### CS162 Operating Systems and Systems Programming Lecture 14

### Memory 1: Virtual Memory, Segments and Page Tables

March 7<sup>th</sup>, 2023 Prof. John Kubiatowicz http://cs162.eecs.Berkeley.edu

## Recall: Four requirements for occurrence of Deadlock

- Mutual exclusion
  - Only one thread at a time can use a resource.
- Hold and wait
  - Thread holding at least one resource is waiting to acquire additional resources held by other threads
- No preemption

 Resources are released only voluntarily by the thread holding the resource, after thread is finished with it

Kubiatowicz CS162 © UCB Spring 2023

- · Circular wait
  - There exists a set  $\{T_1, ..., T_n\}$  of waiting threads
    - »  $T_1$  is waiting for a resource that is held by  $T_2$

»  $T_2$  is waiting for a resource that is held by  $T_3$ 

- » ...
- »  $T_n$  is waiting for a resource that is held by  $T_1$

3/7/23

Lec 14.2

### Virtualizing Resources



· Physical Reality:

Different Processes/Threads share the same hardware

- Need to multiplex CPU (Just finished: scheduling)
- Need to multiplex use of Memory (starting today)
- Need to multiplex disk and devices (later in term)
- Why worry about memory sharing?
  - The complete working state of a process and/or kernel is defined by its data in memory (and registers)
  - Consequently, cannot just let different threads of control use the same memory
     » Physics: two different pieces of data cannot occupy the same locations in memory
  - Probably don't want different threads to even have access to each other's memory if in different processes (protection)

## Important Aspects of Memory Multiplexing

- Protection:
  - Prevent access to private memory of other processes
    - » Different pages of memory can be given special behavior (Read Only, Invisible to user programs, etc).
    - » Kernel data protected from User programs
    - » Programs protected from themselves
- Translation:
  - Ability to translate accesses from one address space (virtual) to a different one (physical)
  - When translation exists, processor uses virtual addresses, physical memory uses physical addresses
  - Side effects:
    - » Can be used to avoid overlap
    - » Can be used to give uniform view of memory to programs
- Controlled overlap:
  - Separate state of threads should not collide in physical memory. Obviously, unexpected overlap causes chaos!
  - Conversely, would like the ability to overlap when desired (for communication)

#### Alternative View: Interposing on Process Behavior **Recall: Four Fundamental OS Concepts** Thread: Execution Context OS interposes on process' I/O operations - Fully describes program state - How? All I/O happens via syscalls. - Program Counter, Registers, Execution Flags, Stack • Address space (with or w/o translation) OS interposes on process' CPU usage - Set of memory addresses accessible to program (for read or write) - How? Interrupt lets OS preempt current thread - May be distinct from memory space of the physical machine (in which case programs operate in a virtual address space) Question: How can the OS interpose on process' memory accesses? • · Process: an instance of a running program - Too slow for the OS to interpose every memory access - Protected Address Space + One or more Threads - Translation: hardware support to accelerate the common case Dual mode operation / Protection - Page fault: uncommon cases trap to the OS to handle - Only the "system" has the ability to access certain resources - Combined with translation, isolates programs from each other and the OS from programs 3/7/23 Kubiatowicz CS162 © UCB Spring 2023 Lec 14.5 3/7/23 Kubiatowicz CS162 © UCB Spring 2023 Lec 14.6





## Address Space, Process Virtual Address Space

· Definition: Set of accessible addresses and the state 0x000 associated with them code  $-2^{32} = -4$  billion **bytes** on a 32-bit machine Static Data · How many 32-bit numbers fit in this address space? heap -32-bits = 4 bytes, so  $2^{32}/4 = 2^{30} = -1$  billion · What happens when processor reads or writes to an address? stack - Perhaps acts like regular memory 0xFFF. - Perhaps causes I/O operation » (Memory-mapped I/O) - Causes program to abort (segfault)? - Communicate with another program - ... Lec 14.7 3/7/23 Kubiatowicz CS162 © UCB Spring 2023 Lec 14.8





