JNI注册与使用

Android JNI

---

This article learns a lot from Laoluo's Blog. Thanks for his outstanding analysis!

---

1 Native Method Registeration

Native Functions can be registered or directly invoked as Native Method in 2 ways:

• Developer can manually register native functions in JNI_OnLoad function, which would be invoked once the library is loaded. This is explained in Structures and Definition in Native Function Registeration
• Functions intended to be registered as Native Methods should be defined in a format following the JNI naming convention. This is discussed in Dynamically Resolve Native Functions for JNI

Most of following content are explaining the procedure of Native Function Registeration; The second subsection

1.1 Manually Register Native Functions

Manually Register Native Functions in SharedLibrary's JNI_OnLoad function

Structures and Definition in Native Function Registeration

JNINativeMethod

Location:dalvik/libnativehelper/include/nativehelper/jni.h

A structure used to describe the native methods

typedef struct {
    const char* name;
    const char* signature; //the combined string describing types of parameters and return vuale
    void*       fnPtr;
} JNINativeMethod;

JNIEnv

Location:dalvik/libnativehelper/include/nativehelper/jni.h

JNIEnvhas a memeber named functions who points to a callback function table.
Dalvik虚拟机在创建一个JNIEnvExt结构体的时候，会将它的成员变量funcTable指向全局变量gNativeInterface所描述的一个回调函数表。

struct _JNIEnv {
    /* do not rename this; it does not seem to be entirely opaque */
    const struct JNINativeInterface* functions;
#if defined(__cplusplus)
    jint GetVersion()
    { return functions->GetVersion(this); }
    ...

JNINativeInterface

location:dalvik/vm/Jni.cpp

jniRegisterNativeMethods

Location:dalvik/libnativehelper/jnihelp.cpp

Before this function is called, a possible call-path can be the following:

to be continued:

Finally, jniRegisterNativeMethods is called for performing the real native methods registeration

 int jniRegisterNativeMethods(C_JNIEnv* env, 
        const char* className, // aa/b/c
        const JNINativeMethod* gMethods,  // list of all Native Mehtods
        int numMethods) // number of native methods

Either manually register or automatically register, jniRegisterNativeMethods will be invoked.
Two things are performed in this function:1) verify the validation of class name; 2) invoke JNIEnv->RegisterNatives to perform the realy registeration procedure.

extern "C" int jniRegisterNativeMethods(C_JNIEnv* env, const char* className,
    const JNINativeMethod* gMethods, int numMethods)
{
    JNIEnv* e = reinterpret_cast<JNIEnv*>(env);
    scoped_local_ref<jclass> c(env, findClass(env, className));
    if (c.get() == NULL) {
        //"Native registration unable to find class '%s'; aborting...", className);
        ...
    }
    if ((*env)->RegisterNatives(e, c.get(), gMethods, numMethods) < 0) {
        //"RegisterNatives failed for '%s'; aborting...", className);
        ...
    }
    return 0;
}

Manually Registeration in JNI_OnLoad

Automatically Registeration

JNIEnv->RegisterNatives

Location:dalvik/libnativehelper/include/nativehelper/jni.h

It is defined as follows:

    jint RegisterNatives(jclass clazz, const JNINativeMethod* methods,
        jint nMethods)
    { return functions->RegisterNatives(this, clazz, methods, nMethods); }

In Laoluo's post, he said:

    从前面Dalvik虚拟机的运行过程分析[1]一文可以知道，结构体JNIEnv的成员变量functions指向的是一个函数表，这个函数表又包含了一系列的函数指针，指向了在当前进程中运行的Dalvik虚拟机中定义的函数。对于结构体JNIEnv的成员函数RegisterNatives来说，它就是通过调用这个函数表中名称为RegisterNatives的函数指针来注册参数gMethods所描述的JNI方法的。


   从前面Dalvik虚拟机的启动过程分析[2]一文可以知道，上述函数表中名称为RegisterNatives的函数指针指向的是在Dalvik虚拟机内部定义的函数RegisterNatives，因此，接下来我们就继续分析它的实现

functions->RegisterNatives

Location:dalvik/vm/Jni.c

In this function, it reterives the class's object by invoking dvmDecodeIndirectRef firstly; then in the for statement, it registers each method in the methods[] by invoking dvmRegisterJNIMethod.

