不多BB,先上图。
在之前的篇章中, 我们已经了解到了调用对象方法的底层其实是调用了objc_msgSend函数,然后我们分析了objc_msgSend的整个流程,清楚在CacheLookup中,当缓存命中之后,会直接调用对应的IMP实现,如果未命中,会执行 __objc_msgSend_uncached 进行慢速转发流程。并分析了lookUpImpOrForward中,如何使用二分法查找方法。一切都是在基于查找成功,并没有分析未找到方法时,是如何处理的呢?
@interface LGPerson : NSObject{
NSString *hobby;
}
@property (nonatomic, copy) NSString *name;
@property (nonatomic) int age;
// 方法 - + OC C/C++ 函数
// 元类
- (void)saySomething; //只有声明并没有实现
+ (void)sayNB;
@end
复制代码
当调用调用[p saySomething],返回会无法找到,程序会奔溃并输出 unrecognized selector sent to instance 0x101047030,为什么会输出这些内容?
方法动态决议流程
上图已经将整个方法objc_msgSend中的代码流程整理出来了,当使用递归查找方法之后,如果没有找到对应的IMP,会执行方法决议。
if (slowpath(behavior & LOOKUP_RESOLVER)) {
behavior ^= LOOKUP_RESOLVER;
return resolveMethod_locked(inst, sel, cls, behavior);
}
复制代码在resolveMethod_locked中会判断当前cls是否为元类, 如果不为元类,执行resolveInstanceMethod。
static NEVER_INLINE IMP
resolveMethod_locked(id inst, SEL sel, Class cls, int behavior)
{
runtimeLock.assertLocked();
ASSERT(cls->isRealized());
runtimeLock.unlock();
if (! cls->isMetaClass()) {
// try [cls resolveInstanceMethod:sel]
resolveInstanceMethod(inst, sel, cls);
}
else {
// try [nonMetaClass resolveClassMethod:sel]
// and [cls resolveInstanceMethod:sel]
resolveClassMethod(inst, sel, cls);
if (!lookUpImpOrNilTryCache(inst, sel, cls)) {
resolveInstanceMethod(inst, sel, cls);
}
}
// chances are that calling the resolver have populated the cache
// so attempt using it
return lookUpImpOrForwardTryCache(inst, sel, cls, behavior);
}
复制代码static void resolveInstanceMethod(id inst, SEL sel, Class cls)
{
runtimeLock.assertUnlocked();
ASSERT(cls->isRealized());
SEL resolve_sel = @selector(resolveInstanceMethod:);
if (!lookUpImpOrNilTryCache(cls, resolve_sel, cls->ISA(/*authenticated*/true))) {
// Resolver not implemented.
return;
}
BOOL (*msg)(Class, SEL, SEL) = (typeof(msg))objc_msgSend;
bool resolved = msg(cls, resolve_sel, sel);
// Cache the result (good or bad) so the resolver doesn't fire next time.
// +resolveInstanceMethod adds to self a.k.a. cls
IMP imp = lookUpImpOrNilTryCache(inst, sel, cls);
if (resolved && PrintResolving) {
if (imp) {
_objc_inform("RESOLVE: method %c[%s %s] "
"dynamically resolved to %p",
cls->isMetaClass() ? '+' : '-',
cls->nameForLogging(), sel_getName(sel), imp);
}
else {
// Method resolver didn't add anything?
