We Keep Coding

C++ base class pointer calls child virtual function, why could base class pointer see child class member

I think I might be confusing myself. I know class with virtual functions in C++ has a vtable (one vtable per class type), so the vtable of Base class will have one element &Base::print(), while the vtable of Child class will have one element &Child::print().
When I declare my two class objects, base and child, base's vtable_ptr will pointer to Base class's vtable, while child's vtable_ptr will point to Child class's vtable. After I assign the address of base and child to an array of Base type pointer. I call base_array[0]->print() and base_array[1]->print(). My question is, both base_array[0] and base_array[1] is of type Base*, during run-time, although the v-table lookup will gives the correct function pointer, how could a Base* type see the element in Child class? (basically value 2?). When I call base_array[1]->print(), base_array[1] is of type Base*, but during run time it finds out it will use Child class print(). However, I am confused why value2 can be accessed during this time, because I am playing with type Base*..... I think I must miss something somewhere.
#include "iostream"
#include <string>
using namespace std;
class Base {
public:
int value;
string name;
Base(int _value, string _name) : value(_value),name(_name) {
}
virtual void print() {
cout << "name is " << name << " value is " << value << endl;
}
};
class Child : public Base{
public:
int value2;
Child(int _value, string _name, int _value2): Base(_value,_name), value2(_value2) {
}
virtual void print() {
cout << "name is " << name << " value is " << value << " value2 is " << value2 << endl;
}
};
int main()
{
Base base = Base(10,"base");
Child child = Child(11,"child",22);
Base* base_array[2];
base_array[0] = &base;
base_array[1] = &child;
base_array[0]->print();
base_array[1]->print();
return 0;
}

The call to print through the pointer does a vtable lookup to determine what actual function to call.
The function knows the actual type of the 'this' argument.
The compiler will also insert code to adjust to the actual type of the argument (say you have class child:
public base1, public base2 { void print(); };
where print is a virtual member inherited from base2. In that case the relevant vtable will not be at offset 0 in child so an adjustment will be needed to translate from the stored pointer value to the correct object location).
The data needed for that fix-up is generally stored as part of hidden run-time type information (RTTI) blocks.

