Memory Protection ability to avoid unwanted memory accesses - - PowerPoint PPT Presentation

SLIDE 1

Memory management

Requirements

Relocation

– ability to change process image position

Protection

– ability to avoid unwanted memory accesses

Sharing

– ability to share memory portions among processes

Logical organization

– structure of process image

Physical organization

– structure of the physical memory hierarchy

Terms

Frame

– A fixed-length block of main memory.

Page

– A fixed-length block of data that resides in secondary memory.

May temporarily be copied into a frame of main memory.

Segment

– A variable-length block of data that resides in secondary memory.

Segmentation

– A whole segment may temporarily be copied into a an available region of main

memory.

Combined segmentation and paging

– A segment may be divided into pages which can be individually copied into main

memory.

Relocation: program loading

sources

compiler

linker

binary executable

.o Linking Compiling/ Assembling loader Loading Memory

process image

Development

load address

SLIDE 2

Relocation: addressing requirements

Binding

– translation of references to memory addresses

e.g.

– call strlen call 0x1084700 – mov R0, errno mov R0, 0x2007100

data code stack

branch, function call data reference stack pointer load address increasing address values

process image

Relocation: binding

Static

– compile time

absolute code

– binary executable contains absolute addresses

load address must be known at compile time if load address changes, program must be recompiled

– load time

relocatable code

– binary executable contains relative addresses

e.g. offset from program counter (PC+0x10fe) loader translates relative addresses to absolute addresses (static relocation)

Dynamic

– run time

relocatable code

– binary executable contains relative addresses

CPU manages relative addresses process image can be moved during execution (dynamic reloocation)

Relocation: binding

call myfunc main myfunc

program.o module.o

call 0x307f000

executable

0x3072000 0x3070000 0x307f000

linking

Compile time binding

load address: 0x3070000 (fixed)

Relocation: binding

call myfunc main myfunc

program.o module.o

call +0xdf00

executable

start+0x1000 start start + 0xf000

linking

Load time binding

call 0x200f000

process image

0x2001000 0x2000000 0x200f000 start+0x1100 0x2001100

loading

load address: 0x2000000

SLIDE 3

Relocation: binding

call myfunc main myfunc

program.o module.o

call +0xdf00

executable

start+0x1000 start start + 0xf000

linking

Run time binding

call +0xdf00

process image

0x2001000 0x2000000 0x200f000 start+0x1100 0x2001100

loading

load address: 0x2000000

Linking

Static

– modules and libraries are linked into an executable binary

Dynamic

– modules and static libraries are linked into an executable binary – dynamic libraries are inserted only as a reference

loaded at load time or at run time when needed

Loading

Static

– the whole executable is loaded into memory

Dynamic

– code is loaded only when needed

Memory partitioning

Fixed partitioning

– Main memory is divided into a number of static partitions.

1.Same size for all partitions 2.Different partition sizes

– A process may be loaded into a partition of equal or greater size. – Simple to implement; little operating system overhead – Inefficient use of memory due to fragmentation

internal (space wasted into a partition) external (partitions available cannot accommodate processes)

– Maximum number of active processes is fixed.

SLIDE 4

Fixed partitioning: examples

8 MB 8 MB 8 MB 8 MB 8 MB 8 MB Fixed partitioning equal-size partitions (of 8 MB each)

2 MB

4 MB 6 MB 8 MB 8 MB 8 MB Fixed partitioning unequal-size partitions 12 MB 16 MB

Fixed partitioning: process assignment

new processes

long-term scheduling

• A queue for each partition

–

assign a process to the smallest (big enough) partition

–

non-optimal

queuei non-empty queuei+1 empty

Fixed partitioning: process assignment

new processes

• An unique queue (which policy?)

–

First-came first-served (FCFS)

simple non-optimal memory usage

–

Best-fit

–

Best-available-fit

choose the first job that fits

into partition

Memory partitioning

Dynamic partitioning

– Partitions are created dynamically

Each process matches exactly partition size

– No internal fragmentation

Efficient use of main memory.

– Need for compaction

To avoid external fragmentation.

