Android系统启动系列----Zygote进程

2,140 阅读5分钟

Android系统启动系列

  1. Android系统启动系列----init进程
  2. Android系统启动系列----Zygote进程

引言

上一篇文章Android系统启动系列----init进程,大体分析了,init进程的启动过程。同时最后讲到了Zygote进程是由app_process进程通过JNI调用了ZygoteInit的main方法启动的。这一篇文章将分析Zygote进程都为我们做了什么。(系统源码分析基于Android 6.0.1)


Zygote功能

首先来看看ZygoteInit的main方法都做了啥:(/frameworks/base/core/java/com/android/internal/os/ZygoteInit.java)

public static void main(String argv[]) {
        try {
            RuntimeInit.enableDdms();
            // Start profiling the zygote initialization.
            SamplingProfilerIntegration.start();

            boolean startSystemServer = false;
            String socketName = "zygote";
            String abiList = null;
            for (int i = 1; i < argv.length; i++) {
                if ("start-system-server".equals(argv[i])) {
                    startSystemServer = true;
                } else if (argv[i].startsWith(ABI_LIST_ARG)) {
                    abiList = argv[i].substring(ABI_LIST_ARG.length());
                } else if (argv[i].startsWith(SOCKET_NAME_ARG)) {
                    socketName = argv[i].substring(SOCKET_NAME_ARG.length());
                } else {
                    throw new RuntimeException("Unknown command line argument: " + argv[i]);
                }
            }

            if (abiList == null) {
                throw new RuntimeException("No ABI list supplied.");
            }

            registerZygoteSocket(socketName);		//  1
            EventLog.writeEvent(LOG_BOOT_PROGRESS_PRELOAD_START,
                SystemClock.uptimeMillis());
            preload();			//  2
            EventLog.writeEvent(LOG_BOOT_PROGRESS_PRELOAD_END,
                SystemClock.uptimeMillis());

            // Finish profiling the zygote initialization.
            SamplingProfilerIntegration.writeZygoteSnapshot();

            // Do an initial gc to clean up after startup
            gcAndFinalize();

            // Disable tracing so that forked processes do not inherit stale tracing tags from
            // Zygote.
            Trace.setTracingEnabled(false);

            if (startSystemServer) {
                startSystemServer(abiList, socketName);	  //  3
            }

            Log.i(TAG, "Accepting command socket connections");
            runSelectLoop(abiList);   //  4

            closeServerSocket();
        } catch (MethodAndArgsCaller caller) {
            caller.run();   //  5
        } catch (RuntimeException ex) {
            Log.e(TAG, "Zygote died with exception", ex);
            closeServerSocket();
            throw ex;
        }
    }
  1. 注释1:注册socket通信的服务端
  2. 注释2:预加载
  3. 注释3:启动SystemServer系统服务
  4. 注释4:循环等待socket客户端的连接请求(如启动新的应用app等)
  5. 注释5:执行运行socket客户端的请求者的main方法

注册socket通信的服务端(registerZygoteSocket)

注册一个名字为“zygote”的socketserver:

private static void registerZygoteSocket(String socketName) {
        if (sServerSocket == null) {
            int fileDesc;
            final String fullSocketName = ANDROID_SOCKET_PREFIX + socketName;
            try {
                String env = System.getenv(fullSocketName);
                fileDesc = Integer.parseInt(env);
            } catch (RuntimeException ex) {
                throw new RuntimeException(fullSocketName + " unset or invalid", ex);
            }

            try {
                FileDescriptor fd = new FileDescriptor();
                fd.setInt$(fileDesc);
                sServerSocket = new LocalServerSocket(fd);  // 1
            } catch (IOException ex) {
                throw new RuntimeException(
                        "Error binding to local socket '" + fileDesc + "'", ex);
            }
        }
    }

注释1:创建一个serversocket静态对象

预加载(preload)

static void preload() {
        Log.d(TAG, "begin preload");
        preloadClasses();				// 预加载一些字节码class文件类
        preloadResources();			  //  预加载一些资源
        preloadOpenGL();			    //  预加载OpenGL相关显示信息
        preloadSharedLibraries();	 //  预加载动态共享so库:如android、jnigraphics等so库
        preloadTextResources();		//   
        // Ask the WebViewFactory to do any initialization that must run in the zygote process,
        // for memory sharing purposes.
        WebViewFactory.prepareWebViewInZygote();
        Log.d(TAG, "end preload");
    }

启动SystemServer系统服务

/**
     * Prepare the arguments and fork for the system server process.
     */
    private static boolean startSystemServer(String abiList, String socketName)
            throws MethodAndArgsCaller, RuntimeException {
			
			.....
			
