DOCSLIB.ORG

(Kernel) System Call

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(Kernel) System Call CS 350 Operating Systems Spring 2021 7-8 System Call 1 Process Execution • The execution of a process is contributed by two parts: • the program’s code • the system’s code – through a set of system calls • A view of an OS • Serve as a library providing system-level services • Part of running processes Proc1 Proc1 Proc1 pipe() PC fork() PC PC Operating systems fork pipe 2 Process Execution • However, the program’s code and OS’s code need to be treated differently while being executed • Program’s code runs in the user mode • OS’s code runs in the kernel mode • User mode and kernel mode are two processor modes • Specify what types of instructions can be executed • Determine which memory regions can access • It is the “system call” interface that “stitches” a process code and the OS code (and the two modes), which makes the complete execution flow for a process. time Program code user System System System mode call call call CPU kernel mode ret ret ret OS code 3 The need for protection When running user-provided processes, the OS needs protect itself and other system components • for reliability: buggy user programs • Exceptions (division by 0, buffer overrun, dereference NULL, …) • Resource hogs (infinite loops, exhaust memory …) • Despite these, OS cannot crash, must serve other processes and users • for security: malicious user programs • Read/write OS or other process’s data without permission • OS must check, and check code cannot be tampered 4 Dual-mode operation • Allows OS to protect itself and other system components • User mode and kernel mode (two modes of the processor) • User-provided code running in the user mode – with low privilege • Kernel-related tasks running in the kernel mode – with high privilege • How? • 1) Mode bit(s) for processor • Provides ability to distinguish whether the processor is running user code or kernel code • 2) Protection bit(s) for memory: • Provide ability to distinguish whether memory is for user instructions/data or for kernel instructions/data • 3) Instructions • Privilege instructions -- those accessing/changing system states or critical resources • Otherwise, normal instructions 5 Dual-mode operation • Two main protection polices are provided as follows: • Privilege instructions cannot be executed in the user mode • User code cannot access kernel memory • Any violations can be detected by hardware, automatically • Hardware checks privileges before execution • Usually, violations cause the process to be killed (by OS) Privilege Normal User mem instructions instructions user mode CPU Privilege Normal kernel Kernel instructions instructions mode mem 6 Dual-mode operation • But, what should a user process do when it wishes to perform privileged operations, such as file management, process creation, shared memory, etc.? • To perform privileged operations, systems must transit into OS through well defined interfaces: system calls • System calls allow the kernel to carefully expose certain key pieces of functionality to user programs • System calls stitches the execution of user process and the control of the OS Proc1 Proc2 Proc3 Proc4 System call interface Operating File Memory systems systems fork IPC management 7 More about system calls 8 System calls • A type of special protected procedure calls allowing user- level processes to request services from the kernel. • A way to control how critical resources are accessed/shared among multiple processes • System calls provide: • An abstraction layer between processes and hardware • Kernel provides and controls resource accesses • Such kernel services are exposed with a well-defined interface to user processes • Advantages of this design • Protection: hardware resources can be safely shared among multiple processes • Reusability: the same functionalities can be shared by independent programs • Reliability: developed by experts 9 Invoking system calls user-mode kernel-mode (restricted privileges) (unrestricted privileges) app … system making xyz() call system sys_xyz() { … } service call … routine call ret call ret xyz { wrapper … system_call: int 0x80 routine %eax = #syscall in std C … system library int 80h; sys_xyz(); call iret handler … … } 10 Points to note • System calls are actually invoked in C library wrappers functions (procedure calls) • Such procedures prepare