A program sitting on disk is inert—a sequence of bytes containing instructions and data, but doing nothing. The operating system's program execution services transform this static artifact into dynamic computation. This transformation involves loading the program into memory, allocating resources, creating execution contexts, and managing the program's lifecycle from start to termination.

Program execution is perhaps the most fundamental service an operating system provides. Without it, every other OS capability—file systems, networking, user interfaces—would be meaningless, as there would be no programs to use them. Understanding how programs execute reveals the core mechanisms that make computing possible.

When you launch a program—by double-clicking an icon, typing a command, or calling an API—the operating system executes a sophisticated loading sequence. This program loader is responsible for preparing the executable for execution.

Phase 1: Executable file parsing

Executable files aren't raw machine code. They're structured containers with metadata describing how to load and run the program. Common executable formats include:

• ELF (Executable and Linkable Format): Linux, BSD, many Unix systems
• PE (Portable Executable): Windows
• Mach-O (Mach Object): macOS, iOS

Each format encodes:

• Header information (entry point, CPU architecture, OS requirements)
• Program segments (code, data, read-only data)
• Symbol tables (for debugging and dynamic linking)
• Relocation information (for position-independent code)
• Dynamic linking requirements (shared libraries needed)

Phase 2: Memory allocation and mapping

After parsing the executable header, the loader allocates virtual memory regions and maps segments:

1. Virtual address space creation: The OS creates a new address space for the process
2. Segment mapping: Each loadable segment is mapped to its specified virtual address
3. Permission setting: Memory regions are marked with appropriate permissions (read, write, execute)
4. BSS allocation: The .bss segment (uninitialized data) is allocated and zero-filled

Memory layout of a typical process:

High Memory
┌─────────────────────────────────────────────────┐
│              Kernel Space                        │ (Not accessible from user mode)
├─────────────────────────────────────────────────┤ ← 0xFFFF...
│                Stack                             │ ↓ Grows down
│         (Local variables, return addresses)     │
├─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─┤
│              (Unused space)                      │
├─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─┤
│                Heap                              │ ↑ Grows up
│         (Dynamic memory allocation)             │
├─────────────────────────────────────────────────┤
│              BSS Segment                         │ (Uninitialized data)
├─────────────────────────────────────────────────┤
│              Data Segment                        │ (Initialized global variables)
├─────────────────────────────────────────────────┤
│              Text Segment                        │ (Program code - read/execute)
├─────────────────────────────────────────────────┤ ← Entry point (e.g., 0x400000)
│         Memory-mapped files                      │ (Shared libraries, mmap'd files)
└─────────────────────────────────────────────────┘
Low Memory                                          ← 0x0000...

Most programs don't exist in isolation—they rely on shared libraries (.so on Linux, .dll on Windows, .dylib on macOS) that provide common functionality. Dynamic linking resolves these dependencies at runtime, enabling:

• Memory efficiency: One copy of libc in memory serves all programs
• Smaller executables: Common code lives in shared libraries
• Independent updates: Library updates benefit all programs without recompilation
• Modularity: Functionality can be loaded on demand

How dynamic linking works:

The executable contains a PT_INTERP program header specifying the dynamic linker (/lib64/ld-linux-x86-64.so.2 on Linux). When the kernel loads the executable, it actually starts the dynamic linker first, which then:

1. Loads the executable's dependent shared libraries
2. Recursively loads dependencies of those libraries
3. Resolves symbol references between libraries
4. Performs relocations (adjusting addresses)
5. Transfers control to the program's entry point

Lazy binding and the PLT/GOT:

To avoid the overhead of resolving all symbols at startup, most systems use lazy binding. External function calls go through the Procedure Linkage Table (PLT), which initially points to resolver code. On first call, the resolver finds the actual function address, updates the Global Offset Table (GOT), and jumps to the function. Subsequent calls go directly through the GOT.

First call to printf():
┌─────────────┐    ┌─────────────┐    ┌─────────────┐    ┌─────────────┐
│  call PLT   │ →  │ PLT stub    │ →  │ Resolver    │ →  │ Updates GOT │
│  entry      │    │ (indirect)  │    │ finds printf│    │ with address│
└─────────────┘    └─────────────┘    └─────────────┘    └─────────────┘
                                                                 │
                                                                 ▼
                                                         ┌─────────────┐
                                                         │   printf()  │
                                                         │   in libc   │
                                                         └─────────────┘

Subsequent calls:
┌─────────────┐    ┌─────────────┐    ┌─────────────┐
│  call PLT   │ →  │ PLT stub    │ →  │   printf()  │  (GOT already resolved)
│  entry      │    │ (indirect)  │    │   in libc   │
└─────────────┘    └─────────────┘    └─────────────┘

Every running program exists as a process—an instance of a program in execution with its own resources. The operating system provides system calls to create new processes, each with subtly different semantics across platforms.

The fork-exec model (Unix/Linux):

Unix-like systems use a two-step process creation model:

1. fork(): Create an exact copy of the current process
2. exec(): Replace the copied process's memory with a new program

This separation provides remarkable flexibility:

• Set up the child's environment between fork and exec
• Redirect file descriptors (for pipes, I/O redirection)
• Change working directory, user ID, resource limits
• The child can perform work without exec (worker processes)

Copy-on-Write (COW) optimization:

Naively, fork() would need to copy the entire address space of the parent—potentially gigabytes of memory—just to throw it away at exec(). Modern systems use Copy-on-Write:

1. At fork, child shares all memory pages with parent (marked read-only)
2. When either process writes, the OS traps the write
3. Only then is the specific page copied
4. After exec, the old pages are simply discarded

This makes fork nearly instantaneous regardless of process size.

