1.4.3 Timer

 We must ensuire that the operating system maintains control over the CPU. We cannot allow a user program to get stuck in an  infinite loop or to fail to call system services and never return control to the operating system. To accomplish the goal, we can use a timer. A timer can be set to interrupt the computert after a specifed period. The period may be fixed (for example, 1/60 second) or variable (for example, from 1 millisecond to 1 second). A variable timer is generally implemented by a fixed-rate clock and a counter. The operating system sets the counter. Every time the clock ticks, the counter is decremented. When the counter reaches 0, an interrupts at intervals from 1 millisecond to 1,024 millisecond clock allows interrupts at intervals from 1 millisecond to 1,024 milliseconds, in steps of 1 millisecond.

Before turning over control to the user, the operating system ensures that the timer is set to interrupt. If the timer interrupts, control transfers automatically to the operating system, which may treat the interrupt as a fatal error or may give the program more time. Clearly, instructions that modify the content of the timer are privileged.

1.4.2 Dual-Mode and Multimode Operation

 Since the operating system and its users share the hardware and sofware resources of the computer system, a properly designed opoerating system must ensure that an incorrect (or malicious) program cannot cause other programs-or the operating system itself-to execute incorrectly. In order to ensure the proper execution of the system, we must be able to distinuish between the execution of operating-system code and user-defined code. The approach taken by most computer systems is to provide hardware support that allows differentiation among various modes of execution.

At the vary least, we need two separate modes of operating; user mode and kernel mode(also called supervisor mode, system mode, or privileged mode). A bit, called the mode bit, is added to the hardware of the computer to indicate the current mode; kernel(0) or user(1). With the mode bit, we can distinguish between a task that is executed on behalf of the operating system and one that is executed on behalf of the user. When the computer system is executing on behalf of a user application, the system is in user mode. However, when a user application requests a service from the operating system(via a system call), the system must transition from user to kernel mode to fulfill the request. This is shown in Figure 1.13. As we shall see, this architectural enhancement is useful for many other aspects of system operation as well.

At system boot time, the hardeare starts in kernel mode. The operating system is then loaded and starts user applications in user mode. Whenever a trap or interrupt occurs, the hardware switches from user mode to kernel mode(that is, changes the state of the mode bit to 0). Thus, whenever the operating system gains control of the computer, it is in kernel mode. The system always switches to user mode(by setting the mode bitg to 1)before passing control to a user program.

The dual mode of operation provides us with the means for protecting the operating system from errant users-and errant users from one another. We accomplish this protection by designating  some of the machine instructions that may cause harm as privileged instructions. The hardware allows privileged instructions to be executed only in kernel mode. If an attempt is made to execute a privileged instruction in user mode. the hardware does not execute the instruction but rather treats it as illegal and traps it to the operating system.

The instruction to switch to kernel mode is an example of a privileged instruction. Some other examples incude I/O control. timer management, and interrupt management. Many additional privileged instructions are discussed throughout the text.

The concept of modes can be extended beyond two modes. For example Intel processors have four separate protection rings, where ring 0 is kernel mode and ring 3 is user mode. (Although rings 1 and 2 could be used for various operating-system services, in practice they are rarely used.) ARMv8 systems have seven modes. CPUs that support virtualization (Section 18.1) frequently have a separate mode to indicate when the virtual machine manager(VMM)is in control of the system. In this mode, the VMM has more privileges than user processes but fewer than the kernel. It needts that level of provilege so it can create and manage virtual machines, changing the CPU state to do so.

We can now better understand the  life cycle of instruction execution in a computer system. Initial control resides in the operating system, where instructions are executed in kernel mode. When control is given to a suer application, the mode is set to user mode. Eventually, control is switched back to the operating system via an interrupt, trap, or a system call. Most contem porary operating systems-such as Microsoft Windows, Unix, and Linux-take advantage of this dual0-mode feature and provide greater protection for the operating system.

System calls provide the means for a user program to ask the operating system to perform tasks rewserved for the operating system on the user program's behalf. A system call is invoked in a variety of ways, depending on the functionality provided by the underlying processor. In all forms, it is the method used by a process to request action by the operating system. A system call usually takes the form of a trap to a specific location in the interrupt vector. This trap can be executed by a generic trap instruction, although some systems have a specific syscall inst5ruction to invoke a system call.

When a system call is executed, it is typically treated by the hardware as a software interrupt. Control passes though the interrupt vector to a service rouine in the operating system, and the mode gbit is set to kernel mode. The system-call service routine is a part of  the operating system. The kernel examines the interrupting instruction to determine what system call has occurred; a parameter indicates what type of service the user program is requesting Additional information needed for the request may be passed in registers, on the stack, or in memory (with pointers to the memory locations passed in registers). The kernel verifies that the parameters are correct and legal, executes the request, and returns control to the instruction following the system call. We describe system calls more fully in Section 2.3.