system call arguments and finally involve a “trap” instruction (e.g., int) • The trap instruction jumps into the kernel and raises the privilege level to kernel mode • In the end, the trap instruction locates the system call entry functrion • Once in the kernel, the system can now perform whatever privileged operations are needed, and thus do the required privileged work for the calling process. • When finished, the OS calls a special “return-from-trap” (e.g., iret) instruction, which returns into the calling user process while simultaneously reducing the privilege level back to user mode. 11 The system-call jump-table (system call table) • There are more than 300 system calls in recent Linux 5.x kernel • A specific system-call is identified by a unique ID- number (i.e., the system call number, which is placed into register %eax in the system call wrapper function) • To locate the system-call hander in the kernel, an in- kernel data structure, system-call table, is used • A system-call table is an array of function-pointers (e.g., “sys_call_table[]” in Linux kernel) 12 An example: xv6 system call table System call System call number function pointers Defined in syscall.c ➔ 13 The “jump-table” idea 0 sys_restart_syscall .section .data 1 sys_exit System call table 2 sys_fork .section .text 3 sys_read 4 sys_write 5 sys_open 6 sys_close 7 …etc… 8 sys_call_table Kernel address space 14 Recall: System call • The execution of a process is contributed by two parts: (1) the program’s code; and (2) the OS system’s code • OS needs protections form user programs: reliability and security • Dual-mode operation (supported by hardware): • User programs’ code run in the user mode (with low privilege) • OS code runs in the kernel mode (with high privilege) • Policies under dual-mode: • Users cannot execution privilege instructions • Users cannot access kernel memory • Violations can be (easily) detected by hardware • Before execution of each instruction, the hardware (logic) checks the current running mode to see if it has sufficient privilege 15 Recall: System call Implementation user-mode kernel-mode (restricted privileges) (unrestricted privileges) app … system making xyz() call system sys_xyz() { … } service call … routine call ret call ret xyz { Trap instruction wrapper … system_call: int 0x80 routine %eax = #syscall in std C … system library int 80h; sys_xyz(); call iret handler … … } return-from-trap 16 Recall: More about trap • How does the “trap” instruction locate the “entry function” of system calls? • int 0x80 IDT (interrupt descriptor table) system_call() idtr • How does the “system call” function locate the concrete system call handler? • %eax = #syscall (user) System call “jump” table • syscall_table[#syscall] (kernel) Fork Exit wait … 17 Discussion 1 • Instead of using the system-table approach, can we use if-else tests or switch statement to locate the service routine’s handler? 18 Designing the syscall interface • Important to keep interface small, stable (for binary and backward compatibility) • The kernel code should verify that system calls are legally invoked (e.g., to check the argument carefully to avoid any errors) • Syscall numbers should not be reused (!) • Why? • Deprecated syscalls are implemented by a special “not implemented” syscall (sys_ni) 20 Discussion 2 • Consider a hypothetical system call, zeroFill, which fills a user buffer with zeroes: zeroFill(char* buffer, int bufferSize); • The following kernel implementation of zeroFill contains a security vulnerability. What is the vulnerability, and how would you fix it? void sys_zeroFill(char* buffer, int bufferSize) { for (int i=0; i < bufferSize; i++) { buffer[i] = 0; } } 21 Discussion 2 • The user buffer pointer is untrusted and could point anywhere. In particular, it could point inside the kernel address space. This could lead to a system crash or security breakdown. • Fix: verify the pointer is a valid user address 22 Discussion 3 • Is it a security risk to execute the zeroFill function in user-mode? void zeroFill(char* buffer, int bufferSize) { for (int i=0; i < bufferSize; i++) { buffer[i] = 0; } } 23 Discussion 3 • No. User-mode code does not have permission to access the kernel’s address space. If it tries, the hardware raises an exception, which is safely handled by the OS • More generally, no user mode code should ever be a security vulnerability. • Unless the OS has a bug… 24 Discussion 4 • To a programmer, a system call looks like any other procedure call to a library function. • Is it important that a programmer knows which library procedures result in system calls? 