Zygote的启动

YuLong
857 阅读9分钟

android源码分析目录

(注:以下代码分析基于android-10.0.0_r30)

一 概述

之前介绍了关于init进程的启动过程,然后在init进程启动后,会通过rc文件来启动Zygote进程

system/core/rootdir/init.rc
system/core/rootdir/init.zygote64_32.rc
frameworks/base/cmds/app_process/Android.bp
frameworks/base/cmds/app_process/app_main.cpp
frameworks/base/core/jni/AndroidRuntime.cpp
system/core/libutils/include/utils/misc.h
frameworks/base/core/java/com/android/internal/os/ZygoteInit.java
frameworks/base/core/java/com/android/internal/os/Zygote.java
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp

二 rc文件的解析

2.1 init.rc

在init的最后,会解析rc文件

[init.rc]

import /init.${ro.zygote}.rc

因为存在32位和64位处理器,并且还存在64位兼容32位的情况,所以关于zygote.rc,具体是有4个文件

  • init.zygote32.rc
  • init.zygote32_64.rc
  • init.zygote64.rc
  • init.zygote64_32.rc

当然,一般我们使用得比较多的还是init.zygote64_32.rc

2.2 init.zygote64_32.rc

[init.zygote64_32.rc]

service zygote /system/bin/app_process64 -Xzygote /system/bin --zygote --start-system-server --socket-name=zygote
    class main
    priority -20
    user root
    group root readproc reserved_disk
    socket zygote stream 660 root system
    socket usap_pool_primary stream 660 root system
    onrestart write /sys/android_power/request_state wake
    onrestart write /sys/power/state on
    onrestart restart audioserver
    onrestart restart cameraserver
    onrestart restart media
    onrestart restart netd
    onrestart restart wificond
    writepid /dev/cpuset/foreground/tasks

service zygote_secondary /system/bin/app_process32 -Xzygote /system/bin --zygote --socket-name=zygote_secondary --enable-lazy-preload
    class main
    priority -20
    user root
    group root readproc reserved_disk
    socket zygote_secondary stream 660 root system
    socket usap_pool_secondary stream 660 root system
    onrestart restart zygote
    writepid /dev/cpuset/foreground/tasks

关于AIL上篇有做过一个简单的介绍,具体的可以查看官方文档

这里的意思就是,启动一个zygote服务,执行文件是/system/bin/app_process64,参数是--zygote --start-system-server --socket-name=zygote

2.3 Android.bp

我们都知道,zygote的入口函数是app_main.cpp中的main,那么,app_process64又是怎么和app_main.cpp关联起来的呢,这里就要说到Android.bp了

在早期的Android版本(7.0之前),是使用的Android.mk来作为配置信息,进行源码的编译,但是从android 7.0开始,就引入了Android.bp来取代之前的Android.mk

[Android.bp]

cc_binary {
    name: "app_process",

    srcs: ["app_main.cpp"],

    multilib: {
        lib32: {
            // TODO(b/142944043): Remove version script when libsigchain is a DSO.
            version_script: "version-script32.txt",
            suffix: "32",
        },
        lib64: {
            // TODO(b/142944043): Remove version script when libsigchain is a DSO.
            version_script: "version-script64.txt",
            suffix: "64",
        },
    },
    ...
    }

所以,之前的app_process,最终都会执行到app_main.cpp这个类

三 app_main.cpp

3.1 main函数

从之前解析的rc文件,会执行到对应app_main.cpp中的main方法,并且还会传递对应的参数:--zygote --start-system-server --socket-name=zygote

关于main函数这部分,虽然比较长,但是里面的逻辑还是比较简单的,就是一些参数的解析,然后调用到对应的ZygoteInit.java对应的Java世界

[app_main.cpp]

