这篇文章是继文章Windows Embedded CE 6.0 Internals (1)的。内存这块一直是让人头痛的东西,因为比较复杂,但是我们却需要经常与其打交道——内存泄漏、异常定位、程序优化等等。这篇文章以及后续的文章我试着能够刨根问底。
5.内存构架
内存的种类
1.Random Access Memory (RAM)
Random access memory can be read or written directly at any address. There are various types of RAM that are differentiated by the underlying hardware technology used to implement them. However they all share the ability to be read or written directly at any random address. RAM memory is volatile, the contents are only maintained as long as power is not lost.
2.Read Only Memory (ROM)
Read Only Memory typically refers to memory that can be read just like RAM, but not written directly. Most ROM used today can be rewritten using a software algorithm, and is often called Flash ROM. Data stored in ROM is nonvolatile, and remains valid even after power is removed. ROM is sometimes used to refer to any kind of memory that is nonvolatile, even if it is not randomly accessible (e.g. paged memory).
3.Paged Memory
Some memory technologies are not randomly accessible. These memory technologies must be read and written in blocks. A CPU typically requires memory that it executes code from to be randomly accessible, so Paged memory can’t be used as a medium to execute code. This type of memory is often used for bulk nonvolatile storage, and includes NAND technology.(存储在NAND Flash中的镜像在执行时被拷贝到RAM中。而NOR Flash是支持XIP的,这也是NAND和NOR的主要区别。)
虚拟内存架构
1.虚拟内存
Windows Embedded CE 6.0使用单一的32位(4G)平坦模式虚拟内存寻址空间。
这样可以高效的、保护的使用物理内存。
2.虚拟寻址
有几个概率需要澄清,首先是▲物理内存是被内存管理单元(MMU)拥有的,当然处理器得有MMU,不然没法跑起来CE 6.0。
▲把虚拟内存转换为物理内存是MMU的工作。
▲一个有效的虚拟内存必须是已经映射到物理内存的。
▲操作系统中近乎所有地址都是虚拟地址,进程不允许直接访问物理地址,物理地址必须首先映射到虚拟地址上,不管是静态映射还是动态映射。
下图是静态映射的例子,CE 5.0版本和6.0版本映射图是相同的。那么有个问题:为什么要静态映射?仅仅动态映射不是很好嘛?
因为动态映射需要时间,当一个页错误异常发生时,MMU需要时间把这个虚拟内存映射到真正的物理内存上,这可能导致系统崩溃,因为在实时中断时页错误是不允许的。静态映射就是解决这些问题。
3.物理寻址
在什么情况下需要物理寻址?跟Windows桌面系统一样:在系统上电之后、MMU启动之前。另外Bus Mastering组件(比如DMA控制器)也会用到物理寻址。
虚拟内存总览
下图是Windows CE 5.0的4GB虚拟内存分布图,每个进程单独的内存是32MB,当前系统最多只允许存在32个进程。
下图是5.0各个进程的内存发布以及具体一个进程内部的内存发布,从右边的图可以看出,DLL存放的位置从高地址向下扩展,而EXE的位置从低地址向高地址扩展,当相遇时就会报地址不足错误。这也是5.0不足的地方。另外nk.exe比较特殊,总是运行在Slot 97位置。
下图是Windows Embedded CE 6.0的4GB虚拟内存分布图,每个进程现在都有2GB的虚拟地址,抛弃了原来的按Slot分配的方式,而是只要你需要你就可以创建内存。关于更详细的请见下面的内核态和用户态地址空间。
内核态地址空间
内核地址空间位于虚拟地址空间的较高的2GB,对于所有进程在任何时候它都是存在的。相比来说每个进程所具有的较低的2GB用户态地址空间相互之间是隔离的。
▲CPU Specific VM
▲Kernel VM(if supported by CPU) 256 MB
▲Kernel VM 256 MB
▲Object Store 128 MB
▲Kernel XIP DLLs 128 MB
▲Static Mapped Uncached 512 MB
▲Static Mapped Cached 512 MB
用户态地址空间
▲Shared System Heap 255 MB
▲RAM Backed Mapfiles 256 MB
RAM backed map files are memory mapped file objects that do not have an actual file underneath them. This region provides backward compatibility for applications that used RAM-backed map files for cross-process communication, expecting all processes to map views at the same virtual address. Every process that opens the same RAM backed memory mapped file will get the same pointer value. File backed memory mapped files will be allocated from the virtual memory area of the process, and differ for each process.
