INTRODUCTION TO MODERN OPERATING SYSTEM- CHAPTER 1

WHAT IS AN OPERATING SYSTEM?

AN OPERATING SYSTEM ACTS AS AN INTERFACE BETWEEN THE USER AND THE COMPUTER SYSTEM.

The 1960s definition of an operating system is the software that controls the hardware.
However, today, due to microcode we need a better definition. We see an operating system as
the programs that make the hardware useable. In brief, an operating system is the set of
programs that controls a computer. Some examples of operating systems are UNIX, Mach, MSDOS, MS-Windows, Windows/NT, Chicago, OS/2, MacOS, VMS, MVS, and VM.
Controlling the computer involves software at several levels. We will differentiate kernel
services, library services, and application-level services, all of which are part of the operating
system. Processes run Applications, which are linked together with libraries that perform
standard services. The kernel supports the processes by providing a path to the peripheral
devices. The kernel responds to service calls from the processes and interrupts from the
devices. The core of the operating system is the kernel, a control program that functions in
privileged state (an execution context that allows all hardware instructions to be executed),
reacting to interrupts from external devices and to service requests and traps from processes.
Generally, the kernel is a permanent resident of the computer. It creates and terminates
processes and responds to their request for service.
Operating Systems are resource managers. The main resource is computer hardware in the
form of processors, storage, input/output devices, communication devices, and data. Some of
the operating system functions are: implementing the user interface, sharing hardware among
users, allowing users to share data among themselves, preventing users from interfering with
one another, scheduling resources among users, facilitating input/output, recovering from
errors, accounting for resource usage, facilitating parallel operations, organizing data for secure
and rapid access, and handling network communications.
The operating system (OS) is the first thing loaded onto the computer -- without the
operating system, a computer is useless.
Operating systems can now be found on many of the devices we use every day, from
cell phones to wireless access points.
The purpose of an operating system is to organize and control hardware and software
so that the device it lives in behaves in a flexible but predictable way.
Not all computers have operating systems. The computer that controls the microwave
oven in your kitchen, for example, doesn't need an operating system. It has one set of
tasks to perform, very straightforward input to expect (a numbered keypad and a few
pre-set buttons) and simple, never-changing hardware to control.
For a computer like this, an operating system would be unnecessary baggage, driving up
the development and manufacturing costs significantly and adding complexity where

none is required. Instead, the computer in a microwave oven simply runs a single hardwired program all the time (EMBEDDED SYSTEMS).
All desktop computers have operating systems. The most common are the Windows
family of operating systems developed by Microsoft, the Macintosh operating systems
developed by Apple and the UNIX family of operating systems (which have been
developed by a whole history of individuals, corporations and collaborators). There are
hundreds of other operating systems available for special-purpose applications,
including specializations for mainframes, robotics, manufacturing, real-time control
systems and so on.
Operating system are made of portable code instead of permanent physical circuits so
that changes can be made regularly as an when required without scrapping the whole
device
For a desktop computer user, this means you can add a new security update, system
patch, new application or even an entirely new operating system rather than junk your
computer and start again with a new one when you need to make a change.
OBJECTIVES OF OPERATING SYSTEMS
Modern Operating systems generally have following three major goals. Operating systems
generally accomplish these goals by running processes in low privilege and providing service
calls that invoke the operating system kernel in high-privilege state.

TO HIDE DETAILS OF HARDWARE BY CREATING ABSTRACTION:An abstraction is software that hides lower level details and provides a set of
higher-level functions. An operating system transforms the physical world of devices,
instructions, memory, and time into virtual world that is the result of abstractions built
by the operating system. There are several reasons for abstraction.
First, the code needed to control peripheral devices is not standardized. Operating
systems provide subroutines called device drivers that perform operations on behalf of
programs for example, input/output operations.
Second, the operating system introduces new functions as it abstracts the
hardware. For instance, operating system introduces the file abstraction so that
programs do not have to deal with disks.
Third, the operating system transforms the computer hardware into multiple
virtual computers, each belonging to a different program. Each program that is running
is called a process. Each process views the hardware through the lens of abstraction.
Fourth, the operating system can enforce security through abstraction.

TO ALLOCATE RESOURCES TO PROCESSES (MANAGE RESOURCES):An operating system controls how processes (the active agents) may access resources
(passive entities).

PROVIDE A PLEASANT AND EFFECTIVE USER INTERFACE :The user interacts with the operating systems through the user interface and usually
interested in the look and feel of the operating system. The most important
components of the user interface are the command interpreter, the file system, on-line
help, and application integration. The recent trend has been toward increasingly
integrated graphical user interfaces that encompass the activities of multiple processes
on networks of computers.

One can view Operating Systems from two points of views: Resource manager and
Extended machines. Form Resource manager point of view Operating Systems manage the
different parts of the system efficiently and from extended machines point of view Operating
Systems provide a virtual machine to users that is more convenient to use. The structurally
Operating Systems can be design as a monolithic system, a hierarchy of layers, a virtual
machine system, an exokernel, or using the client-server model.
Operating System Also Known as the Resource Manager Means Operating System will
Manages all the Resources those are Attached to the System means all the Resource like
Memory and Processor and all the Input output Devices those are Attached to the System are
Known as the Resources of the Computer System and the Operating system will Manage all the
Resources of the System. The Operating System will identify at which Time the CPU will perform
which Operation and in which Time the Memory is used by which Programs. And which Input
Device will respond to which Request of the user means When the Input and Output Devices
are used by the which Programs. So this will manage all the Resources those are attached to the
Computer System.
The basic concepts of Operating Systems are processes, memory management, I/O
management, the file systems, and security.

OPERATING SYSTEM FUNCTIONS

PROCESS MANAGEMENT
A process is a program in execution: (A program is passive, a process active.)
A process has resources (CPU time, files) and attributes that must be managed.
One (or more) threads are the schedulable entities within a process.
Management of processes includes:

Thread Scheduling (priority, time management, . . . )

Creation/termination

Block/Unblock (suspension/resumption )

Synchronization

Communication

Deadlock handling

Debugging

The Operating System also Treats the Process Management means all the Processes
those are given by the user or the Process those are System s own Process are
Handled by the Operating System . The Operating System will Create the Priorities foe
the user and also Start or Stops the Execution of the Process and Also Makes the Child
Process after dividing the Large Processes into the Small Processes.

MAIN MEMORY MANAGEMENT

Operating System also Manages the Memory of the Computer System means Provide
the Memory to the Process and Also Deallocate the Memory from the Process. And also
defines that if a Process gets completed then this will deallocate the Memory from the
Processes.

Allocation/de-allocation for processes, files, I/O.

Maintenance of several processes at a time

Keep track of who's using what memory

Movement of process memory to/from secondary storage.

FILE MANAGEMENT

A file is a collection of related information defined by its creator. Commonly, files represent
programs (both source and object forms) and data.
The operating system is responsible for the following activities in connections with file
management:

File creation and deletion.

Directory creation and deletion.

Support of primitives for manipulating files and directories.

Mapping files onto secondary storage.

File backup on stable (nonvolatile) storage media.

I/O MANAGEMENT

Buffer caching system

Generic device driver code

Drivers for each device - translate read/write requests into disk position
commands.

SECONDARY STORAGE MANAGEMENT

Operating System also Controls the all the Storage Operations means how the
data or files will be Stored into the computers and how the Files will be
Accessed by the users etc. All the Operations those are Responsible for Storing
and Accessing the Files is determined by the Operating System Operating System
also Allows us Creation of Files, Creation of Directories and Reading and Writing
the data of Files and Directories and also Copy the contents of the Files and the
Directories from One Place to Another Place.

Disks, tapes, optical, ...

Free space management ( paging/swapping )

Storage allocation ( what data goes where on disk )

Disk scheduling

NETWORKING

Communication system between distributed processors.

Getting information about files/processes/etc. on a remote machine.

Can use either a message passing or a shared memory model.

PROTECTION

Of files, memory, CPU, etc.

Means controlling of access

Depends on the attributes of the file and user

SYSTEM PROGRAMS(User Interface)

Command Interpreters -- Program that accepts control statements (shell, GUI

interface, etc.)

Compilers/linkers

Communications (ftp, telnet, etc.)

Extended Machine : Operating System also behaves like an Extended Machine means
Operating system also Provides us Sharing of Files between Multiple Users, also
Provides Some Graphical Environments and also Provides Various Languages for
Communications and also Provides Many Complex Operations like using Many

Hardwares and Softwares.

Mastermind: Operating System also performs Many Functions and for those Reasons
we can say that Operating System is a Mastermind. It provides Booting without an
Operating System and Provides Facility to increase the Logical Memory of the Computer
System by using the Physical Memory of the Computer System and also provides various
Types of Formats Like NTFS and FAT File Systems.
Operating System also controls the Errors those have been Occurred into the Program
and Also Provides Recovery of the System when the System gets Damaged Means When
due to Some Hardware Failure , if System Doesnt Works properly then this Recover the
System and also Correct the System and also Provides us the Backup Facility. And
Operating System also breaks the large program into the Smaller Programs those are
also called as the threads. And execute those threads one by one

TYPES OF OPERATING SYSTEM

BASED ON ENVIRONMENT

CUI

GUI

BASED ON FUNCTIONS

REAL-TIME OPERATING SYSTEM

SINGLE-USER, SINGLE TASK

SINGLE-USER, MULTI-TASKING

MULTI-USER , MULTI-TASKING

MULTIPROCESSING O/S

MULTITHREADING O/S

NETWORKING O/S

BATCH PROCESSING O/S

DISTRIBUTED O/S

Command user Interface:-This operating system is totally command dependent. One

can work on this environment only if they are familiar with the respective O/S command
Eg. MS-DOS
GUI: - Short for Graphical User Interface, a GUI Operating System contains graphics and
icons and is commonly navigated by using a computer mouse. See the GUI definition for
a complete definition. Below are some examples of GUI Operating Systems.
System 7.x
Windows 98
Windows CE
A real-time operating system (RTOS):- is an operating system (OS) intended to serve
real-time application requests. It must be able to process data as it comes in, typically
without buffering delays. Processing time requirements (including any OS delay) are
measured in tenths of seconds or shorter. RTOS is specially designed for embedded
environments such as consumer devices, automobiles and robotics
RTOS) - Real-time operating systems are used to control machinery, scientific
instruments and industrial systems.
An RTOS typically has very little user-interface capability, and no end-user utilities, since
the system will be a "sealed box" when delivered for use.

A very important part of an RTOS is managing the resources of the computer so that a
particular operation executes in precisely the same amount of time, every time it
occurs.

A common example of an RTOS is an HDTV receiver and display. It needs to read a

digital signal, decode it and display it as the data comes in. Any delay would be
noticeable as jerky or pixelated video and/or garbled audio.

 Some of the best known, most widely deployed, real-time operating systems
LynxOS
OSE
QNX
RTLinux
VxWorks
Windows CE
Single user single tasking :-As the name implies, this operating system is designed to
manage the computer so that one user can effectively do one thing at a time. The Palm
OS for Palm handheld computers is a good example of a modern single-user, single-task
operating system. E.g. MS-DOS
An example of a this kind of O/S would be the O/S of a basic mobile phone or an mp3
player.
There can only be one user using the device and that person is only using one of its
applications at a time
An MP3 player contains a computer to handle all of its functions. It has a small amount
of memory and a number of specialist silicon chips . The operating system is installed in
memory and runs as soon as you switch on the device.
Single user Multi-Tasking :-This is the type of operating system most people use on
their desktop and laptop computers today. Microsoft's Windows and Apple's MacOS
platforms are both examples of operating systems that will let a single user have several
programs in operation at the same time. For example, it's entirely possible for a
Windows user to be writing a note in a word processor while downloading a file from
the Internet while printing the text of an e-mail message.
Another word for multi-tasking is multiprogramming E.g. Windows 95.
Multi-user Multi-tasking :- A multi-user operating system allows many different users to
take advantage of the computer's resources simultaneously. The operating system must
make sure that the requirements of the various users are balanced, and that each of the
programs they are using has sufficient and separate resources so that a problem with

one user doesn't affect the entire community of users. Unix, VMS and mainframe
operating systems, such as MVS, are examples of multi-user operating systems.
Examples of this kind of O/S include various versions of UNIX, LINUX, IBMs z/OS, OS390,
MVS and VM
Network Operating System:-Operating system that supports networking

examples of a network O/S include Windows Vista, Windows 8 and Mac O/S X , Unix,
Linux and all other mainframes O/S

A network O/S system should have the following features : Deal with users logging on
Maintain the network connection to the server
Expand the file system to view folders on other computers
Provide security to separate user accounts from each other
Batch Operating System :-

Batch processing is a technique in which Operating System collects one programs and data
together in a batch before processing starts. Operating system does the following activities
related to batch processing.

OS defines a job which has predefined sequence of commands, programs and data as a
single unit.

OS keeps a number a jobs in memory and executes them without any manual
information.

Jobs are processed in the order of submission i.e first come first served fashion.

When job completes its execution, its memory is released and the output for the job
gets copied into an output spool for later printing or processing.

Advantages

Batch processing takes much of the work of the operator to the computer.

Increased performance as a new job gets started as soon as the previous job finished
without any manual intervention.

Disadvantages

Difficult to debug program.

A job could enter an infinite loop.

Due to lack of protection scheme, one batch job can affect pending jobs.

 Distributed operating system: This is one of the modern operating system

It is a O/S that supports distributed computing
Distributed systems allow users to share resources on geographically dispersed hosts
connected via a computer network. Services could be provided either through a ClientServer Model or a Peer-to-Peer model
A distributed system is a collection of loosely coupled processors interconnected by a
communication network.
The processors in a distributed system may vary in size and function. They may include
microprocessors, workstations, minicomputers and large general purpose computer
systems
They are referred as sites, nodes, computers, machines and hosts
There are two types distributed System
o Parallel Computing
o Distributed Computing
In the most simple form Parallel Computing is a method where several individual
(autonomous) systems (CPU's) work in tandem to resolve a common computing
workload.
Distributed Computing is where several dis-associated systems are working separately
to resolve a multi-faceted computing workload.
An example of parallel computing would be two servers that share the workload of
routing mail, managing connections to an accounting system or database, solving a
mathematical problem, etc....
Distributed Computing would be more like the SETI (Search for extra-terresterial
intelligence). Program, where each client works a separate "chunk" of information, and
returns the completed package to a centralized resource that's responsible for
managing the overall workload.
If you think of ten men pulling on a rope to lift a load, that is parallel computing. If ten
men have ten ropes and are lifting ten different loads from one place to consolidate at
another
place,
that
would
be
distributed
computing.

In Parallel Computing all processors have access to a shared memory. In distributed

computing, each processor has its own private memory

Distributed Operating System is a model where distributed applications are running on

multiple computers linked by communications. A distributed operating system is an
extension of the network operating system that supports higher levels of
communication and integration of the machines on the network.
This system looks to its users like an ordinary centralized operating system but runs on
multiple, independent central processing units (CPUs).

These systems are referred as loosely coupled systems where each processor has its own
local memory and processors communicate with one another through various
communication lines, such as high speed buses or telephone lines. By loosely coupled
systems, we mean that such computers possess no hardware connections at the CPU memory bus level, but are connected by external interfaces that run under the control
of software.
The Distributed Os involves a collection of autonomous computer systems, capable of
communicating and cooperating with each other through a LAN / WAN. A Distributed Os
provides a virtual machine abstraction to its users and wide sharing of resources like as
computational capacity, I/O and files etc.

 The structure shown in fig contains a set of individual computer systems and
workstations connected via communication systems, but by this structure we can not
say it is a distributed system because it is the software, not the hardware, that
determines whether a system is distributed or not.
The users of a true distributed system should not know, on which machine their
programs are running and where their files are stored. LOCUS and MICROS are the best
examples of distributed operating systems.
Using LOCUS operating system it was possible to access local and distant files in uniform
manner. This feature enabled a user to log on any node of the network and to utilize the
resources in a network without the reference of his/her location. MICROS provided
sharing of resources in an automatic manner. The jobs were assigned to different nodes
of the whole system to balance the load on different nodes.

Below given are some of the examples of distributed operating systems:

l. IRIX operating system; is the implementation of UNIX System V, Release 3 for Silicon
Graphics multiprocessor workstations.
2. DYNIX operating system running on Sequent Symmetry multiprocessor computers.
3. AIX operating system for IBM RS/6000 computers.

4. Solaris operating system for SUN multiprocessor workstations.

5. Mach/OS is a multithreading and multitasking UNIX compatible operating system;
6. OSF/1 operating system developed by Open Foundation Software: UNIX compatible.
Distributed systems provide the following advantages:

1 Sharing of resources.
2 Reliability.
3 Communication.
4 Computation speedup.

Distributed systems are potentially more reliable than a central system because if a
system has only one instance of some critical component, such as a CPU, disk, or
network interface, and that component fails, the system will go down. When there are
multiple instances, the system may be able to continue in spite of occasional failures. In
addition to hardware failures, one can also consider software failures. Distributed
systems allow both hardware and software errors to be dealt with.

 A distributed system is a set of computers that communicate and collaborate each other
using software and hardware interconnecting components. Multiprocessors (MIMD
computers using shared memory architecture), multicomputers connected through
static or dynamic interconnection networks (MIMD computers using message passing
architecture) and workstations connected through local area network are examples of
such distributed systems.
A distributed system is managed by a distributed operating system. A distributed
operating system manages the system shared resources used by multiple processes, the
process scheduling activity (how processes are allocating on available processors), the
communication and synchronization between running processes and so on. The
software for parallel computers could be also tightly coupled or loosely coupled. The
loosely coupled software allows computers and users of a distributed system to be
independent each other but having a limited possibility to cooperate. An example of
such a system is a group of computers connected through a local network. Every
computer has its own memory, hard disk. There are some shared resources such files
and printers. If the interconnection network broke down, individual computers could be
used but without some features like printing to a non-local printer.
ADVANTAGES OF DISTRIBUTED SYSTEM
Resource Sharing
Computation Speedup
Reliability
Communication
Resource Sharing :- If number of different sites are connected to one another, then a
user at one site may be able to use the resources available at another. For. E.g. a user at
site A may be using a laser printer located at site B
Computation Sped :- If a particular computation can be partitioned into
subcomputations that can run concurrently then a distributed system allows us to
distribute the subcomputations among various sites.
There also exist automated load sharing in which the distributed operating system
automatically moves jobs among several sites that are lightly loaded.

 Reliability :-If one site fails in a distributed system the remaining sites can continue
operating giving the system better reliability.
Data is replicated among several sites in a distributed system so that even if one site
fails data still can be access from other sites.
Communication :-When several sites are connected to one another by a communication
network, the users at different sites have the opportunity to exchange information like
pass message among themselves, collaborate on project by transferring the files of the
project, logging in to each others remote systems to run programs and exchanging mail
to coordinate the work.
DISTRIBUTED OPERATING SYSTEM
With the advent of computer networks, in which many computers are linked together
and are able to communicate with one another, distributed computing became feasible.
A distributed computation is one that is carried out on more than one machine in a
cooperative manner. A group of linked computers working cooperatively on tasks,
referred to as a distributed system, often requires a distributed operating system to
manage the distributed resources
The operating systems commonly used for distributed computing systems can be
broadly classified into two types
Network operating systems
-Distributed operating systems.
The three most important features commonly used to differentiate between these two
types of operating systems are
o System image,
o Autonomy, and
o Fault tolerance capability.
o System image: Under network OS, the user views the distributed system as a collection
of machines connected by a communication subsystem. i.e the user is aware of the fact
that multiple computers are used. A distributed OS hides the existence of multiple
computers and provides a single system image to the users.

o Autonomy: A network OS is built on a set of existing centralized OSs and handles the
interfacing and coordination of remote operations and communications between these
OSs. So, in this case, each machine has its own OS. With a distributed OS, there is a
single system-wide OS and each computer runs part of this global OS.
o Fault Tolerance capability:-Fault tolerance capability: A network operating system
provides little or no fault tolerance capability in the sense that if 10% of the machines of
the entire distributed computing system are down at any moment, at least 10% of the
users are unable to continue with their work. On the other hand, with a distributed
operating system, most of the users are normally unaffected by the failed machines and
can continue to perform their work normally, with only a 10% loss in performance of the
entire distributed computing system.
o Therefore, the fault tolerance capability of a distributed operating system is usually very
high as compared to that of a network operating system
Multimedia System :-Supports multiple kinds of applications

Multimedia applications : Streaming audio, video games, etc.

Traditional applications : Editors, compilers, web servers, etc.

Different applications have different requirements For e.g. interactive

applications like Editors, compilers require low or average response time

While soft real time applications like streaming media , virtual games requires
high response time

Multimedia O/S divides resources according to application requirements. E.g. 30

% of CPU to streaming and 20% to http server, etc.

Multimedia data consist of audio and video files as well as conventional files.
These data differ from conventional data in that multimedia data such as frame of video
must be delivered according to certain time restrictions (for e.g., 30 frames per second)
Multimedia applications may also include live webcasts(broadcast over the world wide
web) of speeches or sporting events and even live webcams that allow a viewer n
Manhattan to observe customers at a caf in Paris.
Multimedia applications also run on smaller devices. Eg. Stock trader may have stock
quotes delivered wirelessly and in real time to his PDA.

 A mobile operating system:-, also referred to as mobile OS, is the operating system that
operates a smartphone, tablet, PDA, or other digital mobile devices. Modern mobile
operating systems combine the features of a personal computer operating system with
a touchscreen, cellular, Bluetooth, WiFi, GPS mobile navigation, camera, video camera,
speech recognition, voice recorder, music player, Near field communication, Infrared
Blaster, and other features.
E.g. Android from googleinc., Blackberry10 from Blackberry, iOS from Apple Inc. Nokia
Asha Platform from Nokia, Symbian OS from Nokia etc.
Clustered Systems :Cluster computing is a type of distributed computing. Distributed
computing just means coordinating a number of computers to accomplish a single task.
Cluster computing means the computers are specifically organized just to work together
to
accomplish
a
single
task.
For example, massively parallel "grid computing" projects like seti@home and
folding@home are examples of distributed computing but they are not cluster
computing. Here, the computers all work together to accomplish a task, so this is
distributed computing. But they are not specifically arranged for this purpose (the
arrangement is haphazard and uncoordinated with computers all over the place being
randomly added and removed from the set working on the problem), so they are not a
cluster and this is not cluster computing.
What is SETI@home?
SETI@home is a scientific experiment that uses Internet-connected computers in the
Search for Extraterrestrial Intelligence (SETI). You can participate by running a free
program that downloads and analyzes radio telescope data.
E.g. http://setiathome.berkeley.edu/sah_about.php
Folding@home (FAH or F@h) is a distributed computing project for disease research
that simulates protein folding, computational drug design, and other types of molecular
dynamics. The project uses the idle processing resources of thousands of personal
computers owned by volunteers who have installed the software on their systems. Its
primary purpose is to determine the mechanisms of protein folding, which is the
process by which proteins reach their final three-dimensional structure, and to examine
the causes of protein misfolding.

Web Based Computing

That answer is just as easy - because they are cheaper. Computers cost less if you don't
have to have to include a hard drive. They also cost less if you don't have to buy and
install software on them, and that is the real driving force behind the switch. Less
obvious is that users can use more than one of them rather seamlessly. Consider the
new Surface Tablet from Microsoft. It runs a web-computer based version of Windows
that looks virtually identical to Windows 8 which runs on real computers. This means
users don't have to learn two systems. But it means more than that, it means that users
can use web, or cloud based apps instead of those they install locally, e.g. Google Docs,
Facebook, Flickr, etc. to create, manipulate and store their work, which they can then
access using their phone, Chromebook, or any other web based device. computers with
weaker processors and no hard drives that run applications off the "cloud instead of
locally and generally have touch screens to make using them easier. They're also
generally lighter and smaller than so-called "real" computers.
Effect of web based computing :All of this is evident as reports of a slowdown in sales of
real computers contrasts with those noting bigger numbers for iOS, Android and now
Windows 8/RT based machines, which are essentially all the same breed: computers
that do little except allow users to browse the web, access social media and play music
or video files.
It's the newest trend in personal computing, and it's been going on for long enough now,
that most have heard the rumblings
Cloud Computing :In science, cloud computing is a synonym for distributed computing
over a network and means the ability to run a program on many connected computers
at the same time.
Cloud computing is a type of computing that relies on sharing computing resources
rather than having local servers or personal devices to handle applications.
It is called cloud computing because the data and applications exist on a cloud of WEB
servers.

TRANSLATION PROGRAMS
o ASSEMBLERS
o COMPILERS
o INTERPRETERS
o LINKERS
Assembler :-A program that translates programs from assembly language to machine
language.
An assembler is a program that takes basic computer instructions and converts them
into a pattern of bits that the computer's processor can use to perform its basic
operations. Some people call these instructions assembler language and others use the
term assembly language.
Compilers ad Interpreters :-Historically, most programs have been written in "higherlevel" languages such as COBOL, FORTRAN, PL/I, and C. These languages are easier to
learn and faster to write programs with than assembler language. The program that
processes the source code written in these languages is called a compiler.
A compiler is a program that translates a source program written in some high-level
programming language (such as Java) into machine code for some computer
architecture (such as the Intel Pentium architecture). The generated machine code can
be later executed many times against different data each time.
Linker :- Also called link editor and binder, a linker is a program that combines object
modules to form an executable program. Many programming languages allow you to
write different pieces of code, called modules, separately. This simplifies the
programming task because you can break a large program into small, more manageable
pieces. Eventually, though, you need to put all the modules together. This is the job of
the linker.
In addition to combining modules, a linker also replaces symbolic addresses with real
addresses. Therefore, you may need to link a program even if it contains only one
module.

