''What:''

Tainting data is an ability to tag it with its source (or some other quality), and inspect the taint to make decisions.

''Why:''

Tainting can be useful for enforcing security, for example, controlling references between sandboxes (data created in one sandbox can't be referenced in a different sandbox.)  This could be useful in [tclhttpd] to prevent cross-site scripting attacks by tainting user-generated data.  JavaScript supports tainting.

''How:''

Tainting can be implemented by a coloured store, where each allocation contains metadata as to its creation, disposition, etc.  Everything in tcl is a string, and almost all strings finally come down to malloc (except where they don't :)

An implementation of tainting might make use of the same trick malloc() itself uses, to store data ''before'' the returned pointer as well as (more conventionally) after it.  Nothing in tcl would be impacted by this change, because as yet nothing in tcl uses negative indexing off malloc'ed data.