# Memory Management in Operating Systems

Memory management is where an operating system stops being a simple program launcher and starts behaving like an illusionist, a traffic controller, and a bodyguard at the same time.

To a programmer, memory often looks simple: declare variables, allocate objects, use arrays, return from functions, free what you allocated, and move on. Underneath that simple model, the machine is dealing with a much harsher reality:

- RAM is finite.
- Many processes want to use it at the same time.
- Programs should not overwrite each other's data.
- The CPU wants memory access to feel almost instantaneous.
- The system still has to work even when total memory demand is larger than physical RAM.

Memory management is the part of the OS that makes all of those constraints coexist.

This guide is written for understanding, not memorization. The goal is to build a mental model strong enough that ideas like virtual memory, page faults, TLB misses, swapping, fragmentation, and memory-mapped files feel natural rather than mysterious.

## 1. Why Memory Management Exists

Before talking about page tables or heaps, start with the core problem.

### The raw problem

Imagine a computer with 16 GB of RAM and ten programs running.

If every program directly used physical addresses, several things would go wrong immediately:

- Two programs could write to the same physical location by accident.
- A buggy program could overwrite the kernel.
- Every program would need to know where free RAM currently lives.
- Loading a program would become a physical placement puzzle.
- Moving a program in memory would break its pointers unless every address inside the program were rewritten.

That is not just inconvenient. It is fundamentally unsafe and unscalable.

### What memory management must achieve

An OS memory manager tries to provide five things at once:

1. **Isolation**: one process should not corrupt another.
2. **Abstraction**: every process should feel like it has its own clean address space.
3. **Efficiency**: RAM should be used well, not wasted.
4. **Performance**: address translation and allocation should be fast.
5. **Controlled sharing**: when sharing is useful, it should be explicit and safe.

### The big idea

Modern systems almost never let user programs manipulate raw physical memory directly. Instead, the CPU generates **virtual addresses**, and hardware plus the OS translate those into **physical addresses**.

That single design choice is what makes modern process isolation, demand paging, shared libraries, memory-mapped files, copy-on-write, and swap possible.

## 2. A Mental Model of Memory

It helps to distinguish three different things that beginners often collapse into one:

- **Physical memory**: the actual RAM chips, divided into hardware-sized units the OS can manage.
- **Virtual memory**: the private address space a process thinks it owns.
- **Secondary storage**: SSD or disk space used for executable files, mapped files, and swap backing.

When a program uses a pointer, it is usually using a virtual address, not a physical one.

The rough path looks like this:

1. The CPU executes an instruction that refers to memory.
2. The CPU produces a virtual address.
3. The MMU (Memory Management Unit) translates that virtual address.
4. If the translation exists and the access is allowed, the CPU accesses RAM.
5. If the page is not present, the CPU traps into the OS, which handles the fault.

This means memory access is not just an electrical event. It is a collaboration between **program**, **CPU**, **MMU**, **kernel**, **RAM**, and sometimes **disk**.

## 3. Process Memory Layout

Each process is given a virtual address space. The exact layout varies by OS, architecture, executable format, ASLR policy, and runtime, but the classic teaching model is still useful.

```mermaid
flowchart TB
	subgraph Process["Typical Process Virtual Address Space"]
		direction TB
		K["Kernel space mapping<br/>Protected from user mode"]
		S["Stack<br/>Function frames, return addresses,<br/>local variables<br/>Usually grows downward"]
		M["Memory-mapped region<br/>Shared libraries, mapped files,<br/>anonymous mappings"]
		H["Heap<br/>Dynamic allocations from malloc/new<br/>Usually grows upward"]
		D["Data and BSS<br/>Globals and statics"]
		T["Text / code / read-only data<br/>Instructions, constants"]
		L["Low addresses"]
		K --> S --> M --> H --> D --> T --> L
	end
```

### 3.1 Text segment

The **text segment** contains executable instructions. It is often mapped read-only and executable.

Why that matters:

- Read-only code is harder to corrupt accidentally.
- Multiple processes can share the same physical code pages for the same executable or shared library.
- The OS can demand-load code pages from the executable file only when needed.

Real systems use this heavily. If ten processes run the same binary, they do not usually keep ten separate physical copies of identical code pages.

### 3.2 Data and BSS

These regions hold global and static variables.

- **Initialized data**: globals/statics with explicit initial values.
- **BSS**: globals/statics that start as zero.

Why split them?

- Initialized data must be stored in the executable image.
- Zero-initialized data does not need to take space in the file; the loader can create zeroed pages in memory.

This is a small but elegant example of memory optimization: the executable stays smaller, while the runtime still gets the correct initial state.

