Operating System Theory and Design
Greetings all!
I
have been very fortunate to have had the opportunity to take a course in operating
systems theory and design which outlined the fundamental concepts that underlie
an operating system. This course has helped me gain a greater understanding of
the inner workings of a modern-day computer system. There are so many things
that go on behind the scenes of using a computer! It is incredible how each feature
in an operating system works together. I very excited to share with you the
concepts and ideas behind what I learned.
During the five
weeks of class, I developed a concept map which illustrates by cross connecting
most of the features in a contemporary operating system, I will include the
link below so you can check it out! The following section goes in depth about
the features listed in the concept map. I hope you enjoy!
Operating
System
An operating
system (OS) controls a computer system's essential functions and provides an
environment for program execution (Silberschatz, Galvin, & Gagne, 2014). The
most crucial roles of an operating system include the user interface, system calls,
program execution, input/output operations, file systems, communications,
resource allocation, accounting, error detection, and protection/security.
The user
interface (UI) allows users to interact (exchange information) with the
system using input and output devices such as display, keyboard, mouse, microphone,
speaker, touchpad, etc. Several methods used to give commands to an OS include a
command-line interpreter, graphical user interface (GUI), and batch. System calls
provide the interaction between a process and the OS. The key categories of
system calls include process control, file manipulation, device manipulation,
information maintenance, communications, and protection (Silberschatz,
Galvin, & Gagne, 2014).
Program Execution is the process that
loads a program to the main memory and allows execution. An operating system's input/output
operation controls the data exchange between external devices (touchscreen,
mouse, keyboard, etc.) to the main memory or register CPU (Silberschatz,
Galvin, & Gagne, 2014). The file system function is used to
read and write files and directories within a computer system. This function
creates files in the system and helps locate them. The communications function
understands and performs commands that are input by the user or program. It
translates the instructions into a language that the system can understand and
then executes the results using shared memory or message passing (Silberschatz,
Galvin, & Gagne, 2014).
Additionally, resource
allocation manages the system resources to manage its tasks appropriately.
This function determines the best use of the CPU routine by considering CPU
speed, number of tasks, number of registers, etc. The accounting function
keeps track of the resources used by system users for billing or usage
statistics. This feature is valuable for researchers looking to reconfigure the
system to improve computing services. The error detection component
detects and corrects errors in the CPU, memory hardware, input/output devices,
and user programs. It serves as a way to ensure correct and consistent use of a
system. The protection/security feature helps secure and protect the
operating system internally and externally (Silberschatz, Galvin, & Gagne,
2014). It ensures that all access to the system is controlled.
It is important to
note that not all operating systems are identical. A common approach in OS
structure is "to partition the task into small components, or modules,
rather than having one monolithic system" (Silberschatz, Galvin, & Gagne,
2014, Pg.78). The standard methods of OS design include the simple
structure, the layered approach, microkernels, modules, and hybrid systems.
While many of these structures are complex and challenging to manage, the module
approach is considered the "best current methodology for operating system
design" (Silberschatz, Galvin, & Gagne, 2014). In a modular operating
system, the systems are divided into different processes, each with its own
interface. This approach is beneficial in the sense of system failure. Instead
of the whole system being affected during a failure, only the failed process is
affected since each process runs independently. The main components of a
modular OS are loadable kernel modules with their own memory space. According
to Silberschatz,
Galvin, & Gagne (2014), the modular approach provides core services while
the other services are implemented dynamically while the kernel is operating. This
type of design is common in modern UNIX systems such as Solaris, Linux, Mac OS
X, and Windows.
Processing
In computing, a
process refers to a program in execution (Silberschatz, Galvin, & Gagne, 2014). Characteristics
of a process include the program counter, process stack, registers, and the
program code (only the text section). When a program is in execution, its state
changes depending on what the current action this. The process states include
new, ready, running, waiting, and terminated (as shown in the image below).
New- The process is being executed or in the stage of creation.
Ready- The process
is ready to be assigned to a processor.
Running- The
instructions are being executed.
Waiting- The
process is waiting for an event to occur, such as input/output.
Terminated- The
process has finished its execution.
According to Silberschatz,
Galvin, & Gagne (2014), "each process is represented in the
operating system by a process control block (PCB). The process control block
includes the process state, process number, program counter, registers,
scheduling information, memory limits, and a list of open files. As mentioned
above, the process state may be new, ready, running, waiting, and terminated. The
process number represents the number of processes, and the program counter shows
the address of the next instruction that must be carried out. The registers specify
the number of registers used by the process, including accumulators, index
registers, stack pointers, general-purpose registers, and condition code
information (Silberschatz,
Galvin, & Gagne, 2014). Suppose there is an interruption in the
program counter. The process state is stored until it is fixed and ready to
carry out properly. CPU scheduling information includes the processes priority,
scheduling queues, and other parameters. The list of open files is the files
related to the process in execution.
