Window Internal 读书笔记

简介:

Chapter 1

Virtual Memory
    The size of the virtual address space varies for each hardware platform ... The mappings of the lower half change to(change是什么意思?从句意来看应该是:mappings变成(变化/改变成等等)to refect...,作者可能想在这里表达一种意思,mappings以前还有其它作用,但是随着事情的发展,现在它仅是to refect...) reflect the virtual address space of ...
Address Windowing Extension (AWE)
    Although 3 GB is better than 2 GB,... To address(解决) this need...Address Windowing Extension (AWE),...Although using AWE puts the burden of... than can be mapped at any one time in a 32-bit process address space(最后一句话说明AWE的优点和缺点,缺点是增加了管理虚拟内存映射到物理内存的管理工作,优点是能够直接访问更大的物理内存(至少逻辑上如此)). 
Kernel Mode vs. User Mode
    这二者的区别主要在于对CPU的访问上,Kernel Mode能够访问所有CPU指令和系统内存,且它的优先级高,Ueser Mode则不可以,这是为了防止应用程序非法访问/修改OS的数据,是OS崩溃。
x86架构的CPU共有四个级别(lever0~3或ring0~3),OS的kernal mode 使用0,application 使用3,1/2不用是因为有些硬件仅支持这两个级别
   Each page in virtual memory is tagged as to what access mode the processor must be in to read and/or write the page. 这句话怎么翻译?what access mode充当一个名词,the prcessor must be int what access mode to...。这句话想说的是“cpu读/写页会处于一种模式(kernal/user),这个模式被标记在页内存中”。另外,对于一个进程的virtual memory space有两部分,system space can be only accessed only from kernal mode, user space can be accessed from kernal mode and user mode.   Read-only page are not writalbe from any mode.
    Component running in kenal mode can access private system memory space, it can bypass windows' security(to memory), OS does not the space in this case. 这也是windows驱动签名机制的原因之一.
    User application makes a system service call, for example-ReadFile function, the routine must run in kernal mode. The transition from user mode to kernal mode 'by the use of a special processor instruction'(通过一个专门的cpu指令-陷阱指令)。
    The operating system 'traps this instruction'(这里的traps应该是动词,怎么翻译呢?从上下文来看,似乎是'运行',不过trap似乎没有运行的意思,翻译成'捕捉'似乎好一些)...。转换到内核模式的意思是cpu以内核态运行,当完成system service call之后,返回之前,又切换到user mode。
    The first login session at the physical console of the machine is considered the console session, or session zero....
physical consol在网上有这么一句:Tips To Protect Linux Servers Physical Console Access,This is an user contributed article. Linux computer console is a physical device to operate a computer / server. Here are few steps which, if taken, make it more difficult for an attacker to quickly modify a system from its console.从这句话来看,似乎是指一种特殊控制台程序,其操作同硬件有关,能操作其它控制台程序不能进行的操作,从这段话来看,似乎这里的console是指启动OS第一个运行起来的会话,称为session zero。所以这句话应该这么解:第一个在the physical console of the machine的会话是第一个控制台会话,也成为session zero。
    For applications that want to be aware of..., there are a set of Windows APIs for programmatically detecting that as well as for controlling various aspects of terminal services. ...Windows APIs for ... that as well as for ..., 不考虑第一个for,there are Windows APIs that as well as for ...that看起来似乎是宾补。
    Chapter 2 describes briefly how sessions...The “Object Manager” section in Chapter 3 describes how the system namespace for objects is instantiated on a per-session basis and how applications that need to be aware of other instances of themselves on the same system can accomplish that....红色字体部分怎么理解?
Objects and Handles
    这里的Objects指的是内核对象,是windows内部定义的数据结构,且只能通过系统提供的函数访问,a)通常有一个名称;b)资源/数据系统范围内共享;c)安全,能够限制非授权进程的访问;d)还有系统的跟踪,系统知道该对象的使用情况(被多少进程访问,何时释放它等等)。
Security
    Windows was desinged from start to be secure(adj) (后置定语,修饰start) and to meet the requirements of various formal government and industry(行业) security ratings(等级,级别,从上下文意思来看这两应该译作"安全等级标准"), such as...CCITSE 规范. Achieving a government approved security rating allows an operating system to compete in that arena.这句话含义是说不同的OS要达到政府批准的安全级标准需要进行一系列的评估,这些OS可以在方面进行竞争。
    The core security.... security auditing(for accountability of subjects, or users and the action they initiate,accountability责任制,问责制,有责任,有义务,但是在这里是什么意思呢?windows对安全审核的定义为:安全审核可以监视各种与安全相关的事件。监视系统事件对于检测入侵者以及危及系统数据安全性的尝试是非常必要的。失败的登录尝试就是一个应该被审核的事件的范例。应该被审核的最普通的事件类型包括: 访问对象,例如文件和文件夹;用户和组帐户的管理;用户登录以及从系统注销时;从这里来看似乎审核的是权限而不是责任,这个词用的的确很奇怪。)
    Windows has two forms of access control over objects. The first form—discretionary access control—is the protection mechanism that most people think of when they think of operating system security.这句话中有两个think of,怎么解释?是不是应该这么翻译:DAC是一种大部分人想到的一种保护机制当他们考虑到OS的安全时。
    Security pervades the interface of .... The windows subsystem implements object-based security ... by placing Windows security descriptors on them这里的subsystem,指的是一个API,例如CreateFile的参数LPSECURITY_ATTRIBUTES就包含security descriptors.
Registry
    If you've worked at all with Windows operating systems... at all, 用在这里很费解,从字面意思来翻译:如果你曾经at all使用过...,at all有一个意思是“在任何程度上”,难道这里应该译作“只要(表示程度)你使用过...”
    In addiation, the registry is a window(在这里是什么意思?) into in-memory volatile data, ... Windows performance counters(???)...
    You'll find references to individual registry keys throughout this book as they pertain to the component being described.这句话中的as 不是一个定语重句,因为后面是一个完整的句子,只能是状语重句,这里是一个方式状语重句,可译做“如同,正如”,这句话应译作“你会发现refrence...如同reference属于被描述的成分”
Kernel Debugging
Windows Debugging Tools
Dump File

    这是记录windows程序崩溃信息的文件。
    在程序P运行过程(Release/Debug版本都可以)中,发生诸如内促非法访问,除以0等这类异常程序,如果处理不好,可能会引起程序P崩溃,如果有代码或PDB文件当然最好,但是,通常情况下情况不会这么理想,例如在PC-A又开发环境,但程序不一定会在PC-A上崩溃,而会在PC-B上崩溃,但PC-B没有开发环境,仅有一个可执行程序,此时通过一些调试工具(vs/windows debugging tools)可以得到一个P.dmp文件。然后将PC-B中产生的P.dmp文件拷贝到PC-A(有开发环境、代码),可以通过vs打开相应工程,然后加载该文件(P.dmp),就可以定位到发生崩溃处的代码。
Windows Debugging Tools
    可以调试用户模式进程和内核模式进程
    调试用户模式进程,有两种方式:Invasive和Noninvasive, 前者可以检查/修改进程内存,setting breakpoints, performing other debugging functions;后者只能检查/修改内存。
    调试内核进程,需要两台PC,一台为Host(as debugger),另一台target(as debuggee),How to use? There are two primary variants of...The Windows Debugging Tools help file...这几段内容看不明白。
LiveKD Tool
    这个工具可以运行其它的调试器,用于检查本地PC操作系统的运行情况。WindowsXP/2003支持本地内核调试,但通过使用了LiveKD工具可以做到WindowNT后的OS都可以支持本地内核调试。不过具体做法还不明白。
SoftICE
    支持用户模式和内核模式之间的单步调试,可能是当程序从用户模式转为内核模式执行时仍然可以保持单步跟踪,反过来也如此。
Platform Software Development kit (SDK)
    MSDN的一个子集,由文档,C头文件,库,API头文件及一些工具,同VS自带的这些部分相比,SDK版本更新。
Device Driver Kit (DDK)
    驱动开发包,包含文档,内核相关的头文件(数据结构、长量等),库,可以通过DDK了解更多windows内核信息(wait blocks, events, mutants, semaphores, and so on)。

