类结构分析
通过lldb来分析类结构
LGPerson *objc2 = [LGPerson alloc];
查看objc2的内存情况
(lldb) x/4gx objc2 //查看objc2的内存情况
0x1006477b0: 0x001d8001000021b5 0x0000000100001010
0x1006477c0: 0x50626154534e5b2d 0x65695672656b6369
(lldb) p/x objc2 //查看objc2的首地址
(LGPerson *) $14 = 0x00000001006477b0
//通过mask ,查看所属的类
(lldb) p/x 0x001d8001000021b5 & 0x00007ffffffffff8ULL
(unsigned long long) $15 = 0x00000001000021b0
(lldb) po 0x00000001000021b0
LGPerson
(lldb) x/4gx 0x00000001000021b0 //查看LGPerson类的内存分布
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010064c2f0 0x0004801c00000007
(lldb) x/4gx LGPerson.class //直接读取LGPerson类的内存分布,和上面相同
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010064c2f0 0x0004801c00000007
(lldb) x/4gx object_getClass(objc2) 和上面两个相同
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010064c2f0 0x0004801c00000007
(lldb) po 0x0000000100002188 //查看类对象的isa 就是元类
LGPerson
//查看类对象的isa 就是元类 。元类 对象的isa是类,类的isa是元类
(lldb) po 0x0000000100002188 & 0x00007ffffffffff8ULL
LGPerson
(lldb) x/4gx 0x0000000100002188 //查看元类的内存分布
0x100002188: 0x00000001003340f0 0x00000001003340f0
0x100002198: 0x000000010064c730 0x0004e03500000007
(lldb) po 0x00000001003340f0 //元类的isa是NSObject
NSObject
//我们查看NSObject的内存地址,和从元类得到的NSObject不一样
(lldb) p/x NSObject.class
(Class) $22 = 0x0000000100334140 NSObject
//但是NSObject的元类地址和从LGPerson元类得到的元类地址相同都为0x00000001003340f0
(lldb) x/4gx NSObject.class
0x100334140: 0x00000001003340f0 0x0000000000000000
0x100334150: 0x00000001007426c0 0x0001801000000003
//查看NSObject类的isa,就是NSObject的元类
lldb) p/x 0x00000001003340f0 & 0x00007ffffffffff8ULL
(unsigned long long) $3 = 0x00000001003340f0
(lldb) po 0x00000001003340f0
NSObject
//NSObject的元类的内存分布,可以看出NSObject的元类的元类是自己
(lldb) x/4gx 0x00000001003340f0
0x1003340f0: 0x00000001003340f0 0x0000000100334140
0x100334100: 0x000000010066eef0 0x0005e03100000007
类对象只有一份,isa对象-> 类(LGPerson)->元类(LGPerson)->根元类(NSObject)->根元类(NSObject)
isa& 0x00007ffffffffff8ULL的意义
为什么 对象的isa 需要进行与运算 ,下面我们通过一个图介绍一下
image.png
我们用x86_64说明,我们可以看出isa中包含nonpointer has_assoc has_cxx_dtor等等,我们需要查看类信息为shiftcls,所以我们要消除其他信息对我们读取shiftcls的影响。所以我们要把shiftcls之外的信息置为0。我们查看0x00007ffffffffff8ULL的二进制就是shiftcls所在位都为1,其他的位位0.
验证类对象只有一份
void lgTestClassNum(){
Class class1 = [LGPerson class];
Class class2 = [LGPerson alloc].class;
Class class3 = object_getClass([LGPerson alloc]);
Class class4 = [LGPerson alloc].class;
NSLog(@"\n%p-\n%p-\n%p-\n%p",class1,class2,class3,class4);
}
打印结果
0x100003270-
0x100003270-
0x100003270-
0x100003270
验证根元类的元类是自己
void lgTestNSObject(){
// NSObject实例对象
NSObject *object1 = [NSObject alloc];
// NSObject类
Class class = object_getClass(object1);
// NSObject元类
Class metaClass = object_getClass(class);
// NSObject根元类
Class rootMetaClass = object_getClass(metaClass);
// NSObject根根元类
Class rootRootMetaClass = object_getClass(rootMetaClass);
NSLog(@"\n%p 实例对象\n%p 类\n%p 元类\n%p 根元类\n%p 根根元类",object1,class,metaClass,rootMetaClass,rootRootMetaClass);
}
0x100626600 实例对象
0x7fff9704e118 类
0x7fff9704e0f0 元类
0x7fff9704e0f0 根元类
0x7fff9704e0f0 根根元类
可以看出NSObject的元类和根元类根根元类都是相同的,都是NSObject的元类
面试题
LGTeacher继承自LGPerson,那LGTeacher的对象teacher和LGPerson的对象person什么关系。
teacher和person没有关系,继承关系只发生在类之间,对象之间没有继承关系。
NSObject的父类是什么?NSObject的父类是nil。
OC提出类概念才有NSObject,所以NSObject没有父类,NSObject是从类概念提出的时候造出来的(个人理解,如果不对欢迎指正)
isa流程图.png
类的内存分布
struct objc_object {
Class _Nonnull isa OBJC_ISA_AVAILABILITY;
};
//objc_class继承于objc_object ,因为objc_object有isa,所有类也是对象
struct objc_class : objc_object {
// Class ISA;
Class superclass;
cache_t cache; // formerly cache pointer and vtable
class_data_bits_t bits; // class_rw_t * plus custom rr/alloc flags
class_rw_t *data() const {
return bits.data();
}
void setData(class_rw_t *newData) {
bits.setData(newData);
}
....
