Part V Process Management Sadeghi, Cubaleska RUB 2008-09 Course Operating System Security Memory Management and Protection
Roadmap of Chapter 5 Notion of Process and Thread Data Structures Used to Manage Processes Ways in Which the OS Uses These Data Structures to Control Process Execution Process Scheduling Interprocess Communication (IPC) Communication in Client-Server Systems 2
Requirements of an Operating System Fundamental Task of every OS: Process Management Recall: The processor is switched among multiple application (represented as processes) that are running concurrently Multiprogramming system on a single processor The Operating System must Interleave the execution of multiple processes Allocate resources to processes, and protect the resources of each process from other processes Enable processes to share and exchange information Enable synchronization among processes 3
Concept of Process An operating system executes a variety of programs: Batch system: jobs Time-shared systems: user programs or tasks The terms job and process are used almost interchangeably What is a process? A program in execution An instance of a program running on a computer The entity that can be assigned to and executed on a processor A unit of activity characterized by the execution of a sequence of instructions, a current state, and an associated set of system instructions Process execution must progress in sequential fashion 4
Process Elements A process is comprised of: Program code (possibly shared) A set of data A number of attributes describing the state of the process including Identifier State Priority Program counter Memory pointers Context data I/O status information Accounting information 5
Process Control Block (PCB) For each process, the OS creates and maintains a Process Control Block (PCB) The PCB contains the process elements Process state Program counter CPU registers CPU scheduling information Memory-management information Accounting information I/O status information Allows support for multiple processes PCB contains sufficient information so that it is possible to interrupt a running process and later resume execution as if the interruption had not occurred 6
Process in Memory A process includes: Text section (program code) Data section (contains global variables) Stack (contains temporary data such as function parameters, return addresses, and local variables) A process may also include a heap Memory that is dynamically allocated during process run time The current activity of the process is represented by a program counter (specifies the next instruction to be executed) 7
Process State As a process executes, it changes its state new: The process is being created running: Instructions are being executed waiting: The process is waiting for some event to occur ready: The process is waiting to be assigned to a processor terminated: The process has finished execution 8
CPU Switch From Process to Process 9
Threads A process can have a single thread of execution (Allows the process to perform only one task at one time) E.g., the user cannot simultaneously type in characters and run the spell checker within the same process multiple threads of execution (allows the process to perform more that one task at a time) A PCB is extended to include information for each thread Benefits of multi-thread processes Responsiveness Resource Sharing Economy Scalability 10
Single and Multithreaded Processes 11
Roadmap of Chapter 5 Notion of Process and Thread Data Structures Used to Manage Processes Ways in Which the OS Uses These Data Structures to Control Process Execution Process Scheduling Interprocess Communication (IPC) Communication in Client-Server Systems 12
Processes and Resources Fundamentally, we can think of the OS as that entity that manages the use of system resources by processes Example scenario in the figure Process P 1 is running; at least part of the process is in main memory, and it has control of two I/O devices. Process P 2 is also in main memory but is blocked waiting for an I/O device allocated to P 1 Process P 3 has been swapped out and is therefore suspended. P 1 P 2 P 3 Virtual memory Processor I/O I/O I/O Main memory Computer resources 13
Operating System Control Structures For the OS is to manage processes and resources, it must have information about the current status of each process and resource Tables are constructed for each entity the operating system manages Different types of tables managed by OS Process tables I/O tables (devices) File tables Memory tables The tables themselves must be accessible by the OS and therefore are subject to memory management! 14
OS Control Tables Figure from [Stallings] 15
Memory Tables Memory tables are used to keep track of both main and secondary memory Some of main memory is reserved for use by the OS; the remainder is available for use by processes. Processes are maintained on secondary memory using some sort of virtual memory or simple swapping mechanism Memory tables must include this information: Allocation of main memory to processes Allocation of secondary memory to processes Protection attributes for access to shared memory regions Information needed to manage virtual memory 16
I/O Tables; File Tables I/O tables are used by the OS to manage the I/O devices and channels of the computer The OS needs to know Whether the I/O device is available or assigned The status of I/O operation The location in main memory being used as the source or destination of the I/O transfer File tables provide information about: Existence of files Location on secondary memory Current Status other attributes Sometimes this information is maintained by a file management system 17