COMPONENT OF COMPUTER SYSTEM

o
o
o
o
o
o

Hardware
Provides basic computing resources (CPU, memory, I/O devices).
Operating System
Controls and coordinates the use of hardware among application programs.
Application Programs
Solve computing problems of users (compilers, database systems, video games,
business programs such as banking software).
o Users
o People, machines, other computers

OPERATING SYSTEM VIEW

o Resource allocator
o to allocate resources (software and hardware) of the computer system and manage
them efficiently.
o Control program
o Controls execution of user programs and operation of I/O devices.
o Kernel
o The program that executes forever (everything else is an application with respect to the
kernel).
o Monitors and Small Kernels
o special purpose and embedded systems, real-time systems
o Batch and multiprogramming
o Timesharing

o workstations, servers, minicomputers, timeframes

o Transaction systems
o Personal Computing Systems
o Mobile Platforms, devices (of all sizes)
COMPONENT OF O/S

DEVICE DRIVERS

USER INTERFACE

SYSTEM UTILITIES :

OPERATING SYSTEM STRUCTURES-CHAPTER 2

SYSTEM COMPONENTS
Even though, not all systems have the same structure many modern operating systems share
the same goal of supporting the following types of system components.
PROCESS MANAGEMENT
The operating system manages many kinds of activities ranging from user programs to system
programs like printer spooler, name servers, file server etc. Each of these activities is
encapsulated in a process. A process includes the complete execution context (code, data, PC,
registers, OS resources in use etc.).
It is important to note that a process is not a program. A process is only ONE instant of a
program in execution. There are many processes can be running the same program. The five
major activities of an operating system in regard to process management are

Creation and deletion of user and system processes.

Suspension and resumption of processes.
A mechanism for process synchronization.
A mechanism for process communication.
A mechanism for deadlock handling.
Process - fundamental concept in OS
Process is a program in execution.
Process needs resources - CPU time, memory, files/data and I/O devices.
OS is responsible for the following process management activities.
Process creation and deletion
Process suspension and resumption
Process synchronization and interprocess communication
Process interactions - deadlock detection, avoidance and correction

MAIN-MEMORY MANAGEMENT
Primary-Memory or Main-Memory is a large array of words or bytes. Each word or byte has its
own address. Main-memory provides storage that can be access directly by the CPU. That is to
say for a program to be executed, it must in the main memory.
The major activities of an operating in regard to memory-management are:

Keep track of which part of memory are currently being used and by whom.
Decide which process are loaded into memory when memory space becomes available.
Allocate and deallocate memory space as needed.
Main Memory is an array of addressable words or bytes that is quickly accessible.

Main Memory is volatile.

OS is responsible for:
Allocate and deallocate memory to processes.
Managing multiple processes within memory - keep track of which parts of memory are
used by which processes. Manage the sharing of memory between processes.
Determining which processes to load when memory becomes
OS Task: Secondary Storage and I/O Management
Since primary storage is expensive and volatile, secondary storage is required for
backup.
Disk is the primary form of secondary storage.
OS performs storage allocation, free-space management and disk scheduling.
I/O system in the OS consists of
Buffer caching and management
Device driver interface that abstracts device details
Drivers for specific hardware devices

FILE MANAGEMENT
A file is a collected of related information defined by its creator. Computer can store files on the
disk (secondary storage), which provide long term storage. Some examples of storage media
are magnetic tape, magnetic disk and optical disk. Each of these media has its own properties
like speed, capacity, data transfer rate and access methods.
A file systems normally organized into directories to ease their use. These directories may
contain files and other directions.
The five main major activities of an operating system in regard to file management are:
1.
2.
3.
4.
5.
6.

The creation and deletion of files.

The creation and deletion of directions.
The support of primitives for manipulating files and directions.
The mapping of files onto secondary storage.
The back up of files on stable storage media.
File is a collection of related information defined by creator - represents programs and

7. File creation and deletion

8. Directory creation and deletion
9. Supporting primitives for file/directory manipulation.
10. Mapping files to disks (secondary storage).
11. Backup files on archival media (tapes).

I/O SYSTEM MANAGEMENT

I/O subsystem hides the peculiarities of specific hardware devices from the user. Only the
device driver knows the peculiarities of the specific device to whom it is assigned.
SECONDARY-STORAGE MANAGEMENT
Generally speaking, systems have several levels of storage, including primary storage,
secondary storage and cache storage. Instructions and data must be placed in primary storage
or cache to be referenced by a running program. Because main memory is too small to
accommodate all data and programs, and its data are lost when power is lost, the computer
system must provide secondary storage to back up main memory. Secondary storage consists
of tapes, disks, and other media designed to hold information that will eventually be accessed
in primary storage (primary, secondary, cache) is ordinarily divided into bytes or words
consisting of a fixed number of bytes. Each location in storage has an address; the set of all
addresses available to a program is called an address space.
The three major activities of an operating system in regard to secondary storage management
are:
1. Managing the free space available on the secondary-storage device.
2. Allocation of storage space when new files have to be written.
3. Scheduling the requests for memory access.
NETWORKING
A distributed system is a collection of processors that do not share memory, peripheral devices,
or a clock. The processors communicate with one another through communication lines called
network. The communication-network design must consider routing and connection strategies,
and the problems of contention and security.
Connecting processors in a distributed system
Distributed System is a collection of processors that do not share memory or a clock.
Processors are connected via a communication network.
Advantages:
Allows users and system to exchange information
provide computational speedup
increased reliability and availability of information

PROTECTION SYSTEM
If a computer systems has multiple users and allows the concurrent execution of multiple
processes, then the various processes must be protected from one another's activities.
Protection refers to mechanism for controlling the access of programs, processes, or users to
the resources defined by a computer systems.
Protection mechanisms control access of programs and processes to user and system
resources.
Protect user from himself, user from other users, system from users.
Protection mechanisms must:
Distinguish between authorized and unauthorized use.
Specify access controls to be imposed on use.
Provide mechanisms for enforcement of access control.
Security mechanisms provide trust in system and privacy
authentication, certification, encryption etc.
COMMAND INTERPRETER SYSTEM
A command interpreter is an interface of the operating system with the user. The user gives
commands with are executed by operating system (usually by turning them into system calls).
The main function of a command interpreter is to get and execute the next user specified
command. Command-Interpreter is usually not part of the kernel, since multiple command
interpreters (shell, in UNIX terminology) may be support by an operating system, and they do
not really need to run in kernel mode. There are two main advantages to separating the
command interpreter from the kernel.
1. If we want to change the way the command interpreter looks, i.e., I want to change the
interface of command interpreter, I am able to do that if the command interpreter is
separate from the kernel. I cannot change the code of the kernel so I cannot modify the
interface.
2. If the command interpreter is a part of the kernel it is possible for a malicious process to
gain access to certain part of the kernel that it showed not have to avoid this ugly
scenario it is advantageous to have the command interpreter separate from kernel.

 An O/S provides an environment within which programs are executed

O/S vary greatly in their makeup since they are organized along many different lines
The design of a O/S is a major task
It is important that goals of the system be well defined before the design begins
Operating system can be viewed from various vantage points
Services
Interface to users and programmers
Components

OPERATING SYSTEM SERVICES

Following are the five services provided by operating systems to the convenience of the users.
Program Execution
The purpose of a computer systems is to allow the user to execute programs. So the operating
systems provides an environment where the user can conveniently run programs. The user
does not have to worry about the memory allocation or multitasking or anything. These things
are taken care of by the operating systems.
Running a program involves the allocating and deallocating memory, CPU scheduling in case of
multiprocess. These functions cannot be given to the user-level programs. So user-level
programs cannot help the user to run programs independently without the help from operating
systems.
I/O Operations
Each program requires an input and produces output. This involves the use of I/O. The
operating systems hides the user the details of underlying hardware for the I/O. All the user
sees is that the I/O has been performed without any details. So the operating systems by
providing I/O makes it convenient for the users to run programs.
For efficiently and protection users cannot control I/O so this service cannot be provided by
user-level programs.

File System Manipulation

The output of a program may need to be written into new files or input taken from some files.
The operating systems provides this service. The user does not have to worry about secondary
storage management. User gives a command for reading or writing to a file and sees his her
task accomplished. Thus operating systems makes it easier for user programs to accomplished
their task.
This service involves secondary storage management. The speed of I/O that depends on
secondary storage management is critical to the speed of many programs and hence I think it is
best relegated to the operating systems to manage it than giving individual users the control of
it. It is not difficult for the user-level programs to provide these services but for above
mentioned reasons it is best if this service s left with operating system.
Communications
There are instances where processes need to communicate with each other to exchange
information. It may be between processes running on the same computer or running on the
different computers. By providing this service the operating system relieves the user of the
worry of passing messages between processes. In case where the messages need to be passed
to processes on the other computers through a network it can be done by the user programs.
The user program may be customized to the specifics of the hardware through which the
message transits and provides the service interface to the operating system.
Error Detection
An error is one part of the system may cause malfunctioning of the complete system. To avoid
such a situation the operating system constantly monitors the system for detecting the errors.
This relieves the user of the worry of errors propagating to various part of the system and
causing malfunctioning.
This service cannot allowed to be handled by user programs because it involves monitoring and
in cases altering area of memory or deallocation of memory for a faulty process. Or may be
relinquishing the CPU of a process that goes into an infinite loop. These tasks are too critical to
be handed over to the user programs. A user program if given these privileges can interfere
with the correct (normal) operation of the operating systems.
Services for ensuring the efficient operation of the system itself
Resource Allocation (With Multiple Users)
Accounting

 Protection and Security (user area and o/s area)

OPERATING SYSTEM INTERFACES

Command interpreter
Graphical User Interface
System Calls
A System Call is the main way a user program interacts with the Operating
System.System calls provide an interface to the services made available by an O/S.These
calls are generally available as routines written in C and C++ System calls provide an
interface between the process an the operating system. System calls allow user-level
processes to request some services from the operating system which process itself is not
allowed to do. In handling the trap, the operating system will enter in the kernel mode,
where it has access to privileged instructions, and can perform the desired service on the
behalf of user-level process. It is because of the critical nature of operations that the
operating system itself does them every time they are needed. For example, for I/O a
process involves a system call telling the operating system to read or write particular area
and this request is satisfied by the operating system.
System programs provide basic functioning to users so that they do not need to write their own
environment for program development (editors, compilers) and program execution (shells). In
some sense, they are bundles of useful system calls.
TYPES OF SYSTEM CALLS
Process Control
File Management
Device Management
Information maintenance
Communication
PROCESS CONTROL SYSTEM CALL
End, abort
Load, execute

 Create process, terminate process

Get process attribute, set process attributes
Wait
Allocate and free memory
FILE MANAGEMENT CALLS
Create file
Delete file
Read, write operation
Get file attributes, set file attributes
DEVICE MANAGEMENT CALLS
Request device, release device
Read, write
Get device attributes and set devices attributes
Logically attach or detach devices
INFORMATION MAINTAINENCE CALLS
Get time or date, set time or date
Get system data, set system data
Get process
Set process
COMMUNICATION CALLS
Create, delete communication connection
Send, receive messages
Transfer of status information
Attach or detach remote devices

HOW A SYSTEM CALL WORKS

Obtain access to system space

Do parameter validation

System resource collection ( locks on structures )

Ask device/system for requested item

Suspend waiting for device

Interrupt makes thread ready to run

Wrap-up

Return to user

TYPES OF OPERATING SYSTEM STRUCTURE

An operating system is usually large and complex. Therefore, it should be engineered
carefully. Possible ways to structure an operating system:
o
o
o
o

Simple, single-user, MS-DOS,MacOS, Windows (Only one or two levels of code)

Monolithic, multi-user, UNIX,Multics, OS/360
Layered,T.H.E. operating system (Lower levels independent of upper levels)
Client/Server (microkernel), Chorus/MiX(OS built from many user-level
processes)
o Modules (Solaris)(Core Kernel with dynamically loadable modules)

Simple structure :
Simple structure has interfaces and functionality not separated For eg. Application program has
the liberty of accessing basic I/O routines to write data directly or to display data to disk leaving
it vulnerable for the O/S to get corrupted and crash through some malicious program.
MS-DoS is an example here it does not provide any hardware protection and MS-DOS,
applications may bypass the operating system.

Operating systems such as MS-DOS and the original UNIX did not have well-defined
structures.
There is no CPU Execution Mode (user and kernel), and so errors in applications can
cause the whole system to crash.

Monolithic structure :

Functionality of the OS is invoked with simple function calls within the kernel, which is
one large program.
Device drivers are loaded into the running kernel and become part of the kernel.

Layered Approach:This approach breaks up the operating system into different layers.

This allows implementers to change the inner workings, and increases modularity.
As long as the external interface of the routines dont change, developers have more
freedom to change the inner workings of the routines.
With the layered approach, the bottom layer is the hardware, while the highest layer is
the user interface.
o The main advantage is simplicity of construction and debugging.
o The main difficulty is defining the various layers.
o The main disadvantage is that the OS tends to be less efficient than other
implementations.

In layered system program of O/S is defined as hierarchy of layers

Layer

function

The operator/user

user program

process manage

memory

device

Hardware

The major difficulty with layered approach is to appropriately define the layers. Because
a layer can use the services only of the lower level layers.
A final problem with layered implementation is that it tends to be less efficient than the
other types

Microkernel Structure:This structures the operating system by removing all nonessential portions of the kernel and
implementing them as system and user level programs.

Generally they provide minimal process and memory management, and a

communications facility.
Communication between components of the OS is provided by message passing.

The benefits of the microkernel are as follows:

Extending the operating system becomes much easier.

Any changes to the kernel tend to be fewer, since the kernel is smaller.
The microkernel also provides more security and reliability.

Main disadvantage is poor performance due to increased system overhead from message
passing.

 The organizing structure currently in vogue is the

microkernel OS.
Goal is minimize what goes in the kernel, and implement much of the OS as user-level
processes. This results in:
better reliability
ease of extension and customization
mediocre performance (unfortunately)
First microkernel system was Hydra (CMU, 1970)
Examples of microkernel systems are the CMU Mach system, Chorus (French Unix-like
system), and in some ways Microsoft NT/Windows.
Move as much functionality as possible from the kernel into user space.
Only a few essential functions in the kernel:
primitive memory management (address space)
I/O and interrupt management
Inter-Process Communication (IPC)
basic scheduling
Other OS services are provided by processes running in user mode (vertical servers):

 device drivers, file system, virtual memory

Benefits of Microkernel
Extensibility/Reliability
o
o
o
o
o

easier to extend a microkernel

easier to port the operating system to new architectures
more reliable (less code is running in kernel mode)
more secure
small microkernel can be rigorously tested.

Portability
o changes needed to port the system to a new processor is done in the
microkernel, not in the other services.
Modular Struture:-

Most modern operating systems implement kernel modules:

Uses object-oriented approach.
Each core component is separate.
Each talks to the others over known interfaces.
Each is loadable as needed within the kernel.
Overall, similar to layers but with more flexibility.

VIRTUAL MACHINE:-

A Virtual Machine (VM) takes the layered and microkernel approach to its logical
conclusion.
It treats hardware and the operating system kernel as though they were all hardware.
A virtual machine provides an interfaceidentical to the underlying bare hardware.
The operating system host creates the illusion that a process has its own processor and
(virtual memory).
Each guest provided with a (virtual) copy of underlying computer.
The resources of the physical computer are shared to create the virtual machines:
CPU scheduling can create the appearance that users have their own processor.
Spooling and a file system can provide virtual card readers and virtual line
printers.
A normal user time-sharing terminal serves as the virtual machine operators
console.

Advantages/Disadvantages
The VM concept provides complete protection of system resources since each virtual
machine is isolated from all other virtual machines. This isolation permits no direct
sharing of resources.

 A
VM
system
is
a
perfect
vehicle
for
OS
research
and development. System development is done on the virtual machine, instead of on a
physical machine and so does not disrupt normal system operation.
The VM concept is difficult to implement due to the effort required to provide an exact
duplicate to the underlying machine.
A virtual machine takes the layered approach to its logical conclusion. It treats
hardware and the operating system kernel as though they were all hardware. A
virtual machine provides an interface identical to theunderlying bare hardware. The
operating system creates the illusion
of multiple processes, each executing on its own processor with its own (virtual)
memory.
The resources of the physical computer are shared to create the virtual machines.

1. CPU scheduling can create the appearance that users have their own processor.

2. Spooling and a file system can provide virtual card readers and virtual line
printers.

3. A normal user time-sharing terminal serves as the virtual machine operators

console.

System Models

Non-virtual Machine Virtual Machine

Advantages/Disadvantages of Virtual Machines

The virtual-machine concept provides complete protection of system resources since
each virtual machine is isolated from all other virtual machines. This isolation,
however, permits no direct sharing of resources. A virtual-machine system is a

perfect vehicle for operating-systems research and development. System

development is done on the virtual machine, instead of on a physical machine and so
does not disrupt normal system operation. The virtual machine concept is difficult to
implement due to the effort required to provide an exact duplicate to theunderlying
machine.
Java Virtual Machine

Compiled Java programs are platform-neutral byte codes executed by a Java Virtual
Machine (JVM). JVM consists of

1. class loader

2. class verifier

3. runtime interpreter
Just-In-Time (JIT) compilers increase performance

Java Virtual Machine

Virtual Machines
The
concept
of
virtual
machines
is
closely
related
to
layering.
In a typical multi-user system, users are expected to know that the machine is shared by other
users, and that resources such as devices are shared between all the users.
In virtual machine operating systems an addition layer of abstraction is placed between the
users and the system so that it appears to the user that they are using a machine dedicated to
them.
Usually it is the case that a more powerful machine is used to host several virtual machines. For
example, the 80386 and later Intel CPUssupported virtual 8086 machines. Thus, an operating
system designed for the 80386 could actually run several copies of MS-DOS and appear to the
user
to
be
several
different
PCs
at
the
same
time.
Another example of a virtual machine system is the IBM 370 running the VM operating system.

This allowed users to work as if they had a dedicated (but smaller, less powerful) 370
completely at their disposal.
A virtual machine provides an interface identical to the underlying bare hardware.
The operating system creates the illusion of multiple processes, each executing on its
own processor with its own (virtual) memory.
A Virtual Machine is a software that creates a virtualized environment between the
computer platform and the end user in which the end user can operate software.
A virtual machine provides an interface identical to the underlying bare hardware.
The operating system creates the illusion of multiple processes, each executing on its
own processor with its own (virtual) memory.
Virtualization is an abstraction layer that decouples the physical hardware from the
operating system to deliver greater IT resource utilization and flexibility.
It allows multiple virtual machines, with heterogeneous operating systems to run in
isolation, side-by-side on the same physical machine.
The host software that provides virtualization is often referred to as a virtual machine
monitor (VMM) or hypervisor.
The VMM gives each virtual machine an illusion of a complete computer to itself.

Common Virtualisation used today

Run legacy software on non-legacy hardware
Run multiple operating systems on the same hardware
Create a manageable upgrade path
Manage outages (expected and unexpected) dynamically

Chapter 3- Process Management

DEFINITION
The term "process" was first used by the designers of the MULTICS in 1960's. Since then, the
term process, used somewhat interchangeably with 'task' or 'job'. The process has been given
many definitions for instance

A program in Execution.
An asynchronous activity.
The 'animated sprit' of a procedure in execution.
The entity to which processors are assigned.
The 'dispatchable' unit.

and many more definitions have given. As we can see from above that there is no universally
agreed upon definition, but the definition "Program in Execution" seem to be most frequently
used. And this is a concept are will use in the present study of operating systems.
Now that we agreed upon the definition of process, the question is what the relation between
process and program is. It is same but with different name or when this beast is sleeping (not
executing) it is called program and when it is executing becomes process. Well, to be very
precise. Process is not the same as program. In the following discussion we point out some of
the difference between process and program. As we have mentioned earlier.
Process is not the same as program. A process is more than a program code. A process is an
'active' entity as oppose to program which consider to be a 'passive' entity. As we all know that

a program is an algorithm expressed in some suitable notation, (e.g., programming language).

Being a passive, a program is only a part of process. Process, on the other hand, includes:

Current value of Program Counter (PC)

Contents of the processors registers
Value of the variables
The process stack (SP) which typically contains temporary data such as subroutine
parameter, return address, and temporary variables.
A data section that contains global variables.

A process is the unit of work in a system.

In Process model, all software on the computer is organized into a number of sequential
processes. A process includes PC, registers, and variables. Conceptually, each process has its
own virtual CPU. In reality, the CPU switches back and forth among processes. (The rapid
switching back and forth is called multiprogramming).

The process state consist of everything necessary to resume the process execution if it is
somehow put aside temporarily. The process state consists of at least following:

Code for the program.

Program's static data.
Program's dynamic data.
Program's procedure call stack.
Contents of general purpose registers.
Contents of program counter (PC)
Contents of program status word (PSW).
Operating Systems resource in use.

PROCESS OPERATIONS
PROCESS CREATION
In general-purpose systems, some way is needed to create processes as needed during
operation. There are four principal events led to processes creation.

System initialization.
Execution of a process Creation System calls by a running process.
A user request to create a new process.

Initialization of a batch job.

Foreground processes interact with users. Background processes that stay in

background sleeping but suddenly springing to life to handle activity such as
email, webpage, printing, and so on. Background processes are called daemons.
This call creates an exact clone of the calling process.
A process may create a new process by some create process such as
'fork'. It choose to does so, creating process is called parent process and the
created one is called the child processes. Only one parent is needed to create a
child process. This creation of process (processes) yields a hierarchical structure
of processes like one in the figure. Notice that each child has only one parent but
each parent may have many children. After the fork, the two processes, the
parent and the child, have the same memory image, the same environment
strings and the same open files. After a process is created, both the parent and
child have their own distinct address space. If either process changes a word in
its address space, the change is not visible to the other process.

<Following are some reasons for creation of a process

User logs on.

User starts a program.
Operating systems creates process to provide service, e.g., to manage printer.
Some program starts another process, e.g., Netscape calls xv to display a picture.

PROCESS TERMINATION
A process terminates when it finishes executing its last statement. Its resources are returned to
the system, it is purged from any system lists or tables, and its process control block (PCB) is
erased i.e., the PCB's memory space is returned to a free memory pool. The new process
terminates the existing process, usually due to following reasons:

Normal Exist Most processes terminates because they have done their job. This call is
exist in UNIX.
Error Exist When process discovers a fatal error. For example, a user tries to compile a
program that does not exist.
Fatal Error An error caused by process due to a bug in program for example, executing
an illegal instruction, referring non-existing memory or dividing by zero.
Killed by another Process A process executes a system call telling the Operating
Systems to terminate some other process. In UNIX, this call is kill. In some systems when
a process kills all processes it created are killed as well (UNIX does not work this way).

PROCESS STATES
A process goes through a series of discrete process states.

New State The process being created.

Terminated State The process has finished execution.
Blocked (waiting) State When a process blocks, it does so because logically it cannot
continue, typically because it is waiting for input that is not yet available. Formally, a
process is said to be blocked if it is waiting for some event to happen (such as an I/O
completion) before it can proceed. In this state a process is unable to run until some
external event happens.
Running State A process is said t be running if it currently has the CPU, that is, actually
using the CPU at that particular instant.
Ready State A process is said to be ready if it use a CPU if one were available. It is
runable but temporarily stopped to let another process run.

Logically, the 'Running' and 'Ready' states are similar. In both cases the process is willing to run,
only in the case of 'Ready' state, there is temporarily no CPU available for it. The 'Blocked' state
is different from the 'Running' and 'Ready' states in that the process cannot run, even if the CPU
is available.

PROCESS STATE TRANSITIONS

Following are six(6) possible transitions among above mentioned five (5) states
Transition 1 occurs when process discovers that it cannot continue. If running process initiates an I/O
operation before its allotted time expires, the running process voluntarily relinquishes the CPU.
This state transition is:
Block (process-name): Running Block.

Transition 2 occurs when the scheduler decides that the running process has run long
enough and it is time to let another process have CPU time.
This state transition is:
Time-Run-Out (process-name): Running Ready.

Transition 3 occurs when all other processes have had their share and it is time for the
first process to run again

This state transition is:

Dispatch (process-name): Ready Running.

Transition 4 occurs when the external event for which a process was waiting (such as
arrival of input) happens.
This state transition is:
Wakeup (process-name): Blocked Ready.

Transition 5 occurs when the process is created.

This state transition is:
Admitted (process-name): New Ready.

Transition 6 occurs when the process has finished execution.

This state transition is:
Exit (process-name): Running Terminated.

PROCESS CONTROL BLOCK

A process in an operating system is represented by a data structure known as a process control
block (PCB) or process descriptor. The PCB contains important information about the specific
process including

The current state of the process i.e., whether it is ready, running, waiting, or whatever.
Unique identification of the process in order to track "which is which" information.
A pointer to parent process.
Similarly, a pointer to child process (if it exists).
The priority of process (a part of CPU scheduling information).
Pointers to locate memory of processes.
A register save area.
The processor it is running on.

The PCB is a certain store that allows the operating systems to locate key information about a
process. Thus, the PCB is the data structure that defines a process to the operating systems.

Process Control block is used for storing the collection of information about the Processes and
this is also called as the Data Structure which Stores the information about the process. The
information of the Process is used by the CPU at the Run time. The various information which is
Stored into the PCB as followings:
1) Name of the Process.
2) State of the Process. Means Ready, Active, Wait.
3) Resources allocated to the Process
4) Memory which is provided to the Process.
5) Scheduling information.
6) Input and Output Devices used by the Process.
7) Process ID or a Identification Number which is given by the CPU when a Process Request
for a Service.

THREADS
Despite of the fact that a thread must execute in process, the process and its associated
threads are different concept. Processes are used to group resources together and threads are
the entities scheduled for execution on the CPU.
A thread is a single sequence stream within in a process. Because threads have some of the
properties of processes, they are sometimes called lightweight processes. In a process, threads
allow multiple executions of streams. In many respect, threads are popular way to improve
application through parallelism. The CPU switches rapidly back and forth among the threads
giving illusion that the threads are running in parallel. Like a traditional process i.e., process
with one thread, a thread can be in any of several states (Running, Blocked, Ready or
Terminated). Each thread has its own stack. Since thread will generally call different procedures
and thus a different execution history. This is why thread needs its own stack. An operating
system that has thread facility, the basic unit of CPU utilization is a thread. A thread has or
consists of a program counter (PC), a register set, and a stack space. Threads are not
independent of one other like processes as a result threads shares with other threads their
code section, data section, OS resources also known as task, such as open files and signals.
PROCESSES VS THREADS
As we mentioned earlier that in many respect threads operate in the same way as that of
processes. Some of the similarities and differences are:
Similarities

Like processes threads share CPU and only one thread active (running) at a time.
Like processes, threads within processes, threads within a processes execute
sequentially.
Like processes, thread can create children.
And like process, if one thread is blocked, another thread can run.