Chapter 2

System Architecture

Requirements and Design Goals

    Provide a true 32-bit, preemptive, reentrant, virtual memory operating system,下面这段话是对reetrant(Re-entrant)的解释:
    If the kernel is not re-entrant, a process can only be suspended while it is in user mode (to be more precise, it could be suspended in kernel mode, but would block kernel mode execution on all other processes). The reason for this is that all kernel threads share the same memory and corruption would occur if execution would jump between them arbitrarily.
这段话似乎说明这种内核不允许某A进程的内核线程在内核模式悬挂,如果这么做,因为内核模式的线程共享内存,如果一个访问内存错误,可能会影响其它线程运行,这是不是说这种内核同时只允许一个线程T进入内核模式,在T线程内内核模式返回之前(它也可能会阻塞在内核),其他线程不能再进入内核模式?这就容易理解了,T从内核模式返回之前,内存是它自己独占的,即使发生错误,也是它自己的错,不会影响其它线程,看起来似乎不像是抢占式多任务系统。
    A re-entrant kernel enables processes (or, to be more precise, their corresponding kernel threads) to give away the CPU while in kernel mode, not hindering other processes from also entering kernel mode. A typical use case is IO wait. The process wants to read a file. It calls a kernel function for this. Inside the kernel function, the disk controller is asked for the data. Getting the data will take some time and the function is blocked during that time. With a re-entrant kernel, the scheduler will assign the CPU to another process (kernel thread) until an interrupt from the disk controller indicates that the data is available and our thread can be resumed. This process can still access IO (which needs kernel functions), like user input. The system stays responsive and CPU time waste due to IO wait is reduced.(这段话说明线程T进入内核模式,如果它因为某种原因被阻塞,此时放弃CPU,分配给其它线程T1,T1可以在用户态运行也可以在内核态运行(T仍然在内核阻塞),当T继续运行的条件满足,可以通过中断机制来恢复T的运行(内核模式)。
    从这两段话来看,Re-entrant的真正意思是T1线程进入内核模式运行,在返回之前,T2进行一样“也可以内核”模式(注意是第二次进入,T1是第一次,T2是第二次)运行,依次类推,T3也可以Re-entrant...。
Kernel pre-emption
    Kernel pre-emption does not help in the overall throughput of the system. Instead, it seeks for better responsiveness.
The idea here is that normally kernel functions are only interrupted by hardware causes: Either external interrupts, or IO wait cases, where it voluntarily gives away control to the scheduler. A pre-emptive kernel instead also interrupts and suspends kernel functions just like it would interrupt processes in user mode. The system is more responsive, as processes e.g. handling mouse input, are woken up even while heavy work is done inside the kernel.
Pre-emption on kernel level makes things harder for the kernel developer: The kernel function cannot be suspended only voluntarily or by interrupt handlers (which are somewhat a controlled environment), but also by any other process due to the scheduler. Care has to be taken to e.g. avoid deadlocks: A thread locks ressource A but needing ressource B is interrupted by another thread which locks ressource B, but then needs ressource A.(最后一段话说明Re-entrant的目的不是为了提高系统吞吐量,而是为了让系统能够及时响应用户的操作。最后说明Re-entrant内核要求注意死锁,这说明如果有多个线程进入内核模式,它们也是共享内存的,只不过这里加上对内存资源的共享保护)。
    Run and scale well on symmetric multiprocessing systems.
scale度量,symmetric均衡,相称,从这两个单词来看,这句话是想说系统中的在运行过程中多进程所占用的资源是均衡的,也就是说不会出现某个/些进程占用过多资源,其它进程占用的过少的情况。

Operating System Model

Is Windows a Microkernel-Based System?

    微内核OS的内核仅包含最基本的功能,例如线程调度,硬件管理,虚拟内存及消息传递等,然而windows的文件/进程及I/O管理等也作为内核的一部分,看起来似乎不是微内核结构(不符合典型的微内核定义),这是因为典型的微内核结构OS在商业上太低效(不实用)。这段话的意思是经典的微内核结构OS中,以内核态运行的组件较少,但windows以内核态运行的组件很多,但为何前者在商业上不实用呢?这里的主要问题在于:以内核态运行的组件尽可能多还是尽可能少?怎么取得平衡?有什么依据?下面这个例子给出一个参考的依据:如果文件系统管理有一个bug,且经常发生错误,假如以内核态运行,则它会破坏OS,OS不能恢复;如果以用户态运行,它不会破坏OS,也就是说即使发生了错误,OS仍能够恢复运行,只是文件系统这个进程终止了;看起来似乎后者更健壮,但有一个问题,就是如此一个重要的进程终止了,即使OS仍在运行,那么它又有什么用呢(用户不能再访问任何保存在PC中的数据)?
    All these operating system components... ...Windows has the reputation for being both robust and stable as an application
server and as a workstation platform yet fast and nimble from the perspective of core operating system services, such as virtual memory management, file I/O, networking, and file
and print sharing.这句话中有一个单词nimble,用在这里究竟作者想表达一种什么意思?这个单词有轻巧,灵活,敏捷,机灵,思维活跃等方面的意思。...fast and nimble...fast表示速度快,那么nimble应该不再是强调速度,不过用轻巧,灵活,敏捷等单词形容OS似乎不妥,我想这里作者可能想说的是在使用方面OS具有灵活的特点,比方说应用程序能够很方便地访问OS提供的各种服务,但是为什么有这种特点呢?

Architecture Overview

    With this brief overview of the design goals and packaging of Windows ... packaging有封装,包装,组装,装配等意思,在这里是不是指windows的组装方式?如果将windows的各个部分看成一个个组件,然后由它们组装起来成为windows,这样来看使用packaging倒也合适,估计这里的packaging应该指的是windows的这种微内核结构,也就是Operating System Model这一段所描述的内容
    Fixed (or hardwired) system support processes, such as... hardwired在计算机科学中有如下几个定义:
(1) Electronic circuitry that is designed to perform a specific task. See hard coded.
(2) Devices that are closely or tightly coupled. For example, a hardwired terminal is directly connected to a computer without going through a switched network.
(3) Refers to fixed placement; for example, text and graphics that never change their location on a page. A "hardwired banner" is a banner ad that is not dynamically rotated with different page views.
下面是hard coded的定义:
Refers to programming code that solves a problem, but offers no flexibility. Hard coding could be thought of as "brute force" programming: it gets the job done, and it is common in every program. However, the degree to which a program is hard coded determines how difficult it is to change with each new type of data that is introduced or each new function that is added.
Because It Is Easier
Very often, the processing is hard coded in the first release of an application and generalized later. The reason is simple. It is always easier to hard code a solution than to write a generalized routine that handles a variety of possibilities.
从这两段解释可以看出,用hardwired来形容system support processes是为了说明system support processes是为了完成特定的功能,这种processes不灵活,很难通过配置来控制它们的行为或者不需要配置,例如logon process,只要系统启动,该进程就会自动运行,很难想象如果用户经过配置禁止该进程启动,恐怕下次用户再也不能登陆OS了,估计作者在这里是先说明windows有一类这样不需要用户控制的进程,这组进程多是一些基本的、且必须的进程,它们是OS本身固有的,不能够卸载(有点类似于汽车发动机和座椅对比,你可以将座椅拆掉几个,但不能拆发动机,发动机可以看成是汽车本身固有的属性)。
    Service processes that host Windows services... host在这里应该是动词,它有如下几个意思:
-verb (used without object): to be the host at (a dinner, reception, etc.);to act as host to;to act as master of ceremonies, moderator, or interviewer for: to host a popular talk show.;–verb (used without object): to perform the duties or functions of a host.经过在网络上查找,它还有“寄宿”之意,从上下文来看,应该是to perform the duties or functions of a host.的意思,这里是可以翻译成"服务进程履行windows服务"。
    Environment subsystem server processes... which implement part of the support for the operating system environment, or personality presented to the user and programmer...OS/2 was dropped(终止,玩结) as of(截止) Windows 2000...As of Windows XP...only the Windows subsystem is shipped in the base product—an enhanced POSIX subsystem is available as part of the free Services for Unix product(???). 这句话中的shipped, shipped with可以译作"被集成进",带有等等。
The environment subsystem was designed to run applications written for many different types of operating systems. None of the environment subsystems can directly access hardware, and must request access to memory resources through the Virtual Memory Manager that runs in kernel mode.Also, applications run at a lower priority than kernel mode processes.
...which implement ... support for operating system environment,...or personality presented to... operating system environment, personality是并列的,presented这里应该是面向的意思,整句意思可以译作:...实现了OS环境的和面向编程人员的部分支持。
    The Windows executive contains... executive原意是执行体,在这里意思应该是可执行程序(都是服务)。
    The Windows kernel consists of low-level...the rest of the executive uses to implement higher-level constructs.这句话中的kernel是什么意思?如果同上一句的executive比较起来,这里的kernel似乎是指一些机制,对象等等这些静态的概念,例如线程的调度,异常处理,多处理器同步等等,显然这些看起来不是一个独立的可执行程序。这句话中的low-level/higger-level应该不是指优先级,而是指可执行程序访问OS的层次,硬件的层级最低。

Table 2-1 Core Windows System Files 
    
Ntdll.dll Internal support functions and system service dispatch stubs to executive functions. stub是什么意思?

