#!/bin/bash
# ////////////////////////////////////////////////////////////////////////////////
# //BOCA Online Contest Administrator
# //    Copyright (C) 2003-2014 by BOCA System (bocasystem@gmail.com)
# //
# //    This program is free software: you can redistribute it and/or modify
# //    it under the terms of the GNU General Public License as published by
# //    the Free Software Foundation, either version 3 of the License, or
# //    (at your option) any later version.
# //
# //    This program is distributed in the hope that it will be useful,
# //    but WITHOUT ANY WARRANTY; without even the implied warranty of
# //    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# //    GNU General Public License for more details.
# //    You should have received a copy of the GNU General Public License
# //    along with this program.  If not, see <http://www.gnu.org/licenses/>.
# ////////////////////////////////////////////////////////////////////////////////
#Last modified: 21/aug/2014 by cassio@ime.usp.br
#
# parameters are:
# $1 exe_file
# $2 input_file
# $3 timelimit (limit to run all the repetitions, by default only one repetition)
# $4 number_of_repetitions_to_run (optional, can be used for better tuning the timelimit)
# $5 maximum allowed memory (in MBytes)
# $6 maximum allowed output size (in KBytes)
#
# the output of the submission should be directed to the standard output
#
# the return code show what happened (according to safeexec):
# 0 ok
# 1 compile error
# 2 runtime error
# 3 timelimit exceeded
# 4 internal error
# 5 parameter error
# 6 internal error
# 7 memory limit exceeded
# 8 security threat
# 9 runtime error
# other_codes are unknown to boca: in this case BOCA will present the
#                                  last line of standard output to the judge

umask 0022
id -u bocajail >/dev/null 2>/dev/null
if [ $? == 0 ]; then
  bocau=$(id -u bocajail)
  bocag=$(id -g bocajail)
  chown bocajail.nogroup .
else
  bocau=$(id -u nobody)
  bocag=$(id -g nobody)
  chown nobody.nogroup .
fi
if [ "$bocau" == "" -o "$bocag" == "" ]; then
  echo "error finding user to run script"
  exit 43
fi

# this script makes use of safeexec to execute the code with less privilegies
# make sure that directories below are correct.
sf=$(which safeexec)
[ -x "$sf" ] || sf=/usr/bin/safeexec
if [ -x "../safeexec.exe" ]; then
  cp "../safeexec.exe" "safeexec.exe"
  sf="./safeexec.exe"
fi

if [ "$1" == "" -o "$2" == "" -o "$3" == "" ]; then
  echo "parameter problem"
  exit 43
fi
if [ -r run.exe ]; then
  rm -f run.jar
  cp run.exe run.jar
fi
if [ -r "$1" ]; then
  rm -f run.jar
  cp "$1" run.jar
fi
if [ ! -r run.jar ]; then
  echo "ERROR: file run.jar not found - possible error during compilation"
  exit 1
fi
name=$(basename "$1")
if [ "${name##*.}" == "class" -a "${name##*.}" == "CLASS" ]; then
  echo "WARNING: removing .class file extension"
fi
if [ "${name##*.}" == "class" ]; then
  name=$(basename "$1" .class)
fi
if [ "${name##*.}" == "CLASS" ]; then
  name=$(basename "$1" .CLASS)
fi
if [ ! -r "$2" ]; then
  echo "$2 not found (or is not in the current dir) or it's not readable"
  exit 45
fi
if [ ! -x "$sf" ]; then
  echo "$sf not found or it's not executable"
  exit 46
fi

time=$3
rtime=$(awk "BEGIN {print int($time+0.9999999)}")
if [ "$rtime" -gt "0" ]; then
  let "ttime = $rtime * 4"
else
  time=1
  ttime=4
fi

nruns=1
if [ "$4" != "" ]; then
  if [ "$4" -gt "1" ]; then
    echo "WARNING: nruns is set to $4, but it will be ignored because it's not supported by interactive problems"
  fi
fi
maxm=512000
if [ "$5" != "" ]; then
  if [ "$5" -gt "0" ]; then
    maxm=${5}000
  fi
fi
let "maxms = $maxm / 10"
maxf=1024
if [ "$6" != "" ]; then
  if [ "$6" -gt "0" ]; then
    maxf=${6}
  fi
fi

