vfptr

vfptr是什么？

vptr vtable我知道是什么，那么vfptr是什么？在VC跟踪的时候，会有这个分量，一个具有虚函数的类对象。

摘自CSDN：

vfptr = vf + ptr 
vf = virtual function (table) 虚函数表 
ptr = pointer 指针

指向虚函数列表的指针--那不就是vptr吗？

是这个意思吗？

vtable里面的虚函数的排序是根据什么？

以下内容摘自http://kaisar-haque.blogspot.jp/2008/07/c-accessing-virtual-table.html，从这篇文章中明白了，vptr在VC里面叫做vfptr。

下面的例子，我进行了尝试，得到几点结论：

1.内联的汇编代码是Intel汇编，在linux下不能使用，需要使用它AT&T汇编。

2.汇编即使不用，程序也可以运行。

3.虚函数的排列顺序是定义顺序。

4.代码中不应该使用int来定义，因为在64位系统下，指针长度为8位，应该使用size_t来定义--这一点原帖中的回复也有提到。

针对网友的回复，我也在VS2012上运行了一下（没有VS2010），结果发现输出n=0，当语句运行到fn函数的时候，ecx发生了变化（是因为函数栈发生了变化？），然后n就输出为0，之后仔细又看了看原帖，发现在回复中作者很清楚地写明了，要使用release模式，那么debug和release模式的区别是什么呢？

网友的回复，引出了我原本没有理解透的一些问题（有些内容没有琢磨明白，没有多给自己从多个提一些问题）。

1.为什么ecx里面存放this指针，那么其他的寄存器都是如何定义的呢？

2.C++对象的结构是怎么样的？

参考：http://stackoverflow.com/questions/12194083/visual-c-inline-x86-assembly-accessing-this-pointer。

"According to the MSDN documentation the "this" pointer is stored in ECX when using the default__thiscall calling convention for class functions. "，在MSDN里面是有约定的，参考https://msdn.microsoft.com/en-us/library/windows/hardware/ff561502(v=vs.85).aspx。

参考http://stackoverflow.com/questions/12490470/is-ecx-register-used-to-pass-one-of-the-parameters-in-a-static-function-call，这个帖子也很有参考性，讲的是静态函数的寄存器分配。

以下为摘抄http://kaisar-haque.blogspot.jp/2008/07/c-accessing-virtual-table.html：

“C++: Accessing the virtual table directly
This post is not intended for beginners. To understand the content of this topic, you need to have basic understanding of what virtual functions are.

We know that the run time binding or virtual function mechanism is implemented by a virtual table. If a class has at least one virtual function a virtual table will be created for that class. To be specific, 'only one' virtual table will be created for all of the instances/objects of that class. Each of the instances and objects will have a pointer to the virtual table.

The same thing is true for a class hierarchy. Meaning, if class Z derives class Y and class Y derives class X, only one virtual table will be created for all instances/objects of class X, Y and Z. Each of the instances and objects of X, Y and Z will have a pointer to the virtual table.

===============
Added on July 14, 2008:
The virtual tables for each of class X, Y and Z share common information but they are not necessarily the same table for each of these classes. The scenario is complex for multiple and virtual inheritance. I would like to discuss them in future posts.
===============

A pointer is 32 bit/4 bytes in a 32-bit architecture and 64-bit/8 bytes in a 64-bit architecture. So all instances/objects of a class or class hierarchy, where we have a virtual table, will have additional 4 bytes in them and 8 bytes in case of a 64-bit architecture.

This pointer is called virtual table pointer, sometimes 'vptr'. In VC++ compiler, the objects will have a pointer named '__vfptr' in them and in some other compiler it's '__vptr_X', where X is the class name.


Now __vfptr is not directly accessible from your code. For example, if you write the following code you'll get a compiler error as the __vfptr is not available for your use.

  1 X a;
  2 cout << a.__vfptr;

However, if you debug the code in VC++, you can see the 'a.__vfptr' in the variable watch windows. Interesting ha?


Okay, now we'd like to see how we can access the virtual table even if the compiler doesn't want us to. Let's have class X with a virtual function fn() which simply prints a member variable and we want to access the virtual table of class X to call the function fn() using it. The following code does that.


  1 #include <iostream>
  2
  3 using namespace std;
  4
  5 //a simple class
  6 class X
  7 {
  8 public:
  9  //fn is a simple virtual function
 10  virtual void fn()
 11  {
 12   cout << "n = " << n << endl;
 13  }
 14
 15  //a member variable
 16  int n;
 17 };
 18
 19 int main()
 20 {
 21  //create an object (obj) of class X
 22  X *obj = new X();
 23  obj->n = 10;
 24
 25  //get the virtual table pointer of object obj
 26  int* vptr =  *(int**)obj;
 27
 28  // we shall call the function fn, but first the following assembly code
 29  //  is required to make obj as 'this' pointer as we shall call
 30  //  function fn() directly from the virtual table
 31  __asm
 32  {
 33   mov ecx, obj
 34  }
 35
 36  //function fn is the first entry of the virtual table, so it's vptr[0]
 37  ( (void (*)()) vptr[0] )();
 38
 39  //the above is the same as the following
 40  //obj->fn();
 41
 42  return 0;
 43 }
 44 
Please note, this code is compiler dependent and may only work on VC++ compilers and it'll work correctly when you'll run it in 'Release' mode. Here goes some explanation of the code.

In line 26, we have:
 26  int* vptr =  *(int**)obj;
The virtual table pointer __vfptr is available in the first 4 bytes of the object. In this line, we get the value of the pointer __vfptr or the address of the virtual table as an integer pointer (say as a pointer to an integer array).

The first entry of the virtual table is the function pointer of the virtual function 'fn'. We can access the first entry using vptr[0] (as this is just an array). So, in line 37, we just call the function using the function pointer. But wait, you might be asking why the following assembly line is there before that function call.
 33   mov ecx, obj
If you take another look into the implementation of function fn(), you can see that it prints out the member variable 'n', which is only avaliable to object 'obj'. Inside the function fn(), 'obj' needs to be set as 'this' pointer, to give the function fn() access to all it's members.

When we call the function fn() in this way: obj->fn(), the compiler does the job for us and sets 'obj' as 'this' before calling the function. But in line 37, we couldn't specify anything to the function fn() saying it is called for the object 'obj', so the function won't find out where to get the value of 'n' from. This is why we expicitly need to set the 'obj' as 'this' before we call the function fn() in line 37. We did that in line 33, in the assembly code. This line is again VC++ specific. In VC++, 'this' pointer is set in the register 'ECX'. Some other compiler may handle that differently.

If we had more virtual function, we could have access them using next indexes of vptr: vptr[1], vptr[2], etc.

We have learned some interesting facts about the virtual functions and the virtual table. We may not have any use of this kind of code where we need to directly access the virtual table in our general applications but this helps when you want to know more about C++ internals.

Enjoy!

July 12, 2008:
We assumed here that the vptr is placed in the beginning of the class object. here's a note on that:

Traditionally, the vptr has been placed after all the explicitly declared members of the class. More recently, it has been placed at the beginning of the class object. The C++ Standard allows the compiler the freedom to insert these internally generated members anywhere, even between those explicitly declared by the programmer.”