I think I must miss something somewhere
Yes, and you got most of the stuff right until the end.
Here is a reminder of the really basic stuff in C/C++ (C and C++: same conceptual heritage so a lot of basic concepts are shared, even if the fine details diverge significantly at some point). (That may be really obvious and simple, but it's worth saying it loudly to feel it.)
Expressions are part of the compiled program, they exist at compile time; objects exist at run time. An object (the thing) is designated by expression (the word); they are conceptually different.
In traditional C/C++, an lvalue (short for left-value) is an expression whose runtime evaluation designates an object; dereferencing a pointer gives an lvalue, (f.ex. *this). It's called "left value" because the assignment operator on the left requires an object to assign to. (But not all lvalue can be at the left of the assignment operator: expressions designating const objects are lvalues, usually cannot be assigned to.) Lvalues always have a well defined identity and most of them has an address (only members of struct declared as bit-field cannot have their address taken, but the underlying storage object still has an address).
(In modern C++, the lvalue concept was renamed glvalue, and a new concept of lvalue was invented (instead of making a new term for the new concept and keeping the old term of concept of object with an identity that may or may not be modifiable. That was in my not so humble opinion a serious error.)
The behavior of a polymorphic object (an object of a class type with at least one virtual function) depends of its dynamic type, that its type of started construction (the name of the constructor of the object that started to construct data members, or entered the constructor body). During the execution of the body of the Child constructor, the dynamic type of the object designed by *this is Child (during the execution of the body of a base class constructor, the dynamic type is that of the base class constructor running).
Dynamic polymorphic means that you can use a polymorphic object with an lvalue whose declared type (type deduced at compile time from the rules of the language) isn't exactly the same type, but a related type (related by inheritance). That's the whole point of the virtual keyword in C++, without that it would be completely useless!
If base_array[i] contains an address of an object (so its value is well defined, not null), you can dereference it. That gives you an lvalue whose declared type is always Base * by definition: that's the declared type, the declaration of base_array being:
Base (*(base_array[2])); // extra, redundant parentheses
which can of course be written
Base* base_array[2];
if you want to write it that way, but the parse tree, the way the declaration is decomposed by the compiler is NOT
{ Base* } { base_array[2] }
(using bold face curly brace to symbolically represent parsing)
but instead
Base { * { { base_array } [2] } }
I hope you understand that the curly braces here are my choice of meta language NOT the curly braces used in the language grammar to define classes and functions (I don't know how to draw boxes around text here).
As a beginner, it's important that you "program" your intuition correctly, to always read declarations like the compiler does; if you ever declare two identifier on the same declaration, the difference is important int * a, b; means int (*a), b; AND NOT int (*a), (*b);
(Note: even if that might be clear to you the OP, as this is clearly a question of interest to beginners in C++, that reminder of C/C++ declaration syntax might be of use of someone else.)
So, going back to the issue of polymorphism: an object of a derived type (name of the most recently entered constructor) can be designated by an lvalue of a base class declared type. The behavior of virtual function calls is determined by the dynamic type (also called real type) of the object designated by the expression, unlike the behavior of non virtual function calls; that's the semantic defined by the C++ standard.
The way the compiler gets the semantic defined by a language standard is its own problem and not described in the language standard, but when there is only one efficient simple to do it, all compilers do it essentially the same way (the fine details are compiler-specific) with
one virtual function table ("vtable") per polymorphic class
one pointer to a vtable ("vptr") per polymorphic object
(Both vtable and vptr are obviously implementation concepts and not language concepts, but they are so common that every C++ programmer knows them.)
The vtable is a description of the polymorphic aspects of the class: the runtime operations on an expression of a given declared type whose behavior depends on the dynamic type. There is one entry for each runtime operation. A vtable is like a struct (record) with one member (entry) per operation (all entries are usually pointers of the same size, so many people describe the vtable as an array of pointers, but I don't, I describe it as a struct).
The vptr is a hidden data member (a data member without a name, not accessible by C++ code), whose position in an object is fixed like any other data member, that can be read by the runtime code when an lvalue of polymorphic class type (call it D for "declared type") is evaluated. Dereferencing a vptr in D gives you a vtable describing a D lvalue, with entries for each runtime aspect of an lvalue of type D. By definition, the location of the vptr and the interpretation of the vtable (layout and use of its entries) are completely determined by the declared type D. (Obviously no information necessary for the use and interpretation of the vptr can be a function of the runtime type of an object: the vptr is used when that type is not known.)
The semantics of the vptr is the set of guaranteed valid runtime operations on the vptr: how the vptr can be dereferenced (the vptr of an existing object always points to a valid vtable). It's the set of properties of the form: by adding offset off to vptr value, you get a value that can be used in "such way". These guarantees form a runtime contract.
The most obvious runtime aspect of a polymorphic object is calling virtual function, so there is an entry in a vtable for D lvalue for each virtual function that can be called on an lvalue of type D, that is an entry for each virtual function declared either in that class or in a base class (not counting overriders as they are the same). All non static member functions have a "hidden" or "implicit" argument, the this parameter; when compiling it becomes a normal pointer.
Any class X derived from D will have a vtable for D lvalues. For efficiency in common case of simple case of normal (non virtual) single inheritance, the semantics of the vptr of the base class (that we then call a primary base class) will be augmented with new properties, so the vtable for X will be augmented: the layout and semantics of the vtable for D will be augmented: any property of a vtable for D is also a property of the vtable for X, the semantic will be "inherited": there's an "inheritance" of the vtables in parallel with the inheritance inside the classes.
In logical terms, there's an increase of guarantees: the guarantees of the vptr of a derived class object are stronger than the guarantees of the vptr of a base class object. Because it's stronger contract, all code generated for a base lvalue is still valid.
[In more complex inheritance, that is either virtual inheritance, or non virtual
secondary inheritance (in multiple inheritance, inheritance from a secondary base, that is any base that is not defined as "primary base"), the augmentation of the semantics of the vtable of the base class is not so simple.]
[One way to explain C++ classes implementation is as a translation to C (indeed the first C++ compiler was compiling to C, not to assembly). The translation of a C++ member function is simply a C function where the implicit this parameter is explicit, a normal pointer parameter.]
The vtable entry for a virtual function for D lvalue is just a pointer to a function with as parameter the now explicit this parameter: that parameter is a pointer to D, it actually points to the D base subobject of an object of class derived from D, or an object of actual dynamic type D.
If D is a primary base of X, that is one that starts at the same address as the derived class, and where the vtable starts at the same address, so the vptr value is the same, and the vptr is shared between a primary base and the derived class. It means that virtual calls (calls on lvalue that go through vtable) to virtual functions in X that replace identically (that override with the same return type) just follow the same protocol.
(Virtual overriders can have a different, covariant return type and a different call convention might be used in that case.)
There are other special vtable entries:
Multiple virtual call entries for a given virtual function signature if the overrider has a covariant return type that requires and adjustment (that is not a primary base).
For special virtual functions: when the delete operator used on a polymorphic base with a virtual destructor, it is done through a deleting virtual destructor, to call the correct operator delete (replaced delete if there is one).
There is also a non deleting virtual destructor that is used for explicit destructor calls: l.~D();
The vtables stores the offsets for each virtual base subobjects, for implicit conversion to a virtual base pointer, or for accessing its data members.
There is the offset of the most derived object for dynamic_cast<void*>.
An entry for the typeid operator applied to a polymorphic object (notably, the name() of the class).
Enough information for dynamic_cast<X*> operators applied to a pointer to polymorphic object to navigate the class hierarchy at runtime, to locate a given base class or derived subobject (unless X isn't simply a base class of the cast type as that is without dynamically navigating the hierarchy).
This is just an overview of the information present in vtable and the kinds of vtable, there are other subtleties. (Virtual bases are notably more complex than non virtual bases at the implementation level.)

