I had some experience lately with function pointers in C.
So going on with the tradition of answering your own questions, I decided to make a small summary of the very basics, for those who need a quick dive-in to the subject.
I had some experience lately with function pointers in C.
So going on with the tradition of answering your own questions, I decided to make a small summary of the very basics, for those who need a quick dive-in to the subject.
The guide to getting fired: How to abuse function pointers in GCC on x86 machines by compiling your code by hand:
These string literals are bytes of 32-bit x86 machine code.
0xC3
is an x86ret
instruction.You wouldn't normally write these by hand, you'd write in assembly language and then use an assembler like
nasm
to assemble it into a flat binary which you hexdump into a C string literal.Returns the current value on the EAX register
Write a swap function
Write a for-loop counter to 1000, calling some function each time
You can even write a recursive function that counts to 100
Note that compilers place string literals in the
.rodata
section (or.rdata
on Windows), which is linked as part of the text segment (along with code for functions).The text segment has Read+Exec permission, so casting string literals to function pointers works without needing
mprotect()
orVirtualProtect()
system calls like you'd need for dynamically allocated memory. (Orgcc -z execstack
links the program with stack + data segment + heap executable, as a quick hack.)To disassemble these, you can compile this to put a label on the bytes, and use a disassembler.
Compiling with
gcc -c -m32 foo.c
and disassembling withobjdump -D -rwC -Mintel
, we can get the assembly, and find out that this code violates the ABI by clobbering EBX (a call-preserved register) and is generally inefficient.This machine code will (probably) work in 32-bit code on Windows, Linux, OS X, and so on: the default calling conventions on all those OSes pass args on the stack instead of more efficiently in registers. But EBX is call-preserved in all the normal calling conventions, so using it as a scratch register without saving/restoring it can easily make the caller crash.
Function pointers in C can be used to perform object-oriented programming in C.
For example, the following lines is written in C:
Yes, the
->
and the lack of anew
operator is a dead give away, but it sure seems to imply that we're setting the text of someString
class to be"hello"
.By using function pointers, it is possible to emulate methods in C.
How is this accomplished?
The
String
class is actually astruct
with a bunch of function pointers which act as a way to simulate methods. The following is a partial declaration of theString
class:As can be seen, the methods of the
String
class are actually function pointers to the declared function. In preparing the instance of theString
, thenewString
function is called in order to set up the function pointers to their respective functions:For example, the
getString
function that is called by invoking theget
method is defined as the following:One thing that can be noticed is that there is no concept of an instance of an object and having methods that are actually a part of an object, so a "self object" must be passed in on each invocation. (And the
internal
is just a hiddenstruct
which was omitted from the code listing earlier -- it is a way of performing information hiding, but that is not relevant to function pointers.)So, rather than being able to do
s1->set("hello");
, one must pass in the object to perform the action ons1->set(s1, "hello")
.With that minor explanation having to pass in a reference to yourself out of the way, we'll move to the next part, which is inheritance in C.
Let's say we want to make a subclass of
String
, say anImmutableString
. In order to make the string immutable, theset
method will not be accessible, while maintaining access toget
andlength
, and force the "constructor" to accept achar*
:Basically, for all subclasses, the available methods are once again function pointers. This time, the declaration for the
set
method is not present, therefore, it cannot be called in aImmutableString
.As for the implementation of the
ImmutableString
, the only relevant code is the "constructor" function, thenewImmutableString
:In instantiating the
ImmutableString
, the function pointers to theget
andlength
methods actually refer to theString.get
andString.length
method, by going through thebase
variable which is an internally storedString
object.The use of a function pointer can achieve inheritance of a method from a superclass.
We can further continue to polymorphism in C.
If for example we wanted to change the behavior of the
length
method to return0
all the time in theImmutableString
class for some reason, all that would have to be done is to:length
method.length
method.Adding an overriding
length
method inImmutableString
may be performed by adding anlengthOverrideMethod
:Then, the function pointer for the
length
method in the constructor is hooked up to thelengthOverrideMethod
:Now, rather than having an identical behavior for the
length
method inImmutableString
class as theString
class, now thelength
method will refer to the behavior defined in thelengthOverrideMethod
function.I must add a disclaimer that I am still learning how to write with an object-oriented programming style in C, so there probably are points that I didn't explain well, or may just be off mark in terms of how best to implement OOP in C. But my purpose was to try to illustrate one of many uses of function pointers.