Portability

      Windows has a layered design, with(表示伴随) low-level portions(底层的部分) ... that are processor-architecture-specific or platform-specific(和具体的处理器结构/平台有关)  ... isolated into(被分成) separate(adj) modules so that ... shielded(防护,保护) from ... . 整个句子主干是 Windows has ..., with low-level portions...isolated(分词,伴随) into ... so that ... .
    Trap Dispatching 参看: http://www.budoou.com/article/296788/
    Functions that can differ among systems within the same architecture (for example, different motherboards) are implemented in the HAL. 这句话令人费解,不过主干很清楚,Functions...are implemented in the HAL. 这句话的意思应该是这个意思,在一个OS中,有访问一些硬件的功能,这些功能(可以理解成代码)根据硬件的不同而不同。

实际上可以这么理解,一个OS的某部分功能(例如线程管理)它们都是相同的,或者说只有一份代码执行之,但这句话中的Functions是指访问硬件的功能,而且它们随着硬件架构的不同可以执行不同的代码,也就是说函数不同,这就是为什么作者用function(函数)的原因,但这些函数所实现的功能上相同的。
例如,一个OS有这么一个函数,访问主板的上的网卡,但是,主板不同,那么通过主板访问网卡的方式略有区别(毕竟OS要通过主板来访问连接到主板上的设备),则这个函数名称可以相同,但是它所执行的代码随着主板的变化而变化,这些代码就是在HAL中执行的,但对于调用者来说,它并不知道这些变化。
    The vast majority of Windows...
local procedure call facility (http://www.thenetworkencyclopedia.com/d2.asp?ref=1144)
    A component of the Microsoft Windows NT executive running in kernel mode that is responsible for message passing. In the Windows NT operating system, applications and their supporting environmental subsystems function in a client/server relationship even though both are located on the same machine. The Local Procedure Call Facility (LPC Facility) provides the mechanism for client and server components to send messages to each other. The LPC Facility functions(runs) in essentially(本质) the same way that remote procedure calls (RPCs) do, except with RPCs the client and server components are located on different machines.
When an application on a computer running Windows NT needs to call an application programming interface (API) function on an environmental subsystem such as the Win32 subsystem, the client uses a placeholder called a stub, which is located in a dynamic-link library (DLL). The stub is used to package and send the parameters being passed to the server subsystem process that implements the call, which unpackages them and executes the called function. The LPC Facility then waits for a response to be issued back(issue-response 应答). From the application’s point of view, however, the whole process appears to take place locally within the DLL. The application is unaware that the DLL has forwarded(转向) the call to another API using the LPC Facility.
environmental subsystem(http://www.thenetworkencyclopedia.com/d2.asp?ref=717)
    Components of the Microsoft Windows NT or Windows 2000 operating system that support the running of applications from different operating system architecturesEnvironmental subsystems provide the necessary “environment” in which these applications can run. They are an essential part of the Windows NT operating system that enables cross-platform support for applications written for different operating systems. Windows NT and Windows 2000 include the following environmental subsystems:
a)Win32 subsystem for running 32-bit Windows applications
b)OS/2 subsystem for running OS/2 1.X character-based applications (does not support the OS/2 
c)Presentation Manager GUI or Warp versions)
d)POSIX subsystem for running POSIX.1-compliant applications
Symmetric Multiprocessing
    When a computer has more than one processor, however, it can execute two threads simultaneously.Thus, whereas a multitasking operating system only appears to execute multiple threads at the same time, a multiprocessing operating system actually does it, executing one thread on each of its processors.
When..., however, it can...中,when..., it can...看起来明显是一个因果或条件关系,但为何在中间加一个however呢?however表示转折,通常做插入语,可是用在这里让人费解。看起来似乎应该翻译成no matter how,PC有一个以上的cpu,无论怎样(是不是也表示PC有一个CPU的情况呢?),it can...
Thus, whereas...only..., ...actually...应该这么翻译,因而(因为有多个cpu的PC能够同时运行多个线程),尽管OS仅仅看起来象是同时运行多个线程(如果PC只有一个CPU的确是“象”),实际上...可以做到这一点, 每个处理器运行一个线程。作者其实想说,一般情况下PC只有一个CPU,但在用户看起来它好像能够同时运行多个线程(实际上不能,有名无实),可是,如果PC有超过一个CPU,它实际上的确能够同时运行两个线程(名副其实,不仅是"象",且事实的确正如看起来那样)。
    Hyperthreading is a technology ... logical processors(is Hyperthreading?) ... CPU state(???), but the execution engine(???) .... make progress(???)
    IN non-uniform memory architecture NUMA systems, ... Larger system(???).... in that all processors have access to all memory-it's just that node-local memory is faster to reference than memory attached to other nodes. In that...是说在Windows即使上在NUMA系统中运行,每一个进程都可以访问所与内存(同NUMA系统相比,NUMA中,一个node的processor只能访问该node的内存)。it's just that 在这里意思是表示同其他的不一样,仅仅,只不过,reference是一个动词,宾语是memory。it's just that...可以这么读 ...to referece node-local memory只不过比to referece memory attached to other nodes快一些而已。
    Although Windows was originally designed to support up to 32 processors, nothing inherent in the multiprocessor design limits the number of processors to 32—... 这句话中, 主语是  inherent原本是形容词,意为固有的,与生俱来的,但在这里作为一个名词,可以翻译成固有的特点或类似的意思,这句话是说,...在多cpu设计中,cpu数量限制为32个,这并非不是固定的,其实作者是想说限制cpu数量仅仅是人为的,并非是某种不可突破的限制,要求cpu数量必须是32个。
    For perormance reasons, there are separate uniprocessor and multiprocessor version of kernel and HAL....这句话中的separate, 独立的,单独的,分离的等意思,不过这里的意思应该是分离的,同操作系统相分离的,也就是说同一个版本的操作系统,它们的有单/多CPU版本的kernel/HAL,从这段话也可以看出,同一版本OS的kernel/HAL文件可以不同(不同个数随OS版本的不同而不同)。
    The reason for having uniprocessor version of these key system files is performance-..., this overhead is avoided...(which...).overhead有企业开支,费用的意思,在这里表示运行在CPU的windows需要将一部分时间消耗在处理器同步上,在单CPU是不必要的,为了避免这部分时间的消耗,所以运行在单/多CPU上的OS的kernel/HAL文件是不同的,从这句话可以看出,单cpu和多cpu的OS内核和HAL最重要的不同体现在CPU的同步上,一个需要,另一个不需要。(which constitute the vast majority of systems running Windows)括号中的systems指的单/多CPU的kernel和HAL,which指的是多CPU需要同步处理,这部分构成了kernel和HAL的大部分(实际上就是指单/多CPU的最大不同之处)。
    Interestingly, although the ...the uniprocessor version of Ntd.dll and Kernel32.dll for Windows 2000 are created by patching x86 LOCK and UNLOCK instructions, which are...with no-operation(NOP) instructions.这句话中的patching怎么理解? 如果是"修补"的意思,修补LOCK and UNLOCK指令怎么理解?LOCK and UNLOCK指令用于同步多线程,它是通过NOP指令做到这一点的,我猜测这句话意思可能是说,无论是单cpu还是多cpu的内核文件,都是通过修补LOCK and UNLOCK指令做到的,所谓的修补,是不是说为LOCK and UNLOCK指令打补丁,通过这种方式来让其执行同步或不执行同步这样的功能。但不知道这样理解是否正确。
Scalability
应该翻译成可伸缩性。
    Fine-grained (???) synchronization within the kernel (such as spinlocks (???), queued spinlocks (???),and pushlocks (???), ... to run concurrently (协调一致) on multiple processors.
    Programming mechanisms such as I/O completion ports (described in Chapter 9) that facilitate the efficient implementation of multithreaded server processes that can scale well on multi-processor systems.令人费解的一句话。从两个that可以看出,似乎这就shuch...后面所有的内容都是定语。
facilitate意为更方便利用,更易利用这类意思,Programming mechanisms是一种机制,可以很方便地利用...,被利用的...能够更高效的运行,我想这才是作者想要表达的意思。
...scale...在这里是动词,它本身又调整,调节的意思,在这里似乎是表示...能够自动调整(调节),在多cpu的系统上高效运行,还要调节什么呢?考虑到windows是一个SMP的系统,这一段开始也说了有资源竞争/效率的问题,所以scale这里应该理解为诸如I/O completion ports这种机制,不但高效,而且也能够自动调整对资源的占有,不会为了高效一直占据系统资源不释放,从而影响其他程序的执行,也就是说不至于为了高效而放弃其他的特点,例如均衡性,那么也就是说Programming mechanisms的高效性是可伸缩的,或者说有时候快,而有时候可能慢一些。
    The scalability of the windows kernel has evolved ... Window Server 2003 has per-CPU shceduling queues , which permits thread scheduling decisions to occur in parallel on multiple machines.
per-CPU shceduling queues 是一种什么机制?从字面意思来看,似乎每个cpu都有一个调度队列,这是什么意思? ...thread scheduling decisions(注意是复数),线程调度的决策以并行方式发生。
Differences Between Client and Server Version.
    Layered services that come with ... Layered在这里看起来是一个形容词,分层的,分层的服务是什么意思?是不是想ISO7层协议那样?
    Note Window XP ... Instead, development continued on what became Windows Server 2003 for...
...continued on what... What...翻译成变成了Windows Server 2003的那个东西,Instead后这句话可以这么理解,开发变成2003的那个东西持续了...