/** Register one or more native functions in one class.
 * This can be called multiple times on the same method, allowing the
 * caller to redefine the method implementation at will.
 */
static jint RegisterNatives(JNIEnv* env, jclass jclazz,
    const JNINativeMethod* methods, jint nMethods)
{
    ScopedJniThreadState ts(env);
    ClassObject* clazz = (ClassObject*) dvmDecodeIndirectRef(ts.self(), jclazz);
    ...
    for (int i = 0; i < nMethods; i++) {
        if (!dvmRegisterJNIMethod(clazz, methods[i].name,
                methods[i].signature, methods[i].fnPtr))
        {   return JNI_ERR; }
    }
    return JNI_OK;
}

dvmRegisterJNIMethod

Location:dalvik/vm/Jni.cpp

  1. 确保参数clazz所描述的类有一个名称为methodName的成员函数。首先是调用函数dvmFindDirectMethodByDescriptor来检查methodName是否是clazz的一个非虚成员函数，然后再调用函数dvmFindVirtualMethodByDescriptor来检查methodName是否是clazz的一个虚成员函数。

  2. 确保类clazz的成员函数methodName确实是声明为JNI方法，即带有native修饰符，这是通过调用函数dvmIsNativeMethod来实现的。

通过了前面的第1个检查之后，就可以获得一个Method对象method，用来描述要注册的JNI方法所对应的Java类成员函数。当一个Method对象method描述的是一个JNI方法的时候，它的成员变量nativeFunc保存的就是该JNI方法的地址，但是在对应的JNI方法注册进来之前，该成员变量的值被统一设置为dvmResolveNativeMethod。因此，当我们调用了一个未注册的JNI方法时，实际上执行的是函数dvmResolveNativeMethod。函数dvmResolveNativeMethod此时会在Dalvik虚拟内部以及当前所有已经加载的共享库中检查是否存在对应的JNI方法。如果不存在，那么它就会抛出一个类型为java.lang.UnsatisfiedLinkError的异常。

    注意，一个JNI方法是可以重复注册的，无论如何，函数dvmRegisterJNIMethod都是调用另外一个函数dvmUseJNIBridge来继续执行注册JNI的操作。

/** Register a method that uses JNI calling conventions. */
static bool dvmRegisterJNIMethod(ClassObject* clazz, const char* methodName,
    const char* signature, void* fnPtr)
{
    if (fnPtr == NULL) {    return false;    }
    // If a signature starts with a '!', we take that as a sign that the native code doesn't need the extra JNI arguments (the JNIEnv* and the jclass).
    bool fastJni = false;
    if (*signature == '!') {
        fastJni = true;        ++signature;
        ALOGV("fast JNI method %s.%s:%s detected", clazz->descriptor, methodName, signature);
    }
    Method* method = dvmFindDirectMethodByDescriptor(clazz, methodName, signature);
    if (method == NULL) {
        method = dvmFindVirtualMethodByDescriptor(clazz, methodName, signature);
    }
    if (method == NULL) {
        dumpCandidateMethods(clazz, methodName, signature);
        throwNoSuchMethodError(clazz, methodName, signature, "static or non-static");
        return false;
    }
    if (!dvmIsNativeMethod(method)) {
        ALOGW("Unable to register: not native: %s.%s:%s", clazz->descriptor, methodName, signature);
        throwNoSuchMethodError(clazz, methodName, signature, "native");
        return false;
    }
    if (fastJni) {
        // In this case, we have extra constraints to check...
        if (dvmIsSynchronizedMethod(method)) {
            // Synchronization is usually provided by the JNI bridge,
            // but we won't have one.
            ALOGE("fast JNI method %s.%s:%s cannot be synchronized",
                    clazz->descriptor, methodName, signature);
            return false;
        }
        if (!dvmIsStaticMethod(method)) {
            // There's no real reason for this constraint, but since we won't
            // be supplying a JNIEnv* or a jobject 'this', you're effectively
            // static anyway, so it seems clearer to say so.
            ALOGE("fast JNI method %s.%s:%s cannot be non-static",
                    clazz->descriptor, methodName, signature);
            return false;
        }
    }
    if (method->nativeFunc != dvmResolveNativeMethod) {
        /* this is allowed, but unusual */
        ALOGV("Note: %s.%s:%s was already registered", clazz->descriptor, methodName, signature);
    }
    method->fastJni = fastJni;
    dvmUseJNIBridge(method, fnPtr);
    return true;
}