### 3.3 Heap

The **heap** is where dynamic memory allocation lives.

When code does something like this:

```c
int *buffer = malloc(4096);
```

the allocation typically comes from user-space allocator logic such as `malloc`, `new`, or a runtime allocator. That allocator may satisfy the request from already-owned memory, or it may ask the kernel for more pages using mechanisms like `brk`, `sbrk`, or `mmap` depending on the platform and allocator design.

Important intuition:

- The heap is not just one big bag of bytes the kernel directly manages for every small object.
- Most small allocations are handled by a user-space allocator.
- The OS usually deals in pages, while the allocator subdivides those pages into application-sized chunks.

### 3.4 Stack

The **stack** stores function call state.

Typical stack contents include:

- return addresses
- saved registers
- function parameters
- local variables

The stack is fast because allocation is usually just moving a stack pointer. That is much cheaper than a general-purpose heap allocation.

Why the stack exists:

- function calls are nested and naturally follow LIFO order
- allocation and deallocation are extremely cheap
- it matches the control-flow structure of most programs

What goes wrong without it?

Every function call would need a more expensive general allocation strategy, recursion would be awkward, and temporary storage would be harder to manage efficiently.

### 3.5 Mapped region

Modern processes often have a large region used for:

- shared libraries
- memory-mapped files
- anonymous mappings
- large allocator requests
- thread stacks

This region is one reason old diagrams with only code/data/heap/stack are incomplete. Real processes use many mapped regions, not a single smooth block.

### 3.6 Guard pages and stack overflow

Real OSes often place an unmapped or protected page near the end of a stack. If the stack grows too far, touching that page causes a fault.

That is how a stack overflow becomes a detectable error rather than silent corruption.

### 3.7 Real-world note

Linux, Windows, and macOS all present the same broad idea but differ in layout details. Address Space Layout Randomization (ASLR) also deliberately changes locations between runs to make attacks harder.

So the layout diagram is a conceptual map, not a fixed coordinate system.

## 4. Memory Allocation Strategies

The phrase "memory allocation" can mean different things depending on the layer.

- At the OS level, it can mean how the system places processes or pages into physical memory.
- At the kernel level, it can mean how the OS allocates memory for its own data structures.
- At the application level, it can mean how `malloc` or a language runtime gives memory to code.

Understanding the layers matters because they solve different sub-problems.

### 4.1 Contiguous allocation: the older intuition

Early systems often used **contiguous allocation**: give a process one continuous chunk of physical memory.

This sounds simple, but it creates serious problems:

- finding a large enough free hole becomes harder over time
- moving a process is expensive
- memory becomes fragmented externally

Common placement strategies included:

- **First fit**: use the first hole large enough
- **Best fit**: use the smallest hole that works
- **Worst fit**: use the largest hole

Each strategy trades one kind of waste for another. Best fit may leave many tiny unusable holes. First fit is fast but can create uneven fragmentation patterns. Worst fit tries to preserve medium holes but often wastes large spaces.

This is why pure contiguous allocation does not scale well for general-purpose multitasking systems.

### 4.2 Paging as a placement strategy

Paging changes the question from:

"Where can I place this entire process as one piece?"

to:

"Where can I place each fixed-size page?"

That is a huge simplification. Any free frame can hold any page. The OS no longer needs one giant hole for a whole process.

That dramatically reduces **external fragmentation** in physical memory.

### 4.3 Kernel allocators

The kernel also needs memory for its own objects: page descriptors, file tables, socket buffers, process structures, and so on.

Operating systems therefore use kernel-level allocators. A common pattern is:

- a **buddy allocator** for page-sized or power-of-two blocks
- a **slab** or **SLUB** allocator for frequently used fixed-size kernel objects

Why this split exists:

- the buddy system is good at managing physical pages and coalescing neighbors
- slab-style allocators are good for many repeated objects of the same size

Linux is a classic example. Its page allocator and slab-family allocators are central to performance.

### 4.4 User-space allocators

Applications do not normally ask the kernel for every tiny object. That would make system call overhead too high.

Instead, a runtime allocator grabs larger chunks from the OS and then serves smaller requests internally.

This is why a call to `free` may not immediately return memory to the OS. The allocator might keep the region for reuse inside the process.

That surprises many developers:

- your program can free objects
- the language runtime or allocator can mark them reusable
- the OS may still show the process holding substantial memory

Nothing is necessarily wrong. You are seeing the difference between **allocator state** and **OS-visible mappings**.

## 5. Virtual Memory

Virtual memory is one of the most important ideas in operating systems.

