底层

iOS-OC底层04:类结构分析

2020-09-14  本文已影响0人  MonKey_Money

类结构分析

通过lldb来分析类结构

        LGPerson *objc2 = [LGPerson alloc];

查看objc2的内存情况

(lldb) x/4gx objc2  //查看objc2的内存情况
0x1006477b0: 0x001d8001000021b5 0x0000000100001010
0x1006477c0: 0x50626154534e5b2d 0x65695672656b6369
(lldb) p/x objc2       //查看objc2的首地址
(LGPerson *) $14 = 0x00000001006477b0
//通过mask ,查看所属的类
(lldb) p/x 0x001d8001000021b5 & 0x00007ffffffffff8ULL  
(unsigned long long) $15 = 0x00000001000021b0
(lldb) po 0x00000001000021b0
LGPerson
(lldb) x/4gx 0x00000001000021b0 //查看LGPerson类的内存分布
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010064c2f0 0x0004801c00000007

(lldb) x/4gx LGPerson.class //直接读取LGPerson类的内存分布,和上面相同
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010064c2f0 0x0004801c00000007

(lldb) x/4gx object_getClass(objc2) 和上面两个相同
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010064c2f0 0x0004801c00000007

(lldb) po 0x0000000100002188 //查看类对象的isa  就是元类
LGPerson
//查看类对象的isa   就是元类 。元类  对象的isa是类,类的isa是元类
(lldb) po 0x0000000100002188 & 0x00007ffffffffff8ULL  
LGPerson

(lldb) x/4gx 0x0000000100002188 //查看元类的内存分布
0x100002188: 0x00000001003340f0 0x00000001003340f0
0x100002198: 0x000000010064c730 0x0004e03500000007
(lldb) po 0x00000001003340f0 //元类的isa是NSObject
NSObject
//我们查看NSObject的内存地址,和从元类得到的NSObject不一样
(lldb) p/x NSObject.class 
(Class) $22 = 0x0000000100334140 NSObject
//但是NSObject的元类地址和从LGPerson元类得到的元类地址相同都为0x00000001003340f0
(lldb) x/4gx NSObject.class 
0x100334140: 0x00000001003340f0 0x0000000000000000
0x100334150: 0x00000001007426c0 0x0001801000000003
//查看NSObject类的isa,就是NSObject的元类
lldb) p/x 0x00000001003340f0 & 0x00007ffffffffff8ULL
(unsigned long long) $3 = 0x00000001003340f0
(lldb) po 0x00000001003340f0
NSObject
//NSObject的元类的内存分布,可以看出NSObject的元类的元类是自己
(lldb) x/4gx 0x00000001003340f0
0x1003340f0: 0x00000001003340f0 0x0000000100334140
0x100334100: 0x000000010066eef0 0x0005e03100000007

类对象只有一份,isa对象-> 类(LGPerson)->元类(LGPerson)->根元类(NSObject)->根元类(NSObject)

isa& 0x00007ffffffffff8ULL的意义

为什么 对象的isa 需要进行与运算 ,下面我们通过一个图介绍一下


image.png

我们用x86_64说明,我们可以看出isa中包含nonpointer has_assoc has_cxx_dtor等等,我们需要查看类信息为shiftcls,所以我们要消除其他信息对我们读取shiftcls的影响。所以我们要把shiftcls之外的信息置为0。我们查看0x00007ffffffffff8ULL的二进制就是shiftcls所在位都为1,其他的位位0.

验证类对象只有一份

void lgTestClassNum(){
    Class class1 = [LGPerson class];
    Class class2 = [LGPerson alloc].class;
    Class class3 = object_getClass([LGPerson alloc]);
    Class class4 = [LGPerson alloc].class;
    NSLog(@"\n%p-\n%p-\n%p-\n%p",class1,class2,class3,class4);
}
打印结果
0x100003270-
0x100003270-
0x100003270-
0x100003270

验证根元类的元类是自己

void lgTestNSObject(){
    // NSObject实例对象
    NSObject *object1 = [NSObject alloc];
    // NSObject类
    Class class = object_getClass(object1);
    // NSObject元类
    Class metaClass = object_getClass(class);
    // NSObject根元类
    Class rootMetaClass = object_getClass(metaClass);
    // NSObject根根元类
    Class rootRootMetaClass = object_getClass(rootMetaClass);
    NSLog(@"\n%p 实例对象\n%p 类\n%p 元类\n%p 根元类\n%p 根根元类",object1,class,metaClass,rootMetaClass,rootRootMetaClass);
}
0x100626600 实例对象
0x7fff9704e118 类
0x7fff9704e0f0 元类
0x7fff9704e0f0 根元类
0x7fff9704e0f0 根根元类

可以看出NSObject的元类和根元类根根元类都是相同的,都是NSObject的元类

面试题

LGTeacher继承自LGPerson,那LGTeacher的对象teacher和LGPerson的对象person什么关系。
teacher和person没有关系,继承关系只发生在类之间,对象之间没有继承关系。
NSObject的父类是什么?NSObject的父类是nil。
OC提出类概念才有NSObject,所以NSObject没有父类,NSObject是从类概念提出的时候造出来的(个人理解,如果不对欢迎指正)


isa流程图.png

类的内存分布

struct objc_object {
    Class _Nonnull isa  OBJC_ISA_AVAILABILITY;
};
//objc_class继承于objc_object ,因为objc_object有isa,所有类也是对象
struct objc_class : objc_object {
    // Class ISA;
    Class superclass;
    cache_t cache;             // formerly cache pointer and vtable
    class_data_bits_t bits;    // class_rw_t * plus custom rr/alloc flags

    class_rw_t *data() const {
        return bits.data();
    }
    void setData(class_rw_t *newData) {
        bits.setData(newData);
    }
....
}

