類結構分析
通過lldb來分析類結構
LGPerson *objc2 = [LGPerson alloc];
查看objc2的內存情況
(lldb) x/4gx objc2 //查看objc2的內存情況
0x1006477b0: 0x001d8001000021b5 0x0000000100001010
0x1006477c0: 0x50626154534e5b2d 0x65695672656b6369
(lldb) p/x objc2 //查看objc2的首地址
(LGPerson *) $14 = 0x00000001006477b0
//通過mask ,查看所屬的類
(lldb) p/x 0x001d8001000021b5 & 0x00007ffffffffff8ULL
(unsigned long long) $15 = 0x00000001000021b0
(lldb) po 0x00000001000021b0
LGPerson
(lldb) x/4gx 0x00000001000021b0 //查看LGPerson類的內存分布
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010064c2f0 0x0004801c00000007
(lldb) x/4gx LGPerson.class //直接讀取LGPerson類的內存分布,和上面相同
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010064c2f0 0x0004801c00000007
(lldb) x/4gx object_getClass(objc2) 和上面兩個相同
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010064c2f0 0x0004801c00000007
(lldb) po 0x0000000100002188 //查看類對象的isa 就是元類
LGPerson
//查看類對象的isa 就是元類 。元類 對象的isa是類,類的isa是元類
(lldb) po 0x0000000100002188 & 0x00007ffffffffff8ULL
LGPerson
(lldb) x/4gx 0x0000000100002188 //查看元類的內存分布
0x100002188: 0x00000001003340f0 0x00000001003340f0
0x100002198: 0x000000010064c730 0x0004e03500000007
(lldb) po 0x00000001003340f0 //元類的isa是NSObject
NSObject
//我們查看NSObject的內存地址,和從元類得到的NSObject不一樣
(lldb) p/x NSObject.class
(Class) $22 = 0x0000000100334140 NSObject
//但是NSObject的元類地址和從LGPerson元類得到的元類地址相同都為0x00000001003340f0
(lldb) x/4gx NSObject.class
0x100334140: 0x00000001003340f0 0x0000000000000000
0x100334150: 0x00000001007426c0 0x0001801000000003
//查看NSObject類的isa,就是NSObject的元類
lldb) p/x 0x00000001003340f0 & 0x00007ffffffffff8ULL
(unsigned long long) $3 = 0x00000001003340f0
(lldb) po 0x00000001003340f0
NSObject
//NSObject的元類的內存分布,可以看出NSObject的元類的元類是自己
(lldb) x/4gx 0x00000001003340f0
0x1003340f0: 0x00000001003340f0 0x0000000100334140
0x100334100: 0x000000010066eef0 0x0005e03100000007
類對象只有一份,isa對象-> 類(LGPerson)->元類(LGPerson)->根元類(NSObject)->根元類(NSObject)
isa& 0x00007ffffffffff8ULL的意義
為什么 對象的isa 需要進行與運算 ,下面我們通過一個圖介紹一下
image.png
我們用x86_64說明,我們可以看出isa中包含nonpointer has_assoc has_cxx_dtor等等,我們需要查看類信息為shiftcls,所以我們要消除其他信息對我們讀取shiftcls的影響。所以我們要把shiftcls之外的信息置為0。我們查看0x00007ffffffffff8ULL的二進制就是shiftcls所在位都為1,其他的位位0.
驗證類對象只有一份
void lgTestClassNum(){
Class class1 = [LGPerson class];
Class class2 = [LGPerson alloc].class;
Class class3 = object_getClass([LGPerson alloc]);
Class class4 = [LGPerson alloc].class;
NSLog(@"\n%p-\n%p-\n%p-\n%p",class1,class2,class3,class4);
}
打印結果
0x100003270-
0x100003270-
0x100003270-
0x100003270
驗證根元類的元類是自己
void lgTestNSObject(){
// NSObject實例對象
NSObject *object1 = [NSObject alloc];
// NSObject類
Class class = object_getClass(object1);
// NSObject元類
Class metaClass = object_getClass(class);
// NSObject根元類
Class rootMetaClass = object_getClass(metaClass);
// NSObject根根元類
Class rootRootMetaClass = object_getClass(rootMetaClass);
NSLog(@"\n%p 實例對象\n%p 類\n%p 元類\n%p 根元類\n%p 根根元類",object1,class,metaClass,rootMetaClass,rootRootMetaClass);
}
0x100626600 實例對象
0x7fff9704e118 類
0x7fff9704e0f0 元類
0x7fff9704e0f0 根元類
0x7fff9704e0f0 根根元類
可以看出NSObject的元類和根元類根根元類都是相同的,都是NSObject的元類
面試題
LGTeacher繼承自LGPerson,那LGTeacher的對象teacher和LGPerson的對象person什么關系。
teacher和person沒有關系,繼承關系只發生在類之間,對象之間沒有繼承關系。
NSObject的父類是什么?NSObject的父類是nil。
OC提出類概念才有NSObject,所以NSObject沒有父類,NSObject是從類概念提出的時候造出來的(個人理解,如果不對歡迎指正)
isa流程圖.png
類的內存分布
struct objc_object {
Class _Nonnull isa OBJC_ISA_AVAILABILITY;
};
//objc_class繼承于objc_object ,因為objc_object有isa,所有類也是對象
struct objc_class : objc_object {
// Class ISA;
Class superclass;
cache_t cache; // formerly cache pointer and vtable
class_data_bits_t bits; // class_rw_t * plus custom rr/alloc flags
class_rw_t *data() const {
return bits.data();
}
void setData(class_rw_t *newData) {
bits.setData(newData);
}
....
