Search code examples
c++assemblygcc

Why does a call to a pointer to member function handle virtual functions even if the class has no virtual methods?

https://godbolt.org/z/W8b3TG5f6

struct A {
    int __attribute__((noinline)) call(int a) {
        return (this->*mfuncP)(a);
    }

    int __attribute__((noinline)) returnArg(int a) {
        return a;
    }

    int (A::*mfuncP)(int) = &A::returnArg;
};

int test(int a) {
    return A().call(a);
}

yields

A::returnArg(int):
        mov     eax, esi
        ret
A::call(int):
        mov     rax, QWORD PTR [rdi]
        add     rdi, QWORD PTR [rdi+8]
        test    al, 1
        je      .L4
        mov     rdx, QWORD PTR [rdi]
        mov     rax, QWORD PTR [rdx-1+rax]
.L4:
        jmp     rax
test(int):
        sub     rsp, 24
        mov     esi, edi
        mov     rdi, rsp
        mov     QWORD PTR [rsp], OFFSET FLAT:A::returnArg(int)
        mov     QWORD PTR [rsp+8], 0
        call    A::call(int)
        add     rsp, 24
        ret

If I understand correctly, the assembly, in this case, is such that if the function address has the LSB set to 1, it is interpreted as referring to a virtual method (https://itanium-cxx-abi.github.io/cxx-abi/abi.html#member-function-pointers) hence the need for the branch. However, class A has no virtual functions, so it is unclear why this handling is done.

Solution

  • It must consider the possibility that the call is virtual, because it isn't actually required that a member pointer of type int (A::*)(int) refers to a member of class A. The only restriction that applies is that it must point to a direct member of either A, a (direct or indirect, non-virtual and unambiguous) base class of A or a class derived (directly or indirectly, non-virtual and unambiguously) from A. And when .* or ->* is used to bind the member function pointer to an object, (only) its most-derived object must contain (directly or indirectly) the member that is referred to. (And the class directly containing the member should not be ambiguous in the most-derived object, see open CWG 2593.)

    For example, the following has defined behavior and test must produce 42, for which the call mechanism must consider indirect virtual calls:

    struct B : A {
    virtual int vfunc(int) { return 0; };
};

struct C : B {
    int vfunc(int) override { return 42; }
};

int test(int a) {
    C c;
    c.mfuncP = static_cast<int (A::*)(int)>(&B::vfunc);
    return c.call(a);
}

    As noted in the comments, if you mark the A as final, then the compiler can infer that mfuncP can not refer to a virtual member function.

    GCC performs that optimization, but for some reason still adds the this pointer offset, which is guaranteed to be zero in the call, because A does not have any base classes either.

    Clang does not seem to perform that optimization at all at the moment.

    However, when using these kind of casts, keep in mind that, while the standard defines the behavior, MSVC's ABI uses a representation for pointer-to-members that is known to not support this. It will produce a warning and miscompile the code. I think there are flags to make it behave standard-conforming (but also probably break ABI).