Jimmy Chen

A Programmer

(原创)Android Zygote分析

1. app_process到zygote

zygote本身是一个Native应用程序,和驱动、内核均无关系,zygote是由init进行根据init.rc文件中的配置进行创建的,具体的配置代码如下:

1.1 zygote启动的init.rc文件定义

service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
    class main
    socket zygote stream 660 root system
    onrestart write /sys/android_power/request_state wake
    onrestart write /sys/power/state on
    onrestart restart media
    onrestart restart netd

  上面的代码中可以看出,zygote的原名是app_precess,在启动的时候是通过Linux下的pctrl系统调用将自己改名为zygote,app_process对应的源文件是App_main.cpp.

1.2 App_main.cpp的main函数

int main(int argc, char* const argv[])
{
    // argc = 5, argv = “/system/bin/app_process -Xzygote /system/bin --zygote --start-system-server”
    ………….
    AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv));
    argc--;    // 跳过第一个参数/system/bin/app_precess
    argv++;

    // -Xzygote为虚拟机参数,在启动虚拟机是传递到虚拟机
    int i;
    for (i = 0; i < argc; i++) {
        if (argv[i][0] != '-') {
            break;
        }
        if (argv[i][1] == '-' && argv[i][2] == 0) {
            ++i; // Skip --.
            break;
        }
        runtime.addOption(strdup(argv[i]));
    }

    // Parse runtime arguments.  Stop at first unrecognized option.
    bool zygote = false;
    bool startSystemServer = false;
    bool application = false;
    String8 niceName;
    String8 className;

    // 跳过 /system/bin参数
    ++i;  // Skip unused "parent dir" argument.
    // 根据参数进行赋值
    while (i < argc) {
        const char* arg = argv[i++];
        if (strcmp(arg, "--zygote") == 0) {
            zygote = true;
            niceName = ZYGOTE_NICE_NAME;
        } else if (strcmp(arg, "--start-system-server") == 0) {
            startSystemServer = true;
        } else if (strcmp(arg, "--application") == 0) {
            application = true;
        } else if (strncmp(arg, "--nice-name=", 12) == 0) {
            niceName.setTo(arg + 12);
        } else if (strncmp(arg, "--", 2) != 0) {
            className.setTo(arg);
            break;
        } else {
            --i;
            break;
        }
    }

    Vector<String8> args;
    if (!className.isEmpty()) {  // className未赋值,跳过
        args.add(application ? String8("application") : String8("tool"));
        runtime.setClassNameAndArgs(className, argc - i, argv + i);
    } else {
        // We're in zygote mode.
        // 设置指令集、划分虚拟机使用的cache、将cache文件的权限设置为711,同时修改拥有者为root user
        maybeCreateDalvikCache();

        if (startSystemServer) {
            args.add(String8("start-system-server"));
        }

        char prop[PROP_VALUE_MAX];
        if (property_get(ABI_LIST_PROPERTY, prop, NULL) == 0) {
            LOG_ALWAYS_FATAL("app_process: Unable to determine ABI list from property %s.",
                ABI_LIST_PROPERTY);
            return 11;
        }

        // 添加ABI_LIST
        String8 abiFlag("--abi-list=");
        abiFlag.append(prop);
        args.add(abiFlag);

        // In zygote mode, pass all remaining arguments to the zygote
        // main() method.
        for (; i < argc; ++i) {
            args.add(String8(argv[i]));
        }
    }

    // 修改线程名为zygote
    if (!niceName.isEmpty()) {
        runtime.setArgv0(niceName.string());
        set_process_name(niceName.string());
    }

    // 根据得到的参数调用com.android.internal.os.ZygoteInit
    // args这个vector中包含两个成员,args[0] = “start-system-server”
    // args[1] = “—abi-list=xxx” xxx代码的是CPU的结构,比如armeabi-v7a, arm64-v8a
    if (zygote) {
        runtime.start("com.android.internal.os.ZygoteInit", args, zygote);
    } else if (className) {
        runtime.start("com.android.internal.os.RuntimeInit", args, zygote);
    } else {
        fprintf(stderr, "Error: no class name or --zygote supplied.\n");
        app_usage();
        LOG_ALWAYS_FATAL("app_process: no class name or --zygote supplied.");
        return 10;
    }
}

2. AppRuntime分析

AppRuntime类的声明和实现都在App_main.cpp中,它是从AndroidRuntime类派生出来的,代码如下:

2.1 AndroidRuntime.cpp的start函数

// className = "com.android.internal.os.ZygoteInit", options包含两个string8成员
// args[0] = “start-system-server” args[1] = “—abi-list=xxx”, zygote = true
void AndroidRuntime::start(const char* className, const Vector<String8>& options, bool zygote)
{
    ALOGD(">>>>>> START %s uid %d <<<<<<\n",
            className != NULL ? className : "(unknown)", getuid());

    static const String8 startSystemServer("start-system-server");

    /*
     * 'startSystemServer == true' means runtime is obsolete and not run from
     * init.rc anymore, so we print out the boot start event here.
     */
    for (size_t i = 0; i < options.size(); ++i) {
        if (options[i] == startSystemServer) {
           /* track our progress through the boot sequence */
           const int LOG_BOOT_PROGRESS_START = 3000;
           LOG_EVENT_LONG(LOG_BOOT_PROGRESS_START,  ns2ms(systemTime(SYSTEM_TIME_MONOTONIC)));
        }
    }

    const char* rootDir = getenv("ANDROID_ROOT");
    if (rootDir == NULL) {
        rootDir = "/system";
        if (!hasDir("/system")) {
            LOG_FATAL("No root directory specified, and /android does not exist.");
            return;
        }
        setenv("ANDROID_ROOT", rootDir, 1);
    }

    //const char* kernelHack = getenv("LD_ASSUME_KERNEL");
    //ALOGD("Found LD_ASSUME_KERNEL='%s'\n", kernelHack);

    /* start the virtual machine */
    // 创建并启动虚拟机
    JniInvocation jni_invocation;
    jni_invocation.Init(NULL);
    JNIEnv* env;
    if (startVm(&mJavaVM, &env, zygote) != 0) {
        return;
    }
    onVmCreated(env);

    /*
     * Register android functions.
     */
    // 设置虚拟机的JNI环境
    if (startReg(env) < 0) {
        ALOGE("Unable to register all android natives\n");
        return;
    }

    /*
     * We want to call main() with a String array with arguments in it.
     * At present we have two arguments, the class name and an option string.
     * Create an array to hold them.
     */
    // 调用JNI方法调用com.android.internal.os.ZygoteInit中的main方法
    jclass stringClass;
    jobjectArray strArray;
    jstring classNameStr;

    stringClass = env->FindClass("java/lang/String");
    assert(stringClass != NULL);
    strArray = env->NewObjectArray(options.size() + 1, stringClass, NULL);
    assert(strArray != NULL);
    classNameStr = env->NewStringUTF(className);
    assert(classNameStr != NULL);
    env->SetObjectArrayElement(strArray, 0, classNameStr);

    for (size_t i = 0; i < options.size(); ++i) {
        jstring optionsStr = env->NewStringUTF(options.itemAt(i).string());
        assert(optionsStr != NULL);
        env->SetObjectArrayElement(strArray, i + 1, optionsStr);
    }
    // 至此,strArray中包含三个成员,分别是 
    // strArray[0] = “com.android.internal.os.ZygoteInit”
    // strArray[1] = “start-system-server”
    // strArray[2] = “—abi-list=xxx”

    /*
     * Start VM.  This thread becomes the main thread of the VM, and will
     * not return until the VM exits.
     */
    // className=”com.android.internal.os.ZygoteInit”,调用如下方法后,
    // slashClassName=”com/android/internal/os/ZygoteInit”
    char* slashClassName = toSlashClassName(className);
    jclass startClass = env->FindClass(slashClassName);
    if (startClass == NULL) {
        ALOGE("JavaVM unable to locate class '%s'\n", slashClassName);
        /* keep going */
    } else {
    // 找到ZygoteInit的main方法
        jmethodID startMeth = env->GetStaticMethodID(startClass, "main",
            "([Ljava/lang/String;)V");
        if (startMeth == NULL) {
            ALOGE("JavaVM unable to find main() in '%s'\n", className);
            /* keep going */
        } else {
            // 调用ZygoteInit的main方法
            env->CallStaticVoidMethod(startClass, startMeth, strArray);

#if 0
            if (env->ExceptionCheck())
                threadExitUncaughtException(env);
#endif
        }
    }
    free(slashClassName);

    ALOGD("Shutting down VM\n");
    if (mJavaVM->DetachCurrentThread() != JNI_OK)
        ALOGW("Warning: unable to detach main thread\n");
    if (mJavaVM->DestroyJavaVM() != 0)
        ALOGW("Warning: VM did not shut down cleanly\n");
}

  上述内容都是在Native层运行的,但是在调用ZygoteInit的main方法后,程序便会进入到Java的世界里面,下面来看看上面没有具体解释道的startVm和startReg方法。

2.2 AndroidRuntime.cpp的startVm函数

int AndroidRuntime::startVm(JavaVM** pJavaVM, JNIEnv** pEnv, bool zygote)
{
    JavaVMInitArgs initArgs;
    ……….
    // 这里很多char buffer的定义,都去掉了

    /*
    下面很多代码都是用来设置JNI Check选项的。JNI Check顾名思义是指Native层调用JNI函数时,系统所做的检查工作。
    例如,调用NewUTFString函数的时候,系统会检查传入的字符串是不是符合UTF-8的要求,JNI Check汉能检查资源是否被正确释放。
    
    但是开启这个选项也是有副作用的,主要表现为:
    1)因为检查工作比较耗时,所以会影响系统的运行速度
    2)有些检查过于严格,例如上面的字符串检查,一旦报错,调用进程就会abort

    所以JNI Check一般是在eng版本会设置,在正式发布的user版本就不设置该选项
    */
    bool checkJni = false;
    property_get("dalvik.vm.checkjni", propBuf, "");
    if (strcmp(propBuf, "true") == 0) {
        checkJni = true;
    } else if (strcmp(propBuf, "false") != 0) {
        /* property is neither true nor false; fall back on kernel parameter */
        property_get("ro.kernel.android.checkjni", propBuf, "");
        if (propBuf[0] == '1') {
            checkJni = true;
        }
    }
    ALOGD("CheckJNI is %s\n", checkJni ? "ON" : "OFF");
    if (checkJni) {
        /* extended JNI checking */
        addOption("-Xcheck:jni");

        /* with -Xcheck:jni, this provides a JNI function call trace */
        //addOption("-verbose:jni");
    }

    property_get("dalvik.vm.execution-mode", propBuf, "");
    if (strcmp(propBuf, "int:portable") == 0) {
        executionMode = kEMIntPortable;
    } else if (strcmp(propBuf, "int:fast") == 0) {
        executionMode = kEMIntFast;
    } else if (strcmp(propBuf, "int:jit") == 0) {
        executionMode = kEMJitCompiler;
    }

    // 设置虚拟机产生的trace文件,主要用于分析系统问题,默认路劲可以通过adb shell连接手机执行getprop | grep trace查看
    parseRuntimeOption("dalvik.vm.stack-trace-file", stackTraceFileBuf, "-Xstacktracefile:");

    strcpy(jniOptsBuf, "-Xjniopts:");
    if (parseRuntimeOption("dalvik.vm.jniopts", jniOptsBuf, "-Xjniopts:")) {
        ALOGI("JNI options: '%s'\n", jniOptsBuf);
    }

    ………..

    /*
     * The default starting and maximum size of the heap.  Larger
     * values should be specified in a product property override.
     */
    parseRuntimeOption("dalvik.vm.heapstartsize", heapstartsizeOptsBuf, "-Xms", "4m");
    parseRuntimeOption("dalvik.vm.heapsize", heapsizeOptsBuf, "-Xmx", "16m");

    parseRuntimeOption("dalvik.vm.heapgrowthlimit", heapgrowthlimitOptsBuf, "-XX:HeapGrowthLimit=");
    parseRuntimeOption("dalvik.vm.heapminfree", heapminfreeOptsBuf, "-XX:HeapMinFree=");
    parseRuntimeOption("dalvik.vm.heapmaxfree", heapmaxfreeOptsBuf, "-XX:HeapMaxFree=");
    parseRuntimeOption("dalvik.vm.heaptargetutilization",
                       heaptargetutilizationOptsBuf,
                       "-XX:HeapTargetUtilization=");
    // 接下来很多都是设置虚拟机参数,具体可以自行查看
    ……….