Threads
A thread is a unit
of processing performed within an operating system. Threads exist within a
process (Silberschatz,
Galvin, & Gagne, 2014). A single thread process is structured to
execute one operation at a time. If there are additional requests, the system
waits until the current process is carried out and terminated, then begins the following
process. A multi-thread process is designed to execute multiple instructions at
the same time. Multithreaded models are more efficient and yield higher
performance than single-threaded models since the process instructions are
carried out simultaneously. In this model, if a thread fails or gets blocked, the
remaining threads continue running.
Critical Section
The critical
section is a code where processes gain access to shared variables (Silberschatz,
Galvin, & Gagne, 2014). One key idea of the critical section is that
only one process can access its critical section at a time. So, when multiple
processes are attempting to access the same resources at once, problems arise.
The diagram located on the image above (labeled critical section problem) shows
how a process requests permission to enter its critical section (located in the
entry section) and obtains the resources needed for it to execute—then followed
by the exit section, which handles the process exiting from the critical
section. The exit section releases the required resources and then informs the
other processes that the critical section is open. The techniques to solve the problem
related to the critical section include mutual exclusion, progress, and bound
waiting. Mutual exclusion suggests that
only one process should be in its critical section at a given time. If more
processes require its critical section, they must wait until the section is
free. Progress means that if there are no processes in the critical section, it
is free for other processes to enter the critical section. Bounded waiting
means that each process has a limited waiting time or should not wait
continuously to access the critical section.
Memory
According to Silberschatz,
Galvin, & Gagne (2014), "memory is central to the operation of
a modern computer system" (Pg. 325). Initially, computer systems used the
single user contiguous method. In this method, a single process used the entire
physical memory (RAM) to execute a job, and once the memory was clear, another task
was able to be performed. This method proved to be inefficient and time-consuming
since jobs could not be executed in parallel. To achieve an efficient
multi-processing system, a computer system needs a hardware device called a
memory management unit (MMU) that helps control and organize virtual memory (Silberschatz,
Galvin, & Gagne, 2014).
Virtual
Address
In simple words,
the virtual memory scheme allows a program to think it is the only programming
running by having access to the entire address space. So, if a computer's
physical memory is only 32 GB, and the executed processes exceed that amount, the
tasks could still be carried out efficiently (using virtual memory). While a
systems CPU generates the virtual address space, the memory unit generates the
physical address space. A virtual address space is the collection of all the
virtual addresses produced by a program, and the physical address space is the collection
of all physical addresses created by a program (Silberschatz, Galvin, & Gagne, 2014).
Both are the same in compile time and in load time; however, they are different
in execution time. The image below shows
the virtual address being converted into physical memory using a memory
management system. It also offers the multi-step processing of a user program.
In the MMU scheme,
processes are mapped using the virtual address to the physical memory, based on
their number of bytes. The amount in the relocation register is added to every
address produced by the user (Silberschatz, Galvin, & Gagne, 2014). For instance,
the image above that illustrates a system that contains a memory management
unit. The user process generates the logical address (343), which is then added
to the relation register (14000). When sent to the memory, the relocation
register converts the virtual address to a physical address (14346). This
scheme is beneficial because each process is self-contained, meaning it does
not write over other apps. Instead, each task has its own virtual address space
with a range of 0 to max (Silberschatz, Galvin, & Gagne, 2014) split up in the
memory space. The MMU and the OS work together to ensure that each address
arrives in the correct location in physical RAM.
File
Management
Another essential component of an operating system is how it
organizes its files. According to Silberschatz, Galvin, & Gagne (2014), "the file
systems provide a mechanism for on-line storage and access to both the data and
programs residing on a disk" (Pg. 26). The operations that must be
performed on files include creating, updating, reading, deleting, searching,
and protecting files. In most cases, using directories provides a "useful way
to segregate files into groups and manage and act on those groups" (Pg.
492). Data stored in a directory include name, location, size, position,
protection usage, and type. The variety of directories that exists are the
single-level directory, two-level directory, tree-structured directory, acyclic
graph directory, and a general graph directory. The structure of each directory
type is explained in the image below.
Types of Directories
The single-level
directory is considered the most straightforward structure (Silberschatz, Galvin,
& Gagne, 2014). All of the files are included in the same directory making
it easier to understand; however, when the number of files increases or there
are various users, all the files within the directory must be unique, so
choosing file names may be tricky. The two-level directory creates a separate
directory location for each user so the same file name could be identical for
different users; however, users cannot have duplicate file names. Each of the
user's files is located within their own directory by searching the master
directory file. This scheme does not allow users to share, read, write or
delete other users' files, and it is also not scalable.
