Computer Operating Systems

Processes and threads

A process is the main unit of resource ownership and isolation. A thread is the main unit scheduled by the CPU. The useful learning questions are: who owns the address space, who gets scheduled, and where synchronization cost appears.

Process

• Owns an independent virtual address space, file descriptors, permission context and resource limits.
• Process switching usually touches page tables, registers and kernel context, so it is more expensive than a thread switch.
• In security triage, parent-child relationships, launch arguments, tokens and file paths are often used to judge whether behavior is expected.

Thread

• Threads in one process share memory and most resources, but keep their own stacks, registers and scheduling state.
• Threads are useful for concurrency, but shared memory introduces races, deadlocks and consistency problems.
• When investigating high CPU, hangs or crashes, thread stacks, lock waits and syscall states can be more useful than the process name alone.

Study checkpoints

1. Explain process isolation versus shared thread resources. 2. Explain why context switches have cost. 3. Use logs or a process tree to judge whether behavior matches expectations. 4. Describe what locks, semaphores and condition variables are meant to solve.