关于C++虚函数的研究
以前早稍有接触C++中虚函数多态在编译器上的实现问题,金山面试时还着重问了这个问题。但总没有利用程序来检查实验。这次终于对虚函数和他的vtable表有更深入的关注,通过继承类大小的检测和反汇编后的代码能查出端倪,例如测试程序如下:
#include <conio.h>
#include <iostream>
using namespace std;
class A
{
private:
char is[20];
public:
char ss[20];
void f1() {cout<<"This A.f1"<<endl; }
virtual void f2() { cout<<"This A.f2"<<endl; }
virtual void f3() { cout<<"This A.f3"<<endl; }
};
class B:public A
{
void f1() {cout<<"This B.f1"<<endl; }
void f2() { cout<<"This B.f2"<<endl; }
//void f3() { cout<<"This B.f3"<<endl; }
};
void main()
{
cout<<sizeof(A)<<endl;
cout<<sizeof(B)<<endl;
A a,*p;
B b;
if(getch() == 'c')
p = &b;
else
p = &a;
p->f1();
p->f2();
p->f3();
}
发现sizeof(A)=sizeof(B)=44,除了数组共40个字节外,还有4个字节多于。最终调试发现,只要父类有虚函数,而又无论函数个数是多少,父类和所有继承于他的子类都多4个字节,做什么用的呢?存放一个指针,指向vtable表,反汇编显示:
32: p->f1();
00401626 mov ecx,dword ptr [ebp-30h]
00401629 call @ILT+325(A::f1) (0040114a)
33: p->f2();
0040162E mov edx,dword ptr [ebp-30h]
00401631 mov eax,dword ptr [edx]
00401633 mov esi,esp
00401635 mov ecx,dword ptr [ebp-30h]
00401638 call dword ptr [eax]
0040163A cmp esi,esp
0040163C call __chkesp (00420bc0)
34: p->f3();
00401641 mov ecx,dword ptr [ebp-30h]
00401644 mov edx,dword ptr [ecx]
00401646 mov esi,esp
00401648 mov ecx,dword ptr [ebp-30h]
0040164B call dword ptr [edx+4]
0040164E cmp esi,esp
00401650 call __chkesp (00420bc0)
35: }
到00401638 call dword ptr [eax]出F11进入跳转表:
@ILT+560(?f2@B@@EAEXXZ):
00401235 jmp B::f2 (00401860)
@ILT+565(?_Iput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPADI@Z):
0040123A jmp std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::_Iput (00404
@ILT+570(_main):
0040123F jmp main (004015b0)
@ILT+575(??_Gfacet@locale@std@@UAEPAXI@Z):
00401244 jmp std::locale::facet::`scalar deleting destructor' (004035f0)
@ILT+580(?_Allocate@std@@YAPADHPAD@Z):
00401249 jmp std::_Allocate (00406200)
@ILT+585(??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z):
0040124E jmp std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::num_put<char
@ILT+590(?do_put@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@D_N@Z):
00401253 jmp std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::do_put (0040
@ILT+595(?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z):
00401258 jmp std::basic_ostream<char,std::char_traits<char> >::put (00402580)
@ILT+600(?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ):
0040125D jmp std::basic_string<char,std::char_traits<char>,std::allocator<char> >::max_size (00405970
@ILT+605(??0bad_cast@std@@QAE@PBD@Z):
00401262 jmp std::bad_cast::bad_cast (004031b0)
@ILT+610(?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ):
00401267 jmp std::basic_string<char,std::char_traits<char>,std::allocator<char> >::size (00403a10)
@ILT+615(?truename@?$numpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ):
0040126C jmp std::numpunct<char>::truename (004054e0)
@ILT+620(?allocate@?$allocator@D@std@@QAEPADIPBX@Z):
00401271 jmp std::allocator<char>::allocate (00405f60)
@ILT+625(?to_int_type@?$char_traits@D@std@@SAHABD@Z):
00401276 jmp std::char_traits<char>::to_int_type (00402850)
@ILT+630(?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ):
0040127B jmp std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Split (00405b90)
@ILT+635(?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z):
00401280 jmp std::basic_streambuf<char,std::char_traits<char> >::sputn (00403420)
@ILT+640(?max_size@?$allocator@D@std@@QBEIXZ):
00401285 jmp std::allocator<char>::max_size (00405fb0)
@ILT+645(?_Put@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@PBDI@Z):
0040128A jmp std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::_Put (004052
@ILT+650(?put@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DK@Z):
0040128F jmp std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::put (00401f3
@ILT+655(?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z):
00401294 jmp std::basic_string<char,std::char_traits<char>,std::allocator<char> >::append (00404260)
@ILT+660(??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@AAV12@@Z):
00401299 jmp std::basic_ostream<char,std::char_traits<char> >::sentry::sentry (00401ca0)
@ILT+665(??_E?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAEPAXI@Z):
0040129E jmp std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::`scalar dele
@ILT+670(??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z):
004012A3 jmp std::operator<< (00402bb0)
@ILT+675(?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ):
004012A8 jmp std::basic_ios<char,std::char_traits<char> >::fill (00401c60)
@ILT+680(?use_facet@std@@YAABV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@1@ABVlocale@1@PBV21@_N@Z):
004012AD jmp std::use_facet (00403020)
@ILT+685(?flags@ios_base@std@@QBEHXZ):
004012B2 jmp std::ios_base::flags (004023b0)
@ILT+690(?do_grouping@?$numpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ):
004012B7 jmp std::numpunct<char>::do_grouping (004063c0)
@ILT+695(?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z):
004012BC jmp std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Grow (00404430)
@ILT+700(?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KAPADPADDH@Z):
004012C1 jmp std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::_Ifmt (00404
@ILT+705(??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z):
004012C6 jmp std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,
@ILT+710(??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z):
004012CB jmp std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,
而且,好像在VC平台上,虚函数的指针4字节放在对象最前面。