· Web viewA tree is a data structure that can be used to represent data hierarchically. Data...

OPERATING SYSTEMS Unit - 1

SVR ENGINEERING COLLEGE, NANDYAL.

DEPARTMENT OF

COMPUTER SCIENCE & ENGINEERING

LECTURER NOTES

OPERATING SYSTEMS

PREPARED BY:

B.RAMA SUBBAIAH.CSE DEPARTMENT.

1 SVR ENGINEERING COLLEGE:NANDYAL


UNIT IOperating Systems Overview: Operating system functions, Operating system structure, operating systems Operations, protection and security, Kernel data Structures, Computing Environments, Open- Source Operating SystemsOperating System Structure: Operating System Services, User and Operating-System Interface, systems calls, Types of System Calls, system programs, operating system structure, operating system debugging, System Boot.Processes: Process concept, process Scheduling, Operations on processes, Inter process Communication, Examples of IPC systems.Operating Systems OverviewINTRODUCTION

An operating system is a program that manages a computer’s hardware. It also provides a basis for application programs and acts as an intermediary between the computer user and the computer hardware. The purpose of an operating system is to provide an environment in which a user can execute programs in a convenient and efficient manner.

An operating system is software that manages the computer hardware. An operating system is a program that manages the computer hardware. It also provides a basis for application programs and acts as an intermediary between a user of a computer and the computer hardware. The purpose of an operating system is to provide an environment in which a user can execute programs. Goals of an Operating System

The primary goal of an operating system is thus to make the computer system convenient to use.

The secondary goal is to use the computer hardware in an efficient manner.


OPERATING SYSTEMS Unit - 1Components of a Computer System

An operating system is an important part of almost every computer system. A computer system can be divided roughly into four components.

i. Hardware ii. Operating system iii. The application programs iv. Users

The hardware: The central processing unit (CPU), the memory, and the Input/output (I/O) devices-provides the basic computing resources. The operating system controls and co-ordinates the use of hardware among the various application programs for the various users.The application programs such as word processors, spreadsheets, compilers, and web browsers- define the ways in which these resources are used to solve the computing problems of the users. Users is who are using the various types of applications

Operating system from the user view-



The user’s view of the computer varies according to the interface being used. While designing a PC for one user, the goal is to maximize the work that the user is performing. OS is designed mostly for ease of use. In another case the user sits at

a terminal connected to a main frame or minicomputer. Other users can access the same computer through other terminals.

OS here is designed to maximize resource utilization to assure that all available CPU time, memory and I/O are used efficiently.

OS is designed to compromise between individual usability and resource utilization.

Operating system from the system view- OS is the program which is widely involved with hardware. OS can be viewed as resource allocator where in resources are CPU

time, memory space, file storage space, I/O devices etc. OS must decide how to allocate these resources to specific programs

and users so that it can operate the computer system efficiently. OS is also a control program. A control program manages the

execution of user programs to prevent errors and improper use of computer. It is concerned with the operation and control of I/O devices.

Defining operating systems: OS exists because they offer a reasonable way to solve the problem of

creating a usable computing system. Goal of computer systems is to execute user program and to make solving user problems easier. Hence hardware is constructed. Since hardware alone is not easy to use, application programs are developed.1.1 Operating system functions and services:

Operating System is a set of programs that is extremely important to activate and Co-Ordinate the activities of various hardware resources like the processor and Input/output devices. Operating System controls the movement of information on in the Computer.



OS is the first program loaded into the computer's memory after the computer is switched on. The operating system is an important component of the computer system, because it sets the standards for application programs that run in it. All programs must be written to "talk to" Operating System. The main functions of an OS are:1. Convenience: An operating system makes a computer more convenient to use.2. Efficiency: An operating system allows the computer system resources to be used in an efficient manner.3. Ability to evolve: An operating system should be constructed in such a way as to permit the effective development, testing and introduction of new system functions at the same time not interfering with the service.OS services:

OS provides an environment for execution of programs. It provides certain services to programs and to the users of those programs. OS services are provided for the convenience of the programmer, to make the programming task easier. 1. User interface: All OS have a user interface (UI).Interfaces are of three types:

Command Line Interface: uses text commands and a method for entering them

Batch interface: commands and directives to control those commands are entered into files and those files are executed.

Graphical user interface: This is a window system with a pointing device to direct I/O, choose from menus and make selections and a keyboard to enter text.

2. Program execution: System must be able to load a program into memory and run that program. The program must be able to end its execution either normally or abnormally.


OPERATING SYSTEMS Unit - 13. I/O operations: A running program may require I/O which may involve a file or an I/O device. For efficiency and protection, users cannot control I/O devices directly. 4. File system manipulation: Programs need to read and write files and directories. They also need to create and delete them by name, search for a given file, and list file information. 5. Communications: One process might need to exchange information with another process. Such communication may occur between processes that are executing on the same computer or between processes that are executing on different computer systems tied together by a computer network. Communications may be implemented via shared memory or through message passing. 6. Error detection: OS needs to be constantly aware of possible errors. Errors may occur in the CPU and memory hardware, in I/O devices and in the user program. For each type of error, OS takes appropriate action to ensure correct and consistent computing. 7. Resource allocation: When there are multiple users or multiple jobs running at the same time, resources must be allocated to each of them. Different types of resources such as CPU cycles, main memory and file storage are managed by the operating system. 8. Accounting: Keeping track of which users use how much and what kinds of computer resources. 9. Protection and security: Controlling the use of information stored in a multiuser or networked computer system. Protection involves ensuring that all access to system resources is controlled. Security starts with requiring each user to authenticate him or herself to the system by means of password and to gain access to system resources.

1.2 Operating System Structure:


OPERATING SYSTEMS Unit - 1An OS provides an environment within which programs are executed. One of the most important aspects of OS is its ability to multi program. Internal aspects of operating systems which includes,

Multiprogramming: Multi programming increases CPU utilization by organizing jobs (code

and data) so that the CPU always has executes one Job at a time. OS keeps several jobs in memory. This set of jobs can be a subset of

jobs kept in the job pool which contains all jobs that enter the system. OS picks and begins to execute one of the jobs in memory. The job may have to wait for some task, such as I/O operation to complete.

In a non multi programmed system, OS simply switches to and executes another job. When that job needs to wait, CPU is switched to another job and so on. As long as at least on job needs to execute, CPU is never idle.

Multi programmed systems provide an environment in which the various system resources are utilized effectively but they do not provide for user interaction with the computer system.

Time sharing:Time sharing or multi tasking is a logical extension of multi programming.



In time sharing systems, CPU executes multiple jobs by switching among them but the switches occur so frequently that the users can interact with each program while it is running.

Time sharing requires an interactive computer system which provides direct communication between the user and the system.

A time shared operating system allows many users to share the computer simultaneously.

Time sharing and multi programming require several jobs to be kept simultaneously in memory. Since main memory is too small to accommodate all jobs, the jobs are kept initially on the disk in the job pool.

This pool consists of all processes residing on disk awaiting allocation of main memory.

CPU scheduling: If several jobs are ready to run at the same time, the system must

choose among them. Making this decision is CPU scheduling. If several jobs are ready to be brought into memory and there is not

enough space, then the system must choose among them. Making this decision is job scheduling. Having several programs in memory at the same time requires some form of memory management.

It uses CPU scheduling and multi programming to provide each user with a small portion of a time shared computer. A program loaded into memory and executing is called a process.

Virtual memory: Virtual memory is a technique that allows the execution of a process

that is not completely in memory. It enables users to run programs that are larger than actual physical memory.

The operating system must ensure reasonable response time which is accomplished through swapping where processes are swapped in and out of main memory to the disk.


OPERATING SYSTEMS Unit - 11.3 Operating-System Operations:Modern operating systems are interrupt driven. Interrupts can be divided into two types: Hardware interrupts:

If there are no processes to execute, no I/O devices to service, and no users to whom to respond, an operating system will sit quietly, waiting for something to happenSoftware interrupts (exception or trap):

A trap (or an exception) is a software-generated interrupt caused either by an error (for example, division by zero or invalid memory access) or by a specific request from a user program that an operating-system service be performed.

The operating system and the users share the hardware and software resources of the computer system an error in a user program could cause problems only for the one program running.1.3.1 Dual-Mode and Multimode Operationo To ensure the proper execution of the operating system we must be

able to distinguish between the execution of operating-system code and userdefined code. we need two separate modes of operation: User mode and kernel mode

o A bit mode is provided by the hardware of the computer to indicate the current mode:

kernel (0) or User (1).

With the mode bit, we can distinguish between a task that is executed on behalf of the operating system and one that is executed on behalf of the user. When the computer system is executing on behalf of a user application, the system is in user mode.

o At system boot time, the hardware starts in kernel mode. The operating system is then loaded and starts user applications in



user mode. Whenever a trap or interrupt occurs, the hardware switches from user mode to kernel mode.

o The dual mode of operation provides us with the means for protecting the operating system from errant users and errant users from one another.

o The hardware allows privileged instructions to be executed only in kernel mode. If an attempt is made to execute a privileged instruction in user mode, the hardware does not execute the instruction but rather treats it as illegal and traps it to the operating system.

o System call changes mode to kernel, return from call resets it to user

1.3.2 Timer: The operating system maintains control over the CPU. We cannot allow

a user program to get stuck in an infinite loop or to fail to call system services and never return control to the operating system.

A timer can be set to interrupt the computer after a specified period.The period may be fixed (for example, 1/60 second) or variable (for example, from 1 millisecond to 1 second).

A variable timer is generally implemented by a fixed-rate clock and a counter.



The operating system sets the counter. Every time the clock ticks, the counter is decremented. When the counter reaches 0, an interrupt occurs.

The operating system ensures that the timer is set to interrupt. If the timer interrupts, control transfers automatically to the operating system, which may treat the interrupt as a fatal error or may give the program more time.

The timer to prevent a user program from running too long. A simple technique is to initialize a counter with the amount of time

that a program is allowed to run. A program with a 7-minute time limit, For example:

An operating system can have its counter initialized to 420. Every second, the timer interrupts, and the counter is decremented by 1. As long as the counter is positive, control is returned to the user program. When the counter becomes negative, the operating system terminates the program for exceeding the assigned time limit.

1.4 Protection and Security:If a computer system has multiple users and allows the concurrent

execution of multiple processes, then access to data must be regulated. Hence mechanisms ensure that files, memory segments, CPU and other resources can be operated on by only those processes that have gained proper authorization from the OS. Protection is a mechanism for controlling the access of processes

or users to the resources defined by a computer system. This mechanism must provide means for specification of the controls to be imposed and means for enforcement.

Protection improves reliability by detecting latent errors at the interfaces between component sub systems. An unprotected resource cannot defend against use (or misuse) by an unauthorized or incompetent user.


OPERATING SYSTEMS Unit - 1 A protection-oriented system provides ameans to distinguish between

authorized and unauthorized usage It is the job of security to defend a system from external and internal

attacks. Such attacks spread across a huge range and include viruses and worms, denial of service attacks, identity theft and theft of service.

Protection and security require the system to be able to distinguish among all its users. Most operating systems maintain a list of user names and associated

user identifiers (user IDs). In Windows parlance, this is a security ID (SID). These numerical IDs are unique, one per user. When a user logs in to the system, the authentication stage determines the appropriate user ID for the user. That user ID is associated with all of the user’s processes and threads. When an ID needs to be readable by a user, it is translated back to the user name via the user name list.

1.5 Kernel data Structures1.5.1 Lists, Stacks, and Queues

Array: An array is a simple data structure in which each element can be accessed directly. For example, main memory is constructed as an array. If the data item being stored is larger than one byte, then multiple bytes can be allocated to the item, and the item is addressed as item number × item size.

List: List is a data structure. A list represents a collection of data values as a sequence. The most common method for implementing this structure is a linked list, in which items are linked to one another. Linked lists are of several types:• In a singly linked list, each item points to its successor.



• In a doubly linked list, a given item can refer either to its predecessor or to its successor.

• In a circularly linked list, the last element in the list refers to the first element, rather than to null.

Linked lists accommodate items of varying sizes and allow easy insertion and deletion of items. One potential disadvantage of using a list is that performance for retrieving a specified item in a list of size n is linear O(n), as it requires potentially traversing all n elements in the worst case. Lists are sometimes used directly by kernel algorithms.

A stack is a non-primitive data structure. A stack is a sequentially ordered data structure. All the deletions and insertions in a stack is done from top of the stack, the last added element will be the first removed from the stack. It is also called LIFO. The operations for inserting and removing items from a stack are known as push and pop.



A queue is a sequentially ordered data structure that uses the first in, first out (FIFO) principle. Items are removed from a queue in the order in which they were inserted.1.5.2 Trees

A tree is a data structure that can be used to represent data hierarchically. Data values in a tree structure are linked through parent child relationships. In a general tree, a parent may have an unlimited number of children. In a binary tree, a parent may have at most two children, which we term the left child and the right child. A binary search tree additionally requires an ordering between the parent’s two children in which le f t child <= right child

1.5.3 Hash Functions and MapsA hash function takes data as its input, performs a numeric operation

on this data, and returns a numeric value. This numeric value can then be used as an index into a table (typically an array) to quickly retrieve the data. Whereas searching for a data item through a list of size n can require up to O(n) comparisons in the worst case, using a hash function for retrieving data from table can be as good as O(1) in the worst case, depending on implementation details. One potential difficulty with hash functions is that two inputs can result in the same output value.



We can accommodate this hash collision by having a linked list at that table location that contains all of the items with the same hash value. The more collisions there are the less efficient. One use of a hash function is to implement a hash map, which associates (or maps) [key: value] pairs using a hash function.For example, we can map the key operating to the value system. Once the mapping is established, we can apply the hash function to the key to obtain the value from the hash map.

1.5.4 BitmapsA bitmap is a string of n binary digits that can be used to represent the

status of n items. For example, suppose we have several resources and the availability of each resource is indicated by the value of a binary digit: 0 means that the resource is available, while 1 indicates that it is unavailable (or vice-versa). The value of the ith position in the bitmap is associated with the ith resource. An example, consider the bitmap shown below:

00101110Resources 3, 5, 6, and 7 are unavailable; resources 1,2 ,4,8 are available.1.6 Computing Environments

Operating system is used to manage the various types of resources. Hence it is also called as resource allocator. How operating systems are used in a variety of computing environments.1.6.1 Traditional Computing



The “typical office environment” Just a few years ago, this environment consisted of PCs connected to a network, with servers providing file and print services. Remote access was awkward, and portability was achieved by use of laptop computers. The current trend is toward providing more ways to access these computing environments.Web technologies and increasing WAN bandwidth are stretching the boundaries of traditional computing. Companies establish portals, which provide Web accessibility to their internal servers. Network computers which are essentially terminals that understand web-based computing are used in place of traditional workstations where more security or easier maintenance is desired. Mobile computers can also connect to wireless networks and cellular data networks to use the company’s Web portal.

At home, most users once had a single computer with a slow modem connection to the office, the Internet, or both. Network-connection speeds once available only at great cost are relatively inexpensive in many places, giving home users more access to more data. These fast data connections are allowing home computers to serve upWeb pages and to run networks that include printers, client PCs, and servers. Many homes use firewalls to protect their networks from security breaches.Computing resources were relatively scarce. Systems were either batch or interactive.

Batch systems processed jobs in bulk, with predetermined input from files or other data sources.

Interactive systems waited for input from users.To optimize the use of the computing resources, multiple users shared time on these systems. Time-sharing systems used a timer and scheduling algorithms to cycle processes rapidly through the CPU, giving each user a share of the resources.

Traditional time-sharing systems are uncommon. The same scheduling technique is still in use on desktop computers, laptops, servers,


OPERATING SYSTEMS Unit - 1and even mobile computers, but frequently all the processes are owned by the same user.1.6.2 Mobile Computing

Mobile computing refers to computing on handheld smartphones and tablet computers. These devices share the distinguishing physical features of being portable and lightweight.

When compared with desktop and laptop computers, mobile systems gave up screen size, memory capacity, and overall functionality in return for handheld mobile access to services such as e-mail and web browsing.

Mobile systems are used not only for e-mail and web browsing but also for playing music and video, reading digital books, taking photos, and recording high-definition video.

Many developers are now designing applications that take advantage of the unique features of mobile devices, such as global positioning system (GPS) chips, accelerometers, and gyroscopes.

An embedded GPS chip allows a mobile device to use satellites to determine its precise location on earth. That functionality is especially useful in designing applications that provide navigation.

An accelerometer allows a mobile device to detect its orientation with respect to the ground and to detect certain other forces, such as tilting and shaking.

To provide access to on-line services, mobile devices typically use either IEEE standard 802.11 wireless or cellular data networks. To increase the memory capacity and processing speeds of mobile devices.

Two operating systems currently dominate mobile computing: Apple iOS and Google Android. iOS was designed to run on Apple iPhone and iPad mobile devices. Android powers smartphones and tablet computers available from many manufacturers.


OPERATING SYSTEMS Unit - 11.6.3 Distributed Systems

A distributed system is a collection of physically separate, possibly heterogeneous, computer systems that are networked to provide users with access to the various resources that the system maintains.

Access to a shared resource increases computation speed, functionality, data availability, and reliability.

Some operating systems generalize network access as a form of file access, with the details of networking contained in the network interface’s device driver.

Systems contain a mix of the two modes for example: FTP and NFS. The protocols that create a distributed system can greatly affect that system’s utility and popularity.

A network, in the simplest terms, is a communication path between two or more systems. Distributed systems depend on networking for their functionality.

Networks vary by the protocols used, the distances between nodes, and the transport media. TCP/IP is the most common network protocol, and it provides the fundamental architecture of the Internet. Most operating systems support TCP/IP protocol.

For an operating system, a network protocol simply needs an interface device ie.., A network adapter.

Networks are characterized based on the distances between their nodes.

Networks ca be categerised into three different types:A local-area network (LAN) connects computers within a room, a building, or a campus. A wide-area network (WAN) usually links buildings, cities, or countries. Aglobal company may have a WAN to connect its offices worldwide,



for example. These networks may run one protocol or several protocols. The continuing advent of new technologies brings about new forms of networks.A metropolitan-area network (MAN) could link buildings within a city. A personal-area network (PAN) is connected between a phone and a headset or a smartphone and a desktop computer. BlueTooth and 802.11 devices use wireless technology to communicate over a distance of several feet.Some operating systems have taken the concept of networks and

distributed Systems. A network operating system is an operating system that provides features such as file sharing across the network, along with a communication scheme that allows different processes on different computers to exchange messages. A computer running a network operating system acts autonomously from all other computers on the network.1.6.4 Client–Server Computing

Many of today’s systems act as server systems to satisfy requests generated by client systems. This form of specialized distributed system, called a client–server system.Server systems can be broadly categorized as compute servers and file servers:• The compute-server system provides an interface to which a client can send a request to perform an action (for example, read data). In response, the server executes the action and sends the results to the client. A server running a database that responds to client requests for data is an example of such a system.• The file-server system provides a file-system interface where clients can create, update, read, and delete files. An example of such a system is a web server that delivers files to clients running web browsers.



1.6.5 Peer-to-Peer Computing

Another structure for a distributed system is the peer-to-peer (P2P) system model. In this model, clients and servers are not distinguished from one another.

In Peer-to-Peer Computing all nodes within the system are considered peers, and each may act as either a client or a server, depending on whether it is requesting or providing a service.

Peer-to-peer systems offer an advantage over traditional client-server systems.

In a client-server system, the server is a bottleneck, where as in a peer-to-peer system, services can be provided by several nodes distributed throughout the network.

In a peer-to-peer system, a node must first join the network of peers. Once a node has joined the network, it can begin providing services to—and requesting services from—other nodes in the network. Determining what services are available is accomplished in one of two general ways:

When a node joins a network, it registers its service with a centralized lookup service on the network. Any node desiring a specific service first contacts this centralized lookup service to determine which node provides the service. The remainder of the communication takes place between the client and the service provider.

An alternative scheme uses no centralized lookup service. Instead, a peer acting as a client must discover what node provides a desired



service by broadcasting a request for the service to all other nodes in the network. The node (or nodes) providing that service responds to the peer making the request. To support this approach, a discovery protocol must be provided that allows peers to discover services provided by other peers in the network.

A centralized server maintained an index of all files stored on peer nodes in the Napster network, and the actual exchange of files took place between the peer nodes.

A client broadcasted file requests to other nodes in the system, and nodes that could service the request responded directly to the client.

1.6.6 VirtualizationVirtualization is a technology that allows operating systems to run as

applications within other operating systems. Virtualization is one member of a class of software that also includes emulation. Emulation is used when the source CPU type is different from the target CPU type.For example: When two independent CPU’s can communicate with each other by using a specific software (utility program) which allowed applications compiled for the IBM CPU to run on the Intel CPU. This is known as Emulation

The same concept can be extended to allow an entire operating system written for one platform to run on another. Emulation comes at a


OPERATING SYSTEMS Unit - 1heavy price, however. Every machine-level instruction that runs natively on the source system must be translated to the equivalent function on the target system, frequently resulting in several target instructions. If the source and target CPUs have similar performance levels, the emulated code can run much slower than the native code.

A common example of emulation occurs when a computer language is not compiled to native code but instead is either executed in its high-level form or translated to an intermediate form. This is known as interpretation.

An operating system that is natively compiled for a particular CPU architecture runs within another operating system also native to that CPU. Virtualization first came about on IBM mainframes as a method for multiple users to run tasks concurrently. Running multiple virtual machines allowed (and still allows) many users to run tasks on a system designed for a single user.

VMware created a new virtualization technology in the form of an application that ran on XP. That application ran one or more guest copies of Windows or other native x86 operating systems, each running its own applications. Windows was the host operating system, and the VMware application was the virtual machine manager VMM. The VMM runs the guest operating systems, manages their resource use, and protects each guest from the others.


OPERATING SYSTEMS Unit - 11.6.7 Cloud Computing

Cloud computing is a type of computing that delivers computing, storage, and even applications as a service across a network. It is a logical extension of virtualization, because it uses virtualization as a base for its functionalityThere are several types of cloud computing:• Public cloud: A cloud available via the Internet to anyone willing to pay for the services• Private cloud: A cloud runs by a company for that company’s own use• Hybrid cloud: A cloud that includes both public and private cloud ComponentsA cloud computing may provide much number of services:Software as a service (SaaS):

One or more applications (such as word processors or spreadsheets) available via the InternetPlatform as a service (PaaS):

A software stack ready for application use via the Internet (for example, a database server)Infrastructure as a service (IaaS):

Servers or storage available over the Internet (for example, storage available for making backup copies of production data)A cloud computing environment may provide a combination of several types. For example: An organization may provide both SaaS and IaaS as a publicly available service.



1.6.8 Real-Time Embedded Systems Embedded computers are the most prevalent form of computers. These devices are found everywhere, from car engines and

manufacturing robots to DVDs and microwave ovens. These embedded systems vary considerably. Some are general-

purpose computers, running standard operating systems.such as Linux with special-purpose applications to implement the functionality.

Others are hardware devices with a special-purpose embedded operating system providing just the functionality

others are hardware devices with application specific integrated circuits (ASICs) that perform their tasks without an operating system.

Embedded systems almost always run real-time operating systems. A real-time system is used when rigid time requirements have been placed on the operation of a processor or the flow of data.

Embedded systems are often used as a control device in a dedicated application. Sensors bring data to the computer.The computer must analyze the data and possibly adjust controls to modify the sensor



inputs. Systems that control scientific experiments, medical imaging systems, industrial control systems, and certain display systems are realtime systems. Some automobile-engine fuel-injection systems, home-appliance controllers, and weapon systems are also real-time systems.

A real-time system has well-defined, fixed time constraints. Processing must be done within the defined constraints, or the system will fail. It would not do for a robot arm to be instructed to halt after it had smashed into the car it was building.

A real-time system functions correctly only if it returns the correct result within its time constraints.

1.8 Open-Source Operating Systems Operating systems has been made easier by the availability of a vast

number of open-source releases. Open-source operating systems are those available in source-code

format rather than as compiled binary code. Linux is the most famous open-source operating system, while Microsoft Windows is a well-known example of the opposite closed-source approach.

Starting with the source code allows the programmer to produce binary code that can be executed on a system.

There are many benefits to open-source operating systems, including a community of interested (and usually unpaid) programmers who contribute to the code by helping to debug it, analyze it, provide support, and suggest changes.

Open-source code is more secure than closed-source code because many more eyes are viewing the code.

Open-source code has bugs, but open-source advocates argue that bugs tend to be found and fixed faster owing to the number of people using and viewing the code.



1.8.1 HistoryIn the early days of modern computing (that is, the 1950s), a great

deal of software was available in open-source format. Computer and software companies eventually sought to limit the use of their software to authorized computers and paying customers. Releasing only the binary files compiled from the source code, rather than the source code. Another issue involved copyrighted material.

Operating systems and other programs can limit the ability to play back movies and music or display electronic books to authorized computers. Such copy protection or digital rights management (DRM) would not be effective if the source code that implemented these limits were published.1.8.2 Linux

As an example of an open-source operating system, consider GNU/Linux. The GNU project produced many UNIX-compatible tools, including compilers, editors, and utilities, but never released a kernel.

The resulting GNU/Linux operating system has spawned hundreds of unique distributions, or custom builds, of the system. Major distributions include RedHat, SUSE, Fedora, Debian, Slackware, and Ubuntu. Distributions vary in function, utility, installed applications, hardware support, user interface, and purpose.For example: RedHat Enterprise Linux is geared to large commercial use. PCLinuxOS is a LiveCD—an operating system that can be booted and run from a CD-ROM without being installed on a system’s hard disk. One variant of PCLinuxOS—called “PCLinuxOS Supergamer DVD”—is a LiveDVD that includes graphics drivers and games. A gamer can run it on any compatible system simply by booting from the DVD. When the gamer is finished, a reboot of the system resets it to its installed operating system.


OPERATING SYSTEMS Unit - 1We can run Linux on a Windows system using the following simple, free approach:1. Download the free “VMware Player” tool from

http://www.vmware.com/download/player/ and install it on your system.2. Choose a Linux version from among the hundreds of “appliances,” or virtual machine images, available from VMware at http://www.vmware.com/appliances/These images are preinstalled with operating systems and applications and include many flavors of Linux.1.8.3 BSD UNIX

BSD UNIX has a longer and more complicated history than Linux. It started in 1978 as a derivative of AT&T’s UNIX. Releases from the University of California at Berkeley (UCB) came in source and binary form, but they were not open-source because a license from AT&T was required. BSD UNIX’s development was slowed by a lawsuit by AT&T, but eventually a fully functional, open-source version, 4.4BSD-lite, was released in 1994.

There are many distributions of BSD UNIX, including FreeBSD, NetBSD, OpenBSD, and DragonflyBSD.The core kernel component of Mac OS X, is based on BSD UNIX and is open-sourced as well. That source code is available from http://www.opensource.apple.com/. Every Mac OS X release has its open-source components posted at that site. The name of the package that contains the kernel begins with “xnu.” Apple also provides extensive developer tools, documentation, and support at http://connect.apple.com.1.8.4 Solaris

Solaris is the commercial UNIX-based operating system of Sun Microsystems. Sun’s SunOS operating system was based on BSD UNIX. Sun moved to AT&T’s System V UNIX as its base in 1991.


http://connect.apple.com/

OPERATING SYSTEMS Unit - 1In 2005, Sun open-sourced most of the Solaris code as the Open-Solaris project. The purchase of Sun by Oracle in 2009, however, left the state of this project unclear. The source code as it was in 2005 is still available via a source code browser and for download at http://src.opensolaris.org/source.

Several groups interested in using Open-Solaris have started from that base and expanded its features.

Operating System StructureAn operating system provides the environment within which programs

are executed. The design of a new operating system is a major task. It is important that the goals of the system be well defined before the design begins. These goals form the basis for choices among various algorithms and strategies. We can view an operating system from several view points

One view focuses on the services that the system provides. Another, on the interface that it makes available to users and

programmers. A third, on its components and their interconnections.

1.9 Operating-System ServicesAn operating system provides an environment for the execution of

programs. It provides certain services to programs and to the users of those programs. There must be difference between from one operating systems to another operating system for providing these services. These operating system services are provided for the convenience of the programmer, to make the programming task easier. One set of operating system services provides functions that are helpful to the user.



One set of operating system services provides functions that are helpful to the user.

1. User interface: All OS have a user interface (UI).Interfaces are of three types-

a. Command Line Interface: uses text commands and a method for entering them

b. Batch interface: commands and directives to control those commands are entered into files and those files are executed.

c. Graphical user interface: This is a window system with a pointing device to direct I/O, choose from menus and make selections and a keyboard to enter text. 2. Program execution: System must be able to load a program into memory and run that program. The program must be able to end its execution either normally or abnormally. 3. I/O operations: A running program may require I/O which may involve a file or an I/O device. For efficiency and protection, users cannot control I/O devices directly. 4. File system manipulation: Programs need to read and write files and directories. They also need to create and delete them by name, search for a given file, and list file information. 5. Communications: One process might need to exchange information with another process. Such communication may occur between processes that are executing on the same computer or between processes that are executing on different computer systems tied together by a computer


OPERATING SYSTEMS Unit - 1network. Communications may be implemented via shared memory or through message passing. 6. Error detection: OS needs to be constantly aware of possible errors. Errors may occur in the CPU and memory hardware, in I/O devices and in the user program. For each type of error, OS takes appropriate action to ensure correct and consistent computing. Another set of OS functions exist for ensuring efficient operation of the system. They are- 7. Resource allocation: When there are multiple users or multiple jobs running at the same time, resources must be allocated to each of them. Different types of resources such as CPU cycles, main memory and file storage are managed by the operating system. 8. Accounting: Keeping track of which users use how much and what kinds of computer resources. 9. Protection and security: The owners of information stored in a multiuser or networked computer system may want to control use of that information. When several separate processes execute concurrently, it should not be possible for one process to interfere with the others or with the operating system itself. Protection involves ensuring that all access to system resources is controlled. Security of the system from outsiders is also important. Such security starts with requiring each user to authenticate himself or herself to the system, usually by means of a password, to gain access to system resources. It extends to defending external I/O devices, including network adapters, from invalid access attempts and to recording all such connections for detection of break-ins. If a system is to be protected and secure, precautions must be instituted throughout it. A chain is only as strong as its weakest link.1.10 User and Operating-System InterfaceThere are several ways for users to interface with the operating system. There are two fundamental approaches.



One provides a command-line interface, or command interpreter, that allows users to directly enter commands to be performed by the operating system.

The other allows users to interface with the operating system via a graphical user interface, or GUI.

1.10.1 Command InterpretersSome operating systems include the command interpreter in the

kernel. Such as Windows and UNIX, treat the command interpreter as a special program that is running when a job is initiated or when a user first logs on. On systems with multiple command interpreters to choose from, the interpreters are known as shells.For example:

UNIX and Linux systems, a user may choose among several different shells, including the Bourne shell, C shell, Bourne-Again shell, Korn shell

The main function of the command interpreter is to get and execute the next user-specified command. Many of the commands given at this level manipulate files: create, delete, list, print, copy, execute, and so on.These commands can be implemented in two general ways.In one approach, The command interpreter itself contains the code to execute the command.

For example, a command to delete a file may cause the command interpreter to jump to a section of its code that sets up the parameters and makes the appropriate system call. In this case, the number of commands that can be given determines the size of the command interpreter, since each command requires its own implementing code.An alternative approach is used by UNIX, among other operating systems implements most commands through system programs. In this case, the


OPERATING SYSTEMS Unit - 1command interpreter does not understand the command in any way; it merely uses the command to identify a file to be loaded into memory and executed.Thus, the UNIX command to delete a file.

rm file.txtwould search for a file called rm, load the file into memory, and execute it with the parameter file.txt. The function associated with the rm command would be defined completely by the code in the file rm.

Figure The Bourne shell command interpreter in Solrais 10.1.10.2 Graphical User Interfaces

A second strategy for interfacing with the operating system is through a user friendly graphical user interface, or GUI. The user moves the mouse to position its pointer on images, or icons, on the screen (the

desktop)


OPERATING SYSTEMS Unit - 1That represents programs, files, directories, and system functions.

Graphical user interfaces first appeared due in part to research taking place in the early 1970s

Graphical interfaces became more widespread with the advent of Apple Macintosh computers in the 1980s. The user interface for the Macintosh operating system (Mac OS) has undergone various changes over the years, the most significant being the adoption of the Aqua interface that appeared with Mac OS X.

Microsoft’s first version of Windows Version 1.0 was based on the addition of a GUI interface to the MS-DOS operating system.

UNIX systems have been dominated by command-line interfaces. Various GUI interfaces are available, however. These include the Common Desktop Environment (CDE) and X-Windows systems, which are common on commercial versions of UNIX, such as Solaris and IBM’s AIX system.

Figure The iPad touchscreen.Functions of graphical user interface:

1. Visual representation: The visual representation gives an idea about content to be seen on the interface by the users. The graphical representation system provides to its user several useful, simple , meaning ful, obvious visual elements like windows, menus, icons.



2. Interaction with Pick an Click: Pick defines the major activity of a user to pick out an element of a graphical screen on which an action is to be taken. Click represents the signal carry out an action. The pick and click technique is carried out with the help of the mouse and its buttons.

3. Limited interface options: the user has restricted group of choices for the screen content or information obtained as a result of screen content. Nothing less or nothing more is available. WYSIWYG is the word formed limited interface options.

4. Visualization: visualization is enchanced by displaying specilised graphical images. The aim is not compulsory to generate a real graphical image but to give an image that expresses the most useful information.

5. Behavior of Objects: Objects and actions constitute a graphical system. Objects are visual elements viewed by the users.Objects can have three types:a. Data objects: these objects

present information ie.., text or graphics that appears in the body of the screen.

b. Container objects: these objects hold other objects. Two or more related objects are grouped by container objects for simple access and retrieval information. ex: folders.

c. Device Objects: printers or trash buckets denote physical objects in the real world. Device objects consist of other objects for action upon.



1.11 System CallsSystem calls provide an interface to the services made available by an

operating system. System calls provide an interface to the services made available by an operating system.An example to illustrate how system calls are used: Writing a simple program to read data from one file and copy them to another file

a) First input required is names of two files: Input file and Output file.

Names can be specified in many ways- One approach is for the program to ask the user for the names of two

files. In an interactive system, this approach will require a sequence of system calls, to write a prompting message on screen and then read from the keyboard the characters that define the two files. On mouse based and icon based systems, a menu of file names is displayed in a window where the user can use the mouse to select the source names and a window can be opened for the destination name to be specified. b) Once the two file names are obtained: program must open the input file and create the output file. Each of these operations requires another system call.



