

# Operating Systems

PAGE NO.:

DATE: / /

## Motherboard:

- \* Motherboard comes with a capability to expand by adding more I/O ports.
- \* It's a fully-functioning computer, once its slots are populated.

## x86 Instructions:

- ① Data movement: MOV, PUSH, POP ..
- ② Arithmetic: TEST, SHL, ADD ..
- ③ I/O : IN, OUT
- ④ Control: JMP, JZ, JNZ
- ⑤ String: REP MOVSB
- ⑥ System: IRET, INT

## Memory (RAM):

- same time access to any location
- semiconductor device.
- When a system is started, there is nothing on RAM.

## Hard Drive:

- \* Head is responsible for reading & writing data onto HD.
- \* IDE, SATA, SCSI, PATA, SAS

## SSD:

- \* Permanent storage
- \* Reliable, no moving parts.

- \* Smaller access time = costlier storage  
~~cheaper~~
- \* Access time  $\propto$   storage capacity
- \* Register  $\rightarrow$  compiler  
Cache  $\rightarrow$  Hardware  
RAM, SSD, HD  $\rightarrow$  OS

### Von-Neumann Architecture:



### Important:

- \* CPU transfers data b/w itself & RAM or No transfer b/w CPU & HD, CPU & mouse
- \* I/O devices transfer data to RAM & CPU access data from RAM

What does Processor do?

From its being turned on to turned off,  
it does.

- ① Fetch instruction from RAM  
Location given by Program counter (PC)
- ② Decode instruction & execute it.  
While doing this may fetch some data  
from RAM.
- ③ While executing the instruction change/  
update PC.
- ④ Go to 1.

Boot loader:

- A program exists on (sector 0) of  
secondary storage.
- Loaded by BIOS in RAM & passes over  
control to.

Kernel:

- Code that is loaded and given control by  
Boot loader initially when computer boots.

System Programs:

- Applications that depends heavily on  
Kernel and processor.

OS(Keonai):

- Takes control of hardware
- Loads some initial applications ("init")
  - from HD into RAM & passes control to it
- \* BIOS code is machine code.
- \* Compiler is used to compile applications on particular OS & hardware.
- \* BIOS, Bootloader are software.
- \* Debian/Ubuntu: Kernel + system programs + selected applications.

# Event Driven Kernel

- \* Boot process  
BIOS → Boot loaders → OS → "init" Process  
sector 0  
of boot device
- \* PC on start has address of BIOS at start by default.
- \* Hardware devices (Keyboard, mouse, hdi, etc) can raise hardware interrupts.
- \* On hardware interrupt, PC changes to location pre-determined by manufacturers.
- \* ISR codes are part of OS code. OS occupies that process place in boot process.
- \* Whenever there is hardware interrupt, OS code will run.
- \* Taking control of hardware = All ISR locations are occupied by OS code.

\* CPU fetches instruction

PAGE NO.:  
DATE:

## Time sharing CPU

- CPU is timeshared b/w diff. appn fosi

## Multiprogramming & Multitasking

- \* Program: A binary file (machine code) on hard drive
- \* Process: A program that is executing
  - Must exist in RAM to execute.
- \* Multiprogramming: A system where multiple processes exist at the same time in memory
- \* Multitasking:
  - Time sharing b/w multiple processes in a multi-programming system.

[Imp]

- ▷ A multiprogramming system is not necessarily multitasking.

\* Events that make CPU run code at pre-defined places:

    ↳ Hardware interrupts.

    ↳ Software interrupts (int)

    ↳ Exceptions:

        (divide by zero)

\* OS doesn't run unless there's an event.

CPU

\* Two types of instructions

    ↳ Normal

    ↳ Privilege

\* Two modes of CPU operation

- CPUs have mode bit (0 or 1):

- If bit is in user mode; normal instructions are executed by PCPU.

- If bit is in kernel mode, both normal & privileged instructions are executed.

\* OS code runs in kernel mode.

\* Application code runs in user mode.

\* Transition from user mode to kernel mode & vice versa:

- It can be done by software interrupt instructions (ex. INT)

Before INT instru, CPU is in user mode.  
After executing, kernel mode.

- \* Hardware interrupts & exceptions happen asynchronously while software interrupts are caused by appn code.

