# CSE 451: Operating Systems Autumn 2009

Module 2
Architectural Support for Operating Systems

Ed Lazowska lazowska@cs.washington.edu 570 Allen Center













- doubled every 3+ years
- 25% improvement each year
- factor of 10 every decade
- Still exponential, but far less rapid than processor performance
- Disk capacity since 1990
  - doubling every 12 months
  - 100% improvement each year
  - factor of 1000 every decade
  - 10x as fast as processor performance!

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorian

- Only a few years ago, we purchased disks by the megabyte (and it hurt!)
- Today, 1 GB (a billion bytes) costs \$1 \$0.50 \$0.25 from Dell (except you have to buy in increments of 40 80 250 GB)
  - => 1 TB costs \$1K \$500 \$250, 1 PB costs \$1M \$500K \$250K

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

#### Newly arrived, and coming soon...

- Solid state storage (SSD)
  - promises 10,000 100,000 random IOs per second
  - 700 MB/s transfer rates
  - still costly, but quickly riding Moore's law
    - \$5-10 per GB, compared to hard drives \$0.10 per GB
- Phase-change memory (PRAM)
  - promises speed of DRAM, but non-volatile
  - still experimental, though early product shipping

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

#### · Optical bandwidth today

- Doubling every 9 months
- 150% improvement each year
- Factor of 10,000 every decade
- 10x as fast as disk capacity!
- 100x as fast as processor performance!!

#### What are some of the implications of these trends?

 Just one example: We have always designed systems so that they "spend" processing power in order to save "scarce" storage and bandwidth!

9/30/2009

9

© 2009 Gribble, Lazowska, Levy, Zahorjan













# Lower-level architecture affects the OS even more dramatically

- The operating system supports sharing and protection
  - multiple applications can run concurrently, sharing resources
  - a buggy or malicious application can't nail other applications or the system
- There are many approaches to achieving this
- The architecture determines which approaches are viable (reasonably efficient, or even possible)
  - includes instruction set (synchronization, I/O, ...)
  - also hardware components like MMU or DMA controllers

9/30/2009 © 2009 Gribble, Lazowska, Levy, Zahorjan 17

- Architectural support can vastly simplify (or complicate!) OS tasks
  - e.g.: early PC operating systems (DOS, MacOS) lacked support for virtual memory, in part because at that time PCs lacked necessary hardware support
    - Apollo workstation used two CPUs as a bandaid for nonrestartable instructions!
  - Until very recently, Intel-based PCs still lacked support for 64-bit addressing (which has been available for a decade on other platforms: MIPS, Alpha, IBM, etc...)
    - changing rapidly due to AMD's 64-bit architecture

9/30/2009 © 2009 Gribble, Lazowska, Levy, Zahorjan

## Architectural features affecting OS's

- These features were built primarily to support OS's:
  - timer (clock) operation
  - synchronization instructions (e.g., atomic test-and-set)
  - memory protection
  - I/O control operations
  - interrupts and exceptions
  - protected modes of execution (kernel vs. user)
  - privileged instructions
  - system calls (and software interrupts)

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

## Privileged/Protected instructions

- · some instructions are restricted to the OS
  - known as protected or privileged instructions
- . e.g., only the OS can:
  - directly access I/O devices (disks, network cards)
    - why?
  - manipulate memory state management
  - page table pointers, TLB loads, etc.
  - why?
  - manipulate special 'mode bits'
    - · interrupt priority level
  - why?
  - halt instruction
    - · why?

9/30/2009

19

21

© 2009 Gribble, Lazowska, Levy, Zahorian

20

22

24

## OS protection

- So how does the processor know if a privileged instruction should be executed?
  - the architecture must support at least two modes of operation; kernel mode and user mode
  - mode is set by status bit in a protected processor register
    - user programs execute in user mode
    - OS executes in kernel mode (OS == kernel)
- Privileged instructions can only be executed in kernel mode
  - what happens if user mode attempts to execute a privileged instruction?

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

# Crossing protection boundaries

- So how do user programs do something privileged?
  - e.g., how can you write to a disk if you can't execute I/O instructions?
- User programs must call an OS procedure
  - OS defines a sequence of system calls
  - how does the user-mode to kernel-mode transition happen?
- There must be a system call instruction, which:
  - causes an exception (throws a software interrupt), which vectors to a kernel handler
  - passes a parameter indicating which system call to invoke
  - saves caller's state (registers, mode bit) so they can be restored
  - OS must verify caller's parameters (e.g., pointers)
  - must be a way to return to user mode once done

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

#### A kernel crossing illustrated Firefox: read(int fileDescriptor, void \*buffer, int numBytes) package arguments trap to kernel mode user mode kernel mode restore app state, return to trap handler user mode. save registers resume find sys\_read() handler in vector table sys\_read() kernel routine 9/30/2009 © 2009 Gribble, Lazowska, Levy, Zahorjan 23

## System call issues

- What would happen if kernel didn't save state?
- Why must the kernel verify arguments?
- How can you reference kernel objects as arguments or results to/from system calls?