Process Tables To manage processes the OS needs to know details of the processes, e.g., current state, process ID, location in memory, etc. These information (process attributes) are in the Process Control Block (PCB) We can group the PCB information into three general categories Process identification Processor state information Process control information 18
PCB Information Process identification Each process is assigned a unique numeric identifier Many of the other tables controlled by the OS may use process identifiers to cross-reference process tables Processor state information Consists of the contents of processor registers User-visible registers Control and status registers Stack pointers Process control information This is the additional information needed by the OS to control and coordinate the various active processes. 19
Structure of Process Images in Virtual Memory Figure from [Stallings] 20
Protection of PCB The PCB is the most important data structure in an OS It defines the state of the OS PCB requires protection A faulty routine could cause damage to the block destroying the OS s ability to manage the process Any design change to the block could affect many modules of the OS 21
Reminder: Modes of Execution Most processors support at least two modes of execution User mode (less-privileged mode) User programs typically execute in this mode System mode (more-privileged mode, kernel mode) Kernel of the operating system Certain instructions can only be executed in the moreprivileged mode Including reading or altering a control register, such as the program status word; primitive I/O instructions Instructions that relate to memory management In addition, certain regions of memory can only be accessed in the more-privileged mode 22
Reminder: Modes of Execution (cntd.) Question: How does the processor know in which mode it is to be executing? And how does it change? Answer: Typically a flag (single bit) in the program status word (PSW). This bit is changed in response to certain events. Typically, when a user makes a call to an operating system service or when an interrupt triggers execution of an operating system routine, the mode is set to the kernel mode and, upon return from the service to the user process, the mode is set to user mode. 23
Roadmap of Chapter 5 Notion of Process and Thread Data Structures Used to Manage Processes Ways in Which the OS Uses These Data Structures to Control Process Execution Process Scheduling Interprocess Communication (IPC) Communication in Client-Server Systems 24
Process Creation and Process Switching Once the OS decides to create a new process it: Assigns a unique process identifier Allocates space for the process Initializes process control block Sets up appropriate linkages Creates or expand other data structures Process switching: The CPU is assigned to another process Several design issues are raised regarding process switching What events trigger a process switch? We must distinguish between mode switching and process switching. What must the OS do to the various data structures under its control to achieve a process switch? 25
Change of Process State The steps in a process switch are: 1. Save context of processor including program counter and other registers 2. Update the process control block of the process that is currently in the Running state 3. Move process control block to appropriate queue ready; blocked; ready/suspend 4. Select another process for execution 5. Update the process control block of the process selected 6. Update memory-management data structures 7. Restore context of the selected process 26
Is the OS a Process? If the OS is just a collection of programs and if it is executed by the processor just like any other program, is the OS a process? If so, how is it controlled? Who (what) controls it? Common ways of executing an OS Non-process kernel (separate kernel) OS execution Within User Processes Process-based Operating System 27
OS execution: Non-process Kernel (Separate Kernel) Execute kernel outside of any process The concept of process is considered to apply only to user programs Operating system code is executed as a separate entity that operates in privileged mode 28
OS Execution: Execution Within User Processes Execution of OS within user processes Operating system software within context of a user process, i.e., Execute virtually all OS software in the context of a user process No need for process switch to run OS routine Common with OS on smaller computers (PCs, workstations) 29
OS Execution: Process-based Operating System Process-based operating system Implement the OS as a collection of system process As in the other options, the software that is part of the kernel executes in a kernel mode. In this case, however, major kernel functions are organized as separate processes 30
Security Issues An OS associates a set of privileges with each process These privileges dictate what resources the process may access, including regions of memory, files, privileged system instructions, and so on Typically, a process that executes on behalf of a user has the privileges that the OS recognizes for that user A system or utility process may have privileges assigned at configuration time Typically the highest level of privilege is referred to as administrator (or supervisor, or root) access 31
Root Access Root access provides access to all the functions and services of the operating system With root access, a process has complete control of the system can add or changes programs and files monitor other processes, send and receive network traffic, and alter privileges A key security issue in the design of any OS is to prevent, or at least detect, attempts by a user or a piece of malicious software (malware) from gaining unauthorized privileges on the system and, in particular, from gaining root access 32
