使用反射方式获取method的过程分析

反射简单地使用类似如下的代码执行类中的方法

TestMethod test = new TestMethod();
Method methoda = TestMethod.class.getDeclaredMethod("a", new Class[] {});
methoda.invoke(test, new Object[] {});

如无意外就能正确调起TestMethod中的a方法。

如前篇《DEX文件格式分析》中的类加载中一样，getDeclaredMethod的过程就是从ClassObject对象中获取到Method结构体对象，然后再将之转换成reflect对象的一个过程。

然后 Java 层就可以获取到一个java.lang.reflect.Method的对象，执行Method对象的invoke方法，实际上执行的就是对应Native中的invokeNative方法。

// dalvik/vm/native/java_lang_reflect_Method.cpp

static void Dalvik_java_lang_reflect_Method_invokeNative(const u4* args,
    JValue* pResult)
{
    // ignore thisPtr in args[0]
    Object* methObj = (Object*) args[1];        // 接收对象 
    ArrayObject* argList = (ArrayObject*) args[2];	//参数对象列表
    ClassObject* declaringClass = (ClassObject*) args[3];	//方法所属类
    ArrayObject* params = (ArrayObject*) args[4];	//参数类型列表
    ClassObject* returnType = (ClassObject*) args[5];	//返回类型
    int slot = args[6];	//class方法区内的单位偏移量
    bool noAccessCheck = (args[7] != 0);	//是否检查能否access
    const Method* meth;
    Object* result;

    /*
     * 在class区内根据slot偏移找到对应的Method对象
     */
    meth = dvmSlotToMethod(declaringClass, slot);
    assert(meth != NULL);

    //方法与类类型的检查
     ......

    /*
     * 实际调用方法
     */
    result = dvmInvokeMethod(methObj, meth, argList, params, returnType,
                noAccessCheck);

    RETURN_PTR(result);   //返回

    ......
}

在解释好参数后，先根据传入的slot值与class来找出对应的Method对象，查找是根据slot来操作的，slot的生成及根据slot来查找对应的Method方法对象的过程如下。

// dalvik/vm/reflect/Reflect.cpp

static int methodToSlot(const Method* meth)
{
    ClassObject* clazz = meth->clazz;	//获取Method对象的ClassObject	
    int slot;

    if (dvmIsDirectMethod(meth)) {	//判断是否为直接方法，包括private,static及<init>等
        slot = meth - clazz->directMethods;//meth's addr - direct method's addrs
        assert(slot >= 0 && slot < clazz->directMethodCount);
        slot = -(slot+1);	//直接方法为负
    } else {	
        slot = meth - clazz->virtualMethods;	//计算方法与直接方法一致，正常来说总为正，因为meth的位置应该在起始位置后的
        assert(slot >= 0 && slot < clazz->virtualMethodCount);
    }

    return slot;
}

......

Method* dvmSlotToMethod(ClassObject* clazz, int slot)
{
    if (slot < 0) {	//直接方法
        slot = -(slot+1);	//+1修正位置
        assert(slot < clazz->directMethodCount);
        return &clazz->directMethods[slot];	//可见，slot实际上就是在class对象中的方法区对象数组中的位置
    } else {
        assert(slot < clazz->virtualMethodCount);
        return &clazz->virtualMethods[slot];
    }
}

根据slot获取到对应的native的Method对象后，就可以调用对应的dvmInvokeMethod方法来调起具体的方法逻辑了。

真正执行方法的是在dvmInvokeMethod方法中，方法及注释如下。

// dalvik/vm/interp/Stack.cpp

Object* dvmInvokeMethod(Object* obj, const Method* method,
    ArrayObject* argList, ArrayObject* params, ClassObject* returnType,
    bool noAccessCheck)
{
    ClassObject* clazz;
    Object* retObj = NULL;
    Thread* self = dvmThreadSelf();	//获取当前Dalvik虚拟机线程
    s4* ins;
    int verifyCount, argListLength;
    JValue retval;
    bool needPop = false;