I think you might be confusing the way a pointer is declared with the type of the object it happens to be pointing to.
Forget about vtables for a moment. They're an implementation detail. They are just a means to an end. Let's look at what your code is actually doing.
So, with reference to the code you posted, this line:
base_array[0]->print();
calls into Bases implementation of print(), because the object pointed to is of type Base.
Whereas this line:
base_array[1]->print();
calls into Childs implementation of print(), because (yes, you guessed it) the object pointed to is of type Child. You don't need any fancy type casts to make this happen. It will just happen anyway, provided the method is declared virtual.
Now, inside the body of Base::print(), the compiler doesn't know (or care) whether this points to an object of type Base or an object of type Child (or any other class derived from Base, in the general case). It therefore follows that it can only access data members declared by Base (or any parent classes of Base, if there were any). Once you understand that, it's all simple enough.
But inside the body of Child::print(), the compiler does know a bit more about what this is pointing to - it has to be an instance of class Child (or some other class derived from Child). So now, the compiler can safely access value2 - inside the body of Child::print() - and your example therefore compiles correctly.
I think that's about it really. The vtable is only there to dispatch to the correct virtual method when you call that method through a pointer whose type is not known at compile time, as your example code is indeed doing. (*)
(*) Well, almost. Optimising compilers are getting pretty funky these days, there is actually enough information there for it you call the relevant method direct but please don't let that confuse the issue in any way.

Why use virtual functions when base class pointer casting gives same result?

I was studying Virtual Functions and Pointers. Below code made me to think about, why does one need Virtual Function when we can type cast base class pointer the way we want?
class baseclass {
public:
void show() {
cout << "In Base\n";
}
};
class derivedclass1 : public baseclass {
public:
void show() {
cout << "In Derived 1\n";
}
};
class derivedclass2 : public baseclass {
public:
void show() {
cout << "In Derived 2\n";
}
};
int main(void) {
baseclass * bptr[2];
bptr[0] = new derivedclass1;
bptr[1] = new derivedclass2;
((derivedclass1*) bptr)->show();
((derivedclass2*) bptr)->show();
delete bptr[0];
delete bptr[1];
return 0;
}
Gives same result if we use virtual in base class.
In Derived 1
In Derived 2
Am I missing something?

