Project 17: Capstone - Your Own Shell

Integrate all subsystems into a complete shell with your own design philosophy.

Quick Reference

Attribute	Value
Difficulty	Level 5: Master (The First-Principles Wizard)
Time Estimate	1-3 months
Main Programming Language	C or Rust
Alternative Programming Languages	Zig, Go
Coolness Level	Level 5: Pure Magic (Super Cool)
Business Potential	4. The “Open Core” Infrastructure (Enterprise Scale)
Prerequisites	all previous projects, testing discipline, UX sensibility
Key Topics	integration, performance, design trade-offs

---

1. Learning Objectives

By completing this project, you will:

1. Explain and implement integration in the context of a shell.
2. Build a working capstone - your own shell that matches the project specification.
3. Design tests that validate correctness and edge cases.
4. Document design decisions, trade-offs, and limitations.

---

2. All Theory Needed (Per-Concept Breakdown)

System Integration, Architecture, and Performance Trade-offs

Fundamentals A complete shell is the integration of multiple subsystems: lexing, parsing, expansion, execution, job control, line editing, and persistence. Each subsystem is individually manageable, but integration introduces new failure modes and performance bottlenecks. A solid architecture separates concerns with clear interfaces while still allowing fast, low-latency interactive performance. The capstone project is about making these parts work together as a coherent system.

Deep Dive into the concept Integration starts with data flow: input bytes become tokens, tokens become an AST, the AST becomes execution plans, and execution updates shell state. Each stage must preserve the information needed by the next stage. For example, the lexer must annotate quoting so expansion can behave correctly; the parser must attach redirections to command nodes so the executor can apply them; the executor must return exit statuses so the control-flow interpreter can make decisions. If any stage drops information, later stages will guess and produce incorrect behavior.

Performance is another integration constraint. The shell’s interactive loop should feel instantaneous, even under heavy use. This means the hot path—reading input, parsing, and launching commands—must avoid expensive allocations and unnecessary copying. Keeping AST nodes small, using arena allocators, and reusing buffers can help. At the same time, you must not sacrifice correctness. The correct strategy is to make the design modular first and then profile the hot path to identify bottlenecks.

Testing and determinism are critical when subsystems interact. Each subsystem should have its own unit tests, but integration tests are what reveal the real bugs: pipelines with redirections inside compound commands, background jobs combined with &&, or signals arriving during parsing. You should design a test harness that can run deterministic scenarios with fixed inputs and compare outputs and exit codes against a reference shell. This is especially important when you introduce interactive features like line editing or job control, which are hard to test without automation.

A good architecture includes explicit state objects: a ShellState for variables, options, and jobs; an ExecContext for file descriptor state and environment; and a ParserState for tokens and error recovery. These contexts should be passed explicitly rather than accessed via globals. This makes the system more testable and helps you reason about who owns which piece of state.

Trade-offs are inevitable. For example, you might choose to delay expansion until execution time to preserve quoted segments, or you might expand earlier to simplify parsing. You might run built-ins in the parent by default but spawn children for built-ins in pipelines. You might prefer to strictly follow POSIX rules or adopt modern shell behaviors. Each decision should be documented with rationale and tested. A mature shell is as much about principled decisions as it is about code.

How this fits on projects Integration is the capstone that turns all previous subsystem projects into a cohesive, usable shell.

Definitions & key terms

• Subsystem: A distinct part of the shell (parser, executor, etc.).
• Hot path: Code that runs on every user command.
• Integration test: Test that spans multiple subsystems.
• Architecture boundary: Interface between subsystems.

Mental model diagram

Input -> Lexer -> Parser -> Expander -> Executor -> Jobs -> Prompt

How it works (step-by-step)

1. Define clear interfaces between subsystems.
2. Integrate one subsystem at a time, adding tests.
3. Build an integration harness for full command lines.
4. Profile and optimize the hot path.
5. Document trade-offs and behaviors.

Minimal concrete example

Parsing -> AST -> Execution -> Exit status -> Prompt

Common misconceptions

• “If each part works, integration will work” -> interactions create new bugs.
• “Performance can be ignored until later” -> architecture affects performance.
• “Global state is easiest” -> it reduces testability and clarity.

