InMemoryDexClassLoader加载内存dex的流程

Android 8新增了InMemoryDexClassLoader，专门用于加载内存dex，依旧以15的r3为例

InMemoryDexClassLoader

InMemoryDexClassLoader 是一个继承自 BaseDexClassLoader 的类，用于在运行时从内存中加载 Dex 文件，而无需将其存储到磁盘。它主要用于动态加载字节缓冲区中的类。

//libcore/dalvik/src/main/java/dalvik/system/InMemoryDexClassLoader.java
public final class InMemoryDexClassLoader extends BaseDexClassLoader {
//调用父类 BaseDexClassLoader 的构造方法，用传入的 Dex 缓冲区、库路径和父加载器进行初始化。该方法支持多个 Dex 文件的加载。
    public InMemoryDexClassLoader(@NonNull ByteBuffer @NonNull [] dexBuffers,
            @Nullable String librarySearchPath, @Nullable ClassLoader parent) {
        super(dexBuffers, librarySearchPath, parent);
    }

//重载了第一个构造方法，但将 librarySearchPath 设置为 null。适用于无需加载本地库的场景。    
    public InMemoryDexClassLoader(@NonNull ByteBuffer @NonNull [] dexBuffers,@Nullable ClassLoader parent) {
        this(dexBuffers, null, parent);
    }
    
//重载了第二个构造方法，适用于加载单个 Dex 文件。自动将单个 ByteBuffer 封装成数组，调用第二个构造方法。  
    public InMemoryDexClassLoader(@NonNull ByteBuffer dexBuffer, @Nullable ClassLoader parent) {
        this(new ByteBuffer[] { dexBuffer }, parent);
    }
}

我们来看看父类的BaseDexClassLoader构造方法

//libcore/dalvik/src/main/java/dalvik/system/InMemoryDexClassLoader.java
public class BaseDexClassLoader extends ClassLoader {
...
    public BaseDexClassLoader(ByteBuffer[] dexFiles, String librarySearchPath, ClassLoader parent) {
        super(parent);
        this.sharedLibraryLoaders = null;
        this.sharedLibraryLoadersAfter = null;
        this.pathList = new DexPathList(this, librarySearchPath);
        //调用 DexPathList 的方法，初始化内存中的 Dex 文件路径。
        this.pathList.initByteBufferDexPath(dexFiles);
        // Run background verification after having set 'pathList'.
        this.pathList.maybeRunBackgroundVerification(this);//后台验证 Dex 文件。
    }

}

DexPathList()

//libcore/dalvik/src/main/java/dalvik/system/DexPathList.java
 public DexPathList(ClassLoader definingContext, String librarySearchPath) {
      //校验参数
        if (definingContext == null) {
            throw new NullPointerException("definingContext == null");
        }

        this.definingContext = definingContext;
     // 加载本地库
        this.nativeLibraryDirectories = splitPaths(librarySearchPath, false);
        this.systemNativeLibraryDirectories =splitPaths(System.getProperty("java.library.path"), true);
        this.nativeLibraryPathElements = makePathElements(getAllNativeLibraryDirectories());
    }

initByteBufferDexPath

//libcore/dalvik/src/main/java/dalvik/system/DexPathList.java
void initByteBufferDexPath(ByteBuffer[] dexFiles) {
...
    //创建 DexFile 并初始化 dexElements
    final List<IOException> suppressedExceptions = new ArrayList<IOException>();

    try {
        Element[] null_elements = null;
        //调用 DexFile 构造函数，将 ByteBuffer[] 转换为实际的 DexFile
        DexFile dex = new DexFile(dexFiles, definingContext, null_elements);
        //将 DexFile 封装为 Element 并存储到 dexElements。
        dexElements = new Element[] { new Element(dex) };
    } catch (IOException suppressed) {
        System.logE("Unable to load dex files", suppressed);
        suppressedExceptions.add(suppressed);
        dexElements = new Element[0];
    }

    if (suppressedExceptions.size() > 0) {
        dexElementsSuppressedExceptions = suppressedExceptions.toArray(
            new IOException[suppressedExceptions.size()]);
    }
}

