In iOS dynamic linking, _objc_init plays a very important role because _objc_init registers callback functions with dyld dynamic library. Follow the source code to see what _objc_init does
void _objc_init(void) {
static bool initialized = false;
if (initialized) return;
initialized = true;
// fixme defer initialization until an objc-using image is found?
#if __OBJC2__
_dyld_objc_notify_register(&map_images, load_images, unmap_image);
// map_images()
// load_images()
#if __OBJC2__
didCallDyldNotifyRegister = true;
Copy the code
The process is as follows: environ_init Reads and prints environment variables that affect the runtime. For example, configure OBJC_PRINT_LOAD_METHODS tls_init in Xcode. Thread local storage, because some variables are stored in the stack of threads. Thread key binding, thread destructor static_init runs the C++ static constructor. Before dyld calls our static constructor, if libobjc has its own constructor that needs to be prepared. I’m going to call it here, instead of waiting for dyld. Runtime_init Initialization of the runtime environment, Create two tables unattachedCategories & allocatedClasses Exception_INIT Initializes the exception handling system for the OBJC library cache_T ::init Cache condition initializes _imp_implementationWithBlock_init Starts the callback mechanism, usually nothing, because all the initialization is lazy, but for some processes, what happens when they load _dyLD_OBJC_notify_register with dyld
Void environ_init() {// omit... if (PrintHelp || PrintOptions) { if (PrintHelp) { _objc_inform("Objective-C runtime debugging. Set variable=YES to enable."); _objc_inform("OBJC_HELP: describe available environment variables"); if (PrintOptions) { _objc_inform("OBJC_HELP is set"); } _objc_inform("OBJC_PRINT_OPTIONS: list which options are set"); } if (PrintOptions) { _objc_inform("OBJC_PRINT_OPTIONS is set"); } for (size_t i = 0; i < sizeof(Settings)/sizeof(Settings[0]); i++) { const option_t *opt = &Settings[i]; if (PrintHelp) _objc_inform("%s: %s", opt->env, opt->help); if (PrintOptions && *opt->var) _objc_inform("%s is set", opt->env); }}}Copy the code
When we configure the environment variable in Xcode, we print the configuration here, as follows:
The load method will increase the startup time of the program, when you need to exhaust, directly configure the environment variables in Xcode print, can be directly queried
void tls_init(void) { #if SUPPORT_DIRECT_THREAD_KEYS pthread_key_init_np(TLS_DIRECT_KEY, &_objc_pthread_destroyspecific); #else // Thread key destructor _objc_pthread_key = tls_create(&_objc_pthread_destroyspecific); #endif }Copy the code
Run the C++ constructor,. Before dyld calls our static constructor, lib calls its own C++ constructor by calling _objc_init. In short, libobjc calls its own global C++ function before dyld calls its static constructor
static void static_init() { size_t count; auto inits = getLibobjcInitializers(&_mh_dylib_header, &count); for (size_t i = 0; i < count; i++) { inits[i](); } auto offsets = getLibobjcInitializerOffsets(&_mh_dylib_header, &count); for (size_t i = 0; i < count; i++) { UnsignedInitializer init(offsets[i]); init(); }}Copy the code
Allocated: Class table initialization & Class table initialization. Allocated means allocated
void runtime_init(void)
Copy the code
Initialize the exception handling system. When an exception occurs in the program, the user can obtain the exception information to call back and report it to the server or others
void exception_init(void)
old_terminate = std::set_terminate(&_objc_terminate);
Copy the code
Follow the source code and you will find the following callback processing
objc_setUncaughtExceptionHandler(objc_uncaught_exception_handler fn)
objc_uncaught_exception_handler result = uncaught_handler;
uncaught_handler = fn;
return result;
Copy the code
The corresponding OC code is treated as follows, which can be encapsulated in a class that can be called after the program is started:
