探究C++对象模型

先引用两句名言作为开场白：

"C++老手分两类：一种人把语言用得烂熟，OO观念也有；另一种人不但如此，还对于台面下的机制，如编译器合成的default constructor、object的内存布局等有莫大的兴趣。"

"了解C++对象模型，绝对有助于你在语言本身以及面向对象观念两方面的层次提升。"

首先以Point类为例

再看下对象模型

这个模型好像跟我们以往的认知有些不一致呀，vtable首四个字节怎么是type_info的指针？type_info是RTTI的内容，是编译器用来进行类型识别的，它到底存不存在呢？

用代码测试一下

// VirtualTable.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <iostream>
using namespace std;

class Base {
	private:
		int x;
	
     public:
            virtual void f() { cout<<"Base::f"<<endl; };
            virtual void g() { cout<<"Base::g"<<endl; };
            virtual void h() { cout<<"Base::h"<<endl; };
			Base(){x = 2;};

 
};




class Derive : public Base{
	private:
	int y;
     public:
            virtual void f1() { cout<<"Derive::f1"<<endl; };
            virtual void g1() { cout<<"Derive::g1"<<endl; };
            virtual void h1() { cout<<"Derive::h1"<<endl; };
			Derive(){y = 3;};
 
};

int main(int argc, char* argv[])
{

	typedef void(*Fun)(void);
 
    Base b;
	Derive d;
 
    Fun pFun = NULL;
 
    cout <<"虚函数表入口指针地址"<< (int*)(&b) << endl;
    cout <<"虚函数表的地址"<< (int*)*(int*)(&b) << endl;

	cout <<"Base — 第一个数据成员"<< *((int*)(&b)+1) << endl;
	cout <<"Derive — 第一个数据成员"<< *((int*)(&d)+1) << endl;
	cout <<"Derive — 第二个数据成员"<< *((int*)(&d)+2) << endl;
 
    // Invoke the first virtual function 
    pFun = (Fun)*((int*)*(int*)(&b));
    
	pFun = (Fun)*((int*)*(int*)(&b)+0);  // Base::f()
	pFun();
    pFun = (Fun)*((int*)*(int*)(&b)+1);  // Base::g()
	pFun();
    pFun = (Fun)*((int*)*(int*)(&b)+2);  // Base::h()
	pFun();
	//以上代码说明 虚函数表位于对象内存的最开始的位置
	pFun = (Fun)*((int*)*(int*)(&d)+0);  // Base::f()
	pFun();
    pFun = (Fun)*((int*)*(int*)(&d)+1);  // Base::g()
	pFun();
    pFun = (Fun)*((int*)*(int*)(&d)+2);  // Base::h()
	pFun();
	pFun = (Fun)*((int*)*(int*)(&d)+3);  // Derive::f1()
	pFun();
    pFun = (Fun)*((int*)*(int*)(&d)+4);  // Derive::g1()
	pFun();
    pFun = (Fun)*((int*)*(int*)(&d)+5);  // Derive::h1()
	pFun();


	system("pause");
	return 0;
}

没有看到 type_info的影子，这也正是我们以往心目中Vtable的内存位置

这是神马情况？上文的图在胡扯？

再看下面代码，

测试代码（vc8.0执行正常，vc6会报错，可能对象模型不一致）

#include "iostream"
#include "string"


using namespace std;
class Aclass
{
public:
     int a;
    virtual void setA(int tmp)
    {
        a=tmp;
        cout<<a<<endl;
    }
};
class Bclass:public Aclass
{
public:
    virtual void setA(int tmp)
    {
        a=tmp+10;
        cout<<a<<endl;
    }
public:
    void print()
    {
       cout<<a<<endl;
	}
};
class Cclass:public Bclass
{
};
typedef unsigned long DWORD;

struct TypeDescriptor
{
    DWORD ptrToVTable;
    DWORD spare;
    char name[8];
};

struct PMD
{

    int mdisp;  //member displacement

    int pdisp;  //vbtable displacement

    int vdisp;  //displacement inside vbtable

};

struct RTTIBaseClassDescriptor
 
{
 
   struct TypeDescriptor* pTypeDescriptor; //type descriptor of the class

    DWORD numContainedBases; //number of nested classes following in the Base Class Array

    struct PMD where;        //pointer-to-member displacement info

    DWORD attributes;        //flags, usually 0

};

struct RTTIClassHierarchyDescriptor
{

    DWORD signature;      //always zero?

    DWORD attributes;     //bit 0 set = multiple inheritance, bit 1 set = virtual inheritance

    DWORD numBaseClasses; //number of classes in pBaseClassArray
 
    struct RTTIBaseClassArray* pBaseClassArray;
 
 };
 
 struct RTTICompleteObjectLocator
 
 {
 
     DWORD signature; //always zero ?
 
     DWORD offset;    //offset of this vtable in the complete class
 
     DWORD cdOffset;  //constructor displacement offset
 
     struct TypeDescriptor* pTypeDescriptor; //TypeDescriptor of the complete class
 
     struct RTTIClassHierarchyDescriptor* pClassDescriptor; //describes inheritance hierarchy
 
 
 };
 
 
 int main( )
 {
	 Aclass* ptra=new Bclass;
	 int ** ptrvf=(int**)(ptra);



	 RTTICompleteObjectLocator str = *((RTTICompleteObjectLocator*)(*((int*)ptrvf[0]-1))); 

	 //abstract class name from RTTI
	 string classname(str.pTypeDescriptor->name);
	 classname=classname.substr(4,classname.find("@@")-4);
	 cout<<classname<<endl;
	 system("pause");
	 return 0;
 }

哈哈，原来在我们通常所认为VTable的前面的四个字节，你怎么看？

感谢 点击打开链接 的文章<<对象与对象的类型信息----获取对象的RTTI信息>>，引用了你的代码。