Advanced Operating Systems Exam 1

What is the difference between an API and an ABI?

An API is a high-level, hardware-independent specification for how one piece of software communicates with another at a source level. An ABI specifies how one piece of software interacts with another at the binary level. The ABI is hardware dependent and includes the instruction set, the calling convention and accessible data types.

What is an OS personality?

An OS personality is the implementation of the OS's API and application-visible semantics. It is the implementation of the OS services on which applications are built.

What's the difference between a process and an image?

An image is the current state of a pseudo-computer. It includes virtual memory state, register values, open files, current directory, etc. A process is the execution of an image.

Wait within a monitor releases the lock. Wait within a monitor called from this monitor does not. Why?

Any time the lock is released, the monitor's invariant must be established. If the lock were to be released in an external call that waited, the invariant would have to be established before that call. There is no way to determine which calls will wait, so the invariant would have to be established before every external call. This was more trouble than the gain in the opinion of the Mesa writers.

What is an Application Specific Handler (ASH) and why is it needed?

Application-specific Safe Handlers are application handlers that are downloaded into the kernel for certain events. They decouple latency-critical operations from process scheduling. ASHs can control where messages are copied in memory, removing intermediate copies; they can perform data manipulation while doing the data transfer; they can initiate messages; and they can control initiation. ASHes greatly reduce roundtrip network latency.

What new abstractions does Arrakis suggest for user-space I/O?

Arrakis suggests virtual interface cards for both networking and storage. The virtual network interface cards should multiplex packets based on complex filter expressions directly to user-space queues. The virtual storage interface controllers should provide independent storage command queues. The VSIC also provides an interface to virtual storage areas, which allow the application to write to persistent storage without going through the kernel.

What is the difference between Arrakis/P and Arrakis/N?

Arrakis/P uses the POSIX interface for networking and so it copies packet data to and from user-provided buffers and NIC packet queues. Arrakis/N uses the native Arrakis interface and therefore provides zero-copy I/O.

Why does GFS not need to hook into VFS layer?

Because GFS does not provide the POSIX API.

Why is crash consistency hard to enforce?

Crash consistency is hard to enforce because we need to move the file system from one consistent state to another atomically. However, disk writes happen one at a time and a crash can occur between any of these writes. There are also many corner cases, such as the directory block reuse problem.

Compare and contrast data journaling with metadata journaling

Data journaling writes the metadata and the data to the journal. Metadata journaling only writes the metadata to the journal. Most IO traffic to the disk is data, so metadata journaling reduces the load of journaling by not writing each disk block twice. In ordered metadata journaling, the data is written to the disk before the metadata transaction in the journal is committed. This ensures that the metadata never points to garbage. Unordered metadata journaling allows the data to be written at any point, so the metadata may point to garbage.

What does "de-privilege root" mean? When/how/why does NFS do it?

De-privilege root means to lower the access permissions of the super-user. NFS does it when the super-user accesses remote files because it is not clear that the super-user of a single workstation should have root access to files on a server. NFS does it by mapping uid 0 (root) to uid -2 (nobody) before checking access permissions.

How should a batch task minimize its execution time on exokernel?

A batch task should minimize execution time by allocating contiguous time slices, rather than several equidistant time slices.

What is a capability?

A capability is an unforgeable entity that names an object and provides access rights to that object. Capabilities provide fine-grained access control.

What is a direct-mapped cache?

A direct-mapped cache has only a single cache line per set. Therefore, a memory address can only occupy a single cache line.

What's the difference between a file and a directory in FFS?

A directory is marked as such in its inode. Its contents map from filenames in the directory to the inodes containing those files. Directories are also allocated in 512 byte chunks.

What is the difference between a hypercall and a system call?

A hypercall is a synchronous software trap from a domain into Xen to perform a privileged operation. If system call means "guest system call," then the difference is that the system call traps to and is handled by the guest OS. If system call means a system call in a non-virtualized environment, then there is not much difference.

What is a linear address? What is its relationship to a virtual address?

A linear address is a virtual address in a flat (contiguous) memory model. It is translated using page tables into the physical address. The virtual address is translated into the linear address using the segmentation translation. Therefore, if segmentation is not used (made a no-op), then the virtual address is equal to the linear address.

What is a log? What is the difference between physical and logical logging?

