編譯流程
在開始分析dyld之前吕朵,我們先看下分析下可執(zhí)行文件的整個(gè)編譯流程:
編譯流程
如上圖所示炊琉,我們編寫的源文件九火,會(huì)在預(yù)編譯階段在進(jìn)行此法語法分析钻弄,然后經(jīng)過編譯后在經(jīng)過匯編生成目標(biāo)文件,在通過鏈接,將匯編生成的目標(biāo)文件和引入的靜態(tài)庫(kù)鏈接到程序中讳窟,生成可執(zhí)行文件让歼。
靜態(tài)庫(kù)
靜態(tài)庫(kù)形式:.a和.framework
靜態(tài)庫(kù)在鏈接時(shí),會(huì)將編譯階段生成的目標(biāo)文件.o與引用到的庫(kù)一起鏈接到程序中丽啡。對(duì)應(yīng)的連接方式稱為靜態(tài)鏈接谋右。
靜態(tài)庫(kù)
如果多個(gè)程序用到了同一個(gè)靜態(tài)庫(kù)B,則靜態(tài)庫(kù)B就會(huì)被拷貝多份到內(nèi)存中补箍。則會(huì)造成性能和內(nèi)存的消費(fèi)倚评。
靜態(tài)庫(kù)的特點(diǎn):
- 靜態(tài)庫(kù)對(duì)函數(shù)庫(kù)的鏈接是在編譯期完成的。執(zhí)行期間代碼裝載速度快
- 會(huì)使目標(biāo)文件的體積變大馏予,會(huì)造成性能和內(nèi)存的消費(fèi)
- 全量更新,對(duì)程序的更新盔性、部署與發(fā)布不便
動(dòng)態(tài)庫(kù)
動(dòng)態(tài)庫(kù)形式:.dylib霞丧、.tbd
動(dòng)態(tài)庫(kù)
動(dòng)態(tài)庫(kù)在編譯時(shí)并不會(huì)被鏈接到目標(biāo)文件中,而是在程序載入的過程中才會(huì)被載入冕香。動(dòng)態(tài)庫(kù)在內(nèi)存中存放在共享緩存中蛹尝,只會(huì)保存一份。會(huì)以共享庫(kù)的實(shí)例將其載入悉尾。
動(dòng)態(tài)庫(kù)的特點(diǎn):
- 在運(yùn)行時(shí)載入突那,縮減目標(biāo)文件體積
- 共享庫(kù),共享內(nèi)存构眯,節(jié)約資源
- 增量更新愕难,將程序的升級(jí)變的簡(jiǎn)單,不需要重新編譯
編譯過程中的資源都被散亂的加載到內(nèi)存中惫霸,那么是如何來進(jìn)行初始化猫缭,加載和使用的呢?這就引出了我們下面要說的dyld壹店。
dyld 動(dòng)態(tài)鏈接器
dyld是蘋果的動(dòng)態(tài)鏈接器猜丹,是蘋果操作系統(tǒng)的一個(gè)重要組成部分,在應(yīng)用被編譯打包成可執(zhí)行文件格式的Mach-O文件之后硅卢,交由dyld負(fù)責(zé)鏈接射窒,進(jìn)行加載程序。
我們下載 dyld 的最新源碼将塑。
Demo
在ViewController.m里面實(shí)現(xiàn)load方法脉顿,在main.m里面實(shí)現(xiàn)一個(gè)c++方法。最后發(fā)現(xiàn)打印后的結(jié)果順序是:先執(zhí)行ViewController.m中的方法抬旺,在執(zhí)行c++的方法弊予,最后執(zhí)行main函數(shù)。
那么就這個(gè)問題开财,我們?cè)诮酉聛淼牧鞒讨兄胤治鱿潞浩狻N覀冊(cè)?code>ViewController.m中的load方法中打個(gè)斷點(diǎn)误褪,分析下整個(gè)應(yīng)用程序的啟動(dòng)流程。
dyld啟動(dòng)流程圖
從上圖中碾褂,我們可以看到兽间,程序的入口函數(shù)是_dyld_start。
_dyld_start
從上圖可知正塌,當(dāng)我們?nèi)炙阉?code>_dyld_start的時(shí)候嘀略,我們以__x86_64__架構(gòu)為例∨曳蹋可以分析到后面調(diào)用了dyldbootstrap::start方法帜羊。
dyldbootstrap::start
dyldbootstrap::start
//
// This is code to bootstrap dyld. This work in normally done for a program by dyld and crt.
