- 静态库
(1)类型:.a .lib
(2) 加载时机:在链接阶段会将汇编生产的目标与引用的库一起链接打包到可执行文件当中
(3)优势:开发者可以自己开发定义 - 动态库
(1)类型:framework .so .dll
(2) 加载时机:在需要时链接到程序里,是不在可执行文件里的,手机里所有的应用程序都 共享一份动态库
(3)优势:
a、共享内容,节省资源
b、减少打包之后的App包的大小
c、通过更新动态库,达到更行程序的目的
d、常见的:UIKit, libdispatch,libobjc.dyld
问题:App 启动时怎么加载的呢?
我们知道程序的入口函数是main,那么是谁调用的main函数呢?
我们不妨运行个app在main函数中打个断点,点击左侧的start,看右侧的汇编语言部分
libdyld.dylib`start:
0x7fff519b910c <+0>: nop
0x7fff519b910d <+1>: movl %eax, %edi
0x7fff519b910f <+3>: callq 0x7fff519e34ae ; symbol stub for: exit
0x7fff519b9114 <+8>: hlt
0x7fff519b9115 <+9>: nop
入口函数就是libdyld的start 函数,此时我们添加一个load函数,在load处加一个端点,会是怎样呢
start函数dyldbootstrap::start,在此之前系统已经做了很多操作,最上面是_dyld_start:那就下载dyld的源码看看这个函数到底做了什么源码地址
找到_dyld_start在arm64下的实现及上图,通过注释我们发现,就是跳转到dyldbootstrap::start函数,这个函数跟我们在load断点处看的的star汇编里面一模一样。
搜索start函数
uintptr_t start(const dyld3::MachOLoaded* appsMachHeader, int argc, const char* argv[],
const dyld3::MachOLoaded* dyldsMachHeader, uintptr_t* startGlue)
{
...
return dyld::_main((macho_header*)appsMachHeader, appsSlide, argc, argv, envp, apple, startGlue);
}
大致看了一下start()函数,虽说是看不懂吧,但大致可以看出来是做一些初始化工作,然后返回时调用_main()函数,看到main函数就很亲切了,他就是程序的入口
我们进入main函数看看,函数太长了 分开分析,它主要做了一下事情:
1 根据MachOHeader(可执行二进制文件头)搞事情,我也不知道搞了什么事情,但文件头嘛,主要起到文件识别的作用。
2 设置上下文。
3 读取可执行文件路径和名称。
4 检查环境变量并根据环境变量做一些设置等(通常我们不会设置环境变量,因此这些代码暂时不用关心)
5 加载共享缓存
6 将dyld本身添加到镜像列表中
7 reloadAllImages,加载所有镜像
8 initializeMainExecutable()初始化主程序。
9 获取主程序main()入口并返回。
uintptr_t
_main(const macho_header* mainExecutableMH, uintptr_t mainExecutableSlide,
int argc, const char* argv[], const char* envp[], const char* apple[],
uintptr_t* startGlue)
环境变量相关处理
加载共享缓存
将dyld本身添加镜像列表中
![]()
添加到镜像列表
加载镜像文件--reloadAllImags
其实我们想看的是image是怎么加载的,这个image不是图片的意思,是镜像文件的意思
instantiateFromLoadedImage在这个函数里内核会映射到主要可执行文件中,我们需要为已经映射到主可执行文件中的文件创建一个ImageLoader *
进入函数看看
static ImageLoaderMachO* instantiateFromLoadedImage(const macho_header* mh, uintptr_t slide, const char* path)
{
// try mach-o loader
if ( isCompatibleMachO((const uint8_t*)mh, path) ) {
ImageLoader* image = ImageLoaderMachO::instantiateMainExecutable(mh, slide, path, gLinkContext);
addImage(image);
return (ImageLoaderMachO*)image;
}
throw "main executable not a known format";
}
此处是将image加载进来,并且image是从instantiateMainExecutable返回的,然后我们进入到instantiateMainExecutable函数
//为主执行文件创建镜像
ImageLoader* ImageLoaderMachO::instantiateMainExecutable(const macho_header* mh, uintptr_t slide, const char* path, const LinkContext& context)
{
//dyld::log("ImageLoader=%ld, ImageLoaderMachO=%ld, ImageLoaderMachOClassic=%ld, ImageLoaderMachOCompressed=%ld\n",
// sizeof(ImageLoader), sizeof(ImageLoaderMachO), sizeof(ImageLoaderMachOClassic), sizeof(ImageLoaderMachOCompressed));
bool compressed;
unsigned int segCount;
unsigned int libCount;
const linkedit_data_command* codeSigCmd;
const encryption_info_command* encryptCmd;
sniffLoadCommands(mh, path, false, &compressed, &segCount, &libCount, context, &codeSigCmd, &encryptCmd);