25 Discussion 4 • To a programmer, a system call looks like any other procedure call to a library function. • Is it important that a programmer knows which library procedures result in system calls? • Yes, if performance is an issue, if a task can be accomplished without a system call the program will run faster. • Every system call involves overhead time in switching from the user context to the kernel context, and then switching back. • Furthermore, on a multiuser system the operating system may schedule another process to run when a system call completes, further slowing the execution of a calling process. ➔ Library calls are much
Load more

Recommended publications
  • System Calls
    System Calls What are they? ● Standard interface to allow the kernel to safely handle user requests – Read from hardware – Spawn a new process – Get current time – Create shared memory ● Message passing technique between – OS kernel (server) – User (client) Executing System Calls ● User program issues call ● Core kernel looks up call in syscall table ● Kernel module handles syscall action ● Module returns result of system call ● Core kernel forwards result to user Module is not Loaded... ● User program issues call ● Core kernel looks up call in syscall table ● Kernel module isn't loaded to handle action ● ... ● Where does call go? System Call Wrappers ● Wrapper calls system call if loaded – Otherwise returns an error ● Needs to be in a separate location so that the function can actually be called – Uses function pointer to point to kernel module implementation Adding System Calls ● You'll need to add and implement: – int start_elevator(void); – int issue_request(int, int, int); – int stop_elevator(void); ● As an example, let's add a call to printk an argument passed in: – int test_call(int); Adding System Calls ● Files to add (project files): – /usr/src/test_kernel/hello_world/test_call.c – /usr/src/test_kernel/hello_world/hello.c – /usr/src/test_kernel/hello_world/Makefile ● Files to modify (core kernel): – /usr/src/test_kernel/arch/x86/entry/syscalls/syscall_64.tbl – /usr/src/test_kernel/include/linux/syscalls.h – /usr/src/test_kernel/Makefile hello_world/test_call.c ● #include <linux/linkage.h> ● #include <linux/kernel.h> ● #include
    [Show full text]
  • Programming Project 5: User-Level Processes
    Project 5 Operating Systems Programming Project 5: User-Level Processes Due Date: ______________________________ Project Duration: One week Overview and Goal In this project, you will explore user-level processes. You will create a single process, running in its own address space. When this user-level process executes, the CPU will be in “user mode.” The user-level process will make system calls to the kernel, which will cause the CPU to switch into “system mode.” Upon completion, the CPU will switch back to user mode before resuming execution of the user-level process. The user-level process will execute in its own “logical address space.” Its address space will be broken into a number of “pages” and each page will be stored in a frame in memory. The pages will be resident (i.e., stored in frames in physical memory) at all times and will not be swapped out to disk in this project. (Contrast this with “virtual” memory, in which some pages may not be resident in memory.) The kernel will be entirely protected from the user-level program; nothing the user-level program does can crash the kernel. Download New Files The files for this project are available in: http://www.cs.pdx.edu/~harry/Blitz/OSProject/p5/ Please retain your old files from previous projects and don’t modify them once you submit them. You should get the following files: Switch.s Runtime.s System.h System.c Page 1 Project 5 Operating Systems List.h List.c BitMap.h BitMap.c makefile FileStuff.h FileStuff.c Main.h Main.c DISK UserRuntime.s UserSystem.h UserSystem.c MyProgram.h MyProgram.c TestProgram1.h TestProgram1.c TestProgram2.h TestProgram2.c The following files are unchanged from the last project and you should not modify them: Switch.s Runtime.s System.h System.c -- except HEAP_SIZE has been modified List.h List.c BitMap.h BitMap.c The following files are not provided; instead you will modify what you created in the last project.