// In dyld we have to do this manually.
//
uintptr_t start(const dyld3::MachOLoaded* appsMachHeader, int argc, const char* argv[],
const dyld3::MachOLoaded* dyldsMachHeader, uintptr_t* startGlue)
{
// Emit kdebug tracepoint to indicate dyld bootstrap has started <rdar://46878536>
dyld3::kdebug_trace_dyld_marker(DBG_DYLD_TIMING_BOOTSTRAP_START, 0, 0, 0, 0);
// if kernel had to slide dyld, we need to fix up load sensitive locations
// we have to do this before using any global variables
rebaseDyld(dyldsMachHeader);
// kernel sets up env pointer to be just past end of agv array
const char** envp = &argv[argc+1];
// kernel sets up apple pointer to be just past end of envp array
const char** apple = envp;
while(*apple != NULL) { ++apple; }
++apple;
// set up random value for stack canary
__guard_setup(apple);
#if DYLD_INITIALIZER_SUPPORT
// run all C++ initializers inside dyld
runDyldInitializers(argc, argv, envp, apple);
#endif
// now that we are done bootstrapping dyld, call dyld's main
uintptr_t appsSlide = appsMachHeader->getSlide();
return dyld::_main((macho_header*)appsMachHeader, appsSlide, argc, argv, envp, apple, startGlue);
}
從dyldbootstrap::start源碼和dyld啟動(dòng)流程圖中我們可以看出,最后走了dyld::_main函數(shù)鸠天;
dyld::_main
源碼過長(zhǎng)讼育,將主要的執(zhí)行方法流程貼出,大家可以自己下載源碼去對(duì)應(yīng)的查看下:
- 1稠集、環(huán)境配置:版本信息奶段、平臺(tái)信息、模擬器剥纷、設(shè)置上下文等
- 2痹籍、設(shè)置共享緩存:
mapSharedCache - 3、主程序初始化:
sMainExecutable的賦值情況晦鞋,其實(shí)是調(diào)用了instantiateFromLoadedImage- 3.1蹲缠、在
instantiateFromLoadedImage中,調(diào)用ImageLoaderMachO::instantiateMainExecutable來獲取到處理好的鏡像文件- 3.1.1悠垛、在
ImageLoaderMachO::instantiateMainExecutable中調(diào)用sniffLoadCommands吼砂,構(gòu)建主程序中的一些格式(Mach-O)
- 3.1.1悠垛、在
- 3.2、加載到當(dāng)前的
images里面
- 3.1蹲缠、在
- 4鼎文、插入動(dòng)態(tài)庫(kù):
loadInsertedDylib - 5渔肩、鏈接主程序:
link(sMainExecutable, sEnv.DYLD_BIND_AT_LAUNCH, true, ImageLoader::RPathChain(NULL, NULL), -1); - 6、
for循環(huán)鏈接鏡像文件:link(image, sEnv.DYLD_BIND_AT_LAUNCH, true, ImageLoader::RPathChain(NULL, NULL), -1); - 7拇惋、main函數(shù):
initializeMainExecutable();
initializeMainExecutable 流程分析
- 1周偎、在
initializeMainExecutable函數(shù)中調(diào)用runInitializersfa為所有插入的dylibs運(yùn)行initialzers
void initializeMainExecutable()
{
// record that we've reached this step
gLinkContext.startedInitializingMainExecutable = true;
// run initialzers for any inserted dylibs
ImageLoader::InitializerTimingList initializerTimes[allImagesCount()];
initializerTimes[0].count = 0;
const size_t rootCount = sImageRoots.size();
if ( rootCount > 1 ) {
for(size_t i=1; i < rootCount; ++i) {
sImageRoots[i]->runInitializers(gLinkContext, initializerTimes[0]);
}
}
// run initializers for main executable and everything it brings up
sMainExecutable->runInitializers(gLinkContext, initializerTimes[0]);
// register cxa_atexit() handler to run static terminators in all loaded images when this process exits
if ( gLibSystemHelpers != NULL )
(*gLibSystemHelpers->cxa_atexit)(&runAllStaticTerminators, NULL, NULL);
// dump info if requested
if ( sEnv.DYLD_PRINT_STATISTICS )
ImageLoader::printStatistics((unsigned int)allImagesCount(), initializerTimes[0]);
if ( sEnv.DYLD_PRINT_STATISTICS_DETAILS )
ImageLoaderMachO::printStatisticsDetails((unsigned int)allImagesCount(), initializerTimes[0]);
}
- 2、接下來會(huì)在
runInitializers中調(diào)用processInitializers來加載鏡像文件
void ImageLoader::runInitializers(const LinkContext& context, InitializerTimingList& timingInfo)
{