### 5.1 What problem it solves

Without virtual memory, programs would need to run against real physical addresses. That creates several problems:

- programs could not be placed anywhere easily
- isolation would be weak or nonexistent
- sharing would be inflexible
- total usable memory would be limited strictly to current RAM
- every pointer inside a program would become tied to physical placement

Virtual memory solves this by giving each process its own **virtual address space** and translating it to physical memory behind the scenes.

### 5.2 The core illusion

Each process behaves as if it has a large, private, contiguous memory region.

Internally, that is false.

- Pages may live in scattered physical frames.
- Some virtual pages may not be loaded yet.
- Some pages may be shared with other processes.
- Some pages may be backed by files.
- Some pages may exist only as a promise that they can be created later.

The illusion is maintained by page tables and hardware translation.

```mermaid
flowchart LR
	subgraph V["Virtual Pages in One Process"]
		V0["Page 0"]
		V1["Page 1"]
		V2["Page 2"]
		V3["Page 3"]
	end
	subgraph P["Page Table"]
		P0["0 -> Frame 9"]
		P1["1 -> Frame 2"]
		P2["2 -> not present"]
		P3["3 -> Frame 15"]
	end
	subgraph R["Physical RAM"]
		F2["Frame 2"]
		F9["Frame 9"]
		F15["Frame 15"]
	end
	V0 --> P0 --> F9
	V1 --> P1 --> F2
	V2 --> P2
	P2 --> D["Disk or file backing"]
	V3 --> P3 --> F15
```

### 5.3 What the hardware sees

The CPU issues a virtual address. The MMU uses page tables to decide:

- which physical frame contains the data
- whether the page is present
- whether the access is read, write, or execute allowed
- whether the fault should trap to the kernel

This is not merely an OS software trick. It is a hardware-supported abstraction.

### 5.4 Why it matters in practice

Virtual memory enables:

- process isolation
- demand paging
- shared libraries
- efficient `fork` using copy-on-write
- memory-mapped files
- page-level protection bits

If virtual memory did not exist, modern desktop and server operating systems would be radically less safe and less flexible.

## 6. Paging

Paging is the most common mechanism used to implement virtual memory.

### 6.1 The basic idea

Physical memory is divided into fixed-size **frames**.

Virtual memory is divided into fixed-size **pages** of the same size.

If page size is 4 KiB, then a virtual page can fit exactly into one physical frame.

That fixed size is the key design choice. It makes mapping simple.

### 6.2 Address structure

A virtual address is usually split into:

- **page number**: which virtual page is being referenced
- **offset**: where inside that page the byte lives

The offset does not change during translation. Only the page number is mapped to a frame number.

If the page size is 4 KiB, the offset is 12 bits because $2^{12} = 4096$.

### 6.3 Why paging exists

Paging solves a major weakness of contiguous allocation.

Because every frame has the same size, the OS can place a process's pages into any free frames. A process no longer needs one large contiguous block of physical RAM.

That means:

- placement is easier
- compaction is less necessary
- external fragmentation in physical placement is drastically reduced

### 6.4 The cost of paging

Paging is powerful, but not free.

- page tables consume memory
- translation adds overhead
- TLB misses hurt performance
- page faults are expensive
- page-sized allocation causes **internal fragmentation**

Internal fragmentation here means a process may use only part of the last page it owns, but the whole page is still reserved.

### 6.5 What a page fault really is

A **page fault** does not automatically mean an error.

It simply means the CPU referenced a virtual page whose current mapping cannot satisfy the request.

That can happen for different reasons:

- the page is valid but not currently in RAM
- the page has not been allocated yet and must be created lazily
- the access violates permissions
- the virtual address is invalid

Only some page faults are bugs. Others are normal parts of execution.

### 6.6 Demand paging

Demand paging means the OS loads a page only when it is actually touched.

Why this is useful:

- program startup is faster
- unused code and data do not consume RAM immediately
- executables and libraries can be larger than the currently loaded footprint

This is why a big application can start without reading every byte of its binary into RAM on day one. Pages are brought in as execution and data access demand them.

### 6.7 Real-world intuition

When a large application launches, the OS often maps the executable and shared libraries into the process immediately, but many pages are only loaded on first use. That is why startup often happens in bursts: map now, fault later, settle into a working set.

## 7. Segmentation

Segmentation is another memory management idea, older and more directly tied to how programmers think about program structure.

### 7.1 The idea behind segmentation

Instead of dividing memory into fixed-size pages, segmentation divides memory into **logical variable-sized regions** such as:

- code segment
- data segment
- stack segment
- heap segment

Each segment has a base and a limit.

