This article is written based on Object C4-818
void _objc_init(void)
static bool initialized = false;
if (initialized) return;
initialized = true;
// fixme defer initialization until an objc-using image is found?
#if __OBJC2__
_dyld_objc_notify_register(&map_images, load_images, unmap_image);
#if __OBJC2__
didCallDyldNotifyRegister = true;
Copy the code
- environ_init()
Read environment variables that affect the runtime.
- tls_init()
Bindings for thread keys – such as destructors for per-thread data
- static_init()
Run the C++ static constructor. Libc calls _objc_init() before DYLD calls our static constructor, so we have to do it ourselves
- runtime_init()
Runtime Initializes the runtime environment
- exception_init()
Initialize libobJC’s exception handling system
- cache_t::init()
Prepare the cache, initialize the cache
- _imp_implementationWithBlock_init()
Start the callback mechanism. Usually this doesn’t do much, because all initialization is lazy, but for some processes we can’t wait to load trampolines dylib, right
- _dyld_objc_notify_register(&map_images, load_images, unmap_image)
Dyld loads the class information in MACHo into memory through map_images, load_images and unmap_image, and loads the class information
_dyld_objc_notify_register(&map_images, load_images, unmap_image)
We know that the macho file is generated after the code is compiled, and all symbols are stored in the Macho file, and the running of the program is the result of the invocation of symbols. Code → compilation → Macho → memory, and our program is ready to run
- map_images
Manage symbols in files and dynamic libraries (classes, selectors, categories…)
- load_images
Load method
So map_images is preceded by ampersand, which is the reference type, and it changes internally, and it changes externally
The source code
map_images(unsigned count, const char * const paths[],
const struct mach_header * const mhdrs[])
mutex_locker_t lock(runtimeLock);
return map_images_nolock(count, paths, mhdrs);
Copy the code
The source code
void map_images_nolock(unsigned mhCount, const char * const mhPaths[], Const struct mach_header * const MHDRS []) {// omit ready code // Find all images with objective-C metadata. Find all objective-C metadata in the images hCount = 0; // Count classes. Size various table based on the total. int totalClasses = 0; Int unoptimizedTotalClasses = 0; If (hCount > 0) {if (hCount > 0) {// load the image file _read_images(hList, hCount, totalClasses, unoptimizedTotalClasses); } firstTime = NO; // Call image load funcs after everything is set up. For (Auto func: loadImageFuncs) {for (Uint32_t I = 0; i < mhCount; i++) { func(mhdrs[i]); }}}Copy the code
This section of code does a series of preparatory work, the purpose of which is to find hCount, totalClasses, unoptimizedTotalClasses to prepare read_image.
_read_images has the following sections
- Condition control for a load
- Fixed @selector confusion during precompilation
- Wrong messy class handling
- Fixed remapping some classes that were not loaded by the image file
- Fix some messages
- When there is a protocol in the class: readProtocol Reads the protocol
- Fix protocols that were not loaded
- Classification process
- Class loading processing
- For classes that are not processed, optimize those that are violated
Condition control for a load
if (! DoneOnce) {// doneOnce = YES; launchTime = YES; / /... // namedClasses // Preoptimized classes don't go in this table. // 4/3 is NXMapTable's load factor int namedClassesSize = (isPreoptimized() ? unoptimizedTotalClasses : totalClasses) * 4 / 3; gdb_objc_realized_classes = NXCreateMapTable(NXStrValueMapPrototype, namedClassesSize); ts.log("IMAGE TIMES: first time tasks"); }Copy the code
DoneOnce will only come in once, and we can see that doneOnce is changed to YES once we enter the if condition, and then we get the size of namedClasses, and then we create the NXMapTable hash table for quick storage, The hash table created from the official comment is 3/4 times the size of namedClassesSize.
- gdb_objc_realized_classes
The true type of gDB_objC_realized_classes is NXMapTable. We know that gDB_objC_realized_classes does not actually exist in the named list that shares the cache with DyLD, whether implemented or not. This list excludes lazy-loaded classes, and the classes in this list must be obtained via getClass
// This is a misnomer: gdb_objc_realized_classes is actually a list of
// named classes not in the dyld shared cache, whether realized or not.
// This list excludes lazily named classes, which have to be looked up
// using a getClass hook.
