System Calls in Unix and Windows

The interface between a process and an operating system is provided by system calls. In general, system calls are available as assembly language instructions. They are also included in the manuals used by the assembly level programmers.

Unix System Calls

System calls in Unix are used for file system control, process control, interprocess communication etc. Access to the Unix kernel is only available through these system calls. Generally, system calls are similar to function calls, the only difference is that they remove the control from the user process.

There are around 80 system calls in the Unix interface currently. Details about some of the important ones are given as follows —

System Call	Description
access()	This checks if a calling process has access to the required file
chdir()	The chdir command changes the current directory of the system
chmod()	The mode of a file can be changed using this command
chown()	This changes the ownership of a particular file
kill()	This system call sends kill signal to one or more processes
link()	A new file name is linked to an existing file using link system call.
open()	This opens a file for the reading or writing process
pause()	The pause call suspends a file until a particular signal occurs.
stime()	This system call sets the correct time.
times()	Gets the parent and child process times
alarm()	The alarm system call sets the alarm clock of a process
fork()	A new process is created using this command
chroot()	This changes the root directory of a file.
exit()	The exit system call is used to exit a process.

Windows System Calls

System calls in Windows are used for file system control, process control, interprocess communication, main memory management, I/O device handling, security etc. The programs interact with the Windows operating system using the system calls. Since system calls are the only way to access the kernel, all the programs requiring resources must use system calls.

Details about some of the important system calls in Windows are given as follows —

Different types of system calls

The interface between a process and an operating system is provided by system calls. In general, system calls are available as assembly language instructions. They are also included in the manuals used by the assembly level programmers.

System calls are usually made when a process in user mode requires access to a resource. Then it requests the kernel to provide the resource via a system call.

Types of System Calls

There are mainly five types of system calls. These are explained in detail as follows −

Here are the types of system calls −

Process Control

These system calls deal with processes such as process creation, process termination etc.

File Management

These system calls are responsible for file manipulation such as creating a file, reading a file, writing into a file etc.

Device Management

These system calls are responsible for device manipulation such as reading from device buffers, writing into device buffers etc.

Information Maintenance

These system calls handle information and its transfer between the operating system and the user program.

Communication

These system calls are useful for interprocess communication. They also deal with creating and deleting a communication connection.

Some of the examples of all the above types of system calls in Windows and Unix are given as follows −

Types of System Calls	Windows	Linux
Process Control	CreateProcess() ExitProcess() WaitForSingleObject()	fork() exit() wait()
File Management	CreateFile() ReadFile() WriteFile() CloseHandle()	open() read() write() close()
Device Management	SetConsoleMode() ReadConsole() WriteConsole()	ioctl() read() write()
Information Maintenance	GetCurrentProcessID() SetTimer() Sleep()	getpid() alarm() sleep()
Communication	CreatePipe() CreateFileMapping() MapViewOfFile()	pipe() shmget() mmap()

There are many different system calls as shown above. Details of some of those system calls are as follows −

In some systems, a process may wait for another process to complete its execution. This happens when a parent process creates a child process and the execution of the parent process is suspended until the child process executes. The suspending of the parent process occurs with a wait() system call. When the child process completes execution, the control is returned back to the parent process.

This system call runs an executable file in the context of an already running process. It replaces the previous executable file. This is known as an overlay. The original process identifier remains since a new process is not created but data, heap, stack etc. of the process are replaced by the new process.

Processes use the fork() system call to create processes that are a copy of themselves. This is one of the major methods of process creation in operating systems. When a parent process creates a child process and the execution of the parent process is suspended until the child process executes. When the child process completes execution, the control is returned back to the parent process.

The exit() system call is used by a program to terminate its execution. In a multithreaded environment, this means that the thread execution is complete. The operating system reclaims resources that were used by the process after the exit() system call.

Windows

Windows may refer to any of the following:

1. Microsoft Windows (also referred to as Windows or Win) is a graphical operating system developed and published by Microsoft. It provides a way to store files, run software, play games, watch videos, and connect to the Internet.

Microsoft Windows was first introduced with version 1.0 on November 10, 1983. Over a dozen versions of Windows were released after that, including the current version, Windows 10.

Editions of Windows

Starting with Windows XP, Microsoft has published various editions of Windows. Each of these Windows editions has the same core operating system, but some editions have additional features, at an additional cost.

The two most common editions of Windows for home computers are Windows Home and Windows Professional.

Windows Home

Windows Home (also called Win Home) is the basic edition of Windows. It provides all the fundamental functions of Windows, such as connecting to the Internet, browsing the web, watching videos, using office software, and playing video games. It is the least expensive edition of Windows, and it comes preinstalled on many new computers.

