Appendix E: Glossary
Address Space -- The range of virtual addresses a process can use. On x86-64 Linux, user space is typically 0 to 0x7FFFFFFFFFFF (128 TB). Each process has its own address space, isolated by the MMU.
ASLR (Address Space Layout Randomization) -- The kernel loads the stack, heap, shared libraries, and PIE executables at randomized addresses each run. Makes exploitation harder because attackers cannot predict where code or data will be.
brk / sbrk -- System calls that move the "program break" — the boundary of the heap. malloc uses brk for small allocations and mmap for large ones.
BSS (Block Started by Symbol) -- The section of an ELF file for uninitialized global and static variables. Takes no space in the file — the kernel zero-fills it when loading.
Cache Line -- The unit of transfer between cache and main memory. Typically 64 bytes on x86-64. When you access one byte, the CPU loads the entire 64-byte line into cache.
Calling Convention -- The rules for how functions receive arguments and return values. On x86-64 Linux (System V ABI): first 6 integer args in rdi, rsi, rdx, rcx, r8, r9; return in rax.
Context Switch -- When the kernel suspends one process/thread and resumes another. Saves and restores registers, updates page table base (CR3), flushes parts of the TLB.
Copy-on-Write (CoW) -- After fork(), parent and child share the same physical pages marked read-only. On first write, the kernel copies the page so each process gets its own. Saves memory and makes fork fast.
Core Dump -- A file containing the memory image of a crashed process. Generated by signals like SIGSEGV and SIGABRT. Open with gdb program core to inspect the crash state.
Demand Paging -- Pages are not loaded from disk until they are actually accessed. The first access triggers a page fault; the kernel then loads the page from the ELF file or swap.
ELF (Executable and Linkable Format) -- The standard binary format on Linux. Contains headers, sections (compile-time view), and segments (runtime view). See Appendix C.
Frame (Page Frame) -- A physical memory page. The MMU maps virtual pages to physical frames. On x86-64, a standard frame is 4096 bytes.
Frame (Stack Frame) -- The region of the stack belonging to one function call. Contains local variables, saved registers, and the return address. Bounded by rbp (base) and rsp (top).
GOT (Global Offset Table) -- A table of addresses filled in at runtime by the dynamic linker. Used for position-independent access to global variables and functions in shared libraries.
Heap -- The region of memory used for dynamic allocation (malloc/free in C, Box/Vec in Rust). Grows upward from the program break toward higher addresses.
MMU (Memory Management Unit) -- Hardware in the CPU that translates virtual addresses to physical addresses using page tables. Enforces permissions (read/write/execute) and traps invalid access.
mmap -- System call that maps files or anonymous memory into the process address space. Used for shared libraries, large allocations, file I/O, and shared memory between processes.
Page -- The unit of virtual memory. 4096 bytes (4 KB) on x86-64 by default. The MMU translates addresses at page granularity. Large pages (2 MB, 1 GB) are also available.
Page Fault -- A CPU exception triggered when accessing a virtual address that is not currently mapped to a physical frame. The kernel handles it by loading the page, allocating a frame, or killing the process (segfault).
Page Table -- A hierarchical data structure (4 levels on x86-64) that maps virtual pages to physical frames. One per process. See Appendix B for bit-level details.
PTE (Page Table Entry) -- A single entry in a page table. Contains the physical frame number and permission bits (present, read/write, user/kernel, no-execute). See Appendix B.
PIE (Position-Independent Executable) -- An executable compiled so it can be loaded at any address. All modern Linux executables are PIE by default, enabling full ASLR.
PLT (Procedure Linkage Table) -- A set of small stubs that redirect calls to shared library functions. On the first call, the PLT invokes the dynamic linker to resolve the address (lazy binding). Subsequent calls go directly.
Process -- An instance of a running program. Has its own address space, page tables, file descriptors, and one or more threads. Created by fork() or execve().
Register -- A small, fast storage location inside the CPU. x86-64 has 16 general-purpose registers (rax through r15), the instruction pointer (rip), flags (rflags), and SIMD registers (xmm0-15). See Appendix A.
Relocation -- The process of adjusting addresses in object files when the linker combines them into an executable. Necessary because the compiler does not know final addresses when compiling individual files.
Segfault (Segmentation Fault) -- A SIGSEGV signal sent to a process when it accesses memory it is not allowed to (null pointer, freed memory, read-only pages, unmapped addresses). The most common crash in C programs.
Signal -- An asynchronous notification sent to a process. Can be generated by the kernel (SIGSEGV on bad memory access), by another process (kill), or by the terminal (Ctrl+C = SIGINT). See Appendix D.
Stack -- A LIFO memory region used for function calls. Grows downward (toward lower addresses on x86-64). Each function call pushes a stack frame; each return pops it. Each thread has its own stack.
Symbol -- A named entity in an object file: a function, a global variable, or a label. The linker uses symbols to connect references across object files. Inspect with nm or readelf -s.
Syscall (System Call) -- The interface between user-space programs and the kernel. Triggered by the syscall instruction on x86-64. Examples: read, write, mmap, fork, exit.
TLB (Translation Lookaside Buffer) -- A hardware cache inside the CPU that stores recent virtual-to-physical address translations. Avoids walking the page table on every memory access. A TLB miss requires a page table walk.
Undefined Behavior (UB) -- Code whose behavior the language standard does not define. In C: signed overflow, null dereference, buffer overflow, use-after-free. The compiler may assume UB never happens, leading to surprising optimizations.
Virtual Memory -- The abstraction that gives each process its own address space. Virtual addresses are translated to physical addresses by the MMU. Enables isolation, sharing, demand paging, and memory-mapped I/O.