Differences

Unlike processes, threads are not independent of one another.

Unlike processes, all threads can access every address in the task .
Unlike processes, thread are design to assist one other. Note that processes might or
might not assist one another because processes may originate from different users.

WHY THREADS?

Following are some reasons why we use threads in designing operating systems.
1. A process with multiple threads make a great server for example printer server.
2. Because threads can share common data, they do not need to use interprocess
communication.
3. Because of the very nature, threads can take advantage of multiprocessors.
Threads are cheap in the sense that
1. They only need a stack and storage for registers therefore, threads are cheap to create.
2. Threads use very little resources of an operating system in which they are working. That
is, threads do not need new address space, global data, program code or operating
system resources.
3. Context switching are fast when working with threads. The reason is that we only have
to save and/or restore PC, SP and registers.
But this cheapness does not come free - the biggest drawback is that there is no protection
between threads.

USER-LEVEL THREADS
User-level threads implement in user-level libraries, rather than via systems calls, so thread
switching does not need to call operating system and to cause interrupt to the kernel. In fact,
the kernel knows nothing about user-level threads and manages them as if they were singlethreaded processes.
ADVANTAGES:
The most obvious advantage of this technique is that a user-level threads package can be
implemented on an Operating System that does not support threads. Some other advantages
are

User-level threads does not require modification to operating systems.

Simple Representation:
Each thread is represented simply by a PC, registers, stack and a small control block,
all stored in the user process address space.
Simple Management:
This simply means that creating a thread, switching between threads and
synchronization between threads can all be done without intervention of the kernel.
Fast and Efficient:
Thread switching is not much more expensive than a procedure call.

DISADVANTAGES:

There is a lack of coordination between threads and operating system kernel. Therefore,
process as whole gets one time slice irrespect of whether process has one thread or
1000 threads within. It is up to each thread to relinquish control to other threads.
User-level threads requires non-blocking systems call i.e., a multithreaded kernel.
Otherwise, entire process will blocked in the kernel, even if there are runable threads
left in the processes. For example, if one thread causes a page fault, the process blocks.

KERNEL-LEVEL THREADS
In this method, the kernel knows about and manages the threads. No runtime system is needed
in this case. Instead of thread table in each process, the kernel has a thread table that keeps
track of all threads in the system. In addition, the kernel also maintains the traditional process
table to keep track of processes. Operating Systems kernel provides system call to create and
manage threads.

ADVANTAGES:

Because kernel has full knowledge of all threads, Scheduler may decide to give more
time to a process having large number of threads than process having small number of
threads.
Kernel-level threads are especially good for applications that frequently block.

DISADVANTAGES:

The kernel-level threads are slow and inefficient. For instance, threads operations are
hundreds of times slower than that of user-level threads.
Since kernel must manage and schedule threads as well as processes. It require a full
thread control block (TCB) for each thread to maintain information about threads. As a
result there is significant overhead and increased in kernel complexity.

ADVANTAGES OF THREADS OVER MULTIPLE PROCESSES

Context Switching Threads are very inexpensive to create and destroy, and they are
inexpensive to represent. For example, they require space to store, the PC, the SP, and
the general-purpose registers, but they do not require space to share memory
information, Information about open files of I/O devices in use, etc. With so little
context, it is much faster to switch between threads. In other words, it is relatively
easier for a context switch using threads.

Sharing Treads allow the sharing of a lot resources that cannot be shared in process,
for example, sharing code section, data section, Operating System resources like open
file etc.

DISADVANTAGES OF THREADS OVER MULTIPROCESSES

Blocking The major disadvantage if that if the kernel is single threaded, a system call
of one thread will block the whole process and CPU may be idle during the blocking
period.
Security Since there is, an extensive sharing among threads there is a potential
problem of security. It is quite possible that one thread over writes the stack of another
thread (or damaged shared data) although it is very unlikely since threads are meant to
cooperate on a single task.

APPLICATION THAT BENEFITS FROM THREADS

A proxy server satisfying the requests for a number of computers on a LAN would be benefited
by a multi-threaded process. In general, any program that has to do more than one task at a
time could benefit from multitasking. For example, a program that reads input, process it, and
outputs could have three threads, one for each task.
APPLICATION THAT CANNOT BENEFIT FROM THREADS
Any sequential process that cannot be divided into parallel task will not benefit from thread, as
they would block until the previous one completes. For example, a program that displays the
time of the day would not benefit from multiple threads.
RESOURCES USED IN THREAD CREATION AND PROCESS CREATION

When a new thread is created it shares its code section, data section and operating system
resources like open files with other threads. But it is allocated its own stack, register set and a
program counter.

The creation of a new process differs from that of a thread mainly in the fact that all the shared
resources of a thread are needed explicitly for each process. So though two processes may be
running the same piece of code they need to have their own copy of the code in the main
memory to be able to run. Two processes also do not share other resources with each other.
This makes the creation of a new process very costly compared to that of a new thread.
CONTEXT SWITCH
To give each process on a multiprogrammed machine a fair share of the CPU, a hardware clock
generates interrupts periodically. This allows the operating system to schedule all processes in
main memory (using scheduling algorithm) to run on the CPU at equal intervals. Each time a
clock interrupt occurs, the interrupt handler checks how much time the current running process
has used. If it has used up its entire time slice, then the CPU scheduling algorithm (in kernel)
picks a different process to run. Each switch of the CPU from one process to another is called a
context switch.
MAJOR STEPS OF CONTEXT SWITCHING

The values of the CPU registers are saved in the process table of the process that was
running just before the clock interrupt occurred.
The registers are loaded from the process picked by the CPU scheduler to run next.

In a multiprogrammed uniprocessor computing system, context switches occur frequently

enough that all processes appear to be running concurrently. If a process has more than one
thread, the Operating System can use the context switching technique to schedule the threads
so they appear to execute in parallel. This is the case if threads are implemented at the kernel
level. Threads can also be implemented entirely at the user level in run-time libraries. Since in
this case no thread scheduling is provided by the Operating System, it is the responsibility of
the programmer to yield the CPU frequently enough in each thread so all threads in the process
can make progress.
ACTION OF KERNEL TO CONTEXT SWITCH AMONG THREADS
The threads share a lot of resources with other peer threads belonging to the same process. So
a context switch among threads for the same process is easy. It involves switch of register set,
the program counter and the stack. It is relatively easy for the kernel to accomplished this task.
ACTION OF KERNEL TO CONTEXT SWITCH AMONG PROCESSES
Context switches among processes are expensive. Before a process can be switched its process
control block (PCB) must be saved by the operating system. The PCB consists of the following
information:

The process state.

The program counter, PC.

The values of the different registers.
The CPU scheduling information for the process.
Memory management information regarding the process.
Possible accounting information for this process.
I/O status information of the process.

When the PCB of the currently executing process is saved the operating system loads the PCB of
the next process that has to be run on CPU. This is a heavy task and it takes a lot of time.
Drawback of this scheme is that the average time is often quite long.
The First-Come-First-Served algorithm is rarely used as a master scheme in modern operating
systems but it is often embedded within other schemes.
Example

Jobs are executed on first come, first serve basis.

Easy to understand and implement.

Poor in performance as average wait time is high.

Wait time of each process is following

Process Wait Time : Service Time - Arrival Time

P0

0-0=0

P1

5-1=4

P2

8-2=6

P3

16 - 3 = 13

Average Wait Time: (0+4+6+13) / 4 = 5.55

Shortest Job First (SJF)
Other name of this algorithm is Shortest-Process-Next (SPN).
Shortest-Job-First (SJF) is a non-preemptive discipline in which waiting job (or process) with the
smallest estimated run-time-to-completion is run next. In other words, when CPU is available, it
is assigned to the process that has smallest next CPU burst.
The SJF scheduling is especially appropriate for batch jobs for which the run times are known in
advance. Since the SJF scheduling algorithm gives the minimum average time for a given set of
processes, it is probably optimal.
The SJF algorithm favors short jobs (or processors) at the expense of longer ones.
The obvious problem with SJF scheme is that it requires precise knowledge of how long a job or
process will run, and this information is not usually available.
The best SJF algorithm can do is to rely on user estimates of run times.
In the production environment where the same jobs run regularly, it may be possible to
provide reasonable estimate of run time, based on the past performance of the process.
But in the development environment users rarely know how their program will execute.
Like FCFS, SJF is non preemptive therefore, it is not useful in timesharing environment in which
reasonable response time must be guaranteed.

Best approach to minimize waiting time.

Impossible to implement

Processer should know in advance how much time process will take.

Wait time of each process is following

Process Wait Time : Service Time - Arrival Time
P0

3-0=3

P1

0-0=0

P2

16 - 2 = 14

P3

8-3=5

Average Wait Time: (3+0+14+5) / 4 = 5.50

Shortest Remaining Time :- The SRT is the preemtive counterpart of SJF and useful in
time-sharing environment.

In SRT scheduling, the process with the smallest estimated run-time to completion is run
next, including new arrivals.
In SJF scheme, once a job begin executing, it run to completion.
In SJF scheme, a running process may be preempted by a new arrival process with
shortest estimated run-time.
The algorithm SRT has higher overhead than its counterpart SJF.
The SRT must keep track of the elapsed time of the running process and must handle
occasional preemptions.
In this scheme, arrival of small processes will run almost immediately. However, longer
jobs have even longer mean waiting time.

Example :-

Priority Based Scheduling

Priority Scheduling: The basic idea is straightforward: each process is assigned a priority, and
priority is allowed to run. Equal-Priority processes are scheduled in FCFS order. The shortestJob-First (SJF) algorithm is a special case of general priority scheduling algorithm.
An SJF algorithm is simply a priority algorithm where the priority is the inverse of the
(predicted) next CPU burst. That is, the longer the CPU burst, the lower the priority and vice
versa.
Priority can be defined either internally or externally. Internally defined priorities use some
measurable quantities or qualities to compute priority of a process.
Examples of Internal priorities are

Time limits.
Memory requirements.
File requirements,
for example, number of open files.
CPU Vs I/O requirements.

Externally defined priorities are set by criteria that are external to operating system such as

The importance of process.

Type or amount of funds being paid for computer use.
The department sponsoring the work.
Politics.

Priority scheduling can be either preemptive or non preemptive

A preemptive priority algorithm will preemptive the CPU if the priority of the newly
arrival process is higher than the priority of the currently running process.
A non-preemptive priority algorithm will simply put the new process at the head of the
ready queue.

A major problem with priority scheduling is indefinite blocking or starvation. A solution to the
problem of indefinite blockage of the low-priority process is aging. Aging is a technique of
gradually increasing the priority of processes that wait in the system for a long period of time.

Each process is assigned a priority. Process with highest priority is to be executed first
and so on.

Processes with same priority are executed on first come first serve basis.

Priority can be decided based on memory requirements, time requirements or any other
resource requirement.

Wait time of each process is following

Process Wait Time : Service Time - Arrival Time

P0

0-0=0

P1

3-1=2

P2

8-2=6

P3

16 - 3 = 13

Average Wait Time: (0+2+6+13) / 4 = 5.25

Round Robin Scheduling
Round Robin Scheduling ; One of the oldest, simplest, fairest and most widely used algorithm is
round robin (RR).
In the round robin scheduling, processes are dispatched in a FIFO manner but are given a
limited amount of CPU time called a time-slice or a quantum.
If a process does not complete before its CPU-time expires, the CPU is preempted and given to
the next process waiting in a queue. The preempted process is then placed at the back of the
ready list.
Round Robin Scheduling is preemptive (at the end of time-slice) therefore it is effective in timesharing environments in which the system needs to guarantee reasonable response times for
interactive users.
The only interesting issue with round robin scheme is the length of the quantum. Setting the
quantum too short causes too many context switches and lower the CPU efficiency. On the
other hand, setting the quantum too long may cause poor response time and appoximates
FCFS.
In any event, the average waiting time under round robin scheduling is often quite long.
Example

Each process is provided a fix time to execute called quantum.

Once a process is executed for given time period. Process is preempted and other
process executes for given time period.

Context switching is used to save states of preempted processes.

Wait time of each process is following

Process Wait Time : Service Time - Arrival Time
P0

(0-0) + (12-3) = 9

P1

(3-1) = 2

P2

6-2) + (15-9) = 10

P3

(9-3) + (18-12) = 12

Average Wait Time: (9+2+10+12) / 4 = 8.25

Multilevel Queue Scheduling

Multiple queues are maintained for processes.

Each queue can have its own scheduling algorithms.

Priorities are assigned to each queue.

Multilevel feedback queue-scheduling algorithm allows a process to move between queues. It

uses many ready queues and associate a different priority with each queue.

The Algorithm chooses to process with highest priority from the occupied queue and run that
process either preemptively or unpreemptively. If the process uses too much CPU time it will
moved to a lower-priority queue. Similarly, a process that wait too long in the lower-priority
queue may be moved to a higher-priority queue may be moved to a highest-priority queue.
Note that this form of aging prevents starvation.
Example:

A process entering the ready queue is placed in queue 0.

If it does not finish within 8 milliseconds time, it is moved to the tail of queue 1.
If it does not complete, it is preempted and placed into queue 2.
Processes in queue 2 run on a FCFS basis, only when queue 2 run on a FCFS basis, only
when queue 0 and queue 1 are empty.`

Interprocess Communication
-

Exchange of data between two or more separate, independent processes/threads.

Operating systems provide facilities/resources for inter-process communications (IPC),
such as message queues, semaphores, and shared memory.
Distributed computing systems make use of these facilities/resources to provide
application programming interface (API) which allows IPC to be programmed at a higher
level of abstraction. (e.g., send and receive)
Distributed computing requires information to be exchanged among independent
processes.
In distributed computing, two or more processes engage in IPC using a protocol agreed
upon by the processes. A process may be a sender at some points during a protocol, a
receiver at other points.
When a number of processes are running at the same time in a system, it is essential
that they be able to talk to each other in a mannered way. Many times, a process
cannot continue until another process does some action. The structured form of
communication between these processes is what's known as InterProcess
Communication (IPC).
As Tanenbaum puts it, there are three points of importance in IPC:
1. Processes must be able to pass information to one another.
2. Two or more processes must not get into each other's way when engaging in critical
activities.
3. When one process depends on another, there must be proper sequencing.
As an example to the third point, if process A produces data and process B prints them,
then B must wait until A has produced data before it starts printing.Processes are
programs in execution.
RULES OR FIPC

It is important to make note of the four rules of IPC:

1. Safety/mutual exclusion: No two processes may be simultaneously inside their critical
regions.
2. Liveness/progress: No process running outside its critical region may block other processes.
3. Contention: If two processes enter a critical region, the conflict should be resolved in favor of
one.
4. Fairness/deadlock: No process should have to wait for an unfair amount of time or forever to
enter its critical region.

SOLUTION TO MUTUAL EXCLUSION PROBLEM

Mutual exclusion is one of the four rules of IPC and must be enforced in order for an Operating
System and its kernel to be stable and reliable. The following are software solutions that have
been thought up throughout the years. The first set can be classified as busy waiting methods,
whilst the second set as blocking. A comparison is made between the two approaches here and
the point is made as to why semaphores are the most widely used solution.
As an introduction though, imagine what would happen if mutual exclusion was not
enforced. Let us take the example of a print spooler which stores the file names of documents
that are waiting in line to be printed. The spooler has a shared variable out, which stores the
document that is next in line to be printed and a shared variable in, which stores the next free
slot. Therefore, the document in out is the one that goes to the printer and the last document
that the user requests to print is stored in in.
Let us assume that out has the value 4 and in has the value 7. A process, process A, wants to
print a document so it reads in 7 from in and stores it locally. Before it has a chance to update
in to 8, the CPU decides that the process has had its share of processing time and deschedules
it. Process B now runs and it too wants to send a document for printing, so it reads 7 from in,
stores it locally and then updates the shared variable in it to 8. After its time is up, process B is
descheduled and process A carries on from where it left off. It looks at its local variable for
what the next free slot is and finds a 7. So it proceeds to update the shared variable in to 8
(7+1), replacing the filename that was there with its own.
As can be seen from this example, the spooler is still consistent and as far as it can tell all is
well, however, what has happened is that two print requests were carried out, but only one
process will get its document printed and the other will not. What is important to note is that
there should be a method of restricting shared variables like out and in so that if one process is
working with either, other processes must not be able to also interact with them.
Busy waiting
|_ Shared Flag (a.k.a. Lock)
|_ Shared Token (a.k.a. Strict Alternation)
|_ Pair of Flags (a)
|_ Pair of Flags (b)
|_ Dekker's Algorithm: 2 Shared Flags and Token
|_ Peterson's Algorithm: 2 Shared Flags and Token
Blocking
|_Sleep and Wakeup
|_Semaphores

TYPES OF INTER-PROCESS COMMUNICATION

Unicast
Multicast
When communication is from one process to a single other process, the IPC is said to be a
unicast, e.g.,Socket communication. When communication is from one process to a group of
processes, the IPC is said to be a multicast, e.g., Publish/Subscribe Message model
In distributed computing, two or more processes engage in IPC using a protocol agreed
upon by the processes. A process may be a sender at some points during a protocol, a
receiver at other points.
When communication is from one process to a single other process, the IPC is said to be a
unicast, e.g.,Socket communication. When communication is from one process to a group of
processes, the IPC is said to be a multicast, e.g., Publish/Subscribe Message model

SYNCHRONOUS VS ASYNCHRONOUS
The send, receive, and reply operations may be synchronous or asynchronous. A synchronous
operation blocks a process till the operation completes. An asynchronous operation is nonblocking and only initiates the operation. The caller could discover completion by some other
mechanism discussed later. (Does it make sense to have an asynchronous RPC send?)
The notion of synchronous operations requires an understanding of what it means for an
operation to complete. In the case of remote assignment, both the send and receive complete
when the message has been delivered to the receiver. In the case of remote procedure call, the
send, receive, and reply complete when the result has been delivered to the sender, assuming

there is a return value. Otherwise, the send and receive complete when the procedure finishes
execution. During the time the procedure is executing, the sender and receiver are in a
rendezvous, as mentioned before.
Note that synchronous/asynchronous implies blocking/not blocking but not vice versa, that is,
not every blocking operation is synchronous and not every non blocking operation is
asynchronous. For instance, a send that blocks till the receiver machine has received the
message is blocking but not synchronous since the receiver process may not have received it.
Similarly, we will see later a Xinu receive that is non-blocking but is not asynchronous. These
definitions of synchronous/asynchronous operations are similar but not identical to the ones
given in your text books, which tend to equate synchronous with blocking.
Asynchronous message passing allows more parallelism. Since a process does not block, it can
do some computation while the message is in transit. In the case of receive, this means a
process can express its interest in receving messages on multiple ports simultaneously. (The
select primitive discussed later provides this facility for synchronous receives). In a synchronous
system, such parallelism can be achieved by forking a separate process for each concurrent
operation, but this approach incurs the cost of extra process management. This cost is typically
bearable with lwps but not hwps.
Asynchronous message passing introduces several problems. What happens if a message
cannot be delivered? The sender may never wait for delivery of the message, and thus never
hear about the error. Similarly, a mechanism is needed to notify an asynchronous receiver that
a message has arrived. The operation invoker could learn about completion/errors by polling,
getting a software interrupt, or by waiting explicitly for completion later using a special
sycnhronous wait call. An asynchronous operation needs to return a call/transaction id if the
application needs to be later notified about the operation. At notification time, this id would be
placed in some global location or passed as an argument to a handler or wait call.
Another problem related to asynchronous message passing has to do with buffering. If
messages sent asynchronously are buffered in a space managed by the OS, then a process may
fill this space by flooding the system with a large number of messages.

Since processes frequently needs to communicate with other processes therefore, there is a
need for a wel-structured communication, without using interrupts, among processes.

RACE CONDITIONS
In operating systems, processes that are working together share some common storage (main
memory, file etc.) that each process can read and write. When two or more processes are
reading or writing some shared data and the final result depends on who runs precisely when,
are called race conditions. Concurrently executing threads that share data need to synchronize
their operations and processing in order to avoid race condition on shared data. Only one
customer thread at a time should be allowed to examine and update the shared variable.
Race conditions are also possible in Operating Systems. If the ready queue is implemented as a
linked list and if the ready queue is being manipulated during the handling of an interrupt, then
interrupts must be disabled to prevent another interrupt before the first one completes. If
interrupts are not disabled than the linked list could become corrupt.

Critical Section
How to avoid race conditions?

The key to preventing trouble involving shared storage is find some way to prohibit more than
one process from reading and writing the shared data simultaneously. That part of the program
where the shared memory is accessed is called the Critical Section. To avoid race conditions and
flawed results, one must identify codes in Critical Sections in each thread. The characteristic
properties of the code that form a Critical Section are

Codes that reference one or more variables in a read-update-write fashion while any
of those variables is possibly being altered by another thread.
Codes that alter one or more variables that are possibly being referenced in readupdata-write fashion by another thread.
Codes use a data structure while any part of it is possibly being altered by another
thread.
Codes alter any part of a data structure while it is possibly in use by another thread.

Here, the important point is that when one process is executing shared modifiable data in its
critical section, no other process is to be allowed to execute in its critical section. Thus, the
execution of critical sections by the processes is mutually exclusive in time.

MUTUAL EXCLUSION

A way of making sure that if one process is using a shared modifiable data, the
other processes will be excluded from doing the same thing.
Formally, while one process executes the shared variable, all other processes desiring to do so
at the same time moment should be kept waiting; when that process has finished executing the
shared variable, one of the processes waiting; while that process has finished executing the
shared variable, one of the processes waiting to do so should be allowed to proceed. In this
fashion, each process executing the shared data (variables) excludes all others from doing so
simultaneously. This is called Mutual Exclusion.
Note that mutual exclusion needs to be enforced only when processes access shared modifiable
data - when processes are performing operations that do not conflict with one another they
should be allowed to proceed concurrently.

MUTUAL EXCLUSION CONDITIONS

If we could arrange matters such that no two processes were ever in their critical sections
simultaneously, we could avoid race conditions. We need four conditions to hold to have a
good solution for the critical section problem (mutual exclusion).

No two processes may at the same moment inside their critical sections.
No assumptions are made about relative speeds of processes or number of CPUs.
No process should outside its critical section should block other processes.

No process should wait arbitrary long to enter its critical section.

PROPOSALS FOR ACHIEVING MUTUAL EXCLUSION

The mutual exclusion problem is to devise a pre-protocol (or entry protocol) and a postprotocol (or exist protocol) to keep two or more threads from being in their critical sections at
the same time. Tanenbaum examine proposals for critical-section problem or mutual exclusion
problem.
Problem
When one process is updating shared modifiable data in its critical section, no other process
should allowed to enter in its critical section.

Proposal 1 -Disabling Interrupts (Hardware Solution)

Each process disables all interrupts just after entering in its critical section and re-enable all
interrupts just before leaving critical section. With interrupts turned off the CPU could not be
switched to other process. Hence, no other process will enter its critical and mutual exclusion
achieved.
Conclusion
Disabling interrupts is sometimes a useful interrupts is sometimes a useful technique within the
kernel of an operating system, but it is not appropriate as a general mutual exclusion
mechanism for users process. The reason is that it is unwise to give user process the power to
turn off interrupts.
Proposal 2 - Lock Variable (Software Solution)
In this solution, we consider a single, shared, (lock) variable, initially 0. When a process wants to
enter in its critical section, it first test the lock. If lock is 0, the process first sets it to 1 and then
enters the critical section. If the lock is already 1, the process just waits until (lock) variable
becomes 0. Thus, a 0 means that no process in its critical section, and 1 means hold your horses
- some process is in its critical section.

CONCLUSION
The flaw in this proposal can be best explained by example. Suppose process A sees that the
lock is 0. Before it can set the lock to 1 another process B is scheduled, runs, and sets the lock to
1. When the process A runs again, it will also set the lock to 1, and two processes will be in their
critical section simultaneously.

Proposal 3 - Strict Alteration

In this proposed solution, the integer variable 'turn' keeps track of whose turn is to enter the
critical section. Initially, process A inspects turn, finds it to be 0, and enters in its critical section.
Process B also finds it to be 0 and sits in a loop continually testing 'turn' to see when it becomes
1.Continuously testing a variable waiting for some value to appear is called the Busy-Waiting.
CONCLUSION
Taking turns is not a good idea when one of the processes is much slower than the other.
Suppose process 0 finishes its critical section quickly, so both processes are now in their
noncritical section. This situation violates above mentioned condition 3.
Using Systems calls 'sleep' and 'wakeup'
Basically, what above mentioned solution do is this: when a processes wants to enter in its
critical section , it checks to see if then entry is allowed. If it is not, the process goes into tight
loop and waits (i.e., start busy waiting) until it is allowed to enter. This approach waste CPUtime.
Now look at some interprocess communication primitives is the pair of steep-wakeup.

Sleep
It is a system call that causes the caller to block, that is, be suspended until some
other process wakes it up.
Wakeup
o It is a system call that wakes up the process.
o

Both 'sleep' and 'wakeup' system calls have one parameter that represents a memory address
used to match up 'sleeps' and 'wakeups' .

THE BOUNDED BUFFER PRODUCERS AND CONSUMERS

The bounded buffer producers and consumers assumes that there is a fixed buffer size i.e., a
finite numbers of slots are available.
STATEMENT
To suspend the producers when the buffer is full, to suspend the consumers when the buffer is
empty, and to make sure that only one process at a time manipulates a buffer so there are no
race conditions or lost updates.
As an example how sleep-wakeup system calls are used, consider the producer-consumer
problem also known as bounded buffer problem.
Two processes share a common, fixed-size (bounded) buffer. The producer puts information
into the buffer and the consumer takes information out.
Trouble arises when
1. The producer wants to put a new data in the buffer, but buffer is already full.
Solution: Producer goes to sleep and to be awakened when the consumer has removed
data.
2. The consumer wants to remove data the buffer but buffer is already empty.
Solution: Consumer goes to sleep until the producer puts some data in buffer and wakes
consumer up.
CONCLUSION
This approaches also leads to same race conditions we have seen in earlier approaches. Race
condition can occur due to the fact that access to 'count' is unconstrained. The essence of the
problem is that a wakeup call, sent to a process that is not sleeping, is lost.
Semaphores

E.W. Dijkstra (1965) abstracted the key notion of mutual exclusion in his concepts of
semaphores.
Definition
A semaphore is a protected variable whose value can be accessed and altered only by the
operations P and V and initialization operation called 'Semaphoiinitislize'.