To access an address, the hardware can interpret it as something like:

- segment identifier
- offset within that segment

The resulting physical or linear address is based on the segment base plus the offset, as long as the offset stays within the segment limit.

### 7.2 What problem segmentation solves

Segmentation mirrors the logical structure of programs.

That makes some forms of protection and sharing intuitive:

- code can be executable and read-only
- stack can have its own growth behavior
- data can be read-write

### 7.3 The big weakness

Because segments are variable-sized, segmentation tends to suffer from **external fragmentation**. Over time, memory develops holes of inconvenient sizes.

That is the same placement pain contiguous allocation struggles with.

### 7.4 Why modern systems favor paging

Pure segmentation is elegant conceptually, but paging is easier to manage at scale because fixed-size units simplify allocation and replacement.

Modern mainstream systems therefore rely primarily on paging.

On x86-64, Linux and Windows mostly use a **flat segmentation model**, with paging doing the real isolation and mapping work. Segmentation still exists in limited roles, such as certain thread-local storage mechanisms.

### 7.5 Intuition

Think of segmentation as organizing memory by meaning, and paging as organizing memory by manageable block size.

Segmentation matches the programmer's mental model. Paging matches the operating system's operational needs.

## 8. Page Tables and Address Translation

Page tables are the data structures that record how virtual pages map to physical frames.

### 8.1 What a page table entry contains

A **page table entry** (PTE) usually stores:

- the physical frame number
- a present or valid bit
- read/write permissions
- user/supervisor permission
- accessed/reference bit
- dirty bit for writes
- execute disable or no-execute information

These bits are critical. Memory management is not only about *where* data is. It is also about *who may access it and how*.

### 8.2 Why page tables can become huge

Suppose you tried to build one giant flat page table for a large virtual address space. It would consume an enormous amount of memory, even for processes that barely use most of their address range.

That is why modern systems use **multi-level page tables**.

### 8.3 Multi-level page tables

Instead of one massive table, the address is broken into multiple index fields. Each level points to the next level, and only the needed parts are allocated.

That saves memory for sparse address spaces, which is exactly what most real processes have.

```mermaid
flowchart TD
	VA["Virtual address"] --> I4["Level 4 index"]
	VA --> I3["Level 3 index"]
	VA --> I2["Level 2 index"]
	VA --> I1["Level 1 index"]
	VA --> OFF["Page offset"]

	I4 --> L4["Top-level table entry"]
	L4 --> T3["Next-level table"]
	I3 --> T3
	T3 --> L3["Directory entry"]
	L3 --> T2["Next-level table"]
	I2 --> T2
	T2 --> L2["Page-table entry block"]
	L2 --> T1["Final page table"]
	I1 --> T1
	T1 --> PTE["PTE with frame number<br/>and permission bits"]
	PTE --> PA["Physical frame + offset"]
	OFF --> PA
```

This diagram is conceptual, but it matches the core idea used in systems like x86-64.

### 8.4 What a page-table walk costs

If translation required reading several memory locations from RAM every time, memory access would become painfully slow.

That is why the TLB exists.

Without the TLB, a memory access could require:

- one or more memory references for page table traversal
- then the actual memory reference

Address translation would amplify the cost of every load and store.

### 8.5 Hardware and OS responsibilities

The division of labor is important:

- the **OS** creates and updates page tables
- the **hardware MMU** uses them during execution
- page faults trap into the **kernel**, which decides what to do

This is a recurring OS theme: the kernel defines policy and prepares state, while hardware enforces it at high speed.

## 9. TLB (Translation Lookaside Buffer)

The TLB is one of the most performance-critical hidden structures in a computer.

### 9.1 What it is

The **Translation Lookaside Buffer** is a small, fast cache that stores recent virtual-to-physical translations.

Why it exists is simple: page-table walks are too expensive to do on every access.

### 9.2 What a TLB hit means

If the required translation is already in the TLB:

- the CPU can translate quickly
- memory access proceeds with low overhead

If the translation is not there:

- the CPU or MMU performs a page-table walk
- if the page is present, the TLB is updated
- if the page is not present, a page fault occurs

### 9.3 Why TLB misses matter

A program can have excellent algorithmic complexity and still perform badly if it causes many TLB misses.

This happens when memory access patterns have poor spatial or working-set locality.

Examples:

- randomly touching a huge sparse data structure
- traversing memory with poor locality across many pages
- using extremely large working sets across many processes

### 9.4 Real systems and TLB behavior

Linux and Windows both rely heavily on hardware TLBs. They also use mechanisms like ASIDs or PCIDs on supported hardware so context switches do not always require complete TLB flushes.

