Tinker

The principle of

Type of repair

Through the self-developed DexDiff algorithm to generate the subcontract, the client and the old dex to synthesize a new DEX file, using the principle that Android will search and load a class from the dexElements array in order when loading, and will not continue to search after loading. Insert the repaired dex in front of dexElements the next time the app starts. The problem of CLASS_ISPREVERIFIED is solved by synthesizing a new DEX package.

CLASS_ISPREVERIFIED problem

That is, if class A only references other classes in the same DEX, A is marked with CLASS_ISPREVERIFIED. If A references other classes in other dex again, the CLASS_ISPREVERIFIED error is reported.

Resource file repair

  1. Public. XML is used to fix resource ids during APK generation to prevent resource ids in the patch package from conflicting with those in the original APK
  2. Walk through LoadedApk and replace resDir with the newly synthesized resource directory path
  3. Create a new AssetManager, call addAssetPath to add patch path, reflect ResourceManager resources cache, set the mAsset variable of ResourceImpl to the newly created AssetManager, and clear the cache. Update the resource

So the repair

  1. The new SO file is also synthesized by subcontracting
  2. You need to manually load so according to the device ABI, using System.loadLibrary

advantages

  1. Support for class repair, resource repair, so repair, covering most of the areas that need to be repaired

insufficient

  1. Androidmanifest.xml cannot be updated
  2. The app does not take effect immediately and needs to be restarted
  3. Some Samsung Android-21 models are not supported
  4. The original project’s Application needs to be changed because the Application class was loaded before the hotfix framework was loaded.
  5. Synthesizing a new DEX takes up more memory, so a new process needs to be opened to merge

Robust

The principle of

ChangeQuickRedirect = null changeQuickRedirect = null changeQuickRedirect = null

public long getIndex(a) {
    return 100;
}
Copy the code

Code after staking

public static ChangeQuickRedirect changeQuickRedirect;
public long getIndex(a) {
        if(changeQuickRedirect ! =null) {
            //PatchProxy encapsulates the logic to get the current className and methodName.
            // And finally calls the corresponding function of changeQuickRedirect within it
            if(PatchProxy.isSupport(new Object[0].this, changeQuickRedirect, false)) {
                return ((Long)PatchProxy.accessDispatch(new Object[0].this, changeQuickRedirect, false)).longValue(); }}return 100L;
}
Copy the code

Advantages:

  1. Almost no performance impact (method call, cold start)
  2. Android2.3-8.x is supported
  3. The Robust is highly compatible (only using DexClassLoader normally) and stable, and the repair success rate is as high as 99.9%
  4. The patch takes effect in real time and no restart is required
  5. Support for method-level fixes, including static methods
  6. Support for adding methods and classes
  7. ProGuard obfuscation, inlining, and optimization are supported

Disadvantages:

  1. The code is intrusive, adding related code to the existing class
  2. Replacement of SO and resources is not supported
  3. It increases the size of apK by 17.47 bytes per function and 1.67m per 100,000 functions.
  4. The number of methods is increased by a small amount. After using the Robust plug-in, functions that can be inlined by ProGuard cannot be inlined

AndFix

The principle of

Art VM: Each class Method corresponds to an ArtMethod structure in Native. Dalvik VM: Obtain the pointer of Method structure by FromReflectedMethod and replace the obtained structure attributes with those of the restored Method to achieve the repair effect

advantages

  1. Effective immediately

disadvantages

  1. The compatibility is poor, Dalvik VM and ART VM need two implementations, and there will be some inconsistents between different manufacturers and versions of ArtMethod, so they need to be compatible respectively. Currently, they are only compatible with Android 7.0, and there is no maintenance left. Upgrade to Sophix, but Sophix is not open source

QZone

The principle of

Similar to Tinker, the new dex is inserted into dexElements, but the patch dex is not merged with the old dex to generate a new dex package. To solve the CLASS_ISPREVERIFIED problem, hack.dex is included in the application. The dex has only one class, AntilazyLoad, and then pins are inserted in each class so that each class references this class so that the class is not called CLASS_ISPREVERIFIED.

advantages

  1. There is no need to merge dex, which occupies less memory than Tinker

disadvantages

  1. After the Dalvik VM and APP are installed, the dexopt operation is performed. The classes in the same dex file are marked with CLASS_ISPREVERIFIED, but the classes in the patch package are not marked with this flag. Therefore, an exception is thrown. The solution is to make all classes reference classes in another DEX file when the APK is packaged for the first time. In this way, all classes are not marked with CLASS_ISPREVERIFIED and the patch package can be loaded smoothly. However, after detecting that a class is not registered with CLASS_ISPREVERIFIED, Dalvik VM will perform dexopt-related operations again during the class loading. If many classes are loaded at one time, the speed will be significantly slower.

  2. Art virtual machine, dex file will eventually compile the cost machine code, in dex2OAT, FAST * has written the address of each class dead, if the patch package in the class field or method modification, there will be memory address disorder, the solution is to add the parent class of this class and the class calling this class to the patch package. But this can cause the patch pack to grow dramatically.