    /*
     * When running with debug.generate-debug-info, add --generate-debug-info to
     * the compiler options so that the boot image, if it is compiled on device,
     * will include native debugging information.
     */
    property_get("debug.generate-debug-info", propBuf, "");
    if (strcmp(propBuf, "true") == 0) {
        addOption("-Xcompiler-option");
        addOption("--generate-debug-info");
        addOption("-Ximage-compiler-option");
        addOption("--generate-debug-info");
    }

    /*
     * Retrieve the build fingerprint and provide it to the runtime. That way, ANR dumps will
     * contain the fingerprint and can be parsed.
     */
    parseRuntimeOption("ro.build.fingerprint", fingerprintBuf, "-Xfingerprint:");

    initArgs.version = JNI_VERSION_1_4;
    initArgs.options = mOptions.editArray();
    initArgs.nOptions = mOptions.size();
    initArgs.ignoreUnrecognized = JNI_FALSE;

    /*
     * Initialize the VM.
     *
     * The JavaVM* is essentially per-process, and the JNIEnv* is per-thread.
     * If this call succeeds, the VM is ready, and we can start issuing
     * JNI calls.
     */
    // 初始化虚拟机
    if (JNI_CreateJavaVM(pJavaVM, pEnv, &initArgs) < 0) {
        ALOGE("JNI_CreateJavaVM failed\n");
        return -1;
    }

    return 0;
}

接下来看startReg函数:

2.3 AndroidRuntime.cpp的startReg函数


/*
 * Register android native functions with the VM.
 */
/*static*/ int AndroidRuntime::startReg(JNIEnv* env)
{
    /*
     * This hook causes all future threads created in this process to be
     * attached to the JavaVM.  (This needs to go away in favor of JNI
     * Attach calls.)
     */
    // 设置Thread类的线程创建函数为javaCreateThreadEtc,androidSetCreateThreadFunc下面分析
    androidSetCreateThreadFunc((android_create_thread_fn) javaCreateThreadEtc);

    ALOGV("--- registering native functions ---\n");

    /*
     * Every "register" function calls one or more things that return
     * a local reference (e.g. FindClass).  Because we haven't really
     * started the VM yet, they're all getting stored in the base frame
     * and never released.  Use Push/Pop to manage the storage.
     */
    env->PushLocalFrame(200);

    // 注册JNI函数,gRegJNI是个全局数组,register_jni_procs下面分析
    if (register_jni_procs(gRegJNI, NELEM(gRegJNI), env) < 0) {
        env->PopLocalFrame(NULL);
        return -1;
    }
    env->PopLocalFrame(NULL);

    //createJavaThread("fubar", quickTest, (void*) "hello");

    return 0;
}

  androidSetCreateThreadFunc代码如下,非常简单,只是将gCreateThreadFn指向javaCreateThreadEtc

void androidSetCreateThreadFunc(android_create_thread_fn func)
{
    gCreateThreadFn = func;
}

  register_jni_procs则是简单的封装,调用数组元素的MProc函数

static int register_jni_procs(const RegJNIRec array[], size_t count, JNIEnv* env)
{
    for (size_t i = 0; i < count; i++) {
        if (array[i].mProc(env) < 0) {
#ifndef NDEBUG
            ALOGD("----------!!! %s failed to load\n", array[i].mName);
#endif
            return -1;
        }
    }
    return 0;
}

其中gRegJNI定义如下,包含的是要注册到JNI中的函数

static const RegJNIRec gRegJNI[] = {
    REG_JNI(register_com_android_internal_os_RuntimeInit),
    REG_JNI(register_android_os_SystemClock),
    REG_JNI(register_android_util_EventLog),
    ………..
}

REG_JNI是一个宏,定义如下:

#ifdef NDEBUG
    #define REG_JNI(name)      { name }
    struct RegJNIRec {
        int (*mProc)(JNIEnv*);
    };
#else
    #define REG_JNI(name)      { name, #name }
    struct RegJNIRec {
        int (*mProc)(JNIEnv*);
        const char* mName;
    };
#endif