Check-your-understanding questions

1. Why do integration tests reveal bugs missed by unit tests?
2. What is the hot path in a shell?
3. How does architecture affect performance?

Check-your-understanding answers

1. Because features interact in complex ways that unit tests miss.
2. The REPL loop: read, parse, execute, prompt.
3. Data structures and copying decisions determine latency.

Real-world applications

• Building production shells (bash, zsh, fish).
• Designing any interactive language runtime.

Where you’ll apply it

• In this project: see §4 Solution Architecture and §10 Resources.
• Also used in: None

References

• “Clean Architecture” (component boundaries).
• “Designing Data-Intensive Applications” (system design patterns).

Key insights Integration is where correctness, performance, and UX all collide.

Summary The capstone is about orchestrating subsystems into a coherent whole while maintaining speed, correctness, and clear design decisions.

Homework/Exercises to practice the concept

1. Build a diagram of your shell subsystems and their interfaces.
2. Write an integration test that includes parsing, expansion, and execution.
3. Profile a command-heavy workload and note the slowest steps.

Solutions to the homework/exercises

1. Identify lexer/parser/expander/executor/job-control boundaries.
2. Use a script to run commands and compare outputs.
3. Measure timing around parse and exec, optimize iteratively.

POSIX Compliance and Conformance Testing

Fundamentals POSIX defines a standard shell language with specific rules for parsing, expansion, redirection, built-ins, and exit status. A POSIX-compliant shell must follow these rules precisely and pass conformance tests. This is not just about syntax; it is about detailed semantics like expansion order, special built-ins, and error handling. Implementing POSIX behavior forces you to resolve ambiguities and document deviations.

Deep Dive into the concept The POSIX Shell Command Language specification is precise and often surprising. For example, expansion occurs in a defined order: tilde expansion, parameter expansion, command substitution, arithmetic expansion, field splitting, pathname expansion, and quote removal. If you change this order, scripts that rely on it will behave differently. POSIX also defines how special built-ins behave in scripts: if a special built-in fails, the shell may exit. This affects error handling and makes the built-in table more than just a list of commands.

POSIX grammar is extensive. It includes simple commands, pipelines, &&/||, lists, and compound commands like if, case, for, while, until, and subshells. The grammar allows redirections in multiple positions and imposes rules for reserved words. Implementing this faithfully requires a parser that distinguishes keywords by context, handles line continuation, and recovers from errors in a non-interactive context by exiting with status 2 for syntax errors.

Testing for compliance is a project in itself. There are public test suites (like sh tests from POSIX or those used by dash) that run thousands of cases. A good strategy is to build a test harness that runs these tests and captures failing cases, then reproduce failures in isolation. Many failures are subtle edge cases involving quoting, expansion, or error handling. Keeping a behavior table that compares your shell to a reference implementation (like dash) helps you decide whether to match POSIX or intentionally diverge.

Performance and correctness must both be considered. A naive implementation might be correct but slow, especially for expansion-heavy scripts. Conversely, optimizing prematurely can introduce bugs. The right approach is to implement correctness first, then profile. POSIX compliance is a long-term effort; you will likely iterate, fix, and re-test many times.

How this fits on projects POSIX compliance is the integration point for every shell subsystem. It validates that your parsing, expansion, and execution rules work together correctly.

Definitions & key terms

• POSIX: Portable Operating System Interface standard.
• Special built-in: Built-ins with special error semantics.
• Expansion order: Defined sequence for applying expansions.
• Conformance test: Test suite validating specification compliance.

Mental model diagram

Spec -> Implementation -> Test Suite -> Failures -> Fixes

How it works (step-by-step)

1. Implement POSIX grammar and expansion order.
2. Build a test harness to run conformance suites.
3. Compare output and exit status against reference shells.
4. Fix failing cases and document differences.
5. Repeat until tests pass.

