Eval

In some programming languages, eval , short for evaluate, is a function which evaluates a string as though it were an expression in the language, and returns a result; in others, it executes multiple lines of code as though they had been included instead of the line including the eval. The input to eval is not necessarily a string; it may be structured representation of code, such as an abstract syntax tree (like Lisp forms), or of special type such as code (as in Python). The analog for a statement is exec, which executes a string (or code in other format) as if it were a statement; in some languages, such as Python, both are present, while in other languages only one of either eval or exec is.

Security risks

Using eval with data from an untrusted source may introduce security vulnerabilities. For instance, assuming that the get_data() function gets data from the Internet, this Python code is insecure:

session authenticated'= False
data = get_data()
foo = eval(data)

An attacker could supply the program with the string "session.update(authenticated=True)" as data, which would update the session dictionary to set an authenticated key to be True. To remedy this, all data which will be used with eval must be escaped, or it must be run without access to potentially harmful functions.

Implementation

In interpreted languages, eval is almost always implemented with the same interpreter as normal code. In compiled languages, the same compiler used to compile programs may be embedded in programs using the eval function; separate interpreters are sometimes used, though this results in code duplication.

Programming languages

ECMAScript

JavaScript

In JavaScript, eval is something of a hybrid between an expression evaluator and a statement executor. It returns the result of the last expression evaluated.

Example as an expression evaluator:

foo = 2;
alert(eval('foo + 2'));

Example as a statement executor:

foo = 2;
eval('foo = foo + 2;alert(foo);');

One use of JavaScript's eval is to parse JSON text, perhaps as part of an Ajax framework. However, modern browsers provide JSON.parse as a more secure alternative for this task.

ActionScript

In ActionScript (Flash's programming language), eval cannot be used to evaluate arbitrary expressions. According to the Flash 8 documentation, its usage is limited to expressions which represent "the name of a variable, property, object, or movie clip to retrieve. This parameter can be either a String or a direct reference to the object instance."

ActionScript 3 does not support eval.

The ActionScript 3 Eval Library and the D.eval API were development projects to create equivalents to eval in ActionScript 3. Both have ended, as Adobe Flash Player has reached its end-of-life.

Lisp

Lisp was the original language to make use of an eval function in 1958. In fact, definition of the eval function led to the first implementation of the language interpreter.John McCarthy, "History of Lisp - The Implementation of Lisp"
/ref>
Before the eval function was defined, Lisp functions were manually compiled to assembly language statements. However, once the eval function had been manually compiled it was then used as part of a simple read-eval-print loop which formed the basis of the first Lisp interpreter.

Later versions of the Lisp eval function have also been implemented as compilers.

The eval function in Lisp expects a form to be evaluated as its argument. The resulting value of the given form will be the returned value of the call to eval.

This is an example Lisp code:

; A form which calls the + function with 1,2 and 3 as arguments.
; It returns 6.
(+ 1 2 3)
; In Lisp any form is meant to be evaluated, therefore
; the call to + was performed.
; We can prevent Lisp from performing evaluation
; of a form by prefixing it with "'", for example:
(setq form1 '(+ 1 2 3))
; Now form1 contains a form that can be used by eval, for
; example:
(eval form1)
; eval evaluated (+ 1 2 3) and returned 6.

Lisp is well known to be very flexible and so is the eval function. For example, to evaluate the content of a string, the string would first have to be converted into a Lisp form using the read-from-string function and then the resulting form would have to be passed to eval:

(eval (read-from-string "(format t \"Hello World!!!~%\")"))

One major point of confusion is the question, in which context the symbols in the form will be evaluated. In the above example, form1 contains the symbol +. Evaluation of this symbol must yield the function for addition to make the example work as intended. Thus some dialects of Lisp allow an additional parameter for eval to specify the context of evaluation (similar to the optional arguments to Python's eval function - see below). An example in the Scheme dialect of Lisp (R⁵RS and later):

;; Define some simple form as in the above example.
(define form2 '(+ 5 2))
;Value: form2

;; Evaluate the form within the initial context.
;; A context for evaluation is called an "environment" in Scheme slang.
(eval form2 user-initial-environment)
;Value: 7

;; Confuse the initial environment, so that + will be
;; a name for the subtraction function.
(environment-define user-initial-environment '+ -)
;Value: +

;; Evaluate the form again.
;; Notice that the returned value has changed.
(eval form2 user-initial-environment)
;Value: 3

Perl

In Perl, the eval function is something of a hybrid between an expression evaluator and a statement executor. It returns the result of the last expression evaluated (all statements are expressions in Perl programming), and allows the final semicolon to be left off.

