prez4_operacni_systemy principles and fundamentals

Operating Systems:
Principles and Practice
Original slides by: Tom Anderson
https://homes.cs.washington.edu/~tom/Slides/slides.html

Further reading
https://d3s.mff.cuni.cz/files/teaching/nswi004/text.pdf
https://d3s.mff.cuni.cz/teaching/nswi004/
https://homes.cs.washington.edu/~tom/Slides/slides.html

What is an
operating system?
• Software to
manage a
computer’s
resources for its
users and
applications

Operating System Roles
• Referee:
– Resource allocation among users, applications
– Isolation of different users, applications from each other
– Communication between users, applications
• Illusionist
– Each application appears to have the entire machine to
itself
– Infinite number of processors, (near) infinite amount of
memory, reliable storage, reliable network transport
• Glue
– Libraries, user interface widgets, …

Example: File Systems
• Referee
– Prevent users from accessing each other’s files
without permission
– Even after a file is deleting and its space re-used
• Illusionist
– Files can grow (nearly) arbitrarily large
– Files persist even when the machine crashes in the
middle of a save
• Glue
– Named directories, printf, …

Question
• What (hardware, software) do you need to be
able to run an untrustworthy application?
– Memory protection
– Interrupt running application
– Privileged mode (OS)

Question
• How should an operating system allocate
processing time between competing uses?
– Give the CPU to the first to arrive?
– To the one that needs the least resources to
complete? To the one that needs the most
resources?

OS Challenges
• Reliability
– Does the system do what it was designed to do?
• Availability
– What portion of the time is the system working?
– Mean Time To Failure (MTTF), Mean Time to Repair
• Security
– Can the system be compromised by an attacker?
• Privacy
– Data is accessible only to authorized users

OS Challenges
• Portability
– For programs:
• Application programming
interface (API)
• Abstract virtual machine
(AVM)
– For the operating system
• Hardware abstraction
layer

OS Challenges
• Performance
– Latency/response time
• How long does an operation take to complete?
– Throughput
• How many operations can be done per unit of time?
– Overhead
• How much extra work is done by the OS?
– Fairness
• How equal is the performance received by different users?
– Predictability
• How consistent is the performance over time?

Early Operating Systems:
Computers Very Expensive
• One application at a time
– Had complete control of hardware
– OS was runtime library
– Users would stand in line to use the computer
• Batch systems
– Keep CPU busy by having a queue of jobs
– OS would load next job while current one runs
– Users would submit jobs, and wait, and wait, and

Time-Sharing Operating Systems:
Computers and People Expensive
• Multiple users on computer at same time
– Multiprogramming: run multiple programs at
same time
– Interactive performance: try to complete
everyone’s tasks quickly
– As computers became cheaper, more important to
optimize for user time, not computer time

Challenge: Protection
• How do we execute code with restricted
privileges?
– Either because the code is buggy or if it might be
malicious
• Some examples:
– A script running in a web browser
– A program you just downloaded off the Internet
– A program you just wrote that you haven’t tested
yet

Main Points
• Process concept
– A process is the OS abstraction for executing a
program with limited privileges
• Dual-mode operation: user vs. kernel
– Kernel-mode: execute with complete privileges
– User-mode: execute with fewer privileges
• Safe control transfer
– How do we switch from one mode to the other?

Process Abstraction
• Process: an instance of a program, running
with limited rights
– Thread: a sequence of instructions within a
process
• Potentially many threads per process (for now 1:1)
– Address space: set of rights of a process
• Memory that the process can access
• Other permissions the process has (e.g., which system
calls it can make, what files it can access)

Thought Experiment
• How can we implement execution with limited
privilege?
– Execute each program instruction in a simulator
– If the instruction is permitted, do the instruction
– Otherwise, stop the process
– Basic model in Javascript and other interpreted
languages
• How do we go faster?
– Run the unprivileged code directly on the CPU!

Hardware Support:
Dual-Mode Operation
• Kernel mode
– Execution with the full privileges of the hardware
– Read/write to any memory, access any I/O device,
read/write any disk sector, send/read any packet
• User mode
– Limited privileges
– Only those granted by the operating system kernel
• On the x86, mode stored in EFLAGS register
• On the MIPS, mode in the status register

A CPU with Dual-Mode Operation

Hardware Support:
Dual-Mode Operation
• Privileged instructions
– Available to kernel
– Not available to user code
• Limits on memory accesses
– To prevent user code from overwriting the kernel
• Timer
– To regain control from a user program in a loop
• Safe way to switch from user mode to kernel
mode, and vice versa

Privileged instructions
• Examples?
– Change mode bit in EFLAGs register!
– Change which memory locations a user program
can access
– Send commands to I/O devices
– Read data from/write data to I/O devices
– Jump into kernel code

