System Calls

Some ops. require specialized knowledge and protection

• Knowledge of I/O device registers and how to use them
Programmers don’t want to know this!

Chapter 9 • Protection for shared I/O resources

Want process isolation

TRAP Routines and Solution: service routines or system calls

Subroutines • Low-level, privileged operations performed by operating system

Based on slides © McGraw-Hill

Additional material © 2004/2005 Lewis/Martin

CSE 240 9-2

System Call LC-3 TRAP Mechanism

1. User program invokes system call 1. Provides set of service routines
2. Operating system code performs operation • Part of operating system -- routines start at arbitrary addresses
(by convention system code is below x3000)
3. Returns control to user program • Up to 256 routines
2. Requires table of starting addresses
• Stored in memory (x0000 through x00FF)
• Used to associate code with trap number
• Called System Control Block or Trap Vector Table
3. Uses TRAP instruction
In LC-3: done via TRAP mechanism • Used by program to transfer control to operating system (w/ privileges)
• 8-bit trap vector names one of the 256 service routines
4. Uses “RTT” instruction
• Returns control to the user program (w/o privileges)
• Execution resumes immediately after the TRAP instruction

CSE 240 9-3 CSE 240 9-4

1
 NOTE: PC has already been incremented
during instruction fetch stage.
TRAP Instruction TRAP
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

TRAP 1 1 1 1 0 0 0 0 trapvect8

Trap vector
• Identifies which system call to invoke
• Serves as index into table of service routine addresses
 LC-3: table stored in memory at 0x0000 – 0x00FF
 8-bit trap vector zero-extended to form 16-bit address

Where to go
• Lookup starting address from table; place in PC
Enabling return
• Save address of next instruction (current PC) in R7
How to return
• Place address in R7 in PC

CSE 240 9-5 CSE 240 9-6

RET RTT
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

RET 1 1 0 0 0 0 0 1 1 1 0 0 0 0 0 0 RTT 1 1 0 0 0 0 0 1 1 1 0 0 0 0 0 1

Register File Register File

JMP R7 R0 JMP R7 R0
IR 1 1 0 0 0 0 0 1 1 1 0 0 0 0 0 0 IR 1 1 0 0 0 0 0 1 1 1 0 0 0 0 0 1
R1 R1
R2 R2
R3 R3
R4 R4
R5 R5
R6 R6
R7 001101000011000 R7 001101000011000

16 16

16 16
1 0 1 0

 16
 16 ...and exit priv. mode
(special case of JMP) 0 0 1 1 0 1 0 0 0 0 0 1 1 0 0 0
(special case of JMPT) 0 0 1 1 0 1 0 0 0 0 0 1 1 0 0 0

PC 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 PC 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1

CSE 240 9-7 CSE 240 9-8

2
TRAP Mechanism Operation TRAP Routines and Their Assembler Names

vector symbol routine

x20 GETC Read single character (no echo)
1. Lookup starting address x21 OUT Output character to console
2. Transfer to service routine
x22 PUTS Write string to console
3. Return
Print prompt to console, read and echo
x23 IN
character from keyboard
x25 HALT Halt program
1100 000 111 000001

CSE 240 9-9 CSE 240 9-10

Example: Using the TRAP Instruction Example: Character Output Service Routine
.ORIG x0430 ; Syscall x21 address
.ORIG x3000 ST R1, SaveR1 ; Save R1
LD R2, TERM ; Load negative ASCII ‘7’
; Write character
LD R3, ASCII ; Load ASCII difference
TryWrite LDI R1, DSR ; Get status
AGAIN TRAP x23 ; Input character BRzp TryWrite ; Bit 15 says not ready?
ADD R1, R2, R0 ; Test for terminating char WriteIt STI R0, DDR ; Write char
BRz EXIT ; Exit if done ; Return from TRAP
ADD R0, R0, R3 ; Change to lowercase Return LD R1, SaveR1 ; Restore R1
TRAP x21 ; Output to monitor... RET ; Return from trap
DSR .FILL xFE04
BRnzp AGAIN ; ... and again repeat...
DDR .FILL xFE06
TERM .FILL xFFC9 ; -‘7’ SaveR1 .FILL 0 stored in table,
ASCII .FILL x0020 ; Lowercase bit SaveR7 .FILL 0 location x21
EXIT TRAP x25 ; Halt .END
.END
CSE 240 9-11 CSE 240 9-12