Semaphores are often used to restrict the number of threads than can access some (physical or
logical) resource.

Semaphores are devices used to help with synchronization. If multiple processes share a
common resource, they need a way to be able to use that resource without disrupting each
other. You want each process to be able to read from and write to that resource uninterrupted.

A semaphore will either allow or disallow access to the resource, depending on how it is set
up. One example setup would be a semaphore which allowed any number of processes to read
from the resource, but only one could ever be in the process of writing to that resource at a
time.
Semaphores are commonly use for two purposes: to share a common memory space and to
share access to files. Semaphores are one of the techniques for interprocess communication
(IPC). The C programming language provides a set of interfaces or "functions" for managing
semaphores.
Binary Semaphores can assume only the value 0 or the value 1 counting semaphores also called
general semaphores can assume only nonnegative values.
The P (or wait or sleep or down) operation on semaphores S, written as P(S) or wait (S),
operates as follows:
P(S): IF S > 0
THEN S := S - 1
ELSE (wait on S)
The V (or signal or wakeup or up) operation on semaphore S, written as V(S) or signal (S),
operates as follows:
V(S): IF (one or more process are waiting on S)
THEN (let one of these processes proceed)
ELSE S := S +1
Operations P and V are done as single, indivisible, atomic action. It is guaranteed that once a
semaphore operations has stared, no other process can access the semaphore until operation
has completed. Mutual exclusion on the semaphore, S, is enforced within P(S) and V(S).

If several processes attempt a P(S) simultaneously, only process will be allowed to proceed. The
other processes will be kept waiting, but the implementation of P and V guarantees that
processes will not suffer indefinite postponement.
Semaphores solve the lost-wakeup problem.
PRODUCER-CONSUMER PROBLEM USING SEMAPHORES
The Solution to producer-consumer problem uses three semaphores, namely, full, empty and
mutex.
The semaphore 'full' is used for counting the number of slots in the buffer that are full. The
'empty' for counting the number of slots that are empty and semaphore 'mutex' to make sure
that the producer and consumer do not access modifiable shared section of the buffer
simultaneously.
INITIALIZATION

Set full buffer slots to 0.

i.e., semaphore Full = 0.
Set empty buffer slots to N.
i.e., semaphore empty = N.
For control access to critical section set mutex to 1.
i.e., semaphore mutex = 1.

Producer ( )
WHILE (true)
produce-Item ( );
P (empty);
P (mutex);
enter-Item ( )
V (mutex)
V (full);
Consumer ( )
WHILE (true)
P (full)
P (mutex);
remove-Item ( );
V (mutex);
V (empty);
consume-Item (Item)

Deadlock

A set of process is in a deadlock state if each process in the set is waiting for an event that can
be caused by only another process in the set. In other words, each member of the set of
deadlock processes is waiting for a resource that can be released only by a deadlock process.
None of the processes can run, none of them can release any resources, and none of them can
be awakened. It is important to note that the number of processes and the number and kind of
resources possessed and requested are unimportant.
The resources may be either physical or logical. Examples of physical resources are Printers,
Tape Drivers, Memory Space, and CPU Cycles. Examples of logical resources are Files,
Semaphores, and Monitors.
The simplest example of deadlock is where process 1 has been allocated non-shareable
resources A, say, a tap drive, and process 2 has be allocated non-sharable resource B, say, a
printer. Now, if it turns out that process 1 needs resource B (printer) to proceed and process 2
needs resource A (the tape drive) to proceed and these are the only two processes in the
system, each is blocked the other and all useful work in the system stops. This situation ifs
termed deadlock. The system is in deadlock state because each process holds a resource being
requested by the other process neither process is willing to release the resource it holds.
PREEMPTABLE AND NONPREEMPTABLE RESOURCES
Resources come in two flavors: preemptable and nonpreemptable. A preemptable resource is
one that can be taken away from the process with no ill effects. Memory is an example of a
preemptable resource. On the other hand, a nonpreemptable resource is one that cannot be
taken away from process (without causing ill effect). For example, CD resources are not
preemptable at an arbitrary moment.
Reallocating resources can resolve deadlocks that involve preemptable resources. Deadlocks
that involve nonpreemptable resources are difficult to deal with.
The Deadlock Problem
A set of blocked processes each holding aresource and waiting to acquire a resource
held by another process in the set.
Example 1
System has 2 tape drives. P1 and P2 each hold one tape
drive and each needs the other one.
Example 2
Semaphores A and B each initialized to 1
P0 P1
wait(A) wait(B)

wait(B) wait(A)
A process is deadlocked if it is waiting for an
event that will never occur.
Typically, more than one process will be involved in a
deadlock (the deadly embrace).
A process is indefinitely postponed if it is
delayed repeatedly over a long period of time
while the attention of the system is given to
other processes,
i.e. the process is ready to proceed but never gets the CPU

NECESSARY AND SUFFICIENT DEADLOCK CONDITIONS

Coffman (1971) identified four (4) conditions that must hold simultaneously for there to be a
deadlock.
1. MUTUAL EXCLUSION CONDITION
The resources involved are non-shareable.
Explanation: At least one resource (thread) must be held in a non-shareable mode, that is, only
one process at a time claims exclusive control of the resource. If another process requests that
resource, the requesting process must be delayed until the resource has been released.
2. HOLD AND WAIT CONDITION
Requesting process hold already, resources while waiting for requested resources.
Explanation: There must exist a process that is holding a resource already allocated to it while
waiting for additional resource that are currently being held by other processes.
3. NO-PREEMPTIVE CONDITION
Resources already allocated to a process cannot be preempted.
Explanation: Resources cannot be removed from the processes are used to completion or
released voluntarily by the process holding it.

4. CIRCULAR WAIT CONDITION

The processes in the system form a circular list or chain where each process in the list is
waiting for a resource held by the next process in the list.
As an example, consider the traffic deadlock in the following figure

Consider each section of the street as a resource.

1. Mutual exclusion condition applies, since only one vehicle can be on a section of the
street at a time.
2. Hold-and-wait condition applies, since each vehicle is occupying a section of the street,
and waiting to move on to the next section of the street.
3. No-preemptive condition applies, since a section of the street that is a section of the
street that is occupied by a vehicle cannot be taken away from it.
4. Circular wait condition applies, since each vehicle is waiting on the next vehicle to move.
That is, each vehicle in the traffic is waiting for a section of street held by the next
vehicle in the traffic.
The simple rule to avoid traffic deadlock is that a vehicle should only enter an intersection if it is
assured that it will not have to stop inside the intersection.
It is not possible to have a deadlock involving only one single process. The deadlock involves a
circular hold-and-wait condition between two or more processes, so one process cannot
hold a resource, yet be waiting for another resource that it is holding. In addition, deadlock is
not possible between two threads in a process, because it is the process that holds resources,
not the thread that is, each thread has access to the resources held by the process.
Methods for handling
deadlocks
Ensure that the system will never enter a
deadlock state.

Allow the system to potentially enter a

deadlock state, detect it and then recover
Ignore the problem and pretend that
deadlocks never occur in the system;
Used by many operating systems, e.g. UNIX
In general, there are four strategies of dealing with deadlock problem:
1. The Ostrich Approach
Just ignore the deadlock problem altogether.
2. Deadlock Detection and Recovery
Detect deadlock and, when it occurs, take steps to recover.
3. Deadlock Avoidance
Avoid deadlock by careful resource scheduling.
4. Deadlock Prevention
Prevent deadlock by resource scheduling so as to negate at least one of the four
conditions.
Now we consider each strategy in order of decreasing severity.

DEADLOCK PREVENTION

Havender in his pioneering work showed that since all four of the conditions are necessary for
deadlock to occur, it follows that deadlock might be prevented by denying any one of the
conditions.
Elimination of Mutual Exclusion Condition The mutual exclusion condition must hold
for non-sharable resources. That is, several processes cannot simultaneously share a
single resource. This condition is difficult to eliminate because some resources, such as
the tap drive and printer, are inherently non-shareable. Note that shareable resources like
read-only-file do not require mutually exclusive access and thus cannot be involved in
deadlock.
Elimination of Hold and Wait Condition There are two possibilities for elimination of
the second condition. The first alternative is that a process request be granted all of the
resources it needs at once, prior to execution. The second alternative is to disallow a
process from requesting resources whenever it has previously allocated resources. This
strategy requires that all of the resources a process will need must be requested at once.
The system must grant resources on all or none basis. If the complete set of resources
needed by a process is not currently available, then the process must wait until the

complete set is available. While the process waits, however, it may not hold any
resources. Thus the wait for condition is denied and deadlocks simply cannot occur.
This strategy can lead to serious waste of resources. For example, a program requiring ten
tap drives must request and receive all ten derives before it begins executing. If the
program needs only one tap drive to begin execution and then does not need the
remaining tap drives for several hours. Then substantial computer resources (9 tape
drives) will sit idle for several hours. This strategy can cause indefinite postponement
(starvation). Since not all the required resources may become available at once.
Elimination of No-preemption Condition The nonpreemption condition can be alleviated by forcing a
process waiting for a resource that cannot immediately be allocated to relinquish all of its currently held
resources, so that other processes may use them to finish. Suppose a system does allow processes to
hold resources while requesting additional resources. Consider what happens when a request cannot be
satisfied. A process holds resources a second process may need in order to proceed while second
process may hold the resources needed by the first process. This is a deadlock. This strategy require that
when a process that is holding some resources is denied a request for additional resources. The process
must release its held resources and, if necessary, request them again together with additional resources.
Implementation of this strategy denies the no-preemptive condition effectively.

High Cost When a process release resources the process may lose all its work to that point.
One serious consequence of this strategy is the possibility of indefinite postponement
(starvation). A process might be held off indefinitely as it repeatedly requests and releases the
same resources.
Elimination of Circular Wait Condition The last condition, the circular wait, can be denied by imposing
a total ordering on all of the resource types and than forcing, all processes to request the resources in
order (increasing or decreasing). This strategy impose a total ordering of all resources types, and to
require that each process requests resources in a numerical order (increasing or decreasing) of
enumeration. With this rule, the resource allocation graph can never have a cycle.
For example, provide a global numbering of all the resources, as shown

Card reader

Printer

Plotter

Tape drive

Card punch

Now the rule is this: processes can request resources whenever they want to, but all
requests must be made in numerical order. A process may request first printer and then
a tape drive (order: 2, 4), but it may not request first a plotter and then a printer (order:

3, 2). The problem with this strategy is that it may be impossible to find an ordering that
satisfies everyone.

DEADLOCK AVOIDANCE

This approach to the deadlock problem anticipates deadlock before it actually occurs. This
approach employs an algorithm to access the possibility that deadlock could occur and acting
accordingly. This method differs from deadlock prevention, which guarantees that deadlock
cannot occur by denying one of the necessary conditions of deadlock.
If the necessary conditions for a deadlock are in place, it is still possible to avoid deadlock by
being careful when resources are allocated. Perhaps the most famous deadlock avoidance
algorithm, due to Dijkstra *1965+, is the Bankers algorithm. So named because the process is
analogous to that used by a banker in deciding if a loan can be safely made.

Bankers Algorithm
In this analogy
Customers

processes

Units

resources,
tape drive

Banker

Operating System

say,

CustomersUsed

Max

A
B
C
D

6
5
4
7

0
0
0
0

Available Units
= 10

Fig. 1
In the above figure, we see four customers each of whom has been granted a number of credit
nits. The banker reserved only 10 units rather than 22 units to service them. At certain
moment, the situation becomes
CustomersUsed

Max

A
B
C
D

6
5
4
7

1
1
2
4

Available Units
=2

Fig. 2

Safe State The key to a state being safe is that there is at least one way for all users to finish.
In other analogy, the state of figure 2 is safe because with 2 units left, the banker can delay any
request except C's, thus letting C finish and release all four resources. With four units in hand,
the banker can let either D or B have the necessary units and so on.
Unsafe State Consider what would happen if a request from B for one more unit were
granted in above figure 2.
We would have following situation
Customers Used

Max

A
B
C
D

6
5
4
7

1
2
2
4

Fig. 3

Available Units
=1

This is an unsafe state.

If all the customers namely A, B, C, and D asked for their maximum loans, then banker could not
satisfy any of them and we would have a deadlock.
Important Note: It is important to note that an unsafe state does not imply the existence or
even the eventual existence a deadlock. What an unsafe state does imply is simply that some
unfortunate sequence of events might lead to a deadlock.
The Banker's algorithm is thus to consider each request as it occurs, and see if granting it leads
to a safe state. If it does, the request is granted, otherwise, it postponed until later. Haberman
[1969] has shown that executing of the algorithm has complexity proportional to N2 where N is
the number of processes and since the algorithm is executed each time a resource request
occurs, the overhead is significant.

DEADLOCK DETECTION

Deadlock detection is the process of actually determining that a deadlock exists and identifying
the
processes
and
resources
involved
in
the
deadlock.
The basic idea is to check allocation against resource availability for all possible allocation
sequences to determine if the system is in deadlocked state a. Of course, the deadlock
detection algorithm is only half of this strategy. Once a deadlock is detected, there needs to be
a way to recover several alternatives exists:

Temporarily prevent resources from deadlocked processes.

Back off a process to some check point allowing preemption of a needed resource and
restarting the process at the checkpoint later.
Successively kill processes until the system is deadlock free.

These methods are expensive in the sense that each iteration calls the detection algorithm until
the system proves to be deadlock free. The complexity of algorithm is O(N2) where N is the
number of proceeds. Another potential problem is starvation; same process killed repeatedly.

CHAPTER 4- MEMORY MANAGEMENT

Memory management is the functionality of an operating system which handles or
manages primary memory. Memory management keeps track of each and every memory
location either it is allocated to some process or it is free. It checks how much memory is to be
allocated to processes. It decides which process will get memory at what time. It tracks
whenever some memory gets freed or unallocated and correspondingly it updates the status.
Memory management provides protection by using two registers, a base register and a limit
register. The base register holds the smallest legal physical memory address and the limit
register specifies the size of the range. For example, if the base register holds 300000 and the
limit register is 1209000, then the program can legally access all addresses from 300000
through 411999.

Instructions and data to memory addresses can be done in following ways

Compile time -- When it is known at compile time where the process will reside,
compile time binding is used to generate the absolute code.

Load time -- When it is not known at compile time where the process will reside in
memory, then the compiler generates re-locatable code.

Execution time -- If the process can be moved during its execution from one memory
segment to another, then binding must be delayed to be done at run time

DYNAMIC LOADING
In dynamic loading, a routine of a program is not loaded until it is called by the program. All
routines are kept on disk in a re-locatable load format. The main program is loaded into
memory and is executed. Other routines methods or modules are loaded on request. Dynamic
loading makes better memory space utilization and unused routines are never loaded.
DYNAMIC LINKING
Linking is the process of collecting and combining various modules of code and data into a
executable file that can be loaded into memory and executed. Operating system can link
system level libraries to a program. When it combines the libraries at load time, the linking is
called static linking and when this linking is done at the time of execution, it is called as dynamic
linking.
In static linking, libraries linked at compile time, so program code size becomes bigger whereas
in dynamic linking libraries linked at execution time so program code size remains smaller.
LOGICAL VERSUS PHYSICAL ADDRESS SPACE
An address generated by the CPU is a logical address whereas address actually available on
memory unit is a physical address. Logical address is also known a Virtual address.
Virtual and physical addresses are the same in compile-time and load-time address-binding
schemes. Virtual and physical addresses differ in execution-time address-binding scheme.
The set of all logical addresses generated by a program is referred to as a logical address space.
The set of all physical addresses corresponding to these logical addresses is referred to as a
physical address space.
The run-time mapping from virtual to physical address is done by the memory management
unit (MMU) which is a hardware device. MMU uses following mechanism to convert virtual
address to physical address.

The value in the base register is added to every address generated by a user process
which is treated as offset at the time it is sent to memory. For example, if the base
register value is 10000, then an attempt by the user to use address location 100 will be
dynamically reallocated to location 10100.

The user program deals with virtual addresses; it never sees the real physical addresses.

SWAPPING
Swapping is a mechanism in which a process can be swapped temporarily out of main memory
to a backing store , and then brought back into memory for continued execution.
Backing store is a usually a hard disk drive or any other secondary storage which fast in access
and large enough to accommodate copies of all memory images for all users. It must be capable
of providing direct access to these memory images.
Major time consuming part of swapping is transfer time. Total transfer time is directly
proportional to the amount of memory swapped. Let us assume that the user process is of size
100KB and the backing store is a standard hard disk with transfer rate of 1 MB per second. The
actual transfer of the 100K process to or from memory will take
100KB / 1000KB per second
= 1/10 second
= 100 milliseconds

MEMORY ALLOCATION
Main memory usually has two partitions

Low Memory -- Operating system resides in this memory.

High Memory -- User processes then held in high memory.

Operating system uses the following memory allocation mechanism.

S.N.

Memory
Allocation

In this type of allocation, relocation-register scheme is used to

protect user processes from each other, and from changing
Single-partition operating-system code and data. Relocation register contains value
allocation
of smallest physical address whereas limit register contains range of
logical addresses. Each logical address must be less than the limit
register.

In this type of allocation, main memory is divided into a number of

fixed-sized partitions where each partition should contain only one
process. When a partition is free, a process is selected from the
input queue and is loaded into the free partition. When the process
terminates, the partition becomes available for another process.

Multiplepartition
allocation

Description

1)Uniprogramming: In this Scheme the RAM is partitioned into two parts .One Portion is
for the Operating system to reside and the second part is for the user. In this scheme a
fence register is used which contains the last word address of the OS part. Operating
system will compare the user data address with the fence register and if it is different that
means user is not entering in the OS area. Fence register is also called
boundary register and is used to prevent user from entering in the OS Area.
In this scheme CPU utilization is very poor and fence multiprogramming is used.

2)Multiprogramming: Multiple users can share the memory simultaneously.

a)Contiguous memory Allocation:

1)MFT or fixed partitioning Scheme:

In this scheme at the time of installation OS will be partitioned into fixed sized blocks
.for eg: let us consider that each block is of size 4KB and there are total 4 partitions. In this
case processes whose memory requirement is equals to or less than 4KB, can only get the
memory.
Advantages: At the time of compilation only the address of each word can be given. Or we
can bind address at the compile time
Disadvantages: Degree of multiprogramming is rigid ,its is not flexible because we cannot
change the no. of blocks. memory wastage is caused due to fragmentation.

Fragmentation:
1)Internal: Partial or Incomplete usage of a block of memory
2)External: Entire block of available memory cannot be used.

2)MVT OR variable partitioning Scheme:

In this scheme at the beginning there are no partitions. There is only the OS area
and the rest of the available RAM. The memory is given to the processes as they arrive.
Advantages: In this scheme there is no internal fragmentation. This method is more flexible
as variable size process can be given memory. there is no size limitation.
Disadvantages: It also suffers from external fragmentation. In this scheme compile time
address binding is not possible.

b)Non Contiguous Allocation(Virtual Memory): To provide ease to the user and at the
same time increase the CPU utilization we use the concept of virtual memory. In this system
Operating system is giving illusion to the user such that
1)user can write a very big program
2)user thinks that its entire program is present in the RAM
3)All the space allocated to the user is contiguous
4)User address starts from all 0s.
In reality only a small portion of the user program is in RAM which may or may not be
contiguous while the remaining program is in secondary storage.
Advantages:1)provides ease to the user as the user thinks that he has plenty of memory
which is contiguous.
2)provides benefits to the system as the degree of multiprogramming is maintained. No
fragmentation.

FRAGMENTATION
As processes are loaded and removed from memory, the free memory space is broken into
little pieces. It happens after sometimes that processes can not be allocated to memory blocks
considering their small size and memory blocks remains unused. This problem is known as
Fragmentation.
Fragmentation is of two types
S.N. Fragmentation

Description

External
fragmentation

Total memory space is enough to satisfy a request or to reside a

process in it, but it is not contiguous so it can not be used.

Internal

Memory block assigned to process is bigger. Some portion of memory

fragmentation

is left unused as it can not be used by another process.

External fragmentation can be reduced by compaction or shuffle memory contents to place all
free memory together in one large block. To make compaction feasible, relocation should be
dynamic.
PAGING
External fragmentation is avoided by using paging technique. Paging is a technique in which
physical memory is broken into blocks of the same size called pages (size is power of 2,
between 512 bytes and 8192 bytes). When a process is to be executed, it's corresponding pages
are loaded into any available memory frames.
Logical address space of a process can be non-contiguous and a process is allocated physical
memory whenever the free memory frame is available. Operating system keeps track of all free
frames. Operating system needs n free frames to run a program of size n pages.
Address generated by CPU is divided into

Page number (p) -- page number is used as an index into a page table which contains
base address of each page in physical memory.

Page offset (d) -- page offset is combined with base address to define the physical
memory address.

Following figure show the paging table architecture.

SEGMENTATION
Segmentation is a technique to break memory into logical pieces where each piece represents a
group of related information. For example ,data segments or code segment for each process,
data segment for operating system and so on. Segmentation can be implemented using or
without using paging.
Unlike paging, segment are having varying sizes and thus eliminates internal fragmentation.
External fragmentation still exists but to lesser extent.

Address generated by CPU is divided into

Segment number (s) -- segment number is used as an index into a segment table which
contains base address of each segment in physical memory and a limit of segment.

Segment offset (o) -- segment offset is first checked against limit and then is combined
with base address to define the physical memory address.

Subdividing memory to accommodate multiple processes

 Memory needs to be allocated efficiently to pack as many processes into memory as

possible
As we know that memory is that which stores the programs and these programs are used by
the CPU for processing. And there are two types of memories first is the logical memory and
second is the physical memory. the memory which is temporary such as ram is also known as
the temporary memory and the memory which is permanent such as hard disk is also known as
the physical memory of system.
Segmentation is actually a way to keep similar objects in one place. For example: you can have
your stack stuffs in one place (Stack Segment), Binary code in another place (text segment), and
data in another place (Data and BSS segment). Linux doesnt have segment architecture. AIX
has Segment architecture.

All segments of all programs do not have to be of the same length

There is a maximum segment length
Addressing consist of two parts - a segment number and an offset
Since segments are not equal, segmentation is similar to dynamic partitioning

Segmentation solves the problem of internal fragmentation

When we wants to execute any programs then that programs must be brought from the
physical memory into the logical memory. So that we uses the concept of the memory
management. this is the responsibility of the operating system to provide the memory spaces
to each and every program. Also manage which process will be executed at that time.
Operating system translates the physical address into the logical address, if he wants to
perform the operation, then he must translate the physical address into the logical address.
This is the also known as binding. Means when a physical address is mapped or convert into the
logical address, and then this is called as the binding.

There is also a concept which is also known as the dynamic loading, in this a program doesnt
reside into the memory of the computer and we must have to load that process for processing.
So that when a process is loaded only when a request has found, then it is called as the loading
of the process.
MEMORY MANAGEMENT REQUIREMENTS
Relocation
Programmer does not know where the program will be placed in memory when
it is executed
While the program is executing, it may be swapped to disk and returned to main
memory at a different location (relocated)
Memory references must be translated in the code to actual physical memory
address
Protection
Processes should not be able to reference memory locations in another process
without permission
Impossible to check absolute addresses in programs since the program could be
relocated
Must be checked during execution
Operating system cannot anticipate all of the memory references a
program will make
Sharing
Allow several processes to access the same portion of memory
Better to allow each process (person) access to the same copy of the program
rather than have their own separate copy
Logical Organization
Programs are written in modules
Modules can be written and compiled independently

 Different degrees of protection given to modules (read-only, execute-only)

Share modules

Contiguous allocation:The contiguous allocation means the memory spaces is divided into the small and equal size
and the different process uses the various partitions for running their applications process. And
when a request has found then the process will allocate the space. And in this the contiguous
spaces is provided to each and every process. Means all the process will reside in the memory
of the computer and when a process will request for the memory then this available memory or
free memory will be allotted to him.
But there will be problem when the memory which is required by the process is not enough
for him or when the size of memory is less which is required for the process. So this problem is
also known as the internal fragmentation. The main reason for the internal fragmentation is, all
the memory is divided into the fixed and continuous sizes. So that if a process requires large
memory then that process will not be fit into the small area.
The second problem is also occurred in the continues allocation. This is also known as the
external fragmentation. In this when the memory is not enough after combing the multiple
parts of single memory. In this when the required memory is high after combining the various
areas of memory then this is called as external fragmentation. So there are the following
problems arise when we use the contiguous memory allocation.
1) Wasted memory: the wasted memory is that memory which is unused and which cant be
given to the process. When the various process comes which require memory which is not
available this is called as the wasted memory.
2) Time complexity: there is also wastage of time for allocating and de-allocating the memory
spaces to the process.
3) Memory access there must be some operations those are performed for providing the
memory to the processes.
As we know that operating system is that which executes the system and the operating system
is the software which is responsible for running all the user programs so that generally memory

is divided in to the two parts, first part is used by the operating system and the second part is
used by the user programs and there may be some situations that the memory size of the
operating system may be higher from the user memory and also vice versa.
So that there must be some mechanism in which a user cant access the data of the operating
system and there must be some mechanism. That mechanism contains two types of registers.
1) Relocation register: the relocation register is the smallest register which contains the
smallest value of the physical address.
2) Limit register: the limit register is that which contains the highest values of the address of
physical memory.
When we use the static memory allocation then all the memory is provided to the various
process will be in the continuous form and when any process ends then the memory of that
process will not be allotted to any new join process, because memory is already to all the
processes, so this will create the problem of internal fragmentation means there is not
enough memory available, which can be allocated to the processes, so that we uses the
dynamic memory allocation, in this memory which is allocated by the processes in the form of
needs and dynamic demands of the process and in this when a process ends then the memory
of that process will be provided to the process which is newly join and the memory is provided
to the process by using the compaction means after providing the memory space to each and
every process , this will refresh the memory or will uses the process of compaction and in this
all the free memory will make a single large memory so that the memory will be provided to the
process those are newly created.
For providing the memory to the various processes there are three methods or techniques1) First fit: in the first fit the operating system will search for the free memory or available
memory from the entire memory and this will select the first area or first part of the memory
and in this first part which is large enough for the process will be provided to the process.
2) Best fit: in this operating system will search for the memory area which is small as well as
enough for the process. Will be provided to the process. And in this all the memory holes or
parts are arranged in to the sorted order and the operating system will search for the best
whole means this will search for the smallest hole or part from the memory.

