Ronaldo Vitto Lewerissa

Software engineering learning documentation.

Operating System Protection Boundary and System Call

Nowadays CPU has multiple ring (protections). Normal users (programs) have restrictions on giving CPU instructions, especially access hardwares like RAM, disk, GPU, etc.

Kernel-privileged programs has no limitation on giving CPU instructions. Operating system, for instance, is a program that operates under kernel mode.

For normal application to be able to access the underlying hardwares, it needs to ask on behalf of the operating system.

Operating system has an API served just for that specific purpose, each request is referred to as a “system call”. By specifying a predefined API, programs now have constriction on what it can do, thus making it much more safe for our application to not break the entire system.

For short: programs running in user mode can't directly access any hardware on it's own, it needs to ask the OS to do it for them, namely "system call". This occur due to safety, that is why operating system exist in the first place.

Services provided by OS includes scheduler, memory manager, block device driver, file system, and more. These service types categorize the huge list API.

Examples of the system call API and their corresponding services (in Windows OS):

File System:

  • CreateFile()
  • ReadFile()
  • WriteFile()

Device Manipulation:

  • SetConsoleMode()
  • ReadConsole()
  • WriteConsole()

Other things to note:

The compiler generates native machine code that can be run straight on the processor. The executable files that you get from the compiler, however, contain both the code and other needed data, for example, instructions on where to load the code in the memory.

When you make a system call, it is just an instruction in the machine code that calls the OS.

Written by Ronaldo Vitto Lewerissa

Read more posts by this author.