COS331- OPERATING SYSTEMS (3 Units)

Course Contents
Introduction to processes; Anatomy of a simple operating system (e.g., DOS); Processor management;
memory management; protection; types of operating system; multiprogramming concepts and
requirements, multi-tasking, real time, multiprocessing systems; issues based on semaphore and
monitor concepts; Installation and optimization of 16-bit, 32-bit and 64-bit operating systems. Linux
file system; shell programming; filters and pipelines; Virtual memory. Anatomy of a multi-user
operating system (e.g., Linux, Windows); Device drivers; OS interaction with devices; event-driven
execution.
1.0 INTRODUCTION
What is an Operating System?

Historically, operating systems have evolved to satisfy two, sometimes conflicting and complementary
needs. The first is to manage the full set of material (hardware) and data (software) resources of a
computer system in order to ensure efficient and correct operation. The second is to provide users with
services that essentially transform the collection of raw machine components into a higher level virtual
computer more suitable for applications programming.
Thus, an operating system (OS) may be defined as a structure consisting of a number of layers
of software, whose purpose is to offer the user a convenient means of using the computer system and
managing the full set of system resources, both physical and logical. A computer without an OS is like
a bus without a driver.

Figure 1 shows the structure of a computer system depicting operating system in between Application
software and Hardware devices.

Figure 1 Structure of a Computer System

1
An operating system (OS) is software, consisting of programs and data, that runs on computers,
manages computer hardware resources, and provides common services for execution of various
application software. In other words, operating systems serve as an interface between application
software and hardware. Operating systems are found on almost any device that contains a computer -
from cellular phones and video game consoles to supercomputers and web servers. Microsoft Word
falls under the category of application software, and it uses an operating system like Microsoft
Windows XP or Vista to interact with computer hardware. Others are MacOS, Linux, and Unix.

Figure 2 Structure of a Computer System showing Operating System

Definition

An operating system is a program that acts as an interface between the user and the computer
hardware and controls the execution of all kinds of programs. It performs all the basic tasks like file
management, memory management, process management, handling input and output, and controlling
peripheral devices such as disk drives and printers. Some popular Operating Systems include Linux
Operating System, Windows Operating System, VMS, OS/400, AIX, Android OS, IOS, etc. Figure 2
shows the structure of a computer depicting the operating system at the middle of its affairs.
Functions of the Operating System

The (functional) characteristics of an OS depend heavily on the designer’s overall conception, on the
types of applications envisaged and the demands that they will make. For example, is the system to be
single-user, multi-tasking, or multi-User? Must the task structure be altered dynamically or can it be
built once, statically? What sort of I/O devices, (what performance? Synchronous, asynchronous,
novel) must be supported?

While some responsibilities vary from one OS to another, there are certain responsibilities that must be
provided by almost all OS. These include:

1 Process management
2
 2 Memory management:
3 Device management
4 File Management
5 Job and session management
6 Interrupt, I/O, Timer management
7 User interface
8 Error detection and handling
9 Reliability and security
10 Monitoring and Accounting of computing resources
11 Coordination between other software and users
Memory Management
Memory management refers to management of Primary Memory or Main Memory. Main memory is a
large array of words or bytes where each word or byte has its own address. Main memory provides a
fast storage that can be accessed directly by the CPU. For a program to be executed, it must be in the
main memory. An Operating System does the following activities for memory management:
 Keeps tracks of primary memory, i.e., what part of it are in use by whom, what part are not in
use.
 In multiprogramming, the OS decides which process will get memory when and how much.
 Allocates the memory when a process requests it to do so.
 De-allocates the memory when a process no longer needs it or has been terminated.
Processor Management
In multiprogramming environment, the OS decides which process gets the processor when and for
how much time. This function is called process scheduling. An Operating System does the following
activities for processor management:
 Keeps tracks of processor and status of process. The program responsible for this task is
known as traffic controller.
 Allocates the processor (CPU) to a process.
 De-allocates processor when a process is no longer required.
Device Management
An Operating System manages device communication via their respective drivers. It does the
following activities for device management:
 Keeps tracks of all devices. Program responsible for this task is known as the I/O controller.
 Decides which process gets the device when and for how much time.
 Allocates the device in the efficient way.
 De-allocates devices.
File Management
A file system is normally organized into directories for easy navigation and usage. These directories
may contain files and other directions. An Operating System does the following activities for file
management:
 Keeps track of information, location, uses, status etc. The collective facilities are often known
as file system.
 Decides who gets the resources.
 Allocates the resources.
 De-allocates the resources.
Provision of User Interface
Each OS tends to provide "friendly" user interface, which is the gateway between a computer
system and its users. The user-interface has two parts; the command interface and the program
interface. The command interface supports two-way direct communication between users and the OS.
This communication may take a variety of forms (such as touch, sound, graphics, menu, help and
prompt messages). An important element of the command interface is the terminal handler. This
module is responsible for managing characters and lines as typed or controlling the screen display.
3
Issues considered in the design of a command language are the set of commands to be included, use of
a run command, choice of positional or keyword argument syntax, command abbreviation, and wild
cards.
A command language is also a response language. Types of responses in an interactive environment
include prompt, help, progress and termination messages.
The program interface, on the other hand, provides the means by which programs obtain services from
the OS, with the aid of the system call.
Monitoring and Accounting of Computing resources
Most sophisticated operating systems, especially in environments where computing is considered to
have significant costs, include some facilities for monitoring the behavior of the computer system as it
proceeds and for keeping records of that behavior for various purposes, namely:
(a) Accounting and keeping track of resources use by each user so that user can be billed for the
services of the computing system.
(b) Measurement of the performance of system-that of available resources. Such monitoring may
identify adjustments that should be made to keep that performance as good as possible.
(c) Detection of improper behavior by users and processes, especially in systems highly concerned
with security.
Other Important Activities
Following are some of the important activities that an Operating System performs:
 Security − By means of password and similar other techniques, it prevents unauthorized
access to programs and data.
 Control over system performance − Recording delays between request for a service and
response from the system.
 Job accounting − Keeping track of time and resources used by various jobs and users.
 Error detecting aids − Production of dumps, traces, error messages, and other debugging and
error detecting aids.
 Coordination between other software and users − Coordination and assignment of
compilers, interpreters, assemblers and other software to the various users of the computer
systems.

Types of Operating System

Operating systems are there from the very first computer generation and they keep evolving with time.
In this chapter, we will discuss some of the important types of operating systems which are most
commonly used.
Batch operating system
The users of a batch operating system do not interact with the computer directly. Each user prepares
his job on an off-line device like punch cards and submits it to the computer operator. To speed up
processing, jobs with similar needs are batched together and run as a group. The programmers leave
their programs with the operator and the operator then sorts the programs with similar requirements
into batches.
The problems with Batch Systems are as follows:
 Lack of interaction between the user and the job.
 CPU is often idle, because the speed of the mechanical I/O devices is slower than the CPU.
 Difficult to provide the desired priority.

Time-sharing operating systems

Time-sharing is a technique which enables many people, located at various terminals, to use a
particular computer system at the same time. Time-sharing or multitasking is a logical extension of
multiprogramming. Processor's time which is shared among multiple users simultaneously is termed as
time-sharing.

4
The main difference between Multiprogrammed Batch Systems and Time-Sharing Systems is that in
case of Multiprogrammed batch systems, the objective is to maximize processor use, whereas in Time-
Sharing Systems, the objective is to minimize response time.
Multiple jobs are executed by the CPU by switching between them, but the switches occur so
frequently. Thus, the user can receive an immediate response. For example, in a transaction
processing, the processor executes each user program in a short burst or quantum of computation. That
is, if n users are present, then each user can get a time quantum. When the user submits the command,
the response time is in few seconds at most.
Operating system uses CPU scheduling and multiprogramming to provide each user with a small
portion of the time or time- slice. Computer systems that were designed primarily as batch systems
have been modified to time-sharing systems.
Advantages of Timesharing operating systems are as follows:
 Provides the advantage of quick response.
 Avoids duplication of software.
 Reduces CPU idle time.
Disadvantages of Time-sharing operating systems are as follows −
 Problem of reliability.
 Question of security and integrity of user programs and data.
 Problem of data communication.
Distributed operating System
Distributed systems use multiple central processors to serve multiple real-time applications and
multiple users. Data processing jobs are distributed among the processors accordingly.
The processors communicate with one another through various communication lines (such as high-
speed buses or telephone lines). These are referred as loosely coupled systems or distributed systems.
Processors in a distributed system may vary in size and function. These processors are referred as
sites, nodes, computers, and so on.
The advantages of distributed systems are as follows:
 With resource sharing facility, a user at one site may be able to use the resources available at
another.
 Speedup the exchange of data with one another via electronic mail.
 If one site fails in a distributed system, the remaining sites can potentially continue operating.
 Better service to the customers.
 Reduction of the load on the host computer.
 Reduction of delays in data processing.
Network operating System
A Network Operating System runs on a server and provides the server the capability to manage data,
users, groups, security, applications, and other networking functions. The primary purpose of the
network operating system is to allow shared file and printer access among multiple computers in a
network, typically a local area network (LAN), a private network or to other networks.
Examples of network operating systems include Microsoft Windows Server 2003, Microsoft Windows
Server 2008, UNIX, Linux, Mac OS X, Novell NetWare, and BSD.
The advantages of network operating systems are as follows:
 Centralized servers are highly stable.
 Security is server managed.
 Upgrades to new technologies and hardware can be easily integrated into the system.
 Remote access to servers is possible from different locations and types of systems.
The disadvantages of network operating systems are as follows:
 High cost of buying and running a server.
 Dependency on a central location for most operations.
 Regular maintenance and updates are required.

5
Real Time operating System
A real-time system is defined as a data processing system in which the time interval required to
process and respond to inputs is so small that it controls the environment. The time taken by the
system to respond to an input and display of required updated information is termed as the response
time. So in this method, the response time is very less as compared to online processing.
Real-time systems are used when there are rigid time requirements on the operation of a processor or
the flow of data and real-time systems can be used as a control device in a dedicated application. A
real-time operating system must have well-defined, fixed time constraints, otherwise the system will
fail. For example, Scientific experiments, medical imaging systems, industrial control systems,
weapon systems, robots, air traffic control systems, etc.
There are two types of real-time operating systems.
Hard real-time systems
Hard real-time systems guarantee that critical tasks complete on time. In hard real-time systems,
secondary storage is limited or missing and the data is stored in ROM. In these systems, virtual
memory is almost never found.
Soft real-time systems
Soft real-time systems are less restrictive. A critical real-time task gets priority over other tasks and
retains the priority until it completes. Soft real-time systems have limited utility than hard real-time
systems. For example, multimedia, virtual reality, Advanced Scientific Projects like undersea
exploration and planetary rovers, etc.

Operating System - Services

An Operating System provides services to both the users and to the programs.
 It provides programs an environment to execute.
 It provides users the services to execute the programs in a convenient manner.

Following are a few common services provided by an operating system:

 Program execution
 I/O operations
 File System manipulation
 Communications
 Error Detection
 Resource Allocation
 Protection
Program execution
Operating systems handle many kinds of activities from user programs to system programs like printer
spooler, name servers, file server, etc. Each of these activities is encapsulated as a process.
A process includes the complete execution context (code to execute, data to manipulate, registers, OS
resources in use). Following are the major activities of an operating system with respect to program
management:
 Loads a program into memory.
 Executes the program.
 Handles program's execution.
 Provides a mechanism for process synchronization.
 Provides a mechanism for process communication.
 Provides a mechanism for deadlock handling.
I/O Operation
An I/O subsystem comprises of I/O devices and their corresponding driver software. Drivers hide the
peculiarities of specific hardware devices from the users.
An Operating System manages the communication between user and device drivers.
 I/O operation means read or write operation with any file or any specific I/O device.
6
  Operating system provides the access to the required I/O device when required.
File system manipulation
A file represents a collection of related information. Computers can store files on the disk (secondary
storage), for long-term storage purpose. Examples of storage media include magnetic tape, magnetic
disk and optical disk drives like CD, DVD. Each of these media has its own properties like speed,
capacity, data transfer rate and data access methods.
A file system is normally organized into directories for easy navigation and usage. These directories
may contain files and other directions. Following are the major activities of an operating system with
respect to file management −
 Program needs to read a file or write a file.
 The operating system gives the permission to the program for operation on file.
 Permission varies from read-only, read-write, denied and so on.
 Operating System provides an interface to the user to create/delete files.
 Operating System provides an interface to the user to create/delete directories.
 Operating System provides an interface to create the backup of file system.
Communications
In case of distributed systems which are a collection of processors that do not share memory,
peripheral devices, or a clock, the operating system manages communications between all the
processes. Multiple processes communicate with one another through communication lines in the
network.
The OS handles routing and connection strategies, and the problems of contention and security.
Following are the major activities of an operating system with respect to communication −
 Two processes often require data to be transferred between them
 Both the processes can be on one computer or on different computers, but are connected
through a computer network.
 Communication may be implemented by two methods, either by Shared Memory or by
Message Passing.
Error handling
Errors can occur anytime and anywhere. An error may occur in CPU, in I/O devices or in the memory
hardware. Following are the major activities of an operating system with respect to error handling:
 The OS constantly checks for possible errors.
 The OS takes an appropriate action to ensure correct and consistent computing.
Resource Management
In case of multi-user or multi-tasking environment, resources such as main memory, CPU cycles and
files storage are to be allocated to each user or job. Following are the major activities of an operating
system with respect to resource management:
 The OS manages all kinds of resources using schedulers.
 CPU scheduling algorithms are used for better utilization of CPU.
Protection
Considering a computer system having multiple users and concurrent execution of multiple processes,
the various processes must be protected from each other's activities.
Protection refers to a mechanism or a way to control the access of programs, processes, or users to the
resources defined by a computer system. Following are the major activities of an operating system
with respect to protection −
 The OS ensures that all access to system resources is controlled.
 The OS ensures that external I/O devices are protected from invalid access attempts.
 The OS provides authentication features for each user by means of passwords.