## System Calls

- \* Any user or application program can call system calls to avail availabilities given by (By calling Software interrupt instruction)
- \* Interface provided by kernel.

## Process in RAM

- Memory is required to store some comp. of a process:
  - code
  - Global variables
  - stack
  - Heap
  - shared libraries, etc.

### FORK():

- If a process calls fork, it creates identical duplicates of it.
- calling function returns in two places caller is parent and new process is child. PIB is returned to parent and 0 to child.
- memory addresses of variables after fork are different.

### EXEC

- Takes path name of an executable as an argument.
- Overwrites existing process using the code given in executable.
- exec never returns as caller gets vanished.  
if it succeeded.

Compiler, linker, loader, Assembler  
System programs / utilities most essential  
to make a kernel usable.

Standard C Library

- Machine code containing code of all the most frequently used functions.
- /usr/lib/x86\_64-linux-gnu/libc-2.31.so
- .so = shared object file

Compiler:

- Application program
- Input is file & output is also a file.
- High level language to machine code.

Assembler:

- Application program
- Converts assembly language to machine code

Compilation Process



- \* Linker
  - Application program
  - on linux, its "ld" program.

## Executable File Format

- It must be dependent on processor + OS to execute.
- contains machine code + OS

- Windows: PE

- Linux: ELF

- Old Unixes: a.out (no extension)

↑  
ELF file

- ELF is used for both executable programs but also for partially compil

- a.out : ELF format (No longer use)

- objdump:

- `objdump -d -x /bin/ls`

- Shows all disassembled machine instructions & headers.

- hexdump which are

- shows files in hexadecimal

- readelf

- Alternative to objdump

- or
- create statically linked library file.
  - or - creates libmine.o one or two.o

### Loader

- The exec()
- Loads an executable file in memory

### Important

- memory management features of processor  
memory management architecture of kernel  
executable / object-code file format, output  
of linker and job of loader are all  
interdependent and inseparable.

## calling convention

- compiler needs to map the features of C into processor's features and then generate machine code.
- Local variables are located on stack.
- sequence of function calls are present on RUN time.
- compiler has to generate machine code for each function.

### Function calls:

- LIFO order.
- Processors provide stack point (%esp)
- Push & pop provided by hardware.

### System calls, compilers

- compiler generates a machine code which can be played or supported by esp.
- These can't be any C code which will run on a processor with no esp.

\* what goes on stack!

1> Local Variables

2> Function Parameters

3> Return address of instruction which called a function.

## Activation Record:

- Local vars + parameters + return address
- One activation record for each function call which get destroyed on return.
- ebp & esp used to denote activation record

## x86 Instructions:

① leave

mov %ebp, %esp  
pop %ebp

② ret

pop %ecx  
jmp %ecx

③ call x

push %eip  
jmp x

④ endb864

Normally a no operator (processor wasting one CPU cycle)

\* More parameters, more registers and hence more sophisticated way to do calling convention.

Function  
which  
makes call

Function  
which  
gets called

PAGE NO.:

DATE: / /

Caller save and callee save Registers

① caller save Registers

- compiler need to save registers used by caller. They can be used by callee function.

② callee save Registers.

- registers will be pushed by callee function itself.

③ How to return values:

- caller will have to pop.

\* Caller Saved: EAX, ECX, EDX

\* Callee Saved: EBX, EDI & ESI

## 8086

Address Extension

\*  $PA = VA + SEG * 16$

Ex.  $0 \% IP + r.CS * 4$

Flags Register

- set by processor depending on previous instruction.

32 bit 80386

- Boots on 16 bit
- Running particular instructions switches to 32 bit mode (protected mode)
- $0x66$  ( $0xF7$ ) to toggle between 16 bit & 32 bit operands/ address.

x86 Assembly code

Intel syntax :  $OP\ dst, src$

AT&T (gcc/gas) :  $OP\ src, dst$  ( $\times V6$ )

IDTR : CPU Part      IDT : Memory

## Memory Management in x86:

### \* Memory Layout of C Program



data = global & static variables

- \* Text, data, bss are present in ELF file.
- \* Stack & heap are not in ELF file.

Stack: Region for allocating local variables, function parameters, return values.

