Future Directions For The Future Directions For The Windows CE Operating Windows CE Operating System ArchitectureSystem Architecture
John HatchJohn HatchProgram ManagerProgram Manager
AgendaAgenda
Overview - IntroductionOverview - Introduction
5.0 – Overview5.0 – Overview
6.0 Beta – Overview6.0 Beta – Overview
New FeaturesNew Features
Performance and SizePerformance and Size
CompatibilityCompatibility
Drivers OverviewDrivers Overview
Real-timeReal-time
Windows CE OverviewWindows CE Overview
Targeted to embedded devicesTargeted to embedded devicesPPC, Smartphones, STBs, Thin clients, AutoPC, PPC, Smartphones, STBs, Thin clients, AutoPC, PMC, control panels, robots, etc.PMC, control panels, robots, etc.
BenefitsBenefitsFlexible, adaptable, configurable, smallFlexible, adaptable, configurable, small
Supports ARM, MIPS, SH, x86Supports ARM, MIPS, SH, x86
Real-timeReal-time
Simple driver modelSimple driver model
Power consciousPower conscious
Shared sourceShared source
Tiered licensing modelTiered licensing model
Windows CE OverviewWindows CE Overview
However, Windows CE 5.0 has a memory However, Windows CE 5.0 has a memory model limitationmodel limitation
It only supports 32 processes and 32 MB It only supports 32 processes and 32 MB per processper process
These limitations has now been removed These limitations has now been removed with Windows CE 6.0with Windows CE 6.0
New Virtual Memory ModelNew Virtual Memory Model
CE 5.0 OverviewCE 5.0 Overview
CE 5.0 Memory ModelCE 5.0 Memory Model
Virtual Memory MapVirtual Memory Map2 GB for Kernel 2 GB for Kernel
Single 2 GB mapping for all processesSingle 2 GB mapping for all processesDivided up into 32 MB “slots”Divided up into 32 MB “slots”
32 Process Limit32 Process LimitEach process has one 32 MB slotEach process has one 32 MB slot
32 slots for processes32 slots for processes
Shared memoryShared memoryUpper half of user space is shared memoryUpper half of user space is shared memory
Read/Write by all processesRead/Write by all processes
Windows CE 5.0 Memory ModelWindows CE 5.0 Memory Model
32 Slots for 32 Slots for ProcessesProcesses
SingleSingle2 GB VM2 GB VM
for allfor allProcessesProcesses
2 GB2 GBKernelKernelSpaceSpace
Execution Slot and Execution Slot and Shared DLL SlotShared DLL Slot
Shared Memory
Kernel
Slot 0 – ExecutionSlot 1 – ROM DLLsSlot 2 – Filesys.exeSlot 3 – Device.exeSlot 4 – GWES.exeSlot 5 – Services.exe
Slot 31Slot 32Slot 33
::
Slot 6
Windows CE 5.0 System CallsWindows CE 5.0 System Calls
Thunked calls that cause prefetch Thunked calls that cause prefetch data abortdata abort
Kernel catches the exception Kernel catches the exception Dispatches the kernel to the right serviceDispatches the kernel to the right service
User thread “migrates” into the serviceUser thread “migrates” into the serviceKernel changes the threads permissionsKernel changes the threads permissions
Fixes up the pointersFixes up the pointers
Swaps in the service Swaps in the service
Thread runs in serviceThread runs in service
Returns unwind the operationReturns unwind the operation
Windows CE 6.0 Windows CE 6.0 Beta OverviewBeta Overview
Introducing The New KernelIntroducing The New Kernel
2 GB of Virtual Memory per process2 GB of Virtual Memory per process
32,000 processes32,000 processes
Unified KernelUnified KernelCritical OS components moved into Critical OS components moved into kernel spacekernel space
Improved system performanceImproved system performance
Increased security and robustnessIncreased security and robustness
High degree of backwards compatibilityHigh degree of backwards compatibility
Windows CE 6.0Windows CE 6.0Beta Memory ModelBeta Memory Model
Process CodeUser VM
User VMMemory Mapped files
User DLLs
KernelFilesystem
GWESDrivers
32 K32 KProcessProcess
2 GB2 GBperper
ProcessProcess
2 GB2 GBKernelKernelSpaceSpace
. . .
. . .