//参数:--zygote --start-system-server --socket-name=zygote
int main(int argc, char* const argv[])
{
    //打印参数
    if (!LOG_NDEBUG) {
      String8 argv_String;
      for (int i = 0; i < argc; ++i) {
        argv_String.append("\"");
        argv_String.append(argv[i]);
        argv_String.append("\" ");
      }
      ALOGV("app_process main with argv: %s", argv_String.string());
    }
    //创建一个AppRuntime对象
    AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv));
    // Process command line arguments
    // ignore argv[0]
    argc--;
    argv++;

    const char* spaced_commands[] = { "-cp", "-classpath" };
    // Allow "spaced commands" to be succeeded by exactly 1 argument (regardless of -s).
    bool known_command = false;

    int i;
    for (i = 0; i < argc; i++) {
        if (known_command == true) {
          runtime.addOption(strdup(argv[i]));
          // The static analyzer gets upset that we don't ever free the above
          // string. Since the allocation is from main, leaking it doesn't seem
          // problematic. NOLINTNEXTLINE
          ALOGV("app_process main add known option '%s'", argv[i]);
          known_command = false;
          continue;
        }

        for (int j = 0;
             j < static_cast<int>(sizeof(spaced_commands) / sizeof(spaced_commands[0]));
             ++j) {
             //比较参数中是否有spaced_commands中的参数
          if (strcmp(argv[i], spaced_commands[j]) == 0) {
            known_command = true;
            ALOGV("app_process main found known command '%s'", argv[i]);
          }
        }
        //如果参数是以-开头,就跳出循环,这里会执行这段逻辑
        if (argv[i][0] != '-') {
            break;
        }
        if (argv[i][1] == '-' && argv[i][2] == 0) {
            ++i; // Skip --.
            break;
        }

        runtime.addOption(strdup(argv[i]));
        // The static analyzer gets upset that we don't ever free the above
        // string. Since the allocation is from main, leaking it doesn't seem
        // problematic. NOLINTNEXTLINE
        ALOGV("app_process main add option '%s'", argv[i]);
    }

    // 开始正式启动
    bool zygote = false;
    bool startSystemServer = false;
    bool application = false;
    String8 niceName;
    String8 className;
    //开始处理参数:--zygote --start-system-server --socket-name=zygote
    ++i;  // Skip unused "parent dir" argument.
    while (i < argc) {
        const char* arg = argv[i++];
        if (strcmp(arg, "--zygote") == 0) {
            zygote = true;
            niceName = ZYGOTE_NICE_NAME;
        } else if (strcmp(arg, "--start-system-server") == 0) {
            startSystemServer = true;
        } else if (strcmp(arg, "--application") == 0) {
            application = true;
        } else if (strncmp(arg, "--nice-name=", 12) == 0) {
            niceName.setTo(arg + 12);
        } else if (strncmp(arg, "--", 2) != 0) {
            //如果不是zygote,startSystemServer,application,那么就会走这段逻辑
            className.setTo(arg);
            break;
        } else {
            --i;
            break;
        }
    }

    Vector<String8> args;
    if (!className.isEmpty()) {
        // className 不为空,说明不是启动zygote
        args.add(application ? String8("application") : String8("tool"));
        runtime.setClassNameAndArgs(className, argc - i, argv + i);

        if (!LOG_NDEBUG) {
          String8 restOfArgs;
          char* const* argv_new = argv + i;
          int argc_new = argc - i;
          for (int k = 0; k < argc_new; ++k) {
            restOfArgs.append("\"");
            restOfArgs.append(argv_new[k]);
            restOfArgs.append("\" ");
          }
          ALOGV("Class name = %s, args = %s", className.string(), restOfArgs.string());
        }
    } else {
        // 说明是要启动zygote
        //创建Dalvik缓存
        maybeCreateDalvikCache();
        //如果要启动SystemServer,就添加相关参数
        if (startSystemServer) {
            args.add(String8("start-system-server"));
        }
        //设置对应的ABI信息
        char prop[PROP_VALUE_MAX];
        if (property_get(ABI_LIST_PROPERTY, prop, NULL) == 0) {
            LOG_ALWAYS_FATAL("app_process: Unable to determine ABI list from property %s.",
                ABI_LIST_PROPERTY);
            return 11;
        }

        String8 abiFlag("--abi-list=");
        abiFlag.append(prop);
        args.add(abiFlag);

        // In zygote mode, pass all remaining arguments to the zygote
        // main() method.
        for (; i < argc; ++i) {
            args.add(String8(argv[i]));
        }
    }
    //设置进程名ZYGOTE_NICE_NAME
    if (!niceName.isEmpty()) {
        runtime.setArgv0(niceName.string(), true /* setProcName */);
    }
    //如果是zygote
    if (zygote) {
        runtime.start("com.android.internal.os.ZygoteInit", args, zygote);
    } else if (className) {
        //如果不是zygote
        runtime.start("com.android.internal.os.RuntimeInit", args, zygote);
    } else {
        fprintf(stderr, "Error: no class name or --zygote supplied.\n");
        app_usage();
        LOG_ALWAYS_FATAL("app_process: no class name or --zygote supplied.");
    }
}