cp "$2" stdin0 2>/dev/null
cp "$1" run.exe 2>/dev/null
cp ../interactor.exe interactor.exe 2>/dev/null

cdir=$(pwd)
echo "Current directory is $cdir -- chrooting on it" >&2

### START OF BOCA RUN COMMAND
cat >runit.sh <<"EOF"
#!/bin/bash
# $1 is cdir
# $2 is sf

cdir=$1
shift
sf=$1
shift
ttime=$1
shift

# Add 1 second to the wall TL of the interactor to be safe.
ittime=$(($ttime + 1))

cd "$cdir"

# Ensure fifos are created and given access to.
mkfifo fifo.in fifo.out
chmod 666 fifo.in fifo.out
chown nobody fifo.in fifo.out

# Ensure interactor's side input and output can't be read by solution.
touch stdin0 stdout0 interactor.stderr
chmod 640 stdin0 stdout0 interactor.stderr

echo "Running solution with safeexec params $@" >&2

# Execute interactor in a memory-limited shell to ensure a misbehaved interactor
# doesn't starve the system.
cat >runit_wrapper.sh <<"WRAPPERFOF"
#!/bin/bash
# SIGTERM after ttime, SIGKILL after extra 5 seconds.
(sleep $1; kill -TERM -$$; sleep 5; kill -9 -$$) 2>/dev/null &
ulimit -v 1024000 && exec ./interactor.exe "stdin0" "stdout0"
exit $?
WRAPPERFOF
chmod 755 runit_wrapper.sh
./runit_wrapper.sh $ittime <fifo.out >fifo.in 2>interactor.stderr &
INTPID=$!

"$sf" -ofifo.out -ififo.in "$@" 2>safeexec.sf.stderr &
SFPID=$!

ECINT=0
ECSF=0

echo "interactor pid $INTPID" >>stderr0
echo "solution pid $SFPID" >>stderr0

wait -p EXITID -n $SFPID $INTPID
ECEXIT=$?
if [[ $ECEXIT -ne 0 ]]; then
  kill -SIGTERM $SFPID $INTPID 2>/dev/null
fi

EXITFIRST=none
if [[ $EXITID -eq $INTPID ]]; then
  # In case the interactor exits first, we can just wait for the solution to finish.
  # It will certainly finish at some point since it's running inside a constrained
  # safeexec environment.
  wait $SFPID
  ECSF=$?
  ECINT=$ECEXIT
  EXITFIRST=interactor
else
  # When solution exits first, we're sure that it ACTUALLY finished first.
  # So, in case of non-zero exit code, we probably already halted the interactor.
  # Otherwise, let's wait for it for a maximum of wall time and then halt it to ensure
  # a misbehaved interactor doesn't hang the entire judge.
  wait $INTPID
  ECINT=$?
  ECSF=$ECEXIT
  EXITFIRST=solution
fi

echo "interactor exitcode $ECINT" >>stderr0
echo "solution exitcode $ECSF" >>stderr0
echo "exit first $EXITFIRST" >>stderr0

# Recover permissions.
chmod 644 stdin0 stdout0

# SAFEEXEC STDERR
echo "== <safeexec solution stderr> ==" >>stderr0
cat safeexec.sf.stderr >>stderr0
echo "== </safeexec solution stderr> ==" >>stderr0

# INTERACTOR STDERR
echo "== <interactor stderr> ==" >>stderr0
cat interactor.stderr >>stderr0 2>/dev/null
echo "== </interactor stderr> ==" >>stderr0
###

JUDGE_ERROR=4
finish() {
  echo "exitting from runit.sh with exit code $1" >>stderr0
  rm -rf fifo.in fifo.out
  exit $1
}

# Solution RTE, for checking purposes, is defined as any safeexec non-zero exit code, except for TLE or MLE.
is_solution_rte() {
  if [[ $1 -eq 0 ]]; then
    false
    return
  fi

  # In case of TLE or MLE, we don't consider as RTE.
  if [[ $1 -eq 3 ]] || [[ $1 -eq 7 ]]; then
    false
    return
  fi
  true
}

