探索方法的本质
一个最基本的方法调用代码
void run(){
NSLog(@"%s",__func__);
}
int main(int argc, const char * argv[]) {
@autoreleasepool {
LGPerson *person = [[LGPerson alloc] init];;
[person sayNB];
}
return 0;
}
方法的调用底层到底是个什么东西呢
我们可以利用clang的一些命令 clang -rewrite-objc main.m -o main.cpp,将main文件编译成c之后的代码
clang之后的代码
其中有个问题
run()方法直接调用,而我们的oc方法被编译成一个objc_msgSend函数(runtime里的消息发送机制)run函数在编译器就确定了函数的调用与实现,
因此,oc的方法的本质就是
objc_msgSend(或者objc_msgSendSuper等函数)的调用objc_msgSend两个参数,第一个参数是对象是哪个对象的操作,第二个参数就是sel也就是方法,通过sel找到imp的实现,完成方法的调用.就叫做消息发送机制.
objc_msgSend流程
方法的查找流程分为两种
- 快速查找:利用汇编直接从缓存中找
-
慢速查找:快速查找没有命中,从方法表中查找
现在方法调用处打一个断点
打断点
然后debug->debug WorkFlow ->Always Show Disassembly
查看汇编
然后进入汇编
汇编
然后按住cotrol + stepIn
源码位置
可以看到
objc_msgSend在libobjc中
打开源码搜索objc_msgSend,我们直接看汇编,找到.s文件,现在架构大部分都是arm64,所以我们直接看objc-msg-arm64.s文件
看汇编重要的一点事看ENTRY表示入口,如下图
找到文件
image.png
// person - isa - 类
ldr p13, [x0] // p13 = isa
GetClassFromIsa_p16 p13 // p16 = class
p13为isa,因为x0为首地址,[]就是首地址的值,首地址就是isa指针
GetClassFromIsa_p16是一个宏,下边是实现
.macro GetClassFromIsa_p16 /* src */
#if SUPPORT_INDEXED_ISA
// Indexed isa
mov p16, $0 // optimistically set dst = src
tbz p16, #ISA_INDEX_IS_NPI_BIT, 1f // done if not non-pointer isa
// isa in p16 is indexed
adrp x10, _objc_indexed_classes@PAGE
add x10, x10, _objc_indexed_classes@PAGEOFF
ubfx p16, p16, #ISA_INDEX_SHIFT, #ISA_INDEX_BITS // extract index
ldr p16, [x10, p16, UXTP #PTRSHIFT] // load class from array
1:
#elif __LP64__
// 64-bit packed isa
and p16, $0, #ISA_MASK
#else
// 32-bit raw isa
mov p16, $0
#endif
.endmacro
SUPPORT_INDEXED_ISAindexIsa一般不常用,watchos开发是indexIsa
and p16, $0, #ISA_MASK这句才是重点,$0是传进来的参数,也就是p13 isa 拿$0与isa_mask进行&运算得到类,在前两篇文章中介绍了对象和类之间是怎么联系起来的,所以我们的p16是一个类
拿到isa之后进行下边操作
LGetIsaDone:
CacheLookup NORMAL
CacheLookup是一个宏定义,下边是实现代码
.macro CacheLookup
// p1 = SEL, p16 = isa
ldp p10, p11, [x16, #CACHE] // p10 = buckets, p11 = occupied|mask
#if !__LP64__
and w11, w11, 0xffff // p11 = mask
#endif
and w12, w1, w11 // x12 = _cmd & mask
add p12, p10, p12, LSL #(1+PTRSHIFT)
// p12 = buckets + ((_cmd & mask) << (1+PTRSHIFT))
ldp p17, p9, [x12] // {imp, sel} = *bucket
1: cmp p9, p1 // if (bucket->sel != _cmd)
b.ne 2f // scan more
CacheHit $0 // call or return imp
2: // not hit: p12 = not-hit bucket
CheckMiss $0 // miss if bucket->sel == 0
cmp p12, p10 // wrap if bucket == buckets
b.eq 3f
ldp p17, p9, [x12, #-BUCKET_SIZE]! // {imp, sel} = *--bucket
b 1b // loop
3: // wrap: p12 = first bucket, w11 = mask
add p12, p12, w11, UXTW #(1+PTRSHIFT)
// p12 = buckets + (mask << 1+PTRSHIFT)
// Clone scanning loop to miss instead of hang when cache is corrupt.
