一屁擅、介紹
從64bit開(kāi)始,iOS引入了 Tagged Pointer 技術(shù)产弹,用于優(yōu)化NSNumber派歌、NSDate、NSString等小對(duì)象的存儲(chǔ)。在沒(méi)有使用Tagged Pointer之前胶果, NSNumber等對(duì)象需要?jiǎng)討B(tài)分配內(nèi)存匾嘱、維護(hù)引用計(jì)數(shù)等,NSNumber指針存儲(chǔ)的是堆中NSNumber對(duì)象的地址值早抠。使用Tagged Pointer之后霎烙,NSNumber指針里面存儲(chǔ)的數(shù)據(jù)變成了:Tag + Data(標(biāo)記類型+數(shù)據(jù)),也就是將數(shù)據(jù)直接存儲(chǔ)在了指針中蕊连,當(dāng)指針(8字節(jié))不夠存儲(chǔ)數(shù)據(jù)時(shí)悬垃,才會(huì)使用動(dòng)態(tài)分配內(nèi)存的方式來(lái)存儲(chǔ)數(shù)據(jù)。
二甘苍、未引入前后對(duì)比
NSNumber *number = @5;
沒(méi)使用之前一個(gè)number指針指向一個(gè)NSNumber對(duì)象盗忱,指針存儲(chǔ)的是NSNumber對(duì)象的內(nèi)存地址,NSNumber對(duì)象儲(chǔ)存值是10羊赵。指針8個(gè)字節(jié)趟佃,NSNumber對(duì)象16個(gè)字節(jié)(分配16字節(jié)默認(rèn)只使用了8個(gè)字節(jié)),總共24個(gè)字節(jié)太消耗資源了昧捷,所以引入了 Tagged Pointer闲昭,引入后指針大概就是圖上這樣,是不是完全看不懂應(yīng)該是做了混淆和一些運(yùn)算防(以前沒(méi)有這么復(fù)雜可能就是0x527靡挥,5就是值序矩,27可能代表NSNumber類型),值和類型隱藏在地址其中跋破,源碼當(dāng)中其實(shí)也解釋了簸淀。
* Tagged pointer objects.
* /// Tagged pointer對(duì)象將類和對(duì)象值存儲(chǔ)在對(duì)象指針中; “指針”實(shí)際上并不指向任何東西毒返。
* Tagged pointer objects store the class and the object value in the
* object pointer; the "pointer" does not actually point to anything.
*
* Tagged pointer objects currently use this representation:
* (LSB)
* 1 bit set if tagged, clear if ordinary object pointer
* 3 bits tag index
* 60 bits payload
* (MSB)
* The tag index defines the object's class.
* The payload format is defined by the object's class.
*
* If the tag index is 0b111, the tagged pointer object uses an
* "extended" representation, allowing more classes but with smaller payloads:
* (LSB)
* 1 bit set if tagged, clear if ordinary object pointer
* 3 bits 0b111
* 8 bits extended tag index
* 52 bits payload
* (MSB)
*
* Some architectures reverse the MSB and LSB in these representations.
*
* This representation is subject to change. Representation-agnostic SPI is:
* objc-internal.h for class implementers.
* objc-gdb.h for debuggers.
三租幕、如何判斷一個(gè)指針是否是Tagged Pointer
#if OBJC_MSB_TAGGED_POINTERS
# define _OBJC_TAG_MASK (1UL<<63)
#else
# define _OBJC_TAG_MASK 1UL
static inline bool _objc_isTaggedPointer(const void * _Nullable ptr)
{ /// _OBJC_TAG_MASK = 1
return ((uintptr_t)ptr & _OBJC_TAG_MASK) == _OBJC_TAG_MASK;
}
用地址值 & 上一個(gè)_OBJC_TAG_MASK值
思考以下2段代碼能發(fā)生什么事?有什么區(qū)別拧簸?
- (void)touchesBegan:(NSSet<UITouch *> *)touches withEvent:(UIEvent *)event {
NSLog(@"0---:%s",__func__);
dispatch_queue_t queue = dispatch_get_global_queue(0, 0);
for (int i = 0; i<10000; i++) {
dispatch_async(queue, ^{
/// NSTaggedPointerString
self.name = [NSString stringWithFormat:@"012345678"];
});
}
NSLog(@"1---:%s",__func__);
for (int i = 0; i<10000; i++) {
dispatch_async(queue, ^{
/// NSCFString
self.name = [NSString stringWithFormat:@"0123456789"];
});
}
NSLog(@"2---:%s",__func__);
}
/// 打印如下
2022-02-11 17:23:28.264620+0800 OCMJTestDemo[1348:483309] 0---:-[ViewController touchesBegan:withEvent:]
2022-02-11 17:23:28.586147+0800 OCMJTestDemo[1348:483309] 1---:-[ViewController touchesBegan:withEvent:]
2022-02-11 17:23:28.979591+0800 OCMJTestDemo[1348:483309] 2---:-[ViewController touchesBegan:withEvent:]
2022-02-11 17:23:28.991820+0800 OCMJTestDemo[1348:483322] *** -[CFString release]: message sent to deallocated instance 0x28028e240
下面的那塊循環(huán)代碼大概率會(huì)crash劲绪,報(bào)錯(cuò)壞內(nèi)存,因?yàn)槭?NSCFString 類型盆赤,理論上復(fù)制name的代碼是這樣的贾富,因?yàn)槭钱惒骄€程訪問(wèn),所以是有多個(gè)線程同時(shí)調(diào)用到_name = nil; 所以會(huì)出現(xiàn)壞內(nèi)存訪問(wèn)牺六,使用了已經(jīng)釋放的對(duì)象颤枪。Tagged Pointer 類型就不會(huì)出現(xiàn)這種情況,因?yàn)樗鼪](méi)有指向?qū)嵗龑?duì)象淑际,不會(huì)調(diào)用set方法畏纲,值都在指針里面扇住。
- (void)setName:(NSString *)name {
if (_name != name) {
_name = nil; /// [_name release];
_name = [name copy];
}
}