Gecko-Analytics

Wednesday, August 20, 2008

Windows Memory Model and Its Inner Workings

As a .Net Developer one must know what is going on under the Code how one must learn following fundamental things

1. How the Memory Architecture is organized?

2. How Windows Allocates Memory to the Programs?

3. How the Addressing Works in a 32-bit environment?

I’ll start by defining few fundamental concepts that you must know in-order to understand the Windows Memory Model

What is Stack?

Stacks in computing architectures are regions of memory where data is added or removed in a Last-In-First-Out manner.

Stack is used primarily for allocating memory to the “Value Types”

Stacks are faster than Heap and can increase the performance. One another advantage is that memory allocated on Stack can be reclaimed automatically which relives the programmer from Memory Management.

Disadvantage of Stack is that it is very small in Size so not a lot of data can be allocated on Stack allocating more data can result in overflow and results into crash.

What is Heap?

Heap is also a computing architecture of memory where “Reference Types” is allocated memory dynamically.

Memory is allocated on Heap explicitly by a Programmer by using the keyword new in most modern languages.

In C\C++ that memory allocated using new or malloc() has to be freed explicitly by programmer otherwise memory leaks can occur, But in .Net and Java this work is done by the Garbage Collector.

Allocation heap creates extra overhead for release other memory so performance seems decreasing sometimes.

Segmented Memory Architecture:

Early PCs based on Intel 8086/8088 microprocessors could access only 640K of RAM and used the segmented memory model. In the segmented model, the address space is divided into segments, The 8086 processor had fixed base address and Fixed size of Segment typically 64K.When a Program needs to address more memory than this it uses Different Memory Models like Tiny, Small, Medium, Large, Huge (Can be found in Turbo C++ 3.0) this models just use more than one segment to allocate memory to a program.

Flat Memory Architecture:

Windows NT offers programmers a 32-bit flat address space. The memory is not segmented; rather, it is 4GB of continuous address space. It was implemented on Intel 80386 microprocessor.

Intel 80386 is a 32-bit processor; this implies that the address bus is 32-bit wide, and the default data size is as well. Hence, 4GB (232 bytes) of physical RAM can be addressed by the microprocessor.

Let’s see how Windows NT and Intel 80386 provided flat Address Space

The 80386 processor enables the operating system to load the segment register once and then specify only 32-bit offsets for subsequent instructions. This is exactly what Windows NT does. Windows NT initializes all the segment registers to point to memory locations from 0 to 4GB, that is,

The base is set as 0 and the limit is set as 4GB. The CS, SS, DS, and ES are initialized with separate segment descriptors (In memory addressing for Intel x86 computer architectures, segment descriptors are a part of the segmentation unit, used for translating a logical address to linear address. Segment descriptors describe the memory segment referred in the logical address) all pointing to locations from 0 to 4GB. So now the applications can use only 32-bit offset, and hence see a 32-bit flat address space. A 32-bit application running under Windows NT is not supposed to change any of its segment registers.

VIRTUAL MEMORY:

Idea behind virtual memory is that RAM is expensive memory and not all Processes can have the amount of RAM required by them so the memory is allocated on Secondary storage which is relatively cheaper and bigger than RAM. It reduces the performance of the application and increases the responsiveness of the OS.

To implement virtual memory management, Windows NT needs to maintain a lot of data. First, it needs to maintain whether each address is mapped to physical RAM or the data is to be brought in from secondary storage when a request with the address comes. Maintaining this information for each byte itself takes a lot of space (actually, more space than the address space for which the information is to be maintained). So Windows NT breaks the address space into 4KB pages and maintains this information in page tables. A page table entry (PTE) consists of the address of the physical page (if the page is mapped to physical RAM) and attributes of the page. Since the processor heavily depends on PTEs for address translation, the structure of PTE is processor dependent.

If a page is not mapped onto physical RAM, Windows NT marks the page as invalid. Any access to this page causes a page fault, and the page fault handler can bring in the page from the secondary storage. To be more specific, when the page contains DLL code or executable module code, the page is brought in from the DLL or executable file. When the page contains data, it is brought in from the swap file. When the page represents a memory-mapped file area, it is brought in from the corresponding file. Windows NT needs to keep track of free physical RAM so that it can allocate space for a page brought in from secondary storage in case of a page fault. This information is maintained in a kernel data structure called the Page Frame Database (PFD). The PFD also maintains a FIFO list of in-memory pages so that it can decide on pages to throw out in case of a space crunch.

Before throwing out a page, Windows NT must ensure that the page is not dirty. Otherwise, it needs to write that page to secondary storage before throwing it out. If the page is not shared, the PFD contains the pointer to PTE so that if the operating system decides to throw out a particular page, it can then go back and mark the PTE as invalid. If the page is shared, the PFD contains a pointer to the corresponding PROTOPTE entry. In this case, the PFD also contains a reference count for the page. A page can be thrown out only if its reference count is 0. In general, the PFD maintains the status of every physical page.

VIRTUAL ADDRESS DESCRIPTORS:

Whenever a process needs to be loaded into Memory Block for Example –A DLL in Windows NT is required to load in its own Virtual Address Space, it searches for free address block and allocates memory there and updates the Page Table. For each process Windows maintains a Separate Page Table. In Windows Page Tables consists of 1 million Pages and 4 Bytes Page Table Entry each. Hence each table is of size 4MB RAM! So there can be problem for memory allocation to them so to solve the problem Page Tables can be swapped to secondary storage to save precious RAM

Summary

We discussed the memory management of Windows NT from three different perspectives. Memory management offers programmers a 32-bit flat address space for every process. A process cannot access another process’s memory or tamper with it, but two processes can share memory if they need to. Windows NT builds its memory management on top of the memory management facilities provided by the microprocessor. The 386 (and above) family of Intel microprocessors provides support for segmentation plus paging. The address translation mechanism first calculates the virtual address from the segment descriptor and the specified offset within the segment. The virtual address is then converted to a physical address using the page tables. The operating system can restrict access to certain memory regions by using the security mechanisms that are provided both at the segment level and the page level.

Windows NT memory management provides the programmer with flat address space, data sharing, and so forth by selectively using the memory management features of the microprocessor. The virtual memory manager takes care of the paging and allows 4GB of virtual address space for each process, even when the entire system has much less physical memory at its disposal. The virtual memory manager keeps track of all the physical pages in the system through the page frame database (PFD). The system also keeps track of the virtual address space for each process using the virtual address descriptor (VAD) tree.

Real Time Analytics