Documente Academic
Documente Profesional
Documente Cultură
An operating system executes a variety of programs: Batch system jobs Time-shared systems user programs or tasks
Textbook uses the terms job and process almost
interchangeably. Process a program in execution; process execution must progress in sequential fashion. A process includes:
program counter stack data section
19.1
Process State
As a process executes, it changes state new: The process is being created. running: Instructions are being executed. waiting: The process is waiting for some event to occur. ready: The process is waiting to be assigned to a process. terminated: The process has finished execution.
19.2
19.3
19.4
19.5
19.6
P1 and P2 each hold one tape drive and each needs another
P1 wait(B) wait(A)
19.7
Traffic only in one direction. Each section of a bridge can be viewed as a resource. If a deadlock occurs, it can be resolved if one car backs
up (preempt resources and rollback). Several cars may have to be backed up if a deadlock occurs. Starvation is possible.
19.8
Deadlock Characterization
Deadlock can arise if four conditions hold simultaneously.
Mutual exclusion: only one process at a time can use a
resource. Hold and wait: a process holding at least one resource is waiting to acquire additional resources held by other processes. No preemption: a resource can be released only voluntarily by the process holding it, after that process has completed its task. Circular wait: there exists a set {P0, P1, , P0} of waiting processes such that P0 is waiting for a resource that is held by P1, P1 is waiting for a resource that is held by P2, , Pn1 is waiting for a resource that is held by Pn, and P0 is waiting for a resource that is held by P0.
19.9
recover.
Ignore the problem and pretend that deadlocks never
19.10
Deadlock Prevention
resources before it begins execution, or allow process to request resources only when the process has none. Low resource utilization; starvation possible.
19.11
types, and require that each process requests resources in an increasing order of enumeration.
19.12
Deadlock Avoidance
Requires that the system has some additional a priori information available.
Simplest and most useful model requires that each
process declare the maximum number of resources of each type that it may need.
The deadlock-avoidance algorithm dynamically examines
the resource-allocation state to ensure that there can never be a circular-wait condition.
Resource-allocation state is defined by the number of
available and allocated resources, and the maximum demands of the processes.
19.13
19.14
Background
Program must be brought into memory and placed within
run.
19.15
absolute code can be generated; must recompile code if starting location changes. Load time: Must generate relocatable code if memory location is not known at compile time. Execution time: Binding delayed until run time if the process can be moved during its execution from one memory segment to another. Need hardware support for address maps (e.g., base and limit registers).
19.16
virtual address. Physical address address seen by the memory unit. Logical and physical addresses are the same in compile-
time and load-time address-binding schemes; logical (virtual) and physical addresses differ in execution-time address-binding scheme.
19.17
added to every address generated by a user process at the time it is sent to memory.
The user program deals with logical addresses; it never
19.18
19.19
Dynamic Loading
Routine is not loaded until it is called
Better memory-space utilization; unused routine is never
loaded. Useful when large amounts of code are needed to handle infrequently occurring cases. No special support from the operating system is required implemented through program design.
19.20
Dynamic Linking
Linking postponed until execution time.
Small piece of code, stub, used to locate the appropriate
memory-resident library routine. Stub replaces itself with the address of the routine, and executes the routine. Operating system needed to check if routine is in processes memory address. Dynamic linking is particularly useful for libraries.
19.21
Swapping
A process can be swapped temporarily out of memory to a
backing store, and then brought back into memory for continued execution.
Backing store fast disk large enough to accommodate copies
of all memory images for all users; must provide direct access to these memory images.
Roll out, roll in swapping variant used for priority-based
scheduling algorithms; lower-priority process is swapped out so higher-priority process can be loaded and executed.
Major part of swap time is transfer time; total transfer time is
19.22
19.23
Contiguous Allocation
Main memory usually into two partitions: Resident operating system, usually held in low memory with interrupt vector. User processes then held in high memory. Single-partition allocation Relocation-register scheme used to protect user processes from each other, and from changing operating-system code and data. Relocation register contains value of smallest physical address; limit register contains range of logical addresses each logical address must be less than the limit register.
19.24
19.25
OS process 5
OS process 5
OS process 5 process 9
process 2
19.26
must search entire list, unless ordered by size. Produces the smallest leftover hole. Worst-fit: Allocate the largest hole; must also search entire list. Produces the largest leftover hole. First-fit and best-fit better than worst-fit in terms of speed and storage utilization.
19.27
Fragmentation
External Fragmentation total memory space exists to
satisfy a request, but it is not contiguous. Internal Fragmentation allocated memory may be slightly larger than requested memory; this size difference is memory internal to a partition, but not being used. Reduce external fragmentation by compaction
Shuffle memory contents to place all free memory together
in one large block. Compaction is possible only if relocation is dynamic, and is done at execution time. I/O problem Latch job in memory while it is involved in I/O. Do I/O only into OS buffers.
19.28
File Concept
Contiguous logical address space
Types: Data numeric character binary Program
19.29
File Structure
None - sequence of words, bytes
Simple record structure Lines Fixed length Variable length Complex Structures Formatted document Relocatable load file Can simulate last two with first method by inserting
19.30
File Attributes
Name only information kept in human-readable form.
Type needed for systems that support different types. Location pointer to file location on device. Size current file size. Protection controls who can do reading, writing,
executing. Time, date, and user identification data for protection, security, and usage monitoring. Information about files are kept in the directory structure, which is maintained on the disk.
19.31
File Operations
Create
Write Read Reposition within file file seek Delete Truncate Open(Fi) search the directory structure on disk for entry
Fi, and move the content of entry to memory. Close (Fi) move the content of entry Fi in memory to directory structure on disk.
19.32
19.33
19.34
Directory Structure
A collection of nodes containing information about all
files.
Directory
Files
F1
F2
F3
F4 Fn
Both the directory structure and the files reside on disk. Backups of these two structures are kept on tapes.
Operating System Concepts
19.35
19.36
19.37
19.38
Single-Level Directory
19.39
Two-Level Directory
Separate directory for each user.
Path name Can have the same file name for different user Efficient searching No grouping capability
19.40
Tree-Structured Directories
19.41
File-System Structure
File structure Logical storage unit Collection of related information
File system resides on secondary storage (disks). File system organized into layers. File control block storage structure consisting of
19.42
19.43
19.44
Allocation Methods
An allocation method refers to how disk blocks are
19.45
Contiguous Allocation
19.46
19.47
Linked Allocation
Each file is a linked list of disk blocks: blocks may be
pointer
19.48
Simple need only starting address Free-space management system no waste of space No random access Mapping Q LA/511 R
Block to be accessed is the Qth block in the linked chain of blocks representing the file. Displacement into block = R + 1 File-allocation table (FAT) disk-space allocation used by MS-DOS and OS/2.
Silberschatz, Galvin and Gagne 2002
19.49
Linked Allocation
19.50
Indexed Allocation
Brings all pointers together into the index block.
Logical view.
index table
19.51
19.52
Random access
Dynamic access without external fragmentation, but have
overhead of index block. Mapping from logical to physical in a file of maximum size of 256K words and block size of 512 words. We need only 1 block for index table.
Q
LA/512
R
19.53
Schedulers (Cont.)
Short-term scheduler is invoked very frequently
(milliseconds) (must be fast). Long-term scheduler is invoked very infrequently (seconds, minutes) (may be slow). The long-term scheduler controls the degree of multiprogramming. Processes can be described as either:
I/O-bound process spends more time doing I/O than
computations, many short CPU bursts. CPU-bound process spends more time doing computations; few very long CPU bursts.
19.54
System Calls
System calls provide the interface between a running
systems programming allow system calls to be made directly (e.g., C, C++) Three general methods are used to pass parameters
address is passed as a parameter in a register. Push (store) the parameters onto the stack by the program, and pop off the stack by operating system.
19.55
Security
The Security Problem
Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT
19.56
misuse.
19.57
Authentication
User identity most often established through passwords,
19.58
Program Threats
Trojan Horse Code segment that misuses its environment. Exploits mechanisms for allowing programs written by users to be executed by other users.
Trap Door Specific user identifier or password that circumvents normal security procedures. Could be included in a compiler. Stack and Buffer Overflow Exploits a bug in a program (overflow either the stack or memory buffers.)
19.59
System Threats
Worms use spawn mechanism; standalone program
Internet worm Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs. Grappling hook program uploaded main worm program. Viruses fragment of code embedded in a legitimate program. Mainly effect microcomputer systems. Downloading viral programs from public bulletin boards or exchanging floppy disks containing an infection. Safe computing. Denial of Service Overload the targeted computer preventing it from doing any sueful work.
19.60
Threat Monitoring
Check for suspicious patterns of activity i.e., several
incorrect password attempts may signal password guessing. Audit log records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures. Scan the system periodically for security holes; done when the computer is relatively unused.
19.61
19.62
FireWall
A firewall is placed between trusted and untrusted hosts.
The firewall limits network access between these two
security domains.
19.63
Intrusion Detection
Detect attempts to intrude into computer systems.
Detection methods: Auditing and logging. Tripwire (UNIX software that checks if certain files and directories have been altered I.e. password files) System call monitoring
19.64
Encryption
Encrypt clear text into cipher text.
Properties of good encryption technique: Relatively simple for authorized users to incrypt and decrypt data. Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key. Extremely difficult for an intruder to determine the encryption key. Data Encryption Standard substitutes characters and
rearranges their order on the basis of an encryption key provided to authorized users via a secure mechanism. Scheme only as secure as the mechanism.
19.65
Encryption (Cont.)
Public-key encryption based on each user having two
keys:
public key published key used to encrypt data. private key key known only to individual user used to
decrypt data.
prime. No efficient algorithm is know for finding the prime factors of a number.
19.66
key cryptography.
19.67
Windows NT Example
Configurable security allows policies ranging from D to C2.
Security is based on user accounts where each user has a
security ID.
Uses a subject model to ensure access security. A subject
tracks and manages permissions for each program that a user runs.
Each object in Windows NT has a security attribute defined by a
security descriptor. For example, a file has a security descriptor that indicates the access permissions for all users.
19.68