那么,这里是怎么从native世界调用到Java世界的呢,这里就需要说一说AppRuntime这个类了

3.2 AndroidRuntime

AppRuntime这个类,它继承自AndroidRuntime,它是定义在app_main.cpp函数中的一个类,在执行start方法时,首先就会调用到AndroidRuntime中的start方法

关于这个start方法,主要做了这么几件事情

  1. 启动Java虚拟机
  2. 注册jni方法
  3. 调用ZygoteInit转入Java类中

[AndroidRuntime.cpp]

//className是com.android.internal.os.ZygoteInit,
void AndroidRuntime::start(const char* className, const Vector<String8>& options, bool zygote)
{

    static const String8 startSystemServer("start-system-server");
    // Whether this is the primary zygote, meaning the zygote which will fork system server.
    bool primary_zygote = false;

    /*
     * 'startSystemServer == true' means runtime is obsolete and not run from
     * init.rc anymore, so we print out the boot start event here.
     */
    for (size_t i = 0; i < options.size(); ++i) {
        if (options[i] == startSystemServer) {
            primary_zygote = true;
           /* track our progress through the boot sequence */
           const int LOG_BOOT_PROGRESS_START = 3000;
           LOG_EVENT_LONG(LOG_BOOT_PROGRESS_START,  ns2ms(systemTime(SYSTEM_TIME_MONOTONIC)));
        }
    }
    //获取环境变量ANDROID_ROOT
    const char* rootDir = getenv("ANDROID_ROOT");
    if (rootDir == NULL) {
        //如果环境变量中没有ANDROID_ROOT,就添加一个
        rootDir = "/system";
        if (!hasDir("/system")) {
            LOG_FATAL("No root directory specified, and /system does not exist.");
            return;
        }
        setenv("ANDROID_ROOT", rootDir, 1);
    }
    //一些日志输出信息
    const char* artRootDir = getenv("ANDROID_ART_ROOT");
    if (artRootDir == NULL) {
        LOG_FATAL("No ART directory specified with ANDROID_ART_ROOT environment variable.");
        return;
    }

    const char* i18nRootDir = getenv("ANDROID_I18N_ROOT");
    if (i18nRootDir == NULL) {
        LOG_FATAL("No runtime directory specified with ANDROID_I18N_ROOT environment variable.");
        return;
    }

    const char* tzdataRootDir = getenv("ANDROID_TZDATA_ROOT");
    if (tzdataRootDir == NULL) {
        LOG_FATAL("No tz data directory specified with ANDROID_TZDATA_ROOT environment variable.");
        return;
    }

    //const char* kernelHack = getenv("LD_ASSUME_KERNEL");
    //ALOGD("Found LD_ASSUME_KERNEL='%s'\n", kernelHack);

    //开始启动Java虚拟机
    JniInvocation jni_invocation;
    jni_invocation.Init(NULL);
    //创建一个JNIEnv指针,并启动Java虚拟机
    JNIEnv* env;
    if (startVm(&mJavaVM, &env, zygote, primary_zygote) != 0) {
        return;
    }
    //调用虚拟机创建后的回调
    onVmCreated(env);

    //注册jni函数
    if (startReg(env) < 0) {
        ALOGE("Unable to register all android natives\n");
        return;
    }

    //创建对应的Java参数,把C层的参数转成Java层的参数
    jclass stringClass;
    jobjectArray strArray;
    jstring classNameStr;

    stringClass = env->FindClass("java/lang/String");
    assert(stringClass != NULL);
    strArray = env->NewObjectArray(options.size() + 1, stringClass, NULL);
    assert(strArray != NULL);
    classNameStr = env->NewStringUTF(className);
    assert(classNameStr != NULL);
    env->SetObjectArrayElement(strArray, 0, classNameStr);

    for (size_t i = 0; i < options.size(); ++i) {
        jstring optionsStr = env->NewStringUTF(options.itemAt(i).string());
        assert(optionsStr != NULL);
        env->SetObjectArrayElement(strArray, i + 1, optionsStr);
    }

