System Calls – Why Execve and Brk(NULL) Are Always the First Two System Calls

There are in fact three gradations in system calls.

1. Some system calls return immediately. “Immediately” means that the only thing they need is a little processor time. There's no hard limit to how long they can take (except in real-time systems), but these calls return as soon as they've been scheduled for long enough.
   These calls are usually called non-blocking. Examples of non-blocking calls are calls that just read a bit of system state, or make a simple change to system state, such as getpid, gettimeofday, getuid or setuid. Some system calls can be blocking or non-blocking depending on the circumstances; for example read never blocks if the file is a pipe or other type that supports non-blocking reads and the O_NONBLOCK flag is set.
2. A few system calls can take a while to complete, but not forever. A typical example is sleep.
3. Some system calls will not return until some external event happens. These calls are said to be blocking. For example, read called on a blocking file descriptor is blocking, and so is wait.

The distinction between “fast” and “slow” system calls is close to non-blocking vs. blocking, but this time from the point of view of the kernel implementer. A fast syscall is one that is known to be able to complete without blocking or waiting. When the kernel encounters a fast syscall, it knows it can execute the syscall immediately and keep the same process scheduled. (In some operating systems with non-preemptive multitasking, fast syscalls may be non-preemptive; this is not the case in normal unix systems.) On the other hand, a slow syscall potentially requires waiting for another task to complete, so the kernel must prepare to pause the calling process and run another task.

Some cases are a bit of a gray area. For example a disk read (read from a regular file) is normally considered non-blocking, because it's not waiting for another process; it's only waiting for the disk, which normally takes only a little time to answer, but won't take forever (so that's case 2 above). But from the kernel's perspective, the process has to wait for the disk driver to complete, so it's definitely a slow syscall.

system() is equivalent to fork() + exec() + wait(); this means when a process run system() function it creates a new process and waits the end of this process. The new process executes the command in it's own environment, when it has finished the caller receives the signal child.

For further information man exec man system

"exec replaces the current process image with a new process image", this means when it exits the caller exits too as the caller has become the new process.