Windows® Internals, Sixth Edition, Part 2 полностью

EXPERIMENT: Viewing the Working Set List in the Debugger

You can view the individual entries in the working set by using the kernel debugger !wsle command. The following example shows a partial output of the working set list of WinDbg.lkd> !wsle 7 Working Set @ c0802000 FirstFree 209c FirstDynamic 6 LastEntry 242e NextSlot 6 LastInitialized 24b9 NonDirect 0 HashTable 0 HashTableSize 0 Reading the WSLE data ................................................................ Virtual Address Age Locked ReferenceCount c0600203 0 1 1 c0601203 0 1 1 c0602203 0 1 1 c0603203 0 1 1 c0604213 0 1 1 c0802203 0 1 1 2865201 0 0 1 1a6d201 0 0 1 3f4201 0 0 1 707ed101 0 0 1 2d27201 0 0 1 2d28201 0 0 1 772f5101 0 0 1 2d2a201 0 0 1 2d2b201 0 0 1 2d2c201 0 0 1 779c3101 0 0 1 c0002201 0 0 1 7794f101 0 0 1 7ffd1109 0 0 1 7ffd2109 0 0 1 7ffc0009 0 0 1 7ffb0009 0 0 1 77940101 0 0 1 77944101 0 0 1 112109 0 0 1 320109 0 0 1 322109 0 0 1 77949101 0 0 1 110109 0 0 1 77930101 0 0 1 111109 0 0 1

Notice that some entries in the working set list are page table pages (the ones with addresses greater than 0xC0000000), some are from system DLLs (the ones in the 0x7nnnnnnn range), and some are from the code of Windbg.exe itself.

Balance Set Manager and Swapper

Working set expansion and trimming take place in the context of a system thread called the balance set manager (routine KeBalanceSetManager). The balance set manager is created during system initialization. Although the balance set manager is technically part of the kernel, it calls the memory manager’s working set manager (MmWorkingSetManager) to perform working set analysis and adjustment.

The balance set manager waits for two different event objects: an event that is signaled when a periodic timer set to fire once per second expires and an internal working set manager event that the memory manager signals at various points when it determines that working sets need to be adjusted. For example, if the system is experiencing a high page fault rate or the free list is too small, the memory manager wakes up the balance set manager so that it will call the working set manager to begin trimming working sets. When memory is more plentiful, the working set manager will permit faulting processes to gradually increase the size of their working sets by faulting pages back into memory, but the working sets will grow only as needed.

When the balance set manager wakes up as the result of its 1-second timer expiring, it takes the following five steps:

It queues a DPC associated to a 1-second timer. The DPC routine is the KiScanReadyQueues routine, which looks for threads that might warrant having their priority boosted because they are CPU starved. (See the section “Priority Boosts for CPU Starvation” in Chapter 5 in Part 1.)

Every fourth time the balance set manager wakes up because its 1-second timer has expired, it signals an event that wakes up another system thread called the swapper (KiSwapperThread) (routine KeSwapProcessOrStack).

The balance set manager then checks the look-aside lists and adjusts their depths if necessary (to improve access time and to reduce pool usage and pool fragmentation).

It adjusts IRP credits to optimize the usage of the per-processor look-aside lists used in IRP completion. This allows better scalability when certain processors are under heavy I/O load.

It calls the memory manager’s working set manager. (The working set manager has its own internal counters that regulate when to perform working set trimming and how aggressively to trim.)