Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The 1960s definition of an operating system is the software that controls the hardware.
However, today, due to microcode we need a better definition. We see an operating system as
the programs that make the hardware useable. In brief, an operating system is the set of
programs that controls a computer. Some examples of operating systems are UNIX, Mach, MSDOS, MS-Windows, Windows/NT, Chicago, OS/2, MacOS, VMS, MVS, and VM.
Controlling the computer involves software at several levels. We will differentiate kernel
services, library services, and application-level services, all of which are part of the operating
system. Processes run Applications, which are linked together with libraries that perform
standard services. The kernel supports the processes by providing a path to the peripheral
devices. The kernel responds to service calls from the processes and interrupts from the
devices. The core of the operating system is the kernel, a control program that functions in
privileged state (an execution context that allows all hardware instructions to be executed),
reacting to interrupts from external devices and to service requests and traps from processes.
Generally, the kernel is a permanent resident of the computer. It creates and terminates
processes and responds to their request for service.
Operating Systems are resource managers. The main resource is computer hardware in the
form of processors, storage, input/output devices, communication devices, and data. Some of
the operating system functions are: implementing the user interface, sharing hardware among
users, allowing users to share data among themselves, preventing users from interfering with
one another, scheduling resources among users, facilitating input/output, recovering from
errors, accounting for resource usage, facilitating parallel operations, organizing data for secure
and rapid access, and handling network communications.
The operating system (OS) is the first thing loaded onto the computer -- without the
operating system, a computer is useless.
Operating systems can now be found on many of the devices we use every day, from
cell phones to wireless access points.
The purpose of an operating system is to organize and control hardware and software
so that the device it lives in behaves in a flexible but predictable way.
Not all computers have operating systems. The computer that controls the microwave
oven in your kitchen, for example, doesn't need an operating system. It has one set of
tasks to perform, very straightforward input to expect (a numbered keypad and a few
pre-set buttons) and simple, never-changing hardware to control.
For a computer like this, an operating system would be unnecessary baggage, driving up
the development and manufacturing costs significantly and adding complexity where
none is required. Instead, the computer in a microwave oven simply runs a single hardwired program all the time (EMBEDDED SYSTEMS).
All desktop computers have operating systems. The most common are the Windows
family of operating systems developed by Microsoft, the Macintosh operating systems
developed by Apple and the UNIX family of operating systems (which have been
developed by a whole history of individuals, corporations and collaborators). There are
hundreds of other operating systems available for special-purpose applications,
including specializations for mainframes, robotics, manufacturing, real-time control
systems and so on.
Operating system are made of portable code instead of permanent physical circuits so
that changes can be made regularly as an when required without scrapping the whole
device
For a desktop computer user, this means you can add a new security update, system
patch, new application or even an entirely new operating system rather than junk your
computer and start again with a new one when you need to make a change.
OBJECTIVES OF OPERATING SYSTEMS
Modern Operating systems generally have following three major goals. Operating systems
generally accomplish these goals by running processes in low privilege and providing service
calls that invoke the operating system kernel in high-privilege state.
TO HIDE DETAILS OF HARDWARE BY CREATING ABSTRACTION:An abstraction is software that hides lower level details and provides a set of
higher-level functions. An operating system transforms the physical world of devices,
instructions, memory, and time into virtual world that is the result of abstractions built
by the operating system. There are several reasons for abstraction.
First, the code needed to control peripheral devices is not standardized. Operating
systems provide subroutines called device drivers that perform operations on behalf of
programs for example, input/output operations.
Second, the operating system introduces new functions as it abstracts the
hardware. For instance, operating system introduces the file abstraction so that
programs do not have to deal with disks.
Third, the operating system transforms the computer hardware into multiple
virtual computers, each belonging to a different program. Each program that is running
is called a process. Each process views the hardware through the lens of abstraction.
Fourth, the operating system can enforce security through abstraction.
TO ALLOCATE RESOURCES TO PROCESSES (MANAGE RESOURCES):An operating system controls how processes (the active agents) may access resources
(passive entities).
PROVIDE A PLEASANT AND EFFECTIVE USER INTERFACE :The user interacts with the operating systems through the user interface and usually
interested in the look and feel of the operating system. The most important
components of the user interface are the command interpreter, the file system, on-line
help, and application integration. The recent trend has been toward increasingly
integrated graphical user interfaces that encompass the activities of multiple processes
on networks of computers.
One can view Operating Systems from two points of views: Resource manager and
Extended machines. Form Resource manager point of view Operating Systems manage the
different parts of the system efficiently and from extended machines point of view Operating
Systems provide a virtual machine to users that is more convenient to use. The structurally
Operating Systems can be design as a monolithic system, a hierarchy of layers, a virtual
machine system, an exokernel, or using the client-server model.
Operating System Also Known as the Resource Manager Means Operating System will
Manages all the Resources those are Attached to the System means all the Resource like
Memory and Processor and all the Input output Devices those are Attached to the System are
Known as the Resources of the Computer System and the Operating system will Manage all the
Resources of the System. The Operating System will identify at which Time the CPU will perform
which Operation and in which Time the Memory is used by which Programs. And which Input
Device will respond to which Request of the user means When the Input and Output Devices
are used by the which Programs. So this will manage all the Resources those are attached to the
Computer System.
The basic concepts of Operating Systems are processes, memory management, I/O
management, the file systems, and security.
PROCESS MANAGEMENT
A process is a program in execution: (A program is passive, a process active.)
A process has resources (CPU time, files) and attributes that must be managed.
One (or more) threads are the schedulable entities within a process.
Management of processes includes:
Creation/termination
Block/Unblock (suspension/resumption )
Synchronization
Communication
Deadlock handling
Debugging
The Operating System also Treats the Process Management means all the Processes
those are given by the user or the Process those are System s own Process are
Handled by the Operating System . The Operating System will Create the Priorities foe
the user and also Start or Stops the Execution of the Process and Also Makes the Child
Process after dividing the Large Processes into the Small Processes.
Operating System also Manages the Memory of the Computer System means Provide
the Memory to the Process and Also Deallocate the Memory from the Process. And also
defines that if a Process gets completed then this will deallocate the Memory from the
Processes.
FILE MANAGEMENT
A file is a collection of related information defined by its creator. Commonly, files represent
programs (both source and object forms) and data.
The operating system is responsible for the following activities in connections with file
management:
I/O MANAGEMENT
Drivers for each device - translate read/write requests into disk position
commands.
Disk scheduling
NETWORKING
PROTECTION
Compilers/linkers
Extended Machine : Operating System also behaves like an Extended Machine means
Operating system also Provides us Sharing of Files between Multiple Users, also
Provides Some Graphical Environments and also Provides Various Languages for
Communications and also Provides Many Complex Operations like using Many
CUI
GUI
BASED ON FUNCTIONS
SINGLE-USER, MULTI-TASKING
MULTI-USER , MULTI-TASKING
MULTIPROCESSING O/S
MULTITHREADING O/S
NETWORKING O/S
DISTRIBUTED O/S
A very important part of an RTOS is managing the resources of the computer so that a
particular operation executes in precisely the same amount of time, every time it
occurs.
Some of the best known, most widely deployed, real-time operating systems
LynxOS
OSE
QNX
RTLinux
VxWorks
Windows CE
Single user single tasking :-As the name implies, this operating system is designed to
manage the computer so that one user can effectively do one thing at a time. The Palm
OS for Palm handheld computers is a good example of a modern single-user, single-task
operating system. E.g. MS-DOS
An example of a this kind of O/S would be the O/S of a basic mobile phone or an mp3
player.
There can only be one user using the device and that person is only using one of its
applications at a time
An MP3 player contains a computer to handle all of its functions. It has a small amount
of memory and a number of specialist silicon chips . The operating system is installed in
memory and runs as soon as you switch on the device.
Single user Multi-Tasking :-This is the type of operating system most people use on
their desktop and laptop computers today. Microsoft's Windows and Apple's MacOS
platforms are both examples of operating systems that will let a single user have several
programs in operation at the same time. For example, it's entirely possible for a
Windows user to be writing a note in a word processor while downloading a file from
the Internet while printing the text of an e-mail message.
Another word for multi-tasking is multiprogramming E.g. Windows 95.
Multi-user Multi-tasking :- A multi-user operating system allows many different users to
take advantage of the computer's resources simultaneously. The operating system must
make sure that the requirements of the various users are balanced, and that each of the
programs they are using has sufficient and separate resources so that a problem with
one user doesn't affect the entire community of users. Unix, VMS and mainframe
operating systems, such as MVS, are examples of multi-user operating systems.
Examples of this kind of O/S include various versions of UNIX, LINUX, IBMs z/OS, OS390,
MVS and VM
Network Operating System:-Operating system that supports networking
examples of a network O/S include Windows Vista, Windows 8 and Mac O/S X , Unix,
Linux and all other mainframes O/S
A network O/S system should have the following features : Deal with users logging on
Maintain the network connection to the server
Expand the file system to view folders on other computers
Provide security to separate user accounts from each other
Batch Operating System :-
Batch processing is a technique in which Operating System collects one programs and data
together in a batch before processing starts. Operating system does the following activities
related to batch processing.
OS defines a job which has predefined sequence of commands, programs and data as a
single unit.
OS keeps a number a jobs in memory and executes them without any manual
information.
Jobs are processed in the order of submission i.e first come first served fashion.
When job completes its execution, its memory is released and the output for the job
gets copied into an output spool for later printing or processing.
Advantages
Batch processing takes much of the work of the operator to the computer.
Increased performance as a new job gets started as soon as the previous job finished
without any manual intervention.
Disadvantages
Due to lack of protection scheme, one batch job can affect pending jobs.
These systems are referred as loosely coupled systems where each processor has its own
local memory and processors communicate with one another through various
communication lines, such as high speed buses or telephone lines. By loosely coupled
systems, we mean that such computers possess no hardware connections at the CPU memory bus level, but are connected by external interfaces that run under the control
of software.
The Distributed Os involves a collection of autonomous computer systems, capable of
communicating and cooperating with each other through a LAN / WAN. A Distributed Os
provides a virtual machine abstraction to its users and wide sharing of resources like as
computational capacity, I/O and files etc.
The structure shown in fig contains a set of individual computer systems and
workstations connected via communication systems, but by this structure we can not
say it is a distributed system because it is the software, not the hardware, that
determines whether a system is distributed or not.
The users of a true distributed system should not know, on which machine their
programs are running and where their files are stored. LOCUS and MICROS are the best
examples of distributed operating systems.
Using LOCUS operating system it was possible to access local and distant files in uniform
manner. This feature enabled a user to log on any node of the network and to utilize the
resources in a network without the reference of his/her location. MICROS provided
sharing of resources in an automatic manner. The jobs were assigned to different nodes
of the whole system to balance the load on different nodes.
l. IRIX operating system; is the implementation of UNIX System V, Release 3 for Silicon
Graphics multiprocessor workstations.
2. DYNIX operating system running on Sequent Symmetry multiprocessor computers.
3. AIX operating system for IBM RS/6000 computers.
1 Sharing of resources.
2 Reliability.
3 Communication.
4 Computation speedup.
Distributed systems are potentially more reliable than a central system because if a
system has only one instance of some critical component, such as a CPU, disk, or
network interface, and that component fails, the system will go down. When there are
multiple instances, the system may be able to continue in spite of occasional failures. In
addition to hardware failures, one can also consider software failures. Distributed
systems allow both hardware and software errors to be dealt with.
A distributed system is a set of computers that communicate and collaborate each other
using software and hardware interconnecting components. Multiprocessors (MIMD
computers using shared memory architecture), multicomputers connected through
static or dynamic interconnection networks (MIMD computers using message passing
architecture) and workstations connected through local area network are examples of
such distributed systems.
A distributed system is managed by a distributed operating system. A distributed
operating system manages the system shared resources used by multiple processes, the
process scheduling activity (how processes are allocating on available processors), the
communication and synchronization between running processes and so on. The
software for parallel computers could be also tightly coupled or loosely coupled. The
loosely coupled software allows computers and users of a distributed system to be
independent each other but having a limited possibility to cooperate. An example of
such a system is a group of computers connected through a local network. Every
computer has its own memory, hard disk. There are some shared resources such files
and printers. If the interconnection network broke down, individual computers could be
used but without some features like printing to a non-local printer.
ADVANTAGES OF DISTRIBUTED SYSTEM
Resource Sharing
Computation Speedup
Reliability
Communication
Resource Sharing :- If number of different sites are connected to one another, then a
user at one site may be able to use the resources available at another. For. E.g. a user at
site A may be using a laser printer located at site B
Computation Sped :- If a particular computation can be partitioned into
subcomputations that can run concurrently then a distributed system allows us to
distribute the subcomputations among various sites.
There also exist automated load sharing in which the distributed operating system
automatically moves jobs among several sites that are lightly loaded.
Reliability :-If one site fails in a distributed system the remaining sites can continue
operating giving the system better reliability.
Data is replicated among several sites in a distributed system so that even if one site
fails data still can be access from other sites.
Communication :-When several sites are connected to one another by a communication
network, the users at different sites have the opportunity to exchange information like
pass message among themselves, collaborate on project by transferring the files of the
project, logging in to each others remote systems to run programs and exchanging mail
to coordinate the work.
DISTRIBUTED OPERATING SYSTEM
With the advent of computer networks, in which many computers are linked together
and are able to communicate with one another, distributed computing became feasible.
A distributed computation is one that is carried out on more than one machine in a
cooperative manner. A group of linked computers working cooperatively on tasks,
referred to as a distributed system, often requires a distributed operating system to
manage the distributed resources
The operating systems commonly used for distributed computing systems can be
broadly classified into two types
Network operating systems
-Distributed operating systems.
The three most important features commonly used to differentiate between these two
types of operating systems are
o System image,
o Autonomy, and
o Fault tolerance capability.
o System image: Under network OS, the user views the distributed system as a collection
of machines connected by a communication subsystem. i.e the user is aware of the fact
that multiple computers are used. A distributed OS hides the existence of multiple
computers and provides a single system image to the users.
o Autonomy: A network OS is built on a set of existing centralized OSs and handles the
interfacing and coordination of remote operations and communications between these
OSs. So, in this case, each machine has its own OS. With a distributed OS, there is a
single system-wide OS and each computer runs part of this global OS.
o Fault Tolerance capability:-Fault tolerance capability: A network operating system
provides little or no fault tolerance capability in the sense that if 10% of the machines of
the entire distributed computing system are down at any moment, at least 10% of the
users are unable to continue with their work. On the other hand, with a distributed
operating system, most of the users are normally unaffected by the failed machines and
can continue to perform their work normally, with only a 10% loss in performance of the
entire distributed computing system.
o Therefore, the fault tolerance capability of a distributed operating system is usually very
high as compared to that of a network operating system
Multimedia System :-Supports multiple kinds of applications
While soft real time applications like streaming media , virtual games requires
high response time
Multimedia data consist of audio and video files as well as conventional files.
These data differ from conventional data in that multimedia data such as frame of video
must be delivered according to certain time restrictions (for e.g., 30 frames per second)
Multimedia applications may also include live webcasts(broadcast over the world wide
web) of speeches or sporting events and even live webcams that allow a viewer n
Manhattan to observe customers at a caf in Paris.
Multimedia applications also run on smaller devices. Eg. Stock trader may have stock
quotes delivered wirelessly and in real time to his PDA.
A mobile operating system:-, also referred to as mobile OS, is the operating system that
operates a smartphone, tablet, PDA, or other digital mobile devices. Modern mobile
operating systems combine the features of a personal computer operating system with
a touchscreen, cellular, Bluetooth, WiFi, GPS mobile navigation, camera, video camera,
speech recognition, voice recorder, music player, Near field communication, Infrared
Blaster, and other features.
