Operating systems (OS) are the computer's cast and crew, serving as a liaison between running code and hardware devices while facilitating high-level services for users and software. Starting with the bootstrap process that loads the kernel, the OS sets up shop and takes control of a computer's memory, storage, and devices. The initial startup code usually resides on a read-only memory chip (ROM) or an electronically erasable/programmable read-only memory chip (EEPROM) (Silberschatz et al., 2014). These processes vary between platforms, but conceptually, it is similar to a shopkeeper opening up shop, starting up the machinery, and supervising the employees that run the equipment.
Figure 1: The operating system starts
Opening up shop can be compared to the kernel loading. Once it loads, it supervises all other processes, much like the leader of a company. All other services utilize these basic components (storage, memory, and devices) using the kernel (Silberschatz et al., 2014).
User Interface
Most operating systems have a user interface, which is either command-line or graphical by nature. Users are presented with mechanisms to start programs by either typing them into the command line or using the graphical user interface (GUI) to activate them. When a program starts up, the operating system protects it from other processes. It provides services so that the program can access system devices without dealing with device-specific code (Silberschatz et al., 2014). For example, if a program needs to print, the programmer does not need to write code to talk to the printer. Instead, the program can use an operating system service to talk directly to the printer. Programs that error out are detected by the kernel so that they do not run amok and corrupt other processes. This helps keep the computer operational in the event of a software failure.
Processes
A process is a program that is executing. It contains more than just the program instructions or text section of the code. It includes a process control block, which contains information about the running process, such as the program counter, the registers, and the process state (Silberschatz et al., 2014). The state is a description of how far the process has progressed. It can be 'new' for processes that are just starting up, 'ready' for processes waiting to run, 'running' for processes that are executing, 'waiting' for processes that are waiting for a long operation such as I/O, and 'terminated' for processes that have ended.
Single- and Multi-threading
In a single-threaded environment, one process runs at a time, while all other processes wait. If a long wait occurs for I/O, the program and execution is idle until the I/O completes. It leaves the processor idle for many cycles when it could be doing other work.
In a multi-threaded architecture, multiple processes can run at the same time. This has limits, though, because system or kernel threads can block user threads. This means that when a user thread makes a system call, it can block. One strategy is to have many user threads assigned to a single kernel thread. Each thread can run freely with the others until a system call is made. During the system call, all user threads block. A better strategy is to spin up one kernel thread per user thread. If a user thread makes a system call, it does not block other threads. Programmers must be cautious not to create too many threads in this environment for performance concerns. The best methodology involves allowing many user threads and many kernel threads without a relationship between the two. When a user thread makes a system call, there it can use an available kernel thread. This allows the programmer to create as many threads as needed without worry that too many kernel threads will overload the system.
Critical Section Problem
Another issue that causes performance degradation exists. If multiple programs are running, and they all arrive at a part of the program that blocks, such as writing to disk, conflicts can arise, and performance can degrade. It is known as the Critical Section Problem (Silberschatz et al., 2014). Ideally, the programs would not reach this section at the same time, but it can happen. One software solution, known as the Peterson Solution, is to create a variable and array that act as a toggle (Silberschatz et al., 2014).
One process checks the toggle and waits for its turn when it reaches the critical section. If the other process is executing its critical section, the toggle will tell the other program to wait. Once the first program finishes with its critical section, it switches the toggle back off. That signals the second process to flip the toggle and perform its critical section.
Memory Management
Computer memory can be thought of as a series of small boxes, each with a unique address. The operating system must manage memory for use in storing programs and data. When the operating system allocates memory, it does so by assigning a base and a limit to a given process (Silberschatz et al., 2014). Any requests made by that process to access memory are checked against the base and limit to ensure that one process does not access another process's memory.
Figure 3: Incoming memory requests are bounds-checked
To accomplish this check, each memory access is tested. The operating system checks to see if the address is lower than the base address for the process or higher than the limit assigned to the process. If it is out of range, it is trapped by the operating system as invalid memory access.
Each process does not need to know about its physical address. It sends requests for memory with an address that starts at zero. The operating system tracks the base and limit for each running process. The addresses that are requested by the process are translated to the physical address by adding the base to their value (Silberschatz et al., 2014).
Virtual Memory
A computer is limited to running programs that use the computer's physical amount of memory or less. Virtual memory is a way to expand that number so that a program can use more memory than the computer's physical memory (Yao et al., 2016). It is done by allocating space on the disk. When more memory is needed than is available in physical RAM, the operating system will copy memory pages out to disk and bring in the requested pages. The program does not need to be aware of this swapping; the operating system handles it using virtual memory management (Silberschatz et al., 2014).