dvmUseJNIBridge(method, fnPtr);

Location:dalvik/vm/Jni.cpp

一个JNI方法并不是直接被调用的，而是通过由Dalvik虚拟机间接地调用，这个用来间接调用JNI方法的函数就称为一个Bridge。这些Bridage函数在真正调用JNI方法之前，会执行一些通用的初始化工作。例如，会将当前线程的状态设置为NATIVE，因为它即将要执行一个Native函数。又如，会为即将要被调用的JNI方法准备好前面两个参数，第一个参数是一个JNIEnv对象，用来描述当前线程的Java环境，通过它可以访问反过来访问Java代码和Java对象，第二个参数是一个jobject对象，用来描述当前正在执行JNI方法的Java对象。

这些Bridage函数实际上仍然不是直接调用地调用JNI方法的，这是因为Dalvik虚拟机是可以运行在各种不同的平台之上，而每一种平台可能都定义有自己的一套函数调用规范，也就是所谓的ABI（Application Binary Interface），这是一个API（Application Programming Interface）不同的概念。ABI是在二进制级别上定义的一套函数调用规范，例如参数是通过寄存器来传递还是堆栈来传递，而API定义是一个应用程序编程接口规范。换句话说，API定义了源代码和库之间的接口，因此同样的代码可以在支持这个API的任何系统中编译 ，而ABI允许编译好的目标代码在使用兼容ABI的系统中无需改动就能运行。

为了使得运行在不同平台上的Dalvik虚拟机能够以统一的方法来调用JNI方法，这些Bridage函数使用了一个libffi库，它的源代码位于external/libffi目录中。Libffi是一个开源项目，用于高级语言之间的相互调用的处理，它的实现机制可以进一步参考http://www.sourceware.org/libffi/。

回到函数dvmUseJNIBridge中，它主要就是根据Dalvik虚拟机的启动选项来为即将要注册的JNI选择一个合适的Bridge函数。如果我们在Dalvik虚拟机启动的时候，通过-Xjnitrace选项来指定了要跟踪参数method所描述的JNI方法，那么函数dvmUseJNIBridge为该JNI方法选择的Bridge函数就为dvmTraceCallJNIMethod，否则的话，就再通过另外一个函数dvmSelectJNIBridge来进一步选择一个合适的Bridge函数。选择好Bridge函数之后，函数dvmUseJNIBridge最终就调用函数dvmSetNativeFunc来执行真正的JNI方法注册操作。

我们假设参数method所描述的JNI方法没有设置为跟踪，因此，接下来，我们就首先分析函数dvmSelectJNIBridge的实现，接着再分析函数dvmSetNativeFunc的实现。

/*
 * Point "method->nativeFunc" at the JNI bridge, and overload "method->insns"
 * to point at the actual function.
 */
void dvmUseJNIBridge(Method* method, void* func) {
    method->shouldTrace = shouldTrace(method);
    // Does the method take any reference arguments?
    method->noRef = true;
    const char* cp = method->shorty;
    while (*++cp != '\0') { // Pre-increment to skip return type.
        if (*cp == 'L') {
            method->noRef = false;
            break;
        }
    }
    DalvikBridgeFunc bridge = gDvmJni.useCheckJni ? dvmCheckCallJNIMethod : dvmCallJNIMethod;
    dvmSetNativeFunc(method, bridge, (const u2*) func);
}