E.g. Android from googleinc., Blackberry10 from Blackberry, iOS from Apple Inc. Nokia
Asha Platform from Nokia, Symbian OS from Nokia etc.
Clustered Systems :Cluster computing is a type of distributed computing. Distributed
computing just means coordinating a number of computers to accomplish a single task.
Cluster computing means the computers are specifically organized just to work together
to
accomplish
a
single
task.
For example, massively parallel "grid computing" projects like seti@home and
folding@home are examples of distributed computing but they are not cluster
computing. Here, the computers all work together to accomplish a task, so this is
distributed computing. But they are not specifically arranged for this purpose (the
arrangement is haphazard and uncoordinated with computers all over the place being
randomly added and removed from the set working on the problem), so they are not a
cluster and this is not cluster computing.
What is SETI@home?
SETI@home is a scientific experiment that uses Internet-connected computers in the
Search for Extraterrestrial Intelligence (SETI). You can participate by running a free
program that downloads and analyzes radio telescope data.
E.g. http://setiathome.berkeley.edu/sah_about.php
Folding@home (FAH or F@h) is a distributed computing project for disease research
that simulates protein folding, computational drug design, and other types of molecular
dynamics. The project uses the idle processing resources of thousands of personal
computers owned by volunteers who have installed the software on their systems. Its
primary purpose is to determine the mechanisms of protein folding, which is the
process by which proteins reach their final three-dimensional structure, and to examine
the causes of protein misfolding.
TRANSLATION PROGRAMS
o ASSEMBLERS
o COMPILERS
o INTERPRETERS
o LINKERS
Assembler :-A program that translates programs from assembly language to machine
language.
An assembler is a program that takes basic computer instructions and converts them
into a pattern of bits that the computer's processor can use to perform its basic
operations. Some people call these instructions assembler language and others use the
term assembly language.
Compilers ad Interpreters :-Historically, most programs have been written in "higherlevel" languages such as COBOL, FORTRAN, PL/I, and C. These languages are easier to
learn and faster to write programs with than assembler language. The program that
processes the source code written in these languages is called a compiler.
A compiler is a program that translates a source program written in some high-level
programming language (such as Java) into machine code for some computer
architecture (such as the Intel Pentium architecture). The generated machine code can
be later executed many times against different data each time.
Linker :- Also called link editor and binder, a linker is a program that combines object
modules to form an executable program. Many programming languages allow you to
write different pieces of code, called modules, separately. This simplifies the
programming task because you can break a large program into small, more manageable
pieces. Eventually, though, you need to put all the modules together. This is the job of
the linker.
In addition to combining modules, a linker also replaces symbolic addresses with real
addresses. Therefore, you may need to link a program even if it contains only one
module.
Hardware
Provides basic computing resources (CPU, memory, I/O devices).
Operating System
Controls and coordinates the use of hardware among application programs.
Application Programs
Solve computing problems of users (compilers, database systems, video games,
business programs such as banking software).
o Users
o People, machines, other computers
DEVICE DRIVERS
USER INTERFACE
SYSTEM UTILITIES :
MAIN-MEMORY MANAGEMENT
Primary-Memory or Main-Memory is a large array of words or bytes. Each word or byte has its
own address. Main-memory provides storage that can be access directly by the CPU. That is to
say for a program to be executed, it must in the main memory.
The major activities of an operating in regard to memory-management are:
Keep track of which part of memory are currently being used and by whom.
Decide which process are loaded into memory when memory space becomes available.
Allocate and deallocate memory space as needed.
Main Memory is an array of addressable words or bytes that is quickly accessible.
FILE MANAGEMENT
A file is a collected of related information defined by its creator. Computer can store files on the
disk (secondary storage), which provide long term storage. Some examples of storage media
are magnetic tape, magnetic disk and optical disk. Each of these media has its own properties
like speed, capacity, data transfer rate and access methods.
A file systems normally organized into directories to ease their use. These directories may
contain files and other directions.
The five main major activities of an operating system in regard to file management are:
1.
2.
3.
4.
5.
6.
PROTECTION SYSTEM
If a computer systems has multiple users and allows the concurrent execution of multiple
processes, then the various processes must be protected from one another's activities.
Protection refers to mechanism for controlling the access of programs, processes, or users to
the resources defined by a computer systems.
Protection mechanisms control access of programs and processes to user and system
resources.
Protect user from himself, user from other users, system from users.
Protection mechanisms must:
Distinguish between authorized and unauthorized use.
Specify access controls to be imposed on use.
Provide mechanisms for enforcement of access control.
Security mechanisms provide trust in system and privacy
authentication, certification, encryption etc.
COMMAND INTERPRETER SYSTEM
A command interpreter is an interface of the operating system with the user. The user gives
commands with are executed by operating system (usually by turning them into system calls).
The main function of a command interpreter is to get and execute the next user specified
command. Command-Interpreter is usually not part of the kernel, since multiple command
interpreters (shell, in UNIX terminology) may be support by an operating system, and they do
not really need to run in kernel mode. There are two main advantages to separating the
command interpreter from the kernel.
1. If we want to change the way the command interpreter looks, i.e., I want to change the
interface of command interpreter, I am able to do that if the command interpreter is
separate from the kernel. I cannot change the code of the kernel so I cannot modify the
interface.
2. If the command interpreter is a part of the kernel it is possible for a malicious process to
gain access to certain part of the kernel that it showed not have to avoid this ugly
scenario it is advantageous to have the command interpreter separate from kernel.
Do parameter validation
Wrap-up
Return to user
Simple structure :
Simple structure has interfaces and functionality not separated For eg. Application program has
the liberty of accessing basic I/O routines to write data directly or to display data to disk leaving
it vulnerable for the O/S to get corrupted and crash through some malicious program.
MS-DoS is an example here it does not provide any hardware protection and MS-DOS,
applications may bypass the operating system.
Operating systems such as MS-DOS and the original UNIX did not have well-defined
structures.
There is no CPU Execution Mode (user and kernel), and so errors in applications can
cause the whole system to crash.
Monolithic structure :
Functionality of the OS is invoked with simple function calls within the kernel, which is
one large program.
Device drivers are loaded into the running kernel and become part of the kernel.
Layered Approach:This approach breaks up the operating system into different layers.
This allows implementers to change the inner workings, and increases modularity.
As long as the external interface of the routines dont change, developers have more
freedom to change the inner workings of the routines.
With the layered approach, the bottom layer is the hardware, while the highest layer is
the user interface.
o The main advantage is simplicity of construction and debugging.
o The main difficulty is defining the various layers.
o The main disadvantage is that the OS tends to be less efficient than other
implementations.
function
The operator/user
user program
process manage
memory
device
Hardware
The major difficulty with layered approach is to appropriately define the layers. Because
a layer can use the services only of the lower level layers.
A final problem with layered implementation is that it tends to be less efficient than the
other types
Microkernel Structure:This structures the operating system by removing all nonessential portions of the kernel and
implementing them as system and user level programs.
Main disadvantage is poor performance due to increased system overhead from message
passing.
Portability
o changes needed to port the system to a new processor is done in the
microkernel, not in the other services.
Modular Struture:-
VIRTUAL MACHINE:-
A Virtual Machine (VM) takes the layered and microkernel approach to its logical
conclusion.
It treats hardware and the operating system kernel as though they were all hardware.
A virtual machine provides an interfaceidentical to the underlying bare hardware.
The operating system host creates the illusion that a process has its own processor and
(virtual memory).
Each guest provided with a (virtual) copy of underlying computer.
The resources of the physical computer are shared to create the virtual machines:
CPU scheduling can create the appearance that users have their own processor.
Spooling and a file system can provide virtual card readers and virtual line
printers.
A normal user time-sharing terminal serves as the virtual machine operators
console.
Advantages/Disadvantages
The VM concept provides complete protection of system resources since each virtual
machine is isolated from all other virtual machines. This isolation permits no direct
sharing of resources.
A
VM
system
is
a
perfect
vehicle
for
OS
research
and development. System development is done on the virtual machine, instead of on a
physical machine and so does not disrupt normal system operation.
The VM concept is difficult to implement due to the effort required to provide an exact
duplicate to the underlying machine.
A virtual machine takes the layered approach to its logical conclusion. It treats
hardware and the operating system kernel as though they were all hardware. A
virtual machine provides an interface identical to theunderlying bare hardware. The
operating system creates the illusion
of multiple processes, each executing on its own processor with its own (virtual)
memory.
The resources of the physical computer are shared to create the virtual machines.
1. CPU scheduling can create the appearance that users have their own processor.
2. Spooling and a file system can provide virtual card readers and virtual line
printers.
System Models
Compiled Java programs are platform-neutral byte codes executed by a Java Virtual
Machine (JVM). JVM consists of
1. class loader
2. class verifier
3. runtime interpreter
Just-In-Time (JIT) compilers increase performance
Virtual Machines
The
concept
of
virtual
machines
is
closely
related
to
layering.
In a typical multi-user system, users are expected to know that the machine is shared by other
users, and that resources such as devices are shared between all the users.
In virtual machine operating systems an addition layer of abstraction is placed between the
users and the system so that it appears to the user that they are using a machine dedicated to
them.
Usually it is the case that a more powerful machine is used to host several virtual machines. For
example, the 80386 and later Intel CPUssupported virtual 8086 machines. Thus, an operating
system designed for the 80386 could actually run several copies of MS-DOS and appear to the
user
to
be
several
different
PCs
at
the
same
time.
Another example of a virtual machine system is the IBM 370 running the VM operating system.
This allowed users to work as if they had a dedicated (but smaller, less powerful) 370
completely at their disposal.
A virtual machine provides an interface identical to the underlying bare hardware.
The operating system creates the illusion of multiple processes, each executing on its
own processor with its own (virtual) memory.
A Virtual Machine is a software that creates a virtualized environment between the
computer platform and the end user in which the end user can operate software.
A virtual machine provides an interface identical to the underlying bare hardware.
The operating system creates the illusion of multiple processes, each executing on its
own processor with its own (virtual) memory.
Virtualization is an abstraction layer that decouples the physical hardware from the
operating system to deliver greater IT resource utilization and flexibility.
It allows multiple virtual machines, with heterogeneous operating systems to run in
isolation, side-by-side on the same physical machine.
The host software that provides virtualization is often referred to as a virtual machine
monitor (VMM) or hypervisor.
The VMM gives each virtual machine an illusion of a complete computer to itself.
A program in Execution.
An asynchronous activity.
The 'animated sprit' of a procedure in execution.
The entity to which processors are assigned.
The 'dispatchable' unit.
and many more definitions have given. As we can see from above that there is no universally
agreed upon definition, but the definition "Program in Execution" seem to be most frequently
used. And this is a concept are will use in the present study of operating systems.
Now that we agreed upon the definition of process, the question is what the relation between
process and program is. It is same but with different name or when this beast is sleeping (not
executing) it is called program and when it is executing becomes process. Well, to be very
precise. Process is not the same as program. In the following discussion we point out some of
the difference between process and program. As we have mentioned earlier.
Process is not the same as program. A process is more than a program code. A process is an
'active' entity as oppose to program which consider to be a 'passive' entity. As we all know that
The process state consist of everything necessary to resume the process execution if it is
somehow put aside temporarily. The process state consists of at least following:
PROCESS OPERATIONS
PROCESS CREATION
In general-purpose systems, some way is needed to create processes as needed during
operation. There are four principal events led to processes creation.
System initialization.
Execution of a process Creation System calls by a running process.
A user request to create a new process.
PROCESS TERMINATION
A process terminates when it finishes executing its last statement. Its resources are returned to
the system, it is purged from any system lists or tables, and its process control block (PCB) is
erased i.e., the PCB's memory space is returned to a free memory pool. The new process
terminates the existing process, usually due to following reasons:
Normal Exist Most processes terminates because they have done their job. This call is
exist in UNIX.
Error Exist When process discovers a fatal error. For example, a user tries to compile a
program that does not exist.
Fatal Error An error caused by process due to a bug in program for example, executing
an illegal instruction, referring non-existing memory or dividing by zero.
Killed by another Process A process executes a system call telling the Operating
Systems to terminate some other process. In UNIX, this call is kill. In some systems when
a process kills all processes it created are killed as well (UNIX does not work this way).
PROCESS STATES
A process goes through a series of discrete process states.
Logically, the 'Running' and 'Ready' states are similar. In both cases the process is willing to run,
only in the case of 'Ready' state, there is temporarily no CPU available for it. The 'Blocked' state
is different from the 'Running' and 'Ready' states in that the process cannot run, even if the CPU
is available.
Transition 2 occurs when the scheduler decides that the running process has run long
enough and it is time to let another process have CPU time.
This state transition is:
Time-Run-Out (process-name): Running Ready.
Transition 3 occurs when all other processes have had their share and it is time for the
first process to run again
Transition 4 occurs when the external event for which a process was waiting (such as
arrival of input) happens.
This state transition is:
Wakeup (process-name): Blocked Ready.
The current state of the process i.e., whether it is ready, running, waiting, or whatever.
Unique identification of the process in order to track "which is which" information.
A pointer to parent process.
Similarly, a pointer to child process (if it exists).
The priority of process (a part of CPU scheduling information).
Pointers to locate memory of processes.
A register save area.
The processor it is running on.
The PCB is a certain store that allows the operating systems to locate key information about a
process. Thus, the PCB is the data structure that defines a process to the operating systems.
Process Control block is used for storing the collection of information about the Processes and
this is also called as the Data Structure which Stores the information about the process. The
information of the Process is used by the CPU at the Run time. The various information which is
Stored into the PCB as followings:
1) Name of the Process.
2) State of the Process. Means Ready, Active, Wait.
3) Resources allocated to the Process
4) Memory which is provided to the Process.
5) Scheduling information.
6) Input and Output Devices used by the Process.
7) Process ID or a Identification Number which is given by the CPU when a Process Request
for a Service.
THREADS
Despite of the fact that a thread must execute in process, the process and its associated
threads are different concept. Processes are used to group resources together and threads are
the entities scheduled for execution on the CPU.
A thread is a single sequence stream within in a process. Because threads have some of the
properties of processes, they are sometimes called lightweight processes. In a process, threads
allow multiple executions of streams. In many respect, threads are popular way to improve
application through parallelism. The CPU switches rapidly back and forth among the threads
giving illusion that the threads are running in parallel. Like a traditional process i.e., process
with one thread, a thread can be in any of several states (Running, Blocked, Ready or
Terminated). Each thread has its own stack. Since thread will generally call different procedures
and thus a different execution history. This is why thread needs its own stack. An operating
system that has thread facility, the basic unit of CPU utilization is a thread. A thread has or
consists of a program counter (PC), a register set, and a stack space. Threads are not
independent of one other like processes as a result threads shares with other threads their
code section, data section, OS resources also known as task, such as open files and signals.
PROCESSES VS THREADS
As we mentioned earlier that in many respect threads operate in the same way as that of
processes. Some of the similarities and differences are:
Similarities
Like processes threads share CPU and only one thread active (running) at a time.
Like processes, threads within processes, threads within a processes execute
sequentially.
Like processes, thread can create children.
And like process, if one thread is blocked, another thread can run.
Differences
WHY THREADS?
Following are some reasons why we use threads in designing operating systems.
1. A process with multiple threads make a great server for example printer server.
2. Because threads can share common data, they do not need to use interprocess
communication.
3. Because of the very nature, threads can take advantage of multiprocessors.
Threads are cheap in the sense that
1. They only need a stack and storage for registers therefore, threads are cheap to create.
2. Threads use very little resources of an operating system in which they are working. That
is, threads do not need new address space, global data, program code or operating
system resources.
