Differences between Linux and Windows kernels

Source: Internet
Author: User
Tags apc
[Statement: you are welcome to repost it. For details, refer to the source Cu accessory http://linux.chinaunix.net/bbs/thread-1153868-1-1.html]

There are already many slots about Linux and Windows. This article attempts to compare the similarities and differences between the two mainstream operating systems from a technical perspective. Focuses on the kernel.

I. Motivation:

I was first in the Windows camp. I have written drivers in Windows for more than two years. Later, due to learning needs, it was almost two years since I switched to Linux. During this period, I experienced many twists and turns and learned a lot. I feel more familiar with Linux because I have not enough experience and knowledge when developing a Windows Driver.

Of course, every two years of study can only be said to be an entry. Every operating system is very broad and profound, and is constantly developing. Therefore, from a personal perspective, it is inevitable that there are deficiencies. You are welcome to correct them.

I want to write this article to help those who are also transferred from the window camp, and to switch from Linux to Windows (such as the boss's requirements) and those who are interested in both of them are helpful.

In general, I think the two operating systems have their own strengths. I like Linux's freedom and openness, as well as Windows's unification and compatibility. The following compares the similarities and differences between the two operating systems.

BTW: Windows kernel has not changed much since Windows 2 K. I am also familiar with Win2k and Win XP. In this article, the Linux kernel is 2.6. Or, more specifically, 2.6.18. Because I am most familiar with this version. However, the latest version seems to be 2.6.31. In addition, for 2.6.18, I quoted the article T-Bagwell from this version: "2.6.18 seems to be a relatively stable and large version, just like 2.4.18. It is relatively stable, and many enterprises and embedded systems adopt it ". My commonly used centos 5 is based on 2.6.18.

Ii. Differences between the two:

I think the biggest difference between the two is that Windows is a commercial software, while Linux is an open source software. The advantage of commercial software is that it can concentrate a large amount of manpower and material resources to do one thing. Easy to unify and be compatible (due to customer needs ). The advantage of open source is flexibility and openness.

In the comparison below, I usually first introduce windows, and then introduce Linux.

1. Concept: Business vs open source

Windows is a commercial software, and its source code is confidential. of course, other non-MS users still have the opportunity to see the source code. if you sign an NDA (non disclosure agreement) with MS, you may also get the windows code.

However, for the majority of poor students and even companies that use pirated Visual Studio, signing NDA with MS is almost unimaginable. therefore, in the Windows world, it is difficult to know the specific information of the window kernel. it can only be leaked by DDK (driver development kit) and windbg (kernel debugging tool. then there is reverse engineering (reverse engineering can be simply understood as disassembly, which is actually more complex ).

This also caused the <windows internals> book to become popular. because it is authorized by Microsoft, and many internal details are published. another book about the kernel is <uninitialized ented windows 2 k secrets>. Although old, there are many insider stories. For Windows, the words untitled ented and secrets are similar to the words "Super beauty. Because these things cannot be seen at ordinary times.

In the Linux World, a common word is rtfs. That is, read the fxxxxxx source code (this sentence is said to be the first out of Linus Torvalds, that is, the father of Linux ). That is to say, "read the damn code ". In other words, I gave you all the code. What else do you want? It's like a man said to him, GF/LP/lD. I gave you all the bank account and password. What else do you want?

In fact, he does not know (or cannot know) that a woman still needs your time and energy to accompany her. As if Linux programmers do not realize the document, it is also very important. Of course, Linux programmers should also be aware of the document, but one is that the maintenance cost is too high, and the other is that the Linux kernel changes too fast. Therefore, the Linux documentation is always worse than msdn.

I can't wait to download the source code of win 2 K. although I have never seen it so far, the feeling of getting the Windows source code is definitely no worse than marrying a peerless beauty. (Of course, if you really want to marry your wife, you still need to look inside ).