Mode Switch
• From user mode to kernel mode
– Interrupts
• Triggered by timer and I/O devices
– Exceptions
• Triggered by unexpected program behavior
• Or malicious behavior!
– System calls (aka protected procedure call)
• Request by program for kernel to do some operation on
its behalf
• Only limited # of very carefully coded entry points

Device Interrupts
• OS kernel needs to communicate with physical
devices
• Devices operate asynchronously from the CPU
– Polling: Kernel waits until I/O is done
– Interrupts: Kernel can do other work in the meantime
• Device access to memory
– Programmed I/O: CPU reads and writes to device
– Direct memory access (DMA) by device
– Buffer descriptor: sequence of DMA’s
• E.g., packet header and packet body
– Queue of buffer descriptors
• Buffer descriptor itself is DMA’ed

System Calls
• Creating and managing processes
– fork, exec, wait
• Performing I/O
– open, read, write, close
• Communicating between processes
– pipe, dup, select, connect

Mode Switch
• From kernel mode to user mode
– New process/new thread start
• Jump to first instruction in program/thread
– Return from interrupt, exception, system call
• Resume suspended execution
– Process/thread context switch
• Resume some other process
– User-level upcall (UNIX signal)
• Asynchronous notification to user program

How do we take interrupts safely?
• Interrupt vector
– Limited number of entry points into kernel
• Atomic transfer of control
– Single instruction to change:
• Program counter
• Stack pointer
• Memory protection
• Kernel/user mode
• Transparent restartable execution
– User program does not know interrupt occurred

Interrupt Vector
• Table set up by OS kernel; pointers to code to
run on different events

Motivation
• Operating systems (and application programs)
often need to be able to handle multiple things
happening at the same time
– Process execution, interrupts, background tasks,
system maintenance
• Humans are not very good at keeping track of
multiple things happening simultaneously
• Threads are an abstraction to help bridge this
gap

Definitions
• A thread is a single execution sequence that
represents a separately schedulable task
– Single execution sequence: familiar programming
model
– Separately schedulable: OS can run or suspend a
thread at any time
• Protection is an orthogonal concept
– Can have one or many threads per protection
domain

How?
• Queue of threads ready to execute
– Schedueler select one of them and let it run on
processor for a certain time, then switch another
– Which one to select? Good question:-)
• Responsiveness, throughput, efficiency requirements
• Requirements may differ (realtime / batch / interactive)
• Priorities (static / dynamic)
• Fair share, shortest job first, Round robin,…

Thread Abstraction
• Infinite number of processors
• Threads execute with variable speed
– Programs must be designed to work with any schedule

Synchronization Motivation
• When threads concurrently read/write shared
memory, program behavior is undefined
– Two threads write to the same variable; which one
should win?
• Thread schedule is non-deterministic
– Behavior changes when re-run program
• Compiler/hardware instruction reordering
• Multi-word operations are not atomic

Too Much Milk Example
Person A Person B
12:30 Look in fridge. Out of milk.
12:35 Leave for store.
12:40 Arrive at store. Look in fridge. Out of milk.
12:45 Buy milk. Leave for store.
12:50 Arrive home, put milk away. Arrive at store.
12:55 Buy milk.
1:00 Arrive home, put milk away.
Oh no!

Definitions
Race condition: output of a concurrent program depends on the
order of operations between threads
Mutual exclusion: only one thread does a particular thing at a
time
– Critical section: piece of code that only one thread can execute
at once
Lock: prevent someone from doing something
– Lock before entering critical section, before accessing shared
data
– Unlock when leaving, after done accessing shared data
– Wait if locked (all synchronization involves waiting!)

Too Much Milk, Try #1
• Correctness property
– Someone buys if needed (liveness)
– At most one person buys (safety)
• Try #1: leave a note
if (!note)
if (!milk) {
leave note
buy milk
remove note
}

Too Much Milk, Try #2
Thread A
leave note A
if (!note B) {
if (!milk)
buy milk
}
remove note A
Thread B
leave note B
if (!noteA) {
if (!milk)
buy milk
}
remove note B

Lessons
• Solution is complicated
– “obvious” code often has bugs
• Peterson Algorithm
// Indicate the intent to enter the critical section
bIWantToEnter = true;
// Be polite and act as if it is not our
// turn to enter the critical section
iWhoseTurn = HIS_TURN;
// Wait until the other process either does not
// intend to enter the critical section or
// acts as if its our turn to enter
while (bHeWantsToEnter && (iWhoseTurn != MY_TURN)) { }
// Code of critical section comes here ...
bIWantToEnter = false;

Locks
• Lock::acquire
– wait until lock is free, then take it
• Lock::release
– release lock, waking up anyone waiting for it
1. At most one lock holder at a time (safety)
2. If no one holding, acquire gets lock (progress)
3. If all lock holders finish and no higher priority
waiters, waiter eventually gets lock (progress)

Too Much Milk, #4
Locks allow concurrent code to be much simpler:
lock.acquire();
if (!milk)
buy milk
lock.release();

Simple Memory Protection
Base and Bounds

Towards Virtual Addresses
• Problems with base and bounds?
– Expandable heap?
– Expandable stack?
– Memory sharing between processes?
– Non-relative addresses – hard to move memory
around
– Memory fragmentation
• How to get more memmory than currently
available?