Large pages or huge pages can also improve **TLB reach**, meaning one TLB entry covers more memory. That can help some workloads, but it also increases allocation rigidity and possible internal waste.

## 10. The Address Translation Pipeline

The whole path from CPU instruction to RAM access is worth seeing as one pipeline.

```mermaid
flowchart LR
	CPU["CPU generates virtual address"] --> TLB{"TLB hit?"}
	TLB -->|Yes| RAM["Access physical memory<br/>through caches and RAM"]
	TLB -->|No| WALK["MMU page-table walk"]
	WALK --> PRESENT{"Page present and permitted?"}
	PRESENT -->|Yes| FILL["Fill TLB entry"]
	FILL --> RAM
	PRESENT -->|No| FAULT["Trap to kernel<br/>page fault handler"]
	FAULT --> RESOLVE["Allocate page, load from disk,<br/>or reject access"]
	RESOLVE --> UPDATE["Update page table and TLB"]
	UPDATE --> RAM
```

### 10.1 Why this pipeline matters

When memory feels slow, the delay may come from very different layers:

- cache miss
- TLB miss
- page-table walk
- major page fault that requires disk I/O
- swap activity

To a developer, all of those can look like "my program is waiting on memory," but the underlying causes differ dramatically.

### 10.2 Minor vs major page faults

In practice, systems often distinguish between:

- **minor page faults**: the page can be resolved without disk I/O, for example by mapping an already-cached page
- **major page faults**: actual I/O is needed to bring data in

That distinction matters because a major fault is far more expensive.

## 11. Page Replacement Algorithms

What happens if a page fault occurs and RAM has no free frame ready to use?

The OS must choose a victim page to evict.

That is the page replacement problem.

### 11.1 The goal

The ideal replacement algorithm would remove the page least likely to be needed soon.

The famous theoretical optimum is to evict the page whose next use is farthest in the future, but that requires perfect knowledge of the future. It is not implementable in real systems.

So real operating systems use approximations.

### 11.2 Common algorithms

#### FIFO

**First In, First Out** evicts the oldest loaded page.

Why it is appealing:

- simple
- low bookkeeping cost

Why it is weak:

- age alone does not predict usefulness
- it can evict heavily used pages
- it can exhibit Belady's anomaly, where giving more frames can paradoxically increase faults

#### LRU

**Least Recently Used** evicts the page not used for the longest time.

Why it is attractive:

- recent past often predicts near future because programs have locality

Why exact LRU is expensive:

- tracking perfect recency on every access is too costly at system scale

So real systems usually use approximations.

#### Clock / Second Chance

Clock-style algorithms approximate LRU using a reference bit.

Roughly:

- pages are arranged conceptually in a circle
- a moving pointer examines candidates
- recently used pages get a second chance
- unreferenced pages are chosen for eviction

This is a practical compromise between quality and overhead.

### 11.3 Replacement flow

```mermaid
flowchart TD
	START["Page fault and no free frame"] --> PICK["Select victim page<br/>FIFO, Clock, LRU approximation"]
	PICK --> DIRTY{"Victim dirty?"}
	DIRTY -->|Yes| WRITE["Write victim to disk or backing file"]
	DIRTY -->|No| REUSE["Reuse frame immediately"]
	WRITE --> REUSE
	REUSE --> LOAD["Load needed page into freed frame"]
	LOAD --> MAP["Update page table"]
	MAP --> TLB["Invalidate or refresh TLB state"]
	TLB --> RESUME["Resume the faulting instruction"]
```

### 11.4 Dirty pages vs clean pages

This distinction is critical.

- A **clean page** can be discarded if it already matches its backing store.
- A **dirty page** has been modified and must be written back before eviction.

That means not all victim choices cost the same. Evicting a clean file-backed page is far cheaper than evicting a dirty anonymous page that must go to swap.

### 11.5 Why page replacement matters in real life

When systems are under memory pressure, page replacement policy strongly affects responsiveness. A bad decision can evict hot pages and create a storm of repeated faults. A better decision preserves the working set and avoids thrashing.

## 12. Swapping

Swapping is closely related to paging, but it is worth separating conceptually.

### 12.1 Historical meaning

Historically, **swapping** often meant moving an entire process out of RAM and bringing it back later.

That existed because RAM was very limited.

### 12.2 Modern meaning

In modern systems, swapping more often means moving individual pages of memory out to a disk-backed swap area or page file.

Examples:

- Linux uses swap partitions or swap files.
- Windows uses the page file.
- macOS uses swap plus aggressive memory compression.

