Listor / Teknisk fysik / Operating System Concepts

Operating System Concepts

  1. Processes and Threads
  2. System calls and Process scheduling
  3. Inter-process communication
  4. Memory
  5. File system
  6. Security
  7. Virtual machines

1. Processes and Threads

Purpose of a OS

The purpose of the operating system is to provide an environment in which a user can execute programs in a convenient (abstraction between user software and hardware) and efficient (resource management between users and programs) manner.

Different OS types

Dual-mode operation

In order to ensure the proper execution of an operating system, a distinction should be made between the execution of operating-system code and user-defined code. We need two separate modes of operation: user mode and kernel mode. Kernel mode can execute all machine instructions and reference all memory locations while user mode can't.

Process descriptor (PCB)

The process descriptor (PCB) serves as the repository for any information that may vary from process to process including register values, logical state, type & location of resources it holds, allocated I/O-devices, list of open files.

Process components

Process states

Process vs thread

Threads are used for small tasks, whereas processes are used for more 'heavyweight' tasks – basically the execution of applications. Another difference between a thread and a process is that threads within the same process share the same address space, whereas different processes do not.

User level threads

Advantages Disadvantages

2. System calls and Process scheduling

System call procedure

  1. A program in the user-space make a function call to (for example) the C library.
  2. This will set up a system call with the function parameters
  3. which traps to the kernel to serve the request.
  4. Once the kernel gets control, the user state gets saved.
  5. The kernel does security and sanity checks and then attempts to fulfill the request.
  6. Then the user state is restored, the counter of the calling program is placed on the stack or in a program counter register and the control gets back to the user space.
  7. The C library routine reads the stack/register that the kernel just wrote, and returns it to the user space program.

Types of schedulers

Scheduling criteria

The times should also be predictable, processes shall not starve and priority and deadlines should be respected.

Non-preemptive vs preemptive schedulers

In a non-preemptive system, a process is only replaced when it becomes blocked as a result of requesting an I/O operation or voluntarily gives up control of the CPU. In a preemptive system, the dispatcher uses a clock interrupt to stop processes after a fixed amount of execution time (a timeslice).

Round-robin algorithm is a pre-emptive algorithm as the scheduler forces the process out of the CPU once the time quota expires.

3. Inter-process communication

IPC purposes

IPC mechanisms

It is more secure to use register than memory because other processes cant fuck up the register.


The two fundamental IPC methods for Windows OS is DDE and OLE.
Dynamic Data Exchange (DDE) is a message-based communication system between two applications. Not efficient and should not be used.
Object Linking and Embedding (OLE), designed for creating compound documents by combining objects obtained from different application programs. With linking the application contains only a reference to an object, with embedding the object is actually stored as part of the source document data. From OLE, the Component Object Model (COM) have been developed.

.NET technology

4. Memory

Memory protection hardware

Checks if memory reference is greater or equal to the base and less than the base plus limit. If not it throws a vector to the OS (address error). Base and limit registers can only be updated in kernel mode.

Trashing occurrences

When a computer's virtual memory subsystem is in a constant state swapping. The page fault rate becomes high. It occurs when its not enough physical memory due to too many programs and/or programs with poor locality of reference. The CPU performs productive work less and swapping more.

Trashing detection

Thrashing can be detected by monitoring the page fault frequency and CPU utilisation. If an increase in the number of processes leads to an increasing rate of page faults and decreasing CPU utilisation at the same time, then the system is thrashing.

Working set and Trashing prevention

A working set is a set of pages that a process needs in store at the same time and its varying between processes and during execution. In a working set model, if the sum of the working set sizes exceeds the physical memory, the process will get suspended and free the memory to another process. Alternatively, the OS can check if the page fault frequency is too high and in that case allocate more frames to the process.

Virtual memory main three strategies

Bélády's anomaly

Increasing the number of page frames results in an increase in the number of page faults for certain memory access patterns. This phenomenon is commonly experienced when using the first-in first-out (FIFO) page replacement algorithm.


Stores and retrieves data from secondary storage for use in main memory. In this scheme, the operating system retrieves data from secondary storage in same-size blocks called pages. Paging is an important part of virtual memory implementations in modern operating systems, using secondary storage to let programs exceed the size of available physical memory.

Demand paging follows that pages should only be brought into memory if the executing process demands them. This is often referred to as lazy evaluation as only those pages demanded by the process are swapped from secondary storage to main memory. Contrast this to pure swapping, where all memory for a process is swapped from secondary storage to main memory during the process startup.


Segmentation is a memory management scheme that supports the logical view of memory. A logical-address space is a collection of segments. A logical address consists of: [segment-number, offset] where segment-number represents segment name.


5. File system

Main definitions


Soft link (symbolic link/shortcut) - dir entry to path to file somewhere else. Changing path/rename a file will break a soft link.
Hard link - physical path at the storage device. Refragmentation will break a hard link.

File related system calls

Manipulated as a unit: Manipulated as a data item from a file:

6. Security

Recovery capability of NTFS

The file system NTFS used by the Windows family of operating systems enables recovering to a consistent state following a system crash or disk failure. The essence of the NTFS recovery capability is logging . Each operation that alters a file system is treated as a transaction. Each sub-operation of a transaction that alters important file system data structures is recorded in a log file before being recorded on the disk volume Using the log, a partially completed transaction at the time of a crash can later be re-done or undone when the system recovers. This can be achieved by the following steps:

1. NTFS first calls the log file system to record in the log file (in the cache) any transactions that will modify the volume structure
2. NTFS modifies the volume (in the cache)
3. The cache manager calls the log file system to prompt it to flush the log file to disk
4. Once the log file updates are safely on disk, the cache manager flushes the volume changes to disk

Security requirements and example threats


Malicious Software

Bacteria (Independent, replicate)

Program that consumes system resources by replicating itself.

Logic bomb

Logic embedded in a computer program that checks for a certain set of conditions to be present on the system. When these conditions are met, it executes some function resulting in unauthorised actions.


Secret undocumented entry point into a program, used to grant access without normal methods of access authentication.

Trojan horse

Secret undocumented routine embedded within a useful program. Execution of the program results in execution of the secret routine.

Virus (Replicate)

Code embedded within a program that causes a copy of itself to be inserted in one or more other programs. In addition to propagation, the virus usually performs some unwanted function.

Worm (Independent, replicate)

Program that can replicate itself and send copies from computer to computer across network connection. Upon arrival, the worm may be activated to replicate and propagate again. In addition to propagation, the worm usually performs some unwanted function.

7. Virtual machines

Purpose with virtualization

Abstration/replication, isolation/encapsulation, cross compatibility/legacy applications and software development/training.

Virtualization challenges

Guest OS needs to call privileged instructions, manipulate page tables and to believe that its running on a real machine.

Virtualization advantages and disadvantages

The advantages is efficient use of resources, cost and energy savings, faults and threat isolation and its simple to backup. The disadvantages is compromised performance, increased complexity, licensing costs and single point of failure.

Virtual Machine Monitor (VMM)

The VMM (or hypervisor) is a software that is responsible for hosting and managing all virtual machines. Functionality of hypervisor or Virtual Machine Monitor (VMM) varies greatly based on architecture and implementation. The VMM implements VM hardware abstraction and is responsible for running guest OS. The VMM has to partition and share CPU, memory, I/O devices.

Virtualization types

Publiceringsdatum: 2018-01-10