Casting Up the Type Hierarchy
The bad code below differs from the good code in that
Directory.T is subtyped from a class that is not
completely virtual. (That is, it has some non-NIL methods.) It also
has a procedure Init revealed in its interface.
There are two problems with this interface. First, malicious code
could cast upwards and call a superclass method on the subtype.
(* using Type.Method and casting up to a visible type *)
EVAL Directory.PublicT.init(NARROW(NEW(FileSystemDirectory.T), Directory.PublicT));
If no methods are revealed in an INTERFACE, then the only methods that
can be called are NIL methods.
Second, procedures that operate directly on objects is also dangerous.
Malicious code could also do the following:
(* calling init directly, since FileSystemDirectory.T is a subclass
of Directory.PublicT *)
EVAL Directory.Init(NEW(FileSystemDirectory.T));
The implementor of FileSystemDirectory.T must ensure that
Directory.Init is written acceptably, or that it only
calls object methods on Directory.T that are acceptably
overriden in FileSystemDirectory.T.