C ++ virtual function table parsing)

Document directory

• Virtual function table
• General inheritance (no virtual function overwrite)
• Multi-inheritance (no virtual function overwrite)
• Multiple inheritance (with virtual function overwrite)
• Security

 

The role of virtual functions in C ++ is to implement the polymorphism mechanism. With regard to polymorphism, in short, the pointer of the parent type points to the instance of its subclass, and then calls the member function of the actual subclass through the pointer of the parent class. This technology enables the pointer of the parent class to have multiple forms. This is a generic technology. The so-called generic technology, to put it bluntly, is to try to use the same code to implement a variable algorithm. For example, the template technology, RTTI technology, and virtual function technology either try to achieve resolution at compilation or at runtime.

I will not elaborate on the usage of virtual functions too much here. You can read related C ++ books. In this article, I just want to give you a clear analysis of the implementation mechanism of virtual functions.

Of course, the same article has also appeared on the Internet, but I always feel that these articles are not very easy to read. There are no pictures, no detailed descriptions, and no comparison, no. It is not conducive to learning and reading, so this is why I want to write this article. I hope you will give me more comments.

Let's get down to the truth and let us enter the world of virtual functions together.

Virtual function table

Anyone familiar with C ++ should know that Virtual functions are implemented through a Virtual Table. V-Table for short. In this table, the primary table is the address table for a class virtual function. This table solves the inheritance and overwrite issues and ensures that it can reflect the actual functions. In this way, the table is allocated to the memory of the instance in instances of classes with virtual functions. Therefore, when we use the parent class pointer to operate a subclass, this virtual function table is very important. Like a map, it specifies the actually called function.

Here we will focus on this virtual function table. In the standard specification of C ++, the compiler must ensure that the pointer to the virtual function table exists in the front of the object instance (this is to ensure that the offset of the virtual function is obtained correctly ). This means that we can get this virtual function table through the address of the object instance, then we can traverse the function pointer and call the corresponding function.

 

Suppose we have a class like this:

class Base {public:     virtual void f() { cout << "Base::f" << endl; }     virtual void g() { cout << "Base::g" << endl; }     virtual void h() { cout << "Base::h" << endl; }};

 

As mentioned above, we can use the Base instance to obtain the virtual function table. The following is the actual routine:

Typedef void (* Fun) (void); Base B; Fun pFun = NULL; cout <"virtual function table address:" <(int *) (& B) <endl; cout <"virtual function table-first function address:" <(int *) * (int *) (& B) <endl; // Invoke the first virtual functionpFun = (Fun) * (int *) (& B); pFun ();

 

The actual running results are as follows: (Windows XP + VS2003, Linux 2.6.22 + GCC 4.1.3)

Virtual function table address: 0012FED4

Virtual function table-first function address: 0044F148

Base: f

Through this example, we can see that we can forcibly convert & B into int * to obtain the address of the virtual function table. Then, the address of the first virtual function can be obtained again, that is, Base: f (), this is verified in the above program (the int * is forcibly converted to a function pointer ). Through this example, we can know that if you want to call Base: g () and Base: h (), the Code is as follows:

(Fun)*((int*)*(int*)(&b)+0); // Base::f()(Fun)*((int*)*(int*)(&b)+1); // Base::g()(Fun)*((int*)*(int*)(&b)+2); // Base::h()

Use the diagram to explain. As follows:

Note: in the above figure, I add a node to the end of the virtual function table, which is the end node of the virtual function table, just like the string Terminator "\ 0, it indicates the end of the virtual function table. The value of this ending sign is different in different compilers. In WinXP + VS2003, the value is NULL. In Ubuntu 7.10 + Linux 2.6.22 + GCC 4.1.3, if this value is 1, there will be another virtual function table. If the value is 0, it will be the last virtual function table.

Below, I will explain the virtual function tables for "No overwrite" and "Overwrite" respectively. It is meaningless to not override the virtual functions of the parent class. The reason why I want to talk about the situation without coverage is mainly to give a comparison. In comparison, we can better understand the specific internal implementation.

General inheritance (no virtual function overwrite)

Next, let's take a look at what the virtual function table looks like during inheritance. Assume there is an inheritance relationship as follows:

 

Note that in this inheritance relationship, the subclass does not overload any function of the parent class. In the example of a derived class, its virtual function table is as follows: (this part seems to have missing an image and does not know what the original author thinks) for the instance: Derive d; the table of virtual functions is as follows:

We can see the following points from the table,

1) The f () function to be overwritten is placed at the original parent class virtual function in the virtual table.

2) The unoverwritten functions remain.

In this way, we can see the following program

Base *b = new Derive(); b->f(); 

The f () Position of the virtual function table in memory referred to by B has been replaced by the Derive: f () function address, so when the actual call occurs, it is Derive :: f () is called. This achieves polymorphism.

Multi-inheritance (no virtual function overwrite)

Next, let's take a look at the multi-inheritance situation. Suppose there is an inheritance relationship of the following class. Note: The subclass does not overwrite the function of the parent class.

The following figure shows the virtual function table in the subclass instance:

We can see that:

1) Each parent class has its own virtual table.

2) The member function of the subclass is placed in the table of the first parent class. (The first parent class is determined in the Declaration Order)

In this way, the actual function can be called to resolve the pointer of different parent classes pointing to the same subclass instance.

Multiple inheritance (with virtual function overwrite)

Next let's take a look at the case of virtual function coverage.

, We override the f () function of the parent class in the subclass.

The following figure shows the virtual function table in the subclass instance:

We can see that the f () position in the three parent class virtual function tables is replaced with the function pointer of the subclass. In this way, we can direct any static parent class to the subclass and call the f () of the subclass. For example:

Derive d; Base1 *b1 = &d; Base2 *b2 = &d; Base3 *b3 = &d; b1->f(); //Derive::f() b2->f(); //Derive::f() b3->f(); //Derive::f() b1->g(); //Base1::g() b2->g(); //Base2::g() b3->g(); //Base3::g() 

 

------------------------------ The above is the basic content of the virtual function table principle. For details, it is recommended to read the book "Inside the C ++ Object Model ---------------

 

Security

Every time I write a C ++ article, I always have to criticize C ++. This article is no exception. As described above, I believe we have a more detailed understanding of the virtual function table. The water can carry boat, but also the boat. Next, let's take a look at what we can do with a virtual function table.

1. Use a pointer of the parent type to access the virtual function of the subclass.

We know that it is meaningless for the subclass to overload the virtual function of the parent class. Because polymorphism is also based on function overloading. Although we can see in the figure above that the virtual table of Base1 has a virtual function of Derive, we cannot use the following statement to call its own virtual function of the subclass:

Base1 * b1 = new Derive ();

B1-> f1 (); // compilation Error

Any attempt to use the parent class pointer to callThe member functions of the parent class are not overwritten.Such a program cannot be compiled. However, during runtime, we can access the virtual function table through pointers to violate the C ++ semantics. (I believe you can do this by reading the code in the appendix below)

2. Access non-publicVirtual Functions

In addition, if the parent class's virtual functions are private or protected, but these non-public virtual functions will also exist in the virtual function table, we can also access these non-public virtual functions by accessing the virtual function table, which is easy to achieve.

For example:

class Base {private:      virtual void f() { cout << "Base::f" << endl; }};class Derive : public Base{};typedef void(*Fun)(void);void main() {       Derive d;       Fun pFun = (Fun)*((int*)*(int*)(&d)+0);       pFun();}