uint64_t t1 = mach_absolute_time();
mach_port_t thisThread = mach_thread_self();
ImageLoader::UninitedUpwards up;
up.count = 1;
up.imagesAndPaths[0] = { this, this->getPath() };
processInitializers(context, thisThread, timingInfo, up);
context.notifyBatch(dyld_image_state_initialized, false);
mach_port_deallocate(mach_task_self(), thisThread);
uint64_t t2 = mach_absolute_time();
fgTotalInitTime += (t2 - t1);
}
- 3撑帖、在
processInitializers中會(huì)循環(huán)調(diào)用recursiveInitialization來加載鏡像文件(鏡像文件中可能引用了其它的鏡像文件)
void ImageLoader::processInitializers(const LinkContext& context, mach_port_t thisThread,
InitializerTimingList& timingInfo, ImageLoader::UninitedUpwards& images)
{
uint32_t maxImageCount = context.imageCount()+2;
ImageLoader::UninitedUpwards upsBuffer[maxImageCount];
ImageLoader::UninitedUpwards& ups = upsBuffer[0];
ups.count = 0;
// Calling recursive init on all images in images list, building a new list of
// uninitialized upward dependencies.
// 可能鏡像文件中引用了鏡像文件蓉坎,也就是庫(kù)中有庫(kù)
for (uintptr_t i=0; i < images.count; ++i) {
images.imagesAndPaths[i].first->recursiveInitialization(context, thisThread, images.imagesAndPaths[i].second, timingInfo, ups);
}
// If any upward dependencies remain, init them.
if ( ups.count > 0 )
processInitializers(context, thisThread, timingInfo, ups);
}
- 4、在
recursiveInitialization方法中胡嘿,會(huì)先遞歸調(diào)用當(dāng)前image的dylib動(dòng)態(tài)庫(kù)的初始化函數(shù)進(jìn)行初始化蛉艾,然后才調(diào)用doInitialization來調(diào)用自己的初始化函數(shù),當(dāng)中間image的state狀態(tài)切換時(shí),對(duì)外通過notifySingle方法給外部環(huán)境context發(fā)出狀態(tài)變化的通知(如果外部有內(nèi)容監(jiān)聽到了相關(guān)通知勿侯,那么會(huì)執(zhí)行相應(yīng)的回調(diào))
void ImageLoader::recursiveInitialization(const LinkContext& context, mach_port_t this_thread, const char* pathToInitialize,
InitializerTimingList& timingInfo, UninitedUpwards& uninitUps)
{
recursive_lock lock_info(this_thread);
recursiveSpinLock(lock_info);
if ( fState < dyld_image_state_dependents_initialized-1 ) {
uint8_t oldState = fState;
// break cycles
fState = dyld_image_state_dependents_initialized-1;
try {
// initialize lower level libraries first
for(unsigned int i=0; i < libraryCount(); ++i) {
ImageLoader* dependentImage = libImage(i);
if ( dependentImage != NULL ) {
// don't try to initialize stuff "above" me yet
if ( libIsUpward(i) ) {
uninitUps.imagesAndPaths[uninitUps.count] = { dependentImage, libPath(i) };
uninitUps.count++;
}
else if ( dependentImage->fDepth >= fDepth ) {
dependentImage->recursiveInitialization(context, this_thread, libPath(i), timingInfo, uninitUps);
}
}
}
// record termination order
if ( this->needsTermination() )
context.terminationRecorder(this);
// let objc know we are about to initialize this image
uint64_t t1 = mach_absolute_time();
fState = dyld_image_state_dependents_initialized;
oldState = fState;
context.notifySingle(dyld_image_state_dependents_initialized, this, &timingInfo);
// initialize this image
bool hasInitializers = this->doInitialization(context);
// let anyone know we finished initializing this image
fState = dyld_image_state_initialized;
oldState = fState;
context.notifySingle(dyld_image_state_initialized, this, NULL);
if ( hasInitializers ) {
uint64_t t2 = mach_absolute_time();
timingInfo.addTime(this->getShortName(), t2-t1);
}
}
catch (const char* msg) {
// this image is not initialized
fState = oldState;
recursiveSpinUnLock();
throw;
}
}
recursiveSpinUnLock();
}
notifySingle
我們先看下notifySingle的實(shí)現(xiàn)