// instantiate concrete class based on content of load commands
if ( compressed )
return ImageLoaderMachOCompressed::instantiateMainExecutable(mh, slide, path, segCount, libCount, context);
else
#if SUPPORT_CLASSIC_MACHO
return ImageLoaderMachOClassic::instantiateMainExecutable(mh, slide, path, segCount, libCount, context);
#else
throw "missing LC_DYLD_INFO load command";
#endif
}
然后我们进入到sniffLoadCommands函数,方法太长大家可以自己看这里就不上源码了
void ImageLoaderMachO::sniffLoadCommands(const macho_header* mh, const char* path, bool inCache, bool* compressed,
unsigned int* segCount, unsigned int* libCount, const LinkContext& context,
const linkedit_data_command** codeSigCmd,
const encryption_info_command** encryptCmd)
根据注释,我们知道这个函数是用来确定mach-o文件的
通过mach-o分析应用的可执行文件可以发现在load_command里面是存放所有的库和镜像文件
插入库
继续往下看
我们会看到loadInsertedDylib,根据函数名我们就知道这个是插入动态库的意思,并且此处是遍历动态库,将动态库插入到应用中
根据上下文将动态库读取成镜像文件
static void loadInsertedDylib(const char* path)
{
unsigned cacheIndex;
try {
LoadContext context;
context.useSearchPaths = false;
context.useFallbackPaths = false;
context.useLdLibraryPath = false;
context.implicitRPath = false;
context.matchByInstallName = false;
context.dontLoad = false;
context.mustBeBundle = false;
context.mustBeDylib = true;
context.canBePIE = false;
context.origin = NULL; // can't use @loader_path with DYLD_INSERT_LIBRARIES
context.rpath = NULL;
load(path, context, cacheIndex);
}
catch (const char* msg) {
if ( gLinkContext.allowInsertFailures )
dyld::log("dyld: warning: could not load inserted library '%s' into hardened process because %s\n", path, msg);
else
halt(dyld::mkstringf("could not load inserted library '%s' because %s\n", path, msg));
}
catch (...) {
halt(dyld::mkstringf("could not load inserted library '%s'\n", path));
}
}
到此镜像文件已经处理好了
链接---link
继续往下看
会发现link这个函数,从这段代码,我们会发现是变量镜像文件然后拿到ImageLoader,再link到二进制文件中
link完的下一步就是加载了,往下走,我们会发现调用了initializeMainExecutable函数,就是加载主函数启动程序了
进入到initializeMainExecutable
void initializeMainExecutable()
{
// record that we've reached this step
gLinkContext.startedInitializingMainExecutable = true;
// run initialzers for any inserted dylibs
ImageLoader::InitializerTimingList initializerTimes[allImagesCount()];
initializerTimes[0].count = 0;
const size_t rootCount = sImageRoots.size();
if ( rootCount > 1 ) {
for(size_t i=1; i < rootCount; ++i) {
sImageRoots[i]->runInitializers(gLinkContext, initializerTimes[0]);
}
}
// run initializers for main executable and everything it brings up
sMainExecutable->runInitializers(gLinkContext, initializerTimes[0]);
// register cxa_atexit() handler to run static terminators in all loaded images when this process exits
if ( gLibSystemHelpers != NULL )
(*gLibSystemHelpers->cxa_atexit)(&runAllStaticTerminators, NULL, NULL);
// dump info if requested
if ( sEnv.DYLD_PRINT_STATISTICS )
ImageLoader::printStatistics((unsigned int)allImagesCount(), initializerTimes[0]);
if ( sEnv.DYLD_PRINT_STATISTICS_DETAILS )
ImageLoaderMachO::printStatisticsDetails((unsigned int)allImagesCount(), initializerTimes[0]);
