Android Binder 调用栈

发布时间:2023年12月17日

Java Binder 调用栈

发起 binder 请求

  native: #00 pc 000000000006e1c4  /system/lib64/libc.so (__ioctl+4)
  native: #01 pc 00000000000290d0  /system/lib64/libc.so (ioctl+136)
  native: #02 pc 000000000005a5e4  /system/lib64/libbinder.so (android::IPCThreadState::talkWithDriver(bool)+256)
  native: #03 pc 000000000005b48c  /system/lib64/libbinder.so (android::IPCThreadState::waitForResponse(android::Parcel*, int*)+340)
  native: #04 pc 000000000005b1c0  /system/lib64/libbinder.so (android::IPCThreadState::transact(int, unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+176)
  native: #05 pc 0000000000051318  /system/lib64/libbinder.so (android::BpBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+72)
  native: #06 pc 000000000012f970  /system/lib64/libandroid_runtime.so (android_os_BinderProxy_transact(_JNIEnv*, _jobject*, int, _jobject*, _jobject*, int)+152)
  at android.os.BinderProxy.transactNative(Native method)
  at android.os.BinderProxy.transact(Binder.java:1127)
  at android.os.ServiceManagerProxy.getService(ServiceManagerNative.java:125)
  at android.os.ServiceManager.rawGetService(ServiceManager.java:253)
  at android.os.ServiceManager.getService(ServiceManager.java:124)
  at android.telephony.SubscriptionManager.getDefaultDataSubscriptionId(SubscriptionManager.java:1381)

从 android.os.BinderProxy.transact 方法起手,到 android::IPCThreadState::waitForResponse,表示这是一个阻塞的 binder,再到 android::IPCThreadState::talkWithDriver,调用到 talkWithDriver 就说明正在和 binder 驱动交互了

接受 binder 请求

"Binder:1270_2" prio=5 tid=9 Blocked
  | group="main" sCount=1 dsCount=0 flags=1 obj=0x12c403c0 self=0x74cc13a000
  | sysTid=1301 nice=0 cgrp=default sched=0/0 handle=0x74aeac84f0
  | state=S schedstat=( 967786174 2041516626 7827 ) utm=54 stm=42 core=0 HZ=100
  | stack=0x74ae9cd000-0x74ae9cf000 stackSize=1009KB
  | held mutexes=
  at com.android.server.am.ActivityManagerService.isUserAMonkey(ActivityManagerService.java:14253)
  - waiting to lock <0x09e15d64> (a com.android.server.am.ActivityManagerService) held by thread 120
  at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:1200)
  at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:3498)
  at android.os.Binder.execTransact(Binder.java:731)

从 android.os.Binder.execTransact 起手,到 AIDL 生成文件的 onTransact 方法,再到 Stub 子类的 onTransact 方法,再到具体的 AIDL 实现

Native Binder 调用栈

发起 Binder 请求

  native: #00 pc 000000000006e1c4  /system/lib64/libc.so (__ioctl+4)
  native: #01 pc 00000000000290d0  /system/lib64/libc.so (ioctl+136)
  native: #02 pc 000000000005a5e4  /system/lib64/libbinder.so (android::IPCThreadState::talkWithDriver(bool)+256)
  native: #03 pc 000000000005b374  /system/lib64/libbinder.so (android::IPCThreadState::waitForResponse(android::Parcel*, int*)+60)
  native: #04 pc 000000000005b1c0  /system/lib64/libbinder.so (android::IPCThreadState::transact(int, unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+176)
  native: #05 pc 0000000000051318  /system/lib64/libbinder.so (android::BpBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+72)
  native: #06 pc 0000000000074324  /system/lib64/libgui.so (android::BpGraphicBufferProducer::dequeueBuffer(int*, android::sp<android::Fence>*, unsigned int, unsigned int, int, unsigned long, unsigned long*, android::FrameEventHistoryDelta*)+208)
  native: #07 pc 000000000008492c  /system/lib64/libgui.so (android::Surface::dequeueBuffer(ANativeWindowBuffer**, int*)+388)

