cs111-eggert


CS111: Operating System Principles (Paul Eggert)

http://web.cs.ucla.edu/classes/winter16/cs111

=============
Jan. 6, 2016
=============

A bit more OS philosophy
-------------------------

tradeoffs
scaling
  these issues are not inherently new, occur in traditional systems
  been with us for a long time already

complexity
  new to our entineering operating systems
  getting worse with time 

inconsmemorate scaling

Moore's Law (transistors, #bits/chip)
--------------------------------------
exponential growth
but looking at the most recent dots, the exponential growth seems to tail off
the graph [!] talks only about the economic sweet spot (mass produced chips)

Kryder's Law (secondary storage capacity, bytes/drive)
-------------------------------------------------------
disk size per unit price grows (0.0001TB -> 4TB)
how about avg seek time?
we are not good at making fast machines as we are with making complex objects

Why exponential growth?
------------------------
UNIVAC I (hand designed, slow, safe)
  used this to design UNIVAC II

d(technology)/dt = K * technology (current)
Thus according to this bogus argument
technology is an exponential function of time


How not to do an OS
--------------------

Why not to use an OS
---------------------
- simplicity
- performance
    speed
    memory
- reliability
    as a consequence of simplicity
- security
    paranoia


Application: Word Processor
----------------------------
count of words in an ASCII text file
all bytes in range '\001' - '\177'

~ 10 year old desktop
Core 13-4160 (3 MiB cache, 3.6 GHz)
4GiB dual channel DDR3, 1600 MUSDRAM
1TB hard drive, SAIA, 2700
Intel 4400 graphics

assume file is in congiguous array of sectors
traditional disk drive with 512 byte each sector

running an old BIOS (Basic Input Output System)
  where's the program
  where's the data (file)

  BIOS
  -----
  cycling power -> CPU resets, clears the RAM and cache
    bootstrapping problem

      ip = 0xffff0 (2^20 - 16)
                                                                  Physical RAM
      0                                                                    4GB
      +---+---+--------------------------------------------------------------+
      | * | * |                                                              |
      +-|-+-|-+--------------------------------------------------------------+
        |   +---> 0xffff0
        +---------------------> EEPROM region <- hardwired by manufactured
                            electronic erasable programmable read-only memory
                            +---> non-volatile memory

      word count program is on disk, we need to read it into RAM to execute it

      in EEPROM we give location on disk and size of WC + loading program
      after loading we jump to its loaded location on RAM

      conventional desktop: read-only constants on EEPROM
                            manufactures will specify location where they will
                            run the programs and the size they will run

      convention

      +---+-------------------------------------------------------------------+
      |   |                                                                   |
      +-|-+-------------------------------------------------------------------+
        |
        |
        |
        +-+--> 1st sector Master Boot Record (MBR)            partition table
          |                                                              |
          |  +-------------------------------------------------------+---|--+-+
          +> |                       x86 code                        |  64  |*|
             +-------------------------------------------------------+------+|+
                                    446 bytes                                |
                                                                         0xAA55
              copy this sector to 0x7c00

        do hardware sanity check
        checks for devices (CPU is attached via bus to many devices)
        looks for 1st device with MBR
          how to differentiate with random data and MBR
             last two bytes of MBR has: 0x55 0xAA
             still a chance to find non-MBR with same pattern
             put MBR before all devices to eliminate this option


        partition table

        +---------------------------------------------+----+----+----+----+---+
        |                                             |                   |   |
        +---------------------------------------------+-|--+----+----+----+---+
                           446 bytes                    |    64 bytes       2
                                                        |
                                                       32-bit
                                                       type byte/bootable
                                                       size of partitions
                                                       origin

        +---+-----------------------------------------------------------------+
      +-->  |                                                                 |
      | +---+-----------------------------------------------------------------+
      |   origin + size
      |
      +-- 0 (MBR)
          
          chain loading

          firmware -> MBR ---------> VBR---------> kernel -> run many programs
                  OS-agnostic    OS-specific        many
                                                   sectors
      

    subroutine to read data from disk (omit error checking due to time problem)

      void read_ide_sector(int sector_no, char *address_into)
                            4 byte         4 byte                 (x86 mode)
      {
        // 0x1f7: status register
        //       +-+-+-+-+-+-+-+-+
        //       |0|1| | | | | | |
        //       +-+-+-+-+-+-+-+-+
        //        +---------------------> this pattern '01' means ready
        //
        
        while ((inb(0xif7) & 0xc0) != 0x40)
          continue;
        
        outb(0x1f2, 1);
        outb(0x1f3, sector_no);              // outputs low order 8 bits
        outb(0x1f4, sector_no >> 8);
        outb(0x1f5, sector_no >> 16);
        outb(0x1f6, sector_no >> 24);
        outb(0x1f7, 0x20);

        while((inb(0x1f7) & 0x20) != 0x40)
          continue;                          // wait

        insl(0x1f0, address_into, 128);      // 128 = 512/sizeof(int)
      }

      'inb' subroutine: CPU send signal to disk controller via bus
                        disk controller sends back data from disk
                        retrieve address 'a' (bus address) from disk