    //开始jni调用,通过反射调用到对应的Java类ZygoteInit
    char* slashClassName = toSlashClassName(className != NULL ? className : "");
    jclass startClass = env->FindClass(slashClassName);
    if (startClass == NULL) {
        ALOGE("JavaVM unable to locate class '%s'\n", slashClassName);
        /* keep going */
    } else {
        jmethodID startMeth = env->GetStaticMethodID(startClass, "main",
            "([Ljava/lang/String;)V");
        if (startMeth == NULL) {
            ALOGE("JavaVM unable to find main() in '%s'\n", className);
            /* keep going */
        } else {
            env->CallStaticVoidMethod(startClass, startMeth, strArray);

#if 0
            if (env->ExceptionCheck())
                threadExitUncaughtException(env);
#endif
        }
    }
    free(slashClassName);

    ALOGD("Shutting down VM\n");
    if (mJavaVM->DetachCurrentThread() != JNI_OK)
        ALOGW("Warning: unable to detach main thread\n");
    if (mJavaVM->DestroyJavaVM() != 0)
        ALOGW("Warning: VM did not shut down cleanly\n");
}

3.3 jni函数的注册

刚才的main函数中,提到了startReg(env)是注册jni函数,那么它的具体注册逻辑是怎么样的呢

[AndroidRuntime.cpp]

/*static*/ int AndroidRuntime::startReg(JNIEnv* env)
{
    ATRACE_NAME("RegisterAndroidNatives");

    androidSetCreateThreadFunc((android_create_thread_fn) javaCreateThreadEtc);

    ALOGV("--- registering native functions ---\n");

    env->PushLocalFrame(200);
    //这里就是jni函数的注册逻辑
    if (register_jni_procs(gRegJNI, NELEM(gRegJNI), env) < 0) {
        env->PopLocalFrame(NULL);
        return -1;
    }
    env->PopLocalFrame(NULL);

    return 0;
}

static int register_jni_procs(const RegJNIRec array[], size_t count, JNIEnv* env)
{
    for (size_t i = 0; i < count; i++) {
        if (array[i].mProc(env) < 0) {
#ifndef NDEBUG
            ALOGD("----------!!! %s failed to load\n", array[i].mName);
#endif
            return -1;
        }
    }
    return 0;
}

[misc.h]

#ifndef NELEM
# define NELEM(x) ((int) (sizeof(x) / sizeof((x)[0])))
#endif

这里的register_jni_procs(gRegJNI, NELEM(gRegJNI), env) 就是注册的逻辑,它传递了两个参数,一个就是gRegJNI,它是一个数组,另一个就是这个数组的长度

关于gRegJNI,它的具体定义如下

[AndroidRuntime.cpp]

static const RegJNIRec gRegJNI[] = {
    REG_JNI(register_com_android_internal_os_RuntimeInit),
    REG_JNI(register_com_android_internal_os_ZygoteInit_nativeZygoteInit),
    REG_JNI(register_android_os_SystemClock),
    REG_JNI(register_android_util_EventLog),
    ...
}

int register_com_android_internal_os_RuntimeInit(JNIEnv* env)
{
    const JNINativeMethod methods[] = {
            {"nativeFinishInit", "()V",
             (void*)com_android_internal_os_RuntimeInit_nativeFinishInit},
            {"nativeSetExitWithoutCleanup", "(Z)V",
             (void*)com_android_internal_os_RuntimeInit_nativeSetExitWithoutCleanup},
    };
    //进程动态注册
    return jniRegisterNativeMethods(env, "com/android/internal/os/RuntimeInit",
        methods, NELEM(methods));
}

#ifdef NDEBUG
    #define REG_JNI(name)      { name }
    struct RegJNIRec {
        int (*mProc)(JNIEnv*);
    };
#else
    #define REG_JNI(name)      { name, #name }
    struct RegJNIRec {
        int (*mProc)(JNIEnv*);
        const char* mName;
    };
#endif

因为这个数组非常长,所以这里只截取片段,从这里我们可以看出,我们register_jni_procs传递进去的其实是一个结构体RegJNIRec的数组和它的长度,这个结构体里面有一个函数指针,register_jni_procs在处理这个结构体的时候,也是不断的调用结构体中的函数,这个函数的末尾就是我们jni中常用的动态注册

