2013 Outstanding Technical Leadership
As architect, designer, implementer and primary debugger for all aspects of memory management, Landy Wang has been deeply involved in the development of flagship Microsoft products.
The nomination statement for the 2013 Outstanding Technical Leadership award describes Landy Wang as the “one-man development team” behind the Windows Memory Manager. Since leadership awards are typically associated with management, it may seem odd that the Distinguished Engineer who has earned this year’s honor is instead a practitioner. But in fact, it speaks volumes about the man.
“For me, being hands-on and doing things lends me credibility based on experience,” says Wang. “I like to think that when I share my design ideas and feedback with colleagues, they listen because they know I approach the design process with the shared goals of doing it the right way and within an efficient timeframe.”
Wang has earned plenty of respect. For 15 years he has been the architect, designer, implementer and primary debugger for all aspects of memory management in Microsoft's flagship products, including Windows 2000, Windows XP, Server 2003, Vista, Server 2008, Windows 7, Windows 8 and Server 2012. Wang's influence has extended well beyond the code he has owned: he has been at the forefront of designing industry initiatives, leading partners towards more robust and scalable architectures, and helping customers every step of the way.
It was the opportunity to have this level of impact that drew Wang to Microsoft in the first place. Early on, the young computer science graduate was working as a Unix developer in the Bay Area. As he recalls, although he worked on a lot of interesting Unix projects, he only saw them used in niche markets as opposed to being integral to everyone’s daily computer use.
“It became more and more clear to me that I wanted to work on something that was more meaningful to a large number of people,” he recalls. “I believed Microsoft’s Windows NT operating system was going to be something that made a difference in the majority of people’s computing experience—something that was going to affect the lives of a billion people rather than 200,000. It became clear that Microsoft would be the best way for me to have that kind of impact.”
Wang joined Microsoft in 1997, and went to work on the Memory Manager subsystem in Windows. The existing subsystem and a number of other key ones had been originally written by Lou Perazzoli, who had since assumed the additional responsibility of managing the entire core Windows group and needed someone to take over the day-to-day memory management tasks. “I was fortunate to have a chance to fill that role,” says Wang.
“We worked on making Windows 2000 much more robust than the prior releases of Windows had ever been. And that effort spread across many components. We also made it work with something called PAE—physical address extensions. That was a way to use 16 times more physical memory on the existing 32-bit systems. We created a product called Terminal Server, allowing lots of people to share a single computer interactively at the same time. And we began creating a 64-bit version of Windows. We made it work on Digital's Alpha architecture, and Intel’s 64-bit Itanium and then the x64 architecture that everyone uses today. Those were all pretty big efforts.
“This effort went on in parallel with Windows 2000 and Windows XP. From there we moved on to dynamic kernel address space which greatly alleviated system configuration and scaling limitations. And after that, we went on to replace the systemwide PFN database lock with fine page-grained locking to deliver great scalability gains for our customers.”
If you want to sum up what Windows memory management and, by extension, Landy Wang have been responsible for, it boils down to key elements: enabling great things to happen, and preventing bad things from happening.
With regard to the former, memory management is the magic dust that operating systems and applications rely upon for performance, security and portability. “Memory management is a key facet of a computer,” explains Wang. “It’s the lynchpin that holds it all together, and provides the avenues we follow into the future.” Wang offers a simple analogy: think of the positive things you can do with memory in the same way you would taxes. A certain amount is collected from every citizen, and that revenue is used for communal needs: roads, libraries, schools. But if you can build them cheaper, you’re able to do more. And if you can do them incredibly cheaper, you might even reduce taxes and still manage to accomplish more.
“Memory management is that tax budget,” says Wang. “We are always looking for new ways to sharpen our pencils and get more bang for the same buck. The more we can lower the memory cost, the more creative we can be in building things with what we have left.” In this way, the ability of Window’s Memory Manger to scale up and scale down has effectively allowed Microsoft to scale from, as it says in Wang’s nomination statement, “palmtops to teraflops.”
In the area of preventing the bad from happening, memory management is also where protection against certain kinds of security vulnerabilities can be implemented. And just as Wang has endeavored to advance what can be done with memory, he has also introduced leading security measures to make computing safer for all.
One of these measures is Address Space Layout Randomization, or ASLR. In 2006, Windows Vista was about to ship and ASLR was an interesting idea that had been talked about but not yet acted upon. According to Wang, that changed when Jim Allchin came back from international meetings with news of a 10-gigabyte hacker database—basically a do-it-yourself guide on how to elevate an attack once you’d broken into Windows, keyed to every existing version and every existing fix.
It was time to act. “Even though it was a few months before we shipped, we decided to be bold and go after it,” recalls Wang. “Jim was the one who said, we need to do this and it has to be right the first time, there’s no margin for error given how close we are to shipping.”
Wang’s solution effectively thwarted the hacker database by randomly arranging the positions of key code and data areas within memory. The concept of ASLR is elegant in its simplicity: imagine a burglar with blueprints to a tract of identical homes, complete with the exact location of each home’s safe and its combination. With this in hand, he can quickly find what he wants, cleaning out the neighborhood in a matter of hours.
But if you could randomly make every home’s interior different, the burglar’s power becomes limited: Even if he breaks in, he doesn’t know where anything is; the valuables could be in the garage or the refrigerator or somewhere in the attic. That’s what ASLR does, but instead of homes, it does it for the billions of machines running on Windows. And this is what Wang was able to pull off in the weeks leading up to the shipment of Windows Vista.
“This was a very aggressive move especially given that we were 95% done with the release at that point,” says Wang. “No operating system had it at that point in time. But with the existence of this 10-gigabyte database, we realized we had to make Windows safer.”
ASLR was designed to work in conjunction with Data Execution Prevention, or DEP, a security measure that prevented the execution of code from a non-executable memory region. This helps prevent hackers from exploiting minor bugs to elevate their privilege. DEP had actually been implemented two years previously, and Wang’s addition of ASLR was the final piece of the puzzle.
“Each prevented a different way for viruses to maliciously elevate privilege, but each one only fixed 50 percent of the total problem,” he explains. “Each individually is just a speed bump, but together they form a brick wall.”
DEP, ASLR and the Memory Manager’s ability to scale up and scale down represent just a handful of technical advancements that resulted from Wang’s leadership. The list goes on to include the Driver Verifier, large address space support, SOC design participation, security strategy and development of protection mechanisms, processor cache and instruction set semantics, driver and I/O model improvements, corruption detection and repair capabilities, prefetching, caching and superfetch. All bear his mark in one way or another.
“When I approach a new project, I quickly envision the ultimate goal regardless of the constraints of the existing architecture, anticipate the potential pitfalls, come up with solutions ensure that the changes will fit seamlessly with the current system and then confidently proceed full speed ahead to completion,” Wang says. “I don’t like to compromise the fundamental tenets of the design process or any of the implementation of that design because doing so can potentially impact the entire ecosystem that is supported by Windows.”
This strong discipline goes a long way in explaining how this Outstanding Technical Leadership honoree has been so successful in leading by example rather than command. And it also explains why, when it comes to Windows memory management, Wang’s endorsement is regularly accepted as the stamp of approval, both at Microsoft and in the industry.