
In computing, a system call (syscall) is the programmatic way in which a
computer program
A computer program is a sequence or set of instructions in a programming language for a computer to Execution (computing), execute. It is one component of software, which also includes software documentation, documentation and other intangibl ...
requests a service from the
operating system
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ...
on which it is executed. This may include hardware-related services (for example, accessing a
hard disk drive
A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating hard disk drive platter, pla ...
or accessing the device's camera), creation and execution of new
processes, and communication with integral
kernel services such as
process scheduling. System calls provide an essential interface between a process and the operating system.
In most systems, system calls can only be made from
userspace processes, while in some systems,
OS/360 and successors for example, privileged system code also issues system calls.
For
embedded system
An embedded system is a specialized computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is e ...
s, system calls typically do not change the
privilege mode of the CPU.
Privileges
The
architecture
Architecture is the art and technique of designing and building, as distinguished from the skills associated with construction. It is both the process and the product of sketching, conceiving, planning, designing, and construction, constructi ...
of most modern processors, with the exception of some embedded systems, involves a
security model. For example, the ''
rings'' model specifies multiple privilege levels under which software may be executed: a program is usually limited to its own
address space so that it cannot access or modify other running programs or the operating system itself, and is usually prevented from directly manipulating hardware devices (e.g. the
frame buffer or
network devices).
However, many applications need access to these components, so system calls are made available by the operating system to provide well-defined, safe implementations for such operations. The operating system executes at the highest level of privilege, and allows applications to request services via system calls, which are often initiated via
interrupt
In digital computers, an interrupt (sometimes referred to as a trap) is a request for the processor to ''interrupt'' currently executing code (when permitted), so that the event can be processed in a timely manner. If the request is accepted ...
s. An interrupt automatically puts the CPU into some elevated privilege level and then passes control to the kernel, which determines whether the calling program should be granted the requested service. If the service is granted, the kernel executes a specific set of instructions over which the calling program has no direct control, returns the privilege level to that of the calling program, and then returns control to the calling program.
The library as an intermediary
Generally, systems provide a
library
A library is a collection of Book, books, and possibly other Document, materials and Media (communication), media, that is accessible for use by its members and members of allied institutions. Libraries provide physical (hard copies) or electron ...
or
API
An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...
that sits between normal programs and the operating system. On
Unix-like
A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...
systems, that API is usually part of an implementation of the
C library (libc), such as
glibc
The GNU C Library, commonly known as glibc, is the GNU Project implementation of the C standard library. It provides a wrapper around the system calls of the Linux kernel and other kernels for application use. Despite its name, it now also dir ...
, that provides
wrapper functions for the system calls, often named the same as the system calls they invoke. On
Windows NT
Windows NT is a Proprietary software, proprietary Graphical user interface, graphical operating system produced by Microsoft as part of its Windows product line, the first version of which, Windows NT 3.1, was released on July 27, 1993. Original ...
, that API is part of the
Native API, in the library; this is an undocumented API used by implementations of the regular
Windows API and directly used by some system programs on Windows. The library's wrapper functions expose an ordinary function
calling convention (a
subroutine
In computer programming, a function (also procedure, method, subroutine, routine, or subprogram) is a callable unit of software logic that has a well-defined interface and behavior and can be invoked multiple times.
Callable units provide a ...
call on the
assembly level) for using the system call, as well as making the system call more
modular. Here, the primary function of the wrapper is to place all the arguments to be passed to the system call in the appropriate
processor register
A processor register is a quickly accessible location available to a computer's processor. Registers usually consist of a small amount of fast storage, although some registers have specific hardware functions, and may be read-only or write-onl ...
s (and maybe on the
call stack
In computer science, a call stack is a Stack (abstract data type), stack data structure that stores information about the active subroutines and block (programming), inline blocks of a computer program. This type of stack is also known as an exe ...
as well), and also setting a unique system call number for the kernel to call. In this way the library, which exists between the OS and the application, increases
portability.
The call to the library function itself does not cause a switch to
kernel mode and is usually a normal
subroutine call (using, for example, a "CALL" assembly instruction in some
Instruction set architecture
In computer science, an instruction set architecture (ISA) is an abstract model that generally defines how software controls the CPU in a computer or a family of computers. A device or program that executes instructions described by that ISA, ...
s (ISAs)). The actual system call does transfer control to the kernel (and is more implementation-dependent and platform-dependent than the library call abstracting it). For example, in
Unix-like
A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...
systems,
fork
and
execve
are C library functions that in turn execute instructions that invoke the
fork
and
exec
system calls. Making the system call directly in the
application code is more complicated and may require embedded assembly code to be used (in
C and
C++), as well as requiring knowledge of the low-level binary interface for the system call operation, which may be subject to change over time and thus not be part of the
application binary interface
An application binary interface (ABI) is an interface exposed by software that is defined for in-process machine code access. Often, the exposing software is a library, and the consumer is a program.