In contrast, Linux is open-source and its code is always visible. I was shocked by the transfer from the Windows world. although I have always known this fact, when you find that you have to use all kinds of methods to get a few words of information that is fully presented to you, only then can you truly realize that open source is indeed a great project.

After reading the Linux source code, I finally found that most of the original kernel is also C language (rather than the previously imagined assembly ). at the same time, the kernel seems like that, not as mysterious as previously imagined. it is a little more troublesome to compile the kernel than to compile a common program. the original kernel can be compiled using a common C compiler. the original kernel is also a common executable file. (PS: I suspect Ms also uses vs to compile Windows. I also know that the Windows kernel is also an executable file .) it was so easy to replace the kernel.

Finally, I can change the kernel. Wow, haha!

I think business is also good. For example, if the compatibility is good, I used to write a driver using WDM. After changing the compilation options, I can run it under WIN 98, win 2 K, and Win XP. Very convenient. If you change to Linux, you have to pray that the header files and function interfaces that you use are not modified between different kernel versions. Otherwise, you have to change the code.

At the same time, the advantage of open source is that it is suitable for learning and flexible. I think Linux is very suitable for schools and students. Because it is open-source, when you find something you don't understand, you can directly look at the source code (remember rtfs? ). You can also go to the Forum to ask questions. For Windows, if you want to know its internal mechanism, You have to Google and pray. A good resource is a magazine under msdn. One of the topics is "under the hood" or "Search for bugslayer. The authors of the two topics, Matt pietrek and John Robbins, are both cool people.

By the way, under the hood name itself. I have never quite understood it before, because hood means a lid for dictionary search. So what is under the lid? Why should we look under the lid?

After coming to the United States, I gradually understood. Hood should be understood as the car hood here. Cars are common in the United States. If you are driving but have never opened the hood, it means you will only use it, rather than know inside the car. What if you open the lid? We can see a lot of internal details, such as what the engine is.

In the automobile kingdom, many software terms are related to automobiles because people know cars well in their daily lives. For example, when I used to play 3D games, I often see that this game uses the latest 3D engine. What do you mean? That is, the core part of the game (the car engine) has been upgraded. It's not just about changing the external character image.

In addition, open-source software often uses cars for analogy. When you buy a car (software), you can get a repair shop to repair it. That is, anyone can change it as long as he understands it. And copy right software, that is, you bought a car, but the engine lid is locked. If it is broken, you can only repair it at the manufacturer. Others cannot repair it. What if the manufacturer does not want to repair it or does not repair it? Then you can only accept your destiny.

It's a little far away. Stop it.

1.1 Release: Binary vs. source code

Here we will mainly discuss the different forms and concepts used in the release of Windows and Linux, which are linked with the basic concepts of the previous commercial or open source.

In the Windows world, almost all installer programs are released in binary format. That is to say, the user downloads a program, double-click it, and click Next, next, and next. This method is suitable for beginners. There are similar mechanisms in the Linux world, such as Yum and apt-Get. However, both Yum and apt-Get appeared late. Before that, it was more troublesome to install programs in the Linux World.

Sometimes, Linux's yum and apt-Get are not enough. For example, a small software written by some people is not put into these large public libraries. At this time, you will find that they generally provide one or a bunch of source files, and then the user needs to download, "compile", and install. This is also a common source code release form in the Linux World.

At the beginning, I was very unaccustomed to this release form of Linux. I used to install Windows by double-clicking. I always felt that Linux installation was very troublesome and I had to install it myself. /configure, make, make install. in case the software depends on other libraries, you have to find those libraries by yourself. in case those libraries depend on other libraries ...... in addition, the versions of various databases are also a problem. In case of incompatibility, you need to find a compatible version.

Why are there so many source code releases in the Linux World? Why is binary file publishing popular in windows, rather than source code? The latter is well explained, because many source codes on windows are trade secrets and are not open to public. At the same time, the libraries used by Windows programs are installed in general systems. Therefore, binary release is feasible and convenient.