3. Context switching are fast when working with threads. The reason is that we only have
to save and/or restore PC, SP and registers.
But this cheapness does not come free - the biggest drawback is that there is no protection
between threads.
USER-LEVEL THREADS
User-level threads implement in user-level libraries, rather than via systems calls, so thread
switching does not need to call operating system and to cause interrupt to the kernel. In fact,
the kernel knows nothing about user-level threads and manages them as if they were singlethreaded processes.
ADVANTAGES:
The most obvious advantage of this technique is that a user-level threads package can be
implemented on an Operating System that does not support threads. Some other advantages
are
DISADVANTAGES:
There is a lack of coordination between threads and operating system kernel. Therefore,
process as whole gets one time slice irrespect of whether process has one thread or
1000 threads within. It is up to each thread to relinquish control to other threads.
User-level threads requires non-blocking systems call i.e., a multithreaded kernel.
Otherwise, entire process will blocked in the kernel, even if there are runable threads
left in the processes. For example, if one thread causes a page fault, the process blocks.
KERNEL-LEVEL THREADS
In this method, the kernel knows about and manages the threads. No runtime system is needed
in this case. Instead of thread table in each process, the kernel has a thread table that keeps
track of all threads in the system. In addition, the kernel also maintains the traditional process
table to keep track of processes. Operating Systems kernel provides system call to create and
manage threads.
ADVANTAGES:
Because kernel has full knowledge of all threads, Scheduler may decide to give more
time to a process having large number of threads than process having small number of
threads.
Kernel-level threads are especially good for applications that frequently block.
DISADVANTAGES:
The kernel-level threads are slow and inefficient. For instance, threads operations are
hundreds of times slower than that of user-level threads.
Since kernel must manage and schedule threads as well as processes. It require a full
thread control block (TCB) for each thread to maintain information about threads. As a
result there is significant overhead and increased in kernel complexity.
Context Switching Threads are very inexpensive to create and destroy, and they are
inexpensive to represent. For example, they require space to store, the PC, the SP, and
the general-purpose registers, but they do not require space to share memory
information, Information about open files of I/O devices in use, etc. With so little
context, it is much faster to switch between threads. In other words, it is relatively
easier for a context switch using threads.
Sharing Treads allow the sharing of a lot resources that cannot be shared in process,
for example, sharing code section, data section, Operating System resources like open
file etc.
Blocking The major disadvantage if that if the kernel is single threaded, a system call
of one thread will block the whole process and CPU may be idle during the blocking
period.
Security Since there is, an extensive sharing among threads there is a potential
problem of security. It is quite possible that one thread over writes the stack of another
thread (or damaged shared data) although it is very unlikely since threads are meant to
cooperate on a single task.
When a new thread is created it shares its code section, data section and operating system
resources like open files with other threads. But it is allocated its own stack, register set and a
program counter.
The creation of a new process differs from that of a thread mainly in the fact that all the shared
resources of a thread are needed explicitly for each process. So though two processes may be
running the same piece of code they need to have their own copy of the code in the main
memory to be able to run. Two processes also do not share other resources with each other.
This makes the creation of a new process very costly compared to that of a new thread.
CONTEXT SWITCH
To give each process on a multiprogrammed machine a fair share of the CPU, a hardware clock
generates interrupts periodically. This allows the operating system to schedule all processes in
main memory (using scheduling algorithm) to run on the CPU at equal intervals. Each time a
clock interrupt occurs, the interrupt handler checks how much time the current running process
has used. If it has used up its entire time slice, then the CPU scheduling algorithm (in kernel)
picks a different process to run. Each switch of the CPU from one process to another is called a
context switch.
MAJOR STEPS OF CONTEXT SWITCHING
The values of the CPU registers are saved in the process table of the process that was
running just before the clock interrupt occurred.
The registers are loaded from the process picked by the CPU scheduler to run next.
When the PCB of the currently executing process is saved the operating system loads the PCB of
the next process that has to be run on CPU. This is a heavy task and it takes a lot of time.
Drawback of this scheme is that the average time is often quite long.
The First-Come-First-Served algorithm is rarely used as a master scheme in modern operating
systems but it is often embedded within other schemes.
Example
0-0=0
P1
5-1=4
P2
8-2=6
P3
16 - 3 = 13
Impossible to implement
Processer should know in advance how much time process will take.
3-0=3
P1
0-0=0
P2
16 - 2 = 14
P3
8-3=5
Shortest Remaining Time :- The SRT is the preemtive counterpart of SJF and useful in
time-sharing environment.
In SRT scheduling, the process with the smallest estimated run-time to completion is run
next, including new arrivals.
In SJF scheme, once a job begin executing, it run to completion.
In SJF scheme, a running process may be preempted by a new arrival process with
shortest estimated run-time.
The algorithm SRT has higher overhead than its counterpart SJF.
The SRT must keep track of the elapsed time of the running process and must handle
occasional preemptions.
In this scheme, arrival of small processes will run almost immediately. However, longer
jobs have even longer mean waiting time.
Example :-
Time limits.
Memory requirements.
File requirements,
for example, number of open files.
CPU Vs I/O requirements.
Externally defined priorities are set by criteria that are external to operating system such as
A preemptive priority algorithm will preemptive the CPU if the priority of the newly
arrival process is higher than the priority of the currently running process.
A non-preemptive priority algorithm will simply put the new process at the head of the
ready queue.
A major problem with priority scheduling is indefinite blocking or starvation. A solution to the
problem of indefinite blockage of the low-priority process is aging. Aging is a technique of
gradually increasing the priority of processes that wait in the system for a long period of time.
Each process is assigned a priority. Process with highest priority is to be executed first
and so on.
Processes with same priority are executed on first come first serve basis.
Priority can be decided based on memory requirements, time requirements or any other
resource requirement.
0-0=0
P1
3-1=2
P2
8-2=6
P3
16 - 3 = 13
Once a process is executed for given time period. Process is preempted and other
process executes for given time period.
(0-0) + (12-3) = 9
P1
(3-1) = 2
P2
6-2) + (15-9) = 10
P3
(9-3) + (18-12) = 12
The Algorithm chooses to process with highest priority from the occupied queue and run that
process either preemptively or unpreemptively. If the process uses too much CPU time it will
moved to a lower-priority queue. Similarly, a process that wait too long in the lower-priority
queue may be moved to a higher-priority queue may be moved to a highest-priority queue.
Note that this form of aging prevents starvation.
Example:
Interprocess Communication
-
SYNCHRONOUS VS ASYNCHRONOUS
The send, receive, and reply operations may be synchronous or asynchronous. A synchronous
operation blocks a process till the operation completes. An asynchronous operation is nonblocking and only initiates the operation. The caller could discover completion by some other
mechanism discussed later. (Does it make sense to have an asynchronous RPC send?)
The notion of synchronous operations requires an understanding of what it means for an
operation to complete. In the case of remote assignment, both the send and receive complete
when the message has been delivered to the receiver. In the case of remote procedure call, the
send, receive, and reply complete when the result has been delivered to the sender, assuming
there is a return value. Otherwise, the send and receive complete when the procedure finishes
execution. During the time the procedure is executing, the sender and receiver are in a
rendezvous, as mentioned before.
Note that synchronous/asynchronous implies blocking/not blocking but not vice versa, that is,
not every blocking operation is synchronous and not every non blocking operation is
asynchronous. For instance, a send that blocks till the receiver machine has received the
message is blocking but not synchronous since the receiver process may not have received it.
Similarly, we will see later a Xinu receive that is non-blocking but is not asynchronous. These
definitions of synchronous/asynchronous operations are similar but not identical to the ones
given in your text books, which tend to equate synchronous with blocking.
Asynchronous message passing allows more parallelism. Since a process does not block, it can
do some computation while the message is in transit. In the case of receive, this means a
process can express its interest in receving messages on multiple ports simultaneously. (The
select primitive discussed later provides this facility for synchronous receives). In a synchronous
system, such parallelism can be achieved by forking a separate process for each concurrent
operation, but this approach incurs the cost of extra process management. This cost is typically
bearable with lwps but not hwps.
Asynchronous message passing introduces several problems. What happens if a message
cannot be delivered? The sender may never wait for delivery of the message, and thus never
hear about the error. Similarly, a mechanism is needed to notify an asynchronous receiver that
a message has arrived. The operation invoker could learn about completion/errors by polling,
getting a software interrupt, or by waiting explicitly for completion later using a special
sycnhronous wait call. An asynchronous operation needs to return a call/transaction id if the
application needs to be later notified about the operation. At notification time, this id would be
placed in some global location or passed as an argument to a handler or wait call.
Another problem related to asynchronous message passing has to do with buffering. If
messages sent asynchronously are buffered in a space managed by the OS, then a process may
fill this space by flooding the system with a large number of messages.
Since processes frequently needs to communicate with other processes therefore, there is a
need for a wel-structured communication, without using interrupts, among processes.
RACE CONDITIONS
In operating systems, processes that are working together share some common storage (main
memory, file etc.) that each process can read and write. When two or more processes are
reading or writing some shared data and the final result depends on who runs precisely when,
are called race conditions. Concurrently executing threads that share data need to synchronize
their operations and processing in order to avoid race condition on shared data. Only one
customer thread at a time should be allowed to examine and update the shared variable.
Race conditions are also possible in Operating Systems. If the ready queue is implemented as a
linked list and if the ready queue is being manipulated during the handling of an interrupt, then
interrupts must be disabled to prevent another interrupt before the first one completes. If
interrupts are not disabled than the linked list could become corrupt.
Critical Section
How to avoid race conditions?
The key to preventing trouble involving shared storage is find some way to prohibit more than
one process from reading and writing the shared data simultaneously. That part of the program
where the shared memory is accessed is called the Critical Section. To avoid race conditions and
flawed results, one must identify codes in Critical Sections in each thread. The characteristic
properties of the code that form a Critical Section are
Codes that reference one or more variables in a read-update-write fashion while any
of those variables is possibly being altered by another thread.
Codes that alter one or more variables that are possibly being referenced in readupdata-write fashion by another thread.
Codes use a data structure while any part of it is possibly being altered by another
thread.
Codes alter any part of a data structure while it is possibly in use by another thread.
Here, the important point is that when one process is executing shared modifiable data in its
critical section, no other process is to be allowed to execute in its critical section. Thus, the
execution of critical sections by the processes is mutually exclusive in time.
MUTUAL EXCLUSION
A way of making sure that if one process is using a shared modifiable data, the
other processes will be excluded from doing the same thing.
Formally, while one process executes the shared variable, all other processes desiring to do so
at the same time moment should be kept waiting; when that process has finished executing the
shared variable, one of the processes waiting; while that process has finished executing the
shared variable, one of the processes waiting to do so should be allowed to proceed. In this
fashion, each process executing the shared data (variables) excludes all others from doing so
simultaneously. This is called Mutual Exclusion.
Note that mutual exclusion needs to be enforced only when processes access shared modifiable
data - when processes are performing operations that do not conflict with one another they
should be allowed to proceed concurrently.
No two processes may at the same moment inside their critical sections.
No assumptions are made about relative speeds of processes or number of CPUs.
No process should outside its critical section should block other processes.
The mutual exclusion problem is to devise a pre-protocol (or entry protocol) and a postprotocol (or exist protocol) to keep two or more threads from being in their critical sections at
the same time. Tanenbaum examine proposals for critical-section problem or mutual exclusion
problem.
Problem
When one process is updating shared modifiable data in its critical section, no other process
should allowed to enter in its critical section.
CONCLUSION
The flaw in this proposal can be best explained by example. Suppose process A sees that the
lock is 0. Before it can set the lock to 1 another process B is scheduled, runs, and sets the lock to
1. When the process A runs again, it will also set the lock to 1, and two processes will be in their
critical section simultaneously.
Sleep
It is a system call that causes the caller to block, that is, be suspended until some
other process wakes it up.
Wakeup
o It is a system call that wakes up the process.
o
Both 'sleep' and 'wakeup' system calls have one parameter that represents a memory address
used to match up 'sleeps' and 'wakeups' .
E.W. Dijkstra (1965) abstracted the key notion of mutual exclusion in his concepts of
semaphores.
Definition
A semaphore is a protected variable whose value can be accessed and altered only by the
operations P and V and initialization operation called 'Semaphoiinitislize'.
Semaphores are often used to restrict the number of threads than can access some (physical or
logical) resource.
Semaphores are devices used to help with synchronization. If multiple processes share a
common resource, they need a way to be able to use that resource without disrupting each
other. You want each process to be able to read from and write to that resource uninterrupted.
A semaphore will either allow or disallow access to the resource, depending on how it is set
up. One example setup would be a semaphore which allowed any number of processes to read
from the resource, but only one could ever be in the process of writing to that resource at a
time.
Semaphores are commonly use for two purposes: to share a common memory space and to
share access to files. Semaphores are one of the techniques for interprocess communication
(IPC). The C programming language provides a set of interfaces or "functions" for managing
semaphores.
Binary Semaphores can assume only the value 0 or the value 1 counting semaphores also called
general semaphores can assume only nonnegative values.
The P (or wait or sleep or down) operation on semaphores S, written as P(S) or wait (S),
operates as follows:
P(S): IF S > 0
THEN S := S - 1
ELSE (wait on S)
The V (or signal or wakeup or up) operation on semaphore S, written as V(S) or signal (S),
operates as follows:
V(S): IF (one or more process are waiting on S)
THEN (let one of these processes proceed)
ELSE S := S +1
Operations P and V are done as single, indivisible, atomic action. It is guaranteed that once a
semaphore operations has stared, no other process can access the semaphore until operation
has completed. Mutual exclusion on the semaphore, S, is enforced within P(S) and V(S).
If several processes attempt a P(S) simultaneously, only process will be allowed to proceed. The
other processes will be kept waiting, but the implementation of P and V guarantees that
processes will not suffer indefinite postponement.
Semaphores solve the lost-wakeup problem.
PRODUCER-CONSUMER PROBLEM USING SEMAPHORES
The Solution to producer-consumer problem uses three semaphores, namely, full, empty and
mutex.
The semaphore 'full' is used for counting the number of slots in the buffer that are full. The
'empty' for counting the number of slots that are empty and semaphore 'mutex' to make sure
that the producer and consumer do not access modifiable shared section of the buffer
simultaneously.
INITIALIZATION
Producer ( )
WHILE (true)
produce-Item ( );
P (empty);
P (mutex);
enter-Item ( )
V (mutex)
V (full);
Consumer ( )
WHILE (true)
P (full)
P (mutex);
remove-Item ( );
V (mutex);
V (empty);
consume-Item (Item)
Deadlock
A set of process is in a deadlock state if each process in the set is waiting for an event that can
be caused by only another process in the set. In other words, each member of the set of
deadlock processes is waiting for a resource that can be released only by a deadlock process.
None of the processes can run, none of them can release any resources, and none of them can
be awakened. It is important to note that the number of processes and the number and kind of
resources possessed and requested are unimportant.
The resources may be either physical or logical. Examples of physical resources are Printers,
Tape Drivers, Memory Space, and CPU Cycles. Examples of logical resources are Files,
Semaphores, and Monitors.
The simplest example of deadlock is where process 1 has been allocated non-shareable
resources A, say, a tap drive, and process 2 has be allocated non-sharable resource B, say, a
printer. Now, if it turns out that process 1 needs resource B (printer) to proceed and process 2
needs resource A (the tape drive) to proceed and these are the only two processes in the
system, each is blocked the other and all useful work in the system stops. This situation ifs
termed deadlock. The system is in deadlock state because each process holds a resource being
requested by the other process neither process is willing to release the resource it holds.
