首地址偏移
从上一篇文章《OC中对象的本质》中可以知道类的源码如下:
struct objc_class : objc_object {
// Class ISA; //继承 objc_object 的ISA
Class superclass; // superclass
cache_t cache; // formerly cache pointer and vtable
class_data_bits_t bits; // class_rw_t * plus custom rr/alloc flags
}
本次我们具体探究class_data_bits_t bits;
我们可以通过首地址+指针偏移来获取到bits
先看下ISA是结构体指针8字节,superclass也是一样的8字节,cache是cache_t类型的,我们具体分析一下,先看下他的结构,如下:
typedef unsigned long uintptr_t;//8字节
typedef uint32_t mask_t; // x86_64 & arm64 asm are less efficient with 16-bits
struct cache_t {
private:
explicit_atomic<uintptr_t> _bucketsAndMaybeMask;//8 上面给出定义了
union {
struct {
explicit_atomic<mask_t> _maybeMask;//4 上面给出定义了
#if __LP64__
uint16_t _flags;//2
#endif
uint16_t _occupied;//2
};
explicit_atomic<preopt_cache_t *> _originalPreoptCache;//一看里面是<XXXX *>,就是指针,8字节
};
// 下面省略静态变量定义和一些函数,因为这些并不在结构体内存储,只有成员变量在结构体内存储。所以不占用结构体空间,没有大小,就省略掉了。
}
根据我们上次的文章《联合体和位域》可知:cache_t这个结构体的大小就是8+4+2+2=16或者是8+8=16两种情况。所以,不管那种情况,大小都是16字节;
综上:想获取bits的值,就是首地址偏移8+8+16=32字节。
我们先定义一个类,如下:
@interface ELPerson : NSObject
{
NSString *elname;
}
@property(nonatomic,copy)NSString *name;//8
@property(nonatomic,copy)NSString *nickName;//8
- (void)sayNB;
+ (void)say666;
@end
class_rw_t分析
我们先分析一下源码,然后再lldb调试验证结果:
我们发现在class_data_bits_t这个结构体里面有个class_rw_t这个结构体里面看到我们熟悉的method_array_t、property_array_t、protocol_array_t这些里面会不会存储着methods、properties呢?带着这些疑问,我们开始了探索
properties存储
(lldb)x/4gx ELPerson.class //先获取ELPerson类的指针地址
0x100008258: 0x0000000100008230 0x0000000100357140
0x100008268: 0x000000010034f390 0x0000802c00000000
(lldb)p (class_data_bits_t \*)0x100008278 //前面已经分析过了。直接+32位。就是0x100008258+0x20
(class_data_bits_t *) $1 = 0x0000000100008278
(lldb)p $1->data()
(class_rw_t *) $2 = 0x000000010220bbd0 //获取class_rw_t结构体
(lldb)p $2->properties() //获取properties()
(const property_array_t) $3 = { //可以对着源码看到里面的结构了
list_array_tt<property_t, property_list_t, RawPtr> = {
= {
list = {
ptr = 0x00000001000081e8
}
arrayAndFlag = 4295000552
}
}
}
(lldb)p $3.list
(const RawPtr<property_list_t>) $4 = {
ptr = 0x00000001000081e8
}
(lldb)p $4.ptr
(property_list_t *const) $5 = 0x00000001000081e8
(lldb)p *$5
(property_list_t) $6 = {
entsize_list_tt<property_t, property_list_t, 0, PointerModifierNop> = (entsizeAndFlags = 16, count = 2) //里面有两个属性,下面全部打印出来
}
(lldb) p $6.get(0) //get()方法是C++,array里面的默认方法
(property_t) $7 = (name = "name", attributes = "T@\"NSString\",C,N,V_name")
(lldb)p $6.get(1)
(property_t) $8 = (name = "nickName", attributes = "T@\"NSString\",C,N,V_nickName")
小结:properties的存储信息在 objc_class -> bits:(class_data_bits_t 类型) ->data():(class_rw_t 类型)->properties()里面