2.0 Introduction to Processes

Naming conventions:

7
Before talking about process management later, we shall introduce some of the names which are in
common use and will be used repeatedly.
o Process: This is a general term for a program which is being executed. All work done by the
CPU contributes to the execution of processes. Each process has a descriptive information
structure associated with it (normally held by the kernel) called a process control block which
keeps track of how far the execution has progressed and what resources the process holds.
o Task: On some systems processes are called tasks.
o Job: Some systems distinguish between batch execution and interactive execution. Batch (or
queued) processes are often called jobs. They are like production line processes which start, do
something and quit, without stopping to ask for input from a user. They are non-interactive
processes.
o Thread: (sometimes called a lightweight process) is different from process or task in that a
thread is not enough to get a whole program executed. A thread is a kind of stripped down
process - it is just one `active hand' in a program - something which the CPU is doing on
behalf of a program, but not enough to be called a complete process. Threads remember
what they have done separately, but they share the information about what resources a program
is using, and what state the program is in. A thread is only a CPU assignment. Several threads
can contribute to a single task. When this happens, the information about one process or task is
used by many threads. Each task must have at least one thread in order to do any work.
o CPU burst: A period of uninterrupted CPU activity.
o I/O burst: A period of uninterrupted input/output activity.
2.1 OS CONCEPTS
Processes: Process is a key concept in all Operating systems is the process. What is a process?
 "An execution stream in the context of a particular process state."
 A more intuitive, but less precise, definition is just a running piece of code along with all the
things that the code can affect or be affected by.
 Process state is everything that can affect, or be affected by, the process: includes code,
particular data values, open files, etc.
 Execution stream is a sequence of instructions performed in a process state.
 Only one thing happens at a time within a process.
Is a process the same as a program?
Some systems allow only one process (mostly personal computers) to run. Those systems or PCs that
allow only one process to run are called uniprogramming systems (not uniprocessing; that means only
one processor).
Most systems allow more than one process to run. They are called multiprogramming systems. First,
they have to keep track of all the processes. For each process, process control block (PCB) is used to
holds:
 Execution state (saved registers, etc.)
 Scheduling information
 Accounting and other miscellaneous information.
Process table: collection of all process control blocks for all processes.
Process Control Block
Execution
State
Scheduling
Information
Accounting
and
Miscellaneous

8
How can several processes share one CPU? OS must make sure that processes do not interfere with
each other. This means
 Making sure each gets a chance to run (fair scheduling).
 Making sure they do not modify each other's state (protection).
Dispatcher (also called Short Term Scheduler): inner-most portion of the OS that runs processes:
 Run process for a while
 Save state
 Load state of another process
 Run it ...

A process is basically a program in execution. Associated with each process is its address space, a list
of memory locations. The address space contains the executable program, the programs data, and its
stack.
The key process management system calls are those dealing with the creation and termination of
processes.
The Process Model
In this model, all the run-able software on the computer, sometimes including the OS, is organized
into a number of sequential processes. A process is just an executing program, including the current
values of the program counter, registers and variables.
Each process has its own virtual CPU. In reality, the real CPU switches back and forth from
process to process. The rapid switching back and forth is called multiprogramming.

A Process switch

9
Figure 6 shows the Process model

3.0 ANATOMY OF A SIMPLE OPERATING SYSTEM (Example DOS, Unix)

A. The Structure of DOS

The structure of Disk Operating System for IBM PC-compatible computers can be broken down into
four distinct components:
 BIOS Module
 Kernel
 Command Processor
 External Commands
The BIOS Module
The BIOS module includes the default resident drivers for:
 Console display and keyboard (CON)
 Line printer (PRN)
 Auxiliary device (AUX)
 Date and time (CLOCK)
 Boot disk device (block device)
It also accommodates installable drivers (DEVICE=commands in CONFIG.SYS), such as:
 MOUSE.SYS
 ANSI.SYS
 386EMM.SYS
 CLOCK.SYS, etc.
The primitive parts of the resident drivers are in the ROM BIOS while the rest are in the IO.SYS (or
IBMBIO.COM) system file.
The DOS Kernel
The DOS Kernel performs the following functions:
 File and record management
 Memory management
 Character device input/output
 Spawning other programs
 Access to real-time clock
The DOS kernel components are contained in the MSDOS.SYS (or IBMDOS.COM) system file.
Programs communicate with the kernel via software interrupts.
The Command Processor
The command processor is also known as the shell, or the command interpreter. The command
processor is not the operating system, but rather a special class of program running under control of
MS-DOS - it is the user interface to DOS.
The command processor is responsible for parsing and carrying out user commands, including the
loading and execution of other programs from disk (external commands).
The command processor also includes the code for many of the most commonly-used DOS
commands, known as the internal commands.
DOS Internal Commands
The DOS (Windows 9x) internal commands are so-called because their instructions are a part of
COMMAND.COM, the DOS (Windows 9x) command line interpreter.

Recall that COMMAND.COM is placed into memory each time the DOS or Windows 9x OS is
booted. Examples of DOS Internal commands are Time, Date, CLS, Dir, Type, Ren, etc
The DOS External Commands

10
The external commands are known as disk bound commands. They reside in individual files on disk
and must be loaded into primary memory (RAM) before they can be executed. Instructions for
external commands are disk-based. This means the file with the name of the command must be loaded
into RAM at the moment when the command is given. Application programs are external commands
and some DOS programs are external. Examples of DOS external commands are Format, CHKDSK,
DISKCOPY, etc.
B. The Structure of UNIX Operating System
Figure 3 shows the structure of operating system e.g. UNIX OS.

The UNIX Operating System has three key components: the kernel, shell and utilities and application
programs.
i) The kernel schedules tasks and manages system resources such as I/O, memory, etc.
ii) The shell is the command interpreter. It interprets user commands and calls system program to
perform the requested operations. The shell is also a programming language.
iii) Utilities and Application programs- are facilities provided to facilitate the daily usage of the OS
e.g. programming environment. Accordingly, OS acts as interface between users and the hardware of a
computer system.

OS Properties

OS has a number of properties such as batch processing, multitasking, multiprogramming,

interactivity, real time operation, distributed environment and spooling. Let us examine each in turn.

Batch processing: Batch processing is a technique in which an Operating System collects the
programs and data together in a batch before processing starts. An operating system does the following
activities related to batch processing:

 The OS defines a job which has predefined sequence of commands, programs and data as a
single unit.
 The OS keeps a number a jobs in memory and executes them without any manual information.
 Jobs are processed in the order of submission, i.e., first come first served fashion.
 When a job completes its execution, its memory is released and the output for the job gets
copied into an output spool for later printing or processing.

Advantages
 Batch processing takes much of the work of the operator to the computer.
 Increased performance as a new job get started as soon as the previous job is finished, without
any manual intervention.
Disadvantages
 Difficult to debug program.
11
  A job could enter an infinite loop.
 Due to lack of protection scheme, one batch job can affect pending jobs.

Multitasking: Multitasking is when multiple jobs are executed by the CPU simultaneously by
switching between them. Switches occur so frequently that the users may interact with each program
while it is running. An OS does the following activities related to multitasking:

 The user gives instructions to the operating system or to a program directly, and receives an
immediate response.
 The OS handles multitasking in the way that it can handle multiple operations/executes
multiple programs at a time.
 Multitasking Operating Systems are also known as Time-sharing systems.
 These Operating Systems were developed to provide interactive use of a computer system at a
reasonable cost.
 A time-shared operating system uses the concept of CPU scheduling and multiprogramming to
provide each user with a small portion of a time-shared CPU.
 Each user has at least one separate program in memory.

 A program that is loaded into memory and is executing is commonly referred to as a process.
 When a process executes, it typically executes for only a very short time before it either
finishes or needs to perform I/O.
 Since interactive I/O typically runs at slower speeds, it may take a long time to complete.
During this time, a CPU can be utilized by another process.
 The operating system allows the users to share the computer simultaneously. Since each action
or command in a time-shared system tends to be short, only a little CPU time is needed for each
user.
 As the system switches CPU rapidly from one user/program to the next, each user is given the
impression that he/she has his/her own CPU, whereas actually one CPU is being shared among
many users.

Multiprogramming: Sharing the processor, when two or more programs reside in memory at the
same time, is referred as multiprogramming. Multiprogramming assumes a single shared processor.
Multiprogramming increases CPU utilization by organizing jobs so that the CPU always has one to
execute.

The following figure shows the memory layout for a multiprogramming system.

12
An OS does the following activities related to multiprogramming.
 The operating system keeps several jobs in memory at a time.
 This set of jobs is a subset of the jobs kept in the job pool.
 The operating system picks and begins to execute one of the jobs in the memory.
 Multiprogramming operating systems monitor the state of all active programs and system
resources using memory management programs to ensures that the CPU is never idle, unless
there are no jobs to process.
Advantages
 High and efficient CPU utilization.
 User feels that many programs are allotted CPU almost simultaneously.
Disadvantages
 CPU scheduling is required.
 To accommodate many jobs in memory, memory management is required.

Interactivity: Interactivity refers to the ability of users to interact with a computer system. An
Operating system does the following activities related to interactivity −

 Provides the user an interface to interact with the system.

 Manages input devices to take inputs from the user. For example, keyboard.
 Manages output devices to show outputs to the user. For example, Monitor.
The response time of the OS needs to be short, since the user submits and waits for the result.

Real Time System: Real-time systems are usually dedicated, embedded systems. An operating system
does the following activities related to real-time system activity.

 In such systems, Operating Systems typically read from and react to sensor data.
 The Operating system must guarantee response to events within fixed periods of time to ensure
correct performance.

Distributed Environment: A distributed environment refers to multiple independent CPUs or

processors in a computer system. An operating system does the following activities related to
distributed environment −

 The OS distributes computation logics among several physical processors.

 The processors do not share memory or a clock. Instead, each processor has its own local
memory.
 The OS manages the communications between the processors. They communicate with each
other through various communication lines.

13
Spooling: Spooling is an acronym for simultaneous peripheral operations on line. Spooling refers to
putting data of various I/O jobs in a buffer. This buffer is a special area in memory or hard disk which
is accessible to I/O devices.

An operating system does the following activities related to distributed environment −

 Handles I/O device data spooling as devices have different data access rates.
 Maintains the spooling buffer which provides a waiting station where data can rest while the
slower device catches up.
 Maintains parallel computation because of spooling process as a computer can perform I/O in
parallel fashion. It becomes possible to have the computer read data from a tape, write data to
disk and to write out to a tape printer while it is doing its computing task.

Advantages
 The spooling operation uses a disk as a very large buffer.
 Spooling is capable of overlapping I/O operation for one job with processor operations for
another job.

4.0 THE CONCEPT OF PROCESS MANAGEMENT

Process: A process is basically a program in execution. The execution of a process must progress in a
sequential fashion.
A process is defined as an entity which represents the basic unit of work to be implemented in the
system.
To put it in simple terms, we write our computer programs in a text file and when we execute this
program, it becomes a process which performs all the tasks mentioned in the program.
When a program is loaded into the memory and it becomes a process, it can be divided into four
sections ─ stack, heap, text and data. The following image shows a simplified layout of a process
inside main memory.

14
S.N. Component & Description

1
Stack
The process Stack contains the temporary data such as
method/function parameters, return address and local variables.

2
Heap
This is dynamically allocated memory to a process during its run
time.

3
Text
This includes the current activity represented by the value of
Program Counter and the contents of the processor's registers.

4
Data
This section contains the global and static variables.

Program: A program is a piece of code which may be a single line or millions of lines. A computer
program is usually written by a computer programmer in a programming language. For example, here
is a simple program written in C programming language −
#include <stdio.h>

int main() {
printf("Hello, World! \n");
return 0;
}
A computer program is a collection of instructions that performs a specific task when executed by a
computer. When we compare a program with a process, we can conclude that a process is a dynamic
instance of a computer program.
A part of a computer program that performs a well-defined task is known as an algorithm. A
collection of computer programs, libraries and related data are referred to as a software.
Process Life Cycle
When a process executes, it passes through different states. These stages may differ in different
operating systems, and the names of these states are also not standardized.
In general, a process can have one of the following five states at a time.

15
S.N. State & Description

1 Start
This is the initial state when a process is first
started/created.

2 Ready
The process is waiting to be assigned to a processor.
Ready processes are waiting to have the processor
allocated to them by the operating system so that they
can run. Process may come into this state
after Start state or while running it by but interrupted by
the scheduler to assign CPU to some other process.

3 Running
Once the process has been assigned to a processor by the
OS scheduler, the process state is set to running and the
processor executes its instructions.

4 Waiting
Process moves into the waiting state if it needs to wait
for a resource, such as waiting for user input, or waiting
for a file to become available.

5 Terminated or Exit
Once the process finishes its execution, or it is
terminated by the operating system, it is moved to the
terminated state where it waits to be removed from main
memory.

Process Control Block (PCB)

A Process Control Block is a data structure maintained by the Operating System for every process.
The PCB is identified by an integer process ID (PID). A PCB keeps all the information needed to keep
track of a process as listed below in the table −
S.N. Information & Description

1 Process State
The current state of the process i.e., whether it is ready, running, waiting, or whatever.

2 Process privileges

16
 This is required to allow/disallow access to system resources.

3 Process ID
Unique identification for each of the process in the operating system.

4 Pointer
A pointer to parent process.

5 Program Counter
Program Counter is a pointer to the address of the next instruction to be executed for this
process.

6 CPU registers
Various CPU registers where process need to be stored for execution for running state.

7 CPU Scheduling Information

Process priority and other scheduling information which is required to schedule the
process.

8 Memory management information

This includes the information of page table, memory limits, Segment table depending on
memory used by the operating system.

9 Accounting information
This includes the amount of CPU used for process execution, time limits, execution ID
etc.

10 IO status information
This includes a list of I/O devices allocated to the process.
The architecture of a PCB is completely dependent on Operating System and may contain different
information in different operating systems. Here is a simplified diagram of a PCB −

17
The PCB is maintained for a process throughout its lifetime, and is deleted once the process
terminates.

Process Scheduling
The process scheduling is the activity of the process manager that handles the removal of the running
process from the CPU and the selection of another process on the basis of a particular strategy.
Process scheduling is an essential part of a Multiprogramming operating systems. Such operating
systems allow more than one process to be loaded into the executable memory at a time and the loaded
process shares the CPU using time multiplexing.
Process Scheduling Queues
The OS maintains all PCBs in Process Scheduling Queues. The OS maintains a separate queue for
each of the process states and PCBs of all processes in the same execution state are placed in the same
queue. When the state of a process is changed, its PCB is unlinked from its current queue and moved
to its new state queue.
The Operating System maintains the following important process scheduling queues −
 Job queue − This queue keeps all the processes in the system.
 Ready queue − This queue keeps a set of all processes residing in main memory, ready and
waiting to execute. A new process is always put in this queue.
 Device queues − The processes which are blocked due to unavailability of an I/O device
constitute this queue.