与 java 层大体类似,只是不需要 JNI 到 android::BpBinder::transact 了,Native 层可直接调用到 android::BpBinder::transact 然后调用 waitForResponse 阻塞线程

等待 Binder 请求

"Binder:4348_1" prio=5 tid=4 Native
 | group="main" sCount=1 dsCount=0 flags=1 obj=0x13b002a8 self=0x74c5015800
 | sysTid=4363 nice=0 cgrp=default sched=0/0 handle=0x74b1a3c4f0
 | state=S schedstat=( 20542242 92802343 324 ) utm=0 stm=2 core=2 HZ=100
 | stack=0x74b1941000-0x74b1943000 stackSize=1009KB
 | held mutexes=
 kernel: (couldn't read /proc/self/task/4363/stack)
 native: #00 pc 000000000006e1c4  /system/lib64/libc.so (__ioctl+4)
 native: #01 pc 00000000000290d0  /system/lib64/libc.so (ioctl+136)
 native: #02 pc 000000000005a5e4  /system/lib64/libbinder.so (android::IPCThreadState::talkWithDriver(bool)+256)
 native: #03 pc 000000000005a7b8  /system/lib64/libbinder.so (android::IPCThreadState::getAndExecuteCommand()+24)
 native: #04 pc 000000000005af04  /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+60)
 native: #05 pc 000000000007b56c  /system/lib64/libbinder.so (android::PoolThread::threadLoop()+24)
 native: #06 pc 000000000000f9d8  /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+280)
 native: #07 pc 00000000000b50e0  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+140)
 native: #08 pc 00000000000819b4  /system/lib64/libc.so (__pthread_start(void*)+36)
 native: #09 pc 0000000000023478  /system/lib64/libc.so (__start_thread+68)
 (no managed stack frames)

在等待 Binder 请求的标记是调用栈停在 getAndExecuteCommand,但没调用 executeCommand 方法

接收 Binder 请求

"Binder:784_5" sysTid=1251
 #00 pc 000000000001f02c  /system/lib64/libc.so (syscall+28)
 #01 pc 000000000002217c  /system/lib64/libc.so (__futex_wait_ex(void volatile*, bool, int, bool, timespec const*)+140)
 #02 pc 0000000000080ef8  /system/lib64/libc.so (pthread_cond_wait+60)
 #03 pc 000000000005dde8  /system/lib64/libgui.so (android::BufferQueueProducer::waitForFreeSlotThenRelock(android::BufferQueueProducer::FreeSlotCaller, int*) const+808)
 #04 pc 000000000005dfc8  /system/lib64/libgui.so (android::BufferQueueProducer::dequeueBuffer(int*, android::sp<android::Fence>*, unsigned int, unsigned int, int, unsigned long, unsigned long*, android::FrameEventHistoryDelta*)+380)
 #05 pc 0000000000072f08  /system/lib64/libgui.so (android::BnGraphicBufferProducer::onTransact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+1208)
 #06 pc 000000000004fa60  /system/lib64/libbinder.so (android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+136)
 #07 pc 000000000005ab00  /system/lib64/libbinder.so (android::IPCThreadState::executeCommand(int)+520)
 #08 pc 000000000005a83c  /system/lib64/libbinder.so (android::IPCThreadState::getAndExecuteCommand()+156)
 #09 pc 000000000005af04  /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+60)
 #10 pc 000000000007b56c  /system/lib64/libbinder.so (android::PoolThread::threadLoop()+24)
 #11 pc 000000000000f9d8  /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+280)
 #12 pc 00000000000819b4  /system/lib64/libc.so (__pthread_start(void*)+36)
 #13 pc 0000000000023478  /system/lib64/libc.so (__start_thread+68)

Native层接受到 Binder 请求后会通过 getAndExecuteCommand 方法获取并解析数据,然后调用 executeCommand 方法根据其方法序号给 android::BBinder::transact 方法分配给对应的实现方法

文章来源:https://blog.csdn.net/lzs781/article/details/134988972
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。
最新文章