Windows Pro

Windows Professional (also called Windows Pro, or Win Pro) is an enhanced Windows edition, for power users, and small to medium sized businesses. It includes all the features of Windows Home, plus the following:

• Remote Desktop — allows you to remotely control another Windows computer connected to the Internet.
• Bitlocker — Microsoft’s integrated file encryption.
• Trusted Boot — provides encryption of the boot loader, protecting the computer against rootkits.
• Hyper-V — a Windows hypervisor for running virtual machines, equivalent to third-party software, such as VirtualBox.
• Windows Sandbox — provides a lightweight, sandboxed Windows 10 instance. You can use this isolated «Windows within Windows» environment to safely run suspicious or untrusted software. Windows Sandbox requires a Windows Insider build of Windows 10 Pro or Enterprise.
• Group policy management — Administrators can define group policies, for managing multiple Windows users in a business or organization.
• Support for more than 128 GB of RAM.
• Greater Windows Update installation options, including more flexible scheduling and postponement for up to 35 days.

Business editions

Windows Professional for Workstations and Windows Enterprise provide advanced features for professional studios and large businesses. For more information, refer to the side-by-side comparison in the official Microsoft Windows business edition comparison chart.

Why is Microsoft Windows called Windows?

Before the release of Microsoft Windows, Microsoft users were used to the single task command line operating system MS-DOS. Because Microsoft names most of its products with one word, it needed a word that best described its new GUI operating system. Microsoft chose «Windows» because of the multiple windows that allow different tasks and programs to run at the same time. Because you cannot trademark a common name like «Windows,» it’s officially known as «Microsoft Windows». The first version of Microsoft Windows was version 1.0, released in 1985.

Microsoft Windows help pages

Related pages

2. In general, a window is a fundamental part of a computer GUI (graphical user interface). A window is an area of the display containing a single running application. The window can be moved, resized, hidden, or maximized as desired by the user. The Microsoft Windows operating system is named after this UI element.

3. Regarding Unix-like operating systems, such as Linux or BSD, Windows may refer to the X Window System.

Why does Windows64 use a different calling convention from all other OSes on x86-64?

AMD has an ABI specification that describes the calling convention to use on x86-64. All OSes follow it, except for Windows which has it’s own x86-64 calling convention. Why?

Does anyone know the technical, historical, or political reasons for this difference, or is it purely a matter of NIHsyndrome?

I understand that different OSes may have different needs for higher level things, but that doesn’t explain why for example the register parameter passing order on Windows is rcx — rdx — r8 — r9 — rest on stack while everyone else uses rdi — rsi — rdx — rcx — r8 — r9 — rest on stack .

P.S. I am aware of how these calling conventions differ generally and I know where to find details if I need to. What I want to know is why.

Edit: for the how, see e.g. the wikipedia entry and links from there.

4 Answers 4

Choosing four argument registers on x64 — common to UN*X / Win64

One of the things to keep in mind about x86 is that the register name to «reg number» encoding is not obvious; in terms of instruction encoding (the MOD R/M byte, see http://www.c-jump.com/CIS77/CPU/x86/X77_0060_mod_reg_r_m_byte.htm), register numbers 0. 7 are — in that order — ?AX , ?CX , ?DX , ?BX , ?SP , ?BP , ?SI , ?DI .

Hence choosing A/C/D (regs 0..2) for return value and the first two arguments (which is the «classical» 32bit __fastcall convention) is a logical choice. As far as going to 64bit is concerned, the «higher» regs are ordered, and both Microsoft and UN*X/Linux went for R8 / R9 as the first ones.

Keeping that in mind, Microsoft’s choice of RAX (return value) and RCX , RDX , R8 , R9 (arg[0..3]) are an understandable selection if you choose four registers for arguments.

I don’t know why the AMD64 UN*X ABI chose RDX before RCX .

Choosing six argument registers on x64 — UN*X specific

UN*X, on RISC architectures, has traditionally done argument passing in registers — specifically, for the first six arguments (that’s so on PPC, SPARC, MIPS at least). Which might be one of the major reasons why the AMD64 (UN*X) ABI designers chose to use six registers on that architecture as well.

So if you want six registers to pass arguments in, and it’s logical to choose RCX , RDX , R8 and R9 for four of them, which other two should you pick ?

The «higher» regs require an additional instruction prefix byte to select them and therefore have a bigger instruction size footprint, so you wouldn’t want to choose any of those if you have options. Of the classical registers, due to the implicit meaning of RBP and RSP these aren’t available, and RBX traditionally has a special use on UN*X (global offset table) which seemingly the AMD64 ABI designers didn’t want to needlessly become incompatible with.
Ergo, the only choice were RSI / RDI .

So if you have to take RSI / RDI as argument registers, which arguments should they be ?

Making them arg[0] and arg[1] has some advantages. See cHao’s comment.
?SI and ?DI are string instruction source / destination operands, and as cHao mentioned, their use as argument registers means that with the AMD64 UN*X calling conventions, the simplest possible strcpy() function, for example, only consists of the two CPU instructions repz movsb; ret because the source/target addresses have been put into the correct registers by the caller. There is, particularly in low-level and compiler-generated «glue» code (think, for example, some C++ heap allocators zero-filling objects on construction, or the kernel zero-filling heap pages on sbrk() , or copy-on-write pagefaults) an enormous amount of block copy/fill, hence it’ll be useful for code so frequently used to save the two or three CPU instructions that’d otherwise load such source/target address arguments into the «correct» registers.

