Interrupts, Exceptions, and

System Calls
Chester Rebeiro
IIT Madras
 OS & Events
• OS is event driven
– i.e. executes only when there is an interrupt,
trap, or system call

OS
30
Privilege level

13
User process 1 User process 2

event

time
2
 Why event driven design?
• OS cannot trust user processes
– User processes may be buggy or malicious
– User process crash should not affect OS
• OS needs to guarantee fairness to all user
processes
– One process cannot ‘hog’ CPU time
– Timer interrupts

3
 Event Types

Events

Interrupts Exceptions

Hardware Interrupts Software Interrupts

4
 Events
• Interrupts : raised by hardware or
programs to get OS attention
– Types
• Hardware interrupts : raised by external hardware
devices
• Software Interrupts : raised by user programs

• Exceptions : due to illegal operations

5
Event view of CPU

while(fetch next instruction)

Current task
suspended

Execute Instruction

Where?
If event Execute event
yes in handler

no

6
 Exception & Interrupt Vectors
Event occured What to execute next?

• Each interrupt/exception provided a number

• Number used to index into an Interrupt descriptor table
(IDT)
• IDT provides the entry point into a interrupt/exception
handler
• 0 to 255 vectors possible
– 0 to 31 used internally
– Remaining can be defined by the OS

7
Exception and Interrupt Vectors

8
 xv6 Interrupt Vectors
• 0 to 31 reserved by Intel
• 32 to 63 used for hardware interrupts
T_IRQ0 = 32 (added to all hardware IRQs to

scale them)
• 64 used for system call interrupt

ref : traps.h ([31], 3152) 9

 Events

Events

Interrupts Exceptions

Hardware Interrupts Software Interrupts

10
 Why Hardware Interrupts?
• Several devices connected to the CPU
– eg. Keyboards, mouse, network card, etc.
• These devices occasionally need to be serviced
by the CPU
– eg. Inform CPU that a key has been pressed
• These events are asynchronous i.e. we cannot
predict when they will happen.
• Need a way for the CPU to determine when a
device needs attention

11
 Possible Solution : Polling
• CPU periodically queries device to
determine if they need attention
• Useful when device often needs to send
information
– For example in data acquisition systems
• If device does not need attention often,
– Polling wastes CPU time

12
 Interrupts
• Each device signals to the CPU that it wants to be serviced
• Generally CPUs have 2 pins
– INT : Interrupt
– NMI : Non maskable – for very critical signals
• How to support more than two interrupts?

Device 2
INT
CPU

Device 1
NMI

13
 8259 Programmable Interrupt Controller

• 8259 (Programmable interrupt

controller) relays upto 8 interrupt to INT
device 0
CPU
INTA CPU
• Devices raise interrupts by an
‘interrupt request’ (IRQ)
• CPU acknowledges and queries
the 8259 to determine which device
device 7
interrupted
• Priorities can be assigned to each
IRQ line
• 8259s can be cascaded to support
more interrupts

14
 Interrupts in legacy CPUs

• 15 IRQs (IRQ0 to IRQ15), so 15 INTA

possible devices
• Interrupt types
– Edge
– Level
• Limitations
– Limited IRQs
– Spurious interrupts by 8259
• Eg. de-asserted IRQ before IRQA

15
 Edge vs Level Interrupts
• Level triggered Interrupt : as long as the IRQ line is
asserted you get an interrupt.
– Level interrupt still active even after interrupt service is complete
– Stopping interrupt would require physically deactivating the
interrupt
• Edge triggered Interrupt : Exactly one interrupt occurs
when IRQ line is asserted
– To get a new interrupt, the IRQ line must become inactive and
then become active again

• Active high interrupts: When asserted, IRQ line is high

(logic 1)

16
 Edge vs Level Interrupts
(the crying baby… an analogy)
• Level triggered interrupt :
– when baby cries (interrupt) stop what you are doing and feed the
baby
– then put the baby down
– if baby still cries (interrupt again) continue feeding
• Edge triggered interrupt
– eg. Baby cry monitor, where light turns red when baby is crying.
The light is turned off by a push button switch
• if baby cries and stops immediately you see that the baby has cried
(level triggered would have missed this)
• if the baby cries and you press the push buttton, the light turns off,
and remains off even though the button is pressed

http://venkateshabbarapu.blogspot.in/2013/03/edge-triggered-vs-level-triggered.html 17
 Spurious Interrupts
Consider the following Sequence
1. Device asserts level triggered interrupt
2. PIC tells CPU that there is an interrupt
3. CPU acknowledges and waits for PIC to send interrupt vector
4. However, device de-asserts interrupt. What does the PIC do?

This is a spurious interrupt

To prevent this, PIC sends a fake vector number called the

spurious IRQ. This is the lowest priority IRQ.