The OS can use different policies to manage each queue (FIFO, Round Robin, Priority, etc.). The OS
scheduler determines how to move processes between the ready and run queues which can only have
one entry per processor core on the system; in the above diagram, it has been merged with the CPU.
Two-State Process Model
Two-state process model refers to running and non-running states which are described below −
S.N. State & Description

1 Running
When a new process is created, it enters into the system as in the running state.

2 Not Running
Processes that are not running are kept in queue, waiting for their turn to execute. Each
entry in the queue is a pointer to a particular process. Queue is implemented by using
linked list. Use of dispatcher is as follows. When a process is interrupted, that process is
transferred in the waiting queue. If the process has completed or aborted, the process is
18
 discarded. In either case, the dispatcher then selects a process from the queue to execute.
Schedulers
Schedulers are special system software which handle process scheduling in various ways. Their main
task is to select the jobs to be submitted into the system and to decide which process to run.
Schedulers are of three types −
 Long-Term Scheduler
 Short-Term Scheduler
 Medium-Term Scheduler
Long Term Scheduler
It is also called a job scheduler. A long-term scheduler determines which programs are admitted to
the system for processing. It selects processes from the queue and loads them into memory for
execution. Process loads into the memory for CPU scheduling.
The primary objective of the job scheduler is to provide a balanced mix of jobs, such as I/O bound and
processor bound. It also controls the degree of multiprogramming. If the degree of multiprogramming
is stable, then the average rate of process creation must be equal to the average departure rate of
processes leaving the system.
On some systems, the long-term scheduler may not be available or minimal. Time-sharing operating
systems have no long term scheduler. When a process changes the state from new to ready, then there
is use of long-term scheduler.
Short Term Scheduler
It is also called as CPU scheduler. Its main objective is to increase system performance in accordance
with the chosen set of criteria. It is the change of ready state to running state of the process. CPU
scheduler selects a process among the processes that are ready to execute and allocates CPU to one of
them.
Short-term schedulers, also known as dispatchers, make the decision of which process to execute next.
Short-term schedulers are faster than long-term schedulers.
Medium Term Scheduler
Medium-term scheduling is a part of swapping. It removes the processes from the memory. It reduces
the degree of multiprogramming. The medium-term scheduler is in-charge of handling the swapped
out-processes.
A running process may become suspended if it makes an I/O request. A suspended processes cannot
make any progress towards completion. In this condition, to remove the process from memory and
make space for other processes, the suspended process is moved to the secondary storage. This process
is called swapping, and the process is said to be swapped out or rolled out. Swapping may be
necessary to improve the process mix.
Comparison among Scheduler
S.N. Long-Term Scheduler Short-Term Scheduler Medium-Term Scheduler

1 It is a job scheduler It is a CPU scheduler It is a process swapping

scheduler.

2 Speed is lesser than short Speed is fastest among Speed is in between both
term scheduler other two short and long term
scheduler.

3 It controls the degree of It provides lesser control It reduces the degree of

multiprogramming over degree of multiprogramming.
multiprogramming

19
4 It is almost absent or It is also minimal in time It is a part of Time sharing
minimal in time sharing sharing system systems.
system

5 It selects processes from It selects those processes It can re-introduce the

pool and loads them into which are ready to process into memory and
memory for execution execute execution can be continued.

Context Switch

A context switch is the mechanism to store and restore the state or context of a CPU in Process
Control block so that a process execution can be resumed from the same point at a later time. Using
this technique, a context switcher enables multiple processes to share a single CPU. Context switching
is an essential part of a multitasking operating system features.
When the scheduler switches the CPU from executing one process to execute another, the state from
the current running process is stored into the process control block. After this, the state for the process
to run next is loaded from its own PCB and used to set the PC, registers, etc. At that point, the second
process can start executing.

Context switches are computationally intensive since register and memory state must be saved and
restored. To avoid the amount of context switching time, some hardware systems employ two or more
sets of processor registers. When the process is switched, the following information is stored for later
use.
 Program Counter
20
  Scheduling information
 Base and limit register value
 Currently used register
 Changed State
 I/O State information
 Accounting information

OS Scheduling algorithms
A Process Scheduler schedules different processes to be assigned to the CPU based on particular
scheduling algorithms. There are six popular process scheduling algorithms which we are going to
discuss in this section:
 First-Come, First-Served (FCFS) Scheduling
 Shortest-Job-Next (SJN) Scheduling
 Priority Scheduling
 Shortest Remaining Time
 Round Robin(RR) Scheduling
 Multiple-Level Queues Scheduling
These algorithms are either non-preemptive or preemptive. Non-preemptive algorithms are designed
so that once a process enters the running state, it cannot be preempted until it completes its allotted
time, whereas the preemptive scheduling is based on priority where a scheduler may preempt a low
priority running process anytime when a high priority process enters into a ready state.
(i) First Come First Serve (FCFS)
 Jobs are executed on first come, first serve basis.
 It is a non-preemptive, pre-emptive scheduling algorithm.
 Easy to understand and implement.
 Its implementation is based on FIFO queue.
 Poor in performance as average wait time is high.

Wait time of each process is as follows −

Process Wait Time : Service Time - Arrival Time

P0 0-0=0

P1 5-1=4

21
 P2 8-2=6

P3 16 - 3 = 13
Average Wait Time: (0+4+6+13) / 4 = 5.75
(ii) Shortest Job Next (SJN)
 This is also known as shortest job first, or SJF
 This is a non-preemptive, pre-emptive scheduling algorithm.
 Best approach to minimize waiting time.
 Easy to implement in Batch systems where required CPU time is known in advance.
 Impossible to implement in interactive systems where required CPU time is not known.
 The processer should know in advance how much time process will take.
Given: Table of processes, and their Arrival time, Execution time
Process Arrival Time Execution Time Service Time

P0 0 5 0

P1 1 3 5

P2 2 8 14

P3 3 6 8

Waiting time of each process is as follows −

Process Waiting Time

P0 0-0=0

P1 5-1=4

P2 14 - 2 = 12

P3 8-3=5
Average Wait Time: (0 + 4 + 12 + 5)/4 = 21 / 4 = 5.25
22
(iii) Priority Based Scheduling
 Priority scheduling is a non-preemptive algorithm and one of the most common scheduling
algorithms in batch systems.
 Each process is assigned a priority. Process with highest priority is to be executed first and so
on.
 Processes with same priority are executed on first come first served basis.
 Priority can be decided based on memory requirements, time requirements or any other
resource requirement.
Given: Table of processes, and their Arrival time, Execution time, and priority. Here we are
considering 1 is the lowest priority.
Process Arrival Time Execution Time Priority Service Time

P0 0 5 1 0

P1 1 3 2 11

P2 2 8 1 14

P3 3 6 3 5

Waiting time of each process is as follows −

Process Waiting Time

P0 0-0=0

P1 11 - 1 = 10

P2 14 - 2 = 12

P3 5-3=2
Average Wait Time: (0 + 10 + 12 + 2)/4 = 24 / 4 = 6
(iv) Shortest Remaining Time
 Shortest remaining time (SRT) is the preemptive version of the SJN algorithm.

23
  The processor is allocated to the job closest to completion but it can be preempted by a newer
ready job with shorter time to completion.
 Impossible to implement in interactive systems where required CPU time is not known.
 It is often used in batch environments where short jobs need to give preference.
(v) Round Robin Scheduling
 Round Robin is the preemptive process scheduling algorithm.
 Each process is provided a fix time to execute, it is called a quantum.
 Once a process is executed for a given time period, it is preempted and other process executes
for a given time period.
 Context switching is used to save states of preempted processes.

Wait time of each process is as follows −

Process Wait Time : Service Time - Arrival Time

P0 (0 - 0) + (12 - 3) = 9

P1 (3 - 1) = 2

P2 (6 - 2) + (14 - 9) + (20 - 17) = 12

P3 (9 - 3) + (17 - 12) = 11
Average Wait Time: (9+2+12+11) / 4 = 8.5
(vi) Multiple-Level Queues Scheduling
Multiple-level queues are not an independent scheduling algorithm. They make use of other existing
algorithms to group and schedule jobs with common characteristics.
 Multiple queues are maintained for processes with common characteristics.
 Each queue can have its own scheduling algorithms.
 Priorities are assigned to each queue.
For example, CPU-bound jobs can be scheduled in one queue and all I/O-bound jobs in another queue.
The Process Scheduler then alternately selects jobs from each queue and assigns them to the CPU
based on the algorithm assigned to the queue.

5.0 OS Multi-Threading
What is Thread? A thread is a flow of execution through the process code, with its own program
counter that keeps track of which instruction to execute next, system registers which hold its current
working variables, and a stack which contains the execution history.
A thread shares with its peer threads few information like code segment, data segment and open files.
When one thread alters a code segment memory item, all other threads see that.
A thread is also called a lightweight process. Threads provide a way to improve application
performance through parallelism. Threads represent a software approach to improving performance of
operating system by reducing the overhead thread is equivalent to a classical process.
24
Each thread belongs to exactly one process and no thread can exist outside a process. Each thread
represents a separate flow of control. Threads have been successfully used in implementing network
servers and web server. They also provide a suitable foundation for parallel execution of applications
on shared memory multiprocessors. The following figure shows the working of a single-threaded and
a multithreaded process.

Difference between Process and Thread

S.N. Process Thread

1 Process is heavy weight or resource Thread is light weight, taking lesser

intensive. resources than a process.

2 Process switching needs interaction with Thread switching does not need to interact
operating system. with operating system.

3 In multiple processing environments, each All threads can share same set of open files,
process executes the same code but has its child processes.
own memory and file resources.

4 If one process is blocked, then no other While one thread is blocked and waiting, a
process can execute until the first process second thread in the same task can run.
is unblocked.

5 Multiple processes without using threads Multiple threaded processes use fewer
use more resources. resources.

6 In multiple processes each process One thread can read, write or change another
operates independently of the others. thread's data.
Advantages of Thread
 Threads minimize the context switching time.
 Use of threads provides concurrency within a process.
 Efficient communication.
 It is more economical to create and context switch threads.
 Threads allow utilization of multiprocessor architectures to a greater scale and efficiency.
25
Types of Thread
Threads are implemented in following two ways −
 User Level Threads − User managed threads.
 Kernel Level Threads − Operating System managed threads acting on kernel, an operating
system core.
User Level Threads
In this case, the thread management kernel is not aware of the existence of threads. The thread library
contains code for creating and destroying threads, for passing message and data between threads, for
scheduling thread execution and for saving and restoring thread contexts. The application starts with a
single thread.

Advantages
 Thread switching does not require Kernel mode privileges.
 User level thread can run on any operating system.
 Scheduling can be application specific in the user level thread.
 User level threads are fast to create and manage.
Disadvantages
 In a typical operating system, most system calls are blocking.
 Multithreaded application cannot take advantage of multiprocessing.
Kernel Level Threads
In this case, thread management is done by the Kernel. There is no thread management code in the
application area. Kernel threads are supported directly by the operating system. Any application can be
programmed to be multithreaded. All of the threads within an application are supported within a single
process.
The Kernel maintains context information for the process as a whole and for individuals threads within
the process. Scheduling by the Kernel is done on a thread basis. The Kernel performs thread creation,
scheduling and management in Kernel space. Kernel threads are generally slower to create and
manage than the user threads.
Advantages
 Kernel can simultaneously schedule multiple threads from the same process on multiple
processes.
 If one thread in a process is blocked, the Kernel can schedule another thread of the same
process.
 Kernel routines themselves can be multithreaded.
Disadvantages
 Kernel threads are generally slower to create and manage than the user threads.

26
  Transfer of control from one thread to another within the same process requires a mode switch
to the Kernel.
Multithreading Models
Some operating system provide a combined user level thread and Kernel level thread facility. Solaris
is a good example of this combined approach. In a combined system, multiple threads within the same
application can run in parallel on multiple processors and a blocking system call need not block the
entire process. Multithreading models are three types
 Many to many relationship.
 Many to one relationship.
 One to one relationship.
Many to Many Model
The many-to-many model multiplexes any number of user threads onto an equal or smaller number of
kernel threads.
The following diagram shows the many-to-many threading model where 6 user level threads are
multiplexing with 6 kernel level threads. In this model, developers can create as many user threads as
necessary and the corresponding Kernel threads can run in parallel on a multiprocessor machine. This
model provides the best accuracy on concurrency and when a thread performs a blocking system call,
the kernel can schedule another thread for execution.

Many to One Model

Many-to-one model maps many user level threads to one Kernel-level thread. Thread management is
done in user space by the thread library. When thread makes a blocking system call, the entire process
will be blocked. Only one thread can access the Kernel at a time, so multiple threads are unable to run
in parallel on multiprocessors.
If the user-level thread libraries are implemented in the operating system in such a way that the system
does not support them, then the Kernel threads use the many-to-one relationship modes.

27
One to One Model
There is one-to-one relationship of user-level thread to the kernel-level thread. This model provides
more concurrency than the many-to-one model. It also allows another thread to run when a thread
makes a blocking system call. It supports multiple threads to execute in parallel on microprocessors.
Disadvantage of this model is that creating user thread requires the corresponding Kernel thread. OS/2,
windows NT and windows 2000 use one to one relationship model.

Difference between User-Level & Kernel-Level Thread

S.N. User-Level Threads Kernel-Level Thread

1 User-level threads are faster to create and Kernel-level threads are slower to
manage. create and manage.

28
2 Implementation is by a thread library at the user Operating system supports creation of
level. Kernel threads.

3 User-level thread is generic and can run on any Kernel-level thread is specific to the
operating system. operating system.