}
for循环便利镜像文件,然后每个镜像文件都会执行一下runInitializers函数,我们进入到runInitializers函数看看
void ImageLoader::runInitializers(const LinkContext& context, InitializerTimingList& timingInfo)
{
uint64_t t1 = mach_absolute_time();
mach_port_t thisThread = mach_thread_self();
ImageLoader::UninitedUpwards up;
up.count = 1;
up.imagesAndPaths[0] = { this, this->getPath() };
processInitializers(context, thisThread, timingInfo, up);
context.notifyBatch(dyld_image_state_initialized, false);
mach_port_deallocate(mach_task_self(), thisThread);
uint64_t t2 = mach_absolute_time();
fgTotalInitTime += (t2 - t1);
}
里面调用了processInitializers函数,比较特别,processInitializers实现会遍历加载进来的镜像文件image,然后将每个image初始化
void ImageLoader::processInitializers(const LinkContext& context, mach_port_t thisThread,
InitializerTimingList& timingInfo, ImageLoader::UninitedUpwards& images)
{
uint32_t maxImageCount = context.imageCount()+2;
ImageLoader::UninitedUpwards upsBuffer[maxImageCount];
ImageLoader::UninitedUpwards& ups = upsBuffer[0];
ups.count = 0;
// Calling recursive init on all images in images list, building a new list of
// uninitialized upward dependencies.
for (uintptr_t i=0; i < images.count; ++i) {
//初始化镜像文件
images.imagesAndPaths[i].first->recursiveInitialization(context, thisThread, images.imagesAndPaths[i].second, timingInfo, ups);
}
// If any upward dependencies remain, init them.
if ( ups.count > 0 )
processInitializers(context, thisThread, timingInfo, ups);
}
然后进入到recursiveInitialization
void ImageLoader::recursiveInitialization(const LinkContext& context, mach_port_t this_thread, const char* pathToInitialize,
InitializerTimingList& timingInfo, UninitedUpwards& uninitUps)
{
recursive_lock lock_info(this_thread);
recursiveSpinLock(lock_info);
if ( fState < dyld_image_state_dependents_initialized-1 ) {
uint8_t oldState = fState;
// break cycles
fState = dyld_image_state_dependents_initialized-1;
try {
// initialize lower level libraries first
for(unsigned int i=0; i < libraryCount(); ++i) {
ImageLoader* dependentImage = libImage(i);
if ( dependentImage != NULL ) {
// don't try to initialize stuff "above" me yet
if ( libIsUpward(i) ) {
uninitUps.imagesAndPaths[uninitUps.count] = { dependentImage, libPath(i) };
uninitUps.count++;
}
else if ( dependentImage->fDepth >= fDepth ) {
dependentImage->recursiveInitialization(context, this_thread, libPath(i), timingInfo, uninitUps);
}
}
}
// record termination order
if ( this->needsTermination() )
context.terminationRecorder(this);
// let objc know we are about to initialize this image
uint64_t t1 = mach_absolute_time();
fState = dyld_image_state_dependents_initialized;
oldState = fState;
context.notifySingle(dyld_image_state_dependents_initialized, this, &timingInfo);
// initialize this image
bool hasInitializers = this->doInitialization(context);
// let anyone know we finished initializing this image
fState = dyld_image_state_initialized;
oldState = fState;