PREEMPTABLE AND NONPREEMPTABLE RESOURCES
Resources come in two flavors: preemptable and nonpreemptable. A preemptable resource is
one that can be taken away from the process with no ill effects. Memory is an example of a
preemptable resource. On the other hand, a nonpreemptable resource is one that cannot be
taken away from process (without causing ill effect). For example, CD resources are not
preemptable at an arbitrary moment.
Reallocating resources can resolve deadlocks that involve preemptable resources. Deadlocks
that involve nonpreemptable resources are difficult to deal with.
The Deadlock Problem
A set of blocked processes each holding aresource and waiting to acquire a resource
held by another process in the set.
Example 1
System has 2 tape drives. P1 and P2 each hold one tape
drive and each needs the other one.
Example 2
Semaphores A and B each initialized to 1
P0 P1
wait(A) wait(B)
wait(B) wait(A)
A process is deadlocked if it is waiting for an
event that will never occur.
Typically, more than one process will be involved in a
deadlock (the deadly embrace).
A process is indefinitely postponed if it is
delayed repeatedly over a long period of time
while the attention of the system is given to
other processes,
i.e. the process is ready to proceed but never gets the CPU
Coffman (1971) identified four (4) conditions that must hold simultaneously for there to be a
deadlock.
1. MUTUAL EXCLUSION CONDITION
The resources involved are non-shareable.
Explanation: At least one resource (thread) must be held in a non-shareable mode, that is, only
one process at a time claims exclusive control of the resource. If another process requests that
resource, the requesting process must be delayed until the resource has been released.
2. HOLD AND WAIT CONDITION
Requesting process hold already, resources while waiting for requested resources.
Explanation: There must exist a process that is holding a resource already allocated to it while
waiting for additional resource that are currently being held by other processes.
3. NO-PREEMPTIVE CONDITION
Resources already allocated to a process cannot be preempted.
Explanation: Resources cannot be removed from the processes are used to completion or
released voluntarily by the process holding it.
DEADLOCK PREVENTION
Havender in his pioneering work showed that since all four of the conditions are necessary for
deadlock to occur, it follows that deadlock might be prevented by denying any one of the
conditions.
Elimination of Mutual Exclusion Condition The mutual exclusion condition must hold
for non-sharable resources. That is, several processes cannot simultaneously share a
single resource. This condition is difficult to eliminate because some resources, such as
the tap drive and printer, are inherently non-shareable. Note that shareable resources like
read-only-file do not require mutually exclusive access and thus cannot be involved in
deadlock.
Elimination of Hold and Wait Condition There are two possibilities for elimination of
the second condition. The first alternative is that a process request be granted all of the
resources it needs at once, prior to execution. The second alternative is to disallow a
process from requesting resources whenever it has previously allocated resources. This
strategy requires that all of the resources a process will need must be requested at once.
The system must grant resources on all or none basis. If the complete set of resources
needed by a process is not currently available, then the process must wait until the
complete set is available. While the process waits, however, it may not hold any
resources. Thus the wait for condition is denied and deadlocks simply cannot occur.
This strategy can lead to serious waste of resources. For example, a program requiring ten
tap drives must request and receive all ten derives before it begins executing. If the
program needs only one tap drive to begin execution and then does not need the
remaining tap drives for several hours. Then substantial computer resources (9 tape
drives) will sit idle for several hours. This strategy can cause indefinite postponement
(starvation). Since not all the required resources may become available at once.
Elimination of No-preemption Condition The nonpreemption condition can be alleviated by forcing a
process waiting for a resource that cannot immediately be allocated to relinquish all of its currently held
resources, so that other processes may use them to finish. Suppose a system does allow processes to
hold resources while requesting additional resources. Consider what happens when a request cannot be
satisfied. A process holds resources a second process may need in order to proceed while second
process may hold the resources needed by the first process. This is a deadlock. This strategy require that
when a process that is holding some resources is denied a request for additional resources. The process
must release its held resources and, if necessary, request them again together with additional resources.
Implementation of this strategy denies the no-preemptive condition effectively.
High Cost When a process release resources the process may lose all its work to that point.
One serious consequence of this strategy is the possibility of indefinite postponement
(starvation). A process might be held off indefinitely as it repeatedly requests and releases the
same resources.
Elimination of Circular Wait Condition The last condition, the circular wait, can be denied by imposing
a total ordering on all of the resource types and than forcing, all processes to request the resources in
order (increasing or decreasing). This strategy impose a total ordering of all resources types, and to
require that each process requests resources in a numerical order (increasing or decreasing) of
enumeration. With this rule, the resource allocation graph can never have a cycle.
For example, provide a global numbering of all the resources, as shown
Card reader
Printer
Plotter
Tape drive
Card punch
Now the rule is this: processes can request resources whenever they want to, but all
requests must be made in numerical order. A process may request first printer and then
a tape drive (order: 2, 4), but it may not request first a plotter and then a printer (order:
3, 2). The problem with this strategy is that it may be impossible to find an ordering that
satisfies everyone.
DEADLOCK AVOIDANCE
This approach to the deadlock problem anticipates deadlock before it actually occurs. This
approach employs an algorithm to access the possibility that deadlock could occur and acting
accordingly. This method differs from deadlock prevention, which guarantees that deadlock
cannot occur by denying one of the necessary conditions of deadlock.
If the necessary conditions for a deadlock are in place, it is still possible to avoid deadlock by
being careful when resources are allocated. Perhaps the most famous deadlock avoidance
algorithm, due to Dijkstra *1965+, is the Bankers algorithm. So named because the process is
analogous to that used by a banker in deciding if a loan can be safely made.
Bankers Algorithm
In this analogy
Customers
processes
Units
resources,
tape drive
Banker
Operating System
say,
CustomersUsed
Max
A
B
C
D
6
5
4
7
0
0
0
0
Available Units
= 10
Fig. 1
In the above figure, we see four customers each of whom has been granted a number of credit
nits. The banker reserved only 10 units rather than 22 units to service them. At certain
moment, the situation becomes
CustomersUsed
Max
A
B
C
D
6
5
4
7
1
1
2
4
Available Units
=2
Fig. 2
Safe State The key to a state being safe is that there is at least one way for all users to finish.
In other analogy, the state of figure 2 is safe because with 2 units left, the banker can delay any
request except C's, thus letting C finish and release all four resources. With four units in hand,
the banker can let either D or B have the necessary units and so on.
Unsafe State Consider what would happen if a request from B for one more unit were
granted in above figure 2.
We would have following situation
Customers Used
Max
A
B
C
D
6
5
4
7
1
2
2
4
Fig. 3
Available Units
=1
DEADLOCK DETECTION
Deadlock detection is the process of actually determining that a deadlock exists and identifying
the
processes
and
resources
involved
in
the
deadlock.
The basic idea is to check allocation against resource availability for all possible allocation
sequences to determine if the system is in deadlocked state a. Of course, the deadlock
detection algorithm is only half of this strategy. Once a deadlock is detected, there needs to be
a way to recover several alternatives exists:
These methods are expensive in the sense that each iteration calls the detection algorithm until
the system proves to be deadlock free. The complexity of algorithm is O(N2) where N is the
number of proceeds. Another potential problem is starvation; same process killed repeatedly.
Compile time -- When it is known at compile time where the process will reside,
compile time binding is used to generate the absolute code.
Load time -- When it is not known at compile time where the process will reside in
memory, then the compiler generates re-locatable code.
Execution time -- If the process can be moved during its execution from one memory
segment to another, then binding must be delayed to be done at run time
DYNAMIC LOADING
In dynamic loading, a routine of a program is not loaded until it is called by the program. All
routines are kept on disk in a re-locatable load format. The main program is loaded into
memory and is executed. Other routines methods or modules are loaded on request. Dynamic
loading makes better memory space utilization and unused routines are never loaded.
DYNAMIC LINKING
Linking is the process of collecting and combining various modules of code and data into a
executable file that can be loaded into memory and executed. Operating system can link
system level libraries to a program. When it combines the libraries at load time, the linking is
called static linking and when this linking is done at the time of execution, it is called as dynamic
linking.
In static linking, libraries linked at compile time, so program code size becomes bigger whereas
in dynamic linking libraries linked at execution time so program code size remains smaller.
LOGICAL VERSUS PHYSICAL ADDRESS SPACE
An address generated by the CPU is a logical address whereas address actually available on
memory unit is a physical address. Logical address is also known a Virtual address.
Virtual and physical addresses are the same in compile-time and load-time address-binding
schemes. Virtual and physical addresses differ in execution-time address-binding scheme.
The set of all logical addresses generated by a program is referred to as a logical address space.
The set of all physical addresses corresponding to these logical addresses is referred to as a
physical address space.
The run-time mapping from virtual to physical address is done by the memory management
unit (MMU) which is a hardware device. MMU uses following mechanism to convert virtual
address to physical address.
The value in the base register is added to every address generated by a user process
which is treated as offset at the time it is sent to memory. For example, if the base
register value is 10000, then an attempt by the user to use address location 100 will be
dynamically reallocated to location 10100.
The user program deals with virtual addresses; it never sees the real physical addresses.
SWAPPING
Swapping is a mechanism in which a process can be swapped temporarily out of main memory
to a backing store , and then brought back into memory for continued execution.
Backing store is a usually a hard disk drive or any other secondary storage which fast in access
and large enough to accommodate copies of all memory images for all users. It must be capable
of providing direct access to these memory images.
Major time consuming part of swapping is transfer time. Total transfer time is directly
proportional to the amount of memory swapped. Let us assume that the user process is of size
100KB and the backing store is a standard hard disk with transfer rate of 1 MB per second. The
actual transfer of the 100K process to or from memory will take
100KB / 1000KB per second
= 1/10 second
= 100 milliseconds
MEMORY ALLOCATION
Main memory usually has two partitions
S.N.
Memory
Allocation
Multiplepartition
allocation
Description
1)Uniprogramming: In this Scheme the RAM is partitioned into two parts .One Portion is
for the Operating system to reside and the second part is for the user. In this scheme a
fence register is used which contains the last word address of the OS part. Operating
system will compare the user data address with the fence register and if it is different that
means user is not entering in the OS area. Fence register is also called
boundary register and is used to prevent user from entering in the OS Area.
In this scheme CPU utilization is very poor and fence multiprogramming is used.
Fragmentation:
1)Internal: Partial or Incomplete usage of a block of memory
2)External: Entire block of available memory cannot be used.
b)Non Contiguous Allocation(Virtual Memory): To provide ease to the user and at the
same time increase the CPU utilization we use the concept of virtual memory. In this system
Operating system is giving illusion to the user such that
1)user can write a very big program
2)user thinks that its entire program is present in the RAM
3)All the space allocated to the user is contiguous
4)User address starts from all 0s.
In reality only a small portion of the user program is in RAM which may or may not be
contiguous while the remaining program is in secondary storage.
Advantages:1)provides ease to the user as the user thinks that he has plenty of memory
which is contiguous.
2)provides benefits to the system as the degree of multiprogramming is maintained. No
fragmentation.
FRAGMENTATION
As processes are loaded and removed from memory, the free memory space is broken into
little pieces. It happens after sometimes that processes can not be allocated to memory blocks
considering their small size and memory blocks remains unused. This problem is known as
Fragmentation.
Fragmentation is of two types
S.N. Fragmentation
Description
External
fragmentation
Internal
fragmentation
External fragmentation can be reduced by compaction or shuffle memory contents to place all
free memory together in one large block. To make compaction feasible, relocation should be
dynamic.
PAGING
External fragmentation is avoided by using paging technique. Paging is a technique in which
physical memory is broken into blocks of the same size called pages (size is power of 2,
between 512 bytes and 8192 bytes). When a process is to be executed, it's corresponding pages
are loaded into any available memory frames.
Logical address space of a process can be non-contiguous and a process is allocated physical
memory whenever the free memory frame is available. Operating system keeps track of all free
frames. Operating system needs n free frames to run a program of size n pages.
Address generated by CPU is divided into
Page number (p) -- page number is used as an index into a page table which contains
base address of each page in physical memory.
Page offset (d) -- page offset is combined with base address to define the physical
memory address.
SEGMENTATION
Segmentation is a technique to break memory into logical pieces where each piece represents a
group of related information. For example ,data segments or code segment for each process,
data segment for operating system and so on. Segmentation can be implemented using or
without using paging.
Unlike paging, segment are having varying sizes and thus eliminates internal fragmentation.
External fragmentation still exists but to lesser extent.
Segment number (s) -- segment number is used as an index into a segment table which
contains base address of each segment in physical memory and a limit of segment.
Segment offset (o) -- segment offset is first checked against limit and then is combined
with base address to define the physical memory address.
When we wants to execute any programs then that programs must be brought from the
physical memory into the logical memory. So that we uses the concept of the memory
management. this is the responsibility of the operating system to provide the memory spaces
to each and every program. Also manage which process will be executed at that time.
Operating system translates the physical address into the logical address, if he wants to
perform the operation, then he must translate the physical address into the logical address.
This is the also known as binding. Means when a physical address is mapped or convert into the
logical address, and then this is called as the binding.
There is also a concept which is also known as the dynamic loading, in this a program doesnt
reside into the memory of the computer and we must have to load that process for processing.
So that when a process is loaded only when a request has found, then it is called as the loading
of the process.
MEMORY MANAGEMENT REQUIREMENTS
Relocation
Programmer does not know where the program will be placed in memory when
it is executed
While the program is executing, it may be swapped to disk and returned to main
memory at a different location (relocated)
Memory references must be translated in the code to actual physical memory
address
Protection
Processes should not be able to reference memory locations in another process
without permission
Impossible to check absolute addresses in programs since the program could be
relocated
Must be checked during execution
Operating system cannot anticipate all of the memory references a
program will make
Sharing
Allow several processes to access the same portion of memory
Better to allow each process (person) access to the same copy of the program
rather than have their own separate copy
Logical Organization
Programs are written in modules
Modules can be written and compiled independently
Contiguous allocation:The contiguous allocation means the memory spaces is divided into the small and equal size
and the different process uses the various partitions for running their applications process. And
when a request has found then the process will allocate the space. And in this the contiguous
spaces is provided to each and every process. Means all the process will reside in the memory
of the computer and when a process will request for the memory then this available memory or
free memory will be allotted to him.
But there will be problem when the memory which is required by the process is not enough
for him or when the size of memory is less which is required for the process. So this problem is
also known as the internal fragmentation. The main reason for the internal fragmentation is, all
the memory is divided into the fixed and continuous sizes. So that if a process requires large
memory then that process will not be fit into the small area.
The second problem is also occurred in the continues allocation. This is also known as the
external fragmentation. In this when the memory is not enough after combing the multiple
parts of single memory. In this when the required memory is high after combining the various
areas of memory then this is called as external fragmentation. So there are the following
problems arise when we use the contiguous memory allocation.
1) Wasted memory: the wasted memory is that memory which is unused and which cant be
given to the process. When the various process comes which require memory which is not
available this is called as the wasted memory.
2) Time complexity: there is also wastage of time for allocating and de-allocating the memory
spaces to the process.
3) Memory access there must be some operations those are performed for providing the
memory to the processes.
As we know that operating system is that which executes the system and the operating system
is the software which is responsible for running all the user programs so that generally memory
is divided in to the two parts, first part is used by the operating system and the second part is
used by the user programs and there may be some situations that the memory size of the
operating system may be higher from the user memory and also vice versa.
So that there must be some mechanism in which a user cant access the data of the operating
system and there must be some mechanism. That mechanism contains two types of registers.
1) Relocation register: the relocation register is the smallest register which contains the
smallest value of the physical address.