A log records the changes made to a file so that the file system can recover in the event of a crash. Physical logging writes raw bits to the log—the original value and new value of the file must be written to the log. Logical logging writes operations to the log. Logical logging requires that every operation has a logical inverse so that it can be undone if necessary. Physical logging has no such limitation but requires more space.

How does a memory balloon work? What happens when a guest OS writes to memory owned by the balloon driver?

A memory balloon is a small module loaded into the guest OS as a device driver or kernel service. When the hypervisor wants to reclaim memory from the guest OS, it uses a private channel to tell the balloon to inflate. The balloon then requests memory from the guest OS using the guest's native interface. This causes the guest to use its own memory management algorithms to allocate a page for the balloon. The balloon then gives the page back to the hypervisor. If a guest OS writes to memory owned by the balloon driver, a fault will be generated and the hypervisor will allocate a machine page to back the guest's page. The balloon driver's state is reset.

What is the relationship between master RAM capacity and GFS capacity?

The capacity of the GFS system is limited by how much metadata the master can store in memory (as this limits the number of chunks). However, since the master stores less than 64 bytes for each chunk, this was not a big issue at the time.

Name problem(s) w/ test&set locks. How are TTS locks different?

The two main problems with test&set locks are CPU usage and memory bus usage. While a process is waiting on the lock, it is creating a lot of memory bus traffic as it continuously checks the value of the lock variable. Also, because the process does not block or yield while waiting, it prevents other processes from running on the same core. Test and test&set locks still have the same problem with CPU usage, but the memory bus usage is alleviated. This is because the waiting processes wait on the value of the lock variable in their cache line before attempting the test&set instruction.

How does stdio in Unix work?

Unix handles standard IO by providing programs with two initial file descriptors. File 0 is open for reading, so programs can use it to read user input. File 1 is open for writing and can be used for standard output. The shell can be used to change where file descriptors 0 and 1 point to when starting a program. For example, a program could write output to a file rather than to the user's terminal. The benefit of this scheme is that programs do not need special cases to handle different input/output destinations. Instead, they just use the standard file descriptors.

Why does Unix FS opt for *strict* hierarchy? What would get harder if this were relaxed?

Unix has a strict hierarchy to simplify programs that visit subtrees of the hierarchy and to prevent subtrees from becoming separated from the main hierarchy. If arbitrary links were permitted, it would get harder to detect when the last connection from the root to a directory was destroyed.

What is procedure chaining in Synthesis?

Procedure chaining in Synthesis is a technique in which execution of code is serialized by chaining conflicting procedures to the end of the currently running procedure. This is done by changing the return addresses on the stack. It is also used in scheduling by chaining the context-switch-out procedure of one thread to the context-switch-in procedure of the next thread.

How would a proponent of the end-to-end argument likely fix the PC losering problem?

A proponent of the end-to-end argument would probably fix the PC losering problem the same way that it was fixed in Unix: the system routine would finish and return an error code to the user, who would need to check the error code and try again. This is because the user will likely have to check for other errors even if the PC losering problem was solved the "right way," so there is no need to fix the problem in the system routine.

What is a radix tree? How are they used for TSP in FreeBSD?

A radix tree is a space-optimized prefix tree. They are used to represent population maps, which keep track of allocated base pages in each memory object. The radix trees are used to check for reserved frames on page faults, to ensure overlap avoidance for new reservations, to make promotion decisions and to assist in reservation preemption.

What is an RB-tree? [When/why] are they used in address space management?

A red-black tree is a special type of tree that ensures that a tree with n internal nodes has a height of at most 2xlog(n+1). They are used in address space management with memory regions, to increase the speed of searching for a region that includes a specific linear address.

What is a revoke record? What problem(s) does it solve?

A revoke record is a type of record that is written to the journal. It revokes previous entries in the journal. When the file system performs crash recovery, it first scans the journal to see if any revoke records exist. If so, the transactions they refer to are not replayed. It solves the problem where a directory data block being deleted and reused as a file data block could cause the user to see the directory's old data.

What's the difference between soft and hard links? Pros/cons?

A soft link is a file that points to another target file. It creates a new inode. A hard link points the new filename to the existing inode of the original file. If the target that a soft link is pointing to is moved or deleted, the soft link file will continue to exist but will fail because it no longer points anywhere. However, if the target of a hard link is moved or deleted, the hard link will continue to work. These aspects can each be a pro or a con depending on the use case. One clear benefit of a hard link is that it does not create a new inode, and so it uses less space in the file system than a soft link. A clear benefit of the soft link is that it can cross file system boundaries, while hard links cannot.