NXMapTable *gdb_objc_realized_classes; // exported for debuggers in objc-gdb.h
Copy the code
Fixed @selector confusion during precompilation
// Fix up @selector references static size_t UnfixedSelectors; { mutex_locker_t lock(selLock); for (EACH_HEADER) { if (hi->hasPreoptimizedSelectors()) continue; bool isBundle = hi->isBundle(); __objc_selrefs SEL *sels = _getObjc2SelectorRefs(hi, &count); UnfixedSelectors += count; for (i = 0; i < count; i++) { const char *name = sel_cname(sels[i]); Sel = sel_registerNameNoLock(name, isBundle); // if sels[I] with sels[I] if (sels[I]! = sel) { sels[i] = sel; } } } } ts.log("IMAGE TIMES: fix up selector references");Copy the code
Sel_registerNameNoLock adds SEL to the namedSelectors hash table by iterating the list to __objc_selrefs from Mach_O via _getObjc2SelectorRefs
- _getObjc2SelectorRefs
_getObjc2*, reads the required information from Mach_O
// function name content type section name
GETSECT(_getObjc2SelectorRefs, SEL, "__objc_selrefs");
GETSECT(_getObjc2MessageRefs, message_ref_t, "__objc_msgrefs");
GETSECT(_getObjc2ClassRefs, Class, "__objc_classrefs");
GETSECT(_getObjc2SuperRefs, Class, "__objc_superrefs");
GETSECT(_getObjc2ClassList, classref_t const, "__objc_classlist");
GETSECT(_getObjc2NonlazyClassList, classref_t const, "__objc_nlclslist");
GETSECT(_getObjc2CategoryList, category_t * const, "__objc_catlist");
GETSECT(_getObjc2CategoryList2, category_t * const, "__objc_catlist2");
GETSECT(_getObjc2NonlazyCategoryList, category_t * const, "__objc_nlcatlist");
GETSECT(_getObjc2ProtocolList, protocol_t * const, "__objc_protolist");
GETSECT(_getObjc2ProtocolRefs, protocol_t *, "__objc_protorefs");
GETSECT(getLibobjcInitializers, UnsignedInitializer, "__objc_init_func");
Copy the code
- sel_registerNameNoLock && __sel_registerName
Explore by sel_registerNameNoLock → __sel_registerName if! Name = SEL, search_builtins→ _DYLD_GET_objC_selector, selselselector = SEL, selselselector = SEL, selselselector = SEL, selselselector = SEL Insert SEL into the hash table of namedSelectors
SEL sel_registerNameNoLock(const char *name, bool copy) { return __sel_registerName(name, 0, copy); // NO lock, maybe copy } static SEL __sel_registerName(const char *name, bool shouldLock, bool copy) { SEL result = 0; if (shouldLock) selLock.assertUnlocked(); else selLock.assertLocked(); if (! name) return (SEL)0; result = search_builtins(name); if (result) return result; conditional_mutex_locker_t lock(selLock, shouldLock); auto it = namedSelectors.get().insert(name); if (it.second) { // No match. Insert. *it.first = (const char *)sel_alloc(name, copy); } return (SEL)*it.first; }Copy the code
Wrong messy class handling
// Discover classes. Fix up unresolved future classes. Mark bundle classes dyld_shared_cache_some_image_overridden(); ReadClass for (EACH_HEADER) {if (! mustReadClasses(hi, hasDyldRoots)) { // Image is sufficiently optimized that we need not call readClass() continue; } // Fetch all classes from the compiled classlist, that is, get the static segment __objc_classList from Mach-o, Classref_t const * classList = _getObjc2ClassList(hi, &count); bool headerIsBundle = hi->isBundle(); bool headerIsPreoptimized = hi->hasPreoptimizedClasses(); for (i = 0; i < count; i++) { Class cls = (Class)classlist[i]; Class newCls = readClass(CLS, headerIsBundle, headerIsPreoptimized); If (newCls! NewCls! NewCls! NewCls! NewCls! = cls && newCls) { // Class was moved but not deleted. Currently this occurs // only when the new class resolved a Future class. // Non-lazily realize the class below. // Add classes to array resolvedFutureClasses = (class *) realloc(resolvedFutureClasses, (resolvedFutureClassCount+1) * sizeof(Class)); resolvedFutureClasses[resolvedFutureClassCount++] = newCls; } } } ts.log("IMAGE TIMES: discover classes");Copy the code
Get all the classes from Mach_O, walk through all the classes, deal with the error-ridden classes, and as you can see from the comments at the end, you’re dealing with only non-lazy-loaded classes
- cls
Here we see the oddly familiar CLS, but:
- No more through
Before, that is,Class cls = (Class)classlist[i]
When, herecls
It’s just an address - after
After that,cls
It becomes a class name
Fixed remapping some classes that were not loaded by the image file
// Fix up remapped classes // Class list and nonlazy class list remain unremapped. // Class refs and super refs are remapped for message dispatching. if (! noClassesRemapped()) { for (EACH_HEADER) { Class *classrefs = _getObjc2ClassRefs(hi, &count); for (i = 0; i < count; i++) { remapClassRef(&classrefs[i]); } // fixme why doesn't test future1 catch the absence of this? classrefs = _getObjc2SuperRefs(hi, &count); for (i = 0; i < count; i++) { remapClassRef(&classrefs[i]); } } } ts.log("IMAGE TIMES: remap classes");Copy the code
If there is a remapping class, read the symbol information of __objc_classrefs and __objc_superrefs in Mach_O respectively, through remapClass to achieve the purpose of repair and remapping.