+ (void)installUncaughtSignalExceptionHandler { // objc_setUncaughtExceptionHandler() NSSetUncaughtExceptionHandler(&exceptionHandlers); } void Exception (NSException * Exception) {NSLog(@"%s",__func__); int32_t exceptionCount = atomic_fetch_add_explicit(&LGUncaughtExceptionCount,1,memory_order_relaxed); if (exceptionCount > LGUncaughtExceptionMaximum) { return; } / / stack information - model programming thought NSArray * callStack = [LGUncaughtExceptionHandle lg_backtrace]; NSMutableDictionary *userInfo = [NSMutableDictionary dictionaryWithDictionary:[exception userInfo]]; [userInfo forKey:LGUncaughtExceptionHandlerSignalExceptionName]; [userInfo setObject:exception.reason forKey:LGUncaughtExceptionHandlerSignalExceptionReason]; [userInfo setObject:callStack forKey:LGUncaughtExceptionHandlerAddressesKey]; }Copy the code
void cache_t::init() { #if HAVE_TASK_RESTARTABLE_RANGES mach_msg_type_number_t count = 0; kern_return_t kr; while (objc_restartableRanges[count].location) { count++; } kr = task_restartable_ranges_register(mach_task_self(), objc_restartableRanges, count); if (kr == KERN_SUCCESS) return; _objc_fatal("task_restartable_ranges_register failed (result 0x%x: %s)", kr, mach_error_string(kr)); #endif // HAVE_TASK_RESTARTABLE_RANGES }Copy the code
To the register callback to dyld, _dyLD_OBJC_NOTIFy_register is only called by the OBJC runtime and the method implementation is in the dyld source code
// _dyld_objc_notify_register
void _dyld_objc_notify_register(_dyld_objc_notify_mapped mapped,
_dyld_objc_notify_init init,
_dyld_objc_notify_unmapped unmapped)
dyld::registerObjCNotifiers(mapped, init, unmapped);
Copy the code
Callback handle assignment
// _dyld_objc_notify_init void registerObjCNotifiers(_dyld_objc_notify_mapped mapped, _dyld_objc_notify_init init, _dyld_objc_notify_unmapped unmapped) { // record functions to call sNotifyObjCMapped = mapped; sNotifyObjCInit = init; sNotifyObjCUnmapped = unmapped; // call 'mapped' function with all images mapped so far try { notifyBatchPartial(dyld_image_state_bound, true, NULL, false, true); } catch (const char* msg) { // ignore request to abort during registration } // call 'init' function on all images already init'ed (below libSystem) for (std::vector<ImageLoader*>::iterator it=sAllImages.begin(); it ! = sAllImages.end(); it++) { ImageLoader* image = *it; if ( (image->getState() == dyld_image_state_initialized) && image->notifyObjC() ) { dyld3::ScopedTimer timer(DBG_DYLD_TIMING_OBJC_INIT, (uint64_t)image->machHeader(), 0, 0); (*sNotifyObjCInit)(image->getRealPath(), image->machHeader()); }}}Copy the code
// Call timing: Xcode hits the dot map_images, runs the call stack, mapImages is in notifyBatchPartial, and notifyBatchPartial is called at the registerObjCNotifiers, This is called when objC initializes the registration notification, so map_images is called after load_images
Call source libobJC, query mag_images, see the following code
map_images(unsigned count, const char * const paths[],
const struct mach_header * const mhdrs[])
mutex_locker_t lock(runtimeLock);
return map_images_nolock(count, paths, mhdrs);
Copy the code
The general process: calculate the number of classes, adjust the size of various tables, initialize the SEL method table, the focus is:
, look directly at the _read_images method
void _read_images(header_info **hList, uint32_t hCount, int totalClasses, int unoptimizedTotalClasses) { ... #define EACH_HEADER \ hIndex = 0; \ hIndex < hCount && (hi = hList[hIndex]); \ hIndex++ // conditional control to perform a load if (! doneOnce) { ... } // Fix up @selector References static size_t for '@selector'. // Fix up @selector References static size_t for '@selector' UnfixedSelectors; {... } ts.log("IMAGE TIMES: fix up selector references"); // Discover classes. Fix up unresolved future classes. Mark bundle classes. Bool hasDyldRoots = dyld_shared_cache_some_image_overridden(); for (EACH_HEADER) { ... } ts.log("IMAGE TIMES: discover classes"); // Fix up remapped classes // List of classes remain unremapped and nonlazy Class list remain unremapped. // Refs and super refs are remapped for message dispatching. if (! noClassesRemapped()) { ... } ts.log("IMAGE TIMES: remap classes"); #if SUPPORT_FIXUP // Fix old objc_msgSend_fixup call sites for (EACH_HEADER) {... } ts.log("IMAGE TIMES: fix up objc_msgSend_fixup"); // Discover protocols. Fix up protocol refs. for (EACH_HEADER) {... } ts.log("IMAGE TIMES: discover protocols"); // Preoptimized images may have the right answer already