3
Another Example Saving and Restoring Registers
Must save the value of a register if. . .
LEA R3, Block ; Init. to first loc.
LD R6, ASCII ; Char->digit template • Its value will be destroyed by service routine, and
LD R7, COUNT ; Init. to 10 • We will need to use the value later
AGAIN TRAP x23 ; Get char
ADD R0, R0, R6 ; Convert to number Who saves?
STR R0, R3, #0 ; Store number
• Caller of service routine?
ADD R3, R3, #1 ; Incr pointer
ADD R7, R7, -1 ; Decr counter • Called service routine?
BRp AGAIN ; More?
BRnzp NEXT_TASK
ASCII .FILL xFFD0 ; Negative of x0030
COUNT .FILL #10
Block .BLKW #10 What’s wrong with this code?
CSE 240 9-13 CSE 240 9-14

Caller of Service Routine Called Service Routine (Callee)

What does the caller know? What does the callee know?
• Knows what it needs later • Knows what it alters
• May/should not know what gets altered by service routine • Does not know what will be needed later (by calling routine)

Example Example
LEA R3, Block ; Init. to first loc. .ORIG x0430 ; Syscall x21 address
LD R6, ASCII ; Char->digit template TryWrite LDI R1, DSR ; Get status
LD R7, COUNT ; Init. to 10 BRzp TryWrite ; Bit 15 says not ready?
AGAIN TRAP x23 ; Get char WriteIt STI R0, DDR ; Write char
ADD R0, R0, R6 ; Convert to number Return RET ; Return from trap
STR R0, R3, #0 ; Store number DSR .FILL xFE04
ADD R3, R3, #1 ; Incr pointer DDR .FILL xFE06
ADD R7, R7, -1 ; Decr counter .END
BRp AGAIN ; More?
BRnzp NEXT_TASK
ASCII .FILL xFFD0 ; Negative of x0030
COUNT .FILL #10
Block .BLKW #10

CSE 240 9-15 CSE 240 9-16

4
Saving and Restoring Registers Privilege
Called routine ⇒ “callee-save” Goal: Isolation
• Before start, save registers that will be altered • OS performs I/O (in traps)
(unless altered value is desired by calling program!)
• Application can’t perform I/O directly
• Before return, restore those same registers
• Values are saved by storing them in memory
How is this enforced?
Calling routine ⇒ “caller-save”
• If register value needed later, save register destroyed by own Privilege: Processor modes
instructions or by called routines (if known)
• Privileged (supervisor)
Save R7 before TRAP
Save R0 before TRAP x23 (input character) • Unprivileged (user)
• Or avoid using those registers altogether • Encoded in 15th bit of program status register (PSR)
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

LC-3: By convention, callee-saved when possible P PL N Z P

CSE 240 9-17 CSE 240 9-18

Supervisor Mode Versus User Mode MPR

Supervisor mode Note: MPR not in book!
• Program has access to resources not available to user programs
• LC-3: Memory
Set (only) by OS
• OS decides policy, HW enforces it
User mode in LC-3
• Memory access is limited by memory protection register (MPR)
Prevents user from. . .
• Each MPR bit corresponds to 4K memory segment
• Updating trap table
• 1 indicates that users can access memory in this segment
• Changing OS code (i.e., trap handlers)
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
• Accessing video memory
0 0 0 0 1 1 1 1 1 1 1 1 1 0 0 0
• Accessing memory-mapped I/O registers (e.g., DDR, DSR)
Cannot access x0 to x2FFF • Could be different for each application
Can access x3000 to xBFFF
Cannot access >= xC000
CSE 240 9-19 CSE 240 9-20

5
Managing Privilege Question
Who sets privilege bit in PSR? Can a service routine call another service routine?
• TRAP instruction
Can a service routine call itself?
Who clears privilege bit?
• New instruction JMPT/RTT (Note: not in book!)

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

JMPT 1 1 0 0 0 0 0 BaseR 0 0 0 0 0 1

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

RTT 1 1 0 0 0 0 0 1 1 1 0 0 0 0 0 1

CSE 240 9-21 CSE 240 9-22