    /* verify arg count */
    if (argList != NULL)
        argListLength = argList->length;
    else
        argListLength = 0;
    if (argListLength != (int) params->length) {
        dvmThrowExceptionFmt(gDvm.exIllegalArgumentException,
            "wrong number of arguments; expected %d, got %d",
            params->length, argListLength);
        return NULL;
    }

    clazz = callPrep(self, method, obj, !noAccessCheck); // 主要为检查方法是否有权限能被外部invoke执行等等，也进行了新帧的初始化
    if (clazz == NULL)
        return NULL;
    needPop = true;

    /* "ins" for new frame start at frame pointer plus locals */
    ins = ((s4*)self->interpSave.curFrame) +	//interpSave是定义在/dalvik/vm/interp/InterpState.h上的InterpSaveState结构体
						//interpSave.curFrame指向的是当前Dalvik虚拟机线程的帧栈顶部
        (method->registersSize - method->insSize);
    verifyCount = 0;

    //ALOGD("  FP is %p, INs live at >= %p", self->interpSave.curFrame, ins);

    /* put "this" pointer into in0 if appropriate */
    if (!dvmIsStaticMethod(method)) {
        assert(obj != NULL);
        *ins++ = (s4) obj;
        verifyCount++;
    }

    /*
     * 将参数入栈，ins是一个参数栈
     */
    DataObject** args = (DataObject**)(void*)argList->contents;	//获取到参数对象的起始指针对象
    ClassObject** types = (ClassObject**)(void*)params->contents;	//获取到参数对象的类型的起始指针对象
    for (int i = 0; i < argListLength; i++) {	//遍历参数
        int width = dvmConvertArgument(*args++, *types++, ins);	//转换参数类型，该原生转内部的或者装装箱的，顺便检查类型是否匹配，ins指向当前的参数对象
        if (width < 0) {
            dvmPopFrame(self);      // throw wants to pull PC out of stack
            needPop = false;
            throwArgumentTypeMismatch(i, *(types-1), *(args-1));
            goto bail;
        }

        ins += width;
        verifyCount += width;
    }

#ifndef NDEBUG
    if (verifyCount != method->insSize) {
        ALOGE("Got vfycount=%d insSize=%d for %s.%s", verifyCount,
            method->insSize, clazz->descriptor, method->name);
        assert(false);
        goto bail;
    }
#endif

    if (dvmIsNativeMethod(method)) {
        TRACE_METHOD_ENTER(self, method);
        /*
         * Because we leave no space for local variables, "curFrame" points
         * directly at the method arguments.
         */
        (*method->nativeFunc)((u4*)self->interpSave.curFrame, &retval,
                              method, self);
        TRACE_METHOD_EXIT(self, method);
    } else {
        dvmInterpret(self, method, &retval);
    }

    /*
     * Pop the frame immediately.  The "wrap" calls below can cause
     * allocations, and we don't want the GC to walk the now-dead frame.
     */
    dvmPopFrame(self);
    needPop = false;

    /*
     * If an exception is raised, wrap and replace.  This is necessary
     * because the invoked method could have thrown a checked exception
     * that the caller wasn't prepared for.
     *
     * We might be able to do this up in the interpreted code, but that will
     * leave us with a shortened stack trace in the top-level exception.
     */
    if (dvmCheckException(self)) {
        dvmWrapException("Ljava/lang/reflect/InvocationTargetException;");
    } else {
        /*
         * If this isn't a void method or constructor, convert the return type
         * to an appropriate object.
         *dvmInvokeMethod
         * We don't do this when an exception is raised because the value
         * in "retval" is undefined.
         */
        if (returnType != NULL) {
            retObj = (Object*)dvmBoxPrimitive(retval, returnType);
            dvmReleaseTrackedAlloc(retObj, NULL);
        }
    }

bail:
    if (needPop) {
        dvmPopFrame(self);
    }
    return retObj;
}

其中，callPrep方法内进行的是检查方法是否有权限能被外部invoke执行等等，也进行了新帧的初始化，新帧的初始化在Stack::dvmPushInterpFrame内。

// dalvik/vm/interp/Stack.cpp

static bool dvmPushInterpFrame(Thread* self, const Method* method)
{
    StackSaveArea* saveBlock;
    StackSaveArea* breakSaveBlock;
    int stackReq;
    u1* stackPtr;

    assert(!dvmIsNativeMethod(method));
    assert(!dvmIsAbstractMethod(method));