Heap: Region for use by malloc(), free()

created by OS

## Basics of x86 Architecture

- \* CS:IP , SS:BP,SP, DS:ES , SI:DI
- \* Flags register can be set by processor depending on current instruction

32 Bit 80386:

- Boots in 16 bit mode (Real mode)
- Protected mode (32 bit)
- Segment Registers (CS,SS,etc) : 16 bit.
- 0x66/0x67 used for 16 bit and 32 bit operands/addresses respectively

### Example

↳ In 32 bit mode, MOVW is expressed as  
0x66 MOVW.

Expected Use of segment Registers:

CS: Holds the code segment in which your program runs.

DS: Holds the data segment that your program accesses.

ES,FS,GS: These are extra segment registers.

SS: Holds the stack segment your program uses.

- All 16 bit.

sets values in registers.

Assembly code

- Intel syntax : op dst, src
- AT&T (gas) : op src, dst (x86)
- uses b, w, l to specify size of operands i.e. 8 bit, 16 bit & 32 bit.
- operands are registers, constant, memory via register, memory via constant

x86 Instructions:

① movl %eax, %edx  
 $\Rightarrow$  edx = eax  
 $\Rightarrow$  Register mode

② move \$0x123, %edx  
 $\Rightarrow$  edx = 0x123 (storing number 0x123)  
 $\Rightarrow$  Immediate

③ movl 0x123, %edx  
 $\Rightarrow$  edx = (int32-t) 0x123 (operand at address 0x123)  
 $\Rightarrow$  Direct.

④ movl (%ebx), %edx  
 $\Rightarrow$  edx = (int32-t) ebx (Address of block pickup)  
 $\Rightarrow$  Indirect  
 $\Rightarrow$  Two fetches from memory

move 4(%ebx), %edx  
 $\Rightarrow$  edx = (int32-t)(ebx + 4)  $\stackrel{?}{\text{?}}$  ebx + 4 address  
 $\Rightarrow$  displaced

## Instructions suffix | prefix

- ① mov %.ebx, %.eax # 32 bit
- ② mov %.bx, %.dx # 16 bit
- ③ movw %.bx, %.dx # 16 bit
- ④ mov \$123, 0x123 # Ambiguous  
    ↑  
    operand

## privilege levels

- x86 has 4 protection levels
  - 0: most privilege , kernel mode
  - 3: least privilege , user mode
- current privilege level with which the x86 executes instructions is stored in CPL field (2 bit) inside %.cs register.
- changes automatically on
  - ① " int "
  - ② h/w interrupt
  - ③ Exceptions
- slow interrupt can be used to create h/w interrupt
- ~~x64~~ x86
- x86: int 64 used for system calls.

## Interrupt Descriptor Table (IDT):

- It's in memory table.
- 256 entries.
  - 0-31 are defined for slow exceptions
  - x86 32 bit interrupts in 32-63
  - Int 64 for system call.

## \* IDTR and IDT

- IDTR is in CPU (48 bit)
- Gives address of IDT
- Each entry in IDT is called gate.
- IDT is initialized by OS.

## \* Why segment: offset Pairs in x86?

- Segmentation: Compiler's view of program  
compiler generates object code assuming  
that different memory regions corresponding  
to the program are different segments  
in memory.
- Segment: a continuous chunk.
- Segment register gives the location of  
the chunk, index/offset register gives offset.

### [Example]

CS: IP, CS gives location of segment  
& IP gives index in it.

## Real mode and Protected mode:

Not same as kernel mode & user mode.

for booting: 16 bit

on running particular machine instruction,  
CPU will change to 32 bit (Protected mode)

### \* Real Mode:

- Address always correspond to real address
- seg \* 16 + offset
- no support for memory protection, multitasking or code privilege levels (User/Kernel)
- so no multitasking on 8086.

## Virtual Memory

- virtual address is address issued by CPU execution unit which later converted by MMU to physical address.
- Employed by OS (with LRU support)
- Virtual memory achieves ability to execute partially loaded program.

## Virtual memory

- separation of user logical memory from physical memory
- virtual memory can be implemented by
  - 1) Demand Paging
  - 2) Demand Segmentation.
- It is the work of OS to map logical virtual memory with physical memory and backing store (ex: swap area).