Figure: Example of how system calls are used.Possible error conditions

When the program tries to open input file, no file of that name may exist or file is protected against access. Program prints a message on console and terminates abnormally. If input file exists, we must create a new output file. If the output file with the same name exists, the situation caused the program to abort or delete the existing file and create a new one. Another option is to ask the user(via a sequence of system calls) whether to replace the existing file or to abort the program. When both files are set up, a loop reads from the input file and writes to the output file (system calls respectively). Each read and write must return status information regarding various possible error conditions. After entire file is copied, program closes both files, write a message to the console or window and finally terminate normally. Application developers design programs according to application programming interface (API). API specifies set of functions that are available to an application programmer.

Three of the most common API’s available to application programmers are the Win32API for Windows Systems; POSIX API for POSIX based systems (which include all versions of UNIX, Linux and Mac OS X) and Java API for designing programs that run on Java virtual machine.

The functions that make up the API typically invoke the actual system calls on behalf of the application programmer. Benefits of programming rather than invoking actual system calls:


OPERATING SYSTEMS Unit - 1Program portability: An application programmer designing a program using an API can expect program to compile and run on any system that supports the same API. Actual system calls can be more detailed and difficult to work with than the API available to an application programmer.

The run time support system ( a set of functions built into libraries included with a compiler) for most programming languages provides a system call interface that serves as a link to system calls made available by OS.

The system call interface intercepts function calls in the API and invokes the necessary system call within the operating system. A number is associated with each system call and the system call interface maintains a table indexed according to these numbers.

System call interface then invokes the intended system call in the OS kernel and returns the status of the system call and return any values.

System calls occur in different ways, depending on the computer in use – more information is required than simply the identity of the desired system call. The exact type and amount of information vary according to the particular OS and call.



Figure The handling of a user application invoking the open () system call.Three general methods are used to pass parameters to OS is:

Pass the parameters in registers Storing parameters in blocks or tables in memory and the address of

the block id passed as a parameter in a register Placing or pushing parameters onto the stack by the program and

popping off the stack by the OS.

Figure: Passing of parameters as a table.

1.12 Types of System Calls

System calls can be grouped roughly into six major categories:1.12.1 Process Control

A running program needs to be able to halt its execution either normally (end()) or abnormally (abort()). If a system call is made to terminate the currently running program abnormally, or if the program runs into a problem and causes an error trap, a dump of memory is sometimes taken and an error message generated.To determine the cause of the problem the operating system may find two types of problems.

The dump is written to disk and may be examined by a debugger. A system program designed to aid the programmer in finding and

correcting errors, or bugs.38 SVR ENGINEERING

COLLEGE:NANDYAL


Either normal or abnormal circumstances, the operating system must transfer control to the invoking command interpreter. The command interpreter then reads the next command.

In an interactive system, the command interpreter simply continues with the next command.

In a GUI system, a pop-up window might alert the user to the error and ask for guidance.

In a batch system, the command interpreter usually terminates the entire job and continues with the next job.

If the program discovers an error in its input and wants to terminate abnormally, it may also want to define an error level. More severe errors can be indicated by a higher-level error parameter. It is then possible to combine normal and abnormal termination by defining a normal termination as an error at level 0 . The command interpreter or a following program can use this error level to determine the next action automatically. A process or job executing one program may want to load () and execute () another program.

If we create a new job or process, or a set of jobs or processes, we should be able to control its execution. This control requires the ability to determine and reset the attributes of a job or process, including the job’s priority, its maximum allowable execution time, and so on (get process attributes () and set process attributes ()).We may also Want to terminate a job or process that we created (terminate process ()) if we find that it is incorrect or is no longer needed.

Operating system created new jobs or processes, we may need to wait for them to finish their execution. We may want to wait for a certain amount of time to pass (wait time()). More probably, we will want to wait for a specific event to occur (wait event()). The jobs or processes should then signal when that event has occurred (signal event()).



Quite often, two or more processes may share data. To ensure the integrity of the data being shared, operating systems often provide system calls allowing a process to lock shared data. Then, no other process can access the data until the lock is released. Typically, such system calls include acquire lock() and release lock().

The MS-DOS operating system is an example of a single-tasking system. It has a command interpreterthat is invoked when the computer is started (Figure (a)). MS-DOS is single-tasking; it uses a simple method to run a program and does not create a new process. It loads the program into memory, writing over most of itself to give the program as much memory as possible (Figure (b)).

Figure: MS-DOS execution. (a) At system startup. (b) Running a programFreeBSD (derived from Berkeley UNIX) is an example of a multitasking

system. When a user logs on to the system, the shell of the user’s choice is run. This shell is similar to the MS-DOS shell in that it accepts commands and executes programs that the user requests. FreeBSD is a multitasking system; the command interpreter may continue running while another program is executed (Figure 2.10). To start a new process, the shell executes a fork () system call. Then, the selected program is loaded into memory via an exec () system call and the program is executed



Figure 2.10 FreeBSD running multiple programs.Process control

end, abort load, execute create process, terminate process get process attributes, set process attributes wait for time wait event, signal event allocate and free memory

1.12.2 File ManagementThe file management in the operating system can deals various types of system callsCreate (): create system call is used to create a new fileDelete (): delete system call is used to delete old file Either system call requires the name of the file and perhaps some of the file’s attributes.Open (): if the user want to use the file open() system call can useClose (): to close the fileRead (): to read the fileWrite (): to append data Reposition (): to change the position Get file attributes (): for organizing files in the file system Set file attributes (): for organizing files in the file systemMove (): to move from one place to another placeCopy (): it is used to copy file from one folder to another folder.• File management

create file, delete file open, close



read, write, reposition get file attributes, set file attributes

1.12.3 Device ManagementA process may need several resources to execute main memory, disk

drives, access to files. If the resources are available, they can be granted, and control can be returned to the user process. The process will have to wait until sufficient resources are available. A system with multiple users may require us to first request () a device to use it After we are finished with the device, we release () it. These functions are similar to the open () and close () system calls for files. Other operating systems allow unmanaged access to devices. Once the device has been requested (and allocated to us), we can read (), write (), and (possibly) reposition () the device, just as we can with files.Device management

request device, release device read, write, reposition get device attributes, set device attributes logically attach or detach devices

1.12.4 Information Maintenance Many system calls exist simply for the purpose of transferring

information between the user program and the operating system. Most systems have a system call to return the current time() and

date(). System calls may return information about the system, such as the

number of current users, the version number of the operating system, the amount of free memory or disk space.

Another set of system calls is helpful in debugging a program. Many systems provide system calls to dump() memory.



Many operating systems provide a time profile of a program to indicate the amount of time that the program executes at a particular location or set of locations.

A time profile requires either a tracing facility or regular timer interrupts.

At every occurrence of the timer interrupt, the value of the program counter is recorded.

The operating system keeps information about all its processes, and system calls are used to access this information.

Information maintenance get time or date, set time or date get system data, set system data get process, file, or device attributes set process, file, or device attributes

1.12.5 CommunicationThere are two common models of inter process communication:

The message passing model and The shared-memory model.

The message passing model In the message-passing model, the communicating processes

exchange messages with one another to transfer information. Messages can be exchanged between the processes either directly or

indirectly through a common mailbox. A connection must be opened before two systems can communicate

with each other. Two systems can communicated their process via communication

network Each computer in a network has a host name. A host is also has a network identifier, such as an IP address.



Each process has a process name, and this name is translated into an identifier by which the operating system can refer to the process.

The two important system calls to establish communication is The get hostid() and get processid()

Once established a communication network the identifiers are then passed to the general purpose open() and close() calls provided by the file system or to specific open connection() and close connection() system calls, depending on the system’s model of communication.

At the receivers side the recipient can accept the connection or recipient can wait if it is busyHere receiver can have two types of system calls accept connection() and wait for connection().

The source of the communication, known as the client, and the receiving daemon, known as a server, then exchange messages by using read message() and write message() system calls. The close connection() call terminates the communication.

Message passing is useful for exchanging smaller amounts of data, because no conflicts need be avoided.

The shared-memory model In the shared-memory model, processes use shared memory create()

and shared memory attach() system calls to create and gain access to regions of memory owned by other processes.

The operating system tries to prevent one process from accessing another process’s memory.

Shared memory requires that two or more processes agree to remove this restriction. They can then exchange information by reading and writing data in the shared areas.

Shared memory allows maximum speed and convenience of communication.



It can be done at memory transfer speeds when it takes place within a computer.

Communications create, delete communication connection send, receive messages transfer status information attach or detach remote devices

1.12.6 ProtectionProtection provides a mechanism for controlling access to the resources

provided by a computer system. Protection was a concern only on multi programmed computer systems with several users. System calls providing protection include set permission () and get permission (), which manipulate the permission settings of resources such as files and disks. The allow user () and deny user () system calls specify whether particular users can or cannot be allowed access to certain resources. 1.13 System Programs A modern system is its collection of system programs. At the lowest level is hardware. Next is the operating system, then the system programs, and finally the application programs. System programs, also known as system utilities, provide a convenient environment for program development and execution

System programs provide a convenient environment for program development and execution. They can be divided into these categories- File management: These programs create, delete, copy, rename, print, dump, list and manipulate files and directories. Status information: Some programs ask the system for the date, time, and amount of available memory or disk space, number of users. File modification: Text editors may be available to create and modify the content of files stored on disk or other storage devices.


OPERATING SYSTEMS Unit - 1Programming language support: Compilers, assemblers, debuggers and interpreters for common programming languages are often provided to the user with the OS. Program loading and execution: Once a program is assembled or compiled, it must be loaded into memory to be executed. System provides absolute loaders, relocatable loaders, linkage editors and overlay loaders. Communications: These programs provide the mechanism for creating virtual connections among processes, users and computer systems. They allow users to send messages to one another’s screens, to browse Web pages, to send e-mail messages, to log in remotely, or to transfer files from one machine to another.Background services: All general-purpose systems have methods for launching certain system-program processes at boot time. A system needed a service to listen for network connections in order to connect those requests to the correct processes.Example: schedulers that start processes according to a specified schedule, system error monitoring services, and print servers.

In addition to systems programs, OS are supplied with programs that are useful in solving common problems or performing operations. Such programs include web browsers, word processors and text formatters, spread sheets, database systems etc. These programs are known as system utilities or application programs.



1.14 operating system structureA system as large and complex as a modern operating system must be

engineered carefully if it is to function properly and be modified easily. A common approach is to partition the task into small components, or modules, rather than have one monolithic system. Each of these modules should be a well-defined portion of the system, with carefully defined inputs, outputs, and functions. we will discuss how these components are interconnected and melded into a kernel.1.14.1 Simple Structure

Many operating systems do not have well-defined structures. A system is small, simple, and limited systems and then grew beyond

their original scope. MS-DOS is an example of such a system. It was originally designed and

implemented by a few people who had no idea. It was written to provide the most functionality in the least space, so it

was not carefully divided into modules. In MS-DOS, the interfaces and levels of functionality are not well

separated. application programs are able to access the basic I/O routines to write directly to the display and disk drives



Another example of limited structuring is the original UNIX operating system. Like MS-DOS, UNIX initially was limited by hardware functionality. It consists of two separable parts: the kernel and the system programs.

The kernel is further separated into a series of interfaces and device drivers, which have been added and expanded over the years as UNIX has evolved.

Everything below the system-call interface and above the physical hardware is the kernel. The kernel provides the file system, CPU scheduling, memory management, and other operating-system functions through system calls.

This monolithic structure was difficult to implement and maintain.1.14.2 Layered Approach

A system can be made modular in many ways. One method is the layered approach, in which the operating system is broken into a number of layers (levels). The bottom layer (layer 0) is the hardware; the highest (layer N) is the user interface.

The OS is divided into a number of layers (levels). Each layer is built on top of lower layers. The bottom layer (layer 0), is the hardware. The highest (layer N) is the user interface.



The main advantage of the layered approach is simplicity of construction and debugging. The layers are selected so that each uses functions (operations) and services of only lower-level layers. The first layer can be debugged, it uses only the basic hardware (which is assumed correct) to implement its functions. Once the first layer is debugged, its correct functioning can be assumed while the second layer is debugged, and so on.

Each layer is implemented only with operations provided by lower-level layers. A layer does not need to know how these operations are implemented; it needs to know only what these operations do. Hence, each layer hides the existence of certain data structures, operations, and hardware from higher-level layers.

The major difficulty with layered approach involves defining the various layers. They tend to be less efficient than other types. A final problem with layered implementations is that they tend to be less efficient than other types.

Figure: A layered operating system.1.14.3 Microkernels

This method structures the OS by removing all non essential components from the kernel and implementing them as system and user



level programs which results in a smaller kernel. Micro kernels provide minimal process and memory management in addition to a communication facility.

The main function of micro kernel is to provide a communication facility between the client program and the various services that are also running in user space. Communication is provided by message passing.

Advantage of the micro kernel approach is ease of extending the operating system. All new users are added to user space and hence do not require modification of the kernel. The resulting operating system is easier to port from one hardware design to another. Microkernel also provides more security and reliability since most services are running as user processes. But micro kernels can suffer from performance decreases due to increased system function over head.

Figure: Architecture of a typical microkernel.1.14.4 Modules

The best current methodology for operating system design involves using object oriented programming techniques to create a modular kernel. The kernel has a set of core components and dynamically links in additional services either during boot time or run time.



Perhaps the best current methodology for operating-system design involves using loadable kernel modules.This type of design is common in modern implementations of UNIX, such as Solaris, Linux, and Mac OS X, as well as Windows.

The idea of the design is for the kernel to provide core services while other services are implemented dynamically, as the kernel is running. Linking services dynamically is preferable to adding new features directly to the kernel, which would require recompiling the kernel every time a change was made.

A layered system in that each kernel section has defined, protected interfaces but it is more flexible than a layered system, because any module can call any other module.

The Solaris operating system structure, shown in Figure 2.15, is organized around a core kernel with seven types of loadable kernel modules:

1. Scheduling classes2. File systems3. Loadable system calls4. Executable formats5. STREAMS modules6. Miscellaneous7. Device and bus drivers



Figure 2.15 Solaris loadable modules.

1.14.5 Hybrid Systems Very few operating systems adopt a single, strictly defined structure.

They combine different structures, resulting in hybrid systems that address performance, security, and usability issues.

Both Linux and Solaris are monolithic, because having the operating system in a single address space provides very efficient performance.

Windows systems also provide support for dynamically loadable kernel modules.

The structure of three hybrid systems: The Apple Mac OS X operating system and The two most prominent mobile operating systems are iOS

and Android.1.14.5.1 Mac OS X

The Apple Mac OS X operating system uses a hybrid structure. The top layers include the Aqua user interface and a set of application environments and services.

The Cocoa environment specifies an API for the Objective-C programming language, which is used for writing Mac OS X applications.

Below these layers is the kernel environment, which consists primarily of the Mach microkernel and the BSD UNIX kernel.

Mach provides memory management it also support for remote procedure calls (RPCs) and inter process communication (IPC), including message passing, and thread scheduling.



The BSD component provides a BSD command-line interface, support for networking and file systems, and an implementation of POSIX APIs, including Pthreads.

Figure 2.16 The Mac OS X structure.

1.14.5.2 iOSiOS is a mobile operating system designed by Apple to run its

smartphone, the iPhone, as well as its tablet computer, the iPad. iOS is structured on the Mac OS X operating system, with added functionality pertinent to mobile devices,but does not directly run Mac OS X applications. The structure of iOS appears in Figure 2.17.

Cocoa Touch is an API for Objective-C that provides several frameworks for developing applications that run on iOS devices. The fundamental difference between Cocoa, mentioned earlier, and Cocoa Touch is that the latter provides support for hardware features unique to mobile devices, such as touch screens.



The media services layer provides services for graphics, audio, and video. The core services layer provides a variety of features, including support for cloud computing and databases.

The bottom layer represents the core operating system, which is based on the kernel environment.

Figure 2.17 Architecture of Apple’s iOS.1.14.5.3 Android

The Android operating system was designed by the Open Handset Alliance (led primarily by Google) and was developed for Android smartphones and tablet computers.

Whereas iOS is designed to run on Apple mobile devices and is close-sourced, Android runs on a variety of mobile platforms and is open-sourced.

Android is similar to iOS in that it is a layered stack of software that provides a rich set of frameworks for developing mobile applications.

At the bottom of this software stack is the Linux kernel. Linux is used primarily for process, memory, and device-driver support

for hardware and has been expanded to include power management. The Android runtime environment includes a core set of libraries as

well as the Dalvik virtual machine. Software designers for Android devices develop applications in the

Java language.



The Java class files are first compiled to Java bytecode and then translated into an executable file that runs on the Dalvik virtual machine. The Dalvik virtual machine was designed for Android and is optimized for mobile devices with limited memory and CPU processing capabilities.

The set of libraries available for Android applications includes frameworks for developing web browsers (webkit), database support (SQLite), and multimedia. The libc library is similar to the standard C library but is much smaller and has been designed for the slower CPUs that characterize mobile devices.

Figure 2.18 Architecture of Google’s Android.

1.15 operating system debugging Debugging is the activity of finding and fixing errors in a system, both

in hardware and in software. Performance problems are considered bugs, so debugging can also

include performance tuning Debugging is finding and fixing errors, or bugs

1.15.1 Failure Analysis Most operating systems write the error information to a log file to

alert system operators or users that the problem occurred. OS generate log files containing error information. Failure of an application can generate core dump file capturing

memory of the process55 SVR ENGINEERING

COLLEGE:NANDYAL


Operating system failure can generate crash dump file containing kernel memory

Beyond crashes, performance tuning can optimize system performance A failure in the kernel is called a crash. When a crash occurs, error

information is saved to a log file, and the memory state is saved to a crash dump.

Operating-system debugging and process debugging frequently use different tools and techniques due to the very different nature of these two tasks.

A common technique is to save the kernel’s memory state to a section of disk set aside for this purpose that contains no file system.

If the kernel detects an unrecoverable error, it writes the entire contents of memory, or at least the kernel-owned parts of the system memory, to the disk area.

When the system reboots, a process runs to gather the data from that area and write it to a crash dump file within a file system for analysis.

1.15.2 Performance Tuning Performance tuning seeks to improve performance by removing

processing bottlenecks. The operating system must have some means of computing and displaying measures of system behavior. The operating system does this by producing trace listings of system behavior.

All events are logged with their time and important parameters and are written to a file. Later, an analysis program can process the log file to determine system performance and to identify bottlenecks and inefficiencies.

Another approach to performance tuning uses single-purpose, interactive tools that allow users and administrators to question the state of various system components to look for bottlenecks.



The Windows Task Manager is a similar tool for Windows systems. The task manager includes information for current applications as well as processes, CPU and memory usage, and networking statistics.

One such tool employs the UNIX command top to display the resources used on the system, as well as a sorted list of the “top” resource-using processes.

Figure The Windows task manager.

1.15.3 DTrace DTrace tool in Solaris, FreeBSD, Mac OS X allows live instrumentation

on production systems. Probes fire when code is executed, capturing state data and sending

it to consumers of those probes 57 SVR ENGINEERING

COLLEGE:NANDYAL


These probes can be queried via the D programming language to determine an astonishing amount about the kernel, the system state, and process activities. Lines ending with “U” are executed in user mode, and lines ending in “K” in kernel mode.

Debugging the interactions between user-level and kernel code is nearly impossible without a toolset that understands both sets of code and can instrument the interactions.

The DTrace tool meets these requirements and provides a dynamic, safe, low-impact debugging environment.

DTrace is composed of a compiler, a framework, providers of probes written within that framework, and consumers of those probes. DTrace providers create probes.

Kernel structures exist to keep track of all probes that the providers have created. The probes are stored in a hash-table data structure that is hashed by name and indexed according to unique probe identifiers.

When a probe is enabled, a bit of code in the area to be probed is rewritten to call dtrace probe(probe identifier) and then continue with the code’s original operation. Different providers create different kinds of probes.


OPERATING SYSTEMS Unit - 11.16 System Boot

The procedure of starting a computer by loading the kernel is known as booting the system. On most computer systems, a small piece of code known as the bootstrap program or bootstrap loader locates the kernel, loads it into main memory, and starts its execution. Some computer systems, such as PCs, use a two-step process in which a simple bootstrap loader fetches a more complex boot program from disk, which in turn loads the kernel.The bootstrap program can perform a variety of tasks. One task is to run diagnostics to determine the state of the machine. If the diagnostics pass, the program can continue with the booting steps.

For large operating systems (including most general-purpose operating systems like Windows, Mac OS X, and UNIX) or for systems that change frequently, the bootstrap loader is stored in firmware, and the operating system is on disk. In this case, the bootstrap runs diagnostics and has a bit of code that can read a single block at a fixed location (say block zero) from disk into memory and execute the code from that boot block. The program stored in the boot block may be sophisticated enough to load the entire operating system into memory and begin its execution. A disk that has a boot partition is called a boot disk or system disk.1. PROCESS CONCEPT

Current day computer systems allow multiple programs to be loaded into memory and executed concurrently. Process is nothing but a program in execution. A process is the unit of work in a modern time sharing system. A system is a collection of processes. Operating system processes executing operating system code and user processes executing user code. By switching CPU between processes, the operating system can make the computer more productive. A batch system executes jobs whereas a time shared system has user programs or tasks. On a single user system, user


OPERATING SYSTEMS Unit - 1may be able to run several programs at one time: a word processor, a web browser and an e-mail package. All of these are called processes.1.1 The Process

A process is a program in execution. A process is more than a program code sometimes known as text section. It also includes the current activity as represented by the value of the program counter and the contents of the processor’s registers. A process generally also includes the process stack which contains temporary data and a data section which contains global variables. A process may also include a heap which is memory that is dynamically allocated during process run time.

Program itself is not a process, a program is a passive entity such as a file containing a list of instructions stored on disk (called an executable file) whereas process is an active entity with a program counter specifying the next instruction to execute and a set of associated resources. A program becomes a process when an executable file is loaded into memory. Although two processes may be associated with the same program, they are considered two separate execution sequences.

Figure: Process in memory.For instance, several users may be running different copies of the mail

program, or the same user may invoke many copies of the web browser program. Each of these is a separate process; and although the text sections are equivalent, the data, heap, and stack sections



The Java programming environment provides a good example. An executable Java program is executed within the Java virtual machine (JVM). The JVM executes as a process that interprets the loaded Java code and takes actions (via native machine instructions) on behalf of that code.

For example, to run the compiled Java program Program.class, we would enter

java ProgramThe command java runs the JVM as an ordinary process, which in turns

executes the Java program Program in the virtual machine.1.2 Process State

As a process executes, it changes state. The state of a process is defined in part by the current activity of that process. Each process may be in one of the following states-New: The process is being created. Running: Instructions are being executed. Waiting: The process is waiting for some event to occur. Ready: The process is waiting to be assigned to the processor. Terminated: The process has finished execution.

Every operating system can have process states. It is important to realize that only one process can be running on any processor at any instant. Many processes may be ready and waiting

Figure: Diagram of process state.



1.3 Process Control BlockEach process is represented in the operating system by a process

control block also called task control block. It contains many pieces of information associated with a specific process including:

Figure: Process control block (PCB).

Process State: The state may be new, ready, running, waiting, halted etc. Program Counter: The counter indicates the address of the next instruction to be executed for this process. CPU registers: The registers vary in number and type depending on the computer architecture.CPU scheduling information: This information includes a process priority, pointers to scheduling queues, and other scheduling parameters. Memory management information: This information may include such information as the value of base and limit registers etc. Accounting information: This information includes the amount of CPU and real time used, time limits etc.


OPERATING SYSTEMS Unit - 1I/O status information: This information includes the list of I/O devices allocated to the process, etc.

Figure: Diagram showing CPU switch from process to process.

1.4 Threads Process is a program that performs a single thread of execution. A single thread of control allows the process to perform only one

task at one time.



Most modern operating systems have extended the process concept to allow a process to have multiple threads of execution and thus to perform more than one task at a time.

2. Process SchedulingThe objective of multi programming is to have some process

running at all times to maximize CPU utilization. The objective of time sharing is to switch the CPU among processes so frequently that users can interact with each program while it is running. To meet these objectives, the process scheduler selects an available process for program execution on the CPU. For a single processer system, there will never be more than one running process.2.1 Scheduling QueuesProcess Scheduler maintains different types of queues: Job queue: As processes enter the system, they are put inside the job queue, which consists of all processes in the system.Ready queue: The processes that are residing in main memory and are ready and waiting to execute are kept on a list called the ready queue. This queue is stored as a linked list. A ready queue header contains pointers to the first and final PCB’s in the list. Each PCB includes a pointer field that points to the next PCB in the ready queue.Device queues: When a process is allocated the CPU, it executes for a while and eventually quits, is interrupted or waits for the occurrence of a particular event such as the completion of an I/O request. The list of processes waiting for a particular I/O device is called a device queue. Each device has its own device queue.



Figure: The ready queue and various I/O device queues.A common representation for process scheduling is queuing

diagram. Each rectangular box represents a queue. Two types of queues are present: ready queue and a set of device queues. Circles represent the resources that serve the queues and the arrows indicate the flow of processes in the system.

Figure: Queuing-diagram representation of process scheduling.

A new process is initially put in the ready queue. It waits there until it is selected for execution or is dispatched. Once the process is allocated the CPU and is executing, one of the following events might occur.


OPERATING SYSTEMS Unit - 1a) The process could issue and I/O request and then be placed in the I/O queue. b) The process could create a new sub process and wait for the sub process’s termination. c) The process could be removed forcibly from the CPU as a result of an interrupt and be put back in the ready queue. 2.2 Schedulers

A process migrated among the various scheduling queues throughout its life time. The OS must select for scheduling purposes, processes from these queues and this selection is carried out by scheduler. In a batch system, more processes are submitted than can be executed immediately. These processes are spooled to a mass storage device (disk) where they are kept for later execution. Various types of schedulers areLong term scheduler: The long term scheduler or job scheduler selects processes from

this pool and loads them into memory for execution. The long term scheduler controls the degree of multi

programming (the number of processes in memory). Long term scheduler must select a good mix of I/O bound and CPU

bound processes. A system with best performance will have a combination of CPU bound and I/O bound processes.

Short term scheduler The short term scheduler or CPU scheduler selects from among the

processes that are ready to execute and allocates the CPU to one of them. I/O bound process

Most processes can be described as either I/O bound or CPU bound. An I/O bound process is one that spends more of its time doing I/O than it spends doing computations. A CPU bound process generates I/O requests infrequently using more of its time doing computations.


OPERATING SYSTEMS Unit - 1Medium scheduler:

Medium term scheduler is that sometimes it can be advantageous to remove processes from memory and thus reduce the degree of multi programming.

Later the process can be reintroduced into memory and its execution can be continued where it left off. This scheme is called swapping. The process is swapped out and is later swapped in by the medium term scheduler.

Figure: Addition of medium-term scheduling to the queuing diagram.

2.3 Context SwitchInterrupts cause the OS to change a CPU from its current task and to

run a kernel routine. When an interrupt occurs, the system needs to save the current context of the process currently running on the CPU so that it can restore that context when its processing is done, essentially suspending the process and then resuming it. The context is represented in the PCB of the process, it includes the value of CPU registers, process state and memory management information. We perform a state save of the current state of the CPU and then state restores to resume operations.

Switching the CPU to another process requires saving the state old process and loading the saved state of the new process. This task is known as context switch. Context switch time is pure overhead. Its speed varies from machine to machine depending on the memory speed, the number of


OPERATING SYSTEMS Unit - 1registers that must be copied and the existence of special instructions. Typically the speed ranges from 1 to 1000 microseconds.

Context switch times are highly dependent on hardware support. Some processors provide multiple set of registers.

Context switch simply includes changing the pointer to the current register set.

The steps involved in a full process switch as follows:1. Save the context of the processor, including program counter and

other registers2. Update the PCB of the process that is currently in the running state.

This includes the changing the state of one process to another3. Move the PCB of this process to the appropriate queue.4. Select another process for execution5. Update the PCB of the process selected, this includes changing the

state of this process to running.6. Update memory management data structures. This may be required

depending on how address translation is managed.7. Restore the context of the processor to that, which existed at that time

, the selected process was last switched out of the running state by loading the previous values of the program counter and other registers.

3. Operations on ProcessesThe processes in most systems can execute concurrently and must be

created and deleted dynamically. Thus, the operating systems must provide a mechanism for process creation and termination.The basic operations on a process are:

Process creation



Process terminationProcess creation:A process may create several new processes. the creating process is called a parent process, where as the new processes are called the children of that process. Each of child process will create another new process forming a tree of processes.

Most operating systems (including UNIX, Linux, and Windows) identify processes according to a unique process identifier (or pid), which is typically an integer number.

The pid provides a unique value for each process in the system it can be used as an index to access various attributes of a process within the kernel.

When a process is created, it is assigned some resources, like physical and logical resources , data etc, these resources should be passed to children.

Let us understand the above concept by considering Unix OS.In unix , a new process is created by a fork() system call

Let us consider an example. When user logs in for the first time in Unix, it creates a shell process. After the login, any command user is trying into shell such as for example if I want to see the list of files then user type the command ls and press enter key which display the entire list. If user wants to create a file then user enters cat command followed by name of file. So these ls and cat are considered to be children’s (or) child process of parent shell process, that invokes fork() system call implicitly

#include <sys/types.h>#include <stdio.h>#include <unistd.h>



int main(){pid t pid;/* fork a child process */pid = fork();if (pid < 0) { /* error occurred */fprintf(stderr, "Fork Failed");return 1;}else if (pid == 0) { /* child process */execlp("/bin/ls","ls",NULL);}else { /* parent process *//* parent will wait for the child to complete */wait(NULL);printf("Child Complete");}return 0;}

Figure 3.9 Creating a separate process using the UNIX fork() system call.

Output: I am child process with PID = 1760 I am the parent process with PID = 1761

Process terminationWhen a process termination or completes its execution then the

resources that were used by the process are deallocated. In other



words this happen with the help of kernel that internally implements exit() system call. When an exit () system call is executed, it closes all the open files releases all text files, other resources and address space. In other words if a process want to terminate by itself then it use exit() system call . but if a process wants to terminate its children then it uses kill() system call. A parent may terminate execution of its children for a variety of reasons:

If child exceeds the number of resources that it has been allocated

Task assigned to child is no longer required If parent process terminates then child process must also

terminates. This is known as cascading termination initiated by OS

Consider that, in Linux and UNIX systems, we can terminate a process by using the exit() system call, providing an exit status as a parameter:

/* exit with status 1 */exit(1);

A parent process may wait for the termination of a child process by using the wait() system call. The wait() system call is passed a parameter that allows the parent to obtain the exit status of the child. This system call also returns the process identifier of the terminated child so that the parent can tell which of its children has terminated:

pid t pid;int status;pid = wait(&status);

When a process terminates, its resources are deallocated by the operating system. However, its entry in the process table must remain there until the parent calls wait(), because the process table contains the process’s exit status. A process that has terminated, but whose parent has not yet called wait(), is known as a zombie process.


OPERATING SYSTEMS Unit - 14. Interprocess Communication:

Processes executing concurrently in the operating system may be either independent processes or co-operating processes.

A process is independent if it cannot affect or be affected by the other processes executing in the system.

Any process that does not share data with any other process is independent.

A process is co-operating if it can affect or be affected by the other processes executing in the system.

There are several reasons for providing an environment that allows process co-operation: a) Information sharing: Since several users may be interested in the same piece of information (shared file), we must provide an environment to allow concurrent access to such information. b) Computation speedup: If we want a particular task to run faster, we must break it into sub tasks each of which will be executing in parallel with the others. Such a speed up can be achieved only if the computer has multiple processing elements. c) Modularity: we may want to construct the system in a modular fashion dividing the system functions into separate processes or threads. d) Convenience: Even an individual user may work on many tasks at the same time. For instance, a user may be editing, listening to music, and compiling in parallel.

Co-operating processes require an inter process communication (IPC) mechanism that allow them to exchange data and information. There are two fundamental models of inter process communication.



Figure: Communications models. (a) Message passing. (b) Shared memory.

4.1 Shared Memory Systems In the shared memory model, a region of memory that is shared by

co-operating processes is established. Processes can then exchange information by reading and writing data to shared region.

Shared memory allows maximum speed and convenience of communication, as it can be done at memory speeds when within a computer.

Shared memory is faster than memory passing as message passing systems are typically implemented using system calls and thus require the more time consuming task of kernel intervention.

In shared memory systems, system calls are required only to establish shared memory regions. Once shared memory is established, all accesses are treated as routine memory accesses and no assistance from the kernel is required.

Inter process communication using shared memory requires communicating processes to establish a region of shared memory.

A shared memory region resides in the address space of the process creating the shared memory segment.

Other processes that wish to communicate using this shared memory segment must attach it to their address space. OS tries to prevent one process from accessing another process’s memory.



Shared memory requires that two or more processes agree to remove the above restriction. They can then exchange information by reading and writing data in the shared areas. The processes are also responsible for ensuring that they are not writing to the same location simultaneously.

To illustrate the concept of cooperating processes, let’s consider the .Producer Consumer problem which is a paradigm for co-operating processes:

A producer produces information that is consumed by a consumer process.

For example: A web server produces (that is, provides) HTML files and images, which are consumed (that is, read) by the client web browser requesting the resource.

One solution to the producer consumer problem uses shared memory. To allow producer and consumer processes to run concurrently, we must have available a buffer of items that can be filled by the producer and emptied by the consumer. This buffer will reside in a region of memory that is shared by the producer and consumer processes. A producer can produce one item while consumer is consuming another item. The producer and consumer must be synchronized so that the consumer does not try to consume an item that has not yet been produced. Two types of buffers can be used: Unbounded buffer: The unbounded buffer places no practical limit on the size of the buffer. The consumer may have to wait for new items, but the producer can always produce new items.Bounded: The bounded buffer assumes a fixed buffer size. In this case, the consumer must wait if the buffer is empty, and the producer must wait if the buffer is full.How the bounded buffer can be used to enable processes to share memory.



The shared buffer is implemented as a circular array with two logical pointers in and out. The variable in points to the next free position in the buffer; out points to the first full position in the buffer. The buffer is empty when in == out; the buffer is full when ((in+1)%BUFFER_SIZE) = = out.

item next produced; while (true) {/* produce an item in next produced */while (((in + 1) % BUFFER SIZE) == out); /* do nothing */buffer[in] = next produced;in = (in + 1) % BUFFER SIZE;}Figure 3.13 The producer process using shared memory.

item next consumed;while (true) {while (in == out); /* do nothing */next consumed = buffer[out];out = (out + 1) % BUFFER SIZE;/* consume the item in next consumed */}Figure 3.14 The consumer process using shared memory.