2) Limit register: the limit register is that which contains the highest values of the address of
physical memory.
When we use the static memory allocation then all the memory is provided to the various
process will be in the continuous form and when any process ends then the memory of that
process will not be allotted to any new join process, because memory is already to all the
processes, so this will create the problem of internal fragmentation means there is not
enough memory available, which can be allocated to the processes, so that we uses the
dynamic memory allocation, in this memory which is allocated by the processes in the form of
needs and dynamic demands of the process and in this when a process ends then the memory
of that process will be provided to the process which is newly join and the memory is provided
to the process by using the compaction means after providing the memory space to each and
every process , this will refresh the memory or will uses the process of compaction and in this
all the free memory will make a single large memory so that the memory will be provided to the
process those are newly created.
For providing the memory to the various processes there are three methods or techniques1) First fit: in the first fit the operating system will search for the free memory or available
memory from the entire memory and this will select the first area or first part of the memory
and in this first part which is large enough for the process will be provided to the process.
2) Best fit: in this operating system will search for the memory area which is small as well as
enough for the process. Will be provided to the process. And in this all the memory holes or
parts are arranged in to the sorted order and the operating system will search for the best
whole means this will search for the smallest hole or part from the memory.
3) Worst fit : in the worst fit we uses the largest hole for the process and in this the memory
area which is large enough means which is greater from the required area will be allocated to
the process.
Memory partitioning is the way to distribute the Kernel and User Space Area in Memory.
Paging is actually a minimum memory, which can be swap in and swap out from Memory. In
modern Server operating systems, we can use Multiple Page Size Support. That actually helps to
tune OS performance, depending on type of applications.
Paging solves the problem of External Fragmentation
The Demand Paging is also same with the Simple Paging. But the Main Difference is that in the
Demand Paging Swapping is used. Means all the Pages will be in and out from the Memory
when they are required. When we specify a Process for the Execution then the Processes is
stored firstly on the Secondary Memory which is also known as the Hard Disk.
But when they are required then they are Swapped Backed into the Memory and when a
Process is not used by the user then they are Temporary Swapped out from the Memory.
Means they are Stored on the Disk and after that they are Copied into the Memory.
So Demand Paging is the Concept in which a Process is Copied into the Logical Memory from
the Physical Memory when we needs them. A Process can load either Entire, Copied into the
Main Memory or the part of single Process is copied into the Memory so that is only the single
Part of the Process is copied into the Memory then this is also called as the Lazy Swapping.
For Swapping the Process from the Main Memory or from the Physical Memory, a Page Table
must be used. The Page Table is used for Storing the Entries which Contains the Page or Process
Number and also the offset Number which indicates the address of the Process where a Process
is Stored and there will also be the Special or Extra Bit which is also Known as the Flag Bit which
indicates whether the Page is Stored into the Physical Memory.
The Page Table Contains two Entries those are used as valid and invalid means whether the
Process is Stored into the Page Table. Or Whether the Demand Program is Stored into the
Physical Memory So that they can be easily swapped. If the Requested Program is not stored
into the Page Table then the Page Table must Contains the Entries as v and I means valid and
invalid along the Page Number.
When a user Request for any Operation then the Operating System perform the following
instructions:1) First of all this will fetch all the instructions from the Physical Memory into the Logical
Memory.
2) Decode all the instructions means this will find out which Operation has to be performed on
the instructions.
3) Perform Requested Operation.
4) Stores the Result into the Logical Memory and if needed the Results will be Stored into the
Physical Memory.
As we know that a Computer is designed for Performing the Multiple Tasks at a Time
and for this Some Memory is also used by the Computer for executing the instructions those
are given by the user. But when there is a Situation when the Memory which is required by the
user is high from the Available Memory.
So that the Logical Memory will be treat as the Permanent Memory or from the Physical
Memory. And when we wants to display the size of Logical Memory big enough which is not
actually Exists. So at that situation we will use the Concept of Virtual Memory.
PAGING VS SEGMENTATION
Paging Computer memory is divided into small partitions that are all the same size and
referred to as, page frames. Then when a process is loaded it gets divided into pages which are
the same size as those previous frames. The process pages are then loaded into the frames.
Segmentation Computer memory is allocated in various sizes (segments) depending on the
need for address space by the process. These segments may be individually protected or shared
between processes. Commonly you will see what are called Segmentation Faults in programs,
this is because the data thats is about to be read or written is outside the permitted address
space of that process.
So now we can distinguish the differences and look at a comparison between the two:
Paging:
Transparent to programmer (system allocates memory)
No separate protection
No separate compiling
No shared code
Solves the problem of external fragmentation
Segmentation:
Involves programmer (allocates memory to specific function inside code)
Separate compiling
Separate protection
Share code
Solves the problem of internal fragmentation
VIRTUAL MEMORY
In the Virtual Memory the Physical Memory will be treated as the Logical Memory.
Means with the help of virtual Memory we can also increase the size of Logical Memory as from
the Physical Memory. A user will see or feels that all the Programs are running into the Logical
Memory of the Computer. With the help of virtual Memory all the Space of Hard Disk can be
used as the Logical Memory So that a user can execute any Number of programs. The various
benefits of the virtual Memory are :1) Unused Address space: With the help of Unused Address Space a user can execute
any number of programs because all the actual Addresses will be treated as the logical
Addresses. All the Programs those are given by the user will be Stored into the Disk Space and
all the Programs will be Stored into the Physical Address Space but they will treat as they are
Stored into the Logical Address Space.
2) Increased degree of Multiprogramming: - With the help of Virtual Memory we can
Execute Many Programs at a Time because Many Programs can be fit in the Physical
Memory So that More Programs can be Stored into the Memory but this will not
increase the Response Time of the CPU Means this will not affect on the Execution of
the Programs.
3) Decrease Number of I/O Operations: There will be less Operations those are to be used
for performing the Swapping of the Processes. All the Programs will be automatically
will be loaded into the Memory when they are needed.
But always remember that the Whole Programs are never to be Copied into the Memory
Means all the Programs will be Copied into the Form of Pages Means the Parts of the
Programs.
A Virtual Memory system has the advantage of allowing more processes to run than the
allowed memory size. This is achieved by only including parts of processes that are necessary to
run in memory, and the rest on disk. The absolute minimum part of a process that must always
be in memory is called its working set. Usually, a program doesn't need to have its entire binary
file in memory to run when it is performing a task that only uses part of its file. What this means
is that, say, a 16MB program could happily run on a machine with only 4MB of memory.
When a process runs, it is given its very own virtual address space, which is a block of memory
addresses. The start and end of this address space is not necessarily the same as how it is
actually stored in the physical address space in the real memory. Some mapping has to go on in
between. This is the job of the Memory Management Unit (MMU), which is part of the CPU
(usually a chip or module) and sits between the CPU and the system bus. All memory calls
between the CPU and main memory go through the MMU where they are translated either
from virtual addresses to physical addresses or the other way around.
Giving each process a virtual address space that is not a direct chunk of main memory means
that the total size of all processes' address spaces is not limited by the size of the physical
memory. Each process's address space, which in this case is its virtual address space, can be as
big as the entire address space in physical memory if it wants.
Virtual Memory can be implemented in one of two ways:
-Paging
-Segmentation
Paging
During memory referencing, the consecutive addresses in the virtual address space that are
referenced are called pages. The corresponding range of consecutive addresses in the real,
physical memory are called page frames. Each page and its corresponding page frame must
have the same size. The area on a Hard Disk that stores page frames (or memory images) is
usually called the paging file or the swap file.
A page table is maintained at all times by the MMU to store mappings of pages in virtual
memory to page frames in physical memory. Each process has its own virtual address space,
and therefore, must have its own page table. The mapping of virtual-to-physical addresses is
done on every single memory reference, which can slow things down considerably. A process
can no longer directly access memory, but has to go through the MMU and have the address it
is trying to access translated to physical first.
The blue numbers in the virtual address space pages refer to the page frames that they are
mapped to. Those with X's in them are not mapped to any page frames in physical memory,
therefore, accessing them would cause a page fault.
Table Lookup Buffers (TLB) were devised as a means of getting around this problem. A TLB can
be seen as a cache that stores the most frequently accessed pages. Each entry in a TLB contains
a page (virtual), its corresponding page frame (physical) as well as other data. A memory
reference can now first check the TLB and if it finds the page it is trying to access, it can
completely bypass the page table.
When the MMU tries to access a page that is non-existent, an exception is thrown called a page
fault. Remember that a program's complete image is always on disk, so what the MMU does to
resolve this problem is to copy out a page from memory to disk to make room for copying in
the missing page. There are several algorithms for determining which page to move out such as
Least Recently Used (LRU), Least Frequently Used (LFU), First In First Out (FIFO).
Segmentation
There are two main issues with the paging approach: 1. pages are fixed sizes and 2. pages are
contiguous, i.e. they sit next to each other in the virtual address space.
What this means is that there is no room for individual pages to dynamically expand and
contract at will or they would bump into other pages.
Segmentation resolves both issues by maintaining completely independent segments that all
start at address 0 up to a maximum value. If the first segment goes from 0 to 200, the next
segment may go from 0 to 10, and not 200 to 210. This means that that code that makes use of
segmentation must reference it as such:
virtual_address
=
(s,
//s is the segment number, and ra is the address within the segment
ra)
The virtual address space is no longer one-dimensional as with paging, but two-dimensional,
which is why every memory reference must be relative to a segment number. In segmentation,
address spaces are not linear. The biggest advantage of segmentation is that it allows libraries
to be shared between processes, simply because bits of code can be broken up and stored in
individual address spaces. Not only does this give greater flexibility to the programmer and
organizing code, but it also aids in sharing.
So how are segments protected from interfering with one another? The answer is: with the use
of two hardware registers called base and limit that the MMU maintains for each segment. The
base register points to a segment's start address (usually 0) and the limit register points to its
last address. A process can never access an address that is larger then it's limit register.
In conclusion
Segmented Virtual Memory allows for the protection and relocation of processes' memory
segments as well as the sharing of libraries between processes. Paged Virtual Memory
additionally allows the Virtual Memory's size to exceed the maximum size of the physical
memory since it puts only parts of a program that are required for a task in memory whilst the
rest is kept on disk.
Swapping out, from memory to disk, of idle or blocked processes makes room for other
processes that would like to run and thus, is an efficient way of utilizing memory.
If you found my explanation of Virtual Memory confusing, then please take a look here
for an alternative explanation. Hopefully, both will give you a better understanding of
Virtual Memory.
OS handles I/O device data spooling as devices have different data access rates.
OS maintains the spooling buffer which provides a waiting station where data can rest
while the slower device catches up.
Advantages
Spooling is capable of overlapping I/O operation for one job with processor operations
for another job.
Security Tips
Flaws in the operating systems of computers are discovered almost daily. The majority of
viruses take advantage of these flaws to infect your computer. Once a virus enters your system,
it can potentially cause devastating damage. To avoid contracting a virus, you should take the
following basic precautions:
Software Updates - Make sure that the software on your computer is regularly updated. By
doing so, most viruses can be avoided. We recommend setting your computer to check for
software updates automatically.
Firewall - Run a firewall program on your computer. A firewall is a device or program that
blocks undesired Internet traffic, including viruses, from accessing your computer. Both
Windows and Mac OS X have built-in firewall programs that are easy to set up. By blocking
unwanted Internet traffic, a lot of viruses and bugs can be stopped dead in their tracks!
Account Management - Manage the user accounts on your computer, so you can control
exactly who can log into your machine. Especially on Windows XP machines, it is easy to
accidentally leave your computer wide open to unauthorized users.
Antivirus Software - Use your antivirus software to scan for viruses as files are being launched.
PROTECTION
Multiprogramming involves the sharing of many resources, including processor,
memory, I/O devices, programs, and data. Protection of such resources runs
along the following spectrum:
No protection may be adequate e.g. if sensitive procedures are run at separate
times.
Isolation implies that entities operate separately from each other in the physical
sense.
Share all or nothing implies that an object is either totally private or totally
public.
Share via access limitation implies that different entities enjoy different
levels of access to an object, at the gift of the owner. The OS acts as a
guard between entities and objects to enforce correct access.
Share via dynamic capabilities extends the former to allow rights to be
varied dynamically.
Limit use of an object implies that not only is access to the object controlled,
the use to which it may be put also varies across entities.
The above spectrum is listed roughly in order of increasing fineness of control
for owners, and also increasing difficulty of implementation.
INTRUDERS
Intruders and viruses are the two most publicised security threats. We identify
three classes of intruders:
A masqueradoris an unauthorised individual (an outsider) who penetrates
a system to exploit legitimate users accounts.
A misfeasor is a legitimate user (an insider) who accesses resources to which
TRUSTED SYSTEMS
So far we have discussed protecting a given resource from attack by a given user.
Another requirement is to protect a resource on the basis of levels of security,
e.g. the military-style system, where users are granted clearance to view certain
categories of data.
This is known as multi-level security. The basic principle is that a subject at
a higher level may not convey information to a subject at a lower level against
the wishes of the authorised user. This principle has two facets:
No read-up implies that a subject can only read objects of less or equal
security level.
No write-down implies that a subject can only write objects of greater or
equal security level.
These requirements are implemented by a reference monitor, which has three
roles:
Complete mediation implies that rules are imposed on every access.
Isolation implies that the monitor and database are protected from unauthorised
modification.
Verifiability implies that the monitor is provably correct.
Such a system is known as a trusted system. These requirements are very
difficult to meet, both in terms of assuring correctness and in terms of delivering
adequate performance.
PROTECTION AND SECURITY DESIGN PRINCIPLES
Saltzer and Schroeder (1975) identified a core set of principles to operating
system security design:
Least privilege: Every object (users and their processes) should work within
a minimal set of privileges; access rights should be obtained by explicit
request, and the default level of access should be none.
Economy of mechanisms: security mechanisms should be as small and
simple as possible, aiding in their verification. This implies that they should
be integral to an operating systems design, and not an afterthought.
Acceptability: security mechanisms must at the same time be robust yet
non-intrusive. An intrusive mechanism is likely to be counter-productive
and avoided by users, if possible.
Complete: Mechanisms must be pervasive and access control checked during
all operations including the tasks of backup and maintenance.
Open design: An operating systems security should not remain secret, nor
be provided by stealth. Open mechanisms are subject to scrutiny, review,
and continued refinement.
Goals of Protection
Obviously to prevent malicious misuse of the system by users or programs. See chapter
15 for a more thorough coverage of this goal.
To ensure that each shared resource is used only in accordance with
system policies, which may be set either by system designers or by system
administrators.
To ensure that errant programs cause the minimal amount of damage possible.
Note that protection systems only provide the mechanisms for enforcing policies and
ensuring reliable systems. It is up to administrators and users to implement those
mechanisms effectively.
The principle of least privilege dictates that programs, users, and systems be given just
enough privileges to perform their tasks.
This ensures that failures do the least amount of harm and allow the least of harm to be
done.
For example, if a program needs special privileges to perform a task, it is better to make
it a SGID program with group ownership of "network" or "backup" or some other
pseudo group, rather than SUID with root ownership. This limits the amount of damage
that can occur if something goes wrong.
Typically each user is given their own account, and has only enough privilege to modify
their own files.
The root account should not be used for normal day to day activities - The System
Administrator should also have an ordinary account, and reserve use of the root account
for only those tasks which need the root privileges
Rings are numbered from 0 to 7, with outer rings having a subset of the
privileges of the inner rings.
Each file is a memory segment, and each segment description includes an entry
that indicates the ring number associated with that segment, as well as read,
write, and execute privileges.
Each process runs in a ring, according to the current-ring-number, a counter
associated with each process.