context.notifySingle(dyld_image_state_initialized, this, NULL);
if ( hasInitializers ) {
uint64_t t2 = mach_absolute_time();
timingInfo.addTime(this->getShortName(), t2-t1);
}
}
catch (const char* msg) {
// this image is not initialized
fState = oldState;
recursiveSpinUnLock();
throw;
}
}
recursiveSpinUnLock();
}
函数中有doInitialization,我们继续看他做了什么
bool ImageLoaderMachO::doInitialization(const LinkContext& context)
{
CRSetCrashLogMessage2(this->getPath());
// mach-o has -init and static initializers
doImageInit(context);
doModInitFunctions(context);
CRSetCrashLogMessage2(NULL);
return (fHasDashInit || fHasInitializers);
}
里面调用了doModInitFunctions
然后在里面找到了libSystemInitialized,并且根据注释可以知道libSystem库必须是第一个初始化的,这样,在其他库调用它的时候它才存在
我们再去system库里找initializer函数,发现在initializer函数里面调用了_dyld_initializer函数,并且还调用了libdispatch_init
接着到libdispatch源码里面去找libdispatch_init,在里面找到了_os_object_init函数
继续看_os_object_init函数
void
_os_object_init(void)
{
_objc_init();
Block_callbacks_RR callbacks = {
sizeof(Block_callbacks_RR),
(void (*)(const void *))&objc_retain,
(void (*)(const void *))&objc_release,
(void (*)(const void *))&_os_objc_destructInstance
};
_Block_use_RR2(&callbacks);
#if DISPATCH_COCOA_COMPAT
const char *v = getenv("OBJC_DEBUG_MISSING_POOLS");
if (v) _os_object_debug_missing_pools = _dispatch_parse_bool(v);
v = getenv("DISPATCH_DEBUG_MISSING_POOLS");
if (v) _os_object_debug_missing_pools = _dispatch_parse_bool(v);
v = getenv("LIBDISPATCH_DEBUG_MISSING_POOLS");
if (v) _os_object_debug_missing_pools = _dispatch_parse_bool(v);
#endif
}
在这里面调用了_objc_init函数
我们在_objc_init发现,镜像文件最终是走到_dyld_objc_notify_register函数里的
void _objc_init(void)
{
static bool initialized = false;
if (initialized) return;
initialized = true;
// fixme defer initialization until an objc-using image is found?
//读取影响运行的环境变量,如果需要,还可以打印环境变量帮助
environ_init();
//关于线程key的绑定--比如每线程数据的析构函数
tls_init();
//运行系统的C++静态构造函数,在dyld调用我们的静态构造函数之前,libc会调用_objc_init(),所以我们必须自己做
static_init();
runtime_init();
//初始化异常处理系统,比如注册异常的回调函数,来监控异常
exception_init();
cache_init();
_imp_implementationWithBlock_init();
//仅供objc运行时使用,注册处理程序,以便在映射、取消映射和初始化objc镜像文件时调用
_dyld_objc_notify_register(&map_images, load_images, unmap_image);
#if __OBJC2__
didCallDyldNotifyRegister = true;
#endif
}
这样就完成了每个image链接到相应的库里,完成了动态库的加载
总结
动态库的加载是从libdyld.dylib`start:开始,经历了一些汇编然后进入到dyldbootstrap::start函数,然后从dyld::_main开始加载
a.通过checkEnvironmentVariables和defaultUninitializedFallbackPaths进行环境变量处理
b.再通过checkShareRegionDisable和mapSharedCache加载共享缓存
c.缓存加载完成后会将dyld本身添加到镜像列表里
d.然后开始加载镜像文件image
d1>先通过instantiateFromLoadedImag创建一个ImageLoader,用来加载image
d2>再通过loadInsertedDylib函数将动态库读取成镜像文件image
d3>遍历所有的镜像文件,将镜像文件链接到二进制文件中
d4>开始通过initializeMainExecutable初始化程序了
d5>遍历ImageLoader(其实一般只有一个),然后每个ImageLoader都进行runInitializers初始化操作
d6>然后在processInitializers函数里遍历ImageLoader里的每个image进行recursiveInitialization初始化
d7>image初始化中最终会走到_object_init函数里面将相应的镜像文件的函数指针注册到对应dyld的的通知中去
d8>_object_init函数如何加载类、分类、方法、协议等具体内容 下集继续