Your example appears to work, because there is no data, and no virtual methods, and no multiple inheritance. Try adding int value; to derivedclass1, const char *cstr; to derivedclass2, initialize these in corresponding constructors, and add printing these to corresponding show() methods.
You will see how show() will print garbage value (if you cast pointer to derivedclass1 when it is not) or crash (if you cast the pointer to derivedclass2 when class in fact is not of that type), or behave otherwise oddly.
C++ class member functions AKA methods are nothing more than functions, which take one hidden extra argument, this pointer, and they assume that it points to an object of right type. So when you have an object of type derivedclass1, but you cast a pointer to it to type derivedclass2, then what happens without virtual methods is this:
method of derivedclass2 gets called, because well, you explicitly said "this is a pointer to derivedclass2".
the method gets pointer to actual object, this. It thinks it points to actual instance of derivedclass2, which would have certain data members at certain offsets.
if the object actually is a derivedclass1, that memory contains something quite different. So if method thinks there is a char pointer, but in fact there isn't, then accessing the data it points to will probably access illegal address and crash.
If you instead use virtual methods, and have pointer to common base class, then when you call a method, compiler generates code to call the right method. It actually inserts code and data (using a table filled with virtual method pointers, usually called vtable, one per class, and pointer to it, one per object/instance) with which it knows to call the right method. So when ever you call a virtual method, it's not a direct call, but instead the object has extra pointer to the vtable of the real class, which tells what method should really be called for that object.
In summary, type casts are in no way an alternative to virtual methods. And, as a side note, every type cast is a place to ask "Why is this cast here? Is there some fundamental problem with this software, if it needs a cast here?". Legitimate use cases for type casts are quite rare indeed, especially with OOP objects. Also, never use C-style type casts with object pointers, use static_cast and dynamic_cast if you really need to cast.

If you use virtual functions, your code calling the function doesn't need to know about the actual class of the object. You'd just call the function blindly and correct function would be executed. This is the basis of polymorphism.
Type-casting is always risky and can cause run-time errors in large programs.
Your code should be open for extension but closed for modifications.
Hope this helps.

You need virtual functions where you don't know the derived type until run-time (e.g. when it depends on user input).
In your example, you have hard-coded casts to derivedclass2 and derivedclass1. Now what would you do here?
void f(baseclass * bptr)
{
// call the right show() function
}
Perhaps your confusion stems from the fact that you've not yet encountered a situation where virtual functions were actually useful. When you always know exactly at compile-time the concrete type you are operating on, then you don't need virtual functions at all.
Two other problems in your example code:
Use of C-style cast instead of C++-style dynamic_cast (of course, you usually don't need to cast anyway when you use virtual functons for the problem they are designed to solve).
Treating arrays polymorphically. See Item 3 in Scott Meyer's More Effective C++ book ("Never treat arrays polymorphically").

How does typeid work and how do objects store class information?

http://en.wikipedia.org/wiki/Typeid
This seems to be a mystery to me: how does a compiler stores information about the type of an object ? Basically an empty class, once instantiated, has not a zero size in memory.

How it is stored is implementation-defined. There are many completely different ways to do it.
However, for non-polymorphic types nothing needs to be stored. For non-polymorphic types typeid returns information about the static type of the expression, i.e. its compile-time type. The type is always known at compile-time, so there's no need to associate any additional information with specific objects (just like for sizeof to work you don't really need to store the object size anywhere). "An empty object" that you mention in your question would be an object of non-polymorphic type, so there's no need to store anything in it and there's no problem with it having zero size. (Meanwhile, polymorphic objects are never really "empty" and never have "zero size in memory".)
For polymorphic types typeid does indeed return the information about the dynamic type of the expression, i.e. about its run-time type. To implement this something has to be stored inside the actual object at run-time. As I said above, different compilers implement it differently. In MSVC++, for one example, the VMT pointer stored in each polymorphic object points to a data structure that contains the so called RTTI - run-time type information about the object - in addition to the actual VMT.
The fact that you mention zero size objects in your question probably indicates that you have some misconceptions about what typeid can and cannot do. Remember, again, typeid is capable of determining the actual (i.e. dynamic) type of the object for polymorphic types only. For non-polymorphic types typeid cannot determine the actual type of the object and reverts to primitive compile-time functionality.