static void notifySingle(dyld_image_states state, const ImageLoader* image, ImageLoader::InitializerTimingList* timingInfo)
{
//dyld::log("notifySingle(state=%d, image=%s)\n", state, image->getPath());
std::vector<dyld_image_state_change_handler>* handlers = stateToHandlers(state, sSingleHandlers);
if ( handlers != NULL ) {
dyld_image_info info;
info.imageLoadAddress = image->machHeader();
info.imageFilePath = image->getRealPath();
info.imageFileModDate = image->lastModified();
for (std::vector<dyld_image_state_change_handler>::iterator it = handlers->begin(); it != handlers->end(); ++it) {
const char* result = (*it)(state, 1, &info);
if ( (result != NULL) && (state == dyld_image_state_mapped) ) {
//fprintf(stderr, " image rejected by handler=%p\n", *it);
// make copy of thrown string so that later catch clauses can free it
const char* str = strdup(result);
throw str;
}
}
}
if ( state == dyld_image_state_mapped ) {
// <rdar://problem/7008875> Save load addr + UUID for images from outside the shared cache
if ( !image->inSharedCache() ) {
dyld_uuid_info info;
if ( image->getUUID(info.imageUUID) ) {
info.imageLoadAddress = image->machHeader();
addNonSharedCacheImageUUID(info);
}
}
}
if ( (state == dyld_image_state_dependents_initialized) && (sNotifyObjCInit != NULL) && image->notifyObjC() ) {
uint64_t t0 = mach_absolute_time();
dyld3::ScopedTimer timer(DBG_DYLD_TIMING_OBJC_INIT, (uint64_t)image->machHeader(), 0, 0);
(*sNotifyObjCInit)(image->getRealPath(), image->machHeader());
uint64_t t1 = mach_absolute_time();
uint64_t t2 = mach_absolute_time();
uint64_t timeInObjC = t1-t0;
uint64_t emptyTime = (t2-t1)*100;
if ( (timeInObjC > emptyTime) && (timingInfo != NULL) ) {
timingInfo->addTime(image->getShortName(), timeInObjC);
}
}
// mach message csdlc about dynamically unloaded images
if ( image->addFuncNotified() && (state == dyld_image_state_terminated) ) {
notifyKernel(*image, false);
const struct mach_header* loadAddress[] = { image->machHeader() };
const char* loadPath[] = { image->getPath() };
notifyMonitoringDyld(true, 1, loadAddress, loadPath);
}
}
通過recursiveInitialization方法中的監(jiān)聽的狀態(tài)dyld_image_state_dependents_initialized可以知道會(huì)執(zhí)行(*sNotifyObjCInit)(image->getRealPath(), image->machHeader());
那么sNotifyObjCInit是怎么來的呢拓瞪?
sNotifyObjCInit
全局搜索后,可以發(fā)現(xiàn)會(huì)在registerObjCNotifiers中對(duì)sNotifyObjCInit有賦值助琐。
void registerObjCNotifiers(_dyld_objc_notify_mapped mapped, _dyld_objc_notify_init init, _dyld_objc_notify_unmapped unmapped)
{
// record functions to call
sNotifyObjCMapped = mapped;
sNotifyObjCInit = init;
sNotifyObjCUnmapped = unmapped;
// call 'mapped' function with all images mapped so far
try {
notifyBatchPartial(dyld_image_state_bound, true, NULL, false, true);
}
catch (const char* msg) {
// ignore request to abort during registration
}
// <rdar://problem/32209809> call 'init' function on all images already init'ed (below libSystem)
for (std::vector<ImageLoader*>::iterator it=sAllImages.begin(); it != sAllImages.end(); it++) {
ImageLoader* image = *it;
if ( (image->getState() == dyld_image_state_initialized) && image->notifyObjC() ) {
dyld3::ScopedTimer timer(DBG_DYLD_TIMING_OBJC_INIT, (uint64_t)image->machHeader(), 0, 0);
(*sNotifyObjCInit)(image->getRealPath(), image->machHeader());
}
}
}
在registerObjCNotifiers其實(shí)是在_dyld_objc_notify_register中調(diào)用的祭埂。那么_dyld_objc_notify_register又是在哪里調(diào)用的呢?