| Administrivia                                                                                                                                                                                                                                                                                                 | Administrivia (Con't)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |  |  |  |  |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|
| <ul> <li>Midterm 2: Wednesday 3/15 from 8-10PM <ul> <li>A week from tomorrow!!!</li> <li>All material up to Lecture 16 technically in bounds</li> </ul> </li> <li>Homework 4 coming out <ul> <li>Released tomorrow, Wednesday 3/08</li> </ul> </li> <li>Project 2 design document due this Friday!</li> </ul> | • You need to know your units as CS/Engineering students!<br>• Units of Time: "s": Second, "min": 60s, "h": 3600s, (of course)<br>- Millisecond: $1ms \Rightarrow 10^3 s$<br>- Microsecond: $1\mu s \Rightarrow 10^6 s$<br>- Nanosecond: $1ns: \Rightarrow 10^9 s$<br>- Picosecond: $1ps \Rightarrow 10^{-12} s$<br>• Integer Sizes: "b" $\Rightarrow$ "bit", "B" $\Rightarrow$ "byte" == 8 bits, "W" $\Rightarrow$ "word"==? (depends. Could be 16b, 32b, 64b)<br>• Units of Space (memory), sometimes called the "binary system"<br>- Kilo: $1KB \equiv 1KiB \Rightarrow 1024$ bytes == $2^{10}$ bytes == $1024 \approx 1.0 \times 10^3$<br>- Mega: $1MB \equiv 1MiB \Rightarrow (1024)^2$ bytes == $2^{20}$ bytes == $1,048,576 \approx 1.0 \times 10^6$<br>- Giga: $1GB \equiv 1GiB \Rightarrow (1024)^2$ bytes == $2^{20}$ bytes == $1,099,511,627,776 \approx 1.1 \times 10^{12}$<br>- Peta: $1PB \equiv 1PiB \Rightarrow (1024)^6$ bytes == $2^{20}$ bytes == $1,125,899,906,842,624 \approx 1.1 \times 10^{15}$<br>- Exa: $1EB \equiv 1EiB \Rightarrow (1024)^6$ bytes == $2^{60}$ bytes == $1,152,921,504,606,846,976 \approx 1.2 \times 10^{18}$<br>• Units of Bandwidth, Space on disk/etc, Everything else, sometimes called the "decimal system"<br>- Kilo: $1KB/s \Rightarrow 10^3$ bytes/s, $1KB \Rightarrow 10^3$ bytes<br>- Giga: $1GB/s \Rightarrow 10^9$ bytes/s, $1TB \Rightarrow 10^{12}$ bytes<br>- Tera: $1TB/s \Rightarrow 10^{12}$ bytes/s, $1PB \Rightarrow 10^{12}$ bytes<br>- Peta: $1PB/s \Rightarrow 10^{15}$ bytes/s, $1PB \Rightarrow 10^{15}$ bytes |  |  |  |  |
| 3/7/23 Kubiatowicz CS162 © UCB Spring 2023 Lec 14.17                                                                                                                                                                                                                                                          | - Exa: 1EB/s $\Rightarrow$ 10 <sup>18</sup> bytes/s, 1EB $\Rightarrow$ 10 <sup>18</sup> bytes<br>3/7/23 Kubiatowicz CS162 © UCB Spring 2023 Lec 14.18                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |  |  |  |  |
| • Can we protect programs from each other                                                                                                                                                                                                                                                                     |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |  |  |  |  |
| <ul> <li>Can we protect programs from each other<br/>without translation?</li> <li>– Yes: Base and Bound!</li> </ul>                                                                                                                                                                                          | No addition on address path                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |  |  |  |  |
| - Used by, e.g., Cray-1 supercomputer          Operating       0xFFFFFFF         Bound= 0x30000       Application2         Dx00020000       0x00020000                                                                                                                                                        | Base<br>1000<br>Program 1010<br>Bound Static Data<br>Bound Stack Original Program<br>1000<br>Bound Static Data<br>heap 0000<br>1100<br>FFFF                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |  |  |  |  |
| 3/7/23 Kubiatowicz CS162 © UCB Spring 2023 Lec 14.19                                                                                                                                                                                                                                                          | 3/7/23 Kubiatowicz CS162 © UCB Spring 2023 Lec 14.20                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |  |  |  |  |