Virtual Addresses
• Translation
done in
hardware,
using a table
• Table set up by
operating
system kernel

Main Points
• Address Translation Concept
– How do we convert a virtual address to a physical
address?
• Flexible Address Translation
– Base and bound
– Segmentation
– Paging
– Multilevel translation
• Efficient Address Translation
– Translation Lookaside Buffers
– Virtually and physically addressed caches

Address Translation Goals
• Memory protection
• Memory sharing
– Shared libraries, interprocess communication
• Sparse addresses
– Multiple regions of dynamic allocation (heaps/stacks)
• Efficiency
– Memory placement
– Runtime lookup
– Compact translation tables
• Portability

Paged Translation
• Manage memory in fixed size units, or pages
• Finding a free page is easy
– Bitmap allocation: 0011111100000001100
– Each bit represents one physical page frame
• Each process has its own page table
– Stored in physical memory
– Hardware registers
• pointer to page table start
• page table length

Paged Translation (Implementation)

Paging Questions
• Can we share memory between processes?
– Set entries in both page tables to point to same page
frames
– Need core map of page frames to track which
processes are pointing to which page frames (e.g.,
reference count)
• What if page size is very small?
• What if page size is very large?
– Internal fragmentation: if we don’t need all of the
space inside a fixed size chunk

Segmentation
• Segment is a contiguous region of virtual memory
• Each process has a segment table (in hardware)
– Entry in table = segment
• Segment can be located anywhere in physical
memory
– Each segment has: start, length, access permission
• Processes can share segments
– Same start, length, same/different access permissions

Segmentation
• Pros?
– Can share code/data segments between processes
– Can protect code segment from being overwritten
– Can transparently grow stack/heap as needed
– Can detect if need to copy-on-write
• Cons?
– Complex memory management
• Need to find chunk of a particular size
– May need to rearrange memory from time to time to
make room for new segment or growing segment
• External fragmentation: wasted space between chunks

Paged Segmentation
• Process memory is segmented
• Segment table entry:
– Pointer to page table
– Page table length (# of pages in segment)
– Access permissions
• Page table entry:
– Page frame
– Access permissions
• Share/protection at either page or segment-level

Paged Segmentation (Implementation)

A Preview: MIPS Address Translation
• Software-Loaded Translation lookaside buffer (TLB)
– Cache of virtual page -> physical page translations
– If TLB hit, physical address
– If TLB miss, trap to kernel
– Kernel fills TLB with translation and resumes execution
• Kernel can implement any page translation
– Page tables
– Multi-level page tables
– Inverted page tables
– …

Page/Cache Replacement Policy
• On a page/cache miss, how do we choose
which entry to replace?
– Assuming the new entry is more likely to be used
in the near future
– In direct mapped caches, not an issue!
• Policy goal: reduce cache misses
– Improve expected case performance
– Also: reduce likelihood of very poor performance

A Simple Policy
• Random?
– Replace a random entry
• FIFO?
– Replace the entry that has been in the cache the
longest time
– What could go wrong?

FIFO in Action
Worst case for FIFO is if program strides through
memory that is larger than the cache

MIN, LRU, LFU
• MIN
– Replace the cache entry that will not be used for the
longest time into the future
– Optimality proof based on exchange: if evict an entry
used sooner, that will trigger an earlier cache miss
• Least Recently Used (LRU)
– Replace the cache entry that has not been used for
the longest time in the past
– Approximation of MIN
• Least Frequently Used (LFU)
– Replace the cache entry used the least often (in the
recent past)

Clock Algorithm: Estimating LRU
• Periodically,
sweep through all
pages
• If page is unused,
reclaim
• If page is used,
mark as unused

Nth Chance: Not Recently Used
• Instead of one bit per page, keep an integer
– notInUseSince: number of sweeps since last use
• Periodically sweep through all page frames
if (page is used) {
notInUseSince = 0;
} else if (notInUseSince < N) {
notInUseSince++;
} else {
reclaim page;
}

Implementation Note
• Clock and Nth Chance can run synchronously
– In page fault handler, run algorithm to find next page to
evict
– Might require writing changes back to disk first
• Or asynchronously
– Create a thread to maintain a pool of recently unused,
clean pages
– Find recently unused dirty pages, write mods back to disk
– Find recently unused clean pages, mark as invalid and
move to pool
– On page fault, check if requested page is in pool!
– If not, evict that page

prez4_operacni_systemy principles and fundamentals

More Related Content

Similar to prez4_operacni_systemy principles and fundamentals (20)

Recently uploaded (20)

prez4_operacni_systemy principles and fundamentals

Editor's Notes