Example as an expression evaluator:

$foo = 2;
print eval('$foo + 2'), "\n";

Example as a statement executor:

$foo = 2;
eval('$foo += 2; print "$foo\n";');

Perl also has eval ''blocks'', which serves as its exception handling mechanism (see Exception handling syntax#Perl). This differs from the above use of eval with strings in that code inside eval blocks is interpreted at compile-time instead of run-time, so it is not the meaning of eval used in this article.

PHP

In PHP, eval executes code in a string almost exactly as if it had been put in the file instead of the call to eval(). The only exception is that errors are reported as coming from a call to eval(), and return statements become the result of the function.

Unlike some languages, the argument to eval must be a string of one or more complete statements, not just expressions; however, one can get the "expression" form of eval by putting the expression in a return statement, which causes eval to return the result of that expression.

Unlike some languages, PHP's eval is a "language construct" rather than a function, and so cannot be used in some contexts where functions can be, like higher-order functions.

Example using echo:

Example returning a value:

Lua

In Lua 5.1, loadstring compiles Lua code into an anonymous function.

Example as an expression evaluator:

loadstring("print('Hello World!')")()

Example to do the evaluation in two steps:

a = 1
f = loadstring("return a + 1") -- compile the expression to an anonymous function
print(f()) -- execute (and print the result '2')

Lua 5.2 deprecates loadstring in favor of the existing load function, which has been augmented to accept strings. In addition, it allows providing the function's environment directly, as environments are now upvalues.

load("print('Hello ' .. a)", "", "t", )()

PostScript

PostScript's exec operator takes an operand — if it is a simple literal it pushes it back on the stack. If one takes a string containing a PostScript expression however, one can convert the string to an executable which then can be executed by the interpreter, for example:

((Hello World) =) cvx exec

converts the PostScript expression

(Hello World) =

which pops the string "Hello World" off the stack and displays it on the screen, to have an executable type, then is executed.

PostScript's run operator is similar in functionality but instead the interpreter interprets PostScript expressions in a file, itself.

(file.ps) run

Python

In Python, the eval function in its simplest form evaluates a single expression.

eval example (interactive shell):

>>> x = 1
>>> eval('x + 1')
2
>>> eval('x')
1

The eval function takes two optional arguments, global and locals, which allow the programmer to set up a restricted environment for the evaluation of the expression.

The exec statement (or the exec function in Python 3.x) executes statements:

exec example (interactive shell):

>>> x = 1
>>> y = 1
>>> exec "x += 1; y -= 1"
>>> x
2
>>> y
0

The most general form for evaluating statements/expressions is using code objects. Those can be created by invoking the compile() function and by telling it what kind of input it has to compile: an "exec" statement, an "eval" statement or a "single" statement:

compile example (interactive shell):

>>> x = 1
>>> y = 2
>>> eval (compile ("print 'x + y = ', x + y", "compile-sample.py", "single"))
x + y = 3

D

D is a statically compiled language and therefore does not include an "eval" statement in the traditional sense, but does include the related "mixin" statement. The difference is that, where "eval" interprets a string as code at runtime, with a "mixin" the string is statically compiled like ordinary code and must be known at compile time. For example:

import std.stdio;

void main()

The above example will compile to exactly the same assembly language instructions as if "num++;" had been written directly instead of mixed in. The argument to mixin doesn't need to be a string literal, but arbitrary expressions resulting in a string value, including function calls, that can be evaluated at compile time.

ColdFusion

ColdFusion's evaluate function lets users evaluate a string expression at runtime.

It is particularly useful when users need to programmatically choose the variable they want to read from.
ownumber)>

Ruby

The Ruby programming language interpreter offers an eval function similar to Python or Perl, and also allows a scope, or binding, to be specified.

Aside from specifying a function's binding, eval may also be used to evaluate an expression within a specific class definition binding or object instance binding, allowing classes to be extended with new methods specified in strings.

a = 1
eval('a + 1') # (evaluates to 2)

# evaluating within a context
def get_binding(a)
binding
end
eval('a+1',get_binding(3)) # (evaluates to 4, because 'a' in the context of get_binding is 3)

class Test; end
Test.class_eval("def hello; return 'hello';end") # add a method 'hello' to this class
Test.new.hello # evaluates to "hello"

Forth

Most standard implementations of Forth have two variants of eval: EVALUATE and INTERPRET.

Win32FORTH code example:

S" 2 2 + ." EVALUATE \ Outputs "4"

BASIC

REALbasic

In REALbasic, there is a class called RBScript which can execute REALbasic code at runtime. RBScript is very sandboxed—only the most core language features are there, and users have to allow it access to things they would like it to have. They can optionally assign an object to the context property. This allows for the code in RBScript to call functions and use properties of the context object. However, it is still limited to only understanding the most basic types, so if they have a function that returns a Dictionary or MySpiffyObject, RBScript will be unable to use it. Users can also communicate with their RBScript through the Print and Input events.

