main函数之前
在main函数中打断点,控制台输入bt查看当前main程序之前还有什么
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 10.1
* frame #0: 0x000000010e0253b6 001-alloc&init探索`main(argc=1, argv=0x00007ffee1bd9cd8) at main.m:13:16
frame #1: 0x00007fff51a231fd libdyld.dylib`start + 1
frame #2: 0x00007fff51a231fd libdyld.dylib`start + 1
设置符号断点:点击左下角+号---->Symbolic BreakPoint----->Symbol名字
0.gif
查看汇编
QQ20200913-180714@2x.png
断点后显示全的堆栈信息
0D399FFB-DDB7-46A8-A1E2-B523417A778B.png
viewdidload中断点
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 4.1
* frame #0: 0x000000010a778ed6 001-alloc&init探索`-[ViewController viewDidLoad](self=0x00007f8ae0608610, _cmd="viewDidLoad") at ViewController.m:29:20
frame #1: 0x00007fff485dbac2 UIKitCore`-[UIViewController _sendViewDidLoadWithAppearanceProxyObjectTaggingEnabled] + 83
frame #2: 0x00007fff485e09e0 UIKitCore`-[UIViewController loadViewIfRequired] + 1084
frame #3: 0x00007fff485e0dfd UIKitCore`-[UIViewController view] + 27
frame #4: 0x00007fff48cc435d UIKitCore`-[UIWindow addRootViewControllerViewIfPossible] + 326
frame #5: 0x00007fff48cc3986 UIKitCore`-[UIWindow _updateLayerOrderingAndSetLayerHidden:actionBlock:] + 219
frame #6: 0x00007fff48cc4a11 UIKitCore`-[UIWindow _setHidden:forced:] + 362
frame #7: 0x00007fff48cd7e4d UIKitCore`-[UIWindow _mainQueue_makeKeyAndVisible] + 42
frame #8: 0x00007fff48ef9d63 UIKitCore`-[UIWindowScene _makeKeyAndVisibleIfNeeded] + 202
frame #9: 0x00007fff481e7d60 UIKitCore`+[UIScene _sceneForFBSScene:create:withSession:connectionOptions:] + 1405
frame #10: 0x00007fff48c87d2d UIKitCore`-[UIApplication _connectUISceneFromFBSScene:transitionContext:] + 1019
frame #11: 0x00007fff48c88064 UIKitCore`-[UIApplication workspace:didCreateScene:withTransitionContext:completion:] + 291
frame #12: 0x00007fff487da8dc UIKitCore`-[UIApplicationSceneClientAgent scene:didInitializeWithEvent:completion:] + 361
frame #13: 0x00007fff36cacd2e FrontBoardServices`-[FBSSceneImpl _callOutQueue_agent_didCreateWithTransitionContext:completion:] + 419
frame #14: 0x00007fff36cd2dc1 FrontBoardServices`__86-[FBSWorkspaceScenesClient sceneID:createWithParameters:transitionContext:completion:]_block_invoke.154 + 102
frame #15: 0x00007fff36cb7757 FrontBoardServices`-[FBSWorkspace _calloutQueue_executeCalloutFromSource:withBlock:] + 220
frame #16: 0x00007fff36cd2a52 FrontBoardServices`__86-[FBSWorkspaceScenesClient sceneID:createWithParameters:transitionContext:completion:]_block_invoke + 355
frame #17: 0x000000010a9e8e8e libdispatch.dylib`_dispatch_client_callout + 8
frame #18: 0x000000010a9ebda2 libdispatch.dylib`_dispatch_block_invoke_direct + 300
frame #19: 0x00007fff36cf86e9 FrontBoardServices`__FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 30
frame #20: 0x00007fff36cf83d7 FrontBoardServices`-[FBSSerialQueue _queue_performNextIfPossible] + 441
frame #21: 0x00007fff36cf88e6 FrontBoardServices`-[FBSSerialQueue _performNextFromRunLoopSource] + 22
frame #22: 0x00007fff23da0d31 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
frame #23: 0x00007fff23da0c5c CoreFoundation`__CFRunLoopDoSource0 + 76
frame #24: 0x00007fff23da048c CoreFoundation`__CFRunLoopDoSources0 + 268
frame #25: 0x00007fff23d9b02e CoreFoundation`__CFRunLoopRun + 974
frame #26: 0x00007fff23d9a944 CoreFoundation`CFRunLoopRunSpecific + 404
frame #27: 0x00007fff38ba6c1a GraphicsServices`GSEventRunModal + 139
frame #28: 0x00007fff48c8b9ec UIKitCore`UIApplicationMain + 1605
frame #29: 0x000000010a77941a 001-alloc&init探索`main(argc=1, argv=0x00007ffee5485cd8) at main.m:18:12
frame #30: 0x00007fff51a231fd libdyld.dylib`start + 1
frame #31: 0x00007fff51a231fd libdyld.dylib`start + 1
底层内容:dyld启动加载动态库,libsystem,类-分类-方法-协议-属性-对象-runtime-runloop-kvc-kvo...
