I have been writing programs in C/C++ that make use of the Linux API and make system calls like fork(),read(),write() etc. Now, I am beginning to wonder if these library functions are actually system calls, or are they some kind of wrapper functions.
我一直在用C/ c++编写程序来使用Linux API,并使系统调用像fork()、read()、write()等等。现在,我开始怀疑这些库函数是否实际上是系统调用,或者它们是某种包装器函数。
What really happens when a program makes a call to write() ? How does this function interact with the kernel ? If this is a wrapper then why do we need it ?
当程序调用write()时,会发生什么?这个函数如何与内核交互?如果这是一个包装器,那么为什么我们需要它呢?
2 个解决方案
#1
6
All such functions are real userspace functions in libc.so
that your binary is linked against. But most of them are just tiny wrappers for syscalls which are the interface between the userspace and the kernel (see also syscall(2)
).
所有这些函数都是libc中的实际用户空间函数。这样你的二进制文件就被链接了。但是大多数只是syscalls的小包装,syscalls是userspace和内核之间的接口(参见syscall(2)))。
Note that functions that are purely userspace (like fmod(3)
) or do some things in userspace in addition to calling the kernel (like execl(3)
) have their manpages in the section 3 while functions that just call the kernel (like read(2)
) have them in the section 2.
注意,纯用户空间的函数(如fmod(3))或在用户空间中除了调用内核(如execl(3))之外做一些事情的函数(如execl(3))在第3节中有它们的手册页,而仅调用内核的函数(如read(2))在第2节中有它们。
#2
1
using this simple code :
使用这个简单的代码:
int main()
{
int f = open("/tmp/test.txt", O_CREAT | O_RDWR, 0666);
write(f, "hello world", 11);
close(f);
return 0;
}
you can use strace
to find system calls used in the binary file :
您可以使用strace查找二进制文件中使用的系统调用:
gcc test.c -o test
strace ./test
the result is something like this :
结果是这样的:
.
.
.
open("/tmp/test.txt", O_RDWR|O_CREAT, 0666) = 3
write(3, "hello world", 11) = 11
close(3) = 0
exit_group(0) = ?
as for fork()
, it's actually a wrapper around clone()
system call
至于fork(),它实际上是克隆()系统调用的包装器
#1
6
All such functions are real userspace functions in libc.so
that your binary is linked against. But most of them are just tiny wrappers for syscalls which are the interface between the userspace and the kernel (see also syscall(2)
).
所有这些函数都是libc中的实际用户空间函数。这样你的二进制文件就被链接了。但是大多数只是syscalls的小包装,syscalls是userspace和内核之间的接口(参见syscall(2)))。
Note that functions that are purely userspace (like fmod(3)
) or do some things in userspace in addition to calling the kernel (like execl(3)
) have their manpages in the section 3 while functions that just call the kernel (like read(2)
) have them in the section 2.
注意,纯用户空间的函数(如fmod(3))或在用户空间中除了调用内核(如execl(3))之外做一些事情的函数(如execl(3))在第3节中有它们的手册页,而仅调用内核的函数(如read(2))在第2节中有它们。
#2
1
using this simple code :
使用这个简单的代码:
int main()
{
int f = open("/tmp/test.txt", O_CREAT | O_RDWR, 0666);
write(f, "hello world", 11);
close(f);
return 0;
}
you can use strace
to find system calls used in the binary file :
您可以使用strace查找二进制文件中使用的系统调用:
gcc test.c -o test
strace ./test
the result is something like this :
结果是这样的:
.
.
.
open("/tmp/test.txt", O_RDWR|O_CREAT, 0666) = 3
write(3, "hello world", 11) = 11
close(3) = 0
exit_group(0) = ?
as for fork()
, it's actually a wrapper around clone()
system call
至于fork(),它实际上是克隆()系统调用的包装器