Minimal concrete example

$ var="a b"; echo $var
# POSIX: expands, then field splits -> two words

Common misconceptions

• “POSIX is just syntax” -> it defines detailed semantics.
• “Bash behavior is POSIX” -> bash includes many extensions.
• “Passing a few tests is enough” -> compliance requires broad coverage.

Check-your-understanding questions

1. Why does expansion order matter?
2. What is a “special built-in”?
3. Why use dash as a reference?

Check-your-understanding answers

1. It changes how words and globbing are produced.
2. A built-in with special error rules defined by POSIX.
3. dash is a minimal, close-to-POSIX shell.

Real-world applications

• System scripts that rely on POSIX sh behavior.
• Build tools that invoke /bin/sh.

Where you’ll apply it

• In this project: see §3.2 Functional Requirements and §6 Testing Strategy.
• Also used in: P15 POSIX-Compliant Shell

References

• POSIX Shell Command Language (The Open Group).
• dash source code and test suites.

Key insights POSIX compliance is about semantic fidelity, not just syntax matching.

Summary Conformance requires careful implementation, detailed testing, and a willingness to chase edge cases until behavior matches the standard.

Homework/Exercises to practice the concept

1. Read the POSIX section on expansion order and summarize it.
2. Run a POSIX shell test suite against your shell.
3. Document three differences between your shell and dash.

Solutions to the homework/exercises

1. List the order: tilde, parameter, command, arithmetic, split, glob, quote removal.
2. Build a script harness that runs tests and logs failures.
3. Compare outputs and exit statuses on selected edge cases.

Process Creation and Exec Lifecycle

Fundamentals A Unix shell is a long-running parent process that repeatedly creates child processes to run external commands. The split between fork() and execve() is the foundation: fork() clones the current process so the child inherits memory, file descriptors, environment, and current working directory, while execve() replaces the child image with a new program. This separation is why a shell can set up redirections, pipelines, and signal dispositions before launching a program. It is also why built-ins must run in the parent: only the parent can change the shell’s own state (like its directory or variables). If you understand when the parent waits, when it does not, and what the child inherits, you can predict how any shell command behaves. This concept is the root of process orchestration and almost every other shell feature.

Deep Dive into the concept The process lifecycle in a shell is a choreography between parent and child processes that must be deterministic, observable, and correct under failure. When the shell reads a command, it first decides whether the command is a built-in or an external program. Built-ins execute in the parent and therefore can mutate shell state. For external commands, the shell calls fork(). Internally, fork() creates a new task by duplicating the parent’s address space, file descriptor table, signal dispositions, and working directory. Modern kernels implement this with copy-on-write, so the child’s memory is not physically copied until it changes. From the shell’s perspective, fork() returns twice: once in the parent with the child PID, and once in the child with return value 0. This dual return is what allows the same code path to branch into parent logic versus child logic.

Once in the child, the shell must prepare the execution environment. This is where file descriptor wiring happens: dup2() to connect pipes or redirected files onto STDIN_FILENO, STDOUT_FILENO, and STDERR_FILENO; close() to remove unused descriptors; and chdir() if the command is a subshell with a different working directory. The child must also reset signal handlers to default for signals like SIGINT and SIGTSTP if the parent shell ignores them. Failure to do this leaves child programs “immune” to Ctrl+C because they inherit the shell’s ignored handlers. The child may also join or create a process group when pipelines or job control are involved, which matters for terminal control and signal delivery. Only after the environment is correct does the child call execve() (or execvp() for PATH lookup). At that point, the program image is replaced; the child’s memory, stack, and code become the new program, but the file descriptor table and environment remain as you configured them.

The parent does not disappear. It either waits for the child (foreground execution) or returns immediately (background execution). Waiting is done with waitpid(), which reports how the child finished: a normal exit (WIFEXITED) with an exit code, or a signal termination (WIFSIGNALED) with the terminating signal. Shells interpret these status codes to update $? and to print diagnostic messages like “Terminated by signal 9”. A robust shell handles interrupted waits (EINTR) and reaps all children to avoid zombies. In interactive shells, a SIGCHLD handler often records child state changes and wakes the main loop so that completed background jobs are announced promptly.

