iOS底層探索 -- cache_t的結構 和 insert流程分析

在我們探索class的底層時,我們追蹤到objc_class的源碼,其中重要結構為


struct objc_class : objc_object {
    // Class ISA;
    Class superclass;
    cache_t cache;             // formerly cache pointer and vtable
    class_data_bits_t bits;    // class_rw_t * plus custom rr/alloc flags
}

可以看出四個最重要的模塊

  1. isa (注釋掉并不是說沒有,只是提醒這里繼承了objc_objectisa屬性)
  2. superclass (父類)
  3. cache (緩存)
  4. bits (方法變量等數據)

當研究節點到今天時,我們已經研究了isabits 的結構 而superclass 依舊是一個class的屬性 so我們還剩下一個cache_t 類型的cache還沒有分析。

所以,今天的任務,就是分析cache的結構

cache_t lldb 分析

在我們之前的研究過程中,lldb都是我們的三板斧之一,簡單,暴力,直觀。所以今天我們繼續用lldb分析
(項目基于objc的公開源碼 781版本 同時項目直接在mac上運行)

@interface FQPerson : NSObject
@property (nonatomic, strong) NSString * name;
@property (nonatomic, strong) NSString * nikeName;
-(void)sayHelloWorld;
-(void)eat1;
-(void)eat2;
-(void)eat3;
-(void)eat4;
-(void)eat5;
-(void)eat6;
+(void)cry;
@end

測試的類 在.m文件中實現這三個方法。

int main(int argc, const char * argv[]) {
    @autoreleasepool {
        // insert code here...
        FQPerson *person = [FQPerson alloc];
        Class personClass = [FQPerson class];
        [person eat1];
        [person sayHelloWorld];
        NSLog(@"%@",personClass);
    }
    return 0;
}

測試的入口
我們在[person eat];前下一個斷點
開始我們的lldb嘗試
通過我們之前的內存地址平移的方式,我們可以獲取到cache的指針地址,并打印其中內容

cache_t打印.jpg

從打印結果,我們可以看出cache_t的主要結構為

  1. _buckets,

  2. _mask,

  3. _flags,

  4. _occupied

    cache_t結構圖.jpg

bucket_t的內容中,我們看到了selimp

而我們知道SelImp和方法有關。

所以我們猜測cache緩存了方法相關的數據

于是,我們讓運行[person eat1];

隨后,我們繼續打印cache_t

(lldb) p * $1
(cache_t) $3 = {
  _buckets = {
    std::__1::atomic<bucket_t *> = 0x0000000101906470 {
      _sel = {
        std::__1::atomic<objc_selector *> = ""
      }
      _imp = {
        std::__1::atomic<unsigned long> = 8560
      }
    }
  }
  _mask = {
    std::__1::atomic<unsigned int> = 3
  }
  _flags = 32804
  _occupied = 1
}

此時_selNull變為了""

_mask變為了3

_occupied增加了1

可見確實在執行方法的過程中,在cache中存儲了數據

現在,我們嘗試打印其中可能儲存的方法信息

方法打印.jpg

可見cache_t中確實儲存了調用過的方法信息

同時,我們使用machOView也可以驗證我們存儲的方法

machOView打印.jpg

cache_t代碼分析

我們在lldb的分析中得到了一些成果

  1. cache_t中確實儲存了方法信息
  2. 方法信息以SelImp對的方式存在_buckets中。

但也存在很多問題,

  1. 緩存的存儲伴隨增刪改查,這些是如何實現的?
  2. _mask,_occupied,_flags這些參數有什么作用?

現在,源碼在手的優勢就來了,讓我們分析一下源碼

struct cache_t {
#if CACHE_MASK_STORAGE == CACHE_MASK_STORAGE_OUTLINED
    explicit_atomic<struct bucket_t *> _buckets;
    explicit_atomic<mask_t> _mask;
#elif CACHE_MASK_STORAGE == CACHE_MASK_STORAGE_HIGH_16
    explicit_atomic<uintptr_t> _maskAndBuckets;
    mask_t _mask_unused;
    
    // How much the mask is shifted by.
    static constexpr uintptr_t maskShift = 48;
    
    // Additional bits after the mask which must be zero. msgSend
    // takes advantage of these additional bits to construct the value
    // `mask << 4` from `_maskAndBuckets` in a single instruction.
    static constexpr uintptr_t maskZeroBits = 4;
    
    // The largest mask value we can store.
    static constexpr uintptr_t maxMask = ((uintptr_t)1 << (64 - maskShift)) - 1;
    