dvmSelectJNIBridge

介绍如何选择Bridge函数
Dalvik虚拟机提供的Bridge函数主要是分为两类。第一类Bridge函数在调用完成JNI方法之后，会检查该JNI方法的返回结果是否与声明的一致，这是因为一个声明返回String的JNI方法在执行时返回的可能会是一个Byte Array。如果不一致，取决于Dalvik虚拟机的启动选项，它可能会停机。第二类Bridge函数不对JNI方法的返回结果进行上述检查。选择哪一类Bridge函数可以通过-Xcheck:jni选项来决定。不过由于检查一个JNI方法的返回结果是否与声明的一致是很耗时的，因此，我们一般都不会使用第一类Bridge函数。

    此外，每一类Bridge函数又分为四个子类：Genernal、Sync、VirtualNoRef和StaticNoRef，它们的选择规则为：

    1. 一个JNI方法的参数列表中如果包含有引用类型的参数，那么对应的Bridge函数就是Genernal类型的，即为dvmCallJNIMethod_general或者dvmCheckCallJNIMethod_general。

    2. 一个JNI方法如果声明为同步方法，即带有synchronized修饰符，那么对应的Bridge函数就是Sync类型的，即为dvmCallJNIMethod_synchronized或者dvmCheckCallJNIMethod_synchronized。

    3. 一个JNI方法的参数列表中如果不包含有引用类型的参数，并且它是一个虚成员函数，那么对应的Bridge函数就是kJNIVirtualNoRef类型的，即为dvmCallJNIMethod_virtualNoRef或者dvmCheckCallJNIMethod_virtualNoRef。

    4. 一个JNI方法的参数列表中如果不包含有引用类型的参数，并且它是一个静态成员函数，那么对应的Bridge函数就是StaticNoRef类型的，即为dvmCallJNIMethod_staticNoRef或者dvmCheckCallJNIMethod_staticNoRef。

    每一类Bridge函数之所以要划分为上述四个子类，是因为每一个子类的Bridge函数在调用真正的JNI方法之前，所要进行的准备工作是不一样的。例如，Genernal类型的Bridge函数需要为引用类型的参数增加一个本地引用，避免它在JNI方法执行的过程中被回收。又如，Sync类型的Bridge函数在调用JNI方法之前，需要执行同步原始，以避免多线程访问的竞争问题。

    这一步执行完成之后，返回到前面的Step 10中，即函数dvmUseJNIBridge中，这时候它就获得了一个Bridge函数，因此，接下来它就可以调用函数dvmSetNativeFunc来执行真正的JNI方法注册操作了。

dvmSetNativeFunc

Location:dalvik/vm/oo/Class.cpp

    参数method表示要注册JNI方法的Java类成员函数，参数func表示JNI方法的Bridge函数，参数insns表示要注册的JNI方法的函数地址。

    当参数insns的值不等于NULL的时候，函数dvmSetNativeFunc就分别将参数insns和func的值分别保存在参数method所指向的一个Method对象的成员变量insns和nativeFunc中，而当insns的值等于NULL的时候，函数dvmSetNativeFunc就只将参数func的值保存在参数method所指向的一个Method对象成员变量nativeFunc中。