## Recall: General Address translation



- Consequently, two views of memory:
  - View from the CPU (what program sees, virtual memory)
  - View from memory (physical memory)
  - Translation box (Memory Management Unit or MMU) converts between two views
- Translation ⇒ much easier to implement protection!
  - If task A cannot even gain access to task B's data, no way for A to adversely affect B
- With translation, every program can be linked/loaded into same region of user address space



#### Issues with Simple B&B Method



- · Fragmentation problem over time
  - Not every process is same size  $\Rightarrow$  memory becomes fragmented over time
- · Missing support for sparse address space
  - Would like to have multiple chunks/program (Code, Data, Stack, Heap, etc)
- · Hard to do inter-process sharing
  - Want to share code segments when possible
  - Want to share memory between processes
- Helped by providing multiple segments per process Kubiatowicz CS162 © UCB Spring 2023

Lec 14.23

3/7/23

## More Flexible Segmentation



- · Logical View: multiple separate segments
  - Typical: Code, Data, Stack
  - Others: memory sharing, etc
- · Each segment is given region of contiguous memory
  - Has a base and limit
  - Can reside anywhere in physical memory Kubiatowicz CS162 © UCB Spring 2023

## Recall: Base and Bound (with Translation)

Addresses translated

on-the-fly

**Base Address** 

1000..

Bound

0100..

Program 0010..

Hardware relocation

Can the program touch OS?

address

code

Static Data

heap

stack

code

(+)<mark>1010.</mark>

<

Static Data

hean

stack

0000...

1000...

1100...

**Original Program** 

code

heap

stack

Static Data

0000...

0100...

Lec 14.22



Lec 14.27

3/7/23

## Example: Four Segments (16 bit addresses)



## Example: Four Segments (16 bit addresses)



3/7/23

Lec 14.28





0xF000

Kubiatowicz CS162 © UCB Spring 2023

Physical

Address Space

Other Apps

Shared with Other Apps

Lec 14.30

## Example of Segment Translation (16bit address)

| _ | 0x0240                     | main: | 1- 0   | -0              |  |            |        |        |
|---|----------------------------|-------|--------|-----------------|--|------------|--------|--------|
|   | 0x0240 main: la \$a0, varx |       |        |                 |  |            |        |        |
|   | 0x0244 jal strlen          |       |        |                 |  | Seg ID #   | Base   | Limit  |
|   | <br>0x0360                 |       |        |                 |  | 0 (code)   | 0x4000 | 0x0800 |
|   |                            |       |        |                 |  | 1 (data)   | 0x4800 | 0x1400 |
|   | 0x0364                     | loop: | lb     | \$t0, (\$a0)    |  | T (data)   | 0x4600 | 0x1400 |
|   | 0x0368                     |       | beq    | \$r0,\$t0, done |  | 2 (shared) | 0xF000 | 0x1000 |
|   | <br>0x4050                 | vary  | <br>dw | 0x31/159        |  | 3 (stack)  | 0x0000 | 0x3000 |

Let's simulate a bit of this code to see what happens (PC=0x240):

## Example of Segment Translation (16bit address)

| <br>0x0240 | main:   | 1a \$  | a0. varx        | - |            |        |        |
|------------|---------|--------|-----------------|---|------------|--------|--------|
| 0x0244     | marri.  |        | strlen          |   | Seg ID #   | Base   | Limit  |
| <br>0x0360 | strlen: | <br>li | \$v0, 0 ;count  |   | 0 (code)   | 0x4000 | 0x0800 |
| 0x0364     |         | lb     | \$t0, (\$a0)    |   | 1 (data)   | 0x4800 | 0x1400 |
| 0x0368     |         | beq    | \$r0,\$t0, done |   | 2 (shared) | 0xF000 | 0x1000 |
| <br>0x4050 | varx    | <br>dw | 0x314159        |   | 3 (stack)  | 0x0000 | 0x3000 |
| 024050     | Varx    | uw     | 0X314139        |   | -          |        |        |

Let's simulate a bit of this code to see what happens (PC=0x240):

