Operating Systems

Operating Systems

(Note: Right click on images and select "open image in new tab" to read more clearly)

As the book said, "the operating system is the one program running at all times on the computer—usually called the kernel (Silberschatz, 2013,p.6)." It has three main categories of purposes: program execution, resource allocation, and being a control program where it prevents errors and improper use and manages the operation and control of I/O devices. 

Figure 1. Operating System Overview

Program execution can be broken down into a process. Processes include the program code, the current activity (program counter), process stack, and a heap. A process control block (PCB) is a data structure used by computer operating systems to store all the information about a process. It consists of the process state, program counter, CPU registers, CPU scheduling information, memory management information, accounting information, I/O status information.

Computers can be single threaded or multithreaded. A single thread of execution refers to running one task or program at a time. Most modern operating systems, however, have extended the process concept to allow a process to have multiple threads of execution and thus to perform more than one task at a time (Silberchatz et. al, 2014,p. 109). There are 3 multithreading models: the many-to one, the one-to-one model, and the many-to-many model. The many-to-one relationship maps many user-level threads to one kernel thread whereas the one-to-one relationship maps each user thread to a kernel thread. Lastly, the many-to-many relationship multiplexes many user-level threads to a smaller or equal number of kernel threads.

Figure 2. Operating System Processes

When more than one process accesses the same code segment, that segment is known as the critical section (GeeksforGeeks, 2019). The critical section is the part of the code where only one process is executing. No two processes are executing in their critical sections at the same time. In concurrent programming, if one thread tries to change the value of shared data at the same time as another thread tries to read the value, the result is unpredictable.To synchronize the processes 3 requirements must be met: mutual exclusion, progress, and bounded waiting. Mutual exclusion implies that only one process can be inside the critical section at any time (Barnes, 2018). If any other processes require the critical section, they must wait until it is free. Progress means that if a process is not using the critical section, then it should not stop any other process from accessing it (Barnes, 2018). Any process can enter a critical section if it is free. Bounded waiting means that each process must have a limited waiting time (Barnes, 2018). Processes should not wait endlessly to access the critical section.

Buses are integral to I/O requests. A bus is a set of wires that specifies a set of messages that can be sent on the wires (Silberschatz et. al. 2014, p. 562). They have many different kinds of buses: expansion, PCI (Peripheral Component Interconnect), SCSI (Small Computer System Interface), PCIexpress, etc. Expansion buses connect slow devices like keyboards or USB ports. PCIs connects the processor-memory subsystem to fast devices like network cards, modems, sound cards, disk controllers, etc. SCSI (Small Computer System Interface) connects and transfers data between computers and peripheral devices. The SCSI standards define commands, protocols, electrical, optical and logical interfaces. PCIexpress interconnects the main parts of a computer. 

A controller is what operates the bus. A device controller can also support memory-mapped I/O. This is where the device-control registers are mapped into the address space of the processor. "The CPU executes I/O requests using the standard data-transfer instructions to read and write the device-control registers at their mapped locations in physical memory (Silberschatz et. al. 2014, p. 562)." PC's use a combination of I/O instructions and memory mapped I/O to control devices. Writing to graphics memory in memory-mapped I/O is much faster than issuing millions of I/O instructions. The disadvantage, however, is that software may write through an incorrect pointer to an unintended region of memory, leaving registers vulnerable to accidental modification. Protected memory mitigates this risk, however. 

Figure 3. Operating System Memory Management

Memory management is another key part of an operating system’s resource allocation. Memory management is used to: “allocate and deallocate memory before and after process execution, to keep track of used memory space by processes, to minimize fragmentation issues, to proper utilization of main memory, to maintain data integrity while executing of process (GeeksforGeeks, 2021)." To accomplish these goals and functions, the computer may make use of dynamic memory, paging, segmentation, and swapping.

Dynamic memory allocation is the process of assigning the memory space during the execution time or the run time. There exists three solutions for dynamic storage allocation problems: first fit, best fit, and worst fit. First fit involves allocating memory to the first hole or free block of memory that is big enough  (Silberschatz et. al., 2014, p. 337). Best fit allocates memory to the smallest hole that is big enough (Silberschatz et. al., 2014, p. 337). This strategy produces the smallest leftover hole.  The first fit and best fit solutions run into external fragmentation. External fragmentation is where there is enough total memory space to satisfy a request but the available spaces are not contiguous; storage is fragmented into a large number of small holes which could result in wasted memory between processes (Silberschatz et. al., 2014, p. 337). Worst fit allocates memory to the largest hole. This strategy produces the largest leftover hole, which may be more useful than the smaller leftover hole from a best-fit approach  (Silberschatz et. al., 2014, p. 337).

With paging, a computer will store and retrieve data from a device’s secondary storage to the primary storage. This avoids external fragmentation and compaction but has some internal compaction (Silberschatz et. al., 2014, p. 344). Internal compaction is where the memory block assigned to a process is bigger. As a result, some portion of memory is left unused, as it cannot be used by another process. Virtual memory is when paging is used most often. It is a memory management technique where secondary memory can be used as if it were a part of the main memory. This allows programs in secondary storage to exceed the available size of the physical storage (TechTarget, 2020). Paging also includes the MMU or memory management unit (also known as the paged memory management unit). The memory management unit can be broken up into 3 functions: hardware memory management, operating system (OS) memory management, application memory management. "Hardware memory management deals with a system's RAM and cache memory, OS memory management regulates resources among objects and data structures, and application memory management allocates and optimizes memory among programs (Techopedia, 2016)" The MMU also translates a logical address into a physical address. Lastly in segmentation, the computer's primary memory is divided into segments or sections which permit the physical address space of a process to be non-contiguous, and in standard swapping, processes are moved between the main memory and a backing store. 

Figure 4. Operating System File Management

File system management involves the address space and file directories. The physical address space (real address) remains constant and is a physical location of data in memory whereas the logical address space (virtual address) is changeable and is generated by the CPU, defined by the size of the process.  A logical address is generated so that a user program does not directly access the physical memory and so that the process will not occupy memory which is acquired by another process to prevent corruption. A virtual address enables a process to use a location in primary storage (main memory) independently of other processes and to use more space than actually exists in primary storage by temporarily relegating some contents to a hard disk or internal flash drive (TechTarget, 2012). There are multiple scheduling algorithms related to file system management: first-come, first-served (FCFS), shortest-seek-time-first (SSTF), SCAN and C-SCAN, and LOOK and C LOOK. 

Directories are used to organize folders and files in a hierarchical manner by keeping entries of all the related files. Users must be able to share the files created and must also be able to access the files created by other users. The five main directory types are as follows: single level, double level, tree, acyclic, and general.

Single level directories are the simplest structure because all files are contained within the same directory. File creation, searching, deletion, and updating are very easy to accomplish. Because files are all in the same directory, however, each file must have a unique name or face collision. If the directory is too large then searching can take very long as well. Double level directories make it so that each user has their own user file directory (UFD). This fixes the problem with a single level, allowing different users to have the same directory and file names. Searching is also easier in a double level directory than a single level directory due to pathnames and user-grouping. Tree structured directories allow the user to create their own subdirectories and to organize their files accordingly. The tree has a root directory, and every file in the system has a unique path (GeeksforGeeks, 2021). The advantage with tree structures is that they are more scalable and have less probability of collision than in either single or double level directories. Tree structures, however, share a disadvantage with single and double level directories where files cannot be shared. To overcome that disadvantage, acyclic graphs can have two or more entries that point to the same file or sub directory. That file or sub directory is shared between the two directory entries. Acyclic graphs can have multiple paths for the same file. Links can either be symbolic (logical) or hard link (physical). "If a file gets deleted in acyclic graph structured directory system, then in the case of soft link, the file just gets deleted and we are left with a dangling pointer. In the case of a hard link, the actual file will be deleted only if all the references to it get deleted. (javaTpoint, 2011)" Lastly, there are general graphs where cycles are allowed in a structure where multiple directories can be derived from more than one parent directory. This, however, makes it difficult to calculate the total size or space that has been taken by the files and directories. 