18
 Advanced Programmable Interrupt
Controller (APIC)

• External interrupts are routed from peripherals to CPUs in multi processor systems
through APIC
• APIC distributes and prioritizes interrupts to processors
• Interrupts can be configured as edge or level triggered
• Comprises of two components
– Local APIC (LAPIC)
– I/O APIC
• APICs communicate through a special 3-wire APIC bus.
– In more recent processors, they communicate over the system bus

19
 LAPIC and I/OAPIC
• LAPIC :
– Receives interrupts from I/O APIC and routes it to the
local CPU
– Can also receive local interrupts (such as from thermal
sensor, internal timer, etc)
– Send and receive IPIs (Inter processor interrupts)
• IPIs used to distribute interrupts between processors or
execute system wide functions like booting, load distribution,
etc.
• I/O APIC
– Present in chipset (north bridge)
– Used to route external interrupts to local APIC

20
 I/O APIC Configuration in xv6
• IO APIC : 82093AA I/O APIC
• Function : ioapicinit (in ioapic.c)
• All interrupts configured during boot up as
– Active high
– Edge triggered
– Disabled (interrupt masked)
• Device drivers selectively turn on interrupts using
ioapicenable
– Three devices turn on interrupts in xv6
• UART (uart.c)
• IDE (ide.c)
• Keyboard (console.c)

ref : ioapic.c [73], (http://www.intel.com/design/chipsets/datashts/29056601.pdf) 21

 LAPIC Configuration in xv6
1. Enable LAPIC and set the spurious IRQ (i.e.
the default IRQ)
2. Configure Timer
• Initialize timer register (10000000)
• Set to periodic
Initial count
10000000 9999999 9999998

3
interrupt 0
1 2

ref : lapic.c (lapicinit) (7151) 22

 What happens when there is an
Interrupt?
Device asserts IRQ of I/OAPIC

By device I/O APIC transfer interrupt to LAPIC

Either special 3 wire APIC bus
and APICs system bus

LAPIC asserts CPU interrupts

By device
and APICs
1
After current instruction completes Done by
CPU senses interrupt line and obtains IRQ number CPU
from LAPIC automaticall
y
By CPU Done in
software
2
Switch to kernel stack if necessary

23
 What more happens when there is
an Interrupt?
3 X86 saves the SS, ESP, EFLAGS,
CS, EIP, error code on stack
Basic program state saved (restored by iret instruction).
Suspends current task.

4
How does hardware find the OS
Jump to interrupt handler interrupt handler?

Just do the important stuff like

5 … respond to interrupt
software Interrupt handler (top half) … more storing of program state
… schedule the bottom half
… IRET
6 Restore flags and registers saved
Return from interrupt earlier. Restore running task.

7 The work horse for the interrupt

software Interrupt handler (bottom half)
24
 Stacks
• Each process has two Kernel (Text + Data)

stacks
– a user space stack Kernel Stack
for process

– a kernel space stack

Accessible by
kernel
Heap

Accessible by
user process
User Stack

Data

Text
(instructions)

Virtual Memory Map

25
 Switching Stack
2
(to switch or not to switch)
• When event occurs OS executes
– If executing user process, privilege changes from low to high
– If already in OS no privilege change
• Why switch stack?
– OS cannot trust stack (SS and ESP) of user process
– Therefore stack switch needed only when moving from user to
kernel mode
• How to switch stack?
– CPU should know locations of the new SS and ESP.
– Done by task segment descriptor

Done automatically by CPU

26
 To Switch or not to Switch

Executing in Executing in
Kernel space User space

• No stack switch • Switch stack to a

• Use the current stack kernel switch
 How to switch stack?
Task State Segment
• Specialized segment for hardware
support for multitasking
• TSS stored in memory
– Pointer stored as part of GDT
– Loaded by instruction : ltr(SEG_TSS <<
3) in switchuvm()
• Important contents of TSS used to
find the new stack
– SS0 : the stack segment (in kernel)
– ESP0 : stack pointer (in kernel)

ref : (switchuvm) ([18],1873), taskstate ([08],0850) 28

 3
Saving Program State
Why?
• Current program being executed must be
able to resume after interrupt service is
completed
 3
Saving Program State
Done automatically by CPU

When no stack switch occurs When stack switch occurs

use existing stack also save the previous SS and ESP
ESP before

ESP before Interrupted Procedure

EFLAGS Stack (in user space)
CS
EIP
Error Code ESP after
SS
ESP
EFLAGS Procedure’s kernel stack
SS : No change CS
ESP : new frame pushed EIP
Error Code ESP after
SS : from TSS (SS0)
Error code is only for some
exceptions. Contains additional
ESP : from TSS (ESP0)
Information. 30
 Finding the Interrupt/Exception
4
Service Routine
• IDT : Interrupt descriptor table Done automatically by
– Also called Interrupt vectors CPU
– Stored in memory and pointed to by IDTR
– Conceptually similar to GDT and LDT
– Initialized by OS at boot