    // The mask applied to `_maskAndBuckets` to retrieve the buckets pointer.
    static constexpr uintptr_t bucketsMask = ((uintptr_t)1 << (maskShift - maskZeroBits)) - 1;
    
    // Ensure we have enough bits for the buckets pointer.
    static_assert(bucketsMask >= MACH_VM_MAX_ADDRESS, "Bucket field doesn't have enough bits for arbitrary pointers.");
#elif CACHE_MASK_STORAGE == CACHE_MASK_STORAGE_LOW_4
    // _maskAndBuckets stores the mask shift in the low 4 bits, and
    // the buckets pointer in the remainder of the value. The mask
    // shift is the value where (0xffff >> shift) produces the correct
    // mask. This is equal to 16 - log2(cache_size).
    explicit_atomic<uintptr_t> _maskAndBuckets;
    mask_t _mask_unused;

    static constexpr uintptr_t maskBits = 4;
    static constexpr uintptr_t maskMask = (1 << maskBits) - 1;
    static constexpr uintptr_t bucketsMask = ~maskMask;
#else
#error Unknown cache mask storage type.
#endif
    
#if __LP64__
    uint16_t _flags;
#endif
    uint16_t _occupied;

public:
    static bucket_t *emptyBuckets();
    
    struct bucket_t *buckets();
    mask_t mask();
    mask_t occupied();
    void incrementOccupied();
    void setBucketsAndMask(struct bucket_t *newBuckets, mask_t newMask);
    void initializeToEmpty();

    unsigned capacity();
    bool isConstantEmptyCache();
    bool canBeFreed();

#if __LP64__
    bool getBit(uint16_t flags) const {
        return _flags & flags;
    }
    void setBit(uint16_t set) {
        __c11_atomic_fetch_or((_Atomic(uint16_t) *)&_flags, set, __ATOMIC_RELAXED);
    }
    void clearBit(uint16_t clear) {
        __c11_atomic_fetch_and((_Atomic(uint16_t) *)&_flags, ~clear, __ATOMIC_RELAXED);
    }
#endif

#if FAST_CACHE_ALLOC_MASK
    bool hasFastInstanceSize(size_t extra) const
    {
        if (__builtin_constant_p(extra) && extra == 0) {
            return _flags & FAST_CACHE_ALLOC_MASK16;
        }
        return _flags & FAST_CACHE_ALLOC_MASK;
    }

    size_t fastInstanceSize(size_t extra) const
    {
        ASSERT(hasFastInstanceSize(extra));

        if (__builtin_constant_p(extra) && extra == 0) {
            return _flags & FAST_CACHE_ALLOC_MASK16;
        } else {
            size_t size = _flags & FAST_CACHE_ALLOC_MASK;
            // remove the FAST_CACHE_ALLOC_DELTA16 that was added
            // by setFastInstanceSize
            return align16(size + extra - FAST_CACHE_ALLOC_DELTA16);
        }
    }

    void setFastInstanceSize(size_t newSize)
    {
        // Set during realization or construction only. No locking needed.
        uint16_t newBits = _flags & ~FAST_CACHE_ALLOC_MASK;
        uint16_t sizeBits;

        // Adding FAST_CACHE_ALLOC_DELTA16 allows for FAST_CACHE_ALLOC_MASK16
        // to yield the proper 16byte aligned allocation size with a single mask
        sizeBits = word_align(newSize) + FAST_CACHE_ALLOC_DELTA16;
        sizeBits &= FAST_CACHE_ALLOC_MASK;
        if (newSize <= sizeBits) {
            newBits |= sizeBits;
        }
        _flags = newBits;
    }
#else
    bool hasFastInstanceSize(size_t extra) const {
        return false;
    }
    size_t fastInstanceSize(size_t extra) const {
        abort();
    }
    void setFastInstanceSize(size_t extra) {
        // nothing
    }
#endif

    static size_t bytesForCapacity(uint32_t cap);
    static struct bucket_t * endMarker(struct bucket_t *b, uint32_t cap);

    void reallocate(mask_t oldCapacity, mask_t newCapacity, bool freeOld);
    void insert(Class cls, SEL sel, IMP imp, id receiver);

    static void bad_cache(id receiver, SEL sel, Class isa) __attribute__((noreturn, cold));
};

其中相關宏定義


20200918014301.jpg

于是,我們可以首先得到不同框架環境下cacha_t的中的屬性并不相同,最大區別為真機中_maskAndBuckets maskbuckets 存在同一個地方而非真機中是分開存儲的

