1. 程式人生 > 實用技巧 >Chromium學習筆記:程式啟動入口分析(Windows)

Chromium學習筆記:程式啟動入口分析(Windows)

Chromium學習筆記:程式啟動入口分析(Windows)

以下筆記內容均為Windows版本。

本篇筆記跟蹤記錄了Chromium的啟動過程,主要關注Browser程序和Renderer程序。根據Chromium專案的分層設計,我們把Content API稱作為Content層,而把呼叫Content API實現瀏覽器程式的部分稱作為Embedder層。在專案中,Embedder層有chromecontent_shell等多種實現。

1、main() 函式

Chromium的main函式在chrome\app\chrome_exe_main_win.cc,具體如下:

// chrome\app\chrome_exe_main_win.cc

#if !defined(WIN_CONSOLE_APP)
int APIENTRY wWinMain(HINSTANCE instance, HINSTANCE prev, wchar_t*, int) {
#else
int main() {
HINSTANCE instance = GetModuleHandle(nullptr);
#endif
install_static::InitializeFromPrimaryModule();
SignalInitializeCrashReporting();

......

// Load and launch the chrome dll. *Everything* happens inside.
VLOG(1) << "About to load main DLL.";
MainDllLoader* loader = MakeMainDllLoader();
int rc = loader->Launch(instance, exe_entry_point_ticks);
loader->RelaunchChromeBrowserWithNewCommandLineIfNeeded();
delete loader;
return rc;
}

在main函式中,最重要的一步,就是int rc = loader->Launch(instance, exe_entry_point_ticks);載入chrome.dll執行

2、載入 chrome.dll

在這裡首先呼叫了MakeMainDllLoader()函式,這是一個靜態函式,在chrome\app\main_dll_loader.cc中,內容如下:

// chrome\app\main_dll_loader.cc

MainDllLoader* MakeMainDllLoader() {
#if defined(GOOGLE_CHROME_BUILD)
return new ChromeDllLoader();
#else
return new ChromiumDllLoader();
#endif
}

函式建立並返回一個ChromiumDllLoader,緊接著再呼叫它的Launch函式,內容如下:

// chrome\app\main_dll_loader.cc

int MainDllLoader::Launch(HINSTANCE instance,
base::TimeTicks exe_entry_point_ticks) {
const base::CommandLine& cmd_line = *base::CommandLine::ForCurrentProcess();
process_type_ = cmd_line.GetSwitchValueASCII(switches::kProcessType);

......

dll_ = Load(&file);
if (!dll_)
return chrome::RESULT_CODE_MISSING_DATA;

OnBeforeLaunch(cmd_line, process_type_, file);
DLL_MAIN chrome_main =
reinterpret_cast<DLL_MAIN>(::GetProcAddress(dll_, "ChromeMain"));
int rc = chrome_main(instance, &sandbox_info,
exe_entry_point_ticks.ToInternalValue());
OnBeforeExit(file);
return rc;
}

這裡完成了chrome.dll的載入,並且執行裡面的ChromeMain函式。

3、ChromeMain() 函式

ChromeMain函式負責Embedder層的實現類建立,並傳遞給Content層,定義在chrome\app\chrome_main.cc中,內容如下:

// chrome\app\chrome_main.cc

extern "C" {
DLLEXPORT int __cdecl ChromeMain(HINSTANCE instance,
sandbox::SandboxInterfaceInfo* sandbox_info,
int64_t exe_entry_point_ticks);
}

......

#if defined(OS_WIN)
DLLEXPORT int __cdecl ChromeMain(HINSTANCE instance,
sandbox::SandboxInterfaceInfo* sandbox_info,
int64_t exe_entry_point_ticks) {
#elif defined(OS_POSIX)
int ChromeMain(int argc, const char** argv) {
int64_t exe_entry_point_ticks = 0;
#endif

#if defined(OS_WIN)
install_static::InitializeFromPrimaryModule();
#endif

ChromeMainDelegate chrome_main_delegate(
base::TimeTicks::FromInternalValue(exe_entry_point_ticks));
content::ContentMainParams params(&chrome_main_delegate);

