CSE 451
Winter 2000
Homework assignment 1 solutions
1.4
- A user
can prevent another user from getting work done by monopolizing a
resource, can make another user’s program fault by modifying its code or
data, or can read or write files belonging to another user.
- We can
ensure the same degree of security by having the operating system
carefully protect resources to make sure that users can’t interfere with
each other, and to protect data so that it can’t be read or written by
other users.
- A
dedicated machine is not necessarily more secure than a time shared
machine, as the security is more dependent on how the machine is managed
than by who is using it. For example, most time- sharing machines have a
dedicated person making sure the computer is working and tracking security
problems. However, a dedicated machine like a PC rarely has that much
attention and if often less secure. Furthermore, operating systems for
dedicated machines typically have much less support for security and
protection. Hence, if another user does get access to the machine, it is
easier to cause problems.
1.5
The main advantage of multi-programming is to take advantage
of points when a computer resource would otherwise be idle by letting a
different program use those resources. This typically happens for the central
processor, which is able to execute other programs when the current programs
blocks waiting for input or output.
1.x
Computer chips today are fast enough that operating systems
for personal computers do not necessarily need to make efficient use of
computer resources. Instead, there are other critical resources today, such as
human managers. For example, it may be more efficient to perform a task
automatically by doing a lot of computation or input/output rather than asking
a human to perform the task, such as
configuring a piece of hardware.
2.1
Spooling really covers deterministic input and output, in
which the program knows that it will have to read or write the data involved.
For example, a batch job that is spooled knows that it will have to read in all
of the code and data it is processing. Prefetching, though, is more
speculative. It can be done without knowing whether or not the program will
ever need the data being fetched. The goal is different also: prefetching takes
advantage of the high startup cost of input, and the low additional cost of
reading the next byte. Finally, prefetching can be done while the program is
running on every input operation, whereas spooling only applies to input that
is known when the program starts. If the program happens to decide it needs to
access a few more files, spooling doesn’t help but prefetching does.
2.3
A trap is software initiated, either by executing a TRAP
instruction (or SYSCALL or INT instruction, depending on the processor architecture),
or by performing an illegal operation, such as division by zero or accessing an
invalid memory location. An interrupt may be either hardware or software
generated. A hardware interrupt is generated external to the processor by a
separate device such as a clock chip, hard disk, or network card. A software
interrupt is an explicit trap, such as a system call.
2.8
- Change
to user mode – this can be allowed, as all user code already runs in user
mode.
- Change
to monitor mode – this must be protected, as user code running in monitor
mode can access data that is private to other users.
- Read
from monitor memory – this must be protected, as monitor memory may
contain private information such as data belonging to other users. Files
on disk are often stored temporarily in monitor memory, as are passwords.
- Write
into monitor memory – this must be protected, as other user’s programs
could be corrupted as could operating system structures that, if modified,
could cause the machine to crash.
- Fetch
an instruction from monitor memory – this must be protected, as it could
be used to fetch instructions from a region of memory that is actually
data. By looking at the changes in the processor state (registers,
condition flags), a user could find out the contents of that data and
potentially learn secrets such as passwords.
- Turn
on timer interrupts – this can be allowed, as for all user programs it is
already enabled.
- Turn
off timer interrupts – this must be protected, as otherwise a user program
could execute forever and prevent either the operating system or other
programs from ever executing.
2.10
- Generating
a trap when an invalid memory location is accessed
- Virtual
memory, which allows each program to execute in its own address space
- Kernel/user
address spaces separation, which allows the kernel to have data structures
that aren’t accessible to user code.
3.6
In this question, user level programs only have access to
the user-level features of the processor. It is assumed that devices could be
mapped in to the user address space.
- File
systems- The file system allow the user to read and write files from the
disk without having to keep track of how the data is organized and where
on disk it is stored. This could be performed by user-level code, and
database programs often do that. However, two user-level programs can’t
share the file system.
- Virtual
memory – The operating system provides an abstraction of a large address
space to each program executing. Thus, the program need not be aware in
advance of what memory addresses are available and can assume that certain
pieces of code are in certain locations. This can’t be performed by the
application, as it requires handling memory access traps (page faults).
- Processor
scheduling – The operating decides what programs to run at a certain time
and prevents run-away programs from using the CPU exclusively. This can’t
be performed by normal programs, as they can’t interrupt other programs to
do a context switch.
- Input/output
control – The operating system provides a simple interface for talking to
i/o devices, such as network interfaces, monitors, and keyboards. This
could be done by user-level code, but at the cost of not protecting
multiple programs from interfering.
- Communication
– The operating system allows multiple processes to communicate despite
the protection barriers. This can’t be done by user programs, as they
don’t have the barriers to communicate through (see the answer for virtual
memory).
- Error
detection – The operating system watches for faults in the hardware, and will
halt the computer if that occurs. This can’t be done at user level, as
user programs aren’t aware of hardware failures such as memory corruption.
3.7
The purpose of system calls is to allow user programs to
request the operating system to perform a task on its behalf, such as
allocating memory, communicating with another program, or communication with an
i/o device. The system call mechanism is a controlled method for control of the
computer to switch from the user code to operating system code such that user
code completely loses control.
3.10
The benefits of virtual machines to the user are several:
- They
allow applications written for another processor architecture to be
executed, allowing a wider variety of applications
- They
allow isolation from other user’s of the computer, so that the user can
run a different operating system altogether than other users
- They
allow a large machine, with many processors, to be divided into a large
number of virtual machines with a smaller number of processors. This allows
each user to run programs intended for a smaller machine and to isolate
the impact of having multiple users, such as by guaranteeing each virtual
machine a certain amount of CPU time.
The benefits of virtual machines to the operating system
designer are:
- They
allow running programs not meant to run on a machine with large number of
processors to execute. For example, many copies of an operating system
meant for a 2 processor machine could be run on a 128 processor machine.
- They
allow faults to be isolated, by using the virtual machine to move system
resources to work around the failures.
- They
allow concurrent development and execution of an operating system, by
doing the design work in one virtual machine and executing it in another
virtual machine.