Skip to content

Instantly share code, notes, and snippets.

@0xilis

0xilis/bleh.md

Last active September 22, 2023 02:11
Show Gist options
  • Save 0xilis/bfaf4cebed7715371053b39d8cbc038f to your computer and use it in GitHub Desktop.
Save 0xilis/bfaf4cebed7715371053b39d8cbc038f to your computer and use it in GitHub Desktop.
Download ZIP
objc4-runtime-notes
Raw
bleh.md

potential tweak that applies micro-optimizations to libobjc:

_class_getClassVariable:

-find symbol addr

orig code:

cbz x0, loc_3fb0 ; 0000000000003f98
cbz x1, loc_3fb0 ; 0000000000003f9c
ldr x8, [x0] ; 0000000000003fa0
and x0, x8, #0x7ffffffffffff8 ; 0000000000003fa4
cbz x0, loc_3fb0 ; 0000000000003fa8
b __class_getVariable ; 0000000000003fac / __class_getVariable
loc_3fb0:
mov x0, #0x0 ; 0000000000003fb0 / CODE XREF=_class_getClassVariable, _class_getClassVariable+4, _class_getClassVariable+16
ret ; 0000000000003fb4

NEW code (saves 1 instruction):

cbz x0, loc_3fb0 ; 0000000000003f98
cbz x1, loc_3fb0 ; 0000000000003f9c
ldr x8, [x0] ; 0000000000003fa0
and x0, x8, #0x7ffffffffffff8 ; 0000000000003fa4
cbnz x0, __class_getVariable ; 0000000000003fa8
loc_3fb0:
mov x0, #0x0 ; 0000000000003fa8 / CODE XREF=_class_getClassVariable, _class_getClassVariable+4, _class_getClassVariable+16
ret ; 0000000000003fa0

(I think replace 40 00 00 B4 with 40 9F 08 B5. Then, either replace F9 44 00 14 / the original branch with 1F 20 03 D5 / nop (easy way) or move everything below up and adjust two above instructions to take that into account (best possible preformance since loss of need for nop which takes up 1 cycle).

method_getImplementation:

Modern libobjc calls method_t::imp. However, in the context it is being called here, it will ALWAYS be r0 = *(r19 + 0x10);. So we can just replace it with that to save some instructions.

orig code:

cbz x0, loc_f4a0 ; 000000000000f494, End of try block started at 0xf474
mov w1, #0x1 ; 000000000000f498
b __ZNK8method_t3impEb ; 000000000000f49c / method_t::imp(bool) const
loc_f4a0:
ret ; 000000000000f4a0

NEW code:

cbz x0, loc_f4a0 ; 000000000000f494, End of try block started at 0xf474
mov x0, [x0, #0x10]
loc_f4a0:
ret ;

probably should test this...

lookupMethodInClassAndLoadCache:

same as method_getImplementation optimization

replace this

mov w1, #0x0
bl __ZNK8method_t3impEb
mov x21, x0
b loc_14568

with this

mov x0, [x0, #0x10]
mov x21, x0
b loc_14568

method_exchangeImplementations

same as method_getImplementation optimization, you know the drill...

lookUpImpOrForward

same as method_getImplementation optimization, you know the drill...

look for more latr :P

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment