JavscriptCore源码探析--JSExport实现
2020-01-22 本文已影响0人
FingerStyle
记得初次接触JavaScriptCore的时候,我内心中有个疑问,JavascriptCore内部是如何实现的,怎么让一个OC方法可以给JS调用,然而很多年过去了,却一直没有下决心去一探究竟,这个疑问也一直保存到现在。然而最近在研究RN 底层的实现,又重新激发了我的兴趣。
我们先回顾下JavascriptCore提供给外层的API:
https://developer.apple.com/documentation/javascriptcore/jsexport
https://www.jianshu.com/p/73a07ebe0bff
这篇博客比较清晰的讲述了JavascriptCore实现的基本原理:
https://www.cnblogs.com/meituantech/p/9528285.html
我们知道OC在编译过程中会转成C和C++代码,JS其实也是一样,JSExport和JSObjectRef的setProperty等方法最终也都会转成C语言乃至汇编和机器码去执行。从原理上来讲,互相调用是可能的。那JavascriptCore是不是这么去做的呢?
打开JavscriptCore的源码(源码下载地址: https://opensource.apple.com/release/ios-1141.html)
让我们先看看另一个类JSWrapperMap,他是JSContext的一个成员
JSWrapperMap *m_wrapperMap;
顾名思义,这是一个包装容器,它的初始化方法中有一个参数JSContext,看来他本身也是离不开JSContext而存在的。
@interface JSWrapperMap : NSObject
- (instancetype)initWithGlobalContextRef:(JSGlobalContextRef)context;
- (JSValue *)jsWrapperForObject:(id)object inContext:(JSContext *)context;
- (JSValue *)objcWrapperForJSValueRef:(JSValueRef)value inContext:(JSContext *)context;
@end
@implementation JSWrapperMap {
NSMutableDictionary *m_classMap;
std::unique_ptr<JSC::WeakGCMap<id, JSC::JSObject>> m_cachedJSWrappers;
NSMapTable *m_cachedObjCWrappers;
}
他初始化的方法:
- (instancetype)initWithGlobalContextRef:(JSGlobalContextRef)context
{
self = [super init];
if (!self)
return nil;
NSPointerFunctionsOptions keyOptions = NSPointerFunctionsOpaqueMemory | NSPointerFunctionsOpaquePersonality;
NSPointerFunctionsOptions valueOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality;
m_cachedObjCWrappers = [[NSMapTable alloc] initWithKeyOptions:keyOptions valueOptions:valueOptions capacity:0];
m_cachedJSWrappers = std::make_unique<JSC::WeakGCMap<id, JSC::JSObject>>(toJS(context)->vm());
ASSERT(!toJSGlobalObject(context)->wrapperMap());
toJSGlobalObject(context)->setWrapperMap(self);
m_classMap = [[NSMutableDictionary alloc] init];
return self;
}
对于一个OC对象,其对应的包装方法如下:
- (JSValue *)jsWrapperForObject:(id)object inContext:(JSContext *)context
{
ASSERT(toJSGlobalObject([context JSGlobalContextRef])->wrapperMap() == self);
JSC::JSObject* jsWrapper = m_cachedJSWrappers->get(object);
if (jsWrapper)
return [JSValue valueWithJSValueRef:toRef(jsWrapper) inContext:context];
if (class_isMetaClass(object_getClass(object)))
jsWrapper = [[self classInfoForClass:(Class)object] constructorInContext:context];
else {
JSObjCClassInfo* classInfo = [self classInfoForClass:[object class]];
jsWrapper = [classInfo wrapperForObject:object inContext:context];
}
// FIXME: https://bugs.webkit.org/show_bug.cgi?id=105891
// This general approach to wrapper caching is pretty effective, but there are a couple of problems:
// (1) For immortal objects JSValues will effectively leak and this results in error output being logged - we should avoid adding associated objects to immortal objects.
