在iOS-快速方法查找中房官,如果沒有找到方法實(shí)現(xiàn)茴厉,最終都會(huì)走到__objc_msgSend_uncached匯編函數(shù),匯編源碼實(shí)現(xiàn)
.macro MethodTableLookup
STATIC_ENTRY __objc_msgSend_uncached
UNWIND __objc_msgSend_uncached, FrameWithNoSaves
// THIS IS NOT A CALLABLE C FUNCTION
// Out-of-band p15 is the class to search
MethodTableLookup//方法列表查找
TailCallFunctionPointer x17
END_ENTRY __objc_msgSend_uncached
.endmacro
MethodTableLookup源碼,核心為_lookUpImpOrForward
.macro MethodTableLookup
SAVE_REGS MSGSEND
// lookUpImpOrForward(obj, sel, cls, LOOKUP_INITIALIZE | LOOKUP_RESOLVER)
// receiver and selector already in x0 and x1
mov x2, x16
mov x3, #3
bl _lookUpImpOrForward //跳轉(zhuǎn)執(zhí)行_lookUpImpOrForward
// IMP in x0
mov x17, x0
RESTORE_REGS MSGSEND
.endmacro
當(dāng)我們?cè)诋?dāng)前文件繼續(xù)搜索_lookUpImpOrForward,發(fā)現(xiàn)找不到其實(shí)現(xiàn)预明。全局搜索呢匆光?
發(fā)現(xiàn)全是調(diào)用,跳轉(zhuǎn)昧狮,那么這個(gè)方法實(shí)現(xiàn)去哪里了呢。這里有個(gè)小知識(shí)點(diǎn):
注:
1萧诫、C/C++中調(diào)用 匯編 斥难,去查找匯編時(shí),C/C++調(diào)用的方法需要多加一個(gè)下劃線
2帘饶、匯編 中調(diào)用 C/C++方法時(shí)哑诊,去查找C/C++方法,需要將匯編調(diào)用的方法去掉一個(gè)下劃線
最終我們?cè)?code>objc-runtime-new中找到了該方法實(shí)現(xiàn)及刻,終于又回到了熟悉的c/c++代碼(匯編再見)
我們來康康源碼吧
IMP lookUpImpOrForward(id inst, SEL sel, Class cls, int behavior)
{
const IMP forward_imp = (IMP)_objc_msgForward_impcache;
IMP imp = nil;
Class curClass;
runtimeLock.assertUnlocked();
if (slowpath(!cls->isInitialized())) {
// The first message sent to a class is often +new or +alloc, or +self
// which goes through objc_opt_* or various optimized entry points.
//
// However, the class isn't realized/initialized yet at this point,
// and the optimized entry points fall down through objc_msgSend,
// which ends up here.
//
// We really want to avoid caching these, as it can cause IMP caches
// to be made with a single entry forever.
//
// Note that this check is racy as several threads might try to
// message a given class for the first time at the same time,
// in which case we might cache anyway.
behavior |= LOOKUP_NOCACHE;
}
// runtimeLock is held during isRealized and isInitialized checking
// to prevent races against concurrent realization.
// runtimeLock is held during method search to make
// method-lookup + cache-fill atomic with respect to method addition.
// Otherwise, a category could be added but ignored indefinitely because
// the cache was re-filled with the old value after the cache flush on
// behalf of the category.
runtimeLock.lock();
// We don't want people to be able to craft a binary blob that looks like
// a class but really isn't one and do a CFI attack.
//
// To make these harder we want to make sure this is a class that was
// either built into the binary or legitimately registered through
// objc_duplicateClass, objc_initializeClassPair or objc_allocateClassPair.
//檢測(cè)類是否已經(jīng)注冊(cè)到內(nèi)存中
checkIsKnownClass(cls);
//確認(rèn)繼承鏈镀裤,方便后面方法查找
cls = realizeAndInitializeIfNeeded_locked(inst, cls, behavior & LOOKUP_INITIALIZE);
// runtimeLock may have been dropped but is now locked again
runtimeLock.assertLocked();
curClass = cls;
// The code used to lookup the class's cache again right after
// we take the lock but for the vast majority of the cases
// evidence shows this is a miss most of the time, hence a time loss.
//
// The only codepath calling into this without having performed some
// kind of cache lookup is class_getInstanceMethod().
//死循環(huán)竞阐,死循環(huán)會(huì)用break,goto跳出循環(huán)
for (unsigned attempts = unreasonableClassCount();;) {
//再次查找共享緩存暑劝,防止其他線程存入方法
if (curClass->cache.isConstantOptimizedCache(/* strict */true)) {
#if CONFIG_USE_PREOPT_CACHES
imp = cache_getImp(curClass, sel);
if (imp) goto done_unlock;
curClass = curClass->cache.preoptFallbackClass();
#endif
} else {
// curClass method list.
