Function Calling

Nahush Gowda

Function calling is an LLM capability and interface pattern where the model emits a structured function name and machine-validated arguments (typically JSON) that a runtime uses to invoke external tools, APIs, or code. It enables deterministic tool use, safer actuation, and multi-step reasoning–acting loops in agentic systems.

What is Function Calling?

Function calling extends text generation with schema-governed actions. Each tool is described by a name, description, and parameter schema (JSON Schema/Pydantic-like). During inference, the model selects a function and generates arguments that must validate against the schema. The host executes the tool, captures results, and feeds them back to the model for continued reasoning. Planners use this to decompose goals, call search/DB/code tools, and iterate. Advanced flows support parallel calls, tool choice constraints, multi-turn argument refinement, and output formatting contracts (e.g., JSON Modes) to reduce brittleness.

Where it’s used and why it matters

Function calling underpins agentic workflows: web search/browse, database queries, file I/O, code execution, RPA, and SaaS integrations (CRM, tickets, chat). Schemas improve reliability, allow policy enforcement (types, enums, ranges), and reduce prompt brittleness. Deterministic selection and validation minimize unsafe free-form outputs, cut hallucinations about tools, and enable auditable, testable automations.

Examples

  • Search + retrieve: call a web_search(query) tool, then summarize results.
  • Data access: run sql_query(statement) with parameterized inputs and return rows for analysis.
  • Actions: create_ticket(project, title, severity) then post a follow-up comment.
  • Multistep: plan → call tools → verify → finalize with a constrained JSON report.

FAQs

  • How is this different from plugins? Plugins expose tools; function calling is the model/runtime protocol to choose and invoke them.
  • Can models call multiple tools? Yes; some runtimes support parallel calls, aggregation, and retries.
  • How do you keep it safe? Use least-privilege scopes, strict schemas, allow/deny lists, and human approval for high-risk tools.
  • What if arguments are wrong? Validate, return structured errors, and let the model self-correct; cap retries to avoid loops.
Ask Our AI Assistant ×