but we don't. // Preoptimized images may have the right answer already but we don't know for sure. for (EACH_HEADER) { ... } ts.log("IMAGE TIMES: fix up @protocol references"); // Discover categories. Only do this after the initial category // Attachment has been done present at startup, // discovery is deferred until the first load_images call after // the call to _dyld_objc_notify_register completes. if (didInitialAttachCategories) { ... } ts.log("IMAGE TIMES: discover categories"); // Category discovery MUST BE Late to avoid potential races // When other threads call the new Category code befor // this thread finishes its fixups. // +load handled by prepare_load_methods() // Realize non-lazy classes (for +load methods and static instances) for (EACH_HEADER) { ... } ts.log("IMAGE TIMES: realize non-lazy classes"); // The class that has not been processed, // Realize newly resolved future classes, in case CF manipulates them if (resolvedFutureClasses) {... } ts.log("IMAGE TIMES: realize future classes"); . #undef EACH_HEADER }Copy the code
Main process:
- Conditional control runs a load
- Read the list of methods, fix the @selector mess in the precompilation phase, where you have the same method in different classes, but the same method has different addresses, because the addresses of the classes are different
- Error messy class handling
- Fixed remapping of some classes that were not loaded into the file
- Repair some rest
- ReadProtocol readProtocol
- Classified treatment
- Class loading processing, non-lazy loading of the class, read the class information, loaded in the class table (
), lazily loaded classes are added to the table before the first message is sent
Error messy class handling
for (EACH_HEADER) { if (! mustReadClasses(hi, hasDyldRoots)) { // Image is sufficiently optimized that we need not call readClass() continue; Classref_t const * classList = _getObjc2ClassList(hi, &count); bool headerIsBundle = hi->isBundle(); bool headerIsPreoptimized = hi->hasPreoptimizedClasses(); for (i = 0; i < count; i++) { Class cls = (Class)classlist[i]; Class newCls = readClass(cls, headerIsBundle, headerIsPreoptimized); // If (newCls! = cls && newCls) { // Class was moved but not deleted. Currently this occurs // only when the new class resolved a future class. // Non-lazily realize the class below. resolvedFutureClasses = (Class *) realloc(resolvedFutureClasses, (resolvedFutureClassCount+1) * sizeof(Class)); resolvedFutureClasses[resolvedFutureClassCount++] = newCls; }}}Copy the code
Class readClass(Class cls, bool headerIsBundle, Bool headerIsPreoptimized) {const char *mangledName = CLS ->nonlazyMangledName(); if (missingWeakSuperclass(cls)) { ... } cls->fixupBackwardDeployingStableSwift(); Class replacing = nil; if (mangledName ! = nullptr) { ... } if (headerIsPreoptimized && ! replacing) {... } else {if (mangledName) {//some Swift generic classes can lazily generate their names // addNamedClass(CLS, mangledName, replacing); } else { ... } // Insert the associated class into another hash table addClassTableEntry(CLS); } // for future reference: shared cache never contains MH_BUNDLEs if (headerIsBundle) { ... } return cls; }Copy the code
- Rw assignment and RO acquisition are found in the code, but through the debugging process, it is found that this piece does not go.
Bind the class name and address associationaddClassTableEntry
Inserts the associated class intoallocatedClasses
Table, this is a table of initialized classes
The above code corresponds one-to-one to the mach-o below
This can be broken point validation in the readclass, at the same address as in the Mach-o file
Non – lazy loading classes
The comment is pretty obvious, the class that implements the load method will go
Method, not implemented by default, which corresponds to a Mach-o file, as shown in the figure below
IOS low-level exploration _objc_init & readImages
In iOS dynamic linking, _objc_init plays a very important role because _objc_init registers callback functions with dyld dynamic library. Follow the source code to see what _objc_init does
void _objc_init(void) {
static bool initialized = false;
if (initialized) return;
initialized = true;
// fixme defer initialization until an objc-using image is found?