//查找方法列表骆莹,getMethodNoSuper_nolock用的二分查找
Method meth = getMethodNoSuper_nolock(curClass, sel);
if (meth) {
imp = meth->imp(false);
goto done;
}
//將curClass賦值為superclass并判斷是否為nil,后面就進(jìn)入了父類的查找啦铃岔,從這里可以看出是延繼承鏈倒著往上查找
if (slowpath((curClass = curClass->getSuperclass()) == nil)) {
// No implementation found, and method resolver didn't help.
// Use forwarding.
imp = forward_imp;
break;
}
}
// Halt if there is a cycle in the superclass chain.
if (slowpath(--attempts == 0)) {
_objc_fatal("Memory corruption in class list.");
}
// Superclass cache. 查找父類的緩存
imp = cache_getImp(curClass, sel);
if (slowpath(imp == forward_imp)) {
// Found a forward:: entry in a superclass.
// Stop searching, but don't cache yet; call method
// resolver for this class first.
break;
}
if (fastpath(imp)) {
// Found the method in a superclass. Cache it in this class.
goto done;
}
}
// No implementation found. Try method resolver once.
if (slowpath(behavior & LOOKUP_RESOLVER)) {
behavior ^= LOOKUP_RESOLVER;
return resolveMethod_locked(inst, sel, cls, behavior);
}
done:
if (fastpath((behavior & LOOKUP_NOCACHE) == 0)) {
#if CONFIG_USE_PREOPT_CACHES
while (cls->cache.isConstantOptimizedCache(/* strict */true)) {
cls = cls->cache.preoptFallbackClass();
}
#endif
//寫入緩存汪疮,會(huì)調(diào)用cache.insert方法,注意這里不管是在父類找到imp還是本來imp最終都會(huì)緩存到本類
log_and_fill_cache(cls, imp, sel, inst, curClass);
}
done_unlock:
runtimeLock.unlock();
if (slowpath((behavior & LOOKUP_NIL) && imp == forward_imp)) {
return nil;
}
return imp;
}
源碼中關(guān)鍵地方我都添加了中文注釋毁习,總結(jié)一下慢速查找流程
方法列表查找過程中有個(gè)二分查找智嚷,相對(duì)有趣,貼一下源碼
ALWAYS_INLINE static method_t *
findMethodInSortedMethodList(SEL key, const method_list_t *list, const getNameFunc &getName)
{
ASSERT(list);
auto first = list->begin();
auto base = first;
decltype(first) probe;
uintptr_t keyValue = (uintptr_t)key;
uint32_t count;
//通過右移一位達(dá)到二分查找的目的
for (count = list->count; count != 0; count >>= 1) {
probe = base + (count >> 1);
uintptr_t probeValue = (uintptr_t)getName(probe);
if (keyValue == probeValue) {
// `probe` is a match.
// Rewind looking for the *first* occurrence of this value.
// This is required for correct category overrides.
while (probe > first && keyValue == (uintptr_t)getName((probe - 1))) {
probe--;
}
return &*probe;
}
if (keyValue > probeValue) {
base = probe + 1;
count--;
}
}
return nil;
}
對(duì)比_objc_msgSend,_cache_getImp
匯編函數(shù)_objc_msgSend,_cache_getImp實(shí)現(xiàn), 中間調(diào)用CacheLookup時(shí)參數(shù)不同, 導(dǎo)致最后處理分支情況不一樣, 分析如下: .macro CacheLookup Mode, Function, MissLabelDynamic, MissLabelConstant
_objc_msgSend緩存未命中情況下, 最終會(huì)調(diào)用lookUpImpOrForward查找流程
ENTRY _objc_msgSend
CacheLookup NORMAL, _objc_msgSend, __objc_msgSend_uncached
_objc_msgSend 緩存未命中
-> CacheLookup
-> MissLabelDynamic(__objc_msgSend_uncached)
-> MethodTableLookup
-> lookUpImpOrForward
_cache_getImp緩存未命中情況下, 最終會(huì)返回imp為0, 而不回去調(diào)用lookUpImpOrForward, 這點(diǎn)需要注意.
回到查找流程中,查找父類的imp代碼imp = cache_getImp(curClass, sel);, 未命中情況下如果不是返回0, 而是返回forward_imp的話, 直接break; 也就是說只找第一個(gè)superclass的緩存就結(jié)束了, 而不會(huì)繼續(xù)查找第一個(gè)superclass方法列表, 也不會(huì)查找到superclass鏈上的其他類了. 反向驗(yàn)證了, 蘋果這么實(shí)現(xiàn)_cache_getImp的道理.
STATIC_ENTRY _cache_getImp
CacheLookup GETIMP, _cache_getImp, LGetImpMissDynamic, LGetImpMissConstant
_cache_getImp 緩存未命中
-> CacheLookup
-> MissLabelDynamic(LGetImpMissDynamic)
-> ret x0 // x0的值為0
