The fly in this ointment is that ordinary programs can make subroutine calls to any memory address in their own code, but we cannot allow user programs to call the operating system at any old location. The operating system must be called only at well-defined entry points that correspond to published subroutines. A call to the operating system is called, not surprisingly, a system call.)

One of the weaknesses of the von Neumann architecture we have been studying all along is that a CAL instruction can specify any address as its jump target, although we almost always want that address to correspond to the beginning of a subprogram. User programs cannot be allowed to jump to any address because they could easily bypass security checking. In fact, a user program could jump to an instruction that changes the mode to privileged and then it would be able to do anything. This is exactly the kind of loophole that hackers seek when they break into systems, because they can't do much until they get the full privileges of root (also called superuser.)