DexFile

调用openInMemoryDexFile()方法，返回的cookie是用于操作dex文件的唯一凭证，可以理解为”身份码”。

//路径：libcore/dalvik/src/main/java/dalvik/system/DexFile.java
 DexFile(ByteBuffer[] bufs, ClassLoader loader, DexPathList.Element[] elements)
            throws IOException {
        mCookie = openInMemoryDexFiles(bufs, loader, elements);
        mInternalCookie = mCookie;
        mFileName = null;
    }

openInMemoryDexFile()

最后调用openInMemoryDexFilesNative

//路径：libcore/dalvik/src/main/java/dalvik/system/DexFile.java
private static Object openInMemoryDexFiles(ByteBuffer[] bufs, ClassLoader loader,
                                           DexPathList.Element[] elements) throws IOException {
    // Preprocess the ByteBuffers for openInMemoryDexFilesNative. We extract
    // the backing array (non-direct buffers only) and start/end positions
    // so that the native method does not have to call Java methods anymore.
    byte[][] arrays = new byte[bufs.length][];
    int[] starts = new int[bufs.length];
    int[] ends = new int[bufs.length];
    for (int i = 0; i < bufs.length; ++i) {
        arrays[i] = bufs[i].isDirect() ? null : bufs[i].array();
        starts[i] = bufs[i].position();
        ends[i] = bufs[i].limit();
    }
    return openInMemoryDexFilesNative(bufs, arrays, starts, ends, loader, elements);
}

openInMemoryDexFilesNative

//art/runtime/native/dalvik_system_DexFile.cc
static jobject DexFile_openInMemoryDexFilesNative(JNIEnv* env,
                                                  jclass,
                                                  jobjectArray buffers,
                                                  jobjectArray arrays,
                                                  jintArray jstarts,
                                                  jintArray jends,
                                                  jobject class_loader,
                                                  jobjectArray dex_elements) {
...
  // 分配内存并复制数据
...

  // 加载 .dex 文件
  std::vector<std::string> error_msgs;
  const OatFile* oat_file = nullptr;
  std::vector<std::unique_ptr<const DexFile>> dex_files =
      Runtime::Current()->GetOatFileManager().OpenDexFilesFromOat(std::move(dex_mem_maps),
                                                                  class_loader,
                                                                  dex_elements,
                                                                  /*out*/ &oat_file,
                                                                  /*out*/ &error_msgs);
   //将 dex_files 和 oat_file 的加载结果打包成一个 JNI 可返回的对象（通常是句柄或引用）。
  return CreateCookieFromOatFileManagerResult(env, dex_files, oat_file, error_msgs);
}

CreateCookieFromOatFileManagerResult

用于根据加载 .dex 文件的结果，创建一个供 Java 层使用的句柄（通常是一个 jlongArray，表示加载的 .dex 文件的句柄）。其主要职责是处理加载结果中的异常情况，或者将成功加载的 DexFile 信息转换为一个数组返回给 Java。

//art/runtime/native/dalvik_system_DexFile.cc
static jobject CreateCookieFromOatFileManagerResult(
    JNIEnv* env,
    std::vector<std::unique_ptr<const DexFile>>& dex_files,
    const OatFile* oat_file,
    const std::vector<std::string>& error_msgs) {
  ClassLinker* linker = Runtime::Current()->GetClassLinker();
  if (dex_files.empty()) {
  ...
  }
  jlongArray array = ConvertDexFilesToJavaArray(env, oat_file, dex_files);
  ...
  return array;
}

OpenDexFilesFromOat

它的主要作用是解析 OAT 文件并提取出嵌入的 DEX 文件，为后续的类加载过程服务

//路径：art/runtime/oat/oat_file_manager.cc
std::vector<std::unique_ptr<const DexFile>> OatFileManager::OpenDexFilesFromOat(
    const char* dex_location,
    jobject class_loader,
    jobjectArray dex_elements,
    const OatFile** out_oat_file,
    std::vector<std::string>* error_msgs) {
  ScopedTrace trace(StringPrintf("%s(%s)", __FUNCTION__, dex_location));
  CHECK(dex_location != nullptr);
  CHECK(error_msgs != nullptr);
    
  std::vector<std::unique_ptr<const DexFile>> dex_files;//定义一个存储 DexFile 的动态数组
  std::unique_ptr<ClassLoaderContext> context(
      ClassLoaderContext::CreateContextForClassLoader(class_loader, dex_elements));//定义一个指向 ClassLoaderContext 对象的 unique_ptr