当调用array[i].mProc(env)就相当于调用相应的函数

3. Java World

上面分析到,在AndroidRuntime.cpp的start函数的最后调用CallStaticVoidMethod方法,该方法会调用到com.android.internal.os.ZygoteInit的main函数。

3.1 ZygoteInit.java的main函数

public static void main(String argv[]) {
    try {
        RuntimeInit.enableDdms();   // 开启DDMS功能
        /// M: Added for BOOTPROF
        //MTPROF_DISABLE = "1".equals(SystemProperties.get("ro.mtprof.disable"));
        MTPROF_DISABLE = false;
        // Start profiling the zygote initialization.
        SamplingProfilerIntegration.start();

        boolean startSystemServer = false;
        String socketName = "zygote";
        String abiList = null;
        // 解析传入的argv参数,其中argv就是AndroidRuntime.cpp中的strArray
        // strArray[0] = “com.android.internal.os.ZygoteInit”
        // strArray[1] = “start-system-server”
        // strArray[2] = “—abi-list=xxx”

        for (int i = 1; i < argv.length; i++) {
            if ("start-system-server".equals(argv[i])) {
                startSystemServer = true;
            } else if (argv[i].startsWith(ABI_LIST_ARG)) {
                abiList = argv[i].substring(ABI_LIST_ARG.length());
            } else if (argv[i].startsWith(SOCKET_NAME_ARG)) {
                socketName = argv[i].substring(SOCKET_NAME_ARG.length());
            } else {
                throw new RuntimeException("Unknown command line argument: " + argv[i]);
            }
        }

        if (abiList == null) {
            throw new RuntimeException("No ABI list supplied.");
        }

        // 注册Zygote使用的socket
        registerZygoteSocket(socketName);
        EventLog.writeEvent(LOG_BOOT_PROGRESS_PRELOAD_START,
            SystemClock.uptimeMillis());
        /// M: Added for BOOTPROF
        addBootEvent(new String("Zygote:Preload Start"));
        
        // 预加载类和相应资源
        preload();
        EventLog.writeEvent(LOG_BOOT_PROGRESS_PRELOAD_END,
            SystemClock.uptimeMillis());

        // Finish profiling the zygote initialization.
        SamplingProfilerIntegration.writeZygoteSnapshot();

        // Do an initial gc to clean up after startup
        // 强制执行gc进行一次垃圾回收
        gcAndFinalize();

        // Disable tracing so that forked processes do not inherit stale tracing tags from
        // Zygote.
        Trace.setTracingEnabled(false);

        /// M: Added for BOOTPROF
        addBootEvent(new String("Zygote:Preload End"));

        // startSystemServer为true
        if (startSystemServer) {
            // 启动system_server进程
            startSystemServer(abiList, socketName);
        }

        Log.i(TAG, "Accepting command socket connections");
        runSelectLoop(abiList);

        closeServerSocket();
    } catch (MethodAndArgsCaller caller) {
        caller.run();
    } catch (RuntimeException ex) {
        Log.e(TAG, "Zygote died with exception", ex);
        closeServerSocket();
        throw ex;
    }
}

3.2 ZygoteInit.java的registerZygoteSocket函数

// socketName=”zygote”
private static void registerZygoteSocket(String socketName) {
    if (sServerSocket == null) {
        int fileDesc;
        // fullSocketName=”ANDROID_SOCKEY_zygote”
        final String fullSocketName = ANDROID_SOCKET_PREFIX + socketName;
        try {
            // 这个应该是在之前有设置相应的环境变量,这里取出来
            String env = System.getenv(fullSocketName);
            fileDesc = Integer.parseInt(env);
        } catch (RuntimeException ex) {
            throw new RuntimeException(fullSocketName + " unset or invalid", ex);
        }

        try {
            FileDescriptor fd = new FileDescriptor();
            fd.setInt$(fileDesc);    // 设置文件描述符
            sServerSocket = new LocalServerSocket(fd);    // 创建socket本地服务端
        } catch (IOException ex) {
            throw new RuntimeException(
                    "Error binding to local socket '" + fileDesc + "'", ex);
        }
    }
}