#if __OBJC2__
_dyld_objc_notify_register(&map_images, load_images, unmap_image);
// map_images()
// load_images()
#if __OBJC2__
didCallDyldNotifyRegister = true;
Copy the code
The process is as follows: environ_init Reads and prints environment variables that affect the runtime. For example, configure OBJC_PRINT_LOAD_METHODS tls_init in Xcode. Thread local storage, because some variables are stored in the stack of threads. Thread key binding, thread destructor static_init runs the C++ static constructor. Before dyld calls our static constructor, if libobjc has its own constructor that needs to be prepared. I’m going to call it here, instead of waiting for dyld. Runtime_init Initialization of the runtime environment, Create two tables unattachedCategories & allocatedClasses Exception_INIT Initializes the exception handling system for the OBJC library cache_T ::init Cache condition initializes _imp_implementationWithBlock_init Starts the callback mechanism, usually nothing, because all the initialization is lazy, but for some processes, what happens when they load _dyLD_OBJC_notify_register with dyld
Void environ_init() {// omit... if (PrintHelp || PrintOptions) { if (PrintHelp) { _objc_inform("Objective-C runtime debugging. Set variable=YES to enable."); _objc_inform("OBJC_HELP: describe available environment variables"); if (PrintOptions) { _objc_inform("OBJC_HELP is set"); } _objc_inform("OBJC_PRINT_OPTIONS: list which options are set"); } if (PrintOptions) { _objc_inform("OBJC_PRINT_OPTIONS is set"); } for (size_t i = 0; i < sizeof(Settings)/sizeof(Settings[0]); i++) { const option_t *opt = &Settings[i]; if (PrintHelp) _objc_inform("%s: %s", opt->env, opt->help); if (PrintOptions && *opt->var) _objc_inform("%s is set", opt->env); }}}Copy the code
When we configure the environment variable in Xcode, we print the configuration here, as follows:
The load method will increase the startup time of the program, when you need to exhaust, directly configure the environment variables in Xcode print, can be directly queried
void tls_init(void) { #if SUPPORT_DIRECT_THREAD_KEYS pthread_key_init_np(TLS_DIRECT_KEY, &_objc_pthread_destroyspecific); #else // Thread key destructor _objc_pthread_key = tls_create(&_objc_pthread_destroyspecific); #endif }Copy the code
Run the C++ constructor,. Before dyld calls our static constructor, lib calls its own C++ constructor by calling _objc_init. In short, libobjc calls its own global C++ function before dyld calls its static constructor
static void static_init() { size_t count; auto inits = getLibobjcInitializers(&_mh_dylib_header, &count); for (size_t i = 0; i < count; i++) { inits[i](); } auto offsets = getLibobjcInitializerOffsets(&_mh_dylib_header, &count); for (size_t i = 0; i < count; i++) { UnsignedInitializer init(offsets[i]); init(); }}Copy the code
Allocated: Class table initialization & Class table initialization. Allocated means allocated
void runtime_init(void)
Copy the code
Initialize the exception handling system. When an exception occurs in the program, the user can obtain the exception information to call back and report it to the server or others
void exception_init(void)
old_terminate = std::set_terminate(&_objc_terminate);
Copy the code
Follow the source code and you will find the following callback processing
objc_setUncaughtExceptionHandler(objc_uncaught_exception_handler fn)
objc_uncaught_exception_handler result = uncaught_handler;
uncaught_handler = fn;
return result;
Copy the code
The corresponding OC code is treated as follows, which can be encapsulated in a class that can be called after the program is started:
+ (void)installUncaughtSignalExceptionHandler { // objc_setUncaughtExceptionHandler() NSSetUncaughtExceptionHandler(&exceptionHandlers); } void Exception (NSException * Exception) {NSLog(@"%s",__func__); int32_t exceptionCount = atomic_fetch_add_explicit(&LGUncaughtExceptionCount,1,memory_order_relaxed); if (exceptionCount > LGUncaughtExceptionMaximum) { return; } / / stack information - model programming thought NSArray * callStack = [LGUncaughtExceptionHandle lg_backtrace]; NSMutableDictionary *userInfo = [NSMutableDictionary dictionaryWithDictionary:[exception userInfo]]; [userInfo forKey:LGUncaughtExceptionHandlerSignalExceptionName]; [userInfo setObject:exception.reason forKey:LGUncaughtExceptionHandlerSignalExceptionReason]; [userInfo setObject:callStack forKey:LGUncaughtExceptionHandlerAddressesKey]; }Copy the code
