9/4/

Ho Chi Minh City University of Technology

Department of Electrical and Electronics

ECE391 Computer System Engineering

Chapter 4:
Memory Management
1. Memory Segmentation
2. Protection
3. Virtual Memory and Paging
4. Memory Management Problems

Memory Management
Ensured
by
⚫Multi User Operating Systems Segmenta
⚫Ease of Programming tion
⚫Process Mobility in the Address Space
⚫Multiprocess Context switching
⚫Protection across Processes Ensured
⚫Intra process protection: Separation of Code,
by
Data and Stack Paging
⚫Inter process protection
⚫Virtual Memory
⚫4GB address space for every process

2
 9/4/

1. Memory Segmentation
Main Memory

if (j>k) Code_Segment: Code and Data

0000
segments are
max = j mov EAX, [0] Operating System
separate
mov EBX, [4] and both (Kernel)
else
assumed
max = k cmp EAX,EBX to start from 0 0700

jle 0x7 //Label_1 Other User

Process
mov [8], EAX Every Memory Data
Access should add 0900
jmp 0x5 //Label_2 the value stored in
Data Segment
Register Our Code
Label_1: mov [8], EBX By default.
Segment
Label_2: ….
Segment Register (Data) 1900
Data Segment: 2100 Vacant
Space
0: // Allocated for j 2100
Address of j: 2100
Address of k: 2104 4: // Allocated for k Our Data
Address of max: 2108 Segment
8: // Allocated for max 2300
Vacant
Space
2500
Ease Of Programming
3

1. Memory Segmentation
Main Memory

if (j>k) Code_Segment: 0000

max = j mov EAX, [0] Operating System

mov EBX, [4] (Kernel)
else
max = k cmp EAX,EBX 0700

jle 0x7 //Label_1 Other User

Process
mov [8], EAX A new process needs
a 0900
jmp 0x5 //Label_2 segment of size 260
The space is
available Our Code
Label_1: mov [8], EBX but not contiguous
Segment
Label_2: ….
Segment Register (Data) 1900
Data Segment: 2100
2300 Vacant
New User
Space
0: // Allocated for j 2100 Process
Address
Address of
of j:
j: 2300
2100
Address
Address of
of k:
k: 2304
2104 4: // Allocated for k Our
Vacant
Data
2160
Address of max: 2308
2108 Segment
Space
Vacant Space
8: // Allocated for max 2300
Our
Vacant
Data
Segment
Space
2500
Process Mobility
4
 9/4/

Multiple Segments
⚫The segment register can change its values to point to different
segments at different times.
⚫X86 architecture provides additional segment registers to access
multi data segments at the same time.
⚫DS, ES, FS and GS
⚫X86 supports a separate Stack Segment Register (SS) and a Code
segment Register (CS) in addition.
⚫By default a segment register is fixed for every instruction, for all
the memory access performed by it. For eg. all data accessed by
MOV instruction take DS as the default segment register.
⚫An segment override prefix is attached to an instruction to
change the segment register it uses for memory data access.

Multiple Segments
⚫Multiple segments provide hardware enforced protection of code, data
structures, and programs and tasks.

6
 9/4/

0000
mov [10], eax
- this will move the DS
contents of eax register to
memory location 0510 0500
Opcode: 0x89 0x05 0x10
mov [ES:10], eax
C 1500
-this will move the contents
of eax register to memory S
location 3510
Opcode SS 2500
0x26 0x89 0x05 0x10
“0x26” is the segment
override prefix. 3500
E
S

Multiple Segments
7

Process 1
C CS

S Process 1
DS
Process 1 D Process 2
in S CS

Execution Process 2
SS
S
Process 2
S DS
Process 2 Process 1
SS
in
Execution
Multiprocess Context switching

8
 9/4/

Operating mode
⚫Intel processor runs in five modes of operations
⚫Real Mode: 20-bit segmented memory address space, no
support for memory protection, multitasking, or code privilege
levels
⚫Protected Mode: allows system software to use features such
as virtual memory, paging and safe multi-tasking
⚫Virtual 8086 mode is used to run 8086 compatible programs
concurrently with other protected mode programs
⚫Long mode– Extended Memory model for 64-bits
⚫Compatibility mode – execute 32 bit code in 64-bit mode
without recompilation. No access to 64-bit address space
⚫64-bit mode – 64-bit OS accessing 64-bit address space and
64-bit registers
⚫System Management mode (80386): provide for handling
system-wide functions like power management, system
hardware control, or proprietary OEM designed code

Segmentation in Real mode

⚫The 16-bit segment selector in the segment register is
interpreted as the most significant 16 bits of a linear 20-bit
address, called a segment address, of which the remaining
four least significant bits are all zeros.
⚫The segment address is always added to a 16-bit offset in
the instruction to yield a linear address, which is the same
as physical address in this mode.
⚫For instance, the segmented address 06EFh:1234h has a
segment selector of 06EFh, representing a segment
address of 06EF0h, to which we add the offset, yielding
the linear address 06EF0h + 1234h = 08124h.

