名词解释
ojluni:OpenJDK、 java.lang 、 java.util 、 java.net 、 java.io 的缩写。This relates to "luni" in Android source which stands for lang util net io。
Bionic:Bionic库是Android的基础库之一,也是连接Android和Linux的桥梁。Bionic库中包含了很多基本系统功能接口,这些功能大部分来自 Linux,但是和标准的 Linux 之间有很多细微差别。
源代码来源
我们都知道 Android 在 5.0 后切换到 art (5.0 behavior change),所以搜索相关代码时需要在 art 目录下寻找,避免找错。
- runtime.cc
- native_util.h
- java_long_thread.cc
- thread.cc
- pthread.cpp
关于 Android 源码的下载,可以直接看 官方 也可以参考 MacOS 下载 Android 源码
主题
上文提到的关键 native 调用是 nativeCreate,我们就由此展开
先找到对应的 jni 调用
jni 注册流程
// 代码位于 runtime.cc bool Runtime::Start() { ... Thread* self = Thread::Current(); RegisterRuntimeNativeMethods(self->GetJniEnv()); ... } // 代码位于 runtime.cc void Runtime::RegisterRuntimeNativeMethods(JNIEnv* env) { ... register_java_lang_Thread(env); ... } //代码位于 java_long_thread.cc void register_java_lang_Thread(JNIEnv* env) { REGISTER_NATIVE_METHODS("java/lang/Thread"); } //代码位于 native_util.h #define REGISTER_NATIVE_METHODS(jni_class_name) RegisterNativeMethodsInternal(env, (jni_class_name), gMethods, arraysize(gMethods)) //代码位于 native_util.h ALWAYS_INLINE inline void RegisterNativeMethodsInternal(JNIEnv* env, const char* jni_class_name, const JNINativeMethod* methods, jint method_count) { ScopedLocalRef c(env, env->FindClass(jni_class_name)); if (c.get() == nullptr) { LOG(FATAL) GetPeer()); } static jboolean Thread_interrupted(JNIEnv* env, jclass) { ... } static jboolean Thread_isInterrupted(JNIEnv* env, jobject java_thread) { ScopedFastNativeObjectAccess soa(env); MutexLock mu(soa.Self(), *Locks::thread_list_lock_); Thread* thread = Thread::FromManagedThread(soa, java_thread); return (thread != nullptr) ? thread->IsInterrupted() : JNI_FALSE; } static void Thread_nativeCreate(JNIEnv* env, jclass, jobject java_thread, jlong stack_size, jboolean daemon) { Runtime* runtime = Runtime::Current(); if (runtime->IsZygote() && runtime->IsZygoteNoThreadSection()) { jclass internal_error = env->FindClass("java/lang/InternalError"); CHECK(internal_error != nullptr); env->ThrowNew(internal_error, "Cannot create threads in zygote"); return; } Thread::CreateNativeThread(env, java_thread, stack_size, daemon == JNI_TRUE); } static jint Thread_nativeGetStatus(JNIEnv* env, jobject java_thread, jboolean has_been_started) { ... } static jboolean Thread_holdsLock(JNIEnv* env, jclass, jobject java_object) { ... } static void Thread_interrupt0(JNIEnv* env, jobject java_thread) { ... } static void Thread_setNativeName(JNIEnv* env, jobject peer, jstring java_name) { ... } static void Thread_setPriority0(JNIEnv* env, jobject java_thread, jint new_priority) { ScopedObjectAccess soa(env); MutexLock mu(soa.Self(), *Locks::thread_list_lock_); Thread* thread = Thread::FromManagedThread(soa, java_thread); if (thread != nullptr) { thread->SetNativePriority(new_priority); } } static void Thread_sleep(JNIEnv* env, jclass, jobject java_lock, jlong ms, jint ns) { ScopedFastNativeObjectAccess soa(env); ObjPtr lock = soa.Decode(java_lock); Monitor::Wait(Thread::Current(), lock.Ptr(), ms, ns, true, ThreadState::kSleeping); } static void Thread_yield(JNIEnv*, jobject) { sched_yield(); } static JNINativeMethod gMethods[] = { FAST_NATIVE_METHOD(Thread, currentThread, "()Ljava/lang/Thread;"), FAST_NATIVE_METHOD(Thread, interrupted, "()Z"), FAST_NATIVE_METHOD(Thread, isInterrupted, "()Z"), NATIVE_METHOD(Thread, nativeCreate, "(Ljava/lang/Thread;JZ)V"), NATIVE_METHOD(Thread, nativeGetStatus, "(Z)I"), NATIVE_METHOD(Thread, holdsLock, "(Ljava/lang/Object;)Z"), FAST_NATIVE_METHOD(Thread, interrupt0, "()V"), NATIVE_METHOD(Thread, setNativeName, "(Ljava/lang/String;)V"), NATIVE_METHOD(Thread, setPriority0, "(I)V"), FAST_NATIVE_METHOD(Thread, sleep, "(Ljava/lang/Object;JI)V"), NATIVE_METHOD(Thread, yield, "()V"), }; void register_java_lang_Thread(JNIEnv* env) { REGISTER_NATIVE_METHODS("java/lang/Thread"); } }