_objc_inform("RESOLVE: +[%s resolveInstanceMethod:%s] returned YES"
", but no new implementation of %c[%s %s] was found",
cls->nameForLogging(), sel_getName(sel),
cls->isMetaClass() ? '+' : '-',
cls->nameForLogging(), sel_getName(sel));
}
}
}
复制代码在resolveInstanceMethod会先判断cls的元类(cls->ISA 获取元类)是否实现resolveInstanceMethod,在 _lookUpImpTryCache内部判断IMP imp = cache_getImp(cls, sel)缓存中是否有对应的缓存,如果没有就去调用 lookUpImpOrForward去递归慢速查找resolveInstanceMethod是否实现(查找resolveInstanceMethod方法的逻辑与查找当前[p saySomething]一致,可想而知,如果某个class实现过resolveInstanceMethod,并且之前有调用过,下次再调用就可以从缓存中找到),如果自定义的class并有没有实现,其实系统的NSObject已经默认实现了,所以一定存在。
判断完resolveInstanceMethod是否实现之后,会直接通过objc_msgSend调用对应的实现。
BOOL (*msg)(Class, SEL, SEL) = (typeof(msg))objc_msgSend;
bool resolved = msg(cls, resolve_sel, sel);
复制代码接着会再次去缓存中查找 [p saySomething] 方法。
IMP imp = lookUpImpOrNilTryCache(inst, sel, cls);
IMP lookUpImpOrNilTryCache(id inst, SEL sel, Class cls, int behavior)
{
return _lookUpImpTryCache(inst, sel, cls, behavior | LOOKUP_NIL);
}
复制代码然后通查找resolveInstanceMethod一样,去再次查找 [p saySomething],但是此时的behavior | LOOKUP_NIL发生了改变,如果此时缓存中存在IMP 直接返回, 如果没有lookUpImpOrForward去递归慢速查找resolveInstanceMethod是否实现。由于此时的behavior发生了改变,当最后未找到方法后,并不会再次执行方法决议。
if (slowpath(behavior & LOOKUP_RESOLVER)) {
behavior ^= LOOKUP_RESOLVER;
return resolveMethod_locked(inst, sel, cls, behavior);
}
复制代码而是将imp指向了 forward_imp
const IMP forward_imp = (IMP)_objc_msgForward_impcache;
并在 log_and_fill_cache(cls, imp, sel, inst, curClass)中插入到cache中,然后返回到resolveMethod_locked(因为是递归调用,然后先入后出,层级返回),执行lookUpImpOrForwardTryCache(inst, sel, cls, behavior)
IMP lookUpImpOrForwardTryCache(id inst, SEL sel, Class cls, int behavior)
{
return _lookUpImpTryCache(inst, sel, cls, behavior);
}
复制代码这个方法中调用了 _lookUpImpTryCache,但是此时通过sel是可以换取到IMP了, 因为在此之前log_and_fill_cache(cls, imp, sel, inst, curClass)已经将 _objc_msgForward_impcache插入到了cache,然后直接递归返回IMP(_objc_msgForward_impcache)。最后方法未找到会返回 _objc_msgForward_impcache,然后执行 _objc_msgForward_impcache。
_objc_msgForward_impcache是什么?
在汇编中找到对应的实现,内部直接调转到了 __objc_msgForward,然后 __objc_msgForward中将 __objc_forward_handler赋值给了p17,然后调用x17(TailCallFunctionPointer x17)
__objc_forward_handler
#if !__OBJC2__
// Default forward handler (nil) goes to forward:: dispatch.
void *_objc_forward_handler = nil;
void *_objc_forward_stret_handler = nil;
#else
// Default forward handler halts the process.
__attribute__((noreturn, cold)) void
objc_defaultForwardHandler(id self, SEL sel)
{
_objc_fatal("%c[%s %s]: unrecognized selector sent to instance %p "
"(no message forward handler is installed)",
class_isMetaClass(object_getClass(self)) ? '+' : '-',
object_getClassName(self), sel_getName(sel), self);
}
void *_objc_forward_handler = (void*)objc_defaultForwardHandler;
复制代码最后找到了如何打印输出unrecognized select的罪魁祸首。
重写resolveInstanceMethod动态修改,保证程序继续运行。
- (void)sayNothing {
// NSLog(@"%s",__func__);
}
+ (BOOL)resolveInstanceMethod:(SEL)sel {
NSLog(@"%s",__func__);
IMP sayNothing = class_getMethodImplementation(self, @selector(sayNothing));
Method method = class_getInstanceMethod(self, @selector(sayNothing));
const char* type = method_getTypeEncoding(method);
return class_addMethod(self, sel, sayNothing, type);
return [super resolveInstanceMethod:sel];
}
复制代码通过重写resolveInstanceMethod方法,动态的给没有实现的sel添加一个imp,从而达到不崩溃的目的。
提出问题:运行代码会发现resolveInstanceMethod里的打印会打印两次?(请看后续分析)
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