打印类的内存信息
因为 typedef struct objc_class *Class; 所以类的内存可以从objc_class来探索

(lldb) x/4gx LGPerson.class
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010074f4f0 0x0001801c00000003
//0x0000000100002188来源于objc_object,isa,为元类
//0x0000000100334140从objc_class结构体看出,为superclass
(lldb) po 0x0000000100002188
LGPerson
(lldb) po 0x0000000100334140
NSObject
//上面的0x0000000100334140为NSObject类,不是元类
(lldb) p/x NSObject.class (Class) $3 = 0x0000000100334140 NSObject

objc_class的成员变量有isa(父类继承来的)(8字节),superclass(父类)(8字节),cache,bits,其中bits是我们需要的信息
计算cache所占内存

struct cache_t {
#if CACHE_MASK_STORAGE == CACHE_MASK_STORAGE_OUTLINED
    explicit_atomic<struct bucket_t *> _buckets;//bucket_t *指针8字节
    explicit_atomic<mask_t> _mask;//mask_t是int型4字节
...
    uint16_t _flags;//2字节
#endif
    uint16_t _occupied;//2字节
}共16字节

查看类内部信息

(lldb) x/4gx LGPerson.class
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010074f4f0 0x0001801c00000003
//cache_t16字节isa和superclass各8字节
(lldb) p (class_data_bits_t *)0x1000021d0   //0x1000021b0加32字节
(class_data_bits_t *) $5 = 0x00000001000021d0
    class_rw_t *data() const {
        return bits.data();
    }
(lldb) p $5->data()
(class_rw_t *) $6 = 0x000000010074f490
(lldb) p *$6
(class_rw_t) $7 = {
  flags = 2148007936
  witness = 1
  ro_or_rw_ext = {
    std::__1::atomic<unsigned long> = 4294975624
  }
  firstSubclass = nil
  nextSiblingClass = NSUUID
}
 (lldb) p $7.ro_or_rw_ext
(explicit_atomic<unsigned long>) $8 = {
  std::__1::atomic<unsigned long> = 4294975624
}

(lldb) p $7.properties()
(const property_array_t) $9 = {
  list_array_tt<property_t, property_list_t> = {
     = {
      list = 0x0000000100002148
      arrayAndFlag = 4294975816
    }
  }
}
(lldb) p $9.list
(property_list_t *const) $10 = 0x0000000100002148
(lldb) p $10
(property_list_t *const) $10 = 0x0000000100002148
(lldb) p *$10
(property_list_t) $11 = {
  entsize_list_tt<property_t, property_list_t, 0> = {
    entsizeAndFlags = 16
    count = 1
    first = (name = "name", attributes = "T@\"NSString\",C,N,V_name")
  }
}
(lldb) p $7.methods()
(const method_array_t) $12 = {
  list_array_tt<method_t, method_list_t> = {
     = {
      list = 0x00000001000020d0
      arrayAndFlag = 4294975696
    }
  }
}
(lldb) p $12.list
(method_list_t *const) $13 = 0x00000001000020d0
(lldb) p *$13
(method_list_t) $14 = {
  entsize_list_tt<method_t, method_list_t, 3> = {
    entsizeAndFlags = 26
    count = 3
    first = {
      name = ".cxx_destruct"
      types = 0x0000000100000fa2 "v16@0:8"
      imp = 0x0000000100000e50 (KCObjc`-[LGPerson .cxx_destruct])
    }
  }
}
(lldb) p $14.get(0)
(method_t) $15 = {
  name = ".cxx_destruct"
  types = 0x0000000100000fa2 "v16@0:8"
  imp = 0x0000000100000e50 (KCObjc`-[LGPerson .cxx_destruct])
}
(lldb) p $14.get(1)
(method_t) $16 = {
  name = "name"
  types = 0x0000000100000f8f "@16@0:8"
  imp = 0x0000000100000df0 (KCObjc`-[LGPerson name])
}
(lldb) p $14.get(2)
(method_t) $17 = {
  name = "setName:"
  types = 0x0000000100000f97 "v24@0:8@16"
  imp = 0x0000000100000e20 (KCObjc`-[LGPerson setName:])
}

如果是指针通过->访问属性方法,如果是结构体通过.访问属性或者方法

上面的lldb,到底是通过什么取值的呢?

image.png
0x1000021b0为LGPerson.class的首地址,从objc_class结构体可以看出,objc_class继承objc_object,objc_object有一个成员isa,isa为指针占8字节,而objc_class中 Class superclass; cache_t cache; class_data_bits_t bits;等等,我们需要探究的是class_data_bits_t bits,我们知道Class superclass为8字节,cache_t cache中,因为static不在结构体中分配内存,方法也不在结构体中分配内存,所以计算出cache_t占16字节。class_data_bits_t bits,之前是32字节,所以我们用LGPerson.class的首地址加上32字节,就是class_data_bits_t的首地址。
所以有p (class_data_bits_t *)0x1000021d0

补充内存位移

   int number[] = {1,2,3,4};
        int *d = number;
        for (int i = 0; i< 4; i++) {
            int value = *(d + i);
            NSLog(@"--%d",value);
        }

打印结果
 --1
--2
 --3
--4

我们定义一个指针d,d的首地址等于number,通过指针移动来访问number数组。

上一篇 下一篇

猜你喜欢

热点阅读