## Virtual Address Space

- Enable sparse address spaces with holes left for growth, dynamically linked libraries, etc.
- What is sparse address space?
  - we assign a page for stack and heap which can grow towards themselves. The area between them is what called as sparse address space.

`brk()` is a system call which uses kernel API to allocate some region in virtual memory and return a pointer to that region.

### Shared Pages Using Virtual Memory

- Shared system libraries shared via mapping into virtual address space.
- Shared memory by mapping same pageframes into page tables of involved processes
- Pages can be shared during `fork()`, speeding process creation

### Demand Paging

- Load a page to memory when it's needed (on demand)
- Pure demand paging: Load one page at load time.

### Valid / Invalid Bits in Page Table

- with every page table entry, valid-invalid bit is associated.
- v : in memory - memory resident  
i : not-in-memory or illegal
- During address translation, if valid-invalid bit in page table is i, raises trap called 'page fault'.

Backing store have space for storing all the pages in memory

Pure Demand Paging: Start execution of code without page fault.

## Page Fault

- Hardware interrupt
- ⇒ change of stack to kernel stack
- ⇒ saving the context of process
- ⇒ switching to kernel code.

## Page Fault:

- OS looks into at Data Stru. (table) most likely in PCB itself, to decide
  - If its invalid reference → abort process (seg fault)
  - just not in memory → need to get the page in memory

⇒ Get empty Frame

⇒ Swap page into frame via scheduled disk/IO operation.

⇒ Resets ptables to indicate page now in memory

⇒ Set validation bit = V

⇒ Restart instruction that caused page fault.

Hardware support needed for demand paging

- Page table with valid/invalid bit
- Secondary memory (swap device with swap memory)
- Instruction restart

Processor Related.



## Page Fault Handling

- 1) Trap to OS
- 2) Default trap handling():
  - save process registers & process state
  - determine that interrupt was page fault.
  - Run page fault handler.
- 3) Page Fault Handler():
  - Check the page reference was legal and determine location of page on disk. If illegal, terminate process.
- 4) Find a free frame. Issue a read from the disk to a free frame.
  - Process waits in queue for disk read.
- 5) Meanwhile many processes may get scheduled.
  - Disk DMA transfer data to free frame & raise Disk/I/O interrupt.

- a) while waiting, allocate CPU to some other process
  - b) receive interrupt from disk I/O subsystem
- b) Default interrupt handling:
- save registers & process state for other process
  - determine it was DISK/I/O interrupt.
- c) Disk Interrupt Handler:
- Figure out interrupt was for waiting process
  - Make process runnable.
- d) Wait for CPU to be allocated to this process again
- kernel restores the page table of process, marks entry as "V".
  - Restore user registers, process state & new page table, & then resume the interrupted instruction.

## Performance of Demand Paging

Page Fault Rate:  $0 \leq P \leq 1$   
If  $P = 0$ , no page fault  
If  $P = 1$ , every reference is page fault.

## Effective Access Time (EAT)

$$\text{EAT} = (1 - P) * \text{memory access time} + P * (\text{page fault overhead} + \text{swap page out} + \text{swap page in} + \text{restart overhead})$$

Optimization: copy on write

- During fork()
  - Pages of parent were duplicated
  - Equal amount of pages frames were allocated
  - Page table for child different from parent
- In exec()
  - Page frames of child were taken away & new frames were allocated
- Waste of time during fork() if the exec() was to be called immediately.
- Copy on write allows both parent and child processes to initially share the same pages in memory.
  - If either process modifies a shared page, only then is the page copied.
- COW allows more efficient process creation as only modified pages are copied.
- vfork() variation on fork() syscall has parent suspend & child using cow address space of parent.
  - Designed to have child call exec()
  - More efficient

List of Free frames

- Kernel needs to maintain list of free frames
- At the time of loading kernel, list is created

\* page frames in use depends on "Degree of multiprogramming".

|           |    |
|-----------|----|
| PAGE NO.: | 11 |
| DATE:     | 11 |

### Basic Page Replacement

(Two = 10)

1) Find location of desired page on disk

2) Find free frame

- IF there is free frame, use it.

- IF no free frame, use page replacement algorithm to select a victim frame & write victim frame to disk if dirty.

3) Bring the desired page into free frame. update page table of process & global frame table/list

4) Continue process by restarting instruction that caused the trap.