Failure handling is a central part of the lifecycle. If fork() fails (out of memory or process limit), the shell must report an error and continue running. If execve() fails, the child must print an error and exit with a defined status (commonly 127 for “command not found” and 126 for “found but not executable”). This behavior is relied upon by scripts, so the shell must be consistent. The parent should not attempt to recover from a failed exec by continuing in the child; the child must exit to avoid running shell code in an unexpected state.

Finally, remember that the execution environment is more than variables: it includes umask, current directory, signal mask, resource limits, and open file descriptors. A shell that incorrectly preserves or resets any of these will behave differently from the system shells you are comparing against. For example, if you forget to set close-on-exec on internal file descriptors, a child process might inherit unexpected descriptors, causing hangs (pipes never closing) or security leaks (files exposed). These subtle lifecycle details distinguish toy shells from robust ones.

How this fits on projects This concept is central to command execution, pipelines, redirection, and job control, so it appears in almost every project that launches external programs.

Definitions & key terms

• fork(): Clone the current process into a child process.
• execve(): Replace the current process image with a new program.
• waitpid(): Wait for a child process to change state.
• Zombie: A terminated child that has not been reaped.
• Copy-on-write: Memory optimization where pages are copied only when written.

Mental model diagram

Parent Shell
   |
   | fork()
   v
Child Shell -- set fds/signals -- execve("/bin/ls")
   |
   | exit(status)
   v
Parent waits -> collects status -> updates $?

How it works (step-by-step)

1. Parse the command into a simple command node.
2. Classify: built-in/function vs external.
3. Fork a child if external. Invariant: parent must not block unless foreground.
4. Child setup: apply redirections, reset signals, set process group if needed.
5. Exec the program image. Failure mode: execve returns with errno.
6. Parent waits for foreground child or records job for background.
7. Update $? and job table; reap zombies. Failure mode: missed waitpid().

Minimal concrete example

pid_t pid = fork();
if (pid == 0) {
// Child: replace image
execlp("ls", "ls", "-l", NULL);
perror("exec failed");
_exit(127);
}
int status;
waitpid(pid, &status, 0);
printf("status=%d\n", WEXITSTATUS(status));

Common misconceptions

• “fork runs the program” -> fork() only clones; exec() runs the program.
• “exit status is boolean” -> only 0 is success; non-zero encodes errors.
• “child changes affect parent” -> changes are isolated after fork().

Check-your-understanding questions

1. Why must a shell use fork() before execve() for external commands?
2. What happens if a parent never calls waitpid() for a child?
3. Why do shells reset signal handlers in the child before exec()?

Check-your-understanding answers

1. The shell must keep running; execve() replaces the current process.
2. The child becomes a zombie until it is reaped.
3. Otherwise the child inherits ignored signals and cannot be controlled.

Real-world applications

• Interactive shells (bash, dash, zsh).
• Process supervisors and daemons that spawn workers.
• Build systems that run many external commands.

Where you’ll apply it

• In this project: see §3.2 Functional Requirements and §5.10 Phase 2.
• Also used in: P01 Minimal Command Executor, P05 Pipeline System, P06 I/O Redirection Engine, P08 Signal Handler

References

• “Advanced Programming in the UNIX Environment” (Process Control).
• “The Linux Programming Interface” (Process and exec chapters).
• POSIX Shell Command Language (execution environment).

Key insights A shell is primarily a process orchestrator, not a program runner.

Summary Understanding the fork/exec lifecycle gives you the ability to predict how shell commands behave and why the shell can keep control while running external programs.

Homework/Exercises to practice the concept

1. Write a launcher that runs a command and prints the exit status.
2. Add a flag to run the command in the background without waiting.
3. Use strace -f or dtruss to observe fork/exec/wait.

Solutions to the homework/exercises

1. Use fork(), execvp(), waitpid(), and WEXITSTATUS.
2. Skip waitpid() for background and add a SIGCHLD reaper.
3. Trace system calls and confirm the sequence matches your mental model.

---

3. Project Specification

3.1 What You Will Build

A full shell that combines parsing, execution, job control, and UX features.