}
打印類的內存信息
因為 typedef struct objc_class *Class; 所以類的內存可以從objc_class來探索
(lldb) x/4gx LGPerson.class
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010074f4f0 0x0001801c00000003
//0x0000000100002188來源于objc_object,isa,為元類
//0x0000000100334140從objc_class結構體看出,為superclass
(lldb) po 0x0000000100002188
LGPerson
(lldb) po 0x0000000100334140
NSObject
//上面的0x0000000100334140為NSObject類,不是元類
(lldb) p/x NSObject.class (Class) $3 = 0x0000000100334140 NSObject
objc_class的成員變量有isa(父類繼承來的)(8字節),superclass(父類)(8字節),cache,bits,其中bits是我們需要的信息
計算cache所占內存
struct cache_t {
#if CACHE_MASK_STORAGE == CACHE_MASK_STORAGE_OUTLINED
explicit_atomic<struct bucket_t *> _buckets;//bucket_t *指針8字節
explicit_atomic<mask_t> _mask;//mask_t是int型4字節
...
uint16_t _flags;//2字節
#endif
uint16_t _occupied;//2字節
}共16字節
查看類內部信息
(lldb) x/4gx LGPerson.class
0x1000021b0: 0x0000000100002188 0x0000000100334140
0x1000021c0: 0x000000010074f4f0 0x0001801c00000003
//cache_t16字節isa和superclass各8字節
(lldb) p (class_data_bits_t *)0x1000021d0 //0x1000021b0加32字節
(class_data_bits_t *) $5 = 0x00000001000021d0
class_rw_t *data() const {
return bits.data();
}
(lldb) p $5->data()
(class_rw_t *) $6 = 0x000000010074f490
(lldb) p *$6
(class_rw_t) $7 = {
flags = 2148007936
witness = 1
ro_or_rw_ext = {
std::__1::atomic<unsigned long> = 4294975624
}
firstSubclass = nil
nextSiblingClass = NSUUID
}
(lldb) p $7.ro_or_rw_ext
(explicit_atomic<unsigned long>) $8 = {
std::__1::atomic<unsigned long> = 4294975624
}
(lldb) p $7.properties()
(const property_array_t) $9 = {
list_array_tt<property_t, property_list_t> = {
= {
list = 0x0000000100002148
arrayAndFlag = 4294975816
}
}
}
(lldb) p $9.list
(property_list_t *const) $10 = 0x0000000100002148
(lldb) p $10
(property_list_t *const) $10 = 0x0000000100002148
(lldb) p *$10
(property_list_t) $11 = {
entsize_list_tt<property_t, property_list_t, 0> = {
entsizeAndFlags = 16
count = 1
first = (name = "name", attributes = "T@\"NSString\",C,N,V_name")
}
}
(lldb) p $7.methods()
(const method_array_t) $12 = {
list_array_tt<method_t, method_list_t> = {
= {
list = 0x00000001000020d0
arrayAndFlag = 4294975696
}
}
}
(lldb) p $12.list
(method_list_t *const) $13 = 0x00000001000020d0
(lldb) p *$13
(method_list_t) $14 = {
entsize_list_tt<method_t, method_list_t, 3> = {
entsizeAndFlags = 26
count = 3
first = {
name = ".cxx_destruct"
types = 0x0000000100000fa2 "v16@0:8"
imp = 0x0000000100000e50 (KCObjc`-[LGPerson .cxx_destruct])
}
}
}
(lldb) p $14.get(0)
(method_t) $15 = {
name = ".cxx_destruct"
types = 0x0000000100000fa2 "v16@0:8"
imp = 0x0000000100000e50 (KCObjc`-[LGPerson .cxx_destruct])
}
(lldb) p $14.get(1)
(method_t) $16 = {
name = "name"
types = 0x0000000100000f8f "@16@0:8"
imp = 0x0000000100000df0 (KCObjc`-[LGPerson name])
}
(lldb) p $14.get(2)
(method_t) $17 = {
name = "setName:"
types = 0x0000000100000f97 "v24@0:8@16"
imp = 0x0000000100000e20 (KCObjc`-[LGPerson setName:])
}
如果是指針通過->訪問屬性方法,如果是結構體通過.訪問屬性或者方法
上面的lldb,到底是通過什么取值的呢?
image.png
0x1000021b0為LGPerson.class的首地址,從objc_class結構體可以看出,objc_class繼承objc_object,objc_object有一個成員isa,isa為指針占8字節,而objc_class中 Class superclass; cache_t cache; class_data_bits_t bits;等等,我們需要探究的是class_data_bits_t bits,我們知道Class superclass為8字節,cache_t cache中,因為static不在結構體中分配內存,方法也不在結構體中分配內存,所以計算出cache_t占16字節。class_data_bits_t bits,之前是32字節,所以我們用LGPerson.class的首地址加上32字節,就是class_data_bits_t的首地址。
所以有p (class_data_bits_t *)0x1000021d0
補充內存位移
int number[] = {1,2,3,4};
int *d = number;
for (int i = 0; i< 4; i++) {
int value = *(d + i);
NSLog(@"--%d",value);
}
打印結果
--1
--2
--3
--4
我們定義一個指針d,d的首地址等于number,通過指針移動來訪問number數組。
