无我

关于C++虚函数的研究

        以前早稍有接触C++中虚函数多态在编译器上的实现问题，金山面试时还着重问了这个问题。但总没有利用程序来检查实验。这次终于对虚函数和他的vtable表有更深入的关注，通过继承类大小的检测和反汇编后的代码能查出端倪，例如测试程序如下：

#include <conio.h>
#include <iostream>
using namespace std;

class A
{
private:
 char is[20];
public:
 char ss[20];
 void f1() {cout<<"This A.f1"<<endl; }
 virtual void f2()  { cout<<"This A.f2"<<endl; }
 virtual void f3()  { cout<<"This A.f3"<<endl; }
};
class B:public A
{
 void f1() {cout<<"This B.f1"<<endl; }
 void f2()  { cout<<"This B.f2"<<endl; }
 //void f3()  { cout<<"This B.f3"<<endl; }
};

void main()
{
 cout<<sizeof(A)<<endl;
 cout<<sizeof(B)<<endl;
 A a,*p;
 B b;
 if(getch() == 'c')
  p = &b;
 else
  p = &a;
 p->f1();
 p->f2();
 p->f3();
}

发现sizeof(A)=sizeof(B)=44，除了数组共40个字节外，还有4个字节多于。最终调试发现，只要父类有虚函数，而又无论函数个数是多少，父类和所有继承于他的子类都多4个字节，做什么用的呢？存放一个指针，指向vtable表，反汇编显示：

32:       p->f1();
00401626   mov         ecx,dword ptr [ebp-30h]
00401629   call        @ILT+325(A::f1) (0040114a)
33:       p->f2();
0040162E   mov         edx,dword ptr [ebp-30h]
00401631   mov         eax,dword ptr [edx]
00401633   mov         esi,esp
00401635   mov         ecx,dword ptr [ebp-30h]
00401638   call        dword ptr [eax]
0040163A   cmp         esi,esp
0040163C   call        __chkesp (00420bc0)
34:       p->f3();
00401641   mov         ecx,dword ptr [ebp-30h]
00401644   mov         edx,dword ptr [ecx]
00401646   mov         esi,esp
00401648   mov         ecx,dword ptr [ebp-30h]
0040164B   call        dword ptr [edx+4]
0040164E   cmp         esi,esp
00401650   call        __chkesp (00420bc0)
35:   }

到00401638   call        dword ptr [eax]出F11进入跳转表：

@ILT+560(?f2@B@@EAEXXZ):
00401235   jmp         B::f2 (00401860)
@ILT+565(?_Iput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPADI@Z):
0040123A   jmp         std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::_Iput (00404
@ILT+570(_main):
0040123F   jmp         main (004015b0)
@ILT+575(??_Gfacet@locale@std@@UAEPAXI@Z):
00401244   jmp         std::locale::facet::`scalar deleting destructor' (004035f0)
@ILT+580(?_Allocate@std@@YAPADHPAD@Z):
00401249   jmp         std::_Allocate (00406200)
@ILT+585(??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z):
0040124E   jmp         std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::num_put<char
@ILT+590(?do_put@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@D_N@Z):
00401253   jmp         std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::do_put (0040
@ILT+595(?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z):
00401258   jmp         std::basic_ostream<char,std::char_traits<char> >::put (00402580)
@ILT+600(?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ):
0040125D   jmp         std::basic_string<char,std::char_traits<char>,std::allocator<char> >::max_size (00405970
@ILT+605(??0bad_cast@std@@QAE@PBD@Z):
00401262   jmp         std::bad_cast::bad_cast (004031b0)
@ILT+610(?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ):
00401267   jmp         std::basic_string<char,std::char_traits<char>,std::allocator<char> >::size (00403a10)
@ILT+615(?truename@?$numpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ):
0040126C   jmp         std::numpunct<char>::truename (004054e0)
@ILT+620(?allocate@?$allocator@D@std@@QAEPADIPBX@Z):
00401271   jmp         std::allocator<char>::allocate (00405f60)
@ILT+625(?to_int_type@?$char_traits@D@std@@SAHABD@Z):
00401276   jmp         std::char_traits<char>::to_int_type (00402850)
@ILT+630(?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ):
0040127B   jmp         std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Split (00405b90)
@ILT+635(?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z):
00401280   jmp         std::basic_streambuf<char,std::char_traits<char> >::sputn (00403420)
@ILT+640(?max_size@?$allocator@D@std@@QBEIXZ):
00401285   jmp         std::allocator<char>::max_size (00405fb0)
@ILT+645(?_Put@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@PBDI@Z):
0040128A   jmp         std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::_Put (004052
@ILT+650(?put@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DK@Z):
0040128F   jmp         std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::put (00401f3
@ILT+655(?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z):
00401294   jmp         std::basic_string<char,std::char_traits<char>,std::allocator<char> >::append (00404260)
@ILT+660(??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@AAV12@@Z):
00401299   jmp         std::basic_ostream<char,std::char_traits<char> >::sentry::sentry (00401ca0)
@ILT+665(??_E?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAEPAXI@Z):
0040129E   jmp         std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::`scalar dele
@ILT+670(??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z):
004012A3   jmp         std::operator<< (00402bb0)
@ILT+675(?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ):
004012A8   jmp         std::basic_ios<char,std::char_traits<char> >::fill (00401c60)
@ILT+680(?use_facet@std@@YAABV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@1@ABVlocale@1@PBV21@_N@Z):
004012AD   jmp         std::use_facet (00403020)
@ILT+685(?flags@ios_base@std@@QBEHXZ):
004012B2   jmp         std::ios_base::flags (004023b0)
@ILT+690(?do_grouping@?$numpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ):
004012B7   jmp         std::numpunct<char>::do_grouping (004063c0)
@ILT+695(?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z):
004012BC   jmp         std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Grow (00404430)
@ILT+700(?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KAPADPADDH@Z):
004012C1   jmp         std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::_Ifmt (00404
@ILT+705(??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z):
004012C6   jmp         std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,
@ILT+710(??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z):
004012CB   jmp         std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,
而且，好像在VC平台上，虚函数的指针4字节放在对象最前面。

posted on 2007-11-25 22:32 Tim 阅读(2031) 评论(2)  编辑 收藏 引用 所属分类: C/C++语言