(3<sup>rd</sup> doesn't fail on  
first time)

mappages():

- Allocate page tables if required
- setup entries in page tables & page directories.
- If page table doesn't exist, allocate it and then compile.

mappgdir():

- checks if pgdir has mapping with virtual address va.
  - 1> If it has mapping then return page table entry.
  - 2> Else allocate pagetable & return page table entry.

seginit():

- Adds two additional entries in GDT for CS and DS but to be used in privilege level 3.

## XVG Paging:

- \* `panic()`: Enters in infinite loop or stops the kernel.
- \* At first time,  $\text{r} \rightarrow \text{next}$  becomes null in `kfree()` as in start there were no pages allocated.
- \* All the addresses above 2GB will be mapped from 0 to 4MB.
- \* First 4 bytes in page is pointer ( $\text{r} \rightarrow \text{next}$ )

\* `kinit()` gets 4k pages from 2048 to 2052 MB

↳ creates freelist of size 3MB (3072 pages) and assigns pages between 0 to 4MB via

`KVmAlloc()`: Allocate one page table for the machine for the kernel address space for scheduler processes.

`lcr3()`: Load cr3 register (Base of page)

`setupVm()`: Set up page directory or page table for the kernel and returns address of that and returns the address of that

\* Before `KVmAlloc`, our page directory was pointed by entry pgdir.

\* `Kalloc()`: Returns a 4K size page from freelist

\* If there's a page directory entry, it creates two level page table.

## Inter Process Communication (IPC)

- Cooperating processes can affect or be affected by other processes, including sharing data.
- Cooperating processes need IPC.

IPC

shared Memory

Message Passing

shared Memory:

- Two processes share the memory intelligently given/provided by kernel.

Message Passing:

- Kernel has to do more work.
- Two processes don't have anything in common but they request kernel to send or receive a message.
- Process is supposed to delete the kernel resource after it is done using it. <sup>or free</sup>
- Processes communicate with each other with the help of OS //.

Pipe (1):

- ls -e | grep xyz  
(output of ls is input to grep)

Pipes for IPC

Unnamed or ordinary pipes

Named pipes

## Ordinary Pipes

- communication in std. producer-consumer style.
- Producer writes to write end and consumer reads from read end.
- Works on FIFO style (unidirectional).

Parent

fd(0) fd(1)



child

fd(0)

fd(1)



pipe() system call:

- When pipe() system call is called, it creates a notion of buffer and two struct files (kernel) and two pointers from file descriptor array of PCB gets pointed to those struct files and pipe() returns them.
- When fork is called on parent process w/ used the pipe() syscall, the file descriptor gets copied and points to the same struct files as in above (& those struct files have been pointing to some place in buffer). The above buffer becomes shared between parent and child.



A process is required to close all unused end of pipe.

dup(): copies the given file descriptor & hence as a result of dup() we have to fds pointing to same file.

\* pipe is not exactly same as i/p or o/p redirection to file.

## Named Pipes

- FIFO
  - Processes can create file that acts as 'pipe' & multiple processes can share file
  - Bidirectional
  - NO parent-child relationship required & hence more powerful than unnamed pipe
  - Not detected by OS automatically
- \* Permission of Files
- |            |                             |
|------------|-----------------------------|
| -rwx-r--r- | (Regular File)              |
| rwx-rw-r   | (Special File (Piped file)) |

## Shared Memory

### \* System File Shared Memory

- Process first creates shared memory segment (`shmget()` function to be used)
- POSIX: Portable OS Interface
- `shmid` (Get ID of shared Memory), fn used for share memo
- `shmat` (Attach to shared Memory)
- `shmdt` (Detach from —— )

## Message Passing

- Processes comm. with each other using `send()`, `receive()` syscalls.
- If P and Q want to communicate
  - 1> kernel needs to establish comm. link b/w them
  - 2> exchange messages via `send/receive`.
- `ftok()` to generate unique key.
- `mesget()` creates message queue.
- `msgcte()` destroys message queue.