4 Multi-threaded applications cannot take Kernel routines themselves can be

advantage of multiprocessing. multithreaded.

Issues in Process Management

The implementation of a multiprogramming system introduces four classes of problems which are
the result of interaction among processes. These are:
1. Mutual Exclusion (MEx): MEx arises from the desire of individual processes to utilize
system resources in a conflicting manner. Some resources such as system modules, are
reentrant and can be shared simultanceously among several processes. Others are serially
reusable such as line printer, and must be shared sequentially.
MEX involves the locking out of processes from critical sections of code that aftect the
integrity and structure of the system. An example is updating of the scheduling queue
concurrently with the dispatching of a new process.
2. Synchronization(S):- Synchronization involves the signalling between two or more
processes, using a mutually agreed upon protocol of the activities of the other. The signal is
an event that causes the receiving process to take the appropriate action. This is applicable
in multiprocessing systems, where many processes depend on other processes for the
provision of services.
3. Deadlock (D): The competition for resources among processes may result in a condition
known as Deadlock, where two processes may not continue in execution unitil the other
one continues.
Deadlock arises because the number of units of a given resource is less than the number of
processes requesting specified amounts of the resource. A system deadlock occurs when all
processes in the system are incapable of further progress in execution. The simplest
example occurs where two processes each hold a resource required by the other process
and are unwilling to relinquish the resource they own (See figure 11a.)

29
Deadlock Situation
Deadlock is one area where there is a strong theory, but it is almost completely ignored in practice.
Reason: solutions are expensive and/or require predicting the future.
Deadlock defined: Deadlock may be defined as a situation where in each of a collection of processes
is waiting for something from other processes in the collection. Since all are waiting, none can provide
any of the things being waited for.
Deadlock can occur over separate resources, as in above example, or even over separate copies of a
single resource. In general, there are four (4) conditions for deadlock:
(i) Limited access: resources cannot be shared.
(ii) No preemption. Once given, a resource cannot be taken away.
(iii) Multiple independent requests: processes do not ask for resources all at once.
(iv) There is a circularity in the graph of who has what and who wants what. Draw graph showing
processes as circles, resources as squares, arrows from process to resource waited for, from
resource to owning process.

Graph showing Deadlock

Solutions to the deadlock problem fall into two general categories:
 Detection: determine when the system is deadlocked and then take drastic action. Requires
termination of one or more processes in order to release their resources. Usually this is not
practical.
 Prevention: organize the system so that it is impossible for deadlock ever to occur. May lead
to less efficient resource utilization in order to guarantee no deadlocks.
Deadlock prevention: must find a way to eliminate one of the four necessary conditions for deadlock:
4. Interprocees communication (IPC): In a multiprocessing system, processes must be able
to exchange data in order to cooperate on common tasks. The simplest situation involves
two processes: P1 and P2. P1 produces and sends a sequence of data, called a message to
P2. P2 in turn receives and consumes the messages.
IPC mechanisms can be classified into two types: Shared variables and messages.
The shared variable approach uses semaphores and events. Dijkstra (1960) desscribed
semaphores as non-negative integer variables.
Two operations are defined for semaphores: {P, V}
P : Decrement the semaphore by one, if possible. If the semaphore is zero, it cannot be
decremented and the process invoking the operation waits until it is possible to decrement
the semaphore.
V: Increment the semaphore by one in a single instruction that prevents the semaphore
from being accessed by any other process except the one executing the operation.
The semaphore can serve two functions in producer/consumer situations. First, it may serve
as a resource counter tracking the production and consumption of resurces.

30
 Second, it may be a synchronizer coordinating between the production and consumption of
resources.

6.0 Memory Management System

Memory management is the functionality of an operating system which handles or manages primary
memory and moves processes back and forth between main memory and disk during execution.
Memory management keeps track of each and every memory location, regardless of either it is
allocated to some process or it is free. It checks how much memory is to be allocated to processes. It
decides which process will get memory at what time. It tracks whenever some memory gets freed or
unallocated and correspondingly it updates the status.
Process Address Space
The process address space is the set of logical addresses that a process references in its code. For
example, when 32-bit addressing is in use, addresses can range from 0 to 0x7fffffff; that is, 2^31
possible numbers, for a total theoretical size of 2 gigabytes.
The operating system takes care of mapping the logical addresses to physical addresses at the time of
memory allocation to the program. There are three types of addresses used in a program before and
after memory is allocated:
S.N. Memory Addresses & Description

1 Symbolic addresses
The addresses used in a source code. The variable names, constants, and instruction labels
are the basic elements of the symbolic address space.

2 Relative addresses
At the time of compilation, a compiler converts symbolic addresses into relative addresses.

3 Physical addresses
The loader generates these addresses at the time when a program is loaded into main
memory.
Virtual and physical addresses are the same in compile-time and load-time address-binding schemes.
Virtual and physical addresses differ in execution-time address-binding scheme.
The set of all logical addresses generated by a program is referred to as a logical address space. The
set of all physical addresses corresponding to these logical addresses is referred to as a physical
address space.
The runtime mapping from virtual to physical address is done by the memory management unit
(MMU) which is a hardware device. MMU uses following mechanism to convert virtual address to
physical address.
 The value in the base register is added to every address generated by a user process, which is
treated as offset at the time it is sent to memory. For example, if the base register value is
10000, then an attempt by the user to use address location 100 will be dynamically reallocated
to location 10100.
 The user program deals with virtual addresses; it never sees the real physical addresses.
Static vs Dynamic Loading
The choice between Static or Dynamic Loading is to be made at the time of computer program being
developed. If you have to load your program statically, then at the time of compilation, the complete
programs will be compiled and linked without leaving any external program or module dependency.
The linker combines the object program with other necessary object modules into an absolute
program, which also includes logical addresses.

31
If you are writing a Dynamically loaded program, then your compiler will compile the program and
for all the modules which you want to include dynamically, only references will be provided and rest
of the work will be done at the time of execution.
At the time of loading, with static loading, the absolute program (and data) is loaded into memory in
order for execution to start.
If you are using dynamic loading, dynamic routines of the library are stored on a disk in relocatable
form and are loaded into memory only when they are needed by the program.

Static vs Dynamic Linking

As explained above, when static linking is used, the linker combines all other modules needed by a
program into a single executable program to avoid any runtime dependency.
When dynamic linking is used, it is not required to link the actual module or library with the program,
rather a reference to the dynamic module is provided at the time of compilation and linking. Dynamic
Link Libraries (DLL) in Windows and Shared Objects in Unix are good examples of dynamic
libraries.
Swapping
Swapping is a mechanism in which a process can be swapped temporarily out of main memory (or
move) to secondary storage (disk) and make that memory available to other processes. At some later
time, the system swaps back the process from the secondary storage to main memory.
Though performance is usually affected by swapping process but it helps in running multiple and big
processes in parallel and that's the reason Swapping is also known as a technique for memory
compaction.

The total time taken by swapping process includes the time it takes to move the entire process to a
secondary disk and then to copy the process back to memory, as well as the time the process takes to
regain main memory.
Let us assume that the user process is of size 2048KB and on a standard hard disk where swapping
will take place has a data transfer rate around 1 MB per second. The actual transfer of the 1000K
process to or from memory will take
2048KB / 1024KB per second
= 2 seconds
= 2000 milliseconds
Now considering in and out time, it will take complete 4000 milliseconds plus other overhead where
the process competes to regain main memory.

32
Memory Allocation
Main memory usually has two partitions:
 Low Memory − Operating system resides in this memory.
 High Memory − User processes are held in high memory.
Operating system uses the following memory allocation mechanism.
S.N. Memory Allocation & Description

1 Single-partition allocation
In this type of allocation, relocation-register scheme is used to protect user processes from
each other, and from changing operating-system code and data. Relocation register
contains value of smallest physical address whereas limit register contains range of logical
addresses. Each logical address must be less than the limit register.

2 Multiple-partition allocation
In this type of allocation, main memory is divided into a number of fixed-sized partitions
where each partition should contain only one process. When a partition is free, a process is
selected from the input queue and is loaded into the free partition. When the process
terminates, the partition becomes available for another process.

Fragmentation
As processes are loaded and removed from memory, the free memory space is broken into little pieces.
It happens after sometimes that processes cannot be allocated to memory blocks considering their
small size and memory blocks remains unused. This problem is known as Fragmentation.
Fragmentation is of two types:
S.N. Fragmentation & Description

1 External fragmentation
Total memory space is enough to satisfy a request or to reside a process in it, but it is not
contiguous, so it cannot be used.

2 Internal fragmentation
Memory block assigned to process is bigger. Some portion of memory is left unused, as it
cannot be used by another process.
The following diagram shows how fragmentation can cause waste of memory and a compaction
technique can be used to create more free memory out of fragmented memory −

33
External fragmentation can be reduced by compaction or shuffle memory contents to place all free
memory together in one large block. To make compaction feasible, relocation should be dynamic.
The internal fragmentation can be reduced by effectively assigning the smallest partition but large
enough for the process.

Paging
A computer can address more memory than the amount physically installed on the system. This extra
memory is actually called virtual memory and it is a section of a hard that's set up to emulate the
computer's RAM. Paging technique plays an important role in implementing virtual memory.
Paging is a memory management technique in which process address space is broken into blocks of
the same size called pages (size is power of 2, between 512 bytes and 8192 bytes). The size of the
process is measured in the number of pages.
Similarly, main memory is divided into small fixed-sized blocks of (physical) memory
called frames and the size of a frame is kept the same as that of a page to have optimum utilization of
the main memory and to avoid external fragmentation.

Address Translation
Page address is called logical address and represented by page number and the offset.
Logical Address = Page number + page offset
Frame address is called physical address and represented by a frame number and the offset.
Physical Address = Frame number + page offset
A data structure called page map table is used to keep track of the relation between a page of a
process to a frame in physical memory.

34
When the system allocates a frame to any page, it translates this logical address into a physical address
and create entry into the page table to be used throughout execution of the program.
When a process is to be executed, its corresponding pages are loaded into any available memory
frames. Suppose you have a program of 8Kb but your memory can accommodate only 5Kb at a given
point in time, then the paging concept will come into picture. When a computer runs out of RAM, the
operating system (OS) will move idle or unwanted pages of memory to secondary memory to free up
RAM for other processes and brings them back when needed by the program.
This process continues during the whole execution of the program where the OS keeps removing idle
pages from the main memory and write them onto the secondary memory and bring them back when
required by the program.

Solved example:
i) Assume the page table pointer contains 4096 and the page number is 128. What is the starting
address of the block which specifies the information for page #128? Suppose the page is already in
memory and has a starting address of 65,536. What is the physical address given the word number is
32? How many pages of 2048 bytes each can we accommodate in a 256 KB memory bank?
Solution:
The sought address within the page table is 4096 +128 = 4224.
The Physical address corresponding to the given page number #128 is 65536 + 32 =65,568.
The bank in question can accommodate a total of 256/2 =128 pages.

Advantages and Disadvantages of Paging

Here is a list of advantages and disadvantages of paging:
 Paging reduces external fragmentation, but still suffer from internal fragmentation.
 Paging is simple to implement and assumed as an efficient memory management technique.
 Due to equal size of the pages and frames, swapping becomes very easy.
 Page table requires extra memory space, so may not be good for a system having small RAM.

Segmentation
Segmentation is a memory management technique in which each job is divided into several segments
of different sizes, one for each module that contains pieces that perform related functions. Each
segment is actually a different logical address space of the program.
When a process is to be executed, its corresponding segmentation are loaded into non-contiguous
memory though every segment is loaded into a contiguous block of available memory.
Segmentation memory management works very similar to paging but here segments are of variable-
length where as in paging pages are of fixed size.

35
A program segment contains the program's main function, utility functions, data structures, and so on.
The operating system maintains a segment map table for every process and a list of free memory
blocks along with segment numbers, their size and corresponding memory locations in main memory.
For each segment, the table stores the starting address of the segment and the length of the segment. A
reference to a memory location includes a value that identifies a segment and an offset.

Combined Paging and Segmentation

Both segmented and paged implementations have their respective advantages and disadvantages, and
neither is superior to the other over all characteristics. Some computer systems combine the two
approaches in order to enjoy the benefits of both. One popular approach is to use segmentation from
the user’s point of view but to divide each segment into pages of fixed size for purposes of allocation.
In this way, the combined system retains most of the advantages of segmentation. The principle of
address translation in combined segmentation and paging systems is illustrated below.

Segment Page Offset

Number No

+ To Memory
Segment size Illegal Access
violation
No No

Yes AUTHORIZED Yes

 LIMIT
ACCESS

Segment X
+
SDTLR
Segment Descriptor Table

Page Map Table

Yes for Segment X
 SDTLR +
x

No
  
Non-existent Base Size Access
Segment Rights 36
exception
Figure: Segmentation and Paging

SDTLR – Segment descriptor Table Limit Register

As shown, both segment descriptor tables and page-map tables are required for mapping. Instead of
containing the base and limit of the corresponding segment, each entry of the SDT contains the base
address and size of the page-map table to be used for mapping of the related segment’s pages. The
presence bit in each PMT entry indicates whether the corresponding page is in the real memory or not.

Access rights are usually recorded as a part of segment descriptors. Each virtual address in a
combined system basically consists of three fields: the segment number, the page number and the
offset within the page. When a virtual address is presented to the mapping hardware, the segment
number is used to locate the corresponding page-map table. Provided that the issuing process is
authorized to make the intended type of reference to the target segment, the page number is used to
index the PMT as usual.

Virtual Memory System

A computer can address more memory than the amount physically installed on the system. This extra
memory is actually called virtual memory and it is a section of a hard disk that's set up to emulate the
computer's RAM.
The main visible advantage of this scheme is that programs can be larger than physical memory.
Virtual memory serves two purposes. First, it allows us to extend the use of physical memory by using
disk. Second, it allows us to have memory protection, because each virtual address is translated to a
physical address.
Following are the situations, when entire program is not required to be loaded fully in main memory.
 User written error handling routines are used only when an error occurred in the data or
computation.
 Certain options and features of a program may be used rarely.
 Many tables are assigned a fixed amount of address space even though only a small amount of
the table is actually used.
 The ability to execute a program that is only partially in memory would counter many benefits.
 Less number of I/O would be needed to load or swap each user program into memory.
 A program would no longer be constrained by the amount of physical memory that is available.
 Each user program could take less physical memory, more programs could be run the same
time, with a corresponding increase in CPU utilization and throughput.
Modern microprocessors intended for general-purpose use, a memory management unit, or MMU, is
built into the hardware. The MMU's job is to translate virtual addresses into physical addresses. A
basic example is given below −

37
Virtual memory is commonly implemented by demand paging. It can also be implemented in a
segmentation system. Demand segmentation can also be used to provide virtual memory.