  //创建了一个 OatFileAssistant 对象
  if (class_loader == nullptr) {
    LOG(WARNING) << "Opening an oat file without a class loader. "
                 << "Are you using the deprecated DexFile APIs?";
  } else if (context != nullptr) {
    auto oat_file_assistant = std::make_unique<OatFileAssistant>(dex_location,
                                                                 kRuntimeISA,
                                                                 context.get(),
                                                                 runtime->GetOatFilesExecutable(),
                                                                 only_use_system_oat_files_);

...
    // 使用 OatFileAssistant 来选择最佳的 .oat 文件
    std::unique_ptr<const OatFile> oat_file(oat_file_assistant->GetBestOatFile().release());
    VLOG(oat) << "OatFileAssistant(" << dex_location << ").GetBestOatFile()="
              << (oat_file != nullptr ? oat_file->GetLocation() : "")
              << " (executable=" << (oat_file != nullptr ? oat_file->IsExecutable() : false) << ")";
...
    
      if (!added_image_space) {
        DCHECK(dex_files.empty());
...//OAT文件的优化
      // 从指定的 .oat 文件中加载 DEX 文件
        if (oat_file != nullptr) {
          dex_files = oat_file_assistant->LoadDexFiles(*oat_file.get(), dex_location);
            ...
        }
      }
      if (dex_files.empty()) {
        ScopedTrace failed_to_open_dex_files("FailedToOpenDexFilesFromOat");
        error_msgs->push_back("Failed to open dex files from " + odex_location);
      } else if (should_madvise) {
       //...dex文件优化
        }
      }
      if (oat_file != nullptr) {
        VLOG(class_linker) << "Registering " << oat_file->GetLocation();
        *out_oat_file = RegisterOatFile(std::move(oat_file));
      }
    } else {
      // oat_file == nullptr
      // 校验类路径中是否已经有正在加载的 dex 文件。
      // 如果是，则报告错误并提供当前堆栈跟踪。
      // 很可能开发人员并不打算这样做，因为这会浪费 // 性能和内存。
      // 性能和内存。
     ...
    }
  }

  //如果 Dex 文件加载失败，代码会尝试通过 ArtDexFileLoader 类重新加载，并提供详细的错误信息。
  if (dex_files.empty()) {
    std::string error_msg;
    static constexpr bool kVerifyChecksum = true;
    ArtDexFileLoader dex_file_loader(dex_location);
    if (!dex_file_loader.Open(Runtime::Current()->IsVerificationEnabled(),
                              kVerifyChecksum,
                              /*out*/ &error_msg,
                              &dex_files)) {
      ScopedTrace fail_to_open_dex_from_apk("FailedToOpenDexFilesFromApk");
      LOG(WARNING) << error_msg;
      error_msgs->push_back("Failed to open dex files from " + std::string(dex_location)
                            + " because: " + error_msg);
    }
  }
...
  return dex_files;
}

LoadDexFiles()

//art/runtime/oat/oat_file_assistant.cc
bool OatFileAssistant::LoadDexFiles(const OatFile& oat_file,
                                    const std::string& dex_location,
                                    std::vector<std::unique_ptr<const DexFile>>* out_dex_files) {
  // Load the main dex file.
  std::string error_msg;
  //通过oat_file.GetOatDexFile()获得oat、dex文件
  const OatDexFile* oat_dex_file = oat_file.GetOatDexFile(dex_location.c_str(), &error_msg);
  if (oat_dex_file == nullptr) {
    LOG(WARNING) << error_msg;
    return false;
  }
  //通过oat_dex_file->OpenDexFile()打开dex文件
  std::unique_ptr<const DexFile> dex_file = oat_dex_file->OpenDexFile(&error_msg); 
  if (dex_file.get() == nullptr) {
    LOG(WARNING) << "Failed to open dex file from oat dex file: " << error_msg;
    return false;
  }
    //添加dex文件到dex_files数组中
  out_dex_files->push_back(std::move(dex_file));