For more information on how to perform object-oriented programming in C, please refer to the following questions:
Function pointer is usually defined by typedef, and used as param & return value,
Above answers already explained a lot, I just give a full example:
One of the big uses for function pointers in C is to call a function selected at run-time. For example, the C run-time library has two routines, qsort and bsearch, which take a pointer to a function that is called to compare two items being sorted; this allows you to sort or search, respectively, anything, based on any criteria you wish to use.
A very basic example, if there is one function called print(int x, int y) which in turn may require to call add() function or sub() which are of similar types then what we will do, we will add one function pointer argument to the print() function as shown below:-
Since function pointers are often typed callbacks, you might want to have a look at type safe callbacks. The same applies to entry points, etc of functions that are not callbacks.
C is quite fickle and forgiving at the same time :)
Function pointers become easy to declare once you have the basic declarators:
ID
: ID is a*D
: D pointer toD(<parameters>)
: D function taking<
parameters>
returningWhile D is another declarator built using those same rules. In the end, somewhere, it ends with
ID
(see below for an example), which is the name of the declared entity. Let's try to build a function taking a pointer to a function taking nothing and returning int, and returning a pointer to a function taking a char and returning int. With type-defs it's like thisAs you see, it's pretty easy to build it up using typedefs. Without typedefs, it's not hard either with the above declarator rules, applied consistently. As you see i missed out the part the pointer points to, and the thing the function returns. That's what appears at the very left of the declaration, and is not of interest: It's added at the end if one built up the declarator already. Let's do that. Building it up consistently, first wordy - showing the structure using
[
and]
:As you see, one can describe a type completely by appending declarators one after each other. Construction can be done in two ways. One is bottom-up, starting with the very right thing (leaves) and working the way through up to the identifier. The other way is top-down, starting at the identifier, working the way down to the leaves. I'll show both ways.
Bottom Up
Construction starts with the thing at the right: The thing returned, which is the function taking char. To keep the declarators distinct, i'm going to number them:
Inserted the char parameter directly, since it's trivial. Adding a pointer to declarator by replacing
D1
by*D2
. Note that we have to wrap parentheses around*D2
. That can be known by looking up the precedence of the*-operator
and the function-call operator()
. Without our parentheses, the compiler would read it as*(D2(char p))
. But that would not be a plain replace of D1 by*D2
anymore, of course. Parentheses are always allowed around declarators. So you don't make anything wrong if you add too much of them, actually.Return type is complete! Now, let's replace
D2
by the function declarator function taking<parameters>
returning, which isD3(<parameters>)
which we are at now.Note that no parentheses are needed, since we want
D3
to be a function-declarator and not a pointer declarator this time. Great, only thing left is the parameters for it. The parameter is done exactly the same as we've done the return type, just withchar
replaced byvoid
. So i'll copy it:I've replaced
D2
byID1
, since we are finished with that parameter (it's already a pointer to a function - no need for another declarator).ID1
will be the name of the parameter. Now, i told above at the end one adds the type which all those declarator modify - the one appearing at the very left of every declaration. For functions, that becomes the return type. For pointers the pointed to type etc... It's interesting when written down the type, it will appear in the opposite order, at the very right :) Anyway, substituting it yields the complete declaration. Both timesint
of course.I've called the identifier of the function
ID0
in that example.Top Down
This starts at the identifier at the very left in the description of the type, wrapping that declarator as we walk our way through the right. Start with function taking
<
parameters>
returningThe next thing in the description (after "returning") was pointer to. Let's incorporate it:
Then the next thing was functon taking
<
parameters>
returning. The parameter is a simple char, so we put it in right away again, since it's really trivial.Note the parentheses we added, since we again want that the
*
binds first, and then the(char)
. Otherwise it would read function taking<
parameters>
returning function .... Noes, functions returning functions aren't even allowed.Now we just need to put
<
parameters>
. I will show a short version of the deriveration, since i think you already by now have the idea how to do it.Just put
int
before the declarators like we did with bottom-up, and we are finishedThe nice thing
Is bottom-up or top-down better? I'm used to bottom-up, but some people may be more comfortable with top-down. It's a matter of taste i think. Incidentally, if you apply all the operators in that declaration, you will end up getting an int:
That is a nice property of declarations in C: The declaration asserts that if those operators are used in an expression using the identifier, then it yields the type on the very left. It's like that for arrays too.
Hope you liked this little tutorial! Now we can link to this when people wonder about the strange declaration syntax of functions. I tried to put as little C internals as possible. Feel free to edit/fix things in it.