preface
We learned about objc_msgsend’s quick lookup process. Fetch buckets-> buckets-> buckets-> buckets-> buckets-> buckets-> buckets-> buckets-> buckets-> buckets-> buckets-> buckets-> buckets-> buckets-> buckets Cachehit -> unequal Check if it is 0-> 0 missLabeldaynamic-> Not 0 loop complete -> Forward traversal still not found missLabeldaynamic So let’s start exploring that.
The preparatory work
- Objc4-818.2 – the source code
objc_msgSend_uncached
_objc_msgSend, __objc_msgSend_uncached. Macro CacheLookup Mode, Function, MissLabelDynamic, MissLabelConstant. Full text search objc_msgSend_uncached
TailCallFunctionPointer
$0 = p17
But the method implementation does not operate on imp code, guessMethodTableLookup
It operates on imp and assigns it to P17
MethodTableLookup
-
Bl: B: jump L: link register before jump to _lookUpImpOrForward
-
The address of the next instruction is saved in the LR register, that is, the instruction address of (mov x17, x0) is saved in the BR
-
When _lookUpImpOrForwar is finished, the address in the BR register is executed