Once hardware protection is in place, it detects errors that violate modes. These errors are normally handled by the operating system. If a user program fails in some way-such as by making an attempt either to execute an illegal instruction or to access memory that is not in the user's address space-than the hardware traps to the operating system. The trap transfers control through the interrupt vector to the operating system. The trap transfers control through the interrupt vector to the operating system, just as an interrupt does. Wehn a program error occurs, the operating system must terminate the program abnormally. This situaltion is handled by the same code as a user-requested abnormal termination. An appropriate error message is given, and the memory of the program may be dumped. The memroy dump is usually written to a file so that the user or programmer can examine it and perhaps conrrect it and restart the program.

1.4.1 Multiprogramming and Multitasking

 One of the most important aspects of operating systems is the ability to run multiple programs, as a single program cannot, in general, keep either the CPU or the I/O devices busy at all times. Furthemore, users typically want to run more than one program at a time as well. Multiprotramming increases CPU utilization, as well as keeping users satisfied, by oranizing programs so that the CPU always has one to execute. In a multiprogrammed system, a program in execution is termed a process.

The idea is as follows: The operaing system keeps several processes in memory simultaneously (Figure 1.12). The operating system picks and begins to execute one of these processes. Eventually, the process may have to wait for some task, such as an I/O operation, to complete. In a non-multiprogrammed system, the CPU would sit idle. In a multiprogrammed system, the operating system simply switches to, and executes, another process. When that process needs to wait, the CPU switches to another process, and so on. Eventurally, the first process finishes waiting and gets the CPU back, As long as at least one process needs to execute, t he CPU is never idle.

This idea is common in other life situations. A lawyer does not work for only one client at a time, for example. While one case is waiting to go to trial or have papers typed, the lawyer can work on another case. If she has enough clients, the lawyer will never be idle for lack of work. (Idle lawyers tend to become politicians, so there is a certain social value in keeping lawyers busy.)

Multitasking is a logical extension of multiprogramming. In multitasking systems, the CPU execute multiple processes by switching among them, but the switches occur frequently, providing the user with a fast response time. Consider that when a process executes, it typically executes for only a short time before it either finishes or needs to perform I/O. I/O may be interactive; that is, output goes to a sidplay for the user, and input comes from a user keyboard, mouse, or touch screen. Since interactive I/O typically runs at "people speeds," it may taske a long time to complete. Input, for example, may be bounded by the user's typing speed; seven characters per secound is fast for people but incredibly slow for computers. Rather than let the CPU sit idle as this interactive input taskes place, the operating system will repidly switch the CPU to another process.

Having serral processes in memory at the same time requires some form of memory management, which we cover in Chapter 9 and Chapter 10. In addition, if serveral processes are ready to run at the same time, the system must choose which process will run next. Making this desicion is CPU scheduling, which is discussed in Chapter 5. Finally, running multiple processes concurrently requires that their ability to affect one another be limited in all phases of the operating system, including process scheduling, disk storage, and memory management. We discuss these considerations throughout the text.

In a multitasking system, the operating system must ensure reasonable response time. A common method for doing so is virtual memroy, a technique that allows the execution of a process that is not completely in memory(Chapter 10). The main advantage of this scheme is that it enables users to run programs that are larger than actural physical memory. Futher, it abstracts main memory into a large, uniform array of storage, separating logical memory as viewed by the user from physical memory. This arragement frees programmers from concern over memory-storage limitations.

Multiprogramming and multitasking system must also provide a file system(Chapter 13, Chapter 13, and Chapter 15). The file system resides on a secondary storage; hence, storage management must be provided(Chapter 11). In addition, a system must protect resources from inappropriate use (Chapter 17). To ensure orderly execution, the system must also provide mechanisms for process synchronization and communication(Chater 6 and Chapter7), and it may ensure that processes do not get stuck in a deadlock, forever waiting for one another(Chapter 8).

1.4 Operating-System Operations

 Now that we have discussed basic information about computer-system organization and architecture, we are ready to talk about operating systems. An operating system provides the environment within which programs are executed. Internally, operating systems vary greatly, since they are organized along many different lines. There are, however, many commonalities, which we consider in this section.

For a computer to start running-for instance, when it is powered up or rebooted-it needs to have an initial program to run. As noted earlier, this initial program, or bootstrap program, tends to be simple. Typically, it is stored within the computer hardware in firmware. It initializes all aspects of the system, from CPU registers to device controllers to memory contents. The bootstrap program must know how to load the operating system and how to start executing that system. To accomplish this goal, the bootstrap program must locate the operating-system kernel and load it into memory.

