在我們探索class的底層時,我們追蹤到objc_class的源碼,其中重要結(jié)構(gòu)為
struct objc_class : objc_object {
// Class ISA;
Class superclass;
cache_t cache; // formerly cache pointer and vtable
class_data_bits_t bits; // class_rw_t * plus custom rr/alloc flags
}
可以看出四個最重要的模塊
- isa (注釋掉并不是說沒有,只是提醒這里繼承了objc_object的isa屬性)
- superclass (父類)
- cache (緩存)
- bits (方法變量等數(shù)據(jù))
當(dāng)研究節(jié)點(diǎn)到今天時,我們已經(jīng)研究了isa 和bits 的結(jié)構(gòu) 而superclass 依舊是一個class的屬性 so我們還剩下一個cache_t 類型的cache還沒有分析。
所以,今天的任務(wù),就是分析cache的結(jié)構(gòu)
cache_t lldb 分析
在我們之前的研究過程中,lldb都是我們的三板斧之一,簡單,暴力,直觀。所以今天我們繼續(xù)用lldb分析
(項(xiàng)目基于objc的公開源碼 781版本 同時項(xiàng)目直接在mac上運(yùn)行)
@interface FQPerson : NSObject
@property (nonatomic, strong) NSString * name;
@property (nonatomic, strong) NSString * nikeName;
-(void)sayHelloWorld;
-(void)eat1;
-(void)eat2;
-(void)eat3;
-(void)eat4;
-(void)eat5;
-(void)eat6;
+(void)cry;
@end
測試的類 在.m文件中實(shí)現(xiàn)這三個方法。
int main(int argc, const char * argv[]) {
@autoreleasepool {
// insert code here...
FQPerson *person = [FQPerson alloc];
Class personClass = [FQPerson class];
[person eat1];
[person sayHelloWorld];
NSLog(@"%@",personClass);
}
return 0;
}
測試的入口
我們在[person eat];前下一個斷點(diǎn)
開始我們的lldb嘗試
通過我們之前的內(nèi)存地址平移的方式,我們可以獲取到cache的指針地址,并打印其中內(nèi)容
cache_t打印.jpg
從打印結(jié)果,我們可以看出cache_t的主要結(jié)構(gòu)為
_buckets,
_mask,
_flags,
-
_occupied
cache_t結(jié)構(gòu)圖.jpg
從bucket_t的內(nèi)容中,我們看到了sel和imp
而我們知道Sel和Imp和方法有關(guān)。
所以我們猜測cache緩存了方法相關(guān)的數(shù)據(jù)
于是,我們讓運(yùn)行[person eat1];
隨后,我們繼續(xù)打印cache_t
(lldb) p * $1
(cache_t) $3 = {
_buckets = {
std::__1::atomic<bucket_t *> = 0x0000000101906470 {
_sel = {
std::__1::atomic<objc_selector *> = ""
}
_imp = {
std::__1::atomic<unsigned long> = 8560
}
}
}
_mask = {
std::__1::atomic<unsigned int> = 3
}
_flags = 32804
_occupied = 1
}
此時_sel由Null變?yōu)榱?"
_mask變?yōu)榱?strong>3
_occupied增加了1
可見確實(shí)在執(zhí)行方法的過程中,在cache中存儲了數(shù)據(jù)
現(xiàn)在,我們嘗試打印其中可能儲存的方法信息
方法打印.jpg
可見cache_t中確實(shí)儲存了調(diào)用過的方法信息
同時,我們使用machOView也可以驗(yàn)證我們存儲的方法
machOView打印.jpg
cache_t代碼分析
我們在lldb的分析中得到了一些成果
- cache_t中確實(shí)儲存了方法信息
- 方法信息以Sel和Imp對的方式存在_buckets中。
但也存在很多問題,
- 緩存的存儲伴隨增刪改查,這些是如何實(shí)現(xiàn)的?
- _mask,_occupied,_flags這些參數(shù)有什么作用?
現(xiàn)在,源碼在手的優(yōu)勢就來了,讓我們分析一下源碼
struct cache_t {
#if CACHE_MASK_STORAGE == CACHE_MASK_STORAGE_OUTLINED
explicit_atomic<struct bucket_t *> _buckets;
explicit_atomic<mask_t> _mask;
#elif CACHE_MASK_STORAGE == CACHE_MASK_STORAGE_HIGH_16
explicit_atomic<uintptr_t> _maskAndBuckets;
mask_t _mask_unused;
// How much the mask is shifted by.
static constexpr uintptr_t maskShift = 48;
// Additional bits after the mask which must be zero. msgSend
// takes advantage of these additional bits to construct the value
// `mask << 4` from `_maskAndBuckets` in a single instruction.