SLIDE 5

Dynamic partitioning: example

process 1 process 2 process 3 process 4 process 5 8 MB 16 MB 8 MB 6 MB 12 MB process 1 process 3 process 5 8 MB 16 MB 8 MB 6 MB 12 MB process 6: 20 MB process 1 8 MB process 3 process 5 8 MB 12 MB process 6 20 MB 2 MB

Dynamic partitioning: process assignment

Best-fit

– choose the partition with closest size to the request – small fragments residual

First-fit

– choose the first partition large enough

Next-fit

– similar to first-fit, but start searching from the last allocation

Relocation: memory addresses

Logical (or virtual) address

– address generated by CPU

Physical address

– address sent to physical memory

CPU

Translation

Memory

logical address physical address

MMU usually a component of the CPU

Relocation: MMU

Limit Base +

logical address

>=

physical address error (trap to OS)

MMU

SLIDE 6

Memory partitioning

Buddy system

– memory: set of blocks of size Si=2k (L≤k≤U)

usually 2U = memory size

– request: size=R

looks for Bi: best fit block (size = S=2U)

• 1. if 2U-1< R

≤ 2U, allocate block

• 2. else split block in two sub-blocks of size 2U-1 each
• 3. select one of the new blocks and repeat from step 1

– release block of size 2k

if there are two adjacent blocks with same size, merge them

Buddy system: example evolution

1 MB

1 MB block

512 KB

100 KB request

256 KB 128 KB A=128 KB 512 KB

240 KB request

B=256 KB 128 KB A=128 KB 512 KB

64 KB request

B=256 KB

C=64 KB

A=128 KB

64 KB

D=256 KB

256 KB request

B=256 KB

C=64 KB

A=128 KB

64 KB

256 KB D=256 KB

release B

256 KB

C=64 KB

A=128 KB

64 KB

256 KB D=256 KB

release A

256 KB

C=64 KB

128 KB

64 KB

256 KB D=256 KB

75 KB request

256 KB

C=64 KB

E=128 KB

64 KB

256 KB D=256 KB

release C

256 KB

128 KB

E=128 KB 256 KB D=256 KB

release E

512 KB 256 KB

release D

1 MB

Buddy system: tree view

D=256 KB 256 KB

C=64 KB

A=128 KB

64 KB

256 KB

1 MB 512 KB 256 KB 128 KB 64 KB

if two buddies are leaf nodes: at least one is allocated

• therwise: merge them

Memory partitioning

Segmentation

– Process images are divided into a number of segments.

splitting is handled by programmer (or compiler).

– Load process load segments into dynamic partitions.

Segments may be not contiguous.

– No internal fragmentation. – Improved memory utilization.

Protection Sharing

– External fragmentation. – Logical address to physical address translation.

SLIDE 7

Segmentation: example

Code-1

(main prg)

Static Data Code-2

(library)

Stack Dynamic Data (heap) Process image (logical address space) Code-1 Static Data Code-2 Stack Dynamic Data (heap) Physical memory OS maintains the list of free partitions

Segmentation: addresses translation

Logical address

– <segment, offset>

Translated through the process “Segment Table”

segment

• ffset

seg-0 base seg-1 base seg-2 base seg-3 base

+

logical address physical address Segment table

seg-0 limit seg-1 limit seg-2 limit seg-3 limit

seg-0 other info seg-1 other info seg-2 other info seg-3 other info

Segmentation: protection and sharing

Code LCode (library) Sdata (shared) Data (private)

Process A

Code LCode (library) Sdata (shared) Data (private) Code LCode (library) Sdata (shared) Data (private)

Process B

Code Data (private)

Segment table Segment table

A process cannot access to a segment

not pointed by its segment table

Access to data/code segments can be

restricted to valid operations

Shared segments have identical entries in

different segment tables

Segmentation: segment table example (IA-32)

31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

BASE 31:24 G D / B L A V L LIMIT 19:16 P DPL B TYPE BASE 23:16

31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

BASE 15:0 LIMIT 15:0

L: 64-bit code segment AVL: available for system software BASE: base address D/B: default operation size (16 (0) or 32 (1) bit) DPL: descriptor privilege level G: granularity LIMIT: segment size (bytes if G=0, 4KB pages if G=1) P: present S: type (0=system; 1=code or data) TYPE: segment type (data, code, stack, read/write, ...) segment descriptor-0 segment descriptor-1 segment descriptor-2 segment descriptor-3 segment descriptor-n 64-bits

Segment table

SLIDE 8

Memory partitioning

Paging

– Partition main memory into equal-size frames. – Process images are divided into equal-size pages.

Same length as frames.

– Load process load pages into available frames.

Frames may be not contiguous.

– Not visible to programmer. – No external fragmentation. – A small amount of internal fragmentation. – Logical address to physical address translation.