## Message Passing using Naming:

- Pass message by "naming" the receiver
  - 1> Direct comm. with receiver  
(sender identifies receiver by its name)
  - 2> Indirect comm. with receiver  
(sender identifies receiver by its 'location of receipt')

### Direct Communication

#### \* Properties of link

- 1> Automatically established
- 2> Exactly one pair of comm. process for a pair of processes
- 3> Bidirectional (but can be unidirectional)

### Indirect Communication

- Msgs received or sent through mailbox (just like sockets) { Unique ID for mailbox }

#### \* Properties of Mailbox:

- 1> Link established if two processes share common mb.
- 2> One link for many processes.
- 3> Each pair of process may share several communication links.
- 4> Uni or bidirectional.

## Message Passing Synchronization Issues

- Blocking / Non-blocking
- Blocking (Synchronous)
  - 1> Send has the sender block until msg is received
  - 2> Receive has the receiver — — — is available
- NonBlocking (Asynchronous)
  - 1> Send has the sender send the msg & continue
  - 2> Receive has the receiver receive the msg (valid) or null.

## Memory Management (Part II)

- \* MMU: Hardware features for MM
- \* OS: sets up MMU for a process, then schedules process.
- \* Compiler: Generates object code for a particular OS + MMU architecture
- \* MMU: Detects memory violations and raises interrupt → effectively passing control to

### Static Linking

- All object code combined at link time and a big object code file is created (large executable files)

Static Loading: All code is loaded in memory at the time of exec.

⇒ Big executable files, need to load functions even if they do not execute (wastage of PM)

### Dynamic linker:

At the time of loading, the program in memory the link-loader will pick up the relevant code from the library machine code file (small executable files)

### PLT: Procedure Linkage Table

Used to call external procedures/functions whose address is to be resolved by the dynamic linker at runtime.

### Dynamic Loading

- Load a part from ELF file only if needed during execution (small executable files)
- Delayed loading
- allocate memory if needed.

## continuous memory management

- Process: One continuous chunk
- Two partitions: 17 For Process  
27 For OS (Usually at high addresses cuz INT map to that location)
- Strategies for finding a free chunk  
6K, 17K, 16K, 40K holes. Need 15K



- ① Best Fit | Find the smallest hole, larger than process (16K)
- ② Worst Fit | Find the largest hole (40K)
- ③ First Fit | Find the first hole larger than process (17K)

## External Fragmentation:

- Total unused memory space is enough to answer all the allocation requests. But memory is non-contiguous.
- Solution: Compaction.
- Compaction: Technique to collect all the free memory present in form of fragments into large chunk of memory.
  - It must update memory manag. info in PCB of each process (Time consuming)
  - Possible only if relocation + limit scheme of MMU is available.

## Internal Fragmentation:

- Memory is divided into fixed partitions.
- Allocate one or more chunks to a process, such that total size is  $\geq$  size of process.
- Ex. each chunk is 50K.
  - ① For 40K, allocate 1 chunk
  - ② For 60K, — n — 2 chunks.

⇒ Leads to internal fragmentation.

- Memory wasted at 40K & 60K processes.

⇒ Solution to internal fragmentation.

- Reduce size of fixed partitions.

## Paging

### Job of OS

- Allocate page table for process , at time of fork/exec
  - Allocate frames to process
  - Fill in page table entries
- In PCB of each process maintain
  - Page table location
  - List of page frames allocated to this process
- During context switch , load PTBR using PCB .

### Disadvantage of Paging

- Each memory access results in two memory accesses.

### Speed <sup>up</sup> of Paging :

- Translation Lookaside Buffer
- Part of CPU
- Cache of page table entries
- searched in parallel for a page number.
- TLB hit : 1 memory access
- TLB miss : 2 memory access.
- All done by hardware .

### Effective memory access time

Hit ratio  $\times$  memory access time +  
miss ratio  $\times$  2  $\times$  memory access time .

- Every process has its own page table unless you use an inverted page table.



## Case Study (Oracle Solaris)

- Uses hash table (2 hash tables)
  - One for kernel and one for all user processes
  - Each hash table entry: base + span (# of pages)
  - Caching Levels:
    - ① TLB (on CPU)
    - ② TSB (in memory)
    - ③ Page tables (in memory)
- \* First search is in TLB.

## Swapping

### Standard Swapping

- Entire process swapped in or swapped out.
  - with continuous memory management.

### Swapping with paging

- Some pages are "paged out" and some "paged in"
- Term "paging" refers to paging with swapping.