    A different registry value, ProductSuite, distinguishes the various flavors of Windows Serve systems...flavor,它本身意思有调味品,滋味,香料,情调等这类意思,不过用在这里是用来表示windows的各种版本中的比较小的分支版本。
    So if the core files are essentially .... In short, Server systems are by default (缺省情况下,默认,在这里相当于一个adj) optimized for.... For example, based on the product type (分词做状语,表条件), ... Also, run-time policy... memory manager trades off (这里应理解为交替处理) system and process memory demands, ... Unless otherwise (另外的,特别的,不同的等意思) note , ...
Checked Build
    There is special ... Also, to make it easier to understand the machine code, the post-processing of the Windows binaries to optimize code layout for faster execution is not performed.... 这句话主干就是 the post-process of windows binaries is not performed. 

...to make...(目的), the post-processing of Windows binaries...后来windows binaries的处理(为了目的所做的事), ...to optimize code layout(排布, 布局, 排版等) to ...execution作为post-processing的定语,后来的处理是为了是代码排布优化。
对于code layout在网上查到一个解释,代码排布侧重研究代码执行的空间相对位置,指令预取则关注于代码执行的时间相对关系。从这个解释上来看,似乎优化代码排布很可能调整了代码的位置,或者还涉及添加/删除某些代码,因此这里用optimize code layout, optimize有使优化的意思。
    Much of the additional code in the checked-build binaries is a result of using the ASSERT macro, ... If the system wasn’t booted with the kernel debugger (using the /DEBUG switch in Boot.ini)... ...code is a result of using the ASSERT macro... ...代码是ASSERT macro的结果...这句话如何理解?是不是这个意思ASSERT(code)?

...booted...with...系统以调试方式启动(带着/DEBUG)。
    The checked build is also useful... because of the additional detailed informational tracing that can be enabled for ...这句话的...information tracing that can be enabled... tracing修饰information,相当于定语从句, that似乎是指代tracing,因为只有一个动作才可以被激活,而这里只有tracing才是一个动作,所以从这个角度来看,tracing才是一个主语, can be enabled是被动语态.这句话可以这么理解,information which tracing (something) that(引导主语从句,主语是...tracing) can be enabled....似乎这么理解才是正确的。
    You don’t have to install the entire...The advantage of this approach ... get the rigorous checking of the checked build without having to run the slower debug versions of all components ...
checking 是否就是调用了ASSERT宏?without...是否是说调试信息将不会被拷贝到内存中并且输出及相关组件的运行?
    Finally, the checked build ... testing user-mode code ... timing ... is different....这段话中有一个timing,这个单词指代的是OS的时钟,用户程序在OS中运行,它们要使用OS的时钟,而OS内核代码通常是不变的,何时调度用户程序/内核程序,调度多久等等这些都是使用同一个时钟,比如说每X毫秒换一次,但是一旦运行checking build代码,这意味着OS内核要执行更多的代码(检查/也没有优化),这时候就会引起时钟的变化(例如调度内核时间长一些等等)。而多线程同步同OS的时钟有关,如果在一个时钟下测试的多线程程序正确,如果程序的确是正确的,即时时钟发生了变化,它仍然应该是正确的,要检验这些,就提供一个时钟不一样的OS环境测试,这样可以发现潜在(latent)错误。实际上这段话是说使用checked build的OS环境同不使用checked build的环境有差异,无疑,在多种环境下测试程序可以尽可能多的找出潜在的错误。
Environment Subsystems and Subsystem DLLs
    As we’ll explain shortly,of the three,the Windows subsystem is special...这段话的意思是说,Windows包含多个子系统,其中windows子系统比较特殊,因为鼠标/键盘/显示器等等这些输入输出设备都是windows子系的,运行Windows(包括无需同用户有交互的服务器版本)都需要windows子系,这句话的也可以这样理解,即时没有其它两种子系统(0S/2,POSIX)Windows一样可以运行,但是,运行其它两种子系统(0S/2,POSIX,以命令行的方式)要求Windows subsystem必须运行。
    The subsystem startup information is stored under the registry key...The Windows value contains the file specification of the Windows subsystem...这句话中的file specification意思在这里应该是指Windows subsystem的某些配置项,不过这里为何不用settings这个单词而要用file specification,前者比后者不是更精确么?而从这些项的内容来看,也不全是文件,难道这些配置项都同一些文件有关?
    Although Windows was desinged to ...,having each subsystem implement all the code to handle windowing and display I/O would result in a large amount of duplication of system functions that, ultimately, would have negatively affected both system size and performance....designers decided to locate these basic functions there and...
having...would result in .... that, ultimately(插入语) would have ... having...是句型have sb/sth do sth 使某人/某物做某事, having...充当主语,would result in 显然是谓语, a large amount of duplication of system functions that that前是宾语,that修饰这个宾语,显然, 这是个宾语从句。最后还有一个locate,这个单词在这里的意思是把...置于...,作者是想说把基本功能放在windows子系统中。
Windows Subsystem
  Applications call the standard USER functions to.... A display driver is paired with a video miniport driver to complete video display support.display driver和video miniport driver的概念参看:http://www.calsoftlabs.com/whitepapers/multi-monitor-display.html
 
