## Unit OS5: Memory Management

Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Pola

5.3. Virtual Address Translation

#### Roadmap for Section 5.3.

- From virtual to physical addresses
- Address space layout
- Address translation
- Page directories, page tables
- Page faults, invalid page table entries
- Page frame number database
- Recap: structuring of the memory manager















| Increased Limits in 64-bit<br>Windows |         |         |            |  |
|---------------------------------------|---------|---------|------------|--|
|                                       | Itanium | x64     | x86        |  |
| User Address Space                    | 7152 GB | 8192 GB | 2-3 GB     |  |
| Page file limit                       | 16 TB   | 16 TB   | 4095 MB    |  |
|                                       |         |         | PAE: 16 TB |  |
| Max page file space                   | 256 TB  | 256 TB  | ~64 GB     |  |
| System PTE Space                      | 128 GB  | 128 GB  | 1.2 GB     |  |
| System Cache                          | 1 TB    | 1 TB    | 960 MB     |  |
| Paged pool                            | 128 GB  | 128 GB  | 470-650 MB |  |
| Non-paged pool                        | 128 GB  | 128 GB  | 256 MB     |  |
|                                       |         |         |            |  |
|                                       |         |         |            |  |
|                                       |         |         | 11         |  |





## Address Translation 32-bit Windows Hardware Support Intel x86

Intel x86 provides two levels of address translation

- Segmentation (mandatory, since 8086)
- Paging (optional, since 80386)
- Segmentation: first level of address translation
  - Intel: logical address (selector:offset) to linear address (32 bits)
  - Windows virtual address is Intel linear address (32 bits)
- Paging: second level of address translation
  - Intel: linear address (32 bits) to physical address
  - Windows: virtual address (32 bits) to physical address
  - Physical address: 32 bits (4 GB) all Windows versions, 36 bits (64 GB) PAE
  - Page size:
    - 4 kb since 80386 (all Windows versions)
    - 4 MB since Pentium Pro (supported in NT 4, Windows 2000/XP/2003)

Intel x86 Segmentation Offset Segment Selector Intel 15 31 0 3 2 1 0 Logical RPL Index TI=0 address Intel Linear Addresses **Global Descriptor** Oxffffffff Table (GDT) Access Limit=0xfffff Base Address = 0 Access Limit=0xfffff Base Address = 0 Windows Virtual Addresses 0





## Windows Virtual Memory Use Performance Counters

| Performance Counter               | System Variable                               | Description                                                                                    |
|-----------------------------------|-----------------------------------------------|------------------------------------------------------------------------------------------------|
| Memory: Committed<br>Bytes        | MmTotalCommitedPages                          | Amount of committed private<br>address space that has a backing<br>store                       |
| Memory: Commit<br>_imit           | MmTotalCommit-Limit                           | Amount of memory (in bytes) that<br>can be committed without<br>increasing size of paging file |
| Memory: %Commited<br>Bytes in Use | MmTotalCommittedPages<br>/ MmTotalCommitLimit | Ratio of committed bytes to commit limit                                                       |









- 3 level page table (vs 2 on x86)
  - 43 bit virtual addressing
  - 44 bit physical addressing
- Two TLBs
  - Instruction TLB translates instruction addresses
  - Data TLB translates data addresses
- Each have OS-managed translation registers and hardware managed translation cache
  - OS can insert TLB entries
    - OS decides which slots when inserting into translation registers
    - Hardware decides when inserting into translation cache
  - Itanium: 96 instruction translation cache entries; 128 data translation cache entries













# PTE Status and Protection Bits (Intel x86 only)

| ccessed        | Page has been read                                                                                                             |  |  |
|----------------|--------------------------------------------------------------------------------------------------------------------------------|--|--|
| Cache disabled | Disables caching for that page                                                                                                 |  |  |
| Dirty          | Page has been written to                                                                                                       |  |  |
| Global         | Translation applies to all processes<br>(a translation buffer flush won't affect this PTE)                                     |  |  |
| Large page     | Indicates that PDE maps a 4MB page (used to map kernel)                                                                        |  |  |
| Owner          | Indicates whether user-mode code can access the page of whether the page is limited to kernel mode access                      |  |  |
| Valid          | Indicates whether translation maps to page in phys. Mem.                                                                       |  |  |
| Write through  | Disables caching of writes; immediate flush to disk                                                                            |  |  |
| Write          | Uniproc: Indicates whether page is read/write or read-only;<br>Multiproc: ind. whether page is writeable/write bit in res. bit |  |  |





## In-Paging I/O due to Access Faults

- Accessing a page that is not resident in memory but on disk in page file/mapped file
  - Allocate memory and read page from disk into working set
- Occurs when read operation must be issued to a file to satisfy page fault
  Page tables are pageable -> additional page faults possible
- In-page I/O is synchronous
  - Thread waits until I/O completes
  - Not interruptible by asynchronous procedure calls
- During in-page I/O: faulting thread does not own critical memory management synchronization objects

Other threads in process may issue VM functions, but:

- Another thread could have faulted same page: collided page fault
- Page could have been deleted (remapped) from virtual address space
- Protection on page may have changed
- Fault could have been for prototype PTE and page that maps prototype PTE could have been out of working set

## Other reasons for access faults

- Accessing page that is on standby or modified list
  - Transition the page to process or system working set
- Accessing page that has no committed storage
  Access violation
- Accessing kernel page from user-mode
  Access violation
- Writing to a read-only page
  - Access violation















Windows Research Kernel sources

- \base\ntos\mm Memory manager
- \base\ntos\inc\mm.h additional structure definitions