3) Worst fit : in the worst fit we uses the largest hole for the process and in this the memory
area which is large enough means which is greater from the required area will be allocated to
the process.
Memory partitioning is the way to distribute the Kernel and User Space Area in Memory.

Paging is actually a minimum memory, which can be swap in and swap out from Memory. In
modern Server operating systems, we can use Multiple Page Size Support. That actually helps to
tune OS performance, depending on type of applications.
Paging solves the problem of External Fragmentation
The Demand Paging is also same with the Simple Paging. But the Main Difference is that in the
Demand Paging Swapping is used. Means all the Pages will be in and out from the Memory
when they are required. When we specify a Process for the Execution then the Processes is
stored firstly on the Secondary Memory which is also known as the Hard Disk.
But when they are required then they are Swapped Backed into the Memory and when a
Process is not used by the user then they are Temporary Swapped out from the Memory.
Means they are Stored on the Disk and after that they are Copied into the Memory.
So Demand Paging is the Concept in which a Process is Copied into the Logical Memory from
the Physical Memory when we needs them. A Process can load either Entire, Copied into the
Main Memory or the part of single Process is copied into the Memory so that is only the single
Part of the Process is copied into the Memory then this is also called as the Lazy Swapping.

For Swapping the Process from the Main Memory or from the Physical Memory, a Page Table
must be used. The Page Table is used for Storing the Entries which Contains the Page or Process
Number and also the offset Number which indicates the address of the Process where a Process
is Stored and there will also be the Special or Extra Bit which is also Known as the Flag Bit which
indicates whether the Page is Stored into the Physical Memory.
The Page Table Contains two Entries those are used as valid and invalid means whether the
Process is Stored into the Page Table. Or Whether the Demand Program is Stored into the
Physical Memory So that they can be easily swapped. If the Requested Program is not stored
into the Page Table then the Page Table must Contains the Entries as v and I means valid and
invalid along the Page Number.
When a user Request for any Operation then the Operating System perform the following
instructions:1) First of all this will fetch all the instructions from the Physical Memory into the Logical
Memory.
2) Decode all the instructions means this will find out which Operation has to be performed on
the instructions.
3) Perform Requested Operation.
4) Stores the Result into the Logical Memory and if needed the Results will be Stored into the
Physical Memory.
As we know that a Computer is designed for Performing the Multiple Tasks at a Time
and for this Some Memory is also used by the Computer for executing the instructions those
are given by the user. But when there is a Situation when the Memory which is required by the
user is high from the Available Memory.
So that the Logical Memory will be treat as the Permanent Memory or from the Physical
Memory. And when we wants to display the size of Logical Memory big enough which is not
actually Exists. So at that situation we will use the Concept of Virtual Memory.

PAGING VS SEGMENTATION
Paging Computer memory is divided into small partitions that are all the same size and
referred to as, page frames. Then when a process is loaded it gets divided into pages which are
the same size as those previous frames. The process pages are then loaded into the frames.
Segmentation Computer memory is allocated in various sizes (segments) depending on the
need for address space by the process. These segments may be individually protected or shared
between processes. Commonly you will see what are called Segmentation Faults in programs,
this is because the data thats is about to be read or written is outside the permitted address
space of that process.
So now we can distinguish the differences and look at a comparison between the two:
Paging:
Transparent to programmer (system allocates memory)
No separate protection
No separate compiling
No shared code
Solves the problem of external fragmentation
Segmentation:
Involves programmer (allocates memory to specific function inside code)
Separate compiling
Separate protection
Share code
Solves the problem of internal fragmentation

VIRTUAL MEMORY
In the Virtual Memory the Physical Memory will be treated as the Logical Memory.
Means with the help of virtual Memory we can also increase the size of Logical Memory as from
the Physical Memory. A user will see or feels that all the Programs are running into the Logical
Memory of the Computer. With the help of virtual Memory all the Space of Hard Disk can be
used as the Logical Memory So that a user can execute any Number of programs. The various
benefits of the virtual Memory are :1) Unused Address space: With the help of Unused Address Space a user can execute
any number of programs because all the actual Addresses will be treated as the logical
Addresses. All the Programs those are given by the user will be Stored into the Disk Space and
all the Programs will be Stored into the Physical Address Space but they will treat as they are
Stored into the Logical Address Space.
2) Increased degree of Multiprogramming: - With the help of Virtual Memory we can
Execute Many Programs at a Time because Many Programs can be fit in the Physical
Memory So that More Programs can be Stored into the Memory but this will not
increase the Response Time of the CPU Means this will not affect on the Execution of
the Programs.

3) Decrease Number of I/O Operations: There will be less Operations those are to be used
for performing the Swapping of the Processes. All the Programs will be automatically
will be loaded into the Memory when they are needed.
But always remember that the Whole Programs are never to be Copied into the Memory
Means all the Programs will be Copied into the Form of Pages Means the Parts of the
Programs.
A Virtual Memory system has the advantage of allowing more processes to run than the
allowed memory size. This is achieved by only including parts of processes that are necessary to
run in memory, and the rest on disk. The absolute minimum part of a process that must always
be in memory is called its working set. Usually, a program doesn't need to have its entire binary
file in memory to run when it is performing a task that only uses part of its file. What this means
is that, say, a 16MB program could happily run on a machine with only 4MB of memory.

When a process runs, it is given its very own virtual address space, which is a block of memory
addresses. The start and end of this address space is not necessarily the same as how it is
actually stored in the physical address space in the real memory. Some mapping has to go on in
between. This is the job of the Memory Management Unit (MMU), which is part of the CPU
(usually a chip or module) and sits between the CPU and the system bus. All memory calls
between the CPU and main memory go through the MMU where they are translated either
from virtual addresses to physical addresses or the other way around.
Giving each process a virtual address space that is not a direct chunk of main memory means
that the total size of all processes' address spaces is not limited by the size of the physical
memory. Each process's address space, which in this case is its virtual address space, can be as
big as the entire address space in physical memory if it wants.
Virtual Memory can be implemented in one of two ways:
-Paging
-Segmentation

Paging
During memory referencing, the consecutive addresses in the virtual address space that are
referenced are called pages. The corresponding range of consecutive addresses in the real,
physical memory are called page frames. Each page and its corresponding page frame must
have the same size. The area on a Hard Disk that stores page frames (or memory images) is
usually called the paging file or the swap file.
A page table is maintained at all times by the MMU to store mappings of pages in virtual
memory to page frames in physical memory. Each process has its own virtual address space,
and therefore, must have its own page table. The mapping of virtual-to-physical addresses is
done on every single memory reference, which can slow things down considerably. A process
can no longer directly access memory, but has to go through the MMU and have the address it
is trying to access translated to physical first.
The blue numbers in the virtual address space pages refer to the page frames that they are
mapped to. Those with X's in them are not mapped to any page frames in physical memory,
therefore, accessing them would cause a page fault.
Table Lookup Buffers (TLB) were devised as a means of getting around this problem. A TLB can
be seen as a cache that stores the most frequently accessed pages. Each entry in a TLB contains
a page (virtual), its corresponding page frame (physical) as well as other data. A memory
reference can now first check the TLB and if it finds the page it is trying to access, it can
completely bypass the page table.

When the MMU tries to access a page that is non-existent, an exception is thrown called a page
fault. Remember that a program's complete image is always on disk, so what the MMU does to
resolve this problem is to copy out a page from memory to disk to make room for copying in
the missing page. There are several algorithms for determining which page to move out such as
Least Recently Used (LRU), Least Frequently Used (LFU), First In First Out (FIFO).
Segmentation
There are two main issues with the paging approach: 1. pages are fixed sizes and 2. pages are
contiguous, i.e. they sit next to each other in the virtual address space.
What this means is that there is no room for individual pages to dynamically expand and
contract at will or they would bump into other pages.
Segmentation resolves both issues by maintaining completely independent segments that all
start at address 0 up to a maximum value. If the first segment goes from 0 to 200, the next
segment may go from 0 to 10, and not 200 to 210. This means that that code that makes use of
segmentation must reference it as such:
virtual_address
=
(s,
//s is the segment number, and ra is the address within the segment

ra)

The virtual address space is no longer one-dimensional as with paging, but two-dimensional,
which is why every memory reference must be relative to a segment number. In segmentation,
address spaces are not linear. The biggest advantage of segmentation is that it allows libraries
to be shared between processes, simply because bits of code can be broken up and stored in
individual address spaces. Not only does this give greater flexibility to the programmer and
organizing code, but it also aids in sharing.
So how are segments protected from interfering with one another? The answer is: with the use
of two hardware registers called base and limit that the MMU maintains for each segment. The
base register points to a segment's start address (usually 0) and the limit register points to its
last address. A process can never access an address that is larger then it's limit register.
In conclusion
Segmented Virtual Memory allows for the protection and relocation of processes' memory
segments as well as the sharing of libraries between processes. Paged Virtual Memory
additionally allows the Virtual Memory's size to exceed the maximum size of the physical
memory since it puts only parts of a program that are required for a task in memory whilst the
rest is kept on disk.
Swapping out, from memory to disk, of idle or blocked processes makes room for other
processes that would like to run and thus, is an efficient way of utilizing memory.

If you found my explanation of Virtual Memory confusing, then please take a look here
for an alternative explanation. Hopefully, both will give you a better understanding of
Virtual Memory.

Spooling - Simultaneous peripheral operations on-line, spooling refers to as a process that

putting jobs in a buffer or say spool, or temporary storage area, a special area in memory or on
a disk where a device can access them when it is ready. Spooling is useful because devices
access data at different rates.
The buffer provides a waiting station where data can rest while the slower device catches
up.However, unlike a spool of thread, the first jobs sent to the spool are the first ones to be
processed (FIFO, not LIFO).
The most common spooling application is print spooling. In print spooling, documents are
loaded into a buffer (usually an area on a disk), and then the printer pulls them off the buffer at
its own rate. Because the documents are in a buffer where they can be accessed by the printer,
you can perform other operations on the computer while the printing takes place in the
background.
Spooling also lets you place a number of print jobs on a queue instead of waiting for each one
to finish before specifying the next one.
Spooling is an acronym for simultaneous peripheral operations on line. Spooling refers to
putting data of various I/O jobs in a buffer. This buffer is a special area in memory or hard disk
which is accessible to I/O devices. Operating system does the following activites related to
distributed environment.

OS handles I/O device data spooling as devices have different data access rates.

OS maintains the spooling buffer which provides a waiting station where data can rest
while the slower device catches up.

OS maintains parallel computation because of spooling process as a computer can

perform I/O in parallel fashin. It becomes possible to have the computer read data from
a tape, write data to disk and to write out to a tape printer while it is doing its
computing task.

Advantages

The spooling operation uses a disk as a very large buffer.

Spooling is capable of overlapping I/O operation for one job with processor operations
for another job.

Security Tips
Flaws in the operating systems of computers are discovered almost daily. The majority of
viruses take advantage of these flaws to infect your computer. Once a virus enters your system,
it can potentially cause devastating damage. To avoid contracting a virus, you should take the
following basic precautions:
Software Updates - Make sure that the software on your computer is regularly updated. By
doing so, most viruses can be avoided. We recommend setting your computer to check for
software updates automatically.
Firewall - Run a firewall program on your computer. A firewall is a device or program that
blocks undesired Internet traffic, including viruses, from accessing your computer. Both
Windows and Mac OS X have built-in firewall programs that are easy to set up. By blocking
unwanted Internet traffic, a lot of viruses and bugs can be stopped dead in their tracks!
Account Management - Manage the user accounts on your computer, so you can control
exactly who can log into your machine. Especially on Windows XP machines, it is easy to
accidentally leave your computer wide open to unauthorized users.
Antivirus Software - Use your antivirus software to scan for viruses as files are being launched.

OS PROTECTION AND SECURITY

Computer protection and security mechanisms provided by an operating system
must address the following requirements:
Confidentiality:(or privacy) the requirement that information maintained
by a computer system be accessible only by authorised parties (users and
the processes that run as/represent those users).
Interception occurs when an unauthorised party gains access to a resource;
examples include illicit file copying and the invocation of programs.
Integrity:the requirement that a computer systems resources can be modified
only by authorised parties.
Modification occurs when an unauthorised party not only gains access to
but changes a resource such as data or the execution of a running process.
Availability:the requirement that a computer system be accessible at required
times by authorised parties.
Interruption occurs when an unauthorised party reduces the availability
of or to a resource.
Authenticity:the requirement that a computer system can verify the identity
of a user.
Fabrication occurs when an unauthorised party inserts counterfeit data
amongst valid data.

ASSETS AND THEIR VULNERABILITIES

Hardware is mainly vulnerable to interruption, either by theft or by vandalism.
Physical security measures are used to prevent these attacks.
Software is also vulnerable to interruption, as it is very easy to delete. Backups
are used to limit the damage caused by deletion. Modification or
fabrication through alteration (e.g. by viruses) is a major problem, as it
can be hard to spot quickly. Software is also vulnerable to interception
through unauthorised copying: this problem is still largely unsolved.
Data is vulnerable in many ways. Interruption can occur through the simple
destruction of data files. Interception can occur through unauthorised
reading of data files, or more perniciously through unauthorised analysis
and aggregation of data. Modification and fabrication are also obvious
problems with potentially huge consequences.
Communications are vulnerable to all types of threats.
Passive attacks take the form of eavesdropping, and fall into two categories:
reading the contents of a message, or more subtly, analysing patterns of

traffic to infer the nature of even secure messages.

Passive attacks are hard to detect, so the emphasis is usually on prevention.
Active attacks involve modification of a data stream, or creation of a false
data stream. One entity may masquerade as another (presumably one
with more or different privileges), maybe by capturing and replaying an
authentication sequence. Replay is a similar attack, usually on data. Message
contents may also be modified, often to induce incorrect behavior
in other users. Denial of service attacks aim to inhibit the normal use of
communication facilities.
Active attacks are hard to prevent (entirely), so the emphasis is usually on
detection and damage control.

PROTECTION
Multiprogramming involves the sharing of many resources, including processor,
memory, I/O devices, programs, and data. Protection of such resources runs
along the following spectrum:
No protection may be adequate e.g. if sensitive procedures are run at separate
times.
Isolation implies that entities operate separately from each other in the physical
sense.
Share all or nothing implies that an object is either totally private or totally
public.
Share via access limitation implies that different entities enjoy different
levels of access to an object, at the gift of the owner. The OS acts as a
guard between entities and objects to enforce correct access.
Share via dynamic capabilities extends the former to allow rights to be
varied dynamically.
Limit use of an object implies that not only is access to the object controlled,
the use to which it may be put also varies across entities.
The above spectrum is listed roughly in order of increasing fineness of control
for owners, and also increasing difficulty of implementation.

INTRUDERS
Intruders and viruses are the two most publicised security threats. We identify
three classes of intruders:
A masqueradoris an unauthorised individual (an outsider) who penetrates
a system to exploit legitimate users accounts.
A misfeasor is a legitimate user (an insider) who accesses resources to which

they are not privileged, or who abuses such privilege.

A clandestine user is an individual (an insider or an outsider) who seizes
control of a system to evade auditing controls, or to suppress audit collection.
Intruders are usually trying to gain access to a system, or to increased privileges
to which they are not entitled, often by obtaining the password for a legitimate
account. Many methods of obtaining passwords have been tried:
trying default passwords;
exhaustively testing short passwords;
trying words from a dictionary, or from a list of common passwords;
collecting personal information about users;
using a Trojan horse;
eavesdropping on communication lines.
The usual methods for protecting passwords are through one-way encryption,
or by limiting access to password files. However, passwords are inherently
vulnerable.
MALICIOUS SOFTWARE
The most sophisticated threats to computer systems are through malicious
software, sometimes called malware. Malware attempts to cause damage to, or
consume the resources of, a target system.
Malware can be divided into programs that can operate independently, and
those that need a host program; and also into programs that can replicate
themselves, and those that cannot.
A trap door is a secret entry point into a program, often left by the programs
developers, or sometimes delivered via a software update.
A logic bomb is code embedded in a program that explodes when certain
conditions are met, e.g. a certain date or the presence of certain files or
users. Logic bombs also often originate with the developers of the software.
A Trojan horse is a useful (or apparently useful) program that contains hidden
code to perform some unwanted or harmful function.
A virus is a program that can infect other programs by modification, as
well as causing local damage. Such modification includes a copy of the
virus, which can then spread further to other programs.
A worm is an independent program that spreads via network connections,
typically using either email, remote execution, or remote login to deliver
or execute a copy of itself to or on another system, as well as causing local
damage.
A zombie is an independent program that secretly takes over a system and
uses that system to launch attacks on other systems, thus concealing the
original instigator. Such attacks often involve further replication of the
zombie itself. Zombies are often used in denial-of-service attacks.
The last three of these involve replication. In all cases, prevention is much
easier than detection and recovery.

TRUSTED SYSTEMS
So far we have discussed protecting a given resource from attack by a given user.
Another requirement is to protect a resource on the basis of levels of security,
e.g. the military-style system, where users are granted clearance to view certain
categories of data.
This is known as multi-level security. The basic principle is that a subject at
a higher level may not convey information to a subject at a lower level against
the wishes of the authorised user. This principle has two facets:
No read-up implies that a subject can only read objects of less or equal
security level.
No write-down implies that a subject can only write objects of greater or
equal security level.
These requirements are implemented by a reference monitor, which has three
roles:
Complete mediation implies that rules are imposed on every access.
Isolation implies that the monitor and database are protected from unauthorised
modification.
Verifiability implies that the monitor is provably correct.
Such a system is known as a trusted system. These requirements are very
difficult to meet, both in terms of assuring correctness and in terms of delivering
adequate performance.
PROTECTION AND SECURITY DESIGN PRINCIPLES
Saltzer and Schroeder (1975) identified a core set of principles to operating
system security design:
Least privilege: Every object (users and their processes) should work within
a minimal set of privileges; access rights should be obtained by explicit
request, and the default level of access should be none.
Economy of mechanisms: security mechanisms should be as small and
simple as possible, aiding in their verification. This implies that they should
be integral to an operating systems design, and not an afterthought.
Acceptability: security mechanisms must at the same time be robust yet
non-intrusive. An intrusive mechanism is likely to be counter-productive
and avoided by users, if possible.
Complete: Mechanisms must be pervasive and access control checked during
all operations including the tasks of backup and maintenance.
Open design: An operating systems security should not remain secret, nor
be provided by stealth. Open mechanisms are subject to scrutiny, review,
and continued refinement.

Goals of Protection

Obviously to prevent malicious misuse of the system by users or programs. See chapter
15 for a more thorough coverage of this goal.
To ensure that each shared resource is used only in accordance with
system policies, which may be set either by system designers or by system
administrators.
To ensure that errant programs cause the minimal amount of damage possible.
Note that protection systems only provide the mechanisms for enforcing policies and
ensuring reliable systems. It is up to administrators and users to implement those
mechanisms effectively.

14.2 Principles of Protection

The principle of least privilege dictates that programs, users, and systems be given just
enough privileges to perform their tasks.
This ensures that failures do the least amount of harm and allow the least of harm to be
done.
For example, if a program needs special privileges to perform a task, it is better to make
it a SGID program with group ownership of "network" or "backup" or some other
pseudo group, rather than SUID with root ownership. This limits the amount of damage
that can occur if something goes wrong.
Typically each user is given their own account, and has only enough privilege to modify
their own files.
The root account should not be used for normal day to day activities - The System
Administrator should also have an ordinary account, and reserve use of the root account
for only those tasks which need the root privileges

14.3 Domain of Protection

A computer can be viewed as a collection of processes and objects ( both HW & SW ).

The need to know principle states that a process should only have access to those
objects it needs to accomplish its task, and furthermore only in the modes for which it
needs access and only during the time frame when it needs access.
The modes available for a particular object may depend upon its type.

14.3.1 Domain Structure

A protection domain specifies the resources that a process may access.

Each domain defines a set of objects and the types of operations that may be
invoked on each object.
An access right is the ability to execute an operation on an object.
A domain is defined as a set of < object, { access right set } > pairs, as shown
below. Note that some domains may be disjoint while others overlap.

The association between a process and a domain may be static or dynamic.

o If the association is static, then the need-to-know principle requires a
way of changing the contents of the domain dynamically.
o If the association is dynamic, then there needs to be a mechanism
for domain switching.
Domains may be realized in different fashions - as users, or as processes, or as
procedures. E.g. if each user corresponds to a domain, then that domain defines
the access of that user, and changing domains involves changing user ID.
The association between a process and a domain may be static or dynamic.
o If the association is static, then the need-to-know principle requires a
way of changing the contents of the domain dynamically.
o If the association is dynamic, then there needs to be a mechanism
for domain switching.
Domains may be realized in different fashions - as users, or as processes, or as
procedures. E.g. if each user corresponds to a domain, then that domain defines
the access of that user, and changing domains involves changing user ID.

14.3.2 An Example: UNIX

UNIX associates domains with users.

Certain programs operate with the SUID bit set, which effectively changes the
user ID, and therefore the access domain, while the program is running. ( and
similarly for the SGID bit. ) Unfortunately this has some potential for abuse.
An alternative used on some systems is to place privileged programs in special
directories, so that they attain the identity of the directory owner when they
run. This prevents crackers from placing SUID programs in random directories
around the system.
Yet another alternative is to not allow the changing of ID at all. Instead, special
privileged daemons are launched at boot time, and user processes send
messages to these daemons when they need special tasks performed.

14.3.3 An Example: MULTICS

The MULTICS system uses a complex system of rings, each corresponding to a

different protection domain, as shown below:

Rings are numbered from 0 to 7, with outer rings having a subset of the
privileges of the inner rings.
Each file is a memory segment, and each segment description includes an entry
that indicates the ring number associated with that segment, as well as read,
write, and execute privileges.
Each process runs in a ring, according to the current-ring-number, a counter
associated with each process.
A process operating in one ring can only access segments associated with higher
( farther out ) rings, and then only according to the access bits. Processes cannot
access segments associated with lower rings.
Domain switching is achieved by a process in one ring calling upon a process
operating in a lower ring, which is controlled by several factors stored with each
segment descriptor:
o An access bracket, defined by integers b1 <= b2.
o A limit b3 > b2
o A list of gates, identifying the entry points at which the segments may be
called.
If a process operating in ring i calls a segment whose bracket is such that b1 <= i
<= b2, then the call succeeds and the process remains in ring i.
Otherwise a trap to the OS occurs, and is handled as follows:
o If i < b1, then the call is allowed, because we are transferring to a
procedure with fewer privileges. However if any of the parameters being

passed are of segments below b1, then they must be copied to an area
accessible by the called procedure.
o If i > b2, then the call is allowed only if i <= b3 and the call is directed to
one of the entries on the list of gates.
Overall this approach is more complex and less efficient than other protection
schemes.

PROTECTION MODELS
n Access control lists
n Capability based models
n Role based models

14.4 ACCESS MATRIX

The model of protection that we have been discussing can be viewed as an access
matrix, in which columns represent different system resources and rows represent
different protection domains. Entries within the matrix indicate what access that
domain has to that resource.

Domain switching can be easily supported under this model, simply by providing
"switch" access to other domains:

The ability to copy rights is denoted by an asterisk, indicating that processes in that
domain have the right to copy that access within the same column, i.e. for the same
object. There are two important variations:
o If the asterisk is removed from the original access right, then the right
is transferred, rather than being copied. This may be termed a transfer right as
opposed to a copy right.
o If only the right and not the asterisk is copied, then the access right is added to
the new domain, but it may not be propagated further. That is the new domain

does not also receive the right to copy the access. This may be termed a limited
copy right, as shown in Figure 14.5 below:

The owner right adds the privilege of adding new rights or removing existing ones:

Copy and owner rights only allow the modification of rights within a column. The
addition of control rights, which only apply to domain objects, allow a process operating
in one domain to affect the rights available in other domains. For example in the table
below, a process operating in domain D2 has the right to control any of the rights in
domain D4.

CAPABILITY LISTS FOR DOMAINS

Capability Concept
The capability concept was introduced by Dennis and Van Horn in 1966.
A capability is a token, ticket, or key that gives the possessor permission to access an
entity or object in a computer system.
Intuitive examples
A movie ticket is a capability to watch a movie.
A key is a capability to enter a house.
A capability is implemented as a data structure that contains:
Identifier: addresses or names. e.g. a segment of memory, an array, a file, a printer, or a
message
port.
Access right: read, write, execute, access, etc.
Using capabilities
Explicit use: you have to show your capabilities explicitly. This is what we do when we go to
movie theaters: we show the doorkeeper our tickets. The following is another example that is
quite common when a program tries to access a file:
PUT (file_capability, "this is a record");
Implicit use: there is no need to show the capabilities, but the system will automatically check
whether one has the proper capabilities. An analogy to this would be having the theater
doorkeeper
to search your pockets for the right tickets. Although the approach is awkward in this
analogy, it is quite common in operating systems. The capability-list method basically uses this
approach. Namely, each process carries a list of capabilities; when it tries to access an object,
the access control system checks this list to see whether the process has the right capability.
Unlike the explicit use approach, with this approach, processes (or the programmers who write
the programs) do not need to figure out which capability should be presented to the system.
Comparison: The implicit approach is less efficient, especially, when the capability-list is long.
However, it might be easier to use, because, unlike the explicit approach, capabilities are
transparent

to users; therefore, users do not need to be aware of the capabilities.

In a similar fashion, each row of the table can be kept as a list of the capabilities
of that domain.
Capability lists are associated with each domain, but not directly accessible by
the domain or any user process.
Capability lists are themselves protected resources, distinguished from other
data in one of two ways:
o A tag, possibly hardware implemented, distinguishing this special type of
data. ( other types may be floats, pointers, booleans, etc. )
o The address space for a program may be split into multiple segments, at
least one of which is inaccessible by the program itself, and used by the
operating system for maintaining the process's access right capability list.

