字数 23268
阅读 4153
This article learns a lot from Laoluo's Blog. Thanks for his outstanding analysis!
Native Functions can be registered or directly invoked as Native Method in 2 ways:
function, which would be invoked once the library is loaded. This is explained in Structures and Definition in Native Function RegisterationMost of following content are explaining the procedure of Native Function Registeration; The second subsection
Manually Register Native Functions in SharedLibrary's JNI_OnLoad
A structure used to describe the native methods
typedef struct {
const char* name;
const char* signature; //the combined string describing types of parameters and return vuale
void* fnPtr;
} JNINativeMethod;
has a memeber named functions who points to a callback function table.
struct _JNIEnv {
/* do not rename this; it does not seem to be entirely opaque */
const struct JNINativeInterface* functions;
#if defined(__cplusplus)
jint GetVersion()
{ return functions->GetVersion(this); }
Before this function is called, a possible call-path can be the following:
to be continued:
Finally, jniRegisterNativeMethods
is called for performing the real native methods registeration
int jniRegisterNativeMethods(C_JNIEnv* env,
const char* className, // aa/b/c
const JNINativeMethod* gMethods, // list of all Native Mehtods
int numMethods) // number of native methods
Either manually register or automatically register, jniRegisterNativeMethods
will be invoked.
Two things are performed in this function:1) verify the validation of class name
; 2) invoke JNIEnv->RegisterNatives
to perform the realy registeration procedure.
extern "C" int jniRegisterNativeMethods(C_JNIEnv* env, const char* className,
const JNINativeMethod* gMethods, int numMethods)
JNIEnv* e = reinterpret_cast<JNIEnv*>(env);
scoped_local_ref<jclass> c(env, findClass(env, className));
if (c.get() == NULL) {
//"Native registration unable to find class '%s'; aborting...", className);
if ((*env)->RegisterNatives(e, c.get(), gMethods, numMethods) < 0) {
//"RegisterNatives failed for '%s'; aborting...", className);
return 0;
It is defined as follows:
jint RegisterNatives(jclass clazz, const JNINativeMethod* methods,
jint nMethods)
{ return functions->RegisterNatives(this, clazz, methods, nMethods); }
In Laoluo's post, he said:
从前面Dalvik虚拟机的运行过程分析[1]一文可以知道,结构体JNIEnv的成员变量functions指向的是一个函数表,这个函数表又包含了一系列的函数指针,指向了在当前进程中运行的Dalvik虚拟机中定义的函数。对于结构体JNIEnv的成员函数RegisterNatives来说,它就是通过调用这个函数表中名称为RegisterNatives的函数指针来注册参数gMethods所描述的JNI方法的。 从前面Dalvik虚拟机的启动过程分析[2]一文可以知道,上述函数表中名称为RegisterNatives的函数指针指向的是在Dalvik虚拟机内部定义的函数RegisterNatives,因此,接下来我们就继续分析它的实现
In this function, it reterives the class's object by invoking dvmDecodeIndirectRef
firstly; then in the for
statement, it registers each method in the methods[]
by invoking dvmRegisterJNIMethod
/** Register one or more native functions in one class.
* This can be called multiple times on the same method, allowing the
* caller to redefine the method implementation at will.
static jint RegisterNatives(JNIEnv* env, jclass jclazz,
const JNINativeMethod* methods, jint nMethods)
ScopedJniThreadState ts(env);
ClassObject* clazz = (ClassObject*) dvmDecodeIndirectRef(ts.self(), jclazz);
for (int i = 0; i < nMethods; i++) {
if (!dvmRegisterJNIMethod(clazz, methods[i].name,
methods[i].signature, methods[i].fnPtr))
{ return JNI_ERR; }
return JNI_OK;
1. 确保参数clazz所描述的类有一个名称为methodName的成员函数。首先是调用函数dvmFindDirectMethodByDescriptor来检查methodName是否是clazz的一个非虚成员函数,然后再调用函数dvmFindVirtualMethodByDescriptor来检查methodName是否是clazz的一个虚成员函数。 2. 确保类clazz的成员函数methodName确实是声明为JNI方法,即带有native修饰符,这是通过调用函数dvmIsNativeMethod来实现的。
/** Register a method that uses JNI calling conventions. */
static bool dvmRegisterJNIMethod(ClassObject* clazz, const char* methodName,
const char* signature, void* fnPtr)
if (fnPtr == NULL) { return false; }
// If a signature starts with a '!', we take that as a sign that the native code doesn't need the extra JNI arguments (the JNIEnv* and the jclass).
