Operating Systems

1.5: Operating System Concepts

This will be very brief. Much of the rest of the course will consist in “filling in the details”.

1.5.1: Processes

A program in execution. If you run the same program twice, you have created two processes. For example if you have two editors running in two windows, each instance of the editor is a separate process.

Often one distinguishes the state or context (memory image, open files) from the thread of control. Then if one has many threads running in the same task, the result is a “multithreaded processes”.

The OS keeps information about all processes in the process table. Indeed, the OS views the process as the entry. This is an example of an active entity being viewed as a data structure (cf. discrete event simulations). An observation made by Finkel in his (out of print) OS textbook.

The Process Tree

A process can send a signal to another process to cause the latter to execute a predefined function (the signal handler). This can be tricky to program since the programmer does not know when in his “main” program the signal handler will be invoked.

Each user is assigned User IDentification (UID) and all processes created by that user have this UID. One UID is special (the superuser or administrator) and has extra privileges. A child has the same UID as its parent. It is sometimes possible to change the UID of a running process. A group of users can be formed and given a Group IDentification, GID.

Access to files and devices can be limited to a given UID or GID.

1.5.2: Deadlocks

A set of processes each of which is blocked by a process in the set. The automotive equivalent, shown at right, is gridlock.

1.5.3: Memory Management

Each process requires memory. The linker produces a load module that assumes the process is loaded at location 0. The operating system ensures that the processes are actually given disjoint memory. Current operating systems permit each process to be given more (virtual) memory than the total amount of (real) memory on the machine.

1.5.4: Input/Output

There are a wide variety of I/O devices that the OS must manage. For example, if two processes are printing at the same time, the OS must not interleave the output. The OS contains device specific code (drivers) for each device as well as device-independent I/O code.

1.5.5: Files

Modern systems have a hierarchy of files. A file system tree.

• In MSDOS the hierarchy is a forest not a tree. There is no file, or directory that is an ancestor of both a:\ and c:\.
• In recent versions of Windows, “My Computer” is the parent of a:\ and c:\.
• In unix the existence of (hard) links weakens the tree to a DAG (directed acyclic graph).
• Unix also has symbolic links, which when used indiscriminately, permit directed cycles (i.e., the result is not a DAG).
• Windows has shortcuts, which are similar to symbolic links.

You can name a file via an absolute path starting at the root directory or via a relative path starting at the current working directory.

In addition to regular files and directories, Unix also uses the file system namespace for devices (called special files, which are typically found in the /dev directory. Often utilities that are normally applied to (ordinary) files can be applied as well to some special files. For example, when you are accessing a unix system using a mouse and do not have anything serious going on (e.g., right after you log in), type the following command

    cat /dev/mouse

Before a file can be accessed, it must be opened and a file descriptor obtained. Subsequent I/O system calls (e.g., read and write) use the file descriptor rather that the file name. This is an optimization that enables the OS to find the file once and save the information in a file table accessed by the file descriptor. Many systems have standard files that are automatically made available to a process upon startup. These (initial) file descriptors are fixed.

• standard input: fd=0
• standard output: fd=1
• standard error: fd=2

A convenience offered by some command interpretors is a pipe or pipeline. The pipeline

  dir | wc

1.5.6: Security

Files and directories have associated permissions.

• Most systems supply at least rwx (readable, writable, executable).
• User, group, world
• A more general mechanism is an access control lists.
• Often files have “attributes” as well. For example the linux ext2 and ext3 file systems support a “d” attribute that is a hint to the dump program not to backup this file.
• When a file is opened, permissions are checked and, if the open is permitted, a file descriptor is returned that is used for subsequent operations

Security has of course sadly become a very serious concern. The topic is very serious and I do not feel that the necessarily superficial coverage that time would permit is useful so we are not covering the topic at all.

1.5.7: The Shell or Command Interpreter (DOS Prompt)

The command line interface to the operating system. The shell permits the user to

• Invoke commands
• Pass arguments to the commands
• Redirect the output of a command to a file or device
• Pipe one command to another (as illustrated above via ls | wc)

Homework: 8

1.6: System Calls

System calls are the way a user (i.e., a program) directly interfaces with the OS. Some textbooks use the term envelope for the component of the OS responsible for fielding system calls and dispatching them to the appropriate component of the OS. On the right is a picture showing some of the OS components and the external events for which they are the interface.