2. Message Passing:



The co-operating processes in a shared environment scheme require that these processes share a region of memory and that the code for accessing and manipulating the shared memory be written explicitly by the application programmer.

Another way to achieve the same effect is for the operating system to provide the means for co-operating processes to communicate with each other via a message passing facility.

In the message passing model, communication takes place by means of messages exchanged between the co-operating processes.

Message passing is useful for exchanging smaller amounts of data because no conflicts need be avoided.

Message passing is also easier to implement than is shared memory for inter computer communication

Message passing provides a mechanism to allow processes to communicate and to synchronize their actions without sharing the same address space and is particularly useful in a distributed environment where the communicating processes may reside on different computers connected by a network.

A message passing facility provides at least two operations: Send (message) and Receive (message). Messages sent by a process can be of either fixed or variable size. If

only fixed - sized messages can be sent, the system level implementation is straight forward. Variable sized messages require a more complex system level implementation.

If processes P and Q want to communicate, they must send messages to and receive messages from each other; a communication link must exist between them. This link can be implemented in several ways. Here are several methods for logically implementing a link and the send ()/ receive () operations:



Direct or indirect communication Synchronous or asynchronous communication Automatic or explicit buffering

Issues related to the above features:4.2.1 Naming:

Processes that want to communicate must have a way to refer to each other. They can use either direct communication or indirect communication.

In direct communication, each process that wants to communicate must explicitly name the recipient or sender of the communication. The send() and receive() primitives are defined as-

Send (P, message): send a message to process P Receive (Q, message): receive a message from process Q

A communication link has the following properties: A link is established automatically between every pair of processes

that want to communicate. The processes need to know only each other’s identity to communicate.

A link is associated with exactly two processes. Between each pair of processes, there exists exactly one link. Here both the sender process and receiver process must name the other

to communicate. This is called symmetry in addressing. And other is asymmetry in addressing. Here, the sender and the recipient are not required to name the sender. Here, the send () and receive () primitives are defined as:

Send (P, message) : send a message to process P Receive (id, message): receive a message from any process; the

variable id is set to the name of the process with which communication has taken place.

The disadvantage in the above schemes is the limited modularity of the resulting process definitions. Changing the identifier of the process may


OPERATING SYSTEMS Unit - 1necessitate examining all other process definitions. All references to the old identifier must be found so that they can be modified to the new identifier.

In indirect communication, the messages are sent to and received from mail boxes or ports. A mail box can be viewed abstractly as an object into which messages can be placed by processes and from which messages can be removed. Each mail box has a unique identification. A process can communicate with some other process via a number of different mail boxes. But two processes can communicate only if the processes have a shared mail box. The send () and receive () primitives are defined as:

Send (A, message) – send a message to mail box AReceive (A, message) – receive a message from mail box

A. In this scheme, a communication link has the following properties:

A link is established between a pair of processes only if both members of the pair have a shared mail box.

A link may be associated with more than two processes. Between each pair of communicating processes, there may be a

number of different links, with each link corresponding to one mail box. If we have three processes P1, P2 and P3 sharing a mail box A, process P1

sends a message to A while P2 and P3 execute receive from A. Then the decision of which process (P2 or P3) will receive a message from P1 depends on the following methods.

Allow a link to be associated with two processes at most. Allow at most one process at a time to execute receive () operation. Allow the system to select arbitrarily which process will receive the

message. The system may define an algorithm for selecting which process will receive the message (round robin). The system may identify the receiver to the sender.



A mail box may be owned either by a process or by the OS. If the mail box is owned by a process, then we distinguish between the owner and the user. When a process that owns the mail box terminates, the mail box disappears. Any process that subsequently sends a message to this mail box must be notified that the mail box no longer exists. A mail box owned by the OS is independent and is not attached to any particular process. The OS then must provide a mechanism that allows a process to do the following:

Create a new mail box Send and receive messages through the mail box Delete a mail box

The process that creates a new mail box is that mail box’s owner by default. The owner is the only process that can receive messages through this mail box.4.2.2 Synchronization:

Communication between processes takes place through calls to send () and receive () primitives. Message passing may be either blocking or non- blocking also known as synchronous communication and asynchronous communication.Blocking send: The sending process is blocked until the message is received by the receiving process or the mail box. Non blocking send: The sending process sends the message and resumes operation. Blocking receive: The receiver blocks until a message is available. Non-blocking receive: The receiver retrieves either a valid message or a null.When both send () and receive () are blocking, we have a rendezvous between the sender and the receiver.4.2.3 Buffering:



Whether the communication is direct or indirect, messages exchanged by communicating processes reside in a temporary queue. Such queues can be implemented in three ways:Zero capacity: The queue has the maximum length of zero; thus the link cannot have any messages waiting in it. Bounded capacity: The queue has finite length n; thus, at most n messages can reside in it. Unbounded capacity: The queues length is infinite; thus any number of messages can wait in it. The sender never blocks.

The zero capacity buffers are sometimes referred to as a message system with no buffering; the other cases are referred to as systems with automatic buffering.5. Examples of IPC Systems:Here we can discuss three different IPC systems:

1) POSIX API for shared memory.2) MACH X Operating System3) WINDOWS Operating System.

POSIX API for shared memory.Several IPC mechanisms are available for POSIX systems, including

shared memory and message passing. Here, we explore the POSIX API for shared memory.

POSIX shared memory is organized using memory-mapped files, which associate the region of shared memory with a file. A process must first create a shared-memory object using the shm open() system call, as follows:

shm fd = shm_open(name, O_CREAT | O_RDRW, 0666);name = the first parameter specifies the name of the shared-memory object.O_CREAT = The subsequent parameters specify that the shared-memory object is to be created if it does not yet exist O RDRW = the object is open for reading and writing ().


OPERATING SYSTEMS Unit - 10666= The last parameter establishes the directory permissions of the shared-memory objectshm_open= Asuccessful call to shm open() returns an integer file descriptor for the shared-memory object.ftruncate()= function is used to configure the size of the object in bytes. The call ftruncate(shm fd, 4096);sets the size of the object to 4,096 bytes. mmap() = function establishes a memory-mapped file containingthe shared-memory object.

#include <stdio.h>#include <stlib.h>#include <string.h>#include <fcntl.h>#include <sys/shm.h>#include <sys/stat.h>int main(){/* the size (in bytes) of shared memory object */const int SIZE 4096;/* name of the shared memory object */const char *name = "OS";/* strings written to shared memory */const char *message 0 = "Hello";const char *message 1 = "World!";/* shared memory file descriptor */int shm fd;/* pointer to shared memory obect */void *ptr;/* create the shared memory object */shm fd = shm open(name, O CREAT | O RDRW, 0666);



/* configure the size of the shared memory object */ftruncate(shm fd, SIZE);/* memory map the shared memory object */ptr = mmap(0, SIZE, PROT WRITE, MAP SHARED, shm fd, 0);/* write to the shared memory object */sprintf(ptr,"%s",message 0);ptr += strlen(message 0);sprintf(ptr,"%s",message 1);ptr += strlen(message 1);return 0;}

Producer process illustrating POSIX shared-memory API.Mach X os:

Mach operating system is next example for IPC. In Mach Operating system Mach kernel supports the creation and destruction of multiple tasks

Most communication in Mach including all intertask information is carried out by messages. Messages are sent to and received from mailboxes, called ports in Mach.

In Mach operating system calls are made by messages. In Mach operating system a task is created with two special mailboxes

The Kernel mailbox and The Notify mailbox

The kernel uses the Kernel mailbox to communicate with the task and sends notification of event occurrences to the Notify port To establish communication in Mach os need three system calls for message transfer.

The msg_send () call sends a message to a mailbox.The msg_receive () call receives message from mailbox



The msg_rpc (), (remote procedure call) system call is used to execute messages

Windows:Windows provides support for multiple operating environments, or subsystems.Application programs communicate with these subsystems via a message-passing mechanism.The message-passing facility in Windows is called the advanced local procedure call (ALPC) facility. It is used for communication between two processes on the same machine.Windows uses two types of ports:

Connection ports and Communication ports.

Server processes creates a connection-port objects that are visible to all processes. When a client wants services from a server it opens a handle to the server’s connection-port object and sends a connection request to that port. The server then creates a channel and returns a handle to the client.

The channel consists of a pair of private communication ports: one for client-server messages the other for server-client messages. Communication ports support a callback mechanism that allows the client and server to accept requests when they system want be expecting a reply.An ALPC channel creates any one of three message-passing techniques:1. For small messages (up to 256 bytes), the port’s message queue is used as intermediate storage, and the messages are copied from one process to the other.2. Larger messages must be passed through a section object, which is a region of shared memory associated with the channel.3. When the amount of data is too large to fit into a section object, an API is available that allows server processes to read and write directly into the address space of a client.



The client has to decide when it sets up the channel whether it will need to send a large message. If the client determines that it does want to send large messages, it asks for a section object to be created.if the server decides that replies will be large, it creates a section object So that the section object can be used, a small message is sent that contains a pointer and size information about the section object. This method is more complicated than the first method.

Figure 3.19 Advanced local procedure calls in Windows.

SVR ENGINEERING COLLEGE, NANDYAL.

DEPARTMENT OF

COMPUTER SCIENCE & ENGINEERING

LECTURER NOTES



OPERATING SYSTEMS

PREPARED BY:


UNIT II

Threads: overview, Multicore Programming, Multithreading Models, Thread Libraries, Implicit threading,

Threading Issues.

Process Synchronization: The critical-section problem, Peterson‘s Solution, Synchronization Hardware, Mutex

Locks, Semaphores, Classic problems of synchronization, Monitors, Synchronization examples, Alternative

approaches.

CPU Scheduling: Scheduling-Criteria, Scheduling Algorithms, Thread Scheduling, Multiple- Processor Scheduling,

Real-Time CPU Scheduling, Algorithm Evaluation.

Threads:

2.1 Overview

It is sometimes called as a lightweight process. Threads are popular way to improve application

performance through parallelism. In operating systems, a thread is the basic unit of CPU utilization. Every process

will be having its own program counter, a register set and a stack and its own address space.

Each thread of process has its own program counter, a register states and its own stack. But all the threads

of a process share the same address space. All threads of process also share the same set of operating system

resources, such as open files, child process, semaphores, signals and soon. A traditional or heavy weight process has

a single thread of control. If the process has multiple threads of control, it can do more than one task at a time.

There are two types of threads:



Single threaded process: it can have a single task at a time.

Multithreaded process: it can have multiple tasks at a time.

Lifecycle of a thread:

When a thread is instantiated, it is a new state. When a thread is started, the thread is shifted from a new

state to runnable state, the scheduler decide when a thread enters running state. The decision is based on time slot;

priority etc. after the decision thread is transferred to running state from runnable state. During running state, the

thread executes the body of the thread. At this stage the thread may either execute till the end (or) it may execute for

some time and after some time the scheduler will switch it back to runnable state. Once thread finishes execution, it

enters dead state. This state is known as zombie process.

4.1.1 Motivation:

Most software applications that run on modern computers are multithreaded.

Each application is implemented several threads to control a separate process.

General client–server approach can have web browser and web server. An approach is might be like below

A web browser might have one thread display images or text

Another thread retrieves data from the network.


OPERATING SYSTEMS Unit - 1For example: A word processor may have a thread for displaying graphics,

Another thread for responding to keystrokes from the user, and

A third thread for performing spelling and grammar checking in the background.

A single application may be required to perform several similar tasks.

For example: A web server accepts client requests for web pages, images, sound.

A web server may have several (perhaps thousands of) clients concurrently accessing it. If the

web server ran as a traditional single-threaded process, it would be able to service only one

client at a time, and a client might have to wait a very long time for its request to be serviced.

If the web-server process is multithreaded, the server will create a separate thread that listens for client

requests. When a request is made, rather than creating another process, the server creates a new thread to service the

request and resume listening for additional requests. Threads plays an important role in RPC(Remote Procedure

Calls) to allow inter process communication(IPC) by providing a communication mechanism.

Figure: Multithreaded server architecture.

Most operating-system kernels are now multithreaded. Several threads operate in the kernel, and each

thread performs a specific task, such as managing devices, managing memory, or interrupt handling.

4.1.2 Benefits:

The benefits of multithreaded programming can be broken down into four major categories:

1. Responsiveness. Multithreading an interactive application may allow a program to continue running even if part

of it is blocked or is performing a lengthy operation, thereby increasing responsiveness to the user. This quality is

especially useful in designing user interfaces.

For example,

A web browser contains many threads. If one thread is busy in downloading an image, then another thread

is still allow user interaction. A single-threaded application would be unresponsive to the user until the operation

had completed.

2. Resource sharing. Processes can only share resources through techniques such as shared memory and message

passing. Such techniques must be explicitly arranged by the programmer. All threads belonging to one process share

a resource, like memory. The advantage of sharing same address space is that it will take less context switching

time.

3. Economy. Allocating memory and resources for process creation is costly. Because threads share the resources of

the process to which they belong, it is more economical to create and context-switch threads. For example, in


OPERATING SYSTEMS Unit - 1Solaris, creating a thread is about 30 times faster than is creating a process, and context switching is about five times

faster than a context switching of a process.

4. Scalability. The benefits of multithreading can be even greater in a multiprocessor architecture, where threads

may be running in parallel on different processing cores. A single-threaded process can run on only one processor,

regardless how many are available.

4.2 Multicor e Programming:

A multi core programming is a single computing component with two or more independent actual

processing units (called “cores”) which are the units that read and execute program instructions. The instructions

such as add, move data, and branch but the multiple instructions at the same time, increasing overall speed of the

programs amenable to parallel computing.

To increase the performance of the system single-CPU systems evolved into multi-CPU systems. Now a

day’s system design is to place multiple computing cores on a single chip. Each core appears as a separate processor

to the operating system. Whether the cores appear across CPU chips or within CPU chips. These systems are known

as multicore or multiprocessor systems. Multithreaded programming provides a mechanism for more efficient use

of these multiple computing cores and improved concurrency.

Consider an application with four threads.

On a system with a single computing core, concurrency merely means that the execution of the threads will

be interleaved over time, because the processing core is capable of executing only one thread at a time.

Concurrent Execution on a Single-core System

On a system with multiple cores, however, concurrency means that the threads can run in parallel, because

the system can assign a separate thread to each core.

Parallel Execution on a Multicore System

Parallelism: A system is parallel if it can perform more than one task simultaneously.

Concurrency: A concurrent system supports more than one task by allowing all the tasks to make progress. It is

possible to have concurrency without parallelism.



As systems have grown from tens of threads to thousands of threads, CPU designers have improved system

performance by adding hardware to improve thread performance. Modern Intel CPUs frequently support two

threads per core, while the Oracle T4 CPU supports eight threads per core. This support means that multiple

threads can be loaded into the core for fast switching.

4.2.1 Programming Challenges:

Multicore or multiprocessor systems putting pressure on programmers. System designers and application

programmers to make better use of the multiple computing cores. Designers of operating systems must write

scheduling algorithms that use multiple processing cores to allow the parallel execution.

Multicore programming supports five challenges:

Dividing activities: This involves examining applications to find areas that can be divided into separate, concurrent

tasks. Tasks are independent of one another and thus can run in parallel on individual cores.

Balance: While identifying tasks that can run in parallel, programmers must also ensure that the tasks perform equal

work of equal value. A certain task may not contribute as much value to the overall process as other tasks. Using a

separate execution core to run that task may not be worth the cost.

Data splitting: Just as applications are divided into separate tasks, the data accessed and manipulated by the tasks

must be divided to run on separate cores.

Data dependency: The data accessed by the tasks must be examined for dependencies between two or more tasks.

When one task depends on data from another, programmers must ensure that the execution of the tasks is

synchronized to accommodate the data dependency.

Testing and debugging: When a program is running in parallel on multiple cores, many different execution paths

are possible. Testing and debugging such concurrent programs is inherently more difficult than testing and

debugging single-threaded applications.

4.2.2 Types of Parallelism

There are two types of parallelism:

Data parallelism focuses on distributing subsets of the same data across multiple computing cores and performing

the same operation on each core.

Consider, for example, summing the contents of an array of size N.

On a single-core system, one thread would simply sum the elements [0] . . . [N − 1].

On a dual-core system, however, thread A, running on core 0, could sum the elements [0] . . . [N/2 − 1]

while thread B, running on core 1, could sum the elements [N/2] . . . [N − 1]. The two threads would be running in

parallel on separate computing cores.

Task parallelism involves distributing not data but tasks (threads) across multiple computing cores. Each thread is

performing a unique operation. Different threads may be operating on the same data, or they may be operating on

different data.

Example of task parallelism might involve two threads, each performing a unique statistical operation on

the array of elements. The threads again are operating in parallel on separate computing cores, but each is

performing a unique operation.



Data parallelism involves the distribution of data across multiple cores and task parallelism on the

distribution of tasks across multiple cores.

4.3 Multithreading Models

There are two basic models of threads

User threads: User threads are supported above the kernel and are managed without kernel support

Kernel threads: kernel threads are supported and managed directly by the operating system

User threads

Supported above the kernel and implemented by a thread library at the user level.

Thread creation, management and scheduling are done in user space.

Fast to create and manage

When a user thread performs a blocking system call, it will cause the entire process to block even if other

threads are available to run within the application.

Example: POSIX, Threads’, Mach C-threads and Solaris 2 UI-threads.

Kernel threads

Supported directly by the OS.

Thread creation, management and scheduling are done in kernel space.

Slow to create and manage

When a kernel thread performs a blocking system call, the kernel schedules another thread in the

application for execution.

Example: Windows NT, Windows 2000, Solaris 2, BeOS and Tru64 UNIX support kernel threads.

There is a relationship must exist between user threads and kernel threads. There are three common ways of

establishing such a relationship:

The many-to-one model

The one-to-one model

The many-to-many model.

4.3.1 Many-to-One Model

The many-to-one model maps many user-level threads mapped to single kernel thread.

It is used on systems that do not support kernel threads.

The entire process will block if a thread makes a blocking system call.

Only one thread can access the kernel at a time, multiple threads are unable to run in parallel on multicore

systems.

Few systems use this model

Examples: Solaris Green Threads, GNU Portable Threads



4.3.2 One-to-One Model

The one-to-one model maps each user-level thread maps to a kernel thread.

It provides more concurrency than the many-to-one model by allowing another thread to run when a thread

makes a blocking system call.

It also allows multiple threads to run in parallel on multiprocessors.

More concurrency than many-to-one model

The only drawback to this model is that creating a user thread requires creating the corresponding

Kernel thread.

Examples: Windows NT/XP/2000, Linux, Solaris 9 and later

4.3.3 Many-to-Many Model

The many-to-many model allows many user-level threads to a smaller or equal number of kernel threads.

The number of kernel threads may be specific to either a particular application or a particular machine

The many-to- one model allows the developer to create as many user threads

The one-to-one model allows greater concurrency, but the developer has to be careful not to create too

many threads within an application

The many-to-many model the developers can create as many user threads as necessary and the

corresponding kernel threads can run in parallel on a multiprocessor.

Examples: IRIX, HP-UX, Tru64 UNIX, Solaris 8 and earlier.



4.3.4 Two-level Model

One variation on the many-to-many model still multiplexes many user level threads to a smaller or equal

number of kernel threads but also allows a user-level thread to be bound to a kernel thread.

4.4 Thread Libraries

A thread library provides the programmer with an API for creating and managing threads. There are two

primary ways of implementing a thread library.

The first approach is to provide a library entirely in user space with no kernel support. All code and data

structures for the library exist in user space. This means that invoking a function in the library results in a local

function call in user space and not a system call.

The second approach is to implement a kernel-level library supported directly by the operating system. In

this case, code and data structures for the library exist in kernel space. Invoking a function in the API for the library

typically results in a system call to the kernel.

Three main thread libraries are in use today:

POSIX Thread’s: PThread’s may be provided as either a user-level or a kernel-level library.

Windows threads: The Windows thread library is a kernel-level library available on Windows systems.

Java threads: The Java thread API allows threads to be created and managed directly in Java programs.

POSIX Thread’s

PThread’s may be provided as either a user-level or a kernel-level library.

Pthreads refers to the POSIX standard (IEEE 1003.1c) defining an API for thread creation and

synchronization. This is a specification for thread behavior, not an implementation.

API specifies behavior of the thread library; implementation is up to development of the library.

Most are UNIX-type systems, including Linux, Mac OS X, and Solaris. Although Windows doesn’t

support PThreads’ natively, some third party implementations for Windows are available.

Windows threads:

The technique for creating threads using the Windows thread library is similar to the Pthreads technique in

several ways.

The Windows thread library is a kernel-level library available on Windows systems.



Threads are created in the Windows API using the Create Thread() function, A set of attributes for the

thread is passed to this function. These attributes include security information, the size of the stack, and a

flag that can be set to indicate if the thread is to start in a suspended state.

Java Threads

Threads are the fundamental model of program execution in a Java program, and the Java language and its

API provide a rich set of features for the creation and management of threads.

A simple Java program consisting of only a main() method runs as a single thread in the JVM. Java threads

are available on any system that provides a JVM including Windows, Linux, and Mac OS X.

The Java thread API is available for Android applications

There are two techniques for creating threads in a Java program.

One approach is to create a new class that is derived from the Thread class and to override its run()

method.

An alternative and more commonly used technique is to define a class that implements the Runnable

interface. The Runnable interface is defined as follows:

public interface Runnable

{

public abstract void run();

}

When a class implements Runnable, it must define a run() method. The code implementing the run() method is

what runs as a separate thread.

4.5 Implicit Threading

Growth of multicore processing, applications containing Hundreds or even thousands of threads. To design

such applications programmers must address the challenges and difficulties to create. One way to address these

difficulties and better support the design of multithreaded applications is to transfer the creation and management of

threading from application developers to compilers and run-time libraries.

This is known as implicit threading.

In implicit threading there are three approaches for designing multi threaded programs

Thread pools

OpenMP

Grand central dispatch.

4.5.1 Thread Pools

Whenever the server receives a request, it creates a separate thread to service the request. Whereas creating

a separate thread is certainly superior to creating a separate process. A multithreaded server can have several issues

(problems).

The first issue concerns the amount of time required to create the thread, together with the fact that the

thread will be discarded once it has completed its work.



The second issue is, If we allow all concurrent requests to be serviced in a new thread, we have not placed

a bound on the number of threads concurrently active in the system. Unlimited threads could exhaust system

resources, such as CPU time or memory. The solution is to solve the problem is thread pool

The idea behind a thread pool is to create a number of threads at process startup and place them into a pool.

When a server receives a request, it awakens a thread from this pool. If one is available and passes it the request for

service. Once the thread completes its service, it returns to the pool and awaits more work. If the pool contains no

available thread, the server waits until one becomes free.

Thread pools offer these benefits:

1. Servicing a request with an existing thread is faster than waiting to create a thread.

2. A thread pool limits the number of threads that exist at any one point. This is particularly important on systems

that cannot support a large number of concurrent threads.

3. Separating the task to be performed from the mechanics of creating the task allows us to use different strategies

for running the task.

For example: The task could be scheduled to execute after a time delay or to execute periodically.

The number of threads in the pool can be set heuristically based on factors such as the number of CPUs in

the system, the amount of physical memory, and the expected number of concurrent client requests.

4.5.2 OpenMP

OpenMP is a set of compiler directives as well as an API for programs written in C, C++, or FORTRAN

that provides support for parallel programming in shared-memory environments. OpenMP identifies parallel regions

as blocks of code that may run in parallel. Application developers insert compiler directives into their code at

parallel regions, and these directives instruct the OpenMP run-time library to execute the region in parallel.

The following C program illustrates a compiler directive above the parallel region containing

the printf() statement:

#include <omp.h>

#include <stdio.h>

int main(int argc, char *argv[])

{

/* sequential code */

#pragma omp parallel

{

printf("I am a parallel region.");

}

/* sequential code */

return 0;



}

When OpenMP encounters the directive

#pragma omp parallel

It creates as many threads are there are processing cores in the system. Thus, for a dual-core system, two

threads are created, for a quad-core system, four are created; and so forth. All the threads then simultaneously

execute the parallel region. As each thread exits the parallel region, it is terminated.

OpenMP provides several additional directives for running code regions in parallel, including parallelizing loops.

4.5.3 Grand Central Dispatch

Grand Central Dispatch (GCD) a technology for Apple’s Mac OS X and iOS,

Operating systems is a combination of extensions to the C language, an API, and a run-time library that

allows application developers to identify sections of code to run in parallel.

OpenMP, GCD manages most of the details of threading.

GCD identifies extensions to the C and C++ languages known as blocks.

A block is simply a self-contained unit of work. It is specified by a caret ˆ inserted in front of a pair of

braces { }. A simple example of a block is shown below:

ˆ{ printf("I am a block"); }

GCD schedules blocks for run-time execution by placing them on a dispatch queue. When it removes a

block from a queue, it assigns the block to an available thread from the thread pool it manages.

GCD identifies two types of dispatch queues:

Serial dispatch queue and

Concurrent dispatch queue

Serial dispatch queue

Blocks placed on a serial queue are removed in FIFO order. Once a block has been removed from the

queue, it must complete execution before another block is removed. Each process has its own serial queue (known

as its main queue). Serial queues are useful for ensuring the sequential execution of several tasks.

Concurrent dispatch queue

Blocks placed on a concurrent queue are also removed in FIFO order, but several blocks may be removed

at a time, thus allowing multiple blocks to execute in parallel.

According to priority the concurrent dispatch queues can have three types: low, default and high. Priorities

represent an approximation of the relative importance of blocks. The blocks with a higher priority should be placed

on the high priority dispatch queue.

The following code segment illustrates obtaining the default-priority concurrent queue and submitting a

block to the queue using the dispatch async() function:

dispatch queue t queue = dispatch get global queue

(DISPATCH QUEUE PRIORITY DEFAULT, 0);

dispatch async(queue, ˆ{ printf("I am a block."); });

4.6 Threading Issues


OPERATING SYSTEMS Unit - 14.6.1. fork () and exec() system calls.

The semantics of the fork () and exec () system calls change in a multithreaded program. Some UNIX

systems have chosen to have two versions of fork ():

A fork () system call may duplicate all threads and another duplicate fork () system call only the thread

that invoked fork().

If a thread invoke exec() system call ,the program specified in the parameter to exec() will replace the

entire process.

4.6.2. Signal handling

A signal is used in UNIX systems to notify a process that a particular event has occurred. A signal may be

received either synchronously or asynchronously, depending on the source of and the reason for the event being

signaled.

Synchronous signals

If a running program performs either of these actions, a signal is generated. Synchronous signals are

delivered to the same process that performed the operation that caused the signal.

Example: synchronous signal include illegal memory access and division by 0.

Asynchronous signals

When a signal is generated by an event external to a running process, that process receives the signal

asynchronously.

Example: signals include terminating a process with specific keystrokes (such as <control><C>) and Having a

timer expire.

All signals, whether synchronous or asynchronous, follow the same pattern:

1. A signal is generated by the occurrence of a particular event.

2. The signal is delivered to a process.

Deliver the signal to the thread to which the signal applies.

Deliver the signal to every thread in the process.

Deliver the signal to certain threads in the process.

Assign a specific thread to receive all signals for the process.

3. Once delivered, the signal must be handled in two possible ways:

1. A default signal handler: Every signal has a default signal handler that the kernel runs when handling that

signal.

2. A user-defined signal handler: This default action can be overridden by a user-defined signal handler that is

called to handle the signal. Signals are handled in different ways. Some signals (such as changing the size of a

window) are simply ignored; others (such as an illegal memory access) are handled by terminating the program.

4.6.3. Thread cancellation.

It is the task of terminating a thread before it has completed. A thread that is to be cancelled is called a

target thread.

There are two types of cancellation namely


OPERATING SYSTEMS Unit - 11. Asynchronous Cancellation: One thread immediately terminates the target thread.

2. Deferred Cancellation: The target thread can periodically check if it should terminate , and does so in an orderly

fashion.

4.6.4. Thread-Local Storage

Threads belonging to a process share the data of the process. The benefits of multithreaded programming

are providing data sharing among threads. In this environment each thread might need its own copy of certain data.

We will call such data thread-local storage (or TLS.)

For example:

In a transaction-processing system, each transaction in a separate thread. Each transaction might be

assigned a unique identifier. To associate each thread with its unique identifier, we could use thread-local storage.

4.6.5 Scheduler Activations

A final issue to be considered with multithreaded programs concerns communication between the kernel

and the thread library, which may be required by the many-to-many and two-level models. Such

Co-ordination allows the number of kernel threads to be dynamically adjusted to help ensure the best performance.

Many systems implementing either the many-to-many or the two-level model place an intermediate data structure

between the user and kernel threads. This data structure typically known as a lightweight process, or LWP

To the user-thread library, the LWP appears to be a virtual processor on which the application can schedule

a user thread to run. Each LWP is attached to a kernel thread, and it is kernel threads that the

operating system schedules to run on physical processors. If a kernel thread blocks (such as while waiting for an I/O

operation to complete), the LWP blocks as well. Up the chain, the user-level thread attached to the LWP also blocks.

One scheme for communication between the user-thread library and the kernel is known as scheduler activation.

It works as follows:

The kernel provides an application with a set of virtual processors (LWPs), and the application can

schedule user threads onto an available virtual processor. the kernel must inform an application about certain events.

This procedure is known as an upcall. Upcalls are handled by the thread library with an upcall handler, and upcall

handlers must run on a virtual processor.



CPU SchedulingIn a multiprogramming system, multiple processes are maintained in main memory. Each

process has two states, ready state and wait state, in ready state, it uses the process and in wait state,

it waits for I/O performed, only one process is in execution by a processor at a given time while other

processes wait.

To achieve multi programming, scheduling is a key element. Scheduling applies to both I/o

devices and CPU.



There are three types of process scheduling they are long term scheduling, short term

scheduling and medium term scheduling. CPU scheduling is basis of multi programmed operating

systems. Operating systems becomes more productive by switching the CPU among processes.

The objective of multiprogramming is to have some process running at all time, to maximize

CPU utilization. When a process is executing all process must wait until first is completes its

executing. Several processes are kept in memory at one time. This pattern continues and leads to the

need for scheduling

Process scheduling:

Process scheduling is nothing but getting the process for execution ie.., allocating processor

to a process in order to execute the process. If multiple processes are ready for execution in single

processor system, then all processes are loaded into ready queue and appropriate scheduling

strategies are applied to execute the processes in the queue.

CPU – I/O burst cycle:

Process execution consists of a cycle of CPU execution and I/O wait. Processes alternate

between these two states. Process execution begins with CPU burst followed by an I/O burst and so

on. The final CPU burst ends with a system request to terminate execution.

An I/O bound program has many short CPU bursts. A CPU bound program might have a few

long CPU bursts.

CPU scheduler

Whenever the CPU becomes idle, the operating system must select one of the processes in

the ready queue to be executed. The selection process is carried out by the short term scheduler or

CPU scheduler. The scheduler selects a process from the processes in memory that are ready to

execute and allocates the CPU to that process. The ready queue is not necessarily a first in first out 99 SVR ENGINEERING

COLLEGE:NANDYAL

OPERATING SYSTEMS Unit - 1queue. A ready queue can be implemented as a FIFO queue, a priority queue, a tree or an unordered

linked list. All the processes in the ready queue are lined up waiting for a chance to run on the CPU.

The records in the queue are process control blocks of the processes.

Pre-emptive scheduling

Scheduling is define as the activity of deciding when process will receive the resources they

request.CPU scheduling decisions may take place under the following four conditions-

a) When a process switches from the running state to the waiting state

b) When a process switches from the running state to the ready state

c) When a process switches from the waiting state to the ready state

d) When a process terminates

When scheduling takes place under conditions 1 and 4, scheduling scheme is non - pre

emptive or co-operative. Else it is called pre emptive. Under non pre emptive scheduling, once the

CPU has been allocated to a process, the process keeps the CPU until it releases the CPU either by

terminating or by switching to the waiting state. Pre emptive scheduling incurs cost associated with

access to shared data. Pre emption also affects the design of the operating system kernel.

Dispatcher The dispatcher is the module that gives control of the CPU to the process selected by the

short term scheduler. This function involves:

a) Switching context

b) Switching to user mode

c) Jumping to the proper location in the user program to restart that program

Dispatcher should be as fast as possible since it is invoked during every process switch. The

time it takes for the dispatcher to stop one process and start another running is called dispatch

latency.

5.1 Scheduling-Criteria:

Different CPU-scheduling algorithms have different properties, and the choice of a particular

algorithm may favor one class of processes over another. Many criteria have been suggested for

comparing CPU-scheduling algorithms.

The criteria include the following:


OPERATING SYSTEMS Unit - 11. CPU utilization: The CPU should be kept as busy as possible. CPU utilization may range from 0

to 100 percent. In a real system, it should range from 40 percent (for a lightly loaded system) to 90

percent (for a heavily used system).

2. Throughput: It is the number of processes completed per time unit. For long processes, this rate

may be 1 process per hour; for short transactions, throughput might be 10 processes per second.

3. Turnaround time: The interval from the time of submission of a process to the time of

completion is the turnaround time. Turnaround time is the sum of the periods spent waiting to get

into memory, waiting in the ready queue, executing on the CPU, and doing I/O.

4. Waiting time: Waiting time is the sum of the periods spent waiting in the ready queue.

5. Response time: It is the amount of time it takes to start responding, but not the time that it takes to

output that response.

It is desirable to maximize CPU utilization and throughput and to minimize turnaround

time, waiting time, and response time.

5.2 Scheduling Algorithms:

Types of scheduling:

The CPU scheduling activity is broken down into three separate functions long, medium, and

short term scheduling.

Long term scheduling: The decision to add program to the pool of process to be executed.

Medium term scheduling: The decision to add a process to the pool of processes that are partially or

fully in main memory.

Short term scheduling: the decision as to which available process will be executed by the processer.

There is one more scheduling other than CPU scheduling called I/O scheduling

I/O scheduling: The decision as to which process pending I/O request shall be handling by an

available I/O device.

CPU scheduling deals with the problem of deciding which of the processes in the ready

queue is to be allocated the CPU. There are many different CPU-scheduling algorithms.

First-Come, First-Served Scheduling

Shortest Job First Scheduling

Priority Scheduling



Round Robin Scheduling

Multilevel Queue Scheduling

Multilevel Feedback Queue Scheduling

5.2.1 First-Come First Serve:

This is the simplest CPU scheduling algorithm. The process that requests the CPU first is

allocated the CPU first. The implementation of FCFS is managed with a FIFO queue. When a

process enters the ready queue, its PCB is linked onto the tail of the queue. When the CPU is free, it

is allocated to the process at the head of the queue. The running process is then removed from the

queue. The average waiting time under FCFS is often quite long. The FCFS scheduling algorithm is

non pre-emptive.

Once the CPU has been allocated to a process, that process keeps the CPU until it releases the

CPU either by terminating or by requesting I/O. It is simple, fair, but poor performance. Average

queuing time may be long.

Example:

Process Burst Time

P1 24

P2 3

P3 3

If the processes arrive in the order PI, P2, P3, and are served in FCFS order, we get the result

shown in the following Gantt chart:

Gantt chart:

Average waiting time = (0+24+27) / 3 = 17 ms

Average Turnaround time = (24+27+30) / 3 = 27 ms

The FCFS algorithm is particularly troublesome for time – sharing systems, where it is

important that each user get a share of the CPU at regular intervals.

5.2.2 Shortest Job First Scheduling:

This algorithm schedules the processes by their CPU burst times. The process with less CPU

burst time will be processed first before other processes. If two processes have same burst times, then

they will be scheduled by using FCFS scheduling. This is also called “shortest next CPU burst”.


P P P1 2 3

0 24 3027

OPERATING SYSTEMS Unit - 1Example:

Process Burst Time

P1 6

P2 8

P3 7

P4 3 Using SJF scheduling, we would schedule these processes according to the following Gantt chart:

Waiting time for process P1 = 3 ms




Average waiting time is (3 + 16 + 9 + 0)/4 = 7 milliseconds.

Average turnaround time = ( 3+9+16+24) / 4 = 13 ms

This algorithm gives the minimum average time by moving a short process before a long one

which decreases the waiting time of the short process. The difficulty with this algorithm is knowing

the length of next CPU request. This cannot be implemented at the level of short-term CPU

scheduling and is used frequently in long-term scheduling.

The SJF algorithm may be either non-preemptive. The SJF scheduling is especially

appropriate for batch jobs for which the run times are known in advance. Since the SJF scheduling

algorithm gives the minimum average time for a given set of processes, it is probably optimal.

5.2.3 Priority scheduling:

Priority scheduling is a method of scheduling processes based on priority. In this method, the

scheduler chooses the tasks to work as per the priority, this method is quite same as the SJF but the


P 3

0 3 24

P 4 P 1

169

P 2

OPERATING SYSTEMS Unit - 1difference is that instead of choosing the next process to work on by the shortest burst time, CPU

chooses the next process by the shortest priority value. Here, all the processes are given a priority

value. The process with the shortest (The most shortest is 1) priority will be worked on first and so

on.

Now consider a CPU and also consider a list, in which the processes are listed as follows,

Process Brust time priorityP1 10 3P2 1 1P3 2 3P4 1 4P5 5 2

Gantt chart is:.






The average waiting time = (6+0+16+18+1) / 5 = 41 / 5 =8.2 ms

Priority can be defined either internally or externally.

Internal priority: Internally defined priorities use some measurable quantities or qualities to

compute priority of a process.

Examples of Internal priorities are

Time limits.

Memory requirements.

External priority: Externally defined priorities are set by criteria that are external to operating

system such as

The importance of process.


1

0 1 19

P 1 P 2

16

P 4P 3

6 18

P


Type or amount of funds being paid for computer use.

The department sponsoring the work.

Politics.

Priority scheduling can be either preemptive or non preemptive

A preemptive priority algorithm will preemptive the CPU if the priority of the newly arrival

process is higher than the priority of the currently running process.

A non-preemptive priority algorithm will simply put the new process at the head of the ready

queue.

A major problem with priority scheduling is indefinite blocking or starvation. A solution to the

problem of indefinite blockage of the low-priority process is aging. Aging is a technique of gradually

increasing the priority of processes that wait in the system for a long period of time.

5.2.4 Round-Robin scheduling:

One of the oldest, simplest, fairest and most widely used algorithms is round robin (RR). In

the round robin scheduling, processes are dispatched in a FIFO manner but are given a limited

amount of CPU time called a time-slice or a quantum.

If a process does not complete before its CPU-time expires, the CPU is preempted and given

to the next process waiting in a queue. The preempted process is then placed at the back of the ready

list.

Round Robin Scheduling is preemptive (at the end of time-slice) therefore it is effective in

time-sharing environments in which the system needs to guarantee reasonable response times for

interactive users.

The only interesting issue with round robin scheme is the length of the quantum. Setting the

quantum too short causes too many context switches and lower the CPU efficiency. On the other

hand, setting the quantum too long may cause poor response time and approximates FCFS. In any

event, the average waiting time under round robin scheduling is often quite long.

If time quantum is 4 ms, then p1 gets 4 ms and requires another 20 ms. it is pre-empted after first

time quantum and CPU is given to p2. since p2 requires only 3 ms, it quits before its time quantum


Process Brust time P1 24P2 3P3 3

OPERATING SYSTEMS Unit - 1expires. After each process has received 1 time, CPU returned to p1 for additional time quantum. the

result is as follows:

The average waiting time is = 17 / 3 = 5.66ms.

Here no process is allocated the CPU for more than one time quantum the performance of this

algorithm depends heavily on the size of the quantum. if the quantum is large, then the algorithm is same

as FCFS algorithm and if the quantum is small, the algorithm is called processor sharing. this is pre-

emptive

5.2.5 Multilevel Queue Scheduling.

This class of scheduling algorithm has been created for situations in which processes are easily

classified into different groups and might have different scheduling needs. A multilevel queue scheduling

algorithm partitions the ready queue in several separate queues. In a multilevel queue scheduling

processes are permanently assigned to one queue. The processes are permanently assigned to one another,

based on some property of the process, such as

Memory size

Process priority

Process type

Each queue has its own scheduling algorithms. Algorithms choose the process from the occupied queue

that has the highest priority, and run that process either

Preemptive or

Non-preemptively

Each queue has its own scheduling algorithm or policy.

Example of a multilevel queue scheduling algorithm with five queues, listed below in order

of priority:

1. System processes

2. Interactive processes

3. Interactive editing processes

4. Batch processes

5. Student processes

Each queue has absolute priority over lower-priority queues. No process in the batch queue,

could run unless the queues for system processes, interactive processes, and interactive editing


P P P1 1 1

0 18 3026144 7 10 22

P 2 P 3 P 1 P 1 P 1

OPERATING SYSTEMS Unit - 1processes were all empty. If an interactive editing process entered the ready queue while a batch

process was running, the batch process would be preempted.

Another possibility is to time-slice among the queues. Here, each queue gets a certain portion

of the CPU time, which it can then schedule among its various processes.

5.2.6 Multilevel Feedback Queue Scheduling:

Multilevel feedback queue-scheduling algorithm allows a process to move between queues.

The idea is to separate processes according to the characteristics of their CPU bursts. If a process

uses too much CPU time, it will be moved to a lower-priority queue. This scheme leaves I/O-bound

and interactive processes in the higher-priority queues and a process that waits too long in a lower-

priority queue may be moved to a higher-priority queue. This form of aging prevents starvation.

Multilevel feedback queue-scheduling algorithm allows a process to move between queues. It

focus on the time spent in execution. The idea is to schedule the processes on a pre-emptive basis and

a dynamic mechanism is employed. When a process first enters the system, it is placed in the next

priority queue. a shorter process will complete quickly, while longer process will gradually drift

downward. Within each queue the lowest priority queue, a simple FCFS mechanism is used.



Consider a multilevel feedback queue scheduler with three queues, numbered from 0 to 2.

The scheduler first executes all processes in queue 0. Only when queue 0 is empty will it execute

processes in queue 1. Similarly, processes in queue 2 will be executed only if queues 0 and 1 are

empty. A process that arrives for queue 1 will preempt a process in queue 2. A process in queue 1

will in turn be preempted by a process arriving for queue 0.

A process entering the ready queue is put in queue 0. A process in queue 0 is given a time

quantum of 8 milliseconds. If it does not finish within this time, it is moved to the tail of queue 1. If

queue 0 is empty, the process at the head of queue 1 is given a quantum of 16 milliseconds. If it does

not complete, it is preempted and is put into queue 2. Processes in queue 2 are run on an FCFS basis

but are run only when queues 0 and 1 are empty.

This scheduling algorithm gives highest priority to any process with a CPU burst of 8

milliseconds or less. Such a process will quickly get the CPU, finish its CPU burst, and go off to its

next I/O burst. Processes that need more than 8 but less than 24 milliseconds are also served quickly,

although with lower priority than shorter processes. Long processes automatically sink to queue 2

and are served in FCFS order with any CPU cycles left over from queues 0 and 1.

In general, a multilevel feedback queue scheduler is defined by the following parameters:

The number of queues

The scheduling algorithm for each queue

The method used to determine when to upgrade a process to a higher priority queue

The method used to determine when to demote a process to a lower priority queue

The method used to determine which queue a process will enter when that process needs

service

The definition of a multilevel feedback queue scheduler makes it the most general CPU-

scheduling algorithm. It can be configured to match a specific system under design. It is also the

most complex algorithm, since defining the best scheduler requires some means by which to select

values for all the parameters.

5.3 Thread Scheduling

In multi programming environment there must be a difference between threads and process.

Threads to the process model, there is a difference between user-level and kernel-level threads. An

operating system that supports kernel level threads but not processes. User-level threads are managed

by a thread library, and the kernel is unaware of them.


OPERATING SYSTEMS Unit - 1 To run on a CPU, user-level threads must ultimately be mapped to an associated kernel-level

thread, although this mapping may be indirect and may use a lightweight process (LWP).

Scheduling issues involving user-level and kernel-level threads and offer specific examples

of scheduling for Pthreads.

One distinction between user-level and kernel-level threads lies in how they are scheduled.

On systems implementing the many-to-one and many-to-many models, the thread library schedules

user-level threads to run on an available LWP. This scheme is known as process contention scope

(PCS), since competition for the CPU takes place among threads belonging to the same process. To

decide which kernel-level thread to schedule onto a CPU, the kernel uses system-contention scope

(SCS). Competition for the CPU with SCS scheduling takes place among all threads in the system.

Systems using the one-to-one model, such as Windows, Linux, and Solaris, schedule threads using

only SCS.

Typically, PCS is done according to priority the scheduler selects the runnable thread with

the highest priority to run. User-level thread priorities are set by the programmer and are not adjusted

by the thread library, although some thread libraries may allow the programmer to change the

priority of a thread. It is important to note that PCS will typically preempt the thread currently

running in favor of a higher-priority thread; however, there is no guarantee of time slicing among

threads of equal priority.

5.4 Multiple-Processor Scheduling:Scheduling becomes more complex if there are multiple CPU’s. If multiple CPUs are

available, load sharing becomes possible. The following are various approaches for scheduling

process on multiple homogeneous CPU’s with similar or identical functionality.

5.4.1 Approaches to Multiple-Processor Scheduling

One of two scheduling approaches may be used in multi processor scheduling.

1. Master – Slave Structure - asymmetric multiprocessing is simple because only one processor

accesses the system data structures, reducing the need for data sharing. Here a master processor takes

scheduling decisions and assigns activities to various (slave) processors.

2. Self Scheduling- symmetric multiprocessing: A second approach uses symmetric

multiprocessing (SMP), where each processor is self-scheduling. All processes may be in a common

ready queue, or each processor may have its own private queue of ready processes. Scheduling

proceeds by having the scheduler for each processor examine the ready queue and select a process to

execute.



5.4.2 Processor Affinity

When a process is executed on a particular processor, then it’s recently access data is stored

in its cache which it can refers its future. Suppose this process migrates to another processor, then its

contents will get invalidated for the first processor, and the cache for the second processor must be

repopulated the cache in new processor which may be expensive job. SMP systems avoid migration

of processes from one processor to another and instead attempt to keep a process running on the same

processor. This is known as processor affinity

Soft affinity: when operating system has a policy of attempting to keep a process running on same

processor but not guarantee whether it is completed or not.

Hard affinity: The OS will attempt to keep a process on a single processor but it is possible for a

process to migrate between processors. Linux provides certain system calls which allow a user to

specify that a process has processor affinity and should not be migrated.

5.4.3 Load Balancing:

Load balancing is an approach to divide the work load of the system evenly among various

processors available. it is important to keep the workload balanced among all processors to fully

utilize the benefits of having more than one processor. One or more processors may sit idle while

other processors have high workloads, along with lists of processes awaiting the CPU. Load

balancing attempts to keep the workload evenly distributed across all processors in an SMP system.

There are two general approaches to load balancing:

Push migration and

Pull migration.

Push migration: Here a specific task periodically checks the load on each processor if it not

balanced some processes is taken from an overloaded processor to balance the work load.

Pull migration: Here the idle or less overloaded processors themselves pull processes from an

overloaded processor to balance the workload.

Push and pull migration need not be mutually exclusive and are in fact often implemented in

parallel on load-balancing systems. Linux operating system uses both the migration schemes

5.4.4 Multicore Processors:

SMP systems have allowed several threads to run concurrently by providing multiple

physical processors.



Recent trend to place multiple processor cores on same physical chip is known as multicore

processor.

Each core maintains its architectural state and thus appears to the operating system to be a

separate physical processor.

SMP systems that use multicore processors are faster and consume less power than systems

in which each processor has its own physical chip.

Memory stall: Researchers have discovered that when a processor accesses memory, it spends a

significant amount of time waiting for the data to become available.

Single –threaded processor core

In this situation, the processor can spend up to 50 percent of its time waiting for data to

become available from memory. Many recent hardware designs have implemented multithreaded

processor cores in which two (or more) hardware threads are assigned to each core.

Dual-threaded processor core:

If one thread stalls while waiting for memory, the core can switch to another thread. A dual-

threaded processor core on which the execution of thread 0 and the execution of thread 1 are

interleaved.

On a dual-threaded, dual-core system, four logical processors are presented to the operating

system. The UltraSPARC T3 CPU has sixteen cores per chip and eight hardware threads per core.



5.5 Real-Time CPU Scheduling

Real time systems are the systems that carry real time tasks. These tasks need to be

performed immediately with certain degree of urgency. These tasks are related to control of certain

events. Real time tasks are classified as hard real time tasks and soft real time tasks.

Soft real-time systems: In soft real time tasks, a specified deadline can be missed. This is because

the task can be rescheduled or can be completed after the specified time.

Hard real-time systems: these tasks must be performed on specified time which could otherwise

lead to huge losses.

There several issues related to process scheduling in both soft and hard real-time operating systems.

5.5.1 Minimizing Latency

Event latency: The amount of time that elapses from when an event occurs to when it is serviced.

The event-driven nature of a real-time system. The system is typically waiting for an event in real

time to occur. Events may arise either in software as when a timer expires or in hardware as when

a remote-controlled vehicle detects that it is approaching an obstruction. When an event occurs, the

system must respond to and service it as quickly as possible. There are different events have different

latency requirements.

For example: The latency requirement for an antilock brake system might be 3 to 5 milliseconds.

That is, from the time a wheel first detects that it is sliding, the system controlling the antilock brakes


OPERATING SYSTEMS Unit - 1has 3 to 5milliseconds to respond to and control the situation. Any response that takes longer might

result in the automobile’s veering out of control.

Two types of latencies affect the performance of real-time systems:

1. Interrupt latency

2. Dispatch latency

Interrupt latency refers to the period of time from the arrival of an interrupt at the CPU to the start

of the routine those services the interrupt. When an interrupt occurs, the operating system must first

complete the instruction it is executing and determine the type of interrupt that occurred. It must then

save the state of the current process before servicing the interrupt using the specific interrupt

service routine (ISR). The total time required to perform these tasks is the interrupt latency.

One important factor contributing to interrupt latency is the amount of time interrupts may be

disabled while kernel data structures are being updated. Real-time operating systems require that

interrupts be disabled for only very short periods of time.

Dispatch latency refers the amount of time required for the scheduling dispatcher to stop one

process and start another is known as dispatch latency. The most effective technique for keeping

dispatch latency low is to provide preemptive kernels.

The conflict phase of dispatch latency has two components:

1. Preemption of any process running in the kernel

2. Release by low-priority processes of resources needed by a high-priority Process



5.5.2 Priority-Based Scheduling:

The most important feature of a real-time operating system is to respond immediately to a

real-time process as soon as that process requires the CPU.

The scheduler for a real-time operating system must support a priority-based algorithm with

preemption.

If the scheduler also supports preemption, a process currently running on the CPU will be

preempted if a higher-priority process becomes available to run.

Priority-based scheduler only guarantees soft real-time functionality. Hard real-time systems

must further guarantee that real-time tasks will be serviced in accord with their deadline

requirements.

5.5.3 Rate-Monotonic Scheduling

The rate-monotonic scheduling algorithm schedules periodic tasks using a static priority

policy with preemption.

If a lower-priority process is running and a higher-priority process becomes available to run,

it will preempt the lower-priority process.



If the process entering the system, each periodic task is assigned a priority inversely based on

its period. The shorter the period, the higher the priority; the longer the period, the lower the

priority.

Rate-monotonic scheduling assumes that the processing time of a periodic process is the

same for each CPU burst. That is, every time a process acquires the CPU, the duration of its

CPU burst is the same.

Example:

We have two processes, P1 and P2. The periods for P1 and P2 are 50 and 100, respectively

that is, p1 = 50 and p2 = 100. The processing times are t1 = 20 for P1 and t2 = 35 for P2. The

deadline for each process requires that it complete its CPU burst by the start of its next period. We

must first ask ourselves whether it is possible to schedule these tasks so that each meets its deadlines.

If we measure the CPU utilization of a process Pi as the ratio of its burst to its period—ti/pi —the

CPU utilization of P1 is 20/50 = 0.40 and that of P2 is 35/100 = 0.35, for a total CPU utilization of

75 percent. Therefore, it seems we can schedule these tasks in such a way that both meet their

deadlines and still leave the CPU with available cycles. Suppose we assign P2 a higher priority than

P1. The execution of P1 and P2 in this situation is shown in Figure 6.16. As we can see, P2 starts

execution first and completes at time 35. At this point, P1 starts; it completes its CPU burst at time

55. However, the first deadline for P1 was at time 50, so the scheduler has caused P1 to miss its

deadline.

The rate-monotonic scheduling, in which we assign P1 a higher priority than P2 because the

period of P1 is shorter than that of P2. The execution of these processes in this situation is shown in

Figure 6.17. P1 starts first and completes its CPU burst at time 20, thereby meeting its first deadline.

P2 starts running at this point and runs until time 50. At this time, it is preempted by P1, although it

still has 5 milliseconds remaining in its CPU burst. P1 completes its CPU burst at time 70, at which

point the scheduler resumes P2. P2 completes its CPU burst at time 75, also meeting its first

deadline. The

system is idle until time 100, when P1 is scheduled again.



Assume that process P1 has a period of p1 = 50 and a CPU burst of t1 = 25. For P2, the

corresponding values are p2 = 80 and t2 = 35. Rate-monotonic scheduling would assign process P1 a

higher priority, as it has the shorter period. The total CPU utilization of the two processes is

(25/50)+(35/80) = 0.94, and it therefore seems logical that the two processes could be scheduled and

still leave the CPU with 6 percent available time. Figure 6.18 shows the scheduling of processes P1

and P2. Initially, P1 runs until it completes its CPU burst at time 25. Process P2 then begins running

and runs until time 50, when it is preempted by P1. At this point, P2 still has 10 milliseconds

remaining in its CPU burst. Process P1 runs until time 75; consequently, P2 misses the deadline for

completion of its CPU burst at time 80.

5.5.4 Earliest-Deadline-First SchedulingEarliest-deadline-first (EDF) scheduling dynamically assigns priorities according to deadline. The

earlier the deadline can have the higher the priority, the later the deadline, the lower the priority.

When a process becomes runnable, it must announce its deadline requirements to the system.

Priorities may have to be adjusted to reflect the deadline of the newly runnable process.

To illustrate EDF scheduling, P1 has values of p1 = 50 and t1 = 25 and that P2 has values of

p2 = 80 and t2 = 35. The EDF scheduling of these processes is shown in Figure 6.19. Process P1 has

the earliest deadline, so its initial priority is higher than that of process P2. Process P2 begins running

at the end of the CPU burst for P1.



EDF scheduling allows process P2 to continue running. P2 now has a higher priority than P1

because its next deadline (at time 80) is earlier than that of P1 (at time 100). Thus, both P1 and P2

meet their first deadlines. Process P1 again begins running at time 60 and completes its second CPU

burst at time 85, also meeting its second deadline at time 100. P2 begins running at this point, only to

be preempted by P1 at the start of its next period at time 100. P2 is preempted because P1 has an

earlier deadline (time 150) than P2 (time 160). At time 125, P1 completes its CPU burst and P2

resumes execution, finishing at time 145 and meeting its deadline as well. The system is idle until

time 150, when P1 is scheduled to run once again.

EDF scheduling does not require that processes be periodic, nor must a process require a

constant amount of CPU time per burst. The only requirement is that a process announces its

deadline to the scheduler when it becomes runnable.

5.6 Algorithm EvaluationThere are many scheduling algorithms, each with its own parameters. As a result,

selecting an algorithm can be difficult. The first problem is defining the criteria to be used in selecting an algorithm.Criteria can have various types:

CPU utilization, Response time, or Throughput.

To select an algorithm, we must first define the relative importance of these elements. Our criteria may include several measures, such as these:• Maximizing CPU utilization under the constraint that the maximum response time is 1 second• Maximizing throughput such that turnaround time is (on average) linearly proportional to total execution time

Once the criteria are selected, we want to evaluate the algorithms. There are various methods for evaluation.


OPERATING SYSTEMS Unit - 15.6.1 Deterministic Modeling

Deterministic modeling is one type of analytic evaluation. This method takes a particular

predetermined workload and defines the performance of each algorithm for that workload.

For example: Assume that we have the workload shown below. All five processes arrive at time 0,

in the order given, with the length of the CPU burst given in milliseconds:

Process Burst Time

P1 10P2 29P3 3P4 7P5 12

Consider the FCFS, SJF, and RR (quantum = 10 milliseconds) scheduling algorithms for this set of processes. Which algorithm would give the minimum average waiting time?For the FCFS algorithm, we would execute the processes as

The waiting time is 0 milliseconds for process P1,

10 milliseconds for process P2,


42 milliseconds for process P4, and

49 milliseconds for process P5.

Thus, the average waiting time is (0 + 10 + 39 + 42 + 49)/5 = 28 milliseconds.

With non preemptive SJF scheduling, we execute the processes as




3 milliseconds for process P4, and



With the RR algorithm, we execute the processes as









SJF policy is less than half that obtained with FCFS scheduling; the RR algorithm gives us an

intermediate value. Deterministic modeling is simple and fast. It gives us exact numbers, allowing

us to compare the algorithms. However, it requires exact numbers for input, and its answers apply

only to those cases. The main uses of deterministic modeling are in describing scheduling

algorithms and providing examples. In cases where we are running the same program over and over

again and can measure the program’s processing requirements exactly, we may be able to use

deterministic modeling to select a scheduling algorithm.

6.8.2 Queuing Models:

The processes that are run vary from day to day, so there is no static set of processes (or

times) to use for deterministic modeling.

What can be determined; however, is the distribution of CPU and I/O bursts.

These distributions can be measured and then approximated or simply estimated.

The result is a mathematical formula describing the probability of a particular CPU burst.

Commonly, this distribution is exponential and is described by its mean.

Similarly, we can describe the distribution of times when processes arrive in the system (the

arrival-time distribution).

From these two distributions, it is possible to compute the average throughput, utilization,

waiting time, and so on for most algorithms.

The computer system is described as a network of servers. Each server has a queue of waiting

processes.

The CPU is a server with its ready queue, as is the I/O system with its device queues.

Knowing arrival rates and service rates, we can compute utilization, average queue length,

average wait time, and so on. This area of study is called queueing-network analysis.119 SVR ENGINEERING

COLLEGE:NANDYAL

OPERATING SYSTEMS Unit - 1Example,

let n be the average queue length (excluding the process being serviced), let W be the average waiting time in the queue, and let be the average arrival rate for new processes in the queue (such as three

processes per second). We expect that during the time that a process waits, × new processes will

arrive in the queue. If the system is in a steady state, then the number of processes leaving the

queue must be equal to the number of processes that arrive. Thus, n = × W

This equation, known as Little’s formula, is particularly useful because it is valid for any scheduling algorithm and arrival distribution.

We can use Little’s formula to compute one of the three variables if we know the other two. For example, if we know that 7 processes arrive every second (on average) and that there are normally 14 processes in the queue, then we can compute the average waiting time per process as 2 seconds.

Queuing analysis can be useful in comparing scheduling algorithms, but it also has limitations.

At the moment, the classes of algorithms and distributions that can be handled are fairly limited.

The mathematics of complicated algorithms and distributions can be difficult to work with.

Thus, arrival and service distributions are often defined in mathematically tractable but unrealistic ways.

It is also generally necessary to make a number of independent assumptions, which may not be accurate.

As a result the accuracy of the computed results may be questionable.

Process SynchronizationProcess synchronization is when one process waits for the notification of an event occur in

another process. A cooperating process is one that can affect or be affected by other processes

executing in the system. Cooperating processes can either directly share a logical address space (that

is, both code and data) or be allowed to share data only through files or messages.



There are several situations where different process needs to interact with each other to

achieve a common goal. The interaction can be done by sharing a data or messages. When a data is

shared by several independent processes then there is a chance of data becoming inconsistence.

Example: let us consider two processes p1 and p2 both shared a variable name “counter”. If

both p1 and p2 execute simultaneously with p1 incrementing the counter while p2 is decrementing it.

Then at the end the result of this variable will be such that it is not expected by either p1 or p2

because it became inconsistent. This is called race condition. Hence, a synchronization mechanism

is needed to avoid inconsistency among several processes.

Basically processes synchronization is implemented by making processes to wait until

another process performs an appropriate action on shared data. It is also called signaling where one

process wits for notification of an event that will occur in another process.

Race condition: A race condition refers to the situation that results many processes or threads reads

and writes data items in a way that a final results generated is in accordance with the order of

instructions executions in multiple processes.

Example: let p1 and p2 be the two processes that share a global variable “x”. During the

execution, if at some point p1 updates the value of “x” to 5 and at the some point updates it to 10.

Thus, a race condition among two processes starts for changing the value of “x” and a process that

performs an update operation last determines the final value of “x”.

1 The Critical-Section ProblemEach process in a system has a segment of code called a critical section in which the process

may be changing common variables, updating a table, writing a file etc.

The important feature of the system is that when one process is executing in its critical

section, no other process is to be allowed to execute in its critical section that is no two

processes are executing in their critical sections at the same time.

The critical section problem is to design a protocol that the processes can use to cooperate.

Each process must request permission to enter its critical section.

The section of code implementing this request is the entry section. The critical section may

be followed by an exit section. The remaining code is the remainder section.

Do

{

entry section

critical section



exit section

remainder section

} while (true);

Figure 6.1 General structure of a typical process Pi .

A critical section is a piece of code that only one thread can execute at a time. If multiple

threads try to enter a critical section, only one can run and the others will sleep.

Imagine you have three threads that all want to enter a critical section.

Only one thread can enter the critical section; the other two have to sleep. When a thread sleeps, its

execution is paused and the OS will run some other thread.

Once the thread in the critical section exits, another thread is woken up and allowed to enter the

critical section.

A solution to the critical section problem must satisfy the following three requirements:

Mutual exclusion: If a process is executing in critical section, then no other process can be

executing in their critical section.



Need of mutual exclusion: consider a situation in which two or more processes need access

to a single non-sharable resource (ex: printer). During the execution process, each processes

sends the commands to I/O devices or sends and receives status information etc. such an I/O

device is said to be a critical resource and a portion of a program that uses is called a critical

section. An important point to be considered here is that only one program is permitted in to

the critical section.

Progress: when a critical section is not in use and other processes is requesting for it, and then it

should be granted to only that process which is not executing in its remainder section enter its own

critical section.

Bounded waiting: A bound or limit on the number of times that other processes are allowed to enter

their critical section after a process has made a request to enter its critical section and before that

request is granted.

At any given point of time, many kernel mode processes may be active in the OS. Two

general approaches used to handle critical sections in OS are:

Preemptive kernels:

A kernel that permits a process to be pre-empted or interrupted during its execution is called

pre-emptive kernel. In pre-emptive kernel, every task is designed as an independent entity that has

total control over the CPU. However, the task is ready to run and has the highest priority is executed

by the kernel.

Consider the three tasks A, B, C

Further in any process execution a task can be in either following three states,

1. Running and waiting: a task will be in running, waiting state when it is not ready to

run.

2. Waiting: A task will be in waiting state when it is ready to run but cannot do so due

to the execution of higher priority task.

3. Idle: A task is considered to be idle when no process has a task that is ready to be

executed. This task is a special purpose entity which has the lowest priority and is

usually incorporated in all kernel programs.


OPERATING SYSTEMS Unit - 1 Non pre-emptive kernels: A kernel that does permit a process to be pre-empted or interrupted

during its execution is called non pre-emptive kernel. A non pre emptive kernel is free from race

conditions on kernel data structures as only one process is active in the kernel.

The following figure depicts a non-preemptive along with the three cooperative tasks A, B, C

Here, the non-preemptive kernel acts as a periodic schedule which serially executes every

task. However, every task must assist each other by running just once and then returning to the

scheduler loop. This is because if any tasks get implemented as an endless loop, then the scheduler

will never get to other tasks.

6.2 Peterson’s SolutionA classic software based solution to the critical section problem is known as Peterson’s

solution. It provides a good algorithmic description of solving the critical section problem and

illustrates some of the complexities involved in designing software that addresses the requirements of

mutual exclusion, progress and bounded waiting requirements. Peterson’s solution is restricted to two

processes that alternate execution between their critical sections and remainder sections. It

provides alternate execution of critical sections of two processes named p0 and p1 we use the


OPERATING SYSTEMS Unit - 1notation pi and p0 and pj for where i = 0 and j = i-1(ie.., 1 – 0 = 1). Peterson’s solution requires two

data items to be shared between the two processes:

int turn;

boolean flag[2];

The variable turn indicates whose turn it is to enter its critical section. The flag array is used

to indicate if a process is ready to enter its critical section.

do

{

flag[i] = true; entry section

turn = j;

while (flag[ j ] && turn == j);

critical section

flag[i] = false; exit section

remainder section

} while (true);

Figure 6.2 The structure of process Pi in Peterson’s solution.

The algorithm does satisfy the three essential criteria to solve the critical section problem.

The three criteria are mutual exclusion, progress, and bounded waiting. For two processes P0 and P1:

Mutual exclusion

P0 and P1 can never be in the critical section at the same time: If P0 is in its critical section,

then flag [0] is true and either flag [1] is false (meaning P1 has left its critical section) or turn is 0

(meaning P1 is just now trying to enter the critical section, but graciously waiting). In both cases, P1

cannot be in critical section when P0 is in critical section.

Progress

A process cannot immediately re-enter the critical section if the other process has set its flag

to say that it would like to enter its critical section.

Bounded waiting

In Peterson's Algorithm, a process will not wait longer than one turn for entrance to the

critical section: After giving priority to the other process, this process will run to completion and set

its flag to 0, thereby allowing the other process to enter the critical section.


OPERATING SYSTEMS Unit - 15.3 Synchronization HardwareSynchronization hardware using locks:

Any solution to the critical section problem requires a simple tool called a lock. Race

conditions are prevented by requiring that critical regions are protected by locks that is a process

must acquire a lock before entering a critical section, it releases the lock when it exits the critical

section.

A process must acquire the lock before entering a critical section; it releases the lock when it

exits the critical section. The acquire()function acquires the lock, and the release() function releases

the lock

Using hardware instructions:The task of synchronization can be made easier and system efficiency can be improved if we

can use hardware features like instructions and interrupts. In uniprocessor systems the critical section

problem can be solved by blocking all interrupts of the processor when a shared variable being

accessed or modified. This blocking guarantees that no other code is executing and hence, the

consistency of shared variable can be preserved and synchronization can be achieved. This approach

is often used in non-preemptive kernels.

This solution is not feasible in a multi-processor environment. Disabling interrupts on a

multiprocessor can be time consuming, as the message is passed to all the processors. This message

passing delays entry into each critical section and system efficiency decreases. Many modern

computer systems provide special hardware instructions that allow us either to test or modify the

content of a word or to swap the contents of two words atomically that are as one uninterruptable

unit.

boolean test and set(boolean *target)

{

boolean res;



res = *target;

*target = true;

return res;

}

The test_set()instruction that is executed uninterruptable. Even if two test_set() instructions

are executed simultaneously on different processors, internally they will be executed sequentially.

Any processor that supports the test_set() instruction can implement mutual exclusion by declaring a

global variable lock and initializing it to false a follows

do {

while (test and set(&lock)); /* do nothing */

/* critical section */

lock = false;

/* remainder section */

} while (true);

The TestAndSet () instruction can be defined as above. This instruction is executed

atomically. Thus, if two TestAndSet () instructions are executed simultaneously each on a different

CPU, they will be executed sequentially in some order.

Swap instruction:

Another type of instruction is “swap”, which is also executed atomically. It operates on two variables

as shown below.

The Swap () instruction operates on the contents of two words –

In this method, mutual exclusion can be provided by declaring a global Boolean “lock” and

initializing false. Each process will also has a local variable “key”. The code for a process is shown

belowDefinition of Swap Instruction



Mutual Exclusion implementation with the Swap() function

This is also executed atomically. If the machine supports Swap() instruction, then mutual

exclusion can be provided by using a global Boolean variable lock initialized to false. Each process

has a local Boolean variable key.

Test and set instruction with bound waiting

The limitation of the above algorithm is that they only provides with mutual exclusion not

bound waiting requirement. The below algorithm satisfies all the critical section requirements to use

test_set() instruction with two common data structures are

Boolean waiting[n];

Boolean lock;

Both these data structures are initialized to false. For proving that the mutual exclusion

requirement is met, we must make sure that process P i can enter its critical section only if either

waiting[i] == false or key == false. The value of key can become false only if the TestAndSet() is

executed.

Mutex locks:

A Mutex lock or mutual exclusion is a tool used in software based solution to critical section

problem.it provides protection to the critical section introducing locks which are used by every


OPERATING SYSTEMS Unit - 1process entering the critical section. A Mutexlock has a Boolean variable available whose value

indicates if the lock is available or not. If the lock is available, a call to acquire () succeeds, and the

lock is then considered unavailable. A process that attempts to acquire an unavailable lock is blocked

until the lock is released.