Imagine every class as if it has this virtual method, but only if it already has one other virtual, and one object is created for each type:
extern std::type_info __Example_info;
struct Example {
virtual std::type_info const& __typeid() const {
return __Example_info;
}
};
// "__" used to create reserved names in this pseudo-implementation
Then imagine any use of typeid on an object, typeid(obj), becomes obj.__typeid(). Use on pointers similarly becomes pointer->__typeid(). Except for use on null pointers (which throws bad_typeid), the pointer case is identical to the non-pointer case after dereferencing, and I won't mention it further. When applied directly on a type, imagine that the compiler inserts a reference directly to the required object: typeid(Example) becomes __Example_info.
If a class does not have RTTI (i.e. it has no virtuals; e.g. NoRTTI below), then imagine it with an identical __typeid method that is not virtual. This allows the same transformation into method calls as above, relying on virtual or non-virtual dispatch of those methods, as appropriate; it also allows some virtual method calls to be transformed into non-virtual dispatch, as can be performed for any virtual method.
struct NoRTTI {}; // a hierarchy can mix RTTI and no-RTTI, just as use of
// virtual methods can be in a derived class even if the base
// doesn't contain any
struct A : NoRTTI { virtual ~A(); }; // one virtual required for RTTI
struct B : A {}; // ~B is virtual through inheritance
void typeid_with_rtti(A &a, B &b) {
typeid(a); typeid(b);
A local_a; // no RTTI required: typeid(local_a);
B local_b; // no RTTI required: typeid(local_b);
A &ref = local_b;
// no RTTI required, if the compiler is smart enough: typeid(ref)
}
Here, typeid must use RTTI for both parameters (B could be a base class for a later type), but does not need RTTI for either local variable because the dynamic type (or "runtime type") is absolutely known. This matches, not coincidentally, how virtual calls can avoid virtual dispatch.
struct StillNoRTTI : NoRTTI {};
void typeid_without_rtti(NoRTTI &obj) {
typeid(obj);
StillNoRTTI derived; typeid(derived);
NoRTTI &ref = derived; typeid(ref);
// typeid on types never uses RTTI:
typeid(A); typeid(B); typeid(NoRTTI); typeid(StillNoRTTI);
}
Here, use on either obj or ref will correspond to NoRTTI! This is true even though the former may be of a derived class (obj could really be an instance of A or B) and even though ref is definitely of a derived class. All of the other uses (the last line of the function) will also be resolved statically.
Note that in these example functions, each typeid uses RTTI or not as the function name implies. (Hence the commented-out uses in with_rtti.)

Even when you do not use type information, an empty class will not have zero bytes, it always has something, if I remember correct the standard demands that.
I believe the typeid is implemented similar to a vtable pointer, the object will have a "hidden" pointer to its typeid.

There are several questions in your one question.
In C++ objects is something that occupies memory. If it does not occupy any memory - it is not an object (although base class sub-object can occupy no space). So, an object has to occupy at least 1 byte.
A compiler does not store any type information unless your class has a virtual function. In that case a pointer to type information is often stored at a negative offset in the virtual function table. Note that the standard does not mention any virtual tables or type information format so it is purely an implementation detail.

Why do we need "this pointer adjustor thunk"?

