The implementation for x86_64 on NSObject.mm is quite straightforward. The code analyses the assembler located after the return address of
objc_autoreleaseReturnValuefor the presence of a call to
But for ARM:
It looks like the code is identifying the presence of
objc_retainAutoreleasedReturnValuenot by looking up the presence of a call to that specific function, but by looking instead for a special no-op operation
mov r7, r7.
ARM’s addressing modes don’t really allow for direct addressing across the full address space. The instructions used to do addressing -- loads, stores, etc… -- don’t support direct access to the full address space as they are limited in bit width.
A resolved dyld stub is simple on Intel: it’s just a branch to a branch. On ARM the instruction sequences for the branch to the stub and the branch from the stub can take many different forms depending on how long the branches are. Checking for each combination would be slow.
Stay up-to-date by subscribing to the Comments RSS Feed for this post.