  Prior to Windows NT 4... Conversely,...were cached on the client side for fast subsequent access.
WinNT4之前,windows manager and graphics servcies是用户模式windows子系统进程的一部分,到了indowsNT4,大量的windowing and graphics代码从windows子系统进程上下文中移动到一组运行在内核模式中可调用的服务(不只一个)中,这一做的主要原因是这样可以提高整个系统的性能。一个绘制windows的独立服务进程会涉及多个线程、进程上下文切换,这个操作会占用大量的CPU时钟,即使已经被优化过。
例如,应用程序(作为Client,服务的使用者)的每个线程(Tc)都有一个和它成对,为其专用的处于windows子系统进程(Server,服务的提供者)中的服务线程(Ts)等待着它(Tc)的请求,不过Ts和Tc(处于不同进程)之间的交互是通过LPC进行的。LPC是进程交互的一种独特机制,一般情况下,处于两个不同进程中的线程之间交互会涉及线程调度事件,可是在这里Tc和Ts之间交互时LPC被赋予一种特性,那就是不会产生线程调度事件,在这里LPC被赋予一种特性,它可以立即使用Tc剩余的时间片来运行一段时间(不到一个时间片的长度)在通过内核抢占式机制来获取时间片之前(轮到它运行)。另外,共享内存机制为LPC快速大量的数据交互提供了可行性,Tc可以直接从共享内存读取Ts提供的数据(Ts可以决定其大小,以达到最小化交互数据)。对于GDI,它有一个Batching(批处理)机制,其实就是一种缓存机制,将多个GDI相关的操作缓存到一个队列中,当队列被填满,可以一次性将这个队列通过LPC传给GDI(内核),由GDI调用输出设备驱动,然后输出到设备中,这样可以避免程序在用户模式和内核模式之间频繁切换。相反,对于windows子系统传给Client的数据(拥有只读属性且是GDI结构)也可以使用Batching机制,Client可以一次读取全部数据,将本次不用的数据暂时缓存,下次再读时就不必再从Windows子系统读取,而是从缓存中读取,这一也可以提高访问效率。
  Despite these optimizations....The obvious solution was to...additional threads and resulting (因而(线程)产生的) context switches by...Also, once applications have called into the window manager and the GDI, those subsystems can access other Windows executive components directly without the cost of user-mode or kernel-mode transitions. 这句话比较费解,have called into,这是个现在完成时,这说明代码已经在window manager and the GDI中执行,而前文说过这两个subsystems的代码是在内核中执行,"those subsystems can...”该怎么解释?为什么说other Windows executive components而不需要用户/内核模式切换,难道是Windows executive components是在用户模式执行,这两个subsystems访问它们的时候不需要再切换回用户模式?这样理解不知道是否正确?
So, what remains in the user-mode...drawing and updating...for console or text windows...no notion(打算) of repainting a window...,only a few...any more(?)...,if any(若有的话)...
在winxp下运行cmd.exe,notepad.exe,calc.exe,打开任务管理器,分别作如下动作:
1.找到windows subsystem process-csrss.exe。
2.然后拖动calc.exe在cmd的窗口上来回移动,观察csrss.exe的CPU时间,发现该时间在变化,然后再观察cmd.exe的cpu使用,发现没有变化。
3.找到notepad.exe窗口,拖动calc.exe在该的窗口上来回移动,观察csrss.exe的CPU使用,发现该时间不变(或变化非常小),然后再观察notepad.exe的CPU使用,发现变化(很大)。
case2说明cmd窗口绘制是在csrss.exe进程中执行的,消耗的是该进程的CPU;case3说明窗口是在notepad.exe进程中执行的,消耗的是该进程的CPU;这个例子解释了作者想告诉读者,对于一个窗口,大部分窗口绘制都是由windows subsystem进程执行的,但还是有一部分是由窗口应用程序执行的,主要是控制台窗口或文本处理,实际上的确如此,我在向notepad窗口输入文字的过程中notepad进程的CPU使用总是在变化,而csrss进程的CPU使用是不变的。
  only a few Windows functions result in sending a message to the Windows subsystem process any more..., only a few...any more可以这么理解,many sth do not ... any more, 这这句话可以理解为many windows functions do not result in sending a message to the Windows subsystem process any more...换句话说,也就是还有很少的windows functions会result in...一个运行中的窗口应用程序很少会引起到windows subsystem进程的上下文切换,但还是有一些的,process and thread creation and termination, network drive letter mapping, and creation of temporary files这些函数会引起向windows subsystem进程发送消息(到windows subsystem进程的上下文切换)。
Is Windows Less Stable with USER and GDI in Kernel Mode?
  Some peoper wondered...这段话应该这么理解:
  windows subsytem(csrss.exe)中的windowing and graphics 在用户模式和内核模式中执行对OS的稳定性有什么影响。答案是差不多。在用户模式中执行,如果有一个bug引起windows subsystem崩溃,也就是csrss.exe崩溃了,该进程是OS中一个重要进程,包含图形界面的数据结构,它的崩溃意味着OS不能正常使用(同用户的交互界面没了);如果让windowssubsystem作为一个服务,没有同用户交互的界面(不包含图形界面数据结构),它仍然要调用windowing manager(内核模式)以驱动应用程序界面状态的变化,如果这部分代码出现访问异常,会直接OS崩溃,而且更快,因为内核异常会引起OS崩溃。
  There is, however, one additional theoretical danger that didn’t exist...  另外,相对于用户模式,这部分代码(windowing and graphics )运行在内核还有一个理论上的风险,例如通过一个指针访问图形界面的数据结构,如果这个访问发生在用户模式,则该指针指向的内存是只读的(对于用户模式来说,内核内存都是只读的),这样的会引起访问失败,而不会导致系统崩溃。可是如果访问发生在内核,则可以修改数据,如果修改错误,访问越界或将数据写错,这可能会导致(现在或将来)返回给用户错误的数据或者将错误的数据写到磁盘上。
  现在,windows的graphics drivers原来还有一部分在csrss或其它用户模式组件中执行,现在都移动到了内核中,Microsoft不会开发所有的graphics drivers,它(Microsoft)和硬件(例如显卡)生产商一起确保graphics drivers编写出可靠稳定的graphics drivers.Windows本身带有的graphics drivers也是经过严格(rigorous)测试,就像其它可执行组件一样。
   Finally, it's important... ...这设计基本上没有风险,...since the inception of Windows NT ...从Windows NT 以来...
  Some people speculated that...GDI和有人认为内核中的代码不会被OS scheduler(调度程序)抢占,或者即使被抢占也仅是at a certain limited number of predefined points of kernel reentrancy(类似于循环机制,运行若干次跳出循环?),这导致运行在内核中的windows manager和GDI破坏了OS的“抢占式多任务的能力”,但实际上并非如此,线程无论运行在内核模式还是用户模式,都可以被抢占或调度,其中一个理由是这样提高了OS的可测量性(scalability)。
  Another line of speculation... This analysis指的是: Previously ... thus improving throughput这个观点. Therefore, no parallelism... on SMP hardware...这句话的意思是SMP硬件并不是这样(In most cases, calls from...completed the call.)运行的。...若在双CPU的SMP系统,有1个GDI应用程序的线程T,会有一个服务线程Ts(csrss),这两个线程各占一个cpu,the two threads are fairly intimate with each other(线程的亲缘性?怎么理解) and sharing state, ...This constant flushing(the processors’ caches must be flushed constantly to maintain coherency) is the reason...
  As a result, the changeds in ... The lack of a consistent pattern in which threads run results in a loss of locality of reference and cache coherency. This loss occurs...这种模式(线程运行时缺少一致性)导致丢失了locality of reference and cache coherency,这是因为繁忙的线程可能会争抢cpu,例如,T1在cpu1上运行,T2在cpu2上运行,但可能发生这样的事情,T1会争抢CPU2, 那么就需要从cache1中读T1的信息,这就需要一个同步,降低了性能. another. In the Windows NT 4 design, ...线程和cpu有一个affinity(亲缘性),也即是线程尽量(注意不是"一定")会在一个cpu上执行.WinNT4的设计是充分利用locality of reference而尽量减少(注意不是"杜绝")synchronize the private per-processor memory caches.