/*
 * Replace method->nativeFunc and method->insns with new values.  This is
 * commonly performed after successful resolution of a native method.
 *
 * There are three basic states:
 *  (1) (initial) nativeFunc = dvmResolveNativeMethod, insns = NULL
 *  (2) (internal native) nativeFunc = <impl>, insns = NULL
 *  (3) (JNI) nativeFunc = JNI call bridge, insns = <impl>
 *
 * nativeFunc must never be NULL for a native method.
 *
 * The most common transitions are (1)->(2) and (1)->(3).  The former is
 * atomic, since only one field is updated; the latter is not, but since
 * dvmResolveNativeMethod ignores the "insns" field we just need to make
 * sure the update happens in the correct order.
 *
 * A transition from (2)->(1) would work fine, but (3)->(1) will not,
 * because both fields change.  If we did this while a thread was executing
 * in the call bridge, we could null out the "insns" field right before
 * the bridge tried to call through it.  So, once "insns" is set, we do
 * not allow it to be cleared.  A NULL value for the "insns" argument is
 * treated as "do not change existing value".
 */
void dvmSetNativeFunc(Method* method, DalvikBridgeFunc func,
    const u2* insns)
{
    ClassObject* clazz = method->clazz;
    assert(func != NULL);
    /* just open up both; easier that way */
    dvmLinearReadWrite(clazz->classLoader, clazz->virtualMethods);
    dvmLinearReadWrite(clazz->classLoader, clazz->directMethods);
    if (insns != NULL) {
        /* update both, ensuring that "insns" is observed first */
        method->insns = insns;
        android_atomic_release_store((int32_t) func,
            (volatile int32_t*)(void*) &method->nativeFunc);
    } else {
        /* only update nativeFunc */
        method->nativeFunc = func;
    }
    dvmLinearReadOnly(clazz->classLoader, clazz->virtualMethods);
    dvmLinearReadOnly(clazz->classLoader, clazz->directMethods);
}

调用过程说明

    假设在前面的Step 11中选择的Bridge函数为dvmCallJNIMethod_general，并且结合前面Dalvik虚拟机的运行过程分析一文，我们就可以得到Dalvik虚拟机在运行过程中调用JNI方法的过程：

    1. 调用函数dvmCallJNIMethod_general，执行一些必要的准备工作；

    2. 函数dvmCallJNIMethod_general再调用函数dvmPlatformInvoke来以统一的方式来调用对应的JNI方法；

    3. 函数dvmPlatformInvoke通过libffi库来调用对应的JNI方法，以屏蔽Dalvik虚拟机运行在不同目标平台的细节。

    至此，我们就分析完成Dalvik虚拟机JNI方法的注册过程了。这样，我们就打通了Java代码和Native代码之间的道路。实际上，很多Java和Android核心类的功能都是通过本地操作系统提供的系统调用来完成的，例如，Zygote类的成员函数forkAndSpecialize最终是通过Linux系统调用fork来创建一个Android应用程序进程的，又如，Thread类的成员函数start最终是通过pthread线程库函数pthread_create来创建一个Android应用程序线程的。

1.2 Dynamically Resolve Native Functions for JNI

dvmResolveNativeMethod is the inital nativeFuncJNI for a native method in Java. If a native method in Java isn't binded to a dvmCallJNIMethod_xxx and a native function, then dvmResolveNativeMethod will be invoked as it is the initial function. We will introduce dvmResolveNativeMethod as follows.

1.2.1 dvmResolveNativeMethod

Location:dalvik/vm/native.cpp

• 调用dvmLookupInternalNativeMethod,查找符合要求的Native Function,如果找到则调用dvmSetNativeFunc((Method*) method, dfunc, NULL)进行native function的绑定(insns为null),然后调用该native function:dfunc(args, pResult, method, self);
• 如果上述方式没有找到Native Function,则调用void* func = lookupSharedLibMethod(method);从当前已加载的共享库中查找相应的方法;找到后按照JNI Bridge的方式调用dvmUseJNIBridge((Method*) method, func);进行绑定;最后再调用该方法(*method->nativeFunc)(args, pResult, method, self);.

注:从执行步骤看出,无论哪种情况,只要找到相应的Native Function,则被绑定后,该函数dvmResolveNativeMehtod将不会再次被调用.