What the !(*&#$*!! is a "software TLB?"

A software TLB is a larger cache for address translations that do not fit in the hardware TLB. On a hardware TLB miss, it will be checked by the OS for the required mapping. In Aegis, it is direct-mapped and resides in unmapped physical memory.

What data structure does exokernel use for scheduling?

Aegis uses a linear vector where each element corresponds to a time slice. Scheduling is done round robin by cycling through the time slices.

FreeBSD always breaks superpages on a write. What alternatives/tradeoffs exist for this strategy?

The main tradeoff of this strategy is that it denies the benefits of superpages to processes that write to only a subset of the base pages in a super page in exchange for not writing out an entire superpage on eviction.

What is the relationship between a process and an address space?

Each process has its own address space. The address spaces for different processes are independent.

Why are fork and exec slow in Xen?

Fork and exec are slow in Xen because both operations require a large number of page table operations that have to be verified by Xen.

What is the difference between a synchronous and asynchronous protected control transfer?

In a protected control transfer, the time slice is donated to the callee's processor environment. In asynchronous protected control transfer, only the remainder of the current time slice is donated. In synchronous protected control transfer, all future time slices will be donated to the callee as well. In synchronous transfer, the callee uses another synchronous transfer to return the time slice back to the caller.

Why does FFS leave part of the disk unused?

FFS leaves part of the disk unused so that it can better localize blocks in a file. If this free space reserve is not kept, then file system throughput is generally halved. It also allows for faster allocation of blocks.

Does factoring invariants differ from constant propagation?

Factoring invariants is similar to constant propagation in that both substitute constant values in order to optimize code. The difference is that constant propagation occurs at compile time while factoring invariants requires code synthesis because the constant is known only after boot.

How are file systems shared across processes in Arrakis?

File systems can be shared across processes in Arrakis by mapping VSAs into multiple processes. If the application does not want to provide permission to access the VSA, it can still share the file system by exporting file and directory names to the kernel virtual file system. To the other processes, these files appear like remote mount points. The other processes can then use POSIX API calls via RPC to the owning application.

Why are multi-process applications hard in Jitsu and Drawbridge?

Jitsu and Drawbridge both provide single-address spaces to run an application. Therefore, multi-process applications would require loading multiple processes into the same address space.

Why clean hot and cold segments at different thresholds?

Free space in cold segments is more valuable, as it will probably take longer for the clean data in the cold segment to become fragmented again and reclaim the free space. On the other hand, after cleaning a hot segment, it is likely that the data will die quickly and introduce more fragmentation into the segment. Therefore it can be more beneficial to clean a cold segment with less free space than a hot segment with slightly more free space.

Why don't GFS clients cache data? Why do they cache metadata?

GFS clients don't cache data because most applications stream through large files and have working sets that are too large to be cached. Therefore, the benefits of caching data are not realized. The clients cache metadata so that they can avoid multiple interactions with the master for the same chunk. The clients can ask for multiple chunk locations at the same time and the master can send back locations for subsequent chunks as well, increasing the benefits of caching metadata.

Does GFS support hard links? Why/why not?

GFS does not support hard links because there are no directories or inode-like data structures. Instead, the namespace is represented as a lookup table mapping full pathnames to metadata.

What's the difference between logical and physical logging?

In physical logging, you put the exact contents of the blocks you will write into the log. Logical logging writes logical operations to the log.

Why doesn't non-preemptive scheduling work for mutual exclusion on multi-processor?

It doesn't work because two processes on separate processors can be in the critical section at the same time.

Why use OCaml to write an OS? Why does Jitsu do this?

It is a statically type-safe language that has a low resource footprint and good compilers for both x86 and ARM. There are also no pointer exceptions. Jitsu uses OCaml because MirageOS is written in OCaml, so all the libraries involved are written in OCaml. This makes managing the data flow easier and reduces overhead.

When is it incorrect to use notify but correct to use broadcast?

It is incorrect to use notify when not all waiters can make progress. If you notify on a covering condition variable that implies the exact condition for a waiter but that exact condition is not truly met, then the notified waiter will resume, see the condition is not met and then wait again. At this point, there could be other waiters whose conditions are met, but they were not notified and so they will not run.

Is dynamically generated code in a kernel a great or crappy idea? Why?