   // 看是否存在多个dex文件
  for (size_t i = 1;; i++) {
    std::string multidex_dex_location = DexFileLoader::GetMultiDexLocation(i, dex_location.c_str());
    oat_dex_file = oat_file.GetOatDexFile(multidex_dex_location.c_str());
    if (oat_dex_file == nullptr) {
      // There are no more multidex entries to load.
      break;
    }
    //打开第i个dex文件
    dex_file = oat_dex_file->OpenDexFile(&error_msg);
    if (dex_file.get() == nullptr) {
      LOG(WARNING) << "Failed to open dex file from oat dex file: " << error_msg;
      return false;
    }
    //添加dex文件到dex_files数组中
    out_dex_files->push_back(std::move(dex_file));
  }
  return true;
}

GetOatDexFile（）

//art/runtime/oat/oat_file.cc
const OatDexFile* OatFile::GetOatDexFile(const char* dex_location, std::string* error_msg) const {
   
  const OatDexFile* oat_dex_file = nullptr;
  std::string_view key(dex_location);
  //通过key在oat_dex_files_map中找到dex文件所在位置
  auto primary_it = oat_dex_files_.find(key);
  if (primary_it != oat_dex_files_.end()) {
    oat_dex_file = primary_it->second;
    DCHECK(oat_dex_file != nullptr);
  } else {
    // This dex_location is not one of the dex locations directly mentioned in the
    // oat file. The correct lookup is via the canonical location but first see in
    // the secondary_oat_dex_files_ whether we've looked up this location before.
    MutexLock mu(Thread::Current(), secondary_lookup_lock_);
    auto secondary_lb = secondary_oat_dex_files_.lower_bound(key);
    if (secondary_lb != secondary_oat_dex_files_.end() && key == secondary_lb->first) {
      oat_dex_file = secondary_lb->second;  // May be null.
    } else {
      // We haven't seen this dex_location before, we must check the canonical location.
      std::string dex_canonical_location = DexFileLoader::GetDexCanonicalLocation(dex_location);
      if (dex_canonical_location != dex_location) {
        std::string_view canonical_key(dex_canonical_location);
        auto canonical_it = oat_dex_files_.find(canonical_key);
        if (canonical_it != oat_dex_files_.end()) {
          oat_dex_file = canonical_it->second;
        }  // else keep null.
      }  // else keep null.

      // Copy the key to the string_cache_ and store the result in secondary map.
      string_cache_.emplace_back(key.data(), key.length());
      std::string_view key_copy(string_cache_.back());
      secondary_oat_dex_files_.PutBefore(secondary_lb, key_copy, oat_dex_file);
    }
  }
  if (oat_dex_file == nullptr) {
    if (error_msg != nullptr) {
      std::string dex_canonical_location = DexFileLoader::GetDexCanonicalLocation(dex_location);
      *error_msg = "Failed to find OatDexFile for DexFile " + std::string(dex_location)
          + " (canonical path " + dex_canonical_location + ") in OatFile " + GetLocation();
    }
    return nullptr;
  }

  return oat_dex_file;
}

OatDexFile::OpenDexFile

//art/runtime/oat/oat_file.cc
std::unique_ptr<const DexFile> OatDexFile::OpenDexFile(std::string* error_msg) const {
  ScopedTrace trace(__PRETTY_FUNCTION__);
  static constexpr bool kVerify = false;
  static constexpr bool kVerifyChecksum = false;
  ArtDexFileLoader dex_file_loader(dex_file_container_, dex_file_location_);
  return dex_file_loader.OpenOne(dex_file_pointer_ - dex_file_container_->Begin(),
                                 dex_file_location_checksum_,
                                 this,
                                 kVerify,
                                 kVerifyChecksum,
                                 error_msg);
}

dex_file_loader.OpenOne

//art/libdexfile/dex/dex_file_loader.cc
std::unique_ptr<const DexFile> DexFileLoader::OpenOne(size_t header_offset,
                                                      uint32_t location_checksum,
                                                      const OatDexFile* oat_dex_file,
                                                      bool verify,
                                                      bool verify_checksum,
                                                      std::string* error_msg) {
    //记录操作范围
  DEXFILE_SCOPED_TRACE(std::string("Open dex file ") + location_);