Activation record:

- Local vars + parameters + return address
- One activation record for each function call which get destroyed on return.
- ebp & esp used to denote activation record

x86 Instructions:

① leave

mov %ebp, %esp  
pop %ebp

② ret

pop %ecx  
jmp %ecx

③ call x

push %eip  
jmp x

④ endbr64

Normally a no operation (processor wasting one CPU cycle)

\*

More parameters, more registers and hence more sophisticated way to do calling convention.

## Segmentation & Multiple Base + Limit Pairs

- whenever address is issued by CPU, it will also include reference to some base register.
- [Compiler] Assume separate chunk of memory for code, data, stack, heap etc and acc. calculate address. Each 'segment' at address C
- [OS]: Loads different section in different memory regions and acc. set<sup>diff</sup> base registers.
- \* [Imp]
  - process is not a continuous chunk

multiple base + limit pairs, with further indirection

- Base + limit pairs can be stored in some memory location.
- One CPU register to point to the location of table in memory.
- Segment registers are still in use, they give an index in this table.  
This is x86 segmentation.
- This is highly inefficient and slow as it doesn't involve MMU.



- \* GDTR: A register pointing to descriptor table
- \* Descriptor Table is in memory.
- \* OS stores value/location of descriptor table in GDTR.



- \* Page table is in memory and set up by o PTBR, gives location of P.T.
- \* CPU gives address in form  $P+d$ . The  $P$  is an index in page table which gives frame number. Frame number combined with offset gives value ~~at~~ from RAM.
- \* Page table needs to be continuous in memory.

- \* zero data segments in ax, ds, es and ss.
- \* By default 2<sup>1st</sup> bit will be disabled by B30 and if OS needs it, it will enable it.

### Protected Mode:

- Enables segmentation + paging
  - segment register is index into segment descriptor table. But segment : offset pair continue
  - Address translation happens using segmentation and paging
  - other segment registers need to be explicitly mentioned in instructions
    - MOV FS: \$200,30

### x86 address: Protected Mode Address Translation



Both ~~protected mode~~ Segmentation and Paging are used in x86 optionally allows one-level or two-level paging.

Segmentation is must, paging is optional  
(needs to be enabled)

Different OS use segmentation + paging  
in different ways.

segment register is index into segment descriptor table.



- \* One-level paging gives offset of 4MB
  - \* Two-level paging — n — n — 4KB
  - \* CR3 Register gives location of base of page directory (in case of two-level Paging)
  - \* Page Table and Page directory all are in memory.

## Page Directory Entry (PDE) and Page Table Entry (PTE)

|    | Page Table Physical<br>Page Number | A | G | PS  | D  | A | C | O | WT | U | W | P |
|----|------------------------------------|---|---|-----|----|---|---|---|----|---|---|---|
| 31 |                                    | 1 | 2 | 11  | 10 | 9 | 8 | 7 | 6  | 5 | 4 | 3 |
| 31 | Physical Page No.                  | A | G | PAT | D  | A | C | O | WT | U | W | P |
|    |                                    | 1 | 2 | 11  | 10 | 9 | 8 | 7 | 6  | 5 | 4 | 3 |

(PTE)

- \* PS (Page size)  $\nexists$  Applicable in PDE only
  - $\Rightarrow 0 : 4\text{KB}, 1 : 4\text{MB}$
- \* P: Present      W: Writable      U: User
- \* WT: 1 = Write Through      0 = Write back
- \* CD: Cache Disabled
- \* A: Accessed
- \* D: Dirty
- \* PAT: (only in PTE)  $\exists$  Page Table Attribute index 3
- \* G: Global Page
- \* AVL: Available for system use

## CR3 Register

|                                      | Page Directory Table Base Addr | 12 | 11 | 5       | 4       | 3 | 2 | 0 |
|--------------------------------------|--------------------------------|----|----|---------|---------|---|---|---|
| PWT: Page level write<br>Transparent |                                |    |    | PC<br>D | PW<br>T |   |   |   |

PWT: Page level write Transparent  
 PCP: Page-level cache disable

# segmentation + Paging



selector value is  
implicit based on  
address being accessed.

Instruction: CS

Stack variable: SS

Data: DS

etc.