Before fork:
┌─────────────────────┐
│  Parent Process     │
│  Pages: [A][B][C]   │  (Writable)
└─────────────────────┘

After fork (COW):
┌─────────────────────┐    ┌─────────────────────┐
│  Parent Process     │    │  Child Process      │
│  Pages: [A][B][C]   │ ── │  Pages: [A][B][C]   │  (Both read-only, shared)
└─────────────────────┘    └─────────────────────┘

After parent writes to page B:
┌─────────────────────┐    ┌─────────────────────┐
│  Parent Process     │    │  Child Process      │
│  Pages: [A][B'][C]  │    │  Pages: [A][B][C]   │  (B copied, parent has B')
└─────────────────────┘    └─────────────────────┘

Windows process creation:

Windows uses a different model with CreateProcess(), which combines loading and execution in a single call:

BOOL CreateProcess(
    LPCTSTR lpApplicationName,    // Executable path
    LPTSTR lpCommandLine,          // Command line arguments
    LPSECURITY_ATTRIBUTES lpProcessAttributes,
    LPSECURITY_ATTRIBUTES lpThreadAttributes,
    BOOL bInheritHandles,          // Handle inheritance
    DWORD dwCreationFlags,         // Creation flags
    LPVOID lpEnvironment,          // Environment block
    LPCTSTR lpCurrentDirectory,    // Working directory
    LPSTARTUPINFO lpStartupInfo,   // Window settings
    LPPROCESS_INFORMATION lpProcessInformation  // Output
);

This is more complex but allows setting all attributes in a single call. However, it's less flexible than fork-exec for scenarios like setting up pipes between processes.

When a program runs, the OS maintains extensive state on its behalf. This execution context includes everything needed to pause and resume the program—essential for multitasking.

Components of execution context:

1. CPU Registers: Program counter, stack pointer, general-purpose registers
2. Memory Mappings: Virtual-to-physical address translations, page tables
3. File Descriptors: Open files, sockets, pipes, devices
4. Signal Handlers: Custom handlers for signals/exceptions
5. Credentials: User ID, group ID, capabilities
6. Resource Limits: Maximum CPU time, memory, open files
7. Scheduling State: Priority, CPU affinity, time slice remaining
8. Accounting Information: CPU time used, I/O statistics

Context switching:

When the OS switches from one process to another, it must:

1. Save outgoing context: Store all CPU registers to the process's memory
2. Update memory mapping: Switch page tables (CR3 on x86)
3. Restore incoming context: Load saved registers for the new process
4. Resume execution: Jump to the saved instruction pointer

Context switching is expensive—typically 1-10 microseconds depending on the amount of state. This overhead is why excessive process switching hurts performance and why thread switching (which shares address space) is faster.

Every program eventually terminates—either by choice (normal exit) or by force (signals, crashes). The OS must ensure orderly cleanup regardless of how termination occurs.

Termination mechanisms:

1. Normal exit: Program calls exit() or returns from main()
2. Exit with status: Program calls exit(code) with exit status
3. Abort: Program calls abort() for abnormal termination
4. Signal termination: External signal (SIGTERM, SIGKILL) terminates process
5. Exception: Unhandled error (segmentation fault, divide by zero)
6. Killed by OOM: Out-of-memory killer terminates process to recover memory

OS cleanup on process termination:

When a process terminates, the OS performs extensive cleanup:

1. Close open file descriptors: All files, sockets, pipes closed
2. Release memory: All virtual memory pages freed
3. Release locks: File locks, shared memory locks released
4. Notify parent: SIGCHLD sent to parent process
5. Reparent children: Orphaned children adopted by init (PID 1)
6. Record exit status: Status code stored for parent to collect
7. Release process resources: PCB retained until parent calls wait()

The zombie problem:

After a process terminates, it enters the 'zombie' state—its resources are freed but its PCB remains so the parent can retrieve the exit status. If the parent never calls wait(), zombies accumulate. This is why proper process management is essential in long-running servers.

The OS controls what can execute and with what privileges. This security layer prevents unauthorized code execution and limits the damage from compromised programs.

File execution permissions:

On Unix-like systems, files must have the execute permission bit set:

$ ls -l /bin/ls
-rwxr-xr-x 1 root root 142144 Jan 15 10:00 /bin/ls
   ^  ^  ^
   │  │  └─ Others can execute
   │  └──── Group can execute
   └─────── Owner can execute

The OS kernel checks these permissions before loading an executable. Without execute permission, the program won't run regardless of its content.

Privilege elevation mechanisms:

Sometimes programs need elevated privileges temporarily:

setuid/setgid bits: When these special permission bits are set, the program runs with the file owner's privileges rather than the invoking user's. For example, /usr/bin/passwd is setuid root so normal users can change their passwords (which requires writing to /etc/shadow).

$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 59976 /usr/bin/passwd
   ^
   └─ 's' indicates setuid bit

Capabilities (Linux): Fine-grained privileges that can be granted to executables without full root access. Instead of "all or nothing," capabilities like CAP_NET_BIND_SERVICE (bind to ports < 1024) can be granted individually.

sudo/UAC: User-level privilege elevation with authentication, logging which user ran what command with elevated rights.

We've traced the complete journey of program execution—from static bytes on disk to dynamic, running processes. Let's consolidate the key insights:

What's next:

With program execution covered, we'll explore I/O Operations—how the OS abstracts diverse hardware devices into a uniform interface for reading and writing data. This includes everything from reading files to network communication.