.as() and .vcast() don't handle multiple inheritance correctly

[cbiesinger]

Take BrowserAccessibilityManager (https://cs.chromium.org/chromium/src/content/browser/accessibility/browser_accessibility_manager.h?sq=package:chromium&g=0&l=127)

It inherits from two virtual classes, ui::AXTreeObserver and ui::AXTreeManager. If you have a pointer to an AXTreeManager, you need to adjust the pointer to get to a BrowserAccessibilityManager (at least with the way that gcc lays out these classes in memory). Note the different addresses:

(rr) p (ui::AXTreeManager*) 0x000055ea418a02f8
$36 = (content::BrowserAccessibilityManagerAuraLinux *) 0x55ea418a02e0

However, JsDbg will just try to look up the vtable through the address, notice a nonzero displacement, and throw an error.

(This breaks the ax-tree extension on Linux. I'm not sure why it works on Windows?)

[petersalas]

I think the way this works on Windows is that each vtable within the BrowserAccessibilityManager is treated as an independent symbol, so when vcast resolves the AXTreeManager's vtable as a symbol it has offset 0. On Linux, does each of the vtable addresses resolve as different offsets from the same symbol?

[cbiesinger]

Indeed, you're right -- on Windows they point to:

0:042> ln 0x7ffce2b4b2d8
Browse module
Set bu breakpoint

(00007ffc`e2b4b2d8)   chrome!content::BrowserAccessibilityManager::`vftable'   |  (00007ffc`e2b4b2e8)   chrome!`string'
Exact matches:
0:042> ln 0x7ffce2b4b450
Browse module
Set bu breakpoint

(00007ffc`e2b4b450)   chrome!content::BrowserAccessibilityManagerWin::`vftable'   |  (00007ffc`e2b4b560)   chrome!kUiaTestCompleteSentinel
Exact matches:

And in that case it does handle it correctly. Yes, on Linux they are offsets into the same symbol. (I don't really understand how this works on Windows -- if a subclass overrides a base class's functions, don't the base class and the subclass need different vtables? but the debug output above seems to have named them the same?)

Maybe vcast should be OK with a nonzero displacement?

[cbiesinger]

Maybe you can have multiple symbols with the same name and that's how it works on Windows?

[cbiesinger]

#108 does fix this for Linux (for vcast, not for as)

[sanketj]

I feel like I have seen something like this happen on Windows as well. I can't remember the case at the moment, but I'll try to find it.

[petersalas]

The as behavior is by design, but dcast (dynamic cast) exists to do a multiple-inheritance aware cast and should work once the vcast behavior is relaxed.

[cbiesinger]

OK thanks. I guess .as is not as similar to static_cast as I thought :)

@sanketj If you find it please do let me know!