/* * Resolve a native method and invoke it.
 *
 * This is executed as if it were a native bridge or function.  If the
 * resolution succeeds, method->insns is replaced, and we don't go through
 * here again unless the method is unregistered.
 *
 * Initializes method's class if necessary.
 *
 * An exception is thrown on resolution failure.
 *
 * (This should not be taking "const Method*", because it modifies the
 * structure, but the declaration needs to match the DalvikBridgeFunc
 * type definition.)
 */
void dvmResolveNativeMethod(const u4* args, JValue* pResult,
    const Method* method, Thread* self)
{
    ClassObject* clazz = method->clazz;
    /** If this is a static method, it could be called before the class
     * has been initialized.*/
    if (dvmIsStaticMethod(method)) {
        if (!dvmIsClassInitialized(clazz) && !dvmInitClass(clazz)) {
            assert(dvmCheckException(dvmThreadSelf()));
            return;
        }
    } else {
        assert(dvmIsClassInitialized(clazz) ||
               dvmIsClassInitializing(clazz));
    }
    /* start with our internal-native methods */
    DalvikNativeFunc infunc = dvmLookupInternalNativeMethod(method);
    if (infunc != NULL) {(*method->nativeFunc)(args, pResult, method, self);
        /* resolution always gets the same answer, so no race here */
        IF_LOGVV() {
            char* desc = dexProtoCopyMethodDescriptor(&method->prototype);
            LOGVV("+++ resolved native %s.%s %s, invoking",
                clazz->descriptor, method->name, desc);
            free(desc);
        }
        if (dvmIsSynchronizedMethod(method)) {
            ALOGE("ERROR: internal-native can't be declared 'synchronized'");
            ALOGE("Failing on %s.%s", method->clazz->descriptor, method->name);
            dvmAbort();     // harsh, but this is VM-internal problem
        }
        DalvikBridgeFunc dfunc = (DalvikBridgeFunc) infunc;
        dvmSetNativeFunc((Method*) method, dfunc, NULL);
        dfunc(args, pResult, method, self);
        return;
    }
    /* now scan any DLLs we have loaded for JNI signatures */
    void* func = lookupSharedLibMethod(method);
    if (func != NULL) {
        /* found it, point it at the JNI bridge and then call it */
        dvmUseJNIBridge((Method*) method, func);
        (*method->nativeFunc)(args, pResult, method, self);
        return;
    }
    IF_ALOGW() {
        char* desc = dexProtoCopyMethodDescriptor(&method->prototype);
        ALOGW("No implementation found for native %s.%s:%s",
            clazz->descriptor, method->name, desc);
        free(desc);
    }
    dvmThrowUnsatisfiedLinkError("Native method not found", method);
}

dvmLookupInternalNativeMethod

Location:/dalvik/vm/native/InternalNative.cpp

---

Invoke Native Method

As we know, Davik Virtual Machine is stared up in Zygote process and receives an instance of JavaVM and an instance of JNIEnv. The JavaVM instance is used to describe the instance of Zygote's Dalvik VM, and JNIEnv is used to describe the JNI environment of Zygote's main thread. Once JNIEnv and JavaVM are ready, JNIEnv's member method--CallStaticVoidMethod is invoked by Zygote process to call the static member method main of com.android.internal.os.ZygoteInit class, say, main is the entrance of Java World.
Now, let's start the discussion with CallStaticVoidMethod.

JNIEnv.CallStaticVoidMethod

The following picture[3] shows How Dalvik VM works.

Typically, for the invoke of Native Methods, the first 4 steps are enough. Now we'll goto details.

JNIEnv.CallStaticVoidMethod is defined in dalvik/libnativehelper/inlcude/nativehelper/jni.h.

Actually, JNIEnv is a strcture containing the memeber variable functions, a table of callback functions, in a type of JNINativeInterface. Thus, JNIEnv.CallStaticVoidMethod call functions->CallStaticVoidMethodV

    void CallStaticVoidMethodV(jclass clazz, jmethodID methodID, va_list args)
    { 
        functions->CallStaticVoidMethodV(this, clazz, methodID, args); 
    }

This function table named functions comes from gNativeInterface, a global function table in dalvik/vm/jni.cpp. In this table, CallStaticVoidMethodV points to a function with the same name, which is also defined in dalvik/vm/jni.cpp

/*
 * Call a static method.
 */
#define CALL_STATIC(_ctype, _jname, _retfail, _retok, _isref)               \
    ...
    static _ctype CallStatic##_jname##MethodV(JNIEnv* env, jclass jclazz,   \
        jmethodID methodID, va_list args)                                   \
    {                                                                       \
        UNUSED_PARAMETER(jclazz);                                           \
        ScopedJniThreadState ts(env);                                       \
        JValue result;                                                      \
        dvmCallMethodV(ts.self(), (Method*)methodID, NULL, true, &result, args);\
        if (_isref && !dvmCheckException(ts.self()))                        \
            result.l = (Object*)addLocalReference(ts.self(), result.l);           \
        return _retok;                                                      \
...