Note that the OS serves two masters. The hardware (below) asynchronously sends interrupts and the user synchronously invokes system calls and generates page faults.

Homework: 14

What happens when a user executes a system call such as read()? We show a more detailed picture below, but at a high level what happens is

1. Normal function call (in C, Ada, Pascal, Java, etc.).
2. Library routine (probably in C).
3. Small assembler routine.
   1. Move arguments to predefined place (perhaps registers).
   2. Poof (a trap instruction) and then the OS proper runs in supervisor mode.
   3. Fix up result (move to correct place).

The following actions occur when the user executes the (Unix) system call

    count = read(fd,buffer,nbytes)
  

1. Push third parameter on to the stack.
2. Push second parameter on to the stack.
3. Push first parameter on to the stack.
4. Call the library routine, which involves pushing the return address on to the stack and jumping to the routine.
5. Machine/OS dependent actions. One is to put the system call number for read in a well defined place, e.g., a specific register. This requires assembly language.
6. Trap to the kernel (assembly language). This enters the operating system proper and shifts the computer to privileged mode. Assembly language is again used.
7. The envelope uses the system call number to access a table of pointers to find the handler for this system call.
8. The read system call handler processes the request (see below).
9. Some magic instruction returns to user mode and jumps to the location right after the trap.
10. The library routine returns (there is more; e.g., the count must be returned).
11. The stack is popped (ending the function call read).

A major complication is that the system call handler may block. Indeed for read it is likely that a block will occur. In that case a switch occurs to another process. This is far from trivial and is discussed later in the course.

Process Management
Posix	Win32	Description
Fork	CreateProcess	Clone current process
exec(ve)		Replace current process
waid(pid)	WaitForSingleObject	Wait for a child to terminate.
exit	ExitProcess	Terminate current process & return status
File Management
Posix	Win32	Description
open	CreateFile	Open a file & return descriptor
close	CloseHandle	Close an open file
read	ReadFile	Read from file to buffer
write	WriteFile	Write from buffer to file
lseek	SetFilePointer	Move file pointer
stat	GetFileAttributesEx	Get status info
Directory and File System Management
Posix	Win32	Description
mkdir	CreateDirectory	Create new directory
rmdir	RemoveDirectory	Remove empty directory
link	(none)	Create a directory entry
unlink	DeleteFile	Remove a directory entry
mount	(none)	Mount a file system
umount	(none)	Unmount a file system
Miscellaneous
Posix	Win32	Description
chdir	SetCurrentDirectory	Change the current working directory
chmod	(none)	Change permissions on a file
kill	(none)	Send a signal to a process
time	GetLocalTime	Elapsed time since 1 jan 1970

A Few Important Posix/Unix/Linux and Win32 System Calls

The table on the right shows some systems calls; the descriptions are accurate for Unix and close for win32. To show how the four process management calls enable much of process management, consider the following highly simplified shell. (The fork() system call returns true in the parent and false in the child.)

while (true)
    display_prompt()
    read_command(command)

    if (fork() != 0)
        waitpid(...)
    else
        execve(command)
    endif
endwhile

Simply removing the waitpid(...) gives background jobs.

Homework: 18.

1.6A: Addendum on Transfer of Control

The transfer of control between user processes and the operating system kernel can be quite complicated, especially in the case of blocking system calls, hardware interrupts, and page faults. Before tackling these issues later, we begin with the familiar example of a procedure call within a user-mode process.

An important OS objective is that, even in the more complicated cases of page faults and blocking system calls requiring device interrupts, simple procedure call semantics are observed from a user process viewpoint. The complexity is hidden inside the kernel itself, yet another example of the operating system providing a more abstract, i.e., simpler, virtual machine to the user processes.

More details will be added when we study memory management (and know officially about page faults) and more again when we study I/O (and know officially about device interrupts).

A number of the points below are far from standardized. Such items as where are parameters placed, which routine saves the registers, exact semantics of trap, etc, vary as one changes language/compiler/OS. Indeed some of these are referred to as “calling conventions”, i.e. their implementation is a matter of convention rather than logical requirement. The presentation below is, we hope, reasonable, but must be viewed as a generic description of what could happen instead of an exact description of what does happen with, say, C compiled by the Microsoft compiler running on Windows XP.

