26

It seems to me that eval() is treated with the same disdain that goto is. And by eval, I mean a function for executing a string as code, as seen in PHP, Python, JavaScript, etc. Is there ever a situation where using eval() is justified (except perl)? And if not, why do so many languages implement it?

Bhargav Rao
  • 50,140
  • 28
  • 121
  • 140
GSto
  • 41,512
  • 37
  • 133
  • 184
  • 13
    This question cannot be **language-agnostic** because of the special role of block `eval` in Perl as the primary exception handling mechanism. Therefore, I submit to you that there cannot be one correct answer to this question: There is a very good reason to use `eval` if you are programming in Perl, and probably no real good reason if you are programming in JavaScript. Either specify the languages to which this question applies or make it CW. – Sinan Ünür Dec 01 '09 at 16:23
  • 2
    True, I didn't know about how eval() worked in perl. – GSto Dec 01 '09 at 16:47
  • 1
    Are you including the `eval` function in Lisp? It's essential in normal operation (the read-eval-print loop), but in my experience is almost never used outside of that. Every time I was tempted, it looked like Common Lisp macros were a better idea. – David Thornley Dec 01 '09 at 17:42

10 Answers10

27

Yes - when there is no other way to accomplish the given task with a reasonable level of clarity and within a reasonable number of lines of code.

This eliminates 99% of cases where eval is used, across the board in all languages and contexts.

yfeldblum
  • 65,165
  • 12
  • 129
  • 169
10

eval is often the most expedient solution in situations where you are dynamically generating code. Even in languages that do not officially support eval, such as Java, they support reflection and modification of classes at runtime which are similar. (See books such as Stu Halloway's Component Development for the Java Platform )

MattMcKnight
  • 8,185
  • 28
  • 35
5

One reasonable use is if you have an interpreted language that you've built on top of another language, but you still want to provide some sort of "escape hatch" to allow people to get back to functions that are provided by the underlying language. One example is implementing Prolog in Lisp and then defining a predicate that allows direct use of Lisp functions via EVAL.

Pillsy
  • 9,781
  • 1
  • 43
  • 70
4

For quick hacks, no problem because it's a handy quick-out.

In production code, consider it a last resort—and even then, try something else—because eval is difficult to control and thus dangerous. For anything non-trivial, implement a sublanguage.

Greg Bacon
  • 134,834
  • 32
  • 188
  • 245
3

I used it once while pentesting a site - we wrote a small php script that decrypts and executes cryptographically signed payloads from non-logged HTTP data sources on the fly. This is the best use I've seen of eval() so far.

(In other words: no, I've never seen a good use for eval)

L̲̳o̲̳̳n̲̳̳g̲̳̳p̲̳o̲̳̳k̲̳̳e̲̳̳
  • 12,464
  • 4
  • 50
  • 55
2

Offhand thought: eval is good for implementing a poor man's expression compiler, or things like that. It's also a dull, rusty substitute for hygienic macros.

Jonathan Feinberg
  • 44,698
  • 7
  • 80
  • 103
2

Maybe I use sh and perl too much, but I've never seen anyone treat eval with the disdain that goto gets.

So my answer is: 'eval is suitable when you are writing perl 5 and sh'. The block eval is the primary try/catch mechanism in Perl and its hard to write safe code without it.

Sinan Ünür
  • 116,958
  • 15
  • 196
  • 339
William Pursell
  • 204,365
  • 48
  • 270
  • 300
  • you're right, maybe it is not quite as language-agnostic as I thought. My experience is with PHP & Python, and the general consensus seems to be that if you want to use eval, don't. – GSto Dec 01 '09 at 15:48
  • 2
    corollary: don't tag anything as 'language-agnostic' unless you're comfortable with at least a dozen languages – Javier Dec 01 '09 at 16:23
1

Eval is used when you need to 'generate' and execute code. And by generate I mean include from an external source (a file, a website, an 'agent') as well as create on the fly inside the program.

And the reason you would want to generate code, aside from the obvious examples of external modules and evaluation sites, is usually to dynamically reference the names of objects and properties in code.

The first example, btw, already happens when an HTML page is loaded and has a script tag, or in the event handler attributes of HTML tags -- so right from the start a web developer is taking advantage of EVAL, even if it's the browser making the call.

Which indirectly brings me to that second reason -- accessing the names of objects.. In some languages such as java, the ability to introspect reduces or eliminates the need to use java's eval. Turns out that since objects in Javascript are fully dynamic, a property access in Javascript is comparable to introspection in other languages, where you can access and refer to names created on the fly. In addition, Javascript has the 'call' and 'apply' functions to dynamically call functions with their parameters.

Lastly, related to executing code, one might use eval to increase performance -- instead of a multi level conditional or property access that determines which code to run or which object to use, one might create a minimal code snippet that might have to be executed hundreds of thousands of times, eval it to a function, and then just call that function. This might work with multimethods, for example, once the the particular arguments in use are determined. Granted, though, this is a few and far between reason since javascript treats functions as first class objects.

Gerard ONeill
  • 3,914
  • 39
  • 25
-2

For debugging/testing an idea before implementing it the proper way.

For instance, you're making a toy calculator, and you want to work on the gui first, so you just use eval to do the "back-end" work in the background. Later, you come back to the back-end, scratch eval, and write a proper expression parser.

hasen
  • 161,647
  • 65
  • 194
  • 231
-2

When creating/testing code segments eval is PERFECT!

Just build a basic scaffolding webpage with textareas and an eval button. Put code into a textarea then press eval button. It's faster than switching back and forth between your text editor and browser

eval

edit code
press eval button

switching method

edit code
press save          extra step
switch to browser   extra step
press reload

When doing alot of testing and tweaking on the code the minor extra steps can really add up. Plus you might forget to save creating confusion when testing.

user3015682
  • 1,215
  • 12
  • 13