a brief history of system calls
TRANSCRIPT
![Page 1: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/1.jpg)
Adam Leventhal, @ahl
A Brief History of System Calls
![Page 2: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/2.jpg)
Who Am I?
• Co-inventor of DTrace
• Founder ZFS Storage Appliance team
• CTO at Delphix
• EIR at Sutter Hill Ventures
• Recent founder
![Page 3: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/3.jpg)
What’s a System Call?
• User call into the kernel to do some work
• Typically implemented with a trap
• Mostly standardized in terms of function
• Fundamental to multi-user systems
![Page 4: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/4.jpg)
USENIX Summer 1986
![Page 5: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/5.jpg)
Time Spent in Syscalls Matters
![Page 6: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/6.jpg)
Syscalls Tell You About The System
![Page 7: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/7.jpg)
ULTRIX Trace
/dev/trace
… If (tracing)
... /* do the syscall */ If (tracing)
...
Syscall Handler
call exec(...) return exec(...) call open(...) return open(...) call read(...) return read(...)
Buffer
![Page 8: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/8.jpg)
Aside: How Great Is This?
![Page 9: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/9.jpg)
Syscall Tracing For All
• Truss 1988 – “If your program doesn't work, put it in a truss.”
– Roger Faulker – Used then-new structured /proc – SunOS / UNIX
• Strace 1991 – “an alternative syscall tracer”
– Paul Kranenburg on comp.sources.sun – SunOS then, famously, Linux in 1992 – Non-Linux code removed in 2012
![Page 10: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/10.jpg)
Breakpoint Tracing
process invoke syscall execute syscall proceed
scheduler stop process wake tracer stop tracer wake process stop process wake tracer stop tracer wake process
tracer record arguments resume process record return value signal process
![Page 11: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/11.jpg)
Slow
# Slow the target command and print details for each syscall:strace command
# Slow the target PID and print details for each syscall:strace -p PID
# Slow the target PID and any newly created child process, printing syscall details:strace -fp PID
# Slow the target PID and record syscalls, printing a summary:strace -cp PID
# Slow the target PID and trace open() syscalls only:strace -eopen -p PID
Brendan Gregg
![Page 12: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/12.jpg)
Do No Harm
• Unsafe
• Chase away the problem
![Page 13: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/13.jpg)
DTrace
• Dynamic tracing framework – Solaris, macOS, FreeBSD, some Linux distros
• Safe for production by design
• Concise answers to arbitrary questions
• Systemic in scope
• Syscalls are a common place to start
![Page 14: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/14.jpg)
Syscalls with DTrace
![Page 15: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/15.jpg)
Aside: Java
“Write once, run anywhere”
![Page 16: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/16.jpg)
Java Java Java
![Page 17: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/17.jpg)
Servers in1996
![Page 18: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/18.jpg)
Write Once Run Anywhere + 20yrs
![Page 19: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/19.jpg)
Primacy of Syscalls
• Highly significant events
• 30 years later, still the right granularity
• Well-understood domain for tracers
• Ubiquitous
• De facto standard in Linux
![Page 20: A Brief History of System Calls](https://reader031.vdocument.in/reader031/viewer/2022022412/58f386231a28ab7f418b458f/html5/thumbnails/20.jpg)
Thank You!