Fix some messages
The static segment __objc_MSgrefs of Mach-O is obtained by _getObjc2MessageRefs, and the function pointer is registered through fixupMessageRef and fixed as the new function pointer
#if SUPPORT_FIXUP // Fix some messages // Fix up old objc_msgSend_fixup Call Sites for (EACH_HEADER) {// _getObjc2MessageRefs __objc_MSgrefs message_ref_t *refs = _getObjc2MessageRefs(hi, &count); if (count == 0) continue; if (PrintVtables) { _objc_inform("VTABLES: repairing %zu unsupported vtable dispatch " "call sites in %s", count, hi->fname()); } for (I = 0; I = 0; i < count; i++) { fixupMessageRef(refs+i); } } ts.log("IMAGE TIMES: fix up objc_msgSend_fixup"); #endifCopy the code
When there is a protocol in the class: readProtocol Reads the protocol
// Discover protocols. Fix up protocol refs. Discover the protocol. Extern (EACH_HEADER) {extern objc_class OBJC_CLASS_$_Protocol; extern (EACH_HEADER) {extern objc_class OBJC_CLASS_$_Protocol; Class CLS = (Class) &objc_class_ $_Protocol; // CLS = Protocol; ASSERT(cls); Protocol_map NXMapTable *protocol_map = protocols(); bool isPreoptimized = hi->hasPreoptimizedProtocols(); // Skip reading protocols if this is an image from the shared cache // and we support roots // Note, after launch we do need to walk the protocol as the protocol // in the shared cache is marked with isCanonical() and that may not // be true if some non-shared cache binary was chosen as the canonical // definition if (launchTime && isPreoptimized && cacheSupportsProtocolRoots) { if (PrintProtocols) { _objc_inform("PROTOCOLS: Skipping reading protocols in image: %s", hi->fname()); } continue; } bool isBundle = hi->isBundle(); _getObjc2ProtocolList = _getObjc2ProtocolList; Protocol Protocol_t * const *protolist = _getObjc2ProtocolList(hi, &count); for (i = 0; i < count; I ++) {readProtocol(Protolist [I], CLS, PROTOCOL_map, isPreoptimized, isBundle) by adding protocol to the protocol_map hash table; } } ts.log("IMAGE TIMES: discover protocols");Copy the code
Create a protocol table protocol_map. The type is NXMapTable. NXMapTable *protocol = protocols(); The source code for, Protocols () is as follows
static NXMapTable *protocols(void)
static NXMapTable *protocol_map = nil;
NXCreateMapTable(NXStrValueMapPrototype, 16),
NXFreeMapTable(v) );
return protocol_map;
Copy the code
Gets the list of protocols in Macho, loops through and writes protocols to the PROTOCOL_MAP hash table via readProtocol
protocol_t * const *protolist = _getObjc2ProtocolList(hi, &count);
for (i = 0; i < count; i++) {
readProtocol(protolist[i], cls, protocol_map,
isPreoptimized, isBundle);
Copy the code
Fix protocols that were not loaded
// Fix up @protocol references
// Preoptimized images may have the right
// answer already but we don't know for sure.
// At launch time, we know preoptimized image refs are pointing at the
// shared cache definition of a protocol. We can skip the check on
// launch, but have to visit @protocol refs for shared cache images
// loaded later.
if (launchTime && hi->isPreoptimized())
protocol_t **protolist = _getObjc2ProtocolRefs(hi, &count);
for (i = 0; i < count; i++) {
ts.log("IMAGE TIMES: fix up @protocol references");
Copy the code
Get macho static segment __objc_protorefs content, with remapProtocolRef to fix not loaded protocol.
Treatment of classification
// Discover categories. Only do this after the initial category
// attachment has been done. For categories present at startup,
// discovery is deferred until the first load_images call after
// the call to _dyld_objc_notify_register completes. rdar://problem/53119145
if (didInitialAttachCategories) {
ts.log("IMAGE TIMES: discover categories");
Copy the code
Discover classification. This can only be done during classification initialization. For categories that appear at startup, it is found to be delayed until the first load_images call after the call to _DYLD_OBJC_Notify_register is complete
Class loading processing
// Category discovery MUST BE Late to avoid potential races // when other threads call the new category code before // this thread finishes its fixups. // +load handled by prepare_load_methods() // Realize non-lazy classes (for +load methods and static instances) for (EACH_HEADER) { classref_t const *classlist = hi->nlclslist(&count); for (i = 0; i < count; i++) { Class cls = remapClass(classlist[i]); if (! cls) continue; addClassTableEntry(cls); if (cls->isSwiftStable()) { if (cls->swiftMetadataInitializer()) { _objc_fatal("Swift class %s with a metadata initializer " "is not allowed to be non-lazy", cls->nameForLogging()); } // fixme also disallow relocatable classes // We can't disallow all Swift classes because of // classes like Swift.__EmptyArrayStorage } realizeClassWithoutSwift(cls, nil); } } ts.log("IMAGE TIMES: realize non-lazy classes");Copy the code
Load non-lazily loaded classes
classref_t const *classlist = hi->nlclslist(&count)
To obtainmacho
Lazy load class table- through
To determine whether a pointer to the current non-lazy-loaded class already exists- If not, pass
Add the current non-lazy-loaded class to insert the class table throughrealizeClassWithoutSwift
Implements the current class
- If not, pass
For classes that are not processed, optimize those that are violated
// Realize newly-resolved future classes, in case CF manipulates them if (resolvedFutureClasses) { for (i = 0; i < resolvedFutureClassCount; i++) { Class cls = resolvedFutureClasses[i]; if (cls->isSwiftStable()) { _objc_fatal("Swift class is not allowed to be future"); } // Implement class realizeClassWithoutSwift(CLS, nil); cls->setInstancesRequireRawIsaRecursively(false/*inherited*/); } free(resolvedFutureClasses); } ts.log("IMAGE TIMES: realize future classes"); If (DebugNonFragileIvars) {// Implement all realizeAllClasses(); }Copy the code