                        this instruction is slow because signals travel on bus


      static inline inb(int a)
      {
        asm("...");
      }

        1f0: actual data
        1f2: sector count
        1f3: low order byte
        1f4: sector number
        1f5
        1f6: high order byte
        1f7: write : issue command
             read  : returns status
        
        +------------+----------+--------------+------+
        | status/cmd | sector # | sector count | data |
        +------------+----------+--------------+------+
             1f7      1f6 ~ 1f3       1f2      1f1 ~ 1f0


    where to put this subroutine?

      compile and put into RAM
      copy and put in firmware (BIOS) at 0xffff07
      copy into MBR at 0x7c21
      copy into WC program

        problem: have 3 copies of the same code
        keep in firmware (BIOS) and discard the others
      
      nowadays we keep the copies since memory is not that of an issue


==============
Jan. 11, 2016
==============

To output to screen, we use memory-mapped I/O, not programmed I/O (PIO)

Use movb to move byte to particular region in memory to display on screen

      +----+---+-------------------------+
movb  |    | * |                         |
      +----+-|-+-------------------------+
             |
             +----> not RAM in ordinary sense, but displayed

display CPU: read bytes from display RAM and display on screen (60 times/sec)

screen = 80 x 25 grid of chars

0xb8000
        4000 bytes
         
         |<------ 80 ------>|
         +------------------+ -+
         |          +--+    |  |
         |      +-> |  |    |  25
         |      |   +--+    |  |
         +------|-----------+ -+
                |
                |
               16 bits to represent
               low order 8 bits in ASCII
               high order bits, graphical appearance

want grey on black (7 in higher bits)

void output_to_screen(long n)
{
  short *p = (short *)0xb8000 + (80*25/2 - 80/2);
  do {
    *p-- = (7 << 8) | (n % 10 + '0');
    n /= 10;
  } while (n != 0);
}

run the program

void main(void)
{
  int s = 1000; // choose arbitrary sector to read from
                // '\0' = 0, means EOF
  long nwords = 0;
  bool inword = 0;
  char buf[512];

  for (;;) {
    read_ide_sector(s++, buf);
    for (int j = 0; j < sizeof(buf); j++) {
      if (!buf[j])
        done(nwords);
      bool isletter = ((buf[j] >= 'a' && buf[j] <= 'z') ||
                       (buf[j] >= 'A' && buf[j] <= 'Z'));
      nwords += isletter & ~inword; // 1 if and only if at start of word
      inword = isletter;
    }
  }
}

void done(long nwords) {
  output_to_screen(nwords);
  halt();
}

Issues in this program
-----------------------
(1) we are getting data inefficiently from disk
    we transfer data from disk controller to CPU then from CPU to RAM
    we would like to copy data directly from disk controller to RAM

      Could use DMA (directory memory access)

                 +-----+
                 | CPU |
                 +-----+
    ============================================  BUS
        +-----+          +-----------------+
        | RAM |          | Disk Controller |
        +-----+          +-----------------+

    catch: CPU must ask the controller 'done yet?'
           CPU can be notified somehow


Crypto App, lots of CPU
------------------------          0     1     2      |    0  1  2  3
           I/O                   ---   ---   ---     |   ------------
(wait for disk to become ready)                      |
                                     0     1     2   |       0  1  2  3
          ECC                       ---   ---   ---  |      ------------
                                                     |
time ------------------------------------------------|-------------------------->
                                                     |   double buffering

want to utilize CPU better, use double buffering
could use multitasking and run I/O in parallel

How to scale up these programs
-------------------------------
* fancier performance tricks without rewriting apps
* multitasking


Modularity
-----------
split up program into pieces so that each piece becomes more manageable
cost of maintaining a module of N lines of code is O(N^2)


How do you measure quality of modularity & abstraction in an OS?
-----------------------------------------------------------------
Simplicity      ease of use
                ease of learning
                short manual for the OS

Robustness      tolerance of errors, large inputs
                under harsh conditions, should still work

Performance     modularity is going cost some performance
                have to build module interfaces (design cost)
                costs when jumping between modules at runtime
                minor costs are inevitable
                major costs are avoidable


Flexibility
Lack of assumptions
Neutrality

  Unix/Linux: '\n' is not a special case in a file


Designing an interface for reading a line from input
-----------------------------------------------------
read a line from the input

1. char *readline(FILE *f)

    BAD DESIGN for an OS
    ---------------------
    1. Performance  unbounded work - may take forever for big lines
                    unbatched work - overhead for small lines
    2. Robustness   apps crash with big lines
    3. Neutrality   forces line ending convention
    4. Simplicity   good simplicity :)


2. size_t read(int fd, void *buf, size_t bufsize)

    int return value for indicating error values or failures
      -> ssize_t (64-bit long) for number bytes read, -1 for all errors

    bufsize for not assuming 512 byte sector, more general interface

    void *buf turns off type checking on C compiler for any pointer

    int bufsize 2^31 = 2GiB --> size_t for size
      size_t: x86_64 -> unsigned long 64-bit
              x86    -> unsigned long 32-bit

    int byte_offset -> off_t (64-bit signed)

    int fd specifies which file to read from (opaque file handle)

    [!] removed byte_offset
        BIG IDEA OF UNIX: everything outside the program is a file

        random access    stream devices
        --------------------------------------------
        disk             network mouse keyboard
        flash            display

    added new system call: lseek(int fd, off_t where, int flag)

    corallary: OS records current file position on read, lseek sets position


3. pread(...)