User SpaceUser Space
Process space1GB per process
Shared System Heap255 MB
RAM Backed Mapfiles256 MB
User Space 2 GigabytesEach process has its ownmapping
0x00000000
0x80000000
0x40000000
Executable code and dataVM AllocationsFile Back Mapfiles
All DLLs – code and dataSame mapping across all processesData pages are unique physical pagesCode pages are shared
RAM Backed MapfilesMapped at fixed locations for better backwards compatibility
Shared User DLLs512 MB
R/W for OS componentsRead only for user process
Kernel SpaceKernel Space
Static Mapped Cached512 MB
Static Mapped Uncached512 MB
Kernel VM256 MB
Kernel VM(if supported by CPU)
256 MB
Object Store (128 MB)
CPU Specific VM
Kernel Space2 GigabytesFixed mappingindependent of user space
Kernel XIP DLLs (128 MB)
Cached access tophysical memory
Uncached access tophysical memory
All XIP DLLs in kernel
Ram file system & ram registry
Kernel Virtual MemoryShared by all kernel servers and drivers
System Trap Area
0xFFFFFFFF
0x80000000
New OS LayoutNew OS Layout
Moving critical drivers, file system, and Moving critical drivers, file system, and graphical window manager into the kernelgraphical window manager into the kernel
Kernel version of Coredll.dll Kernel version of Coredll.dll Same APIs without the thunksSame APIs without the thunks
BenefitBenefitGreatly reduces the overhead of system calls Greatly reduces the overhead of system calls between these componentsbetween these components
Reduces overhead of all calls from user Reduces overhead of all calls from user space to kernel spacespace to kernel space
Increase code sharing between Increase code sharing between base OS servicesbase OS services
New OS LayoutNew OS Layout
OAL.DLLFILESYS NETWORK
DEVICE.DLLKERNEL.DLL
Applications
SERVICES.EXESHELL
Drivers
Hardware
Boot Loader
COREDLL / WINSOCK / COMMCTRL / WININET / COMMDLG
KernelSpace
UserSpace
KCOREDLL.DLL
ServicesServicesServicesServicesServicesServicesServices
User ModeDrivers
GWES
Kernel Security Kernel Security EnhancementsEnhancements
SecuritySecurity
Early Threat Modeling of the kernelEarly Threat Modeling of the kernelWorking with MS Secure Windows Team Working with MS Secure Windows Team and penetration testersand penetration testers
Double checked design to tighten upDouble checked design to tighten upSystem CallsSystem Calls
HandlesHandles
Exception HandlingException Handling
Memory AllocationMemory Allocation
LoaderLoader
and many other componentsand many other components
Security And Robustness FeaturesSecurity And Robustness Features
Improved parameter validation for system callsImproved parameter validation for system calls
Per-Process Page and Handle tablesPer-Process Page and Handle tablesGreatly improves Process isolationGreatly improves Process isolation
Improves code robustnessImproves code robustness
Secure StackSecure StackSystem calls run on special kernel side stacksSystem calls run on special kernel side stacks
Safe guards system calls from stack tamperingSafe guards system calls from stack tampering
Robust HeapsRobust HeapsHeap control structures separated from heap dataHeap control structures separated from heap data
Safe Remote Heaps for OS componentsSafe Remote Heaps for OS componentsOS servers can open heaps in user processOS servers can open heaps in user process
R/W for servers, R/only for userR/W for servers, R/only for user
Performance optimization and safe from tamperingPerformance optimization and safe from tampering
New FeaturesNew Features
New FeaturesNew Features
Large Memory Mapped File SupportLarge Memory Mapped File SupportSupport for Large Memory Mapped FilesSupport for Large Memory Mapped Files
Up to 64 bit filesUp to 64 bit files
Secure LoaderSecure LoaderEnables of control of EXE and DLL loadingEnables of control of EXE and DLL loading
Virtual Alloc Ex functionsVirtual Alloc Ex functionsMemory management functions for driversMemory management functions for drivers
Marshalling Helper FunctionsMarshalling Helper FunctionsHelper functions for interprocess data marshallingHelper functions for interprocess data marshalling
User Mode UI serviceUser Mode UI serviceDisplays UI in user mode for kernel mode driversDisplays UI in user mode for kernel mode drivers
Monotonic clockMonotonic clockAlways forward going clock independent of user clockAlways forward going clock independent of user clock
Performance And SizePerformance And Size
Performance And SizePerformance And Size
Improvements expected in Improvements expected in process switchingprocess switching
Same performance Same performance Thread SwitchingThread Switching
Memory AllocationMemory Allocation
System CallsSystem Calls
Some slow down with interprocess callsSome slow down with interprocess callsNow involves data marshallingNow involves data marshalling
Size increase is less then 5%Size increase is less then 5%
Current System CallsCurrent System Calls
Application makes callApplication makes call
PSL jumpPSL jump
Kernel Kernel