Roadmap of Chapter 5 Notion of Process and Thread Data Structures Used to Manage Processes Ways in Which the OS Uses These Data Structures to Control Process Execution Process Scheduling Interprocess Communication (IPC) Communication in Client-Server Systems 33
Process Scheduling Queues Processes migrate among the various queues Job queue: set of all processes in the system Ready queue: set of all processes residing in main memory, ready and waiting to execute Device queues: set of processes waiting for an I/O device 34
Ready Queue And Various I/O Device Queues 35
Representation of Process Scheduling 36
Schedulers Long-term scheduler (or job scheduler) selects which processes should be brought into the ready queue Is invoked very infrequently (seconds, minutes) (may be slow) Controls the degree of multiprogramming Short-term scheduler (or CPU scheduler) selects which process should be executed next and allocates CPU Short-term scheduler is invoked very frequently (milliseconds) (must be fast) Processes can be described as either: I/O-bound process spends more time doing I/O than computations, many short CPU bursts CPU-bound process spends more time doing computations; few very long CPU bursts 37
Addition of Medium Term Scheduling Addition of medium term scheduling to the queuing diagram 38
Context Switch When CPU switches to another process, the system must save the state of the old process and load the saved state for the new process via a context switch Context of a process represented in the PCB Context-switch time is overhead; the system does no useful work while switching Time dependent on hardware support 39
Operations on Processes The processes in most systems can execute concurrently, and they may be created and deleted dynamically Thus, systems must provide mechanisms for process creation, and process termination 40
Process Creation Parent process create children processes, which, in turn create other processes, forming a tree of processes Generally, process identified and managed via a process identifier (pid) Resource sharing Parent and children share all resources Children share subset of parent s resources Parent and child share no resources Execution Parent and children execute concurrently Parent waits until children terminate 41
Process Creation (Cntd.) Address space Child duplicate of parent Child has a program loaded into it UNIX examples fork system call creates new process exec system call used after a fork to replace the process memory space with a new program 42
Example: A Tree of Processes on a Typical Solaris 43
Process Termination Process executes last statement and asks the operating system to delete it (exit) Output data from child to parent (via wait) Process resources are deallocated by operating system Parent may terminate execution of children processes (abort) Child has exceeded allocated resources Task assigned to child is no longer required If parent is exiting Some operating system do not allow child to continue if its parent terminates All children are terminated in this case (cascading termination) 44
Roadmap of Chapter 5 Notion of Process and Thread Data Structures Used to Manage Processes Ways in Which the OS Uses These Data Structures to Control Process Execution Process Scheduling Interprocess Communication (IPC) Communication in Client-Server Systems 45
Interprocess Communication (IPC) Processes within a system may be independent or cooperating Cooperating process can affect or be affected by other processes, including sharing data Reasons for cooperating processes: Information sharing Computation speedup Modularity Convenience Cooperating processes need interprocess communication (IPC) Two models of IPC Shared memory Message passing 46
Communications Models Message passing Shared memory 47
IPC: Shared Memory Systems IPC using shared memory requires communicating processes to establish a region of shared memory Typically, a shared memory region resides in the address space of the process creating the shared memory segment Other processes that wish to communicate using this shared memory segment must attach it to their address space Recall: Normally, the OS tries prevent one process from accessing other process memory Shared memory requires that two or more processes agree to remove this restriction They can then exchange information by reading and writing data in the share areas In this case one says that the processes are cooperating 48
Cooperating Processes Independent process cannot affect or be affected by the execution of another process Cooperating process can affect or be affected by the execution of another process Advantages of process cooperation Information sharing Computation speed-up Modularity Convenience Producer-consumer problem: producer process produces information that is consumed by a consumer process unbounded-buffer places no practical limit on the size of the buffer bounded-buffer assumes that there is a fixed buffer size 49
IPC: Message Passing Mechanism for processes to communicate and to synchronize their actions Message system processes communicate with each other without resorting to shared variables IPC facility provides two operations: send(message) message size fixed or variable receive(message) If P and Q wish to communicate, they need to: establish a communication link between them exchange messages via send/receive Implementation of communication link physical (e.g., shared memory, hardware bus) logical (e.g., logical properties) 50