Included:

• Core feature set described above
• Deterministic CLI behavior and exit codes

Excluded:

• None; this is the capstone.

3.2 Functional Requirements

1. Requirement 1: Integrate lexing, parsing, expansion, execution, and job control.
2. Requirement 2: Provide an interactive UX (line editing, history, completion).
3. Requirement 3: Support scripts and core built-ins.
4. Requirement 4: Define and document your unique features.
5. Requirement 5: Deliver a test suite and performance metrics.

3.3 Non-Functional Requirements

• Performance: Interactive latency under 50ms for typical inputs; pipeline setup should scale linearly.
• Reliability: No crashes on malformed input; errors reported clearly with non-zero status.
• Usability: Clear prompts, deterministic behavior, and predictable error messages.

3.4 Example Usage / Output

Your shell is usable by real people. It runs commands, supports pipelines, handles signals, and includes your signature features.

$ ./my_shell
my> help
my> ls | where size > 10kb | sort-by modified
my> ./configure && make -j4
my> exit

3.5 Data Formats / Schemas / Protocols

• Architecture diagrams, behavior tables, and benchmark results.

3.6 Edge Cases

• Subsystem conflicts
• Performance regressions
• Ambiguous behavior

3.7 Real World Outcome

This is the exact behavior you should be able to demonstrate.

3.7.1 How to Run (Copy/Paste)

• make
• ./my_shell

3.7.2 Golden Path Demo (Deterministic)

$ ./my_shell
my> help
my> ls | where size > 10kb | sort-by modified
my> ./configure && make -j4
my> exit

3.7.3 Failure Demo (Deterministic)

$ ./my_shell
mysh> not_a_command
mysh> echo $?
127

---

4. Solution Architecture

4.1 High-Level Design

[Input] -> [Parser/Lexer] -> [Core Engine] -> [Executor/Output]

4.2 Key Components

Component	Responsibility	Key Decisions
Shell Core	Integrates parser, expander, executor	Clear interfaces.
UX Layer	Line editor, history, completion	Low-latency interaction.
Test Harness	Integration tests and benchmarks	Deterministic runs.

4.4 Data Structures (No Full Code)

struct Shell { struct Parser *p; struct Executor *e; struct State *s; };

4.4 Algorithm Overview

Key Algorithm: Integration Loop

1. Read input
2. Parse
3. Execute
4. Prompt

Complexity Analysis:

• Time: O(n) per command
• Space: O(n) per command

---

5. Implementation Guide

5.1 Development Environment Setup

# install dependencies (if any)
# build
make

5.2 Project Structure

project-root/
├── src/
│   ├── main.c
│   ├── lexer.c
│   └── executor.c
├── tests/
│   └── test_basic.sh
├── Makefile
└── README.md

5.3 The Core Question You’re Answering

What should a shell be in 2026, and how do I prove it works?

5.4 Concepts You Must Understand First

Stop and research these before coding:

1. Systems integration
2. UX design
3. Testing strategy

5.5 Questions to Guide Your Design

5.6 Thinking Exercise

The “One Feature” Problem

If you could add only one new feature to shell design, what would it be and why?

5.7 The Interview Questions They’ll Ask

5.8 Hints in Layers

Hint 1: Write a design doc first Define scope, syntax, and compatibility goals.

Hint 2: Start from a working baseline Integrate projects 1-14 before adding unique features.

Hint 3: Build a test harness Use golden outputs and run conformance tests.

Hint 4: Document behavior Write clear docs about differences from POSIX shells.

5.9 Books That Will Help

Topic	Book	Chapter
Systems integration	“Advanced Programming in the UNIX Environment”	Ch. 8-10
UX	“Effective Shell”	Ch. 7
Architecture	“Clean Architecture”	Ch. 5-8

5.10 Implementation Phases

Phase 1: Foundation (2-3 days)

Goals:

• Define data structures and interfaces
• Build a minimal end-to-end demo

Tasks:

1. Implement the core data structures
2. Build a tiny CLI or harness for manual tests

Checkpoint: A demo command runs end-to-end with clear logging.