So in a way, UN*X and Win64 are only different in that UN*X «prepends» two additional arguments, in purposefully chosen RSI / RDI registers, to the natural choice of four arguments in RCX , RDX , R8 and R9 .

Beyond that .

There are more differences between the UN*X and Windows x64 ABIs than just the mapping of arguments to specific registers. For the overview on Win64, check:

Win64 and AMD64 UN*X also strikingly differ in the way stackspace is used; on Win64, for example, the caller must allocate stackspace for function arguments even though args 0. 3 are passed in registers. On UN*X on the other hand, a leaf function (i.e. one that doesn’t call other functions) is not even required to allocate stackspace at all if it needs no more than 128 Bytes of it (yes, you own and can use a certain amount of stack without allocating it . well, unless you’re kernel code, a source of nifty bugs). All these are particular optimization choices, most of the rationale for those is explained in the full ABI references that the original poster’s wikipedia reference points to.

IDK why Windows did what they did. See the end of this answer for a guess. I was curious about how the SysV calling convention was decided on, so I dug into the mailing list archive and found some neat stuff.

It’s interesting reading some of those old threads on the AMD64 mailing list, since AMD architects were active on it. e.g. Choosing register names was one of the hard parts: AMD considered renaming the original 8 registers r0-r7, or calling the new registers stuff like UAX .

Also, feedback from kernel devs identified things that made the original design of syscall and swapgs unusable. That’s how AMD updated the instruction to get this sorted out before releasing any actual chips. It’s also interesting that in late 2000, the assumption was that Intel probably wouldn’t adopt AMD64.

The SysV (Linux) calling convention, and the decision on how many registers should be callee-preserved vs. caller-save, was made initially in Nov 2000, by Jan Hubicka (a gcc developer). He compiled SPEC2000 and looked at code size and number of instructions. That discussion thread bounces around some of the same ideas as answers and comments on this SO question. In a 2nd thread, he proposed the current sequence as optimal and hopefully final, generating smaller code than some alternatives.

He’s using the term «global» to mean call-preserved registers, that have to be push/popped if used.

The choice of rdi , rsi , rdx as the first three args was motivated by:

• minor code-size saving in functions that call memset or other C string function on their args (where gcc inlines a rep string operation?)
• rbx is call-preserved because having two call-preserved regs accessible without REX prefixes (rbx and rbp) is a win. Presumably chosen because it’s the only other reg that isn’t implicitly used by any instruction. (rep string, shift count, and mul/div outputs/inputs touch everything else).
• None of the registers with special purposes are call-preserved (see prev point), so a function that wants to use rep string instructions or a variable-count shift might have to move function args somewhere else, but doesn’t have to save/restore the caller’s value.

We are trying to avoid RCX early in the sequence, since it is register used commonly for special purposes, like EAX, so it has same purpose to be missing in the sequence. Also it can’t be used for syscalls and we would like to make syscall sequence to match function call sequence as much as possible.

(background: syscall / sysret unavoidably destroy rcx (with rip ) and r11 (with RFLAGS ), so the kernel can’t see what was originally in rcx when syscall ran.)

The kernel system-call ABI was chosen to match the function call ABI, except for r10 instead of rcx , so a libc wrapper functions like mmap(2) can just mov %rcx, %r10 / mov $0x9, %eax / syscall .

Note that the SysV calling convention used by i386 Linux sucks compared to Window’s 32bit __vectorcall. It passes everything on the stack, and only returns in edx:eax for int64, not for small structs. It’s no surprise little effort was made to maintain compatibility with it. When there’s no reason not to, they did things like keeping rbx call-preserved, since they decided that having another in the original 8 (that don’t need a REX prefix) was good.

Making the ABI optimal is much more important long-term than any other consideration. I think they did a pretty good job. I’m not totally sure about returning structs packed into registers, instead of different fields in different regs. I guess code that passes them around by value without actually operating on the fields wins this way, but the extra work of unpacking seems silly. They could have had more integer return registers, more than just rdx:rax , so returning a struct with 4 members could return them in rdi, rsi, rdx, rax or something.

They considered passing integers in vector regs, because SSE2 can operate on integers. Fortunately they didn’t do that. Integers are used as pointer offsets very often, and a round-trip to stack memory is pretty cheap. Also SSE2 instructions take more code bytes than integer instructions.

I suspect Windows ABI designers might have been aiming to minimize differences between 32 and 64bit for the benefit of people that have to port asm from one to the other, or that can use a couple #ifdef s in some ASM so the same source can more easily build a 32 or 64bit version of a function.

Minimizing changes in the toolchain seems unlikely. An x86-64 compiler needs a separate table of which register is used for what, and what the calling convention is. Having a small overlap with 32bit is unlikely to produce significant savings in toolchain code size / complexity.