多重继承:从 void * 转换到第二个基类后的意外结果

我的程序需要使用void*来在动态调用的情况下传输数据或对象,以便它可以引用任意类型的数据,甚至是原始类型的数据.但是,我最近发现在具有多个基类的类的情况下向下转换这些 void* 的过程失败,甚至在调用这些向下转换的指针上的方法后使我的程序崩溃,即使内存地址似乎是正确的.崩溃发生在访问vtable"期间.

My program needs to make use of void* in order to transport data or objects in dynamic invocation situation, so that it can reference data of arbitrary types, even primitive types. However, I recently discovered that the process of down-casting these void* in case of classes with multiple base classes fails and even crashes my program after invoking methods on these down casted pointers even if the memory addresses seem to be correct. The crash happens during access to "vtable".

所以我创建了一个小测试用例,环境是Mac OS X上的gcc 4.2:

So I have created a small test case, environment is gcc 4.2 on Mac OS X:

class Shape {
public:
    virtual int w() = 0;
    virtual int h() = 0;
};

class Square : public Shape {
public:
    int l;
    int w() {return l;}
    int h() {return l;}
};

class Decorated {
public:
    int padding;
    int w() {return 2*padding;}
    int h() {return 2*padding;}
};

class DecoratedSquare : public Square, public Decorated {
public:
    int w() {return Square::w() + Decorated::w();}
    int h() {return Square::h() + Decorated::h();}
};


#include <iostream>

template <class T> T shape_cast(void *vp) {
//    return dynamic_cast<T>(vp);   // not possible, no pointer to class type
//    return static_cast<T>(vp);
//    return T(vp);
//    return (T)vp;
    return reinterpret_cast<T>(vp);
}

int main(int argc, char *argv[]) {
    DecoratedSquare *ds = new DecoratedSquare;
    ds->l = 20;
    ds->padding = 5;
    void *dsvp = ds;

    std::cout << "Decorated (direct)" << ds->w() << "," << ds->h() << std::endl;

    std::cout << "Shape " << shape_cast<Shape*>(dsvp)->w() << "," << shape_cast<Shape*>(dsvp)->h() << std::endl;
    std::cout << "Square " << shape_cast<Square*>(dsvp)->w() << "," << shape_cast<Square*>(dsvp)->h() << std::endl;
    std::cout << "Decorated (per void*) " << shape_cast<Decorated*>(dsvp)->w() << "," << shape_cast<Decorated*>(dsvp)->h() << std::endl;
    std::cout << "DecoratedSquare " << shape_cast<DecoratedSquare*>(dsvp)->w() << "," << shape_cast<DecoratedSquare*>(dsvp)->h() << std::endl;
}

产生以下输出:

Decorated (direct)30,30
Shape 30,30
Square 30,30
Decorated (per void*) 73952,73952
DecoratedSquare 30,30

如您所见,装饰(每个空隙*)"结果是完全错误的.它也应该像第一行一样是 30,30.

As you can see, the "Decorated (per void*)" result is completely wrong. It should also be 30,30 like in the first line.

无论我在 shape_cast() 中使用什么强制转换方法,我都会为装饰部分获得相同的意外结果.这些 void * 完全有问题.

Whatever cast method I use in shape_cast() I will always get the same unexpected results for the Decorated part. Something is completely wrong with these void *.

根据我对 C++ 的理解,这应该是可行的.有没有机会让它与空*一起工作?这可能是 gcc 中的错误吗?

From my understanding of C++ this should be actually working. Is there any chance to get this to work with the void*? Can this be a bug in gcc?

谢谢

推荐答案

这不是编译器错误 - 这是 reinterpret_cast 所做的.DecoratedSquare 对象将在内存中布局如下:

It's not a compiler bug - it's what reinterpret_cast does. The DecoratedSquare object will be laid out in memory something like this:

Square
Decorated
DecoratedSquare specific stuff

将指向 this 的指针转换为 void* 将给出此数据的起始地址,而不知道那里是什么类型.reinterpret_cast 将获取该地址并将其中的任何内容解释为 Decorated - 但实际的内存内容是 Square.这是错误的,所以你会得到未定义的行为.

Converting a pointer to this to void* will give the address of the start of this data, with no knowledge of what type is there. reinterpret_cast<Decorated*> will take that address and interpret whatever is there as a Decorated - but the actual memory contents are the Square. This is wrong, so you get undefined behaviour.

如果你reinterpret_cast 到正确的动态类型(即DecoratedSquare),你应该得到正确的结果,然后转换到基类.

You should get the correct results if you reinterpret_cast to the correct dynamic type (that is DecoratedSquare), then convert to the base class.

相关文章