Different behavior on iPhone Emulator and Real Device about Message Forwarding

Question

I want to use Message Forwarding to let any unimplemented getter method return 0, instead of throw a unrecognized selector exception. Like

MyClass *r = [[MyClass alloc] init];
NSNumber *n = (NSNumber *)r;
NSLog(@"%d", [n integerValue]); // output 0
NSLog(@"%f", [n doubleValue]); // output 0.00000
NSLog(@"%@", [n stringValue]); // output (null)

So I wrote this example:

#pragma mark -
#pragma mark Application lifecycle

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {    

    NSNumber *n = (NSNumber *)self;
    NSLog(@"%d", [n integerValue]);
    NSLog(@"%f", [n doubleValue]);
    NSLog(@"%@", [n stringValue]);

    return YES;
}

- (NSMethodSignature *)methodSignatureForSelector:(SEL)aSelector {
    NSMethodSignature *ms = [super methodSignatureForSelector:aSelector];
    if(ms)
        return ms;

    // Q = uint64_t, so it should also works for double which is also 64bit
    return [NSMethodSignature signatureWithObjCTypes:"Q@:"];
}

- (void)forwardInvocation:(NSInvocation *)anInvocation {
    uint64_t ZERO64 = 0;
    [anInvocation setReturnValue:&ZERO64];
}

The output result on a real device is 0, 0.00000, (null), but on emulator, it's 0, NaN, (null)

So the double type does not work as expected. My first thought is change the NSMethodSignature to "d@:" (d is double)

The output result is right on both device and simulator, but there are something wierd happening on the simulator only. Run this code and it will crash on the 6th loop with some kind of CALayer exception:

#pragma mark -
#pragma mark Application lifecycle

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {    

    for(NSInteger i = 0; i < 100; i++) {
        NSInteger t = [(NSNumber *)self integerValue];

        UIViewController *view = [[UIViewController alloc] init];
        // it always crash on the 6th loop on this line**
        UINavigationController *nc = [[UINavigationController alloc] initWithRootViewController:view];
    }

    return YES;
}

- (NSMethodSignature *)methodSignatureForSelector:(SEL)aSelector {
    NSMethodSignature *ms = [super methodSignatureForSelector:aSelector];
    if(ms)
        return ms;

    // we change to return double
    return [NSMethodSignature signatureWithObjCTypes:"d@:"];
}

- (void)forwardInvocation:(NSInvocation *)anInvocation {
    uint64_t ZERO64 = 0;
    [anInvocation setReturnValue:&ZERO64];
}

I'm curious about two questions, why NaN is returned on emulator in the first example, and what happened on the second example?

Answer 1

For your first question, this what I have found, on simulator

union {
    double d;
    uint64_t l;
} u;
NSNumber *n = (NSNumber *)self;
u.d = [n doubleValue];
NSLog(@"%f", u.d);  // nan
NSLog(@"%llx",u.l); // fff8000000000000
bzero(&u, sizeof(double));
NSLog(@"%f", u.d);  // 0.000000
NSLog(@"%llx",u.l); // 0

So clearly NAN(fff8000000000000) is returned instead of 0.0.

To look deeper on what is different between [NSMethodSignature signatureWithObjCTypes:"d@:"] and [NSMethodSignature signatureWithObjCTypes:"Q@:"] , look this

NSLog(@"%@\n%@", [[NSMethodSignature signatureWithObjCTypes:"Q@:"] debugDescription], [[NSMethodSignature signatureWithObjCTypes:"d@:"] debugDescription]);

output

<NSMethodSignature: 0x74a0950>
    number of arguments = 2
    frame size = 8
    is special struct return? NO
    return value: -------- -------- -------- --------
        type encoding (Q) 'Q'
        flags {}
        modifiers {}
        frame {offset = 0, offset adjust = 0, size = 8, size adjust = 0}
        memory {offset = 0, size = 8}
    argument 0: -------- -------- -------- --------
        type encoding (@) '@'
        flags {isObject}
        modifiers {}
        frame {offset = 0, offset adjust = 0, size = 4, size adjust = 0}
        memory {offset = 0, size = 4}
    argument 1: -------- -------- -------- --------
        type encoding (:) ':'
        flags {}
        modifiers {}
        frame {offset = 4, offset adjust = 0, size = 4, size adjust = 0}
        memory {offset = 0, size = 4}