A process operating in one ring can only access segments associated with higher
( farther out ) rings, and then only according to the access bits. Processes cannot
access segments associated with lower rings.
Domain switching is achieved by a process in one ring calling upon a process
operating in a lower ring, which is controlled by several factors stored with each
segment descriptor:
o An access bracket, defined by integers b1 <= b2.
o A limit b3 > b2
o A list of gates, identifying the entry points at which the segments may be
called.
If a process operating in ring i calls a segment whose bracket is such that b1 <= i
<= b2, then the call succeeds and the process remains in ring i.
Otherwise a trap to the OS occurs, and is handled as follows:
o If i < b1, then the call is allowed, because we are transferring to a
procedure with fewer privileges. However if any of the parameters being
passed are of segments below b1, then they must be copied to an area
accessible by the called procedure.
o If i > b2, then the call is allowed only if i <= b3 and the call is directed to
one of the entries on the list of gates.
Overall this approach is more complex and less efficient than other protection
schemes.
PROTECTION MODELS
n Access control lists
n Capability based models
n Role based models
The model of protection that we have been discussing can be viewed as an access
matrix, in which columns represent different system resources and rows represent
different protection domains. Entries within the matrix indicate what access that
domain has to that resource.
Domain switching can be easily supported under this model, simply by providing
"switch" access to other domains:
The ability to copy rights is denoted by an asterisk, indicating that processes in that
domain have the right to copy that access within the same column, i.e. for the same
object. There are two important variations:
o If the asterisk is removed from the original access right, then the right
is transferred, rather than being copied. This may be termed a transfer right as
opposed to a copy right.
o If only the right and not the asterisk is copied, then the access right is added to
the new domain, but it may not be propagated further. That is the new domain
does not also receive the right to copy the access. This may be termed a limited
copy right, as shown in Figure 14.5 below:
The owner right adds the privilege of adding new rights or removing existing ones:
Copy and owner rights only allow the modification of rights within a column. The
addition of control rights, which only apply to domain objects, allow a process operating
in one domain to affect the rights available in other domains. For example in the table
below, a process operating in domain D2 has the right to control any of the rights in
domain D4.
In a similar fashion, each row of the table can be kept as a list of the capabilities
of that domain.
Capability lists are associated with each domain, but not directly accessible by
the domain or any user process.
Capability lists are themselves protected resources, distinguished from other
data in one of two ways:
o A tag, possibly hardware implemented, distinguishing this special type of
data. ( other types may be floats, pointers, booleans, etc. )
o The address space for a program may be split into multiple segments, at
least one of which is inaccessible by the program itself, and used by the
operating system for maintaining the process's access right capability list.
To refine protection even further requires putting protection capabilities into the
hands of individual programmers, so that protection policies can be
implemented on the application level, i.e. to protect resources in ways that are
known to the specific applications but not to the more general operating system.
Fragmentation occurs in a dynamic memory allocation system when many of the free blocks
are too small to satisfy any request.
External Fragmentation: External Fragmentation happens when a dynamic memory allocation
algorithm allocates some memory and a small piece is left over that cannot be effectively used.
If too much external fragmentation occurs, the amount of usable memory is drastically
reduced. Total memory space exists to satisfy a request, but it is not contiguous.
Internal Fragmentation: Internal fragmentation is the space wasted inside of allocated memory
blocks because of restriction on the allowed sizes of allocated blocks. Allocated memory may be
slightly larger than requested memory; this size difference is memory internal to a partition, but
not being used
External Fragmentation total memory space exists to satisfy a request, but it is not
contiguous
Internal Fragmentation allocated memory may be slightly larger than requested
memory; this size difference is memory internal to a partition, but not being used
Reduce external fragmentation by compaction
Shuffle memory contents to place all free memory together in one large block
Compaction is possible only if relocation is dynamic, and is done at execution
time
I/O problem
Latch job in memory while it is involved in I/O
Do I/O only into OS buffers
Types of Memory
Hierarchical layering
registers
cache
primary (main) memory
secondary (backing store, local disk) memory
file servers (networked storage)
small amount of fast, expensive memory cache
REFERENCE STRING
The string of memory references is called reference string. Reference strings are generated
artificially or by tracing a given system and recording the address of each memory reference.
The latter choice produces a large number of data, where we note two things.
For a given page size we need to consider only the page number, not the entire address.
Oldest page in main memory is the one which will be selected for replacement.
Easy to implement, keep a list, replace pages from the tail and add new pages at the
head.
An optimal page-replacement algorithm has the lowest page-fault rate of all algorithms.
An optimal page-replacement algorithm exists, and has been called OPT or MIN.
Replace the page that will not be used for the longest period of time . Use the time
when a page is to be used.
Page which has not been used for the longest time in main memory is the one which will
be selected for replacement.
Easy to implement, keep a list, replace pages by looking back into time.
Write new page in the frame of free pool, mark the page table and restart the process.
Now write the dirty page out of disk and place the frame holding replaced page in free
pool.
Page with the smallest count is the one which will be selected for replacement.
This algorithm suffers from the situation in which a page is used heavily during the initial
phase of a process, but then is never used again.
This algorithm is based on the argument that the page with the smallest count was
probably just brought in and has yet to be used.
I/O PORT
An I/O port typically consists of four registers, called the status , control, data-in, and data-out
registers.
S.N. Register & Description
Status
Register
The status register contains bits that can be read by the host. These bits indicate states
such as whether the current command has completed, whether a byte is available to be
read from the data-in register, and whether there has been a device error.
Control
register
The control register can be written by the host to start a command or to change the mode
of a device. For instance, a certain bit in the control register of a serial port chooses
between full-duplex and half-duplex communication, another enables parity checking, a
third bit sets the word length to 7 or 8 bits, and other bits select one of the speeds
supported by the serial port.
Data-in
The data-in register is read by the host to get input.
register
Data-out
The data out register is written by the host to send output.
register
BUS :The bus that connects the CPU to main memory on the motherboard. I/Obuses, which connect
the CPU with the systems other components, branch off of the system bus.
The system bus is also called the frontside bus, memory bus, local bus, or host bus.
A collection of wires through which data is transmitted from one part of acomputer to another.
You can think of a bus as a highway on which data travels within a computer. When used in
reference to personal computers, the term bus usually refers to internal bus. This is a bus that
connects all the internal computer components to the CPU and main memory. There's also
anexpansion bus that enables expansion boards to access the CPU and memory.
All buses consist of two parts -- an address bus and a data bus. The data bus transfers actual
data whereas the address bus transfers information about where the data should go.
The size of a bus, known as its width, is important because it determines how much data can be
transmitted at one time. For example, a 16-bit bus can transmit 16 bits of data, whereas a 32bit bus can transmit 32 bits of data.
Every bus has a clock speed measured in MHz. A fast bus allows data to be transferred faster,
which makes applications run faster. On PCs, the old ISA bus is being replaced by
faster buses such as PCI.
Nearly all PCs made today include a local bus for data that requires especially fast transfer
speeds, such as video data. The local bus is a high-speed pathway that connects directly to
the processor. Several different types of buses are used on Apple Macintosh computers. Older
Macs use a bus calledNuBus, but newer ones use PCI.
In networking, a bus is a central cable that connects all devices on a local-area network (LAN).
It is also called the backbone.
POLLING
Polling is a process by which a host waits for controller response.It is a looping process, reading
the status register over and over until the busy bit of status register becomes clear. The
controller uses/sets the busy bit when it is busy working on a command, and clears the busy bit
when it is ready to accept the next command. The host signals its wish via the command-ready
bit in the command register. The host sets the command-ready bit when a command is
available for the controller to execute.
In the following example, the host writes output through a port, coordinating with the
controller by handshaking
The host repeatedly reads the busy bit until that bit becomes clear.
The host sets the write bit in the command register and writes a byte into the data-out
register.
When the controller notices that the command-ready bit is set, it sets the busy bit.
The controller reads the command register and sees the write command.
It reads the data-out register to get the byte, and does the I/O to the device.
The controller clears the command-ready bit, clears the error bit in the status register to
indicate that the device I/O succeeded, and clears the busy bit to indicate that it is
finished.
I/O DEVICES
I/O Devices can be categorized into following category.
S.N. Category & Description
Human
readable
Human Readable devices are suitable for communicating with the computer user.
Examples are printers, video display terminals, keyboard etc.
Machine
readable
Machine Readable devices are suitable for communicating with electronic equipment.
Examples are disk and tape drives, sensors, controllers and actuators.
Communication
Communication devices are suitable for communicating with remote devices. Examples
are digital line drivers and modems.
Data rate
There may be differences of several orders of magnitude between the data transfer rates.
Application
Different devices have different use in the system.
Complexity of Control
A disk is much more complex whereas printer requires simple control interface.
Unit of transfer
Data may be transferred as a stream of bytes or characters or in larger blocks.
Data representation
Error Conditions
The nature of errors differs widely from one device to another.
Step Description
1
DMA controller transfers bytes to buffer, increases the memory address, decreases the
counter C until C becomes zero.
DEVICE CONTROLLERS
A computer system contains a many types of I/O devices and their respective controllers
network card
graphics adapter
disk controller
DVD-ROM controller
serial port
USB
sound card
I/O SOFTWARE
INTERRUPTS
The CPU hardware uses an interrupt request line wire which helps CPU to sense after executing
every instruction. When the CPU checks that a controller has put a signal on the interrupt
request line, the CPU saves a state, such as the current value of the instruction pointer, and
jumps to the interrupt handler routine at a fixed address. The interrupt handler part determines
the cause of the interrupt, performs the necessary processing and executes a interrupt
instruction to return the CPU to its execution state.
The basic mechanism of interrurpt enables the CPU to respond to an asynchronous event, such
as when a device controller become ready for service. Most CPUs have two interrupt request
lines.
non-maskable interrupt - Such kind of interrupts are reserved for events like
unrecoverable memory errors.
maskable interrupt - Such interrupts can be switched off by the CPU before the
execution of critical instructions that must not be interrupted.
The interrupt mechanism accepts an address - a number that selects a specific interrupt
handling routine/function from a small set.In most architectures, this address is an offset stored
in a table called the interrupt vector table. This vector contains the memory addresses of
specialized interrupt handlers.
Speed of operation - Device speeds may range from a few bytes per second to a few
gigabytes per second.
Read-write, read only, or write only - Some devices perform both input and output, but
others support only one data direction that is read only.
CLOCKS
Clocks are also called timers. The clock software takes the form of a device driver though a
clock is neither a blocking device nor a character based device. The clock software is the clock
driver. The exact function of the clock driver may vary depending on operating system.
Generally, the functions of the clock driver include the following.
S.N. Task
Description
comes up to speed.
Scheduling - Kernel schedules a set of I/O requests to determine a good order in which
to execute them. When an application issues a blocking I/O system call, the request is
placed on the queue for that device. The Kernel I/O scheduler rearranges the order of
the queue to improve the overall system efficiency and the average response time
experienced by the applications.
Buffering - Kernel I/O Subsystem maintains a memory area known as buffer that stores
data while they are transferred between two devices or between a device with an
application operation. Buffering is done to cope with a speed mismatch between the
producer and consumer of a data stream or to adapt between devices that have
different data transfer sizes.
Caching - Kernel maintains cache memory which is region of fast memory that holds
copies of data. Access to the cached copy is more efficient than access to the original.
Spooling and Device Reservation A spool is a buffer that holds output for a device, such
as a printer, that cannot accept interleaved data streams. The spooling system copies
the queued spool files to the printer one at a time. In some operating systems, spooling
is managed by a system daemon process. In other operating systems, it is handled by an
in kernel thread.
Error Handling An operating system that uses protected memory can guard against
many kinds of hardware and application errors.
Kernel provided many services related to I/O. The several services. (1) Scheduling (2) Buffering
(3) Caching (4) Spooling
(5) Device reservation and
(6) Error handling are provided by Lhe Kernels I/O subsystems.
1) I/O scheduling: To schedule a set of-I/O requests means to determine a good order in which to
execute them. The order in which applications issue system calls rarely is the best choice.
Scheduling can improve overall system performance, can share device access fairly among
processes and can reduce the average waiting time for I/O to complete.
Operating system developers implement scheduling by maintaining a queue of requests for each
device. When an application issues a blocking I/O system call, the request is placed on the queue
for that device. The I/O sub system improves the efficiency of the computer is by scheduling I/O
operations.
2) Buffering: A Buffer is a memory area that stores data while they are transferred between two
devices (or) between a device and an applications. Buffering is done fore three reasons.
One reason is to cope with a speed mismatch between the producer and consumer of a data
stream. For example that a file is being received via modem for storage on the hard disk. The
modem is about a thousand times slower than the hard disk. So a buffer is created in main
memory to accumulate the bytes received from the modem. When an entire buffer ot data has
arrived, the buffer can be written to disk in a single operation.
A second use of buffering is to adapt between devices that have different data transfer sizes.
Such disparities are especially common in computer networking. Where buffers are used widely
for fragmentation and reassembly of messages. At the sending side, a large message is
fragmented into small network packets. The packets are sent over the network, and the receiving
side places them in a reassembly buffer to form an image of the source data.
A third use of buffering is to support copy semantics for application I/O. A example will clarify
the meaning of copy semantics. Suppose that an application has a buffer of data that it wishes to
write to disk.
3) Caching: A cache is a region of fast memory that holds copies of data. Access to the cached
copy is more efficient than access to the original. For instance the instructions of the currently
running process are stored on disk, cached in physical memory and copied again in the CPUs
secondary and primary caches. The difference between a buffer and a cache is that a buffer may
hold the only existing copy of a data item, where as a cache, by definition, just holds a copy an
faster storage of an item that resides else where.
4) Spooling and Device reservation: A spool is a buffer that holds output for a device, such as a
printer that cannot accept inter level data streams. Although a printer can serve only one job at a
time, several applications may wish to print their output mixed together. The operating system
solves this problem by intercepting all output to the printer. Each applications output is spooled
to a separate disk file. When an application finishes printing, the spooling system queues the
corresponding spool file for output to the printer. The spooling system copies the queued spool
flies to the printer one at a time.
5)Error Handling: An operating system that uses protected memory can guard against many
kinds of hardware and application errors. So that a complete system failure is not the usual result
of each minor mechanical glitch. Devices and I/O transfers can fail in many ways, either for
transient reasons, such a network becoming overloaded (or) for permanent reasons such as a
disk controller becoming detective. Operating systems can often compensate effectively for
transient failures. For instance, a disk read ( ) failure results in a read ( ) retry, and a network
send ( ) error results in a resend ( ), if the protocol so specifies, unfortunately, if an important
component experiences a permanent failure, the operating system is unlikely to recover.
CACHING VS BUFFERING
In general, buffering is the process of holding data in a region of the memory until the
data is transported from one place to another. Buffering is used when moving data between
processes in the computer and in telecommunication. Typically, buffering is required when
there is difference between the speeds in which the data is received and data is processed.
Caching is the process of storing data in a separate place (called the cache) such that they could
be accessed faster if the same data is requested in the future. When some data is requested,
the cache is first checked to see whether it contains that data. If data is already in the cache,
the request can be satisfied faster.
WHAT IS BUFFERING?
Buffering is the process of holding data in a region of the memory until the data is
transported from one place to another. This region of memory that holds the data is called a
buffer. Buffering is used when there is a difference between the speed in which the data is
received and the speed in which the data is processed. Even though buffering can be
implemented using hardware buffers or software buffers, most widely used are the software
buffers. Buffering is widely used in printer spooler, online video streaming and
telecommunication (when transferring data from one device to another). Most of the time,
buffering is done by writing data in to a queue in one speed and reading the data from the
queue in another speed.
WHAT IS CACHING?