10
 9/4/

Real Mode - Memory Addressing

•Segment << 4 + offset = 20 bit EA

•Segment size is a fixed 64K

DS = 0x1004 mov [0x1000], EAX

The mov will store the content of EAX in

0x10040 + 0x1000 = 0x11040
Why this stuff? - To get 1 MB addressing using 16-
bit Segment Registers
11

Protected Mode Addressing

⚫mov [DS:1000], EAX
⚫Let value of DS be 0x10. This is used to select a
segment descriptor in a descriptor table.
⚫The segment descriptor contains information
about the base address of the segment, to
which 1000 is added to get the effective address.
⚫The value stored in DS is called a selector.
⚫Henceforth we discuss protected mode.

12
 9/4/

Protected Mode Addressing

Logical
Address
SELECTOR OFFSET

Descriptor Table

Segment Descriptor Base Address

Linear
Address

13

2. Protection
⚫In the protected mode, x86 processor provide a
protection mechanism operates at both the segment
level and the page level.
⚫The protection checks that are performed fall into the
following categories:
⚫Limit checks.
⚫Type checks.
⚫Privilege level checks.

14
 9/4/

2.1 Limit Checking

⚫The limit field of a segment descriptor prevents
programs or procedures from addressing memory
locations outside the segment.
⚫The effective value of the limit depends on the setting
of the G (granularity) flag .
⚫For data segments, the limit also depends on the E
(expansion direction) flag and the B (default stack
pointer size and/or upper bound) flag.
⚫The E flag is one of the bits in the type field when the
segment descriptor is for a data segment type.

15

•A process always executes from Code segment. It should

not execute by accessing from adjoining Data or stack area
or any other code area too.
•A stack should not overgrow into adjoining segments

500
CS Every segment is specified a
1000
start address and limit.
ES 1500 Architecture checks if limit is
not exceeded.
SS 2000

jmp
mov jmp
PUSH
CS:501
POP
PUSH CS:250
[ES:498],
POP
mov
EAX
EAX
AX
[ES:498],
//This
AX //Let
//Let
//Let
EAXis SP
aSP
SP//This
AX
//This
violation
be
be
be
//This
2,498,
498,
2, itaisasfine
isViolation!!!
it
is
violation!!!
violation
is
fine
limit
fineis 500

Intra and Inter process Protection

16
 9/4/

Process 1 should be Process 1

prevented from loading
CS, such that it can
C CS

access the code of S Process 1

Process 2 DS

Similarly for the DS,SS, D Process 2

CS
ES, FS and GS S
Process 2
SS
Privilege levels: [0-3] S
assigned to each Process 2
segment.
S DS

0: Highest privilege Process 1

SS
3: Lowest privilege

Interprocess Protection

17

2.1. Limit Checking

⚫When the G flag is clear (byte granularity)
⚫The effective limit is the value of the 20-bit limit field in
the segment descriptor.
⚫The limit ranges from 0 to FFFFFH (1 MByte).
⚫When the G flag is set (4-KByte page granularity),
⚫The processor scales the value in the limit field by a
factor of 212 (4 KBytes).
⚫In this case, the effective limit ranges from FFFH (4
KBytes) to FFFFFFFFH (4 GBytes).
⚫Note that when scaling is used (G flag is set),
⚫the lower 12 bits of a segment offset (address) are not
checked against the limit;
⚫for example, note that if the segment limit is 0, offsets 0
through FFFH are still valid.

18
 9/4/

3.1 Limit Checking

⚫The processor causes a general-protection exception
any time an attempt is made to access the following
addresses in a segment:
⚫A byte at an offset greater than the effective limit
⚫A word at an offset greater than the (effective-limit – 1)
⚫A doubleword at an offset greater than the (effective-
limit – 3)
⚫A quadword at an offset greater than the (effective-limit
– 7)
⚫A double quadword at an offset greater than the
(effective limit – 15)

19

2.2 Type Checking

⚫Segment descriptors contain type information in two
places:
⚫The S (descriptor type) flag.
⚫The type field.
⚫The processor uses this information to detect
programming errors that result in an attempt to use a
segment or gate in an incorrect or unintended
manner.

