Chapter 13: System Calls
brk(0x8049800) = 0x8049800
brk(0x804a000) = 0x804a000
read(3, "A black cat crossing your path s"..., 150) = 109
fstat64(1, st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
ioctl(1, TCGETS, B38400 opost isig icanon echo ...) = 0
write(1, "A black cat crossing your path s"..., 77) = 77
write(1, " -- Groucho Marx\n", 32) = 32
munmap(0x40018000, 4096) = 0
_exit(0) =?
The trace log shows that the application makes a large number of system calls not explicitly listed in the
source code. Consequently, the output ofstraceis not easy to read. For this reason, all lines with a direct
equivalent in the C sources of the example are in italics. All other entries are generated by code added
automatically at program compilation time.The additional system calls are generated by code that is needed as a framework for launching and
running the application — for example, the C standard library is dynamically mapped into the process
memory area. Other calls —old_mmapandunmap— are responsible for managing the dynamic memory
used by the application.The three system calls used directly —open,read,andclose— are translated into calls of the corre-
sponding kernel functions.^2 Two further routines of the standard library make internal use of system
calls with different names to achieve the desired effect:❑ mallocis the standard function for reserving memory in the process heap area. As mentioned in
Chapter 3, themallocvariant of the GNU library features an additional memory management
facility to make effective use of the memory space allocated by the kernel.
Internally,mallocexecutes thebrksystem call whose implementation is described in Chapter- The system call log shows thatmallocexecutes the call three times as a result of its internal
algorithms — but each time with different arguments.
❑ printffirst processes the passed arguments — in this case, a dynamic string — and displays the
results with thewritesystem call.
Using thestracetool has a further advantage — the source code of the application being traced need
not be present to learn about its internal structure and how it functions.Our small sample program shows clearly that there are strong dependencies between the application and
the kernel, as indicated by the repeated use of system calls. Even scientific programs that spend most of
their time number-crunching and rarely invoke kernel functions cannot manage without system calls. On
the other hand, interactive applications such asemacsandmozillamake frequent use of system calls.
The size of the log file foremacsis approximately 170 KiB for program launch alone (i.e., up to the end of
program initialization).(^2) The GNU standard library also includes a general routine that allows system calls to be executed by reference to their numbers if
no wrapper implementation is available.