- 1. Fetch 0x0240 (0000 0010 0100 0000). Virtual segment #? 0; Offset? 0x240 Physical address? Base=0x4000, so physical addr=0x4240 Fetch instruction at 0x4240. Get "la \$a0. varx" Move  $0x4050 \rightarrow a0$ , Move PC+4 $\rightarrow$ PC
- 2. Fetch 0x0244. Translated to Physical=0x4244. Get "ial strlen" Move  $0x0248 \rightarrow$  \$ra (return address!), Move  $0x0360 \rightarrow PC$

Lec 14.31

0xC000

3/7/23

Virtual

Address Space

## Example: Four Segments (16 bit addresses)

<sup>1.</sup> Fetch 0x0240 (0000 0010 0100 0000). Virtual segment #? 0; Offset? 0x240 Physical address? Base=0x4000, so physical addr=0x4240 Fetch instruction at 0x4240. Get "la \$a0. varx" Move  $0x4050 \rightarrow a0$ , Move PC+4 $\rightarrow$ PC

|        | Example of Segment Transla                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | ation (16bit address)                                                                                                                                                                                                          |  | Example of Segment Translation (16bit address) |                                                                                                                                                                                                                          |                                                                                                                                                                                                                                                                                                                                                                                                        |                                                                                                                                                                                                                                                                                  |                                                                               |           |
|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------|-----------|
|        | Example of Segment Transla<br>$0 \times 0240$ main: la \$a0, varx<br>$0 \times 0244$ jal strlen<br>$0 \times 0360$ strlen: li \$v0, 0 ;count<br>$0 \times 0364$ loop: lb \$t0, (\$a0)<br>$0 \times 0368$ beq \$r0,\$t0, done<br>$0 \times 4050$ varx dw $0 \times 314159$<br>Let's simulate a bit of this code to see what hap<br>1. Fetch 0x0240 (0000 0010 0100 0000). Virtu<br>Physical address? Base=0x4000, so physic<br>Fetch instruction at 0x4240. Get "la \$a0, va<br>Move 0x4050 $\rightarrow$ \$a0, Move PC+4 $\rightarrow$ PC<br>2. Fetch 0x0244. Translated to Physica=0x42<br>Move 0x0248 $\rightarrow$ \$ra (return address!), Mov.<br>3. Fetch 0x0360. Translated to Physica=0x43<br>Move 0x0000 $\rightarrow$ \$v0, Move PC+4 $\rightarrow$ PC | Seg ID #BaseLimit0 (code)0x40000x08001 (data)0x48000x14002 (shared)0xF0000x10003 (stack)0x00000x3000pens (PC=0x240):ual segment #? 0; Offset? 0x240ual segment #? 0; Offset? 0x240urx"244. Get "jal strlen"pens (PC=0x360 → PC |  |                                                | Øx0240main:Øx0244Øx0360strlenØx0364loop:Øx0368Øx4050varxLet's simulate a bit1.Fetch 0x0240 (Physical addreFetch instructicMove 0x40502.Fetch 0x0244.Move 0x02483.Fetch 0x0360.Move 0x00004.Fetch 0x0364.Since \$a0 is 0x | la \$a0, varx<br>jal strlen<br>: li \$v0, 0 ;count<br>lb \$t0, (\$a0)<br>beq \$r0,\$t0, done<br><br>dw 0x314159<br>of this code to see what hap<br>0000 0010 0100 0000). Virtu<br>ss? Base=0x4000, so physic<br>on at 0x4240. Get "la \$a0, va<br>→ \$a0, Move PC+4→PC<br>Translated to Physical=0x42<br>→ \$ra (return address!), Mov<br>Translated to Physical=0x43<br>4050, try to load byte from C | Seg ID # Bas<br>0 (code) 0x40<br>1 (data) 0x48<br>2 (shared) 0xF0<br>3 (stack) 0x00<br>pens (PC=0x0240):<br>ual segment #? 0; O<br>cal addr=0x4240<br>arx"<br>244. Get "jal strlen"<br>re 0x0360 $\rightarrow$ PC<br>360. Get "li \$v0, 0"<br>364. Get "lb \$t0, (\$a0<br>0x4050 | se Limit<br>000 0x0800<br>300 0x1400<br>000 0x1000<br>000 0x3000<br>000 0x240 | _         |
| 3/7/23 | Kubiatowicz CS162 © UCB Spring 2023 Lec 14.33                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |                                                                                                                                                                                                                                |  |                                                | Physical addre                                                                                                                                                                                                           | 50 (0100 0000 0101 0000).<br>ss? Base=0x4800, Physical<br>1 0x4850—\$t0, Move PC+4–<br>Kubiatowicz CS162 © UCB S                                                                                                                                                                                                                                                                                       | addr = 0x4850,<br>→PC                                                                                                                                                                                                                                                            | 1; Offset? 0x50                                                               | Lec 14.34 |