}
打印类的内存信息
因为 typedef struct objc_class *Class; 所以类的内存可以从objc_class来探索
(lldb) x/4gx LGPerson.class
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010074f4f0 0x0001801c00000003
//0x0000000100002188来源于objc_object,isa,为元类
//0x0000000100334140从objc_class结构体看出,为superclass
(lldb) po 0x0000000100002188
LGPerson
(lldb) po 0x0000000100334140
NSObject
//上面的0x0000000100334140为NSObject类,不是元类
(lldb) p/x NSObject.class (Class) $3 = 0x0000000100334140 NSObject
objc_class的成员变量有isa(父类继承来的)(8字节),superclass(父类)(8字节),cache,bits,其中bits是我们需要的信息
计算cache所占内存
struct cache_t {
#if CACHE_MASK_STORAGE == CACHE_MASK_STORAGE_OUTLINED
explicit_atomic<struct bucket_t *> _buckets;//bucket_t *指针8字节
explicit_atomic<mask_t> _mask;//mask_t是int型4字节
...
uint16_t _flags;//2字节
#endif
uint16_t _occupied;//2字节
}共16字节
查看类内部信息
(lldb) x/4gx LGPerson.class
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010074f4f0 0x0001801c00000003
//cache_t16字节isa和superclass各8字节
(lldb) p (class_data_bits_t *)0x1000021d0 //0x1000021b0加32字节
(class_data_bits_t *) $5 = 0x00000001000021d0
class_rw_t *data() const {
return bits.data();
}
(lldb) p $5->data()
(class_rw_t *) $6 = 0x000000010074f490
(lldb) p *$6
(class_rw_t) $7 = {
flags = 2148007936
witness = 1
ro_or_rw_ext = {
std::__1::atomic<unsigned long> = 4294975624
}
firstSubclass = nil
nextSiblingClass = NSUUID
}
(lldb) p $7.ro_or_rw_ext
(explicit_atomic<unsigned long>) $8 = {
std::__1::atomic<unsigned long> = 4294975624
}
(lldb) p $7.properties()
(const property_array_t) $9 = {
list_array_tt<property_t, property_list_t> = {
= {
list = 0x0000000100002148
arrayAndFlag = 4294975816
}
}
}
(lldb) p $9.list
(property_list_t *const) $10 = 0x0000000100002148
(lldb) p $10
(property_list_t *const) $10 = 0x0000000100002148
(lldb) p *$10
(property_list_t) $11 = {
entsize_list_tt<property_t, property_list_t, 0> = {
entsizeAndFlags = 16
count = 1
first = (name = "name", attributes = "T@\"NSString\",C,N,V_name")
}
}
(lldb) p $7.methods()
(const method_array_t) $12 = {
list_array_tt<method_t, method_list_t> = {
= {
list = 0x00000001000020d0
arrayAndFlag = 4294975696
}
}
}
(lldb) p $12.list
(method_list_t *const) $13 = 0x00000001000020d0
(lldb) p *$13
(method_list_t) $14 = {
entsize_list_tt<method_t, method_list_t, 3> = {
entsizeAndFlags = 26
count = 3
first = {
name = ".cxx_destruct"
types = 0x0000000100000fa2 "v16@0:8"
imp = 0x0000000100000e50 (KCObjc`-[LGPerson .cxx_destruct])
}
}
}
(lldb) p $14.get(0)
(method_t) $15 = {
name = ".cxx_destruct"
types = 0x0000000100000fa2 "v16@0:8"
imp = 0x0000000100000e50 (KCObjc`-[LGPerson .cxx_destruct])
}
(lldb) p $14.get(1)
(method_t) $16 = {
name = "name"
types = 0x0000000100000f8f "@16@0:8"
imp = 0x0000000100000df0 (KCObjc`-[LGPerson name])
}
(lldb) p $14.get(2)
(method_t) $17 = {
name = "setName:"
types = 0x0000000100000f97 "v24@0:8@16"
imp = 0x0000000100000e20 (KCObjc`-[LGPerson setName:])
}
如果是指针通过->访问属性方法,如果是结构体通过.访问属性或者方法
上面的lldb,到底是通过什么取值的呢?
image.png
0x1000021b0为LGPerson.class的首地址,从objc_class结构体可以看出,objc_class继承objc_object,objc_object有一个成员isa,isa为指针占8字节,而objc_class中 Class superclass; cache_t cache; class_data_bits_t bits;等等,我们需要探究的是class_data_bits_t bits,我们知道Class superclass为8字节,cache_t cache中,因为static不在结构体中分配内存,方法也不在结构体中分配内存,所以计算出cache_t占16字节。class_data_bits_t bits,之前是32字节,所以我们用LGPerson.class的首地址加上32字节,就是class_data_bits_t的首地址。
所以有p (class_data_bits_t *)0x1000021d0
补充内存位移
int number[] = {1,2,3,4};
int *d = number;
for (int i = 0; i< 4; i++) {
int value = *(d + i);
NSLog(@"--%d",value);
}
打印结果
--1
--2
--3
--4
我们定义一个指针d,d的首地址等于number,通过指针移动来访问number数组。
网友评论