Once the kernel is loaded an executing, it can start providing services to the system and its users. Some service are provided outside of the kernel by system programs that are loaded into memory at boot time to become system daemons, which run the entire time the kernel is running. In Linux, the first system program is "systemd," and it starts many other daemons. Once this phase is complete, the system if fully booted, and the system waits for some event to occur.

If there are no processes to execute, no I/O devices to service, and no users to whom to respond, an operating system will sit quietly, waiting for something to happen. Events are almost always signaled by the occurrence of an interrupt. In Section 1.2.1 we described hardware interrupts. Another form of interrupt is a trap (or an exception), which is a software-generated interrupt caused either by an error (for example, division by zero or invalid memory access) or by a specific request from a user program that an operating-system service be performed by executing a special operating called a system call.

1.3.3 Clustered Systems

 Another type of multiprocessor system is a clustered system, which gathers together multiple CPUs. Clustered systems differ from the multiprocessor systems described in Section 1.3.2 in that they are composed of two or more individual systems-or nodes-joined together; each node is typically a multicore system. Such systems are considerd loosely coupled. We should note that the definition of clustered is not concrete; many commercial and open source packages wrestle to define what a clustered system is and why one form is better than another. The generally accepted definition is that clustered computers share storage and are closely linked via a local-area network LAN(as described in Chapter 19) or a faster interconnect, such as InfiniBand.

Clustering is usually used to provide high-availability service-that is, service that will continue even if one or more systems in the cluster fail. Generally, we obtain high availability by adding a level of redundancy in the system. A layer of cluster software runs on the cluster nodes. Each node can monitor one or more systems in the cluster fail. Generally, we obtain high availability by adding a level of redundancy in the system. A layer of cluster software runs on the cluster nodes. Each node can monitor one or more of the others (over the network). If the monitored machine fails, the monitoring machine can take ownership of its storage and restart the applications that were running on the failed machine. The users and clients of the applications see only a brief interruption of service. 

High availability provides increased reliability, which is crucial in many applications. The ability to continue providing service proportional to the level of surviving hardware is called graceful degradation. Some systems go beyond graceful degradation and are called fault tolerant, because they can suffer a failure of any to be detected, diagnosed, and, if possible, corrected.

Clustering can be structured asymmetrically or symmetrically. In asymmetric clustering,  one machine is in hot-standby mode while the other is running the applications. The hot-standby host machine does noting but monitor the active server. IOf that server fails, the hot-standby host becomes the active server. In symmetric clustering, two or more hosts are running applications and are monitoring each other. This structure is obviously more efficient, as it uses all of the available hardware. However, it does require that more than one application be available to run.

Since a cluster consists of several computer systems connected via a network, clusters can also be used to provide high-performance computing environments. Such systems can supply significantly greater computational power than single-processor or even SMP systems because they can run an application concurrently on all computers in the cluster. The application must have been written specifically to take advantage of the cluster, however. This involves a technique known as parallelization, which divides a program into separate components that run in parallel on individual cores in a computer or computers in a cluster. Typically, these application are designed so that once each computing node in the cluster has solved its portion of the problem, the results from all the nodes are combined into a final solution.

Other forms of clusters include parallel clusters and clustering over a wide-area network(WAN)(as described in Chapter 19). Parallel clusters allow multiple hosts to access the same data on shared storage. Because most operating systems lack support for simultaneous data access by multiple hosts, parallel clusters usually require the use of special versions of software and special releases of applications. For example, Oracle Real Application Cluster is a version of Oracle's database that has been designed to run on a parallel cluster. Each machine runs Oracle, and a layer of software tracks access to the shared disk. Each machine has full access to all data in the database. To provide this shared access, the system must also supply access control and locking to ensure that no conflicting operations occur. This function, commonly known as a distributed lock manager(DLM), is included in some cluster technology.

Cluster technology is changing rapidly.  Some cluster products support thousands of systems in a cluster, as well as clusted nodes that are separated by miles. Many of these improvements are made posiible by storage-area networks(SANs), as described in Section 11.7.4, which allow many systems to attach to a pool of storage. If the applications and their data are stored on the SAN, then the cluster software can assign the application to run on any host that is attached to the SAN. If the host fails, then any other host can take over. In a databasse cluster, dozens of hosts can share the same database, greatly increasing performance and reliability. Figure 1.11 depicts the general structure of a clustered system.

1.3.2 Multiprocessor Systems

 On modern computers, from mobile devices to servers, multiprocessor systems now dominate the landscape of computing. Traditionally, such systems have two (or more) processors, each with a single-core CPU, The processors share the computer bus and sometimes the clock, memory, and peripheral devices. The primary advantage of multiprocessor systems is increased throughput. That is, by increasing the number of processors, we expect to get more work done in less time. The speed-up ratio with N processors is not N, however; it is less than N. When multiple processors cooperate on a task, a certain amount of overhead is incurred in keeping all the parts working correctly. This overhead, plus contention for shared resources, lowers the expected gain from additional processors.

