOCK_SWAP);
+  if (swap_device == NULL) 
+    {
+      printf ("no swap device--swap disabled\n");
+      swap_bitmap = bitmap_create (0);
+    }
+  else
+    swap_bitmap = bitmap_create (block_size (swap_device)
+                                 / PAGE_SECTORS);
+  if (swap_bitmap == NULL)
+    PANIC ("couldn't create swap bitmap");
+  lock_init (&swap_lock);
+}
+
+/* Swaps in page P, which must have a locked frame
+   (and be swapped out). */
+void
+swap_in (struct page *p) 
+{
+  size_t i;
+  
+  ASSERT (p->frame != NULL);
+  ASSERT (lock_held_by_current_thread (&p->frame->lock));
+  ASSERT (p->sector != (block_sector_t) -1);
+
+  for (i = 0; i < PAGE_SECTORS; i++)
+    block_read (swap_device, p->sector + i,
+                p->frame->base + i * BLOCK_SECTOR_SIZE);
+  bitmap_reset (swap_bitmap, p->sector / PAGE_SECTORS);
+  p->sector = (block_sector_t) -1;
+}
+
+/* Swaps out page P, which must have a locked frame. */
+bool
+swap_out (struct page *p) 
+{
+  size_t slot;
+  size_t i;
+
+  ASSERT (p->frame != NULL);
+  ASSERT (lock_held_by_current_thread (&p->frame->lock));
+
+  lock_acquire (&swap_lock);
+  slot = bitmap_scan_and_flip (swap_bitmap, 0, 1, false);
+  lock_release (&swap_lock);
+  if (slot == BITMAP_ERROR) 
+    return false; 
+
+  p->sector = slot * PAGE_SECTORS;
+  for (i = 0; i < PAGE_SECTORS; i++)
+    block_write (swap_device, p->sector + i,
+                 p->frame->base + i * BLOCK_SECTOR_SIZE);
+  
+  p->private = false;
+  p->file = NULL;
+  p->file_offset = 0;
+  p->file_bytes = 0;
+
+  return true;
+}
diff --git a/src/vm/swap.h b/src/vm/swap.h
new file mode 100644
index 0000000..34d5d51
--- /dev/null
+++ b/src/vm/swap.h
@@ -0,0 +1,11 @@
+#ifndef VM_SWAP_H
+#define VM_SWAP_H 1
+
+#include <stdbool.h>
+
+struct page;
+void swap_init (void);
+void swap_in (struct page *);
+bool swap_out (struct page *);
+
+#endif /* vm/swap.h */