Windows 11 received its first Patch Tuesday Update a few hours ago. It"s not a huge update considering the OS just started rolling out generally in a staggered manner over a week ago. It fixes just some compatibility issues, seemingly without introducing new ones. However, if you still felt that the update installed on your PC quicker than you expected, Microsoft has now provided more insight into what made this possible.
Before we go into the details of what has changed in Windows 11"s servicing model, it"s important to discuss the motivation behind the change as well as the existing servicing model. Windows is an OS that is used in a variety of environments all over the globe especially in this hybrid environment where everyone may not have access to the fastest internet connections but still need to remain protected through security patches. This is why it"s essential that patches are small in size, especially since monthly cumulative updates contain all previously released fixes.
Windows 10 version 1809 and above use paired forward and reverse differential compression described in the diagram above. It ensures that the OS can revert to its base version as an intermediate state while servicing. As you may notice, while the forward and reverse differentials are symmetric, they feature very different content. Microsoft does not utilize a bidirectional delta because some transforms and patches may delete the data that is needed for a reverse delta. For a non-destructive transform to be ensured, a reverse delta would first need to store the content added and deleted by the forward delta. However, as we noted above, due to the disjoint in content, the process would not be very efficient, at least when compared to paired forward and reverse differential compression. You can find out more details about this process in Microsoft"s whitepaper here.
Microsoft has significantly change this process in Windows 11 using an approach called reverse update data generation. It"s a seemingly simple and intuitive approach that observes the delta instructions and then reverses them directly without going through the paired delta reverse pass. However, on the backend, this constitutes a significant backend change that uses a mapping table to map the resultant changes in assembly code functions. Microsoft explains that:
The mapping works by running a byte-by-byte disassembly of the program’s assembly code and identifying the virtual addresses. Virtual addresses correspond logically to entry points for assembly code functions and shift when the assembly code is updated with a fix. These shifts are observed by the delta engine and are captured by a mapping table. The mapping process on delta apply normalizes the addresses of these changes and is a large part of the reason of why modern architecturally enlightened delta algorithms are so efficient.
Much like the basic patching instructions, these transforms can be “observed” and reversed. There is a slight overhead as not all mappings are 1:1, and where forward mapping conflicts with its observed reverse mapping, additional patch instruction must be used to align the mapping. This can be done in-place, and the reverse mapping will provide nearly the same performance as a reverse delta with a direct mapping from a delta generation done on the server.
Microsoft claims that its reverse update data generation approach has resulted in a 40% reduction in the size of Windows 11 updates. The company says that it also filed for a patent for this methodology a few months ago. It remains to be seen whether Microsoft will backport this technique to Windows 10 as well.