[转]objc_msgSend 的 ARM 汇编分析
Here's the disassembly for objc_msgSend on ARMv6, iOS4.2.1 (sorry no ARMv7 devices on my desk at the moment). I'll try to annotate it:
0x32d98f0c <objc_msgSend+0>: teq r0, #0 ; 0x0
0x32d98f10 <objc_msgSend+4>: moveq r1, #0 ; 0x0
0x32d98f14 <objc_msgSend+8>: bxeq lr
Tests if r0 (the receiver) is nil, and if so, sets r1 selector to 0x0 and returns. I guess there's no nil handler on ARM. Simple function return values are in registers r0-r3, so I guess r1 is set to 0 in case the caller is expecting a long long.If receiver is non-nil:
0x32d98f18 <objc_msgSend+12>: push {r3, r4, r5, r6}
0x32d98f1c <objc_msgSend+16>: ldr r4, [r0]
^ this loads the class pointer (isa) into r4This looks similar to the bit twiddling x86 cache lookup in the class; it's somewhat harder to read than the x86 due to ARM's bit packing shortcuts[1]:
0x32d98f20 <objc_msgSend+20>: ldr r5, [r4, #8]
0x32d98f24 <objc_msgSend+24>: ldr r6, [r5]
0x32d98f28 <objc_msgSend+28>: add r3, r5, #8 ; 0x8
0x32d98f2c <objc_msgSend+32>: and r5, r6, r1, lsr #2
0x32d98f30 <objc_msgSend+36>: ldr r4, [r3, r5, lsl #2]
Check if the method is NULL, and if so, jump to the cache miss at the end:
0x32d98f34 <objc_msgSend+40>: teq r4, #0 ; 0x0
0x32d98f38 <objc_msgSend+44>: add r5, r5, #1 ; 0x1
0x32d98f3c <objc_msgSend+48>: beq 0x32d98f60 <objc_msgSend+84>
This would appear to be the part checking if this is the cache entry we're looking for:
0x32d98f40 <objc_msgSend+52>: ldr r12, [r4]
0x32d98f44 <objc_msgSend+56>: teq r1, r12
0x32d98f48 <objc_msgSend+60>: and r5, r5, r6
If it isn't, loop:
0x32d98f4c <objc_msgSend+64>: bne 0x32d98f30 <objc_msgSend+36>
If it is, restore the registers and do an indirect jump into the method we found (I'm not sure what the teq r4,r4 is for):
0x32d98f50 <objc_msgSend+68>: ldr r12, [r4, #8]
0x32d98f54 <objc_msgSend+72>: teq r4, r4
0x32d98f58 <objc_msgSend+76>: pop {r3, r4, r5, r6}
0x32d98f5c <objc_msgSend+80>: bx r12
Tail call into the slow version with full lookup (after restoring the clobbered registers and the stack pointer):
0x32d98f60 <objc_msgSend+84>: pop {r3, r4, r5, r6}
0x32d98f64 <objc_msgSend+88>: b 0x32d98f68 <objc_msgSend_uncached>