// The slow path may detect any corruption and halt later.
ldp p17, p9, [x12] // {imp, sel} = *bucket
1: cmp p9, p1 // if (bucket->sel != _cmd)
b.ne 2f // scan more
CacheHit $0 // call or return imp
2: // not hit: p12 = not-hit bucket
CheckMiss $0 // miss if bucket->sel == 0
cmp p12, p10 // wrap if bucket == buckets
b.eq 3f
ldp p17, p9, [x12, #-BUCKET_SIZE]! // {imp, sel} = *--bucket
b 1b // loop
3: // double wrap
JumpMiss $0
.endmacro
1: cmp p9, p1 // if (bucket->sel != _cmd)
b.ne 2f // scan more
CacheHit $0 // call or return imp
b.ne 2f如果bucket的sel != _cmd找2,否则直接命中返回$0
快速查找流程结束,如果没有命中就进入慢速查找流程
2: // not hit: p12 = not-hit bucket
CheckMiss $0 // miss if bucket->sel == 0
cmp p12, p10 // wrap if bucket == buckets
b.eq 3f //进行3主要是为了保存一份方便下次查找
ldp p17, p9, [x12, #-BUCKET_SIZE]! // {imp, sel} = *--bucket
b 1b // loop
3: // wrap: p12 = first bucket, w11 = mask
add p12, p12, w11, UXTW #(1+PTRSHIFT)
// p12 = buckets + (mask << 1+PTRSHIFT)
// Clone scanning loop to miss instead of hang when cache is corrupt.
// The slow path may detect any corruption and halt later.
ldp p17, p9, [x12] // {imp, sel} = *bucket
CheckMiss也是一个宏
.macro CheckMiss
// miss if bucket->sel == 0
.if $0 == GETIMP
cbz p9, LGetImpMiss
.elseif $0 == NORMAL
cbz p9, __objc_msgSend_uncached
.elseif $0 == LOOKUP
cbz p9, __objc_msgLookup_uncached
.else
.abort oops
.endif
.endmacro
我们这里传进来的是normal,那么找__objc_msgSend_uncached
我们搜索__objc_msgSend_uncached找到他的入口
STATIC_ENTRY __objc_msgSend_uncached
UNWIND __objc_msgSend_uncached, FrameWithNoSaves
// THIS IS NOT A CALLABLE C FUNCTION
// Out-of-band p16 is the class to search
MethodTableLookup
TailCallFunctionPointer x17
END_ENTRY __objc_msgSend_uncached
来看一下MethodTableLookup是什么东西
他也是一个宏定义
.macro MethodTableLookup
...
bl __class_lookupMethodAndLoadCache3
...
这里只展示了一个最重要的一行代码,bl跳转到__class_lookupMethodAndLoadCache3
我们根据以往经验,汇编会自动在前边加一个_,那么我们去掉一个下划线全局搜_class_lookupMethodAndLoadCache3
IMP _class_lookupMethodAndLoadCache3(id obj, SEL sel, Class cls)
{
return lookUpImpOrForward(cls, sel, obj,
YES/*initialize*/, NO/*cache*/, YES/*resolver*/);
}
来一个demo
@interface LGPerson : NSObject
- (void)sayNB;
+ (void)sayHappay;
@end
@implementation LGPerson
- (void)sayNB{
NSLog(@"%s",__func__);
}
+ (void)sayHappay{
NSLog(@"%s",__func__);
}
@end
@interface LGStudent : LGPerson
- (void)sayHello;
+ (void)sayObjc;
@end
@implementation LGStudent
- (void)sayHello{
NSLog(@"%s",__func__);
}
+ (void)sayObjc{
NSLog(@"%s",__func__);
}
@end
@interface NSObject (LG)
- (void)sayMaster;
+ (void)sayEasy;
@end
@implementation NSObject (LG)
- (void)sayMaster{
NSLog(@"%s",__func__);
}
+ (void)sayEasy{
NSLog(@"%s",__func__);
}
@end
LGStuednt继承与LGPerson,LGPerson继承与NSObject
然后调用
LGStudent *student = [[LGStudent alloc] init];
// 对象方法
// 自己有 - 返回自己
[student sayHello];
// 自己没有 - 老爸 -
// [person sayNB]; // CACHE
[student sayNB];
// 自己没有 - 老爸没有 - NSObject
[student sayMaster];
// 自己没有 - 老爸没有 - NSObject 没有
// unrecognized selector sent to instance 0x103000450
[student performSelector:@selector(saySomething)];
- 自己有的时候返回自己的方法
- 自己没有的时候找父类
- 老爸没有时找NSObject
- 都没有,抛出异常
实例方法的查找会根据继承连去一层一层的找
类方法的调用
// 类方法
// 自己有 - 返回自己
[LGStudent sayObjc];
// 自己没有 - 老爸 -
[LGStudent sayHappay];
// 自己没有 - 老爸没有 - NSObject
[LGStudent sayEasy];
// 自己没有 - 老爸没有 - NSObject 没有
这里会有一个问题如果我这样调用会不会崩溃
[LGStudent performSelector:@selector(sayMaster)];
会打印
-[NSObject(LG) sayMaster]
发现不会蹦,因为类方法存在元类里边,我们调用类方法
- 首先去元类里边找,
- 元类里边没有找到就招父元类,
- 没有找到继续根据继承链找,