static constexpr uintptr_t maskZeroBits = 4;
// The largest mask value we can store.
static constexpr uintptr_t maxMask = ((uintptr_t)1 << (64 - maskShift)) - 1;
// The mask applied to `_maskAndBuckets` to retrieve the buckets pointer.
static constexpr uintptr_t bucketsMask = ((uintptr_t)1 << (maskShift - maskZeroBits)) - 1;
// Ensure we have enough bits for the buckets pointer.
static_assert(bucketsMask >= MACH_VM_MAX_ADDRESS, "Bucket field doesn't have enough bits for arbitrary pointers.");
#elif CACHE_MASK_STORAGE == CACHE_MASK_STORAGE_LOW_4
// _maskAndBuckets stores the mask shift in the low 4 bits, and
// the buckets pointer in the remainder of the value. The mask
// shift is the value where (0xffff >> shift) produces the correct
// mask. This is equal to 16 - log2(cache_size).
explicit_atomic<uintptr_t> _maskAndBuckets;
mask_t _mask_unused;
static constexpr uintptr_t maskBits = 4;
static constexpr uintptr_t maskMask = (1 << maskBits) - 1;
static constexpr uintptr_t bucketsMask = ~maskMask;
#else
#error Unknown cache mask storage type.
#endif
#if __LP64__
uint16_t _flags;
#endif
uint16_t _occupied;
public:
static bucket_t *emptyBuckets();
struct bucket_t *buckets();
mask_t mask();
mask_t occupied();
void incrementOccupied();
void setBucketsAndMask(struct bucket_t *newBuckets, mask_t newMask);
void initializeToEmpty();
unsigned capacity();
bool isConstantEmptyCache();
bool canBeFreed();
#if __LP64__
bool getBit(uint16_t flags) const {
return _flags & flags;
}
void setBit(uint16_t set) {
__c11_atomic_fetch_or((_Atomic(uint16_t) *)&_flags, set, __ATOMIC_RELAXED);
}
void clearBit(uint16_t clear) {
__c11_atomic_fetch_and((_Atomic(uint16_t) *)&_flags, ~clear, __ATOMIC_RELAXED);
}
#endif
#if FAST_CACHE_ALLOC_MASK
bool hasFastInstanceSize(size_t extra) const
{
if (__builtin_constant_p(extra) && extra == 0) {
return _flags & FAST_CACHE_ALLOC_MASK16;
}
return _flags & FAST_CACHE_ALLOC_MASK;
}
size_t fastInstanceSize(size_t extra) const
{
ASSERT(hasFastInstanceSize(extra));
if (__builtin_constant_p(extra) && extra == 0) {
return _flags & FAST_CACHE_ALLOC_MASK16;
} else {
size_t size = _flags & FAST_CACHE_ALLOC_MASK;
// remove the FAST_CACHE_ALLOC_DELTA16 that was added
// by setFastInstanceSize
return align16(size + extra - FAST_CACHE_ALLOC_DELTA16);
}
}
void setFastInstanceSize(size_t newSize)
{
// Set during realization or construction only. No locking needed.
uint16_t newBits = _flags & ~FAST_CACHE_ALLOC_MASK;
uint16_t sizeBits;
// Adding FAST_CACHE_ALLOC_DELTA16 allows for FAST_CACHE_ALLOC_MASK16
// to yield the proper 16byte aligned allocation size with a single mask
sizeBits = word_align(newSize) + FAST_CACHE_ALLOC_DELTA16;
sizeBits &= FAST_CACHE_ALLOC_MASK;
if (newSize <= sizeBits) {
newBits |= sizeBits;
}
_flags = newBits;
}
#else
bool hasFastInstanceSize(size_t extra) const {
return false;
}
size_t fastInstanceSize(size_t extra) const {
abort();
}
void setFastInstanceSize(size_t extra) {
// nothing
}
#endif
static size_t bytesForCapacity(uint32_t cap);
static struct bucket_t * endMarker(struct bucket_t *b, uint32_t cap);
void reallocate(mask_t oldCapacity, mask_t newCapacity, bool freeOld);
void insert(Class cls, SEL sel, IMP imp, id receiver);
static void bad_cache(id receiver, SEL sel, Class isa) __attribute__((noreturn, cold));
};
其中相關(guān)宏定義
20200918014301.jpg
于是,我們可以首先得到不同框架環(huán)境下cacha_t的中的屬性并不相同,最大區(qū)別為真機(jī)中_maskAndBuckets mask和buckets 存在同一個地方而非真機(jī)中是分開存儲的
真機(jī)和非真機(jī)結(jié)構(gòu)簡圖.jpg
同時,我們也看到了一些值得我們研究的方法
void reallocate(mask_t oldCapacity, mask_t newCapacity, bool freeOld);
void insert(Class cls, SEL sel, IMP imp, id receiver);
由此,我們來分別研究一下。
void reallocate(mask_t oldCapacity, mask_t newCapacity, bool freeOld);
顯然,這個是向系統(tǒng)申請開辟內(nèi)存空間的過程
void cache_t::reallocate(mask_t oldCapacity, mask_t newCapacity, bool freeOld)
{
bucket_t *oldBuckets = buckets();
bucket_t *newBuckets = allocateBuckets(newCapacity);
// Cache's old contents are not propagated.