void cache_t::init() { #if HAVE_TASK_RESTARTABLE_RANGES mach_msg_type_number_t count = 0; kern_return_t kr; while (objc_restartableRanges[count].location) { count++; } kr = task_restartable_ranges_register(mach_task_self(), objc_restartableRanges, count); if (kr == KERN_SUCCESS) return; _objc_fatal("task_restartable_ranges_register failed (result 0x%x: %s)", kr, mach_error_string(kr)); #endif // HAVE_TASK_RESTARTABLE_RANGES }Copy the code
To the register callback to dyld, _dyLD_OBJC_NOTIFy_register is only called by the OBJC runtime and the method implementation is in the dyld source code
// _dyld_objc_notify_register
void _dyld_objc_notify_register(_dyld_objc_notify_mapped mapped,
_dyld_objc_notify_init init,
_dyld_objc_notify_unmapped unmapped)
dyld::registerObjCNotifiers(mapped, init, unmapped);
Copy the code
Callback handle assignment
// _dyld_objc_notify_init void registerObjCNotifiers(_dyld_objc_notify_mapped mapped, _dyld_objc_notify_init init, _dyld_objc_notify_unmapped unmapped) { // record functions to call sNotifyObjCMapped = mapped; sNotifyObjCInit = init; sNotifyObjCUnmapped = unmapped; // call 'mapped' function with all images mapped so far try { notifyBatchPartial(dyld_image_state_bound, true, NULL, false, true); } catch (const char* msg) { // ignore request to abort during registration } // call 'init' function on all images already init'ed (below libSystem) for (std::vector<ImageLoader*>::iterator it=sAllImages.begin(); it ! = sAllImages.end(); it++) { ImageLoader* image = *it; if ( (image->getState() == dyld_image_state_initialized) && image->notifyObjC() ) { dyld3::ScopedTimer timer(DBG_DYLD_TIMING_OBJC_INIT, (uint64_t)image->machHeader(), 0, 0); (*sNotifyObjCInit)(image->getRealPath(), image->machHeader()); }}}Copy the code
// Call timing: Xcode hits the dot map_images, runs the call stack, mapImages is in notifyBatchPartial, and notifyBatchPartial is called at the registerObjCNotifiers, This is called when objC initializes the registration notification, so map_images is called after load_images
Call source libobJC, query mag_images, see the following code
map_images(unsigned count, const char * const paths[],
const struct mach_header * const mhdrs[])
mutex_locker_t lock(runtimeLock);
return map_images_nolock(count, paths, mhdrs);
Copy the code
The general process: calculate the number of classes, adjust the size of various tables, initialize the SEL method table, the focus is:
, look directly at the _read_images method
void _read_images(header_info **hList, uint32_t hCount, int totalClasses, int unoptimizedTotalClasses) { ... #define EACH_HEADER \ hIndex = 0; \ hIndex < hCount && (hi = hList[hIndex]); \ hIndex++ // conditional control to perform a load if (! doneOnce) { ... } // Fix up @selector References static size_t for '@selector'. // Fix up @selector References static size_t for '@selector' UnfixedSelectors; {... } ts.log("IMAGE TIMES: fix up selector references"); // Discover classes. Fix up unresolved future classes. Mark bundle classes. Bool hasDyldRoots = dyld_shared_cache_some_image_overridden(); for (EACH_HEADER) { ... } ts.log("IMAGE TIMES: discover classes"); // Fix up remapped classes // List of classes remain unremapped and nonlazy Class list remain unremapped. // Refs and super refs are remapped for message dispatching. if (! noClassesRemapped()) { ... } ts.log("IMAGE TIMES: remap classes"); #if SUPPORT_FIXUP // Fix old objc_msgSend_fixup call sites for (EACH_HEADER) {... } ts.log("IMAGE TIMES: fix up objc_msgSend_fixup"); // Discover protocols. Fix up protocol refs. for (EACH_HEADER) {... } ts.log("IMAGE TIMES: discover protocols"); // Preoptimized images may have the right answer already but we don't. // Preoptimized images may have the right answer already but we don't know for sure. for (EACH_HEADER) { ... } ts.log("IMAGE TIMES: fix up @protocol references"); // Discover categories. Only do this after the initial