What Is the First (Int (*)(...))0 Vtable Entry in the Output of G++ -Fdump-Class-Hierarchy

  • Home
  • Languages
  • C++
  • What Is the First (Int (*)(...))0 Vtable Entry in the Output of G++ -Fdump-Class-Hierarchy

What is the first (int (*)(...))0 vtable entry in the output of g++ -fdump-class-hierarchy?

Those are the offset-to-top (needed for multiple inheritence) and typeinfo (RTTI) pointers.

From the Itanium ABI (you are not using the Itanium compiler, but their description of this is really good):

The offset to top holds the displacement to the top of the object from the location within the object of the virtual table pointer that addresses this virtual table, as a ptrdiff_t. It is always present. The offset provides a way to find the top of the object from any base subobject with a virtual table pointer. This is necessary for dynamic_cast in particular.

(In a complete object virtual table, and therefore in all of its primary base virtual tables, the value of this offset will be zero. [...])

The typeinfo pointer points to the typeinfo object used for RTTI. It is always present. All entries in each of the virtual tables for a given class must point to the same typeinfo object. A correct implementation of typeinfo equality is to check pointer equality, except for pointers (directly or indirectly) to incomplete types. The typeinfo pointer is a valid pointer for polymorphic classes, i.e. those with virtual functions, and is zero for non-polymorphic classes.

Offset-to-top in more detail (by request)

Let's say you have a derived class D that derives from a base class, B1. What happens when you try to cast a D instance to type B1? Since functions that take a B1 object don't know anything about D, part of the D vtable must also be a valid B1 vtable. This is easy enough - just make the start of the D vtable look like a B1 vtable, and add on any additional entries we need after that. Functions expecting a B1 will be happy, because they won't use any part of the vtable beyond what they're expecting for a B1.

However, what happens if D now also derives from B2? The pointer to the D vtable can't be both a valid B1 vtable and a valid B2 vtable! The compiler solves this by appending a separate B2 vtable to the end of our combined D/B1 vtable, and adjusts the vtable-pointer manually when we try to cast from a D to a B2.

However, this leads to a new problem - what happens when we try to cast back from a B2 to a D? The compiler can't just adjust the vtable-pointer backwards by the same amount it adjusted the pointer previously, because it doesn't actually know for sure that the B2 object we're giving it is of type D! In particular, dynamic_cast<D>() must be able to tell if our object is or isn't of type D. For that, it needs to access the object's RTTI, and for that, it needs to know where the start of the original object's vtable is. This is the purpose of the offset-to-top value - it gives us the offset to the start of the original object's vtable, we get our object's RTTI, and the vengeful god of C++ allows our crops to grow for another season.

This page has some good examples of vtable layouts (under Table 1c). Note that they are slightly more complicated due to the use of virtual inheritance, which adds an extra offset to the vtable of each child class.

What are those two long in vtable assembly code emitted by GCC?

One of the two "spaces" should be for RTTI (the second one), the other for multiple inheritance (the first one). See for example http://tinydrblog.appspot.com/?p=89001, or even better https://stackoverflow.com/a/5712953/613130

understanding c++ vtables and RTTI

The vptr points to the third item in the vtable. You can see that from your class dump :

    vptr=((& A::_ZTV1A) + 16u)

or by comparing in-memory values with the member function addresses.

So, what you want to modify is the first two items :

my_vtab[0] = &A::bar;
my_vtab[1] = &A::foo;

Additionally, don't construct the new vtable with member function pointers, but rather with normal function pointers (or even void*). Eg. :

typedef void (*func)();

or :

typedef void* func;

The reason for that is that member function pointers already deal with virtual member functions, and hence are not appropriate as an entry in a vtable (for more info, refer to the question Why the size of a pointer to a function is different from the size of a pointer to a member function? eg.).

Explanation of virtual table

I believe the first entry or the entry at 0 the is the offset to top pointer.

See the following relevant stackoverflow question

Looking through the remainder -fdump-class-hierarchy from your source code , most classes seem the have the first entry as (int (*)(...))0 , the only classes that don't have it as the first entry have it as the second and have the first entry as the offset to the parent class given the C++ STL class hierarchy for streams.

In the relevant question a dead link to some vtable examples is given, I believe a live version of that link is available here

Another useful resource detailing the structure of vtables is here.


Related Topics

C++ Compare Char Array with String

How to Set a Breakpoint in Gdb Where the Function Returns

C++ Double Address Operator? (&&)

Stdcall and Cdecl

Which Headers in the C++ Standard Library Are Guaranteed to Include Another Header

What Is "Pch.H" and Why Is It Needed to Be Included as the First Header File

Dso Missing from Command Line

Passing Arguments to Std::Async by Reference Fails

Serial Comm Using Writefile/Readfile

C++11 Inheriting Constructors and Access Modifiers

Correct Way to Use Cin.Fail()

Are Memory Leaks "Undefined Behavior" Class Problem in C++

Cin Input (Input Is an Int) When I Input a Letter, Instead of Printing Back Incorrect Once, It Prints Correct Once Then Inc for the Rest of the Loop

Struct Constructor in C++

Copy Map Values to Vector in Stl

What Are Primitive Types Default-Initialized to in C++

Function Signature-Like Expressions as C++ Template Arguments

Inheritance: 'A' Is an Inaccessible Base of 'B'


Leave a reply



Submit