CSC/ECE 517 Fall 2010/ch3 3e br

From Expertiza_Wiki
Jump to navigation Jump to search

eval() [Computer Programming]

Introduction

The eval facility is one of the most powerful features of Ruby (as well as other dynamic languages). Kernel.eval method will parse and execute an arbitrary string of legal Ruby source code. To put it plainly, if your Ruby program can generate a string of valid Ruby code, the Kernel.eval method can evaluate that code. The eval facility gives developers the ability to modify the runtime behavior of program. Illustrate the practical advantages of Ruby's eval(...) and compare it with similar mechanisms in other languages.

Origin

LISP The first actual implementation of LISP was by Steve Russell. He realized that the Lisp eval function could be implemented in machine code.[3] The result was a working Lisp interpreter which could be used to run Lisp programs, or more properly, 'evaluate Lisp expressions.'

[[File:http://en.wikipedia.org/wiki/File:LISP_machine.jpg%7C]

Security risks

It may seem natural to perform eval() on user-supplied data, exposing the entire power of the underlying programming language with a single statement. For example, on a web site, the programmer might allow the user to enter an expression, and with trivial effort on the part of the programmer, the result of the expression is computed. However, a moment's thought reveals the grave security risk posed by such an approach. The user could intentionally or unintentionally delete files, corrupt files, transmit sensitive information, etc.

Context

Implementation

Dynamic Programming Languages

Lisp

Lisp is the second-oldest high-level programming language in common use today (after FORTRAN). Invented in 1958 by John McCarthy at Massachusetts Institute of Technology, LISP was first actually implemented in machine language by Steve Russell, who realized that by implementing the LISP eval() function in assembly language, he could create a working LISP interpreter.

Perl

Ruby

 trane = %q{"John Coltrane".length}

 eval trane → 13

JavaScript

PHP

Python

ColdFusion

Static Programming Languages

Java

GroovyShell

Command Line interpreters

Unix

References

[1] Eval, Retrieved October, 2010.

[2] Eval, Retrieved October, 2010.

[3] Programming Ruby: The Pragmatic Programmer's Guide

Retrieved from "https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2010/ch3_3e_br&oldid=36630"