It is probably a bad idea because it makes the kernel more complex and therefore more difficult to secure. The increase in speed is probably not worth the extra complexity and possible security flaws.

What workloads will be slower for LFS than FFS?

LFS is slower than FFS for workloads that partially overwrite files in random order and then reread those files back sequentially. This is because the file will become spread out through the log in LFS. In FFS, the file will be stored with locality of data blocks.

Why super-pages instead of big segments?

Large segments will result in increased external fragmentation and would probably not play well with regular base pages, as the segments might not end on page-aligned boundaries.

Define reference/dirty bit emulation. How is it used in FreeBSD?

Many processors require that dirty and reference bits are emulated by the OS. The page is protected so that the first reference or write traps, and then the OS records the reference/write and resets the page protection. It is used in FreeBSD to keep track of which base pages in the superpage have been referenced and written to.

How can cross-process communication be implemented in Drawbridge?

Multiple processes can be loaded into a single address space, or win32k could run in a separate user-mode server process that can be shared by multiple applications.

Why doesn't NFS share root file systems (with /dev or /tmp)?

NFS doesn't share root file systems because they followed the worse is better approach. They did not have time to deal with machine-specific files on the root filesystem

Why must NFS commit writes before returning from write RPCs?

NFS is a stateless protocol, so the server does no crash recovery. Therefore, all NFS requests that modify data must be committed to stable storage before returning the results.

Why does/doesn't NFS path name traversal check entire paths en masse at the server?

NFS path name traversal does not check entire paths en masse at the server. Instead, the paths are broken into directory components and a lookup call is done on each component. This is because passing the full filename would require the server to keep track of all mount points for each of its clients.

Can NFS servers cross mount points on remote lookup requests? Why/why not?

NFS servers cannot cross mount points on remote lookup requests because doing so would require the server to keep track of all of the mount points of its clients. This would violate server statelessness.

Nfsd processes make systems calls and never return. Why?

Nfsd processes are the user-level processes that run on the NFS server to service NFS and MOUNT protocol requests from the NFS clients. The nfsd system call never returns because the daemon is continuously listening for and servicing requests.

Does Xen require device drivers in the hypervisor? Why/why not?

No, because domain 0 contains the real device drivers.

How do crash recovery techniques differ between LFS and a journaling FS?

On restarting after a crash, a journaling FS will look at the journal and replay any completed transactions.

Why would anyone optimize a file system for writes?

Optimizing for writes is based on the assumption that as DRAM sizes continue to grow, files will be cached in main memory. Reads will therefore be served predominantly from memory, and disk traffic will be dominated by writes.

What is PTE replication? Can you think of an alternative?

PTE replication is where the page table stores an entry for every base page, whether it is part of a superpage or not. With PTE replication, promotion of a region to a super page requires setting the page size field of each page table entry mapping the region. An alternative would be to have an earlier level of the page table indicate that its PTE points to a super page region, rather than another page table. However, this requires hardware support for the different page table format.

What is page coloring?

Page coloring is a technique that attempts to allocate pages that do not contend with other pages for the same cache line. When allocating pages for sequential virtual memory addresses, the kernel selects pages that will not contend for the same cache lines.

List some pros and cons for supporting file locking over NFS.

Pros: prevent clients writing to the same remote file from intermixing writes, prevent concurrent access to files entirely if desired Cons: server must maintain lock state

Define safety, liveness, bounded waiting, and failure atomicity.

Safety: only one thread can be in the critical section at a time. Liveness: a thread that enters the entry section eventually enters the critical section. Bounded waiting: a thread the enters the entry section enters the critical section with a bounded number of operations. Failure atomicity: it is ok for a thread to die while in the critical section.

What is the "double paging" problem?

The double paging problem arises when the virtual machine monitor has a page replacement policy that does not consult the guest OS. The hypervisor may select a page to reclaim and then swap it out. If the guest OS is also under memory pressure, it may then select the same page to write to its own virtual swap device. This causes the page to be swapped in, only to be immediately written out to the virtual swap device.

Does the end-to-end argument reinforce or contradict Gabriel's "Worse-is-better" argument?

The end-to-end argument reinforces the worse-is-better argument as it often means pushing functionality out of the lower levels and into the application layer. This is similar to worse-is-better because WIB often does not contain all the desired functionality.

Why are HW physical->machine mappings readable by all VMs in Xen?