The definition of acquire() is as follows:

acquire()

{ while (!available); /* busy wait */

available = false; }

The definition of release() is as follows:

release()

{ available = true; }

Calls to either acquire() or release( ) must be performed atomically. Thus, mutex locks are

often implemented using one of the hardware mechanisms the main disadvantage of the

implementation given here is that it requires busy waiting. While a process is in its critical section,

any other process that tries to enter its critical section must loop continuously in the call to acquire ().

In fact, this type of mutex lock is also called a spinlock because the process “spins” while

waiting for the lock to become available. This continual looping is clearly a problem in a real

multiprogramming system, where a single CPU is shared among many processes. Busy waiting

wastes CPU cycles that some other process might be able to use productively. Spinlocks do have an

advantage, however, in that no context switch is required when a process must wait on a lock, and a

context switch may take considerable time. Thus, when locks are expected to be held for short times,

spinlocks are useful. They are often employed on multiprocessor systems where one thread can

“spin” on one processor while another thread performs its critical section on another processor.

But design of such locks can be sophisticated. Hardware features can make any programming

task easier and improve system efficiency. The critical section problem can be solved simply in a

uniprocessor environment if we could prevent interrupts from occurring while a shared variable was

being modified. Then we can ensure that the current sequence of instructions would be allowed to

execute in order without pre emption. No other instructions would be run, so no unexpected

modifications could be made to the shared variable.

5.4 SemaphoresThe various hardware based solutions to the critical section problem are complicated for

application programmers to use. To overcome this difficulty, we can use a synchronization tool


OPERATING SYSTEMS Unit - 1called a semaphore.

A semaphore S is an integer variable that is accessed only through standard atomic operations:

wait() and

signal().

The definition of wait() is as follows:wait(S) {

while (S <= 0); // busy waitS--;}

The definition of signal() is as follows:signal(S) {S++;}

Modifications to the integer value of the semaphore in the wait() and signal() operations

must be executed indivisibly. When one process modifies the semaphore value, no other process can

simultaneously modify that same semaphore value.

Usage of semaphores

There are two types of semaphores they are:

Binary semaphores are used to deal with the critical section problem for multiple processes.

Counting semaphores can be used to control access to a given resource consisting of a finite

number of instances.

Binary semaphore



OS’s distinguish between counting and binary semaphores. The value of a counting

semaphore can range over an unrestricted domain. The value of a binary semaphore can range only

between 0 and 1. Binary semaphores are known as mutex locks as they are locks that provide mutual

exclusion.

The semaphore is initialized to the number of resources available. Each process that wishes

to use a resource performs a wait() operation on the semaphore. When a process releases a resource,

it performs a signal() operation.

Semaphores can be used to solve various synchronization problems.

Simple binary semaphore example with two processes:

Two processes are both vying for the single semaphore. Process A performs the acquire first

and therefore is provided with the semaphore. The period in which the semaphore is owned by the

process is commonly called a critical section. The critical section can be performed by only one

process, therefore the need for the coordination provided by the semaphore. While Process A has the

semaphore, Process B is not permitted to perform its critical section.

Note that while Process A is in its critical section, Process B attempts to acquire the

semaphore. As the semaphore has already been acquired by Process A, Process B is placed into a

blocked state. When Process A finally releases the semaphore, it is then granted to Process B, which

is allowed to enter its critical section. Process B at a later time releases the semaphore, making it

available for acquisition.

The use of mutex for this purpose is:



Counting semaphore:

In the counting semaphore example, each process requires two resources before being able to

perform its desired activities. In this example, the value of the counting semaphore is 3, which means

that only one process will be permitted to fully operate at a time. Process A acquires its two resources

first, which means that Process B blocks until Process A releases at least one of its resources.

Implementation

The main disadvantage of the semaphore is that it requires busy waiting. While a process is

in its critical section, any other process that tries to enter its critical section must loop continuously

in the entry code. Busy waiting wastes CPU cycles that some other process might be able to use

productively. This type of semaphore is called a spinlock because the process spins while waiting for

the lock.



To overcome, the need for busy waiting the definition of wait () and signal() semaphore

operations can be modified. When a process executes the wait() operation and finds that the

semaphore value is not positive, it must wait. Rather than engaging in busy waiting, the process can

block itself. The block operation places a process into a waiting queue associated with the semaphore

and the state of the process is switched to the waiting state. Then control is transferred to CPU

scheduler which selects another process to execute.

A process that is blocked waiting on a semaphore S, should be restarted when some other

process executes a signal() operation. The process is restarted by a wakeup() operation which

changes the process from the waiting state to the ready state. Process is then placed in the ready

queue.

To implement semaphores under this definition, we define a semaphore as follows:typedef struct {

int value;struct process *list;

} semaphore;Each semaphore has an integer value and a list of processes list. When a process must wait

on a semaphore, it is added to the list of processes. A signal () operation removes one process from

the list of waiting processes and awakens that process. A signal() operation removes one process

from the list of waiting processes and awakens that process.

Now the wait() semaphore operation can be

defined as

wait(semaphore *S)

{

S->value--;

if (S->value < 0)

{

add this process to S->list;

block();

}

}

the signal() semaphore operation can be

defined as

signal(semaphore *S)

{

S->value++;

if (S->value <= 0)

{

remove a process P from S->list;

wakeup(P);

}


OPERATING SYSTEMS Unit - 1}

The block () operation suspends the process that invokes it. The wakeup (P) operation

resumes the execution of a blocked process P. These two operations are provided by the OS as basic

system calls.

But this implementation may have negative semaphore values. The list of waiting processes

can be easily implemented by a link field in each PCB. Each semaphore contains an integer value

and a pointer to a list of PCBs. One way to add and remove processes from the list in a way that

ensures bounded waiting is to use a FIFO queue where the semaphore contains the head and tail

pointer to the queue.

The critical aspect of semaphores is that they be executed atomically. No two processes can

execute wait () and signal () operations on the same semaphore at the same time. This is a critical

section problem and in a single CPU environment, this can be solved by simply inhibiting interrupts

during the time the wait () and signal () operations are executing. But in a multi processor

environment, interrupts must be disabled on every processor. Disabling interrupts on every processor

can be a difficult task and diminishes performance. Hence SMP systems must provide alternate

locking techniques such as spin locks to ensure that wait () and signal() are performed atomically.

Deadlocks and Starvation

The implementation of a semaphore with a waiting queue may result in a situation where two

or more processes are waiting indefinitely for an event (execution of a signal ()) that can be caused

only by one of the waiting processes. When such a state is reached, these processes are said to be

deadlocked.

Consider a system consisting of two processes, P0 and P1, each accessing two semaphores, S

and Q, set to the value 1:

P0 P1

wait(S); wait(Q);

wait(Q); wait(S);

. .

. .

. .

signal(S); signal(Q);

signal(Q); signal(S);



Suppose that P0 executes wait(S) and then P1 executes wait(Q).When P0

executes wait(Q), it must wait until P1 executes signal(Q). Similarly, when P1 executes wait(S), it must wait until P0 executes signal(S). Since these signal () operations cannot be executed, P0 and P1 are deadlocked.

We say that a set of processes is in a deadlocked state when every process in the set is waiting for an event that can be caused only by another process in the set. The events with which we are mainly concerned here are resource acquisition and release.

Another problem related to deadlocks is indefinite blocking or starvation, a situation in which processes wait indefinitely within the semaphore. Indefinite blocking may occur if we remove processes from the list associated with a semaphore in LIFO

(last-in, first-out) order.5.5 Classic Problems of Synchronization

These synchronization problems are examples of large class of concurrency control

problems. In solutions to these problems, we use semaphores for synchronization.

The Bounded Buffer problem:

The bounded-buffer problem is commonly used to illustrate the power of synchronization

primitives. Here, we present a general structure of this scheme without committing ourselves to any

particular implementation.

In our problem, the producer and consumer processes share the following data structures:

int n;semaphore mutex = 1;semaphore empty = n;semaphore full = 0

Here the pool consists of n buffers, each capable of holding one item. The mutex semaphore

provides mutual exclusion for accesses to the buffer pool and is initialized to the value 1. The empty

and full semaphores count the number of empty and full buffers. The semaphore empty is initialized

to the value n, the semaphore full is initialized to value 0.

The code below can be interpreted as the producer producing full buffers for the consumer or

as the consumer producing empty buffers for the producer.



The structure of the producer process

The structure of the consumer process

The Readers–Writers Problem:

A data base is to be shared among several concurrent processes. Some of these processes may

want only to read the database (readers) whereas others may want to update the database (writers).

If two readers access the shared data simultaneously, no adverse effects will result. If a writer and

some other thread, access the database simultaneously, problems occur.

To prevent these problems, writers have exclusive access to the shared database. This

synchronization problem is referred to as readers – writers problem.



The simplest readers writers problem requires that no reader will be kept waiting unless a

writer has already obtained permission to use the shared object. No reader should wait for other

readers to finish simply because a writer is waiting.

The second readers writers problem requires that once a writer is ready, that writer performs

its write as soon as possible, that is if a writer is waiting to access the object, no new readers may

start reading.

In the solution to the first readers – writers problem, the reader processes share the following

data structures:

Semaphore mutex, wrt;

Int readcount;



Semaphores mutex and wrt are initialized to 1, readcount is initialized to 0. Semaphore wrt

is common to both reader and writer processes. The mutex semaphore is used to ensure mutual

exclusion when the variable readcount is updated. The readcount variable keeps track of how many

processes are currently reading the object. The semaphore wrt functions as a mutual exclusion

semaphore for the writers. It is also used by the first or last reader that enters or exits the critical

section. It is not used by readers who enter or exit while other readers are in their critical section.

The readers – writers problem and its solutions has been generalized to provide reader –

writer locks on some systems. Acquiring the reader – writer lock requires specifying the mode of the

lock, either read or write access. When a process only wishes to read shared data, it requests the

reader – writer lock in read mode; a process wishing to modify the shared data must request the lock

in write mode. Multiple processes are permitted to concurrently acquire a reader – writer lock in read

mode, only one process may acquire the lock for writing as exclusive access is required for writers.

Reader – writer locks are useful in the following situations:

In applications where it is easy to identify which processes only read shared data and which

threads only write shared data.

In applications that have more readers than writers.

Dining Philosophers Problem

Consider five philosophers who spend their lives thinking and eating. The philosophers share

a circular table surrounded by five chairs, each belonging to one philosopher. In the center of the

table is a bowl of rice, and the table is laid with five single chop sticks. When a philosopher thinks,

she does not interact with her colleagues. From time to time, a philosopher gets hungry and tries to

pick up the two chopsticks that are closest to her. A philosopher may pick up only one chopstick at a


OPERATING SYSTEMS Unit - 1time. She cannot pick up a chopstick that is already in the hand of the neighbor. When a hungry

philosopher has both her chopsticks at the same time, she eats without releasing her chop sticks.

When she is finished eating, she puts down both of her chop sticks and starts thinking again.

The dining philosopher’s problem is considered a classic synchronization problem as it an

example of a large class of concurrency control problems.

One simple solution is to represent each chop stick with a semaphore. A philosopher tries to

grab a chop stick by executing a wait () operation on that semaphore; she releases her chop sticks by

executing the signal () operation on the appropriate semaphores.

Thus, the shared data are

Semaphore chopstick [5];

Where all elements of chopstick are initialized to 1.This solution is rejected as it could create

a dead lock. Suppose that all five philosophers become hungry simultaneously and each grabs her left

chop stick. All the elements of chop stick will now be equal to 0. When each philosopher tries to grab

her right chopstick, she will be delayed forever.

Solution to dining philosopher’s problem:

Allow at most four philosophers to be sitting simultaneously at the table

Allow a philosopher to pick up her chopsticks only if both chopsticks are available.

Use an asymmetric solution; that is, an odd philosopher picks up first her left chopstick and

then her right chopstick whereas an even philosopher picks up her right chopstick and then

her left chopstick.



5.6 Monitors Although semaphores provide a convenient and effective mechanism for process

synchronization, using them incorrectly can result in timing errors that are difficult to detect since

these errors happen only if some particular execution sequences take place and these sequences do

not always occur.

Suppose that a process interchanges the order in which the wait () and signal () operations on the

semaphore mutex are executed.

Signal (mutex);

…….

Critical section

……..

Wait (mutex);

Here several processes may be executing in their critical sections simultaneously, violating

the mutual exclusion requirement.

Suppose that a process replaces signal (mutex) with wait (mutex) that is it executes

Wait(mutex);

……

Critical section

…….

Wait(mutex);

Here a deadlock will occur.

Suppose that a process omits the wait(mutex), or the signal(mutex) or both. Here, either mutual

exclusion is violated or a dead lock will occur.

To deal with such errors, a fundamental high level synchronization construct called monitor

type is used.



Usage

A monitor type presents a set of programmer defined operations that are provided mutual

exclusion within the monitor. The monitor type also contains the declaration of variables whose

values define the state of an instance of that type, along with the bodies of the procedures or

functions that operate on those variables. The representation of a monitor type cannot be used

directly by the various processes. Thus, a procedure defined within a monitor can access only those

variables declared locally within the monitor and its formal parameters. The local variables of a

monitor can be accessed by only the local procedures.

monitor monitor name

{

/* shared variable declarations */function P1 ( . . . ) {

. . .}

function P2 ( . . . ) {

. . .}

.

.

.function Pn ( . . . ) {

. . .



}

initialization code ( . . . ) {. . .}

}Figure 5.15 Syntax of a monitor.

The monitor construct ensures that only one process at a time can be active within the

monitor. But this monitor construct is not powerful for modeling some synchronization schemes. For

this we need additional synchronization mechanisms. These mechanisms are provided by condition

construct. A programmer who needs to write a trilor-made synchronization scheme can define one or

more variables of type condition.

The only operations that can be invoked on a condition variable are wait() and signal(). The

operation

x.wait();

means that the process invoking this operation is suspended until another process invokes

x.signal();

The x.signal() operation resumes exactly one suspended process.

When x.signal() operation is invoked by a process P, there is a suspended process Q

associated with condition x. If suspended process Q is allowed to resume its execution, the signaling

process P must wait. Otherwise, both P and Q would be active simultaneously within the monitor .



However, both processes can conceptually continue with their execution. Two possibilities exist:

1. Signal and wait: P either waits until Q leaves the monitor or waits for another condition.

2. Signal and condition: Q either waits until P leaves the monitor or waits for another condition.

Dining Philosophers Solution using Monitors

This solution imposes the restriction that a philosopher may pick up her chopsticks only if

both of them are available. To code this solution, we need to distinguish among three states in which

we may find a philosopher. For this purpose, we use this data structure:

enum {thinking, hungry, eating } state[5];

Philosopher i can set the variable state[i] = eating only if her two neighbors are not eating:

(state [(i+4) % 5]! = eating) and (state [(i+1)%5]!=eating) Also declare condition self [5];

Where philosopher i can delay herself when she is hungry but is unable to obtain the chop

sticks she needs. The distribution of the chopsticks is controlled by the monitor dp. Each philosopher

before starting to eat, must invoke the operation pickup(). This may result in the suspension of the

philosopher process. After the successful completion of the operation the philosopher may eat.

Following this, the philosopher invokes the putdown() operation. Thus philosopher i must invoke the

operations pickup() and putdown() in the following sequence:

dp.pickup(i);

…….

Eat

…….

Dp.putdown(i);



This solution ensures that no two neighbors are eating simultaneously and that no deadlocks will

occur.


OPERATING SYSTEMS Unit - 1Monitor solution to Dining Philosophers problem

Implementing a Monitor using Semaphores

For each monitor, a semaphore mutex initialized to 1 is provided. A process must execute

wait(mutex) before entering the monitor and must execute(signal) after leaving the monitor. Since a

signaling process must wait until the resumed process either leaves or waits, an additional semaphore

next initialized to 0, on which the signaling processes may suspend themselves. An integer variable

next_count is used to count the number of processes suspended on next. Thus, each external

procedure P is replaced by –

Mutual exclusion within a monitor is thus ensured.

Implementing condition variables:

For each condition x, we introduce a semaphore x_sem and an integer variable x_count, both

initialized to 0.

The operations x.wait() and x.signal() can be implemented as –



Resuming Processes Within a Monitor

If several processes are suspended on condition x, and an x.signal() operation is executed by

some process, then for determining which suspended process should be resumed next, we use FCFS

ordering so that the process waiting the longest is resumed first. Or conditional wait construct() can

be used as –

x.wait(c);

where c is an integer expression that is evaluated when the wait() operation is executed. The

value of c which is called a priority number is then stored with the name of the process that is

suspended. When x.signal() is executed, the process with the smallest associated priority number is

resumed next.



The resource allocator monitor controls the allocation of a single resource among competing

processes. Each process, when requesting an allocation of this resource specifies the maximum time

it plans to use the resource. The monitor allocates the resource to the process that has the shortest

time- allocation request. A process that needs access to the resource must follow this sequence

R.acquire(t);

…..

Access the resource;

……

R.release();

Where R is an instance of type Resource Allocator

But the following problems can occur –

A process might access a resource without first gaining access permission to the resource

A process might never release a resource once it has been granted access to the resource

A process might attempt to release a resource that it never requested.

A process might request the same resource twice

One possible solution to the current problem is to include the resource access operations within

the Resource Allocator monitor.


UNIT - III

OPERATING SYSTEMS

UNIT III

Memory Management: Swapping, contiguous memory allocation, segmentation, paging, structure of the

page table.

Virtual memory: demand paging, page-replacement, Allocation of frames, Thrashing, Memory- Mapped

Files, Allocating Kernel Memory

Deadlocks: System Model, deadlock characterization, Methods of handling Deadlocks, Deadlock

prevention, Detection and Avoidance, Recovery from deadlock.

DeadlocksIntroduction:

In a multi programming environment, several processes may compete for a finite number of

resources. A process requests resources and if the resources are not available at that time, the process

enters a waiting state. Sometimes, a waiting process is never again able to change state because the

resources it has requested are held by other waiting processes. This situation is called a dead lock.

System Model

A system consists of a finite number of resources to be distributed among a number of

competing processes. The resources are partitioned into several types, each consisting of some

number of identical instances. Memory space, CPU cycles, files and I/O devices are examples of

resource types.

If a process requests an instance of a resource type, the allocation of any instance of the type

will satisfy the request. If it will not, then the instances are not identical and the resource type classes

have not been defined properly.

A process must request a resource before using it and must release the resource after using it.

A process may request as many resources as it requires for carrying out its designated task.

Under the normal mode of operation, a process may utilize a resource in the following sequence:

1. Request: requesting process must wait until it can acquire the resource

2. Use: process can operate on the resource

3. Release: process releases the resource

The request and release of resources are system calls. Examples are the request () and release

() device, open () and close () file and allocate () and free () memory system calls. Request and

release of resources that are not managed by the OS can be accomplished through the wait () and

signal () operations on semaphores or through acquisition () and release of mutex lock. A system

table records whether each resource is free or allocated; for each resource that is allocated, the table

148

UNIT - IIIalso records the process to which it is allocated. If a process requests a resource that is currently

allocated to another process, it can be added to a queue of processes waiting for this resource.

A set of processes is in a deadlock state when every process in the set is waiting for an event

that can be caused only by another process in the set. The events mainly concerned here are resource

acquisition and release. The resources may be either physical resources or logical resources.

A programmer developing multithreaded applications must pay particular attention to

deadlocks. Multi-threaded programs are good candidates for deadlock because multiple threads can

compete for shared resources.

Deadlock Characterization

In a deadlock, processes never finish executing and system resources are tied up, preventing

other jobs from starting.

Necessary Conditions

A deadlock situation can arise if following four conditions hold simultaneously in a system:

Mutual exclusion: At least one resource must be held in a non-sharable mode; that is only one

process at a time can use the resource. If another process requests that resource, the requesting

process must be delayed until the resource has been released.

Hold and wait: A process must be holding at least one resource and waiting to acquire additional

resources that are currently being held by other processes.

No preemption: Resources cannot be preempted; that is a resource can be released only voluntarily

by the process holding it, after that process has completed its task.

Circular Wait: A set { P0,P1,….Pn} of waiting processes must exist such that P0 is waiting for a

resource held by P1,…..Pn is waiting for a resource held by P0.

All the above four conditions must hold for a deadlock to occur.

Resource Allocation Graph

Deadlocks can be described in terms of a directed graph called a system resource allocation

graph. This graph consists of a set of vertices V and set of edges E. The set of vertices V is

partitioned into two different types of nodes:

P: The set consisting of all the active processes in the system and

R: The set consisting of all resource types in the system.

A directed edge from process Pi to resource type Rj is denoted by Pi -> Rj; it signifies that

process Pi has requested an instance of resource type Rj and is currently waiting for that resource.

A directed edge from resource type Rj to process Pi is denoted by Rj -> Pi ; it signifies that

an instance of resource type Rj has been allocated to process Pi.

149

UNIT - III

A directed edge Pi -> Rj is called a request edge.

A directed edge Rj->Pi is called an assignment edge.

A Process is represented using a circle and resource type is represented using a rectangle.

Since resource type may have more than one instance, each instance is represented using a dot within

the rectangle. A request edge points to the rectangle where as an assignment edge must also designate

one of the dots in the rectangle.

When a process requests an instance of resource type, a request edge is inserted in the

resource allocation graph. When this request can be fulfilled, the request edge is instantaneously

transformed to an assignment edge. When the process no longer needs access to the resource, it

releases the resource; as a result, the assignment edge is deleted.

If the graph contains no cycles, then no process in the system is deadlocked. If the graph

does contain a cycle, then a deadlock may exist. If each resource type has exactly one instance, then

a cycle implies that a deadlock has occurred. If the cycle involves only a set of resource types, each

of which has only a single instance, then a deadlock has occurred. Each process involved in the cycle

is deadlocked. Here, a cycle in the graph is both a necessary and a sufficient condition for the

existence of deadlock.

If each resource type has several instances, then a cycle does not necessarily imply that a

deadlock has occurred. Here, a cycle in the graph is a necessary but not a sufficient condition for the

existence of deadlock.

If a resource allocation graph does not have a cycle, then the system is not in a deadlocked

state. If there is a cycle, then the system may or may not be in a deadlocked state.

150

UNIT - IIIMethods for handling deadlocks

Deadlock problem can be dealt with in one of three ways:

Use a protocol to prevent or avoid deadlocks ensuring that the system will never enter a

deadlock state

Allow the system to enter a deadlock state, detect it and recover

Ignore the problem altogether and pretend that deadlocks never occur in the system.

To ensure that deadlocks never occur, the system can use either deadlock prevention or a

deadlock avoidance scheme. Deadlock prevention provides a set of methods for ensuring that at

least one of the necessary conditions (listed under deadlock characterization) cannot hold .

These methods prevent deadlocks by constraining how requests for resources can be made.

Deadlock avoidance requires that the OS be given in advance additional information

concerning which resources a process will request and use during its lifetime. With this additional

knowledge it can decide for each request whether or not the process should wait. To decide whether

the current request can be satisfied or must be delayed, the system must consider the resources

currently available, the resources currently allocated to each process and the future requests and

releases of each process.

If a system does not employ either deadlock prevention or a deadlock avoidance algorithm,

then a deadlock situation may arise. In this environment, the system can provide an algorithm that

examines that state of the system to determine whether a deadlock has occurred and an algorithm to

recover from the deadlock.

If a system neither ensures that a deadlock will never occur nor provides a mechanism for

deadlock detection and recovery, then a situation arises where the system is in a deadlocked state yet

has no way of recognizing what has happened. The undetected deadlock will result in deterioration of

system’s performance because resources are being held by processes that cannot run and because

more and more processes as they make requests for resources will enter a deadlocked state.

Eventually, the system will stop functioning and will need to be restarted manually.

In many systems, deadlocks occur infrequently, thus this method is cheaper than the

prevention, avoidance or detection and recovery methods. In some situations, a system is in a frozen

state but is not in a deadlocked state.

151

UNIT - III

Deadlock Prevention

For a deadlock to occur, each of the four necessary conditions must hold. By ensuring that at

least one of these conditions cannot hold, we can prevent the occurrence of a deadlock.

Mutual Exclusion

The mutual exclusion condition must hold for non-sharable resources (printer). Sharable

resources do not require mutually exclusive access and thus cannot be involved in a deadlock (read

only file). We cannot prevent deadlocks by denying the mutual exclusion condition because some

resources are intrinsically non-sharable.

Hold and Wait

To ensure that the hold and wait condition never occurs in the system, we must guarantee that

whenever a process requests a resource, it does not hold any other resources. One protocol that can

be used requires each process to request and be allocated all its resources before it begins execution.

An alternative protocol allows a process to request resources only when it has none. A

process may request some resources and use them. Before it can request any additional resources, it

must release all the resources that it is currently allocated.

Both these protocols have two main disadvantages. First, resource utilization may be low

since resources may be allocated but unused for a long period. Second, starvation is possible. A

process that needs several popular resources may have to wait indefinitely because at least one of the

resources that it needs is always allocated to some other process.

No Preemption

The third necessary condition for deadlocks is that there be no preemption of resources that

have already been allocated. To ensure that this condition does not hold, use the following protocol.

If a process is holding some resources and requests another resource that cannot be immediately

allocated to it, then all resources currently being held are preempted i.e. these resources are implicitly

released. The preempted resources are added to the list of resources for which the process is waiting.

The process will be restarted only when it can regain its old resources as well as the new ones that it

is requesting.

If a process requests some resources, first check whether they are available. If they are,

allocate them. If they are not, check whether they are allocated to some other process that is waiting

for additional resources. If so, preempt the desired resources from the waiting process and allocate

them to the requesting process. If the resources are neither available nor held by a waiting process,

the requesting process must wait. While it is waiting, some of its resources may be preempted, but

only if another process requests them. A process can be restarted only when it is allocated the new

152

UNIT - IIIresources it is requesting and recovers any resources that were preempted while it was waiting. This

protocol is applied to resources whose state can be easily saved and restored later such as CPU

registers and memory space.

Circular Wait

The fourth and final condition for deadlocks is the circular wait condition. One way to

ensure that this condition never holds is to impose a total ordering of all resource types and to require

that each process requests resources in an increasing order of enumeration.

Deadlock Avoidance

Deadlock prevention algorithms prevent deadlocks by restraining how requests can be made.

The restraints ensure that at least one of the necessary conditions for deadlock cannot occur and

hence that deadlocks cannot hold. Possible side effects of preventing deadlocks by this method are

low device utilization and reduced system through put.

An alternative method for avoiding deadlocks is to require additional information about how

resources are to be requested.

The various algorithms that use this approach differ in the amount and type of information

required. The simplest and most useful model requires that each process declare the maximum

number of resources of each type that it may need. A deadlock avoidance algorithm dynamically

examines the resource allocation state to ensure that a circular wait condition can never exist.

The resource allocation state is defined by the number of available and allocated resources

and the maximum demands of the processes.

Safe state

A state is safe if the system can allocate resources to each process (up to its maximum) in

some order and still avoid a deadlock. A system is in a safe state only if there exists a safe sequence.

If no such sequence exists, then the system state is said to be unsafe.

A sequence of process P1,P2….Pn is a safe sequence if for each process Pi, the resources that

Pi can still request can be satisfied by the currently available resources plus the resources held by all

the Pi, with j < i

A safe state is not a deadlocked state. A deadlocked state is an unsafe state . Not all

unsafe states are deadlocks. An unsafe state may lead to a deadlock. As long as the state is safe, the

OS can avoid unsafe (and deadlocked states). In an unsafe state, the OS cannot prevent processes

from requesting resources such that a deadlock occurs. The behavior of the processes controls unsafe

states.

The idea is simply to ensure that the system will always remain in a safe state. Initially, the

system is in a safe state. Whenever a process requests a resource that is currently available, the 153

UNIT - IIIsystem must decide whether the resource can be allocated immediately or whether the process must

wait. The request is granted only if the allocation leaves the system in a safe state.

Example:

Consider a system with 12 resources. Process p0, p1, p2 require a maximum of 11, 6, 9,

resources respectively. Suppose at a time t0 process p0 is holding 6 and p1 is holding 2 and p2 is

holding 3 resources respectively find if the system is in safe state, if so, give safe sequence.

Solution:

Total allocated resources is 11 and 1 resource of system is free

Proces

sMaximum request

Current

allocationAvailable resource (R1)

P0 11 6

1P1 6 2

P2 9 3

Need of P0, P1 ,P2 are 5,4,6 respectively at time t0 the system is in safe state. The safe

sequence for this is P1, P2, P0. The safe sequence satisfies the safety condition. Safe sequence is

calculated as follows.

Process P1 needs 4 more resources but available resource of the system is 1 so 3 more

resources is taken from current allocation of P0. Now system has zero resources and then P1

returns all resources to the system

Process P2 needs 6 more resources and system has 6 resources so P2 can get all required

resources from system and then P2 returns them.

Need of P0 is changed from 5 to 8 because 3 resources were taken by P1 system has 9

resources so P0 can get all required resources from system then system will be left with 1

resource. P0 then return all the resources.

154

UNIT - III

Example 2:

System with adequate resources.

A system consists of three processes P1,P2 and P3 an one resource R1. Number of units for R1

is 12 consider the following case.

Process P1 requires 9 resource of R1



At a time T0 operating system is allocated R1 to all three processes as follows

Process P1 is holding 4 resource of R1



Find if the system is in safe state, if so give safe sequence

Solution:

Total allocated resource is 10 and 2 are free resources

Proces

sMaximum request

Current

allocationAvailable resource (R1)

P1 9 4

2P2 4 3

P3 10 3

Need of P1 ,P2 and P3 are 5,1,7 respectively at time t0 the system is in safe state. The safe

sequence for this is P2, P1, P3. The safe sequence satisfies the safety condition. Safe sequence is

calculated as follows.

Process P2 needs 1 more resources but available resource of the system is 2 so P2 can

immediately get all required resources from R1(at this stage R1 = 1) and then P2 returns all

resources to the system

Available resource R1 becomes 5 and after P2 returns its resources (1+3+1 ie.., need +

current allocation + available resource R1 before returning)

Process P1 needs 5 more resources and R1 is 5 so process P1 can get all required resources

from R1 (R1 = 0) and then P1 returns them.

Available resource R1 becomes 9 and after P1 returns its resources(5+4+0)

155

UNIT - III

Process P3 Need 7 more resources and R1 is 9 so the process P3 get all its required resources

from R1 and then P3 returns them.

Available resource R1 becomes 12 and after P3 returns its resources (7+3+2).

Now the system have all 12 resources available

Resource Allocation Graph Algorithm

If there is a resource allocation system with only one instance of each resource type, a variant

of the resource allocation graph can be used for deadlock avoidance. In addition to the request and

assignment edges, a claim edge is also used. This edge resembles a request edge in direction but is

represented in the graph by a dashed line. When a process makes a request, the request can be

granted only if converting the request edge to an assignment edge does not result in the formation of

a cycle in the resource allocation graph. An algorithm for detecting a cycle in this graph requires an

order of n2 operations where n is the number of processes in the system.

If no cycle exists, then the allocation of the resource will leave the system in a safe state. If a

cycle is found, then the allocation will put the system in an unsafe state.

Banker’s algorithm:

It is used to avoid deadlocks when multiple instances of each resource types are present. The

resource allocation graph algorithm is not applicable to a resource allocation system with multiple

instances of each resource type. Banker’s algorithm is applicable to such a system but is less efficient

than the resource allocation graph scheme. The name was chosen because the algorithm could be

156

UNIT - IIIused in a banking system to ensure that the bank never allocated its available cash in such a way that

it could no longer satisfy the needs of all its customers.

When a new process enters the system, it must declare the maximum number of instances of

each resource type that it may need. This number may not exceed the total number of resources in the

system. When a user requests a set of resources, the system must determine whether the allocation of

these resources will leave the system in a safe state. If it will, the resources are allocated otherwise

the process must wait until some other process releases enough resources.

Several data structures must be maintained to implement banker’s algorithm. These data

structures encode the state of the resource allocation system.

Let, n be the number of processes in the system and

m be the number of resource types.

Available: vector of length m indicates the number of available resources of each type.

Max: an n*m matrix defines the maximum demand of each process.

Allocation: an n*m matrix defines the number of resources of each type currently allocated to each

process.

Need: an n*m matrix indicates the remaining resource need of each process.

Safety Algorithm

We can now present the algorithm for finding out whether or not a system is in a safe state.

This algorithm can be described as follows:

1. Let Work and Finish be vectors of length m and n, respectively. Initialize

Work = Available and Finish[i] = false for i = 0, 1, ..., n − 1.

2. Find an index i such that both

a. Finish[i] == false

b. Needi ≤Work

If no such i exists, go to step 4.

3. Work =Work + Allocationi

Finish[i] = true

Go to step 2.

4. If Finish[i] == true for all i, then the system is in a safe state.

This algorithm may require an order of m × n2 operations to determine whether a state is safe.

Resource-Request Algorithm

Next, we describe the algorithm for determining whether requests can be safely granted.

157

UNIT - III

Let Requesti be the request vector for process Pi . If Requesti [ j] == k, then process Pi wants

k instances of resource type Rj . When a request for resources is made by process Pi , the following

actions are taken:

1. If Requesti ≤Needi ,

go to step 2. Otherwise, raise an error condition, since the process has exceeded its maximum

claim.

2. If Requesti ≤ Available,

go to step 3. Otherwise, Pi must wait, since the resources are not available.

3. Have the system pretend to have allocated the requested resources to process Pi by modifying the

state as follows:

Available = Available–Requesti ;

Allocationi = Allocationi + Requesti ;

Needi = Needi –Requesti ;

If the resulting resource-allocation state is safe, the transaction is completed, and process Pi

is allocated its resources. However, if the new state is unsafe, then Pi must wait for Requesti , and the

old resource-allocation state is restored.

Example:

158

UNIT - III

159

UNIT - III

Deadlock Detection

If a system does not employ either deadlock prevention or a deadlock avoidance algorithm, then

a deadlock situation may occur. Here the system must provide:

An algorithm that examines the state of the system to determine whether a deadlock has

occurred.

An algorithm to recover from deadlock.

Single instance of each resource type

If all resources have only a single instance, then we can define a deadlock detection

algorithm that uses a variant of the resource allocation graph called a wait for graph. This graph is

obtained from the resource allocation graph by removing the resource nodes and collapsing the

appropriate edges.

A deadlock exists in the system if and only if the wait for graph contains a cycle. To detect

deadlocks, the system needs to maintain the wait for graph and periodically invoke an algorithm that

searches for a cycle in the graph. An algorithm to detect a cycle in the graph requires an order of n2

operations where n is the number of vertices in the graph.

Several instances of a resource type

The wait for graph scheme is not applicable to resource allocation system with multiple

instances of each resource type. For several instances of resource type, the algorithm employs several

time varying data structures. They are:

Available: a vector of length m indicates the number of available resources of each type 160

UNIT - IIIAllocation: an n*m matrix defines the number of resources of each type currently allocated to each

process

Request: an n*m matrix indicates the current request of each process.