NT4之前的系统,如果发生多个线程争抢cpu的情况,一个线程可能会在多个cpu上运行,这会破坏local of reference and cache coherency.因此在NT4中弄出了一个线程的亲缘性技术,也即是一个线程尽可能(注意不是一定)会在一个cpu上运行。
  POSIX Subsystem
 Because POSIX.1 compliance(依从, 顺从) was a mandatory(托管) goal (遵循托管的目的?) for Windows, the operating system(指windows) was designed to ensure that the required base system support was present to allow(必要的基本系统支持目前还要允许存在) for ... However, ... POSIX支持一组系统服务(如进程管理等),而应用程序不能混合在子系统调用(windows中的),因此win2000中的POSIX还不是一个完整的开发环境(不能支持POSIX提供的某些系统服务,如进程管理), 这样,在缺省情况下,在win2000中的POSIX就限制对标准POSIX定义的服务的调用。这也意味着如果windows中的POSIX可执行程序不能创建进程(标准POSIX提供的服务之一)。
Ntdll.dll
  System service dispatch stubs to Windows executive system services...The first group of ...
dispatch stubs指的应该是一组被 windows executive services 调用的函数,该组函数在调用
系统服务或内核为调用者提供服务.
Executive(可执行机构-一组函数和可运行组件)
在Ntoskrnl.exe(内核)之上,注意Executive也在内核态执行.
Executive 
它似乎在提供内核中对象,数据或者内核中某些机制的管理器,供调用者通过管理器访问这些对象
然后提供一组函数用例访问内核.
Kernel
提供基本服务(如线程调度和同步,想想内核对象那些内容)和as well as low-level hardware architecture-dependent support (such as interrupt and exception dispatching), that are different on each processor architecture.(这句话该如何翻译?估计作者是想说内核中有一些和硬件体系结构相关的机制(或者叫系统支持,服务,功能等)). 
Kernel Objects
predictable operating system primitives(预先定义的OS原语?可以这样理解么?)
Kernel提供预先定义的系统原语和机制,Kernel仅负责执行,不负责策略的制定(executive负责策略制定),不过有一个例外那就是thread scheduling and dispatching,Kernel 不仅负责策略制定而且负责执行.
...resource quotas(分配) to be deducted(扣除)..."扣除掉已经被分配的资源"这样理解对么?
内核中的资源在executive层会被当成对象,这些资源的使用都被当成一个个对象来对待.executive层的对象和Kernel层的对象并不完全相同,使用executive层的对象之前需要执行使用的策略,但是在使用.
Kernel层的对象之前不需要执行使用策略,Kernel层中的对象更简单,这是为了更有利于让Kernel control central处理,更好地支持executive层对象的创建.实际上,executive层的对象筒通常包含一个或多个Kernel层的对象和Kernel层为其对象定义的某些属性.
内核对象可分为控制对象和分配对象,control object and dispatcher object.
control object-establishes semantics for controlling various operating system functions(???).例如APC object, DPC object, interrupt object. 它们有什么共同点,为何叫控制对象?控制什么?这组对象似乎用于异步。
dispatcher object, 主要用于线程调度(dispatcher这里应该理解为调度),如kernel thread,mutex (called mutant internally), event, kernel event pair, semaphore, timer, and waitable timer.等等。
Hardware Support
内核将硬件驱动抽象,并且把executive和windows支持的hardware architecture隔离。
有两类接口函数,一类同硬件结构无关,一类同硬件结构相关。
前者是通用的函数,它们可移植,且适用于各种结构(在不同的结构上函数的语义都相同semantically identical across architectures),这意味着它们可以在各种结构的PC上执行。有些内核接口函数可能会在HAL中执行,这是因为对于系统来说它们的执行可以不同,即使它们同属于相同家族的结构(相同结构,执行可能不同)。
后者是和硬件相关的接口函数。x86-specific interfaces需要支持old MS-DOS programs,它们不能移植;...interface to provide translation buffer and CPU cache... 这类接口函数在不同的结构硬件中其具体实现也不相同,因为CPU缓冲的实现方法(...for the different architectures because of the way caches are implemented,我想作者是想说caches相关操作的执行不同);还有一种同(线程)上下文切换有关的接口函数,不同CPU结构其实现不同,这是因为线程上下文的描述同CPU有关(例如register),如何保存和加载取决于具体结构。
Hardware Abstraction Layer
这个东西是为了可移植性
内核组件和驱动都是调用HAL,HAL对这二者隐藏了同硬件相关的细节
Device Drivers
驱动也是一个可加载的kernel-mode modules(.sys),也是连接I/O管理器和相关硬件的接口。
不过驱动模块并不总是加载的,它在3种情况下被加载,1)用户线程中初始化I/O函数时;2)系统线程(内核中);3)中断(无论是什么样的进程/线程)
驱动也不会直接访问硬件,而是访问HAL。
驱动分类:???
Windows Driver Model (WDM)---驱动模型
3大类驱动: bus driver是最基本必须的驱动,主要用于检测设备(例如设备是否存在,状态等等)及I/O;function driver主要用于操作设备,充分利用设备的各种功能;filter driver似乎用于扩展或修改关于driver的某些功能。
...It is a required driver unless the device is used raw... 这句话怎么理解?... accesses device-specific registers(寄存器) .
System process
OS 本身有两大类进程,系统本身和用户相关的。
系统本身的包括Idle process, System process(kernel),Windows subsystem,Services control manager.
用户相关的包括Session manager, Logon和Local security authentication server.
Idle Process
Idle process和System process都运行在内核层,在文件夹中找不到它们的imange。
Interrupts and DPCs
中断和Deferred procedure calls.
... They are shown because they account for CPU time not charged to any process...这句话意思可以这么理解,Idle account for(解释) CPU 时间 not charged to (分配给)其它任何进程。
在任务管理器中,the system idle time 包括interrupt time 和 DPC time. Thus a system with heavy interrupt activity (重要中断活动,估计作者是想说系统发生重要的中断活动时(这个时间应该比较长)) will appear to be idle (idle时间更多)  when using Task Manager.也就是说系统发生重要的中断活动时idle进程的时间更多。
System Process and System Threads
The two lines(?) labeled(?) Interrupts and DPCs...
系统进程为系统线程提供运行环境,系统线程具有也具有普通线程的特点(硬件上下文,优先级等),不同的是它们运行在内核或驱动,使用系统的地址空间
...system threads don’t have a user process address space and hence must allocate any dynamic storage from operating system memory heaps, such as a paged or nonpaged pool.
这句话怎么理解?虽然系统线程没有用户进程地址空间,但是它有系统进程的地址空间,又为什么从系统堆中动态分配内存呢?这是不是在说系统进程没有向用户进程那样的一个内存地址空间?
Session Manager (Smss)
Session Manager是系统创建的第一个用户模式进程,它由系统线程(该线程负责executive和kernel最后阶段的初始化)创建。smss负责其它进程的创建,监视其运行(是否终止)等工作。例如,启动一些进程(csrssexe/WinLogon.exe等),推迟重命名/删除文件,opening additional page files(?)等。完成初始化该smss的主线程会等待csrssexe/WinLogon.exe的进程句柄,这两个进程的任何一个非法终止smss就会终止windows的运行,windows依赖这两个进程。另外,smss还负责创建 Terminal Services session。
Winlogon, LSASS and Userinit
secure attentionsequence (SAS) 保护用户名和口令,防止其它进程(模拟winlogon)窃取,当用户输入用户名和口令时应该是SAS获取的,不过SAS是个进程?还是服务?
还是属于Winlogon的一部分?
Ctrl+Alt+Del->SAS->notify winlogon;PSW/UserName->Lsass.exe->GINA/DLLs/Networker Dlls identificate)->access object token->Winlogon->userinit
SCM
SCM用于管理windows服务,例如启动/终止,同这些服务交互等。
windows中的服务是这样一组进程,如果配置为自动启动则在用户登录之前就可以启动,当然也可以配置为手动启动。有些服务共享同一个服务进程,而且windows的很多组件都是以服务形式运行的。