With regard to the previous issue, I think the advantage of source code release is that some optimizations and settings can be made during compilation. For example, the same code can be properly optimized during compilation on a 32-or 64-bit platform. In addition, you can set some switches during compilation, so that the optimization during compilation is generally better than the optimization of running time.

However, one disadvantage of source code release is that it has high requirements on users. If you run configue and make command smoothly, it will be fine. If the problem persists, you must change the header file. In addition, the dependency between libraries is also very troublesome for manual processing. Fortunately, in the Linux World, yum apt-Get and other package management systems were available. Most software can be easily installed.

2. Process and CreateProcess vs fork + execv

In the Windows world, the most common Win 32 API for Process Creation is CreateProcess and related functions. This function requires a bunch of parameters (Windows API features), but many parameters can be expressed simply by null, true or false. In addition, you can directly tell the file to be executed.

In the Linux World, I vaguely know that fork is used to create a new process. But when I read the fork function description, I got stuck. Because fork does not need any parameters. I am used to the 10 parameters of CreateProcess and suddenly changed to a function without any parameters. It is amazing. On the one hand, it seems that things are much simpler, so you don't need to understand every meaning of 10 parameters. On the other hand, I am confused. How can I tell it that I want to execute a file?

Later I learned that the meaning of processes in Linux is different from that in windows. Processes in Linux can be executed. In Windows, a process only indicates the owner of a resource and cannot be executed. A thread is required for execution. This also explains why the name of the file to be executed must be passed in CreateProcess.

The meaning of fork is to clone the process itself. That is to say, after fork, both the parent process and the child process execute the same piece of code. If you want to differentiate them, you can differentiate them based on the returned values of fork. Reference a fork description:

On success, the PID of the child process is returned in the parent's thread of execution, and a 0 is returned in the child's thread of execution.

At the same time, common statements in Linux are as follows:

Int PID;
PID = fork ();
Switch (PID)
Case 0: // I am the child

Case-1: // failed.

Default: // I am the parent


Why is it designed like this? Because one of the goals of Linux is to apply it to servers. In this case, a service may start many processes (threads) to serve different clients. Therefore, fork is designed to quickly copy the parent process. The child process uses the parent address space directly. The child process creates its own address space only when loading a new executable file.

This saves the overhead of creating the address space, making Linux processes very fast. But in fact, the process here is relative to the Windows Thread, so the overhead of the two is similar to that of the Windows Thread creation.

So how can we let the new process load an executable file? execv and related functions are required. In Linux, the function that replaces CreateProcess () is fork + execv

3. File Format PE vs elf

The executable file format in Windows is PE. In Linux, ELF is changed. The two have similarities, such as dividing them into several sections, including code segments and data segments. But two are different. So that people from one to another have to learn it again. It is a bit like a person who is used to driving a car in China. when driving a car in Hong Kong or the UK, even if there are four wheels and one steering wheel, one is driving on the left and the other is on the right. It always takes some time to get used to it.

So why cannot Linux use the same file format as windows? I think there are several possible reasons. First, two may be designed at the same time, and they do not know each other's existence. Therefore, one party cannot overwhelm the other. Another possible reason is that the PE format is still confidential at the beginning (later, Ms published the PE spec), so even if Linux wants to use PE directly, it won't work.

By the way, the document format of MS office was previously kept confidential until recently (as if 2008. We hope this will make the development of open office much smoother.

4. kernel APIs: Fixed vs unfixed

Windows kernel has a fixed set of APIs and is backward compatible. This makes it easy for Windows drivers to be transplanted between different versions. For example, if I develop a driver using WDM (Windows Device Model), I can change the compilation options at most to win 98, 2 K, XP, and 2003. I think Vista works.

Linux does not have a fixed kernel API. Kernel Modules of version 2.4 are almost incompatible with version 2.6. To be transplanted, you should not only change the compilation option, but also change a bunch of header files and implementation files. The trouble is that, even if the kernel is 2.6, different minor versions may be different. If your kernel module uses the changed part, you have to re-learn it and then change your header file or implementation file.