An ABI is at a relatively low-level of a ...
; the library functions are meant to abstract this away.
On
exokernel based systems, the library is especially important as an intermediary. On exokernels, libraries shield user applications from the very low level kernel
API
An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...
, and provide
abstractions and
resource
''Resource'' refers to all the materials available in our environment which are Technology, technologically accessible, Economics, economically feasible and Culture, culturally Sustainability, sustainable and help us to satisfy our needs and want ...
management.
IBM's
OS/360,
DOS/360 and
TSS/360 implement most system calls through a library of assembly language
macros, although there are a few services with a call linkage. This reflects their origin at a time when programming in assembly language was more common than
high-level language usage. IBM system calls were therefore not directly executable by high-level language programs, but required a callable assembly language wrapper subroutine. Since then, IBM has added many services that can be called from high level languages in, e.g.,
z/OS and
z/VSE. In more recent release of
MVS/SP and in all later MVS versions, some system call macros generate Program Call (PC).
Examples and tools
On
Unix
Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
,
Unix-like
A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...
and other
POSIX
The Portable Operating System Interface (POSIX; ) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. POSIX defines application programming interfaces (APIs), along with comm ...
-compliant operating systems, popular system calls are
open
,
read
,
write
,
close
,
wait
,
exec
,
fork
,
exit
, and
kill
. Many modern operating systems have hundreds of system calls. For example,
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
and
OpenBSD each have over 300 different calls,
NetBSD
NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was fork (software development), forked. It continues to ...
has close to 500,
FreeBSD
FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...
has over 500, Windows has close to 2000, divided between win32k (graphical) and ntdll (core) system calls while
Plan 9 has 54.
Tools such as
strace,
ftrace and truss allow a process to execute from start and report all system calls the process invokes, or can attach to an already running process and intercept any system call made by the said process if the operation does not violate the permissions of the user. This special ability of the program is usually also implemented with system calls such as
ptrace or system calls on files in
procfs.
Typical implementations
Implementing system calls requires a transfer of control from user space to kernel space, which involves some sort of architecture-specific feature. A typical way to implement this is to use a
software interrupt or
trap. Interrupts transfer control to the operating system
kernel, so software simply needs to set up some register with the system call number needed, and execute the software interrupt.
This is the only technique provided for many
RISC
In electronics and computer science, a reduced instruction set computer (RISC) is a computer architecture designed to simplify the individual instructions given to the computer to accomplish tasks. Compared to the instructions given to a comp ...
processors, but
CISC architectures such as
x86 support additional techniques. For example, the x86
instruction set
In computer science, an instruction set architecture (ISA) is an abstract model that generally defines how software controls the CPU in a computer or a family of computers. A device or program that executes instructions described by that ISA, s ...
contains the instructions
SYSCALL
/
SYSRET
and
SYSENTER
/
SYSEXIT
(these two mechanisms were independently created by
AMD and
Intel
Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, and Delaware General Corporation Law, incorporated in Delaware. Intel designs, manufactures, and sells computer compo ...
, respectively, but in essence they do the same thing). These are "fast" control transfer instructions that are designed to quickly transfer control to the kernel for a system call without the overhead of an interrupt.
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
2.5 began using this on the
x86, where available; formerly it used the
INT
instruction, where the system call number was placed in the
EAX
register before
interrupt
In digital computers, an interrupt (sometimes referred to as a trap) is a request for the processor to ''interrupt'' currently executing code (when permitted), so that the event can be processed in a timely manner. If the request is accepted ...
0x80 was executed.
An older mechanism is the
call gate; originally used in
Multics
Multics ("MULTiplexed Information and Computing Service") is an influential early time-sharing operating system based on the concept of a single-level memory.Dennis M. Ritchie, "The Evolution of the Unix Time-sharing System", Communications of t ...
and later, for example, see
call gate on the Intel
x86. It allows a program to call a kernel function directly using a safe control transfer mechanism, which the operating system sets up in advance. This approach has been unpopular on x86, presumably due to the requirement of a far call (a call to a procedure located in a different segment than the current code segment) which uses
x86 memory segmentation and the resulting lack of
portability it causes, and the existence of the faster instructions mentioned above.
For
IA-64 architecture,
EPC
(Enter Privileged Code) instruction is used. The first eight system call arguments are passed in registers, and the rest are passed on the stack.
In the
IBM System/360
The IBM System/360 (S/360) is a family of mainframe computer systems announced by IBM on April 7, 1964, and delivered between 1965 and 1978. System/360 was the first family of computers designed to cover both commercial and scientific applicati ...
mainframe family, and its successors, a
Supervisor Call instruction (), with the number in the instruction rather than in a register, implements a system call for legacy facilities in most of IBM's own operating systems, and for all system calls in Linux. In later versions of MVS, IBM uses the Program Call (PC) instruction for many newer facilities. In particular, PC is used when the caller might be in
Service Request Block (SRB) mode.
