一、isa的初始化
首先从源码中找到类Class的定义和结构
typedef struct objc_class *Class;
继续找objc_class
struct objc_class : objc_object {
// Class ISA;
Class superclass;
cache_t cache;
class_data_bits_t bits;
继续找objc_object
struct objc_object {
private:
isa_t isa;
public:
// ISA() assumes this is NOT a tagged pointer object
Class ISA();
// getIsa() allows this to be a tagged pointer object
Class getIsa();
会发现isa的类型是isa_t,
isa_t源码,如下:
union isa_t {
isa_t() { }
isa_t(uintptr_t value) : bits(value) { }
Class cls;
uintptr_t bits;
#if defined(ISA_BITFIELD)
struct {
ISA_BITFIELD; // defined in isa.h
};
#endif
};
// ISA_BITFIELD在arm64架构下的内容
# define ISA_BITFIELD \
uintptr_t nonpointer : 1; \
uintptr_t has_assoc : 1; \
uintptr_t has_cxx_dtor : 1; \
uintptr_t shiftcls : 33; /*MACH_VM_MAX_ADDRESS 0x1000000000*/ \
uintptr_t magic : 6; \
uintptr_t weakly_referenced : 1; \
uintptr_t deallocating : 1; \
uintptr_t has_sidetable_rc : 1; \
uintptr_t extra_rc : 19
// ISA_BITFIELD在x86_64架构下的内容
# define ISA_BITFIELD \
uintptr_t nonpointer : 1; \
uintptr_t has_assoc : 1; \
uintptr_t has_cxx_dtor : 1; \
uintptr_t shiftcls : 44; /*MACH_VM_MAX_ADDRESS 0x7fffffe00000*/ \
uintptr_t magic : 6; \
uintptr_t weakly_referenced : 1; \
uintptr_t deallocating : 1; \
uintptr_t has_sidetable_rc : 1; \
uintptr_t extra_rc : 8
只考虑在arm64架构情况下,删除多余部分,isa_t定义如下
union isa_t {
Class cls;
uintptr_t bits;
struct {
uintptr_t nonpointer : 1; \
uintptr_t has_assoc : 1; \
uintptr_t has_cxx_dtor : 1; \
uintptr_t shiftcls : 33; /*MACH_VM_MAX_ADDRESS 0x1000000000*/ \
uintptr_t magic : 6; \
uintptr_t weakly_referenced : 1; \
uintptr_t deallocating : 1; \
uintptr_t has_sidetable_rc : 1; \
uintptr_t extra_rc : 19
};
};
不难看出,isa_t的类型是联合体
nonpointer
表示是否对isa指针开启指针优化 0:纯isa指针,1:不止是类对象,isa中包含了类信息、对象的引用计数等
has_assoc
关联对象标志位,0没有,1存在
has_cxx_dtor
该对象是否有c++或者Objc的析构器,如果有析构函数,则需要做析构逻辑,如果没有,则可以更快的释放对象
shiftcls
存储类指针的值,开启指针优化的情况下
magic
用于调试器判断当前对象是真的对象还是没有初始化的空间
weakly_referenced
指对象是否被指向或者曾经指向一个ARC的弱变量,没有弱引用的对象可以更快释放
deallocating
标志对象是否正在释放内存
has_sidetable_rc
当对象引用计数大于10时,则需要借用该变量存储进位
extra_rc
表示该对象的引用计数值,实际上是引用计数值减1
核心代码如下
inline void
objc_object::initIsa(Class cls, bool nonpointer, bool hasCxxDtor)
{
assert(!isTaggedPointer());
if (!nonpointer) {
isa.cls = cls;
} else {
assert(!DisableNonpointerIsa);
assert(!cls->instancesRequireRawIsa());
isa_t newisa(0);
#if SUPPORT_INDEXED_ISA
assert(cls->classArrayIndex() > 0);
newisa.bits = ISA_INDEX_MAGIC_VALUE;
// isa.magic is part of ISA_MAGIC_VALUE
// isa.nonpointer is part of ISA_MAGIC_VALUE
newisa.has_cxx_dtor = hasCxxDtor;
newisa.indexcls = (uintptr_t)cls->classArrayIndex();
#else
newisa.bits = ISA_MAGIC_VALUE;
// isa.magic is part of ISA_MAGIC_VALUE
// isa.nonpointer is part of ISA_MAGIC_VALUE
newisa.has_cxx_dtor = hasCxxDtor;
newisa.shiftcls = (uintptr_t)cls >> 3;
#endif
// This write must be performed in a single store in some cases
// (for example when realizing a class because other threads
// may simultaneously try to use the class).
// fixme use atomics here to guarantee single-store and to
// guarantee memory order w.r.t. the class index table
// ...but not too atomic because we don't want to hurt instantiation
isa = newisa;
}
}
二、isa指向分析
先上走位图
验证:
1.从实例对象开始
//检查类Model的对象obj的对象内存,格式化打印4个内存空间
(lldb) x/4gx obj
//地址:内容
0x10287aa20: 0x001d800100001131 0x0000000000000000
0x10287aa30: 0x6c746954534e5b2d 0x6d65685472616265
//查看首地址
(lldb) po 0x10287aa20
//通过 & ISA_MASK可以获得对象地址
(lldb) p/x 0x001d800100001131 & 0x00007ffffffffff8ULL
(unsigned long long) $2 = 0x0000000100001130
//查看$2
(lldb) po $2
Model
2.对象
//拿到上一步的对象继续
x/4gx $2
0x100001130: 0x0000000100001108 0x00007fff9976f118
0x100001140: 0x0000000102a00470 0x000680100000000f
//第一个位置便是isa 0x0000000100001108 找到元类对象
(lldb) p/x 0x0000000100001108 & 0x00007ffffffffff8ULL
(unsigned long long) $3 = 0x0000000100001108
(lldb) po $3
Model
//第二个位置是superClass
(lldb) po 0x00007fff9976f118
NSObject
3.元类对象
//拿到上一步的元类地址 检查内存
(lldb) x/4gx 0x0000000100001108
0x100001108: 0x00007fff9976f0f0 0x00007fff9976f0f0
0x100001118: 0x0000000102a0a370 0x0003e03100000007
//获取isa内容
(lldb) p/x 0x00007fff9976f0f0 & 0x00007ffffffffff8ULL
(unsigned long long) $4 = 0x00007fff9976f0f0
(lldb) po $4
NSObject
(lldb) po 0x00007fff9976f0f0
NSObject
4.根元类
//拿到上一步的根元类地址 检查内存
(lldb) x/4gx 0x00007fff9976f0f0
0x7fff9976f0f0: 0x00007fff9976f0f0 0x00007fff9976f118
0x7fff9976f100: 0x0000000102d00100 0x0004e03100000007
//获取isa内容
(lldb) p/x 0x00007fff9976f0f0 & 0x00007ffffffffff8ULL
(unsigned long long) $5 = 0x00007fff9976f0f0
(lldb) po $5
NSObject
(lldb) po 0x00007fff9976f118
NSObject