The most common multiprocessor systems use symmetric multiprocessing(SMP), in which each peer CPU processor performs all tasks, including operating-system functions and user processes. Figure 1.8 illustrates a typical SMP architecture with two processors, each with its ovwn CPU. Notice that each CPU processor has its own set of registers, as well as a private - or local - cache. However, all processors share physical memory over the system bus.

The benefit of this model is that many processes can run simultaneously - N processes can run if there are N CPUs - without causing performance to deteriorate significantly. However, since the CPUs are separate, one may be sitting idle while another is overloaded, resulting in inefficiencies. These inefficiencies can be avoided if the processors share certain data structures. A multiprocessor system of this form will allow processes and resources-such as memory- to be shared dynamically among the various processors and can lower the workload variance among the processors. Such a system must be written carefully, as we shall see in Chapter 5 and Chapter 6.

The definition of multiprocessor has evolved over time and now includes multicore systems, in which multiple computing cores reside on a single chip. Multicore systems can be more efficient than multiple chips with single cores because on-chip communication is faster than between-chip communication.

In addition, one chip with multiple core uses significantly less power than multiple single-core chips, an important issue for mobile device as well as laptops.

In Figure 1.9, we show a dual-core design with two cores on the same processor chip. In this design, each core ahs its own register set, as well as its own local cache, often known as a level 1, or L1, cache. Notice, too, that a level2(L2) cache is local to the chip but is shared byu the two processing cores. Most architectures adopt this approach, combining local and shared caches, where local, lower-level caches are generally smaller and faster than higher-level shared caches. Aside from architectureal considerations, such as cache, memory, and bus contention, a multicore processor with N cores apprears to the operating system as N standard CPUs. This characteristic puts pressure on operating-system designers-and application programmers-to make efficient use of these processing cores, an issue we pursue in Chapter 4. Virtually all modern operating systems-including Windows, macOS, and Linux, as well as Android and iOS mobile systems-support multicore SMP systems.

Adding additional CPUs to a multiprocessor system will increase computing power; however, as suggested earlier, the concept does not scale very well, and once we add too many CPUs, contention for the system bus becomes a bottleneck and performance begins to degrade. An alternative approach is instead to provide each CPU (or group of CPUs) with its own local memory that is accessed via a small, fast local bus. The CPUs are connected by a shared system interconnect, so that all CPUs share one physical address space. This approach-known as non-uniform memory access, or NUMA-is illustrated in Figure 1.10. The advantage is that, when a CPU accesses its local memory, not only is it fast, but there is also no contention over the system interconnect. Thus, NUMA systems can scale more effectively as more processors are added.

Apotential drawback with a NUMA system is increased latency when a CPU must access remote memory across the system interconnect, creating a possible performance penalty. In other words, for example, CPU cannot access the local memory of CPU as quickly as it can access its own local memory, slowing down performance. Operating system can minimize the NUMA penalty through careful CPU scheduling and memory management, as discussed in Section 5.5.2 and Section 10.5.4. Because NUMA system can scale to accommodate a large number of processors, they are becoming increasingly popular on servers as well as high-performance computing systems.

Finally, blad servers are systems in which multiple processor boards, I/O boards, and networking boards are placed in the same chassis. The difference between these and traditional multiprocessor systems is that each bladeprocessor board boots independently and runs its own operating system. Some blade-server boasrds are multiprocessor as well, which blurs the lines between types of computers. In essence, these servers consist of multiple independent multiprocessor systems.

1.3.1 Single-Processor Systems

 Many years ago, most computers systems used a single processor containing one CPU with a single processing core. The core is the component the executes instructions and registers for storing data locally. The one main CPU with its core is capable of executing a general-purpose instruction set, including instructions from processes. These systems have other special-purpose processors as well. They may come in the form of device-specific processors, such as disk, keyboard, and graphics controllers.

All of these special-purpose processors run a limited instruction set and do not urn processes, they are managed by the operating system, in that the operating system sends them information about their next task and monitors their status. For example, a disk-controller microprocessor receives a sequence of requests from the main CPU core and implements its own disk queue and scheduling algorithm. This arrangement relieves the main CPU of the overhead of disk scheduling. PCs contain a microprocessor in the keyboard to convert the keystrokes into codes to be sen5t to the CPU. In other systems or circumstances, special-purpose processors are low-level components built into the hardware. The operating system cannot communicate with these processors; they do their jobs autonomously. The use of special-purpose microprocessor. If there is only one general-purpose CPU with a single processing core, then the system is a single-processor system. According the this definition, however, ver few contemporary computer system are single-processor systems.