CS 372H Operating Systems Final Exam Solutions, Exercises of Computer Science

The solutions to the final exam of the CS 372H Introduction to Operating Systems: Honors course at The University of Texas at Austin, held in Spring 2011. The exam covers topics such as concurrency, I/O, networks, and security.

Typology: Exercises

2021/2022

Uploaded on 08/05/2022

char_s67
char_s67 🇱🇺

4.5

(116)

1.9K documents

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
The University of Texas at Austin
CS 372H Introduction to Operating Systems: Honors: Spring 2011
FINAL EXAM
This exam is 3 hours. Stop writing when “time” is called. You must turn in your exam; we will not
collect it. Do not get up or pack up in the final ten minutes. The instructor will leave the room 3
hours and 3 minutes after the exam begins and will not accept exams outside the room.
There are 27 questions in this booklet. Some may be harder than others, and some earn more points
than others. You may want to skim all questions before starting. Note that you are going to need to
move through the short ones quickly.
This exam is closed book and notes. You may not use electronics: phones, calculators, laptops,
etc. You may refer to TWO two-sided 8.5x11” sheet with 10 point or larger Times New Roman font,
1 inch or larger margins, and a maximum of 55 lines per side.
If you find a question unclear or ambiguous, be sure to write any assumptions you make.
Follow the instructions: if they ask you to justify something, explain your reasoning and any im-
portant assumptions. Write brief, precise answers. Rambling brain dumps will not work and
will waste time. Think before you start writing so you can answer crisply. Be neat. If we can’t
understand your answer, we can’t give you credit!
Grading for True/False questions is as follows. We grade by individual True/False item: correct
items earn positive points, blank items earn 0 points, and incorrect items earn negative points. How-
ever, the minimum score on any question—that is, any group of True/False items—is 0.
There is almost no credit for leaving questions blank. The exception is as follows: if a problem is
worth 6 or more points, then completely blank answers will get 15%-20% of the credit. Note that
by problem we mean numbered questions for which a point total is listed. Sub-problems with no
points listed are not eligible for this treatment. Thus, if you attempt any sub-problem, you may as
well attempt the other sub-problems in the problem.
Don’t linger. If you know the answer, give it, and move on.
Write your name and UT EID on this cover sheet and on the bottom of every page of the exam.
Do not write in the boxes below.
I (xx/25) II (xx/20) III (xx/19) IV (xx/23) V (xx/13) Total (xx/100)
Name: Solutions UT EID:
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download CS 372H Operating Systems Final Exam Solutions and more Exercises Computer Science in PDF only on Docsity!

The University of Texas at Austin

CS 372H Introduction to Operating Systems: Honors: Spring 2011

FINAL EXAM

  • This exam is 3 hours. Stop writing when “time” is called. You must turn in your exam; we will not collect it. Do not get up or pack up in the final ten minutes. The instructor will leave the room 3 hours and 3 minutes after the exam begins and will not accept exams outside the room.
  • There are 27 questions in this booklet. Some may be harder than others, and some earn more points than others. You may want to skim all questions before starting. Note that you are going to need to move through the short ones quickly.
  • This exam is closed book and notes. You may not use electronics: phones, calculators, laptops, etc. You may refer to TWO two-sided 8.5x11” sheet with 10 point or larger Times New Roman font, 1 inch or larger margins, and a maximum of 55 lines per side.
  • If you find a question unclear or ambiguous, be sure to write any assumptions you make.
  • Follow the instructions: if they ask you to justify something, explain your reasoning and any im- portant assumptions. Write brief, precise answers. Rambling brain dumps will not work and will waste time. Think before you start writing so you can answer crisply. Be neat. If we can’t understand your answer, we can’t give you credit!
  • Grading for True/False questions is as follows. We grade by individual True/False item: correct items earn positive points, blank items earn 0 points, and incorrect items earn negative points. How- ever, the minimum score on any question—that is, any group of True/False items—is 0.
  • There is almost no credit for leaving questions blank. The exception is as follows: if a problem is worth 6 or more points, then completely blank answers will get 15%-20% of the credit. Note that by problem we mean numbered questions for which a point total is listed. Sub-problems with no points listed are not eligible for this treatment. Thus, if you attempt any sub-problem, you may as well attempt the other sub-problems in the problem.
  • Don’t linger. If you know the answer, give it, and move on.
  • Write your name and UT EID on this cover sheet and on the bottom of every page of the exam.