1.6A.1: User-mode procedure calls

Actions by f prior to the call:

1. Save the registers by pushing them onto the stack (in some implementations this is done by g instead of f).
   
   
2. Push arguments c,b,a onto P's stack.
   Note: Stacks usually grow downward from the top of P's segment, so pushing an item onto the stack actually involves decrementing the stack pointer, SP.
   Note: Some compilers store arguments in registers not on the stack.

Executing the call itself

3. Execute PUSHJ <start-address of g>.
   This instruction pushes the program counter PC onto the stack, and then jumps to the start address of g. The value pushed is actually the updated program counter, i.e., the location of the next instruction (the instruction to be executed by f when g returns).
   

Actions by g upon being called:

4. Allocate space for g's local variables by suitably decrementing SP.
   
   
5. Start execution from the beginning of the program, referencing the parameters as needed. The execution may involve calling other procedures, possibly including recursive calls to f and/or g.

Actions by g when returning to f:

6. If g is to return a value, store it in the conventional place.
   
   
7. Undo step 4: Deallocate local variables by incrementing SP.
   
   
8. Undo step 3: Execute POPJ, i.e., pop the stack and set PC to the value popped, which is the return address pushed in step 4.

Actions by f upon the return from g:

9. We are now at the step in f immediately following the call to g.
   Undo step 2: Remove the arguments from the stack by incrementing SP.
   
   
10. Undo step 1: Restore the registers while popping them off the stack.
    
    
11. Continue the execution of f, referencing the returned value of g, if any.

Properties of (user-mode) procedure calls:

• Predictable (often called synchronous) behavior: The author of f knows where and hence when the call to g will occur. There are no surprises, so it is relatively easy for the programmer to ensure that f is prepared for the transfer of control.
• LIFO (“stack-like”structure of control transfer: we can be sure that control will return to f when this call to g exits. The above statement holds even if, via recursion, g calls f. (We are ignoring language features such as “throwing” and “catching” exceptions, and the use of unstructured assembly coding, in the latter case all bets are off.)
• Entirely in user mode and user space.

1.6A.2: Kernel-mode procedure calls

We mean one procedure running in kernel mode calling another procedure, which will also be run in kernel mode. Later, we will discuss switching from user to kernel mode and back.

There is not much difference between the actions taken during a kernel-mode procedure call and during a user-mode procedure call. The procedures executing in kernel-mode are permitted to issue privileged instructions, but the instructions used for transferring control are all unprivileged so there is no change in that respect.

One difference is that often a different stack is used in kernel mode, but that simply means that the stack pointer must be set to the kernel stack when switching from user to kernel mode. But we are not switching modes in this section; the stack pointer already points to the kernel stack. Often there are two stack pointers one for kernel mode and one for user mode.

1.6A.3: The Trap instruction

Process P, running in unprivileged (user) mode, executes a trap. The code being executed was written in assembler since there are no high level languages that generate a trap instruction. There is no need to name the function that is executing. Compare the following example to the explanation of “f calls g” given above.

Actions by P prior to the trap

1. Save the registers by pushing them onto the stack.
   
   
2. Store any arguments that are to be passed. The stack is not normally used to store these arguments since the kernel has a different stack. Often registers are used.

Executing the trap itself

3. Execute TRAP <trap-number>.
   Switch the processor to kernel (privileged) mode, jumps to a location in the OS determined by trap-number, and saves the return address. For example, the processor may be designed so that the next instruction executed after a trap is at physical address 8 times the trap-number. The trap-number should be thought of as the “name” of the code-sequence to which the processor will jump rather than as an argument to trap. Indeed arguments to trap, are established before the trap is executed.

Actions by the OS upon being TRAPped into

4. Jump to the real code.
   Recall that trap instructions with different trap numbers jump to locations very close to each other. There is not enough room between them for the real trap handler. Indeed one can think of the trap as having an extra level of indirection; it jumps to a location that then jumps to the real start address. If you learned about writing jump tables in assembler, this is very similar.
   
   
5. Check all arguments passed. The kernel must be paranoid and assume that the user mode program is evil and written by a bad guy.
   
   
6. Allocate space by decrementing the kernel stack pointer.
   The kernel and user stacks are separate.
   
   
7. Start execution from the jumped-to location, referencing the parameters as needed.

Actions by the OS when returning to user mode

8. Undo step 6: Deallocate space by incrementing the kernel stack pointer.
   
   
9. Undo step 3: Execute (in assembler) another special instruction, RTI or ReTurn from Interrupt, which returns the processor to user mode and transfers control to the return location saved by the trap. The word interrupt is used because an RTI is used when the kernel is returning from an interrupt as well as the present case when it is returning from an trap.