Validates parametersValidates parameters
Maps Service into Slot 0Maps Service into Slot 0Possible Cache FlushPossible Cache Flush
Calls into to the serviceCalls into to the service
Service Service
Runs Runs
Returns to KernelReturns to Kernel
KernelKernel
Maps App into Slot 0Maps App into Slot 0Possible cache flushPossible cache flush
Returns to AppReturns to App
App Service
Kernel
Windows CE 6.0 Beta Windows CE 6.0 Beta System CallsSystem Calls
Application makes callApplication makes callSame PSL jumpSame PSL jump
App stays mapped during App stays mapped during the callthe call
Kernel Kernel Validates parametersValidates parameters
Calls into to the serviceCalls into to the service
Service Service Runs Runs
Returns directly to the appReturns directly to the app
App
ServiceKernel
CompatibilityCompatibility
Compatibility Compatibility
Binary compatibility for applications is the key goalBinary compatibility for applications is the key goal
The general structure of the OS will be the sameThe general structure of the OS will be the sameWill maintain compatibility in CoreDLL Will maintain compatibility in CoreDLL
Minimize impact on Win32 APIsMinimize impact on Win32 APIs
Changes hidden in API librariesChanges hidden in API libraries
Continue to shared DLL codeContinue to shared DLL code
Well behaved SDK applications Well behaved SDK applications Should work with little or no changesShould work with little or no changes
Apps using undocumented techniques Apps using undocumented techniques Will likely have to be modifiedWill likely have to be modified
Such as passing handles or pointers between processesSuch as passing handles or pointers between processes
Main changes will be in how drivers access client Main changes will be in how drivers access client memorymemory
Some drivers will migrate with little workSome drivers will migrate with little work
CPU RequirementsCPU Requirements
Currently the same as Windows 5.0Currently the same as Windows 5.0ARMV4I and aboveARMV4I and above
MIPSII with sync instructions (ll, sc)MIPSII with sync instructions (ll, sc)
x86x86
SH4SH4
Best performance on CPU’s with Physical Best performance on CPU’s with Physical tagged cachestagged caches
Virtual-tag-cached CPU have performance Virtual-tag-cached CPU have performance penalty and limitation on virtual mappingspenalty and limitation on virtual mappings
Same hardware as 5.0Same hardware as 5.0
Porting Incompatible AppsPorting Incompatible Apps
Some applications will need workSome applications will need workImproper use of handlesImproper use of handles
nonstandard memory usagenonstandard memory usage
Use of some Windows CE specific APIsUse of some Windows CE specific APIs
Remove old tricks and workarounds Remove old tricks and workarounds Such as handle sharing and pointer tricksSuch as handle sharing and pointer tricks
Our verification approachOur verification approachPorted Windows Mobile 5.0 to CE 6.0 BetaPorted Windows Mobile 5.0 to CE 6.0 Beta
Running 5.0 commercial applications Running 5.0 commercial applications on 6.0 Betaon 6.0 Beta
Other PortingOther Porting
Drivers will require some workDrivers will require some workSystem callsSystem calls
Use of worker threadsUse of worker threads
Access to caller’s memoryAccess to caller’s memory
BSP will need some workBSP will need some workNew memory mappingsNew memory mappings
Changes to OAL to support image updatesChanges to OAL to support image updates
Compatibility TesterCompatibility Tester
Identifies removed, deprecated, and Identifies removed, deprecated, and changed APIschanged APIs
Supports both static and runtime analysisSupports both static and runtime analysis
Produces a detail report of any compatibility Produces a detail report of any compatibility issues it findsissues it finds
Includes documentation and suggestionsIncludes documentation and suggestions
We will release it before Windows We will release it before Windows CE 6.0 RTMCE 6.0 RTM
Will allow customers to prepare Will allow customers to prepare ahead of timeahead of time
Drivers OverviewDrivers Overview
DriversDrivers
The overall structure of the drivers The overall structure of the drivers remains the sameremains the same
Main changes are in how the drivers Main changes are in how the drivers access client memoryaccess client memory
No SetKMode or SetProcPermissionsNo SetKMode or SetProcPermissions
Two types of drivers will be supportedTwo types of drivers will be supported
Kernel Mode for performanceKernel Mode for performance
User Mode for robustnessUser Mode for robustness
For full details attend –For full details attend –
WCE030 – Future Directions for the Windows WCE030 – Future Directions for the Windows CE Device Driver Architecture CE Device Driver Architecture
Kernel Mode DriversKernel Mode Drivers
Drivers are loaded in the kernel Drivers are loaded in the kernel space by device.dllspace by device.dll