Do not write in the boxes below.

I (xx/25) II (xx/20) III (xx/19) IV (xx/23) V (xx/13) Total (xx/100)

I Concurrency and other pre-midterm material (25 points total)

  1. [4 points] Circle True for False for each item below: True / False On the x86, if a given memory reference (load or store) causes a TLB miss, then that memory reference also causes a page fault. False. The processor can often patch up a TLB miss using the page structures, without needing to ask the OS for help via a page fault. True / False In JOS, if an environment issues a syscall, thereby causing the x86 to begin executing the kernel, the processor flushes the TLB before switching to supervisor mode and executing kernel code. False. True / False Under gcc’s calling conventions, when a function f() calls a function g() that takes arguments, f() pushes arguments on the stack for g(). True. True / False Under gcc’s calling conventions, when a function f() calls a function g() that takes arguments, g() can gain access to the arguments through the stack frame pointer (%ebp on the x86). True.
  2. [3 points] Most round-robin schedulers use a fixed size quantum. Give an argument in favor of and against a small quantum. Below, briefly state two arguments, one for and and one against a small quantum: A small quantum means finer-grained sharing (more responsiveness) but at the cost of higher over- head, since each context switch costs something.
  3. [15 points] In this problem, you are the organizer of an expo that specializes in electronic entertainment. You want to allow attendees to play a new game demo. You model the attendees as threads, called players, and your job is to synchronize access to a single copy of the game, as follows:
    • When a player arrives, he or she waits in a waiting area.
    • Once there are 4 or more players waiting to play, you allow exactly 4 of them to leave the waiting area to begin playing. These four leave the waiting area and approach the game console.
    • When a player reaches the console, the player waits until all four players are at the console, at which point all four players begin playing.
    • A player may leave the console. However, you cannot allow any new players to begin playing until all four players have left.
    • You need not let players out of the waiting area in the order in which they arrived.
    • You cannot assume that a player will ever finish playing.

class GameBarrier { public: GameBarrier(); /* You will partially implement this / ~GameBarrier() {} void waitToPlay(); / You will implement this / void donePlaying(); / You will implement this / private: / this barrier can be in one of three states; note the ’state’ variable */ typedef enum {GAME_NOTREADY, GAME_FILLING, GAME_FILLED} state_t;

Mutex mutex; state_t state; /* INSERT MORE BELOW */

};

GameBarrier::GameBarrier() { state = GAME_NOTREADY: /* INITIALIZE ANY OTHER VARIABLES. */

}

void GameBarrier::waitToPlay() { /* YOU MUST FILL IN THIS FUNCTION */

}

void GameBarrier::donePlaying() { /* YOU MUST FILL IN THIS FUNCTION */

}

class ConsoleBarrier { public: ConsoleBarrier(); /* You will partially implement this / ~ConsoleBarrier() {} void waitAtConsole(); / You will implement this */

private: /* this barrier can be in one of two states; note the ’state’ variable */ typedef enum {CONSOLE_WAIT, CONSOLE_ALLOW} state_t;

Mutex mutex; state_t state; /* INSERT MORE BELOW */

};

ConsoleBarrier::ConsoleBarrier() { state = CONSOLE_WAIT; /* INITIALIZE ANY OTHER VARIABLES */

}

class GameBarrier {

..............

Cond cv; int num_waiters; int num_players; };

GameBarrier::GameBarrier() { state = GAME_NOTREADY:

num_waiters = 0; num_players = 0; }

void GameBarrier::waitToPlay() { mutex.acquire();

if (++num_waiters >= 4 && state == GAME_NOTREADY) { state = GAME_FILLING; cv.broadcast(&mutex); }

while (state != GAME_FILLING) { wait(&mutex, &cv); }

--num_waiters;

if (++num_players == 4) state = GAME_FILLED;

mutex.release(); }

void GameBarrier::donePlaying() { mutex.acquire();

if (--num_players = 0) { state = GAME_NOT_READY; if (num_waiters >= 4) { state = GAME_FILLING; cv.broadcast(&mutex); } }

mutex.release(); }

class ConsoleBarrier {

...............