3.3 ZygoteInit.java的preload函数

static void preload() {
    Log.d(TAG, "begin preload");
    Log.i(TAG1, "preloadMappingTable() -- start ");
    PluginLoader.preloadPluginInfo();
    Log.i(TAG1, "preloadMappingTable() -- end ");
    // 预加载位于system/etc/preload-class文件中指定的class
    // preloadClasses()最后会通过Class.forName(String, Boolean, ClassLoader)来加载preloade-class中指定的class文件
    // system/etc/preload_class文件在源码的位置为framework/base/preload-class
    preloadClasses();
    // 预加载资源,包括drawable和color资源
    preloadResources();
    // 预加载OpenGL
    preloadOpenGL();
    // 通过System.LoadLibrary()方法
    // 预加载”android”, ”compiler-rt” 和 “jnigraphics”三个共享库
    preloadSharedLibraries();
    // 预加载文本资源
    preloadTextResources();
    // Ask the WebViewFactory to do any initialization that must run in the zygote process,
    // for memory sharing purposes.
    WebViewFactory.prepareWebViewInZygote();
    Log.d(TAG, "end preload");
}

3.4 ZygoteInit.java的startSystemServer

private static boolean startSystemServer(String abiList, String socketName)
        throws MethodAndArgsCaller, RuntimeException {
    long capabilities = posixCapabilitiesAsBits(
        OsConstants.CAP_BLOCK_SUSPEND,
        OsConstants.CAP_KILL,
        OsConstants.CAP_NET_ADMIN,
        OsConstants.CAP_NET_BIND_SERVICE,
        OsConstants.CAP_NET_BROADCAST,
        OsConstants.CAP_NET_RAW,
        OsConstants.CAP_SYS_MODULE,
        OsConstants.CAP_SYS_NICE,
        OsConstants.CAP_SYS_RESOURCE,
        OsConstants.CAP_SYS_TIME,
        OsConstants.CAP_SYS_TTY_CONFIG
    );
    /* Hardcoded command line to start the system server */
    // 启动参数设置
    String args[] = {
        "--setuid=1000",
        "--setgid=1000",
        "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1032,3001,3002,3003,3006,3007",
        "--capabilities=" + capabilities + "," + capabilities,
        "--nice-name=system_server",
        "--runtime-args",
        "com.android.server.SystemServer",
    };
    ZygoteConnection.Arguments parsedArgs = null;

    int pid;

    try {
        // 解析参数,将上面的字符串数据转换成Arguments对象
        parsedArgs = new ZygoteConnection.Arguments(args);
        ZygoteConnection.applyDebuggerSystemProperty(parsedArgs);
        ZygoteConnection.applyInvokeWithSystemProperty(parsedArgs);

        /* Request to fork the system server process */
        // fork一个子进程,子进程就是system_server进程
        pid = Zygote.forkSystemServer(
                parsedArgs.uid, parsedArgs.gid,
                parsedArgs.gids,
                parsedArgs.debugFlags,
                null,
                parsedArgs.permittedCapabilities,
                parsedArgs.effectiveCapabilities);
    } catch (IllegalArgumentException ex) {
        throw new RuntimeException(ex);
    }

    /* For child process */
    // ford返回值等于0,表明是子进程即system_server所在分支代码
    if (pid == 0) {
        if (hasSecondZygote(abiList)) {
            waitForSecondaryZygote(socketName);
        }

        // system_server进程所做的工作,在这里会启动各种支撑系统运行的System server
        handleSystemServerProcess(parsedArgs);
    }

    return true;
}

Zygeto进行fork后,分裂出一个system_server进程,这里主要介绍Zygote,system_server内容后面再介绍

3.5 ZygoteInit.java的runSelectLoop函数

private static void runSelectLoop(String abiList) throws MethodAndArgsCaller {
    ArrayList<FileDescriptor> fds = new ArrayList<FileDescriptor>();
    ArrayList<ZygoteConnection> peers = new ArrayList<ZygoteConnection>();