Caching is the process of storing data in a separate place (called the cache) such that
they could be accessed faster if the same data is requested in the future. When some data is
requested, the cache is first checked to see whether it contains that data. If data is already in
the cache, it is called a cache hit. Then the data can be retrieved from the cache, which is much
faster than retrieving it from the original storage location. If the requested data is not in the
cache, it is called a cache miss. Then the data needs to be fetched from the original storage
location, which would take a longer time. Caching is used in different places. In the CPU,
caching is used to improve the performance by reducing the time taken to get data from the
main memory. In web browsers, web caching is used to store responses from previous visits to
web sites, in order to make the next visits faster.
DEVICE DRIVER
Device driver is a program or routine developed for an I/O device. A device driver implements
I/O operations or behaviours on a specific class of devices. For example a system supports one
or a number of multiple brands of terminals, all slightly different terminals may have a single
terminal driver. In the layered structure of I/O system, device driver lies between interrupt
handler and device independent I/O software. The job of a device driver are following.
How a device driver handles a request is as follows: Suppose a request comes to read a block N.
If the driver is idle at the time a request arrives, it starts carrying out the request immediately.
Otherwise, if the driver is already busy with some other request, it places the new request in
the queue of pending requests.
Programmed I/O
o I/O mapped input/output
o Memory-mapped input/output
I/O mapped input/ output uses special instructions to transfer data between the
computer system and the outside world .
Memory mapped I/O uses special memory locations in the normal address
space of the CPU to communicate with real world devices.
DMA is a special form of memory mapped I/O where the peripheral device reads
and writes memory without going through the CPU .
To send data to an output device , the CPU simply moves that data to a special
memory location in the I/O address space , if I/O mapped input/output is used or to an address
in the memory address space if memory mapped I/O is used .
To read data from an input device , the CPU simply moves data from the address
(I/O or memory) of that device into the CPU .
The input and output operation looks very similar to a memory read or write
operation except it usually takes more time since peripheral devices are slow in speed than
main memory modules
An I/O port is a device that looks like a memory cell to the computer but
contains connection to the outside world .
And I/O port typically uses a latch . When the CPU writes to the address
associated with the latch , the latch , the latch device captures the data and makes it available
on a set of wires external to the CPU and memory system .
First , the CPU will place the address of the device on the I/O address bus and
with the help of address decoder , a signal generated which will enable the latch .
Next , the CPU will indicate the operation is a write operation by putting the
appropriate signal in CPU write control line .
Then the data to be transferred will be placed in the CPU bus , which will be
stored in the latch for the onward transmission to the device .
Both the address decode and write control lines must be active for the latch to
operate .
The device is identified by putting he appropriate address in the I/O address lines
. The address decoder will generate the signal for the address decode lines . According to the
operation , read or write , it will select either of the latch .
If it is a write operation , then data will be placed in the latch from CPU for
onward transmission to the output device .
If it is in a read operating , the data that are already stored in the latch will be
transferred to the CPU .
A read only( input ) port is simply the lower half of the figure .
In case of I/O mapped I/O , a different address space is used for I/O devices . The
address space for memory is different . In case of memory mapped I/O , same address space is
used for both memory and I/O devices . Some of the memory address space are kept reserved
for I/O devices .
Generally , a given peripheral device will use more than a single I/O port . A
typical pc parallel printer interface , for example , uses three ports , a read/write port , and
input port and an output port .
The read/write port is the data port ( it is read/write to allow the CPU to read the
last ASCII character it wrote to the printer port ).
The input port returns control signals from the printer ; these signals indicate
whether the printer is ready to accept another character , is off-line , is out of paper , etc .
The output port transmits control information to the printer such as whether
data is available to print .
For example , to input a sequence of 20 bytes from an input port and store
these bytes into memory , the CPU must send each value and store it into memory .
For very high-speed I/O devices , this may not be an effective approach to
transfer one byte at a time . Such devices generally contain an interface to the CPUs bus to it
can directly read and write memory .
This is known as direct memory access .Since , the peripheral device accesses
memory directly , without using the CPU as in intermediate device .
This often allows the I/O operation to proceed in parallel with other CPU
operations . Thus , increasing the overall speed of the system .
Note , however , that the CPU and DMA device cannot both use the address and
data buses at the same time .
Therefore , concurrent processing only occurs if the CPU has a cache and is ,
executing code and accessing data found in the cache( so the bus is free ).
I/O COMMANDS :
Read : Causes the I/O module to obtain an item of data from the peripheral
and place it in the internal buffer.
Write : Causes the I/O module to take an item of data
( byte or word ) from the data bus and subsequently transmit the data item
to the peripheral .
Efficiency
o Most I/O devices slow compared to main memory (and the CPU)
Use of multiprogramming allows for some processes to be waiting on I/O
while another process executes
Often I/O still cannot keep up with processor speed
Swapping may used to bring in additional Ready processes; More I/O
operations
OPTIMISE I/O EFFICIENCY ESPECIALLY DISK & NETWORK I/O
The quest for generality/uniformity:
o Ideally, handle all I/O devices in the same way; Both in the OS and in user
applications
o Problem:
Diversity of I/O devices
Especially, different access methods (random access versus stream
based) as well as vastly different data rates.
Generality often compromises efficiency!
o Hide most of the details of device I/O in lower-level routines so that processes
and upper levels see devices in general terms such as read, write, open, close,
lock, unlock
Logical I/O: The logical I/O module deals with device as a logical resource. This module is
concerned with managing general I/O functions on behalf of user processes. It deals
with the device in terms of simple commands such as open, close, read, write.
Device I/O: The requested operations and data are converted into appropriate
sequences of I/O instructions, channel commands. And controller orders. Buffering
techniques may be used to improve utilization.
Scheduling and control : The actual queuing and scheduling of I/O operations
Occurs at this layer, as well as the control of the operations. Thus, interrupts are handled at this
layer and I/O status is collected and reported. This is the layer of software that actually
interacts with the I/O module and hence the device hardware.
The next structure is communication port that looks much the same as the first case. The Only
difference is that the logical I/O module is replaced by communications architecture. The last
one is File system. The layers are
Directory management: At this layer, symbolic file names are converted to identifiers.
The identifiers either refer to the file directly or indirectly through a file descriptor or
index table.
File system: This layer deals with the logical structure of files and with the operations
that can be specified by users, such as open, close, read, write.
. I/O DEVICES
External Devices that are used in I/O with computer systems can be roughly grouped into three
classes
Human readable: Suitable for communicating with the computer user. Eg.Display,
Keyboard, and perhaps other devices such as mouse
Machine Readable: Suitable for communication with electronic equipment Eg. disk ,tape
drives, sensors, controllers, and actuators
Communication: Suitable for communication with remote devices. Eg. Digital line drivers
and modems.
Application: The use of the device on the software and policies in the operating system
and supporting utilities.
For eg. A disk used for files requires the support of file management.
o
Data representation : Different data encoding schemes are used by different device,
including differences in character code and parity conventions
Error conditions : The nature errors, the way in which they are reported, their
consequences, and the available range of responses differ widely from one device to
another
1. The processor controls a peripheral device. This is seen in simple microprocessor- controlled
device.
2. A controller or I/O module is added. The processor uses programmed I/O without interrupts.
3. The same configuration as step 2 is used, but now interrupts are employed. The processor
need not spend time waiting for an I/O operation to be performed, thus increasing efficiency
4. The I/O module is given direct control of memory view DMA. I t can now more a block of data
to or from memory without involving the processor, except at the beginning and end of the
transfer
5. The I/O module is enhanced to become a separate processor, with a specialized instruction.
The CPU directs the I/O processor to execute program in main memory. The I/O processor is to
execute theses instructions without processor intervention.
6. The I/O module has a local memory of its own and is, in fact, a computer in its own right.
With this architecture, a large set of I/O devices can be controlled with minimal processor
involvement. A common use for such architecture has been to control communications with
interactive terminals. The I/O processor takes care of most of the tasks involved in controlling
the terminals.
For all of the modules described in steps 4 through steps 6, the term direct memory access is
appropriate, because all of these types involve direct control of main memory by the I/O
module. Also, the I/O module in step 5 often is referred to as an I/O channel and that in step 6
as an I/O processor
technique is more common and is referred to as cycle stealing, because the DMA unit in effect
steals a bus cycle.
Whether a read or write is requested, using read or write control line between the
processor and the DMA module.
The address of the I/O device involved is communicated on the data lines.
The starting location in memory to read from or write to, communicated on the data
lines and stored by the DMA module in its address register.
The number of words to be read or written, again communicated via the data lines and
stored in the data count register.
The Processor then continues with other work. It has assigned this I/O operation to DMA
module. The DMA module transfers the entire block of data, one word at a time, directly to or
from memory, without going through the processor. When the transfer is complete, the DMA
module sends an interrupt signal to the processor. Thus, the processor is involved only at the
beginning and end of the transfer.
The DMA mechanism can be in different ways. Some possibilities are shown in figure.
Block-oriented devices store information in blocks that are usually of fixed size and
transfers are made one block at a time. Eg.Disk,tape
Stream-oriented devices transfer data in and out as a stream of bytes, with no block
structure. Eg. Terminals, printers, communications port, mouse.
SINGLE BUFFER
The simplest type of buffering is single buffering. When a user process issues and I/O request,
the operating system assigns a buffer in the system portion of main memory to the operation.
For block-oriented devices, the single buffering scheme can be described as follows: Input
transfers are made to the system buffer. When the transfer is complete, the process moves the
block into user space and immediately requests another block.
Without buffering, the execution time per block is essentially T+C. With a single buffer, the time
is max[C, T] +M, Where M is the time required to move the data from the system buffer to user
memory.
DOUBLE BUFFER
An improvement over single buffering can be done by assigning two system buffers to
operation. A process now transfers data to one buffer while the operating system empties the
other. This technique is known as double buffering or buffer swapping.
For block-oriented transfer, we can roughly estimate the execution time as max[C,T].In both
cases(C<= T and C>T) an improvement over single buffering is achieved. Again, this
improvement comes at the cost of increased complexity. For stream-oriented input, there are
two alternative modes of operation. For line-at-a time I/O, the user process need not be
suspended for input or output, unless the process runs ahead of the double buffers. For byteat-a time operation, the double buffer offers no particular advantage over a single buffer of
twice the length.
CIRCULAR BUFFERING
Double buffering may be inadequate if the process performs rapid bursts of I/O. In this case,
the problem can be solved by using more than one buffer. When more than two buffers are
used, the collection of buffers is itself referred to as a circular buffer.
DISK SCHEDULING
In this section, we highlight some of the key issues of the performance of disk system.
SEEK TIME
Seek time is the time required to move the disk arm to the required track. The seek time
consists of two key components: the initial startup time, and the time taken to traverse the
tracks. The traversal time is not a linear function of the number of tracks but includes a startup
time and a settling time.
ROTATIONAL DELAY
Magnetic disks, other than floppy disks, have rotational speeds in the range 400 to 10,000 rpm.
Floppy disks typically rotate at between 300 to 600rpm. Thus the average delay will be between
100 and 200 ms.
TRANSFER TIME
The transfer time to or from the disk depends on the rotation speed of the disk in the following
fashion:
T=b/rN
Where
T=transfer time
B= number bytes to be transferred
N = number of bytes on a track
R= rotation speed, in revolutions per second
Thus the total average access time can be expressed as Ta=Ts+1/2r+b/rN
Where Ts is the average seek time
Eg. Assume a disk with 200 tracks and that the disk request queue has random requests in it.
The requested tracks, in the order received, are 55, 58, 39, 18, 90, 160, 150, 38, 184.
FIFO
SSTF
SCAN
C-SCAN
accessed tracks
accessed tracks
accessed tracks
accessed tracks
traversed
traversed
traversed
traversed
55
45
90
10
150
50
150
50
58
58
32
160
10
160
10
39
19
55
184
24
184
24
18
21
39
16
90
94
90
164
90
72
38
58
32
58
20
160
70
18
20
55
55
150
10
150
132
39
16
39
16
38
112
160
10
38
38
184
146
184
24
18
20
18
32
Average
55.3
Average
27.5
Average
27.8
Average
35.8
seek
seek
seek
seek
length
length
length
length
PRIORITY
With a system based on priority (PRI), the control of the scheduling is outside the control of disk
management. The short batch jobs and interactive jobs are given higher priority than longer
jobs that require longer computation. This type of policy tends to be poor for database systems.
SCAN
With the exception of FIFO, all of the policies can leave some request unfulfilled until the entire
queue is emptied. That is, there may always be new requests arriving that will be chosen before
an existing request. With SCAN, the arm is required to move in one direction only, satisfying all
outstanding requests, until it reaches the last track in that direction or until there are no more
requests in that direction.
C-SCAN
The C-SCAN (circular SCAN) policy restricts scanning to one direction only. Thus, when the last
track has been visited in one direction, the arm is returned to the opposite end of the disk and
the scan begins again. This reduces the maximum delay experienced by new requests. With
SCAN, if the expected time for a scan from inner track to outer track is t, then the expected
service interval for sectors at the periphery is 2t. With C-SCAN, the interval is on the order of t +
s max where s max is the maximum seek time.
they have just completed a task which the operating system previous
requested, such as transfering data between the hard drive and memory.
2. Software Interupts are generated by programs when they want to
request a system call to be performed by the operating system.
3. Traps are generated by the CPU itself to indicate that some error or
condition occured for which assistance from the operating system is
needed.
Interrupts are important because they give the user better control over the computer.
Without interrupts, a user may have to wait for a given application to have a higher
priority over the CPU to be ran. This ensures that the CPU will deal with the process
immediately.
Supervisor mode
o Can execute all machine instructions
o Can reference all memory locations
User mode
o Can only execute a subset of instructions
o Can only reference a subset of memory locations
CPUs rely on the data contained in a couple registers to correctly handle interrupts. One
register holds a pointer to the process control block of the current running process. This
register is set each time a process is loaded into memory. The other register holds a
pointer to a table containing pointers to the instructions in the OS kernel for interrupt
handlers and system calls. The value in this register and contents of the table are set
when the operating system is initialized at boot time.
The CPU performs the following actions in response to an interrupt:
1. Using the pointer to the current process control block, the state and all register
values for the process are saved for use when the process is later restarted.
2. The CPU mode bit is switched to supervisory mode.
3. Using the pointer to the interrupt handler table and the interrupt vector, the
location of the kernel code to execute is determined. The interrupt vector is the
IRQ for hardware interrupts (read from an interrupt controller register) and an
argument to the interrupt assembly language instruction for software interrupts.
4. Processing is switched to the appropriate portion of the kernel.
The CPU uses a table and the interrupt vector to find OS the code to execute in
response to interrupts. A software interrupt is shown here.
As the computer runs, processing switches between user processes and the operating
system as hardware and software interrupts are received.
MASKABLE AND NON-MASKABLE INTERRUPT ;-
The interrupt which can be ignored by the processor ,while performing its operations are called
maskable interrupts. generally maskable interrupts are the interrupts that comes from the
pheripheral devices.
where as the non maskable interrupts are the interrupts which cannot be ignored. generally these
type of interrupts are specified to be software interrupts.
the examples of maskable are: mouseclick,memoryreadetc
the examples of non_maskableare:powerfailure,softwarecorruptedetc
FILE STRUCTURE
File structure is a structure, which is according to a required format that operating system can
understand.
An object file is a sequence of bytes organized into blocks that are understandable by
the machine.
record
A subdivision of a file, containing data related to a single entity.
field
A subdivision of a record containing a single attribute of the entity
which the record describes.
stream of bytes
A file which is regarded as being without structure beyond
separation into a sequential set of bytes.