Cond cv; int num;

};

ConsoleBarrier::ConsoleBarrier() { state = CONSOLE_WAIT; num = 0; }

void ConsoleBarrier::waitAtConsole() { mutex.acquire();

if (++num == 4) { state = CONSOLE_ALLOW; cv.broadcast(&mutex); }

while (state == CONSOLE_WAIT) { cv.wait(&mutex); }

if (--num == 0) { state = CONSOLE_WAIT; }

mutex.release(); }

should thus spin in a while loop.) This is true regardless of whether we have one or two threads, user-level or kernel-threads, signal or broadcast, sequential consistency or not, etc. Since a thread can wake at any time, even when not signaled, the code must check any required barrier conditions after waking from wait() and before proceeding.

II I/O, Disks, file systems, transactions (20 points total)

  1. [4 points] Consider a computer with a processor that operates at 1 GHz (10^9 cycles/second). When a network packet arrives, the network card interrupts the CPU, which then processes the packet. The cost of the following sum to 10,000 cycles: a context switch to the interrupt handler, handling a packet, and the context switch out of the interrupt handler. A lot of other computers want to talk to this computer, and for a time, it receives 100,000 packets per second. Assume one interrupt per packet. Below, state the total percentage of the processor’s cycles that are spent in interrupt-related code (meaning the context switching and packet handling). Explain your answer briefly (for example, by showing your work). 100%. 10,000 cycles/interrupt * 1 interrupt/packet * 100,000 packets/second = 10^9 cycles/second on interrupts, which is all that the processor has. Fill in the blank: during this busy time, the device driver for the network card should not use interrupts but rather. polling.
  2. [3 points] Consider a system that uses transactions to provide atomicity (specifically, all-or- nothing atomicity) with respect to stable storage. (Other names for stable storage are cell storage and non-volatile storage.) Recall that this kind of atomicity provides the following: after a system restart, each transaction will be such that either all of the updates in the transaction will appear to be “done” or none of the updates in the transaction will appear to be “done”. Here, “done” means “applied to stable storage”. To provide this type of atomicity, what rule must the transaction manager obey for each update, with respect to its write-ahead log? Circle the BEST answer below:

A The transaction manager can apply an update to cell storage only after recording that update in its write-ahead log. B The transaction manager can record an update in its write-ahead log only after applying the update to cell storage. C The order doesn’t matter: the transaction manager can record an update in the log and in cell storage in any order, as long as it respects the invariant that COMMIT records are atomic.

A. It’s a write-ahead log. The whole concept of write-ahead logs is that one modifies cell storage only after logging the change.

  1. [7 points] Consider a file system that has the following description:
    • The disk is divided into 1024-byte blocks.
    • The beginning of the disk contains an array of 2^16 inodes, each of which can represent a file or be unallocated.
    • A file has an indexed structure: an inode contains (a) 8 data block pointers, each of which is 4 bytes and each of which points to a disk block and (b) a pointer to ONE indirect block, which is a disk block that itself contains data block pointers.
    • The inode also contains a userid (2 bytes), three time stamps (4 bytes each), protection bits ( bytes), a reference count (3 bytes), and the size (4 bytes).
    • A directory contains a list of (file name, inode number) pairs, where the file name por- tion is always exactly 14 bytes, including the null terminator (if the file name would otherwise be fewer than 14 bytes, it is padded to 14 bytes).

Below, state the maximum file size, and explain briefly, for example by showing your work. You may express your answer as a sum of powers-of-two.

The data pointed to by the direct block pointers can be as large as 1024 · 8 bytes. There is a single indirect block pointer, and it can contain as many as 10244 pointers, each of which points to 1024 bytes of data. Thus, the total is:

1024 · 8 + 1024 (

Below, state the maximum number of files in a directory, and explain briefly, for example by showing your work. Again, you may express your answer as a sum of powers-of-two.

Directories are implemented as files. Also, each directory entry is 16 bytes (14 bytes for the file name and 2 bytes for the inode number, since there are 2^16 inodes). Thus, we take our answer to the previous question and divide by 16 bytes:

213 + 218 24

Since there are 2^16 inodes on the disk, our answer is min{ 216 , 16896} = 16896.

If we wanted to move to LFS (the log-structured file system), which of the items in the descrip- tion above would we have to modify, and why? Note that we are asking “which items” and “why”; we are not asking you to describe the exact changes required nor are we asking about other needed changes.

The only one that needs to change is the inode array, since, under LFS, inodes do not live in a fixed location on the disk.