    [Show full text]
  • CS 0449: Introduction to Systems Software
    CS 0449: Introduction to Systems Software Jonathan Misurda Computer Science Department University of Pittsburgh [email protected] http://www.cs.pitt.edu/∼jmisurda Version 3, revision 1 Last modified: July 27, 2017 at 1:33 P.M. Copyright © 2017 by Jonathan Misurda This text is meant to accompany the course CS 0449 at the University of Pittsburgh. Any other use, commercial or otherwise, is prohibited without permission of the author. All rights reserved. Java is a registered trademark of Oracle Corporation. This reference is dedicated to the students of CS 0449, Fall 2007 (2081). Their patience in dealing with a changing course and feedback on the first version of this text was greatly appreciated. Contents Contents i List of Figures v List of Code Listings vii Preface ix 1 Pointers 1 1.1 Basic Pointers . 2 1.1.1 Fundamental Operations . 2 1.2 Passing Pointers to Functions . 4 1.3 Pointers, Arrays, and Strings . 5 1.3.1 Pointer Arithmetic . 6 1.4 Terms and Definitions . 7 2 Variables: Scope & Lifetime 8 2.1 Scope and Lifetime in C . 9 2.1.1 Global Variables . 11 2.1.2 Automatic Variables . 12 2.1.3 Register variables . 13 2.1.4 Static Variables . 13 2.1.5 Volatile Variables . 16 2.2 Summary Table . 17 2.3 Terms and Definitions . 17 ii Contents 3 Compiling & Linking: From Code to Executable 19 3.1 The Stages of Compilation . 19 3.1.1 The Preprocessor . 20 3.1.2 The Compiler . 21 3.1.3 The Linker . 22 3.2 Executable File Formats .
    [Show full text]
  • Foreign Library Interface by Daniel Adler Dia Applications That Can Run on a Multitude of Plat- Forms
    30 CONTRIBUTED RESEARCH ARTICLES Foreign Library Interface by Daniel Adler dia applications that can run on a multitude of plat- forms. Abstract We present an improved Foreign Function Interface (FFI) for R to call arbitary na- tive functions without the need for C wrapper Foreign function interfaces code. Further we discuss a dynamic linkage framework for binding standard C libraries to FFIs provide the backbone of a language to inter- R across platforms using a universal type infor- face with foreign code. Depending on the design of mation format. The package rdyncall comprises this service, it can largely unburden developers from the framework and an initial repository of cross- writing additional wrapper code. In this section, we platform bindings for standard libraries such as compare the built-in R FFI with that provided by (legacy and modern) OpenGL, the family of SDL rdyncall. We use a simple example that sketches the libraries and Expat. The package enables system- different work flow paths for making an R binding to level programming using the R language; sam- a function from a foreign C library. ple applications are given in the article. We out- line the underlying automation tool-chain that extracts cross-platform bindings from C headers, FFI of base R making the repository extendable and open for Suppose that we wish to invoke the C function sqrt library developers. of the Standard C Math library. The function is de- clared as follows in C: Introduction double sqrt(double x); We present an improved Foreign Function Interface The .C function from the base R FFI offers a call (FFI) for R that significantly reduces the amount of gate to C code with very strict conversion rules, and C wrapper code needed to interface with C.
    [Show full text]
  • Debugging Mixedenvironment Programs with Blink
    SOFTWARE – PRACTICE AND EXPERIENCE Softw. Pract. Exper. (2014) Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/spe.2276 Debugging mixed-environment programs with Blink Byeongcheol Lee1,*,†, Martin Hirzel2, Robert Grimm3 and Kathryn S. McKinley4 1Gwangju Institute of Science and Technology, Gwangju, Korea 2IBM, Thomas J. Watson Research Center, Yorktown Heights, NY, USA 3New York University, New York, NY, USA 4Microsoft Research, Redmond, WA, USA SUMMARY Programmers build large-scale systems with multiple languages to leverage legacy code and languages best suited to their problems. For instance, the same program may use Java for ease of programming and C to interface with the operating system. These programs pose significant debugging challenges, because programmers need to understand and control code across languages, which often execute in different envi- ronments. Unfortunately, traditional multilingual debuggers require a single execution environment. This paper presents a novel composition approach to building portable mixed-environment debuggers, in which an intermediate agent interposes on language transitions, controlling and reusing single-environment debug- gers. We implement debugger composition in Blink, a debugger for Java, C, and the Jeannie programming language. We show that Blink is (i) simple: it requires modest amounts of new code; (ii) portable: it supports multiple Java virtual machines, C compilers, operating systems, and component debuggers; and (iii) pow- erful: composition eases debugging, while supporting new mixed-language expression evaluation and Java native interface bug diagnostics. To demonstrate the generality of interposition, we build prototypes and demonstrate debugger language transitions with C for five of six other languages (Caml, Common Lisp, C#, Perl 5, Python, and Ruby) without modifications to their debuggers.