Selected Descriptor =
Base Address + (Vector * 8)

31
 Interrupt Gate Descriptor
1 Segment present
points to offset in the segment 0 Segment absent
which contains the interrupt handler
(higher order bits) privilege level

points to a segment descriptor points to offset in the segment

for executable code in the GDT which contains the interrupt handler
(lower order bits)
ref : SETGATE (0921), gatedesc (0901) 32
 Getting to the Interrupt Procedure

(obtained from
either the PIC or APIC) Done
automatically
IDTR by CPU

IDTR : pointer to IDT

table in memory

64 bytes

33
 Setting up IDT in xv6

• Array of 256 gate descriptors (idt)

• Each idt has
– Segment Selector : SEG_KCODE
• This is the offset in the GDT for kernel code segment
– Offset : (interrupt) vectors (generated by Script vectors.pl)
• Memory addresses for interrupt handler
• 256 interrupt handlers possible
• Load IDTR by instruction lidt
– The IDT table is the same for all processors.
– For each processor, we need to explicetly load lidt (idtinit())

ref : tvinit() (3317) and idtinit() in trap.c 34

 Interrupt Vectors in xv6

vector i:
vector0 push 0
push i
vector1 Jmp alltraps
vector2 Error code:
Hardware pushes error
---
Code for some exceptions.
--- For others, xv6 pushes 0.

vector i
---
vector255

ref : vectors.s [generated by vectors.pl (run $perl vectors.pl)] ([32]) 35

 5

alltraps
Creates a trapframe
Stack frame used for
interrupt

Setup kernel data and code

segments

Invokes trap
(3350 [33])

ref : trapasm.S [32] (alltraps), trap.c [33] (trap()) 36

 trapframe

only if stack
SS

changed

By hardware
SS
ESP
EFLAGS
CS
EIP
Error Code Pushed by
Trap Number
ds
hardware or
es software

By software
…
eax
ecx
… argument for
esi
edi trap
esp (pointer to this trapframe)
ESP
(empty) trapframe
p->kstack

ref : struct trapframe in x86.h (0602 [06]) 37

trapframe struct
SS
ESP
EFLAGS
CS
EIP
Error Code
Trap Number
ds
es
…
eax
ecx
…
esi
edi
esp

(empty)

38
 4
Interrupt Handlers
• Typical Interrupt Handler
– Save additional CPU context (written in assembly)
(done by alltraps in xv6)
– Process interrupt (communicate with I/O devices)
– Invoke kernel scheduler
– Restore CPU context and return (written in assembly)

39
 Interrupt Latency
time needed to service an interrupt

OS
30
Privilege level

13
User process 1 User process 2

interrupt Interrupt handler executes

time
Interrupt latency can be significant

40
Importance of Interrupt Latency
• Real time systems
– OS should ‘guarantee’ interrupt latency is less than a
specified value
• Minimum Interrupt Latency
– Mostly due to the interrupt controller
• Maximum Interrupt Latency
– Due to the OS
– Occurs when interrupt handler cannot be serviced
immediately
• Eg. when OS executing atomic operations, interrupt handler
would need to wait till completion of atomic operations.
 Atomic Operations
Interrupt handler
Global variable :
int x;

Kernel code Kernel code

Atomic start interrupt

for(i = 0; I < 1000; ++i)
x++ x=x*5
Atomic end

Value of x depends on whether an interrupt occurred or not!

Solution : make the part of code atomic (i.e. disable interrupts while executing
this code)
 Nested Interrupts
Interrupt handler 2

Interrupt handler 1

interrupt

Kernel code Kernel code

interrupt
• Typically interrupts disabled until handler executes
– This reduces system responsiveness
• To improve responsiveness, enable Interrupts within handlers
– This often causes nested interrupts
– Makes system more responsive but difficult to develop and validate
• Interrupt handler approach: design interrupt handlers to be small so that
nested interrupts are less likely
 Small Interrupt Handlers
• Do as little as possible in the interrupt
handler
– Often just queue a work item or set a flag
• Defer non-critical actions till later
 Top and Bottom Half Technique
(Linux)
• Top half : do minimum work and return from
interrupt handler
– Saving registers
– Unmasking other interrupts
– Restore registers and return to previous context
• Bottom half : deferred processing
– eg. Workqueue
– Can be interrupted
 Interrupt Handlers in xv6

vectors.S alltraps Interrupt s

(alltraps.S) trap
(trap.c) specific
handler
 Example
(Keyboard Interrupt in xv6)
• Keyboard connected to
second interrupt line in
8259 master
• Mapped to vector 33 in xv6
(T_IRQ0 + IRQ_KBD).
• In function trap, invoke
keyboard interrupt
(kbdintr), which is
redirected to consleintr
 Keyboard Interrupt Handler
consoleintr (console.c)

talks to keyboard through

get pressed character (kbdgetc (kbd.c0) specific predifined io ports

Service special characters

Push into circular buffer

System Calls and Exceptions
 Events

Events

Interrupts Exceptions

Hardware Interrupts Software Interrupts

50
 Hardware vs Software
Interrupt
Hardware Interrupt Software Interrupt

.
Device
INT .
CPU INT x
.
.