......

int rv = content::ContentMain(params);

return rv;
}

在ChromeMain中,最終執行到了content::ContentMain這個函式。

4、content::ContentMain() 函式

程式碼執行到這裡,進入了Content層,並且傳入引數content::ContentMainParams型別的引數params,它是由Embedder層傳遞過來的重要引數,裡面包含了Embedder層的具體實現資訊,此結構體在content\public\app\content_main.h中定義如下:

// content\public\app\content_main.h

struct ContentMainParams {
explicit ContentMainParams(ContentMainDelegate* delegate)
: delegate(delegate) {}

ContentMainDelegate* delegate;

......

其中有一個重要的成員變數delegate,其型別為content::ContentMainDelegate,它在content\public\app\content_main_delegate.cc中定義如下:

// content\public\app\content_main_delegate.cc

class CONTENT_EXPORT ContentMainDelegate {
public:
virtual ~ContentMainDelegate() {}

virtual bool BasicStartupComplete(int* exit_code);
virtual void PreSandboxStartup() {}
virtual void SandboxInitialized(const std::string& process_type) {}
virtual int RunProcess(
const std::string& process_type,
const MainFunctionParams& main_function_params);
virtual void ProcessExiting(const std::string& process_type) {}

......

virtual void PreCreateMainMessageLoop() {}

......

protected:
friend class ContentClientInitializer;

virtual ContentBrowserClient* CreateContentBrowserClient();
virtual ContentGpuClient* CreateContentGpuClient();
virtual ContentRendererClient* CreateContentRendererClient();
virtual ContentUtilityClient* CreateContentUtilityClient();
};

可以看到,這裡定義了一系列與啟動相關的操作,並且通過幾個CreateXXX的函式,獲取ContentBrowserClientContentRendererClient等介面具體的實現,這也是content API的巧妙設計,通過這種方式,將瀏覽器的實現放入了content中。

繼續往下看,content::ContentMain()中呼叫了content\app\content_main.cc中的service_manager::Main()

// content\app\content_main.cc

int ContentMain(const ContentMainParams& params) {
ContentServiceManagerMainDelegate delegate(params);
service_manager::MainParams main_params(&delegate);
#if !defined(OS_WIN) && !defined(OS_ANDROID)
main_params.argc = params.argc;
main_params.argv = params.argv;
#endif
return service_manager::Main(main_params);
}

在這裡,使用一個content::ContentServiceManagerMainDelegate物件來構建了main_params,並傳入了service_manager::Main()

5、service_manager::Main 函式

service_manager::Main函式位於services\service_manager\embedder\main.cc,接收一個MainParams型別的引數,具體如下:

// services\service_manager\embedder\main.cc

int Main(const MainParams& params) {
MainDelegate* delegate = params.delegate;

......

ProcessType process_type = delegate->OverrideProcessType();

......
// A flag to indicate whether Main() has been called before. On Android, we
// may re-run Main() without restarting the browser process. This flag
// prevents initializing things more than once.
static bool is_initialized = false;
#if !defined(OS_ANDROID)
DCHECK(!is_initialized);
#endif
if (!is_initialized) {
is_initialized = true;

......

#if defined(OS_WIN)
base::win::RegisterInvalidParamHandler();
ui::win::CreateATLModuleIfNeeded();
#endif // defined(OS_WIN)

......

base::CommandLine::Init(argc, argv);

......

const auto& command_line = *base::CommandLine::ForCurrentProcess();

#if defined(OS_WIN)
base::win::SetupCRT(command_line);
#endif

MainDelegate::InitializeParams init_params;

......
mojo::core::Init(mojo_config);

......

exit_code = delegate->Initialize(init_params);

......