VBScript

Microsoft's VBScript, which is an interpreted language, has two constructs. Eval is a function evaluator that can include calls to user-defined functions. (These functions may have side-effects such as changing the values of global variables.) Execute executes one or more colon-separated statements, which can change global state.

Both VBScript and JScript eval are available to developers of compiled Windows applications (written in languages which do not support Eval) through an ActiveX control called the Microsoft Script Control, whose Eval method can be called by application code. To support calling of user-defined functions, one must first initialize the control with the AddCode method, which loads a string (or a string resource) containing a library of user-defined functions defined in the language of one's choice, prior to calling Eval.

Visual Basic for Applications

Visual Basic for Applications (VBA), the programming language of Microsoft Office, is a virtual machine language where the runtime environment compiles and runs p-code. Its flavor of Eval supports only expression evaluation, where the expression may include user-defined functions and objects (but not user-defined variable names). Of note, the evaluator is different from VBS, and invocation of certain user-defined functions may work differently in VBA than the identical code in VBScript.

Smalltalk

As Smalltalk's compiler classes are part of the standard class library and usually present at run time, these can be used to evaluate a code string.

Compiler evaluate:'1 + 2'

Because class and method definitions are also implemented by message-sends (to class objects), even code changes are possible:

Compiler evaluate:'Object subclass:#Foo'

Tcl

The Tcl programming language has a command called eval, which executes the source code provided as an argument. Tcl represents all source code as strings, with curly braces acting as quotation marks, so that the argument to eval can have the same formatting as any other source code.

set foo
eval $foo

bs

bs has an eval function that takes one string argument. The function is both an expression evaluator and a statement executor. In the latter role, it can also be used for error handling. The following examples and text are from the bs man page as appears in the UNIX System V Release 3.2 Programmer's Manual.

Command-line interpreters

Unix shells

The ''eval'' command is present in all Unix shells, including the original "sh" (Bourne shell). It concatenates all the arguments with spaces, then re-parses and executes the result as a command.

PowerShell

In PowerShell, the Invoke-Expression Cmdlet serves the same purpose as the eval function in programming languages like JavaScript, PHP and Python.
The Cmdlet runs any PowerShell expression that is provided as a command parameter in the form of a string and outputs the result of the specified expression.
Usually, the output of the Cmdlet is of the same type as the result of executing the expression. However, if the result is an empty array, it outputs $null. In case the result is a single-element array, it outputs that single element. Similar to JavaScript, PowerShell allows the final semicolon to be left off.

Example as an expression evaluator:

PS > $foo = 2
PS > Invoke-Expression '$foo + 2'

Example as a statement executor:

PS > $foo = 2
PS > Invoke-Expression '$foo += 2; $foo'

Microcode

In 1966 IBM Conversational Programming System (CPS) introduced a microprogrammed function EVAL to perform "interpretive evaluation of expressions which are written in a modified Polish-string notation" on an IBM System/360 Model 50. Microcoding this function was "substantially more" than five times faster compared to a program that interpreted an assignment statement.

Theory

In theoretical computer science, a careful distinction is commonly made between eval and apply. ''Eval'' is understood to be the step of converting a quoted string into a callable function and its arguments, whereas ''apply'' is the actual call of the function with a given set of arguments. The distinction is particularly noticeable in functional languages, and languages based on lambda calculus, such as LISP and Scheme. Thus, for example, in Scheme, the distinction is between

(eval '(f x) )

where the form (f x) is to be evaluated, and

(apply f (list x))

where the function ''f'' is to be called with argument ''x''.

''Eval'' and ''apply'' are the two interdependent components of the ''eval-apply cycle'', which is the essence of evaluating Lisp, described in SICP.The Metacircular Evaluator
(SICP Section 4.1)

In category theory, the ''eval'' morphism is used to define the closed monoidal category. Thus, for example, the category of sets, with functions taken as morphisms, and the cartesian product taken as the product, forms a Cartesian closed category. Here, ''eval'' (or, properly speaking, ''apply'') together with its right adjoint, currying, form the simply typed lambda calculus, which can be interpreted to be the morphisms of Cartesian closed categories.

See also

* Data as code

References

{{Reflist

External links

ANSI and GNU Common Lisp Document: eval functionJonathan Johnson on exposing classes to RBScriptExamples of runtime evaluation in several languages
on Rosetta Code

Control flow
Unix SUS2008 utilities
IBM i Qshell commands