• A device (like the PIC) • An instruction which

asserts a pin in the CPU when executed causes
an interrupt

51
 Software Interrupt
Software interrupt used
for implementing 3
system calls Process
– In Linux INT 128, is
used for system calls
System Calls
– In xv6, INT 64 is used INT 64
for system calls
Kernel
0

52
Example (write system call)

libc invocation
User
space write(STDOUT)

int

Int Handler
Kernel
space

Implementation
of
write syscall
System call processing in kernel
Almost similar to hardware interrupts

3
Back to user
INT 64
process

if vector = 64
0 vectors.S alltraps trap syscall
(alltraps.S) (trap.c) (syscall.c)
Executes the
System calls

54
System Calls in xv6

How does the

OS distinguish
between the system
calls?

55
 System Call Number
System call number used to distinguish between system calls
System call numbers System call handlers
System
call number
mov x, %eax
INT 64

Based on the system call number

function syscall invokes the
corresponding syscall handler

ref : syscall.h, syscall() in syscall.c 56

 Prototype of a typical System Call
int system_call( resource_descriptor, parameters)

return is generally
‘int’ (or equivalent)
sometimes ‘void’ What OS resource is the target
here?
int used to denote completion For example a file, device, etc.
status of system call sometimes
also has additional information If not specified, generally means
like number of bytes written to the current process
file

System call specific parameters

passed.
How are they passed?

57
 Passing Parameters
in System Calls
• Passing parameters to system calls not similar
to passing parameters in function calls
– Recall stack changes from user mode stack to kernel
stack.
• Typical Methods
– Pass by Registers (eg. Linux)
– Pass via user mode stack (eg. xv6)
• Complex
– Pass via a designated memory region
• Address passed through registers

58
 Pass By Registers (Linux)
• System calls with fewer than 6 parameters
passed in registers
– %eax (sys call number), %ebx, %ecx,, %esi, %edi,
%ebp
• If 6 or more arguments
– Pass pointer to block structure containing argument
list
• Max size of argument is the register size (eg. 32
bit)
– Larger pointers passed through pointers

59
 Pass via User Mode Stack (xv6)
User stack trapframe
param1 SS
ESP ESP pushed by hardware
User process param2
param3 EFLAGS contains user mode stack
push param1 CS pointer
push param2 EIP
push param3 Error Code
mov sysnum, %eax Trap Number
ds
int 64
es
…
eax
ecx
… proc entry
esi for process
edi
ESP Points to trapframe

(empty)

ref : sys_open (sysfile.c), argint, fetchint (syscall.c) 60

 Returns from System Calls
trapframe
User process SS
ESP in system call
push param1 EFLAGS move result to eax in
push param2 CS trap frame
push param3 EIP
mov sysnum, %eax Error Code
Trap Number
int 64
ds
….. es
…
eax
d
ecx
ore g
ll y rest eturnin …
ic a r
omat re while esi
Return value A ut
w a
ard ss edi
register EAX by h er proce
to u
s ESP

(empty)

61
 Events

Events

Interrupts Exceptions

Hardware Interrupts Software Interrupts

62
 Exception Sources
– Program-Error Exceptions
• Eg. divide by zero
– Software Generated Exceptions
• Example INTO, INT 3, BOUND
• INT 3 is a break point exception
• INTO overflow instruction
• BOUND, Bound range exceeded
– Machine-Check Exceptions
• Exception occurring due to a hardware error (eg. System bus error,
parity errors in memory, cache memory errors)

Microsoft Windows : Machine check exception

63
 Exception Types

Exceptions

Faults Traps

Aborts

• Exceptions in the user space vs kernel space

64
 Faults
Exception that generally can be corrected.
Once corrected, the program can continue execution.

Examples :
Divide by zero error
Invalid Opcode
Device not available
Segment not present
Page not present

65
 Traps
Traps are reported immediately after the
execution of the trapping instruction.

Examples:
Breakpoint
Overflow
Debug instructions

66
 Aborts
Severe unrecoverable errors

Examples
Double fault : occurs when an exception is
unhandled or when an exception occurs while
the CPU is trying to call an exception handler.
Machine Check : internal errors in hardware
detected. Such as bad memory, bus errors,
cache errors, etc.

67