This algorithm requires an order of m*n2 operations to detect whether the system is in a

deadlocked state.

1. LetWork and Finish be vectors of length m and n, respectively. Initialize Work = Available. For i

= 0, 1, ..., n–1, if Allocationi _= 0, then Finish[i] = false. Otherwise, Finish[i] = true.

2. Find an index i such that both

a. Finish[i] == false

b. Requesti ≤Work

If no such i exists, go to step 4.

3. Work =Work + Allocationi

Finish[i] = true

Go to step 2.

4. If Finish[i] ==false for some i, 0≤i<n, then the system is in a deadlocked state. Moreover, if

Finish[i] == false, then process Pi is deadlocked.

Detection algorithm usage

When should the detection algorithm be invoked? This depends on two factors:

How often is a deadlock likely to occur?

How many processes will be affected by deadlock when it happens?

If deadlocks occur frequently, then the detection algorithm should be invoked frequently.

Resources allocated to deadlocked processes will be idle until the deadlock can be broken.

Deadlocks occur only when some process makes a request that cannot be granted

immediately. This request may be the final request that completes a chain of waiting processes. The

deadlock detection algorithm can be invoked every time a request for allocation cannot be granted

immediately. But if the deadlock detection algorithm is invoked for every resource request, this will

incur a considerable overhead in computation time.

Recovery from Deadlock

161

UNIT - III

When a detection algorithm determines that a deadlock exists, several alternatives are

available. There are two options for breaking a deadlock. One is simply to abort one or more

processes to break the circular wait. The other is to preempt some resources from one or more of the

deadlocked processes.

Process Termination

To eliminate deadlocks by aborting a process, use one of the two methods. In both methods,

the system reclaims all resources allocated to the terminated processes.

Abort all deadlocked processes: Breaks the deadlock cycle, the deadlocked processes may have

computed for a long time and the results of partial computations must be discarded and will have to

be recomputed later.

Abort one process at a time until the deadlock cycle is eliminated: Incurs considerable

overhead, since after each process is aborted, a deadlock detection algorithm must be invoked to

determine whether any processes are still deadlocked.

If the partial termination method is used, then we must determine which deadlocked process

should be terminated. Abort those processes whose termination will incur minimum costs.

Many factors may affect which process is chosen including:

What the priority of the process is

How long the process has computed and how much longer the process will compute before

completing its designated task

How many and what type of resources the process has used

How many more resources the process needs in order to complete

How many processes will need to be terminated

Whether the process is interactive or batch

Resource Preemption

To eliminate deadlocks using resource preemption, preempt some resources from processes

and give these resources to other processes until the deadlock cycle is broken.

If preemption is required to deal with deadlocks, three issues need to be addressed:

Selecting a victim: Which resources and which processes are to be preempted?

Rollback: If a resource is preempted from a process, what should be done with that process?

Starvation: How do we ensure that starvation will not occur?

In a system where victim selection is based primarily on cost factors, it may happen that the

same process is always picked as a victim. So this process never completes its designated task, a

starvation situation that must be dealt with in any practical system. A process can be picked as a

victim only a finite number of times.162

UNIT - III

MEMORY MANAGEMENT – STRATEGIES

As a result of CPU scheduling, the utilization of the CPU and the speed of the computer’s

response to the users can be improved. To realize this increase in performance, however, we must

keep several processes in memory that is we must share memory.

For managing this memory, we user various memory management algorithms which vary

from a primitive bare machine approach to paging and segmentation strategies. Selection of a

memory management method for a specific system depends on many factors, especially on the

hardware design of the system.

Background

Memory is central to the operation of a modern computer system. Memory consists of a large

array of bytes or words, each with its own address. The CPU fetches instructions from memory

according to the value of the program counter.

A typical instruction execution cycle first fetches an instruction from memory. The

instruction is then decoded and may cause operands to be fetched from memory. After the instruction

has been executed on the operands, results may be stored back in memory. The memory unit sees

only a stream of memory addresses.

Basic Hardware

163

UNIT - III

Main memory and the registers built into the processor itself are the only storage that the

CPU can access directly. Hence any instructions in execution and any data being used by the

instructions must be in one of these direct access storage devices. If the data are not in memory, they

must be moved there before the CPU can operate on them.

Registers that are built into CPU are generally accessible within one cycle of CPU clock.

Main memory is accessed via a transaction on the memory bus. Memory access may take many

cycles of the CPU clock to complete, in which case the processor needs to stall since it does not have

data required to complete the instruction that it is executing.

Protection of OS from access by user processes and protection of user processes from one

another has to be ensured by hardware. One possible implementation is:

Each process should have a separate memory space. For this, a range of legal addresses that

the process may access and ensuring that the process accesses only these legal addresses has to be

determined. This protection can be provided by using two registers – base and limit register. The

base register holds the smallest legal physical memory address and the limit register specifies the size

of the range.

Protection of memory space is accomplished by having the CPU hardware compare every

address generated in user mode with the registers. Any attempt by a program executing in user mode

to access OS memory or other users’ memory results in a trap to OS which treats the attempt as a

fatal error. This scheme prevents a user program from modifying the code or data structures of either

the OS or other users.

164

UNIT - III

The base and limit registers can be loaded only by the OS which uses a special privileged

instruction. Since privileged instructions can be executed only in kernel mode, and since only the OS

executes in kernel mode, only the OS can load the base and limit registers. The OS executing in

kernel mode is given unrestricted access to both OS and users’ memory.

Address Binding

A program resides on a disk a binary executable file. To be executed, the program must be

brought into memory and placed within a process. The processes on the disk that are waiting to be

brought into memory for execution form the input queue.

One process from the input queue is selected and loaded into memory. As the process is

executed, it accesses instructions and data from memory. Later the process terminates and its

memory space is declared available.

A user program goes through the following the steps before getting executed. Addresses may

be represented in different ways during these steps.

165

UNIT - III

Addresses in the source program are symbolic. A compiler will bind these symbolic

addresses to re-locatable addresses. The linkage editor or loader will in turn bind the re-locatable

addresses to absolute addresses. Each binding is a mapping from one address space to another.

The binding of instructions and data to memory addresses can be done at:

Compile time: If you know at compile time, where the process will reside in memory, then absolute

code can be generated.

Load time: If it is not known at compile time where the process will reside in memory, then the

compiler must generate re-locatable code. Final binding is delayed until load time.

Execution time: If the process can be moved during its execution from one memory segment to

another, then binding must be delayed until run time.

Logical versus Physical Address Space

An address generated by the CPU is referred to as logical address whereas an address seen by

the memory unit i.e. the one loaded into the memory address register of the memory is referred to as

physical address.

The compile time and load time address binding methods generate identical logical and

physical addresses. The execution time address binding scheme results in differing logical and

166

UNIT - IIIphysical addresses where logical address is called virtual address. The set of all logical addresses

generated by a program is a logical address space; the set of all physical addresses generated by a

program is a physical address space. Thus, in the execution time address binding scheme, the logical

and physical address spaces differ.

The run time mapping from virtual to physical addresses is done by a hardware device called

the memory management unit (MMU).

The base register here is called a relocation register. The value in the relocation register is

added to every address generated by a user process at the time it is sent to memory.

The user program never sees the real physical addresses (in the range R+0 to R+ max). The

user program deals with logical addresses (in the range 0 to max).

Dynamic Loading

The entire program and all data of a process must be in physical memory for the process to

execute. The size of a process is limited to the size of physical memory. To obtain memory space

utilization, dynamic loading can be used.

167

UNIT - III

With dynamic loading, a routine is not loaded until it is called. All routines are kept on disk

in a relocatable load format. The main program is loaded into memory and is executed. When a

routine needs to call another routine, the calling routine first checks to see whether the other routine

has been loaded. If not, the re-locatable linking loader is called to load the desired routine into

memory and to update the program’s address tables to reflect this change. Then control is passed to

the newly loaded routine.

The advantage of dynamic loading is that an unused routine is never loaded. This method is

useful when large amounts of code are needed to handle infrequently occurring cases such as error

routines. Dynamic loading does not require special support from the OS.

Dynamic linking and shared libraries

Some OS support only static linking, in which system language libraries are treated like any

other object module and are combined by the loader into the binary program image. Dynamic

linking is done at execution time. This is used with system libraries such as language subroutine

libraries. Without this facility, each program on a system must include a copy of its language library

in the executable image which wastes both disk space and main memory.

With dynamic linking, a stub is included in the image for each library routine reference. The

stub is a small piece of code that indicates how to locate the appropriate memory resident library

routine or how to load the library if the routine is not already present. When the stub is executed, it

checks to see whether the needed routine is already in memory. If not, the program loads the routine

into memory. Either way, the stub replaces itself with the address of the routine and executes the

routine. Here, all processes that use a language library execute only one copy of the library code.

This feature can be extended to library updates. A library may be replaced by a new version

and all programs that reference the library will automatically use the new version. This is known as

shared libraries.

Dynamic linking requires help from the OS. If the processes in memory are protected from

one another, then the OS is the only entity that can check to see whether the needed routine is in

another process’s memory space or that can allow multiple processes to access the same memory

addresses.

1. Swapping

A process must be in memory to be executed. A process can however be swapped

temporarily out of memory to a backing store and then brought back into memory for continued

execution.

168

UNIT - III

A variant of the swapping policy is used for priority based scheduling algorithms. If a higher

priority process arrives and wants service, the memory manager can swap out the lower priority

process and then load and execute the higher priority process. When the higher priority process

finishes, the lower priority process can be swapped back in and continued. This variant of swapping

is called roll out, roll in.

A process that is swapped out will be swapped back into the same memory space it occupied

previously because of address binding. If binding is done at assembly time or load time, then the

process cannot be moved to a different location. If execution time binding is being used, then a

process can be swapped into a different memory space because the physical addresses are computed

during execution time.

Swapping requires a backing store. This has to be a fast disk, large enough to accommodate

copies of all memory images for all users, and must provide direct access to these memory images.

The system maintains a ready queue consisting of all processes whose memory images are on the

backing store or in memory and are ready to run. Whenever the CPU scheduler decides to execute a

process, it calls the dispatcher. The dispatcher checks to see whether the next process in the queue is

in memory. If it is not, and if there is no free memory region, the dispatcher swaps out a process

currently in memory and swaps in the desired process. It then reloads registers and transfers control

to the selected process.

For swapping a process, it must be completely idle. Also never swap a process with pending

I/O or execute I/O operations only into the OS buffers.

2. Contiguous Memory Allocation

The memory is usually divided into two partitions: one for the resident OS and one for the

user processes. The main memory must accommodate both the OS and various user processes. OS

169

UNIT - IIIcan be placed either in low memory or high memory. The major factor affecting this decision is the

location of the interrupt vector table (IVT).

Several user processes should reside in memory at the same time. In contiguous memory

allocation, each process is contained in a single contiguous section of memory.

IVT

OPERATING SYSTEM

USER SPACE

MAIN MEMORY STRUCTURE

Memory Mapping and Protection

Memory mapping and protection are provided by using relocation register with a limit

register. The relocation register contains the value of the smallest physical address; the limit

register contains the range of logical addresses. With relocation and limit registers, each logical

address must be less than the limit register; the MMU maps the logical address dynamically by

adding the value in the relocation register. This mapped address is sent to the memory.

When the CPU scheduler selects a process for execution, the dispatcher loads the relocation

and limit registers with the correct values as part of the context switch. Because every address

generated by the CPU is checked against these registers, both the OS and other users’ programs and

data can be protected from being modified by the running process. The relocation register scheme

provides an effective way to allow the OS size to change dynamically.

Memory Allocation

170

UNIT - III

One of the simplest methods for allocating memory is to divide memory into several fixed

sized partitions. Each partition may contain exactly one process. The degree of multi programming

is bound by the number of partitions.

In this multiple partition method (dynamic partition), when a partition is free, a process is

selected from the input queue and is loaded into the free partition. When the process terminates,

the partition becomes available for another process.

In the fixed partition scheme, the OS keeps a table indicating which parts of memory are

available and which are occupied. Initially, all memory is available for user processes and is

considered one large block of available memory called a hole. When a process arrives and needs

memory, we search for a hole large enough for this process.

As processes enter the system, they are put into an input queue. The OS takes into account

the memory requirements of each process and the amount of available memory space in determining

which processes are allocated memory. When a process is allocated space, it is loaded into memory,

and then competes for CPU. When a process terminates, it releases its memory, which the OS may

then fill with another process from the input queue.

The OS can order the input queue according to a scheduling algorithm. Memory is allocated

to processes until the memory requirements of the next process cannot be satisfied that is no

available block of memory or hole is large enough to hold that process. The OS can then wait until a

large enough blocks is available or it can skip down the input queue to see whether the smaller

memory requirements of some other process can be met.

At any given time, we have a set of holes of various sizes scattered throughout memory.

When a process arrives and needs memory, the system searches the set for a hole that is large enough

for this process. If the hole is too large, it is split into two parts. One part is allocated to the arriving

process and the other is returned to the set of holes. When a process terminates, it releases its block

of memory which is then placed back in the set of holes. If the new hole is adjacent to other holes,

these adjacent holes are merged to form one larger hole. Here the system checks whether there are

processes waiting for memory and whether this newly freed and recombined memory could satisfy

the demands of any of these waiting processes. 171

UNIT - III

This procedure is an instance of the general dynamic storage allocation problem. The

solutions to this problem are:

a) First fit: Allocate the first hole that is big enough

b) Best fit: Allocate the smallest hole that is big enough

c) Worst fit: Allocate the largest hole.

Fragmentation

Both the first fit and best fit strategies for memory allocation suffer from external

fragmentation. As processes are loaded and removed from memory, the free memory space is

broken into little pieces.

External fragmentation exists when there is enough total memory space to satisfy a request

but the available spaces are not contiguous; storage is fragmented into a large number of small holes.

Choosing among first fit or best fit strategy can affect the amount of fragmentation.

Depending on the total amount of memory storage and the average process size, external

fragmentation can be a minor or major problem. Statistical analysis of fist fit reveals that even with

some optimization, given N allocated blocks, another 0.5 N blocks will be lost to fragmentation.

This property is known as the 50 percent rule.

Memory fragmentation can be internal as well as external. When the physical memory is

broken down into fixed sized blocks and memory is allocated in units based on block size, the

memory allocated to a process may be slightly larger than the requested memory. The difference

between these two numbers is internal fragmentation memory that is internal to a partition but is

not being used.

One solution to the problem of external fragmentation is compaction. Here the goal is to

shuffle the memory contents so as to place all free memory together in one large block. If relocation

is static and is done at assembly or load time, compaction cannot be done; compaction is possible

only if relocation is dynamic and is done at execution time. The simplest compaction algorithm is to

move all processes toward one end of memory; all holes move in the other direction, producing one

large hole of available memory.

Another possible solution to the external fragmentation problem is to permit the logical

address space of the processes to be non-contiguous; thus allowing a process to be allocated physical

memory wherever the latter is available. Two techniques achieve this solution – paging and

segmentation.

3.Segmentation

172

UNIT - III

The user’s view of the memory is not the same as the actual physical memory. The user’s

view is mapped onto physical memory. This mapping allows differentiation between logical memory

and physical memory.

Basic Method

Users prefer to view memory as a collection of variable sized segments with no necessary

ordering among segments.

A program can be visualized as a main program with a set of methods, procedures or

functions. It may also include various data structures: objects, arrays, stacks, variables etc. Each of

these modules or data elements is referred to by name. Each of these segments is of variable length;

length is intrinsically defined by the purpose of the segment in the program. Elements within a

segment are identified by their offset from the beginning of the segment.

Segmentation is a memory management scheme that supports the user view of memory. A

logical address space is a collection of segments. Each segment has a name and a length. The

addresses specify both the segment name and the offset within the segment. The user therefore

specifies each address by two quantities – a segment name and an offset.

Segments are numbered and are referred to by a segment number. Thus a logical address

consists of a two tuple: <segment – number, offset>

The user program is compiled and the compiler automatically constructs segments reflecting

the input program. Libraries that are linked in during compile time might be assigned separate

segments. The loader would take all these segments and assign them segment numbers.

Hardware 173

UNIT - III

Even though, the user can now refer to objects in the program by a two dimensional address,

the actual physical memory is a one dimensional sequence of bytes. Thus, we must define an

implementation to map two dimensional user defined addresses into one dimensional physical

address. This mapping is affected by a segment table. Each entry in the segment table has a segment

base and a segment limit. The segment base contains the starting physical address where the segment

resides in memory whereas the segment limit specifies the length of the segment.

A logical address consists of two parts: a segment number s, and an offset into that segment,

d. the segment number is used as an index to the segment table. The offset d of the logical address

must be between 0 and the segment limit. If it is not, a trap is returned. When an offset is legal, it is

added to the segment base to produce the address in physical memory of the desired byte. The

segment table is thus essentially an array of base limit register pairs.

4. Paging

The goal of paging is to store the program in main memory non-continuously. Paging

supports two types of memory ie.., logical memory and main memory. Logical memory is

divided into equal partitions. Each partition is known as a page. A page is defined as smallest

continuous block of physical memory that is used to store processes and data. Approximately the

size of page is 4kb. Pages are cateroziged into free page and used page. The OS maintains

information about all free pages and used pages. The address at which the data is stored in

logical memory is known as logical address, which is generated by CPU.

174

OPERATING SYSTEMS Unit - IV

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

LECTURER NOTES

OPERATING SYSTEMS

PREPARED BY:


UNIT IV

175 SVR EC, NANDYAL


Mass-storage structure: Overview of Mass-storage structure, Disk structure, Disk attachment, Disk

scheduling, Swap-space management, RAID structure, Stable-storage implementation.

10.1 Overview of Mass-Storage Structure

10.1.1 Magnetic Disks Traditional magnetic disks have the following basic structure:

o One or more platters in the form of disks covered with magnetic media. Hard disk platters are

made of rigid metal, while "floppy" disks are made of more flexible plastic.

o Each platter has two working surfaces. Older hard disk drives would sometimes not use the very

top or bottom surface of a stack of platters, as these surfaces were more susceptible to potential

damage.

o Each working surface is divided into a number of concentric rings called tracks. The collection

of all tracks that are the same distance from the edge of the platter, (i.e. all tracks immediately

above one another in the following diagram) is called a cylinder.

o Each track is further divided into sectors, traditionally containing 512 bytes of data each,

although some modern disks occasionally use larger sector sizes. (Sectors also include a header

and a trailer, including checksum information among other things. Larger sector sizes reduce the

fraction of the disk consumed by headers and trailers, but increase internal fragmentation and the

amount of disk that must be marked bad in the case of errors.)

o The data on a hard drive is read by read-write heads. The standard configuration (shown below)

uses one head per surface, each on a separate arm, and controlled by a common arm assembly

which moves all heads simultaneously from one cylinder to another. (Other configurations,

including independent read-write heads, may speed up disk access, but involve serious technical

difficulties )

o The storage capacity of a traditional disk drive is equal to the number of heads (i.e. the number of

working surfaces), times the number of tracks per surface, times the number of sectors per track,

times the number of bytes per sector. A particular physical block of data is specified by

providing the head-sector-cylinder number at which it is located.

176 SVR EC, NANDYAL


Figure 10.1 - Moving-head disk mechanism.

In operation the disk rotates at high speed, such as 7200 rpm (120 revolutions per second.)

The rate at which data can be transferred from the disk to the computer is composed of

several steps:

o The positioning time, a.k.a. the seek time or random access time is the time required

to move the heads from one cylinder to another, and for the heads to settle down after

the move. This is typically the slowest step in the process and the predominant

bottleneck to overall transfer rates.

o The rotational latency is the amount of time required for the desired sector to rotate

around and come under the read-write head. This can range anywhere from zero to

one full revolution, and on the average will equal one-half revolution. This is another

physical step and is usually the second slowest step behind seek time. (For a disk

rotating at 7200 rpm, the average rotational latency would be 1/2 revolution / 120

revolutions per second, or just over 4 milliseconds, a long time by computer

standards.)

o The transfer rate, which is the time required to move the data electronically from the

disk to the computer. (Some authors may also use the term transfer rate to refer to the

overall transfer rate, including seek time and rotational latency as well as the

electronic data transfer rate.)

Disk heads "fly" over the surface on a very thin cushion of air. If they should accidentally

contact the disk, then a head crash occurs, which may or may not permanently damage the

177 SVR EC, NANDYAL


disk or even destroy it completely. For this reason it is normal to park the disk heads when

turning a computer off, which means to move the heads off the disk or to an area of the disk

where there is no data stored.

Floppy disks are normally removable. Hard drives can also be removable, and some are

even hot-swappable, meaning they can be removed while the computer is running, and a new

hard drive inserted in their place.

Disk drives are connected to the computer via a cable known as the I/O Bus. Some of the

common interface formats include Enhanced Integrated Drive Electronics, EIDE; Advanced

Technology Attachment, ATA; Serial ATA, SATA, Universal Serial Bus, USB; Fiber

Channel, FC, and Small Computer Systems Interface, SCSI.

The host controller is at the computer end of the I/O bus, and the disk controller is built into

the disk itself. The CPU issues commands to the host controller via I/O ports. Data is

transferred between the magnetic surface and onboard cache by the disk controller, and then

the data is transferred from that cache to the host controller and the motherboard memory at

electronic speeds.

10.1.2 Solid-State Disks - New

As technologies improve and economics change, old technologies are often used in different

ways. One example of this is the increasing used of solid state disks, or SSDs.

SSDs use memory technology as a small fast hard disk. Specific implementations may use

either flash memory or DRAM chips protected by a battery to sustain the information through

power cycles.

Because SSDs have no moving parts they are much faster than traditional hard drives, and

certain problems such as the scheduling of disk accesses simply do not apply.

However SSDs also have their weaknesses: They are more expensive than hard drives,

generally not as large, and may have shorter life spans.

SSDs are especially useful as a high-speed cache of hard-disk information that must be

accessed quickly. One example is to store file-system meta-data, e.g. directory and i-node

information that must be accessed quickly and often. Another variation is a boot disk

containing the OS and some application executable, but no vital user data. SSDs are also used

in laptops to make them smaller, faster, and lighter.

178 SVR EC, NANDYAL


Because SSDs are so much faster than traditional hard disks, the throughput of the bus can

become a limiting factor, causing some SSDs to be connected directly to the system PCI bus

for example.

10.1.3 Magnetic Tapes - was 12.1.2

Magnetic tapes were once used for common secondary storage before the days of hard disk

drives, but today are used primarily for backups.

Accessing a particular spot on a magnetic tape can be slow, but once reading or writing

commences, access speeds are comparable to disk drives.

Capacities of tape drives can range from 20 to 200 GB, and compression can double that

capacity.

10.2 Disk Structure

The traditional head-sector-cylinder, HSC numbers are mapped to linear block addresses by

numbering the first sector on the first head on the outermost track as sector 0. Numbering

proceeds with the rest of the sectors on that same track, and then the rest of the tracks on the

same cylinder before proceeding through the rest of the cylinders to the center of the disk. In

modern practice these linear block addresses are used in place of the HSC numbers for a

variety of reasons:

1. The linear length of tracks near the outer edge of the disk is much longer than for

those tracks located near the center, and therefore it is possible to squeeze many more

sectors onto outer tracks than onto inner ones.

2. All disks have some bad sectors, and therefore disks maintain a few spare sectors that

can be used in place of the bad ones. The mapping of spare sectors to bad sectors in

managed internally to the disk controller.

3. Modern hard drives can have thousands of cylinders, and hundreds of sectors per

track on their outermost tracks. These numbers exceed the range of HSC numbers for

many (older) operating systems, and therefore disks can be configured for any

convenient combination of HSC values that falls within the total number of sectors

physically on the drive.

There is a limit to how closely packed individual bits can be placed on a physical media, but

that limit is growing increasingly more packed as technological advances are made.

Modern disks pack many more sectors into outer cylinders than inner ones, using one of two

approaches:

179 SVR EC, NANDYAL


o With Constant Linear Velocity, CLV, the density of bits is uniform from cylinder to

cylinder. Because there are more sectors in outer cylinders, the disk spins slower

when reading those cylinders, causing the rate of bits passing under the read-write

head to remain constant. This is the approach used by modern CDs and DVDs.

o With Constant Angular Velocity, CAV, the disk rotates at a constant angular speed,

with the bit density decreasing on outer cylinders. (These disks would have a constant

number of sectors per track on all cylinders.)

10.3 Disk Attachment

Disk drives can be attached either directly to a particular host (a local disk) or to a network.

10.3.1 Host-Attached Storage

Local disks are accessed through I/O Ports as described earlier.

The most common interfaces are IDE or ATA, each of which allow up to two drives per host

controller.

SATA is similar with simpler cabling.

High end workstations or other systems in need of larger number of disks typically use SCSI

disks:

o The SCSI standard supports up to 16 targets on each SCSI bus, one of which is

generally the host adapter and the other 15 of which can be disk or tape drives.

o A SCSI target is usually a single drive, but the standard also supports up to

8 units within each target. These would generally be used for accessing individual

disks within a RAID array. (See below.)

o The SCSI standard also supports multiple host adapters in a single computer, i.e.

multiple SCSI busses.

o Modern advancements in SCSI include "fast" and "wide" versions, as well as SCSI-2.

o SCSI cables may be either 50 or 68 conductors. SCSI devices may be external as well

as internal.

FC is a high-speed serial architecture that can operate over optical fiber or four-conductor

copper wires, and has two variants:

o A large switched fabric having a 24-bit address space. This variant allows for

multiple devices and multiple hosts to interconnect, forming the basis for the storage-

area networks, SANs, to be discussed in a future section.

180 SVR EC, NANDYAL


o The arbitrated loop, FC-AL, that can address up to 126 devices (drives and

controllers.)

10.3.2 Network-Attached Storage

Network attached storage connects storage devices to computers using a remote procedure

call, RPC, interface, typically with something like NFS file-system mounts. This is

convenient for allowing several computers in a group common access and naming

conventions for shared storage.

NAS can be implemented using SCSI cabling, or ISCSI uses Internet protocols and standard

network connections, allowing long-distance remote access to shared files.

NAS allows computers to easily share data storage, but tends to be less efficient than

standard host-attached storage.

Figure 10.2 - Network-attached storage.

10.3.3 Storage-Area Network

A Storage-Area Network, SAN, connects computers and storage devices in a network, using

storage protocols instead of network protocols.

One advantage of this is that storage access does not tie up regular networking bandwidth.

SAN is very flexible and dynamic, allowing hosts and devices to attach and detach on the fly.

SAN is also controllable, allowing restricted access to certain hosts and devices.

181 SVR EC, NANDYAL


Figure 10.3 - Storage-area network.

10.4 Disk Scheduling

As mentioned earlier, disk transfer speeds are limited primarily by seek times and rotational

latency. When multiple requests are to be processed there is also some inherent delay in

waiting for other requests to be processed.

Bandwidth is measured by the amount of data transferred divided by the total amount of time

from the first request being made to the last transfer being completed, ( for a series of disk

requests. )

Both bandwidth and access time can be improved by processing requests in a good order.

Disk requests include the disk address, memory address, number of sectors to transfer, and

whether the request is for reading or writing.

10.4.1 FCFS Scheduling

First-Come First-Serve is simple and intrinsically fair, but not very efficient. Consider in the

following sequence the wild swing from cylinder 122 to 14 and then back to 124:

182 SVR EC, NANDYAL

UNIT - IV

OPERATING SYSTEMS

UNIT IV

Mass-storage structure: Overview of Mass-storage structure, Disk structure, Disk attachment, Disk

scheduling, Swap-space management, RAID structure, Stable-storage implementation.

File system Interface: The concept of a file, Access Methods, Directory and Disk structure, File system

mounting, File sharing, Protection.

File system Implementation: File-system structure, File-system Implementation, Directory

Implementation, Allocation Methods, Free-Space management.

File system interfaceIntroduction:

The file system is the most visible aspect of an OS. It provides the mechanism for online

storage of and access to both data and programs of OS and all the users of the computer system. The

file system consists of two distinct parts: A collection of files each storing related data and a

directory structure which organizes and provides information about all the files in the system.

1. File Concept:

Computers can store information on various storage media such as magnetic disks, magnetic

tapes and optical disks. OS provides a uniform logical view of information storage. OS abstracts

from the physical properties of its storage devices to define a logical storage unit called a file. Files

are mapped by OS onto physical devices. These storage devices are non-volatile so the contents are

persistent through power failures and system reboots.

A file is a named collection of related information that is recorded on secondary storage. A

file is the smallest allotment of logical secondary storage; that is data cannot be written to secondary

storage unless they are within a file. Files represent programs and data. Data files may be numeric,

alphabetic, alphanumeric or binary. Files may be free form such as text files or may be formatted

rigidly. A file is a sequence of bits, bytes, lines or records.

Information in a file is defined by its creator. Many different types of information may be

stored in a file like source programs, object programs, executable programs, numeric data, text etc. A

file has a certain defined structure which depends on its type.

Text file: sequence of characters organized into lines

Source file: sequence of sub routines and functions each of which is further organized as

declarations followed by executable statements.

Object file: sequence of bytes organized into blocks understandable by the system’s linker

Executable file: series of code sections that the loader can bring into memory and execute.

183

UNIT - IVFile Attributes:

A file is referred to by its name. A name is usually a string of characters. When a file is

named, it becomes independent of the process, the user and even the system that created it. A file’s

attributes vary from one OS to another but consist of these –

Name: symbolic file name is the only information kept in human readable form.

Identifier: number which identifies the file within the file system; it is the non human readable name

for the file.

Type: information is needed for systems that support different types of files.

Location: this information is a pointer to a device and to the location of the file on that device.

Size: the current size of the file

Protection: Access control information determines who can do reading, writing, executing etc.

Time, date and user identification: This information may be kept for creation, last modification

and last use.

The information about all files is kept in the directory structure which resides on secondary

storage. A directory entry consists of the file’s name and its unique identifier. The identifier in turn

locates the other file attributes.

File Operations:

A file is an abstract data type. OS can provide system calls to create, write, read, reposition,

delete and truncate files.

Creating a file: First space in the file system must be found for the file. Second, an entry for the

new file must be made in the directory.

Writing a file: To write a file, specify both the name of the file and the information to be written to

the file. The system must keep a write pointer to the location in the file where the next write is to take

place.

Reading a file: To read from a file, directory is searched for the associated entry and the system

needs to keep a read pointer to the location in the file where the next read is to take place. Because a

process is either reading from or writing to a file, the current operation location can be kept as a per

process current file position pointer.

Repositioning within a file: Directory is searched for the appropriate entry and the current file

position pointer is repositioned to a given value. This operation is also known as files seek.

Deleting a file: To delete a file, search the directory for the named file. When found, release all files

space and erase the directory entry.

Truncating a file: User may want to erase the contents of a file but keep its attributes. This function

allows all attributes to remain unchanged except for file length. 184

UNIT - IV

Other common operations include appending new information to the end of an existing file

and renaming an existing file. We may also need operations that allow the user to get and set the

various attributes of a file.

Most of the file operations mentioned involve searching the directory for the entry associated

with the named file. To avoid this constant search, many systems require that an open () system call

be made before a file is first used actively. OS keeps a small table called the open file table

containing information about all open files. When a file operation is requested, the file is specified

via an index into this table so no searching is required.

When the file is no longer being actively used, it is closed by the process and the OS removes

its entry from the open file table. Create and delete are system calls that work with closed files.

The open () operation takes a file name and searches the directory copying the directory entry

into the open file table. The open () call can also accept access mode information – create, read –

only, read – write, append – only, etc. This mode is checked against file’s permissions. If the request

mode is allowed, the file is opened for the process. The open () system call returns a pointer to the

entry in the open file table. This pointer is used in all I/O operations avoiding any further searching

and simplifying the system call interface.

OS uses two levels of internal tables:

A per process table: The process table tracks all files that a process has open. Stored in this

table is information regarding the use of the file by the Process. Each entry in the process table points

to a system wide open file table.

A system wide table: The system wide table contains process independent information. Once

a file has been opened by one process, the system wide table includes an entry for the file. The open

file table also has an open count associated with each file to indicate how many processes have the

file open.

To summarize, several pieces of information are associated with an open file.

File pointer: System must keep track of the last read – write location as a current file position

pointer.

File open count: As files are closed, OS must reuse its open file entries or it could run out of space

in the table. File open counter tracks the number of opens and closes and reaches zero on the last

close.

Disk location of the file: The information needed to locate the file on disk is kept in memory so that

the system does not have to read it from disk for each operation.

Access rights: Each process opens a file a file in an access mode. This information is stored on the

per process table so the OS can allow or deny subsequent I/O requests. 185

UNIT - IV

Some OS’s provide facilities for locking an open file. File locks allow one process to lock a

file and prevent other processes from gaining access to it. File locks are useful for files that are

shared by several processes.

A shared lock is where several processes can acquire the lock concurrently.

An exclusive lock is where only one process at a time can acquire such a lock.

Also some OS’s may provide either mandatory or advisory file locking mechanisms. If a lock

is mandatory, then once a process acquires an exclusive lock, the OS will prevent any other process

from accessing the locked file. If the lock scheme is mandatory, OS ensures locking integrity.

For advisory locking, it is up to software developers to ensure that locks are appropriately

acquired and released.

File types:

A common technique for implementing file types is to include the type as part of the file

name. The name is split into two parts – a name and an extension separated by a period character.

The system uses the extension to indicate the type of the file and the type of operations that can be

done on that file.

File structure

File types can be used to indicate the internal structure of the file. Source and object files

have structures that match the expectations of the programs that read them. Certain files conform to a

required structure that is understood by OS. But the disadvantage of having the OS support multiple

file structures is that the resulting size of the OS is cumbersome. If the OS contains five different file

structures, it needs to contain the code to support these file structures. Hence some OS’s impose a

minimal number of file structures. MAC OS also supports a minimal number of file structures. It

expects files to contain two parts – a resource fork and a data fork. The resource fork contains

information of interest to the user. The data fork contains program code or data – traditional file

contents.

Internal file structure:

Internally locating an offset within a file can be complicated for the OS. Disk systems have a

well defined block size determined by the size of the sector. All disk I/O is performed in units of one 186

UNIT - IVblock and all blocks are the same size. Since it is unlikely that the physical record size will exactly

match the length of the desired logical record, and then logical records may even vary in length,

packing a number of logical records into physical blocks is a solution. The logical record size,

physical block size and packing technique determine how many logical records are in each physical

block. The packing can be done either by the user’s application program or by the OS. Hence the file

may be considered to be a sequence of blocks. All the basic I/O functions operate in terms of blocks.