The advantage of a fixed kernel API is that it has good compatibility. The disadvantage is that it has a large workload and has to support old APIs at any time. It may be outdated interfaces. For example, there is a set of WDM APIs in the Windows Kernel, but there is a set of NDIS APIs dedicated to NICs. In fact, many of the two APIs are designed to overlap. So why are there two? Because NDIS comes out first, it must be supported for compatibility. While NDIS is only for NICs, so WDM is available again.

The disadvantage of the unfixed API is that the upgrade is very troublesome, and the peripheral kernel module maintainer is very hard. The advantage is that the updated design can be used at any time.

5. Comparison of interrupt handling in Windows and Linux

5.1 differences:

In Windows, there is an IRQL (not IRQ) concept. At first, I thought it was the CPU design that included this stuff. Later I checked the Intel CPU manual and found that there was no such manual. Recently I read windows interals 4th again. This should be included in the PIC or APIC (for more information about APIC, see my previous post ). For the X86-32, the relationship between the IRQ of the hardware device and IRQL is: IRQL = 27-irq. The motivation for introducing IRQL seems to be as follows: when the CPU runs at a low IRQL level, if a high IRQL level is interrupted, then the ISR with low interruptions will be snatched by the high ISR. That is to say, a lower ISR is interrupted by a more advanced ISR. The advantage is that ISR with a higher priority can get a response faster.

In addition, in the specific implementation, it is time-consuming to change the image or APCI to IRQL. Therefore, Windows tries not to directly operate the hardware, but to wait until the last resort.

In Linux, there seems to be no idea like IRQL. According to the books and code I have read, The ISR or kernle in Linux can be used to enable or disable the interrupt flag (IF) on the CPU at most. That is to say, either the service is interrupted and the service is fully enabled.

From this point of view, the design of Linux in this part is simpler than that of windows.

5.2 similarities:

Both Windows and Linux seem to have divided interruptions into two parts. In Linux, is it ISR (or another ?) And bottom half. In winodws, DPC (deferred procedure CILS) and APC (asynchronous procedure CILS) are very similar to bottom half. The motivation for dividing an interruption into two parts is similar. They all aim to make ISR faster and better. In Linux, it is usually disconnected in ISR, so if the time is too long, other interruptions will not be responded. In Windows, ISR runs in a very high IRQL, which also blocks other tasks with relatively low IRQL.

In Linux, bottom half can be divided into tasklet and sofirq. The main difference between the two is concurrency ). The following is a copy from <understanding Linux Network internals>.
Tasklet: only one instance of each tasklet can run at any time. Different tasklets can run concurrently on different CPUs.
Softirq: only one instance of each softirq can run at the same time on a CPU. however, the same softirq can run on different CPUs concurrentlyonly one instance of each softirq can run at the same time on a CPU. however, the same softirq can run on different CPUs concurrently.

In Windows, DPC is similar to tasklet and softirq. DPC is within the system and runs on dpc irql. Is an environment similar to the interrupt context (Interrupt context ). The difference between APC and DPC is that it runs at a lower level apc irql. In addition, APC targets every thread. Run in a thread environment. The main purpose is to put some things into future execution. APC is divided into kernel APC and user APC. Does APC seem to be similar in Linux? At least I did not expect it.

5.3 references:
1. Windows interals 4th
2. Understanding Linux Network internals 2005

Unicode vs ASCII
Kernel 4 M/4 K mixed page vs 4 K page
FS segment vs no FS
GDI vs xwindows
IRP vs function pointer
Registry vs common file

3. Consistency

Windows and Linux are similar in many places. I think there are two basic reasons. One is that both of them continue part of UNIX. The other two are mainly based on the X86 architecture. Of course, both of them also support many other architectures, especially Linux.

I will mainly discuss the consistency in the x86 system.

1. Concept
All files together.

2. kernel ing: 2G: 2g, 1G: 3G. Linear ing

3. Socket

4. device driver or kernel module

5. system calls and interruptions

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.