← Back to Knowledge Base← Previous questionNext question →
ProgrammingPerl Lead Developer

What approaches exist for dynamically creating and calling functions in Perl? How can dispatch by function name or key be implemented, and what should be considered in terms of security and performance?

Pass interviews with Hintsage AI assistant

Answer.

Dynamic creation and calling of functions is one of the most flexible mechanisms in Perl, inherited from the traditions of latex and shell scripts. Since early versions, Perl has allowed calling functions by string (through symbolic references/globs), storing references to subroutines in variables and associative arrays, as well as the AUTOLOAD construct for generating functions on the fly.

The main issues with this approach are security (the potential for calling an unwanted function via a substituted string) and performance (symbolic name resolution is slower than direct calls). It is also important to control the scope of functions and the passing of the correct number of arguments.

The solution is to use a hash dispatcher (mapping from string/keyword to coderef), avoid using eval to execute user code, and clearly define the list of functions allowed for invocation.

Example code (dispatch by key):

my %dispatch = (
    add => sub { $_[0] + $_[1] },
    sub => sub { $_[0] - $_[1] },
    mult => sub { $_[0] * $_[1] },
);

my $key = 'add';
if (exists $dispatch{$key}) {
    print $dispatch{$key}->(2, 3); # Will output 5
} else {
    die "Unknown action $key";
}

Key features:

  • Function references can be stored and passed as values without resorting to eval.
  • Symbolic resolution (via hash) is safer than running eval or soft references.
  • AUTOLOAD is convenient for creating "on-demand" functions but requires strict filtering of keys.

Trick questions.

Can you call a function by its name using only a string?

Answer: Yes, but it is dangerous - calling $fn_name->() or through direct symbolic reference &$fn_name(); is not recommended with external (user) data, as it can lead to potential vulnerabilities.

Is there a difference between a code reference and a function name in Perl?

Answer: Yes, a function name is always global, while a function reference (coderef) can be lexical, local, passed between subroutines, and can hold an anonymous function.

my $coderef = sub { ... };
my $named = \&fn_name;

What happens if a non-existent function is called through a hash dispatcher?

Answer: If the key is absent, an error will occur. Therefore, it is always necessary to check exists before calling and handle unrecognized commands; otherwise, there will be an attempt to call undef (fatal error).

Common mistakes and anti-patterns

  • Dispatch via eval "&$user_func(...)" is a critical security flaw.
  • Lack of exists check before invoking a function from the dispatch hash.
  • AUTOLOAD without strict filtering and limiting of callable function names.

Real-life examples

Negative case

A command on the website takes the function name from the GET parameter and calls it via eval - any user can invoke system, unlink, and other dangerous functions.

Pros:

  • Flexibility in adding new "features" without changing the dispatcher code.

Cons:

  • Serious vulnerability and risk of complete server compromise.

Positive case

A hash with a whitelist of functions is used, all parameters are validated, eval is not used, errors are caught and logged.

Pros:

  • Maximally secure dispatching, the code is readable and extensible.

Cons:

  • It is necessary to keep the list of allowed commands up to date; for scalability, dynamic registration of functions is required.