### 12.3 Why swapping exists

Swapping allows the system to keep running even when current memory demand exceeds available RAM.

But it is a last resort from a performance perspective, because disk is vastly slower than RAM.

### 12.4 What low memory looks like in practice

When memory gets tight, a modern OS typically does not immediately swap everything.

It usually tries cheaper options first:

1. reclaim easy free pages
2. drop clean cached file pages that can be re-read later
3. write dirty pages back if needed
4. swap out less-active anonymous pages
5. as pressure worsens, trim working sets more aggressively

If the system starts spending large amounts of time evicting pages only to fault them back in moments later, it enters **thrashing**.

Thrashing means the machine is technically busy but doing little useful work.

### 12.5 Real-world behavior

- **Linux** often reclaims page cache first, then anonymous pages, and if it cannot recover enough memory it may invoke the OOM killer.
- **Windows** uses working-set management and page-file backed paging, and modern versions also use memory compression.
- **macOS** relies heavily on memory compression before heavier swap pressure becomes visible.

From the user's perspective, swapping often looks like: sudden lag, disk activity, long pauses when switching applications, and slow recovery after memory pressure spikes.

## 13. Memory Fragmentation

Fragmentation is one of those ideas that sounds small until it causes a real failure.

### 13.1 External fragmentation

External fragmentation happens when free memory exists, but it is split into pieces that are inconveniently scattered.

Example intuition:

- total free memory = 100 MB
- requested contiguous block = 40 MB
- largest available hole = 20 MB

The request fails even though total free space is larger than the request.

This is a classic problem for contiguous variable-sized allocation.

### 13.2 Internal fragmentation

Internal fragmentation happens when allocated blocks are larger than what the requester actually uses.

Paging introduces this naturally. If you need 1 byte beyond a page boundary, you may need another full page.

Allocators also cause internal waste through size classes and alignment.

### 13.3 Why paging helps but does not eliminate waste

Paging largely removes external fragmentation from the problem of placing memory in physical RAM, because any free frame can hold any page.

But it does not eliminate waste entirely:

- the last page of a region may be partially unused
- page tables themselves use memory
- allocator metadata and size classes waste space inside pages

### 13.4 Real-world developer view

Fragmentation appears in several layers:

- physical page management inside the OS
- kernel object allocation
- process heap allocation
- managed-language heaps

That is why a process can have plenty of total reserved memory and still fail to satisfy a large request efficiently.

## 14. Memory Protection and Isolation

Memory management is also a security and stability system.

### 14.1 Why isolation matters

If one process could freely read or write another process's memory, the system would be unusable.

Isolation protects against:

- accidental corruption
- malicious tampering
- information leakage
- kernel compromise from user code

### 14.2 How it is enforced

Modern hardware and OSes enforce protection using page-level metadata such as:

- read permission
- write permission
- execute permission
- user vs supervisor access
- presence and validity bits

If code violates those rules, the CPU raises an exception and the OS handles it.

### 14.3 Important protection ideas

#### User mode vs kernel mode

User programs run with restricted privileges. Kernel code runs with elevated privileges.

This is not just a social contract. The hardware enforces it.

#### NX or XD bit

Pages can often be marked non-executable. That prevents ordinary data pages from being treated as code, which helps block entire classes of exploits.

#### W^X

Many systems aim for a rule like "writable or executable, but not both" for code-related mappings.

#### Guard pages

Used around stacks and other sensitive regions to detect overflow.

#### ASLR

The OS randomizes memory locations between runs so attackers cannot predict addresses easily.

### 14.4 What goes wrong if this did not exist

One buggy text editor could overwrite your browser's memory. One compromised app could read secrets from unrelated programs. A simple null-pointer or bounds bug could become a whole-machine failure much more often.

Protection is not optional polish. It is the reason multitasking machines are survivable.

## 15. Shared Memory

Isolation is important, but total isolation would make cooperation hard. Sometimes processes need to share data intentionally.

### 15.1 What shared memory solves

Shared memory allows multiple processes to map the same physical pages into their own virtual address spaces.

This is useful for:

- fast inter-process communication
- shared caches
- producer-consumer pipelines
- shared libraries

### 15.2 Why it is fast

Shared memory avoids copying data through repeated kernel-mediated buffers. The same physical memory is visible in more than one process.

That reduces copying overhead and can be much faster than message passing for large data.

### 15.3 The trade-off

Shared memory is fast, but synchronization becomes your problem.

If two processes write the same shared region without coordination, you get race conditions rather than safe cooperation.