    //新帧的大小
    stackReq = method->registersSize * 4        // params + locals
                + sizeof(StackSaveArea) * 2     // break frame + regular frame
                + method->outsSize * 4;         // args to other methods

    if (self->interpSave.curFrame != NULL)
        stackPtr = (u1*) SAVEAREA_FROM_FP(self->interpSave.curFrame);
    else
        stackPtr = self->interpStackStart;

    //判断是否已经超过帧栈大小，超过则出错
    if (stackPtr - stackReq < self->interpStackEnd) {
        /* not enough space */
        ALOGW("Stack overflow on call to interp "
             "(req=%d top=%p cur=%p size=%d %s.%s)",
            stackReq, self->interpStackStart, self->interpSave.curFrame,
            self->interpStackSize, method->clazz->descriptor, method->name);
        dvmHandleStackOverflow(self, method);
        assert(dvmCheckException(self));
        return false;
    }

    //==============以下进行新帧的创建及指针的对应跳转============
    /*
     * Shift the stack pointer down, leaving space for the function's
     * args/registers and save area.
     */
    stackPtr -= sizeof(StackSaveArea);
    breakSaveBlock = (StackSaveArea*)stackPtr;
    stackPtr -= method->registersSize * 4 + sizeof(StackSaveArea);
    saveBlock = (StackSaveArea*) stackPtr;

#if !defined(NDEBUG) && !defined(PAD_SAVE_AREA)
    /* debug -- memset the new stack, unless we want valgrind's help */
    memset(stackPtr - (method->outsSize*4), 0xaf, stackReq);
#endif
#ifdef EASY_GDB
    breakSaveBlock->prevSave =
       (StackSaveArea*)FP_FROM_SAVEAREA(self->interpSave.curFrame);
    saveBlock->prevSave = breakSaveBlock;
#endif

    //==========================================================

    breakSaveBlock->prevFrame = self->interpSave.curFrame;
    breakSaveBlock->savedPc = NULL;             // not required
    breakSaveBlock->xtra.localRefCookie = 0;    // not required
    breakSaveBlock->method = NULL;
    saveBlock->prevFrame = FP_FROM_SAVEAREA(breakSaveBlock);
    saveBlock->savedPc = NULL;                  // not required
    saveBlock->xtra.currentPc = NULL;           // not required?
    saveBlock->method = method;

    LOGVV("PUSH frame: old=%p new=%p (size=%d)",
        self->interpSave.curFrame, FP_FROM_SAVEAREA(saveBlock),
        (u1*)self->interpSave.curFrame - (u1*)FP_FROM_SAVEAREA(saveBlock));

    //设置新的当前帧
    self->interpSave.curFrame = FP_FROM_SAVEAREA(saveBlock);

    return true;
}

创建帧的过程及指针的变化情况可以参考下图：

由此，容易看出其后写入参数的过程：

/* "ins" for new frame start at frame pointer plus locals */
ins = ((s4*)self->interpSave.curFrame) +	//interpSave是定义在/dalvik/vm/interp/InterpState.h上的InterpSaveState结构体
		//interpSave.curFrame指向的是当前Dalvik虚拟机线程的帧栈顶部
    (method->registersSize - method->insSize);

......

/*
 * 将参数入栈，ins是一个参数栈
 */
DataObject** args = (DataObject**)(void*)argList->contents;	//获取到参数对象的起始指针对象
ClassObject** types = (ClassObject**)(void*)params->contents;	//获取到参数对象的类型的起始指针对象
for (int i = 0; i < argListLength; i++) {	//遍历参数
    int width = dvmConvertArgument(*args++, *types++, ins);	//转换参数类型，该原生转内部的或者装装箱的，顺便检查类型是否匹配，ins指向当前的参数对象
    if (width < 0) {
        dvmPopFrame(self);      // throw wants to pull PC out of stack
        needPop = false;
        throwArgumentTypeMismatch(i, *(types-1), *(args-1));
        goto bail;
    }

    ins += width;
    verifyCount += width;
}

实际上是把 self-interpSave.curFrame指针往上移动( method->registersSize - method->insSize )个位置，然后写入传入的参数。

