multiple inheritance: unexpected result after cast from void * to 2nd base class

Question

My program needs to make use of void* in order to transport data or objects in dynamic invocation situation, so that it can reference data of arbitrary types, even primitive types. However, I recently discovered that the process of down-casting these void* in case of classes with multiple base classes fails and even crashes my program after invoking methods on these down casted pointers even if the memory addresses seem to be correct. The crash happens during access to "vtable".

So I have created a small test case, environment is gcc 4.2 on Mac OS X:

class Shape {
public:
    virtual int w() = 0;
    virtual int h() = 0;
};

class Square : public Shape {
public:
    int l;
    int w() {return l;}
    int h() {return l;}
};

class Decorated {
public:
    int padding;
    int w() {return 2*padding;}
    int h() {return 2*padding;}
};

class DecoratedSquare : public Square, public Decorated {
public:
    int w() {return Square::w() + Decorated::w();}
    int h() {return Square::h() + Decorated::h();}
};


#include <iostream>

template <class T> T shape_cast(void *vp) {
//    return dynamic_cast<T>(vp);   // not possible, no pointer to class type
//    return static_cast<T>(vp);
//    return T(vp);
//    return (T)vp;
    return reinterpret_cast<T>(vp);
}

int main(int argc, char *argv[]) {
    DecoratedSquare *ds = new DecoratedSquare;
    ds->l = 20;
    ds->padding = 5;
    void *dsvp = ds;

    std::cout << "Decorated (direct)" << ds->w() << "," << ds->h() << std::endl;

    std::cout << "Shape " << shape_cast<Shape*>(dsvp)->w() << "," << shape_cast<Shape*>(dsvp)->h() << std::endl;
    std::cout << "Square " << shape_cast<Square*>(dsvp)->w() << "," << shape_cast<Square*>(dsvp)->h() << std::endl;
    std::cout << "Decorated (per void*) " << shape_cast<Decorated*>(dsvp)->w() << "," << shape_cast<Decorated*>(dsvp)->h() << std::endl;
    std::cout << "DecoratedSquare " << shape_cast<DecoratedSquare*>(dsvp)->w() << "," << shape_cast<DecoratedSquare*>(dsvp)->h() << std::endl;
}

produces the following output:

Decorated (direct)30,30
Shape 30,30
Square 30,30
Decorated (per void*) 73952,73952
DecoratedSquare 30,30

As you can see, the "Decorated (per void*)" result is completely wrong. It should also be 30,30 like in the first line.

Whatever cast method I use in shape_cast() I will always get the same unexpected results for the Decorated part. Something is completely wrong with these void *.

From my understanding of C++ this should be actually working. Is there any chance to get this to work with the void*? Can this be a bug in gcc?

Thanks

Answer 1

A static_cast or a dynamic_cast in presence of multiple inheritance may change the representation of the pointer by offsetting it so that it designate the correct address. static_cast determines the correct offset by considering static typing information. dynamic_cast does it by checking the dynamic type. If you go throw void*, you are loosing all static typing information and the possibility to get dynamic typing information, so the reinterpret_cast you are using is assuming that the offset is null, failing some times.

Answer 2

It's not a compiler bug - it's what reinterpret_cast does. The DecoratedSquare object will be laid out in memory something like this:

Square
Decorated
DecoratedSquare specific stuff

Converting a pointer to this to void* will give the address of the start of this data, with no knowledge of what type is there. reinterpret_cast<Decorated*> will take that address and interpret whatever is there as a Decorated - but the actual memory contents are the Square. This is wrong, so you get undefined behaviour.

You should get the correct results if you reinterpret_cast to the correct dynamic type (that is DecoratedSquare), then convert to the base class.

Answer 3

Repeat ten times - the only thing you can safely do with a reinterpret_cast pointer is reinterpret_cast it back to the same pointer type it came from. The same applies with conversions to void*: you must convert back to the original type.

So, if you cast a DecoratedSquare* to void*, you must cast it back to DecoratedSquare*. Not Decorated*, not Square*, not Shape*. Some of them might work on your machine, but this is a combination of good luck and implementation-specific behaviour. It usually works with single-inheritance, because there's no obvious reason to implement object pointers in a way which would stop it working, but this is not guaranteed, and it can't work in general for multiple inheritance.

You say that your code accesses "arbitrary types, including primitive types" via a void*. There's nothing wrong with this - presumably whoever receives the data knows to treat it as a DecoratedSquare* and not as, say, int*.

If whoever receives it only knows to treat it as a base class, such as Decorated*, then whoever converts it to void* should static_cast it to the base class first, then to void*:

void *decorated_vp = static_cast<Decorated*>(ds);

Now when you cast decorated_vp back to Decorated*, you'll get the result of static_cast<Decorated*>(ds), which is what you need.