<NSMethodSignature: 0x74a1e80>
    number of arguments = 2
    frame size = 8
    is special struct return? NO
    return value: -------- -------- -------- --------
        type encoding (d) 'd'
        flags {isFloat}    <<<<----- this flag should be set if the return value is float type
        modifiers {}
        frame {offset = 0, offset adjust = 0, size = 8, size adjust = 0}
        memory {offset = 0, size = 8}
    argument 0: -------- -------- -------- --------
        type encoding (@) '@'
        flags {isObject}
        modifiers {}
        frame {offset = 0, offset adjust = 0, size = 4, size adjust = 0}
        memory {offset = 0, size = 4}
    argument 1: -------- -------- -------- --------
        type encoding (:) ':'
        flags {}
        modifiers {}
        frame {offset = 4, offset adjust = 0, size = 4, size adjust = 0}
        memory {offset = 0, size = 4}

You can see on the second method signature have flags {isFloat} on return value. I am not expert on x86 and AMR and low-level ObjC runtime. But I think the CPU used this flag to identify the type of return value. Without setting it on x86 CPU, the expected float return value is therefore interpreted as NAN.

---

For your second question, I think it is because you tell the runtime that it will return a 64bit size value, and thus a memory of 64bit size on stack is zeroed. However, the caller is expecting a 32bit return size (NSInteger). Therefore some kind of stackoverflow is happened and lead to the crash.

---

I actually implemented something similar, aiming to make NSNull works like nil .

- (NSMethodSignature *)methodSignatureForSelector:(SEL)aSelector {
    NSMethodSignature *signature = [super methodSignatureForSelector:aSelector];
    if (signature)
        return signature;

    const Class forwardClasses[] = {[NSNumber class], [NSString class], [NSArray class], [NSOrderedSet class]}; // add new classes if you think the list is not enough

    for (int i = 0; i < sizeof(forwardClasses)/sizeof(Class); i++) {
        Class cls = forwardClasses[i];
        signature = [cls instanceMethodSignatureForSelector:aSelector];
        if (signature) {
            return signature;
        }
    }

    return signature;
}

- (void)forwardInvocation:(NSInvocation *)anInvocation {
    NSUInteger len = [[anInvocation methodSignature] methodReturnLength];
    char buff[len];
    bzero(buff, len);
    [anInvocation setReturnValue:buff];
}

Answer 2

If you want to use Message Forwarding to let any unimplemented getter method return 0, instead of throw a unrecognized selector exception, perhaps you can instead use +resolveInstanceMethod ?

Here's an example of returning an NSString. You'll have to tweak it to return a primitive. let me know if you have trouble.

If you're using ARC, you need a bridge cast on the void* too.

+ (BOOL)resolveInstanceMethod:(SEL)sel
{
    NSString* name = NSStringFromSelector(sel);

    IMP imp = imp_implementationWithBlock((void*) objc_unretainedPointer(^(id me, BOOL selected)
    {
        return @"Hello!";
    }));
    class_addMethod(self, sel, imp, "@"); //The type '@' is an object. For int use 'i'. Google "obj-c runtime types" 
    return YES;
}

When we use class_addMethod, the third parameter is the type codes. . . A good way to work them out is to make a real method, and then introspect on it. Here's a utility to return the type codes for a (real) selector on a class: https://github.com/jasperblues/spring-objective-c/blob/master/Source/ … – user404201 6 mins ago