接着，对于非Native方法，执行dvmInterpret函数，interpret包含了选定执行直译器与执行具体代码的功能。

//dalvik/vm/interp/Interp.cpp

void dvmInterpret(Thread* self, const Method* method, JValue* pResult)
{
    InterpSaveState interpSaveState;
    ExecutionSubModes savedSubModes;

#if defined(WITH_JIT)
    /* Target-specific save/restore */
    double calleeSave[JIT_CALLEE_SAVE_DOUBLE_COUNT];
    /*
     * If the previous VM left the code cache through single-stepping the
     * inJitCodeCache flag will be set when the VM is re-entered (for example,
     * in self-verification mode we single-step NEW_INSTANCE which may re-enter
     * the VM through findClassFromLoaderNoInit). Because of that, we cannot
     * assert that self->inJitCodeCache is NULL here.
     */
#endif

    //将原interpSave保存到别的地方（此处相当于创建）
    interpSaveState = self->interpSave;
    self->interpSave.prev = &interpSaveState;
    /*
     * Strip out and save any flags that should not be inherited by
     * nested interpreter activation.
     */
    savedSubModes = (ExecutionSubModes)(
              self->interpBreak.ctl.subMode & LOCAL_SUBMODE);
    if (savedSubModes != kSubModeNormal) {
        dvmDisableSubMode(self, savedSubModes);
    }
#if defined(WITH_JIT)
    dvmJitCalleeSave(calleeSave);
#endif

#if defined(WITH_TRACKREF_CHECKS)
    self->interpSave.debugTrackedRefStart =
        dvmReferenceTableEntries(&self->internalLocalRefTable);
#endif
    self->debugIsMethodEntry = true;
#if defined(WITH_JIT)
    dvmJitCalleeSave(calleeSave);
    /* Initialize the state to kJitNot */
    self->jitState = kJitNot;
#endif

    //开始注册新的Interpreter状态
    self->interpSave.method = method;
    self->interpSave.curFrame = (u4*) self->interpSave.curFrame;
    self->interpSave.pc = method->insns;	//method->insns指向的是method的code，即可执行代码的起始，PC指向的是下一条指令执行的地方

    assert(!dvmIsNativeMethod(method));

    /*
     * Make sure the class is ready to go.  Shouldn't be possible to get
     * here otherwise.
     */
    if (method->clazz->status < CLASS_INITIALIZING ||
        method->clazz->status == CLASS_ERROR)
    {
        ALOGE("ERROR: tried to execute code in unprepared class '%s' (%d)",
            method->clazz->descriptor, method->clazz->status);
        dvmDumpThread(self, false);
        dvmAbort();
    }

    //针对Interpreter的设定选用Interpreter的类型
    //Android的Interpreter有两类，fast与portable，默认是fastInterpreter
    typedef void (*Interpreter)(Thread*);
    Interpreter stdInterp;
    if (gDvm.executionMode == kExecutionModeInterpFast)
        stdInterp = dvmMterpStd;
#if defined(WITH_JIT)
    else if (gDvm.executionMode == kExecutionModeJit)
        stdInterp = dvmMterpStd;
#endif
    else
        stdInterp = dvmInterpretPortable;

    // 开始指令执行动作
    (*stdInterp)(self);

    //获取结果并返回
    *pResult = self->interpSave.retval;

    // 恢复原来的interpSaveState状态
    self->interpSave = interpSaveState;
#if defined(WITH_JIT)
    dvmJitCalleeRestore(calleeSave);
#endif
    if (savedSubModes != kSubModeNormal) {
        dvmEnableSubMode(self, savedSubModes);
    }
}

如此，需要执行的方法就完成执行，并返回结果了。

以上只分析了执行java方法的过程，执行native方法的还未进行分析，以上暂当记录，日后补充。

参考

http://blog.csdn.net/powq2009/article/details/8949887
http://blog.csdn.net/luoshengyang/article/details/41822747

dalvik/vm/oo/Object.h
dalvik/vm/native/java_lang_Class.cpp
dalvik/vm/native/java_lang_reflect_Method.cpp
dalvik/vm/reflect/Reflect.cpp
dalvik/vm/interp/Stack.cpp
dalvik/libdex/DexClass.h
dalvik/vm/interp/Interp.cpp
dalvik/vm/interp/InterpState.h

method

method.EAP.tar