我們?cè)?code>runtime源碼objc-781中全局搜索下兵钮,可以發(fā)現(xiàn)_objc_init中調(diào)用該方法蛆橡。
void _objc_init(void)
{
static bool initialized = false;
if (initialized) return;
initialized = true;
// fixme defer initialization until an objc-using image is found?
environ_init();
tls_init();
static_init();
runtime_init();
exception_init();
cache_init();
_imp_implementationWithBlock_init();
_dyld_objc_notify_register(&map_images, load_images, unmap_image);
#if __OBJC2__
didCallDyldNotifyRegister = true;
#endif
}
doInitialization
bool ImageLoaderMachO::doInitialization(const LinkContext& context)
{
CRSetCrashLogMessage2(this->getPath());
// mach-o has -init and static initializers
doImageInit(context);
doModInitFunctions(context);
CRSetCrashLogMessage2(NULL);
return (fHasDashInit || fHasInitializers);
}
在doInitialization中會(huì)調(diào)用doImageInit和doModInitFunctions方法,這兩個(gè)方法就是從鏡像文件中獲取這個(gè)鏡像的真正的入口初始化方法initializer并調(diào)用掘譬。
因?yàn)?code>dyld是不能調(diào)試的泰演,我們可以通過打符號(hào)斷點(diǎn)_objc_init來查看流程。
符號(hào)斷點(diǎn)
符號(hào)斷點(diǎn)流程
從上圖可以看出動(dòng)態(tài)庫(kù)初始化函數(shù)的真正調(diào)用是在ImageLoaderMachO::doModInitFunctions函數(shù)中, 對(duì)于libSystem.B.dylib來說其初始化函數(shù)是libSystem_initializer, 在這個(gè)函數(shù)中libdispatch_init被調(diào)用, libSystem以及libdispatch也是開源的, 可以查看相關(guān)源碼葱轩。
libSystem
在libSystem_initializer中會(huì)首先調(diào)用dyld的初始化方法_dyld_initializer粥血,然后會(huì)調(diào)用libdispatch.dylib的初始化方法libdispatch_init。
__attribute__((constructor))
static void
libSystem_initializer(int argc,
const char* argv[],
const char* envp[],
const char* apple[],
const struct ProgramVars* vars)
{
...
_dyld_initializer();
_libSystem_ktrace_init_func(DYLD);
libdispatch_init();
_libSystem_ktrace_init_func(LIBDISPATCH);
...
}
libdispatch_init
在libdispatch_init中會(huì)調(diào)用到_os_object_init酿箭。
void
libdispatch_init(void)
{
...
#endif
_dispatch_hw_config_init();
_dispatch_time_init();
_dispatch_vtable_init();
_os_object_init();
_voucher_init();
_dispatch_introspection_init();
}
_os_object_init
在_os_object_init中就會(huì)直接調(diào)用到_objc_init了。而_objc_init是來自runtime中objc-781源碼中的方法趾娃。
extern void _objc_init(void);
void
_os_object_init(void)
{
_objc_init();
Block_callbacks_RR callbacks = {
sizeof(Block_callbacks_RR),
(void (*)(const void *))&objc_retain,
(void (*)(const void *))&objc_release,
(void (*)(const void *))&_os_objc_destructInstance
};
_Block_use_RR2(&callbacks);
#if DISPATCH_COCOA_COMPAT
const char *v = getenv("OBJC_DEBUG_MISSING_POOLS");
if (v) _os_object_debug_missing_pools = _dispatch_parse_bool(v);
v = getenv("DISPATCH_DEBUG_MISSING_POOLS");
if (v) _os_object_debug_missing_pools = _dispatch_parse_bool(v);
v = getenv("LIBDISPATCH_DEBUG_MISSING_POOLS");
if (v) _os_object_debug_missing_pools = _dispatch_parse_bool(v);
#endif
}
分析完了缭嫡,我們附上一張dyld的整體流程分析圖:
dyld流程分析圖.png