Demand Paging
A demand paging system is quite similar to a paging system with swapping where processes reside in
secondary memory and pages are loaded only on demand, not in advance. When a context switch
occurs, the operating system does not copy any of the old program’s pages out to the disk or any of the
new program’s pages into the main memory Instead, it just begins executing the new program after
loading the first page and fetches that program’s pages as they are referenced.

38
While executing a program, if the program references a page which is not available in the main
memory because it was swapped out a little ago, the processor treats this invalid memory reference as
a page fault and transfers control from the program to the operating system to demand the page back
into the memory.
Advantages
Following are the advantages of Demand Paging −
 Large virtual memory.
 More efficient use of memory.
 There is no limit on degree of multiprogramming.
Disadvantages
 Number of tables and the amount of processor overhead for handling page interrupts are
greater than in the case of the simple paged management techniques.

Page Replacement Algorithm

Page replacement algorithms are the techniques by which an Operating System decides which memory
pages to swap out, write to disk when a page of memory needs to be allocated. Paging happens
whenever a page fault occurs and a free page cannot be used for allocation purpose accounting to
reason that pages are not available or the number of free pages is lower than required pages.
When the page that was selected for replacement and was paged out, is referenced again, it has to read
in from disk, and this requires for I/O completion. This process determines the quality of the page
replacement algorithm: the lesser the time waiting for page-ins, the better is the algorithm.
A page replacement algorithm looks at the limited information about accessing the pages provided by
hardware, and tries to select which pages should be replaced to minimize the total number of page
misses, while balancing it with the costs of primary storage and processor time of the algorithm itself.
There are many different page replacement algorithms. We evaluate an algorithm by running it on a
particular string of memory reference and computing the number of page faults,

39
Reference String
The string of memory references is called reference string. Reference strings are generated artificially
or by tracing a given system and recording the address of each memory reference. The latter choice
produces a large number of data, where we note two things.
 For a given page size, we need to consider only the page number, not the entire address.
 If we have a reference to a page p, then any immediately following references to page p will
never cause a page fault. Page p will be in memory after the first reference; the immediately
following references will not fault.
 For example, consider the following sequence of addresses: 123,215,600,1234,76,96
 If page size is 100, then the reference string is 1,2,6,12,0,0
First In First Out (FIFO) algorithm
 Oldest page in main memory is the one which will be selected for replacement.
 Easy to implement, keep a list, replace pages from the tail and add new pages at the head.

What is a Page Fault? A page fault happens when a running program accesses a memory page that
is mapped into the virtual address space but not loaded in physical memory. Since actual physical
memory is much smaller than virtual memory, page faults happen. In case of a page fault, Operating
System might have to replace one of the existing pages with the newly needed page. Different page
replacement algorithms suggest different ways to decide which page to replace. The target for all
algorithms is to reduce the number of page faults.
Note that: Pages Not Found = Page_ Fault (or Miss), while Pages Found = Page_ Hit

Page Replacement Algorithms:

1. First In First Out (FIFO): This is the simplest page replacement algorithm. In this algorithm,
the operating system keeps track of all pages in the memory in a queue, the oldest page is in the
front of the queue. When a page needs to be replaced page in the front of the queue is selected for
removal.
Example 1: Consider page reference string 1, 3, 0, 3, 5, 6, 3 with 3 page frames.Find the number of
page faults.

40
Initially, all slots are empty, so when 1, 3, 0 came they are allocated to the empty slots —> 3 Page
Faults. (This is called page Miss).
When 3 comes, it is already in memory so —> 0 Page Faults (this is called page Hit). Then 5
comes, it is not available in memory so it replaces the oldest page slot i.e 1. —>1 Page Fault. When
6 comes, it is also not available in memory so it replaces the oldest page slot i.e 3 —>1 Page
Fault. Finally, when 3 come it is not available so it replaces the oldest 0 —> 1 page fault.
Giving a total page fault =6.

Optimal Page algorithm

 An optimal page-replacement algorithm has the lowest page-fault rate of all algorithms. An
optimal page-replacement algorithm exists, and has been called OPT or MIN.
 Replace the page that will not be used for the longest period of time. Use the time when a page
is to be used.

41
Least Recently Used (LRU) algorithm
 Page which has not been used for the longest time in main memory is the one which will be
selected for replacement.
 Easy to implement, keep a list, replace pages by looking back into time.

Page Buffering algorithm

 To get a process start quickly, keep a pool of free frames.
 On page fault, select a page to be replaced.
 Write the new page in the frame of free pool, mark the page table and restart the process.
 Now write the dirty page out of disk and place the frame holding replaced page in free pool.
Least frequently Used (LFU) algorithm
 The page with the smallest count is the one which will be selected for replacement.
 This algorithm suffers from the situation in which a page is used heavily during the initial
phase of a process, but then is never used again.
Most frequently Used (MFU) algorithm
 This algorithm is based on the argument that the page with the smallest count was probably
just brought in and has yet to be used.
Memory extension
The physical address space on any computer system is directly limited by the number of address bits
in an instruction. The physical address space may be extended by the MMU by providing additional
address bits. Each memory address generated by the CPU passes through the MMU before arriving at
the memory controller. The MMU attaches additional address bits which were previously specified by
the OS. This expanded (or effective) address is passed to the memory controller, which retrieves the
indicated word. In a PC, the physical address space is referred to as real memory and the logical
address space is often referred to as virtual memory. When real memory is extended by hardware, the
relationship between real and virtual memory can be changed in a significant manner. These
relationships are shown below:
Physical (Real) Address space (R)
Logical (Virtual) address space (v)

Normal Extended
V<R V<R
V=R V=R
V’> R* V>R
(V=R)
42
*Simulation of V > R; the instantaneous relationship is V = R at any instant.

The logical address space can be extended without hardware assistance by stimulating a larger
memory through a technique known as overlaying.
Overlaying involves the replacement of a piece of the user’s program by another piece-the overlay.
Both program pieces share the same set of logical addresses. However, only one piece is assigned at
any time during program execution. Overlaying is a method used to overcome main memory
limitations. Overlaying allows a process to execute despite the system having insufficient physical
memory. The programmer defines two or more overlay segments within the program such that no two
overlay segments need be in memory at the same time. The OS would then manage swapping overlay
segments, reducing the amount of physical memory required by the program. A major disadvantage of
overlaying is the extensive programmer involvement in the process.

Dynamic Memory Allocation

Within the OS, a free pool of memory is usually set aside to accommodate the temporary needs of
various system processes. This memory pool supports temporary system buffers, queue entries, and
blocks for processes. As the OS usually operates in an unmapped mode (i.e., with the MMU disabled),
this memory pool represents a contiguous segment that needs to be dynamically allocated to various
requestors.
Many algorithms have been proposed for dynamic memory allocation. These are:
1. Best fit placement: This algorithm first searches the entire list of free partitions and considers
the smallest hole that is adequate. The best fit deal with allocating the smallest free partition which
meets the requirement of the requesting process. It then tries to find a hole which is close to actual
process size needed. Whenever, a request is presented to the memory manager, it searches the list for
the hole yielding the smallest DELTA as computed by:
HOLE_SIZE – NEEDED_SIZE → DELTA

Where, DELTA is the space remaining beyond the requested size.

Advantage: Memory utilization is much better as it searches the smallest free partition first available.
Disadvantage: It is slower and may even tend to fill up memory with tiny useless holes.

2. First-fit placement: This algorithm searches for the first hole or partition larger enough which
can accommodate the process. It finishes after finding the first suitable free partition. Holes are
maintained in the list by increasing address. The hole-list is searched for the first hole such that:
HOLE-SIZE >= NEEDED _SIZE

Advantage: Fastest algorithm because it searches as little as possible.

Disadvantage: The remaining unused memory areas left after allocation become waste if it is too
smaller. Thus request for larger memory requirement cannot be accomplished.

3. Buddy system: The buddy system uses a power-of-2 algorithm to maintain its hole -lists. In
buddy system, sizes of free blocks are in form of power of 2. For example, 2, 4, 8, 16, 32, 64, etc. Up
to the size of memory. When a free block of size 2K is requested, a free block from the list of free
blocks of size 2K is allocated. If no free block of size 2K is available, the block of next larger size,
2K+1 is split in two halves called buddies to satisfy the request.
Example: Let total memory size be 512KB and let a process P1, requires 70KB to be swapped in. As
the hole lists are only for powers of 2, 128KB will be big enough. If no 128KB is there, nor are blocks
of 256KB, a block of 512KB will be split into two halves giving 256KB each, one of them is further
split into two 128KB blocks and one of the 128KB is allocated to the process.
Advantage: Buddy system is faster.

43
Disadvantage: It is often become inefficient in terms of memory utilization as all request must be
rounded up to a power of 2.
4. Worst-Fit: In situations where best-fit finds a perfect match, the hole that remains is virtually
useless because it is so small. To prevent the creation of these useless holes, worst fit works the
opposite of best fit; it always picks the largest remaining hole.
Swapping: Swapping may be used to increase the number of processes sharing the CPU. In addition
to the processes stored in the main memory, one or more processes may be temporarily copied out of
memory to a backing store. As space becomes available in main memory, swapped-out processes may
be returned to memory. To execute on the CPU, a process must be in main memory. Decisions on
which process to swap out and which process to swap in are made by the OS’s process scheduler.

7.0 I/O Hardware

One of the important jobs of an Operating System is to manage various I/O devices including mouse,
keyboards, touch pad, disk drives, display adapters, USB devices, Bit-mapped screen, LED, Analog-
to-digital converter, On/off switch, network connections, audio I/O, printers etc.
An I/O system is required to take an application I/O request and send it to the physical device, then
take whatever response comes back from the device and send it to the application. I/O devices can be
divided into two categories −
 Block devices − A block device is one with which the driver communicates by sending entire
blocks of data. For example, Hard disks, USB cameras, Disk-On-Key etc.
 Character devices − A character device is one with which the driver communicates by
sending and receiving single characters (bytes, octets). For example, serial ports, parallel ports,
sounds cards etc

Device Controllers
Device drivers are software modules that can be plugged into an OS to handle a particular device.
Operating System takes help from device drivers to handle all I/O devices.
The Device Controller works like an interface between a device and a device driver. I/O units
(Keyboard, mouse, printer, etc.) typically consist of a mechanical component and an electronic
component where electronic component is called the device controller.
There is always a device controller and a device driver for each device to communicate with the
Operating Systems. A device controller may be able to handle multiple devices. As an interface its
main task is to convert serial bit stream to block of bytes, perform error correction as necessary.
Any device connected to the computer is connected by a plug and socket, and the socket is connected
to a device controller. Following is a model for connecting the CPU, memory, controllers, and I/O
devices where CPU and device controllers all use a common bus for communication.

Synchronous vs asynchronous I/O

 Synchronous I/O − In this scheme CPU execution waits while I/O proceeds
 Asynchronous I/O − I/O proceeds concurrently with CPU execution

44
Communication to I/O Devices
The CPU must have a way to pass information to and from an I/O device. There are three approaches
available to communicate with the CPU and Device.
 Special Instruction I/O
 Memory-mapped I/O
 Direct memory access (DMA)
Special Instruction I/O
This uses CPU instructions that are specifically made for controlling I/O devices. These instructions
typically allow data to be sent to an I/O device or read from an I/O device.
Memory-mapped I/O
When using memory-mapped I/O, the same address space is shared by memory and I/O devices. The
device is connected directly to certain main memory locations so that I/O device can transfer block of
data to/from memory without going through CPU.

While using memory mapped IO, OS allocates buffer in memory and informs I/O device to use that
buffer to send data to the CPU. I/O device operates asynchronously with CPU, interrupts CPU when
finished.
The advantage to this method is that every instruction which can access memory can be used to
manipulate an I/O device. Memory mapped IO is used for most high-speed I/O devices like disks,
communication interfaces.
Direct Memory Access (DMA)
Slow devices like keyboards will generate an interrupt to the main CPU after each byte is transferred.
If a fast device such as a disk generated an interrupt for each byte, the operating system would spend
most of its time handling these interrupts. So a typical computer uses direct memory access (DMA)
hardware to reduce this overhead.
Direct Memory Access (DMA) means CPU grants I/O module authority to read from or write to
memory without involvement. DMA module itself controls exchange of data between main memory
and the I/O device. CPU is only involved at the beginning and end of the transfer and interrupted only
after entire block has been transferred.
Direct Memory Access needs a special hardware called DMA controller (DMAC) that manages the
data transfers and arbitrates access to the system bus. The controllers are programmed with source and
destination pointers (where to read/write the data), counters to track the number of transferred bytes,
and settings, which includes I/O and memory types, interrupts and states for the CPU cycles.

45
The operating system uses the DMA hardware as follows:
Step Description

1 Device driver is instructed to transfer disk data to a buffer address X.

2 Device driver then instruct disk controller to transfer data to buffer.

3 Disk controller starts DMA transfer.

4 Disk controller sends each byte to DMA controller.

5 DMA controller transfers bytes to buffer, increases the memory address, decreases the
counter C until C becomes zero.

6 When C becomes zero, DMA interrupts CPU to signal transfer completion.

Polling vs Interrupts I/O
A computer must have a way of detecting the arrival of any type of input. There are two ways that this
can happen, known as polling and interrupts. Both of these techniques allow the processor to deal
with events that can happen at any time and that are not related to the process it is currently running.
Polling I/O
Polling is the simplest way for an I/O device to communicate with the processor. The process of
periodically checking status of the device to see if it is time for the next I/O operation, is called
polling. The I/O device simply puts the information in a Status register, and the processor must come
and get the information.
Most of the time, devices will not require attention and when one does it will have to wait until it is
next interrogated by the polling program. This is an inefficient method and much of the processors
time is wasted on unnecessary polls.
Compare this method to a teacher continually asking every student in a class, one after another, if they
need help. Obviously the more efficient method would be for a student to inform the teacher whenever
they require assistance.