The
PDP-11 minicomputer used the , and instructions, which, similar to the IBM System/360 and x86 , put the code in the instruction; they generate interrupts to specific addresses, transferring control to the operating system. The
VAX 32-bit successor to the PDP-11 series used the , , and instructions to make system calls to privileged code at various levels; the code is an argument to the instruction.
Categories of system calls
System calls can be grouped roughly into six major categories:
:
# Process control
#* create process (for example,
fork
on Unix-like systems, or
NtCreateProcess
in the
Windows NT
Windows NT is a Proprietary software, proprietary Graphical user interface, graphical operating system produced by Microsoft as part of its Windows product line, the first version of which, Windows NT 3.1, was released on July 27, 1993. Original ...
Native API)
#*
terminate process
#*
load,
execute
#* get/set process attributes
#*
wait for time, wait event,
signal
A signal is both the process and the result of transmission of data over some media accomplished by embedding some variation. Signals are important in multiple subject fields including signal processing, information theory and biology.
In ...
event
#*
allocate and
free memory
# File management
#* create file, delete file
#* open, close
#* read, write, reposition
#* get/set file attributes
# Device management
#* request device, release device
#* read, write, reposition
#* get/set device attributes
#* logically attach or detach devices
# Information maintenance
#* get/set total system information (including time, date, computer name, enterprise etc.)
#* get/set process, file, or device metadata (including author, opener, creation time and date, etc.)
# Communication
#* create, delete communication connection
#* send, receive messages
#* transfer status information
#* attach or detach remote devices
# Protection
#* get/set file permissions
Processor mode and context switching
System calls in most
Unix-like
A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...
systems are processed in
kernel mode, which is accomplished by changing the processor execution mode to a more privileged one, but no ''process''
context switch is necessary although a ''privilege'' context switch does occur. The hardware sees the world in terms of the execution mode according to the processor
status register, and processes are an abstraction provided by the operating system. A system call does not generally require a context switch to another process; instead, it is processed in the context of whichever process invoked it.
[Bach, Maurice J. (1986), ''The Design of the UNIX Operating System'', Prentice Hall, pp. 15–16.]
In a
multithreaded process, system calls can be made from multiple
threads. The handling of such calls is dependent on the design of the specific operating system kernel and the application runtime environment. The following list shows typical models followed by operating systems:
* ''Many-to-one'' model: All system calls from any user thread in a process are handled by a single kernel-level thread. This model has a serious drawback any blocking system call (like awaiting input from the user) can freeze all the other threads. Also, since only one thread can access the kernel at a time, this model cannot utilize multiple cores of processors.
* ''One-to-one'' model: Every user thread gets attached to a distinct kernel-level thread during a system call. This model solves the above problem of blocking system calls. It is found in all major
Linux distribution
A Linux distribution, often abbreviated as distro, is an operating system that includes the Linux kernel for its kernel functionality. Although the name does not imply product distribution per se, a distro—if distributed on its own—is oft ...
s,
macOS
macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
,
iOS, recent
Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
and
Solaris versions.
* ''Many-to-many'' model: In this model, a pool of user threads is mapped to a pool of kernel threads. All system calls from a user thread pool are handled by the threads in their corresponding kernel
thread pool.
* ''Hybrid'' model: This model implements both many-to-many and one-to-one models depending upon the choice made by the kernel. This is found in old versions of
IRIX
IRIX (, ) is a discontinued operating system developed by Silicon Graphics (SGI) to run on the company's proprietary MIPS architecture, MIPS workstations and servers. It is based on UNIX System V with Berkeley Software Distribution, BSD extensio ...
,
HP-UX and
Solaris.
See also
*
DOS API
*
Linux kernel API
*
vDSO
Notes
References
External links
A list of modern Unix-like system calls* with main API functions and structures, version
system calls for
Linux kernel
The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...
2.2, with
IA-32
IA-32 (short for "Intel Architecture, 32-bit", commonly called ''i386'') is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the i386, 80386 microprocessor in 1985. IA-32 is the first incarn ...
calling conventions
How System Calls Work on Linux/i86(1996, based on the 1993 0.99.2 kernel)
(2006)
*
* Choudhary, Amit
HOWTO for Implementing a System Call on Linux 2.6* Jorrit N. Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S. Tanenbaum
Modular system programming on Minix 3 '';login:'' 31, no. 2 (April 2006); 19–28, accessed 5 March 2018
A simple open Unix Shell in C languageexamples on System Calls under Unix
Windows NT
Windows NT is a Proprietary software, proprietary Graphical user interface, graphical operating system produced by Microsoft as part of its Windows product line, the first version of which, Windows NT 3.1, was released on July 27, 1993. Original ...
Native API, including system calls
* Gulbrandsen, John
''System Call Optimization with the SYSENTER Instruction'' CodeGuru.com, 8 October 2004
osdev wiki
{{DEFAULTSORT:System Call
Operating system technology
Application programming interfaces