## **Observations about Segmentation**

- Translation on every instruction fetch, load or store
- · Virtual address space has holes
  - Segmentation efficient for sparse address spaces
- When it is OK to address outside valid range?
  - This is how the stack (and heap?) allowed to grow
  - For instance, stack takes fault, system automatically increases size of stack
- Need protection mode in segment table
  - For example, code segment would be read-only
  - Data and stack would be read-write (stores allowed)
- What must be saved/restored on context switch?
  - Segment table stored in CPU, not in memory (small)
  - Might store all of processes memory onto disk when switched (called "swapping")

# What if not all segments fit in memory?



- Extreme form of Context Switch: Swapping
  - To make room for next process, some or all of the previous process is moved to disk
     » Likely need to send out complete segments
  - This greatly increases the cost of context-switching
- What might be a desirable alternative?
  - Some way to keep only active portions of a process in memory at any one time
  - Need finer granularity control over physical memory

Lec 14.35



3/7/23

Lec 14.39

.39

3/7/23

Kubiatowicz CS162 © UCB Spring 2023



## Where is page sharing used ?

- · The "kernel region" of every process has the same page table entries
  - The process cannot access it at user level
  - But on U->K switch, kernel code can access it AS WELL AS the region for THIS user
    - » What does the kernel need to do to access other user processes?
- Different processes running same binary!
  - Execute-only, but do not need to duplicate code segments
- · User-level system libraries (execute only)
- Shared-memory segments between different processes
  - Can actually share objects directly between processes
     » Must map page into same place in address space!
  - This is a limited form of the sharing that threads have within a single process

# Memory Layout for Linux 32-bit (Pre-Meltdown patch!)



#### $\verb+http://static.duartes.org/img/blogPosts/linuxFlexibleAddressSpaceLayout.png$

Lec 14.43

## Some simple security measures

- · Address Space Randomization
  - Position-Independent Code  $\Rightarrow$  can place user code anywhere in address space » Random start address makes much harder for attacker to cause jump to code that it
    - seeks to take over
  - Stack & Heap can start anywhere, so randomize placement
- · Kernel address space isolation
  - Don't map whole kernel space into each process, switch to kernel page table
  - Meltdown⇒map none of kernel into user mode!





3/7/23

3/7/23



#### 3/7/23



## Summary: Paging



3/7/23

Lec 14.48

# Conclusion

| <ul> <li>Segment Mapping         <ul> <li>Segment registers within processor</li> <li>Segment ID associated with each access</li> <li>Often comes from portion of virtual address</li> <li>Can come from bits in instruction instead (x86)</li> <li>Each segment contains base and limit information</li></ul></li></ul> |           |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|
| <ul> <li>Virtual page number from virtual address mapped through page table to<br/>physical page number</li> <li>Offset of virtual address same as physical address</li> </ul>                                                                                                                                           |           |
| <ul> <li>Large page tables can be placed into virtual memory</li> </ul>                                                                                                                                                                                                                                                  |           |
| Next Time: Multi-Level Tables                                                                                                                                                                                                                                                                                            |           |
| <ul> <li>Virtual address mapped to series of tables</li> </ul>                                                                                                                                                                                                                                                           |           |
| <ul> <li>Permit sparse population of address space</li> </ul>                                                                                                                                                                                                                                                            |           |
| Kubiatowicz CS162 © UCB Spring 2023                                                                                                                                                                                                                                                                                      | Lec 14.49 |
|                                                                                                                                                                                                                                                                                                                          |           |
|                                                                                                                                                                                                                                                                                                                          |           |