When the CALL_STATIC is replaced, we can get the real implementation of CallStaticMethodV. we can see, dvmCallMethodV is the key point.

dvmCallMethodV

If the called method is a native method, it will call method->nativeFunc directly. Otherwise, it will call dvmInterpret to interpret and execute Java method.

/*
 * Issue a method call with a variable number of arguments.  We process
 * the contents of "args" by scanning the method signature.
 *
 * Pass in NULL for "obj" on calls to static methods.
 *
 * We don't need to take the class as an argument because, in Dalvik,
 * we don't need to worry about static synchronized methods.
 */
void dvmCallMethodV(Thread* self, const Method* method, Object* obj,
    bool fromJni, JValue* pResult, va_list args)
{
    const char* desc = &(method->shorty[1]); // [0] is the return type.
    int verifyCount = 0;
    ClassObject* clazz;
    u4* ins;
    clazz = callPrep(self, method, obj, false);
    if (clazz == NULL)
        return;
    /* "ins" for new frame start at frame pointer plus locals */
    ins = ((u4*)self->interpSave.curFrame) +
           (method->registersSize - method->insSize);
    //ALOGD("  FP is %p, INs live at >= %p", self->interpSave.curFrame, ins);
    /* put "this" pointer into in0 if appropriate */
    if (!dvmIsStaticMethod(method)) {
#ifdef WITH_EXTRA_OBJECT_VALIDATION
        assert(obj != NULL && dvmIsHeapAddress(obj));
#endif
        *ins++ = (u4) obj;
        verifyCount++;
    }
    while (*desc != '\0') {
        switch (*(desc++)) {
            case 'D': case 'J': {
                u8 val = va_arg(args, u8);
                memcpy(ins, &val, 8);       // EABI prevents direct store
                ins += 2;
                verifyCount += 2;
                break;
            }
            case 'F': {
                /* floats were normalized to doubles; convert back */
                float f = (float) va_arg(args, double);
                *ins++ = dvmFloatToU4(f);
                verifyCount++;
                break;
            }
            case 'L': {     /* 'shorty' descr uses L for all refs, incl array */
                void* arg = va_arg(args, void*);
                assert(obj == NULL || dvmIsHeapAddress(obj));
                jobject argObj = reinterpret_cast<jobject>(arg);
                if (fromJni)
                    *ins++ = (u4) dvmDecodeIndirectRef(self, argObj);
                else
                    *ins++ = (u4) argObj;
                verifyCount++;
                break;
            }
            default: {
                /* Z B C S I -- all passed as 32-bit integers */
                *ins++ = va_arg(args, u4);
                verifyCount++;
                break;
            }
        }
    }
#ifndef NDEBUG
    if (verifyCount != method->insSize) {
        ALOGE("Got vfycount=%d insSize=%d for %s.%s", verifyCount,
            method->insSize, clazz->descriptor, method->name);
        assert(false);
        goto bail;
    }
#endif
    //dvmDumpThreadStack(dvmThreadSelf());
    if (dvmIsNativeMethod(method)) {
        TRACE_METHOD_ENTER(self, method);
        /*Because we leave no space for local variables, "curFrame" points directly at the method arguments.*/
        (*method->nativeFunc)((u4*)self->interpSave.curFrame, pResult,
                              method, self);
        TRACE_METHOD_EXIT(self, method);
    } else {
        dvmInterpret(self, method, pResult);
    }
#ifndef NDEBUG
bail:
#endif
    dvmPopFrame(self);
}

---

Native Method Invocation

dvm的中的所有method都是通过一个Method的object进行管理。
All methods in the DVM are managed via Method object. Each method in Java is described via a Method object.