    has extra argument for random access with a 'byte_offset' argument


Mechanisms for modularity
--------------------------
1. function (or method) calls

   call a function in another module and wait for return
     + simple, well understood
     + fast
     - robustness, things can go wrong
       run out of stack space
       functions stepping on each other's stack space
       infinite loops

2. client-server

   + not as simple, well understood
   + things do not go wrong as easily
   - way too slow, client -> server -> client
     works if clients are human beings
     does not work for high-performance applications

3. virtualization


==============
Jan. 13, 2016
==============

OS Organization
----------------

Booting
--------
get good interfaces between modules

UEFI
  want to organize booting process and split up what firmware (BIOS) does
  and what's on the disk with better line between the two

GUID (Globally Unique Idendifier for disk partition)
  128-bit quantity
  without these IDs, firmware won't know if it changed or not

GUID partition table (GPT)

Standard layout in partition
-----------------------------
File system formats   FAT12
                      FAT16
                      FAT32

Firmware is in EEPROM
Firmware can understand file format on disk

Have a kernel with well-known name sitting as a file
Firmware will load kernel into memory and run it

Firmware --> configuration variables, nvram


If firmware does not like config, may not boot
Once booted, OS is in charge


We could put OS in read-only memory, does not work because we may want to
change it before we boot


How to enforce modularity after booting?
-----------------------------------------
use function calls as the way of interfacing into OS

  char buf[2000];
  read(3, buf, 1000);

why is this terrible?

  use toy function
  -----------------

  int fact(int n) {
    if (!n)
      return 1;
    return n * fact(n-1);
  }

gcc compiled this into a loop with optimization
after turning off optimization
  
  fact: pushq  %rbp
        movq   %rsp, %rbp
        subq   $16, %rsp
        movl   %edi, -4(%rbp)
        cmpl   $0, -4(%rbp)
        jne    .L2
        movl   $1, %eax
        jmp    .L3

  .L2:  movl   -4(%rbp), %eax     # move 'n' into %eax
        subl   $1, %eax           # 'n-1'
        movl   %eax, %edi         # %edi holds first argument
        call   fact               # calls the 'fact' function
        imull  -4(%rbp), %eax     # have fact(n-1) in %eax
                                  # n * fact(n-1), store in %eax

  .L3:  leave     # rsp = rbp; rbp = *rsp++;
        ret       # rip = *rsp++;

[!] things that chould go wrong

    fact(-1)        # negative numbers
    
    fact(10000000)  # same logic as INT_MAX
                    # stack will grow inifinitely
                    # stack overflow, dump core if lucky
                    # may mess with other structures
    
    fact(INT_MIN)   # will compute fact(INT_MAX)
    
    fact(50)        # will do 50 multiplications
                    # get bottom 32 bits of correct answer


    what to do with stack overflow?
    --------------------------------
    (1) we could check stack everytime we grow the stack

        fact: # check for stack overflow here
              pushq %rbp
    
    (2) use virtual memory with guard page on stack
        trap when encounters guard page


    suppose the 'fact' calls 'fact2', what can 'fact2' do to mess up 'fact'
    ------------------------------------------------------------------------
    (1) can modify 'fact's activation record

          modify return address -> return to wrong place
          can make 'fact' multiply wrong number
          can loop forever
          jump to any other location in program

    how can fact mess up fact2?
    ----------------------------
    (1) put a random number value into %edi

    (2) movl $0, %esp
        jmp fact2

        set stack pointer to 0, which is a forbidden region


WE HAVE SOFT MODULARITY HERE
-----------------------------
requires that program trusts each other
does not scale to large applciations

[!] WE WANT HARD MODULARITY
----------------------------
(1) virtualization

    + cheaper modularity
    - unidirectional hard modularity
      kernel is protected against application
      application is not protected against kernel
    - not as reliable as client-server approach

(2) client server (hard modularity in both directions)

    + client and server are both insulated from each other
      not allowed to look into each others' memory
    - expensive for small software, need something cheaper


How to get virtualization to work?
-----------------------------------
operating system is the master program
wants to run application under the kernel's control

  simplest way to get virtualization to work
  -------------------------------------------
  write simulator for machine the applciation runs on
    simulator can execute instructions under it controls
    it carefully checks the instructions
    refuses to execute any dangerous instructions

    we could count instructions, when it reaches a limit --> return

  simulators cane be useful for debugging programs on machines that
  are not available or does not exist yet

  THIS IS USUALLY TOO SLOW FOR PRODUCTION!