Role-Based Access Control, RBAC, assigns privileges to users, programs, or roles as

appropriate, where "privileges" refer to the right to call certain system calls, or to use
certain parameters with those calls.
RBAC supports the principle of least privilege, and reduces the susceptibility to abuse as
opposed to SUID or SGID programs.

14.7 REVOCATION OF ACCESS RIGHTS

The need to revoke access rights dynamically raises several questions:

o Immediate versus delayed - If delayed, can we determine when the revocation
will take place?
o Selective versus general - Does revocation of an access right to an object
affect all users who have that right, or only some users?
o Partial versus total - Can a subset of rights for an object be revoked, or are all
rights revoked at once?
o Temporary versus permanent - If rights are revoked, is there a mechanism for
processes to re-acquire some or all of the revoked rights?
With an access list scheme revocation is easy, immediate, and can be selective, general,
partial, total, temporary, or permanent, as desired.
With capabilities lists the problem is more complicated, because access rights are
distributed throughout the system. A few schemes that have been developed include:
o Reacquisition - Capabilities are periodically revoked from each domain, which
must then re-acquire them.
o Back-pointers - A list of pointers is maintained from each object to each
capability which is held for that object.
o Indirection - Capabilities point to an entry in a global table rather than to the
object. Access rights can be revoked by changing or invalidating the table entry,
which may affect multiple processes, which must then re-acquire access rights to
continue.
o Keys - A unique bit pattern is associated with each capability when created,
which can be neither inspected nor modified by the process.
A master key is associated with each object.
When a capability is created, its key is set to the object's master key.
As long as the capability's key matches the object's key, then the
capabilities remain valid.
The object master key can be changed with the set-key command,
thereby invalidating all current capabilities.
More flexibility can be added to this scheme by implementing a list of
keys for each object, possibly in a global table.

14.8 CAPABILITY-BASED SYSTEMS

14.8.1 AN EXAMPLE: HYDRA

Hydra is a capability-based system that includes both system-defined rights and

user-defined rights. The interpretation of user-defined rights is up to the specific
user programs, but the OS provides support for protecting access to those rights,
whatever they may be

Operations on objects are defined procedurally, and those procedures are

themselves protected objects, accessed indirectly through capabilities.
The names of user-defined procedures must be identified to the protection
system if it is to deal with user-defined rights.
When an object is created, the names of operations defined on that object
become auxiliary rights, described in a capability for an instance of the type. For
a process to act on an object, the capabilities it holds for that object must
contain the name of the operation being invoked. This allows access to be
controlled on an instance-by-instance and process-by-process basis.
Hydra also allows rights amplification, in which a process is deemed to
be trustworthy, and thereby allowed to act on any object corresponding to its
parameters.
Programmers can make direct use of the Hydra protection system, using suitable
libraries which are documented in appropriate reference manuals.

14.8.2 AN EXAMPLE: CAMBRIDGE CAP SYSTEM

The CAP system has two kinds of capabilities:

o Data capability, used to provide read, write, and execute access to
objects. These capabilities are interpreted by microcode in the CAP
machine.
o Software capability, is protected but not interpreted by the CAP
microcode.
Software capabilities are interpreted by protected ( privileged )
procedures, possibly written by application programmers.
When a process executes a protected procedure, it temporarily
gains the ability to read or write the contents of a software
capability.
This leaves the interpretation of the software capabilities up to
the individual subsystems, and limits the potential damage that
could be caused by a faulty privileged procedure.
Note, however, that protected procedures only get access to
software capabilities for the subsystem of which they are a part.
Checks are made when passing software capabilities to protected
procedures that they are of the correct type.
Unfortunately the CAP system does not provide libraries, making
it harder for an individual programmer to use than the Hydra
system.

14.9 LANGUAGE-BASED PROTECTION

o

As systems have developed, protection systems have become more powerful,

and also more specific and specialized.

To refine protection even further requires putting protection capabilities into the
hands of individual programmers, so that protection policies can be
implemented on the application level, i.e. to protect resources in ways that are
known to the specific applications but not to the more general operating system.

14.9.1 COMPILER-BASED ENFORCEMENT

In a compiler-based approach to protection enforcement, programmers directly

specify the protection needed for different resources at the time the resources
are declared.
This approach has several advantages:
1. Protection needs are simply declared, as opposed to a complex series of
procedure calls.
2. Protection requirements can be stated independently of the support
provided by a particular OS.
3. The means of enforcement need not be provided directly by the
developer.
4. Declarative notation is natural, because access privileges are closely
related to the concept of data types.
Regardless of the means of implementation, compiler-based protection relies
upon the underlying protection mechanisms provided by the underlying OS, such
as the Cambridge CAP or Hydra systems.
Even if the underlying OS does not provide advanced protection mechanisms,
the compiler can still offer some protection, such as treating memory accesses
differently in code versus data segments. ( E.g. code segments cant be modified,
data segments can't be executed. )
There are several areas in which compiler-based protection can be compared to
kernel-enforced protection:
o Security. Security provided by the kernel offers better protection than
that provided by a compiler. The security of the compiler-based
enforcement is dependent upon the integrity of the compiler itself, as
well as requiring that files not be modified after they are compiled. The
kernel is in a better position to protect itself from modification, as well as
protecting access to specific files. Where hardware support of individual
memory accesses is available, the protection is stronger still.
o Flexibility. A kernel-based protection system is not as flexible to provide
the specific protection needed by an individual programmer, though it
may provide support which the programmer may make use of. Compilers
are more easily changed and updated when necessary to change the
protection services offered or their implementation.
o Efficiency. The most efficient protection mechanism is one supported by
hardware and microcode. Insofar as software based protection is
concerned, compiler-based systems have the advantage that many

checks can be made off-line, at compile time, rather that during

execution.
The concept of incorporating protection mechanisms into programming
languages is in its infancy, and still remains to be fully developed. However the
general goal is to provide mechanisms for three functions:
0. Distributing capabilities safely and efficiently among customer processes.
In particular a user process should only be able to access resources for
which it was issued capabilities.
1. Specifying the type of operations a process may execute on a resource,
such as reading or writing.
2. Specifying the order in which operations are performed on the resource,
such as opening before reading.

14.9.2 PROTECTION IN JAVA

Java was designed from the very beginning to operate in a distributed

environment, where code would be executed from a variety of trusted and
untrusted sources. As a result the Java Virtual Machine, JVM incorporates many
protection mechanisms
When a Java program runs, it load up classes dynamically, in response to
requests to instantiates objects of particular types. These classes may come from
a variety of different sources, some trusted and some not, which requires that
the protection mechanism be implemented at the resolution of individual
classes, something not supported by the basic operating system.
As each class is loaded, it is placed into a separate protection domain. The
capabilities of each domain depend upon whether the source URL is trusted or
not, the presence or absence of any digital signatures on the class ( Chapter 15 ),
and a configurable policy file indicating which servers a particular user trusts,
etc.
When a request is made to access a restricted resource in Java, ( e.g. open a local
file ), some process on the current call stack must specifically assert a privilege
to perform the operation. In essence this method assumes responsibility for the
restricted access. Naturally the method must be part of a class which resides in a
protection domain that includes the capability for the requested operation. This
approach is termed stack inspection, and works like this:
o When a caller may not be trusted, a method executes an access request
within a doPrivileged( ) block, which is noted on the calling stack.
o When access to a protected resource is requested, checkPermissions(
) inspects the call stack to see if a method has asserted the privilege to
access the protected resource.
If a suitable doPriveleged block is encountered on the stack
before a domain in which the privilege is disallowed, then the
request is granted.

If a domain in which the request is disallowed is encountered first,

then the access is denied and a AccessControlException is thrown.
If neither is encountered, then the response is implementation
dependent.
In the example below the untrusted applet's call to get( ) succeeds, because the
trusted URL loader asserts the privilege of opening the specific URL lucent.com.
However when the applet tries to make a direct call to open( ) it fails, because it
does not have privilege to access any sockets.

Fragmentation occurs in a dynamic memory allocation system when many of the free blocks
are too small to satisfy any request.
External Fragmentation: External Fragmentation happens when a dynamic memory allocation
algorithm allocates some memory and a small piece is left over that cannot be effectively used.
If too much external fragmentation occurs, the amount of usable memory is drastically
reduced. Total memory space exists to satisfy a request, but it is not contiguous.
Internal Fragmentation: Internal fragmentation is the space wasted inside of allocated memory
blocks because of restriction on the allowed sizes of allocated blocks. Allocated memory may be
slightly larger than requested memory; this size difference is memory internal to a partition, but
not being used

 External Fragmentation total memory space exists to satisfy a request, but it is not
contiguous
Internal Fragmentation allocated memory may be slightly larger than requested
memory; this size difference is memory internal to a partition, but not being used
Reduce external fragmentation by compaction
Shuffle memory contents to place all free memory together in one large block
Compaction is possible only if relocation is dynamic, and is done at execution
time
I/O problem
Latch job in memory while it is involved in I/O
Do I/O only into OS buffers
Types of Memory
Hierarchical layering
registers
cache
primary (main) memory
secondary (backing store, local disk) memory
file servers (networked storage)
small amount of fast, expensive memory cache

some medium-speed, medium price main memory

gigabytes of slow, cheap disk storage
MMU - Memory Management Unit of the operating system handles the memory
hierarchy.
Objective of Memory Management
. Keep track of what parts of memory are in use.
2. Allocate memory to processes when needed.
3. Deallocate when processes are done.
4. Swapping, or paging, between main memory and disk, when disk is too small to hold all
current processes.

PAGE REPLACEMENT ALGORITHM

Page replacement algorithms are the techniques using which Operating System decides which
memory pages to swap out, write to disk when a page of memory needs to be allocated. Paging
happens whenever a page fault occurs and a free page cannot be used for allocation purpose
accounting to reason that pages are not available or the number of free pages is lower than
required pages.
When the page that was selected for replacement and was paged out, is referenced again then
it has to read in from disk, and this requires for I/O completion. This process determines the
quality of the page replacement algorithm: the lesser the time waiting for page-ins, the better is
the algorithm. A page replacement algorithm looks at the limited information about accessing
the pages provided by hardware, and tries to select which pages should be replaced to
minimize the total number of page misses, while balancing it with the costs of primary storage
and processor time of the algorithm itself. There are many different page replacement
algorithms. We evaluate an algorithm by running it on a particular string of memory reference
and computing the number of page faults.

REFERENCE STRING
The string of memory references is called reference string. Reference strings are generated
artificially or by tracing a given system and recording the address of each memory reference.
The latter choice produces a large number of data, where we note two things.

For a given page size we need to consider only the page number, not the entire address.

If we have a reference to a page p, then any immediately following references to page p

will never cause a page fault. Page p will be in memory after the first reference; the
immediately following references will not fault.

For example, consider the following sequence of addresses - 123,215,600,1234,76,96

If page size is 100 then the reference string is 1,2,6,12,0,0

FIRST IN FIRST OUT (FIFO) ALGORITHM

Oldest page in main memory is the one which will be selected for replacement.

Easy to implement, keep a list, replace pages from the tail and add new pages at the
head.

OPTIMAL PAGE ALGORITHM

An optimal page-replacement algorithm has the lowest page-fault rate of all algorithms.
An optimal page-replacement algorithm exists, and has been called OPT or MIN.

Replace the page that will not be used for the longest period of time . Use the time
when a page is to be used.

LEAST RECENTLY USED (LRU) ALGORITHM

Page which has not been used for the longest time in main memory is the one which will
be selected for replacement.

Easy to implement, keep a list, replace pages by looking back into time.

PAGE BUFFERING ALGORITHM

To get process start quickly, keep a pool of free frames.

On page fault, select a page to be replaced.

Write new page in the frame of free pool, mark the page table and restart the process.

Now write the dirty page out of disk and place the frame holding replaced page in free
pool.

LEAST FREQUENTLY USED(LFU) ALGORITHM

Page with the smallest count is the one which will be selected for replacement.

This algorithm suffers from the situation in which a page is used heavily during the initial
phase of a process, but then is never used again.

MOST FREQUENTLY USED(LFU) ALGORITHM

This algorithm is based on the argument that the page with the smallest count was
probably just brought in and has yet to be used.

PAGE REPLACEMENT ALGORITHM

CHAPTER 5- INPUT OUTPUT MANAGEMENT

I/O HARDWARE
OVERVIEW
Computers operate on many kinds of devices. General types include storage devices (disks,
tapes), transmission devices (network cards, modems), and human-interface devices (screen,
keyboard, mouse). Other devices are more specialized. A device communicates with a
computer system by sending signals over a cable or even through the air.
The device communicates with the machine via a connection point termed a port (for example,
a serial port). If one or more devices use a common set of wires, the connection is called a
bus.In other terms, a bus is a set of wires and a rigidly defined protocol that specifies a set of
messages that can be sent on the wires.
DAISY CHAIN
When device A has a cable that plugs into device B, and device B has a cable that plugs into
device C, and device C plugs into a port on the computer, this arrangement is called a daisy
chain. It usually operates as a bus.
CONTROLLER
A controller is a collection of electronics that can operate a port, a bus, or a device. A serial-port
controller is an example of a simple device controller. This is a single chip in the computer that
controls the signals on the wires of a serial port.
The SCSI bus controller is often implemented as a separate circuit board (a host adapter) that
plugs into the computer. It contains a processor, microcode, and some private memory to
enable it to process the SCSI protocol messages. Some devices have their own built-in
controllers.

I/O PORT
An I/O port typically consists of four registers, called the status , control, data-in, and data-out
registers.
S.N. Register & Description

Status
Register
The status register contains bits that can be read by the host. These bits indicate states
such as whether the current command has completed, whether a byte is available to be
read from the data-in register, and whether there has been a device error.

Control
register
The control register can be written by the host to start a command or to change the mode
of a device. For instance, a certain bit in the control register of a serial port chooses
between full-duplex and half-duplex communication, another enables parity checking, a
third bit sets the word length to 7 or 8 bits, and other bits select one of the speeds
supported by the serial port.

Data-in
The data-in register is read by the host to get input.

register

Data-out
The data out register is written by the host to send output.

register

BUS :The bus that connects the CPU to main memory on the motherboard. I/Obuses, which connect
the CPU with the systems other components, branch off of the system bus.
The system bus is also called the frontside bus, memory bus, local bus, or host bus.
A collection of wires through which data is transmitted from one part of acomputer to another.
You can think of a bus as a highway on which data travels within a computer. When used in
reference to personal computers, the term bus usually refers to internal bus. This is a bus that
connects all the internal computer components to the CPU and main memory. There's also
anexpansion bus that enables expansion boards to access the CPU and memory.
All buses consist of two parts -- an address bus and a data bus. The data bus transfers actual
data whereas the address bus transfers information about where the data should go.

The size of a bus, known as its width, is important because it determines how much data can be
transmitted at one time. For example, a 16-bit bus can transmit 16 bits of data, whereas a 32bit bus can transmit 32 bits of data.
Every bus has a clock speed measured in MHz. A fast bus allows data to be transferred faster,
which makes applications run faster. On PCs, the old ISA bus is being replaced by
faster buses such as PCI.
Nearly all PCs made today include a local bus for data that requires especially fast transfer
speeds, such as video data. The local bus is a high-speed pathway that connects directly to
the processor. Several different types of buses are used on Apple Macintosh computers. Older
Macs use a bus calledNuBus, but newer ones use PCI.
In networking, a bus is a central cable that connects all devices on a local-area network (LAN).
It is also called the backbone.

POLLING
Polling is a process by which a host waits for controller response.It is a looping process, reading
the status register over and over until the busy bit of status register becomes clear. The
controller uses/sets the busy bit when it is busy working on a command, and clears the busy bit
when it is ready to accept the next command. The host signals its wish via the command-ready
bit in the command register. The host sets the command-ready bit when a command is
available for the controller to execute.
In the following example, the host writes output through a port, coordinating with the
controller by handshaking

The host repeatedly reads the busy bit until that bit becomes clear.

The host sets the write bit in the command register and writes a byte into the data-out
register.

The host sets the command-ready bit.

When the controller notices that the command-ready bit is set, it sets the busy bit.

The controller reads the command register and sees the write command.

It reads the data-out register to get the byte, and does the I/O to the device.

The controller clears the command-ready bit, clears the error bit in the status register to
indicate that the device I/O succeeded, and clears the busy bit to indicate that it is
finished.

I/O DEVICES
I/O Devices can be categorized into following category.
S.N. Category & Description

Human
readable
Human Readable devices are suitable for communicating with the computer user.
Examples are printers, video display terminals, keyboard etc.

Machine
readable
Machine Readable devices are suitable for communicating with electronic equipment.
Examples are disk and tape drives, sensors, controllers and actuators.

Communication
Communication devices are suitable for communicating with remote devices. Examples
are digital line drivers and modems.

Following are the differences between I/O Devices

S.N. Criteria & Description

Data rate
There may be differences of several orders of magnitude between the data transfer rates.

Application
Different devices have different use in the system.

Complexity of Control
A disk is much more complex whereas printer requires simple control interface.

Unit of transfer
Data may be transferred as a stream of bytes or characters or in larger blocks.

Data representation

Different data encoding schemes are used for different devices.

Error Conditions
The nature of errors differs widely from one device to another.

DIRECT MEMORY ACCESS (DMA)

Many computers avoid burdening the main CPU with programmed I/O by offloading some of
this work to a special purpose processor. This type of processor is called, a Direct Memory
Access(DMA) controller. A special control unit is used to transfer block of data directly between
an external device and the main memory, without intervention by the processor. This approach
is called Direct Memory Access(DMA).
DMA can be used with either polling or interrupt software. DMA is particularly useful on
devices like disks, where many bytes of information can be transferred in single I/O operations.
When used with an interrupt, the CPU is notified only after the entire block of data has been
transferred. For each byte or word transferred, it must provide the memory address and all the
bus signals controlling the data transfer. Interaction with a device controller is managed
through a device driver.
Handshaking is a process between the DMA controller and the device controller. It is performed
via wires using terms DMA request and DMA acknowledge.

Step Description
1

Device driver is instructed to transfer disk data to a buffer address X.

Device driver then instruct disk controller to transfer data to buffer.

Disk controller starts DMA transfer.

Disk controller sends each byte to DMA controller.

DMA controller transfers bytes to buffer, increases the memory address, decreases the
counter C until C becomes zero.

When C becomes zero, DMA interrupts CPU to signal transfer completion.

DEVICE CONTROLLERS
A computer system contains a many types of I/O devices and their respective controllers

network card

graphics adapter

disk controller

DVD-ROM controller

serial port

USB

sound card

I/O SOFTWARE
INTERRUPTS
The CPU hardware uses an interrupt request line wire which helps CPU to sense after executing
every instruction. When the CPU checks that a controller has put a signal on the interrupt
request line, the CPU saves a state, such as the current value of the instruction pointer, and
jumps to the interrupt handler routine at a fixed address. The interrupt handler part determines
the cause of the interrupt, performs the necessary processing and executes a interrupt
instruction to return the CPU to its execution state.
The basic mechanism of interrurpt enables the CPU to respond to an asynchronous event, such
as when a device controller become ready for service. Most CPUs have two interrupt request
lines.

non-maskable interrupt - Such kind of interrupts are reserved for events like
unrecoverable memory errors.

maskable interrupt - Such interrupts can be switched off by the CPU before the
execution of critical instructions that must not be interrupted.

The interrupt mechanism accepts an address - a number that selects a specific interrupt
handling routine/function from a small set.In most architectures, this address is an offset stored
in a table called the interrupt vector table. This vector contains the memory addresses of
specialized interrupt handlers.

APPLICATION I/O INTERFACE

Application I/O Interface represents the structuring techniques and interfaces for the operating
system to enable I/O devices to be treated in a standard, uniform way. The actual differences
lies kernel level modules called device drivers which are custom tailored to corresponding
devices but show one of the standard interfaces to applications. The purpose of the devicedriver layer is to hide the differences among device controllers from the I/O subsystem of the
kernel, such as the I/O system calls. Following are the characteristics of I/O interfaces with
respected to devices.

Character-stream / block - A character-stream device transfers bytes in one by one

fashion, whereas a block device transfers a complete unit of bytes.

Sequential / random-access - A sequential device transfers data in a fixed order

determined by the device, random-access device can be instructed to seek position to
any of the available data storage locations.

Synchronous / asynchronous - A synchronous device performs data transfers with

known response time where as an asynchronous device shows irregular or
unpredictable response time.

Sharable / dedicated - A sharable device can be used concurrently by several processes

or threads but a dedicated device cannot be used.

Speed of operation - Device speeds may range from a few bytes per second to a few
gigabytes per second.

Read-write, read only, or write only - Some devices perform both input and output, but
others support only one data direction that is read only.

CLOCKS
Clocks are also called timers. The clock software takes the form of a device driver though a
clock is neither a blocking device nor a character based device. The clock software is the clock
driver. The exact function of the clock driver may vary depending on operating system.
Generally, the functions of the clock driver include the following.

S.N. Task

Description

Maintaining the time of the day

The clock driver implements the time of day or

the real time clock function.It requires
incrementing a counter at each clock tick.

As a process is started, the scheduler initializes

the quantum counter in clock ticks for the
process. The clock driver decrements the
quantum counter by 1, at every clock
Preventing processes from running too
interrupt. When the counter gets to zero ,
long
clock driver calls the scheduler to set up
another process. Thus clock driver helps in
preventing processes from running longer
than time slice allowed.

Accounting for CPU usage

Another function performed by clock driver is

doing CPU accounting. CPU accounting implies
telling how long the process has run.

Watchdog timers are the timers set by certain

Providing watchdog timers for parts of parts of the system. For example, to use a
the system itself
floppy disk, the system must turn on the
motor and then wait about 500msec for it to

comes up to speed.

KERNEL I/O SUBSYSTEM

Kernel I/O Subsystem is responsible to provide many services related to I/O. Following are
some of the services provided.

Scheduling - Kernel schedules a set of I/O requests to determine a good order in which
to execute them. When an application issues a blocking I/O system call, the request is
placed on the queue for that device. The Kernel I/O scheduler rearranges the order of
the queue to improve the overall system efficiency and the average response time
experienced by the applications.

Buffering - Kernel I/O Subsystem maintains a memory area known as buffer that stores
data while they are transferred between two devices or between a device with an
application operation. Buffering is done to cope with a speed mismatch between the
producer and consumer of a data stream or to adapt between devices that have
different data transfer sizes.

Caching - Kernel maintains cache memory which is region of fast memory that holds
copies of data. Access to the cached copy is more efficient than access to the original.

Spooling and Device Reservation A spool is a buffer that holds output for a device, such
as a printer, that cannot accept interleaved data streams. The spooling system copies
the queued spool files to the printer one at a time. In some operating systems, spooling
is managed by a system daemon process. In other operating systems, it is handled by an
in kernel thread.

Error Handling An operating system that uses protected memory can guard against
many kinds of hardware and application errors.

Kernel provided many services related to I/O. The several services. (1) Scheduling (2) Buffering
(3) Caching (4) Spooling
(5) Device reservation and
(6) Error handling are provided by Lhe Kernels I/O subsystems.
1) I/O scheduling: To schedule a set of-I/O requests means to determine a good order in which to
execute them. The order in which applications issue system calls rarely is the best choice.

Scheduling can improve overall system performance, can share device access fairly among
processes and can reduce the average waiting time for I/O to complete.
Operating system developers implement scheduling by maintaining a queue of requests for each
device. When an application issues a blocking I/O system call, the request is placed on the queue
for that device. The I/O sub system improves the efficiency of the computer is by scheduling I/O
operations.
2) Buffering: A Buffer is a memory area that stores data while they are transferred between two
devices (or) between a device and an applications. Buffering is done fore three reasons.
One reason is to cope with a speed mismatch between the producer and consumer of a data
stream. For example that a file is being received via modem for storage on the hard disk. The
modem is about a thousand times slower than the hard disk. So a buffer is created in main
memory to accumulate the bytes received from the modem. When an entire buffer ot data has
arrived, the buffer can be written to disk in a single operation.
A second use of buffering is to adapt between devices that have different data transfer sizes.
Such disparities are especially common in computer networking. Where buffers are used widely
for fragmentation and reassembly of messages. At the sending side, a large message is
fragmented into small network packets. The packets are sent over the network, and the receiving
side places them in a reassembly buffer to form an image of the source data.
A third use of buffering is to support copy semantics for application I/O. A example will clarify
the meaning of copy semantics. Suppose that an application has a buffer of data that it wishes to
write to disk.
3) Caching: A cache is a region of fast memory that holds copies of data. Access to the cached
copy is more efficient than access to the original. For instance the instructions of the currently
running process are stored on disk, cached in physical memory and copied again in the CPUs
secondary and primary caches. The difference between a buffer and a cache is that a buffer may
hold the only existing copy of a data item, where as a cache, by definition, just holds a copy an
faster storage of an item that resides else where.
4) Spooling and Device reservation: A spool is a buffer that holds output for a device, such as a
printer that cannot accept inter level data streams. Although a printer can serve only one job at a
time, several applications may wish to print their output mixed together. The operating system
solves this problem by intercepting all output to the printer. Each applications output is spooled
to a separate disk file. When an application finishes printing, the spooling system queues the
corresponding spool file for output to the printer. The spooling system copies the queued spool
flies to the printer one at a time.
5)Error Handling: An operating system that uses protected memory can guard against many
kinds of hardware and application errors. So that a complete system failure is not the usual result
of each minor mechanical glitch. Devices and I/O transfers can fail in many ways, either for
transient reasons, such a network becoming overloaded (or) for permanent reasons such as a

disk controller becoming detective. Operating systems can often compensate effectively for
transient failures. For instance, a disk read ( ) failure results in a read ( ) retry, and a network
send ( ) error results in a resend ( ), if the protocol so specifies, unfortunately, if an important
component experiences a permanent failure, the operating system is unlikely to recover.