/*
 * A method.  We create one of these for every method in every class we load, so try to keep the size to a minimum. Much of this comes from and could be accessed in the data held in shared memory.  
We hold it all together here for speed. 
Everything but the pointers could be held in a shared table generated by the optimizer; if we're willing to convert them to offsets and take the performance hit (e.g. "meth->insns" becomes "baseAddr + meth->insnsOffset") we could move everything but "nativeFunc". */
struct Method {
    /* the class we are a part of */
    ClassObject*    clazz;
    /* access flags; low 16 bits are defined by spec (could be u2?) */
    u4 accessFlags;
    /** For concrete virtual methods, this is the offset of the method in "vtable". For abstract methods in an interface class, this is the offset of the method in "iftable[n]->methodIndexArray". */
    u2 methodIndex;
    /*Method bounds; not needed for an abstract method. For a native method, we compute the size of the argument list, and set "insSize" and "registerSize" equal to it. */
    u2 registersSize;  /* ins + locals */
    u2 outsSize;
    u2 insSize;
    /* method name, e.g. "<init>" or "eatLunch" */
    const char*     name;
    /*Method prototype descriptor string (return and argument types).
     *
     * TODO: This currently must specify the DexFile as well as the proto_ids index, because generated Proxy classes don't have a DexFile.  We can remove the DexFile* and reduce the size of this struct if we generate a DEX for proxies.*/
    DexProto        prototype;
    /* short-form method descriptor string */
    const char* shorty;
    /*The remaining items are not used for abstract or native methods. (JNI is currently hijacking "insns" as a function pointer, set after the first call.  For internal-native this stays null.)  */
    /* the actual code */
    const u2* insns; /* instructions, in memory-mapped .dex */
    /* JNI: cached argument and return-type hints */
    int jniArgInfo;
    /*JNI: native method ptr; could be actual function or a JNI bridge.  We don't currently discriminate between DalvikBridgeFunc and DalvikNativeFunc; the former takes an argument superset (i.e. two extra args) which will be ignored.  If necessary we can use insns==NULL to detect JNI bridge vs. internal native.   */
    DalvikBridgeFunc nativeFunc;
    /*JNI: true if this static non-synchronized native method (that has no reference arguments) needs a JNIEnv* and jclass/jobject. Libcore uses this.*/
    bool fastJni;
    /*JNI: true if this method has no reference arguments. This lets the JNI bridge avoid scanning the shorty for direct pointers that need to be converted to local references.  TODO: replace this with a list of indexes of the reference arguments.*/
    bool noRef;
    /*JNI: true if we should log entry and exit. This is the only waydevelopers can log the local references that are passed into their code. Used for debugging JNI problems in third-party code.*/
    bool shouldTrace;
    /*Register map data, if available.  This will point into the DEX file if the data was computed during pre-verification, or into the linear alloc area if not.*/
    const RegisterMap* registerMap;
    /* set if method was called during method profiling */
    bool            inProfile;
};

---

Summary

When a native library is loaded, the JNI_OnLoad function in library will be automatically loaded. Usually, some initial stuffs and native method registeration via jniRegisterNativeMethod are processed in JNI_OnLoad.

If a native method is registered in JNI_OnLoad, then the method->nativeFunc will be changed from dvmResolveNativeMethod to dvmCallJNIMehtod_general, at the same time, method->insns will be set to the native function, which is the implementation of the JNI method.

If the native method isn't registered in JNI_OnLoad, then when the native method is called in Java, it will invoke the method->nativeFunc's default vaule, dvmResolveNativeMethod.

In dvmResolveNativeMethod, it will try to find a function, which matches the JNI method based on the JNI specification, and bind it to the current JNI method, then invoke it. If it couldn't find the right native function, it will throw an exception.

When a Java method is called, dvm will examine whether the method is a native method. If it's a native method, it will invoke method->nativeFunc. Otherwise, it will use related intepreter to executate its java code.

---

References