// This is thought to save cache memory at the cost of extra cache fills.
// fixme re-measure this
ASSERT(newCapacity > 0);
ASSERT((uintptr_t)(mask_t)(newCapacity-1) == newCapacity-1);
setBucketsAndMask(newBuckets, newCapacity - 1);
if (freeOld) {
cache_collect_free(oldBuckets, oldCapacity);
}
}
簡化成流程圖為
reallocate流程.png
中間_occupied 會被賦值為0 ,這就是為什么擴(kuò)容后,_occupied 的值不會等于調(diào)用的方法數(shù)。
解釋一下這里為什么不保留原先的數(shù)據(jù)。
舉個例子,你買了一個小戶型的房子,你住了一段時間家里人增加了,想換個大點(diǎn)的房子,這時候你并不是把墻敲了直接再蓋兩間就行了,因?yàn)槟愀舯诳赡芤呀?jīng)被分配給別人了,只能在別的空地上再給你建一棟足夠大的房子,那這樣,你之前的房子其實(shí)跟現(xiàn)在的房子并沒有關(guān)系,如果數(shù)據(jù)全部遷移也會麻煩很多。因?yàn)檫@里的數(shù)據(jù)是緩存數(shù)據(jù),并不是不能丟失的,所以直接丟棄,只開辟新空間。
void insert(Class cls, SEL sel, IMP imp, id receiver);
這個是向cache中存儲的方法,也是我們最需要研究的方法
void cache_t::insert(Class cls, SEL sel, IMP imp, id receiver)
{
#if CONFIG_USE_CACHE_LOCK
cacheUpdateLock.assertLocked();
#else
runtimeLock.assertLocked();
#endif
ASSERT(sel != 0 && cls->isInitialized());
// Use the cache as-is if it is less than 3/4 full
mask_t newOccupied = occupied() + 1;
unsigned oldCapacity = capacity(), capacity = oldCapacity;
if (slowpath(isConstantEmptyCache())) {
// Cache is read-only. Replace it.
if (!capacity) capacity = INIT_CACHE_SIZE;
reallocate(oldCapacity, capacity, /* freeOld */false);
}
else if (fastpath(newOccupied + CACHE_END_MARKER <= capacity / 4 * 3)) {
// Cache is less than 3/4 full. Use it as-is.
}
else {
capacity = capacity ? capacity * 2 : INIT_CACHE_SIZE;
if (capacity > MAX_CACHE_SIZE) {
capacity = MAX_CACHE_SIZE;
}
reallocate(oldCapacity, capacity, true);
}
bucket_t *b = buckets();
mask_t m = capacity - 1;
mask_t begin = cache_hash(sel, m);
mask_t i = begin;
// Scan for the first unused slot and insert there.
// There is guaranteed to be an empty slot because the
// minimum size is 4 and we resized at 3/4 full.
do {
if (fastpath(b[i].sel() == 0)) {
incrementOccupied();
b[i].set<Atomic, Encoded>(sel, imp, cls);
return;
}
if (b[i].sel() == sel) {
// The entry was added to the cache by some other thread
// before we grabbed the cacheUpdateLock.
return;
}
} while (fastpath((i = cache_next(i, m)) != begin));
cache_t::bad_cache(receiver, (SEL)sel, cls);
}
我們再次簡化成流程圖
cache_t insert分析.jpg
先判斷是否有空間,如果沒有直接默認(rèn)申請4個空間
如果本身已有空間,判斷newOccupied + CACHE_END_MARKER <= capacity / 4 * 3
如果滿足,直接對bucket賦值
如果不滿足,則2倍擴(kuò)容。 然后清理空間
然后存儲bucket。
bucket存儲 流程
buckets賦值流程.png
至此,我們大概分析了cache_t的結(jié)構(gòu)和 數(shù)據(jù)存儲的流程總圖為
cache_t流程-2.png
以及總結(jié)我們之前的問題 _occupied 為當(dāng)前緩存中的計(jì)數(shù) _mask 為當(dāng)前申請的空間數(shù)-1.