        /* Hardcoded command line to start the system server */
		//////////////////////  1
        String args[] = {
            "--setuid=1000",
            "--setgid=1000",
            "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1032,3001,3002,3003,3006,3007",
            "--capabilities=" + capabilities + "," + capabilities,
            "--nice-name=system_server",
            "--runtime-args",
            "com.android.server.SystemServer",
        };
        ZygoteConnection.Arguments parsedArgs = null;

        int pid;

        try {
            parsedArgs = new ZygoteConnection.Arguments(args);
            ZygoteConnection.applyDebuggerSystemProperty(parsedArgs);
            ZygoteConnection.applyInvokeWithSystemProperty(parsedArgs);

            /* Request to fork the system server process */
			//////////////////////  2
            pid = Zygote.forkSystemServer(
                    parsedArgs.uid, parsedArgs.gid,
                    parsedArgs.gids,
                    parsedArgs.debugFlags,
                    null,
                    parsedArgs.permittedCapabilities,
                    parsedArgs.effectiveCapabilities);
        } catch (IllegalArgumentException ex) {
            throw new RuntimeException(ex);
        }

        /* For child process */
        if (pid == 0) {
            if (hasSecondZygote(abiList)) {
                waitForSecondaryZygote(socketName);
            }
			//////////////////////  3
            handleSystemServerProcess(parsedArgs);
        }

        return true;
    }

a. 注释1:设置启动systemServer的一些参数 b. 注释2:根据参数fork一个叫system_server的进程

public static int forkSystemServer(int uid, int gid, int[] gids, int debugFlags,
            int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {
        VM_HOOKS.preFork();
        int pid = nativeForkSystemServer(
                uid, gid, gids, debugFlags, rlimits, permittedCapabilities, effectiveCapabilities);
        // Enable tracing as soon as we enter the system_server.
        if (pid == 0) {
            Trace.setTracingEnabled(true);
        }
        VM_HOOKS.postForkCommon();
        return pid;
    }

nativeForkSystemServer方法是native本地方法作用就是fork一个SystemServer进程。

c. 注释3:当注释2的pid = 0,表示if里的语句执行在SystemServer进程中,启动com.android.server.SystemServer类的main方法。

private static void handleSystemServerProcess(
            ZygoteConnection.Arguments parsedArgs)
            throws ZygoteInit.MethodAndArgsCaller {

        .......

        if (parsedArgs.invokeWith != null) {
            String[] args = parsedArgs.remainingArgs;
            ........

            WrapperInit.execApplication(parsedArgs.invokeWith,
                    parsedArgs.niceName, parsedArgs.targetSdkVersion,
                    VMRuntime.getCurrentInstructionSet(), null, args);
        } else {
            ClassLoader cl = null;
            if (systemServerClasspath != null) {
                cl = new PathClassLoader(systemServerClasspath, ClassLoader.getSystemClassLoader());
                Thread.currentThread().setContextClassLoader(cl);
            }

            /*
             * Pass the remaining arguments to SystemServer.
             */
			 //////////////////////////// 1
            RuntimeInit.zygoteInit(parsedArgs.targetSdkVersion, parsedArgs.remainingArgs, cl);
        }
    }

注释1,将SystemServer的一些参数传入RuntimeInit.zygoteInit方法。 再来看看RuntimeInit.zygoteInit方法:

public static final void zygoteInit(int targetSdkVersion, String[] argv, ClassLoader classLoader)
            throws ZygoteInit.MethodAndArgsCaller {
			
        ......
		
        nativeZygoteInit();	      ///////////////////  1
        applicationInit(targetSdkVersion, argv, classLoader);     /////////////////////////  2
    }
  • 注释1:native层做了些初始化,来看看,native方法对应在/frameworks/base/core/jni/AndroidRuntime.java中。

    static void com_android_internal_os_RuntimeInit_nativeZygoteInit(JNIEnv* env, jobject clazz)
    {
    	gCurRuntime->onZygoteInit();
    }
    

    onZygoteInit 是一个虚函数,那它的实现类是在哪呢,还记得上篇文章app_process进程的app_main.cpp文件中有个AppRuntime类么,runtime.start()启动了Zygote进程,AppRutime类继承了AndroidRuntime,并实现了onZygoteInit方法。

    virtual void onZygoteInit()
    	{
    		sp<ProcessState> proc = ProcessState::self();
    		ALOGV("App process: starting thread pool.\n");
    		proc->startThreadPool();
    	}
    

