1. Concepts (wild Pointers, null Pointers, zombie objects)

1. Wild and null Pointers
C: declare a pointer variable, but do not assign an initial value, then the pointer points to a garbage value, that is, to a random memory space: The object to which the pointer points has been freed/reclaimed, but the pointer has not made any changes and still points to the reclaimed memory spaceCopy the code
What is a Zombie Object
A zombie object is an object used to check for memory errors (EXC_BAD_ACCESS). It can catch any call that attempts to access bad memory. If a message is sent to a zombie object, it will crash at runtime and output an error log. A zombie object is an object that executes an OC object reference count of 0 to be released. At this point, the memory of the object has been reclaimed by the system, and the object may still exist. That is, the data is still in the memory, but the object is unstable at this time, and its memory may be occupied by other objects at any time. Therefore, zombie objects cannot be accessed and used at this timeCopy the code
3. The nature of memory reclamation
Apply for 1 piece of memory space, its essence is applied to system for 1 piece of memory space, and others don't use that have been recovered memory space release 1 piece of memory space, its essence is the space no longer being used, can be allocated by the system to use other objects, the memory space, even after the recovery, but there is a original data dependence. It can be interpreted as junk data. Therefore, memory reclamation can be understood as follows: 1. After the OC object is released, the memory is reclaimed, indicating that the memory can be allocated to other objects. 2. This block still holds the data of the freed object before assigning it to another objectCopy the code
4. Detect zombie objects
By default, Xcode does not check whether the object pointed to by a pointer is a zombie object. If this function is enabled, development efficiency will be affected. If the object can be accessed, an error will be reported. In this case, you can enable xcode to check Zombie Objects: Edit Scheme-> Diagnostic-> Zombie ObjectsCopy the code

Ii. Research on Zombie Objects principle

Output before opening

Zombie output enabled

See that the original object's class name LGPerson becomes _NSZombie_LGPerson, and the superClass changes from NSObject to nil

Call stack analysis, focusing again on _dealloc_Zombie

Pseudo-code implementation –

Trigger the zombie object method

2. Official explanation

  1. Zombie Objects: An object that has been dereferenced, marked as released, but can still receive messages is called a Zombie object. All released objects are converted to zombie objects

  2. Malloc Scribble: when alloc is applied, fill the memory with 0xAA, and when dealloc is freed, fill the memory with 0x55.

Three, practice

Realize the process of wild pointer monitoring

  1. Enable wild pointer monitoring
  2. Sets the callback block that monitors wild Pointers, prints information in the block, or stores the stack
  3. Check whether the wild pointer crashes
  4. Maximum memory usage
  5. Whether to record the dealloc call stack
  6. Monitoring strategy
  • 1) Only custom objects are monitored
  • 2) Whitelist strategy
  • 3) Blacklist policy
  • 4) Monitor all objects
  1. Swap NSObjct’s dealloc method

Trigger wild pointer

  1. Start working with objects
  2. Whether the substitution condition is met

1) According to the monitoring policy, yes all belong to the class to be monitored. 2) Whether the space is sufficient

  1. If the conditions are met, the object is retrieved and dereferenced. If not, the dealloc is released normally, calling the original dealloc
  2. Populates the object with data
  3. Assign the zombie object’s class to true replacement ISA
  4. Object + Dealloc call battle, saved in zombie object
  5. Clean up memory and objects depending on the situation
Through the implementation of zombie object detection ideas
  • 1. Use Method Swizzling in OC to exchange the dealloc Method of the root class NSObject and NSProxy to the customized dealloc
  • 2. In order to avoid the problem of wild pointer caused by rewriting after the memory space is freed, store the freed object through the dictionary. At the same time, set the dealloc method to release the object stored in the dictionary after 30 seconds to avoid memory enlargement
  • 3. To get more crash information, you also need to create a subclass of NSProxy