    // sServerSocket是在1.3.2创建的Zygote本地服务端socket,现在将其添加到fds[0]中
    fds.add(sServerSocket.getFileDescriptor());
    peers.add(null);

    while (true) {
        StructPollfd[] pollFds = new StructPollfd[fds.size()];
        for (int i = 0; i < pollFds.length; ++i) {
            pollFds[i] = new StructPollfd();
            pollFds[i].fd = fds.get(i);
            pollFds[i].events = (short) POLLIN;
        }
        try {
            // 通过select机制来处理轮询,提高性能,当有pooFds到来,进程会从这里唤醒,否则一直阻塞
            Os.poll(pollFds, -1);
        } catch (ErrnoException ex) {
            throw new RuntimeException("poll failed", ex);
        }
        for (int i = pollFds.length - 1; i >= 0; --i) {
            // 使用多路复用I/O模型,当有连接或者接收到对端的数据才继续往下执行
            // 否则,使用continue,跳出循环后继续等待连接or接受数据
            if ((pollFds[i].revents & POLLIN) == 0) {
                continue;
            }
            if (i == 0) {
                // 表示有新连接到来
                ZygoteConnection newPeer = acceptCommandPeer(abiList);
                peers.add(newPeer);
                fds.add(newPeer.getFileDesciptor());
            } else {
                // 表示接收到对端发出的数据,调用runOnce()进行数据处理
                boolean done = peers.get(i).runOnce();
                if (done) {
                    peers.remove(i);
                    fds.remove(i);
                }
            }
        }
    }
}

runSelectLoop的主体是一个死循环,它将用作zygote的守护体存在

3.6 ZygoteInit.java的runOnce函数

代码如下,省略了大部分内容

boolean runOnce() throws MethodAndArgsCaller {
    ZygoteConnection.Arguments parsedArgs = null;

     …………..

        try {
            ……….
            // zygote需为新启动的应用程序生成独立的进程实体,这个工作就委托到forkAndSpecialize函数来做
            pid = Zygote.forkAndSpecialize(parsedArgs.uid, parsedArgs.gid, parsedArgs.gids, parsedArgs.debugFlags, ex, parsedArgs.mountExternal, parsedArgs.seInfo, parsedArgs.niceName);
        } catch (IOException var17) {
        …………..

        boolean ex1;
        try {
            // 父进程需要完成的内容
            if(pid != 0) {
                IoUtils.closeQuietly(childPipeFd);
                childPipeFd = null;
                ex1 = this.handleParentProc(pid, descriptors, serverPipeFd, parsedArgs);
                return ex1;
            }

            // 子进程需要完成的内容
            IoUtils.closeQuietly(serverPipeFd);
            serverPipeFd = null;
            this.handleChildProc(parsedArgs, descriptors, childPipeFd, newStderr);
            ex1 = true;
        } finally {
            IoUtils.closeQuietly(childPipeFd);
            IoUtils.closeQuietly(serverPipeFd);
        }

        return ex1;
    }
}

3.7 Zygote.java的forkAndSpecialize函数

public static int forkAndSpecialize(int uid, int gid, int[] gids, int debugFlags,
      int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose,
      String instructionSet, String appDataDir) {
    VM_HOOKS.preFork();
    int pid = nativeForkAndSpecialize(
              uid, gid, gids, debugFlags, rlimits, mountExternal, seInfo, niceName, fdsToClose,
              instructionSet, appDataDir);
    // Enable tracing as soon as possible for the child process.
    if (pid == 0) {
        Trace.setTracingEnabled(true);

        // Note that this event ends at the end of handleChildProc,
        Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "PostFork");
    }
    VM_HOOKS.postForkCommon();
    return pid;
}

  forkAndSpecialize函数实在“孵化”的同时将新创建的进程转换为目标Android应用程序。函数forkAndSpecialize包含三个步骤,分别是preFork、nativeForkAndSpecialize和postForkCommon。preFork通过JNI调用到dalvik_system_ZygoteHooks.cc中的ZygoteHooks_nativePreFork函数,在这个函数中会通过runtime->PreZygoteFork来进行前期初始化。

  函数nativeForkAndSpecialize也是一个native方法,实现在com_android_internal_os_
Zygote_nativeForkAndSpecialize中,而之后又会进一步调用到FordAndSpecializeCommon方法。在FordAndSpecializeCommon方法中会通过Linux fork调用孵化出一个新的进程,然后调用到CallStaticVoidMethod这个JNI方法来执行一些孵化后的处理,但是这里并没有进行应用程序相关的业务,真正的业务执行是在runOnce中提到的handleChildProc中,之后的内容这里就不做解释了,后续在AMS中应该会提及。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d 博主赞过: