Abstract: The field of thermal repair is full of various schools, such as Ali AndFix, Meituan Robust, Qzone, wechat Tinker, etc., each method has its own advantages and disadvantages. Ali Hotfix 2.x introduced in this article is optimized and innovated in 1.x version, which not only supports flexible switching between hot deployment and cold deployment solutions; At the same time, the resource, SO file and class repair are implemented in real time. The whole access process adopts the foolproof method, does not invade the packaging process at all, and provides the user with a visual UI interface.

 

— — — — — — — — — — — — — — — — — — —

In the live broadcast of ali HotFix2.0 upgrade details, ali HotFix core development engineer wu ‘er gave a detailed speech from three aspects: HotFix background, common HotFix solutions, ali HotFix process and breakthrough and innovation of 2.0. In the sharing, he introduced ali Hotfix2.X class, SO files, resource file repair solutions and management background services, and he also looked into the future of Ali Hotfix2.X needs to add features.

 

Thermal repair background



Normal Bug repair smooth including version online, user installation, Bug discovery, emergency repair, re-issue of the version, user installation six steps. There are obvious shortcomings in this process. First, it is too expensive to re-release the version. Since APK is released through multiple channels, new APK packages need to be pushed to each channel again when re-releasing the version. Secondly, the user download installation cost also increases accordingly; In addition, due to the need to re-issue version, installation, resulting in a timely Bug repair, poor user experience.

The first four steps of the hot repair process are the same as the normal repair process, but in the hot repair process, the version is no longer re-issued, instead, the upload patch is generated. After that, the SDK pulled and loaded the patch to complete the Bug repair. In the thermal repair process, there is no need to re-issue the version, which can be real-time and efficient thermal repair; At the same time, users have no perception of repair, no need to download a new application, the cost is small. Compared to the normal repair process, thermal repair has a higher success rate and minimizes losses.

 

There are several major schools of thermal repair

Common schools of thermal repair include Ali AndFix, Meituan Robust, Qzone, wechat Tinker, etc. The following will introduce them one by one.

 

Ali AndFix

  

Ali andFix hot fix solution through Hook local method. The whole process is as follows: First, open the link library to get the operation handle, get the internal function of the Native layer, and get the Classobject object. Step 2, fix the access attribute to Public; The third step is to get a pointer to the old and new methods, and the new method points to the target method to achieve the method replacement.

The whole process does not invade packaging, performance without loss; It also takes effect immediately. Its disadvantages are also obvious: compatibility is very unstable, and it needs to be adapted for Dalvik VM and Art VM. There is no support for adding class methods/fields, modifying <init> methods, and replacing resources. The runtime method is patched, causing Crash risk.

 

Meituan Robust

The principle of Meituan’s Robust repair scheme is similar to Instant Run. Each function of each product code is automatically inserted a code in the compilation and packaging stage. After the client obtains patch. Dex, use DexClassLoader to load the patch. Dex. The changeQuickRedirect field is assigned to the Class New object statepatch.java in patch. Dex.

During the whole Patch making process, DexClassLoader is normally used in this scheme, which has high compatibility. No reflection injection can take effect in real time. The disadvantages of this scheme are: because you insert code before each function, you need to invade the packaging process; Functions that can be inlined by ProGuard before cannot be inlined, so the number of methods may increase, which may exceed 65536 limit, and the volume of APK will also increase. The solution does not support the repair of SO files and resource files.

 

Mobile QQ Space

 



The hot repair scheme of mobile QQ space can be summarized by injection and piling. The general process is as follows: after fixing the Bug method, place it in a separate DEX, insert it at the top of the DEX Elements array, and let the virtual machine load the fixed method.

The solution is similar to Google’s Multidex, with high compatibility while maintaining stability. Disadvantages: Does not support real-time implementation; Under Davilk, class loading has performance problems. Under Art, the patch contains classes, parent classes, and all classes that reference this class, so the patch package is large. Because classes in the original DEX need to reference additional DEX classes, invasive packaging is required.

 

WeChat Tinker

In order to solve the efficiency problem caused by staking of QQ space patch technology, wechat Tinker introduced DEX differential packet. Its main principle is basically the same as that of Qzone super Patch technology. The biggest difference is that patch. dex is no longer added to Elements array, but given in the way of difference. Then merge patch. Dex with classes. Dex, and replace the old Dex as a whole to achieve the purpose of repair.


In this scheme, the self-developed DexDiff algorithm is adopted to reduce the size of the difference by making in-depth use of the format of Dex, so as to make the patch package small enough. Its disadvantages are: it does not support real-time implementation; Because the patch DEX needs to be merged with the original DEX, it takes up extra memory and disk space, and the merger fails easily due to memory consumption and other reasons. With QQ space patch technology is the same, the same need for invasive packaging.