四 ZygoteInit.java

经过了之前native层一系列的逻辑,终于到了Java世界的相关逻辑了,首先入口是之前传递的参数ZygoteInit类中的main函数

[ZygoteInit.java]

//
public static void main(String argv[]) {
    //定义ZygoteServer,后面会创建
    ZygoteServer zygoteServer = null;

    // 启用NoThread,确保没有其他线程运行,因为Zygote必须保证单线程
    ZygoteHooks.startZygoteNoThreadCreation();

    // 设置Zygote的pid
    try {
        Os.setpgid(0, 0);
    } catch (ErrnoException ex) {
        throw new RuntimeException("Failed to setpgid(0,0)", ex);
    }
    //定义一个Runnable
    Runnable caller;
    try {
        // Report Zygote start time to tron unless it is a runtime restart
        if (!"1".equals(SystemProperties.get("sys.boot_completed"))) {
            MetricsLogger.histogram(null, "boot_zygote_init",
                    (int) SystemClock.elapsedRealtime());
        }

        String bootTimeTag = Process.is64Bit() ? "Zygote64Timing" : "Zygote32Timing";
        TimingsTraceLog bootTimingsTraceLog = new TimingsTraceLog(bootTimeTag,
                Trace.TRACE_TAG_DALVIK);
        //启用 Trace:ZygoteInit
        bootTimingsTraceLog.traceBegin("ZygoteInit");
        RuntimeInit.preForkInit();
        //定义变量,准备解析参数
        boolean startSystemServer = false;
        String zygoteSocketName = "zygote";
        String abiList = null;
        boolean enableLazyPreload = false;
        //解析参数
        for (int i = 1; i < argv.length; i++) {
            if ("start-system-server".equals(argv[i])) {
                startSystemServer = true;
            } else if ("--enable-lazy-preload".equals(argv[i])) {
                enableLazyPreload = true;
            } else if (argv[i].startsWith(ABI_LIST_ARG)) {
                abiList = argv[i].substring(ABI_LIST_ARG.length());
            } else if (argv[i].startsWith(SOCKET_NAME_ARG)) {
                zygoteSocketName = argv[i].substring(SOCKET_NAME_ARG.length());
            } else {
                throw new RuntimeException("Unknown command line argument: " + argv[i]);
            }
        }

        final boolean isPrimaryZygote = zygoteSocketName.equals(Zygote.PRIMARY_SOCKET_NAME);

        if (abiList == null) {
            throw new RuntimeException("No ABI list supplied.");
        }
        //参数解析完毕
        //如果没有启用懒加载
        if (!enableLazyPreload) {
            //启用TraceLog:ZygotePreload
            bootTimingsTraceLog.traceBegin("ZygotePreload");
            EventLog.writeEvent(LOG_BOOT_PROGRESS_PRELOAD_START,
                    SystemClock.uptimeMillis());
            //预加载
            preload(bootTimingsTraceLog);
            EventLog.writeEvent(LOG_BOOT_PROGRESS_PRELOAD_END,
                    SystemClock.uptimeMillis());
            //停止TraceLog:ZygotePreload
            bootTimingsTraceLog.traceEnd(); // ZygotePreload
        }

        // Do an initial gc to clean up after startup
        //启用TraceLog:PostZygoteInitGC
        bootTimingsTraceLog.traceBegin("PostZygoteInitGC");
        gcAndFinalize();
        //停止TraceLog:PostZygoteInitGC
        bootTimingsTraceLog.traceEnd(); // PostZygoteInitGC
        //停止TraceLog:ZygoteInit
        bootTimingsTraceLog.traceEnd(); // ZygoteInit

        Zygote.initNativeState(isPrimaryZygote);
        //停止NoThread
        ZygoteHooks.stopZygoteNoThreadCreation();
        //创建ZygoteServer
        zygoteServer = new ZygoteServer(isPrimaryZygote);
        //如果是startSystemServer,就启动SystemServer
        if (startSystemServer) {
            //启动SystemServer进程[4.2]
            Runnable r = forkSystemServer(abiList, zygoteSocketName, zygoteServer);

            // {@code r == null} in the parent (zygote) process, and {@code r != null} in the
            // child (system_server) process.
            if (r != null) {
                r.run();
                return;
            }
        }

        Log.i(TAG, "Accepting command socket connections");