    [Show full text]
  • Analyzing a Decade of Linux System Calls
    Noname manuscript No. (will be inserted by the editor) Analyzing a Decade of Linux System Calls Mojtaba Bagherzadeh Nafiseh Kahani · · Cor-Paul Bezemer Ahmed E. Hassan · · Juergen Dingel James R. Cordy · Received: date / Accepted: date Abstract Over the past 25 years, thousands of developers have contributed more than 18 million lines of code (LOC) to the Linux kernel. As the Linux kernel forms the central part of various operating systems that are used by mil- lions of users, the kernel must be continuously adapted to changing demands and expectations of these users. The Linux kernel provides its services to an application through system calls. The set of all system calls combined forms the essential Application Programming Interface (API) through which an application interacts with the kernel. In this paper, we conduct an empirical study of the 8,770 changes that were made to Linux system calls during the last decade (i.e., from April 2005 to December 2014) In particular, we study the size of the changes, and we manually identify the type of changes and bug fixes that were made. Our analysis provides an overview of the evolution of the Linux system calls over the last decade. We find that there was a considerable amount of technical debt in the kernel, that was addressed by adding a number of sibling calls (i.e., 26% of all system calls). In addition, we find that by far, the ptrace() and signal handling system calls are the most difficult to maintain and fix. Our study can be used by developers who want to improve the design and ensure the successful evolution of their own kernel APIs.
    [Show full text]
  • Software Tool Development Through the Visual Age for C++ Extension API:S
    Software Tool Development through the Visual Age for C++ Extension API:s by MINWEI WEI A thesis submitted to the Department of Electrical and Cornputer Engineering in confonnity with the requirements for the degree of Master of Science (Engineering) Queen's University Kingston, Ontario, Canada Dec, 2000 copyright O Minwei Wei, 2000 National Library Bibliothèque nationale 1*1 of Canada du Canada Acquisitions and Acquisitions et Bibliographic Services services bibliographiques 395 Wellington Street 395, nie Wellington Ottawa ON KIA ON4 Ottawa ON KI A ON4 Canada Canada The author has granted a non- L'auteur a accordé une licence non exclusive licence allowing the exclusive permettant a àa National Library of Canada to Bibliothèque nationale du Canada de reproduce, loan, distribute or sell reproduire' prêter, distribuer ou copies of this thesis in microform, vendre des copies de cette thèse sous paper or electronic formais. la forme de microfiche/fïh, de reproduction sur papier ou sur fomat électronique. The author retains ownership of the L'auteur conserve la propriété du copyright in this thesis. Neither the droit d'auteur qui protège cette thèse. thesis nor substantid extracts fiom it Ni la thèse ni des extraits substantiels may be printed or otherwise de celle-ci ne doivent être imprimés reproduced without the author's ou autrement reproduits sans son permission. autorisation. Glossary API - Application Program Interface. GUI - Graphic User Interface. IDE - Integrated Development Environment. incremental build - A compiling and linking process that depends on smaller language element than fde, for example, function, class and variable. This technique aUow fast rebuild after first build with minor change to a huge project since it only rebuild the Ianguage elements that are depends on the changed one(s).