  [!] We need a virtualizable processor
      run in sandbox


Second way of doing virtualization
-----------------------------------
throw application out and let it run
but stop the program before it causes trouble

app:            kernel:
+---------+     +----------+
|  could  |     |          |
|  cause  |     | reliable |
| trouble |     |          |
+----|----+     +-----^----+
     |                |   -----> not allowed
     +----------------+

kernel can mess around the application
but application cannot mess around with the kernel

divide instructions into safe and dangerous instructions
---------------------------------------------------------
safe instructions can be executed by application
but if an application wants to execute dangerous (privileged) instruciton
hardware executes a 'protected transfer of control'
%rip becomes in the kernel!
  need extra bit in processor that tells if in kernel or not (privileged bit)
privileged instructions should be rare
if they are rare enough, then we will run at almost full speed

we have to protect memory with virtual memory techniques

'movl' should work in most circumstances, unless it accesses privileged memory

Layered architecture
---------------------

  +-------------+
  | application |
  +--------+    |
  | kernel |    |
  +--------+----+
  |   hardware  |
  +-------------+

Classic way to enter the kernel
--------------------------------
execute a privileged instruction with a standard convention

  int 128      # interrupt function
               # execute system call

x86 version
------------
  push ss      # stack segment
  push esp
  push eflags
  push cs      # code segment
  push eip
  push error code

trap vector : contains the value 128

               kernel
 trap vec     +------+
  +-----+     |      |
  |     |     |      |
  |     |     +------+
  | 128 ----> |      | <-- ip
  |     |     +------+
  |     |     |      |
  |     |     |      |
  |     |     |      |
  |     |     |      |
  +-----+     |      |
              +------+

  rti          # return from interrupt


nowadays with x86 & x86-64
---------------------------
syscall instruction
  
  enters kernel
  returns
  looks as if we have new instruction to do wonderful stuff

each system call has unique system call number
we have no system call with more than 6 arguments
6 arguments to system call:  rax     rdi  rsi  rdx  r10  r8  r9
                           syscall #

                   destroys rcx, r11
                   result in rax
                   returns a number between [-4095, -1] to indicate failure

ssize_t read(int fd, void *buf, size_t s) { ... }

Assume mechanism works, now what does user app developer see?
--------------------------------------------------------------
Model

  processes: applications running in virtual machine atop operating system
             each process thinks it has control of the whole computer

Operating systems need to support this notion of processes
  how to create processes and how to destroy them?
-----------------------------------------------------------
    create    pid_t fork(void);

                  clones current process
                  returns 0 to the child
                  returns child process id in the parent
                  returns -1 on failure (not enough resources)

                    while(1) fork();  // fork bombs
                                      // everybody starts creating
                                      // children as fast they can

              void _Noreturn _exit(int);

                  this bypasses cleanup methods with 'void exit(int)'
                  _Noreturn specifies that this method does not return
                  changes calling convention, goes faster

                   process object
                  +--------------+
                  |      pid     |
                  |   fd-table   |
                  |  exit status |
                  +--------------+

    destroy   pid_t waitpid(pid_t pid, int *status, int flags)
                                                          0
                                                       WNOHANG


==============
Jan. 20, 2016
==============

OS goals
---------
protection
robustness
utilization
performance
flexibility
simplicity

apply modularity
  split into pieces

apply abstraction

  layered modularity

    simple layers
      kernel can access privileged instructions --> hardware
      invoke kernel through system calls

    can have more layers
      apps
      paging
      I/O drivers
      kernel

    x86 supports 4 levels of abstraction in hardware!
    Linux supports 2 layers, for simplicity and performance
    OS X supports more than 2 layers

    microkernel     small and efficient
                    build abstractions atop of that


  Unix applications

  +------+ +------+ +------+
  | app1 | | app2 | | app3 |
  +------+ +------+ +------+
  +------------------------+
  |         kernel         |
  +------------------------+


Some types of system calls
---------------------------
fork()    clone a process
          copy of process identical to original EXCEPT FOR

            1. two processes have different process IDs
               use   pid_t getpid(void)   to get the pid
            
            2. they have different parent pids
               use   pit_t getppid(void)  to get the parent pid
            
            3. have different file descriptor tables
               process has file descriptor table (maintained by kernel)
               containing pointers to other parts of system

                 /dev/urandom   not exactly random
                                keeps entropy pool (scarce resource)
                                random bits seed psuedo-random number generator

                somewhere in system contains file description
                file description is shared

            4. accumulated execution time, CPU time info
               counter of CPU time is reset to 0

                 $time make

            5. pending signals are not cloned
               the pending signal belongs to the original process
               child does not get the signal

            6. file locks
               file locks are advisory not mandatorily enforced

execvp(char const *, char *const*)
    file to execute  arguments

          destroy/reuse a process
          destroy everything except the above listed
          destroy all variables, all program, instruction pointer, registers
          we also have to destroy signal handlers

            sample program
            ---------------

            bool printable(void) {
              // run /bin/date
              pid_t pid = fork();
              switch (pid)
              {
                case -1: error(); // fork() fails, OS out of resources
                
                case 0: {
                  static char const date[] = "/bin/date";
                  if (execvp(date, (char const *){date, NULL})) {
                    error();
                  } 
                }

                default: {
                  int status;
                  if (waitpid(p, &status, 0) != p)
                    error();
                  return WIFEXITED(status) && WEXITSTATUS(status) == 0;
                }
              }
            }


            what if we pass in a file that we want the date to be printed in
            -----------------------------------------------------------------

              bool printable(char const *outfile) {
                pid_t pid = fork();
                switch (pid)
                {
                  case -1: error(); // fork() fails, OS out of resources
                  
                  case 0: {
                    int fd = open(outfile, OWRONLY);
                    if (fd < 0)
                      error();
                    if (dup2(fd, 1) < 0)
                      error();
                    if (fd != 1)
                      close(fd);
                    static char const date[] = "/bin/date";
                    if (execvp(date, (char const *){date, NULL})) {
                      error();
                    } 
                  }