下面再打印一下methods
methods存储
(lldb)p $2->methods() //接上面打印
(const method_array_t) $9 = { //可以对着源码看到里面的结构了
list_array_tt<method_t, method_list_t, method_list_t_authed_ptr> = {
= {
list = {
ptr = 0x00000001000080e8
}
arrayAndFlag = 4295000296
}
}
}
(lldb)p $9.list.ptr
(method_list_t *const) $10 = 0x00000001000080e8
(lldb)p *$10
(method_list_t) $11 = {
entsize_list_tt<method_t, method_list_t, 4294901763, method_t::pointer_modifier> = (entsizeAndFlags = 27, count = 6)//看到里面有6个方法,下面全部打印出来
}
(lldb) p $11.get(0) //这个地方直接get()打印不出来我们想要的结果了,下面分析
(method_t) $12 = {}
(lldb) p $11.get(0).big()
(method_t::big) $13 = {
name = "sayNB"
types = 0x0000000100003f7f "v16@0:8"
imp = 0x0000000100003d10 (KCObjcBuild`-[ELPerson sayNB])
}
(lldb) p $11.get(1).big()
(method_t::big) $14 = {
name = ".cxx_destruct"
types = 0x0000000100003f7f "v16@0:8"
imp = 0x0000000100003e00 (KCObjcBuild`-[ELPerson .cxx_destruct])
}
(lldb) p $11.get(2).big()
(method_t::big) $15 = {
name = "name"
types = 0x0000000100003f93 "@16@0:8"
imp = 0x0000000100003d40 (KCObjcBuild`-[ELPerson name])
}
(lldb) p $11.get(3).big()
(method_t::big) $16 = {
name = "setName:"
types = 0x0000000100003f9b "v24@0:8@16"
imp = 0x0000000100003d70 (KCObjcBuild`-[ELPerson setName:])
}
**(lldb)** **p $11.get(4).big()**
(method_t::big) $17 = {
name = "setNickName:"
types = 0x0000000100003f9b "v24@0:8@16"
imp = 0x0000000100003dd0 (KCObjcBuild`-[ELPerson setNickName:])
}
(lldb) p $11.get(5).big()
(method_t::big) $18 = {
name = "nickName"
types = 0x0000000100003f93 "@16@0:8"
imp = 0x0000000100003da0 (KCObjcBuild`-[ELPerson nickName])
}
小结:methods的存储信息在 objc_class -> bits:(class_data_bits_t 类型) ->data():(class_rw_t 类型)->methods()里面
method_t 和property_t调用get()分析
struct property_t {
const char *name;
const char *attributes; //这个里面有name和attributes可以输出相关的信息
};
struct method_t { //这个里面什么都没有,但是里面有一个big结构体,它的里面有信息。可以通过big()获取
struct big {
SEL name;
const char *types;
MethodListIMP imp;
};
big &big() const {
ASSERT(!isSmall());
return *(struct big *)this;
}
ivars存储
我们继续找一下成员变量的存储位置,因为在属性的列表里面并没有看到成员变量的信息
(lldb) p $2->ro() //接上面我们打印一下ro()
(const class_ro_t *) $19 = 0x00000001000080a0
(lldb) p *$19
(const class_ro_t) $20 = { //看一下他里面的结构信息
flags = 388
instanceStart = 8
instanceSize = 32
reserved = 0
= {
ivarLayout = 0x0000000100003f27 "\x03"
nonMetaclass = 0x0000000100003f27
}
name = {
std::__1::atomic<const char *> = "ELPerson" {
Value = 0x0000000100003f1e "ELPerson"
}
}
baseMethodList = 0x00000001000080e8
baseProtocols = 0x0000000000000000
ivars = 0x0000000100008180 //我越看越像,打印它试试
weakIvarLayout = 0x0000000000000000