# Interactor RTE, for checking purposes, is defined as any non-zero exit code, except for SIGTERM or SIGPIPE, or exit codes
# reserved for testlib.
is_interactor_rte() {
  if [[ $1 -eq 0 ]] || [[ $1 -eq 143 ]] || [[ $1 -eq 141 ]]; then
    false
    return
  fi

  if [[ $1 -ge 1 ]] && [[ $1 -le 4 ]]; then
    false
    return
  fi

  true
}

# Check for interactor errors.
check_interactor() {
  local EC=$ECINT
  if [[ $EC -eq 0 ]]; then
    return
  fi

  if [[ $EC -ge 1 ]] && [[ $EC -le 4 ]]; then
    echo "testlib returned WA-like exitcode $EC" >>stderr0
    echo "testlib exitcode $EC" >stdout0
    finish 0
  fi

  finish $JUDGE_ERROR
}

# 0. Interactor has crashed?
if is_interactor_rte $ECINT; then
  echo "interactor EXITED WITH NON-ZERO CODE $ECINT" >>stderr0
  finish $JUDGE_ERROR
fi

# 1. Solution has exceed limits?
if [[ $ECSF -eq 3 ]] || [[ $ECSF -eq 7 ]]; then
  finish $ECSF
fi

# 2. Check for interactor errors.
# TODO: Maybe one day get rid of "wrong output format" check with extra fifos.
if ([[ $EXITFIRST == "interactor" ]] || is_solution_rte $ECSF) && ! cat stderr0 | grep -q "wrong output format Unexpected end of file"; then
  check_interactor
fi

# 3. Check for solution errors.
if [[ $ECSF -ne 0 ]]; then
  finish $ECSF
fi

# 4. Check for interactor without looking at solution output.
check_interactor

# 5. Finish with zero and later check output.
finish 0

EOF
chmod 755 runit.sh

ret=0
echo $cdir | grep -q "/bocajail"
if [ $? -eq 0 ]; then
  cdir=$(echo $cdir | sed "s/.*\/bocajail//")
  cat <<EOF >runch.sh
  #!/bin/bash
  cd "$cdir"
  [ -f /proc/cpuinfo ] || /bin/mount -t proc proc /proc
  [ -d /sys/kernel ] || /bin/mount -t sysfs sysfs /sys
  java=$(which java)
  [ -x "\$java" ] || java=/usr/bin/java
  if [ ! -x "\$java" ]; then
      echo "\$java not found or it's not executable"
      exit 47
  fi
  ./runit.sh "$cdir" "$sf" "$ttime" -r$nruns -t$time -T$ttime -F256 -u256 -U$bocau -G$bocag -n0 -C. -f20000 -d20000000 -m20000000 -- "\$java" -jar run.jar -Xmx${maxm}K -Xss${maxms}K -Xms${maxm}K
  retval=\$?
  echo \$retval > runch.exitcode
  if [ ! -d /bocajail ]; then
    /bin/umount /proc 2>/dev/null
    /bin/umount /sys 2>/dev/null
  fi
  rm -rf fifo.in fifo.out
EOF
  chmod 755 runch.sh
  chroot /bocajail $cdir/runch.sh
  if [ -r runch.exitcode ]; then
    ret=$(cat runch.exitcode)
  fi
  if [ "$ret" == "" ]; then
    echo "Execution error - check autojudging"
    exit 49
  fi
else
  echo "ERROR: CODE NOT BEING CHROOTED. DO NOT RUN THIS ON THE MAIN SERVER" >&2
  exit 48
fi
### END OF BOCA RUN COMMAND

if [ $ret -gt 10 ]; then
  echo "execution error with code $ret" >&2
  if [ -r stderr0 ]; then
    grep -q "not find or load main class" stderr0
    if [ $? == 0 ]; then
      echo "> > > Nonzero return code - possible class name mismatch - do check < < <"
    else
      echo "> > > Nonzero return code - possible runtime error - do check < < <"
    fi
    ret=9
  fi
fi
if [ -f stdout0 ]; then
  cat stdout0
fi
exit $ret
