To understand why binder is used, it’s important to understand what a binder does.

Binder’s role at the Java layer is as a communication medium. Then we need to understand what problems binder solves and what shortcomings the original IPC communication mechanism has.

1. Types of existing Linux IPC mechanisms

1. Shared memory

2. The pipe

3. Message queues

4.socket

1.1 Performance

The more memory copy times, the lower the communication efficiency.

Binder has a memory copy count of 1, lower than shared memory and higher than other methods.

1.2 Security

Traditional IPC has no security at all, and that’s fine because android is flooded with apps that need to be separated from malicious ones and blocked. The traditional IPC method cannot obtain the UID of the corresponding process (UID is the unique identifier assigned by the Android system to each APP, which can be used for permission verification), and permission verification cannot be achieved.


2. What are the advantages of Binder? How do you solve other kinds of problems

With Binder communication, UUIds are obtained for security. Not the most efficient, but acceptable.

3. The principle of the Binder

Why are Binders able to communicate with one copy of memory? First, you need to understand the concepts on Linux.

3.1 Process Isolation

Linux uses process isolation, which means that memory is not shared between processes. Play with your own memory to ensure data security. Therefore, if the processes need to communicate with each other, the corresponding IPC mechanism is required to handle it.

Process isolation techniques use the concept of virtual memory. Virtual memory is a technique to improve the utilization of physical memory. It is a mapping of physical memory so that the program can see a contiguous piece of memory. You can use the proxy mode to understand this. It can swap some unused memory to disk to improve memory efficiency.

3.2 Process space: user space and kernel space

Kernel space holds kernel code and data, while process user space holds user program code and data.

More specifically, if the operating system is 32-bit, the addressing power is 2 ^ 32, which is 4G, and the high 1GB byte is available to the kernel, called kernel space. The remaining 3GB bytes are used by user processes, called user space.

They all run on virtual addresses, but are isolated from each other.

If the user space wants to access the resources of the kernel space (because the kernel space occupies system resources, such as reading and writing files, or accessing the network), it needs to communicate with each other. At this time, the system kernel can provide interfaces for users to call, so as to ensure the security and stability of the system. In other words, traditional IPC interprocess communication is done through the system kernel.

3.3 User mode and System mode

When a process is executing user code, the process is in user mode. When a process is executing kernel code, it is in kernel state.

3.4 Kernel modules and drivers

The traditional IPC approach is done through the kernel, Binder also has a Binder driver in the kernel.


4. Communication principle of traditional IPC mechanism

Steal a wave of Rushjs maps here

There are usually two steps (non-shared memory mechanisms) :

  1. The sender process uses the system call (copy_from_user) to copy the data to the kernel cache.
  2. The receiver allocates a memory space, and the kernel copies data from the kernel cache to the receiver’s memory cache through a system call (copy_to_user).

There are two problems with this traditional IPC mechanism:

  1. Two data copies are required, the first from the sender user space to the kernel cache, and the second from the kernel cache to the receiver user space.
  2. The recipient process does not know how much space to allocate in advance to receive data, and space may be wasted.

5. Basic principles of Binder

How does Binder implement interprocess communication with only one copy of memory when traditional IPC mechanisms require two copies of memory? As we have already seen, Linux uses virtual memory addressing. Virtual memory addresses in user space are mapped to physical memory. Reading and writing to virtual memory is actually reading and writing to physical memory, and this process is memory mapping.

Binder uses memory mapping to create a layer of memory mapping between the kernel space and the data cache in the recipient user space. In this way, data copied from the sender user space to the kernel-space cache is copied directly to the receiver user space cache, reducing the need for a single copy of data.



6.Binder call process

Binder calls are C/S architectures where client and server are in different processes. Our first thought is that the underlying driver must have called a system resource to help us do this object reference passing thing.

The participants in the whole process are ServerManager, Binder underlying drivers, Server and Client. The role of these roles is much like that of a network request delivery.

ServerManager serves as DNS resolution Server, Binder underlying driver acts as router, Client request initiator, Server request receiver.

In a nutshell.

1. The Client initiates a request and enters the domain name. (For example, enter www.juejin.im in a browser)

2.ServerManager, return the corresponding Binder object to me. (DNS resolves the real IP address of excavation)

3.Binder drivers help pass references to this Binder object. (Transmitted through layers of routing)

4. The Server receives information from Binder. (Request arrived)

The analogy here with the seven-layer network protocol stack is very clear.


Come to think of it, since Binder objects can be found in ServerManager, there must be a pre-registration process. The ServerManager is definitely in a different process from the Client and Server, and communication between them is also handled by the Binder. That is, there is a ServerManager that provides a concept of a global binder that clients can access directly to communicate with the ServerManager.

7.Binder agent mechanism

The use of upper binders is actually unaware of agents, which is also the role of agents to make the upper layer unaware. In effect, the Client gets a reference to the Server’s Binder object, which is actually a layer of proxy driven by the Binder. Suppose a client-side RPC calls a server method, which is actually operating on a Binder driven proxy, and then the driver transfers the operation to the server and calls the server-side method.

Specific look at the AIDL file generated class source code can be clear. It defines a proxy that contains methods for all AIDL files.

I wonder if I should draw a picture here? ~ ~



8. To summarize

Binder’s whole process is like this. I personally feel that understanding something deeply can connect a lot of loose pieces of knowledge.