Here’s how Hotfix compares to mainstream hotfixes. It can be seen that Hotfix has relative advantages in immediate effect, performance consumption, Rom volume, access complexity, patch package size, class replacement, SO file replacement, resource scheme and other aspects.

 

Ali Hotfix 1.x version



Ali Hotfix 1.x added patch management background on the basis of AndFix; At the same time, based on the practice of mobile shopping, a lot of optimization for AndFix, improve the compatibility and stability of performance; New classes are functionally supported and smaller fix packs are provided (this is due to class-based methods as granularity).

The figure shows the background function of Ali Hotfix 1.x service. Users can create an application version and upload patches according to the version number. In addition, patch control functions are provided, such as stop release, continue release, gray/full release, etc.


But ali Hotfix 1.x still has a lot of limitations:

  • Does not support resource, So file repair; New class methods/class fields are not supported because Hotfix 1.x essentially hooks an existing method;

  • Methods whose parameters include Long, Double, and Float cannot be patched. Methods whose parameters exceed 8 cannot be patched.

  • Methods called by reflection cannot be patched. More specifically, reflection calls to non-static methods will prompt IllegalArgumentException exceptions. Static methods called by reflection can be patched if the reflection calls do not involve class objects.

  • Constructors cannot be patched and are not actually allowed to modify a class field (both static and non-static);

  • A running method cannot be patched. That is to say, if a method is running and its structure in the Native layer is replaced, it is likely to cause a Crash.

 

Ali Hotfix2.0 solution



Compared to the 1.X version, Ali Hotfix 2. X removes the above limitation completely. It is not only based on AndFix, but flexibly switches between hot deployment and cold deployment. The real-time effect of resource, SO file and class repair is realized. At the same time, the foolproof access scheme is adopted, which does not invade the packaging process and provides users with visual UI interface patching.

Since ali Hotfix 2.x version has a big change compared to 1.x version, it needs to do a large-scale integration test in advance before it is officially launched.



Ali HotFix 2.x class fix solution

Hotfix2.x does not invade the packaging process during the hot fix process, but instead generates patches through the patch tool. Since the hot deployment Andfix repair method running has the risk of Crash, the patch tool provides parameters for the business side to decide whether to try hot deployment. If the Patch method of the user is not frequently invoked and needs to take effect in real time, the hot deployment solution can be preferred. This is not always the case, however, and when code changes make hot deployment unsupported, there is still a shift to cold deployment.



Hot deployment

Hot deployment is the code change supported by AndFix, which goes to the optimized AndFix solution, also known as HotFix1.x.



Cold deployment

Cold deployments are code changes that AndFix does not support. Cold deployment has different treatments for Davilk and Art:

  • Under Davilk, inject dexElements appended to PathClassLoader, but bypass dvMResolveclass by Hack local method without piling.

  • A complete dex is directly synthesized under Art, and the current mature Art dynamic deployment scheme is adopted. Finally, dexElements of PathClassLoader can be replaced.

Ali HotFix2.x SO file fix solution

SO files under Davilk and ART are loaded in different ways, resulting in the need to distinguish between ART and Davilk for different processing:

  • ART pre-load the original SO file, and then Load the patch SO file;

  • Davilk pre-load patch SO file, then Load the original SO file.

The key here is that the Abis supported by the integrated model and the Abis in the patch pack together determine the new LibPath of the patch SO. In order to achieve better performance, hotfix2.x provides the following two interfaces to replace the system interface for loading SO files:

 

  • Sopatchmanager.load (String libPath) replace system.load (String pathName)

  • SOPatchManager. LoadLibrary (String libName) instead of the System. LoadLibrary (String libName)

 

Ali HotFix2.x resource file repair solution

In the resource file, the resource ids are encoded in the resources.arsc file, arranged closely and numbered automatically according to the arrangement order. The RES directory holds all resource files with ids. The layout file is an XML file in binary form. XML references other resources in the form of resource IDS. The Assets directory stores all original files without ID. Aapt constructs resources, including automatic allocation of resource ids and generation of R files. By default, each compilation does not guarantee the same ID as the previous package.


There are three widely used resource remediation solutions in the market:

  • Differential synthesis of a complete resource pack, runtime complete load of resources; The disadvantage of this scheme is that the synthetic resources occupy time and memory, which is easy to cause lag.

  • Modify AAPT to leave blank the resources that may be added in the future in advance, and set aside the position corresponding to the ID of the newly added resource in the Patch package at run time; The disadvantages of this solution are: it needs to change the packaging process, modify the code and compile and replace THE Aapt in SDK; Packaging is too intrusive and takes up some disk space by leaving it empty. The amount of space left is predetermined and cannot be changed.