Reading the class, we’re dealing with messy classes, and by readClass, we get the name of the class from an address. The source code is as follows:
/*********************************************************************** * readClass * Read a class and metaclass as written by a compiler. * Returns the new class pointer. This could be: * - cls * - nil (cls has a missing weak-linked superclass) * - something else (space for this class was reserved by a future class) * * Note that all work performed by this function is preflighted by * mustReadClasses(). Do not change this function without updating that one. * * Locking: runtimeLock acquired by map_images or objc_readClassPair **********************************************************************/ Class readClass(Class cls, bool headerIsBundle, Bool headerIsPreoptimized) {const char *mangledName = CLS ->nonlazyMangledName(); const char *practiseName = "Person"; if (strcmp(mangledName, practiseName) == 0) { printf("-------- %s", mangledName); } // If there are missing weak-linked classes in the parent of the current class, Return nil if (missingWeakSuperclass(CLS)) {// No superclass (probably weak-linked). // Disavow any knowledge of this subclass. if (PrintConnecting) { _objc_inform("CLASS: IGNORING class '%s' with " "missing weak-linked superclass", cls->nameForLogging()); } addRemappedClass(cls, nil); cls->setSuperclass(nil); return nil; } cls->fixupBackwardDeployingStableSwift(); PopFutureNamedClass = popFutureNamedClass = popFutureNamedClass = popFutureNamedClass = popFutureNamedClass The Class replacing = nil of THE RO and RW classes will not be implemented. if (mangledName ! = nullptr) { if (Class newCls = popFutureNamedClass(mangledName)) { // This name was previously allocated as a future class. // Copy objc_class to future class's struct. // Preserve future's rw data block. if (newCls->isAnySwift()) { _objc_fatal("Can't complete future class request for '%s' " "because the real class is too big.", cls->nameForLogging()); Class_rw_t *rw = newCls->data(); const class_ro_t *old_ro = rw->ro(); memcpy(newCls, cls, sizeof(objc_class)); // Manually set address-discriminated ptrauthed fields // so that newCls gets the correct signatures. newCls->setSuperclass(cls->getSuperclass()); newCls->initIsa(cls->getIsa()); rw->set_ro((class_ro_t *)newCls->data()); newCls->setData(rw); freeIfMutable((char *)old_ro->getName()); free((void *)old_ro); addRemappedClass(cls, newCls); replacing = cls; cls = newCls; If (headerIsPreoptimized &&! replacing) { // class list built in shared cache // fixme strict assert doesn't work because of duplicates // ASSERT(cls == getClass(name)); ASSERT(mangledName == nullptr || getClassExceptSomeSwift(mangledName)); } else {if (mangledName) {// Some Swift generic classes can lazily generate their names mangledName, replacing); } else { Class meta = cls->ISA(); const class_ro_t *metaRO = meta->bits.safe_ro(); ASSERT(metaRO->getNonMetaclass() && "Metaclass with lazy name must have a pointer to the corresponding nonmetaclass."); ASSERT(metaRO->getNonMetaclass() == cls && "Metaclass nonmetaclass pointer must equal the original class."); } // Insert the table, which is equivalent to reading addClassTableEntry(CLS) from the Mach-O file; } // for future reference: shared cache never contains MH_BUNDLEs if (headerIsBundle) { cls->data()->flags |= RO_FROM_BUNDLE; cls->ISA()->data()->flags |= RO_FROM_BUNDLE; } return cls; }Copy the code
- through
Get the name of the class
// Get the class's mangled name, or NULL if the class has a lazy
// name that hasn't been created yet.
const char *nonlazyMangledName() const {
return bits.safe_ro()->getName();
Copy the code
As we know from the comment, the class name of the non-lazy-loaded class is retrieved, or NULL is returned if the class is lazy-loaded, which is different from the previous version of the source code
- Returns nil if there are missing weak-Linked classes in the parent of the current class
- Determine whether the class needs to be processed later. Under normal circumstances, it will not go to
, because this operation is specific to the class to be processed in the future, it can also be debugged through breakpoints, knowing that it will not go toif
In the process, so it won’t be rightro
Does not existclass
In the memoryro
Is assigned frommacho
In thedata
Strong in turn torw
In thero
Reproducing the past
- through
Adds the current class to the already created onegdb_objc_realized_classes
Hash table, which is used to hold all classes
/ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * addNamedClass load sharing classes in the cache insert table * Adds name = > cls to the named non-meta class map. Adds name=> CLS to named non-metaclass mapping * Warns about duplicate class names and keeps the old mapping. * Locking: runtimeLock must be held by the caller **********************************************************************/ static void addNamedClass(Class cls, const char *name, Class replacing = nil) { runtimeLock.assertLocked(); Class old; if ((old = getClassExceptSomeSwift(name)) && old ! = replacing) { inform_duplicate(name, old, cls); // getMaybeUnrealizedNonMetaClass uses name lookups. // Classes not found by name lookup must be in the // secondary meta->nonmeta table. addNonMetaClass(cls); } else {// add to gdb_objC_realized_classes table NXMapInsert(gDB_objC_realized_classes, name, CLS); } ASSERT(! (cls->data()->flags & RO_META)); // wrong: constructed classes are already realized when they get here // ASSERT(! cls->isRealized()); }Copy the code
- through
, adds the initialized class toallocatedClasses
In theruntime_init
It’s created.
/*********************************************************************** * addClassTableEntry * Add a class to the table of all classes. If addMeta is true, * automatically adds the metaclass of the class as well. * Locking: runtimeLock must be held by the caller. **********************************************************************/ static void addClassTableEntry(Class cls, bool addMeta = true) { runtimeLock.assertLocked(); // This class is allowed to be a known class via the shared cache or via // data segments, but it is not allowed to be in the dynamic table already. auto &set = objc::allocatedClasses.get(); ASSERT(set.find(cls) == set.end()); if (! isKnownClass(cls)) set.insert(cls); if (addMeta) addClassTableEntry(cls->ISA(), false); }Copy the code
To sum up, the main function of readClass is to read the non-lazy load class in Macho into memory, that is, insert it into the table, but the current class only has two information: address and name, and macho data has not been read out
RealizeClassWithoutSwift has ro, rw operations, and the realizeClassWithoutSwift is to implement the class, load the data of the class into memory
1. Read data
// fixme verify class is not in an un-dlopened part of the shared cache? Auto ro = (const class_ro_t *) CLS ->data(); Auto isMeta = ro->flags &ro_meta; auto isMeta = ro->flags &ro_meta; Rw data is already allocated. Rw = CLS ->data(); rw = allocated data(); Ro = CLS ->data()->ro(); ASSERT(! isMeta); cls->changeInfo(RW_REALIZED|RW_REALIZING, RW_FUTURE); } else {// Normal class.allocate writeable class data. rw = objc::zalloc<class_rw_t>(); Zalloc -- rw rw->set_ro(ro); / / rw ro ro set to temp of rw - > flags = RW_REALIZED | RW_REALIZING | isMeta; cls->setData(rw); // Set CLS data to rw}Copy the code
Read class data, assign rw, ro
, that is, read-only, the memory is determined at compile time and contains information about class names, methods, protocols, and instance variablesClean Memory
And theClean Memory
Memory that does not change after loadingrw
, i.e.,Can read but write
, may be added to the class because of its dynamic natureProperties, methods, add protocols
In 2020WWDC
theMemory optimization
instructionsAdvancements in the Objective-C runtime – WWDC 2020 – Videos – Apple DeveloperMentioned,rw
, in fact, inrw
Only 10% of the classes actually change their methods, so there arerwe
, i.e.,Additional information about the class
. For those classes that do require additional information, it can be assignedrwe
Extend one of the records and slide it into the class for its use. Among themrw
Belong todirty memory
And thedirty memory
Refers to theMemory that changes while the process is running
.Class structure
As soon asuse
It will become aditry memory
Because the runtime writes new data to it, such as creating a new method cache and pointing to it from the class
2. Determine the inheritance chain of the class, and the ISA chain
supercls = realizeClassWithoutSwift(remapClass(cls->getSuperclass()), nil)
Determine the parent classmetacls = realizeClassWithoutSwift(remapClass(cls->ISA()), nil)
Determine the metaclass
RealizeClassWithoutSwift supercls = realizeClassWithoutSwift(remapClass(CLS ->getSuperclass()), nil); metacls = realizeClassWithoutSwift(remapClass(cls->ISA()), nil);Copy the code
- in
At the beginning of the following code, through the search class has been implemented to determine, to prevent the infinite loop to find under the situation
// If the class is initialized, CLS if (! cls) return nil; if (cls->isRealized()) { validateAlreadyRealizedClass(cls); return cls; }Copy the code
- Returns if the class is not found
And we know that theta isNSObject
Is the parent classnil
The metaclass is passedisa
To determine their inheritance,rootmatecls
It’s still pointing to itself, so there’s no return from the metaclassnil
- Judge current
Implemented or not
// Locking: To prevent concurrent realization, hold runtimeLock. bool isRealized() const { return ! isStubClass() && (data()->flags & RW_REALIZED); }Copy the code
Here we can see that to determine whether a class is fully implemented is to determine whether it is nearly fully implemented with the RW
- If the class is implemented, verify its implementation and return the class
static void validateAlreadyRealizedClass(Class cls) { ASSERT(cls->isRealized()); #if TARGET_OS_OSX class_rw_t *rw = cls->data(); size_t rwSize = malloc_size(rw); // Note: this check will need some adjustment if class_rw_t's // size changes to not match the malloc bucket. if (rwSize ! = sizeof(class_rw_t)) _objc_fatal("realized class %p has corrupt data pointer %p", cls, rw); #endif }Copy the code
Here we again verify that the implementation of the judgment class is actually verifying its RW
- If not, it goes back to the first step here to read the data data
- Complete the remapping of the parent and metaclass of the currently required implementation class
Update superclass and metaclass in case of remapping CLS ->setSuperclass(supercls); cls->initClassIsa(metacls);Copy the code
Remap the parent class
void setSuperclass(Class newSuperclass) {
superclass = (Class)ptrauth_sign_unauthenticated((void *)newSuperclass, ISA_SIGNING_KEY, ptrauth_blend_discriminator(&superclass, ISA_SIGNING_DISCRIMINATOR_CLASS_SUPERCLASS));
superclass = newSuperclass;
Copy the code
Sets the metaclass for the current class
- if
Exists, willcls
Joins the subclass list of the parent class - if
If no, it willcls
As the root class
// Connect this class to its superclass's subclass lists if (supercls) {addSubclass(supercls, CLS); } else { addRootClass(cls); }Copy the code
3. Use methodizeClass to restore the method list, protocol list, and attribute list of the class
* methodizeClass
* Fixes up cls's method list, protocol list, and property list.