1.2 Access MethodsFiles store information. When it is used, this information must be accessed and read into

computer memory. The information in the file can be accessed in several ways.

Sequential access: Simplest method. Information in the file is processed in order that is one record

after the other. This method is based on a tape model of a file and works as well on sequential access

devices as it does on random access

Direct access: Another method is direct access or relative access. A file is made up of fixed length

logical records that allow programs to read and write records rapidly in no particular order. The

direct access method is based on a disk model of a file since disks allow random access to any file

block. Direct access files are of great use for immediate access to large amounts of information. In

this method, file operations must be modified to include block number as a parameter.

The block number provided by the user to the OS is a relative block number. A relative block

number is an index relative to the beginning of the file. The use of relative block numbers allows the

187

UNIT - IVOS to decide where the file should be placed and helps to prevent the user from accessing portions of

the file system that may not be a part of the file.

Some systems allow only sequential file access; others allow only direct access.

Other Access Methods: Other access methods can be built on top of a direct access method. These

methods generally involve the construction of an index for the file. This index contains pointers to

the various blocks. To find a record in the file, first search the index and then use the pointer to

access the file directly and to find the desired record.

But with large files, the index file itself may become too large to be kept in memory. One

solution is to create an index for the index file. The primary index file would contain pointers to

secondary index files which would point to actual data items.

1.3 Directory and Disk Structure

Systems may have zero or more file systems and the file systems may be of varying types.

Organizing millions of files involves use of directories.

Storage Structure: A disk can be used in its entirety for a file system. But at times, it is

desirable to place multiple file systems on a disk or to use parts of a disk for a file system and other

parts for other things. These parts are known variously as partitions, slices or minidisks. A file

system can be created on each of these parts of the disk. These parts can be combined together to

form larger structures known as volumes and file systems can be created on these too. Each volume

can be thought of as a virtual disk. Volumes can also store multiple OS’s allowing a system to boot

and run more than one. Each volume that contains a file system must also contain information about

the files in the system. This information is kept in entries in a device directory or volume table of

contents. The device directory/directory records information for all files on that volume.

188

UNIT - IV

Directory Overview

The directory can be viewed as a symbol table that translates file names into their directory

entries. The operations that can be performed on the directory are:

Search for a file: We need to be able to search a directory structure to find the entry for a particular file. Since files have symbolic names, and similar names may indicate a relationship among files, we may want to be able to find all files whose names match a particular pattern.Create a file: New files need to be created and added to the directory.Delete a file: When a file is no longer needed, we want to be able to remove it from the directory.

List a directory. We need to be able to list the files in a directory and the contents of the directory

entry for each file in the list.

Rename a file. Because the name of a file represents its contents to its users, we must be able to

change the name when the contents or use of the file changes. Renaming a file may also allow its

position within the directory structure to be changed.

Traverse the file system. We may wish to access every directory and every file within a directory

structure. For reliability, it is a good idea to save the contents and structure of the entire file system at

regular intervals. Often, we do this by copying all files to magnetic tape. This technique provides a

backup copy in case of system failure. In addition, if a file is no longer in use, the file can be copied

to tape and the disk space of that file released for reuse by another file.189

UNIT - IV

Single level directory

The simplest directory structure is the single level directory. All files are contained in the

same directory which is easy to support and understand. But this implementation has limitations

when the number of files increases or when the system has more than one user. Since all files are in

same directory, all files names must be unique. Keeping track of so many files is a difficult task. A

single user on a single level directory may find it difficult to remember the names of all the files as

the number of files increases.

Two level directories: In the two level directory structure, each user has his own user file directory

(UFD). The UFD’s have similar structures but each lists only the files of a single user. When a user

job starts or a user logs in, the system’s master file directory (MFD) is searched. The MFD is

indexed by user name or account number and each entry points to the UFD for that user. When a user

refers to a particular file, only his own UFD is searched. Different users may have files with the same

name as long as all the files names within each UFD are unique.

Root of the tree is MFD. Its direct descendants are UFDs. The descendants of the UFDs are

the files themselves. The files are the leaves of the tree. The sequence of directories searched when a

file is names is called the search path. Although the two level directory structures solve the name

collision problem, it still has disadvantages.

This structure isolates on user from another. Isolation is an advantage when the users are

completely independent but a disadvantage when the users want to cooperate on some task and to

access one another’s files.190

UNIT - IV

Tree Structured Directories

Here, we extend the two level directories to a tree of arbitrary height. This generalization

allows users to create their own subdirectories and to organize their files accordingly. A tree is the

most common directory structure. The tree has a root directory and every file in the system has a

unique path name. A directory contains a set of files or sub directories. All directories have the same

internal format. One bit in each directory entry defines the entry as a file (0) or as a subdirectory (1).

Each process has a current directory. The current directory should contain most of the files

that are of current interest to the process.

Path names can be of two types – absolute and relative. An absolute path name begins at the

root and follows a path down to the specified file giving the directory names on the path. A relative

path name defines a path from the current directory.

Deletion of directory under tree structured directory – If a directory is empty, its entry in the

directory that contains it can simply be deleted. If the directory to be deleted is not empty, then use

one of the two approaches –

User must first delete all the files in that directory

If a request is made to delete a directory, all the directory’s files and sub directories are also

to be deleted.

A path to a file in a tree structured directory can be longer than a path in a two level

directory.

191

UNIT - IV

Acyclic graph directories

A tree structure prohibits the sharing of files and directories. An acyclic graph i.e. a graph

with no cycles allows directories to share subdirectories and files. The same file or subdirectory may

be in two different directories.

With a shared file, only one actual file exists. Sharing is particularly important for

subdirectories. Shared files and subdirectories can be implemented in several ways. One way is to

create a new directory entry called a link. A link is a pointer to another file or subdirectory. Another

approach in implementing shared files is to duplicate all information about them in both sharing

directories.

An acyclic graph directory structure is flexible than a tree structure but it is more complex.

Several problems may exist such as multiple absolute path names or deletion.

General graph directory

A problem with using an acyclic graph structure is ensuring that there are no cycles.

The primary advantage of an acyclic graph is the relative simplicity of the algorithms to

traverse the graph and to determine when there are no more references to a file. If cycles are allowed

to exist in the directory, avoid searching any component twice. A similar problem exists when we are 192

UNIT - IVtrying to determine when a file can be deleted. The difficulty is to avoid cycles as new links are

added to the structure.

1.4 File system mounting:

A file system must be mounted before it can be available to processes on the system. OS is

given the name of the device and a mount point – the location within the file structure where the file

system is to be attached. This mount point is an empty directory. Next, OS verifies that the device

contains a valid file system. It does so by asking the device driver to read the device directory and

verifying that the directory has the expected format. Finally OS notes in its directory structure that a

file system is mounted at the specified mount point.

1.5 File Sharing

File sharing is desirable for users who want to collaborate and to reduce the effort required to

achieve a computing goal.

Multiple users When an OS accommodates multiple users, the issues of file sharing, file

naming and file protection become preeminent. System mediates file sharing. The system can either

allow a user to access the files of other users by default or require that a user specifically grant access

to the files.

Remote File Systems Networking allows sharing of resources spread across a campus or

even around the world. One obvious resource to share is data in the form of files.

The first implemented file sharing is method involves manually transferring files between

machines via programs like ftp. The second major method uses a distributed file system in which

remote directories are visible from a local machine. The third method is through WWW. ftp is used

for both anonymous and authenticated access. Anonymous access allows a user to transfer files

without having an account on the remote system. WWW uses anonymous files exchange almost

193

UNIT - IVexclusively. DFS involves a much tighter integration between the machine that is accessing the

remote files and the machine providing the files.

Client Server Model

Remote file systems allow a computer to mount one or more file systems from one or more

remote machines. Here the machine containing the files is the server and the machine seeking access

to the files is the client. A server can serve multiple clients and a client can use multiple servers

depending on the implementation details of a given client server facility. Once the remote file system

is mounted, file operation requests are sent on behalf of the user across the network to the server via

the DFS protocol.

Distributed Information Systems To make client server systems easier to manage, distributed

information systems also known as distributed naming services provide unified access to the

information needed for remote computing. The domain name system provides host name to network

address translations for the entire Internet.

Failure Modes:

Local file systems can fail for a variety of reasons including failure of the disk containing the

file system, corruption of the delivery structure or other disk management information, disk

controller failure, cable failure and host adapter failure. User or system administrator failure can also

cause files to be lost or entire directories or volumes to be deleted. Many of these failures will cause

a host to crash and an error condition to be displayed and human intervention will be required to

repair the damage.

Remote fail systems have even more failure modes. In the case of networks, the network can

be interrupted between two hosts. Such interruption can result from hardware failure, poor hardware

configuration or networking implementation issues. 194

UNIT - IV

For a recovery from a failure, some kind of state information may be maintained on both the

client and server.

Consistency semantics: These represent an important criterion for evaluating any file system

that supports file sharing. These semantics specify how multiple users of a system are to access a

shared file simultaneously. These are typically implemented as code with the file system.

1.6 Protection

When information is stored in a computer system, it should be kept safe from physical

damage (reliability) and improper access (protection). Reliability is provided by duplicate copies of

files. Protection can be provided in many ways such as physically removing the floppy disks and

locking them up.

Types of Access Complete protection to files can be provided by prohibiting access. Systems

that do not permit access to the files of other users do not need protection. Both these approaches are

extreme. Hence controlled access is required. Protection mechanisms provide controlled access by

limiting the types of file access that can be made. Access is permitted or denied depending on many

factors. Several different types of operations may be controlled –

Read Write Execute Append Delete List

Other operations such as renaming, copying etc may also be controlled.

Access Control: The most common approach to the protection problem is to make access

dependent on the identity of the user. The most general scheme to implement identity- dependent

access is to associate with each file and directory an access- control list (ACL) specifying user names

and the types of access allowed for each user. This approach has the advantage of enabling complex

access methodologies. The main problem with access lists is their length. To condense the length of

the access control list, many systems recognize three classifications of users in connection with each

file:

a) Owner: user who created the file b) Group: set of users who are sharing the file and need similar access c) Universe: all other users in the system

With the more limited protection classification, only three fields are needed to define

protection. Each field is a collection of bits and each bit either allows or prevents the access

195

UNIT - IVassociated with it. A separate field is kept for the file owner for the file’s group and for all the other

users.

Other Protection Approaches

Another approach to protection problem is to associate a password with each file. If the

passwords are chosen randomly and changed often, this scheme may be effective in limiting access

to a file. Use of passwords has certain disadvantages –

1. The number of passwords that a user needs to remember may become large making the scheme

impractical.

2. If only one password is used for all the files, then once it is discovered, all files are accessible.

196

UNIT - IV

File system Implementation

The file system provides the mechanism for on line storage and access to file contents

including data and programs. The file system resides permanently on secondary storage which is

designed to hold a large amount of data permanently.

2.1 File System Structure

Disks provide the bulk of secondary storage on which a file system is maintained. They have

two characteristics that make them a convenient medium for storing multiple files:

A disk can be rewritten in place; it is possible to read a block from the disk, modify the block

and write it back into the same place.

A disk an access directly any given block of information it contains. It is simple to access any

file sequentially or randomly and switching from one file to another requires only moving the

read – write heads and waiting for the disk to rotate.

To improve I/O efficiency, I/O transfers between memory and disk are performed in units of

blocks. Each block has one or more sectors.

To provide efficient and convenient access to the disk, OS imposes one or more file systems to

allow the data to be stored, located and retrieved easily. The file system is composed of many

different levels

197

UNIT - IVEach level in the design uses the features of lower levels to create new features for use by higher

levels.

The lowest levels, I/O control consists of device drivers and interrupt handlers to transfer

information between the main memory and the disk system.

The basic file system needs to issue generic commands to appropriate device driver to read

and write physical blocks on the disk.

The file organization module knows about files and their logical blocks as well as physical

blocks.

The logical file system manages metadata information. Metadata includes all of the file

system structure except the actual data.

A file control block contains information about the file including ownership, permissions and

location of the file contents.

2.2 File System Implementation OS’s implement open() and close() system calls for processes to request access to file contents.

Overview

Several on disk and in memory structures are used to implement a file system. These structures vary

depending on the OS and the file system.

File system may contain information such as:

Boot control block - In UFS, it is called the boot block; in NTFS it is partition boot sector.

Volume control block – In UFS, it is called a super block; in NTFS it is stored in the master

file table

A directory structure per file system is used to organize the files. In UFS, this includes file

names and associated inode numbers. In NTFS, it is stored in master file table.

A per fie FCB contains many details about the file, including file permissions, ownership,

size and location of data blocks. In UFS, it is called the inode. In NTFS this is stored within

the master file table which uses a relational database structure.

The structures may include the ones described below

An in memory mount table contains information about each mounted volume

An in memory directory structure cache holds the directory information of recently accessed

directories.

The system wide open file table contains a copy of the FCB of each open file

198

UNIT - IV

The per process open file table contains a pointer to the appropriate entry in the system wide

open file table.

Partitions and Mounting

The layout of a disk can have many variations depending on the OS. A disk can be sliced into

multiple partitions or a volume can span multiple partitions on multiple disks. Each partition can be

either raw containing no file system or may contain a file system. Raw disk is used where no file

system is appropriate. The root partition which contains OS kernel and sometimes other system files

is mounted at boot time. As part of successful mount operation, OS verifies that the device contains a

valid file system. OS finally notes in its in-memory mount table structure that a file system is

mounted along with the type of the file system.

Virtual File Systems

An optimal method of implementing multiple types of file systems is to write directory and

file routines for each type. Most operating systems use object oriented techniques to simplify,

organize and modularize the implementation. Data structures and procedures are used to isolate the

basic system call functionality from the implementation details. Thus, file system implementation

consists of three major layers

199

UNIT - IV

The first layer is the file system interface based on system calls and on file descriptors. The second

layer is called virtual file system layer which serves two important functions:

Separates file system generic operations from their implementation by defining a clean VFS

interface.

VFS provides a mechanism for uniquely representing a file throughout a network.VFS is based

on a file representation structure called vnode that contains a numerical designator for a network

wide unique file.

Thus, VFS distinguishes local files from remote ones and local files are further distinguished

according to their file system types.

2.3 Directory Implementation The selection of directory allocation and directory management algorithms significantly

affects the efficiency, performance and reliability of the file system.

Linear List The simplest method of implementing a directory is to use a linear list of file

names with pointers to the data blocks. This method is simple to program but time consuming to

execute. The real disadvantage of a linear list of directory entries is that finding a file requires a

linear search.

Hash Table Another data structure used for a file directory is a hash table. With this method,

a linear list stores the directory entries but a hash data structure is also used. The hash table takes a

value computed from the file name and returns a pointer to the file name in the linear list. The major

difficulties with a hash table are its generally fixed size and the dependence of the hash function on

that size.

2.4 Allocation Methods

200

UNIT - IV

The direct access nature of disks allows flexibility in the implementation of files. The main

problem here is how to allocate space to these files so that disk space is utilized effectively and files

can be accessed quickly. Three major methods of allocating disk space are:

Contiguous

Linked

Indexed

Contiguous Allocation This allocation requires that each file occupy a set of contiguous

blocks on the disk. The number of disk seeks required for accessing contiguously allocated files

is minimal. Contiguous allocation of a file is defined by the disk address and length of the first

block. Accessing a file that has been contiguously allocated is easy. Both sequential and direct

access can be supported by contiguous allocation. Disadvantage is finding space for a new file.

This problem can be seen as a particular application of general dynamic storage allocation

problem which involves how to satisfy a request of size n form a list of free holes. First fit and best

fit are the most common strategies used to select a free hole from the set of available holes.

These algorithms suffer from external fragmentation. As files are allocated and deleted, the

free disk space is broken into little pieces. External fragmentation exists whenever free space is

broken into chunks. For solving the fragmentation problem, compact all free space into one

contiguous space.

201

UNIT - IV

Another problem with contiguous allocation is determining how much space is needed for a

file. Pre allocation of memory space to a file may be insufficient. A file may be allocated space for its

final size but large amount of that space will remain unused for a long time. The file therefore has a

large amount of internal fragmentation.

To minimize these drawbacks, some operating systems use a modified contiguous allocation

scheme. Here a contiguous chunk of space is allocated initially and if that amount proves not to be

large enough another chunk of contiguous space called extent is added. Internal fragmentation can

still be a problem if the extents are too large and external fragmentation can become a problem as

extents of varying sizes are allocated and de allocated.

Linked Allocation

This solves all problems of contiguous allocation. Each file is a linked list of disk blocks; the

disk blocks may be scattered anywhere on the disk. The directory contains a pointer to the first and

last blocks of the file. Each block contains a pointer to the next block. There is no external

fragmentation with linked allocation and any free block on the free space list can be used to satisfy a

request. But the major problem is that it can be used effectively only for sequential access files. It is

inefficient to support a direct access capability for linked allocation files. Another disadvantage is

space required for pointers.

Solution to this problem is to collect blocks into multiples called clusters and to allocate

clusters rather than blocks. This method allows logical to physical block mapping to remain simple

but improved disk through put and decreases the space needed for block allocation and free list

management. This increases internal fragmentation because more space is wasted when a cluster is

partially full than when a block is partially full. Another problem of linked allocation is reliability.

202

UNIT - IV

Indexed Allocation

Linked allocation solves external fragmentation and size declaration problems of contiguous

allocation. In the absence of FAT, linked allocation cannot support efficient direct access since the

pointers to the blocks are scattered with the blocks themselves all over the disk and must be retrieved

in order. Indexed allocation solves this problem by bringing all pointers together into one location –

index block. Each file has its own index block which is an array of disk block addresses.

203

UNIT - IV

Indexed allocation supports direct access without suffering from external fragmentation

because any free block on the disk can satisfy a request for more space. But indexed allocation

suffers from wasted space. Every file must have an index block so it should be as small as possible.

But if it is too small, it will not be able to hold enough pointers for a large file and a mechanism will

have to be available to deal with this issue. Mechanisms for this purpose include –

1. Linked scheme

An index block is normally one disk block. Thus, it can be read and written directly by itself. To

allow for large files, we can link together several index blocks. For example, an index blockmight contain

a small header giving the name of the file and a set of the first 100 disk-block addresses. The next address

(the last word in the index block) is null (for a small file) or is a pointer to another index block (for a large

file).

2. Multilevel index

A variant of linked representation uses a first-level index block to point to a set of second-level

index blocks, which in turn point to the file blocks. To access a block, the operating system uses the

first-level index to find a second-level index block and then uses that block to find the desired data

block. This approach could be continued to a third or fourth level, depending on the desired

maximum file size. With 4,096-byte blocks, we could store 1,024 four-byte pointers in an index

block. Two levels of indexes allow 1,048,576 data blocks and a file size of up to 4 GB.

3. Combined scheme

Another alternative, used in UNIX-based file systems, is to keep the first, say, 15 pointers of the index block in the file’s i node. The first 12 of these pointers point to direct blocks; that is, they contain addresses of blocks that contain data of the file. Thus, the data for small files (of no more than 12 blocks) do not need a separate index block. If the block size is 4 KB, then up to 48 KB of data can be accessed directly. The next three pointers point to indirect blocks. The first points to a single indirect block, which is an index block containing not data but the addresses of blocks that do contain data. The second points to a double indirect block, which contains the address of a block that contains the addresses of blocks that contain pointers to the actual data blocks. The last pointer contains the address of a triple indirect block.

204

UNIT - IV

Indexed allocation scheme suffers from some of the same performance problems as does

linked allocation.

Performance

The allocation methods vary in their storage efficiency and data block access times. Both are

important in selecting the proper method for an operating system to implement. Before selecting an

allocation method, determine how systems will be used. For any type of access, contiguous allocation

requires only one access to get a disk block. For linked allocation, we can keep the address of the

next block in memory and read it directly. This method is fine for sequential access. Hence some

systems support direct access files by using contiguous allocation and sequential access by linked

allocation.

2.5 Free Space Management Since disk space is limited, we should reuse the space from deleted files for new files. To

keep track of free disk space, the system maintains a free space list. The free space list records all

free disk blocks – those not allocated to some file or directory. This free space list can be

implemented as one of the following:

a) Bit vector: free space list is implemented as a bit map or a bit vector. Each block is represented by

one bit. If the block is free, bit is 1, if the block is allocated, bit is 0.

The main advantage of this approach is its relative simplicity and its efficiency in finding the

first free block or n consecutive free blocks on the disk. The calculation of the block number is

(Number of bits per word) * (number of 0-value words) + offset of first 1 bit

b) Linked list: Another approach to free space management is to link together all the free disk blocks

keeping a pointer to the first free block in a special location on the disk and caching it in memory.

The first block contains a pointer to the next free disk block.

c) Grouping: A modification of the free list approach is to store the addresses of n free blocks in the

first free block.

d) Counting: Another approach is to take advantage of the fact that several contiguous blocks may

be allocated or freed simultaneously when space is allocated with the contiguous allocation algorithm

or clustering.

Efficiency and Performance Disks tend to represent a major bottleneck in system performance since they are the slowest main

computer component.

205

UNIT - IVEfficiency

The efficient use of disk space depends heavily on the disk allocation and directory

algorithms in use. Refer to this website for more information about disk efficiency

Performance

Most disk controllers include local memory to form an on board cache that is large enough to

store entire tracks at a time. Once a seek is performed, the track is read into the disk cache starting at

the sector under the disk head. The disk controller then transfers any sector requests to OS. Some

systems maintain a separate section of main memory for a buffer cache where blocks are kept under

the assumption that they will be used again. Other systems cache file data using a page cache. The

page cache uses virtual memory techniques to cache file data as pages rather than as a file system

oriented blocks. Caching file data using

virtual addresses is more efficient than caching through physical disk blocks as accesses

interface with virtual memory rather than the file system. Several systems use page caching to cache

both process pages and file data. This is known as unified buffer cache.

206

UNIT - IV

There are other issues that can affect the performance of I/O such as whether writes to the file

system occur synchronously or asynchronously. Synchronous writes occur in the order in which the

disk subsystem receives them and the writes are not buffered. Asynchronous writes are done the

majority of the time.

Some systems optimize their page cache by using different replacement algorithms

depending on the access type of the file. Sequential access can be optimized by techniques known as

free behind and read ahead. Free behind removes a page from buffer as soon as the next page is

requested. With read ahead, a requested page and several subsequent pages are read and cached.

207

OPERATING SYSTEMS Unit - V

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

LECTURER NOTES

OPERATING SYSTEMS

PREPARED BY:


208 AVR&SVR CET, NANDYAL


UNIT V

I/O systems: I/O Hardware, Application I/O interface, Kernel I/O subsystem, Transforming I/O requests

to Hardware operations.

Protection: Goals of Protection, Principles of Protection, Domain of protection, Access Matrix,

Implementation of Access Matrix, Access control, Revocation of Access Rights, Capability- Based

systems, Language – Based Protection

Security: The Security problem, Program threats, System and Network threats, Cryptography as a

security tool, User authentication, Implementing security defenses, Firewalling to protect systems and

networks, Computer–security classifications.

15.1 The Security Problem

Security refers to providing a protection system to computer system resources such as

CPU, memory, disk, software programs and most importantly data/information stored in the

computer system. If a computer program is run by unauthorized user then he/she may cause

severe damage to computer or data stored in it. So a computer system must be protected against

unauthorized access, malicious access to system memory, viruses, worms etc. Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and

availability.

OS security refers to specified steps or measures used to protect the OS from threats,

viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-

control techniques, which safeguard any computer assets capable of being stolen, edited or

deleted if OS security is compromised.

Some of the most common types of violations include:

o Breach of Confidentiality - Theft of private or confidential information, such as

credit-card numbers, trade secrets, patents, secret formulas, manufacturing

procedures, medical information, financial information, etc.

o Breach of Integrity - Unauthorized modification of data, which may have serious

indirect consequences. For example a popular game or other program's source

code could be modified to open up security holes on users systems before being

released to the public.



o Breach of Availability - Unauthorized destruction of data, often just for the "fun"

of causing havoc and for bragging rites. Vandalism of web sites is a common

form of this violation.

o Theft of Service - Unauthorized use of resources, such as theft of CPU cycles,

installation of daemons running an unauthorized file server, or tapping into the

target's telephone or networking services.

o Denial of Service, DOS - Preventing legitimate users from using the system, often

by overloading and overwhelming the system with an excess of requests for

service.

One common attack is masquerading, in which the attacker pretends to be a trusted third

party. A variation of this is the man-in-the-middle, in which the attacker masquerades as

both ends of the conversation to two targets.

A replay attack involves repeating a valid transmission. Sometimes this can be the entire

attack, ( such as repeating a request for a money transfer ), or other times the content of

the original message is replaced with malicious content.



Figure 15.1 - Standard security attacks.

There are four levels at which a system must be protected:

1. Physical - The easiest way to steal data is to pocket the backup tapes. Also,

access to the root console will often give the user special privileges, such as

rebooting the system as root from removable media. Even general access to

terminals in a computer room offers some opportunities for an attacker, although

today's modern high-speed networking environment provides more and more

opportunities for remote attacks.

2. Human - There is some concern that the humans who are allowed access to a

system be trustworthy, and that they cannot be coerced into breaching security.

However more and more attacks today are made via social engineering, which

basically means fooling trustworthy people into accidentally breaching security.

Phishing involves sending an innocent-looking e-mail or web site

designed to fool people into revealing confidential information. E.g. spam

e-mails pretending to be from e-Bay, PayPal, or any of a number of banks

or credit-card companies.

Dumpster Diving involves searching the trash or other locations for

passwords that are written down. ( Note: Passwords that are too hard to

remember, or which must be changed frequently are more likely to be

written down somewhere close to the user's station. )

Password Cracking involves divining users passwords, either by

watching them type in their passwords, knowing something about them

like their pet's names, or simply trying all words in common dictionaries.

( Note: "Good" passwords should involve a minimum number of

characters, include non-alphabetical characters, and not appear in any

dictionary ( in any language ), and should be changed frequently. Note

also that it is proper etiquette to look away from the keyboard while

someone else is entering their password. )



3. Operating System - The OS must protect itself from security breaches, such as

runaway processes ( denial of service ), memory-access violations, stack overflow

violations, the launching of programs with excessive privileges, and many others.

4. Network - As network communications become ever more important and

pervasive in modern computing environments, it becomes ever more important to

protect this area of the system. ( Both protecting the network itself from attack,

and protecting the local system from attacks coming in through the network. )

This is a growing area of concern as wireless communications and portable

devices become more and more prevalent.

15.2 Program Threats

There are many common threats to modern systems. Only a few are discussed here.

15.2.1 Trojan Horse

A Trojan Horse is a program that secretly performs some maliciousness in addition to its

visible actions.

Some Trojan horses are deliberately written as such, and others are the result of

legitimate programs that have become infected with viruses, ( see below. )

One dangerous opening for Trojan horses is long search paths, and in particular paths

which include the current directory ( "." ) as part of the path. If a dangerous program

having the same name as a legitimate program ( or a common mis-spelling, such as "sl"

instead of "ls" ) is placed anywhere on the path, then an unsuspecting user may be fooled

into running the wrong program by mistake.

Another classic Trojan Horse is a login emulator, which records a users account name

and password, issues a "password incorrect" message, and then logs off the system. The

user then tries again ( with a proper login prompt ), logs in successfully, and doesn't

realize that their information has been stolen.

Two solutions to Trojan Horses are to have the system print usage statistics on logouts,

and to require the typing of non-trappable key sequences such as Control-Alt-Delete in

order to log in. ( This is why modern Windows systems require the Control-Alt-Delete



sequence to commence logging in, which cannot be emulated or caught by ordinary

programs. I.e. that key sequence always transfers control over to the operating system. )

Spyware is a version of a Trojan Horse that is often included in "free" software

downloaded off the Internet. Spyware programs generate pop-up browser windows, and

may also accumulate information about the user and deliver it to some central site. ( This

is an example of covert channels, in which surreptitious communications occur. )

Another common task of spyware is to send out spam e-mail messages, which then

purportedly come from the infected user.

15.2.2 Trap Door

A Trap Door is when a designer or a programmer ( or hacker ) deliberately inserts a

security hole that they can use later to access the system.

Because of the possibility of trap doors, once a system has been in an untrustworthy state,

that system can never be trusted again. Even the backup tapes may contain a copy of

some cleverly hidden back door.

A clever trap door could be inserted into a compiler, so that any programs compiled with

that compiler would contain a security hole. This is especially dangerous, because

inspection of the code being compiled would not reveal any problems.

15.2.3 Logic Bomb

A Logic Bomb is code that is not designed to cause havoc all the time, but only when a

certain set of circumstances occurs, such as when a particular date or time is reached or

some other noticeable event.

A classic example is the Dead-Man Switch, which is designed to check whether a certain

person ( e.g. the author ) is logging in every day, and if they don't log in for a long time

( presumably because they've been fired ), then the logic bomb goes off and either opens

up security holes or causes other problems.



15.2.4 Stack and Buffer Overflow

This is a classic method of attack, which exploits bugs in system code that allows buffers

to overflow. Consider what happens in the following code, for example, if argv[ 1 ]

exceeds 256 characters:

o The strcpy command will overflow the buffer, overwriting adjacent areas of

memory.

o ( The problem could be avoided using strncpy, with a limit of 255 characters

copied plus room for the null byte. )

#include

#define BUFFER_SIZE 256

int main( int argc, char * argv[ ] )

{

char buffer[ BUFFER_SIZE ];

if( argc < 2 )

return -1;

else {

strcpy( buffer, argv[ 1 ] );

return 0;

}

}

Figure 15.2 - C program with buffer-overflow condition.



So how does overflowing the buffer cause a security breach? Well the first step is to

understand the structure of the stack in memory:

The "bottom" of the stack is actually at a high memory address, and the stack grows

towards lower addresses.

However the address of an array is the lowest address of the array, and higher array

elements extend to higher addresses. ( I.e. an array "grows" towards the bottom of the

stack.

In particular, writing past the top of an array, as occurs when a buffer overflows with too

much input data, can eventually overwrite the return address, effectively changing where

the program jumps to when it returns.

Figure 15.3 - The layout for a typical stack frame.

Now that we know how to change where the program returns to by overflowing the

buffer, the second step is to insert some nefarious code, and then get the program to jump

to our inserted code.

Our only opportunity to enter code is via the input into the buffer, which means there isn't

room for very much. One of the simplest and most obvious approaches is to insert the

code for "exec( /bin/sh )". To do this requires compiling a program that contains this

instruction, and then using an assembler or debugging tool to extract the minimum extent

that includes the necessary instructions.

The bad code is then padded with as many extra bytes as are needed to overflow the

buffer to the correct extent, and the address of the buffer inserted into the return address

location. ( Note, however, that neither the bad code or the padding can contain null bytes,

which would terminate the strcpy. )



The resulting block of information is provided as "input", copied into the buffer by the

original program, and then the return statement causes control to jump to the location of

the buffer and start executing the code to launch a shell.

Figure 15.4 - Hypothetical stack frame for Figure 15.2, (a) before and (b) after.

Unfortunately famous hacks such as the buffer overflow attack are well published and

well known, and it doesn't take a lot of skill to follow the instructions and start attacking

lots of systems until the law of averages eventually works out. ( Script Kiddies are those

hackers with only rudimentary skills of their own but the ability to copy the efforts of

others. )

Fortunately modern hardware now includes a bit in the page tables to mark certain pages

as non-executable. In this case the buffer-overflow attack would work up to a point, but

as soon as it "returns" to an address in the data space and tries executing statements there,

an exception would be thrown crashing the program.

15.2.5 Viruses

A virus is a fragment of code embedded in an otherwise legitimate program, designed to

replicate itself ( by infecting other programs ), and ( eventually ) wreaking havoc.

Viruses are more likely to infect PCs than UNIX or other multi-user systems, because

programs in the latter systems have limited authority to modify other programs or to

access critical system structures ( such as the boot block. )

Viruses are delivered to systems in a virus dropper, usually some form of a Trojan Horse,

and usually via e-mail or unsafe downloads.

Viruses take many forms ( see below. ) Figure 15.5 shows typical operation of a boot

sector virus:



Figure 15.5 - A boot-sector computer virus.

Some of the forms of viruses include:

File - A file virus attaches itself to an executable file, causing it to run the virus

code first and then jump to the start of the original program. These viruses are

termed parasitic, because they do not leave any new files on the system, and the

original program is still fully functional.

Boot - A boot virus occupies the boot sector, and runs before the OS is loaded.

These are also known as memory viruses, because in operation they reside in

memory, and do not appear in the file system.

Macro - These viruses exist as a macro ( script ) that are run automatically by

certain macro-capable programs such as MS Word or Excel. These viruses can

exist in word processing documents or spreadsheet files.

Source code viruses look for source code and infect it in order to spread.

Polymorphic viruses change every time they spread - Not their underlying

functionality, but just their signature, by which virus checkers recognize them.

Encrypted viruses travel in encrypted form to escape detection. In practice they

are self-decrypting, which then allows them to infect other files.

Stealth viruses try to avoid detection by modifying parts of the system that could

be used to detect it. For example the read( ) system call could be modified so that

if an infected file is read the infected part gets skipped and the reader would see

the original unadulterated file.



Tunneling viruses attempt to avoid detection by inserting themselves into the

interrupt handler chain, or into device drivers.

Multipartite viruses attack multiple parts of the system, such as files, boot sector,

and memory.

Armored viruses are coded to make them hard for anti-virus researchers to decode

and understand. In addition many files associated with viruses are hidden,

protected, or given innocuous looking names such as "...".

In 2004 a virus exploited three bugs in Microsoft products to infect hundreds of

Windows servers ( including many trusted sites ) running Microsoft Internet

Information Server, which in turn infected any Microsoft Internet Explorer web

browser that visited any of the infected server sites. One of the back-door

programs it installed was a keystroke logger, which records users keystrokes,

including passwords and other sensitive information.

There is some debate in the computing community as to whether a monoculture,

in which nearly all systems run the same hardware, operating system, and

applications, increases the threat of viruses and the potential for harm caused by

them.

15.3 System and Network Threats

Most of the threats described above are termed program threats, because they attack

specific programs or are carried and distributed in programs. The threats in this section

attack the operating system or the network itself, or leverage those systems to launch

their attacks.

15.3.1 Worms

A worm is a process that uses the fork / spawn process to make copies of itself in order to

wreak havoc on a system. Worms consume system resources, often blocking out other,

legitimate processes. Worms that propagate over networks can be especially problematic,

as they can tie up vast amounts of network resources and bring down large-scale systems.