                  default: {
                    int status;
                    if (waitpid(p, &status, 0) != p)
                      error();
                    return WIFEXITED(status) && WEXITSTATUS(status) == 0;
                  }
                }
              }


other system call to spawn process
-----------------------------------

This idea was put into POSIX because fork and cloning processes take too much
overhead beacause people think that we do not need to copy all data from a
process for a simple operation.
POSIX spawning processes are fast on Windows system POSIX emulator


int posix_spawnvp(pid_t * restrict pid,
                  char const * restrict file,
                  posix_spawn_file_actions_t const * restrict file_acts,
                  posix_spawn_attr_t const * restrict attr,
                  char * const * restrict envp)

nice(3) : 3 degrees nicer, less greedy, less CPU time, important for scheduling

restrict keyword   all pointers have to point into different parts
                   of memory in order to prevent aliasing
                      char *strcpy(char * restrict dest,
                                   char const * restrict src)

Fun thing to try on SEASnet
----------------------------
# on one shell
$echo $$
  9731
$kill -STOP $$

# on another shell
$kill -CONT 9731


Orthogonality
--------------
system calls should be orthogonal to each other
meaning that system calls should not be dependent to each other

  posix_spawnvp      violates this on the grounds that there are two ways to
                     set niceness, namely the call will do that and we could
                     manually call nice();

Files   are slow & unreliable
        robustness & performance are essential

          network
          mouse                vs.           flash
          keyboard                           disk
---------------------------------------------------------------
           strean                          random access
 spontaneous data generation          request/response quickly
          infinite                           finite


Unix BIG IDEA     everything is a file
                  use same system calls to access file
                  less operations that apply to wide range of applications

                    open      open("/dev/tty", O_RDONLY)
                              open("dev/rdisk/b", O_WRONLY)
                    close
                    read
                    write
                    dup2
                    lseek     lseek(fd, 27000, SEEK_SET)
                                this does not make sense for stream devices
                                this will return -1 and set errno

                    locking


Inter-Process Communication (IPC)
----------------------------------
want IPC that doesn't store data on files

Pipes   bounded buffers
        kernel allocates 4KiB buffer

            process A     write("xyz");

                          +-----+---+---+---+-----------+
                          |     | x | y | z |           |
                          +-----+---+---+---+-----------+

            process B     read()

        read/write directly from/to buffer, not involving disk
        buffer is bounded so we do not need to worry about memory


Race conditions
----------------
race conditions can occur when the behavoir of program can be dependent on
when things get scheduled

  inside sort.c
  --------------
  int create_temp_file(void) {
    while (1) {
      char name[1000];
      sprintf(name, "/tmp/sort.%d", random());
      if (open(name, O_RDWR | O_CREAT | O_TRUNC | O_EXCL, 0600) > 0)
        return ;
    }
  }

  int create_tmp_file(void) {
    for(;;) {
      sprintf(name, some_random_string());
      if (open(name, O_RDONLY) < 0)
        n = read(fd, buf, 100);
      return open(name, O_WRONLY, 0600);
    }
  }

  STILL HAS RACE CONDITIONS


==============
Jan. 25, 2016
==============

OS Organization Revisited
How is this done internally?

Processes & Files     these are all "fakes" (abstractions)
                      "pretend" to have the following major resources
                      
                 ALU  <=====>  ALU
           registers  <=====>  registers* (when running)
        memory (RAM)  <=====>  physical memory**  (when running
                                                   and when accessing it)
                 I/O  <=====>  emulated/simulated
      ---------------------------------------------------------------------
              pretend          on real machine
              syscalls         kernel implementation

  Kernel Memory

    +-----------------------------+
  0 |                             |
    +-----------------------------+
  1 |                             |
    +-----------------------------+
  2 |                             |
    +-----------------------------+  <----------  process table
  3 |                             |               process descriptors
    +-----------------------------+                   |
  4 |                             |     +--+--+--+-|+--+--+--+--+--+--+--+--+
    +-----------------------------+     |  |  |  || |  |  |  |  |  |  |  |  |
  5 |                             |     +--+--+--+--+--+--+--+--+--+--+--+--+
    +-----------------------------+        |     |           |     |
                                           +--+--+           +--+--+ 
                                              |                 |
                                          copy of user-   file descriptors
                                       visible registers
                                           rsp rip

                                  Handles
                                    Linux/Unix: int is a handle for open file
                                    Other OSes: pointer rather than int
                                                struct filedes *

------
Pipes
------
contains file descriptor with indicator that it is a pipe
along with a pointer to a bounded buffer used for communication

What can go wrong with pipes?
------------------------------

(1) write to a pipe, it's fill, all readers are busy with something else

    1. make buffer bigger (can exhaust kernel memory)
    2. discard new data (cheapest method)
    3. discard the old data currently in the pipe and substitute (loses data)
    4. suspend writer until there is space (Linux/Unix)
       try this shell script:  cat /etc/passwd | less   # will suspend

(2) write to a pipe, but there are no readers

    1. use solution to (1), writer may suspend forever
       try this shell script:  cat /etc/passwd | :      # ':' is 'true'
    2. kill the writer (SIGPIPE)
       we could, optionally, ignore SIGPIPE
       then 'write' fails with errno ESPIPE
       then we have to check exit status of 'write'
         
