In-depth analysis of virtual functions in C ++

Virtual function = virtual function Address Table = virtual table)

Each class contains virtual function objects, and the compiler will specify a virtual table for them (actually a function pointer array), which is saved in the data area, it shares all objects of this class (static), and the compiler adds a member variable to it (each class object, A pointer (often referred to as "vptr") pointing to a virtual table of the current user and storing it at the first address of the object. Therefore, each class (containing virtual functions) allocates a vptr for an object, when we call a virtual function, we actually find the virtual table through vptr, and then find the real function address through offset,

The secret lies in the vtable and the indirect call method. vtable is filled with the function address in the order of virtual function declaration in the class, the derived class inherits the vtable of the base class (of course there are other inherited members). When we modify the virtual function in the derived class, the contents of the virtual table in the derived class are also modified, the corresponding element in the table is not the Function address of the base class, but the function address of the derived class.

Class cshape
{
 
Public:
Cshape (): B1 (1 ){};
Void mytest ()
{
Cout <"cshape: mytest/N ";
}
Virtual void play ()
{
Cout <"cshape: Play/N ";
}
Virtual void display ()
{
Cout <B1 <"shape/N ";
}
Int B1;

};

Class crect: Public cshape

{

Public:
Crect (): B2 (2 ){};
Void mytest ()
{
Cout <"crect: mytest/N ";
}
Void display ()
{
Cout <b2 <"rectangle/N ";
}
 
Int B2;
};
//--------------------------------------------

Class csquare: Public crect {public:
Csquare (): B3 (3 ){};
Void mytest ()
{
Cout <"csquare: mytest/N ";
}
Void display ()
{
Cout <B3 <"Square/N ";
}
 
Int B3 ;};
Void main (INT argc, char * argv [])
{
Cshape ashape;
Crect arect;
Csquare asquare;
Cshape * pshape [3] ={& ashape, & arect, & asquare };
For (INT I = 0; I <3; I ++)
{
Pshape [I]-> display ();
Pshape [I]-> mytest ();
}

}

/*
The following is the memory structure, code disassembly, and some comments in the for loop and loop body in the above Program (vtest. cpp). All I can prove is this.
STACK:
0012ff4c> 00000000; int I; // (definition of loop body );
0012ff50> 0012ff78; cshape * pshape [0]
0012ff54> 0012ff6c; pshape [1]
0012ff58> 0012ff5c; pshape [2]
0012ff5c> 00426064; csquare asquare;
0012ff60> 00000001; B1
0012ff64> 00000002; B2
0012ff68> 00000003; B3
0012ff6c> 00426048; crect arect;
0012ff70> 00000001; B1
0012ff74> 00000002; B2
0012ff78> 0000001c; cshape ashape;
0012ff7c> 00000001; B1

The following is the content of the three objects (the address of virtual void play () and the address of virtual void display ):
00426064> 37 10 40 00 50 10 40 00
00426048> 37 10 40 00 55 10 40 00
0000001c> 37 10 40 00 5f 10 40 00
The following is the code, for loop and loop body disassembly:

004010e9> JMP short shape.004010f4
004010eb> mov eax, dword ptr ss: [EBP-34]
004010ee> Add eax, 1
004010f1> mov dword ptr ss: [EBP-34], eax; I ++
004010f4> cmp dword ptr ss: [EBP-34], 3; loop times control, I <3
004010f8> jge short shape.00401124

Key: Addressing & pshape
004010fa> mov ECx, dword ptr ss: [EBP-34]
004010fd> mov ECx, dword ptr ss: [EBP + ECx * 4-30]
00401101> mov edX, dword ptr ss: [EBP-34]
00401104> mov eax, dword ptr ss: [EBP + EDX * 4-30]
Key: obtain the first address of the function table.
00401108> mov edX, dword ptr ds: [eax]
0040110a> mov ESI, ESP
0040110c> call dword ptr ds: [edX + 4]; call a virtual member function
0040110f> cmp esi, ESP
00401111> call shape. _ chkesp; clean up the mess ^_^

; Addressing to get & pshape
00401116> mov eax, dword ptr ss: [EBP-34]
00401119> mov ECx, dword ptr ss: [EBP + eax * 4-30]
0040111d> call shape.00401073; call common member functions
00401122> JMP short shape.004010eb

*/