In contrast, the tree-structured
directory has each user has its own directory, and users are not allowed to
enter the other user's directory. Although users could read the root directory,
they could not write it. Only the system administrator can modify the root
directory. The main problem with this directory scheme is that sharing files
may be an issue since the exact duplicate files cannot exist in multiple
directories. In the acyclic graph, directory structure file sharing is possible
since multiple directories can link to a similar file. An issue with this
structure is if a file is connected to a subdirectory, problems may arise when attempting
to delete the file. The general graph directory is considered the most flexible
structure because it can create a cycle where multiple directories can be
accessed using a central directory. The type of directory of a system depends
largely on the anticipated number of users and storage requirements.
Protection/Security
Another critical
component of an operating system is its protection and security. One primary
goal of system protection/security is to prevent malicious misuse of a computer
system (Silberschatz,
A., Galvin, P. B., & Gagne, G, 2014). It is important to remember
that although protection and security are associated, they are separate
entities. Protection focuses extensively on the internal threats of a computer
system which refers to regulating program access, processes, or available
resource for users. It focuses on making sure systems operate using the
principle of least privilege, which states that programs, users, and procedures
be given just enough rights to perform their intended task, nothing more (Silberschatz,
Galvin, & Gagne, 2014).
Principle
of Least Privilege
According to Silberschatz, Galvin, & Gagne
(2014), the principle of least privilege ensures that its programs, system
calls, and data structure failures do the least amount of harm and allow the
least amount of damage to be done (P. 602). Using this principle in computer
systems involves creating separate accounts for each system user that contain
individualized authorizations needed to get their job done. For example, a user
required to read the contexts of a file but not allowed to modify the file will
only have permission to read and not write or execute the file. This scheme enables
the system to be highly secure while providing the flexibility needed for a
multi-user system. Protection
can be accomplished using the domain of protection mechanism and an access
matrix. A protection domain structure specifies the resources that a process
can use.
Protection
domains
For example, the image above shows a
system with three protection domains (D1, D2, and D3). Domain 1 consists of the
object and its access rights. Read and write operations can be performed on O3
and O1; however, O2 has the ability to execute. Some domains may be singular;
however, domains can overlap. The following domains (D2 and D3) have their own
permissions; however, they overlap and share the access right to print.
According to (Silberschatz, Galvin, & Gagne, 2014), the association between
process and domain may be static or dynamic. If the association is fixed, then
we use the need-to-know principle to change the contents of the domain
dynamically. If the relation is dynamic, then there needs to be a way to switch
the domain.
Access Matrix
According to Silberschatz, Galvin, & Gagne (2014), the protection model can be viewed as an access matrix where columns represent system resources and rows represent protection domains. The entries in the matrix indicate what privileges the domain has concerning the given resource.
For example, (considering the image
above) D1 gives access for read to be carried out on objects F1 and F3. D2 permits
for print to be carried out on object printing. D3 allows read to be carried
out on object F2. It also gives access for execute to be carried out on F3. D4
gives access for read/write to be performed on objects F1 and F3. According to Silberschatz,
Galvin, & Gagne (2014), domain switching can easily be supported under this
model by providing the switch access to other domains.
Security
Security in a modern computer system focuses on a system external vulnerabilities like breaches of confidentiality, integrity, availability, theft of services, or denial of services. Security refers to protecting system resources such as the CPU, memory disk, programs, and data/information (Silberschatz, Galvin, & Gagne, 2014). If an unauthorized user uses a computer, there is a chance that the user may cause severe damage to the system itself or the data stored by the authorized user. A computer system must be protected against unauthorized user access, malicious access to the system memory, viruses, worms, etc. A way to prevent unauthorized user access is to use a password or passcode to get into the computer system itself. It is also essential to prevent a security breach against viruses and worms. The best way to secure your system against these attacks is by activating a firewall or purchasing software that blocks malicious access from network activity. Systems users must regularly update their security software to prevent an attack that may compromise their data/files and harm their computer.
Final
Thought
Understanding the fundamentals
and goals of each component in an operating system will be beneficial for my
future courses and career since I am studying and planning to work in the technology
field. Understanding the magic behind how operating systems run and how each
component links to one another will help me become a better software programmer
by establishing the different and more efficient ways to modify and improve applications
and software. I must admit that CPT 304 was challenging at times; however, its helped
me become more familiar with the distinct components designer choose and why
they choose them. Although the course was mainly based on computer systems, the
information given drew a picture of how all operating systems function. Now
when I glance at my smartphone, smartwatch, thermostat, and even my washer, I understand
how they function from a more profound point of view.
References:
Silberschatz, A., Galvin, P. B., & Gagne, G.
(2014). Operating
system concepts essentials (2nd
ed.). Retrieved from https://redshelf.com/
Comments
Post a Comment