Finding the type of a virtual table

[Kevin.Backhouse at arm.com]

For the purposes of performing a static analysis, I am interested to know
whether it is possible to determine the type of an object by looking at its
vtable. VTables contain RTTI information so it ought to be possible, but I
am unsure about secondary vtables and I wonder if anyone can help.

To illustrate, here is an example of a class hierarchy:

     class A
     class B
     class C : A, B
     class D : B, C

If I understand the C++ ABI for Itanium correctly, class D will have the
following vtables:

     D's primary vtable (which extends B's vtable)
     Secondary vtable for C in D (which extends A's vtable)
     Secondary vtable for B in C in D

Given (say) the secondary vtable for B in C in D and nothing else, is it
possible to determine that objects with this vtable have type B? The RTTI
information in this vtable contains the type information for D, so the
information for B must be obtained via an indirect route. The RTTI for D
contains base type information for each direct base class of D. If B is a
non-virtual base class, then I believe that it is possible to match up the
B-in-C-in-D vtable with B's type-info by comparing the offset-to-top in the
vtable with the offsets stored in D's type info. However, if B is a virtual
base class, then I am not sure if this is possible. D's type info contains
"... the offset in the virtual table of the virtual base offset for the
virtual base referenced (negative.)" [page 21]. This information can only
be used if D's primary vtable is available. Is it possible to uniquely
determine D's primary table, given only D's type info? Is it true that it
is the only vtable with offset-to-top = 0 and D's type info in its RTTI
slot?

I would be very grateful for any feedback on whether this strategy is
correct and whether I have understood the ABI correctly.

thanks,

Kevin