III Networks, RPC, distributed systems (19 points total)

  1. [2 points] Some application-layer protocols include a destination field in the application-layer header. Why? Circle the BEST answer:

A So the protocol can check that the network layer delivered the packet containing the application’s message to the correct endpoint. B Because it is the application layer that makes routing and forwarding decisions. C Because the network layer uses the application-layer header to route and forward the packet. D Because the sender’s link layer needs this field to decide which network protocol to use.

A is right: the application layer cannot depend on the layers below it. B is not right because it is not the application layer that makes forwarding decisions. C is not right because the network layer has its own header. D is not right because the link layer doesn’t decide on the network protocol. The above exercise is borrowed from J. H. Saltzer and M. F. Kaashoek, Principles of Computer System Design: An Introduction, Morgan Kaufmann, Burlington, MA, 2009. Chapter 7. Available online.

  1. [2 points] Ethernet cards have unique addresses built into them. What role do these unique addresses play in the Internet? Circle the BEST answer:

A None. They are there for Macintosh compatibility only. B A portion of the Ethernet address is used as the domain name of the computer using the card. C They provide routing information for packets destined to non-local subnets. D They are used as private keys in the Security Layer of the ISO protocol. E They provide addressing within each subnet for an Internet address resolution protocol. F They provide secure identification for warranty service.

E. The above exercise is borrowed from J. H. Saltzer and M. F. Kaashoek, Principles of Computer System Design: An Introduction, Morgan Kaufmann, Burlington, MA, 2009. Chapter 7. Available online.

  1. [3 points] The NFS authors had a goal of transparency. They wanted applications to be unable to distinguish whether a file system was (a) a remote file system served from an NFS server; or (b) a typical, local Unix file system. They did not succeed. (In fact, their goal was impossible.) Below, state precisely one way in which application code can experience different behavior when interacting with a remote NFS file system versus a local Unix file system. Your answer should
  1. [6 points] In this question, two computers, A and B, are connected by a network link that runs at 1 gigabit per second (1 · 109 bits/second). The propagation delay is 20 ms; that is, it takes 20 ms for a bit to travel from A to B or back. Assume that the link does not drop or duplicate packets. Further assume that processing time at the two endpoints is zero. Last, assume that A sends B 625-byte packets (the 625 includes all headers, framing, and inter-packet spacing).

What is the maximum number of 625-byte packets per second that A could in principle send into the wire? Explain your answer briefly (for example, by showing your work). You may make small approximations if needed.

109 bits/second * 1 byte/8 bits * 1 packet/625 bytes = 200, 000 packets/second.

Now, consider the above link and the following protocol, and assume that all packets are again 625 bytes. In the protocol, A sends 4000 packets into the network as quickly as it can and then waits for a one-byte ACK from B. Whenever A receives an ACK from B, A immediately sends another 4000 packets into the network. Meanwhile, B ACKs packet 1, packet 4001, packet 8001, etc. That is, B ACKs every 4000 packets starting with the first one in a burst by A.

What is the long-term throughput of this protocol, expressed as both (a) bits per second and (b) a percentage of the link’s bandwidth? Explain your answer briefly (for example, by showing your work). You may make small approximations if needed.

The bandwidth-delay product is 10^9 bits/second * 20 ms = 2.5 megabytes = 4000 packets of size 625 bytes. If A sent 4000 packets every 20 ms, it would fully use the link. However, from the protocol description, we know that the protocol sends 4000 packets every 40 ms (because the round-trip time is 40 ms, and that’s how long it takes for A to get B’s ACK). Thus, the throughput is one-half the link’s bandwidth, or 500 · 108 bits/second.

  1. [3 points] Consider the following statement: “If machines were guaranteed not to crash, we would not need two-phase commit: the coordinator could, in one phase, decide whether a distributed transaction would commit, and then instruct the workers to apply their piece of the transaction.”

Is the above statement true or false? Justify your answer briefly below:

False. The point to the first phase of 2PC is to see whether all of the machines agree to the proposed transaction.

  1. [3 points] Consider two generals, A and B, who are encamped with their armies as in the Two Generals Problem. The two generals communicate by messengers that have the following characteris- tics: a messenger sent by one general always reaches the other general, a messenger never mangles the messages that it is supposed to deliver, and a messenger delivers exactly one copy of the message that it is supposed to deliver. However, a messenger occasionally is delayed for up to 24 hours. Assume that A and B know all of the above but have no way to predict which messengers will be delayed or when. Assume that A decides the time of the attack. Can A and B successfully coordinate an attack, as in the Two Generals problem?