Implementation Questions How are links established? Can a link be associated with more than two processes? How many links can there be between every pair of communicating processes? What is the capacity of a link? Is the size of a message that the link can accommodate fixed or variable? Is a link unidirectional or bi-directional? 51
Direct Communication Processes must name each other explicitly: send (P, message) send a message to process P receive(q, message) receive a message from process Q Properties of communication link Links are established automatically A link is associated with exactly one pair of communicating processes Between each pair there exists exactly one link The link may be unidirectional, but is usually bi-directional 52
Indirect Communication Messages are directed and received from mailboxes (also referred to as ports) Each mailbox has a unique id Processes can communicate only if they share a mailbox Properties of communication link Link established only if processes share a common mailbox A link may be associated with many processes Each pair of processes may share several communication links Link may be unidirectional or bi-directional Operations create a new mailbox send and receive messages through mailbox destroy a mailbox Primitives are defined as: send(a, message) send a message to mailbox A receive(a, message) receive a message from mailbox A 53
Indirect Communication: An Example Scenario Processes P 1, P 2, and P 3 all share mailbox A P 1, sends a message to A, while both P 2 and P 3 execute receive() from A Question: Which Process will receive the message sent by P 1 The answer depends on which of the following methods we choose Allow a link to be associated with at most two processes Allow only one process at a time to execute a receive operation Allow the system to select arbitrarily the receiver. Sender is notified who the receiver was. 54
Synchronization Message passing may be either blocking or non-blocking Blocking is considered synchronous Blocking send has the sender block until the message is received Blocking receive has the receiver block until a message is available Non-blocking is considered asynchronous Non-blocking send has the sender send the message and continue Non-blocking receive has the receiver receive a valid message or null 55
Buffering Both in the case of direct and indirect communication, messages exchanged by communicating processes reside in a temporary queue, i.e., queue of messages is attached to the link Such queues can be implemented in three different ways 1. Zero capacity - The queue has a maximum length of 0 messages - Sender must wait for receiver (rendezvous) 2. Bounded capacity - The queue has a finite length of n messages - Sender must wait if the link is full 3. Unbounded capacity - The queue s length is potentially infinite - Sender never waits 56
Examples of IPC Systems: POSIX POSIX Shared Memory Process first creates shared memory segment segment id = shmget(ipc PRIVATE, size, S IRUSR S IWUSR); Process wanting access to that shared memory must attach to it shared memory = (char *) shmat(id, NULL, 0); Now the process could write to the shared memory sprintf(shared memory, "Writing to shared memory"); When done a process can detach the shared memory from its address space shmdt(shared memory); 57
Examples of IPC Systems: Mach Mach communication is message based Even system calls are messages Each task gets two mailboxes at creation- Kernel and Notify Only three system calls needed for message transfer msg_send(), msg_receive(), msg_rpc() Mailboxes needed for commuication, created via port_allocate() 58
Examples of IPC Systems: Windows XP Message-passing centric via local procedure call (LPC) facility Only works between processes on the same system Uses ports (like mailboxes) to establish and maintain communication channels Communication works as follows: The client opens a handle to the subsystem s connection port object The client sends a connection request The server creates two private communication ports and returns the handle to one of them to the client The client and server use the corresponding port handle to send messages or callbacks and to listen for replies 59
Local Procedure Calls in Windows XP 60
Roadmap of Chapter 5 Notion of Process and Thread Data Structures Used to Manage Processes Ways in Which the OS Uses These Data Structures to Control Process Execution Process Scheduling Interprocess Communication (IPC) Communication in Client-Server Systems 61
Communications in Client-Server Systems The techniques of shared memory and message passing can also be used for communication in a client-server systems Additional techniques for communication in client-server systems Sockets Remote Procedure Calls Remote Method Invocation (Java) 62
Sockets and Socket Communication A socket is defined as an endpoint for communication Concatenation of IP address and port The socket 161.25.19.8:1625 refers to port 1625 on host 161.25.19.8 Communication consists between a pair of sockets 63
Remote Procedure Calls (RPC) An RPC abstracts procedure calls between processes on networked systems Stubs client-side proxy for the actual procedure on the server The client-side stub locates the server and marshalls the parameters The server-side stub receives this message, unpacks the marshalled parameters, and peforms the procedure on the server 64
Remote Method Invocation Remote Method Invocation (RMI) is a Java mechanism similar to RPCs RMI allows a Java program on one machine to invoke a method on a remote object 65
Literature Silberschatz, Galvin, Gagne Operating System Concepts, 8 th Edition John Wiley and Sons, 2009 Andrew Tanenbaum Modern Operating Systems William Stallings Operating Systems 66