bool fastJni = false;
if (*signature == '!') {
fastJni = true; ++signature;
ALOGV("fast JNI method %s.%s:%s detected", clazz->descriptor, methodName, signature);
Method* method = dvmFindDirectMethodByDescriptor(clazz, methodName, signature);
if (method == NULL) {
method = dvmFindVirtualMethodByDescriptor(clazz, methodName, signature);
if (method == NULL) {
dumpCandidateMethods(clazz, methodName, signature);
throwNoSuchMethodError(clazz, methodName, signature, "static or non-static");
return false;
if (!dvmIsNativeMethod(method)) {
ALOGW("Unable to register: not native: %s.%s:%s", clazz->descriptor, methodName, signature);
throwNoSuchMethodError(clazz, methodName, signature, "native");
return false;
if (fastJni) {
// In this case, we have extra constraints to check...
if (dvmIsSynchronizedMethod(method)) {
// Synchronization is usually provided by the JNI bridge,
// but we won't have one.
ALOGE("fast JNI method %s.%s:%s cannot be synchronized",
clazz->descriptor, methodName, signature);
return false;
if (!dvmIsStaticMethod(method)) {
// There's no real reason for this constraint, but since we won't
// be supplying a JNIEnv* or a jobject 'this', you're effectively
// static anyway, so it seems clearer to say so.
ALOGE("fast JNI method %s.%s:%s cannot be non-static",
clazz->descriptor, methodName, signature);
return false;
if (method->nativeFunc != dvmResolveNativeMethod) {
/* this is allowed, but unusual */
ALOGV("Note: %s.%s:%s was already registered", clazz->descriptor, methodName, signature);
method->fastJni = fastJni;
dvmUseJNIBridge(method, fnPtr);
return true;
这些Bridage函数实际上仍然不是直接调用地调用JNI方法的,这是因为Dalvik虚拟机是可以运行在各种不同的平台之上,而每一种平台可能都定义有自己的一套函数调用规范,也就是所谓的ABI(Application Binary Interface),这是一个API(Application Programming Interface)不同的概念。ABI是在二进制级别上定义的一套函数调用规范,例如参数是通过寄存器来传递还是堆栈来传递,而API定义是一个应用程序编程接口规范。换句话说,API定义了源代码和库之间的接口,因此同样的代码可以在支持这个API的任何系统中编译 ,而ABI允许编译好的目标代码在使用兼容ABI的系统中无需改动就能运行。
* Point "method->nativeFunc" at the JNI bridge, and overload "method->insns"
* to point at the actual function.
void dvmUseJNIBridge(Method* method, void* func) {
method->shouldTrace = shouldTrace(method);
// Does the method take any reference arguments?
method->noRef = true;
const char* cp = method->shorty;
while (*++cp != '\0') { // Pre-increment to skip return type.