}

const auto& command_line = *base::CommandLine::ForCurrentProcess();
if (process_type == ProcessType::kDefault) {
std::string type_switch =
command_line.GetSwitchValueASCII(switches::kProcessType);
if (type_switch == switches::kProcessTypeServiceManager) {
process_type = ProcessType::kServiceManager;
} else if (type_switch == switches::kProcessTypeService) {
process_type = ProcessType::kService;
} else {
process_type = ProcessType::kEmbedder;
}
}
switch (process_type) {
case ProcessType::kDefault:
NOTREACHED();
break;

case ProcessType::kServiceManager:
exit_code = RunServiceManager(delegate);
break;

case ProcessType::kService:
CommonSubprocessInit();
exit_code = RunService(delegate);
break;

case ProcessType::kEmbedder:
if (delegate->IsEmbedderSubprocess())
CommonSubprocessInit();
exit_code = delegate->RunEmbedderProcess();
break;
}

......

if (process_type == ProcessType::kEmbedder)
delegate->ShutDownEmbedderProcess();

return exit_code;
}

這裡擷取的程式碼比較長,也非常重要,我們主要關注這四個部分:

  • 根據傳入的delegatecommand_line決定程序的型別
  • 執行環境的初始化,比如CreateATLModuleIfNeededSetupCRT並用is_initialized來防止重複執行
  • 通過傳入的delegate進行程式的初始化操作,delegate->Initialize(init_params)
  • 根據程序型別啟動相應的工作

這裡的delegate型別為service_manager::MainDelegate*,是在services/service_manager/embedder/main_delegate.h中定義的抽象類,在這裡我們主要關注它的InitializeRunEmbedderProcessShutDownEmbedderProcess,其中Initialize為被宣告為純虛擬函式,RunEmbedderProcessShutDownEmbedderProcess又是什麼都不做的,程式碼如下:

// services/service_manager/embedder/main_delegate.h

class COMPONENT_EXPORT(SERVICE_MANAGER_EMBEDDER) MainDelegate {
public:
// Perform early process initialization. Returns -1 if successful, or the exit
// code with which the process should be terminated due to initialization
// failure.
virtual int Initialize(const InitializeParams& params) = 0;

......

// Runs the embedder's own main process logic. Called exactly once after a
// successful call to Initialize(), and only if the Service Manager core does
// not know what to do otherwise -- i.e., if it is not starting a new Service
// Manager instance or launching an embedded service.
//
// Returns the exit code to use when terminating the process after
// RunEmbedderProcess() (and then ShutDown()) completes.
virtual int RunEmbedderProcess();

......

// Called just before process exit if RunEmbedderProcess() was called.
virtual void ShutDownEmbedderProcess();
// services/service_manager/embedder/main_delegate.cc

int MainDelegate::RunEmbedderProcess() {
return 0;
}

...

void MainDelegate::ShutDownEmbedderProcess() {}

回到service_manager::Main(),我們看到第一句MainDelegate* delegate = params.delegate;中的params.delegate就是前面在content::ContentMain中構建main_params所使用的content::ContentServiceManagerMainDelegate物件,因此,上述的三個函式InitializeRunEmbedderProcessShutDownEmbedderProcess是由ContentServiceManagerMainDelegate來最終實現的,來看程式碼:

// content\app\content_service_manager_main_delegate.cc

int ContentServiceManagerMainDelegate::Initialize(
const InitializeParams& params) {

......

return content_main_runner_->Initialize(content_main_params_);
}

......

int ContentServiceManagerMainDelegate::RunEmbedderProcess() {
return content_main_runner_->Run(start_service_manager_only_);
}

......

void ContentServiceManagerMainDelegate::ShutDownEmbedderProcess() {
#if !defined(OS_ANDROID)
content_main_runner_->Shutdown();
#endif
}

在這三個函式的定義中,都使用了content_main_runner_這個成員變數來具體執行,它的定義為std::unique_ptr<ContentMainRunnerImpl>

6、整個程式的Runner,content::ContentMainRunnerImpl

這個content::ContentMainRunnerImplcontent::ContentMainRunner介面的一個實現,先來看介面的宣告:

// content\app\content_main_runner_impl.h

class CONTENT_EXPORT ContentMainRunner {
public:
virtual ~ContentMainRunner() {}

// Create a new ContentMainRunner object.
static ContentMainRunner* Create();

// Initialize all necessary content state.
virtual int Initialize(const ContentMainParams& params) = 0;