One of the most well-known worms was launched by Robert Morris, a graduate student

at Cornell, in November 1988. Targeting Sun and VAX computers running BSD UNIX

version 4, the worm spanned the Internet in a matter of a few hours, and consumed

enough resources to bring down many systems.

This worm consisted of two parts:

1. A small program called a grappling hook, which was deposited on the target

system through one of three vulnerabilities, and

2. The main worm program, which was transferred onto the target system and

launched by the grappling hook program.

Figure 15.6 - The Morris Internet worm.

The three vulnerabilities exploited by the Morris Internet worm were as follows:

1. rsh ( remote shell ) is a utility that was in common use at that time for accessing

remote systems without having to provide a password. If a user had an account on

two different computers ( with the same account name on both systems ), then the

system could be configured to allow that user to remotely connect from one

system to the other without having to provide a password. Many systems were

configured so that any user ( except root ) on system A could access the same

account on system B without providing a password.

2. finger is a utility that allows one to remotely query a user database, to find the

true name and other information for a given account name on a given system. For



example "finger [email protected]" would access the finger daemon at

somemachine.edu and return information regarding joeUser. Unfortunately the

finger daemon ( which ran with system privileges ) had the buffer overflow

problem, so by sending a special 536-character user name the worm was able to

fork a shell on the remote system running with root privileges.

3. sendmail is a routine for sending and forwarding mail that also included a

debugging option for verifying and testing the system. The debug feature was

convenient for administrators, and was often left turned on. The Morris worm

exploited the debugger to mail and execute a copy of the grappling hook program

on the remote system.

Once in place, the worm undertook systematic attacks to discover user passwords:

1. First it would check for accounts for which the account name and the password

were the same, such as "guest", "guest".

2. Then it would try an internal dictionary of 432 favorite password choices. ( I'm

sure "password", "pass", and blank passwords were all on the list. )

3. Finally it would try every word in the standard UNIX on-line dictionary to try and

break into user accounts.

Once it had gotten access to one or more user accounts, then it would attempt to use those

accounts to rsh to other systems, and continue the process.

With each new access the worm would check for already running copies of itself, and 6

out of 7 times if it found one it would stop. ( The seventh was to prevent the worm from

being stopped by fake copies. )

Fortunately the same rapid network connectivity that allowed the worm to propagate so

quickly also quickly led to its demise - Within 24 hours remedies for stopping the worm

propagated through the Internet from administrator to administrator, and the worm was

quickly shut down.

There is some debate about whether Mr. Morris's actions were a harmless prank or

research project that got out of hand or a deliberate and malicious attack on the Internet.

However the court system convicted him, and penalized him heavy fines and court costs.

There have since been many other worm attacks, including the W32.Sobig.F@mm attack

which infected hundreds of thousands of computers and an estimated 1 in 17 e-mails in



August 2003. This worm made detection difficult by varying the subject line of the

infection-carrying mail message, including "Thank You!", "Your details", and "Re:

Approved".

15.3.2 Port Scanning

Port Scanning is technically not an attack, but rather a search for vulnerabilities to

attack. The basic idea is to systematically attempt to connect to every known ( or

common or possible ) network port on some remote machine, and to attempt to make

contact. Once it is determined that a particular computer is listening to a particular port,

then the next step is to determine what daemon is listening, and whether or not it is a

version containing a known security flaw that can be exploited.

Because port scanning is easily detected and traced, it is usually launched from zombie

systems, i.e. previously hacked systems that are being used without the knowledge or

permission of their rightful owner. For this reason it is important to protect "innocuous"

systems and accounts as well as those that contain sensitive information or special

privileges.

There are also port scanners available that administrators can use to check their own

systems, which report any weaknesses found but which do not exploit the weaknesses or

cause any problems. Two such systems are nmap ( http://www.insecure.org/nmap )

and nessus ( http://www.nessus.org ). The former identifies what OS is found, what

firewalls are in place, and what services are listening to what ports. The latter also

contains a database of known security holes, and identifies any that it finds.

15.3.3 Denial of Service

Denial of Service ( DOS ) attacks do not attempt to actually access or damage systems,

but merely to clog them up so badly that they cannot be used for any useful work. Tight

loops that repeatedly request system services are an obvious form of this attack.

DOS attacks can also involve social engineering, such as the Internet chain letters that

say "send this immediately to 10 of your friends, and then go to a certain URL", which

clogs up not only the Internet mail system but also the web server to which everyone is


http://www.nessus.org/

http://www.insecure.org/nmap


directed. ( Note: Sending a "reply all" to such a message notifying everyone that it was

just a hoax also clogs up the Internet mail service, just as effectively as if you had

forwarded the thing. )

Security systems that lock accounts after a certain number of failed login attempts are

subject to DOS attacks which repeatedly attempt logins to all accounts with invalid

passwords strictly in order to lock up all accounts.

Sometimes DOS is not the result of deliberate maliciousness. Consider for example:

o A web site that sees a huge volume of hits as a result of a successful advertising

campaign.

o CNN.com occasionally gets overwhelmed on big news days, such as Sept 11,

2001.

o CS students given their first programming assignment involving fork( ) often

quickly fill up process tables or otherwise completely consume system

resources. :-)

o ( Please use ipcs and ipcrm when working on the inter-process communications

assignment ! )

15.4 Cryptography as a Security Tool

Within a given computer the transmittal of messages is safe, reliable and secure, because

the OS knows exactly where each one is coming from and where it is going.

On a network, however, things aren't so straightforward - A rogue computer ( or e-mail

sender ) may spoof their identity, and outgoing packets are delivered to a lot of other

computers besides their ( intended ) final destination, which brings up two big questions

of security:

o Trust - How can the system be sure that the messages received are really from the

source that they say they are, and can that source be trusted?

o Confidentiality - How can one ensure that the messages one is sending are

received only by the intended recipient?

Cryptography can help with both of these problems, through a system

of secrets and keys. In the former case, the key is held by the sender, so that the recipient



knows that only the authentic author could have sent the message; In the latter, the key is

held by the recipient, so that only the intended recipient can receive the message

accurately.

Keys are designed so that they cannot be divined from any public information, and must

be guarded carefully. ( Asymmetric encryption involve both a public and a private key. )

15.4.1 Encryption

The basic idea of encryption is to encode a message so that only the desired recipient can

decode and read it. Encryption has been around since before the days of Caesar, and is an

entire field of study in itself. Only some of the more significant computer encryption

schemes will be covered here.

The basic process of encryption is shown in Figure 15.7, and will form the basis of most

of our discussion on encryption. The steps in the procedure and some of the key

terminology are as follows:

1. The sender first creates a message, m in plaintext.

2. The message is then entered into an encryption algorithm, E, along with

the encryption key, Ke.

3. The encryption algorithm generates the ciphertext, c, = E(Ke)(m). For any key k,

E(k) is an algorithm for generating ciphertext from a message, and both E and

E(k) should be efficiently computable functions.

4. The ciphertext can then be sent over an unsecure network, where it may be

received by attackers.

5. The recipient enters the ciphertext into a decryption algorithm, D, along with

the decryption key, Kd.

6. The decryption algorithm re-generates the plaintext message, m, = D(Kd)(c). For

any key k, D(k) is an algorithm for generating a clear text message from a

ciphertext, and both D and D(k) should be efficiently computable functions.

7. The algorithms described here must have this important property: Given a

ciphertext c, a computer can only compute a message m such that c = E(k)(m) if it

possesses D(k). ( In other words, the messages can't be decoded unless you have

the decryption algorithm and the decryption key. )



Figure 15.7 - A secure communication over an insecure medium.

15.4.1.1 Symmetric Encryption

With symmetric encryption the same key is used for both encryption and decryption, and

must be safely guarded. There are a number of well-known symmetric encryption

algorithms that have been used for computer security:

The Data-Encryption Standard, DES, developed by the National Institute of Standards,

NIST, has been a standard civilian encryption standard for over 20 years. Messages are

broken down into 64-bit chunks, each of which are encrypted using a 56-bit key through

a series of substitutions and transformations. Some of the transformations are hidden

( black boxes ), and are classified by the U.S. government.



DES is known as a block cipher, because it works on blocks of data at a time.

Unfortunately this is a vulnerability if the same key is used for an extended amount of

data. Therefore an enhancement is to not only encrypt each block, but also to XOR it with

the previous block, in a technique known as cipher-block chaining.

As modern computers become faster and faster, the security of DES has decreased, to

where it is now considered insecure because its keys can be exhaustively searched within

a reasonable amount of computer time. An enhancement called triple DES encrypts the

data three times using three separate keys ( actually two encryptions and one decryption )

for an effective key length of 168 bits. Triple DES is in widespread use today.

The Advanced Encryption Standard, AES, developed by NIST in 2001 to replace DES

uses key lengths of 128, 192, or 256 bits, and encrypts in blocks of 128 bits using 10 to

14 rounds of transformations on a matrix formed from the block.

The twofish algorithm, uses variable key lengths up to 256 bits and works on 128 bit

blocks.

RC5 can vary in key length, block size, and the number of transformations, and runs on a

wide variety of CPUs using only basic computations.

RC4 is a stream cipher, meaning it acts on a stream of data rather than blocks. The key is

used to seed a pseudo-random number generator, which generates a keystream of keys.

RC4 is used in WEP, but has been found to be breakable in a reasonable amount of

computer time.

15.4.1.2 Asymmetric Encryption

With asymmetric encryption, the decryption key, Kd, is not the same as the encryption

key, Ke, and more importantly cannot be derived from it, which means the encryption

key can be made publicly available, and only the decryption key needs to be kept secret. (

or vice-versa, depending on the application. )

One of the most widely used asymmetric encryption algorithms is RSA, named after its

developers - Rivest, Shamir, and Adleman.



RSA is based on two large prime numbers, p and q, ( on the order of 512 bits each ), and their

product N.

Ke and Kd must satisfy the relationship:

( Ke * Kd ) % [ ( p - 1 ) * ( q - 1 ) ] = = 1

The encryption algorithm is:

c = E(Ke)(m) = m^Ke % N

The decryption algorithm is:

m = D(Kd)(c) = c^Kd % N

An example using small numbers:

p = 7

q = 13

N = 7 * 13 = 91

( p - 1 ) * ( q - 1 ) = 6 * 12 = 72

Select Ke < 72 and relatively prime to 72, say 5

Now select Kd, such that ( Ke * Kd ) % 72 = = 1, say 29

The public key is now ( 5, 91 ) and the private key is ( 29, 91 )

Let the message, m = 42

Encrypt: c = 42^5 % 91 = 35

Decrypt: m = 35^29 % 91 = 42



Figure 15.8 - Encryption and decryption using RSA asymmetric cryptography

Note that asymmetric encryption is much more computationally expensive than

symmetric encryption, and as such it is not normally used for large transmissions. Asymmetric

encryption is suitable for small messages, authentication, and key distribution, as covered in the

following sections.

15.4.1.3 Authentication

Authentication involves verifying the identity of the entity who transmitted a message.

For example, if D(Kd)(c) produces a valid message, then we know the sender was in

possession of E(Ke).

This form of authentication can also be used to verify that a message has not been

modified



Authentication revolves around two functions, used for signatures ( or signing ), and

verification:

A signing function, S(Ks) that produces an authenticator, A, from any given message m.

A Verification function, V(Kv,m,A) that produces a value of "true" if A was created from

m, and "false" otherwise.

Obviously S and V must both be computationally efficient.

More importantly, it must not be possible to generate a valid authenticator, A, without

having possession of S(Ks).

Furthermore, it must not be possible to divine S(Ks) from the combination of ( m and A ),

since both are sent visibly across networks.

Understanding authenticators begins with an understanding of hash functions, which is

the first step:

Hash functions, H(m) generate a small fixed-size block of data known as a message

digest, or hash value from any given input data.

For authentication purposes, the hash function must be collision resistant on m. That is it

should not be reasonably possible to find an alternate message m' such that H(m') =

H(m).

Popular hash functions are MD5, which generates a 128-bit message digest, and SHA-1,

which generates a 160-bit digest.

Message digests are useful for detecting ( accidentally ) changed messages, but are not

useful as authenticators, because if the hash function is known, then someone could

easily change the message and then generate a new hash value for the modified message.

Therefore authenticators take things one step further by encrypting the message digest.

A message-authentication code, MAC, uses symmetric encryption and decryption of the

message digest, which means that anyone capable of verifying an incoming message

could also generate a new message.

An asymmetric approach is the digital-signature algorithm, which produces

authenticators called digital signatures. In this case Ks and Kv are separate, Kv is the

public key, and it is not practical to determine S(Ks) from public information. In practice

the sender of a message signs it ( produces a digital signature using S(Ks) ), and the



receiver uses V(Kv) to verify that it did indeed come from a trusted source, and that it has

not been modified.

There are three good reasons for having separate algorithms for encryption of messages

and authentication of messages:

Authentication algorithms typically require fewer calculations, making verification a

faster operation than encryption.

Authenticators are almost always smaller than the messages, improving space efficiency.

(?)

Sometimes we want authentication only, and not confidentiality, such as when a vendor

issues a new software patch.

Another use of authentication is non-repudiation, in which a person filling out an

electronic form cannot deny that they were the ones who did so.

15.4.1.4 Key Distribution

Key distribution with symmetric cryptography is a major problem, because all keys must

be kept secret, and they obviously can't be transmitted over unsecure channels. One

option is to send them out-of-band, say via paper or a confidential conversation.

Another problem with symmetric keys, is that a separate key must be maintained and

used for each correspondent with whom one wishes to exchange confidential information.

Asymmetric encryption solves some of these problems, because the public key can be

freely transmitted through any channel, and the private key doesn't need to be transmitted

anywhere. Recipients only need to maintain one private key for all incoming messages,

though senders must maintain a separate public key for each recipient to which they

might wish to send a message. Fortunately the public keys are not confidential, so this

key-ring can be easily stored and managed.

Unfortunately there are still some security concerns regarding the public keys used in

asymmetric encryption. Consider for example the following man-in-the-middle attack

involving phony public keys:



Figure 15.9 - A man-in-the-middle attack on asymmetric cryptography.

One solution to the above problem involves digital certificates, which are public keys

that have been digitally signed by a trusted third party. But wait a minute - How do we

trust that third party, and how do we know they are really who they say they are?

Certain certificate authorities have their public keys included within web browsers and

other certificate consumers before they are distributed. These certificate authorities can

then vouch for other trusted entities and so on in a web of trust, as explained more fully

in section 15.4.3.



15.4.2 Implementation of Cryptography

Network communications are implemented in multiple layers - Physical, Data Link,

Network, Transport, and Application being the most common breakdown.

Encryption and security can be implemented at any layer in the stack, with pros and cons

to each choice:

o Because packets at lower levels contain the contents of higher layers, encryption

at lower layers automatically encrypts higher layer information at the same time.

o However security and authorization may be important to higher levels

independent of the underlying transport mechanism or route taken.

At the network layer the most common standard is IPSec, a secure form of the IP layer,

which is used to set up Virtual Private Networks, VPNs.

At the transport layer the most common implementation is SSL, described below.

15.4.3 An Example: SSL

SSL ( Secure Sockets Layer ) 3.0 was first developed by Netscape, and has now evolved

into the industry-standard TLS protocol. It is used by web browsers to communicate

securely with web servers, making it perhaps the most widely used security protocol on

the Internet today.

SSL is quite complex with many variations, only a simple case of which is shown here.

The heart of SSL is session keys, which are used once for symmetric encryption and then

discarded, requiring the generation of new keys for each new session. The big challenge

is how to safely create such keys while avoiding man-in-the-middle and replay attacks.

Prior to commencing the transaction, the server obtains a certificate from a certification

authority, CA, containing:

o Server attributes such as unique and common names.

o Identity of the public encryption algorithm, E( ), for the server.

o The public key, k_e for the server.

o The validity interval within which the certificate is valid.

o A digital signature on the above issued by the CA:

a = S(K_CA )( ( attrs, E(k_e), interval )



In addition, the client will have obtained a public verification algorithm, V( K_CA ), for

the certifying authority. Today's modern browsers include these built-in by the browser

vendor for a number of trusted certificate authorities.

The procedure for establishing secure communications is as follows:

0. The client, c, connects to the server, s, and sends a random 28-byte number, n_c.

1. The server replies with its own random value, n_s, along with its certificate of

authority.

2. The client uses its verification algorithm to confirm the identity of the sender, and

if all checks out, then the client generates a 46 byte random premaster secret,

pms, and sends an encrypted version of it as cpms = E(k_s)(pms)

3. The server recovers pms as D(k_s)(cpms).

4. Now both the client and the server can compute a shared 48-byte master secret,

ms, = f( pms, n_s, n_c )

5. Next, both client and server generate the following from ms:

Symmetric encryption keys k_sc_crypt and k_cs_crypt for encrypting

messages from the server to the client and vice-versa respectively.

MAC generation keys k_sc_mac and k_cs_mac for generating

authenticators on messages from server to client and client to server

respectively.

6. To send a message to the server, the client sends:

c = E(k_cs_crypt)(m, S(k_cs_mac) )( m ) ) )

7. Upon receiving c, the server recovers:

(m,a) = D(k_cs_crypt)(c)

and accepts it if V(k_sc_mac)(m,a) is true.

This approach enables both the server and client to verify the authenticity of every

incoming message, and to ensure that outgoing messages are only readable by the process

that originally participated in the key generation.

SSL is the basis of many secure protocols,including Virtual Private Networks, VPNs, in

which private data is distributed over the insecure public internet structure in an

encrypted fashion that emulates a privately owned network.



15.5 User Authentication

A lot of chapter 14, Protection, dealt with making sure that only certain users were

allowed to perform certain tasks, i.e. that a users privileges were dependent on his or her

identity. But how does one verify that identity to begin with?

15.5.1 Passwords

Passwords are the most common form of user authentication. If the user is in possession

of the correct password, then they are considered to have identified themselves.

In theory separate passwords could be implemented for separate activities, such as

reading this file, writing that file, etc. In practice most systems use one password to

confirm user identity, and then authorization is based upon that identification. This is a

result of the classic trade-off between security and convenience.

15.5.2 Password Vulnerabilities

Passwords can be guessed.

o Intelligent guessing requires knowing something about the intended target in

specific, or about people and commonly used passwords in general.

o Brute-force guessing involves trying every word in the dictionary, or every valid

combination of characters. For this reason good passwords should not be in any

dictionary ( in any language ), should be reasonably lengthy, and should use the

full range of allowable characters by including upper and lower case characters,

numbers, and special symbols.

"Shoulder surfing" involves looking over people's shoulders while they are typing in their

password.

o Even if the lurker does not get the entire password, they may get enough clues to

narrow it down, especially if they watch on repeated occasions.

o Common courtesy dictates that you look away from the keyboard while someone

is typing their password.



o Passwords echoed as stars or dots still give clues, because an observer can

determine how many characters are in the password. :-(

"Packet sniffing" involves putting a monitor on a network connection and reading data

contained in those packets.

o SSH encrypts all packets, reducing the effectiveness of packet sniffing.

o However you should still never e-mail a password, particularly not with the word

"password" in the same message or worse yet the subject header.

o Beware of any system that transmits passwords in clear text. ( "Thank you for

signing up for XYZ. Your new account and password information are shown

below". ) You probably want to have a spare throw-away password to give these

entities, instead of using the same high-security password that you use for

banking or other confidential uses.

Long hard to remember passwords are often written down, particularly if they are used

seldomly or must be changed frequently. Hence a security trade-off of passwords that are

easily divined versus those that get written down. :-(

Passwords can be given away to friends or co-workers, destroying the integrity of the

entire user-identification system.

Most systems have configurable parameters controlling password generation and what

constitutes acceptable passwords.

o They may be user chosen or machine generated.

o They may have minimum and/or maximum length requirements.

o They may need to be changed with a given frequency. ( In extreme cases for

every session. )

o A variable length history can prevent repeating passwords.

o More or less stringent checks can be made against password dictionaries.

15.5.3 Encrypted Passwords

Modern systems do not store passwords in clear-text form, and hence there is no

mechanism to look up an existing password.



Rather they are encrypted and stored in that form. When a user enters their password, that

too is encrypted, and if the encrypted version match, then user authentication passes.

The encryption scheme was once considered safe enough that the encrypted versions

were stored in the publicly readable file "/etc/passwd".

o They always encrypted to a 13 character string, so an account could be disabled

by putting a string of any other length into the password field.

o Modern computers can try every possible password combination in a reasonably

short time, so now the encrypted passwords are stored in files that are only

readable by the super user. Any password-related programs run as setuid root to

get access to these files. ( /etc/shadow )

o A random seed is included as part of the password generation process, and stored

as part of the encrypted password. This ensures that if two accounts have the same

plain-text password that they will not have the same encrypted password.

However cutting and pasting encrypted passwords from one account to another

will give them the same plain-text passwords.

15.5.4 One-Time Passwords

One-time passwords resist shoulder surfing and other attacks where an observer is able to

capture a password typed in by a user.

o These are often based on a challenge and a response. Because the challenge is

different each time, the old response will not be valid for future challenges.

For example, The user may be in possession of a secret function f( x ). The

system challenges with some given value for x, and the user responds with

f( x ), which the system can then verify. Since the challenger gives a

different ( random ) x each time, the answer is constantly changing.

A variation uses a map ( e.g. a road map ) as the key. Today's question

might be "On what corner is SEO located?", and tomorrow's question

might be "How far is it from Navy Pier to Wrigley Field?" Obviously

"Taylor and Morgan" would not be accepted as a valid answer for the

second question!



o Another option is to have some sort of electronic card with a series of constantly

changing numbers, based on the current time. The user enters the current number

on the card, which will only be valid for a few seconds. A two-factor

authorization also requires a traditional password in addition to the number on

the card, so others may not use it if it were ever lost or stolen.

o A third variation is a code book, or one-time pad. In this scheme a long list of

passwords is generated, and each one is crossed off and cancelled as it is used.

Obviously it is important to keep the pad secure.

15.5.5 Biometrics

Biometrics involve a physical characteristic of the user that is not easily forged or

duplicated and not likely to be identical between multiple users.

o Fingerprint scanners are getting faster, more accurate, and more economical.

o Palm readers can check thermal properties, finger length, etc.

o Retinal scanners examine the back of the users' eyes.

o Voiceprint analyzers distinguish particular voices.

o Difficulties may arise in the event of colds, injuries, or other physiological

changes.

15.6 Implementing Security Defenses

15.6.1 Security Policy

A security policy should be well thought-out, agreed upon, and contained in a living

document that everyone adheres to and is updated as needed.

Examples of contents include how often port scans are run, password requirements, virus

detectors, etc.

15.6.2 Vulnerability Assessment

Periodically examine the system to detect vulnerabilities.

o Port scanning.



o Check for bad passwords.

o Look for suid programs.

o Unauthorized programs in system directories.

o Incorrect permission bits set.

o Program checksums / digital signatures which have changed.

o Unexpected or hidden network daemons.

o New entries in startup scripts, shutdown scripts, cron tables, or other system

scripts or configuration files.

o New unauthorized accounts.

The government considers a system to be only as secure as its most far-reaching

component. Any system connected to the Internet is inherently less secure than one that is

in a sealed room with no external communications.

Some administrators advocate "security through obscurity", aiming to keep as much

information about their systems hidden as possible, and not announcing any security

concerns they come across. Others announce security concerns from the rooftops, under

the theory that the hackers are going to find out anyway, and the only one kept in the dark

by obscurity are honest administrators who need to get the word.

15.6.3 Intrusion Detection

Intrusion detection attempts to detect attacks, both successful and unsuccessful attempts.

Different techniques vary along several axes:

o The time that detection occurs, either during the attack or after the fact.

o The types of information examined to detect the attack(s). Some attacks can only

be detected by analyzing multiple sources of information.

o The response to the attack, which may range from alerting an administrator to

automatically stopping the attack ( e.g. killing an offending process ), to tracing

back the attack in order to identify the attacker.

Another approach is to divert the attacker to a honeypot, on

a honeynet. The idea behind a honeypot is a computer running normal

services, but which no one uses to do any real work. Such a system should



not see any network traffic under normal conditions, so any traffic going

to or from such a system is by definition suspicious. Honeypots are

normally kept on a honeynet protected by a reverse firewall, which will let

potential attackers in to the honeypot, but will not allow any outgoing

traffic. ( So that if the honeypot is compromised, the attacker cannot use it

as a base of operations for attacking other systems. ) Honeypots are

closely watched, and any suspicious activity carefully logged and

investigated.

Intrusion Detection Systems, IDSs, raise the alarm when they detect an intrusion.

Intrusion Detection and Prevention Systems, IDPs, act as filtering routers, shutting down

suspicious traffic when it is detected.

There are two major approaches to detecting problems:

o Signature-Based Detection scans network packets, system files, etc. looking for

recognizable characteristics of known attacks, such as text strings for messages or

the binary code for "exec /bin/sh". The problem with this is that it can only detect

previously encountered problems for which the signature is known, requiring the

frequent update of signature lists.

o Anomaly Detection looks for "unusual" patterns of traffic or operation, such as

unusually heavy load or an unusual number of logins late at night.

The benefit of this approach is that it can detect previously unknown

attacks, so called zero-day attacks.

One problem with this method is characterizing what is "normal" for a

given system. One approach is to benchmark the system, but if the attacker

is already present when the benchmarks are made, then the "unusual"

activity is recorded as "the norm."

Another problem is that not all changes in system performance are the

result of security attacks. If the system is bogged down and really slow

late on a Thursday night, does that mean that a hacker has gotten in and is

using the system to send out SPAM, or does it simply mean that a CS 385

assignment is due on Friday? :-)



To be effective, anomaly detectors must have a very low false alarm

( false positive ) rate, lest the warnings get ignored, as well as a low false

negative rate in which attacks are missed.

15.6.4 Virus Protection

Modern anti-virus programs are basically signature-based detection systems, which also

have the ability ( in some cases ) of disinfecting the affected files and returning them

back to their original condition.

Both viruses and anti-virus programs are rapidly evolving. For example viruses now

commonly mutate every time they propagate, and so anti-virus programs look for

families of related signatures rather than specific ones.

Some antivirus programs look for anomalies, such as an executable program being

opened for writing ( other than by a compiler. )

Avoiding bootleg, free, and shared software can help reduce the chance of catching a

virus, but even shrink-wrapped official software has on occasion been infected by

disgruntled factory workers.

Some virus detectors will run suspicious programs in a sandbox, an isolated and secure

area of the system which mimics the real system.

Rich Text Format, RTF, files cannot carry macros, and hence cannot carry Word macro

viruses.

Known safe programs ( e.g. right after a fresh install or after a thorough examination )

can be digitally signed, and periodically the files can be re-verified against the stored

digital signatures. ( Which should be kept secure, such as on off-line write-only

medium. )

15.6.5 Auditing, Accounting, and Logging

Auditing, accounting, and logging records can also be used to detect anomalous behavior.

Some of the kinds of things that can be logged include authentication failures and

successes, logins, running of suid or sgid programs, network accesses, system calls, etc.

In extreme cases almost every keystroke and electron that moves can be logged for future



analysis. ( Note that on the flip side, all this detailed logging can also be used to analyze

system performance. The down side is that the logging also affects system performance

( negatively! ), and so a Heisenberg effect applies. )

"The Cuckoo's Egg" tells the story of how Cliff Stoll detected one of the early UNIX

break ins when he noticed anomalies in the accounting records on a computer system

being used by physics researchers.

Tripwire Filesystem ( New Sidebar )

The tripwire filesystem monitors files and directories for changes, on the assumption that

most intrusions eventually result in some sort of undesired or unexpected file changes.

The tw.config file indicates what directories are to be monitored, as well as what

properties of each file are to be recorded. ( E.g. one may choose to monitor permission

and content changes, but not worry about read access times. )

When first run, the selected properties for all monitored files are recorded in a database.

Hash codes are used to monitor file contents for changes.

Subsequent runs report any changes to the recorded data, including hash code changes,

and any newly created or missing files in the monitored directories.

For full security it is necessary to also protect the tripwire system itself, most importantly

the database of recorded file properties. This could be saved on some external or write-

only location, but that makes it harder to change the database when legitimate changes

are made.

It is difficult to monitor files that are supposed to change, such as log files. The best

tripwire can do in this case is to watch for anomalies, such as a log file that shrinks in

size.

Free and commercial versions are available at http://tripwire.org and http://tripwire.com.

15.7 Firewalling to Protect Systems and Networks

Firewalls are devices ( or sometimes software ) that sit on the border between two

security domains and monitor/log activity between them, sometimes restricting the traffic

that can pass between them based on certain criteria.


http://tripwire.com/

http://tripwire.org/


For example a firewall router may allow HTTP: requests to pass through to a web server

inside a company domain while not allowing telnet, ssh, or other traffic to pass through.

A common architecture is to establish a de-militarized zone, DMZ, which sort of sits

"between" the company domain and the outside world, as shown below. Company

computers can reach either the DMZ or the outside world, but outside computers can only

reach the DMZ. Perhaps most importantly, the DMZ cannot reach any of the other

company computers, so even if the DMZ is breached, the attacker cannot get to the rest of

the company network. ( In some cases the DMZ may have limited access to company

computers, such as a web server on the DMZ that needs to query a database on one of the

other company computers. )

Figure 15.10 - Domain separation via firewall.

Firewalls themselves need to be resistant to attacks, and unfortunately have several

vulnerabilities:

o Tunneling, which involves encapsulating forbidden traffic inside of packets that

are allowed.

o Denial of service attacks addressed at the firewall itself.

o Spoofing, in which an unauthorized host sends packets to the firewall with the

return address of an authorized host.



In addition to the common firewalls protecting a company internal network from the

outside world, there are also some specialized forms of firewalls that have been recently

developed:

o A personal firewall is a software layer that protects an individual computer. It

may be a part of the operating system or a separate software package.

o An application proxy firewall understands the protocols of a particular service

and acts as a stand-in ( and relay ) for the particular service. For example, and

SMTP proxy firewall would accept SMTP requests from the outside world,

examine them for security concerns, and forward only the "safe" ones on to the

real SMTP server behind the firewall.

o XML firewalls examine XML packets only, and reject ill-formed packets. Similar

firewalls exist for other specific protocols.

o System call firewalls guard the boundary between user mode and system mode,

and reject any system calls that violate security policies.

15.8 Computer-Security Classifications ( Optional )

No computer system can be 100% secure, and attempts to make it so can quickly make it

unusable.

However one can establish a level of trust to which one feels "safe" using a given

computer system for particular security needs.

The U.S. Department of Defense's "Trusted Computer System Evaluation Criteria"

defines four broad levels of trust, and sub-levels in some cases:

o Level D is the least trustworthy, and encompasses all systems that do not meet

any of the more stringent criteria. DOS and Windows 3.1 fall into level D, which

has no user identification or authorization, and anyone who sits down has full

access and control over the machine.

o Level C1 includes user identification and authorization, and some means of

controlling what users are allowed to access what files. It is designed for use by a

group of mostly cooperating users, and describes most common UNIX systems.



o Level C2 adds individual-level control and monitoring. For example file access

control can be allowed or denied on a per-individual basis, and the system

administrator can monitor and log the activities of specific individuals. Another

restriction is that when one user uses a system resource and then returns it back to

the system, another user who uses the same resource later cannot read any of the

information that the first user stored there. ( I.e. buffers, etc. are wiped out

between users, and are not left full of old contents. ) Some special secure versions

of UNIX have been certified for C2 security levels, such as SCO.

o Level B adds sensitivity labels on each object in the system, such as "secret", "top

secret", and "confidential". Individual users have different clearance levels, which

controls which objects they are able to access. All human-readable documents are

labeled at both the top and bottom with the sensitivity level of the file.

o Level B2 extends sensitivity labels to all system resources, including devices. B2

also supports covert channels and the auditing of events that could exploit covert

channels.

o B3 allows creation of access-control lists that denote users NOT given access to

specific objects.

o Class A is the highest level of security. Architecturally it is the same as B3, but it

is developed using formal methods which can be used to prove that the system

meets all requirements and cannot have any possible bugs or other vulnerabilities.

Systems in class A and higher may be developed by trusted personnel in secure

facilities.

o These classifications determine what a system can implement, but it is up to

security policy to determine how they are implemented in practice. These systems

and policies can be reviewed and certified by trusted organizations, such as the

National Computer Security Center. Other standards may dictate physical

protections and other issues.

15.9 An Example: Windows XP ( Optional )



Windows XP is a general purpose OS designed to support a wide variety of security

features and methods. It is based on user accounts which can be grouped in any manner.

When a user logs on, a security access token is issued that includes the security ID for

the user, security IDs for any groups of which the user is a member, and a list of any

special privileges the user has, such as performing backups, shutting down the system,

and changing the system clock.

Every process running on behalf of a user gets a copy of the users security token, which

determines the privileges of that process running on behalf of that user.

Authentication is normally done via passwords, but the modular design of XP allows for

alternative authentication such as retinal scans or fingerprint readers.

Windows XP includes built-in auditing that allows many common security threats to be

monitored, such as successful and unsuccessful logins, logouts, attempts to write to

executable files, and access to certain sensitive files.

Security attributes of objects are described by security descriptors, which include the ID

of the owner, group ownership for POSIX subsystems only, a discretionary access-

control list describing exactly what permissions each user or group on the system has for

this particular object, and auditing control information.

The access control lists include for each specified user or group either AccessAllowed or

AccessDenied for the following types of actions: ReadData,WriteData, AppendData,

Execute, ReadAttributes, WriteAttributes, ReadExtendedAttribute, and

WriteExtendedAttribute.

Container objects such as directories can logically contain other objects. When a new

object is created in a container or copied into a container, by default it inherits the

permissions of the new container. Noncontainer objects inherit no other permissions. If

the permissions of the container are changed later, that does not affect the permissions of

the contained objects.

Although Windows XP is capable of supporting a secure system, many of the security

features are not enabled by default, resulting in a fair number of security breaches on XP

systems. There are also a large number of system daemons and other programs that start

automatically at startup, whether the system administrator has thought about them or not.

( My system currently has 54 processes running, most of which I did not deliberately start



and which have short cryptic names which makes it hard to divine exactly what they do

or why. Faced with this situation, most users and administrators will simply leave alone

anything they don't understand. )

https://www.cs.uic.edu/~jbell/CourseNotes/OperatingSystems/15_Security.html

https://www.cs.uic.edu/~jbell/CourseNotes/OperatingSystems/14_Protection.html


https://www.cs.uic.edu/~jbell/CourseNotes/OperatingSystems/15_Security.html

· Web viewA tree is a data structure that can be used to represent data hierarchically. Data...

Documents

Transcript of · Web viewA tree is a data structure that can be used to represent data hierarchically. Data...