iphone11 ios14.4.2
libobjc.A.dylib`objc_msgSend:
0x1be9120e0 <+0>: cmp x0, #0x0 ; =0x0
0x1be9120e4 <+4>: b.le 0x1be9121a4 ; <+196> //小于等于0,可能保持 NSTaggedPointer
0x1be9120e8 <+8>: ldr x13, [x0] // 获取isa 指针
0x1be9120ec <+12>: and x16, x13, #0x7ffffffffffff8 // 对齐内存
0x1be9120f0 <+16>: xpacd x16 //pac 验证pointer
0x1be9120f4 <+20>: mov x15, x16
0x1be9120f8 <+24>: ldr x11, [x16, #0x10] // 获取isa 指针
0x1be9120fc <+28>: tbnz w11, #0x0, 0x1be912158 ; <+120> // 最低为1时,是否时索引 ISA_INDEX_BITS
0x1be912100 <+32>: and x10, x11, #0xffffffffffff
0x1be912104 <+36>: eor x12, x1, x1, lsr #7
0x1be912108 <+40>: and x12, x12, x11, lsr #48
0x1be91210c <+44>: add x13, x10, x12, lsl #4
-> 0x1be912110 <+48>: ldp x17, x9, [x13], #-0x10
0x1be912114 <+52>: cmp x9, x1
0x1be912118 <+56>: b.ne 0x1be912128 ; <+72>
0x1be91211c <+60>: eor x10, x10, x1
0x1be912120 <+64>: eor x10, x10, x16
0x1be912124 <+68>: brab x17, x10 // 缓冲命中,执行imp
0x1be912128 <+72>: cbz x9, 0x1be9124e0 ; _objc_msgSend_uncached // 缓存中没有,查找,且找到sel 为空的也不找了。重新定位代码。
0x1be91212c <+76>: cmp x13, x10
0x1be912130 <+80>: b.hs 0x1be912110 ; <+48> // 朝缓存低地址方向找
0x1be912134 <+84>: add x13, x10, x11, lsr #44 // 从缓冲区尾部,找到最新开始找的地方
0x1be912138 <+88>: add x12, x10, x12, lsl #4
0x1be91213c <+92>: ldp x17, x9, [x13], #-0x10
0x1be912140 <+96>: cmp x9, x1
0x1be912144 <+100>: b.eq 0x1be91211c ; <+60> // 比较缓冲区,开始查找地址后的slot
0x1be912148 <+104>: cmp x9, #0x0 ; =0x0
0x1be91214c <+108>: ccmp x13, x12, #0x0, ne
0x1be912150 <+112>: b.hi 0x1be91213c ; <+92>
0x1be912154 <+116>: b 0x1be9124e0 ; _objc_msgSend_uncached // 缓存中没有,查找
0x1be912158 <+120>: and x10, x11, #0x7ffffffffffffe // 考索引获取类的 isa
0x1be91215c <+124>: autdb x10, x16
0x1be912160 <+128>: adrp x9, 235814
0x1be912164 <+132>: add x9, x9, #0x4fa ; =0x4fa
0x1be912168 <+136>: sub x12, x1, x9
0x1be91216c <+140>: lsr x17, x11, #55
0x1be912170 <+144>: lsr w9, w12, w17
0x1be912174 <+148>: lsr x17, x11, #60
0x1be912178 <+152>: mov x11, #0x7fff
0x1be91217c <+156>: lsr x11, x11, x17
0x1be912180 <+160>: and x9, x9, x11
0x1be912184 <+164>: ldr x17, [x10, x9, lsl #3]
0x1be912188 <+168>: cmp x12, w17, uxtw // 比较 sel
0x1be91218c <+172>: b.ne 0x1be912198 ; <+184>
0x1be912190 <+176>: sub x17, x16, x17, lsr #32
0x1be912194 <+180>: br x17 // 执行 索引类 中的imp
0x1be912198 <+184>: ldursw x9, [x10, #-0x8]
0x1be91219c <+188>: add x16, x16, x9
0x1be9121a0 <+192>: b 0x1be9120f8 ; <+24>
0x1be9121a4 <+196>: b.eq 0x1be9121c8 ; <+232> // 为空则可以返回,否则是 NSTaggedPointer 类
0x1be9121a8 <+200>: and x10, x0, #0x7
0x1be9121ac <+204>: asr x11, x0, #55
0x1be9121b0 <+208>: cmp x10, #0x7 ; =0x7
0x1be9121b4 <+212>: csel x12, x11, x10, eq
0x1be9121b8 <+216>: adrp x10, 319021
0x1be9121bc <+220>: add x10, x10, #0x820 ; =0x820
0x1be9121c0 <+224>: ldr x16, [x10, x12, lsl #3]
0x1be9121c4 <+228>: b 0x1be9120f4 ; <+20> // 找到NSTaggedPointer 的isa ,返回继续查找缓存,
0x1be9121c8 <+232>: mov x1, #0x0 // 为空时返回
0x1be9121cc <+236>: movi d0, #0000000000000000
0x1be9121d0 <+240>: movi d1, #0000000000000000
0x1be9121d4 <+244>: movi d2, #0000000000000000
0x1be9121d8 <+248>: movi d3, #0000000000000000
0x1be9121dc <+252>: ret
有三种方式查找原始isa,平常类,NSTaggedPointer,通过索引方式查找。先查找缓冲区,比较sel,没查找到,查类相关信息,或者resolve,转发等等。