I read about adjustor thunk from here. Here's some quotation:
Now, there is only one QueryInterface
method, but there are two entries, one
for each vtable. Remember that each
function in a vtable receives the
corresponding interface pointer as its
"this" parameter. That's just fine for
QueryInterface (1); its interface
pointer is the same as the object's
interface pointer. But that's bad news
for QueryInterface (2), since its
interface pointer is q, not p.
This is where the adjustor thunks come
in.
I am wondering why "each function in a vtable receives the corresponding interface pointer as its "this" parameter"? Is it the only clue(base address) used by the interface method to locate data members within the object instance?
Update
Here is my latest understanding:
In fact, my question is not about the purpose of this parameter, but about why we have to use the corresponding interface pointer as the this parameter. Sorry for my vagueness.
Besides using the interface pointer as a locator/foothold within an object's layout. There're of course other means to do that, as long as you are the implementer of the component.
But this is not the case for the clients of our component.
When the component is built in COM way, clients of our component know nothing about the internals of our component. Clients can only take hold of the interface pointer, and this is the very pointer that will be passed into the interface method as the this parameter. Under this expectation, the compiler has no choice but to generate the interface method's code based on this specific this pointer.
So the above reasoning leads to the result that:
it must be assured that each function
in a vtable must recieve the
corresponding interface pointer as its
"this" parameter.
In the case of "this pointer adjustor thunk", 2 different entries exist for a single QueryInterface() method, in other words, 2 different interface pointers could be used to invoke the QueryInterface() method, but the compiler only generate 1 copy of QueryInterface() method. So if one of the interfaces is chosen by the compiler as the this pointer, we need to adjust the other to the chosen one. This is what the this adjustor thunk is born for.
BTW-1, what if the compiler can generate 2 different instances of QueryInterface() method? Each one based on the corresponding interface pointer. This won't need the adjustor thunk, but it would take more space to store the extra but similar code.
BTW-2: it seems that sometimes a question lacks a reasonable explanation from the implementer's point of view, but could be better understood from the user's pointer of view.

Taking away the COM part from the question, the this pointer adjustor thunk is a piece of code that makes sure that each function gets a this pointer pointing to the subobject of the concrete type. The issue comes up with multiple inheritance, where the base and derived objects are not aligned.
Consider the following code:
struct base {
int value;
virtual void foo() { std::cout << value << std::endl; }
virtual void bar() { std::cout << value << std::endl; }
};
struct offset {
char space[10];
};
struct derived : offset, base {
int dvalue;
virtual void foo() { std::cout << value << "," << dvalue << std::endl; }
};
(And disregard the lack of initialization). The base sub object in derived is not aligned with the start of the object, as there is a offset in between[1]. When a pointer to derived is casted to a pointer to base (including implicit casts, but not reinterpret casts that would cause UB and potential death) the value of the pointer is offsetted so that (void*)d != (void*)((base*)d) for an assumed object d of type derived.
Now condider the usage:
derived d;
base * b = &d; // This generates an offset
b->bar();
b->foo();
The issue comes when a function is called from a base pointer or reference. If the virtual dispatch mechanism finds that the final overrider is in base, then the pointer this must refer to the base object, as in b->bar, where the implicit this pointer is the same address stored in b. Now if the final overrider is in a derived class, as with b->foo() the this pointer has to be aligned with the beginning of the sub object of the type where the final overrider is found (in this case derived).
What the compiler does is creating an intermediate piece of code. When the virtual dispatch mechanism is called, and before dispatching to derived::foo the intermediate call takes the this pointer and substracts the offset to the beginning of the derived object. This operation is the same as a downcast static_cast<derived*>(this). Remember that at this point, the this pointer is of type base, so it was initially offsetted, and this effectively returns the original value &d.
[1]There is an offset even in the case of interfaces --in the Java/C# sense: classes defining only virtual methods-- as they need to store a table to that interface's vtable.

Is it the only clue(base address) used by the interface method to locate data members within the object instance?
Yes, that's really all there is to it.

Yes, this is essential for finding where the object start is. You write in your code:
variable = 10;
where variable is the member variable. First of all, which object does it belong to? It belongs to the object pointed to by this pointer. So it's actually
this->variable = 10;
now C++ needs to generate code that will actuall do the job - copy data. In order to do that it needs to know the offset between the object start and the member variable. The convention is that this always points onto the object start, so the offset can be constant:
*(reinterpret_cast<int*>( reinterpret_cast<char*>( this ) + variableOffset ) ) = 10; //assuming variable is of type int

I think that it is important to point that in C++ there is no such entity as "interface pointer" or anything close to that. It is an idiom at best built on the concept of a restricted abstract class but still remaining a class. As a such all rules applying to class members and handling 'this' still apply unchanged.
So principally an interface class must behave like stand-alone classes of given type regardless of their function and eventual inheritance hierarchy.
We can use the virtual method call mechanism to get to the actual (dynamic type) of the object exposed by an (interface) base class. How it is done is implementation specific including such concepts like the Virtual Method Table and "adjustor thunks". Generally compiler may use its initial 'this' pointer to locate the VMT and then the actual implementation of a given function and call it with eventual adjustment of the 'this' pointer. The thunk adjustment generally is needed to perform the final call if the memory layout of the base class is different than a derived one to which reference we hold like in the case of multiple inheritance.