        //zygoteServer中一个比较重要的方法
        caller = zygoteServer.runSelectLoop(abiList);
    } catch (Throwable ex) {
        Log.e(TAG, "System zygote died with exception", ex);
        throw ex;
    } finally {
        if (zygoteServer != null) {
            zygoteServer.closeServerSocket();
        }
    }

    // command.
    if (caller != null) {
        //开始loop循环
        caller.run();
    }
}

4.1 Zygote的预加载

[ZygoteInit.java]

 static void preload(TimingsTraceLog bootTimingsTraceLog) {
        Log.d(TAG, "begin preload");
        bootTimingsTraceLog.traceBegin("BeginPreload");
        beginPreload();
        bootTimingsTraceLog.traceEnd(); // BeginPreload
        bootTimingsTraceLog.traceBegin("PreloadClasses");
        //预加载class
        preloadClasses();
        bootTimingsTraceLog.traceEnd(); // PreloadClasses
        bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
        cacheNonBootClasspathClassLoaders();
        bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
        bootTimingsTraceLog.traceBegin("PreloadResources");
        //预加载资源
        preloadResources();
        bootTimingsTraceLog.traceEnd(); // PreloadResources
        Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
        nativePreloadAppProcessHALs();
        Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
        Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadGraphicsDriver");
        maybePreloadGraphicsDriver();
        Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
        //预加载Libraries
        preloadSharedLibraries();
        //预加载文字相关
        preloadTextResources();
        // Ask the WebViewFactory to do any initialization that must run in the zygote process,
        // for memory sharing purposes.
        WebViewFactory.prepareWebViewInZygote();
        endPreload();
        warmUpJcaProviders();
        Log.d(TAG, "end preload");

        sPreloadComplete = true;
    }

Zygote中系统预加载的东西非常多,这里就简单列举资源和Class两个进行说明

4.1.1 预加载资源

在我们使用App的时候,我们会经常的使用一些com.android.R.XXX之类的资源文件,这些资源文件就是在Zygote中进行预加载的,这里做一个简单的列举

[ZygoteInit.java]

//这里加载的一些属性都是系统中定义的R.xx.xxx文件中的属性 
private static void preloadResources() {
        final VMRuntime runtime = VMRuntime.getRuntime();

        try {
            mResources = Resources.getSystem();
            mResources.startPreloading();
            if (PRELOAD_RESOURCES) {
                Log.i(TAG, "Preloading resources...");

                long startTime = SystemClock.uptimeMillis();

                TypedArray ar = mResources.obtainTypedArray(
                        com.android.internal.R.array.preloaded_drawables);
                int N = preloadDrawables(ar);
                ar.recycle();
                Log.i(TAG, "...preloaded " + N + " resources in "
                        + (SystemClock.uptimeMillis() - startTime) + "ms.");

                startTime = SystemClock.uptimeMillis();
                ar = mResources.obtainTypedArray(
                        com.android.internal.R.array.preloaded_color_state_lists);
                N = preloadColorStateLists(ar);
                ar.recycle();
                ...
            }
            mResources.finishPreloading();
        } catch (RuntimeException e) {
            Log.w(TAG, "Failure preloading resources", e);
        }
    }

4.1.2 预加载Class

Class的预加载,是加载预先定义在一个文件中的Class,这个文件是通过工具生成的

private static void preloadClasses() {
    final VMRuntime runtime = VMRuntime.getRuntime();

    InputStream is;
    try {
        //拿到需要预加载类的文件地址
        is = new FileInputStream(PRELOADED_CLASSES);
    } catch (FileNotFoundException e) {
        Log.e(TAG, "Couldn't find " + PRELOADED_CLASSES + ".");
        return;
    }

    ...

    try {
        BufferedReader br =
                new BufferedReader(new InputStreamReader(is), Zygote.SOCKET_BUFFER_SIZE);

        int count = 0;
        String line;
        //读取需要预加载的文件中的每一行
        while ((line = br.readLine()) != null) {
            line = line.trim();
            if (line.startsWith("#") || line.equals("")) {
                continue;
            }

            Trace.traceBegin(Trace.TRACE_TAG_DALVIK, line);
            try {
                //加载class
                Class.forName(line, true, null);
                count++;
            } catch (ClassNotFoundException e) {
                Log.w(TAG, "Class not found for preloading: " + line);
            } catch (UnsatisfiedLinkError e) {
                Log.w(TAG, "Problem preloading " + line + ": " + e);
            } catch (Throwable t) {
                ...
            }
            Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
        }