art 线程实现
由上可以看到 Thread_nativeCreate 调用的是 Thread::CreateNativeThread,而此 Thread 的代码位于 thread.cc。
void Thread::CreateNativeThread(JNIEnv* env, jobject java_peer, size_t stack_size, bool is_daemon) { ... Runtime* runtime = Runtime::Current(); ... Thread* child_thread = new Thread(is_daemon); ... SetNativePeer(env, java_peer, child_thread); int pthread_create_result = 0; if (child_jni_env_ext.get() != nullptr) { pthread_t new_pthread; pthread_attr_t attr; ... pthread_create_result = pthread_create(&new_pthread, &attr, gUseUserfaultfd ? Thread::CreateCallbackWithUffdGc : Thread::CreateCallback,child_thread); ... } ... }
由上可以看出, art 中的 thread.cc 角色跟 jdk 中的 Thread.java 其实差不多,都是包装层。
这么说或许也有些不准确,应该是 pthread 是 art thread 中的一个成员,具体线程相关操作由 pthread 去执行。
而具体线程资源的申请由 pthread_create 实现。
pthread
__BIONIC_WEAK_FOR_NATIVE_BRIDGE int pthread_create(pthread_t* thread_out, pthread_attr_t const* attr, void* (*start_routine)(void*), void* arg) { pthread_attr_t thread_attr; if (attr == nullptr) { pthread_attr_init(&thread_attr); } else { thread_attr = *attr; attr = nullptr; } bionic_tcb* tcb = nullptr; void* child_stack = nullptr; int result = __allocate_thread(&thread_attr, &tcb, &child_stack); if (result != 0) { return result; } pthread_internal_t* thread = tcb->thread(); ... int rc = clone(__pthread_start, child_stack, flags, thread, &(thread->tid), tls, &(thread->tid)); __rt_sigprocmask(SIG_SETMASK, &thread->start_mask, nullptr, sizeof(thread->start_mask)); ... int init_errno = __init_thread(thread); ... }
pthread_create 中的 __allocate_thread 函数去创建线程栈等
static int __allocate_thread(pthread_attr_t* attr, bionic_tcb** tcbp, void** child_stack) { ThreadMapping mapping; char* stack_top; bool stack_clean = false; if (attr->stack_base == nullptr) { // The caller didn't provide a stack, so allocate one. // Make sure the guard size is a multiple of page_size(). const size_t unaligned_guard_size = attr->guard_size; attr->guard_size = __BIONIC_ALIGN(attr->guard_size, page_size()); if (attr->guard_size stack_size, attr->guard_size); if (mapping.mmap_base == nullptr) return EAGAIN; stack_top = mapping.stack_top; attr->stack_base = mapping.stack_base; stack_clean = true; } else { mapping = __allocate_thread_mapping(0, PTHREAD_GUARD_SIZE); if (mapping.mmap_base == nullptr) return EAGAIN; stack_top = static_cast(attr->stack_base) + attr->stack_size; } // Carve out space from the stack for the thread's pthread_internal_t. This // memory isn't counted in pthread_attr_getstacksize. // To safely access the pthread_internal_t and thread stack, we need to find a 16-byte aligned boundary. stack_top = align_down(stack_top - sizeof(pthread_internal_t), 16); pthread_internal_t* thread = reinterpret_cast(stack_top); if (!stack_clean) { // If thread was not allocated by mmap(), it may not have been cleared to zero. // So assume the worst and zero it. memset(thread, 0, sizeof(pthread_internal_t)); } // Locate static TLS structures within the mapped region. const StaticTlsLayout& layout = __libc_shared_globals()->static_tls_layout; auto tcb = reinterpret_cast(mapping.static_tls + layout.offset_bionic_tcb()); auto tls = reinterpret_cast(mapping.static_tls + layout.offset_bionic_tls()); // Initialize TLS memory. __init_static_tls(mapping.static_tls); __init_tcb(tcb, thread); __init_tcb_dtv(tcb); __init_tcb_stack_guard(tcb); __init_bionic_tls_ptrs(tcb, tls); attr->stack_size = stack_top - static_cast(attr->stack_base); thread->attr = *attr; thread->mmap_base = mapping.mmap_base; thread->mmap_size = mapping.mmap_size; thread->mmap_base_unguarded = mapping.mmap_base_unguarded; thread->mmap_size_unguarded = mapping.mmap_size_unguarded; thread->stack_top = reinterpret_cast(stack_top); *tcbp = tcb; *child_stack = stack_top; return 0; }
pthread_create 中的 clone 去申请内核线程等资源,clone 的代码位于 clone.cpp
__BIONIC_WEAK_FOR_NATIVE_BRIDGE int clone(int (*fn)(void*), void* child_stack, int flags, void* arg, ...) { int* parent_tid = nullptr; void* new_tls = nullptr; int* child_tid = nullptr; if (fn != nullptr && child_stack == nullptr) { errno = EINVAL; return -1; } // Extract any optional parameters required by the flags. va_list args; va_start(args, arg); if ((flags & (CLONE_PARENT_SETTID|CLONE_SETTLS|CLONE_CHILD_SETTID|CLONE_CHILD_CLEARTID)) != 0) { parent_tid = va_arg(args, int*); } if ((flags & (CLONE_SETTLS|CLONE_CHILD_SETTID|CLONE_CHILD_CLEARTID)) != 0) { new_tls = va_arg(args, void*); } if ((flags & (CLONE_CHILD_SETTID|CLONE_CHILD_CLEARTID)) != 0) { child_tid = va_arg(args, int*); } va_end(args); // Align 'child_stack' to 16 bytes. uintptr_t child_stack_addr = reinterpret_cast(child_stack); child_stack_addr &= ~0xf; child_stack = reinterpret_cast(child_stack_addr); // Remember the parent pid and invalidate the cached value while we clone. pthread_internal_t* self = __get_thread(); pid_t parent_pid = self->invalidate_cached_pid(); // Remmber the caller's tid so that it can be restored in the parent after clone. pid_t caller_tid = self->tid; // Invalidate the tid before the syscall. The value is lazily cached in gettid(), // and it will be updated by fork() and pthread_create(). We don't do this if // we are sharing address space with the child. if (!(flags & (CLONE_VM|CLONE_VFORK))) { self->tid = -1; } // Actually do the clone. int clone_result; if (fn != nullptr) { clone_result = __bionic_clone(flags, child_stack, parent_tid, new_tls, child_tid, fn, arg); } else { #if defined(__x86_64__) // sys_clone's last two arguments are flipped on x86-64. clone_result = syscall(__NR_clone, flags, child_stack, parent_tid, child_tid, new_tls); #else clone_result = syscall(__NR_clone, flags, child_stack, parent_tid, new_tls, child_tid); #endif } if (clone_result != 0) { self->set_cached_pid(parent_pid); self->tid = caller_tid; } else if (self->tid == -1) { self->tid = syscall(__NR_gettid); self->set_cached_pid(self->tid); } return clone_result; }
而这中的关键调用是 __bionic_clone,代码位于 __bionic_clone.S
ENTRY_PRIVATE(__bionic_clone) # Push 'fn' and 'arg' onto the child stack. stp x5, x6, [x1, #-16]! # Make the system call. mov x8, __NR_clone svc #0 # Are we the child? cbz x0, .L_bc_child # Set errno if something went wrong. cmn x0, #(MAX_ERRNO + 1) cneg x0, x0, hi b.hi __set_errno_internal ret .L_bc_child: # We're in the child now. Set the end of the frame record chain. mov x29, #0 # Setting x30 to 0 will make the unwinder stop at __start_thread. mov x30, #0 # Call __start_thread with the 'fn' and 'arg' we stored on the child stack. ldp x0, x1, [sp], #16 b __start_thread END(__bionic_clone)
arm 64 下通过 svc 指令触发,然后就由用户态转到核态,具体看下一篇文章啦