When operating system defines different file structures, it also contains the code to
support these file structure. Unix, MS-DOS support minimum number of file structure.
FILE TYPE
File type refers to the ability of the operating system to distinguish different types of file such as
text files source files and binary files etc. Many operating systems support many types of files.
Operating system like MS-DOS and UNIX have the following types of files:
ORDINARY FILES
The user can apply various operations on such files like add, modify, delete or even
remove the entire file.
DIRECTORY FILES
These files contain list of file names and other information related to these files.
SPECIAL FILES:
These files represent physical device like disks, terminals, printers, networks, tape drive
etc.
Block special files - data is handled in blocks as in the case of disks and tapes.
DIRECTORY
Directories :-Directories are the mechanism provided by O.S. to keep track of files. A
directory records info a bout the files in the particular partition.
Directory typically contains one entry per file. It may contain Name, Attributes and
Location or
It may contain Name and pointer to Attribute information
There are many types of directory structure in Operating System. They are as follows :1) Single Level Directory
2) Two Level Directory
3) Tree Structured Directory
4) Acyclic Graph Directory
5) General Graph Directory
Acyclic Graph is the graph with no cycles. It allows directories to share sub directories
and files. With a shared file, only one actual file exists, so any changes made by one
person are immediately visible to the another.
IMPLEMEMTATION OF SHARED FILES AND DIRECTORIES
i) To create a link
. A link is effectively a pointer to another file or sub directory.
. Duplicate all the information about them in both sharing directories.
ii) Deleting a link
. Deletion of the link will not effect the original file, only link is removed.
. To preserve the file until all references to it are deleted.
Sequential access
Direct/Random access
SEQUENTIAL ACCESS
A sequential access is that in which the records are accessed in some sequence i.e the
information in the file is processed in order, one record after the other. This access method is
the most primitive one. Example: Compilers usually access files in this fashion.
DIRECT/RANDOM ACCESS
Each record has its own address on the file with by the help of which it can be directly
accessed for reading or writing.
The records need not be in any sequence within the file and they need not be in
adjacent locations on the storage medium.
An index is created for each file which contains pointers to various blocks.
Index is searched sequentially and its pointer is used to access the file directly.
Contiguous Allocation
Linked Allocation
Indexed Allocation
CONTIGUOUS ALLOCATION
Easy to implement.
LINKED ALLOCATION
No external fragmentation
INDEXED ALLOCATION
Each file has its own index block which stores the addresses of disk space occupied by
the file.
are:
Contiguous
Allocation
Linked
Allocation
Indexed
Allocation.
Each method has its advantages and disadvantages. Accordingly, some systems support all
three (e.g. Data General's RDOS). More commonly, a system will use one particular method for
all
files.
Only starting block and length of file in blocks are needed to work with the file
file name
starting address of the first block
block address = sector id (e.g., block = 4K)
length in blocks
usual dynamic storage allocation problem
o use first fit, best fit, or worst fit algorithms to manage storage
if the file can increase in size, either
o leave no extra space, and copy the file elsewhere if it expands
o leave extra space
o
o
o
o
NO external fragmentations
- A section of the disk at the beginning of each partition (Volume) is set aside to contain a FAT
- FAT has one entry for each disk block, pointing to the next block in the file.
-
The
link
list
is
implemented
in
that
section
The Pile :- It's the simplest possible organization: the data are collected in the file in the order
in which they arrive, and it's not even required that the records have a common format across
the file (different fields/sizes, same fields in different orders, etc.are possible). This implies that
each record/field must be self-describing. Despite the obvious storage efficiency and the easy
update, it's quite clear that this ``structure'' is not suited for easy data retireval, since retrieving
a datum basically requires detailed analysis of the file content. It makes sense only as
temporary storage for data to be later structured in some way.
The Sequential File:- This is the most common structure for large files that are typically
processed in their entirety, and it's at the heart of the more complex schemes. In this scheme,
all the records have the same size and the same field format, with the fields having fixed size as
well. The records are sorted in the file according to the content of a field of a scalar type, called
``key''. The key must identify uniquely a records, hence different record have diferent keys. This
organization is well suited for batch processing of the entire file, without adding or deleting
items: this kind of operation can take advantage of the fixed size of records and file; moreover,
this organization is easily stored both on disk and tape. The key ordering, along with the fixed
record size, makes this organization amenable to dicotomic search However, adding and
deleting records to this kind of file is a tricky process: the logical sequence of records
tipycallymatches their physical layout on the media storage, so to ease file navigation, hence
adding a record and maintaining the key order requires a reorganization of the whole file. The
usual solution is to make use of a ``log file'' (also called ``transaction file''), structured as a pile,
to perform this kind of modification, and periodically perform a batch update on the master
file.
Search continues in the main file at the location indicated by the pointer
Indexed Sequential File:- An index file can be used to effectively overcome the above
mentioned problem, and to speed up the key search as well. The simplest indexing structure is
the single-level one: a file whose records are pairs key-pointer, where the pointer is the
position in the data file of the record with the given key. Only a subset of data records, evenly
spaced along the data file, are indexed, so to mark intervals of data records.
A key search then proceeds as follows: the search key is compared with the index ones to find
the highest index key preceding the search one, and a linear search is performed from the
record the index key points onward, until the search key is matched or until the record pointed
by the next index entry is reached. In spite of the double file access (index + data) needed by
this kind of search, the decrease in access time with respect to a sequential file is significant.
Consider, for example, the case of simple linear search on a file with 1,000 records. With the
sequential organization, an average of 500 key comparisons are necessary (assuming uniformly
distributed search key among the data ones). However, using and evenly spaced index with 100
entries, the number of comparisons is reduced to 50 in the index file plus 50 in the data file: a
5:1 reduction in the number of operations.
This scheme can obviously be hierarchically extended: an index is a sequential file in itself,
amenable to be indexed in turn by a second-level index, and so on, thus exploiting more and
more the hierarchical decomposition of the searches to decrease the access time. Obviously, if
the layering of indexes is pushed too far, a point is reached when the advantages of indexing
are hampered by the increased storage costs, and by the index access times as well.
Record in main file that precedes it is updated to contain a pointer to the new
record
Multiple indexes for the same key field can be set up to increase efficiency
Indexed File:- Why using a single index for a certain key field of a data record? Indexes can be
obviously built for each field that uniquely identifies a record (or set of records within the file),
and whose type is amenable to ordering. Multiple indexes hence provide a high degree of
flexibility for accessing the data via search on various attributes; this organization also allows
the use of variable length records (containing different fields).
It should be noted that when multiple indexes are are used the concept of sequentiality of the
records within the file is useless: each attribute (field) used to construct an index typically
imposes an ordering of its own. For this very reason is typicaly not possible to use the ``sparse''
(or ``spaced'') type of indexing previously described. Two types of indexes are usually found in
the applications: the exhaustive type, which contains an entry for each record in the main file,
in the order given by the indexed key, and the partial type, which contain an entry for all those
records that contain the chosen key field (for variable records only).
The Direct or Hashed File :- In a hash file, records are not stored sequentially in a file
instead a hash function is used to calculate the address of the page in which the record is to be
stored.
The field on which hash function is calculated is called as Hash field and if that field acts as the
key of the relation then it is called as Hash key. Records are randomly distributed in the file so it
is also called as Random or Direct files. Commonly some arithmetic function is applied to the
hash field so that records will be evenly distributed throughout the file.
Authentication
Program Threats
System Threats
AUTHENTICATION
Authentication refers to identifying the each user of the system and associating the executing
programs with those users. It is the responsibility of the Operating System to create a
protection system which ensures that a user who is running a particular program is authentic.
Operating Systems generally identifies/authenticates users using following three ways:
Username / Password - User need to enter a registered username and password with
Operating system to login into the system.
User card/key - User need to punch card in card slot, or enter key generated by key
generator in option provided by operating system to login into the system.
User attribute - fingerprint/ eye retina pattern/ signature - User need to pass his/her
attribute via designated input device used by operating system to login into the system.
Random numbers - Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets
randomly chosen.
Secret key - User are provided a hardware device which can create a secret id mapped
with user id. System asks for such secret id which is to be generated every time prior to
login.
Network password - Some commercial applications send one time password to user on
registered mobile/ email which is required to be entered prior to login.
PROGRAM THREATS
Operating system's processes and kernel do the designated task as instructed. If a user program
made these process do malicious tasks then it is known as Program Threats. One of the
common example of program threat is a program installed in a computer which can store and
send user credentials via network to some hacker. Following is the list of some well known
program threats.
Trojan Horse - Such program traps user login credentials and stores them to send to
malicious user who can later on login to computer and can access system resources.
Trap Door - If a program which is designed to work as required, have a security hole in
its code and perform illegal action without knowledge of user then it is called to have a
trap door.
Logic Bomb - Logic bomb is a situation when a program misbehaves only when certain
conditions met otherwise it works as a genuine program. It is harder to detect.
Virus - Virus as name suggest can replicate themselves on computer system .They are
highly dangerous and can modify/delete user files, crash systems. A virus is generatlly a
small code embedded in a program. As user accesses the program, the virus starts
getting embedded in other files/ programs and can make system unusable for user.
SYSTEM THREATS
System threats refers to misuse of system services and network connections to put user in
trouble. System threats can be used to launch program threats on a complete network called as
program attack. System threats creates such an environment that operating system resources/
user files are mis-used. Following is the list of some well known system threats.
Worm -Worm is a process which can choked down a system performance by using
system resources to extreme levels.A Worm process generates its multiple copies where
each copy uses system resources, prevents all other processes to get required
resources. Worms processes can even shut down an entire network.
Port Scanning - Port scanning is a mechanism or means by which a hacker can detects
system vulnerabilities to make an attack on the system.
Denial of Service - Denial of service attacks normally prevents user to make legitimate
use of the system. For example user may not be able to use internet if denial of service
attacks browser's content settings.
S.N.
Classification
Type
Description
Type A
Type B
Type C
Type D
RAID is the organization of multiple disks into a large, high performance logical disk.
With RAID the following two things are performed
(a) Redundancy
(b) Data Striping
Data striping transparently distributes data over multiple disks to make them appear as a single
fast, large disk. Striping improves aggregate I/O performance by allowing multiple I/Os to be
serviced
in
parallel.
There
are
2
aspects
to
this
parallelism.
Disk arrays stripe data across multiple disks and access them in parallel to achieve:
Data striping also results in uniform load balancing across all of the disks, eliminating hot spots
that otherwise saturate a small number of disks, while the majority of disks sit idle.
Redundancy :-The solution to the problem of lower reliability in disk arrays is to improve
theavailability of the system. This can be achieved by employing redundancy in the form of
error-correcting codes to tolerate disk failures. A redundant disk array can now retain data for
much longer time than an unprotected single disk.
Reliability is how well a system can work without any failures in its components. If there is a
failure, the system was not reliable.
Availability is how well a system can work in times of a failure. If a system is able to work even
in the presence of a failure of one or more system components, the system is said to be
available.
Redundancy improves the availability of a system, but cannot improve the reliability. Reliability
can only be increased by improving manufacturing technologies or using lesser individual
components in a system.
The need for RAID can be summarized in two points given below. The two keywords are
Redundant
and
Array.
An array of multiple disks accessed in parallel will give greater throughput than a single
disk.
Redundant data on multiple disks provides fault tolerance.
RAID 0 implements a striped disk array, the data is broken down into blocks and each
block is written to a separate disk drive
I/O performance is greatly improved by spreading the I/O load across many channels
and drives
Best performance is achieved when data is striped across multiple controllers with only
one drive per controller
Easy to implement
DISADVANTAGES
o
The failure of just one drive will result in all data in an array being lost
Image Editing
Pre-Press Applications
RAID 1(Mirroring and Duplexing):- For Highest performance, the controller must be able to
perform two concurrent separate Reads per mirrored pair or two duplicate Writes per mirrored
pair.
RAID Level 1 requires a minimum of 2 drives to implement
Twice the Read transaction rate of single disks, same Write transaction rate as single disks
100% redundancy of data means no rebuild is necessary in case of a disk failure, just a copy
to the replacement disk
Under certain circumstances, RAID 1 can sustain multiple simultaneous drive failures
Typically the RAID function is done by system software, loading the CPU/Server and
possibly degrading throughput at high activity levels. Hardware implementation is strongly
recommended
May not support hot swap of failed disk when implemented in "software"
RECOMMENDED APPLICATIONS
Accounting
Payroll
Financial
Each bit of data word is written to a data disk drive (4 in this example: 0 to 3). Each data word
has its Hamming Code ECC word recorded on the ECC disks. On Read, the ECC code verifies
correct data or corrects single disk errors.
The higher the data transfer rate required, the better the ratio of data disks to ECC disks
DISADVANTAGES
o
Very high ratio of ECC disks to data disks with smaller word sizes - inefficient
Entry level cost vey high - requires very high transfer rate requirement to justify
Transaction rate is equal to that of a single disk at best (with spindle synchronization)
The data block is subdivided ("striped") and written on the data disks. Stripe parity is generated
on
Writes,
recorded
on
the
parity
disk
and
checked
on
Reads.
RAID Level 3 requires a minimum of 3 drives to implement
CHARACTERISTICS & ADVANTAGES
o
Low ratio of ECC (Parity) disks to data disks means high efficiency
DISADVANTAGES
o
Transaction rate equal to that of a single disk drive at best (if spindles are synchronized)
Image Editing
Video Editing
Prepress Applications
Each entire block is written onto a data disk. Parity for same rank blocks is generated on Writes,
recorded
on
the
parity
disk
and
checked
on
Reads.
RAID Level 4 requires a minimum of 3 drives to implement
Low ratio of ECC (Parity) disks to data disks means high efficiency
DISADVANTAGES
o
RAID5(Independent Data Disk with Distributed Parity Blocks):Each entire data block is written on a data disk; parity for blocks in the same rank is generated
on Writes, recorded in a distributed location and checked on Reads.
RAID Level 5 requires a minimum of 3 drives to implement
Low ratio of ECC (Parity) disks to data disks means high efficiency
DISADVANTAGES
o
Difficult to rebuild in the event of a disk failure (as compared to RAID level 1)
Database servers
Intranet servers
RAID 6(Independent Data Disk with Two Independent Parity Schemes):Two independent parity computations must be used in order to provide protection against
double disk failure. Two different algorithms are employed to achieve this purpose.
RAID Level 6 requires a minimum of 4 drives to implement
RAID 6 is essentially an extension of RAID level 5 which allows for additional fault
tolerance by using a second independent distributed parity scheme (dual parity)
Data is striped on a block level across a set of drives, just like in RAID 5, and a second set
of parity is calculated and written across all the drives; RAID 6 provides for an extremely
high data fault tolerance and can sustain multiple simultaneous drive failures
RAID 6 protects against a single bad block failure while operating in a degraded mode
DISADVANTAGES
o
Write performance can be brought on par with RAID Level 5 by using a custom ASIC for
computing Reed-Solomon parity
Database servers
Intranet servers
In a cloud computing system, there's a significant workload shift. Local computers no longer
have to do all the heavy lifting when it comes to running applications. The network of computers
that make up the cloud handles them instead. Hardware and software demands on the user's side
decrease. The only thing the user's computer needs to be able to run is the cloud computing
system's interface software, which can be as simple as a Web browser, and the cloud's network
takes care of the rest.
There's a good chance you've already used some form of cloud computing. If you have an e-mail
account with a Web-based e-mail service like Hotmail, Yahoo! Mail or Gmail, then you've had
some experience with cloud computing. Instead of running an e-mail program on your computer,
you log in to a Web e-mail account remotely. The software and storage for your account doesn't
exist on your computer -- it's on the service's computer cloud.