46
Interrupts I/O
An alternative scheme for dealing with I/O is the interrupt-driven method. An interrupt is a signal to
the microprocessor from a device that requires attention.
A device controller puts an interrupt signal on the bus when it needs CPU’s attention when CPU
receives an interrupt, It saves its current state and invokes the appropriate interrupt handler using the
interrupt vector (addresses of OS routines to handle various events). When the interrupting device has
been dealt with, the CPU continues with its original task as if it had never been interrupted.
Operating System - I/O Software
I/O software is often organized in the following layers:
 User Level Libraries − This provides simple interface to the user program to perform input
and output. For example, stdio is a library provided by C and C++ programming languages.
 Kernel Level Modules − This provides device driver to interact with the device controller and
device independent I/O modules used by the device drivers.
 Hardware − This layer includes actual hardware and hardware controller which interact with
the device drivers and makes hardware alive.
A key concept in the design of I/O software is that it should be device independent where it should be
possible to write programs that can access any I/O device without having to specify the device in
advance. For example, a program that reads a file as input should be able to read a file on a floppy
disk, on a hard disk, or on a CD-ROM, without having to modify the program for each different
device.

Device Drivers
Device drivers are software modules that can be plugged into an OS to handle a particular device.
Operating System takes help from device drivers to handle all I/O devices. Device drivers encapsulate
device-dependent code and implement a standard interface in such a way that code contains device-
specific register reads/writes. Device driver, is generally written by the device's manufacturer and
delivered along with the device on a CD-ROM.
A device driver performs the following jobs:
 To accept request from the device independent software above to it.
 Interact with the device controller to take and give I/O and perform required error handling
 Making sure that the request is executed successfully
How a device driver handles a request is as follows:
Suppose a request comes to read a block N. If the driver is idle at the time a request arrives, it starts
carrying out the request immediately. Otherwise, if the driver is already busy with some other request,
it places the new request in the queue of pending requests.
Interrupt handlers
An interrupt handler, also known as an interrupt service routine or ISR, is a piece of software or more
specifically a callback function in an operating system or more specifically in a device driver, whose
execution is triggered by the reception of an interrupt.
When the interrupt happens, the interrupt procedure does whatever it has to in order to handle the
interrupt, updates data structures and wakes up process that was waiting for an interrupt to happen.
47
The interrupt mechanism accepts an address, which is a number that selects a specific interrupt
handling routine/function from a small set. In most architectures, this address is an offset stored in a
table called the interrupt vector table. This vector contains the memory addresses of specialized
interrupt handlers.
Device-Independent I/O Software
The basic function of the device-independent software is to perform the I/O functions that are common
to all devices and to provide a uniform interface to the user-level software. Though it is difficult to
write completely device independent software but we can write some modules which are common
among all the devices. Following is a list of functions of device-independent I/O Software −
 Uniform interfacing for device drivers
 Device naming - Mnemonic names mapped to Major and Minor device numbers
 Device protection
 Providing a device-independent block size
 Buffering because data coming off a device cannot be stored in final destination.
 Storage allocation on block devices
 Allocation and releasing dedicated devices
 Error Reporting
User-Space I/O Software
These are the libraries which provide richer and simplified interface to access the functionality of the
kernel or ultimately interactive with the device drivers. Most of the user-level I/O software consists of
library procedures with some exception like spooling system which is a way of dealing with dedicated
I/O devices in a multiprogramming system.
I/O Libraries (e.g., stdio) are in user-space to provide an interface to the OS resident device-
independent I/O SW. For example putchar(), getchar(), printf() and scanf() are example of user level
I/O library stdio available in C programming.
Kernel I/O Subsystem
Kernel I/O Subsystem is responsible to provide many services related to I/O. Following are some of
the services provided.
 Scheduling − Kernel schedules a set of I/O requests to determine a good order in which to
execute them. When an application issues a blocking I/O system call, the request is placed on
the queue for that device. The Kernel I/O scheduler rearranges the order of the queue to
improve the overall system efficiency and the average response time experienced by the
applications.
 Buffering − Kernel I/O Subsystem maintains a memory area known as buffer that stores data
while they are transferred between two devices or between a device with an application
operation. Buffering is done to cope with a speed mismatch between the producer and
consumer of a data stream or to adapt between devices that have different data transfer sizes.
 Caching − Kernel maintains cache memory which is region of fast memory that holds copies
of data. Access to the cached copy is more efficient than access to the original.
 Spooling and Device Reservation − A spool is a buffer that holds output for a device, such as
a printer, that cannot accept interleaved data streams. The spooling system copies the queued
spool files to the printer one at a time. In some operating systems, spooling is managed by a
system daemon process. In other operating systems, it is handled by an in kernel thread.
 Error Handling − An operating system that uses protected memory can guard against many
kinds of hardware and application errors.

8.0 OS File Systems

What is a File?
A file is a named collection of related information that is recorded on secondary storage such as
magnetic disks, magnetic tapes and optical disks. In general, a file is a sequence of bits, bytes, lines or
records whose meaning is defined by the files creator and user.
48
File Structure
A File Structure should be according to a required format that the operating system can understand.
 A file has a certain defined structure according to its type.
 A text file is a sequence of characters organized into lines.
 A source file is a sequence of procedures and functions.
 An object file is a sequence of bytes organized into blocks that are understandable by the
machine.
 When operating system defines different file structures, it also contains the code to support
these file structure. Unix, MS-DOS support minimum number of file structure.
File Type
File type refers to the ability of the operating system to distinguish different types of file such as text
files source files and binary files etc. Many operating systems support many types of files. Operating
system like MS-DOS and UNIX have the following types of files −
Ordinary files
 These are the files that contain user information.
 These may have text, databases or executable program.
 The user can apply various operations on such files like add, modify, delete or even remove the
entire file.
Directory files
 These files contain list of file names and other information related to these files.
Special files
 These files are also known as device files.
 These files represent physical device like disks, terminals, printers, networks, tape drive etc.
These files are of two types −
 Character special files − data is handled character by character as in case of terminals or
printers.
 Block special files − data is handled in blocks as in the case of disks and tapes.
File Access Mechanisms
File access mechanism refers to the manner in which the records of a file may be accessed. There are
several ways to access files −
 Sequential access
 Direct/Random access
 Indexed sequential access
Sequential access
A sequential access is that in which the records are accessed in some sequence, i.e., the information in
the file is processed in order, one record after the other. This access method is the most primitive one.
Example: Compilers usually access files in this fashion.
Direct/Random access
 Random access file organization provides, accessing the records directly.
 Each record has its own address on the file with by the help of which it can be directly
accessed for reading or writing.
 The records need not be in any sequence within the file and they need not be in adjacent
locations on the storage medium.
Indexed sequential access
 This mechanism is built up on base of sequential access.
 An index is created for each file which contains pointers to various blocks.
 Index is searched sequentially and its pointer is used to access the file directly.
Space Allocation
Files are allocated disk spaces by operating system. Operating systems deploy following three main
ways to allocate disk space to files.
49
  Contiguous Allocation
 Linked Allocation
 Indexed Allocation
Contiguous Allocation
 Each file occupies a contiguous address space on disk.
 Assigned disk address is in linear order.
 Easy to implement.
 External fragmentation is a major issue with this type of allocation technique.
Linked Allocation
 Each file carries a list of links to disk blocks.
 Directory contains link / pointer to first block of a file.
 No external fragmentation
 Effectively used in sequential access file.
 Inefficient in case of direct access file.
Indexed Allocation
 Provides solutions to problems of contiguous and linked allocation.
 A index block is created having all pointers to files.
 Each file has its own index block which stores the addresses of disk space occupied by the file.
 Directory contains the addresses of index blocks of files.

9.0 OS Security
Security refers to providing a protection system to computer system resources such as CPU, memory,
disk, software programs and most importantly data/information stored in the computer system. If a
computer program is run by an unauthorized user, then he/she may cause severe damage to computer
or data stored in it. So a computer system must be protected against unauthorized access, malicious
access to system memory, viruses, worms etc. We're going to discuss the following topics in this
chapter.
 Authentication
 One Time passwords
 Program Threats
 System Threats
 Computer Security Classifications
Authentication
Authentication refers to identifying each user of the system and associating the executing programs
with those users. It is the responsibility of the Operating System to create a protection system which
ensures that a user who is running a particular program is authentic. Operating Systems generally
identifies/authenticates users using following three ways:
 Username/Password − User need to enter a registered username and password with Operating
system to login into the system.
 User card/key − User need to punch card in card slot, or enter key generated by key generator
in option provided by operating system to login into the system.
 User attribute - fingerprint/ eye retina pattern/ signature − User need to pass his/her
attribute via designated input device used by operating system to login into the system.
One Time passwords
One-time passwords (OTPs) provide additional security along with normal authentication. In One-
Time Password system, a unique password is required every time a user tries to login into the system.
Once a one-time password is used, then it cannot be used again. One-time password are implemented
in various ways.
 Random numbers − Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets randomly
chosen.
50
  Secret key − User are provided a hardware device which can create a secret id mapped with
user id. System asks for such secret id which is to be generated every time prior to login.
 Network password − Some commercial applications send one-time passwords to user on
registered mobile/ email which is required to be entered prior to login.
Program Threats
Operating system's processes and kernel do the designated task as instructed. If a user program made
these process do malicious tasks, then it is known as Program Threats. One of the common example
of program threat is a program installed in a computer which can store and send user credentials via
network to some hacker. Following is the list of some well-known program threats.
 Trojan Horse − Such program traps user login credentials and stores them to send to
malicious user who can later on login to computer and can access system resources.
 Trap Door − If a program which is designed to work as required, have a security hole in its
code and perform illegal action without knowledge of user then it is called to have a trap door.
 Logic Bomb − Logic bomb is a situation when a program misbehaves only when certain
conditions met otherwise it works as a genuine program. It is harder to detect.
 Virus − Virus as name suggest can replicate themselves on computer system. They are highly
dangerous and can modify/delete user files, crash systems. A virus is generatlly a small code
embedded in a program. As user accesses the program, the virus starts getting embedded in
other files/ programs and can make system unusable for user
System Threats
System threats refers to misuse of system services and network connections to put user in trouble.
System threats can be used to launch program threats on a complete network called as program attack.
System threats creates such an environment that operating system resources/ user files are misused.
Following is the list of some well-known system threats.
 Worm − Worm is a process which can choked down a system performance by using system
resources to extreme levels. A Worm process generates its multiple copies where each copy
uses system resources, prevents all other processes to get required resources. Worms processes
can even shut down an entire network.
 Port Scanning − Port scanning is a mechanism or means by which a hacker can detects system
vulnerabilities to make an attack on the system.
 Denial of Service − Denial of service attacks normally prevents user to make legitimate use of
the system. For example, a user may not be able to use internet if denial of service attacks
browser's content settings.

Computer Security Classifications

As per the U.S. Department of Defense Trusted Computer System's Evaluation Criteria there are four
security classifications in computer systems: A, B, C, and D. These are widely used specifications to
determine and model the security of systems and of security solutions. Following is the brief
description of each classification.
S.N. Classification Type & Description

1 Type A
Highest Level. Uses formal design specifications and verification techniques. Grants a
high degree of assurance of process security.

2 Type B
Provides mandatory protection system. Have all the properties of a class C2 system.
Attaches a sensitivity label to each object. It is of three types.
 B1 − Maintains the security label of each object in the system. Label is used for
making decisions to access control.
51
  B2 − Extends the sensitivity labels to each system resource, such as storage
objects, supports covert channels and auditing of events.
 B3 − Allows creating lists or user groups for access-control to grant access or
revoke access to a given named object.

3 Type C
Provides protection and user accountability using audit capabilities. It is of two types.
 C1 − Incorporates controls so that users can protect their private information and
keep other users from accidentally reading/deleting their data. UNIX versions are
mostly Cl class.
 C2 − Adds an individual-level access control to the capabilities of a Cl level
system.

4
Type D
Lowest level. Minimum protection. MS-DOS, Window 3.1 fall in this category.

10.0 Linux Operating System

Linux is one of popular version of UNIX operating System. It is open source as its source code is
freely available. It is free to use. Linux was designed considering UNIX compatibility. Its
functionality list is quite similar to that of UNIX.

Components of Linux System

Linux Operating System has primarily three components

 Kernel − Kernel is the core part of Linux. It is responsible for all major activities of this
operating system. It consists of various modules and it interacts directly with the underlying
hardware. Kernel provides the required abstraction to hide low level hardware details to system
or application programs.
 System Library − System libraries are special functions or programs using which application
programs or system utilities accesses Kernel's features. These libraries implement most of the
functionalities of the operating system and do not requires kernel module's code access rights.
 System Utility − System Utility programs are responsible to do specialized, individual level
tasks.

52
Kernel Mode vs User Mode

Kernel component code executes in a special privileged mode called kernel mode with full access to
all resources of the computer. This code represents a single process, executes in single address space
and do not require any context switch and hence is very efficient and fast. Kernel runs each processes
and provides system services to processes, provides protected access to hardware to processes.
Support code which is not required to run in kernel mode is in System Library. User programs and
other system programs works in User Mode which has no access to system hardware and kernel code.
User programs/ utilities use System libraries to access Kernel functions to get system's low level tasks.

Basic Features

Following are some of the important features of Linux Operating System.

 Portable − Portability means software can works on different types of hardware in same way.
Linux kernel and application programs supports their installation on any kind of hardware
platform.
 Open Source − Linux source code is freely available and it is community based development
project. Multiple teams work in collaboration to enhance the capability of Linux operating
system and it is continuously evolving.
 Multi-User − Linux is a multiuser system means multiple users can access system resources
like memory/ ram/ application programs at same time.
 Multiprogramming − Linux is a multiprogramming system means multiple applications can
run at same time.
 Hierarchical File System − Linux provides a standard file structure in which system files/
user files are arranged.
 Shell − Linux provides a special interpreter program which can be used to execute commands
of the operating system. It can be used to do various types of operations, call application
programs. etc.
 Security − Linux provides user security using authentication features like password protection/
controlled access to specific files/ encryption of data.