Have full access to the kernel’s data Have full access to the kernel’s data structures and memorystructures and memory
APIs used do not changeAPIs used do not change
Link to a kernel version of coredll.dll Link to a kernel version of coredll.dll called kcoredll.dllcalled kcoredll.dll
Thin layer for API compatibilityThin layer for API compatibility
Directly links the services together Directly links the services together without thunk layerwithout thunk layer
User Mode DriversUser Mode Drivers
Loaded by udevices.exeLoaded by udevices.exe
Mostly the same APIs as Kernel Mode Mostly the same APIs as Kernel Mode
No access to kernel structures or memoryNo access to kernel structures or memory
Kernel will marshal parameters during Kernel will marshal parameters during system callssystem calls
ExamplesExamplesExpansion buses like USB and SDIOExpansion buses like USB and SDIO
Keyboard and touchKeyboard and touch
Handling CallsHandling Calls
App memory already mapped correctlyApp memory already mapped correctlyCan access it without re-mapping pointersCan access it without re-mapping pointers
Don’t need – these APIs are being removedDon’t need – these APIs are being removedSetProcPermissionsSetProcPermissions
MapPtrToProcess, UnMapPtrMapPtrToProcess, UnMapPtr
Accessing callers memoryAccessing callers memoryCopyIn/CopyOutCopyIn/CopyOut
ReadProcessMemory/WriteProcessMemoryReadProcessMemory/WriteProcessMemory
Virtual Alloc Ex APIsVirtual Alloc Ex APIs
Marshalling Helper LibraryMarshalling Helper LibraryProvides APIs for handling user data Provides APIs for handling user data
OAL ChangesOAL Changes
OAL split from kernelOAL split from kernelMerged into NKLoaderMerged into NKLoader
Enables separate updatesEnables separate updates
Overall OAL structure remains the sameOverall OAL structure remains the sameSame OEM functionsSame OEM functions
Access kernel through kernel interfaceAccess kernel through kernel interface
Changes to the OAL initializationChanges to the OAL initializationMemory mappings for new memory modelMemory mappings for new memory model
Real-TimeReal-Time
Windows CE Is A Real-Time OSWindows CE Is A Real-Time OS
Real time is being able to respond to an Real time is being able to respond to an interrupt in a bounded maximum timeinterrupt in a bounded maximum time
Analysis by OMAC User Group shows that 95% of Analysis by OMAC User Group shows that 95% of real-time applications require between 0.5ms to 10 real-time applications require between 0.5ms to 10 ms respond timems respond time
And tolerate 10% variations, or 50µs to 1ms jitterAnd tolerate 10% variations, or 50µs to 1ms jitter
Interrupt every Interrupt every .5 ms to 10 ms.5 ms to 10 ms
5050µsµs to 1 ms Jitter to 1 ms Jitter
Real-Time KernelReal-Time Kernel
Windows CE achieves real-time by the Windows CE achieves real-time by the design of the kernel and the driversdesign of the kernel and the drivers
The majority of the kernel and driver code The majority of the kernel and driver code can be interruptedcan be interrupted
The uninterruptible parts are small discrete The uninterruptible parts are small discrete units so interrupts can be handled quicklyunits so interrupts can be handled quickly
The length of the largest part is The length of the largest part is biggest latencybiggest latency
Windows CE 6.0 Beta kernel and drivers Windows CE 6.0 Beta kernel and drivers are designed with the same are designed with the same real-time constraintsreal-time constraints
Windows CE Test ResultsWindows CE Test Results
Respond time test using the Respond time test using the following configurationfollowing configuration
Samsung SMDK2410 development boardSamsung SMDK2410 development board
200 MHz ARM with 16x16 cache 200 MHz ARM with 16x16 cache
Windows CE 5.0 with full UIWindows CE 5.0 with full UI
Running a WMV videoRunning a WMV video
Here’s what we got –Here’s what we got –
ISR startsISR starts IST startsIST startsMinimum Minimum 1.21.2 31.731.7Average Average 3.33.3 67.267.2MaximumMaximum 13.313.3 103.0103.0
Time in microseconds (Time in microseconds (µs)µs)
Windows CE 6.0 Beta Real-TimeWindows CE 6.0 Beta Real-Time
The new kernel has the same response The new kernel has the same response times as the current kerneltimes as the current kernel
May even perform slightly better because May even perform slightly better because of reduced system call overheadof reduced system call overhead
Performance between app and kernel will be betterPerformance between app and kernel will be better
Drivers and services in services.exe will be Drivers and services in services.exe will be slightly worseslightly worse
Call To ActionCall To Action
Attend the following talksAttend the following talksWCE032 – Windows CE Real-time ArchitectureWCE032 – Windows CE Real-time Architecture
WCE030 – Future Directions for the Windows CE WCE030 – Future Directions for the Windows CE Device Driver Architecture Device Driver Architecture
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Top Related