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

## Memory protection

- OS must protect user programs from each other
   maliciousness, ineptitude
- · OS must also protect itself from user programs
  - integrity and security
  - what about protecting user programs from OS?
- Simplest scheme: base and limit registers
  - are these protected?



### More sophisticated memory protection

- · coming later in the course
- · paging, segmentation, virtual memory
  - page tables, page table pointers
  - translation lookaside buffers (TLBs)
  - page fault handling

9/30/2009 © 2009 Gribble, Lazowska, Levy, Zahorjan

### OS control flow

- After the OS has booted, all entry to the kernel happens as the result of an event
  - event immediately stops current execution
  - changes mode to kernel mode, event handler is called
- · Kernel defines handlers for each event type
  - specific types are defined by the architecture
    - e.g.: timer event, I/O interrupt, system call trap
  - when the processor receives an event of a given type, it
    - transfers control to handler within the OS
    - handler saves program state (PC, regs, etc.)
    - handler functionality is invoked
    - handler restores program state, returns to program

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

### Interrupts and exceptions

- Two main types of events: interrupts and exceptions
  - exceptions are caused by software executing instructions
    - e.g., the x86 'int' instruction
    - e.g., a page fault, or an attempted write to a read-only page
    - an expected exception is a "trap", unexpected is a "fault"
  - interrupts are caused by hardware devices
    - e.g., device finishes I/O
    - e.g., timer fires

9/30/2009

27

29

© 2009 Gribble, Lazowska, Levy, Zahorjan

28

30

## I/O control

- · Issues:
  - how does the kernel start an I/O?
    - special I/O instructions
    - memory-mapped I/O
  - how does the kernel notice an I/O has finished?
    - polling
    - Interrupts
  - how does the kernel exchange data with an I/O device?
    - Programmed I/O (PIO)
    - Direct Memory Access (DMA)

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

## Asynchronous I/O

- Interrupts are the basis for asynchronous I/O
  - device performs an operation asynchronously to CPU
  - device sends an interrupt signal on bus when done
  - in memory, a vector table contains list of addresses of kernel routines to handle various interrupt types
    - who populates the vector table, and when?
  - CPU switches to address indicated by vector index specified by interrupt signal
- What's the advantage of asynchronous I/O?

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

#### Timers

- How can the OS prevent runaway user programs from hogging the CPU (infinite loops?)
  - use a hardware timer that generates a periodic interrupt
  - before it transfers to a user program, the OS loads the timer with a time to interrupt
    - "quantum" how big should it be set?
  - when timer fires, an interrupt transfers control back to OS
    - · at which point OS must decide which program to schedule next
    - · very interesting policy question: we'll dedicate a class to it
- Should the timer be privileged?
  - for reading or for writing?

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorian

31

33

## Synchronization

- · Interrupts cause a wrinkle:
  - may occur any time, causing code to execute that interferes with code that was interrupted
  - OS must be able to synchronize concurrent processes
- · Synchronization:
  - guarantee that short instruction sequences (e.g., readmodify-write) execute atomically
  - one method: turn off interrupts before the sequence, execute it, then re-enable interrupts
    - · architecture must support disabling interrupts
  - another method: have special complex atomic instructions
    - · read-modify-write
    - · test-and-set
    - · load-linked store-conditional

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorian

32

34

## "Concurrent programming"

- Management of concurrency and asynchronous events is biggest difference between "systems programming" and "traditional application programming"
  - modern "event-oriented" application programming is a middle ground
- Arises from the architecture
  - Can be sugar-coated, but cannot be totally abstracted away
- Huge intellectual challenge
  - Unlike vulnerabilities due to buffer overruns, which are just sloppy programming

9/30/2009

© 2009 Gribble Lazowska Levy Zahorian

## Architectures are still evolving

- New features are still being introduced to meet modern demands
  - Support for virtual machine monitors
  - Hardware transaction support (to simplify parallel programming)
  - Support for security (encryption, trusted modes)
     Increasingly sophisticated video / graphics

  - Other stuff that hasn't been invented yet...
- In current technology transistors are free CPU makers are looking for new ways to use transistors to make their chips more desirable
- Intel's big challenge: finding applications that require new hardware support, so that you will want to upgrade to a new computer to run them

9/30/2009

© 2009 Gribble Lazowska Levy Zahorian

# Some questions

- Why wouldn't you want a user program to be able to access an I/O device (e.g., the disk) directly?
- OK, so what keeps this from happening? What prevents user programs from directly accessing the
- So, how does a user program cause disk I/O to
- What prevents a user program from scribbling on the memory of another user program?
- What prevents a user program from scribbling on the memory of the operating system?
- What prevents a user program from running away with the CPU?

9/30/2009

© 2009 Gribble, Lazowska, Levy, Zahorjan

35