if (*cp == 'L') {
method->noRef = false;
DalvikBridgeFunc bridge = gDvmJni.useCheckJni ? dvmCheckCallJNIMethod : dvmCallJNIMethod;
dvmSetNativeFunc(method, bridge, (const u2*) func);
Dalvik虚拟机提供的Bridge函数主要是分为两类。第一类Bridge函数在调用完成JNI方法之后,会检查该JNI方法的返回结果是否与声明的一致,这是因为一个声明返回String的JNI方法在执行时返回的可能会是一个Byte Array。如果不一致,取决于Dalvik虚拟机的启动选项,它可能会停机。第二类Bridge函数不对JNI方法的返回结果进行上述检查。选择哪一类Bridge函数可以通过-Xcheck:jni选项来决定。不过由于检查一个JNI方法的返回结果是否与声明的一致是很耗时的,因此,我们一般都不会使用第一类Bridge函数。
1. 一个JNI方法的参数列表中如果包含有引用类型的参数,那么对应的Bridge函数就是Genernal类型的,即为dvmCallJNIMethod_general或者dvmCheckCallJNIMethod_general。
2. 一个JNI方法如果声明为同步方法,即带有synchronized修饰符,那么对应的Bridge函数就是Sync类型的,即为dvmCallJNIMethod_synchronized或者dvmCheckCallJNIMethod_synchronized。
3. 一个JNI方法的参数列表中如果不包含有引用类型的参数,并且它是一个虚成员函数,那么对应的Bridge函数就是kJNIVirtualNoRef类型的,即为dvmCallJNIMethod_virtualNoRef或者dvmCheckCallJNIMethod_virtualNoRef。
4. 一个JNI方法的参数列表中如果不包含有引用类型的参数,并且它是一个静态成员函数,那么对应的Bridge函数就是StaticNoRef类型的,即为dvmCallJNIMethod_staticNoRef或者dvmCheckCallJNIMethod_staticNoRef。
这一步执行完成之后,返回到前面的Step 10中,即函数dvmUseJNIBridge中,这时候它就获得了一个Bridge函数,因此,接下来它就可以调用函数dvmSetNativeFunc来执行真正的JNI方法注册操作了。
* Replace method->nativeFunc and method->insns with new values. This is
* commonly performed after successful resolution of a native method.
* There are three basic states:
* (1) (initial) nativeFunc = dvmResolveNativeMethod, insns = NULL
* (2) (internal native) nativeFunc = <impl>, insns = NULL
* (3) (JNI) nativeFunc = JNI call bridge, insns = <impl>
* nativeFunc must never be NULL for a native method.
* The most common transitions are (1)->(2) and (1)->(3). The former is
* atomic, since only one field is updated; the latter is not, but since
* dvmResolveNativeMethod ignores the "insns" field we just need to make
* sure the update happens in the correct order.
* A transition from (2)->(1) would work fine, but (3)->(1) will not,
* because both fields change. If we did this while a thread was executing
* in the call bridge, we could null out the "insns" field right before
* the bridge tried to call through it. So, once "insns" is set, we do
* not allow it to be cleared. A NULL value for the "insns" argument is
* treated as "do not change existing value".
void dvmSetNativeFunc(Method* method, DalvikBridgeFunc func,
const u2* insns)
ClassObject* clazz = method->clazz;
assert(func != NULL);
/* just open up both; easier that way */
dvmLinearReadWrite(clazz->classLoader, clazz->virtualMethods);
dvmLinearReadWrite(clazz->classLoader, clazz->directMethods);
if (insns != NULL) {
/* update both, ensuring that "insns" is observed first */
method->insns = insns;
android_atomic_release_store((int32_t) func,
(volatile int32_t*)(void*) &method->nativeFunc);
} else {
/* only update nativeFunc */
method->nativeFunc = func;
dvmLinearReadOnly(clazz->classLoader, clazz->virtualMethods);
dvmLinearReadOnly(clazz->classLoader, clazz->directMethods);
假设在前面的Step 11中选择的Bridge函数为dvmCallJNIMethod_general,并且结合前面Dalvik虚拟机的运行过程分析一文,我们就可以得到Dalvik虚拟机在运行过程中调用JNI方法的过程:
1. 调用函数dvmCallJNIMethod_general,执行一些必要的准备工作;
2. 函数dvmCallJNIMethod_general再调用函数dvmPlatformInvoke来以统一的方式来调用对应的JNI方法;
3. 函数dvmPlatformInvoke通过libffi库来调用对应的JNI方法,以屏蔽Dalvik虚拟机运行在不同目标平台的细节。
is the inital nativeFuncJNI
for a native method in Java. If a native method in Java isn't binded to a dvmCallJNIMethod_xxx
and a native function, then dvmResolveNativeMethod
will be invoked as it is the initial function. We will introduce dvmResolveNativeMethod
as follows.