(3) read from empty pipe with writers

    1. make the reader hang and wait for writer

(4) read from empty pipe with no writers

    1. 'read' returns 0 (EOF)

+-----------------------------------------------------------------------+
|                                                                       |
| Pipe Notes                                                            |
| -----------                                                           |
| 1. cannot look into a pipe randomly                                   |
|    if nobody is looking at a pipe, then nobody can ever look at it    |
|                                                                       |
| 2. named pipe in Linux                                                |
|    similar to ordinary pipe with a name                               |
|    $ mkfifo /tmp/pipe                                                 |
|    anyone can connect to the pipe whenever they feel like it          |
|    $ cat /tmp/pipe > out &                                            |
|    $ echo Hello > /tmp/pipe                                           |
|                                                                       |
| 3. leaking pipes                                                      |
|      int ok = pipe("fd") == 0;                                        |
|      for (;;) {                                                       |
|       something else                                                  |
|      }                                                                |
|                                                                       |
| 4. while : ; do ; done | cat                                          |
|      cat will hang                                                    |
|                                                                       |
+-----------------------------------------------------------------------+

Orthogonality Question
-----------------------
$ (
    rm bigfile
    grep interesting
  ) < bigfile
              ^
              |
      data removed here

file descriptors access files at lower level than file names
a file does not necessary need a name to be accessed in Linux

take pipe() as an example, when we are creating a pipe
we are creating a nameless file on the system
a file won't be removed until all file descriptors pointing at are gone


--------
Signals
--------

Why do we need signals?
------------------------

(1) asynchronous I/O
      aread()
        returns right away and kernel keeps going with handling the data
        get a SIGIO signal later

(2) error in your code
      divide by zero
      floating point overflow
      invalid instruction

(3) impatient user of infinite loop (SIGINT)
      ^C to end program

(4) impending power outage (SIGPWR)
      to do any saving before shutdown

(5) to check for dying children (SIGCHLD)
      p = waitpid(-1, &status, WNOHANG)
      now we don't have to call this method every 100 milliseconds

(6) user went away (SIGHUP)

(7) kill the program SIGKILL
    cannot be caught or ignored

    while (fork())
      continue;
    $ kill -KILL 29316       # does not kill children
    however this does not kill the shell bomb
    $ kill -KILL -29316      # kills all children as well

    int kill (int,       pid_t)
            signal#   process descriptor
                  if negative, then kill all descendentsas well

(8) alarms
    alarms are not inherited by fork() but by execvp()

    alarm(20);
    execvp("/bin/emacs", ...);     // this is inherited

(9) suspending a process
    $ kill -STOP 29
    $ kill -CONT 29


Siganl usage summary
---------------------
1. break out of a loop
2. kill a process or suspend it
3. timeouts
4. important, unusual, unexpected events


How to recieve signals?
------------------------
system call    sighandler_t signal (int,  sighandler_t)
                                   signal   signal
                                   number   handler <--+
                                                       |
                                          void (*sighandler_t) (int)
                                        
                                          int -> void
                                         signal
                                         number

signals can introduce race conditions

Example: gzip.c
---------------
$ gzip foo
foo.gz

  fd = open("foo", O_RDONLY);
  fo = open("foo.gz", O_WRONLY);
  while (compress(fd, fo))
    continue;
  close(fo);
  unlink("foo");

THIS CODE IS NOT ATOMIC AND CAN BE INTERRUPTED

  static void cleanup (int sig) {
    unlink("foo.gz");    // cleanup before exiting
    _exit(1);            // exit status indicating failure
  }

  fd = open("foo", O_RDONLY);
  signal(SIGINT, cleanup);
    <-------------------------------- can have race here where we have
                                      not created foo.gz yet
  fo = open("foo.gz", O_WRONLY);
  while (compress(fd, fo))
    continue;
  close(fo);
  signal(SIGINT, SIG_DFL);  // use default signal handler
    <-------------------------------- can have race here where SIGINT
                                      and we have not removed 'foo'
  unlink("foo");


==============
Jan. 27, 2016
==============

Critical sections in signal handling
-------------------------------------

gzip has critical section

    tell signal handler not to remove compressed file
    remove uncompressed file
    disable signals

      ok_to_remove = 0;
      unlink("foo");

      void handle_interrupt(int sig) {
        if (ok_to_remove) {
          unlink("foo.gz");
        }
      }


    blocking singal
    ----------------
    int pthread_sigmask(int how, --> SIG_BLOCK, SIG_SCIMAKS, SIG_UNBLOCK
                        const sigset_t *restrict set,
                        sigset_t *restrict oset)
        sigset_t
        +-+-+-+-+-+-+-+-+-+-+-+
        |0|0|1|1|0|0|1|1|0|1|0|   -->  64 signals
        +-+-+-+-+-+-+-+-+-+-+-+
        block the ones with bit set

    this allows the signal to arrive even before function returns
    but when handled well we can build critical sections

        sigset_t ss;
        sigemptyset(&ss);
        sigaddset(&ss, SIGINT);
        pthread_sigmask(SIG_BLOCK, &ss, 0);
        // critical section here .......
        pthread_sigmask(SIG_UNBLOCK, &ss, 0);


    sigprocmask
        this is only useful for single-threaded programs


Threads
--------
- dangerous
+ performance (less CPU time & power)

