源自一道面试题,觉得很有意思
class CBase
{
public:
virtual void PrintData(int nData = 111);
};
void CBase::PrintData(int nData /* = 111 */)
{
printf("CBase::PrintData, nData = %d\n", nData);
}
class CDerived : public CBase
{
public:
void PrintData(int nData = 222);
};
void CDerived::PrintData(int nData /* = 111 */)
{
printf("CDerived::PrintData, nData = %d\n", nData);
}
在main()中做如下调用: CDerived oCDerived;
CBase* pCBase = (CBase*)&oCDerived;
pCBase->PrintData();
(*pCBase).PrintData();
oCDerived.PrintData();
大家先猜猜输出结果是什么?是不是更奇怪,我们看看反汇编的代码:
14、oCDerived.PrintData();
push 0DEh
lea ecx,[ebp-4]
call @ILT+25(CDerived::PrintData) (0040101e) ;直接调用CDerived::PrintData(),无虚表取址过程
15、((CBase)oCDerived).PrintData();
mov esi,esp
push 6Fh ;压入CBase::PrintData()形参
lea ecx,[ebp-4]
push ecx ;压入oCDerived的this指针
lea ecx,[ebp-10h]
call @ILT+10(CBase::CBase) (0040100f) ;调用CBase拷贝构造函数新创建了一个CBase对象
mov dword ptr [ebp-14h],eax
mov edx,dword ptr [ebp-14h]
mov eax,dword ptr [edx] ;取新CBase对象的虚表
mov ecx,dword ptr [ebp-14h]
call dword ptr [eax] ;调用新CBase对象的虚表的第一个函数
15.1、CBase::CBase拷贝构造函数;
mov dword ptr [ebp-4],ecx ;取this指针
mov eax,dword ptr [ebp-4]
mov dword ptr [eax],offset CBase::`vftable' (00425024) ;虚表地址赋值,直接用的CBase虚表,而没有用CDerived的虚表
mov eax,dword ptr [ebp-4] ;将this指针给eax返回
16、pCDerived->PrintData();
mov esi,esp
push 0DEh
mov ecx,dword ptr [ebp-8] ;取pCDerived
mov edx,dword ptr [ecx] ;取虚表
mov ecx,dword ptr [ebp-8] ;放入this指针
call dword ptr [edx] ;调用虚表的第一个函数,即PrintData()