If they can successfully coordinate an attack, give a protocol that does so. If they cannot, then explain why not.

They can successfully coordinate. A sends a message at time X saying, “attack at X + 25 hours”. B is guaranteed to get the message in time for the attack, and A knows this. Hence both attack at the same time.

  1. [2 points] This question is about the assigned reading, “Keeping Secrets in Hardware: the Microsoft XBoxTM^ Case Study”, by Andrew “bunnie” Huang. Huang successfully attacked the X-box by doing which of the following?

Circle the BEST answer below:

A Using an electron microscope to read the secret key out of the CPU. B Replacing the DRAM chips with modified DRAM chips that stored a copy of the secret key in an off-chip NVRAM. C Tapping a high-speed bus between ROM and the CPU to extract a secret key and the code in a secret boot block. D Mounting a dictionary attack on the Xbox’s password file. E Modifying the on-disk kernel image to cause a buffer overflow attack in the bootloader, overrid- ing the hardware-based protection of the secret key. F Installing read-write entries in the x86-visible page tables, allowing him to overwrite key kernel data structures.

C. Huang used inexpensive custom hardware to extract the electrical signals on the bus between the southbridge and northbridge.

  1. [2 points] One of our assigned readings was “An Access Control Hierarchy for Secure File Logging”.

What was the central thesis of this paper? Circle the BEST answer below:

A When developers don’t think carefully about their threat model, they can be surprised by attacks that subvert their abstractions. B The current Unix approach to access control is incoherent. C The current Unix approach to access control is coherent, but the coarse-grained notion of privi- lege in Unix creates many vulnerabilities. D An attacker who gains access to the kernel’s logging facility can subvert all of the access control in the file system. E None of the above.

E.

  1. [4 points] These questions concern the hacks to the C compiler that Ken Thompson describes in “Reflections on Trusting Trust”.

Circle True or False for each item below:

True / False After Thompson’s hacks, the source code for the C compiler, if examined, would contain a hint that the login program had been bugged.

True / False After Thompson’s hacks, the C compiler binary, if disassembled and examined, would contain a hint that the login program had been bugged.

The first is false; the second, true. Thompson’s hack was such that no trace of the bugged C compiler or the bugged login was visible from the source code. What allowed Thompson to pull off this hack is that he bugged the binary—and the hint of that would certainly be clear if someone were to disassemble the binary (there would be compiled code that, on matching a pattern in an input file, output a copy of its own logic and some logic to bug the login program).

  1. [3 points] Recall that the ping program sends ICMP packets using a raw socket and that the passwd program changes the user’s password by writing to the /etc/passwd file. For the purpose of the first two items below, there is no conceptual difference between ping and passwd: what will be true or false for one will be true or false for the other.

Circle True or False for each item below:

True / False Assuming a normal and bug-free system, one needs to be logged in as the root user to use ping and passwd successfully.

True / False Assuming a normal and bug-free system, root needs to delegate its privileges (or a subset of those privileges) to ordinary users for them to use ping and passwd successfully.

The first is false; the second, true. Ordinary users can call ping and passwd. They must do so using root’s privileges because, under Unix’s security model, only a process with a real or effective ID of root can open a raw socket or write to the password file.

True / False To delegate its privileges to ordinary users as they run particular binaries, root sets the setuid bit on those binaries.

True.

  1. [2 points] This question is about mandatory access control. You may recall that Tanenbaum defined mandatory access controls as follows: under mandatory access controls, the system “ensure[s] that the stated security policies are enforced... in addition to the standard discretionary access controls [in which individual users determine who may read and write their files]”. Tanenbaum goes on to describe a phenomenon that undermines mandatory access controls. He prefaces the description with, “we discuss how information can still leak out even when it has been rigorously proven that such leakage is mathematically impossible”.

What phenomenon undermines mandatory access controls? Circle the BEST answer:

A Two-factor authentication B Weak passwords C A program that has access to privileged information and, as a result of a bug that is not modeled by the specification, writes it to a world-readable file D Covert channels E Buffer overflow attacks on user-level programs