// (2) A long lived object may rack up many JSValues. When the contexts are released these will unprotect the associated JavaScript objects,
// but still, would probably nicer if we made it so that only one associated object was required, broadcasting object dealloc.
m_cachedJSWrappers->set(object, jsWrapper);
return [JSValue valueWithJSValueRef:toRef(jsWrapper) inContext:context];
}
这里面有一个classInfoForClass方法,通过OC的class生成JS对应的classInfo:
- (JSObjCClassInfo*)classInfoForClass:(Class)cls
{
if (!cls)
return nil;
// Check if we've already created a JSObjCClassInfo for this Class.
if (JSObjCClassInfo* classInfo = (JSObjCClassInfo*)m_classMap[cls])
return classInfo;
// Skip internal classes beginning with '_' - just copy link to the parent class's info.
if ('_' == *class_getName(cls)) {
bool conformsToExportProtocol = false;
forEachProtocolImplementingProtocol(cls, getJSExportProtocol(), [&conformsToExportProtocol](Protocol *, bool& stop) {
conformsToExportProtocol = true;
stop = true;
});
if (!conformsToExportProtocol)
return m_classMap[cls] = [self classInfoForClass:class_getSuperclass(cls)];
}
return m_classMap[cls] = [[[JSObjCClassInfo alloc] initForClass:cls] autorelease];
}
JS的classInfo里面有两个很重要的对象,prototype(原型)和constructor(构造函数),如果你学过js,你应该知道我说的是什么,这个相当于OC里面的class和对应的构造函数,OC里面一切皆对象,js里面也是如此,通过一个对象的原型,可以得到他的所有变量和函数。
@interface JSObjCClassInfo : NSObject {
Class m_class;
bool m_block;
JSClassRef m_classRef;
JSC::Weak<JSC::JSObject> m_prototype;
JSC::Weak<JSC::JSObject> m_constructor;
}
- (instancetype)initForClass:(Class)cls;
- (JSC::JSObject *)wrapperForObject:(id)object inContext:(JSContext *)context;
- (JSC::JSObject *)constructorInContext:(JSContext *)context;
- (JSC::JSObject *)prototypeInContext:(JSContext *)context;
@end
然后我们循着constructorInContext和prototypeInContext 找到 allocateConstructorAndPrototypeInContext这个方法
- (ConstructorPrototypePair)allocateConstructorAndPrototypeInContext:(JSContext *)context
{
JSObjCClassInfo* superClassInfo = [context.wrapperMap classInfoForClass:class_getSuperclass(m_class)];
ASSERT(!m_constructor || !m_prototype);
ASSERT((m_class == [NSObject class]) == !superClassInfo);
JSC::JSObject* jsPrototype = m_prototype.get();
JSC::JSObject* jsConstructor = m_constructor.get();
if (!superClassInfo) {
JSC::JSGlobalObject* globalObject = toJSGlobalObject([context JSGlobalContextRef]);
if (!jsConstructor)
jsConstructor = globalObject->objectConstructor();
if (!jsPrototype)
jsPrototype = globalObject->objectPrototype();
} else {
const char* className = class_getName(m_class);
// Create or grab the prototype/constructor pair.
if (!jsPrototype)
jsPrototype = objectWithCustomBrand(context, [NSString stringWithFormat:@"%sPrototype", className]);
if (!jsConstructor)
jsConstructor = allocateConstructorForCustomClass(context, className, m_class);
JSValue* prototype = [JSValue valueWithJSValueRef:toRef(jsPrototype) inContext:context];
JSValue* constructor = [JSValue valueWithJSValueRef:toRef(jsConstructor) inContext:context];
putNonEnumerable(prototype, @"constructor", constructor);
putNonEnumerable(constructor, @"prototype", prototype);
//找到JSExport协议里面定义的所有方法和属性,拷贝到其原型和构造函数中
Protocol *exportProtocol = getJSExportProtocol();
forEachProtocolImplementingProtocol(m_class, exportProtocol, ^(Protocol *protocol, bool&){
copyPrototypeProperties(context, m_class, protocol, prototype);
copyMethodsToObject(context, m_class, protocol, NO, constructor);
});
// Set [Prototype].