Phase 2: Core Functionality (1 week)

Goals:

• Implement full feature set
• Validate with unit tests

Tasks:

1. Implement core requirements
2. Add error handling and edge cases

Checkpoint: All functional requirements pass basic tests.

Phase 3: Polish & Edge Cases (2-4 days)

Goals:

• Harden for weird inputs
• Improve UX and documentation

Tasks:

1. Add edge-case tests
2. Document design decisions

Checkpoint: Deterministic golden demo and clean error output.

5.11 Key Implementation Decisions

Decision	Options	Recommendation	Rationale
Parsing depth	Minimal vs full	Incremental	Start small, expand safely
Error policy	Silent vs verbose	Verbose	Debuggability for learners

---

6. Testing Strategy

6.1 Test Categories

Category	Purpose	Examples
Unit Tests	Test individual components	Tokenizer, matcher, env builder
Integration Tests	Test component interactions	Full command lines
Edge Case Tests	Handle boundary conditions	Empty input, bad args

6.2 Critical Test Cases

1. Golden Path: Run the canonical demo and verify output.
2. Failure Path: Provide invalid input and confirm error status.
3. Stress Path: Run repeated commands to detect leaks or state corruption.

6.3 Test Data

input: echo hello
output: hello

---

7. Common Pitfalls & Debugging

7.1 Frequent Mistakes

Pitfall	Symptom	Solution
Misordered redirection	Output goes to wrong place	Apply redirections left-to-right
Leaked file descriptors	Commands hang waiting for EOF	Close unused fds in parent/child
Incorrect exit status	&&/|| behave wrong	Use waitpid macros correctly

7.2 Debugging Strategies

• Trace syscalls: Use strace/dtruss to verify fork/exec/dup2 order.
• Log state transitions: Print parser states and job table changes in debug mode.
• Compare with dash: Run the same input in a reference shell.

7.3 Performance Traps

• Avoid O(n^2) behavior in hot paths like line editing.
• Minimize allocations inside the REPL loop.

---

8. Extensions & Challenges

8.1 Beginner Extensions

• Add a help built-in with usage docs.
• Add colored prompt themes.

8.2 Intermediate Extensions

• Add a simple profiling mode for command timing.
• Implement a which built-in using PATH lookup.

8.3 Advanced Extensions

• Add programmable completion or plugin system.
• Add a scriptable test harness with golden outputs.

---

9. Real-World Connections

9.1 Industry Applications

• Build systems: shells orchestrate compilation and test pipelines.
• DevOps automation: scripts manage deployments and infrastructure.

9.2 Related Open Source Projects

• bash: The most common interactive shell.
• dash: Minimal POSIX shell often used as /bin/sh.
• zsh: Feature-rich interactive shell.

9.3 Interview Relevance

• Process creation and lifecycle questions.
• Parsing and system programming design trade-offs.

---

10. Resources

10.1 Essential Reading

• All of the above, plus your creativity - focus on the chapters relevant to this project.
• “Advanced Programming in the UNIX Environment” - process control and pipes.

10.2 Video Resources

• Unix process model lectures (any OS course).
• Compiler front-end videos for lexing/parsing projects.

10.3 Tools & Documentation

• strace/dtruss: inspect syscalls.
• man pages: fork, execve, waitpid, pipe, dup2.

10.4 Related Projects in This Series

• P01 Minimal Command Executor
• P05 Pipeline System

---

11. Self-Assessment Checklist

11.1 Understanding

• I can explain the core concept without notes.
• I can trace a command through my subsystem.
• I understand at least one key design trade-off.

11.2 Implementation

• All functional requirements are met.
• All critical tests pass.
• Edge cases are handled cleanly.

11.3 Growth

• I documented lessons learned.
• I can explain this project in an interview.

---

12. Submission / Completion Criteria

Minimum Viable Completion:

• Core feature works for the golden demo.
• Errors are handled with non-zero status.
• Code is readable and buildable.

Full Completion:

• All functional requirements met.
• Tests cover edge cases and failures.

Excellence (Going Above & Beyond):

• Performance benchmarks and clear documentation.
• Behavior compared against a reference shell.