* Attaches any outstanding categories.
* Locking: runtimeLock must be held by the caller
static void methodizeClass(Class cls, Class previously)
bool isMeta = cls->isMetaClass();
auto rw = cls->data();
auto ro = rw->ro();
auto rwe = rw->ext();
// Methodizing for the first time
if (PrintConnecting) {
_objc_inform("CLASS: methodizing class '%s' %s",
cls->nameForLogging(), isMeta ? "(meta)" : "");
// Install methods and properties that the class implements itself.
method_list_t *list = ro->baseMethods();
if (list) {
prepareMethodLists(cls, &list, 1, YES, isBundleClass(cls), nullptr);
if (rwe) rwe->methods.attachLists(&list, 1);
property_list_t *proplist = ro->baseProperties;
if (rwe && proplist) {
rwe->properties.attachLists(&proplist, 1);
protocol_list_t *protolist = ro->baseProtocols;
if (rwe && protolist) {
rwe->protocols.attachLists(&protolist, 1);
// Root classes get bonus method implementations if they don't have
// them already. These apply before category replacements.
if (cls->isRootMetaclass()) {
// root metaclass
addMethod(cls, @selector(initialize), (IMP)&objc_noop_imp, "", NO);
// Attach categories.
if (previously) {
if (isMeta) {
objc::unattachedCategories.attachToClass(cls, previously,
} else {
// When a class relocates, categories with class methods
// may be registered on the class itself rather than on
// the metaclass. Tell attachToClass to look for those.
objc::unattachedCategories.attachToClass(cls, previously,
objc::unattachedCategories.attachToClass(cls, cls,
// Debug: sanity-check all SELs; log method list contents
for (const auto& meth : rw->methods()) {
if (PrintConnecting) {
_objc_inform("METHOD %c[%s %s]", isMeta ? '+' : '-',
cls->nameForLogging(), sel_getName(;
ASSERT(sel_registerName(sel_getName( ==;
Copy the code
Add ro’s list of methods to RW
- Get the list of methods from ro
// Install methods and properties that the class implements itself.
method_list_t *list = ro->baseMethods();
if (list) {
prepareMethodLists(cls, &list, 1, YES, isBundleClass(cls), nullptr);
if (rwe) rwe->methods.attachLists(&list, 1);
Copy the code
- call
Writes the method to the method list
static void fixupMethodList(method_list_t *mlist, bool bundleCopy, bool sort) { runtimeLock.assertLocked(); ASSERT(! mlist->isFixedUp()); // fixme lock less in attachMethodLists ? // dyld3 may have already uniqued, but not sorted, the list if (! mlist->isUniqued()) { mutex_locker_t lock(selLock); // Unique selectors in list. for (auto& meth : *mlist) { const char *name = sel_cname(; meth.setName(sel_registerNameNoLock(name, bundleCopy)); } } // Sort by selector address. // Don't try to sort small lists, as they're immutable. // Don't try to sort big lists of nonstandard size, as stable_sort // won't copy the entries properly. if (sort && ! mlist->isSmallList() && mlist->entsize() == method_t::bigSize) { method_t::SortBySELAddress sorter; std::stable_sort(&mlist->begin()->big(), &mlist->end()->big(), sorter); } // Mark method list as uniqued and sorted. // Can't mark small lists, since they're immutable. if (! mlist->isSmallList()) { mlist->setFixedUp(); } } static void prepareMethodLists(Class cls, method_list_t **addedLists, int addedCount, bool baseMethods, bool methodsFromBundle, const char *why) { runtimeLock.assertLocked(); if (addedCount == 0) return; // Add method lists to array. // Reallocate un-fixed method lists. // The new methods are PREPENDED to The method list array. for (int i = 0; i < addedCount; i++) { method_list_t *mlist = addedLists[i]; ASSERT(mlist); // Fixup selectors if necessary if (! mlist->isFixedUp()) { fixupMethodList(mlist, methodsFromBundle, true/*sort*/); }} // omit some code}Copy the code
- call
Sort the methods
static void fixupMethodList(method_list_t *mlist, bool bundleCopy, bool sort) { runtimeLock.assertLocked(); ASSERT(! mlist->isFixedUp()); // Sort by selector address. // Don't try to sort small lists, as they're immutable. // Don't try to sort big lists of nonstandard size, as stable_sort // won't copy the entries properly. if (sort && ! mlist->isSmallList() && mlist->entsize() == method_t::bigSize) { method_t::SortBySELAddress sorter; std::stable_sort(&mlist->begin()->big(), &mlist->end()->big(), sorter); }}Copy the code
- if
If yes, callattachLists
In the
If there are attributes and an RWE exists, write the list of attributes to RWE
property_list_t *proplist = ro->baseProperties;
if (rwe && proplist) {
rwe->properties.attachLists(&proplist, 1);
Copy the code
If there are protocols and an RWE exists, write the list of protocols to RWE
