C++ 虚函数机制学习

致谢


  本文是基于对<Inside the c++ object model>的阅读和gdb的使用而完成的.在此感谢Lippman对cfront中对象模型的解析,这些解析帮助读者拨开迷雾.此外,Linux下无比强大的gdb工具更是驱散"黑暗"的"明灯".  :)

No-Inheritance


 class Base {
public:
int a = ;
static int b;
int c = ; void showBase1();
static int showBase2();
}; void Base::showBase1() {
cout<<"Base"<<endl;
}
int Base::showBase2() {
cout<<"base2"<<endl;
}

解析:

  使用GDB查看内存空间,显示

    Base中a的地址为0x7fffffffdc50

    Base中c的地址为0x7fffffffdc54

    Base中b的地址为0x601068

    showBase1的地址为0x40085e(参数为Base * const -> this指针为常量指针)

    showBase2的地址为0x400888(参数为void)

  显然

    non-static data member是存储在class object中;

    static data member, member function因为是所有本class的对象所share的,所以放置在了一个公共区域;

Inheritance without Polymorphism


 class Base {
public:
int a = ;
static int b;
int c = ; void showBase1();
};
int Base::b = ;
void Base::showBase1() {
cout<<"Base"<<endl;
} class Inheri : public Base {
public:
int c = ;
static int d; static int showInheri1();
};
int Inheri::d = ;
int Inheri::showInheri1(){
cout<<"Inheri"<<endl;
}

解析:  

  使用GDB查看内存空间,显示

    Inheri中a的地址为0x7fffffffdc70

    Inheri中c的地址为0x7fffffffdc78

    Inheri中b的地址为0x601068

    Inheri中b的地址为0x60106c

    showBase1的地址为0x40085e(参数为Base * const -> this指针为常量指针)

    showInheri1的地址为0x400888(参数为void)

  显然

    derived class object中包含 基类和派生类的non-static data member;

No-Inheritance with Polymorphism


 class Base {
public:
int a = ;
static int b;
int c = ; virtual void showBase1();//virtual function
};
int Base::b = ;
void Base::showBase1() {
cout<<"Base"<<endl;
}

  使用gdb查看base class object( p ptr )

     " {_vptr.Base = 0x400af0 <vtable for Base+16>, a = 21, static b = 10, c = 22} "

  在类中使用虚机制(虚函数,虚基类,虚继承..)时,会为每个object添加vptr来指向所对应的vtbl.

  

  使用gdb查看vptr指向的虚函数(p /a *(void**)0x400af0

    " {0x40092e <Base::showBase1()>, 0x697265686e4936} " 

  

Single-Inheritance with Virtual Mechanism


class Base {
public:
int a = ;
static int b;
int c = ; virtual void showBase1();
};
int Base::b = ;
void Base::showBase1() {
cout<<"Base"<<endl;
} class Inheri : public Base {
public:
int c = ;
static int d; static int showInheri1();
};
int Inheri::d = ;
int Inheri::showInheri1(){
cout<<"Inheri"<<endl;
}

  查看Inheri class object

    {<Base> = {_vptr.Base = 0x400bc0 <vtable for Inheri+16>, a = 21, static b = 10, c = 22}, c = 23, static d = 11}

  查看Ineri class object 的vtbl

    0x400998 <Inheri::show()>

  可以看到derived class object直接使用了从base class subobject中继承而来的vptr.

  同样,查看Base class object

    {_vptr.Base = 0x400be0 <vtable for Base+16>, a = 21, static b = 10, c = 22}

  查看Base class object的vtbl

    0x40096e <Base::show()>         

  

  从这里可以看出来,在Single Inheritance中每个class object的vtbl中都只包含本class所对应的virtual function.

  

  我们再测试一下derived class赋值给base class pointer的情况.