1.跟流程查看源码三种方法
//libobjc.A.dylib
//方法1:下断点 control + in
//方法2:下符号断点 libobjc.A.dylib`+[NSObject alloc]:
//方法3:汇编 libobjc.A.dylib objc_alloc
DCPerson *p1 = [DCPerson alloc];
DCPerson *p2 = [p1 init];
DCPerson *p3 = [p1 init];
DCNSLog(@"%@ - %p - %p",p1,p1,&p1);
DCNSLog(@"%@ - %p - %p",p2,p2,&p2);
DCNSLog(@"%@ - %p - %p",p3,p3,&p3);
//输出
<DCPerson: 0x600003e243b0> - 0x600003e243b0 - 0x7ffee5ce2148
<DCPerson: 0x600003e243b0> - 0x600003e243b0 - 0x7ffee5ce2140
<DCPerson: 0x600003e243b0> - 0x600003e243b0 - 0x7ffee5ce2138
一个对象指针占用的内存大小是8字节,0x7ffee5ce2148,0x7ffee5ce2140,0x7ffee5ce2138三个地址相差数字8,表示相差8字节还是8位?。
经过请教同事得到是相差8个字节,具体如下
一个内存地址占8字节,一个指针的大小在64位系统占8字节,在32位系统就是相差4字节,定义的DCPerson *才表示8个字节,地址表示你把东西存在哪个位置,具体的占用大小看定义的变量类型,
&p1就是void *类型,void *占8个字节,&p1表示用来存放指针变量的位置,0x7ffee5ce2140表示存放这个指针变量p1的地址的首地址,p1一共占用了8个字节的位置,分别是0x7ffee5ce2148 ~ 0x7ffee5ce214f,p2一共也占用了8个字节的位置,分别是0x7ffee5ce2140 ~ 0x7ffee5ce2147,p3一共占用了8个字节的位置,分别是0x7ffee5ce2138 ~ 0x7ffee5ce213f,
一个字节 表示8bit,两个十六进制的数字,表示一个字节,一个十六进制的数字表示4bit,一个十六进制能表示的范围0-f,f的二进制数是1111,0xF===1111,
十六进制代替二进制很方便,这个地址只是告诉从哪里取数据,内存的最小可分配单位是一个字节,给内存的每个位置编个号码,就是一个字节对应一个号码,这个号码是十六进制的挨着的连续的数字,打印出来的就只是一个编号,这个编号代表首地址,从它开始,至于怎么映射到计算机中的内存条中的内存的,映射过去,由操作系统决定
- 便于理解:定义三个BOOL类型,BOOL类型占用一共字节
BOOL b1 = YES;
BOOL b2 = YES;
BOOL b3 = NO;
DCNSLog(@"%p-%p",b1,&b1);
DCNSLog(@"%p-%p",b2,&b2);
DCNSLog(@"%p-%p",b3,&b3);
//输出
0x1-0x7ffeefbff50d
0x1-0x7ffeefbff50e
0x0-0x7ffeefbff50f
变量b1,b2,b3指向的内存区域为1个字节,存放变量的区域也为1个字节。
调试源码找到开辟空间的底层原理,使用最新的4.787.1源码,配置方式参考这篇文章iOS进阶-领略底层之美:objc4-787.1编译调试
若无法走到源码断点中,则进行如下设置target-->Build Settings-->Enable Hardened Runtime置为No;
Hardened@2x.png
若打的断点无法生效,则target-->Build Phases-->compile sources中main.m函数移到最前。
QQ20200926-105938@2x.png
- 1.alloc开辟空间16字节对齐
size_t fastInstanceSize(size_t extra) const
{
ASSERT(hasFastInstanceSize(extra));
if (__builtin_constant_p(extra) && extra == 0) {
return _flags & FAST_CACHE_ALLOC_MASK16;
} else {
size_t size = _flags & FAST_CACHE_ALLOC_MASK;
// remove the FAST_CACHE_ALLOC_DELTA16 that was added
// by setFastInstanceSize
return align16(size + extra - FAST_CACHE_ALLOC_DELTA16);
}
}
static inline size_t align16(size_t x) {
return (x + size_t(15)) & ~size_t(15);
}
通过算法确保16字节对齐:得到都是16的倍数,成为16字节对齐
2.gif
8 + 15 = 23
0000 0000 0000 1111 -------15
0000 0000 0001 0111 -------23
1111 1111 1111 0000 -------~15
-------------------
0000 0000 0001 0000 -------16
- 2.得到16字节的地址空间后,在没有执行
obj = (id)calloc(1, size);之前,obj并不指向具体的地址空间,还没有真正的开辟内存空间,执行obj = (id)calloc(1, size);后,得到内存地址,但还没有与DCPerson类相关联,执行obj->initInstanceIsa(cls, hasCxxDtor);将对象与分配的内存空间相关联。
static ALWAYS_INLINE id
_class_createInstanceFromZone(Class cls, size_t extraBytes, void *zone,
int construct_flags = OBJECT_CONSTRUCT_NONE,
bool cxxConstruct = true,
size_t *outAllocatedSize = nil)
{
ASSERT(cls->isRealized());
// Read class's info bits all at once for performance
bool hasCxxCtor = cxxConstruct && cls->hasCxxCtor();
bool hasCxxDtor = cls->hasCxxDtor();
bool fast = cls->canAllocNonpointer();
size_t size;
//计算需要开辟的内存大小
size = cls->instanceSize(extraBytes);
if (outAllocatedSize) *outAllocatedSize = size;
id obj;
if (zone) {
obj = (id)malloc_zone_calloc((malloc_zone_t *)zone, 1, size);
} else {
//申请内存空间
obj = (id)calloc(1, size);
}
if (slowpath(!obj)) {
if (construct_flags & OBJECT_CONSTRUCT_CALL_BADALLOC) {
return _objc_callBadAllocHandler(cls);
}
return nil;
}
if (!zone && fast) {
//将对象obj和cls关联
obj->initInstanceIsa(cls, hasCxxDtor);
} else {
// Use raw pointer isa on the assumption that they might be
// doing something weird with the zone or RR.