    这里proc启动了一个线程池,它是binder的线程池,以后会详细分析binder线程池,用于跨进程的通信。

  • 注释2: java层的初始化applicationInit()

private static void applicationInit(int targetSdkVersion, String[] argv, ClassLoader classLoader)
            throws ZygoteInit.MethodAndArgsCaller {
        
		.......
		
        // Remaining arguments are passed to the start class's static main
        invokeStaticMain(args.startClass, args.startArgs, classLoader);
    }

继续看invokeStaticMain方法:

private static void invokeStaticMain(String className, String[] argv, ClassLoader classLoader)
            throws ZygoteInit.MethodAndArgsCaller {
        Class<?> cl;

        try {
		/////////////////////   1
            cl = Class.forName(className, true, classLoader);
        } catch (ClassNotFoundException ex) {
            throw new RuntimeException(
                    "Missing class when invoking static main " + className,
                    ex);
        }

        Method m;
        try {
		///////////////////    2
            m = cl.getMethod("main", new Class[] { String[].class });
        } catch (NoSuchMethodException ex) {
            throw new RuntimeException(
                    "Missing static main on " + className, ex);
        } catch (SecurityException ex) {
            throw new RuntimeException(
                    "Problem getting static main on " + className, ex);
        }

        int modifiers = m.getModifiers();
        if (! (Modifier.isStatic(modifiers) && Modifier.isPublic(modifiers))) {
            throw new RuntimeException(
                    "Main method is not public and static on " + className);
        }

        ///////////////////    3
        throw new ZygoteInit.MethodAndArgsCaller(m, argv);
    }

我们知道一路下来入参className就是com.android.server.SystemServer 注释1: 通过反射Class.forName加载出com.android.server.SystemServer的SystemServer.class对象。 注释2:通过SystemServer.class对象的获取SystemServer的main方法的Method对象。 注释3:这个方法完了也没有实际的通过反射去invoke SystemServer的main方法,而是抛出了ZygoteInit.MethodAndArgsCaller异常并把main方法的Method对象和参数传入进去。很显然肯定就是这个异常类处理了。那就要找到哪里try....catch了这个异常信息并处理。最终可以看到在最初的ZygoteInit.main()方法。

try{
......
} catch (MethodAndArgsCaller caller) {
            caller.run();   //  5
        } 
public static class MethodAndArgsCaller extends Exception
            implements Runnable {
        /** method to call */
        private final Method mMethod;

        /** argument array */
        private final String[] mArgs;

        public MethodAndArgsCaller(Method method, String[] args) {
            mMethod = method;
            mArgs = args;
        }

        public void run() {
            try {
                mMethod.invoke(null, new Object[] { mArgs });  ///////////   1
            } catch (IllegalAccessException ex) {
                throw new RuntimeException(ex);
            } catch (InvocationTargetException ex) {
                Throwable cause = ex.getCause();
                if (cause instanceof RuntimeException) {
                    throw (RuntimeException) cause;
                } else if (cause instanceof Error) {
                    throw (Error) cause;
                }
                throw new RuntimeException(ex);
            }
        }
    }

注释1:mMethod对象就是上文中SystemServer的main方法的Method对象,通过invoke调用了main方法。这样SystemServer就运行了main方法。

循环等待socket客户端的连接请求(如启动新的应用app等)

这里不详细介绍了,就是while(true) 不断的等待有客户端的请求。

执行调用socket客户端的请求者传入的Mehod对象方法

这里其中的一个处理在上文MethodAndArgsCaller类中run()方法的处理已经分析了。


总结

  1. 通过app_process进程启动ZygoteInit.main()函数。
  2. 首先注册了serverSocket。
  3. fork启动SystemServer进程,并通过native方法开启binder线程池,便于提供给SytemServer进行跨进程通信。
  4. 等待socket客户端的连接请求

Android系统启动系列

  1. Android系统启动系列----init进程
  2. Android系统启动系列----Zygote进程