Architecture: The following illustration shows the architecture of a Linux system:

53
The architecture of a Linux System consists of the following layers −
 Hardware layer − Hardware consists of all peripheral devices (RAM/ HDD/ CPU etc).
 Kernel − It is the core component of Operating System, interacts directly with hardware,
provides low level services to upper layer components.
 Shell − An interface to kernel, hiding complexity of kernel's functions from users. The shell
takes commands from the user and executes kernel's functions.
 Utilities − Utility programs that provide the user most of the functionalities of an operating
systems.

Linux File System Structure

Linux file system has a hierarchal file structure as it contains a root directory and its subdirectories.
All other directories can be accessed from the root directory. A partition usually has only one file
system, but it may have more than one file system.

A file system is designed in a way so that it can manage and provide space for non-volatile storage
data. All file systems required a namespace that is a naming and organizational methodology. The
namespace defines the naming process, length of the file name, or a subset of characters that can be
used for the file name. It also defines the logical structure of files on a memory segment, such as the
use of directories for organizing the specific files. Once a namespace is described, a Metadata
description must be defined for that particular file.

The data structure needs to support a hierarchical directory structure; this structure is used to describe
the available and used disk space for a particular block. It also has the other details about the files such
as file size, date & time of creation, update, and last modified.

Also, it stores advanced information about the section of the disk, such as partitions and volumes.

The advanced data and the structures that it represents contain the information about the file system
stored on the drive; it is distinct and independent of the file system metadata.

Linux file system contains two-part file system software implementation architecture. Consider the
figure 24 below:

54
Acronyms: HPFS: High performance file system, VFAT: Virtual file Allocation table, FreeBSD:
Free Berkeley Software Distribution (an open-Source Unix –like OS)

Linux file system

The Linux file system architecture consists of the following components:

Kernel: Linux kernel is the main component of a Linux OS and is the core interface between a
computer’s hardware and its processes. It communicates between the hardware and processes,
managing resources as efficiently as possible. The kernel has four jobs: (i) Memory management, (ii)
process management, (iii) Device management and (iv) System calls and security

Virtual File System (VFS): The VFS acts as the interface between the user and the file’s backing
filesystem, masking any implementation details behind generic calls such as open(), read(), write(),
etc. It offers many file system types such as Ext, Ext2, Ext3, Ext4, JFS, ReiserFS, XFS,
btrfs, and swap.

Hardware: This refers to all set of hardware of the given computer. Linux installation depends on the
hardware requirements of the computer.

The file system requires an API (Application programming interface) to access the function calls to
interact with file system components like files and directories. API facilitates tasks such as creating,
deleting, and copying the files. It facilitates an algorithm that defines the arrangement of files on a file
system.

The first two parts of the given file system together called a Linux virtual file system. It provides a
single set of commands for the kernel and developers to access the file system. This virtual file system
requires the specific system driver to give an interface to the file system.

Linux File System Features

In Linux, the file system creates a tree structure. All the files are arranged as a tree and its branches.
The topmost directory called the root (/) directory. All other directories in Linux can be accessed
from the root directory.

Some key features of Linux file system are as following:

o Specifying paths: Linux does not use the backslash (\) to separate the components; it uses
forward slash (/) as an alternative. For example, as in Windows, the data may be stored in C:\
My Documents\ Work, whereas, in Linux, it would be stored in /home/ My Document/ Work.
o Partition, Directories, and Drives: Linux does not use drive letters to organize the drive as
Windows does. In Linux, we cannot tell whether we are addressing a partition, a network
device, or an "ordinary" directory and a Drive.
o Case Sensitivity: Linux file system is case sensitive. It distinguishes between lowercase and
uppercase file names. Such as, there is a difference between test.txt and Test.txt in Linux. This
rule is also applied for directories and Linux commands.
o File Extensions: In Linux, a file may have the extension '.txt,' but it is not necessary that a file
should have a file extension. While working with Shell, it creates some problems for the

55
 beginners to differentiate between files and directories. If we use the graphical file manager, it
symbolizes the files and folders.
o Hidden files: Linux distinguishes between standard files and hidden files, mostly the
configuration files are hidden in Linux OS. Usually, we don't need to access or read the hidden
files. The hidden files in Linux are represented by a dot (.) before the file name (e.g., .ignore).
To access the files, we need to change the view in the file manager or need to use a specific
command in the shell.

Types of Linux File System

When we install the Linux operating system, Linux offers many file systems such as Ext, Ext2, Ext3,
Ext4, JFS, ReiserFS, XFS, btrfs, and swap.

Types of Linux file system

Let's understand each of these file systems in detail:

1. Ext, Ext2, Ext3 and Ext4 file system

The file system Ext stands for Extended File System. It was primarily developed for MINIX OS. The
Ext file system is an older version, and is no longer used due to some limitations.

Ext2 is the first Linux file system that allows managing two terabytes of data. Ext3 is developed
through Ext2; it is an upgraded version of Ext2 and contains backward compatibility. The major
drawback of Ext3 is that it does not support servers because this file system does not support file
recovery and disk snapshot.

Ext4 file system is the faster file system among all the Ext file systems. It is a very compatible option
for the SSD (solid-state drive) disks, and it is the default file system in Linux distribution.

2. JFS File System

JFS stands for Journaled File System, and it is developed by IBM for AIX Unix. It is an alternative
to the Ext file system. It can also be used in place of Ext4, where stability is needed with few
resources. It is a handy file system when CPU power is limited.

56
3. ReiserFS File System

ReiserFS is an alternative to the Ext3 file system. It has improved performance and advanced features.
In the earlier time, the ReiserFS was used as the default file system in SUSE Linux, but later it has
changed some policies, so SUSE returned to Ext3. This file system dynamically supports the file
extension, but it has some drawbacks in performance.

4. XFS File System

XFS file system was considered as high-speed JFS, which is developed for parallel I/O processing.
NASA still using this file system with its high storage server (300+ Terabyte server).

5. Btrfs File System

Btrfs stands for the B tree file system. It is used for fault tolerance, repair system, fun administration,
extensive storage configuration, and more. It is not a good suit for the production system.

6. Swap File System

The swap file system is used for memory paging in Linux operating system during the system
hibernation. A system that never goes in hibernate state is required to have swap space equal to
its RAM size.

11.0 Windows (NT) File System

The Windows file system is called NTFS, and was introduced with Windows NT 4.0 and is the
standard file system on Windows 2000 and later systems, such as Windows XP. Its goal was to solve
the size, performance, reliability, and flexibility limitations in the DOS (aka "FAT" file system).

It has a general similarity to the FAT file system in that all files are described in a single table, called
the Master File Table (MFT). However, it has more modern characteristics in that all components are
files, including:

 Master File Table  free list (bit map)

 data files  boot images
 directories  recovery logs

The file system also has features to support redundancy and transactions, which we will not discuss. A
great reference for details is the book: Inside the Windows NT File System by Helen Custer,
published by (not surprisingly) Microsoft Press.

Disk Layout

Disks are divided into fixed size regions:

 Each region is called a volume.

 Each volume can contain a different kind of file system, such as NTFS, FAT, or even Unix.
 Since each volume is a separate file system, it has its own root directory.
57
  Multiple volumes allow for fixed limits on the growth of a particular file tree, such as limiting
the size of temporary file space.
 Multiple volumes also allow a single disk to contain multiple, separating bootable operating
system.

Master File Table (MFT)

Clusters are the key element to allocation:

 Logically, the disk consists of allocation units called clusters.

 A cluster is a power-of-two multiple of the physical disk block size. The cluster size is set
when the disk is formatted. A small cluster provides a finer granularity of allocation, but may
require more space to describe the file and more separate operations to transfer data to or from
memory.
 The free list is a bitmap, each of whose bits describe one cluster.
 Clusters on the disk are numbered starting from zero to the maximum number of clusters
(minus one). These numbers are called logical cluster numbers (LCN) and are used to name
blocks (clusters) on disk.

The MFT is the major, and in some ways, the only data structure on disk:

 All files, and therefore all objects stored on disk are described by the MFT.
 All files are logical stored in the MFT and, for small files are physically within the bounds of
the MFT. In this sense, the MFT is the file system.
 The MFT logically can be described as a table with one row per file.
 The first rows in the table described important configuration files, including for the MFT itself.

MFT Entries

As stated previously, each row or entry in the MFT (called a record) describes a file and logically
contains the file. In the case of small files, the entry actually contains the contents of the file.

58
Each entry is consists of (attribute, value) pairs. While the conceptual design of NTFS is such that this
set of pairs is extensible to include user-defined attributes, current version of NTFS have a fixed set.
The main attributes are:

 Standard information: This attribute includes the information that was standard in the MS-
DOS world:
o read/write permissions,
o creation time,
o last modification time,
o count of how many directories point to this this file (hard link count.
 File Name: This attribute describes the file's name in the Unicode character set. Multiple file
names are possible, such as when:
o the file has multiple links, or
o the file has an MS-DOS short name.
 Security Descriptor: This attribute lists which user owns the file and which users can access it
(and how they can access it).
 Data: This attribute either contains the actual file data in the case of a small file or points to the
data (or points to the objects that point to the data) in the case of larger files.

For small files, this design is extremely efficient. By looking no further than the MFT entry, you have
the complete contents of the file.

However, the Data field gets interesting when the data contained in the file is larger than an MFT
entry. When dealing with large data, the Data attribute contains pointers to the data, rather than the
data itself.

 The pointers to data are actually pointers to sequences of logical clusters on the disk.
 Each sequence is identified by three parts:
o starting cluster in the file, called the virtual cluster number (VCN),
o starting logical cluster (LCN) of the sequence on disk,
o length, counted as the number of clusters.
 The run of clusters is called an extent, following the terminology developed by IBM in the
1960's.
 NTFS allocates new extents as necessary. When there is no more space left in the MFT entry,
then another MFT entry is allocated. This design is effectively a list of extents, rather than the
Unix or DEMOS tree of extents.

59
Directories

As with other modern file systems, a directory in NTFS is a file whose data contains a collection of
name/file mappings.

 A directory entry contains the name of the file and file reference. The file references indentifies
the file on this volume. In other words, it is an internal name for the file. A reference is a (file
number, sequence number) pair. The file number is the offset of the file's entry in the MFT
table. It is similar to the Unix inumber (Inode number).
 The list of file names in the directories is not stored in a simple list, but rather as a
lexigraphically-sorted tree, called a B+ tree (this will be familiar to those with a database
background). The data structure is called an index in NFTS (again, following the terminology
from databases).
 The NTFS design specifies that an index can be constructed for any attribute, but currently
only file name indices are supported.
 The name for a file appears both in its directory entry and in the MFT entry for the file itself.
 As with regular files, if the directory is small enough, it can fit entirely within the MFT entry.

If the directory is larger, then the top part of (the B+ tree of) the directory is in the MFT entry, which
points to extents that contain the rest of the name/file mappings.

60
ANATOMY OF A MULTIUSER OPERATING SYSTEM

Microsoft Windows OS

The first commercial version of Windows OS was MS Windows 95, followed with Windows OS 97,
98, 2000, NT, Me, XP, Vista, Windows 7, shown in figure 29, is the newest release of Windows.

Windows 7

Microsoft Windows OS is a family of proprietary operating systems most commonly used on personal
computers. It is the most common family of operating systems for the personal computer, with above

61
85% of market share. Currently, the most widely used version of the Windows family is Windows XP,
released on October 25, 2001. The newest version is Windows 7 for personal computers and Windows
Server 2008 R2 for servers.

Microsoft Windows originated in 1981 as an add-on to the older MS-DOS operating system for the
IBM PC. First publicly released in 1985, Windows came to dominate the business world of personal
computers, and went on to set a number of industry standards and commonplace applications.
Beginning with Windows XP, all modern versions are based on the Windows NT kernel. Current
versions of Windows run on IA-32 and x86-64 processors, although older versions sometimes
supported other architectures.

Windows is also used on servers, supporting applications such as web servers and database servers. In
recent years, Microsoft has spent significant marketing and research & development money to
demonstrate that Windows is capable of running any enterprise application, which has resulted in
consistent price/performance records and significant acceptance in the enterprise market. However, its
usage in servers is not as widespread as personal computers, and here Windows actively competes
against Linux and BSD for market share, while still capturing a steady majority by some accounts.

Components

The components of an operating system all exist in order to make the different parts of a computer
work together. All software—from financial databases to film editors—needs to go through the
operating system in order to use any of the hardware, whether it is as simple as a mouse or keyboard
or complex as an Internet connection.

User interface

Each OS provides basically two types of interfaces: Command line and graphical user interface.

Command line: It consists of command line. Each command is typed out after the 'prompt', and then
its output appears below, working its way down the screen. The current command prompt is at the
bottom.
62
Graphical user interface (GUI): In GUI programs take the form of images on the screen, and the
files, folders, and applications take the form of icons and symbols. A mouse is used to navigate the
computer.

Every computer that receives some sort of human input needs a user interface, which allows a person
to interact with the computer. While devices like keyboards, mice and touch screens make up the
hardware end of this task, the user interface makes up the software for it.

Most of the modern computer systems support graphical user interfaces (GUI). In some computer
systems, such as the original implementation of Mac OS, the GUI is integrated into the kernel.

While technically a graphical user interface is not an operating system service, incorporating support
for one into the operating system kernel can allow the GUI to be more responsive by reducing the
number of context switches required for the GUI to perform its output functions. Other operating
systems are modular, separating the graphics subsystem from the kernel and the Operating System. In
the 1980s UNIX, VMS and many others had operating systems that were built this way. GNU/Linux
and Mac OS X are also built this way. Modern releases of Microsoft Windows such as Windows Vista
implement a graphics subsystem that is mostly in user-space; however the graphics drawing routines
of versions between Windows NT 4.0 and Windows Server 2003 exist mostly in kernel space.
Windows 9x had very little distinction between the interface and the kernel.

Graphical user interfaces evolve over time. For example, Windows has modified its user interface
almost every time a new major version of Windows is released, and the Mac OS GUI changed
dramatically with the introduction of Mac OS X in 1999.