------------------
Threads & signals
------------------

multithreaded program
  signal(SIGINT, handle_interrupt);

  should all threads handle the signal?
    all threads are affected by the signal
    Linux picks one random thread to deliver the signal

  'pthread_sigmask' affects only the current thread
  'sigprocmask' affects whole program


threads cannot share their signal mask
threads should have their only signal mask to ignore signals
because each certain thread may have a different signal
this is why 'pthread_sigmask' affects only current thread

by default signal handlers have their signals blocked
however we could use pthread_sigmask to unblock the signal


Suppose we have the following signal handler

  void handle_interrupt(int sig) {
    fprintf(stderr, "Interrupted\n");
    unlink(...);
  }

    fprintf(...) { malloc(...); }
    malloc(...) { // operating on heap }

    if we interrupt malloc and fprintf will call malloc again
    the second malloc may corrupt the heap, thus the first malloc call


  List of functions that can be used in interrupt handlers
  ---------------------------------------------------------
  + _exit
  + write
  - exit (calls malloc, flushes I/O buffer)
  - fprintf
  - malloc

    usually can call system calls

    conservative thought think that we can shoud, in a signal handler
    we set a global variable, that's all!
      sig_atomic_t volatile globv (always memory access, no cache!)


We still want stage manager to handle all threads!

void handle_interrupt(int sig) {
  if (pthread_self() == stgmgr) {
    really_handle_interrupt();
  } else {
    pthread_kill(SIGINT, stgmgr); // forward signal to stage manager
  }
}

--------------------------------
Threads and devices and signals
--------------------------------

read("/dev/tty", buf, 100);

SIGHUP signal arrives
run SIGHUP handler
returns and continue reading

    however, read usually fails errno == EINTR
    test for this

      while (read("/dev/tty", buf, 100) == -1 && errno == EINTR) {
        continue;
      }

    this can happen with slow system calls


Scheduling (has to be done right)
----------------------------------
central topic in OS
taken for granted in real life
but cannot be taken for granted in OS

managing resources so that processes run efficiently

scaling issues    lots of threads

                  lots of time
                      
                    long-term scheduler
                        which processes should be admitted to OS?
                        look at return value of fork()
                        if fork() < 0, denied by OS
                    medium-term scheduler
                        which processes reside in RAM?
                    short-term scheduler
                        which threads get to run on the limited number of CPUs

                  lots of thread types (I/O, interactive)

----------------------
Some scheduling ideas
----------------------

Priority scheduling
--------------------
Different thread types -> multilevel priority system

    system
    interactive
    batch

decide which jobs to run first (priority)

external priority     set by the user to specify priority
internal priority     set by system when it's trying to figure out
                      how to execute the jobs as efficiently as possible

syscall     nice(int niceness)
            nice(10)  -->  not as important as it used to be
                           lost priority level of 10
            nice(-3)  -->  increase priority level by 3

processes start up at niceness 0

priority  -->  niceness
------------------------
1. most important
2. less important
3. least important

    3 > 1      3 is nicer than 1

shell command   $ nice -n5 make
                $ nice -n-5 make


Real time scheduling
---------------------
for applications where performance is part of the correctness criteria
  'runing slow == dumping core'

  hard realtime scheduling
  -------------------------
  deadlines are hard, unchangeable and must be met
  caches are not good because it is unpredictable
  trade in performance for predictability
  always run with caching disabled when testing (just in case all cache misses)
  leave caching disabled in production because we did not test with caching

  soft realtime scheduling
  -------------------------
  deadlines can be missed, at a quality cost
  possible schedulers
    1. earliest deadline first
        see if we can meet that deadline, if we can't throw task away
        - one task can generate tasks that are always earliest deadline
          one stream can monopolize
    2. reate-monotonic scheduler
        jobs generate streams of data
        decide how much service we give to each task


Scheduling = set of policies (theoretical)
           + set of dispatch mechanisms (practical)


Typical dispatch mechanism for CPU scheduling for OS
-----------------------------------------------------
system call : give CPU from one process to another process

    close(29);
        SYSENTER -> drops into kernel -> SYSEXIT

if program does not issue system calls, then we are toast, this is called
'cooperative multitasking', which relies on that each cooperating thread
issues a system call every so often that will give up the CPU

  can use noop() system call that does nothing and drops into kernel
  also called yield() or schedule()
  wonderful society where everyong follows the law, everybody is cooperating


preemptive multitasking
------------------------
use signals for interrupting

CPU
 |
============== bus
      |
    clock

every 10 milliseconds the CPU will be clock-interrupted
clock sends signal every 10 milliseconds into interrupt vector
enters OS and kernel wakes up (kind of like enforced system call)


I/O cooperative process with slow device
-----------------------------------------
1. busy waiting with status byte

    while (!ready())
      continue;

  - spending a lot of CPU time calling ready()

2. polling
    
    ready() will yield when not ready

3. blocking

    new syscall
      check if device is ready
      if not, tell kernel not to startup until device is ready

        while (!ready())
          wait_until_ready();