- 最后找到根元类(
NSObject的元类),根元类又继承与NSObject
isa流程图.png
最后找到
sayMaster,所以不会崩溃看下源码来验证下到底是不是这个流程
我们上边看汇编,如果缓存没有命中就来到慢速查找流程,也就是
_class_lookupMethodAndLoadCache3方法
IMP _class_lookupMethodAndLoadCache3(id obj, SEL sel, Class cls)
{
return lookUpImpOrForward(cls, sel, obj,
YES/*initialize*/, NO/*cache*/, YES/*resolver*/);
}
- 当调用实例方法的时候,
cls就是当前类,sel就是调用的方法,obj就是当前实例 - 当调用类方法的时候,
cls则代表的是当前类的元类(MetaClass),因为静态方法是存放在元类里边的
IMP lookUpImpOrForward(Class cls, SEL sel, id inst,
bool initialize, bool cache, bool resolver)
{
IMP imp = nil;
bool triedResolver = NO;
runtimeLock.assertUnlocked();
// Optimistic cache lookup
if (cache) {
imp = cache_getImp(cls, sel);
if (imp) return imp;
}
// runtimeLock is held during isRealized and isInitialized checking
// to prevent races against concurrent realization.
// runtimeLock is held during method search to make
// method-lookup + cache-fill atomic with respect to method addition.
// Otherwise, a category could be added but ignored indefinitely because
// the cache was re-filled with the old value after the cache flush on
// behalf of the category.
runtimeLock.lock();
checkIsKnownClass(cls);
if (!cls->isRealized()) {
realizeClass(cls);
}
if (initialize && !cls->isInitialized()) {
runtimeLock.unlock();
_class_initialize (_class_getNonMetaClass(cls, inst));
runtimeLock.lock();
// If sel == initialize, _class_initialize will send +initialize and
// then the messenger will send +initialize again after this
// procedure finishes. Of course, if this is not being called
// from the messenger then it won't happen. 2778172
}
retry:
runtimeLock.assertLocked();
// Try this class's cache.
imp = cache_getImp(cls, sel);
if (imp) goto done;
// Try this class's method lists.
{
Method meth = getMethodNoSuper_nolock(cls, sel);
if (meth) {
log_and_fill_cache(cls, meth->imp, sel, inst, cls);
imp = meth->imp;
goto done;
}
}
// Try superclass caches and method lists.
{
unsigned attempts = unreasonableClassCount();
for (Class curClass = cls->superclass;
curClass != nil;
curClass = curClass->superclass)
{
// Halt if there is a cycle in the superclass chain.
if (--attempts == 0) {
_objc_fatal("Memory corruption in class list.");
}
// Superclass cache.
imp = cache_getImp(curClass, sel);
if (imp) {
if (imp != (IMP)_objc_msgForward_impcache) {
// Found the method in a superclass. Cache it in this class.
log_and_fill_cache(cls, imp, sel, inst, curClass);
goto done;
}
else {
// Found a forward:: entry in a superclass.
// Stop searching, but don't cache yet; call method
// resolver for this class first.
break;
}
}
// Superclass method list.
Method meth = getMethodNoSuper_nolock(curClass, sel);
if (meth) {
log_and_fill_cache(cls, meth->imp, sel, inst, curClass);
imp = meth->imp;
goto done;
}
}
}
if (resolver && !triedResolver) {
runtimeLock.unlock();
_class_resolveMethod(cls, sel, inst);
runtimeLock.lock();
// Don't cache the result; we don't hold the lock so it may have
// changed already. Re-do the search from scratch instead.
triedResolver = YES;
goto retry;
}
imp = (IMP)_objc_msgForward_impcache;
cache_fill(cls, sel, imp, inst);
done:
runtimeLock.unlock();
return imp;
}
因为是慢速查找,这里传进来的cache为NO,所以下边这几行代码不看,
if (cache) {
imp = cache_getImp(cls, sel);
if (imp) return imp;
}
这里加了一把锁,是防止多线程情况下产生错乱,比如同时调用a方法和b方法,那么这里在调用a的时候返回一个b的imp,会产生问题
checkIsKnownClass,是判断类是否合法
if (!cls->isRealized()) {
realizeClass(cls);
}
这行代码是拿到父类元类,以及类的data里边的rw里的ro里的methodlist等等一系列信息,是为方法查找做准备条件,这里不做重点研究.