▲Shared User DLLs 512 MB
When a process initializes, the OS maps the following DLLs and memory components: DLLs and ROM DLL read/write sections are loaded bottom up starting at 1GB. DLLs are controlled by the loader, which loads all the DLLs at the same address for each process.
▲Process Space 1024 MB
The stack, the heap, and the executable (.exe) file are created and mapped from the bottom up starting at 64KB. Virtual memory allocations occur in the first 1GB after the executable code and data. The bottom 64 KB of memory always remains free.
程序的内存
一个进程至少有一个默认的堆,每个线程都有一个栈。
1.堆
堆被作为应用程序主要的内存使用。堆分为以下几种:
▲Local Heap (Default)
Each application has a default, or local, heap created by the OS when an application launches. By default, Windows Embedded CE 6.0 initially reserves 64 KB of virtual memory for the local heap, but only commits the pages as they are allocated. If the application allocates more than the 64 KB in the local heap, the system allocates more virtual memory by using VirtualAlloc to fulfill the request for memory. (第一次系统默认给应用程序堆的大小事64K,当超过这个大小时,系统使用VirtualAlloc分配更多的内存来满足你的需求。)
▲Private Heap
An application can also create any number of separate heaps. These private heaps have the same properties as the local heap but are managed through a separate set of heap functions. You can specify the maximum or initial size when creating private heaps.(这系列堆函数是HeapCreate, HeapAlloc, HeapFree, HeapReAlloc, HeapSize等。)
▲Shared Heap
Shared heaps allow for efficient data transfer from kernel mode components to user processes. Shared heaps are writeable to kernel components, and read only to user processes. Shared heaps are located in a system wide area at the top of the user address space, and visible to all user processes. Therefore you should not put any sensitive data in a shared heap.(上图用户态地址空间中红色部分即是,它对于内核是可写的,但对于用户态进程是只读的。)
▲Remote Heap
Remote heaps are a new feature of WindowsCE Embedded 6.0. A remote heap allows a server and client process to share memory safely. The server process creates and has full access to the remote heap, while the client process can read and optionally write to it. The client process can’t destroy the heap metadata.(为了更好的满足客户端/服务器端通信而产生的。)
2.栈
Storage area for variables referenced in a program.
3.Heap Walker工具
下图是Windows Mobile 6.0 Prefessional模拟器的堆截图:
Each process has at least one heap, with the HF32_DEFAULT flag. This is the local heap that is created for every process. Notice some processes have more heaps (unnamed), these are private heaps that the process chose to create. Fixed means they are in use. Free means that they can be reused. BigBlock is a region of memory that was allocated outside the heap due to its size. Notice that BigBlock areas are created on 64KB boundaries, that is the granularity of the low level memory allocation APIs.(内存分配的粒度是64K,这是编程时应该注意的问题,负责会造成内存浪费。)
Target Control工具
安装了Platform Builder插件的Visual Studio 2005 SP1可以从Target->Target Control打开Windows CE命令提示符窗口。在命令提示符后键入'mi’即可以看到内核和单独进程的内存信息。比如mi ["kernel","full"], kernel代表列出内核内存详细信息,full代表列出全部内存信息。
下图示出进程HeapTest1.exe的内存信息,内存信息具体的含义见后面的解释。
<blank> A blank space indicates a virtual page that is not currently allocated. Does not require a physical page.
- Reserved but not in use. Indicates a virtual page that is currently allocated but not mapped to any physical memory. Does not require a physical page.
C Code pages in ROM. Does not require a physical page.
c Code pages in RAM. Requires a physical page.
S Indicates a virtual page that holds a stack. Requires a physical page.
P Peripheral memory (pages used to map target device memory by using VirtualAlloc). Indicates a virtual page that is used to map a range of hardware addresses. Does not require a physical page. Peripheral memory may include frame buffer memory.
W Indicates a virtual page that holds read-write data. Requires a physical page. Read-write pages include global variables as well as dynamically allocated memory.
O Indicates a virtual page that is used by the object store. Requires a physical page. Should only appear in the Filesys process.
? Contents unknown.
r Read-only data pages in RAM. Requires a physical page. Read-only data primarily comes from data items that are declared as a const type in the source code.
R Read-only data pages in ROM. Does not require a physical page. Read-only data primarily comes from data items that are declared as a const type in the source code.
Note: For CPUs such as ARM and SHx that do not distinguish between read-only and executable code pages in hardware, use R(r) to represent both data and code.