Paging: example

P1 P2 P3 P4 P5 P6 P1 P2 P3 P3 P1 P3 P1 P2 P2 P4 P6 P5

Process A Process B Memory

Frame-0 Frame-1 Frame-2 Frame-3 Frame-4 Frame-5 Frame-6 Frame-7 Frame-8 Frame-9 Frame-10 Frame-11 Frame-12 Frame-13 Frame-14 Frame-15 Frame-16 Frame-17

Contiguous pages map in non-contiguous, out of order frames Only the last page of a process can suffer of fragmentation

(average wasted space = page-size/2)

OS keeps the list of free pages (linked list or bitmap)

Paging: address translation

Logical address

– <page, offset>

page: k bits ; page-size=2k address: n bits max pages usable by a process=2n-k

Translated through the process “Page Table”

page #

• ffset

page-0 base page-1 base page-2 base page-3 base

logical address physical address Page table

page-0 other info page-1 other info page-2 other info page-3 other info

frame #

• ffset
• ther info: valid/non-valid, read-only/read-

write/executable, required privilege level,...

Paging: page table implementation

Registers

– fast – limits the table size – context switch overhead

more registers to save

Memory

– small context switch overhead

• nly table pointer is kept in a register

– optionally the table length too

– slow

each memory access requires additional memory accesses (to page table)

SLIDE 9

Paging: page table implementation

Translation look-aside buffer (TLB)

– leverages the locality principle – small cache with some page table entries

the whole page table is in memory same tradeoffs of I/D caches

– miss rate, miss penalty, size, cost

context switches cause the TLB flush

frame #

page info

page #

page #

• ffset

logical address physical address frame #

• ffset

TLB

Paging: protection and sharing

P1 P2 P3 P4 P5 P6 P1 P2 P3 P3 P1 P1 S P2 P4 P6 P5

Process A Process B Memory

Frame-0 Frame-1 Frame-2 Frame-3 Frame-4 Frame-5 Frame-6 Frame-7 Frame-8 Frame-9 Frame-10 Frame-11 Frame-12 Frame-13 Frame-14 Frame-15 Frame-16 Frame-17

Similarly to segmentation,

A process cannot access to a page not

pointed by its page table

Access to data/code pages can be

restricted to valid operations

Shared pages have identical entries in

different page tables

Paging: multilevel page tables

Address size: 32 or 64 bits too many entries in page table

– Multilevel page table

not all the entries are actually stored ( paged page table)

– Inverted page table

Multilevel page table

Paging: inverted page table

A single page table (no more one for process) One entry for each physical frame

– logical page address – owning process information

More logical pages can map on the same physical frame A linear search is not feasible

– search time: O(n)

Implemented as hash table

– search time (ideal): O(1) – shared pages are handled as collisions

SLIDE 10

Paging: inverted page table

• ffset

pid page# pid page#

search

f

• ffset

f

Physical memory Inverted page table

• ffset

pid page# pid page#

Inverted page table: hash implementation

f

hash function

pid page# f

search

• ffset

f

Memory partitioning

Segmentation with paging

– combined approach – segments are divided into pages – segment table contains

logical linear base address for segment

– one page table for each process

IA-32

• r

pointer to page table

– one page table for each segment

MULTICS

Segmentation and paging example: IA-32

seg selector

32 bit offset 16 bit

access base address limit

Segment Descriptor Table

seg register

segment descriptor

+

32-bits linear address

dir page

• ffset

Physical address Logical address

Virtual memory

SLIDE 11

Terms

Virtual memory

– Storage allocation scheme

Secondary memory can be addressed as though it were part of main memory. Size of virtual storage limited by:

– the architecture addressing scheme – the amount of secondary memory available – not by the actual size of main memory Virtual address

– address assigned to a location in virtual memory

that location is accessed as it were part of main memory

Virtual address space

– Virtual storage assigned to a process.

Address space

– Range of memory addresses available to a process.