Chapter 3 System Mechanisms

Trap Dispatching
Interrupts and exceptions是OS的一种状态(条件),它能够使Processor转到正常流之外(具体由Trap执行)。Trap是一种机制,能够捕捉线程中发生的Interrupts and exceptions,然后使Processor转到trap handler(一个处理Interrupts and exceptions的函数,OS提供)。
中断是异步事件,不是由于Processor运行某些指令(例如访问无效地址)触发的,Interrupts are generated primarily by I/O devices, processor clocks, or timers, ...可被打开或关闭。异常是一个同步条件,是CPU运行某些指令触发的(例如除以0)。
Interrupts and exceptions既可以由硬件引起也可以由软件引起,硬件引起的Interrupts and exceptions一定发生在内核中,相关信息一定是记录在内核的栈中,这是为了返回到Interrupts and exceptions发生的位置。用户模式线程发生Interrupts and exceptions,windows会创建一个trap frame(线程上下文的一个子集)在该线程的内核栈(用户线程有内核栈?是不是TLS呢?),对于软件中断,内核要么将其作为硬件中断的一部分处理(显然是异步方式),要么按照同步方式,前提是该线程调用了软件中断的相关处理函数(这些函数都是内核函数)。
In most cases, the kernel installs front-end trap handling functions(???) that perform general trap handling tasks before and after transferring control to other functions that field the trap.这句话什么意思
Interrupt Dispatching
硬件产生中断通常由I/O设备引起,设备向CPU发出中断请求(请求得到CPU服务),Interrupt-driven devices allow the operating system to get the maximum use out of the processor by overlapping central processing with I/O operations.(?OS得到CPU即使CPU很忙,是这样意思?)系统软件也可以引起中断(?)。
中断处理类型也不同,Interrupt trap handlers虽然是有内核安装的,但如果是设备中断,trap handlers会将控制流转到外部routine (the ISR),由设备驱动处理;对于其它类型的中断,trap handlers将控制流转到内核routine。
Hardware Interrupt Processing
On the hardware platforms... one of lines(?怎样理解)...The controller in turn interrupts the processor on a single line(?). 对于I/O中断,interrupt controller转给CPU, CPU发生中断会从中断请求中得到interrupt number,windows有一个IDT(interrupt dispatch table),通过interrupt number 找到一个处理中断的Routine,然后将控制流转到这个Routine。在windows启动的时候,windows使用指向内核中的Routine的指针初始化这个IDT.每个CPU都有自己的IDT,这意味着每CPU可以运行不同的ISRs。
Software Interrupt Request Levels (IRQLs)
interrupt controllers运行不同有限级别的中断,不过windows仍然采用自己的interrupt priority scheme,称之为interrupt request levels (IRQLs).IRQLs实质就是采用映射的方法,表把同优先级的中断用数字表示。内核定义IRQLs for software interrupts,HAL定义hardware-interrupt numbers to the IRQLs.
CPU为Interrupts提供服务是以优先级的顺序方式处理的,高优先级中断优先被处理,高优先级中断发生后,CPU首先保存发生中断的线程T状态,然后调用Trap Dispatchers,Trap Dispatchers提升该IRQL的优先级别,在调用响应的中断服务routine处理该中断,处理完毕后,Trap Dispatchers在降低这个IRQL的优先级别,最后再加载线程T的状态信息。然后再处理更低优先级的IRQL。
IRQL priority不同于线程调度的优先级,后者是线程的一个属性,但是IRQL priority是中断固有的属性。每个CPU的IRQL设置(包括优先级)不尽相同,但可以由OS调整。
处理器的IRQL设置能够决定CPU接收/拒绝中断。中断常用来同步内核模式数据结构的访问(?)。内核线程提升/降低IRQL,如果新的IRQ高于当前的会被立即处理,否则(等于/低于)当前的会等当前的IRQ处理完后再处理新的。(难道这是就是同步?)因为访问(PIC)比较慢,访问PIC的HAL做了一些优化。When the IRQL is raised,the HAL notes the new IRQL internally instead of changing the interrupt mask(通知代替中断遮蔽?). If a lower-priority interrupt subsequently occurs, the HAL sets the interrupt mask to the settings(?) appropriate for the first interrupt(?) and postpones the lower-priority interrupt until the IRQL is lowered.Thus, if no lower-priority interrupts occur while the IRQL is raised, the HAL doesn’t need to modify the PIC.这一段作者究竟想说什么?
A kernel-mode thread既可以提升IRQL也可以降低IRQL,depending on what it’s trying to do. 例如,该线程发生了中断,trap handler会提升IRQL,这个提升操作实际上相当于遮蔽了级别等于/小于该级别的中断,这是为了防止等于/小于该级别的中断随之发生从而拦截本次CPU为该中断提供的服务(同一时刻CPU只能为一个中断提供服务),The masked interrupts are either handled by another processor or held back until the IRQL drops. Therefore, all components of the system, including the kernel and device drivers, attempt to keep the IRQL at passive level (sometimes called low level). They do this because device drivers can respond tohardware interrupts in a timelier(更及时) manner(方式?) if the IRQL isn’t kept unnecessarily elevated for long periods (没有长时间保持不需要被提升级别).
Note 如果是(A kernel-mode thread发生)异常,且raising the IRQL会阻止等于/低于该级别的中断(同APC_LEVEL有关),If a thread (A) raises the IRQL to APC_LEVEL and then (B) is rescheduled because of a DISPATCH_LEVEL interrupt (注意是两个条件A和B), the system might deliver an APC_LEVEL interrupt to the newly scheduled thread. Thus, APC_LEVEL can be considered a thread-local rather than processor-wide IRQL.(既然APC_LEVE中断可以被其它CPU处理,才认为it can be thread-local,否则哪个CPU上发生的中断就有哪个CPU处理,这叫做processor-wide IRQL). processor's IRQL只能由内核线程改变,用户级别线程是不能修改的。这意味着用户线程中,processor’s IRQL不会被提高或者降低,它们的级别通常都是较低的(Lower level). 每一个interrupt level都有不同的目的,例如CPU之间通信、时钟中断等等。HAL为驱动提供的一些interrupt levels,数量根据processor and system configuration不同而变化。内核使用软件中断初始化线程调度和处理异步问题.
Mapping Interrupts to IRQLs
IRQL和IRQ是不同的,IRQ属于interrupt controllers(简称ICs)中的概念,ICs中并没有IRQL中的概念,IRQL是HAL中的概念。HAL将IRQL对应到中断(IRQ).流程如下:Device Driver(能够调用BUS Driver)识别相应设备并且决定哪些中断可被该设备接受。Bus Driver(估计应该是Device Driver调用Bus Driver)报告这些信息给Plug and Play manager,Plug and Play manager扫描所有设备可以接受的中断,然后将某个中断指定给相应的设备,再调用HAL将IRQL映射到IRQ。
映射算法随着HALs的变化而发生改变。例如x86系统单CPU,有一个中断数组,其索引减去27就是IRQL;多CPU比较麻烦了,这种系统的中断数组超过200个,但却没有这么多的IRQL与之对应,HAL采用round-robin(时间片轮转?)扫描device IRQL (DIRQL) range(为将设备中断映射到IRQL),这样的系统没有办法预知某个中断对应的IRQL(应该是根据设备的变化而改变?);对于x64系统,利用16除以(指定给IRQ的)中断数组(难道有多个?)来计算IRQL。
中断级别:high level-调试(暂停系统运行)/遮蔽中断;Power fail level-电源管理有关(?);Inter-processor interrupt level-CPU之间交互(CPU1通知CPU2做某件事);Clock level-时钟中断;profile level-kernel profiling (a performance measurement);device IRQLs-对设备中断进行优先级排序;DPC(Delayed Procedure Call)/dispatch-level and APC(Asynchronous Procedure Call)-level:属于软件中断;passive level-不是真正的中断,是正常线程运行过程中发生的,这些中断都允许发生的(从这里可以看出,有些中断可以在线程中发生,但有些不可以);One important restriction on code running at DPC/dispatch level or above is that it can’t wait for an object if doing so would necessitate the scheduler to select another thread to execute, which is anillegal operation because the scheduler synchronizes its data structures at DPC/dispatch level and cannot therefore be invoked to perform a reschedule.代码能够运行的中断级别并非是随意的,对于高于或等于DPC/dispatch level的IRQL是有限制的,这样的线程(假设为T1)不能出现等待操作(用于同步),假如T1等待一个对象,线程调度器势必调用另外一个线程T2,但是线程调度器同步(这也是一个中断)它的数据结构正是在DPC/dispatchlevel进行的,这样线程调度器就没有办法被调用用来调度T2.这句话不是很理解(?)。另外一个限制是T1线程代码不能够访问页文件,如果T1访问页文件就会发生缺页错误,T1就要等待内存管理器从磁盘上该页调到内存,而这个等待操作就会引起调度器进行上下文切换(目的是运行内存管理器),但这个操作是违法的,因为T1的IRQL is still DPC/dispatch level or higher at the time of the disk read).(这段话意思可能是这样的:线程T1等待一个对象(这是一个中断,且IRQL高于等于是DPC/dispatch level,假设级别为IRQL1),此时需要线程调度器调度另外一个线程T2,而这也是一个中断且中断请求假设为IRQL2,需要注意的是IRQL1大于等于IRQL2,而IRQ1又是先发生的,这就导致IRQ2必须等到IRQ1处理完毕后才能处理IRQ2,但IRQ1又需要先执行T2才能继续处理,而T2必须先被线程调度器调度,可线程调度器又要求先处理IRQ2,这就发生了矛盾.这样理解对不对??)
Interrupt Objects
The kernel provides a portable mechanism—a kernel control object called an interrupt object,这个object允许device drivers注册自己的(Interrupt Service Routine)ISRs,an interrupt object包括IRQL,ISR address及IDT等。When an interrupt object is initialized, a few instructions of assembly language code, called the dispatch code, are copied(拷贝代码?) from an interrupt handling template, KiInterruptTemplate,and stored in the object. When an interrupt occurs, this code is executed.(这句话似乎是说interrupt object is initialized被初始化时得到dispatch code(是拷贝方式?我怀疑是得到这段代码所在的函数或指针),中断发生时就会执行dispatch code).This interrupt-object resident code calls the real interrupt dispatcher(?),two-step process is required ...because the initial dispatch is done by hardware. ...这一段比较难以理解。利用interrupt objec注册ISR,这样做可以使同硬件相关的驱动不必根据中断的变化而变化,同时也不必了解IDT的细节,有利于创建可移植的驱动程序,因为这样的驱动不需要考虑同CPU相关的问题。Furthermore,interrupt objects allow the kernel to easily call more than one ISR for any interrupt level(同一个ISR可以为不同级别的中断服务?).不同的设备创建的interrupt objects且connect them to the same IDT entry,这种情况下the interrupt dispatcher calls each routine when an interrupt occurs at the specified interrupt line(这句话是不是说调用一个Routine在同一个line上,即使中断不同?). This capability allows the kernel to easily support “daisy-chain(串接)” (串接什么?中断么?)configurations, in which several devices share the same interrupt line. The chain(位于同一个Line上的中断?) breaks when one of the ISRs claims ownership for the interrupt by returning a status to the interrupt dispatcher.If multiple devices sharing the same interrupt require service at the same time(共享同一个中断的的设备同时要求服务), devices not acknowledged by their ISRs (ISR不知道的设备?)will interrupt the system (再次中断系统?)again once the interrupt dispatcher has lowered the IRQL(不理解). Chaining is permitted only if all the device drivers wanting to use the same interrupt indicate to the kernel that they can share the interrupt(仅当共享同一个中断的所有设备都向内核指出自己能够共享同一个中断,中断链才能使用?); (? if they can’t, the Plug and Play manager reorganizes their interrupt assignments to ensure that it honors(?) the sharing requirements of each. If the interrupt vector is shared, the interrupt object invokes KiChainedDispatch, which will invoke the ISRs of each registered interrupt object in turn until one of them claims the interrupt or all have been executed. In the earlier sample !idt output, vector 0x3b is connected to several chained interrupt objects ?).这段话很难理解?
Software Interrupts
Dispatch or Deferred Procedure Call (DPC) Interrupts 
When a thread can no longer continue executing... 这段话应该这么理解:如果一个线程进入等待状态,内核调用dispatcher进行上下文切换(需要注意的是,这个应该立即发生,使该线程处于等待状态,是不能推迟的。然后内核会调度其它线程),有时候kernel正在做其它事情(it is deep within many layers of code)时(这样理解对么?)检查rescheduling should occur(这应该是指 ‘(需要)重新安排(其它线程进入运行状态)发生了’),这种情况下kernel(仍然得)requests dispatching(dispatcher可理解为调度程序,那么这个呢?应该是请求调度其它线程(进入运行状态)),但是会推迟这个它(requests dispatching)发生的时间。