protocol_list_t *protolist = ro->baseProtocols;
if (rwe && protolist) {
rwe->protocols.attachLists(&protolist, 1);
Copy the code
Add the classification
void attachToClass(Class cls, Class previously, int flags) { runtimeLock.assertLocked(); ASSERT((flags & ATTACH_CLASS) || (flags & ATTACH_METACLASS) || (flags & ATTACH_CLASS_AND_METACLASS)); auto &map = get(); auto it = map.find(previously); If (it! Category_list &list = it->second; category_list = it->second; category_list = it->second; If (flags & ATTACH_CLASS_AND_METACLASS) {// determine whether to ATTACH_CLASS_AND_METACLASS; attachCategories(cls, list.array(), list.count(), otherFlags | ATTACH_CLASS); / / instance methods attachCategories (CLS - > ISA (), the list. The array (), the list. The count (), otherFlags | ATTACH_METACLASS); AttachCategories attachCategories(CLS, list.array(), list.count(), flags); attachCategories(CLS, list.array(), flags); } map.erase(it); }}Copy the code
AttachCategories Add classified methods, attributes, and protocols to the main class
// Attach method lists and properties and protocols from categories to a class. // Assumes the categories in cats are all loaded and sorted by load order, // oldest categories first. static void attachCategories(Class cls, const locstamped_category_t *cats_list, uint32_t cats_count, int flags) { if (slowpath(PrintReplacedMethods)) { printReplacements(cls, cats_list, cats_count); } if (slowpath(PrintConnecting)) { _objc_inform("CLASS: attaching %d categories to%s class '%s'%s", cats_count, (flags & ATTACH_EXISTING) ? " existing" : "", cls->nameForLogging(), (flags & ATTACH_METACLASS) ? " (meta)" : ""); } /* * Only a few classes have more than 64 categories during launch. * This uses a little stack, and avoids malloc. * * Categories must be added in the proper order, which is back * to front. To do that with the chunking, we iterate cats_list * from front to back, build up the local buffers backwards, * and call attachLists on the chunks. attachLists prepends the * lists, so the final result is in the expected order. */ constexpr uint32_t ATTACH_BUFSIZ = 64; method_list_t *mlists[ATTACH_BUFSIZ]; property_list_t *proplists[ATTACH_BUFSIZ]; protocol_list_t *protolists[ATTACH_BUFSIZ]; uint32_t mcount = 0; uint32_t propcount = 0; uint32_t protocount = 0; bool fromBundle = NO; bool isMeta = (flags & ATTACH_METACLASS); auto rwe = cls->data()->extAllocIfNeeded(); for (uint32_t i = 0; i < cats_count; i++) { auto& entry = cats_list[i]; method_list_t *mlist =>methodsForMeta(isMeta); if (mlist) { if (mcount == ATTACH_BUFSIZ) { prepareMethodLists(cls, mlists, mcount, NO, fromBundle, __func__); rwe->methods.attachLists(mlists, mcount); mcount = 0; } mlists[ATTACH_BUFSIZ - ++mcount] = mlist; fromBundle |= entry.hi->isBundle(); } property_list_t *proplist =>propertiesForMeta(isMeta, entry.hi); if (proplist) { if (propcount == ATTACH_BUFSIZ) { rwe->properties.attachLists(proplists, propcount); propcount = 0; } proplists[ATTACH_BUFSIZ - ++propcount] = proplist; } protocol_list_t *protolist =>protocolsForMeta(isMeta); if (protolist) { if (protocount == ATTACH_BUFSIZ) { rwe->protocols.attachLists(protolists, protocount); protocount = 0; } protolists[ATTACH_BUFSIZ - ++protocount] = protolist; } } if (mcount > 0) { prepareMethodLists(cls, mlists + ATTACH_BUFSIZ - mcount, mcount, NO, fromBundle, __func__); rwe->methods.attachLists(mlists + ATTACH_BUFSIZ - mcount, mcount); if (flags & ATTACH_EXISTING) { flushCaches(cls, __func__, [](Class c){ // constant caches have been dealt with in prepareMethodLists // if the class still is constant here, it's fine to keep return ! c->cache.isConstantOptimizedCache(); }); } } rwe->properties.attachLists(proplists + ATTACH_BUFSIZ - propcount, propcount); rwe->protocols.attachLists(protolists + ATTACH_BUFSIZ - protocount, protocount); }Copy the code
Rwe = CLS ->data()->extAllocIfNeeded(); rwe = CLS ->data()->extAllocIfNeeded();
- If the class already exists
Is directly used - If the class does not exist
, is set up
class_rw_ext_t *extAllocIfNeeded() { auto v = get_ro_or_rwe(); If (fastPath (V.I.S <class_rw_ext_t *>())) {return v.set <class_rw_ext_t *>(); } else {return extAlloc( <const class_ro_t *>()); }}