,查找符合要求的Native Function,如果找到则调用dvmSetNativeFunc((Method*) method, dfunc, NULL)
进行native function的绑定(insns为null),然后调用该native function:dfunc(args, pResult, method, self);
void* func = lookupSharedLibMethod(method);
从当前已加载的共享库中查找相应的方法;找到后按照JNI Bridge的方式调用dvmUseJNIBridge((Method*) method, func);
进行绑定;最后再调用该方法(*method->nativeFunc)(args, pResult, method, self);
.注:从执行步骤看出,无论哪种情况,只要找到相应的Native Function,则被绑定后,该函数dvmResolveNativeMehtod
/* * Resolve a native method and invoke it.
* This is executed as if it were a native bridge or function. If the
* resolution succeeds, method->insns is replaced, and we don't go through
* here again unless the method is unregistered.
* Initializes method's class if necessary.
* An exception is thrown on resolution failure.
* (This should not be taking "const Method*", because it modifies the
* structure, but the declaration needs to match the DalvikBridgeFunc
* type definition.)
void dvmResolveNativeMethod(const u4* args, JValue* pResult,
const Method* method, Thread* self)
ClassObject* clazz = method->clazz;
/** If this is a static method, it could be called before the class
* has been initialized.*/
if (dvmIsStaticMethod(method)) {
if (!dvmIsClassInitialized(clazz) && !dvmInitClass(clazz)) {
} else {
assert(dvmIsClassInitialized(clazz) ||
/* start with our internal-native methods */
DalvikNativeFunc infunc = dvmLookupInternalNativeMethod(method);
if (infunc != NULL) {(*method->nativeFunc)(args, pResult, method, self);
/* resolution always gets the same answer, so no race here */
char* desc = dexProtoCopyMethodDescriptor(&method->prototype);
LOGVV("+++ resolved native %s.%s %s, invoking",
clazz->descriptor, method->name, desc);
if (dvmIsSynchronizedMethod(method)) {
ALOGE("ERROR: internal-native can't be declared 'synchronized'");
ALOGE("Failing on %s.%s", method->clazz->descriptor, method->name);
dvmAbort(); // harsh, but this is VM-internal problem
DalvikBridgeFunc dfunc = (DalvikBridgeFunc) infunc;
dvmSetNativeFunc((Method*) method, dfunc, NULL);
dfunc(args, pResult, method, self);
/* now scan any DLLs we have loaded for JNI signatures */
void* func = lookupSharedLibMethod(method);
if (func != NULL) {
/* found it, point it at the JNI bridge and then call it */
dvmUseJNIBridge((Method*) method, func);
(*method->nativeFunc)(args, pResult, method, self);
char* desc = dexProtoCopyMethodDescriptor(&method->prototype);
ALOGW("No implementation found for native %s.%s:%s",
clazz->descriptor, method->name, desc);
dvmThrowUnsatisfiedLinkError("Native method not found", method);
As we know, Davik Virtual Machine is stared up in Zygote process and receives an instance of JavaVM
and an instance of JNIEnv
. The JavaVM instance is used to describe the instance of Zygote's Dalvik VM, and JNIEnv
is used to describe the JNI environment of Zygote's main thread. Once JNIEnv
and JavaVM
are ready, JNIEnv
's member method--CallStaticVoidMethod
is invoked by Zygote process to call the static member method main
of com.android.internal.os.ZygoteInit
class, say, main
is the entrance of Java World.
Now, let's start the discussion with CallStaticVoidMethod
The following picture[3] shows How Dalvik VM works.
Typically, for the invoke of Native Methods, the first 4 steps are enough. Now we'll goto details.
is defined in dalvik/libnativehelper/inlcude/nativehelper/jni.h
Actually, JNIEnv is a strcture containing the memeber variable functions
, a table of callback functions, in a type of JNINativeInterface
. Thus, JNIEnv.CallStaticVoidMethod
call functions->CallStaticVoidMethodV
void CallStaticVoidMethodV(jclass clazz, jmethodID methodID, va_list args)
functions->CallStaticVoidMethodV(this, clazz, methodID, args);
This function table named functions
comes from gNativeInterface, a global function table in dalvik/vm/jni.cpp
. In this table, CallStaticVoidMethodV points to a function with the same name, which is also defined in dalvik/vm/jni.cpp
* Call a static method.
#define CALL_STATIC(_ctype, _jname, _retfail, _retok, _isref) \
static _ctype CallStatic##_jname##MethodV(JNIEnv* env, jclass jclazz, \
jmethodID methodID, va_list args) \
{ \
ScopedJniThreadState ts(env); \
JValue result; \
dvmCallMethodV(ts.self(), (Method*)methodID, NULL, true, &result, args);\
if (_isref && !dvmCheckException(ts.self())) \
result.l = (Object*)addLocalReference(ts.self(), result.l); \
return _retok; \
When the CALL_STATIC is replaced, we can get the real implementation of CallStaticMethodV. we can see, dvmCallMethodV
is the key point.
If the called method is a native method, it will call method->nativeFunc directly. Otherwise, it will call dvmInterpret
to interpret and execute Java method.
* Issue a method call with a variable number of arguments. We process
* the contents of "args" by scanning the method signature.
* Pass in NULL for "obj" on calls to static methods.
* We don't need to take the class as an argument because, in Dalvik,
* we don't need to worry about static synchronized methods.
void dvmCallMethodV(Thread* self, const Method* method, Object* obj,
bool fromJni, JValue* pResult, va_list args)
const char* desc = &(method->shorty[1]); // [0] is the return type.
int verifyCount = 0;
ClassObject* clazz;
u4* ins;
clazz = callPrep(self, method, obj, false);
if (clazz == NULL)
/* "ins" for new frame start at frame pointer plus locals */
ins = ((u4*)self->interpSave.curFrame) +
(method->registersSize - method->insSize);
//ALOGD(" FP is %p, INs live at >= %p", self->interpSave.curFrame, ins);
/* put "this" pointer into in0 if appropriate */
if (!dvmIsStaticMethod(method)) {
assert(obj != NULL && dvmIsHeapAddress(obj));
*ins++ = (u4) obj;
while (*desc != '\0') {
switch (*(desc++)) {
case 'D': case 'J': {
u8 val = va_arg(args, u8);
memcpy(ins, &val, 8); // EABI prevents direct store
ins += 2;
verifyCount += 2;
case 'F': {
/* floats were normalized to doubles; convert back */
float f = (float) va_arg(args, double);
*ins++ = dvmFloatToU4(f);
case 'L': { /* 'shorty' descr uses L for all refs, incl array */
void* arg = va_arg(args, void*);
assert(obj == NULL || dvmIsHeapAddress(obj));
jobject argObj = reinterpret_cast<jobject>(arg);
if (fromJni)
*ins++ = (u4) dvmDecodeIndirectRef(self, argObj);
*ins++ = (u4) argObj;
default: {
/* Z B C S I -- all passed as 32-bit integers */
*ins++ = va_arg(args, u4);
#ifndef NDEBUG
if (verifyCount != method->insSize) {
ALOGE("Got vfycount=%d insSize=%d for %s.%s", verifyCount,
method->insSize, clazz->descriptor, method->name);
goto bail;
if (dvmIsNativeMethod(method)) {
TRACE_METHOD_ENTER(self, method);
/*Because we leave no space for local variables, "curFrame" points directly at the method arguments.*/
(*method->nativeFunc)((u4*)self->interpSave.curFrame, pResult,
method, self);
TRACE_METHOD_EXIT(self, method);
} else {
dvmInterpret(self, method, pResult);
#ifndef NDEBUG
All methods in the DVM are managed via Method object. Each method in Java is described via a Method
* A method. We create one of these for every method in every class we load, so try to keep the size to a minimum. Much of this comes from and could be accessed in the data held in shared memory.
We hold it all together here for speed.
Everything but the pointers could be held in a shared table generated by the optimizer; if we're willing to convert them to offsets and take the performance hit (e.g. "meth->insns" becomes "baseAddr + meth->insnsOffset") we could move everything but "nativeFunc". */
struct Method {
/* the class we are a part of */
ClassObject* clazz;
/* access flags; low 16 bits are defined by spec (could be u2?) */
u4 accessFlags;
/** For concrete virtual methods, this is the offset of the method in "vtable". For abstract methods in an interface class, this is the offset of the method in "iftable[n]->methodIndexArray". */
u2 methodIndex;
/*Method bounds; not needed for an abstract method. For a native method, we compute the size of the argument list, and set "insSize" and "registerSize" equal to it. */
u2 registersSize; /* ins + locals */
u2 outsSize;
u2 insSize;
/* method name, e.g. "<init>" or "eatLunch" */
const char* name;
/*Method prototype descriptor string (return and argument types).
* TODO: This currently must specify the DexFile as well as the proto_ids index, because generated Proxy classes don't have a DexFile. We can remove the DexFile* and reduce the size of this struct if we generate a DEX for proxies.*/
DexProto prototype;
/* short-form method descriptor string */
const char* shorty;
/*The remaining items are not used for abstract or native methods. (JNI is currently hijacking "insns" as a function pointer, set after the first call. For internal-native this stays null.) */
/* the actual code */
const u2* insns; /* instructions, in memory-mapped .dex */
/* JNI: cached argument and return-type hints */
int jniArgInfo;
/*JNI: native method ptr; could be actual function or a JNI bridge. We don't currently discriminate between DalvikBridgeFunc and DalvikNativeFunc; the former takes an argument superset (i.e. two extra args) which will be ignored. If necessary we can use insns==NULL to detect JNI bridge vs. internal native. */
DalvikBridgeFunc nativeFunc;
/*JNI: true if this static non-synchronized native method (that has no reference arguments) needs a JNIEnv* and jclass/jobject. Libcore uses this.*/
bool fastJni;
/*JNI: true if this method has no reference arguments. This lets the JNI bridge avoid scanning the shorty for direct pointers that need to be converted to local references. TODO: replace this with a list of indexes of the reference arguments.*/
bool noRef;
/*JNI: true if we should log entry and exit. This is the only waydevelopers can log the local references that are passed into their code. Used for debugging JNI problems in third-party code.*/
bool shouldTrace;
/*Register map data, if available. This will point into the DEX file if the data was computed during pre-verification, or into the linear alloc area if not.*/
const RegisterMap* registerMap;
/* set if method was called during method profiling */
bool inProfile;
When a native library is loaded, the JNI_OnLoad function in library will be automatically loaded. Usually, some initial stuffs and native method registeration via jniRegisterNativeMethod are processed in JNI_OnLoad.
If a native method is registered in JNI_OnLoad, then the
will be changed fromdvmResolveNativeMethod
, at the same time,method->insns
will be set to the native function, which is the implementation of the JNI method.If the native method isn't registered in JNI_OnLoad, then when the native method is called in Java, it will invoke the
's default vaule,dvmResolveNativeMethod
, it will try to find a function, which matches the JNI method based on the JNI specification, and bind it to the current JNI method, then invoke it. If it couldn't find the right native function, it will throw an exception.
When a Java method is called, dvm will examine whether the method is a native method. If it's a native method, it will invoke method->nativeFunc. Otherwise, it will use related intepreter to executate its java code.