// Perform the default run logic.
virtual int Run(bool start_service_manager_only) = 0;

// Shut down the content state.
virtual void Shutdown() = 0;
};

再來看實現類的程式碼:

// content\app\content_main_runner_impl.h

class ContentMainRunnerImpl : public ContentMainRunner {
public:
static ContentMainRunnerImpl* Create();

ContentMainRunnerImpl();
~ContentMainRunnerImpl() override;

int TerminateForFatalInitializationError();

// ContentMainRunner:
int Initialize(const ContentMainParams& params) override;
int Run(bool start_service_manager_only) override;
void Shutdown() override;

......

}

7、ContentMainRunner::Initialize() 函式

先來看Initialize函式:

// content\app\content_main_runner_impl.cc

int ContentMainRunnerImpl::Initialize(const ContentMainParams& params) {
ui_task_ = params.ui_task;
created_main_parts_closure_ = params.created_main_parts_closure;

#if defined(OS_WIN)
sandbox_info_ = *params.sandbox_info;
#else // !OS_WIN

......

is_initialized_ = true;
delegate_ = params.delegate;

......

int exit_code = 0;
if (delegate_->BasicStartupComplete(&exit_code))
return exit_code;
completed_basic_startup_ = true;

......

delegate_->PreSandboxStartup();
#if defined(OS_WIN)
if (!InitializeSandbox(
service_manager::SandboxTypeFromCommandLine(command_line),
params.sandbox_info))
return TerminateForFatalInitializationError();
#elif defined(OS_MACOSX)

......

#endif

delegate_->SandboxInitialized(process_type);

......

// Return -1 to indicate no early termination.
return -1;
}

大致看一下,在這個Initialize中,主要是根據command_line啟動了相應的sandbox service,並在啟動前後都觸發了delegate_->PreSandboxStartup()delegate_->SandboxInitialized(process_type),這個delegate_來自於傳入的content::ContentMainParams結構體,這個結構體是在chrome_main.cc中呼叫content::ContentMain(params)時所建立,所以這個delegate_正是前面所提到的巧妙設計中,繼承自content::ContentMainDelegateChromeMainDelegate物件,通過這一系列的呼叫,content層就把建立sandbox service前後的事件觸發了出來,具體實現者只要在ChromeMainDelegate中填充這兩個時間點要做的事即可。

8、程序入口,ContentMainRunner::Run() 函式

再來看Run函式:

// // content\app\content_main_runner_impl.cc

int ContentMainRunnerImpl::Run(bool start_service_manager_only) {

......

const base::CommandLine& command_line =
*base::CommandLine::ForCurrentProcess();
std::string process_type =
command_line.GetSwitchValueASCII(switches::kProcessType);

......

MainFunctionParams main_params(command_line);
main_params.ui_task = ui_task_;
main_params.created_main_parts_closure = created_main_parts_closure_;

......

if (process_type.empty())
return RunServiceManager(main_params, start_service_manager_only);

return RunOtherNamedProcessTypeMain(process_type, main_params, delegate_);
}

此處先判斷process_type是否為空,為空則代表當前執行的是預設程序(一般情況下為Browser程序),則呼叫RunServiceManager(),否則呼叫RunOtherNamedProcessTypeMain根據process_type來執行相應的程序。先來看RunServiceManager

// content\app\content_main_runner_impl.cc

int ContentMainRunnerImpl::RunServiceManager(MainFunctionParams& main_params,
bool start_service_manager_only) {

......

if (!service_manager_context_) {

......

delegate_->PreCreateMainMessageLoop();

......

delegate_->PostEarlyInitialization(main_params.ui_task != nullptr);

......