JSC::JSObject* superClassPrototype = [superClassInfo prototypeInContext:context];
JSObjectSetPrototype([context JSGlobalContextRef], toRef(jsPrototype), toRef(superClassPrototype));
}
m_prototype = jsPrototype;
m_constructor = jsConstructor;
return ConstructorPrototypePair(jsConstructor, jsPrototype);
}
这个forEachProtocolImplementingProtocol 就是通过OC的runtime去拿到所有遵循了JSExport协议的类,具体代码在ObjcRuntimeExtras.h里面,这里就不贴出来了。这里可以看出javascriptCore是依赖于运行时的,当然这个只限于OC,其他平台比如安卓上应该有另外的实现。
我们再看看这个方法,这是把OC里面的方法封装成JSObjectRef对象,然后放到一个JSValue中(你可以搜索一下这个方法,有两个地方调用,一个是拷贝方法到构造函数中,另一个是拷贝属性的setter /getter方法到原型中)。其中accessorMethods这个字典缓存了所有已经拷贝的方法,避免重复进行拷贝(如果OC的对象里面属性的getter或setter方法与申明的方法重名的话)。这里还有一个createRenameMap方法是对OC里面的方法重新命名(这块不是很明白,如果有知道的麻烦指点一二)
static void copyMethodsToObject(JSContext *context, Class objcClass, Protocol *protocol, BOOL isInstanceMethod, JSValue *object, NSMutableDictionary *accessorMethods = nil)
{
NSMutableDictionary *renameMap = createRenameMap(protocol, isInstanceMethod);
forEachMethodInProtocol(protocol, YES, isInstanceMethod, ^(SEL sel, const char* types){
const char* nameCStr = sel_getName(sel);
NSString *name = @(nameCStr);
if (shouldSkipMethodWithName(name))
return;
if (accessorMethods && accessorMethods[name]) {
JSObjectRef method = objCCallbackFunctionForMethod(context, objcClass, protocol, isInstanceMethod, sel, types);
if (!method)
return;
accessorMethods[name] = [JSValue valueWithJSValueRef:method inContext:context];
} else {
name = renameMap[name];
if (!name)
name = selectorToPropertyName(nameCStr);
if ([object hasProperty:name])
return;
JSObjectRef method = objCCallbackFunctionForMethod(context, objcClass, protocol, isInstanceMethod, sel, types);
if (method)
putNonEnumerable(object, name, [JSValue valueWithJSValueRef:method inContext:context]);
}
});
[renameMap release];
}
接下来就是JSObjectRef这个对象如何进行封装的了,我们看objCCallbackFunctionForMethod这个方法(在ObjcCallbackFunction.mm里面)
JSObjectRef objCCallbackFunctionForMethod(JSContext *context, Class cls, Protocol *protocol, BOOL isInstanceMethod, SEL sel, const char* types)
{
NSInvocation *invocation = [NSInvocation invocationWithMethodSignature:[NSMethodSignature signatureWithObjCTypes:types]];
[invocation setSelector:sel];
// We need to retain the target Class because m_invocation doesn't retain it by default (and we don't want it to).
// FIXME: What releases it?
if (!isInstanceMethod)
[invocation setTarget:[cls retain]];
return objCCallbackFunctionForInvocation(context, invocation, isInstanceMethod ? CallbackInstanceMethod : CallbackClassMethod, isInstanceMethod ? cls : nil, _protocol_getMethodTypeEncoding(protocol, sel, YES, isInstanceMethod));
}
这里看到一个很熟悉的东西,就是NSInvocation(什么?你不知道?那你先去熟悉一下吧),通过他我们可以做到函数的动态调用,也可以通过他拿到函数的原型,就是函数名称、返回值的类型、参数类型这些。
再往里面深入就是objCCallbackFunctionForInvocation这个函数了,感觉就快接近事实真相了。。。
static JSObjectRef objCCallbackFunctionForInvocation(JSContext *context, NSInvocation *invocation, CallbackType type, Class instanceClass, const char* signatureWithObjcClasses)
{
if (!signatureWithObjcClasses)
return nullptr;
const char* position = signatureWithObjcClasses;
auto result = parseObjCType<ResultTypeDelegate>(position);
if (!result || !skipNumber(position))
return nullptr;
switch (type) {
case CallbackInitMethod:
case CallbackInstanceMethod:
case CallbackClassMethod:
// Methods are passed two implicit arguments - (id)self, and the selector.