So shared memory is usually paired with:

- mutexes
- semaphores
- futexes
- lock-free protocols

### 15.4 Real-world usage

- POSIX systems provide shared memory APIs such as `shm_open` and `mmap`.
- Windows provides section objects and mapped views.
- Shared libraries are one of the most common forms of memory sharing in everyday systems.

## 16. Memory-Mapped Files

Memory-mapped files are one of the most elegant points where file systems and virtual memory meet.

### 16.1 The idea

Instead of calling `read` and copying bytes from the kernel into a user buffer, a process can map a file directly into its virtual address space.

Then file contents can be accessed like memory.

### 16.2 Why this exists

It provides a unified abstraction:

- file data becomes pages
- page faults bring in needed parts lazily
- dirty mapped pages can be written back later

This often reduces copying and simplifies code.

### 16.3 What happens under the hood

When a process maps a file:

- the OS creates virtual mappings
- pages are initially absent or lazily loaded
- touching a mapped page may trigger a page fault
- the kernel brings the corresponding file block into memory, often through the page cache
- the page table is updated so the process can access it

### 16.4 Why it is powerful

Memory-mapped files are useful for:

- large file processing
- databases
- executable loading
- shared read-only data
- IPC through shared mappings

### 16.5 The trade-offs

- access latency can be hidden in page faults
- I/O errors may appear during memory access, not explicit reads
- careless mapping of huge files can create surprising memory pressure
- consistency rules matter when multiple processes map the same file

This is why `mmap` feels magical when used well and dangerous when used casually.

## 17. Kernel Space vs User Space Memory

Not all memory is equally accessible.

### 17.1 User space

User space contains process-private virtual memory where applications run with restricted privilege.

Applications can only access pages that are mapped for them and allowed by permissions.

### 17.2 Kernel space

Kernel space contains memory used by the OS itself.

This includes:

- kernel code and data
- page tables and memory management metadata
- device buffers
- file-system caches
- network buffers
- internal kernel allocators

User code cannot directly access kernel memory in normal operation.

### 17.3 Why the split exists

If user processes could directly modify kernel memory, any program could crash or compromise the entire system.

The user/kernel split creates a protection boundary.

### 17.4 Practical note

System calls are the controlled doorway between user and kernel space.

If an application calls `malloc`, the allocator may eventually request more virtual memory from the kernel. But the application still does not directly manipulate physical memory or kernel-owned structures.

### 17.5 Kernel allocators are different

Kernel memory management has stricter constraints than user space:

- some allocations cannot sleep
- some memory must be physically contiguous for hardware or DMA
- some pages must stay pinned
- bugs are more catastrophic because they affect the whole system

That is why kernel memory management is a separate, highly specialized domain.

## 18. Modern Optimizations Used by Real Systems

Memory management in production OSes is not just basic paging. Modern systems stack optimizations aggressively.

### 18.1 Copy-on-write (COW)

Copy-on-write lets two mappings initially share the same physical pages as read-only. If one side writes, the OS creates a private copy for the writer.

This is extremely important for `fork`.

Without COW, creating a child process would require copying the parent's entire address space immediately. That would be far too expensive.

With COW:

- parent and child initially share pages
- writes trigger a fault
- only modified pages are copied

This makes process creation much cheaper.

### 18.2 Demand-zero pages

When a process asks for new anonymous memory, the OS often does not immediately back every page with unique physical memory.

Pages may be created lazily and initialized to zero on first access.

This saves work and reduces startup cost.

### 18.3 Page cache

The OS keeps file-backed pages in memory as a cache.

This means the same physical memory can serve multiple roles:

- recent file contents
- backing for mapped files
- backing for executable code pages

The page cache is one reason repeated file access often becomes much faster after the first read.

### 18.4 Readahead and prefetch

If the OS detects sequential file access or predictable memory use, it may load pages ahead of time.

This reduces future page faults and I/O latency.

### 18.5 Huge pages

Larger page sizes reduce page-table size and increase TLB reach.

They help some workloads such as large in-memory databases or analytics engines, but they can also increase internal fragmentation and reduce placement flexibility.

### 18.6 Memory compression

Some systems compress less-active memory in RAM before pushing it to disk.

This can be much faster than immediate swapping because CPU time spent compressing may be cheaper than disk I/O.

## 19. Paging vs Segmentation

Both paging and segmentation try to solve memory organization, but they optimize for different concerns.

| Aspect | Paging | Segmentation |
| --- | --- | --- |
| Unit size | Fixed-size pages | Variable-size logical segments |
| Matches programmer mental model | Not directly | Yes, more naturally |
| External fragmentation | Much lower | Higher |
| Internal fragmentation | Present | Less of the fixed-page kind |
| Allocation simplicity | Easier | Harder |
| Protection granularity | Per page | Per segment |
| Modern mainstream use | Dominant | Usually limited or combined |

The short version:

- segmentation feels conceptually elegant
- paging wins operationally for modern general-purpose systems

## 20. Why Developers Should Care

Even if you never write a page table, memory management affects your software constantly.