  uint32_t magic;
  if (!InitAndReadMagic(header_offset, &magic, error_msg) || !MapRootContainer(error_msg)) {
    DCHECK(!error_msg->empty());
    return {};
  }
    //验证根容器
  DCHECK(root_container_ != nullptr);
  DCHECK_LE(header_offset, root_container_->Size());
    //加载DEX文件内容
  std::unique_ptr<const DexFile> dex_file = OpenCommon(root_container_,
                                                       root_container_->Begin() + header_offset,
                                                       root_container_->Size() - header_offset,
                                                       location_,
                                                       location_checksum,
                                                       oat_dex_file,
                                                       verify,
                                                       verify_checksum,
                                                       error_msg,
                                                       nullptr);
  return dex_file;
}

DexFileLoader::OpenCommon

//art/libdexfile/dex/dex_file_loader.cc
std::unique_ptr<DexFile> DexFileLoader::OpenCommon(std::shared_ptr<DexFileContainer> container,//指向包含DEX文件数据的容器对象
                                                   const uint8_t* base,//指向文件数据的起始地址。
                                                   size_t app_compat_size,//与应用兼容的文件大小。
                                                   const std::string& location,//表示DEX文件的位置路径。
                                                   std::optional<uint32_t> location_checksum,//文件的校验和（可选值）。
                                                   const OatDexFile* oat_dex_file,//关联的OatDexFile对象。
                                                   bool verify,//是否启用DEX文件验证。
                                                   bool verify_checksum,//是否校验文件的校验和。
                                                   std::string* error_msg,//指向用于存储错误消息的字符串指针。
                                                   DexFileLoaderErrorCode* error_code//指向用于存储错误代码的指针。
                                                  ) {
    //容器的初始化
  if (container == nullptr) {
    // We should never pass null here, but use reasonable default for app compat anyway.
    container = std::make_shared<MemoryDexFileContainer>(base, app_compat_size);
  }
  CHECK_GE(base, container->Begin());
  CHECK_LE(base, container->End());
  const size_t size = container->End() - base;
  if (error_code != nullptr) {
    *error_code = DexFileLoaderErrorCode::kDexFileError;
  }
    //创建DEX文件实例
  std::unique_ptr<DexFile> dex_file;
  auto header = reinterpret_cast<const DexFile::Header*>(base);
  if (size >= sizeof(StandardDexFile::Header) && StandardDexFile::IsMagicValid(base)) {
    uint32_t checksum = location_checksum.value_or(header->checksum_);
    dex_file.reset(new StandardDexFile(base, location, checksum, oat_dex_file, container));
  } else if (size >= sizeof(CompactDexFile::Header) && CompactDexFile::IsMagicValid(base)) {
    uint32_t checksum = location_checksum.value_or(header->checksum_);
    dex_file.reset(new CompactDexFile(base, location, checksum, oat_dex_file, container));
  } else {
    *error_msg = StringPrintf("Invalid or truncated dex file '%s'", location.c_str());
  }
  if (dex_file == nullptr) {
    *error_msg =
        StringPrintf("Failed to open dex file '%s': %s", location.c_str(), error_msg->c_str());
    return nullptr;
  }
   //文件初始化
  if (!dex_file->Init(error_msg)) {
    dex_file.reset();
    return nullptr;
  }
  //可选校验
  if (verify && !dex_file->IsCompactDexFile()) {
    DEXFILE_SCOPED_TRACE(std::string("Verify dex file ") + location);
    if (!dex::Verify(dex_file.get(), location.c_str(), verify_checksum, error_msg)) {
      if (error_code != nullptr) {
        *error_code = DexFileLoaderErrorCode::kVerifyError;
      }
      return nullptr;
    }
  }
  if (error_code != nullptr) {
    *error_code = DexFileLoaderErrorCode::kNoError;
  }
  return dex_file;
}

从这里可以看出，不管是DexClassLoader、PathClassLoader，还是InMemoryDexClassLoader，尽管它们的流程可能会不太一样，但最终都会调用OpenCommon()方法创建dexfile，而且该方法的参数含有dex的起始地址（base）和大小（size），因此这里可以作为一个非常好的脱壳点。

安卓类加载器补充InMemoryDexClassLoader

InMemoryDexClassLoader加载内存dex的流程