    Base* bbptr = new Inheri;

  查看bbptr所指向的内存:

    {<Base> = {_vptr.Base = 0x400bc0 <vtable for Inheri+16>, a = 21, static b = 10, c = 22}, c = 23, static d = 11}

  查看vtbl中的内容:

    0x400998 <Inheri::show()>

  这里我们可以有两点发现:

    1) 虽然使用的是基类指针Base* 来接Inheri对象,但是其vptr所指向的vtbl仍然是Inheri class的;

    2) 每个class所对应的vtbl在内存中只有一份,在测试中bbptr和iptr指向的vtbl都是位于0x400bc0

Multiple-Inheritance with Virtual Mechanism


    

 class Base {
public:
int a = ;
static int b;
int c = ; virtual void show();//inline
};
int Base::b = ;
void Base::show() {
cout<<"Base"<<endl;
} class Inheri : public Base {
public:
int c = ;
static int d; virtual void show();
};
int Inheri::d = ;
void Inheri::show(){
cout<<"Inheri"<<endl;
} class OtherBase{
public:
int oa;
virtual void show();
};
void OtherBase::show(){
cout<<"OtherBase"<<endl;
} class Final : public OtherBase,public Inheri{
public:
virtual void show();
};
void Final::show() {
cout<<"Final"<<endl;
}

  查看Final对象

    "{<OtherBase> = {_vptr.OtherBase = 0x400cd0 <vtable for Final+16>, oa = 0}, <Inheri> = {<Base> = {_vptr.Base = 0x400ce8 <vtable for Final+40>, a = 21, static b = 10, c = 22}, c = 23, static d = 11}, <No data fields>}"

    可以观察到:

      1) 子对象从右向左的被构建

      2) 分别包含OtherBase和Base的vptr,这是为了在derived class object 赋予base class object时更容易处理.

继续查看OtherBase和Base中vptr的信息

    _vptr.OtherBase所指向的vtbl中信息为 : 0x400a5c <Final::show()>

     _vptr.Base所指项的vtbl中信息为 : 0x400a86 <_ZThn16_N5Final4showEv>

    可以看到这两个vtbl所保存的都是Final::show.因此, 通过Final来为各个基类指针赋值时,最后总是调用Final自身的虚函数.

Virtual Inheritance


  

 class _ios {
public:
int i;
virtual void show();
};
void _ios::show() {
cout<<"ios"<<endl;
} class _istream : public _ios {
public:
int is;
virtual void show();
};
void _istream::show() {
cout<<"istream"<<endl;
} class _ostream : public _ios {
public:
int os;
virtual void show();
};
void _ostream::show() {
cout<<"ostream"<<endl;
} class _iostream : public _istream, public _ostream {
public:
int ios;
virtual void show();
};
void _iostream::show() {
cout<<"iostream"<<endl;
}

  在未使用virtual inheritance时, 查看 _iostream 对象, 会看到两份 _ios 类的对象,分别属于_istream和_ostream :

    "{<_istream> = {<_ios> = {_vptr._ios = 0x400c90 <vtable for _iostream+16>, i = 0}, is = 0}, <_ostream> = {<_ios> = {

_vptr._ios = 0x400ca8 <vtable for _iostream+40>, i = 0}, os = 0}, ios = 0}"

    符合之前介绍的single inheritance with polymorphism, _istream和_ostream分别使用从_ios中而来的vptr.ios来指向自己的vtbl. 

  使用virtual inheritance时 ,可以看到只有一份 _ios对象:

    "{<_istream> = {<_ios> = {_vptr._ios = 0x400d18 <vtable for _iostream+88>, i = 0}, _vptr._istream = 0x400cd8 <vtable for _iostream+24>, is = 0}, <_ostream> = {_vptr._ostream = 0x400cf8 <vtable for _iostream+56>, os = 0}, ios = 0}"

    在虚继承中,没有和单一继承中那样继承基类的vptr, 而是拥有自己的vptr.

继续查看vtbl中内容,分别显示 :

    0x400a40 <_ZTv0_n24_N9_iostream4showEv>

    0x400a3a <_ZThn16_N9_iostream4showEv>

    可见, 虚函数表中的函数也都是_iostream class中的member function.因此, 无论_iostream对象赋值给那个base class subobject的指针,总能调用到_iostream class的virtual function.

Reference


  <Inside the C++ Object Model>

  <GDB Manul>

备注


  更多内容详见 https://github.com/CarlSama/Inside-The-CPP-Object-Model-Reading-Notes

上一篇:Effective C++笔记之Item49【了解new-handler的行为】


下一篇:[LeetCode] Inorder Successor in BST II 二叉搜索树中的中序后继节点之二