=============
Feb. 1, 2016
=============

-------------------
Scheduling Metrics
-------------------

order for       start     first                                   last
500 Model T    building  Model T                                 Model T
from Chicago     cars    produced                                 done
 |                |         |                                       |
 |                |         |                                       |
------------------------------------------------------------------------------>
 |<------------->|*                                                 *      time
     wait time    |                                                 |
              first useful output                                  exit
 |<------------------------>|
        response time
 |<---------------------------------------------------------------->|
                           turnaround time

context switch time
    time taken by CPU to stop running one process and start another


Higher-level properties
------------------------
throughput      cars/month
                "useful" instructions/sec
                    instructions running inside application
                    instructions in scheduler considered overhead

utilization     [0,1] or in percent (%)
                can figure out throughput from this

fairness        each process should get a fair share of CPU time
                how likely it is for a process to starve
                    need a resource but not get it

latency         roughly equal to turnaround time

[!] throughput & fairness are competing objectives
[!] throughput & latency are also competing objectives

--------------------
Scheduling policies
--------------------
Assuming we have mechanisms working what shall we do with such mechanisms?


First Come First Served
------------------------
The first order that arrives will be first served

Example problem

    process     arrival time     run time     first output
    -------------------------------------------------------
        A           0               5               2
        B           1               2               1
        C           2               9               4
        D           3               4               1

     AAAAA | BB | CCCCCCCCC | DDDD
    |-----|-|--|-|---------|-|----|------------------------------------------->
    |     | |  | |         | |    |
    0     5 5+d| 7+2d      | 16+3d|         time
              7+d         16+2d   20+3d

    utilization     20 / (20+38)
    avg wait time   0+(4+d)+(5+2d)+(13+3d) / 4

+ high utilization
+ fair
- lower avg wait time


Shortest Job First
-------------------
Pick job with shortest runtime to run first
Assume job length is already known (not necessary easy to get)
reasonable in well-controlled environments

    AAAA | BB | DDDD | CCCCCCCCC
   |----|-|--|-|----|-|---------|--------------------------------------------->
   |    | 5+d| 7+2d | 11+3d    20+3d
   0    5   7+d   11+2d
   
   utilization      20 / (20+38)
   avg wait time    [0+(4+d)+(4+2d)+(9+3d)] / 4

+ lower wait time
+ high utilization
- starvation

PROBLEM     starvation
            a job may wait forever, no upper bound for wait time
            this happens even if amount of work at any given time is finite


-----------
Preemption
-----------
Use clock interrupts to free CPU when a huge job ties up CPU


Round Robin
------------
First come first served + preemption
    if job takes too long we preempt it and add it to list of jobs waiting

    A | B | C | D | A | B | C | D | A | C | D | A | C | D | A | CCCCC (**)

    utilization     20 / 20+15d
    avg wait time   (0+d+2d+3d) / 4

Most systems pick a quantum and stick with it because the minor gains by
changing the quantum does not improve much performance

+ fair (*)
+ low avg wait time
- lower utilization

    * only if new arrivals are put at the end
    ** violates (*)

----------------
Synchronization
----------------
coordinate actions in a shared address space

threads load/store to/from RAM, which is the recipe for races
may get right or wrong answer, computation will proceed without warning
this is dangerous by default

BUT this computational model is fast! So we like to use it!


maintain data consistency
do so efficiently
do so clearly + simply + flexibly

(1) shut down other CPU and run single-threaded model program

(2) Threads & Tralfamidore

    T1 & T2 doing state transitions

        T11 ---> T12 ---> T13 ------> T14 --------------> T15
        T21 ---> T22 -------> T23 ------> T24 ----------> T25

    As long as T1 and T2 do not access overlapping parts of shared state
    the program model is safe, otherwise it is prone to races

    We need to come up with a model where these overlaps cannot occur

        1. sequence coordination
           S3; S4 -->  S3 must occur before S4

        2. isolation
           S5 || S6 -->  S5 and S6 have no variables in common

    Occasionally, threads MUST talk to each other, methods 1 & 2 won't work

        3. atomicity
           assume existence of some operation atomic such that other threads
           see opeartion either done or not done, but nothing in between
           Either in old state or new state

           Observability
               what can an observer see? (if invisible, not a bug!)

           Serializability
               implementation is correct if all observable variables/behavior
               can be justified via a serial execution of the transitions


Example: bank account
----------------------
long long int balance = 10000;

bool deposit (long long amt) {
    if (amt > 0 && amt <= (LLONG_MAX - balance)) {
        balance += amt;
        return true
    } else {
        return false;
    }
}

bool withdraw (long long amt) {
    if (amt > 0 && amt <= balance) {
        balance -= amt;
        return true;
    } else {
        return false;
    }
}

'+=' is not atomic, involves loading into a register & storing back to RAM


critical section        section of code in which at most one program counter
                        should be executing on behalf of any particular object

                        too big    -->  bad performance
                        too small  -->  still have races 

Goldilocks principle for critical sections
-------------------------------------------
If everyone only reads, then everyone is safe
Only writes cause problems

(1) look for shared writes
    each of the shared writes should be in a critical seciton

(2) expand to include dependent reads & intervening computations
    do this recursively once we have changed the critical section

        // new_balance dependent on balance
        long long new_balance = balance + amt; 
        balance = new_balance;