Use Microsoft-Windows-Kernel-Memory instead of scanning working sets #80
Comments
Windows makes it cheap and easy to retrieve the size of the full working set of a process, but expensive and tricky to calculate the private working set or PSS. In order to avoid causing problems UIforETW now defaults to just grabbing the full working set (of specified processes) and only calculates the private WS and PSS when a checkbox is checked.
|
I tested on Windows 7 and while Microsoft-Windows-Kernel-Memory works as a provider (the trace can be recorded) no memory data is recorded - at least nothing that WPA shows. I'll test on Windows 8.1 as well and figure out what version checking to use. I'll also try KERNEL_MEM_KEYWORD_WS_SWAP to see if it is any use. |
|
I found a bit of documentation of these flags here: https://github.com/MSOpenTech/Tx/blob/master/Manifests/SystemEvents.man If you have any other information then please share. |
|
You can use Perfview on a Windows to dump the manifest and look which events are supported.
For me it shows that Win7 only supports |
|
Testing on Windows 8.1 shows that it captures KERNEL_MEM_KEYWORD_MEMINFO_EX data - the Virtual Memory Snapshots view is populated. I haven't tested Windows 8 and don't intend to. So... on Windows 8.1 and above we can rely on Microsoft-Windows-Kernel-Memory and can disable UIforETW's scanning of working sets, which neatly reduces the overhead of having UIforETW running. |
On Windows 8.1 and above the Microsoft-Windows-Kernel-Memory provider gives detailed working set information for very low cost and therefore makes the working set scanning thread completely unnecessary. This resolves issue #80
|
I'm tempted to put more information in the settings dialog to explain why the options are disabled in 8.1 and above, but for now I haven't bothered. Fixed. Thanks for the suggestion. It will be in the next release. |
|
You should also enable it for 6.2 (Win8(Embedded)/Server 2012), not only 8.1/2012R2. |
The Microsoft-Windows-Kernel-Memory records working set data more efficiently and more richly than UIforETW's scanning: "when used with Keyword 0x40 KERNEL_MEM_KEYWORD_MEMINFO_EX, Windows captures every 0.5s: Count, ProcessID, WorkingSetPageCount, CommitPageCount, VirtualSizeInPages, PrivateWorkingSetPageCount."
"Windows 8 (Build 9200) also supports KERNEL_MEM_KEYWORD_WS_SWAP (0x80). Win7 only supports KERNEL_MEM_KEYWORD_MEMINFO (keyword 0x20)..."
This was first suggested here:
16c2171#commitcomment-17227542
Previously when trying to use built-in ETW providers working-set information I found that WPA would not graph the data that was recorded but WPA graphs the Microsoft-Windows-Kernel-Memory data quite nicely. These flags should be used where supported, and if possible the existing scanning code should be turned off or removed.
The text was updated successfully, but these errors were encountered: