核心代码分析:
自定义Dealloc:
- (void)newDealloc:(__unsafe_unretained id)obj {
if ([self shouldDetect:[obj class]]) {
void *p = (__bridge void *)obj;
size_t memSize = malloc_size(p);
if (memSize >= [DDZombie zombieInstanceSize]) {//有足够的空间才覆盖
Class origClass = object_getClass(obj);
///析构对象
objc_destructInstance(obj);
///填充0x55能稍微提升一些crash率
memset(p, 0x55, memSize);
memset(p, 0x00, [DDZombie zombieInstanceSize]);
///把我们自己的类的isa复制过去
Class c = [DDZombie zombieIsa];
memcpy(obj, &c, sizeof(void*));
DDZombie* zombie = (DDZombie*)p;
zombie.realClass = origClass;
//默认为true,即:默认会记录当前僵尸对象释放时的调用栈
if (_traceDeallocStack) {
DDThreadStack *stack = hy_getCurrentStack();
zombie.threadStack = stack;
memSize += stack->occupyMemorySize();
}
//check是否达到内存阈值,达到阈值需要释放一部分内存
[self freeMemoryIfNeed];
//更新内存占用值:_occupyMemorySize
__sync_fetch_and_add(&_occupyMemorySize, (int)memSize);
//如果保存僵尸对象的队列满了,先将队头的僵尸对象移除并释放内存,再将当前僵尸对象入队。
void *item = ds_queue_put_pop_first_item_if_need(_delayFreeQueue, p);
if (item) {
[self freeZombieObject:item];
}
} else {
[obj performSelector:@selector(hy_originalDealloc)];
}
} else {
[obj performSelector:@selector(hy_originalDealloc)];
}
}
流程总结 & 验证:
1、析构对象
2、给指针内容填充上0x55
image
3、把DDZombie的isa复制到obj指针中
image
4、将obj原来的类型赋值给僵尸对象的realClass字段
image