category // Attachment has been done present at startup, // discovery is deferred until the first load_images call after // the call to _dyld_objc_notify_register completes. if (didInitialAttachCategories) { ... } ts.log("IMAGE TIMES: discover categories"); // Category discovery MUST BE Late to avoid potential races // When other threads call the new Category code befor // this thread finishes its fixups. // +load handled by prepare_load_methods() // Realize non-lazy classes (for +load methods and static instances) for (EACH_HEADER) { ... } ts.log("IMAGE TIMES: realize non-lazy classes"); // The class that has not been processed, // Realize newly resolved future classes, in case CF manipulates them if (resolvedFutureClasses) {... } ts.log("IMAGE TIMES: realize future classes"); . #undef EACH_HEADER }Copy the code
Main process:
- Conditional control runs a load
- Read the list of methods, fix the @selector mess in the precompilation phase, where you have the same method in different classes, but the same method has different addresses, because the addresses of the classes are different
- Error messy class handling
- Fixed remapping of some classes that were not loaded into the file
- Repair some rest
- ReadProtocol readProtocol
- Classified treatment
- Class loading processing, non-lazy loading of the class, read the class information, loaded in the class table (
), lazily loaded classes are added to the table before the first message is sent
Error messy class handling
for (EACH_HEADER) { if (! mustReadClasses(hi, hasDyldRoots)) { // Image is sufficiently optimized that we need not call readClass() continue; Classref_t const * classList = _getObjc2ClassList(hi, &count); bool headerIsBundle = hi->isBundle(); bool headerIsPreoptimized = hi->hasPreoptimizedClasses(); for (i = 0; i < count; i++) { Class cls = (Class)classlist[i]; Class newCls = readClass(cls, headerIsBundle, headerIsPreoptimized); // If (newCls! = cls && newCls) { // Class was moved but not deleted. Currently this occurs // only when the new class resolved a future class. // Non-lazily realize the class below. resolvedFutureClasses = (Class *) realloc(resolvedFutureClasses, (resolvedFutureClassCount+1) * sizeof(Class)); resolvedFutureClasses[resolvedFutureClassCount++] = newCls; }}}Copy the code
Class readClass(Class cls, bool headerIsBundle, Bool headerIsPreoptimized) {const char *mangledName = CLS ->nonlazyMangledName(); if (missingWeakSuperclass(cls)) { ... } cls->fixupBackwardDeployingStableSwift(); Class replacing = nil; if (mangledName ! = nullptr) { ... } if (headerIsPreoptimized && ! replacing) {... } else {if (mangledName) {//some Swift generic classes can lazily generate their names // addNamedClass(CLS, mangledName, replacing); } else { ... } // Insert the associated class into another hash table addClassTableEntry(CLS); } // for future reference: shared cache never contains MH_BUNDLEs if (headerIsBundle) { ... } return cls; }Copy the code
- Rw assignment and RO acquisition are found in the code, but through the debugging process, it is found that this piece does not go.
Bind the class name and address associationaddClassTableEntry
Inserts the associated class intoallocatedClasses
Table, this is a table of initialized classes
The above code corresponds one-to-one to the mach-o below
This can be broken point validation in the readclass, at the same address as in the Mach-o file
Non – lazy loading classes
The comment is pretty obvious, the class that implements the load method will go
In mach-o section64 (__objc_nlclslist), there are two lists, one for all classes and one for classes that have implemented +load. The difference set between these two lists is the class that is lazily loaded
Class loading
The exploration of the whole process from dyld to _objc_init to read_images is gradually connected in series, and the context is more and more clear. Behind is the very important content of the class loading, familiar with after, will help us to solve the following questions 1, why have rw, ro, rwe 2, 3 + load method call time, what is the order + load method calls 4, classification of he main class the same method, the classification of why call