The guest OSes need to access the translations when accessing their own page tables, which use machine addresses by necessity. The physical to machine mappings are also useful for cache coloring and using superpages.

Why does NFS use generation numbers?

The inode number, inode generation number and file system id are used together as the fhandle for a file. The file system id and the inode number allow NFS to efficiently find the file's inode when servicing requests. However, if the inode generation number was not included, NFS would have no way to tell the difference between a request on the file the inode currently points to and a request on a file that the inode previously pointed to. The generation number is incremented each time the inode is freed.

How does the kernel address space relate to a user address space?

The kernel address space is above user address space, so that kernel mappings can go into each process's page table. This allows the kernel to use the currently-running process's page table, so no TLB or cache flushes are necessary when entering the kernel.

What does setuid do? Why is it necessary?

The set user id bit on files temporarily changes the user identification of the current user to that of the file owner when the file is executed as a program. The change in user ID is reversed once the program finishes executing. This is necessary so that privileged programs may access certain files that are not accessible by the users running those programs.

Are disk rotation and seek times overhead, latency, or bandwidth?

They are latency.

SSH encrypts user data in a connection: why is or isn't this an example of the end-to-end argument?

This could be argued for either side. It supports the end-to-end argument in that the transport layer is not handling the encryption. It does not support the end-to-end argument in that the applications are not encrypting the data.

Why shouldn't FFS use 1MB blocks and 1K fragments?

This would cause FFS to store a lot more information about available free fragments. Most files are small, so this extra space requirement is probably not worth the benefit in throughput for larger files.

Why are segments better than threading or compaction?

Threading avoids reading and writing live data at the cost of greater fragmentation. Compaction reduces fragmentation but reads and writes live data multiple times. Segments combine the two, thereby gaining the benefits of both. Compaction is used inside segments, so that the file system still contains large extents of free space. However, threading is used between segments to cut down on the number of times live data must be copied.

What is GFS' replication factor? How was it chosen?

Three.

How does time-skew arise in NFS? How (if at all) does the solution from the 1985 paper differ from the modern solution?

Time-skew arises in NFS when the clocks of two clients or a client and a server are inconsistent. The solution in the paper was to fix the only three programs they found that were affected by this: ranlib, ls, and emacs. NFS 3 has a way for clients to specify the time when updating a file but this does not fix the problem for multiple clients with time skew. The modern solution seems to be to use a separate time synchronization protocol.

List some techniques used to optimize boot in Jitsu.

Unikernels require small amounts of memory to boot (~8 MB for MirageOS), so Xen's domain builder takes less time to initialize and zero physical memory pages for the VM. Jitsu also parallelizes the device attachment cycle with the domain building. Jitsu performs transaction deserialization in XenStore. Finally Jitsu uses a proxy unikernel to respond to TCP SYN packets as the server unikernel boots.

How much control does the OS have over I/O scheduling in Arrakis?

Very little control. Arrakis tries to limit or remove the kernel for most IO operations. IO requests are routed to and from the application's address space without kernel involvement.

Does Xen trap guest system calls? Why/why not?

Xen does not trap guest system calls because the guest OS can install a fast exception handler that is accessed directly by the processor on the system call exception.

What policy does Xen use to allocate memory across domains? What advantages/disadvantages does this have?

Xen specifies the initial memory allocation for each domain when they are created. Domains can request more pages up to a maximum allowable reservation limit. They can also release pages back to Xen if desired. The advantage of this scheme is the increased isolation resulting from static partitioning. The disadvantages are that domains are limited to a certain amount of memory and no oversubscription is possible.

Does RPC work with C union parameters? Why or why not?

Yes, RPC works with C union parameters as long as the type of the union is passed as well. XDR has a structure called discriminated unions that encapsulate the union with its type.

Are locks/monitors more modular than non-preemption? Why/why not?

Yes. With non-preemption, you can not yield from a critical section, as this could allow another process to enter the critical section. This means that the critical section can not call any functions that yield. With locks/monitors, if the process holding the lock yields, then other processes are still prevented from entering the critical section. This eliminates the problem of calling functions which yield.

How would you implement a MLFQ scheduler in Arrakis? A priority aging scheduler?

You would have to implement this in hardware because receiving packets does not invoke the Arrakis scheduler.

Why would we want to customize or extend a kernel?

You would want to customize or extend a kernel for two main reasons: to take advantage of application-specific optimizations and to provide new abstractions instead of the existing ones.