  The kernel always raises the processor’s IRQL to DPC/dispatch level or above when it needs to synchronize access to shared kernel structures.(内核需要同步访问内核数据结构(既然是同步访问,肯定涉及多线程访问共享资源)时,总是提高processor’s IRQL(同步访问内核数据结构也需要中断?)到或超越DPC/dispatch level(实际上是说比线程调度级别要高,这意味着什么?)This disables additional software interrupts and thread dispatching(this指同步访问内核数据结构时会提升该IRQL,这句话意思是this会阻止软中断和线程调度,也就是说访问内核数据请求的优先级更高). When...dispatching should occur(指需要发生线程调度这样的事件,正常情况下内核会请求一个DPC/dispatch-level的中断), it requests ...; but because the IRQL(指raises the processor’s IRQL to DPC/dispatch level or above...) is ...at or above that level(指DPC/dispatch-level interrupt), the processor holds the interrupt in check(保持检查DPC/dispatch-level interrupt). When the kernel completes its current activity(估计应该指synchronize access to shared kernel structures), it sees that ...
... ...
  DPCs provide the.... The kernel uses DPCs to process timer expiration(计时结束,应该是指计时完成之后要处理的事件,例如线程T等待该timer,当计时结束时,内核会调用dispatcher调度线程)...and to reschedule the processor after a thread’s quantum expires(quantum时限 quantum timer 应该是指 时间片用完).One way that this goal is for ...  in a DPC at DPC/dispatch IRQL(这句话的主干是:One way...is for device driver ISRs to ... perform..., save..., and defer... in a DPC at...,one way在这里的意思是方面(原因/目的)之一, that指way,this goal is achieved修饰that,达到这个目标的way,可以这么理解: 达到这个目标的原因之一是为了...,作者想表达的意思是"goal is achieved有很多原因,其中之一是为了(is for)..."; 还有,this goal是不是指...attempts to keep the IRQL below device IRQL levels?).
... ...
By default, ...the kernel ... on which the DPC was requested(on which the DPC was requested 这说明请求DPC和CPU相关,也就是说是在某个CPU上请求DPC的,由此推论DPC对象很可能有一个标识CPU的成员). ... targeting the DPC at a particular processor(设备驱动为DPC指定在哪一个CPU上运行)....as a targeted DPC(targeted DPC. 指那些已经指定在某个CPU上运行DPC,于此相对,DPC对象还有一个中间状态,那就是还没有被指定在某个CPU上运行,non-targeted DPC).
  When the processor’s IRQL(指处理器中断请求)... drop from ... to...(processor’s IRQL指处理器中断请求?,drop from...to...从...跌落至...,因为OS中不仅仅有DPC中断,还有其它中断请求,有些高于/等于DPC IRQL(当然也有低于的),只有当其它所有CPU中断请求级别低于DPC/dispatch级别时,内核就会处理DPCs). Windows ensures that the IRQL(指DPC IRQ?) remains at DPC/dispatch level(难道是DPC IRQL不会降低么?) and pulls ...(从DPC队列中取出DPC对象进行处理).... Only when ... will the kernel let the IRQL(处理器中其它的断请求?) drop below DPC/dispatch level and let regular thread execution continue.(Only+状语,will...倒状 可以这么理解Only when...,the kernel will...,这句话是说DPC队列变空时,kernel会降低这个IRQL(哪个?)且...) 



















本文转自jetyi51CTO博客,原文链接: http://blog.51cto.com/jetyi/294434,如需转载请自行联系原作者



相关文章
|
4月前
|
C# C++
【Azure Function】在VS Code中创建Function项目遇见 No .NET worker runtimes found
【Azure Function】在VS Code中创建Function项目遇见 No .NET worker runtimes found
|
编译器 Go 开发工具
JetBrains GoLand 以debug运行Go程序时出现could not launch process: decoding dwarf section info at offset 0x0: too short报错之保姆级别解决方案
JetBrains GoLand 以debug运行Go程序时出现could not launch process: decoding dwarf section info at offset 0x0: too short报错之保姆级别解决方案
286 0
|
前端开发 Windows
前端项目实战拾肆-window上‘PORT‘ is not recognized as an internal or external command
前端项目实战拾肆-window上‘PORT‘ is not recognized as an internal or external command
83 0
|
算法 测试技术 计算机视觉
Py之slidingwindow&sliding_window:slidingwindow、sliding_window的简介、安装、使用方法之详细攻略
Py之slidingwindow&sliding_window:slidingwindow、sliding_window的简介、安装、使用方法之详细攻略
Py之slidingwindow&sliding_window:slidingwindow、sliding_window的简介、安装、使用方法之详细攻略
win7-vs2012下安装.net frame work 的过程图文详解
win7-vs2012下安装.net frame work 的过程图文详解
1067 0
win7-vs2012下安装.net frame work 的过程图文详解
|
Web App开发 Java 关系型数据库
tech| 开发环境之window
开发, 用 mac 吧!
193 0
|
Web App开发 API Windows
一起谈.NET技术,Silverlight实例教程 - Out of Browser的Debug和Notifications窗口
  Silverlight 实例教程索引 Silverlight 实例教程 - Out of Browser开篇 Silverlight 实例教程 - Out of Browser配置,安装和卸载 Silverlight 实例教程 - Out of Browser的自定义应用 Silverligh...
1059 0
|
存储 Windows
Window“.NET研究”s Phone 7 Tips (2)
  上一篇Tips:Windows Phone 7 Tips (1), 今天也是分享10个Windows Phone 7 技巧,并提供离线文档下载。  1. 在Windows Phone 7中最简单的操作IsolatedStorge的代码: SaveNote()将文本框内容保存到Note.txt中,Edit()读取Note.txt到文本框中。
1023 0
|
Windows
一起谈.NET技术,Hello,Expression Blend 4 (含Demo教程和源码)
  前言   这段时间的开发不会用到Blend,到年底才会大量用到,本来打算到时候在写Blend相关的笔记,不过看到一些朋友还比较感兴趣,所以这里提前整理了一下。   首先,我希望你记住下面几点:   1、 Blend并不完全是为Designer设计的,玩得最好的一定是Programmer  2、必须了解Behavior,Blend很多特性基于Behavior   Expression Blend 的技术发展历史   2007   Blend的第一个版本就可以进行基本的动画设计。
1056 0