Actions by P upon the return from the OS

10. We are now in at the instruction right after the trap
    Undo step 1: Restore the registers by popping the stack.
    
    
11. Continue the execution of P, referencing the returned value(s) of the trap, if any.

Properties of TRAP/RTI:

• Synchronous behavior: The author of the assembly code in P knows where and hence when the trap will occur. There are no surprises, so it is relatively easy for the programmer to prepare for the transfer of control.
• Trivial control transfer when viewed from P: The next instruction of P that will be executed is the one following the trap. As we shall see later, other processes may execute between P's trap and the next P instructions.
• Starts and ends in user mode and user space, but executed in kernel mode and kernel space in the middle.

Remark: A good way to use the material in the addendum is to compare the first case (user-mode f calls user-mode g) to the TRAP/RTI case line by line so that you can see the similarities and differences.

1.7: OS Structure

I must note that Tanenbaum is a big advocate of the so called microkernel approach in which as much as possible is moved out of the (supervisor mode) kernel into separate processes. The (hopefully small) portion left in supervisor mode is called a microkernel.

In the early 90s this was popular. Digital Unix (now called True64) and Windows NT/2000/XP are examples. Digital Unix is based on Mach, a research OS from Carnegie Mellon university. Lately, the growing popularity of Linux has called into question the belief that “all new operating systems will be microkernel based”.

1.7.1: Monolithic approach

The previous picture: one big program

The system switches from user mode to kernel mode during the poof and then back when the OS does a “return” (an RTI or return from interrupt).

But of course we can structure the system better, which brings us to.

1.7.2: Layered Systems

Some systems have more layers and are more strictly structured.

An early layered system was “THE” operating system by Dijkstra. The layers were.

1. The operator
2. User programs
3. I/O mgt
4. Operator-process communication
5. Memory and drum management

The layering was done by convention, i.e. there was no enforcement by hardware and the entire OS is linked together as one program. This is true of many modern OS systems as well (e.g., linux).

The multics system was layered in a more formal manner. The hardware provided several protection layers and the OS used them. That is, arbitrary code could not jump to or access data in a more protected layer.

1.7.3: Virtual Machines

Use a “hypervisor” (beyond supervisor, i.e. beyond a normal OS) to switch between multiple Operating Systems. Made popular by IBM's VM/CMS

• Each App/CMS runs on a virtual 370.
• CMS is a single user OS.
• A system call in an App (application) traps to the corresponding CMS.
• CMS believes it is running on the machine so issues I/O. instructions but ...
• ... I/O instructions in CMS trap to VM/370.
• This idea is still used. A modern version (used to “produce” a multiprocessor from many uniprocessors) is “Cellular Disco”, ACM TOCS, Aug. 2000.
• Another modern usage is JVM the “Java Virtual Machine”.
• Yet another is vmware.

1.7.4: Exokernels (unofficial)

Similar to VM/CMS but the virtual machines have disjoint resources (e.g., distinct disk blocks) so less remapping is needed.

1.7.5: Client-Server

When implemented on one computer, a client-server OS uses the microkernel approach in which the microkernel just handles communication between clients and servers, and the main OS functions are provided by a number of separate processes.

This does have advantages. For example an error in the file server cannot corrupt memory in the process server. This makes errors easier to track down.

But it does mean that when a (real) user process makes a system call there are more processes switches. These are not free.

A distributed system can be thought of as an extension of the client server concept where the servers are remote.

Today with plentiful memory, each machine would have all the different servers. So the only reason a message would go to another computer is if the originating process wished to communicate with a specific process on that computer (for example wanted to access a remote disk).

Homework: 23

Microkernels Not So Different In Practice

Dennis Ritchie, the inventor of the C programming language and co-inventor, with Ken Thompson, of Unix was interviewed in February 2003. The following is from that interview.

What's your opinion on microkernels vs. monolithic?

Dennis Ritchie: They're not all that different when you actually use them. "Micro" kernels tend to be pretty large these days, and "monolithic" kernels with loadable device drivers are taking up more of the advantages claimed for microkernels.