真機和非真機結構簡圖.jpg

同時,我們也看到了一些值得我們研究的方法

void reallocate(mask_t oldCapacity, mask_t newCapacity, bool freeOld);
void insert(Class cls, SEL sel, IMP imp, id receiver);

由此,我們來分別研究一下。

void reallocate(mask_t oldCapacity, mask_t newCapacity, bool freeOld);

顯然,這個是向系統申請開辟內存空間的過程

void cache_t::reallocate(mask_t oldCapacity, mask_t newCapacity, bool freeOld)
{
    bucket_t *oldBuckets = buckets();
    bucket_t *newBuckets = allocateBuckets(newCapacity);

    // Cache's old contents are not propagated. 
    // This is thought to save cache memory at the cost of extra cache fills.
    // fixme re-measure this

    ASSERT(newCapacity > 0);
    ASSERT((uintptr_t)(mask_t)(newCapacity-1) == newCapacity-1);

    setBucketsAndMask(newBuckets, newCapacity - 1);
    
    if (freeOld) {
        cache_collect_free(oldBuckets, oldCapacity);
    }
}

簡化成流程圖為


reallocate流程.png

中間_occupied 會被賦值為0 ,這就是為什么擴容后,_occupied 的值不會等于調用的方法數。

解釋一下這里為什么不保留原先的數據
舉個例子,你買了一個小戶型的房子,你住了一段時間家里人增加了,想換個大點的房子,這時候你并不是把墻敲了直接再蓋兩間就行了,因為你隔壁可能已經被分配給別人了,只能在別的空地上再給你建一棟足夠大的房子,那這樣,你之前的房子其實跟現在的房子并沒有關系,如果數據全部遷移也會麻煩很多。因為這里的數據是緩存數據,并不是不能丟失的,所以直接丟棄,只開辟新空間。

void insert(Class cls, SEL sel, IMP imp, id receiver);

這個是向cache中存儲的方法,也是我們最需要研究的方法

void cache_t::insert(Class cls, SEL sel, IMP imp, id receiver)
{
#if CONFIG_USE_CACHE_LOCK
    cacheUpdateLock.assertLocked();
#else
    runtimeLock.assertLocked();
#endif

    ASSERT(sel != 0 && cls->isInitialized());

    // Use the cache as-is if it is less than 3/4 full
    mask_t newOccupied = occupied() + 1;
    unsigned oldCapacity = capacity(), capacity = oldCapacity;
    if (slowpath(isConstantEmptyCache())) {
        // Cache is read-only. Replace it.
        if (!capacity) capacity = INIT_CACHE_SIZE;
        reallocate(oldCapacity, capacity, /* freeOld */false);
    }
    else if (fastpath(newOccupied + CACHE_END_MARKER <= capacity / 4 * 3)) {
        // Cache is less than 3/4 full. Use it as-is.
    }
    else {
        capacity = capacity ? capacity * 2 : INIT_CACHE_SIZE;
        if (capacity > MAX_CACHE_SIZE) {
            capacity = MAX_CACHE_SIZE;
        }
        reallocate(oldCapacity, capacity, true);
    }

    bucket_t *b = buckets();
    mask_t m = capacity - 1;
    mask_t begin = cache_hash(sel, m);
    mask_t i = begin;

    // Scan for the first unused slot and insert there.
    // There is guaranteed to be an empty slot because the
    // minimum size is 4 and we resized at 3/4 full.
    do {
        if (fastpath(b[i].sel() == 0)) {
            incrementOccupied();
            b[i].set<Atomic, Encoded>(sel, imp, cls);
            return;
        }
        if (b[i].sel() == sel) {
            // The entry was added to the cache by some other thread
            // before we grabbed the cacheUpdateLock.
            return;
        }
    } while (fastpath((i = cache_next(i, m)) != begin));

    cache_t::bad_cache(receiver, (SEL)sel, cls);
}

我們再次簡化成流程圖


cache_t insert分析.jpg

  1. 先判斷是否有空間,如果沒有直接默認申請4個空間

  2. 如果本身已有空間,判斷newOccupied + CACHE_END_MARKER <= capacity / 4 * 3

  3. 如果滿足,直接對bucket賦值

  4. 如果不滿足,則2倍擴容。 然后清理空間

  5. 然后存儲bucket。

bucket存儲 流程

buckets賦值流程.png

至此,我們大概分析了cache_t的結構和 數據存儲的流程總圖為


cache_t流程-2.png

以及總結我們之前的問題 _occupied 為當前緩存中的計數 _mask 為當前申請的空間數-1.

最后編輯于
?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。