### 20.1 Memory leaks

A memory leak means memory remains reachable by the OS or allocator even though the program no longer needs it.

Effects include:

- rising memory footprint
- more page faults
- increased pressure on caches and TLBs
- swap pressure under load
- eventual crashes or OOM situations

### 20.2 Poor locality

Programs are faster when they access memory with locality.

- **Spatial locality**: nearby addresses are used close together in time.
- **Temporal locality**: recently used data is likely to be used again soon.

Poor locality hurts:

- CPU caches
- TLB effectiveness
- page replacement behavior

That is why a contiguous array scan often outperforms pointer-heavy random traversal even if both do the same number of high-level operations.

### 20.3 Too many allocations

Frequent small heap allocations can create allocator overhead, fragmentation, synchronization cost, and cache churn.

This is why high-performance systems often use:

- object pools
- arenas
- bump allocators
- custom allocators for hot paths

### 20.4 Stack vs heap choices

Stack allocation is extremely cheap but limited in lifetime and size. Heap allocation is flexible but more expensive.

Deep recursion or very large stack objects can cause stack overflow. Overusing heap allocation can increase pressure and latency.

### 20.5 A simple example

```c
void process(void) {
		int local_counts[256];        // stack: fast, automatic lifetime
		char *buffer = malloc(1<<20); // heap: dynamic, may span many pages

		// use buffer

		free(buffer);
}
```

The programmer sees two variables. The system sees:

- stack pointer movement
- heap allocator bookkeeping
- possibly new page mappings
- page faults when untouched pages are first accessed
- later reclamation behavior that depends on the allocator and OS

### 20.6 Performance intuition

When software slows down under memory pressure, the cause may be one or more of these:

- more cache misses
- more TLB misses
- more page faults
- background writeback of dirty pages
- swap activity
- allocator contention
- a larger working set than RAM can hold comfortably

Knowing the memory system helps you diagnose the slowdown correctly.

## 21. What Happens If the System Runs Out of Useful Memory

This is where abstract ideas become visible to users.

### 21.1 The working set idea

A process's **working set** is the subset of pages it is actively using over a period of time.

If the combined working sets of active processes fit in RAM, the system usually feels responsive.

If they do not fit, page faults increase and performance drops.

### 21.2 Thrashing

Thrashing happens when the system spends more time moving pages in and out than doing useful work.

Symptoms:

- high disk or compression activity
- poor responsiveness
- CPU not necessarily fully utilized in useful computation
- applications stalling during ordinary actions

Thrashing is the practical failure mode of poor memory balance.

### 21.3 Final fallback behaviors

If memory pressure cannot be resolved:

- Linux may trigger the OOM killer
- Windows may heavily trim working sets and lean on the page file
- macOS may compress aggressively and then swap more heavily

At that point, the system is no longer optimizing. It is trying to survive.

## 22. A Coherent End-to-End Example

Consider what happens when you double-click a large application.

1. The executable file is opened.
2. The OS creates a process and sets up its virtual address space.
3. Code pages, data pages, stack, heap, and shared libraries are mapped.
4. Many pages are not loaded yet; they are only marked as potential mappings.
5. The CPU begins executing instructions.
6. The first accesses cause page faults for needed code and data.
7. The kernel loads pages from the executable or initializes anonymous pages.
8. TLB entries are populated as translations are used.
9. As the program runs, its working set stabilizes.
10. If memory pressure rises later, some inactive pages may be evicted or swapped.

This example brings several concepts together:

- virtual memory creates the address space
- paging maps pages to frames
- demand paging delays work until needed
- page faults bring in missing pages
- TLB caches translations
- replacement and swapping handle pressure later

## 23. A Final Mental Model

If you want one compact way to think about memory management, use this:

- **The process sees a private virtual world.**
- **The kernel defines how that world maps to reality.**
- **The MMU enforces the mapping at hardware speed.**
- **RAM holds the currently active pieces.**
- **Disk or file backing stores the rest.**
- **Policies decide what stays, what leaves, and who may touch what.**

Memory management exists because raw physical memory is too messy, unsafe, and limited to expose directly. The OS turns that raw substrate into something programs can rely on: private, protected, shareable, lazily populated, and performance-aware.

That is why memory management is not just one OS topic among many. It is one of the central reasons modern operating systems feel usable at all.