20
 9/4/

3.2 Type Checking

⚫Code and data segment types

21

Types of non-system segment

descriptors
⚫System bit S = 1
⚫000 – Data, Read only
⚫001 – Data, Read/Write
⚫010 – expand down, Read only
⚫011 – expand down, Read/Write
⚫100 – Code, Execute only
⚫101 – Code, Execute/Read
⚫110 – Conforming Code, Execute only
⚫111 - Conforming Code, Execute/Read

22
 9/4/

2.3 Privilege Checking

⚫The processor uses privilege levels to prevent a program or task
operating at a lesser privilege level from accessing a segment
with a greater privilege, except under controlled situations.
⚫When the processor detects a privilege level violation, it
generates a general-protection exception

23

Protection Implementation
⚫Every segment is associated with a descriptor
stored in a descriptor table.
⚫ The privilege level of any segment is stored in
its descriptor.
⚫ The descriptor table is maintained in memory
and the starting location of the table is pointed
to by a Descriptor Table Register (DTR).
⚫ The segment register stores an offset into this
table.

24
 9/4/

Structure of a Descriptor

25

Descriptor Privilege Level

⚫Privilege levels apply to entire segments
⚫The privilege level is defined in the segment
descriptor
⚫The privilege level of the code segment determines
the Current Privilege Level (CPL)

26
 9/4/

Privilege levels and Protection

⚫Every segment has an associated privilege level
and hence any code segment will have an
associated privilege level.
⚫ The CPL (Current Privilege Level) of a process
is the privilege level of the code segment, the
code stored in which, it is executing.
⚫ A process can access segments that have
privilege levels numerically greater than or
equal to (less privileged than) its CPL.

27

Privilege levels
⚫The need is to prevent
⚫Users from interfering with one another
⚫Users from examining secure data
⚫Program bugs from damaging other programs
⚫Program bugs from damaging data
⚫Malicious attempts to compromise system integrity
⚫Accidental damage to data

28
 9/4/

Privilege Protection
⚫Continuous checking by the processor on
whether the application is privileged enough to
⚫Type 1: Execute certain instructions
⚫Type 2: Reference data other than its own
⚫Type 3: Transfer control to code other than its own
⚫To manage this every segment has a privilege
level called the DPL (Descriptor Privilege
Level) Bits 45,46

29

3. Virtual memory
⚫What if we wanted more RAM than we
had available. For example, we might have
1 M of RAM, what if we wanted 10 M? How
could we manage?
⚫One way to extend the amount of memory
accessible by a program is to use disk. This
idea of extending memory is called
virtual memory. It's called "virtual" only
because it's not RAM.
⚫The real problem with disk is that it's
really, really slow to access. The advantage
of disk is it's easy to get lots of disk space
for a small cost.
⚫Still, because disk is so slow to access, we
want to avoid accessing disk unnecessarily.
30
 9/4/

Uses of Virtual Memory

⚫Initially, virtual memory meant the idea of using disk
to extend RAM
⚫Virtual memory was used as a means of memory
protection.
⚫Every program uses a range of addressed called the
address space.
⚫Virtual memory can help prevent programs from
interfering with other programs.
⚫Virtual memory can also help programs to cooperate,
and share memory.

31

Virtual
address
space

⚫A virtual address
space is the set
of ranges of
virtual addresses
that an operating
system makes
available to a
process

32
 9/4/

Virtual Memory and Paging

⚫It is always enough if the next instruction to be
executed and the data needed to execute the same
are available in the memory.
⚫The complete code and data segment need not be
available.
⚫Use of paging to realize the stuff!
⚫By using segmentation the processor calculates an
32-bit effective address.

33

Paging fundamentals
⚫A page is a sequence of N bytes where N is a
power of 2.
⚫In 8088/8086 processors:
⚫Each page is 4096 bytes
⚫Physical RAM has page frames like photo frames,
which is also 4096 bytes.
⚫A page is copied into the page frame, if needed and
removed to accommodate some other page.
⚫By this, a 4 GB code can run on a 128MB physical
memory
⚫In modern processors:
⚫Page sizes are at least 4K in size and maybe as large as
64 K or more.

34
 9/4/

Protected Mode Addressing with paging

10 10 12
DIR TABLE OFFSET

PAGE FRAME

PAGE DIRECTORY PAGE TABLE

PHYS ADDRS
4KB entries
with 4 bytes
4KB entries per entry
with 4 bytes
PG TBL
per entry
ENTRY

DIR ENTRY If 20 bytes are used as a single level

paging then page table alone is 4 MB
which is inefficient. So two level paging.