Figure 5. Operating System Protection and Security

Operating systems also have security measures and a domain of protection where processes are allowed access only when those resources have authorization. This access concept is called the need to know principle. This principle limits the amount of damage a process can create in the system. Domains can be either dynamic or static. In dynamic systems, domains can switch between user mode where only non privileged instructions are run and monitor mode where privileged instructions are run which could then gain complete control of the computer system. In static systems, the domain is defined to include both read and write access which then provides more rights than necessary which could be dangerous. Access matrices are used to define the rights of each process executing in the domain with respect to each object. These matrices can be implemented as global tables, access lists for objects, capability lists for domains, and lock-key mechanisms.

When it comes to security, the operating system makes use of cryptography which is used to constrain the potential senders and receivers of a message. Encryption is a type of cryptography used to send messages securely across a network but also used to protect database data from being read by unauthorized entities. To do this, symmetric encryption and asymmetric encryption is used. Symmetric encryption uses one key for both encryption and decryption, and the asymmetric encryption uses a public key for encryption and a private key for decryption. Authentication is also a type of cryptography, but it is used to prove a message has not been modified. This is done through hash functions, digital signature algorithms, and multifactor authentication.

Another security defense an operating system may use are firewalls. Firewalls may be a computer, appliance, or router that sits between the trusted and untrusted. For instance, a network firewall may limit network access between two security domains and monitor all connections. The firewall may limit connections based on the source or destination address, source or destination port or the direction of the connection. Unfortunately, firewalls do not protect the system from tunneling, spoofing, buffer overflow attacks, or denial of service attacks. 

Ultimately, by mastering these concepts about operating systems, one can effectively code programs to use multicore and multithreaded features without running into the race condition where two or more threads access shared data and try to change it at the same time. Understanding memory management will also help with writing practical codes that can maximize CPU performance. Knowing little facts like how a capability list is associated with a domain but is never directly accessible to a process executing in the domain teaches one about the inherent security that may be enclosed in operating system features. In this case, capability lists prevent modification and add protection by acting as a secure pointer. In summary, intimately understanding one’s operating system leads to better functionality, efficiency, and tighter security measures. 

References

Barnes, R. (2018, October 18). Critical Section Problem. tutorials point simply easy learning. Retrieved January 7, 2022, from https://www.tutorialspoint.com/critical-section-problem

GeeksforGeeks. (2019, December 16). Critical section in synchronization. GeeksforGeeks. Retrieved January 7, 2022, from https://www.geeksforgeeks.org/g-fact-70/

GeeksforGeeks. (2021, November 22). Memory management in operating system. GeeksforGeeks. Retrieved January 17, 2022, from https://www.geeksforgeeks.org/memory-management-in-operating-system/

GeeksforGeeks. (2021, December 10). Structures of directory in Operating System. GeeksforGeeks. Retrieved January 25, 2022, from https://www.geeksforgeeks.org/structures-of-directory-in-operating-system/#:~:text=Acyclic%20graph%20directory%20%E2%80%93,of%20the%20tree%2Dstructured%20directory.

javaTpoint. (2011). OS acyclic graph directories - javatpoint. www.javatpoint.com. Retrieved January 25, 2022, from https://www.javatpoint.com/os-acyclic-graph-directories

Silberschatz, A., Galvin, P. B., & Gagne, G. (2014). Operating system concepts essentials (2nd ed.). Retrieved from https://redshelf.com/

Techopedia. (2016, November 14). What is a Memory Management Unit (MMU)? - definition from Techopedia. Techopedia.com. Retrieved January 17, 2022, from https://www.techopedia.com/definition/4768/memory-management-unit-mmu .

TechTarget. (2020, October 23). What is paging? A definition from whatis.com. WhatIs.com. Retrieved January 17, 2022, from https://whatis.techtarget.com/definition/paging#:~:text=Paging%20is%20a%20function%20of,storage%20to%20the%20primary%20storage.&text=It%20is%20typically%20stored%20in,for%20longer%20periods%20of%20time.

TechTarget. (2012, September 28). What is virtual address? - definition from whatis.com. WhatIs.com. Retrieved February 1, 2022, from https://whatis.techtarget.com/definition/virtual-address