Modes

Protected mode and Supervisor mode

Privilege rings for the x86 available in protected mode. Operating systems determine which processes
run in each mode.

63
Modern CPUs support multiple modes of operation. CPUs with this capability use at least two modes:
protected mode and supervisor mode. The supervisor mode is used by the operating system's kernel
for low level tasks that need unrestricted access to hardware, such as controlling how memory is
written and erased, and communication with devices like graphics cards. Protected mode, in contrast,
is used for almost everything else. Applications operate within protected mode, and can only use
hardware by communicating with the kernel, which controls everything in supervisor mode. CPUs
might have other modes similar to protected mode as well, such as the virtual modes in order to
emulate older processor types, such as 16-bit processors on a 32-bit one, or 32-bit processors on a 64-
bit one.

When a computer first starts up, it is automatically running in supervisor mode. The first few programs
to run on the computer, being the BIOS, bootloader and the operating system have unlimited access to
hardware - and this is required because, by definition, initializing a protected environment can only be
done outside of one. However, when the operating system passes control to another program, it can
place the CPU into protected mode.

In protected mode, programs may have access to a more limited set of the CPU's instructions. A user
program may leave protected mode only by triggering an interrupt, causing control to be passed back
to the kernel. In this way the operating system can maintain exclusive control over things like access
to hardware and memory.

The term "protected mode resource" generally refers to one or more CPU registers, which contain
information that the running program isn't allowed to alter. Attempts to alter these resources generally
causes a switch to supervisor mode, where the operating system can deal with the illegal operation the
program was attempting (for example, by killing the program).

12.0 Architecture of Windows NT

The architecture of Windows NT, an operating systems produced and sold by Microsoft, is a layered
design that consists of two main components, user mode and kernel mode.

It is a preemptive, reentrant operating system, which has been designed to work with uniprocessor and
symmetrical multi processor (SMP)-based computers. To process input/output (I/O) requests, they use
packet-driven I/O, which utilizes I/O request packets (IRPs) and asynchronous I/O. Starting with
Windows 2000, Microsoft began making 64-bit versions of Windows available -before this, these
operating systems only existed in 32-bit versions.

Programs and subsystems in user mode are limited in terms of what system resources they have access
to, while the kernel mode has unrestricted access to the system memory and external devices. The
Windows NT kernel is known as a hybrid kernel. The architecture comprises a simple kernel,
hardware abstraction layer (HAL), drivers, and a range of services (collectively named Executive),
which all exist in kernel mode (see figure below).

64
Architecture of Windows OS

User mode

The user mode is made up of subsystems which can pass I/O requests to the appropriate kernel mode
drivers via the I/O manager (which exists in kernel mode). Two subsystems make up the user mode
layer of Windows NT: the Environment subsystem and the Integral subsystem.

The environment subsystem was designed to run applications written for many different types of
operating systems. None of the environment subsystems can directly access hardware, and must
request access to memory resources through the Virtual Memory Manager that runs in kernel mode.
Also, applications run at a lower priority than kernel mode processes.

There are three main environment subsystems: the Win32 subsystem, an OS/2 subsystem and a
POSIX subsystem.

65
  The Win32 environment subsystem can run 32-bit Windows applications. It contains the
console as well as text window support, shutdown and hard-error handling for all other
environment subsystems. It also supports Virtual DOS Machines (VDMs), which allow MS-
DOS and 16-bit Windows (Win16) applications to run on Windows NT. There is a specific
MS-DOS VDM which runs in its own address space and which emulates an Intel 80486
running MS-DOS 5.0. Win16 programs, however, run in a Win16 VDM. Each program, by
default, runs in the same process, thus using the same address space, and the Win16 VDM
gives each program its own thread to run on. However, Windows NT does allow users to run a
Win16 program in a separate Win16 VDM, which allows the program to be preemptively
multitasked as Windows NT will pre-empt the whole VDM process, which only contains one
running application. The Win32 environment subsystem process also includes the window
management functionality, sometimes referred to as a "window manager". It handles input
events (such as from the keyboard and mouse), then passes messages to the applications that
need to receive this input. Each application is responsible for drawing or refreshing its own
windows and menus, in response to these messages.
 The OS/2 environment subsystem supports 16-bit character-based OS/2 applications and
emulates OS/2 1.x, but not 32-bit or graphical OS/2 applications as used with OS/2 2.x or later.
 The POSIX environment subsystem supports applications that are strictly written to either
the POSIX.1 standard or the related ISO/IEC standards. The POSIX subsystem has been an
area of recent active development and is a major feature of Windows Compute Cluster Server
2003.

The integral subsystem looks after operating system specific functions on behalf of the environment
subsystem. It consists of a security subsystem, a workstation service and a server service. The security
subsystem deals with security tokens, grants or denies access to user accounts based on resource
permissions, handles login requests and initiates login authentication, and determines which system
resources need to be audited by Windows NT. It also looks after Active Directory. The workstation
service is an API to the network redirector, which provides the computer access to the network. The
server service is an API that allows the computer to provide network services.

Kernel mode

Windows NT kernel mode has full access to the hardware and system resources of the computer and
runs code in a protected memory area. It controls access to scheduling, thread prioritization, memory
management and the interaction with hardware. The kernel mode stops user mode services and
applications from accessing critical areas of the operating system that they should not have access to;
user mode processes must ask the kernel mode to perform such operations on their behalf.

While the x86 architecture supports four different privilege levels (numbered 0 to 3), only the two
extreme privilege levels are used. User-mode programs are run with CPL 3, and the kernel runs with
CPL 0. These two levels are often referred to as "ring 3" and "ring 0", respectively. Such a design
decision had been done to achieve code portability to RISC platforms that only support two privilege
levels, though this breaks compatibility with OS/2 applications that contain I/O privilege segments
that attempt to directly access hardware.

Kernel mode consists of executive services, which are made up of many modules that do specific
tasks, kernel drivers, a kernel and a Hardware Abstraction Layer, or HAL.

66
Executive

The Windows Executive services make up the low-level kernel-mode portion, and are contained in the
file NTOSKRNL.EXE. It deals with I/O, object management, security and process management.
These are divided into several subsystems, among which Cache Manager, Configuration Manager,
I/O Manager, Local Procedure Call (LPC), Memory Manager, Object Manager, Process Structure
and Security Reference Monitor (SRM). Grouped together, the components can be called Executive
services (internal name Ex). System Services (internal name Nt), i.e., system calls, are implemented at
this level, too, except very few that call directly into the kernel layer for better performance.

The term "service" in this context generally refers to a callable routine, or set of callable routines. This
is distinct from the concept of a "service process," which is a user mode component somewhat
analogous to a daemon in Unix-like operating systems.

Each object in Windows NT exists in a global namespace. This is a screenshot from SysInternals
WinObj.

Object Manager

The Object Manager (internal name Ob) is an executive subsystem that all other executive
subsystems, especially system calls, must pass through to gain access to Windows NT resources—
essentially making it a resource management infrastructure service. The object manager is used to
reduce the duplication of object resource management functionality in other executive subsystems,
which could potentially lead to bugs and make development of Windows NT harder. To the object
manager, each resource is an object, whether that resource is a physical resource (such as a file system
or peripheral) or a logical resource (such as a file). Each object has a structure or object type that the
object manager must know about.

Object creation is a process in two phases, creation and insertion. Creation causes the allocation of an
empty object and the reservation of any resources required by the object manager, such as an
(optional) name in the namespace. If creation was successful, the subsystem responsible for the
creation fills in the empty object. Finally, if the subsystem deems the initialization successful, it
instructs the object manager to insert the object, which makes it accessible through its (optional) name
or a cookie called a handle. From then on, the lifetime of the object is handled by the object manager,
and it's up to the subsystem to keep the object in a working condition until being signaled by the object
manager to dispose of it.

Object types define the object procedures and any data specific to the object. In this way, the object
manager allows Windows NT to be an object oriented operating system, as object types can be thought
of as polymorphic classes that define objects. Most subsystems, though, with a notable exception in
the I/O Manager, rely on the default implementation for all object type procedures.

Each instance of an object that is created stores its name, parameters that are passed to the object
creation function, security attributes and a pointer to its object type. The object also contains an object
close procedure and a reference count to tell the object manager how many other objects in the system
reference that object and thereby determines whether the object can be destroyed when a close request
is sent to it. Every named object exists in a hierarchical object namespace.

67
Cache Controller

Closely coordinates with the Memory Manager, I/O Manager and I/O drivers to provide a common
cache for regular file I/O. Uniquely, the Windows Cache Manager operates on file blocks (rather than
device blocks), for consistent operation between local and remote files, and ensures a certain degree of
coherency with memory-mapped views of files, since cache blocks are a special case of memory-
mapped views and cache misses a special case of page faults.

Configuration Manager

Implements the Windows registry.

I/O Manager

Allows devices to communicate with user-mode subsystems. It translates user-mode read and write
commands into read or write IRPs which it passes to device drivers. It accepts file system I/O requests
and translates them into device specific calls, and can incorporate low-level device drivers that directly
manipulate hardware to either read input or write output. It also includes a cache manager to improve
disk performance by caching read requests and write to the disk in the background.

Local Procedure Call (LPC)

Provides inter-process communication ports with connection semantics. LPC ports are used by user-
mode subsystems to communicate with their clients, by Executive subsystems to communicate with
user-mode subsystems, and as the basis for the local transport for MSRPC.

Memory Manager

Manages virtual memory, controlling memory protection and the paging of memory in and out of
physical memory to secondary storage, and implements a general-purpose allocator of physical
memory. It also implements a parser of PE executables that lets an executable be mapped or
unmapped in a single, atomic step.

Starting from Windows NT Server 4.0, Terminal Server Edition, the memory manager implements a
so-called session space, a range of kernel-mode memory that is subject to context switching just like
user-mode memory. This lets multiple instances of the kernel-mode Win32 subsystem and GDI
drivers run side-by-side, despite shortcomings in their initial design. Each session space is shared by
several processes, collectively referred to as a "session".

To ensure a degree of isolation between sessions without introducing a new object type, the
association between processes and sessions is handled by the Security Reference Monitor, as an
attribute of a security subject (token), and it can only be changed while holding special privileges.

Process Structure

andles process and thread creation and termination, and it implements the concept of Job, a group of
processes that can be terminated as a whole, or be placed under shared restrictions (such a total
maximum of allocated memory, or CPU time). Job objects were introduced in Windows 2000.

68
PnP Manager

Handles Plug and Play and supports device detection and installation at boot time. It also has the
responsibility to stop and start devices on demand—this can happen when a bus (such as USB or
FireWire) gains a new device and needs to have a device driver loaded to support it. Its bulk is actually
implemented in user mode, in the Plug and Play Service, which handles the often complex tasks of
installing the appropriate drivers, notifying services and applications of the arrival of new devices, and
displaying GUI to the user.

Power Manager

Deals with power events (power-off, stand-by, hibernate, etc.) and notifies affected drivers with
special IRPs (Power IRPs).

Security Reference Monitor (SRM)

The primary authority for enforcing the security rules of the security integral subsystem. It determines
whether an object or resource can be accessed, via the use of access control lists (ACLs), which are
themselves made up of access control entries (ACEs). ACEs contain a security identifier (SID) and a
list of operations that the ACE gives a select group of trustees- a user account, group account, or login
session - permission (allow, deny, or audit) to that resource.

GDI

The Graphics Device Interface is responsible for tasks such as drawing lines and curves, rendering
fonts and handling palettes. The Windows NT 3.x series of releases had placed the GDI component in
the user-mode Client/Server Runtime Subsystem, but this was moved into kernel mode with Windows
NT 4.0 to improve graphics performance.

Kernel

The kernel sits between the HAL and the Executive and provides multiprocessor synchronization,
thread and interrupt scheduling and dispatching, and trap handling and exception dispatching; it is also
responsible for initializing device drivers at bootup that are necessary to get the operating system up
and running. That is, the kernel performs almost all the tasks of a traditional microkernel; the strict
distinction between Executive and Kernel is the most prominent remnant of the original microkernel
design, and historical design documentation consistently refers to the kernel component as "the
microkernel".

The kernel often interfaces with the process manager. The level of abstraction is such that the kernel
never calls into the process manager, only the other way around (save for a handful of corner cases,
still never to the point of a functional dependence).

Kernel-mode drivers

Windows NT uses kernel-mode device drivers to enable it to interact with hardware devices. Each of
the drivers has well defined system routines and internal routines that it exports to the rest of the
operating system. All devices are seen by user mode code as a file object in the I/O manager, though
to the I/O manager itself the devices are seen as device objects, which it defines as either file, device

69
or driver objects. Kernel mode drivers exist in three levels: highest level drivers, intermediate drivers
and low level drivers. The highest level drivers, such as file system drivers for FAT and NTFS, rely
on intermediate drivers. Intermediate drivers consist of function drivers or main driver for a device
that are optionally sandwiched between lower and higher level filter drivers. The function driver then
relies on a bus driver or a driver that services a bus controller, adapter, or bridge which can have an
optional bus filter driver that sits between itself and the function driver. Intermediate drivers rely on
the lowest level drivers to function. The Windows Driver Model (WDM) exists in the intermediate
layer. The lowest level drivers are either legacy Windows NT device drivers that control a device
directly or can be a PnP hardware bus. These lower level drivers directly control hardware and do not
rely on any other drivers.

Hardware abstraction layer

The Windows NT hardware abstraction layer, or HAL, is a layer between the physical hardware of the
computer and the rest of the operating system. It was designed to hide differences in hardware and
therefore provide a consistent platform on which the kernel is run. The HAL includes hardware-
specific code that controls I/O interfaces, interrupt controllers and multiple processors.

However, despite its purpose and designated place within the architecture, the HAL isn't a layer that
sits entirely below the kernel, the way the kernel sits below the Executive: all known HAL
implementations depend in some measure on the kernel, or even the Executive. In practice, this means
that kernel and HAL variants come in matching sets that are specifically engineered to work together.

In particular hardware abstraction does not involve abstracting the instruction set, which generally
falls under the wider concept of portability. Abstracting the instruction set, when necessary (such as
for handling the several revisions to the x86 instruction set, or emulating a missing math coprocessor),
is performed by the kernel, or via platform virtualization.

70