Real address

– Address of a location in main memory

Keys

All memory references within a process are logical addresses

– dynamically translated into physical addresses at run time (mapping can change)

a process may be swapped in and out of main memory

– it occupies different regions of main memory at different times

A process may be broken up into a number of pieces

– contiguous allocation is not needed

All of the portions of a process in main memory during execution:

not necessary

– portions can stay in secondary memory and be fetched when needed – portions in main memory can be moved in secondary memory when space is needed

Virtual memory

Main memory Secondary memory

Process A portions Process B portions

paging and/or segmentation

swapping

Locality and virtual memory

Programs tend to use only a small subset of addresses in

a time interval

– not all process image portions are needed at the same time – current used portions: working set

Pages in main memory Page fault rate

W: working set size

Page fault: access to a page not in main memory Time W

transients stable stable stable stable

Working set evolution

On demanding paging

Load a page in main memory only when needed

– CPU try to access a page not in main memory: page fault

valid bit in page table signals if a page is in main memory (page valid)

– Fast process start – Reduced memory usage

allows higher multiprogramming degree

Effective access time: EAT = 1pt mempt faultt mem

p: page fault probability tmem: access time for a frame (typ.: 10ns) access to TLB access to page table access to memory tfault: time for handling page fault (typ.: 1ms)

SLIDE 12

Virtual memory access

CPU checks TLB found? access page table page in main memory? update TLB generate physical address read page form disk memory full? page replacement update page table y n y n trap: jump to OS routine

HW actions SW actions

Page loading

If there exist a free frame

– load page

else

– select a “victim” frame – modified?

no: load page into selected frame yes: write frame in secondary memory and load page a bit (dirty bit) is needed in page table

Page replacement policies

Optimal

– minimizes page faults – not realizable

requires information on future accesses

FIFO Least recently used (LRU) not recently used (NRU or “clock”) Second chance

Page replacement: FIFO

First page loaded is the first swapped out

– does not take into account the page rank (rank: access rate) – suffers of the Belady anomaly

increasing the frames allocated for a process can increase page faults

– e.g.

accesses: 0 1 2 3 0 1 4 0 1 2 3 4 3 frames 9 page faults 4 frames 10 page faults

SLIDE 13

Page replacement: LRU

Select the page not accessed for the longest time

– very expensive to implement

tag with access time stack with access sequence

– use approximation (NRU: not recently used)

Page replacement: NRU

Add a bit (used bit) in page table

– set the used bit when a page is loaded or an access occurs – select a frame with unset used bit for replacing

scan the list in round robin fashion

– to avoid to victimize the same page too often

reset used bits while searching

– variants:

reset all used bits if a search fails reset all used bits after a frame is selected reset all used bits on a periodic scheduling

page table entries

Page replacement: second chance

Privilege dirty frames

– similar to NRU, but consider also the dirty bit

first search: look for used=0, dirty=0 second search: look for used=0, dirty=1 third search: look for used=1, dirty=0 fourth search: look for used=1, dirty=1 “used” is cleared on a periodic schedule (timer interrupt) first search: look for used=0, dirty=0 second search: look for used=0, dirty=1 and clear every “used” bit checked third search: look for dirty=0 (all “used” bits are now 0) fourth search: look for dirty=1

Algo 1 Algo 2

Page replacement

Comparison

6 8 10 12 14 5 10 15 20 25 30 35 40 FIFO Clock LRU OPT

Allocated frames Page faults per 1000 references

SLIDE 14

Frame allocation

Fixed

– a process has a fixed number of frames allocated

minimum number of frames:

– 1+max_addresses_accessible_by_a_single_instruction Variable

– process' frames can change over time

Replacement scope

– local

when a process needs a new page, free a frame of that process

– global

search frames globally (not possible for fixed allocation)

Frame allocation: fixed

Equal

– each process has the same number of frames

Size based

– a process has a number of frames proportional to its image size

Other

– priority – ...

Frame allocation: variable

Working set based

– WS(t,∆) = pages accessed in [t-∆,t] – W = size of WS

• ∆ too small: not significative
• ∆ too big: too much pages

Page fault based

– measure process' page fault rate

below a threshold release frames above a threshold increase number of frames allocated

∆ W(t,∆)

Frame allocation: trashing

Too few frames allocated to a process

– too much page faults: execution time bounded by swapping

Can occur as a result of a wrong feedback

– processi has too few frames page fault processi is suspended – CPU is less used execute a new process allocate frames – new process removes frames to other processes – other processes can suffer of thrashing throughput falls – the whole system is working only in swapping pages

SLIDE 15

Frame allocation: trashing

multiprogramming degree CPU usage

trashing

Virtual memory:

• ther considerations

Page size

– small

little internal fragmentation many entries in page tables I/O overhead

Program structure impact Locked frames

– some frames must be kept in main memory

kernel (at least a portion) security critical data

array: row scan array: column scan (can cause more page faults)