Is a pointer to a virtual member function valid in the constructor of the base class?

My question is not about calling a virtual member function from a base class constructor, but whether the pointer to a virtual member function is valid in the base class constructor.
Given the following
class A
{
void (A::*m_pMember)();
public:
A() :
m_pMember(&A::vmember)
{
}
virtual void vmember()
{
printf("In A::vmember()\n");
}
void test()
{
(this->*m_pMember)();
}
};
class B : public A
{
public:
virtual void vmember()
{
printf("In B::vmember()\n");
}
};
int main()
{
B b;
b.test();
return 0;
}
Will this produce "In B::vmember()" for all compliant c++ compilers?

The pointer is valid, however you have to keep in mind that when a virtual function is invoked through a pointer it is always resolved in accordance with the dynamic type of the object used on the left-hand side. This means that when you invoke a virtual function from the constructor, it doesn't matter whether you invoke it directly or whether you invoke it through a pointer. In both cases the call will resolve to the type whose constructor is currently working. That's how virtual functions work, when you invoke them during object construction (or destruction).
Note also that pointers to member functions are generally not attached to specific functions at the point of initalization. If the target function is non-virtual, they one can say that the pointer points to a specific function. However, if the target function is virtual, there's no way to say where the pointer is pointing to. For example, the language specification explicitly states that when you compare (for equality) two pointers that happen to point to virtual functions, the result is unspecified.

"Valid" is a specific term when applied to pointers. Data pointers are valid when they point to an object or NULL; function pointers are valid when they point to a function or NULL, and pointers to members are valid when the point to a member or NULL.
However, from your question about actual output, I can infer that you wanted to ask something else. Let's look at your vmember function - or should I say functions? Obviously there are two function bodies. You could have made only the derived one virtual, so that too confirms that there are really two vmember functions, who both happen to be virtual.
Now, the question becomes whether when taking the address of a member function already chooses the actual function. Your implementations show that they don't, and that this only happens when the pointer is actually dereferenced.
The reason it must work this way is trivial. Taking the address of a member function does not involve an actual object, something that would be needed to resolve the virtual call. Let me show you:
namespace {
void (A::*test)() = &A::vmember;
A a;
B b;
(a.*test)();
(b.*test)();
}
When we initialize test, there is no object of type A or B at all, yet is it possible to take the address of &A::vmember. That same member pointer can then be used with two different objects. What could this produce but "In A::vmember()\n" and "In B::vmember()\n" ?

Read this article for an in-depth discussion of member function pointers and how to use them. This should answer all your questions.

I have found a little explanation on the Old New Thing (a blog by Raymond Chen, sometimes referred to as Microsoft's Chuck Norris).
Of course it says nothing about the compliance, but it explains why:
B b;
b.A::vmember(); // [1]
(b.*&A::vmember)(); // [2]
1 and 2 actually invoke a different function... which is quite surprising, really. It also means that you can't actually prevent the runtime dispatch using a pointer to member function :/

I think no. Pointer to virtual member function is resolved via VMT, so the same way as call to this function would happen. It means that it is not valid, since VMT is populated after constructor finished.

IMO it is implementation defined to take address of a virtual function. This is because virtual functions are implemented using vtables which are compiler implementation specific. Since the vtable is not guaranteed to be complete until the execution of the class ctor is done, a pointer to an entry in such a table (virtual function) may be implementation defined behavior.
There is a somewhat related question that I asked on SO here few months back; which basically says taking address of the virtual function is not specified in the C++ standard.
So, in any case even if it works for you, the solution will not be portable.