obj->initIsa(cls);
}
if (fastpath(!hasCxxCtor)) {
return obj;
}
construct_flags |= OBJECT_CONSTRUCT_FREE_ONFAILURE;
return object_cxxConstructFromClass(obj, cls, construct_flags);
}
alloc流程分析.png
如下图:
6.gif
init源码探索
CBPerson *p0 = [CBPerson alloc];
CBPerson *p1 = [p0 init];
CBPerson *p2 = [p0 init];
NSLog(@"%@-----%p------%p",p0,p0,&p0);
NSLog(@"%@-----%p------%p",p1,p1,&p1);
NSLog(@"%@-----%p------%p",p2,p2,&p2);
输出
2020-09-25 17:55:01.881409+0800 DCTestObjc[10287:456877] <CBPerson: 0x100725700>-----0x100725700------0x7ffeefbff5a0
2020-09-25 17:55:01.881513+0800 DCTestObjc[10287:456877] <CBPerson: 0x100725700>-----0x100725700------0x7ffeefbff580
2020-09-25 17:55:01.881568+0800 DCTestObjc[10287:456877] <CBPerson: 0x100725700>-----0x100725700------0x7ffeefbff588
- (id)init {
return _objc_rootInit(self);
}
id
_objc_rootInit(id obj)
{
// In practice, it will be hard to rely on this function.
// Many classes do not properly chain -init calls.
return obj;
}
init源码流程图.png
new源码探索
new = alloc + init
+ (id)new {
return [callAlloc(self, false/*checkNil*/) init];
}
static ALWAYS_INLINE id
callAlloc(Class cls, bool checkNil, bool allocWithZone=false)
{
#if __OBJC2__
if (slowpath(checkNil && !cls)) return nil;
if (fastpath(!cls->ISA()->hasCustomAWZ())) {
return _objc_rootAllocWithZone(cls, nil);
}
#endif
// No shortcuts available.
if (allocWithZone) {
return ((id(*)(id, SEL, struct _NSZone *))objc_msgSend)(cls, @selector(allocWithZone:), nil);
}
return ((id(*)(id, SEL))objc_msgSend)(cls, @selector(alloc));
}
- 对象创建的方式一般采用init的方式,为了可以重写初始化自定义内容。
对象init后给属性赋值
x/4gx p1表示以16进制打印对象的内存地址,每次打印4个分两排显示
DCPerson *p1 = [DCPerson alloc];
p1.name = @"cloud";
p1.nickName = @"fish";
DCNSLog(@"%@ - %p - %p",p1,p1,&p1);
(lldb) po size
32
(lldb) x p1
0x100738f20: 15 23 00 00 01 80 1d 00 18 10 00 00 01 00 00 00 .#..............
0x100738f30: 38 10 00 00 01 00 00 00 00 00 00 00 00 00 00 00 8...............
(lldb) po 0x001d800100002315
8303516107940629
(lldb) po 0x0000000100001018
cloud
(lldb) po 0x0000000100001038
fish
(lldb) x/4gx p1
0x100738f20: 0x001d800100002315 0x0000000100001018
0x100738f30: 0x0000000100001038 0x0000000000000000
(lldb) po 0x100738f20
<DCPerson: 0x100738f20>
3.gif
QQ20200926-174201@2x.png
0x100738f20和0x100738f30中间相差16个字节,0x001d800100002315和0x0000000100001018表示8字节内存的首地址,实质上中间还有一个8字节的内存地址,因为一排打印两个 苹果规定了 lldb 的显示0x100738f20+8 = 0x100738f28。0x100738f20代表对象p1的内存地址的首地址,可以拿到isa指针。
x是读取内存的命令,x/4gx中第一个x是读取内存命令,后面的g是每次读取8字节,x的意思是16进制显示结果,4表示连续打印4段。
