[Xotcl] Very severe limitation in XOTcl

Kristoffer Lawson setok at scred.com
Thu Aug 5 10:38:47 CEST 2010 

On 5 Aug 2010, at 10:59, Gustaf Neumann wrote:

> In my understanding, Kristoffers point was that although he is using 
> XOTcl since many
> years (i see postings from him more than 10 years ago) and although he 
> is a experienced
> programmer, he was not aware of the problem with argument values 
> starting with a dash
> (certainly not all, e.g. negative numbers are fine), and he was not 
> aware of the escape
> mechanism (which was added to XOTcl early 2003, see Changelog).

Cheers, and apologies if any offense was caused by my postings. This just caught me completely off guard. Of course once I saw it, it was obvious what is happening, but it really is something you can easily miss, especially as existing XOTcl code out there will not generally worry about it.

> The primarily problem is external input, unfortunately, one weak element 
> of most
> scripting languages. Similar problems lurk around in Tcl in scripts like
> 
>   set file1 -force
>   set file2 -violence
>   file delete $file1 $file2

Indeed. The slight saving grace for those cases is that, in practise, one tries to look more carefully before operating on any filenames passed by the user, but I agree it's quite easy to get caught out there too. Maybe Tcl should have used a different model for optional arguments (something like [file {delete -force} $file] perhaps?), but it's unfortunately difficult to turn back the clock on that...

> The case with the dash arguments in XOTcl is especially nasty to the
> unaware, since the standard configure method determines on the "-"
> (a) where the last argument list ends, and (b), what to call as a method.
> If user-data is passed to the object creation, using the list notation is
> therefore a must (as mentioned by Artur)

Yes, this is also true for setting a parameter:

Car new -doors $amount

If $amount contains a dash, it'll do a method call. Just something to be aware of. It's also not just for user-passed values either. The same could apply to random data, or binary data, or the contents of a file, for instance. Watch out if you're doing a YAML parser.

> People fully aware of the XOTcl flexibility have no big problem with this,
> since they can write their own "configure" method (this method
> implements the dash interpretation) and use this (e.g. via mixins)
> where appropriate.

Yes, if something positive has to be said then it is that flexibility. I went one further and already created a method directly into 'Class' ;-)

-- 
Kristoffer Lawson, Co-Founder, Scred // http://www.scred.com/

More information about the Xotcl mailing list