baseProperties = 0x00000001000081e8
_swiftMetadataInitializer_NEVER_USE = {}
}
(lldb)p $20.ivars
(const ivar_list_t *const) $21 = 0x0000000100008180
(lldb) p *$21
(const ivar_list_t) $22 = {
entsize_list_tt<ivar_t, ivar_list_t, 0, PointerModifierNop> = (entsizeAndFlags = 32, count = 3) //里面有3个成员变量,全部打印出来
}
(lldb) p $22.get(0)
(ivar_t) $23 = {
offset = 0x0000000100008218
name = 0x0000000100003f30 "elname" //我们要找的就是他,终于找出来了
type = 0x0000000100003f87 "@\"NSString\""
alignment_raw = 3
size = 8
}
(lldb) p $22.get(1)
(ivar_t) $24 = {
offset = 0x0000000100008220
name = 0x0000000100003f37 "_name"
type = 0x0000000100003f87 "@\"NSString\""
alignment_raw = 3
size = 8
}
(lldb) p $22.get(2)
(ivar_t) $25 = {
offset = 0x0000000100008228
name = 0x0000000100003f3d "_nickName"
type = 0x0000000100003f87 "@\"NSString\""
alignment_raw = 3
size = 8
}
小结:ivar的存储信息在 objc_class -> bits:(class_data_bits_t 类型) ->data():(class_rw_t 类型)->ro()里面,并且可以看出:属性也生成了带下划线的成员变量和set、get方法
即:@property = ivar + setter + getter
类方法存储
(lldb) x/4gx object_getClass(ELPerson.class) //获取ELPerson的元类
0x100008230: 0x00000001003570f0 0x00000001003570f0
0x100008240: 0x0000000101089940 0x0002e03500000003
(lldb) p (class_data_bits_t \*)0x100008250**
(class_data_bits_t *) $28 = 0x0000000100008250
(lldb)p $28->data()
(class_rw_t *) $31 = 0x000000010220bbb0
(lldb)p $31->methods() //获取里面的方法l列表
(const method_array_t) $32 = {
list_array_tt<method_t, method_list_t, method_list_t_authed_ptr> = {
= {
list = {
ptr = 0x0000000100008080
}
arrayAndFlag = 4295000192
}
}
}
(lldb) p $32.list.ptr
(method_list_t *const) $33 = 0x0000000100008080
(lldb)p *$33
(method_list_t) $34 = {
entsize_list_tt<method_t, method_list_t, 4294901763, method_t::pointer_modifier> = (entsizeAndFlags = 27, count = 1)
}
(lldb) p $34.get(0).big()
(method_t::big) $36 = { //就是我们要找的类方法
name = "say666"
types = 0x0000000100003f7f "v16@0:8"
imp = 0x0000000100003ce0 (KCObjcBuild`+[ELPerson say666])
}
小结:类方法不存在本类中,存在元类的方法列表中
扩展data()方法的实现
我们先看源码
#define FAST_DATA_MASK 0x00007ffffffffff8UL
class_rw_t* data() const {
return (class_rw_t *)(bits & FAST_DATA_MASK);
}
这个地方意味着,我们也可以用bits与上FAST_DATA_MASK来实现
(lldb) x/6gx ELPerson.class //此处打印6个出来。因为前面有32位,bits有8位
0x100008258: 0x0000000100008230 0x0000000100357140
0x100008268: 0x000000010034f390 0x0000802c00000000
0x100008278: 0x0000000100648da4 0x00000001000ac920
(lldb) p (class_data_bits_t \*)0x100008278
(class_data_bits_t *) $1 = 0x0000000100008278
(lldb) p $1->data()
(class_rw_t *) $2 = 0x0000000100648da0
(lldb) p/x 0x0000000100648da4 & 0x00007ffffffffff8
(long) $3 = 0x0000000100648da0 //我们发现$2和$3完全一样,自己实现正确