//extAlloc source code implementation class_rw_ext_t * class_rw_t::extAlloc(const class_ro_t *ro, bool deepCopy) { runtimeLock.assertLocked(); auto rwe = objc::zalloc<class_rw_ext_t>(); rwe->version = (ro->flags & RO_META) ? 7:0; method_list_t *list = ro->baseMethods(); if (list) { if (deepCopy) list = list->duplicate(); rwe->methods.attachLists(&list, 1); } // See comments in objc_duplicateClass // property lists and protocol lists historically // have not been deep-copied // // This is probably wrong and ought to be fixed some day property_list_t *proplist = ro->baseProperties; if (proplist) { rwe->properties.attachLists(&proplist, 1); } protocol_list_t *protolist = ro->baseProtocols; if (protolist) { rwe->protocols.attachLists(&protolist, 1); } set_ro_or_rwe(rwe, ro); return rwe; }Copy the code
Here we see the baseMethods of this class loaded first, then baseProperties, then baseProtocols, and finally rWE returned
Summary RWE comes into being with the creation of attributes, protocols, and classifications;
AttachLists writes the method to RWE
void attachLists(List* const * addedLists, uint32_t addedCount) { if (addedCount == 0) return; If (hasArray()) {// Many lists -> many lists // Calculate the size of old lists in array 32_t oldCount = array()->count; Uint32_t newCount = oldCount + addedCount; SetArray ((array_t *)realloc(array(), array_t::byteSize(newCount))); array_t::byteSize(newCount)); Array ()->count = newCount; // Old lists are stored from the index of the addedCount array, Memmove (array()-> Lists + addedCount, array()-> Lists, oldCount * sizeof(array()->lists[0])); // New data is stored from the top of array, store new lists, Memcpy (array()-> Lists, addedLists, addedCount * sizeof(array()-> Lists [0])); } else if (! list && addedCount == 1) { // 0 lists -> 1 list list = addedLists[0]; // Add list to the first element of mlists, where list is a one-dimensional array validate(); } else {// 1 list -> many lists = list; uint32_t oldCount = oldList ? 1:0; // Uint32_t newCount = oldCount + addedCount; SetArray ((array_t *)malloc(array_t::byteSize(newCount))); array_t::byteSize(newCount)) Array ()->count = newCount; If (oldList) array()->lists[addedCount] = oldList; // memcpy (start position, put what, put how big) Array ()->lists memcpy(array()-> Lists, addedLists, addedCount * sizeof(array()->lists[0])); }}Copy the code
Difference between memmove and memcpy
- When you do not know the size of the memory to be shifted, you need memmove for memory translation to ensure safety
- Memcpy Copies several bytes from the start of the original memory address to the target memory address, which is fast
Stored procedure 0-1 If there is no data already, add the list passed in to the first position 1-MANY calculates the required size first, then the previous old data goes to the end, Then copy the added data from position 0 to the array. If there is already a lot of data in the array, first calculate the required size. Then move the old data to the position of the new size for storage, and finally copy the added data from position 0 to the array
From the above source can explain why the method of the same name will be called before the method of this class, in the above we know, after the development of RWE, write order is baseMethods → baseProperties → baseProtocols, finally classification, so the method of the same name will be called first
Load flow for non-lazy-loaded classes
From the above analysis, we know that when realizeClassWithoutSwift is executed, the class is loaded, The loading process for our non-lazy loading class _DYLD_START → _OS_OBJect_init → _objC_init → DYLD ::notifyBatchPartial → map_images → map_images_NOLock → _read_images → realizeClassWithoutSwift → methodizeClass We use a custom class and rewrite the + (void)load method to specify a non-lazy-loaded class. Then in realizeClassWithoutSwift source code to join the following code, to study their own definition of the class to explore.
const char *mangledName = cls->nonlazyMangledName();
const char *exploreName = "Person";
if (strcmp(mangledName, exploreName) == 0) {
printf("%s------%s\n", __func__, mangledName);
Copy the code
Look at the breakpointbt
, and the execution record of the current thread
The loading process for lazy loading classes
Based on the experience above, let’s go to the custom class+ (void)load
Method, turn it into a lazy-loaded class, and run itAs we can see from the figure above, the lazy loading of the class is delayed to the class
To complete the process of loading the class through message forwardingobjc_alloc
→ _objc_msgSend_uncached
→ lookUpImpOrForward
→ realizeAndInitializeIfNeeded_locked
→ realizeClassMaybeSwiftAndLeaveLocked
→ realizeClassMaybeSwiftMaybeRelock
→ realizeClassWithoutSwift
→ methodizeClass
- Lazy class loading, need to use the class to send messages, start loading the class
- Non lazy loading classes in
Then it starts loading into memory