if ('@' != *position++ || !skipNumber(position) || ':' != *position++ || !skipNumber(position))
return nullptr;
break;
case CallbackBlock:
// Blocks are passed one implicit argument - the block, of type "@?".
if (('@' != *position++) || ('?' != *position++) || !skipNumber(position))
return nullptr;
// Only allow arguments of type 'id' if the block signature contains the NS type information.
if ((!blockSignatureContainsClass() && strchr(position, '@')))
return nullptr;
break;
}
std::unique_ptr<CallbackArgument> arguments;
auto* nextArgument = &arguments;
unsigned argumentCount = 0;
while (*position) {
auto argument = parseObjCType<ArgumentTypeDelegate>(position);
if (!argument || !skipNumber(position))
return nullptr;
*nextArgument = WTFMove(argument);
nextArgument = &(*nextArgument)->m_next;
++argumentCount;
}
JSC::ExecState* exec = toJS([context JSGlobalContextRef]);
JSC::VM& vm = exec->vm();
JSC::JSLockHolder locker(vm);
auto impl = std::make_unique<JSC::ObjCCallbackFunctionImpl>(invocation, type, instanceClass, WTFMove(arguments), WTFMove(result));
const String& name = impl->name();
return toRef(JSC::ObjCCallbackFunction::create(vm, exec->lexicalGlobalObject(), name, WTFMove(impl)));
}
这里会根据函数类型来处理相应的参数,保存在argument容器里面,然后再把invocation,arguments,class等相关数据都保存在一个ObjCCallbackFunctionImpl的容器中,然后跟globalObject关联起来再封装成JSObjectRef对象返回给外面。
至此JSExport的信息就存到了globalObject当中了(globalObject可以理解为js里面的全局对象),当JS需要调用JSExport里面的方法和属性的时候,就会通过ObjCCallbackFunctionImpl的call方法来实现:
JSValueRef ObjCCallbackFunctionImpl::call(JSContext *context, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
{
JSGlobalContextRef contextRef = [context JSGlobalContextRef];
id target;
size_t firstArgument;
switch (m_type) {
case CallbackInitMethod: {
RELEASE_ASSERT(!thisObject);
target = [m_instanceClass alloc];
if (!target || ![target isKindOfClass:m_instanceClass.get()]) {
*exception = toRef(JSC::createTypeError(toJS(contextRef), ASCIILiteral("self type check failed for Objective-C instance method")));
return JSValueMakeUndefined(contextRef);
}
[m_invocation setTarget:target];
firstArgument = 2;
break;
}
case CallbackInstanceMethod: {
target = tryUnwrapObjcObject(contextRef, thisObject);
if (!target || ![target isKindOfClass:m_instanceClass.get()]) {
*exception = toRef(JSC::createTypeError(toJS(contextRef), ASCIILiteral("self type check failed for Objective-C instance method")));
return JSValueMakeUndefined(contextRef);
}
[m_invocation setTarget:target];
firstArgument = 2;
break;
}
case CallbackClassMethod:
firstArgument = 2;
break;
case CallbackBlock:
firstArgument = 1;
}
size_t argumentNumber = 0;
for (CallbackArgument* argument = m_arguments.get(); argument; argument = argument->m_next.get()) {
JSValueRef value = argumentNumber < argumentCount ? arguments[argumentNumber] : JSValueMakeUndefined(contextRef);
argument->set(m_invocation.get(), argumentNumber + firstArgument, context, value, exception);
if (*exception)
return JSValueMakeUndefined(contextRef);
++argumentNumber;
}
[m_invocation invoke];
JSValueRef result = m_result->get(m_invocation.get(), context, exception);
// Balance our call to -alloc with a call to -autorelease. We have to do this after calling -init
// because init family methods are allowed to release the allocated object and return something
// else in its place.
if (m_type == CallbackInitMethod) {
id objcResult = tryUnwrapObjcObject(contextRef, result);
if (objcResult)
[objcResult autorelease];
}
return result;
}
注意这行
[m_invocation invoke];
看到这里你应该明白了,实际上Javascript那边并没有保存OC方法的实现,而只是通过这个invocation来实现OC方法的调用。说白了还是通过OC的运行时来实现的,只不过换了个思路。