        Log.i(TAG, "...preloaded " + count + " classes in "
                + (SystemClock.uptimeMillis() - startTime) + "ms.");
    } catch (IOException e) {
        Log.e(TAG, "Error reading " + PRELOADED_CLASSES + ".", e);
    } finally {
        IoUtils.closeQuietly(is);

        Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadDexCaches");
        //使用预加载的类,字段和方法填充dex缓存。
        runtime.preloadDexCaches();
        Trace.traceEnd(Trace.TRACE_TAG_DALVIK);

        ...//一些收尾工作
    }
}

4.2 SystemServer的启动

Zygote还有一个重要的作用就是启动SystemServer,它是framework的核心进程,下面就来看看这个进程的启动流程

[ZygoteInit.java]

private static Runnable forkSystemServer(String abiList, String socketName,
        ZygoteServer zygoteServer) {
    //首先准备一些参数
    long capabilities = posixCapabilitiesAsBits(
            ...
    );

    ...

    String args[] = {
            ...,
            "com.android.server.SystemServer",
    };
    //将这些参数通过ZygoteArguments进行封装
    ZygoteArguments parsedArgs = null;

    int pid;

    try {
        parsedArgs = new ZygoteArguments(args);
        ...

        //调用真正的fork函数,这是一个native层的方法,对应在native层是
        //com_android_internal_os_Zygote_nativeForkSystemServer
        pid = Zygote.forkSystemServer(
                parsedArgs.mUid, parsedArgs.mGid,
                parsedArgs.mGids,
                parsedArgs.mRuntimeFlags,
                null,
                parsedArgs.mPermittedCapabilities,
                parsedArgs.mEffectiveCapabilities);
    } catch (IllegalArgumentException ex) {
        throw new RuntimeException(ex);
    }

    if (pid == 0) {
        //如果需要第二个Zygote,那么就等待第二个socket
        if (hasSecondZygote(abiList)) {
            waitForSecondaryZygote(socketName);
        }
        //子进程会继承父进程的相关资源,这里需要关闭
        zygoteServer.closeServerSocket();
        //处理SystemServer相关的参数
        return handleSystemServerProcess(parsedArgs);
    }

    return null;
}

[com_android_internal_os_Zygote.cpp]

static jint com_android_internal_os_Zygote_nativeForkSystemServer(
        JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,
        jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities,
        jlong effective_capabilities) {
    ...

    //通过fork创建子进程
    pid_t pid = ForkCommon(env, true,
                         fds_to_close,
                         fds_to_ignore);
    if (pid == 0) {
    //父进程的逻辑
      SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits,
                       permitted_capabilities, effective_capabilities,
                       MOUNT_EXTERNAL_DEFAULT, nullptr, nullptr, true,
                       false, nullptr, nullptr);
    } else if (pid > 0) {
    //子进程的逻辑
        gSystemServerPid = pid;
        ...
    }
  return pid;
}
  • 首先,会在ZygoteInit中调用forkSystemServer会调用到Zygote中的nativeForkSystemServer,
  • 这是一个native方法,它已经在之前的init进程中进行了动态注册(见Init进程的启动),所以这里会调用到对应native层中的com_android_internal_os_Zygote_nativeForkSystemServer
  • 然后在这个方法中就会调用到ForkCommon,这个函数是一个对fork的封装,它除了fork之外,还会做一些相关SIGCHLD的操作
  • 如果是SystemServer进程,那么在ForkCommon方法中,会和Zygote进程绑定,如果接收到SystemServer进程挂掉的信号,那么就kill掉Zygote进程

到这里,SystemServer进程的启动算是完成了,当然关于SystemServer,还有很多内容,这个之前再聊。

五 总结

到这里,Zygote的启动过程就算是基本完成了,只是关于Zygote做的一些事情还有很多,比如如何和AMS通信的,如何fork子进程的,Zygote的loop循环是怎么做的等等,这个就需要之后详细说明了,Android系统的源码较大,本篇也只能从中找出一些重要过程来说明,如果存在遗漏或错误的地方,欢迎补充指正

avatar
文章
阅读
粉丝