from “MOV R3, R0” under the 3rd objc_msgSend, i.e. R0; R0 comes from the return value of
the 3rd objc_msgSend, i.e. [UIBarButtonItem target], which is the 4th argument. The rest 2
arguments come from the stack, and before the 4th objc_msgSend, the latest change of stack
comes from “STRD.W R10, R11, [SP]”, i.e. R10 and R11 are saved onto the stack; therefore, the
rest 2 arguments are R10 and R11. R10 is UIBarButtonItem, which is discussed several times;
whereas R11 comes from “MOV R11, R3” in figure 6-21, i.e. R3, which is another unassigned
register, so it must come from the caller of [UIBarButtonItem _sendAction:withEvent:]. Based
on our previous analysis, R11 is the 2nd argument of _sendAction:withEvent:, i.e. event. The
relationship of these 4 arguments is a little complicated, hope figure 6-23 and 6-24 can give you a
better illustration.