// Try this class's method lists.
{
Method meth = getMethodNoSuper_nolock(cls, sel);
if (meth) {
log_and_fill_cache(cls, meth->imp, sel, inst, cls);
imp = meth->imp;
goto done;
}
}
先在本类里边找,getMethodNoSuper_nolock
getMethodNoSuper_nolock(Class cls, SEL sel)
{
runtimeLock.assertLocked();
assert(cls->isRealized());
// fixme nil cls?
// fixme nil sel?
for (auto mlists = cls->data()->methods.beginLists(),
end = cls->data()->methods.endLists();
mlists != end;
++mlists)
{
method_t *m = search_method_list(*mlists, sel);
if (m) return m;
}
return nil;
}
拿到类的data里的methodList进行循环遍历,
search_method_list进行二分法查找,查找速度更快,下边为查找算法,这里不做过多研究
static method_t *findMethodInSortedMethodList(SEL key, const method_list_t *list)
{
assert(list);
const method_t * const first = &list->first;
const method_t *base = first;
const method_t *probe;
uintptr_t keyValue = (uintptr_t)key;
uint32_t count;
for (count = list->count; count != 0; count >>= 1) {
probe = base + (count >> 1);
uintptr_t probeValue = (uintptr_t)probe->name;
if (keyValue == probeValue) {
// `probe` is a match.
// Rewind looking for the *first* occurrence of this value.
// This is required for correct category overrides.
while (probe > first && keyValue == (uintptr_t)probe[-1].name) {
probe--;
}
return (method_t *)probe;
}
if (keyValue > probeValue) {
base = probe + 1;
count--;
}
}
return nil;
}
通过一些列算法找到方法,然后看
if (meth) {
log_and_fill_cache(cls, meth->imp, sel, inst, cls);
imp = meth->imp;
goto done;
}
如果找到了method那么下次还慢速查找么,苹果爸爸肯定不会这样蠢的,如果找到就调用log_and_fill_cache进行缓存,下次直接利用汇编快速查找,缓存的操作跟我们研究cache_t结构时是一模模一样样的.
goto done 然后查找结束
如果找不到呢,那么就去找父类Try superclass caches and method lists.根据代码注释我们也可以看出来接下来要找父类了.
如果找父类,就不开始跳汇编了,因为刚开始父类元类等条件我们已经准备好了,那么我们现在直接找父类的cache.
// Superclass cache.
imp = cache_getImp(curClass, sel);
如果找到imp,直接goto done直接返回,如果找不到,然后找到父类的方法列表进行查找(流程同在本类中查找流程)
如果都找不到方法呢,直接报错我们很熟悉的一个错误+[LGStudent sayLove]: unrecognized selector sent to class 0x1000012e8.
imp = (IMP)_objc_msgForward_impcache;看这句代码.发现点不进去.那么按照国际惯例,全局搜索
然后选择objc_msg_arm64.s没错又是恶心人的汇编,为什么找他呢,因为其他地方都是调用,没有实现,按照经验STATIC_ENTRY __objc_msgForward_impcache ,是不是很熟悉
STATIC_ENTRY __objc_msgForward_impcache
// No stret specialization.
b __objc_msgForward
END_ENTRY __objc_msgForward_impcache
ENTRY __objc_msgForward
adrp x17, __objc_forward_handler@PAGE
ldr p17, [x17, __objc_forward_handler@PAGEOFF]
TailCallFunctionPointer x17
END_ENTRY __objc_msgForward
__objc_forward_handler是个啥玩意儿啊,来搜一下(经验告诉我搜不到的时候去掉一个下划线),
void *_objc_forward_handler = (void*)objc_defaultForwardHandler;
发现他是个这么个玩意儿objc_defaultForwardHandler,点进去看一下我的天啊,出现了好熟悉的代码
objc_defaultForwardHandler(id self, SEL sel)
{
_objc_fatal("%c[%s %s]: unrecognized selector sent to instance %p "
"(no message forward handler is installed)",
class_isMetaClass(object_getClass(self)) ? '+' : '-',
object_getClassName(self), sel_getName(sel), self);
}
这不就是经常出现的报错原因么
但是找不到方法直接报错,体验很不好,有没有什么方法补救一下呢?
苹果爸爸告诉我们,可以的,在给你一次机会.可以利用消息转发机制
https://www.jianshu.com/p/03383d2d395d
网友评论