    [Show full text]
  • XL C/C++: Language Reference the Static Storage Class Specifier
    IBM XL C/C++ for Blue Gene/Q, V12.1 Language Reference Ve r s i o n 12 .1 GC14-7364-00 IBM XL C/C++ for Blue Gene/Q, V12.1 Language Reference Ve r s i o n 12 .1 GC14-7364-00 Note Before using this information and the product it supports, read the information in “Notices” on page 511. First edition This edition applies to IBM XL C/C++ for Blue Gene/Q, V12.1 (Program 5799-AG1) and to all subsequent releases and modifications until otherwise indicated in new editions. Make sure you are using the correct edition for the level of the product. © Copyright IBM Corporation 1998, 2012. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents About this information ........ix The register storage class specifier ......54 Who should read this information .......ix The __thread storage class specifier (IBM How to use this information .........ix extension) ..............56 How this information is organized .......ix Type specifiers .............58 Conventions ..............x Integral types.............58 Related information ...........xiii Boolean types ............59 IBM XL C/C++ information .......xiii floating-point types...........59 Standards and specifications .......xiv Character types ............60 Other IBM information .........xv The void type ............61 Other information ...........xv Vector types (IBM extension) .......61 Technical support ............xv User-defined types ...........62 How to send your comments ........xv The auto type specifier (C++0x) ......81 The decltype(expression) type specifier (C++0x) . 83 Chapter 1. Scope and linkage .....1 Compatibility of arithmetic types (C only) ....88 Type qualifiers .............89 Scope .................2 The __align type qualifier (IBM extension) .
    [Show full text]
  • Analyzing a Decade of Linux System Calls
    Empir Software Eng https://doi.org/10.1007/s10664-017-9551-z Analyzing a decade of Linux system calls Mojtaba Bagherzadeh1 · Nafiseh Kahani1 · Cor-Paul Bezemer1 · Ahmed E. Hassan1 · Juergen Dingel1 · James R. Cordy1 © Springer Science+Business Media, LLC 2017 Abstract Over the past 25 years, thousands of developers have contributed more than 18 million lines of code (LOC) to the Linux kernel. As the Linux kernel forms the central part of various operating systems that are used by millions of users, the kernel must be continuously adapted to the changing demands and expectations of these users. The Linux kernel provides its services to an application through system calls. The combined set of all system calls forms the essential Application Programming Interface (API) through which an application interacts with the kernel. In this paper, we conduct an empirical study of 8,770 changes that were made to Linux system calls during the last decade (i.e., from April 2005 to December 2014). In particular, we study the size of the changes, and we manually identify the type of changes and bug fixes that were made. Our analysis provides an overview of the evolution of the Linux system calls over the last decade. We find that there was a considerable amount of technical debt in the kernel, that was addressed by adding a number of sibling calls (i.e., 26% of all system calls). In addition, we find that by far, the ptrace() and signal handling Communicated by: Harald Gall Cor-Paul Bezemer [email protected] Mojtaba Bagherzadeh [email protected] Nafiseh Kahani [email protected] Ahmed E.
    [Show full text]
  • Bridging the Gap Between Haskell and Java
    Bridging the Gap between Haskell and Java Julian Fleischer June 27, 2013 Abstract This thesis investigates the possibility of translating interfaces between Haskell and Java libraries. Furthermore a library and a tool are developed for invoking the virtual machine from within Haskell processes and for the automatic trans- lation of Java APIs into Haskell. In dieser Arbeit wird die M¨oglichkeit einer Ubersetzung¨ von Schnittstellen zwis- chen Haskell und Java Bibliotheken untersucht. Außerdem werden eine Bib- liothek und ein Werkzeug entwickelt um die virtuelle Maschine aus Haskell Prozessen heraus zu nutzen und um automatische Ubersetzungen¨ von Java APIs nach Haskell durchzuf¨uhren.vorgesetellt Selbstst¨andigkeitserkl¨arung Hiermit best¨atigeich, dass ich die vorliegende Ausarbeitung mit dem Titel: \Bridging the Gap between Haskell and Java" selbstst¨andigund ohne unerlaubte Hilfe angefer- tigt habe. Ich versichere, dass ich ausschließlich die angegebenen Quellen in Anspruch genommen habe. Zitate sind als solche gekennzeichnet, durch Anf¨uhrungszeichen und Fußnoten. ||||||||||| Julian Fleischer Contents 1 Introduction and Motivation5 1.1 Scope of this Thesis............................5 1.2 Organization of this Document......................5 2 Similarities and Differences between Haskell & Java7 2.1 A Brief Overview of the Haskell Programming Language........7 2.2 A Brief Overview of the Java Programming Language.........7 2.3 Syntax and Semantics...........................8 2.3.1 (Restricted) Polymorphism....................8 2.3.2 Higher-kinded Polymorphism...................9 2.3.3 Order, State, and Side Effects................... 10 2.3.4 Excecution Model......................... 10 2.4 The Awkward Squad............................ 12 2.4.1 Exceptions............................. 12 2.4.2 The Java Virtual Machine..................... 13 2.4.3 Haskell Implementations.....................
