Eval()?
-
Discuss
Caution: Your response / reaction to this could reveal more about you than you realise.
Note: Your initial response may be considered to be your actual response.
Hint: I would love to help / guide you, but that would defeat the purpose of this topic. Sorry.
-
Does VB.NET even have that?
-
-
in databinding context at least
-
-
My first reaction:
"WTF is this thread, I don't have time for this shit"
My second reaction:
"
eval
? Meh. It has its uses, but there are probably better alternatives around (especially in node.js)"
-
-
Don't have a clue (@Maciejasjmj's response not withstanding) and I not even sure if I have a hankering to find out
If it don't, is that a good thing or a bad thing?
-
eval() makes implementations of languages more complicated.
For example, in C, the eval function would have to run a full C compiler.
But you can use it to implement self-modifying code which is otherwise impossible in most languages.
Not that that's a good idea for most applications.
-
I love eval()! It is the only way our public facing, no-authentication-required credit card app can evaluate any code the user tries to throw at it without validating it first. That's what I call flexible!
-
Discuss
Assuming you are talking about eval as it exists in many scripting languages, such as JavaScript and Python....
Dangerous use with caution avoid if possible
For preference find another way to solve problem that does not require directly executing untrusted code.
It is in theory occasionally necessary, but i have yet to find a situation where there is not a safer solution, often the safer solution has a positive performance gain, or at worst a negligible performance hit.
-
-
eval()?
I think I'd complete this like follows:
eval(user_expressions[1])? eval(user_expressions[2]) : eval(user_expressions[3]);
Filed under: Oops, this isn't a job interview?
Actually, I've made use of that in ECMAScript when I just wanted to test some expressions without having to save an editor document and reload a browser page each time. But are there any other legitimate usages? I very much doubt it. Especially not with hostile input.
-
Important but with a huge potential for misuse. A key part of any metacircular evaluator.
-
But you can use it to implement self-modifying code which is otherwise impossible in most languages.
Of course, you can always do that in C by modifying your own assembly. I think.
Does Java even have an Eval() analogue? Maybe you could do something with running the compiler and using reflection or whatever to pull in the resulting class file? My "advanced" java experience isn't exactly, well, advanced
-
Does VB.NET even have that?
I'm afraid yes.
The framework knows dynamical classes, and the MethodBuilder class (with e. g. the CreateMethodBody method) - this requires knowledge of the IL, though.
And they have even a kind of tutorial to show the principles of how to build an expression interpreter. (Loading the symbols seems to be left as an exercise to the reader.)
There must be more, but I didn't find it so far.
-
eval()
It's a power tool. We use power tools because they're useful, but we put guards on them because we also like to keep our fingers. Respect the tool, but don't be afraid of it. Be afraid of the tool using the tool unwisely…
-
Go kind of has it - a parser is part of the standard library, and there's an additional package golang.org/x/tools/go/ssa/interp that can run programs, including those that have imported that package.
Bonus: The interpreter has a single global buffer for output, so good luck using it in a multithreaded program.
-
There must be more, but I didn't find it so far.
Well, there's
Microsoft.CSharp.CSharpCodeProvider
,Microsoft.VisualBasic.VBCodeProvider
andCompileAssemblyFromSource(CompilerParameters options,params string[] sources)
.And yes, it's exactly as evil as it sounds.
-
-
-
-
:do_not_want.webm:
I've got a C code generator lying around and even that makes me cringe
-
However, you can straight up evaluate JAVASCRIPT. WHY?
Does Java really need the help of Javascript to do ANYTHING?
-
From the Wikipedia:
The Rhino project was started at Netscape in 1997. At the time, Netscape was planning to produce a version of Netscape Navigator written fully in Java
There are efforts to port NodeJS to Java (ditching V8). But no, in 15 years I haven't seen any utility for this.
-
There are efforts to port NodeJS to Java (ditching V8).
why?! V8 is miles ahead of Rhino!
