HotFix is a technology solution that dynamically fixes online bugs without republishing the application.
Core Principles of HotFix
1. Class Loading Mechanism
Android uses PathClassLoader and DexClassLoader to load classes:
- PathClassLoader: Loads dex files from installed APK
- DexClassLoader: Loads dex files from any path
2. Basic HotFix Idea
Principle: Make class loader prioritize loading fixed classes, overriding problematic ones Implementation: 1. Package fix code into dex file 2. Insert into dexElements array via reflection 3. Class loader finds fix class first
Comparison of Mainstream HotFix Solutions
| Solution | Principle | Pros | Cons | Representative |
|---|---|---|---|---|
| Native Replacement | Replace ArtMethod struct | Immediate effect, no restart | Poor compatibility, low stability | AndFix, Sophix |
| Class Loading | Modify dexElements array | High stability, good compatibility | Requires restart | Tinker, QZone |
| Instant Run | Custom ClassLoader | Convenient for development | Development only | Google Official |
Detailed Solution Analysis
1. Tinker (WeChat)
Principle: 1. Generate diff package (patch.dex) between old and new APK 2. Download patch.dex to local 3. Merge patch.dex with original APK dex 4. Modify dexElements after restart to load new dex Features: - Supports class, resource, so library replacement - Requires app restart - Small diff package, fast download
2. Sophix (Alibaba Cloud)
Principle: 1. Native replacement: Replace ArtMethod entry 2. Class loading: As fallback solution Features: - Immediate effect, no restart - Supports method-level fix - Paid solution, good stability
3. Robust (Meituan)
Principle: 1. Insert logic in each method at compile time 2. Route to fix class at runtime Features: - Immediate effect - Small package size increase - Requires pre-inserted code
Class Loading Implementation Details
Dex Insertion Core Code
public class HotFix { public static void patch(Context context, File patchDexFile) { try { // Get PathClassLoader ClassLoader classLoader = context.getClassLoader(); // Get pathList field Object pathList = getField(classLoader, "pathList"); // Get dexElements field Object[] dexElements = (Object[]) getField(pathList, "dexElements"); // Create new dexElements (including patch.dex) Object[] newElements = makeDexElements(patchDexFile); // Merge arrays: patch.dex first Object[] combined = (Object[]) Array.newInstance( dexElements.getClass().getComponentType(), newElements.length + dexElements.length ); System.arraycopy(newElements, 0, combined, 0, newElements.length); System.arraycopy(dexElements, 0, combined, newElements.length, dexElements.length); // Replace dexElements setField(pathList, "dexElements", combined); } catch (Exception e) { e.printStackTrace(); } } }
HotFix Limitations
1. Unfixable Cases
- AndroidManifest.xml modifications
- Adding new four major components
- Resource reference errors due to resource ID changes
- Compatibility limitations on some ROMs
2. Security Risks
- Code injection risk
- Need to verify patch signature
- Encryption required during transmission
Key Points
- Understand class loading mechanism and parent delegation model
- Master dexElements insertion principle
- Understand pros/cons and applicable scenarios of each solution
- Understand HotFix limitations and security risks
- Familiar with mainstream solutions like Tinker, Sophix