CACHING VS BUFFERING
In general, buffering is the process of holding data in a region of the memory until the
data is transported from one place to another. Buffering is used when moving data between
processes in the computer and in telecommunication. Typically, buffering is required when
there is difference between the speeds in which the data is received and data is processed.
Caching is the process of storing data in a separate place (called the cache) such that they could
be accessed faster if the same data is requested in the future. When some data is requested,
the cache is first checked to see whether it contains that data. If data is already in the cache,
the request can be satisfied faster.

WHAT IS BUFFERING?
Buffering is the process of holding data in a region of the memory until the data is
transported from one place to another. This region of memory that holds the data is called a
buffer. Buffering is used when there is a difference between the speed in which the data is
received and the speed in which the data is processed. Even though buffering can be
implemented using hardware buffers or software buffers, most widely used are the software
buffers. Buffering is widely used in printer spooler, online video streaming and
telecommunication (when transferring data from one device to another). Most of the time,
buffering is done by writing data in to a queue in one speed and reading the data from the
queue in another speed.

WHAT IS CACHING?
Caching is the process of storing data in a separate place (called the cache) such that
they could be accessed faster if the same data is requested in the future. When some data is
requested, the cache is first checked to see whether it contains that data. If data is already in

the cache, it is called a cache hit. Then the data can be retrieved from the cache, which is much
faster than retrieving it from the original storage location. If the requested data is not in the
cache, it is called a cache miss. Then the data needs to be fetched from the original storage
location, which would take a longer time. Caching is used in different places. In the CPU,
caching is used to improve the performance by reducing the time taken to get data from the
main memory. In web browsers, web caching is used to store responses from previous visits to
web sites, in order to make the next visits faster.

WHATS THE DIFFERENCE BETWEEN BUFFERING AND CACHING?

Cache memory is used for storing instructions or data which are frequently used and reused. Since we use these things so frequently, it makes sense to load them into memory where
it can be quickly accessed. This cuts down disk I/O which is the slowest thing in a computer
system, and results in an overall speed and performance boost. Networks may also cache IP
addresses in order to cut down on queries of frequently used IP's. Those are just two examples
of caching.
Buffer memory is used for queuing data so an application won't have to wait for input. A good
example would be a video streaming app which typically buffers the video input. Ideally, this
buffering will prevent stuttering by keeping ahead of the demand for it. Netflix, for example,
evaluates your bandwidth's down speed, then calculates the amount of buffered video needed
to maintain a nice smooth viewing experience.
Contrary to cached data, buffered data is not intended for reuse. It gets buffered, used, and
dumped or over-written.
Even though both caching and buffering involves storing data temporally in a different location,
they have some important differences. Caching is done to reduce the access time in retrieving data from
a slower storage device. It is based on the principle that the same data will be accessed multiple times
thus storing them in cache would reduce the access time largely. Buffering is mainly used to overcome
the difference between the speeds in which the data is received and data is processed by a device.

Read more: http://www.differencebetween.com/difference-between-buffering-and-vscaching/#ixzz2dQmQ83Qj

DEVICE DRIVER
Device driver is a program or routine developed for an I/O device. A device driver implements
I/O operations or behaviours on a specific class of devices. For example a system supports one
or a number of multiple brands of terminals, all slightly different terminals may have a single
terminal driver. In the layered structure of I/O system, device driver lies between interrupt
handler and device independent I/O software. The job of a device driver are following.

To accept request from the device independent software above it.

To see to it that the request is executed.

How a device driver handles a request is as follows: Suppose a request comes to read a block N.
If the driver is idle at the time a request arrives, it starts carrying out the request immediately.
Otherwise, if the driver is already busy with some other request, it places the new request in
the queue of pending requests.

INPUT / OUTPUT SYSTEM :

There are three basic forms of input and output systems

Programmed I/O
o I/O mapped input/output
o Memory-mapped input/output

Interrupt driven I/O

Direct Memory Access(DMA)

I/O mapped input/ output uses special instructions to transfer data between the
computer system and the outside world .

Memory mapped I/O uses special memory locations in the normal address
space of the CPU to communicate with real world devices.

DMA is a special form of memory mapped I/O where the peripheral device reads
and writes memory without going through the CPU .
To send data to an output device , the CPU simply moves that data to a special
memory location in the I/O address space , if I/O mapped input/output is used or to an address
in the memory address space if memory mapped I/O is used .

To read data from an input device , the CPU simply moves data from the address
(I/O or memory) of that device into the CPU .

The input and output operation looks very similar to a memory read or write
operation except it usually takes more time since peripheral devices are slow in speed than
main memory modules

An I/O port is a device that looks like a memory cell to the computer but
contains connection to the outside world .

And I/O port typically uses a latch . When the CPU writes to the address
associated with the latch , the latch , the latch device captures the data and makes it available
on a set of wires external to the CPU and memory system .

The I/O ports can be read-only , write-only , or read/write.

First , the CPU will place the address of the device on the I/O address bus and
with the help of address decoder , a signal generated which will enable the latch .

Next , the CPU will indicate the operation is a write operation by putting the
appropriate signal in CPU write control line .

Then the data to be transferred will be placed in the CPU bus , which will be
stored in the latch for the onward transmission to the device .

Both the address decode and write control lines must be active for the latch to
operate .

The device is identified by putting he appropriate address in the I/O address lines
. The address decoder will generate the signal for the address decode lines . According to the
operation , read or write , it will select either of the latch .

If it is a write operation , then data will be placed in the latch from CPU for
onward transmission to the output device .

If it is in a read operating , the data that are already stored in the latch will be
transferred to the CPU .

A read only( input ) port is simply the lower half of the figure .

In case of I/O mapped I/O , a different address space is used for I/O devices . The
address space for memory is different . In case of memory mapped I/O , same address space is

used for both memory and I/O devices . Some of the memory address space are kept reserved
for I/O devices .

To the programmer , the difference between I/O-mapped and memory-mapped

input/output operation is the instruction to use. For memory-mapped I/O , any instruction that
accessed memory can access a memory-mapped I/O port .

I/O-mapped input/output uses special instruction to access I/O port .

Generally , a given peripheral device will use more than a single I/O port . A
typical pc parallel printer interface , for example , uses three ports , a read/write port , and
input port and an output port .

The read/write port is the data port ( it is read/write to allow the CPU to read the
last ASCII character it wrote to the printer port ).

The input port returns control signals from the printer ; these signals indicate
whether the printer is ready to accept another character , is off-line , is out of paper , etc .

The output port transmits control information to the printer such as whether
data is available to print .

Memory-mapped I/O subsystems and I/O-mapped subsystems both require the

CPU to move data between the peripheral device and main memory .

For example , to input a sequence of 20 bytes from an input port and store
these bytes into memory , the CPU must send each value and store it into memory .

For very high-speed I/O devices , this may not be an effective approach to
transfer one byte at a time . Such devices generally contain an interface to the CPUs bus to it
can directly read and write memory .

This is known as direct memory access .Since , the peripheral device accesses
memory directly , without using the CPU as in intermediate device .

This often allows the I/O operation to proceed in parallel with other CPU
operations . Thus , increasing the overall speed of the system .

Note , however , that the CPU and DMA device cannot both use the address and
data buses at the same time .

Therefore , concurrent processing only occurs if the CPU has a cache and is ,
executing code and accessing data found in the cache( so the bus is free ).

I/O COMMANDS :

To execute an I/O-related instruction , the processor issues an address ,

specifying the particular I/O module and external device , and an I/O command . There are four
types of I/O commands that an I/O module will receive when it is addressed by a processor

Control : Used to activate a peripheral device and instruct it what to do . For

example , a magnetic tape unit may be instructed to rewind or to move
forward one record . these commands are specific to a particular type of
peripheral device .
Test : Used to test various status conditions associated with an I/O module
and its peripherals . The processor will want to know if the most recent I/O
operation is completed or any error has occurred .

 Read : Causes the I/O module to obtain an item of data from the peripheral
and place it in the internal buffer.
Write : Causes the I/O module to take an item of data
( byte or word ) from the data bus and subsequently transmit the data item
to the peripheral .

OPERATING SYSTEM DESIGN ISSUES

Efficiency
o Most I/O devices slow compared to main memory (and the CPU)
Use of multiprogramming allows for some processes to be waiting on I/O
while another process executes
Often I/O still cannot keep up with processor speed
Swapping may used to bring in additional Ready processes; More I/O
operations
OPTIMISE I/O EFFICIENCY ESPECIALLY DISK & NETWORK I/O
The quest for generality/uniformity:
o Ideally, handle all I/O devices in the same way; Both in the OS and in user
applications
o Problem:
Diversity of I/O devices
Especially, different access methods (random access versus stream
based) as well as vastly different data rates.
Generality often compromises efficiency!
o Hide most of the details of device I/O in lower-level routines so that processes
and upper levels see devices in general terms such as read, write, open, close,
lock, unlock

Scheduling, I/O Management and Disk Scheduling

4.6 OPERATING SYSTEM DESIGN ISSUES

DESIGN OBJECTIVES
Two main objectives in designing the I/O facility: Efficiency and generality.
Efficiency is important because I/O operation often forms a problem in a computing system.
One way to tackle this problem in multiprogramming, allows some processes to be waiting on
I/O operations while another process is executing. Thus, a major effort on I/O design has been
schemes for improving the efficiency of the I/O.
The other major objective is generality. In the interests of simplicity and freedom from error, it
is desirable to handle all devices in a uniform manner. Because of diversity of device
characteristics, it is difficult in practice to achieve true generality. What can be done is to use a
hierarchical, modular approach to the design of the I/O.

LOGICAL STRUCTURE OF THE I/O FUNCTION

The local peripheral device communicates in a simple fashion, such as a stream of bytes or
records. The important layers are:

Logical I/O: The logical I/O module deals with device as a logical resource. This module is
concerned with managing general I/O functions on behalf of user processes. It deals
with the device in terms of simple commands such as open, close, read, write.

Device I/O: The requested operations and data are converted into appropriate
sequences of I/O instructions, channel commands. And controller orders. Buffering
techniques may be used to improve utilization.

Scheduling and control : The actual queuing and scheduling of I/O operations

Occurs at this layer, as well as the control of the operations. Thus, interrupts are handled at this
layer and I/O status is collected and reported. This is the layer of software that actually
interacts with the I/O module and hence the device hardware.
The next structure is communication port that looks much the same as the first case. The Only
difference is that the logical I/O module is replaced by communications architecture. The last
one is File system. The layers are

Directory management: At this layer, symbolic file names are converted to identifiers.
The identifiers either refer to the file directly or indirectly through a file descriptor or
index table.

File system: This layer deals with the logical structure of files and with the operations
that can be specified by users, such as open, close, read, write.

Access rights are also managed at this layer.

Physical organization: In segmentation and paging structure, logical references to files

and records must be converted to physical secondary storage addresses, taking into
account the physical track and sector structure of the secondary storage device.
Allocation of secondary storage space and main storage buffers is treated in this layer.

. I/O DEVICES
External Devices that are used in I/O with computer systems can be roughly grouped into three
classes

Human readable: Suitable for communicating with the computer user. Eg.Display,
Keyboard, and perhaps other devices such as mouse

Machine Readable: Suitable for communication with electronic equipment Eg. disk ,tape
drives, sensors, controllers, and actuators

Communication: Suitable for communication with remote devices. Eg. Digital line drivers
and modems.

There are great differences across these classes are

Data rate : There may be differences in data transfer rate

Application: The use of the device on the software and policies in the operating system
and supporting utilities.

For eg. A disk used for files requires the support of file management.
o

Complexity of control: A printer requires a relatively simple control interface.

A disk is much more complex.

Unit of transfer : Data may transferred as a stream of bytes or characters(eg.terminal

I/O) or in larger blocks(e.g disk I/O)

Data representation : Different data encoding schemes are used by different device,
including differences in character code and parity conventions

Error conditions : The nature errors, the way in which they are reported, their
consequences, and the available range of responses differ widely from one device to
another

4.5 ORGANIZATION OF THE I/0 FUNCTIONS

Programmed I/O: The processor issues and I/O command, on behalf of a process, to and I/O
module; that process then busy waits for the operation to be completed before proceeding.
Interrupt-driven I/O: The processor issues an I/O command on behalf of a process. After that
the processor continues to execute subsequent instructions and is interrupted by I/O module
when the latter has completed its work. The subsequent instructions may be in the same
process, if it is not necessary for that process to wait for the completion of the I/O.
Direct memory access: A DMA module controls the exchange of data between main memory
and an I/O module.

4.5.1 THE EVOLUTION OF THE I/O FUNCTION

The evolutionary steps of I/O are

1. The processor controls a peripheral device. This is seen in simple microprocessor- controlled
device.
2. A controller or I/O module is added. The processor uses programmed I/O without interrupts.
3. The same configuration as step 2 is used, but now interrupts are employed. The processor
need not spend time waiting for an I/O operation to be performed, thus increasing efficiency
4. The I/O module is given direct control of memory view DMA. I t can now more a block of data
to or from memory without involving the processor, except at the beginning and end of the
transfer
5. The I/O module is enhanced to become a separate processor, with a specialized instruction.
The CPU directs the I/O processor to execute program in main memory. The I/O processor is to
execute theses instructions without processor intervention.
6. The I/O module has a local memory of its own and is, in fact, a computer in its own right.
With this architecture, a large set of I/O devices can be controlled with minimal processor
involvement. A common use for such architecture has been to control communications with
interactive terminals. The I/O processor takes care of most of the tasks involved in controlling
the terminals.
For all of the modules described in steps 4 through steps 6, the term direct memory access is
appropriate, because all of these types involve direct control of main memory by the I/O
module. Also, the I/O module in step 5 often is referred to as an I/O channel and that in step 6
as an I/O processor

4.5.2 DIRECT MEMORY ACCESS

The DMA module controls the exchange of data between main memory and an I/O module. It
needs system bus to do this. The DMA module must use the bus only when the processor does
not need it, or it must force the processor to suspend operation temporarily. The latter

technique is more common and is referred to as cycle stealing, because the DMA unit in effect
steals a bus cycle.

Figure 4.4 DMA Controller

The DMA technique works as follows.

Whether a read or write is requested, using read or write control line between the
processor and the DMA module.

The address of the I/O device involved is communicated on the data lines.

The starting location in memory to read from or write to, communicated on the data
lines and stored by the DMA module in its address register.

The number of words to be read or written, again communicated via the data lines and
stored in the data count register.

The Processor then continues with other work. It has assigned this I/O operation to DMA
module. The DMA module transfers the entire block of data, one word at a time, directly to or
from memory, without going through the processor. When the transfer is complete, the DMA
module sends an interrupt signal to the processor. Thus, the processor is involved only at the
beginning and end of the transfer.
The DMA mechanism can be in different ways. Some possibilities are shown in figure.

4.7 I/O Buffering

There is a speed mismatch between I/O devices and CPU. This leads to inefficiency in processes
being completed. To increase the efficiency, it may be convenient to perform input transfers in
advance of requests being made and to perform output transfers some time after the request is
made. This technique is known as buffering.
In discussing the various approaches to buffering, it is sometimes important to make a
distinction between two types of I/O devices:

Block-oriented devices store information in blocks that are usually of fixed size and
transfers are made one block at a time. Eg.Disk,tape

Stream-oriented devices transfer data in and out as a stream of bytes, with no block
structure. Eg. Terminals, printers, communications port, mouse.

SINGLE BUFFER
The simplest type of buffering is single buffering. When a user process issues and I/O request,
the operating system assigns a buffer in the system portion of main memory to the operation.
For block-oriented devices, the single buffering scheme can be described as follows: Input

transfers are made to the system buffer. When the transfer is complete, the process moves the
block into user space and immediately requests another block.

FIGURE 4.6 I/O BUFFERING SCHEMES

For stream oriented I/O, the single buffering scheme can be used in a line- at- a time Fashion or
a byte-at-a-time fashion. In line-at-a-time fashion user input and output to the terminal is one
line at a time. For eg. Scroll-mode terminals, line printer.
Suppose that T is required to input one block and that C is the computation time.

Without buffering, the execution time per block is essentially T+C. With a single buffer, the time
is max[C, T] +M, Where M is the time required to move the data from the system buffer to user
memory.

DOUBLE BUFFER
An improvement over single buffering can be done by assigning two system buffers to
operation. A process now transfers data to one buffer while the operating system empties the
other. This technique is known as double buffering or buffer swapping.
For block-oriented transfer, we can roughly estimate the execution time as max[C,T].In both
cases(C<= T and C>T) an improvement over single buffering is achieved. Again, this
improvement comes at the cost of increased complexity. For stream-oriented input, there are
two alternative modes of operation. For line-at-a time I/O, the user process need not be
suspended for input or output, unless the process runs ahead of the double buffers. For byteat-a time operation, the double buffer offers no particular advantage over a single buffer of
twice the length.

CIRCULAR BUFFERING
Double buffering may be inadequate if the process performs rapid bursts of I/O. In this case,
the problem can be solved by using more than one buffer. When more than two buffers are
used, the collection of buffers is itself referred to as a circular buffer.

THE UTILITY OF BUFFERING

Buffering is a technique that smooths out peaks in I/O demand. However, no amount of
buffering will allow an I/O device to keep pace with a process indefinitely when average
demand of the process is greater than the I/O device can service. Even with multiple buffers, all
of the buffers will eventually fill up and the process will have to wait after processing each
chunk of data.

DISK SCHEDULING
In this section, we highlight some of the key issues of the performance of disk system.

4.8.1Disk performance parameters

The actual details of disk I/O operation depend on the computer system, operating system and
the nature of I/O channel and disk controller hardware. When the disk drive is operating, the
disk is rotating at constant speed. To read or write, the head must be positioned at the desired
track and at the beginning of desired sector on that track. Track can be selected using either
moving-head or fixed-head. On a movable-head system, the time it takes to position the head
at the track is known as seek time. In either case, once the track is selected, the disk controller
waits until the appropriate sector is reached. The time it takes to find the right sector is known
as rotational delay or rotational latency. The sum of seeking time and the rotational delay are
access time (the time taken to read or write).
In addition to these times, there are several queuing times associated with disk operation.
When a process issues an I/O request, it must first wait in a queue for the device to be
available. At that time, the device is assigned to the process. If the device shares a single I/O
channel or a set of I/O channels with other disk drives, then there may be an additional wait for
the channel to be available.

SEEK TIME
Seek time is the time required to move the disk arm to the required track. The seek time
consists of two key components: the initial startup time, and the time taken to traverse the
tracks. The traversal time is not a linear function of the number of tracks but includes a startup
time and a settling time.

ROTATIONAL DELAY
Magnetic disks, other than floppy disks, have rotational speeds in the range 400 to 10,000 rpm.
Floppy disks typically rotate at between 300 to 600rpm. Thus the average delay will be between
100 and 200 ms.

TRANSFER TIME
The transfer time to or from the disk depends on the rotation speed of the disk in the following
fashion:
T=b/rN
Where
T=transfer time
B= number bytes to be transferred
N = number of bytes on a track
R= rotation speed, in revolutions per second
Thus the total average access time can be expressed as Ta=Ts+1/2r+b/rN
Where Ts is the average seek time

4.8.2.Disk Scheduling Policies

There are several disk scheduling Policies with different seek time.
Random scheduling: The requested track is selected randomly.
Example of Various Scheduling Algorithm

Eg. Assume a disk with 200 tracks and that the disk request queue has random requests in it.
The requested tracks, in the order received, are 55, 58, 39, 18, 90, 160, 150, 38, 184.
FIFO

SSTF

SCAN

C-SCAN

Next track No.of

Next track No.of

Next track No.of

Next track No.of

accessed tracks

accessed tracks

accessed tracks

accessed tracks

traversed

traversed

traversed

traversed

55

45

90

10

150

50

150

50

58

58

32

160

10

160

10

39

19

55

184

24

184

24

18

21

39

16

90

94

90

164

90

72

38

58

32

58

20

160

70

18

20

55

55

150

10

150

132

39

16

39

16

38

112

160

10

38

38

184

146

184

24

18

20

18

32

Average

55.3

Average

27.5

Average

27.8

Average

35.8

seek

seek

seek

seek

length

length

length

length

Figure 4.7 Comparison of Disk scheduling algorithms

FIRST IN-FIRST OUT

The I/O requests are satisfied in the order in which they arrived.

PRIORITY
With a system based on priority (PRI), the control of the scheduling is outside the control of disk
management. The short batch jobs and interactive jobs are given higher priority than longer
jobs that require longer computation. This type of policy tends to be poor for database systems.

LAST IN FIRST OUT

In this policy the most recent requests are given preference. In transaction processing systems,
giving the device to the most recent user should result in little or no arm movement for moving
through a sequential file. FIFO, Priority, and LIFO scheduling are based solely on attributes of
the queue or the requester.

SHORTEST SERVICE TIME FIRST

The SSTF policy is to select the disk I/O request that requires the least movement of the disk
arm from its current position. Thus, we always choose to incur the minimum seek time. This
policy provides better performance than FIFO.

SCAN
With the exception of FIFO, all of the policies can leave some request unfulfilled until the entire
queue is emptied. That is, there may always be new requests arriving that will be chosen before
an existing request. With SCAN, the arm is required to move in one direction only, satisfying all
outstanding requests, until it reaches the last track in that direction or until there are no more
requests in that direction.

C-SCAN
The C-SCAN (circular SCAN) policy restricts scanning to one direction only. Thus, when the last
track has been visited in one direction, the arm is returned to the opposite end of the disk and

the scan begins again. This reduces the maximum delay experienced by new requests. With
SCAN, if the expected time for a scan from inner track to outer track is t, then the expected
service interval for sectors at the periphery is 2t. With C-SCAN, the interval is on the order of t +
s max where s max is the maximum seek time.

N-step-SCAN and FSCAN

With SSTF, SCAN AND C-SCAN it is possible that the arm may not move for a considerable
period of time. High-density disks are more likely to be affected. By this characteristic than
lower density disks and/or disks with only one or two surfaces. To avoid this arm stickiness
the disk request queue can be segmented, with one segment at a time being processed
completely.
The N-step-SCAN policy segments the disk request queue into sub queues of length N. Sub
queues are processed one at a time, SCAN. While a queue is being processed, new requests
must be added to some other queue. If Fewer than N requests are available at the end of a
scan, then all of them are processed with the next scan. With large values of N, the
performance of N-step-SCAN approaches that of SCAN; with a value of N=1, the FIFO policy is
adopted.
FSCAN is a policy that uses two sub queues. When a scan begins, all of the requests are in one
of the queues, with the other empty. During the scan, all new requests are put into the other
queue. Thus service of new requests is deferred until all of the old requests have been
processed.
Interrupts are signals sent to the CPU by external devices, normally I/O devices. They
tell the CPU to stop its current activities and execute the appropriate part of the
operating system.
There are three types of interrupts:
1. Hardware Interupts are generated by hardware devices to signal that
they need some attention from the OS. They may have just received some
data (e.g., keystrokes on the keyboard or an data on the ethernet card); or

they have just completed a task which the operating system previous
requested, such as transfering data between the hard drive and memory.
2. Software Interupts are generated by programs when they want to
request a system call to be performed by the operating system.
3. Traps are generated by the CPU itself to indicate that some error or
condition occured for which assistance from the operating system is
needed.
Interrupts are important because they give the user better control over the computer.
Without interrupts, a user may have to wait for a given application to have a higher
priority over the CPU to be ran. This ensures that the CPU will deal with the process
immediately.

1.5.2. CPU Execution Mode

See also

Audio about CPU Mode bits

There are two modes of execution, known as user mode and kernel or supervisor mode.
User mode is restricted in that certain instructions cannot be executed, certain registers
cannot be accessed, and I/O devices can not be accessed. Kernel mode has none of
these restrictions. A system call will set the CPU to kernel mode, as will traps and
interrupts. Application programs cannot do this.
Mode bit: Supervisor or User mode

Supervisor mode
o Can execute all machine instructions
o Can reference all memory locations
User mode
o Can only execute a subset of instructions
o Can only reference a subset of memory locations

1.5.3. CPU Response to Interrupts

A key point towards understanding how operating systems work is to understand what
the CPU does when an interrupt occurs. The hardware of the CPU does the exact same
thing for each interrupt, which is what allows operating systems to take control away
from the current running user process. The switching of running processes to execute
code from the OS kernel is called a context switch.

CPUs rely on the data contained in a couple registers to correctly handle interrupts. One
register holds a pointer to the process control block of the current running process. This
register is set each time a process is loaded into memory. The other register holds a
pointer to a table containing pointers to the instructions in the OS kernel for interrupt
handlers and system calls. The value in this register and contents of the table are set
when the operating system is initialized at boot time.
The CPU performs the following actions in response to an interrupt:
1. Using the pointer to the current process control block, the state and all register
values for the process are saved for use when the process is later restarted.
2. The CPU mode bit is switched to supervisory mode.
3. Using the pointer to the interrupt handler table and the interrupt vector, the
location of the kernel code to execute is determined. The interrupt vector is the
IRQ for hardware interrupts (read from an interrupt controller register) and an
argument to the interrupt assembly language instruction for software interrupts.
4. Processing is switched to the appropriate portion of the kernel.

The CPU uses a table and the interrupt vector to find OS the code to execute in
response to interrupts. A software interrupt is shown here.

As the computer runs, processing switches between user processes and the operating
system as hardware and software interrupts are received.
MASKABLE AND NON-MASKABLE INTERRUPT ;-

The interrupt which can be ignored by the processor ,while performing its operations are called
maskable interrupts. generally maskable interrupts are the interrupts that comes from the
pheripheral devices.
where as the non maskable interrupts are the interrupts which cannot be ignored. generally these
type of interrupts are specified to be software interrupts.
the examples of maskable are: mouseclick,memoryreadetc
the examples of non_maskableare:powerfailure,softwarecorruptedetc

Chapter 6- File Management

FILE
A file is a named collection of related information that is recorded on secondary storage such as
magnetic disks, magnetic tapes and optical disks.In general, a file is a sequence of bits, bytes,
lines or records whose meaning is defined by the files creator and user.

FILE STRUCTURE
File structure is a structure, which is according to a required format that operating system can
understand.

A file has a certain defined structure according to its type.

A text file is a sequence of characters organized into lines.

A source file is a sequence of procedures and functions.

An object file is a sequence of bytes organized into blocks that are understandable by
the machine.

