The opening

This article has no source code analysis, only the introduction of Binder communication process and infrastructure

Binder is one of the most important interprocess communication mechanisms in Android, based on the open source OpenBinder

George Hoffman, then an engineer at Be, started a project called OpenBinder, which Dinnie Hackborn continued to develop after Be was acquired by ParmSource, It later became the basis for managing the process for ParmOS6 Cobalt OS. After Hackborn joined Google, he developed Android Binder(Binder) on top of OpenBinder, which is used to communicate with Android processes.

Why Binder

As an Android developer, we work with Binder every day, though we may not notice it at times, such as:

  • startActivity“, will get AMS service, call AMS servicestartActivitymethods
  • startActivityWhy do passed objects need to be serialized
  • bindServiceWhy is the callback oneIbinderobject
  • In multi-process applications, how do processes communicate with each other
  • AIDLThe use of
  • .

All of them are related to Binder, and understanding Binder mechanisms is essential when encountering the above scenarios or problems

Why Android chose Binder

This starts with interprocess communication. Let’s take a look at some of the more common interprocess communication methods

Common interprocess communication

The Shared memory

Shared memory is one of the simplest ways to communicate between processes. Shared memory allows two or more processes to access the same block of memory. When one process changes the contents of the block, other processes notice the change.

Shared memory accesses the same block of memory, so data does not need to be replicated. It is the fastest and most efficient way of IPC. However, shared memory does not provide synchronization mechanism, requiring us to manually control mutually exclusive operations between memory, which is easy to occur problems. At the same time, because shared memory can arbitrarily access and modify the data in the memory, if there is a malicious program to design code for a certain program, it is likely to lead to privacy leakage or program crash, so the security is poor.

The pipe

Pipeline is divided into a named pipe and anonymous pipes. It is a special kind of file as intermediate medium, we called pipe file, it has a fixed end and writing end, read write process through the writing section of writing data into the pipe file, read through the reading section to read data from the reading process, constitute a data transmission assembly line, its principle as shown in the figure below:

A pipe communication requires two data replicates (process A -> pipe file, pipe file -> process B). The read and write of a pipe can be blocked or non-blocked. The creation of a pipe allocates a buffer, which is limited and blocks if the size of the transferred data exceeds the buffer limit, or if the data is not scheduled to be read or written in blocking mode. The pipe transmits an unformatted byte stream, which requires the reader and writer of the pipe to agree on the format of the data in advance.

The message queue

Message queues are linked lists of messages stored in the kernel, and each message queue is represented by a message queue identifier. Message queues allow multiple processes to read and write messages at the same time. The sender and receiver must agree on the data type and size of the message body. Message queue overcomes the disadvantages of signal carrying less information and pipeline carrying only unformatted byte stream. Once message queue communicates, it also needs to undergo two data replication (process A -> message queue, message queue -> process B). Its principle is shown in the following figure:

Socket

The Socket was originally designed for the network, but it could also communicate between processes through the local loopback address (127.0.0.1). Later, an IPC mechanism named UNIX Domain Socket was developed on the Socket framework. Socket is a typical C/S architecture. A Socket has two buffers, one for read and one for write. To send or receive messages, the contents of one Socket buffer need to be copied to the other Socket buffer, so a Socket communication also needs to undergo two data replication.

Binder

Now that you know how common processes communicate, Binder works

Binder is designed and implemented based on memory-mapped Mmap, which we need to understand first

mmap

Mmap is a method of memory mapping. A file or other object is mapped to the address space of a process to achieve the mapping between the file disk address and a segment of virtual address in the process virtual address space. After such mapping is achieved, the process can use Pointers to read and write the memory, and the system will automatically write back dirty pages to the corresponding file disk, that is, the operation on the file is completed without calling system call functions such as read and write. Conversely, changes made by the kernel space to this area directly reflect user space, allowing file sharing between different processes.

The Linux kernel does not actively synchronize the modified Mmap content to disk files. There are four times when mmap mapping is synchronized to disk:

  • callmsyncThe function actively synchronizes data (actively)
  • callmunmapFunction to unmap a file (active)
  • When the process exits (passive)
  • System shutdown (passive)

In this way, by operating directly on this portion of the mapped memory, you can avoid some data replication and get better performance

The principle of

A Binder IPC communication process is divided into the following steps:

  1. First of all,BinderThe driver cuts out one in kernel spaceData receiving buffer
  2. Next, carve out one in kernel spaceKernel buffer
  3. willKernel bufferwithData receiving bufferSetting up a mapping
  4. willData receiving bufferwithThe user-space address of the receiving processSetting up a mapping
  5. The sender process passed. Procedurecopy_from_userCopy data from user space toKernel buffer
  6. Due to theKernel bufferwithData receiving bufferThere’s a mapping, and at the same timeData receiving bufferwithThe user-space address of the receiving processThere is a mapping relationship, so the data can be directly obtained in the receiving process

This completes a Binder IPC communication, which is shown below:

As you can see, communication with MMAP and Binder requires only one data replication, which is superior to pipes/message queues/sockets and superior to shared memory in terms of security and ease of use. For these reasons, Android has chosen this compromise IPC approach to meet the system’s requirements for stability, transmission performance, and security

Binder architecture

Binder is also a C/S architecture, divided into BpBinder (client) and BBinder (server), both derived from IBinder. P in BpBinder stands for proxy, that is, proxy. BpBinder sends transaction requests through Transact and BBinder receives transactions through onTransact

The timing diagram of Binder primary communication is as follows:

Binder is designed with a layered architecture

conclusion

Binder’s basic structure and communication process will prepare you for further source code analysis of Binder

reference

  • Binder principle analysis for Android application engineers
  • Binder series – Introduction
  • Android Binder
  • Binder and AIDL examples and principles