-
-
At the time, Netscape was planning to produce a version of Netscape Navigator written fully in Java
In 1997, wow, that would have been incredibly stupid. Running the rendering engine entirely on top of already slow-at-the-time java? On machines from 97? That would have been a legendarily slow and bad web browser
-
That would have been a legendarily slow and bad web browser
You'll note that such a beast never saw the light of day.
-
That site's got style.
-
<link rel="stylesheet" type="text/css" href="annoying.css" />EDIT: Oops, you were talking about the BeanShell site, that's not the site I was thinking it was about. That's actually not too bad, not great, but hardly as annoying as the one I had in mind.
-
But it should have been laughed out of the planning meeting.
"I want to run slow ass javascript on top of a slow ass JVM"
blank stares
-
There's a reason JavaScript was named JavaScript... politics.
-
"Java? Oh yeah I've used Javascript, totally the same right?"
I hate you
-
I guess it's a good tool to have around, but I'm having trouble thinking of a good time to use it. If the source of the code being eval'ed is coming from another part of your program, then isn't there a better way to do that using actual design patterns? And if it's coming from an external source, then how can you ever validate it with enough confidence?
-
Notice "eval()" is almost never used in a smart way
[citation needed]
-
At the time, Netscape was planning to produce a version of Netscape Navigator written fully in Java
And of course, the best way to do that is to put all the relevant code in the language's standard library.
It's not like you can make your own libraries or anything.
-
And of course, the best way to do that is to put all the relevant code in the language's standard library.
Rhino wasn't a part of Java until Java8 when it was taken over by a JSR as Nashorn.
-
Notice "eval()" is almost never used in a smart way
Dynamic SQL is basically eval(), and sometimes it's the best / only way to accomplish what you're trying to do.
It's still spiteful, but at least there's some rationale sometimes.
-
If the source of the code being eval'ed is coming from another part of your program, then isn't there a better way to do that using actual design patterns? And if it's coming from an external source, then how can you ever validate it with enough confidence?
We've got a product that uses Beanshell to run user programs as part of a larger overall program. The ability to include snippets that run in a limited environment is extremely useful, and the ability to embed that within a wider environment that captures other information. In this case, the beanshells are adding custom processing that connects with other parts such as access to web services, talking to databases, file handling and so on. The extra info captured is a bit like a souped up
set -x
— if you know bash — and allows for tracking what was done much more precisely. You could write a completely custom program to do it in the language du jour, but that would be a shit-ton of work (because the stuff this sort of system is used for automating is really complicated, especially when it comes to working with crappy websites, of which there are far too many).Is the code trustable in this case? Well, the user probably wrote it, or got it from someone they trusted, so yes, it's trustable by them. If you're going to argue that that's not good enough, go right ahead, but I'll ignore you with good reason…
-
just about the only thing Java did right, that.
And what about parentheses matching? Imagine a language where this would be syntactically correct:
c <-< (a + * b]}; -
-
that is, unless i miss my guess legal intercal.
then again most line noise is legal intercal.
-
How often does line noise produce the sequence for "Please Do"?
-
given a sufficiently long sequence of normally distributed line noice.... EVERY TIME!
-
normally distributed
That's the kind of line noise I like to hear!Also, even that wouldn't produce "Do"'s and "Please Do"'s in the correct quantity and ratio. Not across the entire length of noise at least
-
obviously a significant portion of the line noise would need to be discarded but given the apropriateparse tokens this is possible.
-
And given
normally distributed
line noise, possible with any and every language. Also your program could include a massively accurate declaration of Pi
-
i imagine it would, yes.
-
Obviously this is a breakthrough unlike any other. I believe we should patent this "line noise" before somebody else comes up with this. Imagine: Any possible program, pre-written and perfect in every way! We will make trillions!
-
And what about parentheses matching? Imagine a language where this would be syntactically correct:
c <-< (a + * b]}; -</blockquote>
Long ago, I wrote a language that used different sorts of non-matching brackets to indicate kinds of stream operators. It was really succinct and powerful for the sorts of processing we were doing at the time. My boss looked at it for a bit, said “that's nice” and then ordered me to find another way to do it without unmatched brackets.