    [Show full text]
  • System Call Tracing with Strace
    OpenFest 2015 System Call Tracing with strace c 2015 Michael Kerrisk man7.org Training and Consulting http://man7.org/training/ @mkerrisk [email protected] 7 November 2015 Sofia, Bulgaria @openfestbg #OpenFest2015 Outline 1 Preamble 2 Getting started 3 Tracing child processes 4 Filtering strace output 5 Further strace options Outline 1 Preamble 2 Getting started 3 Tracing child processes 4 Filtering strace output 5 Further strace options Who am I? Maintainer of Linux man-pages (since 2004) Documents kernel-user-space + C library APIs ˜1000 manual pages http://www.kernel.org/doc/man-pages/ Linux involvement: API review, testing, and documentation “Day job”: trainer, writer, programmer OpenFest 2015 (C) 2015 Michael Kerrisk Preamble 4 / 29 Audience Programmers? C/C++ Programmers? OpenFest 2015 (C) 2015 Michael Kerrisk Preamble 5 / 29 What is a system call? Various possible answers, from different perspectives Answer 1: request to kernel to perform a service Open a file Execute a new program Create a new process Send a message to another process Answer 2 (programmer’s perspective): “call a function” fd = open("myfile.txt", O_CREAT|O_RDWR, 0644); System call looks like any other function call OpenFest 2015 (C) 2015 Michael Kerrisk Preamble 6 / 29 What is a system call? Answer 3: entry point providing controlled mechanism to execute kernel code User-space programs can’t call functions inside kernel Syscall = one of few mechanisms by which program can ask to execute kernel code Others: /proc, /sys, etc. Set of system calls is: Operating-system specific
    [Show full text]
  • Checking Type Safety of Foreign Function Calls
    Checking Type Safety of Foreign Function Calls MICHAEL FURR and JEFFREY S. FOSTER University of Maryland, College Park Foreign function interfaces (FFIs) allow components in different languages to communicate directly with each other. While FFIs are useful, they often require writing tricky, low-level code and include little or no static safety checking, thus providing a rich source of hard-to-find programming errors. In this paper, we study the problem of enforcing type safety across the OCaml-to-C FFI and the Java Native Interface (JNI). We present O-Saffire and J-Saffire, a pair of multilingual type inference systems that ensure C code that uses these FFIs accesses high-level data safely. Our inference systems use representational types to model C's low-level view of OCaml and Java values, and singleton types to track integers, strings, memory offsets, and type tags through C. J-Saffire, our Java system, uses a polymorphic, flow-insensitive, unification-based analysis. Polymorphism is important because it allows us to precisely model user-defined wrapper functions and the more than 200 JNI functions. O-Saffire, our OCaml system, uses a monomorphic, flow-sensitive analysis, because while polymorphism is much less important for the OCaml FFI, flow-sensitivity is critical to track conditional branches, which are used when \pattern matching" OCaml data in C. O- Saffire also tracks garbage collection information to ensure that local C pointers to the OCaml heap are registered properly, which is not necessary for the JNI. We have applied O-Saffire and J-Saffire to a set of benchmarks and found many bugs and questionable coding practices.
    [Show full text]