  • Plug-in and componentized resources; The downside of this approach is that resources need to be modular and planned in advance.


Baichuan resource file repair scheme is directly based on the old and new two APKS to construct the patch package, there is no need to modify AAPT, no requirements for compilation process; At the same time, the usage of each resource ID is accurately compared to maximize the utilization of the original baseline package resources. The patch package contains only newly added and modified resources. No synthesis operation is required at run time, fast application takes effect and does not affect performance.


Baichuan resources file repair program is not only simple repair, for any degree, and even earth-shaking modification can be applicable, but the patch file will be relatively large, the program is compatible with all models of Android, just select the old and new two APK, quick generation of patches, and good stability; With class recovery solutions, resource recovery can take effect in real time. When using the Baichuan resource file repair solution, note the following:

 

(1) If resource mixing is performed in advance, ensure that the mixing relationship between the old and new packages is consistent. Otherwise, resources in the original baseline package cannot be found during patch installation, and non-new resources are regarded as new resources, resulting in a larger patch package.

(2) It is recommended to set the removal of useless resources during each packaging. This reduces the package size while ensuring that the new resources in the patch pack are useful.

(3) Resources referenced in AndroidManifest cannot be changed. Some resources such as icon are fixed upon installation and cannot be changed by any current patch solution. For other resources, such as Theme, we can extract resource information from AndroidManifest and set it in code.

 

Ali Hotfix manages backend services

Ali Hotfix currently provides the following services: patch grayscale release/official release, patch rollback and patch security.

  • Patch grayscale release/official release, before release can be verified by local or scan code two ways before release online; In local patch mode, patches can be placed in any specified directory. Scan code mode is to scan the TWO-DIMENSIONAL code to generate a download URL, and then directly download, this time does not need to authenticate with the server; Grayscale release specifies the specific number of users and then random push.

  • If an error occurs, you can roll back to the target patch version, and all devices of the application version can be rolled back to the target patch version.

  • In terms of patch security, HotFix hosts the RSA key in the background and requires security signature verification during patch loading.

 

In the near future, the following services will be launched on Ali HotFix platform:

  • Patch Custom platform independent AES secret key. During patching, the user can customize the AES password and then fill in the secret key during SDK initialization. Alibaichuan platform has no perception of the secret key, so the patch is absolutely safe in the background.

  • Patches can be delivered to target locations by system version, channel, or user-defined TAG.

  • The patch loading success rate is displayed in real time. Details about the patch loading failure may be reported later, facilitating troubleshooting.

  • To use the one-click patch rollback function, two conditions must be met: ① The current version has been stopped. ② This version has at least one previous version. So if the first patch is delivered with an error, patch rollback cannot be done, so you need to provide a one-click patch clearing function.

 

Progress on Swift Hot Patch

After the launch of Swift 3, more and more projects also moved to Swift. So what about Hot Patch’s support for Swift in an era of tech sharing known as Swift?



There are two mature products: WAX and JSPatch. The former is the Patch scheme based on Lua language; The latter is Patch scheme based on JavaScript language. Both rely on Objective-C Runtime, and replace the implementation of the Patch Method with _objc_msgForward/_objc_msgForward_stret through Method Swizzling. Then replace forwardInvocation: call the patch implementation for the language-specific bridge method.

Since both rely heavily on objective-C Runtime and NSObject’s forward mechanism, they are constrained in supporting Swift Hot Patch.



Rollout. IO is a swift-oriented Hot Patch solution compared to WAX and JSPatch. It adds code injection logic before the swifTC compiler to modify swift-related code. This allows SwifTC to compile with injected code. Here the viewDidLoad method is taken as an example to illustrate the code injection: First, the data required by Patch is extracted according to the method ID; Next, judge whether Patch should be made; If it should be, Patch is executed with Patch data, target, method entry, and method call closure as parameters. With injection, Patch can replace the original implementation of any method.


However, rollout. IO has a number of problems: it supports very limited patches, only Patch class instance function; In addition, it does not support calling Swift methods in Patch, and its syntax is cumbersome when calling Objective-C methods.



HotFix’s Swift Hot Patch combines the strengths of WAX/JSPatch and Rollout. IO, and complement rollout. IO’s weaknesses in Patch. In addition to WAX/JSPatch and rollout. IO limitations, global function, struct Function and enum function patches are also supported. Short syntax is maintained when calling Objective-C methods; At the same time, the way to call Swift methods dynamically is also being studied.



SteveMcConnell in code te says “Program into your language, not in it”. It is hoped that Swift Hot Patch can help more developers to go deep into Swift and express their ideas freely with language instead of just staying at the grammar level.


Click the original link to follow ali HotFix product upgrade!