}

if (should_start_service_manager_only)
return -1;

is_browser_main_loop_started_ = true;
startup_data_ = std::make_unique<StartupDataImpl>();
startup_data_->thread = std::move(service_manager_thread_);
startup_data_->service_manager_context = service_manager_context_.get();
main_params.startup_data = startup_data_.get();
return RunBrowserProcessMain(main_params, delegate_);
}

同樣,這裡通過delegate_做了一些操作之後,最後呼叫了RunBrowserProcessMain()函式,內容如下:

// content\app\content_main_runner_impl.cc

int RunBrowserProcessMain(const MainFunctionParams& main_function_params,
ContentMainDelegate* delegate) {
int exit_code = delegate->RunProcess("", main_function_params);
#if defined(OS_ANDROID)
// In Android's browser process, the negative exit code doesn't mean the
// default behavior should be used as the UI message loop is managed by
// the Java and the browser process's default behavior is always
// overridden.
return exit_code;
#else
if (exit_code >= 0)
return exit_code;
return BrowserMain(main_function_params);
#endif
}

非常簡單明瞭,首先通過delegate->RunProcess把執行預設程序的優先權交由Embedder層,如果Embedder層成功執行了程序並最終返回了成功標誌(exit_code >= 0),那麼就退出函式;如果Embedder層對預設程序沒有定義,就繼續執行content::BrowserMain,由此,Browser程序開始執行。

再來看RunOtherNamedProcessTypeMain函式:

// content\app\content_main_runner_impl.cc

int RunOtherNamedProcessTypeMain(const std::string& process_type,
const MainFunctionParams& main_function_params,
ContentMainDelegate* delegate) {
static const MainFunction kMainFunctions[] = {

......

{switches::kUtilityProcess, UtilityMain},
{switches::kRendererProcess, RendererMain},
{switches::kGpuProcess, GpuMain},
};

for (size_t i = 0; i < base::size(kMainFunctions); ++i) {
if (process_type == kMainFunctions[i].name) {
int exit_code = delegate->RunProcess(process_type, main_function_params);
if (exit_code >= 0)
return exit_code;
return kMainFunctions[i].function(main_function_params);
}
}

......

// If it's a process we don't know about, the embedder should know.
return delegate->RunProcess(process_type, main_function_params);
}

先建立了一個程序型別和入口函式指標的對應陣列,再根據程序型別去具體執行,執行的過程與Browser程序一樣,先通過delegate->RunProcess交由Embedder層處理,如果未處理再呼叫預設的程序入口函式,可以看到分別提供了UtilityMainRendererMainGpuMain這三個程序的入口,其中RendererMain則是我們關注的Renderer程序的入口函式,Renderer程序從此處開始執行。最後一句,如果程序型別不在以上範圍內,則交由Embedder去處理。

9、程式結束

void ContentMainRunnerImpl::Shutdown() {
DCHECK(is_initialized_);
DCHECK(!is_shutdown_);

if (completed_basic_startup_) {
const base::CommandLine& command_line =
*base::CommandLine::ForCurrentProcess();
std::string process_type =
command_line.GetSwitchValueASCII(switches::kProcessType);

delegate_->ProcessExiting(process_type);
}

#if !defined(CHROME_MULTIPLE_DLL_CHILD)
// The BrowserTaskExecutor needs to be destroyed before |exit_manager_|.
BrowserTaskExecutor::Shutdown();
#endif // !defined(CHROME_MULTIPLE_DLL_CHILD)

#if defined(OS_WIN)
#ifdef _CRTDBG_MAP_ALLOC
_CrtDumpMemoryLeaks();
#endif // _CRTDBG_MAP_ALLOC
#endif // OS_WIN

exit_manager_.reset(nullptr);

delegate_ = nullptr;
is_shutdown_ = true;
}

首先通過delegate_->ProcessExiting(process_type)通知Embedder層處理,然後做了一些善後釋放的工作,最後將is_shutdown_標記置為true

10、總結

前面分析了這麼多,其實結合類圖來看一下還是很簡單明瞭的,主要起到作用的就是圖中標紅的三個,service_manager::Main通過content::ContentServiceManagerMainDelegate的例項呼叫了content::ContentMainRunnerImpl例項中的Initialize()Run()Shutdown()函式,而在這個Runner中,又通過content::ContentMainDelegate介面指標呼叫到了由Embedder層建立的ChromeMainDelegate例項中的函式,由此完成了程式的啟動以及Content層對Embedder的互動。