CR3 REG Develop the page table on demand

TLB’s used to improve performance
Dirty bit accommodated in each page
entry
35

Paging - Example
⚫Suppose your program generated the following virtual
address F0F0F0F0hex (which is 1111 0000 1111 0000 1111 0000
1111 0000 two). How would you translate this to a physical
address?

36
 9/4/

Protected Mode Addressing - Paging entries

PDE: Page Directory Entry

PTE: Page Table Entry

37

Page hit vs. Page fault

⚫If the valid bit (present bit) is 1, then the virtual page
is in RAM, and you can get the physical page from the
PTE. This is called a page hit, and is basically the
same as a cache hit.
⚫If the valid bit is 0, the page is not in RAM, and the 20
bit physical page is meaningless. This means, we must
get the disk page corresponding to the virtual page
from disk and place it into a page in RAM. This is
called a page fault.

38
 9/4/

Mapping segments to pages

⚫The segmentation and paging mechanisms provide in the support a
wide variety of approaches to memory management.
⚫When segmentation and paging are combined, segments can be
mapped to pages in several ways.
⚫To implement a flat (unsegmented) addressing environment, for
example, all the code, data, and stack modules can be mapped to one
or more large segments (up to 4-GBytes) that share same range of
linear addresses

39

4. Memory management problems

1. Always provide memory allocation for pointers
⚫ Instructions:
⚫Malloc:
⚫P= malloc( 200 * sizeof(char) );
⚫buffer = (char*) malloc (i+1);

⚫New
⚫P= new (sizeof(char));
⚫my_class = new Myclass* [size1];

⚫Example:

int *x; int *x = new int;

*x = 5; // => error *x = 5; // => OK

40
 9/4/

Memory management problems

⚫Example
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main() {
char name[100];
char *description;
strcpy(name, "Zara Ali");

/* allocate memory dynamically */

description = malloc( 200 * sizeof(char) );

if( description == NULL ) {

fprintf(stderr, "Error - unable to allocate required memory\n");
}
else {
strcpy( description, "Zara ali a DPS student in class 10th");
}
printf("Name = %s\n", name );
printf("Description: %s\n", description );
}

41

Memory management problems

2. Free memory after using
⚫ Instructions:
⚫Delete (C++ instruction)
⚫delete p;
⚫Free (C instruction)
⚫free(p);

⚫Example:

void f(int n)
{ int* array = calloc(n, sizeof(int));
//do_some_work(array);
free(array);
}

42
 9/4/

Memory management problems

⚫Example
#include <iostream> // std::cout
#include <new> // ::operator new

struct MyClass {
int data[100];
MyClass() {std::cout << "constructed [" << this << "]\n";}
};
int main () {
std::cout << "1: ";
MyClass * p1 = new MyClass;
// allocates memory by calling: operator new (sizeof(MyClass))
// and then constructs an object at the newly allocated space

std::cout << "2: ";

MyClass * p2 = new (std::nothrow) MyClass;
delete p1;
delete p2;
return 0;
}
43

Memory management problems

3. Resizing memory allocation
⚫ Instruction: realloc()
⚫description = realloc( description, 100 * sizeof(char) );

44
 9/4/

⚫Example
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main() {
char name[100];
char *description;
strcpy(name, "Zara Ali");
description = malloc( 30 * sizeof(char) ); /* allocate memory dynamically */
if( description == NULL ) {
fprintf(stderr, "Error - unable to allocate required memory\n");
}
else {
strcpy( description, "Zara ali a DPS student.");
}
/* suppose you want to store bigger description */
description = realloc( description, 100 * sizeof(char) );
if( description == NULL ) {
fprintf(stderr, "Error - unable to allocate required memory\n");
}
else {
strcat( description, "She is in class 10th");
}
printf("Name = %s\n", name );
printf("Description: %s\n", description );

/* release memory using free() function */

free(description);
}
45

Memory management problems

4. Free allocated memory of an array
⚫free each element of the array, then free the array
pointer
⚫Example
Problem Solution
Passenger **p = new
Passenger **p = new Passenger*[100]; Passenger*[100];
for(int i=0;i<100;i++) for(int i=0;i<100;i++)
p[i] = new Passenger[50]; p[i] = new Passenger[50];

//After using p //After using p

delete[] p; for(int i=0;i<100;i++)
delete p[i];
delete[] p;

46