File Systems
The main objectives of a file system are storing, retrieving, and protecting data. Data is stored in files of many types, including word processing documents, spreadsheets, databases, and many other types. Files can also store executable program code, as well as the operating system. The operating system must enable the user to create, update, and backup files. Many operating systems, such as Windows, allow for file security, allowing the user to decide which other users can see or update secured files.
The reliability of file systems can be increased by the system in several ways. When writes are done, extra information is stored to be used when the data is read back to verify that the data remained intact. It is known as ECC (Silberschatz et al., 2014). Backup can be used to protect against hardware or software failures, or user errors.
The reliability of file storage is a key objective of file systems. Users need to be certain that the data will be available tomorrow and beyond. The use of ECC helps, but what if a disk drive fails? RAID systems can bolster reliability in this area by writing data and parity bits on multiple disk drives. With certain types of RAID protection, one or two drives can fail, and no data will be lost (Silberschatz et al., 2014).
The performance of file systems can be measured by hardware characteristics, such as latency and seek time. The speed of access is also affected by disk scheduling. When many processes request data from the file system, the operating system must service the requests. The way that multiple requests are scheduled can make the difference between a performant system and a too slow system. There are four main disk scheduling strategies described here.
Files can be stored in various ways in a file system. The single-level method stores all files in a single list or directory. Every file on the system must have a unique name. Two-level structures allow the creation of folders inside the main directory, but no further nesting is allowed. This allows multiple files to have the same name if they are in different folders. Tree-tiered structures allow folders to be created inside of other folders. It means that nesting can be used to organize files into groups further. Any two files can have the same name if they are in different folders. Acyclic graph folder structures are like tree-tiered in that they allow folders to be created inside of other folders. They can also mount folders inside other folders so that a file can appear to be in multiple places at once. It allows multiple groupings of files beyond just a single directory structure.
Figure 4: Directory A is accessible from inside of Directory B in an acyclic graph
Security and Protection
The goals of computer security are numerous, primarily because humans have not completely evolved past breaking the rules and corrupting formalized systems. Protecting computer systems and information from crime and mischief is critical to the continued operation of any system that uses computers (Landwehr, 2001). It is not enough to make rules; they must be enforced from the ground up. It means that people and programs must be made to follow the rules. Enforcement of rules or policies is the main goal of the protection of any computer system, and all rules and efforts follow from the policy enforcement goal. It is important for a security system to be flexible so that policy is separated from mechanism (Silberschatz et al., 2014). In other words, the enforcement should be customizable to fit the policies of any organization. Policies are the chief mechanism for distinguishing authorized from unauthorized actions.
The best efforts to secure computer systems have followed some guiding principles along the way—first, the principle of Least Privilege. The least privilege principle means that any process, procedure, or user should have just enough authority to do its job (Silberschatz et al., 2014). It is similar to hiring a contractor to landscape your backyard. The contractor will be given the keys to the back yard, but there is no need to give him the keys to the house and cars. If you did, and he turned out to be a bad guy, he could damage much more than your backyard. Another guiding principle is the Need to Know principle. Processes, procedures, and users should only have the information they need to fulfill their tasks (Silberschatz et al., 2014). It is similar to paying your bill at the grocery store. You use your card or checkbook to pay, but you wouldn't tell the teller your PIN. If you give them your PIN, there are possibilities you could be robbed. These two principles work to limit a system's exposure to threats, also known as the attack surface (Silberschatz et al., 2014).
One way to organize the allowed actions of programs, processes, and users is with a domain access matrix.
Figure 5: A domain access matrix: one row per domain, one column per object
An access matrix is a lookup table that has a row for each domain and a column for each resource (Silberschatz et al., 2014). When a process is authorized to access a resource, its domain is checked to ensure that the resource is authorized for the type of action. If it is not, the process might need to switch to a domain with higher privilege temporarily. A domain access list is a company's policies encoded in a worksheet.
Summary
The topics covered gave me a solid understanding of the purpose and function of an operating system, from the ground up. Working on computer systems in the field, no matter the task, will involve an operating system, so it makes sense to embrace the knowledge. It will be utilized in many fields, including technical support, programming, system design, and network architecture. In my current field, the increased awareness of operating systems has opened my eyes to the key differences between the IBM i and other operating systems, and this is valuable when creating solutions that integrate multiple platforms.
References
Landwehr, C. E. (2001). Computer security. International Journal of Information Security, 1(1), 3. https://doi-org.proxy-library.ashford.edu/10.1007/s102070100003
Silberschatz, A., Galvin, P. B., & Gagne, G. (2014). Operating system concepts essentials (2nd ed.). Retrieved from https://redshelf.com/
Yao, G., Pellizzoni, R., Bak, S., Yun, H., & Caccamo, M. (2016). Global Real-Time Memory-Centric Scheduling for Multicore Systems. IEEE Transactions on Computers, 65(9), 2739.