In Database a file has a little different structure

record
A subdivision of a file, containing data related to a single entity.
field
A subdivision of a record containing a single attribute of the entity
which the record describes.
stream of bytes
A file which is regarded as being without structure beyond
separation into a sequential set of bytes.

When operating system defines different file structures, it also contains the code to
support these file structure. Unix, MS-DOS support minimum number of file structure.

FILE TYPE
File type refers to the ability of the operating system to distinguish different types of file such as
text files source files and binary files etc. Many operating systems support many types of files.
Operating system like MS-DOS and UNIX have the following types of files:

ORDINARY FILES

These are the files that contain user information.

These may have text, databases or executable program.

The user can apply various operations on such files like add, modify, delete or even
remove the entire file.

DIRECTORY FILES

These files contain list of file names and other information related to these files.

SPECIAL FILES:

These files are also known as device files.

These files represent physical device like disks, terminals, printers, networks, tape drive
etc.

These files are of two types

Character special files - data is handled character by character as in case of terminals or

printers.

Block special files - data is handled in blocks as in the case of disks and tapes.
DIRECTORY

Directories :-Directories are the mechanism provided by O.S. to keep track of files. A
directory records info a bout the files in the particular partition.
Directory typically contains one entry per file. It may contain Name, Attributes and
Location or
It may contain Name and pointer to Attribute information
There are many types of directory structure in Operating System. They are as follows :1) Single Level Directory
2) Two Level Directory
3) Tree Structured Directory
4) Acyclic Graph Directory
5) General Graph Directory

1) SINGLE LEVEL DIRECTORY

In Single Level Directory all files are in the same directory.
Limitations of Single Level Directory
a) Since all files are in the same directory, they must have unique name.
b) If two user call their data free test, then the unique name rule is violated.
c) Files are limited in length.
d) Even a single user may find it difficult to remember the names of all files as the number of
file increases.
e) Keeping track of so many file is daunting task.

2) TWO LEVEL DIRECTORY

i) Each user has Its own User File Directory (UFD).
ii) When the user job start or user log in, the system Master File Directory (MFD) is searched.
MFD is indexed by user name or Account Number.
iii) When user refers to a particular file, only his own UFD is searched.
Thus different users may have files with same name. To have a particular file uniquely, in a two
level directory, we must give both the user name and file name.
A two level directory can be a tree or an inverted tree of height 2
The root of a tree is Master File Directory (MFD).
Its direct descendents are User File Directory (UFD). The descendents of UFD's are file
themselves.

The files are the leaves of the tree.

Limitations of Two Level Directory
The structure effectively isolates one user from another.

3) TREE STRUCTURED DIRECTORY

A directory (or Sub directory) contains a set of files or sub directories. All
directories has the same internal format.
i) One bit in each directory entry defines the entry.
ii) Special calls are used to create and delete directories.
iii) Each process has a current directory. Current directory should contain most of the files that
are of current interest to the process.
iv) When a reference is made to a file, the current directory is searched.
v) The user can change his current directory whenever he desires.
vi) If a file is not needed in the current directory then the user usually must either specify a path
name or change the current directory.
Paths can be of two types :a) Absolute Path
Begins at root and follows a path down to the specified file.
b) Relative Path
Defines a path from current directory.
vii) Deletions if directory is empty, its entry in the directory that contains it can simply deleted.
If it is not empty: One of the Two approaches can be taken :a)User must delete all the files in the directory.

b)If any sub directories exist, same procedure must be applied.

The UNIX rm command is used.
MS dos will not delete a directory unless it is empty.

4) ACYCLIC GRAPH DIRECTORY

Acyclic Graph is the graph with no cycles. It allows directories to share sub directories
and files. With a shared file, only one actual file exists, so any changes made by one
person are immediately visible to the another.
IMPLEMEMTATION OF SHARED FILES AND DIRECTORIES
i) To create a link
. A link is effectively a pointer to another file or sub directory.
. Duplicate all the information about them in both sharing directories.
ii) Deleting a link
. Deletion of the link will not effect the original file, only link is removed.
. To preserve the file until all references to it are deleted.

 Tree Structure:-Efficient searching

Grouping Capability
Current directory (working directory)
cd /spell/mail/prog
type list
Absolute or relative path name
Creating a new file is done in current directory
Delete a file
rm<file-name>
Creating a new subdirectory is done in current directory
mkdir<dir-name>
Example: if in current directory /mail
mkdir count

FILE ACCESS MECHANISMS

File access mechanism refers to the manner in which the records of a file may be accessed.
There are several ways to access files

Sequential access

Direct/Random access

Indexed sequential access

SEQUENTIAL ACCESS
A sequential access is that in which the records are accessed in some sequence i.e the
information in the file is processed in order, one record after the other. This access method is
the most primitive one. Example: Compilers usually access files in this fashion.

DIRECT/RANDOM ACCESS

Random access file organization provides, accessing the records directly.

Each record has its own address on the file with by the help of which it can be directly
accessed for reading or writing.

The records need not be in any sequence within the file and they need not be in
adjacent locations on the storage medium.

INDEXED SEQUENTIAL ACCESS

This mechanism is built up on base of sequential access.

An index is created for each file which contains pointers to various blocks.

Index is searched sequentially and its pointer is used to access the file directly.

FREE SPACE ALLOCATION

Files are allocated disk spaces by operating system. Operating systems deploy following three
main ways to allocate disk space to files.

Contiguous Allocation

Linked Allocation

Indexed Allocation

CONTIGUOUS ALLOCATION

Each file occupy a contiguous address space on disk.

Assigned disk address is in linear order.

Easy to implement.

External fragmentation is a major issue with this type of allocation technique.

LINKED ALLOCATION

Each file carries a list of links to disk blocks.

Directory contains link / pointer to first block of a file.

No external fragmentation

Effectively used in sequential access file.

Inefficient in case of direct access file.

INDEXED ALLOCATION

Provides solutions to problems of contigous and linked allocation.

A index block is created having all pointers to files.

Each file has its own index block which stores the addresses of disk space occupied by
the file.

Directory contains the addresses of index blocks of files.

File Allocation Methods

One main problem in file management is how to allocate space for files so that disk space is
utilized effectively and files can be accessed quickly. Three major methods of allocating disk
space

are:

Contiguous

Allocation

Linked

Allocation

Indexed

Allocation.

Each method has its advantages and disadvantages. Accordingly, some systems support all
three (e.g. Data General's RDOS). More commonly, a system will use one particular method for
all

files.

Contiguous File Allocation

Each file occupies a set of contiguous block on the disk

Allocation using first fit/best fit.

A need for compaction

Only starting block and length of file in blocks are needed to work with the file

Allows random access

Problems with files that grow.

each file occupies a set of consecutive addresses on disk
each directory entry contains:

file name
starting address of the first block
block address = sector id (e.g., block = 4K)
length in blocks
usual dynamic storage allocation problem
o use first fit, best fit, or worst fit algorithms to manage storage
if the file can increase in size, either
o leave no extra space, and copy the file elsewhere if it expands
o leave extra space
o
o
o
o

Linked File Allocation or Chained File Allocation

Each file is a linked list of blocks

NO external fragmentations

Effective for sequential access.

Problematic for direct access

ach data block contains the block address of the next block in the file
each directory entry contains:
o file name
o block address: pointer to the first block
o sometimes, also have a pointer to the last block (adding to the end of the file is
much faster using this pointer)

File Allocation Table (FAT)

Variation of the link list(MS/DOS and OS/2)

- A section of the disk at the beginning of each partition (Volume) is set aside to contain a FAT
- FAT has one entry for each disk block, pointing to the next block in the file.
-

The

link

list

- Actual file blocks contain no links

is

implemented

in

that

section

Indexed File Allocation

Indexed allocation is bringing all the pointers together

Much more effective for direct access

Inefficient for small files

store all pointers together in an index table
o the index table is stored in several index blocks
o assume index table has been loaded into main memory

FILE ORGANISATION TECHNIQUES :Five different types of File Organization available:

The pile
The Sequential file
The Indexed Sequential file
The Indexed file
The Direct or hashed file

The Pile :- It's the simplest possible organization: the data are collected in the file in the order
in which they arrive, and it's not even required that the records have a common format across
the file (different fields/sizes, same fields in different orders, etc.are possible). This implies that
each record/field must be self-describing. Despite the obvious storage efficiency and the easy
update, it's quite clear that this ``structure'' is not suited for easy data retireval, since retrieving
a datum basically requires detailed analysis of the file content. It makes sense only as
temporary storage for data to be later structured in some way.

Data are collected in the order they arrive

Purpose is to accumulate a mass of data and save it
Records may have different fields
No structure
Record access is by exhaustive search

The Sequential File:- This is the most common structure for large files that are typically
processed in their entirety, and it's at the heart of the more complex schemes. In this scheme,
all the records have the same size and the same field format, with the fields having fixed size as
well. The records are sorted in the file according to the content of a field of a scalar type, called
``key''. The key must identify uniquely a records, hence different record have diferent keys. This

organization is well suited for batch processing of the entire file, without adding or deleting
items: this kind of operation can take advantage of the fixed size of records and file; moreover,
this organization is easily stored both on disk and tape. The key ordering, along with the fixed
record size, makes this organization amenable to dicotomic search However, adding and
deleting records to this kind of file is a tricky process: the logical sequence of records
tipycallymatches their physical layout on the media storage, so to ease file navigation, hence
adding a record and maintaining the key order requires a reorganization of the whole file. The
usual solution is to make use of a ``log file'' (also called ``transaction file''), structured as a pile,
to perform this kind of modification, and periodically perform a batch update on the master
file.

Fixed format used for records

Records are the same length

All fields the same (order and length)

Field names and lengths are attributes of the file

One field is the key filed (Primary key)

Contains key field and a pointer to the main file

Search continues in the main file at the location indicated by the pointer

Indexed Sequential File:- An index file can be used to effectively overcome the above
mentioned problem, and to speed up the key search as well. The simplest indexing structure is
the single-level one: a file whose records are pairs key-pointer, where the pointer is the
position in the data file of the record with the given key. Only a subset of data records, evenly
spaced along the data file, are indexed, so to mark intervals of data records.
A key search then proceeds as follows: the search key is compared with the index ones to find
the highest index key preceding the search one, and a linear search is performed from the
record the index key points onward, until the search key is matched or until the record pointed
by the next index entry is reached. In spite of the double file access (index + data) needed by
this kind of search, the decrease in access time with respect to a sequential file is significant.
Consider, for example, the case of simple linear search on a file with 1,000 records. With the
sequential organization, an average of 500 key comparisons are necessary (assuming uniformly
distributed search key among the data ones). However, using and evenly spaced index with 100
entries, the number of comparisons is reduced to 50 in the index file plus 50 in the data file: a
5:1 reduction in the number of operations.
This scheme can obviously be hierarchically extended: an index is a sequential file in itself,
amenable to be indexed in turn by a second-level index, and so on, thus exploiting more and
more the hierarchical decomposition of the searches to decrease the access time. Obviously, if
the layering of indexes is pushed too far, a point is reached when the advantages of indexing
are hampered by the increased storage costs, and by the index access times as well.

New records are added to an overflow file

Record in main file that precedes it is updated to contain a pointer to the new
record

The overflow is merged with the main file

Multiple indexes for the same key field can be set up to increase efficiency

Indexed File:- Why using a single index for a certain key field of a data record? Indexes can be
obviously built for each field that uniquely identifies a record (or set of records within the file),
and whose type is amenable to ordering. Multiple indexes hence provide a high degree of
flexibility for accessing the data via search on various attributes; this organization also allows
the use of variable length records (containing different fields).
It should be noted that when multiple indexes are are used the concept of sequentiality of the
records within the file is useless: each attribute (field) used to construct an index typically
imposes an ordering of its own. For this very reason is typicaly not possible to use the ``sparse''
(or ``spaced'') type of indexing previously described. Two types of indexes are usually found in
the applications: the exhaustive type, which contains an entry for each record in the main file,
in the order given by the indexed key, and the partial type, which contain an entry for all those
records that contain the chosen key field (for variable records only).

Uses multiple indexes for different key fields

May contain an exhaustive index that contains one entry for every record in the
main file
May contain a partial index

The Direct or Hashed File :- In a hash file, records are not stored sequentially in a file
instead a hash function is used to calculate the address of the page in which the record is to be
stored.
The field on which hash function is calculated is called as Hash field and if that field acts as the
key of the relation then it is called as Hash key. Records are randomly distributed in the file so it
is also called as Random or Direct files. Commonly some arithmetic function is applied to the
hash field so that records will be evenly distributed throughout the file.

Directly access a block at a known address

Key field required for each record
Security refers to providing a protection system to computer system resources such as CPU,
memory, disk, software programs and most importantly data/information stored in the
computer system. If a computer program is run by unauthorized user then he/she may cause
severe damage to computer or data stored in it. So a computer system must be protected
against unauthorized access, malicious access to system memory, viruses, worms etc. We're
going to discuss following topics in this article.

Authentication

One Time passwords

Program Threats

System Threats

Computer Security Classifications

AUTHENTICATION
Authentication refers to identifying the each user of the system and associating the executing
programs with those users. It is the responsibility of the Operating System to create a
protection system which ensures that a user who is running a particular program is authentic.
Operating Systems generally identifies/authenticates users using following three ways:

Username / Password - User need to enter a registered username and password with
Operating system to login into the system.

User card/key - User need to punch card in card slot, or enter key generated by key
generator in option provided by operating system to login into the system.

User attribute - fingerprint/ eye retina pattern/ signature - User need to pass his/her
attribute via designated input device used by operating system to login into the system.

ONE TIME PASSWORDS

One time passwords provides additional security along with normal authentication. In OneTime Password system, a unique password is required every time user tries to login into the
system. Once a one-time password is used then it can not be used again. One time password
are implemented in various ways.

Random numbers - Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets
randomly chosen.

Secret key - User are provided a hardware device which can create a secret id mapped
with user id. System asks for such secret id which is to be generated every time prior to
login.

Network password - Some commercial applications send one time password to user on
registered mobile/ email which is required to be entered prior to login.

PROGRAM THREATS
Operating system's processes and kernel do the designated task as instructed. If a user program
made these process do malicious tasks then it is known as Program Threats. One of the
common example of program threat is a program installed in a computer which can store and

send user credentials via network to some hacker. Following is the list of some well known
program threats.

Trojan Horse - Such program traps user login credentials and stores them to send to
malicious user who can later on login to computer and can access system resources.

Trap Door - If a program which is designed to work as required, have a security hole in
its code and perform illegal action without knowledge of user then it is called to have a
trap door.

Logic Bomb - Logic bomb is a situation when a program misbehaves only when certain
conditions met otherwise it works as a genuine program. It is harder to detect.

Virus - Virus as name suggest can replicate themselves on computer system .They are
highly dangerous and can modify/delete user files, crash systems. A virus is generatlly a
small code embedded in a program. As user accesses the program, the virus starts
getting embedded in other files/ programs and can make system unusable for user.

SYSTEM THREATS
System threats refers to misuse of system services and network connections to put user in
trouble. System threats can be used to launch program threats on a complete network called as
program attack. System threats creates such an environment that operating system resources/
user files are mis-used. Following is the list of some well known system threats.

Worm -Worm is a process which can choked down a system performance by using
system resources to extreme levels.A Worm process generates its multiple copies where
each copy uses system resources, prevents all other processes to get required
resources. Worms processes can even shut down an entire network.

Port Scanning - Port scanning is a mechanism or means by which a hacker can detects
system vulnerabilities to make an attack on the system.

Denial of Service - Denial of service attacks normally prevents user to make legitimate
use of the system. For example user may not be able to use internet if denial of service
attacks browser's content settings.

COMPUTER SECURITY CLASSIFICATIONS

As per the U.S. Department of Defense Trusted Computer System's Evaluation Criteria there are
four security classifications in computer systems: A, B, C, and D. This is widely used
specifications to determine and model the security of systems and of security solutions.
Following is the brief description of each classfication.

S.N.

Classification
Type

Description

Type A

Highest Level. Uses formal design specifications and verification

techniques.Grants a high degree of assurance of process security.
Provides mandatory protection system. Have all the properties of a class
C2 system. Attaches a sensitivity label to each object.It is of three types.

Type B

B1 - Maintains the security label of each object in the

system.Label is used for making decisions to access control.

B2 - Extends the sensitivity labels to each system resource, such

as storage objects, supports covert channels and auditing of
events.

B3 - Allows creating lists or user groups for access-control to grant

access or revoke access to a given named object.

Provides protection and user accountability using audit capabilities. It is

of two types.
3

C1 - Incorporates controls so that users can protect their private

information and keep other users from accidentally reading /
deleting their data. UNIX versions are mostly Cl class.

C2 - Adds an individual-level access control to the capabilities of a

Cl level system

Type C

Type D

Lowest level. Minimum protection. MS-DOS, Window 3.1 fall in this

category.

RAID stands for Redundant Array of Inexpensive Disks.

RAID is the organization of multiple disks into a large, high performance logical disk.
With RAID the following two things are performed
(a) Redundancy
(b) Data Striping
Data striping transparently distributes data over multiple disks to make them appear as a single
fast, large disk. Striping improves aggregate I/O performance by allowing multiple I/Os to be
serviced
in
parallel.
There
are
2
aspects
to
this
parallelism.

Multiple, independent requests can be serviced in parallel by separate disks. This

decreases the queueing time seen by I/O requests.
Single, multiple block requests can be serviced by multiple disks acting in co-ordination.
This increases the effective transfer rate seen by a single request. The performance
benefits increase with the number of disks in the array. Unfortunately, a large number
of disks lowers the overall reliability of the disk array.

Disk arrays stripe data across multiple disks and access them in parallel to achieve:

Higher data transfer rates on large data accesses and

Higher I/O rates on small data accesses.

Data striping also results in uniform load balancing across all of the disks, eliminating hot spots
that otherwise saturate a small number of disks, while the majority of disks sit idle.
Redundancy :-The solution to the problem of lower reliability in disk arrays is to improve
theavailability of the system. This can be achieved by employing redundancy in the form of
error-correcting codes to tolerate disk failures. A redundant disk array can now retain data for
much longer time than an unprotected single disk.

Reliability is how well a system can work without any failures in its components. If there is a
failure, the system was not reliable.
Availability is how well a system can work in times of a failure. If a system is able to work even
in the presence of a failure of one or more system components, the system is said to be
available.
Redundancy improves the availability of a system, but cannot improve the reliability. Reliability
can only be increased by improving manufacturing technologies or using lesser individual
components in a system.
The need for RAID can be summarized in two points given below. The two keywords are
Redundant
and
Array.

An array of multiple disks accessed in parallel will give greater throughput than a single
disk.
Redundant data on multiple disks provides fault tolerance.

VARIOUS RAID LEVELS

RAID 0 :-(Striped Disk Array with Fault Tolerance):-RAID Level 0 requires a minimum of 2
drives to implement

CHARACTERISTICS AND ADVANTAGES

o

RAID 0 implements a striped disk array, the data is broken down into blocks and each
block is written to a separate disk drive

I/O performance is greatly improved by spreading the I/O load across many channels
and drives

Best performance is achieved when data is striped across multiple controllers with only
one drive per controller

No parity calculation overhead is involved

Very simple design

Easy to implement

DISADVANTAGES
o

Not a "True" RAID because it is NOT fault-tolerant

The failure of just one drive will result in all data in an array being lost

Should never be used in mission critical environments

RECOMMENDED APPLICATIONS

Video Production and Editing

Image Editing

Pre-Press Applications

Any application requiring high bandwidth

RAID 1(Mirroring and Duplexing):- For Highest performance, the controller must be able to
perform two concurrent separate Reads per mirrored pair or two duplicate Writes per mirrored
pair.
RAID Level 1 requires a minimum of 2 drives to implement

CHARACTERISTICS & ADVANTAGES

o

One Write or two Reads possible per mirrored pair

Twice the Read transaction rate of single disks, same Write transaction rate as single disks

100% redundancy of data means no rebuild is necessary in case of a disk failure, just a copy
to the replacement disk

Transfer rate per block is equal to that of a single disk

Under certain circumstances, RAID 1 can sustain multiple simultaneous drive failures

Simplest RAID storage subsystem design

DISADVANTAGES

Highest disk overhead of all RAID types (100%) - inefficient

Typically the RAID function is done by system software, loading the CPU/Server and
possibly degrading throughput at high activity levels. Hardware implementation is strongly
recommended

May not support hot swap of failed disk when implemented in "software"
RECOMMENDED APPLICATIONS

Accounting

Payroll

Financial

Any application requiring very high availability

RAID 2(Hamming Code ECC):-

Each bit of data word is written to a data disk drive (4 in this example: 0 to 3). Each data word
has its Hamming Code ECC word recorded on the ECC disks. On Read, the ECC code verifies
correct data or corrects single disk errors.

CHARACTERISTICS & ADVANTAGES

o

"On the fly" data error correction

Extremely high data transfer rates possible

The higher the data transfer rate required, the better the ratio of data disks to ECC disks

Relatively simple controller design compared to RAID levels 3,4 & 5

DISADVANTAGES
o

Very high ratio of ECC disks to data disks with smaller word sizes - inefficient

Entry level cost vey high - requires very high transfer rate requirement to justify

Transaction rate is equal to that of a single disk at best (with spindle synchronization)

No commercial implementations exist / not commercially viable

RAID 3(Parallel Transfer with Parity):-

The data block is subdivided ("striped") and written on the data disks. Stripe parity is generated
on
Writes,
recorded
on
the
parity
disk
and
checked
on
Reads.
RAID Level 3 requires a minimum of 3 drives to implement
CHARACTERISTICS & ADVANTAGES
o

Very high Read data transfer rate

Very high Write data transfer rate

Disk failure has an insignificant impact on throughput

Low ratio of ECC (Parity) disks to data disks means high efficiency

DISADVANTAGES
o

Transaction rate equal to that of a single disk drive at best (if spindles are synchronized)

Controller design is fairly complex

Very difficult and resource intensive to do as a "software" RAID

RECOMMENDED APPLICATIONS

Video Production and live streaming

Image Editing

Video Editing

Prepress Applications

Any application requiring high

RAID 4(Independent data disk with shard parity disk) :-

Each entire block is written onto a data disk. Parity for same rank blocks is generated on Writes,
recorded
on
the
parity
disk
and
checked
on
Reads.
RAID Level 4 requires a minimum of 3 drives to implement

CHARACTERISTICS & ADVANTAGES

o

Very high Read data transaction rate

Low ratio of ECC (Parity) disks to data disks means high efficiency

High aggregate Read transfer rate

DISADVANTAGES
o

Quite complex controller design

Worst Write transaction rate and Write aggregate transfer rate

Difficult and inefficient data rebuild in the event of disk failure

Block Read transfer rate equal to that of a single disk

RAID5(Independent Data Disk with Distributed Parity Blocks):Each entire data block is written on a data disk; parity for blocks in the same rank is generated
on Writes, recorded in a distributed location and checked on Reads.
RAID Level 5 requires a minimum of 3 drives to implement

CHARACTERISTICS & ADVANTAGES

o

Highest Read data transaction rate

Medium Write data transaction rate

Low ratio of ECC (Parity) disks to data disks means high efficiency

Good aggregate transfer rate

DISADVANTAGES
o

Disk failure has a medium impact on throughput

Most complex controller design

Difficult to rebuild in the event of a disk failure (as compared to RAID level 1)

Individual block data transfer rate same as single disk

RECOMMENDED APPLICATIONS

File and Application servers

Database servers

Web, E-mail, and News servers

Intranet servers

Most versatile RAID level

RAID 6(Independent Data Disk with Two Independent Parity Schemes):Two independent parity computations must be used in order to provide protection against
double disk failure. Two different algorithms are employed to achieve this purpose.
RAID Level 6 requires a minimum of 4 drives to implement

CHARACTERISTICS & ADVANTAGES

o

RAID 6 is essentially an extension of RAID level 5 which allows for additional fault
tolerance by using a second independent distributed parity scheme (dual parity)

Data is striped on a block level across a set of drives, just like in RAID 5, and a second set
of parity is calculated and written across all the drives; RAID 6 provides for an extremely
high data fault tolerance and can sustain multiple simultaneous drive failures

RAID 6 protects against multiple bad block failures while non-degraded

RAID 6 protects against a single bad block failure while operating in a degraded mode

Perfect solution for mission critical applications

DISADVANTAGES
o

More complex controller design

Controller overhead to compute parity addresses is extremely high

Write performance can be brought on par with RAID Level 5 by using a custom ASIC for
computing Reed-Solomon parity

Requires N+2 drives to implement because of dual parity scheme

RECOMMENDED APPLICATIONS

File and Application servers

Database servers

Web and E-mail servers

Intranet servers

Excellent fault-tolerance with the lowest overhead

EXAMPLE ON CLOUD COMPUTING

Let's say you're an executive at a large corporation. Your particular responsibilities include
making sure that all of your employees have the right hardware and software they need to do
their jobs. Buying computers for everyone isn't enough -- you also have to purchase software or
software licenses to give employees the tools they require. Whenever you have a new hire, you
have to buy more software or make sure your current software license allows another user. It's so
stressful that you find it difficult to go to sleep on your huge pile of money every night.
Soon, there may be an alternative for executives like you. Instead of installing a suite of software
for each computer, you'd only have to load one application. That application would allow
workers to log into a Web-based service which hosts all the programs the user would need for his
or her job. Remote machines owned by another company would run everything from e-mail to
word processing to complex data analysis programs. It's called cloud computing, and it could
change the entire computer industry.

In a cloud computing system, there's a significant workload shift. Local computers no longer
have to do all the heavy lifting when it comes to running applications. The network of computers
that make up the cloud handles them instead. Hardware and software demands on the user's side
decrease. The only thing the user's computer needs to be able to run is the cloud computing
system's interface software, which can be as simple as a Web browser, and the cloud's network
takes care of the rest.
There's a good chance you've already used some form of cloud computing. If you have an e-mail
account with a Web-based e-mail service like Hotmail, Yahoo! Mail or Gmail, then you've had
some experience with cloud computing. Instead of running an e-mail program on your computer,
you log in to a Web e-mail account remotely. The software and storage for your account doesn't
exist on your computer -- it's on the service's computer cloud.