The document says that Value.dynamic_cast works like dynamic cast in C++, but in the following experiment, it shows that the Value.cast works in C++, and Value.dynamic_cast gives some value I don't understand. I have asked on the stackoverflow in https://stackoverflow.com/questions/71644182/gdb-python-api-dynamic-cast-not-work-as-expected, but received a comment that says this might be a bug in the gdb. So I open this ticket. This is the sample code class Base { public: virtual void p() {} int i =3; }; class Base2 { public: virtual void f() {} int i2 =4; }; class Derived: public Base, public Base2{ public: void p() override{} int t =4; }; int main() { auto* p = new Derived(); Base2* pb2 = p; Base* pb = p; return 0; } Run the code, and print the values of p, pb, and pb2 (gdb) p p $1 = (Derived *) 0x613c20 (gdb) p pb // $2 = (Base *) 0x613c20 (gdb) p pb2 $3 = (Base2 *) 0x613c30 Then use python script to print the value as follows, the Value.dynamic_cast will give (gdb) py print(ppb2.dynamic_cast(ppb2.dynamic_type)) 0x400808 <vtable for Derived+16> And the Value.cast gives the correct derived pointer, (gdb) py print(ppb2.cast(ppb2.dynamic_type)) 0x613c20 pp, ppb, and ppb2 are the corresponding values but in Python env, got from the following code. (gdb) py pp = gdb.parse_and_eval('p') (gdb) py print(pp) 0x613c20 (gdb) py ppb2 = gdb.parse_and_eval('pb2') (gdb) py print(ppb2) 0x613c30 (gdb) py print(ppb2.cast(ppb2.dynamic_type)) 0x613c20 (gdb) py print(ppb2.dynamic_cast(ppb2.dynamic_type)) 0x400808 <vtable for Derived+16> Why Value.dynamic_cast will give 0x400808 <vtable for Derived+16> instead of 0x613c20 (the derived pointer)?
You also get the same result without Python: (gdb) p p $1 = (Derived *) 0x5d20c0 (gdb) p pb $2 = (Base *) 0x5d20c0 (gdb) p pb2 $3 = (Base2 *) 0x5d20d0 (gdb) p dynamic_cast<Derived*>(p) $4 = (Derived *) 0x13f4e8800 <vtable for Derived+16> (gdb) p dynamic_cast<Derived*>(pb) $5 = (Derived *) 0x13f4e8800 <vtable for Derived+16> (gdb) p dynamic_cast<Derived*>(pb2) $6 = (Derived *) 0x13f4e8800 <vtable for Derived+16> (gdb) p dynamic_cast<Base*>(p) $7 = (Base *) 0x5d20c0 (gdb) p dynamic_cast<Base*>(pb) $8 = (Base *) 0x13f4e8800 <vtable for Derived+16> (gdb) p dynamic_cast<Base*>(pb2) $9 = (Base *) 0x5d20c0 (gdb) p dynamic_cast<Base2*>(p) $10 = (Base2 *) 0x5d20d0 (gdb) p dynamic_cast<Base2*>(pb) $11 = (Base2 *) 0x5d20d0 (gdb) p dynamic_cast<Base2*>(pb2) $12 = (Base2 *) 0x13f4e8800 <vtable for Derived+16>
Looks similar to https://sourceware.org/bugzilla/show_bug.cgi?id=28907
(In reply to Simon Marchi from comment #2) > Looks similar to https://sourceware.org/bugzilla/show_bug.cgi?id=28907 That one is about casts without RTTI, which is done differently.
Recategorizing since it happens without Python
The master branch has been updated by Hannes Domani <ssbssa@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0238b543f3c294fc8512021a40b708e8ddc72bb2 commit 0238b543f3c294fc8512021a40b708e8ddc72bb2 Author: Hannes Domani <ssbssa@yahoo.de> Date: Tue Mar 29 20:05:06 2022 +0200 Fix dynamic_cast PR29011 notes that dynamic_cast does not work correctly if classes with virtual methods are involved, some of the results wrongly point into the vtable of the derived class: ``` (gdb) p vlr $1 = (VirtualLeftRight *) 0x162240 (gdb) p vl $2 = (VirtualLeft *) 0x162240 (gdb) p vr $3 = (VirtualRight *) 0x162250 (gdb) p dynamic_cast<VirtualLeftRight*>(vlr) $4 = (VirtualLeftRight *) 0x13fab89b0 <vtable for VirtualLeftRight+16> (gdb) p dynamic_cast<VirtualLeftRight*>(vl) $5 = (VirtualLeftRight *) 0x13fab89b0 <vtable for VirtualLeftRight+16> (gdb) p dynamic_cast<VirtualLeftRight*>(vr) $6 = (VirtualLeftRight *) 0x13fab89b0 <vtable for VirtualLeftRight+16> (gdb) p dynamic_cast<VirtualLeft*>(vlr) $7 = (VirtualLeft *) 0x162240 (gdb) p dynamic_cast<VirtualLeft*>(vl) $8 = (VirtualLeft *) 0x13fab89b0 <vtable for VirtualLeftRight+16> (gdb) p dynamic_cast<VirtualLeft*>(vr) $9 = (VirtualLeft *) 0x162240 (gdb) p dynamic_cast<VirtualRight*>(vlr) $10 = (VirtualRight *) 0x162250 (gdb) p dynamic_cast<VirtualRight*>(vl) $11 = (VirtualRight *) 0x162250 (gdb) p dynamic_cast<VirtualRight*>(vr) $12 = (VirtualRight *) 0x13fab89b0 <vtable for VirtualLeftRight+16> ``` For the cases where the dynamic_cast type is the same as the original type, it used the ARG value for the result, which in case of pointer types was already the dereferenced value. And the TEM value at the value address was created with the pointer/reference type, not the actual class type. With these fixed, the dynamic_cast results make more sense: ``` (gdb) p vlr $1 = (VirtualLeftRight *) 0x692240 (gdb) p vl $2 = (VirtualLeft *) 0x692240 (gdb) p vr $3 = (VirtualRight *) 0x692250 (gdb) p dynamic_cast<VirtualLeftRight*>(vlr) $4 = (VirtualLeftRight *) 0x692240 (gdb) p dynamic_cast<VirtualLeftRight*>(vl) $5 = (VirtualLeftRight *) 0x692240 (gdb) p dynamic_cast<VirtualLeftRight*>(vr) $6 = (VirtualLeftRight *) 0x692240 (gdb) p dynamic_cast<VirtualLeft*>(vlr) $7 = (VirtualLeft *) 0x692240 (gdb) p dynamic_cast<VirtualLeft*>(vl) $8 = (VirtualLeft *) 0x692240 (gdb) p dynamic_cast<VirtualLeft*>(vr) $9 = (VirtualLeft *) 0x692240 (gdb) p dynamic_cast<VirtualRight*>(vlr) $10 = (VirtualRight *) 0x692250 (gdb) p dynamic_cast<VirtualRight*>(vl) $11 = (VirtualRight *) 0x692250 (gdb) p dynamic_cast<VirtualRight*>(vr) $12 = (VirtualRight *) 0x692250 ``` Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29011 Approved-By: Tom Tromey <tom@tromey.com>
Fixed.