Eval statement

Trying to switch a project of mine from python to ruby. Love ruby so
far, but I'm finding that the eval statement is a bit more difficult to
use than python's exec statement. Here is one of the problems I'm
having, RUBY_VERSION=1.9.1

a = 1
eval('a=2')
puts a

This will print out '2', as I want. However if I remove the first line,

eval('a=2')
puts a

r.rb:2:in `<main>': undefined local variable or method `a' for
main:Object (NameError)

Now if in the first case eval can change a variable in its scope, why
can't it also create a variable in that same scope? I may also not be
totally clear on the way ruby handles scoping, which might be part of
what I am having trouble understanding.

Any help understanding the eval statement would be appreciated. I will
probably have more questions about it, but I'll leave at this for now.

thanks,
-Jonathan

Jonathan Wills schrieb:

Trying to switch a project of mine from python to ruby. Love ruby so
far, but I'm finding that the eval statement is a bit more difficult to
use than python's exec statement. Here is one of the problems I'm
having, RUBY_VERSION=1.9.1

a = 1
eval('a=2')
puts a

This will print out '2', as I want. However if I remove the first line,

eval('a=2')
puts a

r.rb:2:in `<main>': undefined local variable or method `a' for
main:Object (NameError)

Now if in the first case eval can change a variable in its scope, why
can't it also create a variable in that same scope? I may also not be
totally clear on the way ruby handles scoping, which might be part of
what I am having trouble understanding.

Any help understanding the eval statement would be appreciated. I will
probably have more questions about it, but I'll leave at this for now.

thanks,
-Jonathan

why do you want to use eval?
eval is evil and in most cases not needed in Ruby

Jonathan Wills wrote:

a = 1
eval('a=2')
puts a

This will print out '2', as I want. However if I remove the first line,

eval('a=2')
puts a

The thing to remember is that local variables are always determined at
parse time.

The contents of 'a=2' is not seen by the parser when the file is read,
so in the second case the 'a' in 'puts a' is determined to be a method
call: "call method 'a', then call method puts".

Constants and instance variables are different, as they are determined
by their naming scheme and therefore behave more as you expected.

irb(main):001:0> eval("@a = 2")
=> 2
irb(main):002:0> @a
=> 2
irb(main):003:0> eval("X = 3")
=> 3
irb(main):004:0> X
=> 3

Because eval creates a new nested scope rather than sharing the enclosing scope.

Variable visibility between nested scopes is like a one-way mirror: you can manipulate variables created in a parent scope but you can not see or manipulate variables created in a 'child' scope.

why do you want to use eval?
eval is evil and in most cases not needed in Ruby

I want my program to run user-supplied ruby code, and eval is the only
thing I know of that can do this. If there is a better way I would be
willing to try it. I know in python that the exec statement is
considered 'evil', but all that means is you have to be careful.

Mike Gold schrieb:

Jonathan Wills wrote:

a = 1
eval('a=2')
puts a

This will print out '2', as I want. However if I remove the first line,

eval('a=2')
puts a

The thing to remember is that local variables are always determined at parse time.

The contents of 'a=2' is not seen by the parser when the file is read, so in the second case the 'a' in 'puts a' is determined to be a method call: "call method 'a', then call method puts".

Constants and instance variables are different, as they are determined by their naming scheme and therefore behave more as you expected.

irb(main):001:0> eval("@a = 2")
=> 2
irb(main):002:0> @a
=> 2
irb(main):003:0> eval("X = 3")
=> 3
irb(main):004:0> X
=> 3

be careful when using eval in irb. It can lead to hasty conclusions (is this correct english? Google Translate sucks =D) which are not correct in a pure ruby environment (because under the hood irb uses lots of evil evals)

Because eval creates a new nested scope rather than sharing the
enclosing scope.

Variable visibility between nested scopes is like a one-way mirror:
you can manipulate variables created in a parent scope but you can not
see or manipulate variables created in a 'child' scope.

Ok, I see that now, good to know. Now I have another question. I want
to be able to create an arbitrary number of 'clean' bindings in which I
can run ruby code. Basically I want the user to be able to supply an
unspecified number of ruby files, all of which will get run, and not
have to worry about namespace collisions. Additionally I want access to
the scopes that those files were executed in after they are done. I
know I can create a binding from my current scope, but if I put anything
in it, it can get modified when I do my_binding.eval.

In python this was quite simple by passing clean dictionaries to the
exec statement, but perhaps I will have to rethink my design

thanks,
-Jonathan

Hi --

Jonathan Wills wrote:

a = 1
eval('a=2')
puts a

This will print out '2', as I want. However if I remove the first line,

eval('a=2')
puts a

The thing to remember is that local variables are always determined at
parse time.

The contents of 'a=2' is not seen by the parser when the file is read,
so in the second case the 'a' in 'puts a' is determined to be a method
call: "call method 'a', then call method puts".

Actually it can't tell whether it's a method or a variable, so you
get:

   undefined local variable or method `a' for main:Object (NameError)

Constants and instance variables are different, as they are determined
by their naming scheme and therefore behave more as you expected.

irb(main):001:0> eval("@a = 2")
=> 2
irb(main):002:0> @a
=> 2
irb(main):003:0> eval("X = 3")
=> 3
irb(main):004:0> X
=> 3

They're that way because of how they're scoped, but the assignments
themselves are handled by eval the same way as the local ones; that
is, there's no extra information available prior to the execution.

David

Why is eval evil?

Blog: http://random8.zenunit.com/
Learn rails: http://sensei.zenunit.com/

badboy <badboy@heartofgold.co.cc> writes:

Jonathan Wills schrieb:

Trying to switch a project of mine from python to ruby. Love ruby so
far, but I'm finding that the eval statement is a bit more difficult to
use than python's exec statement. Here is one of the problems I'm
having, RUBY_VERSION=1.9.1

a = 1
eval('a=2')
puts a

This will print out '2', as I want. However if I remove the first line,

eval('a=2')
puts a

r.rb:2:in `<main>': undefined local variable or method `a' for
main:Object (NameError)

Now if in the first case eval can change a variable in its scope, why
can't it also create a variable in that same scope? I may also not be
totally clear on the way ruby handles scoping, which might be part of
what I am having trouble understanding.

Any help understanding the eval statement would be appreciated. I will
probably have more questions about it, but I'll leave at this for now.

thanks,
-Jonathan

why do you want to use eval?
eval is evil and in most cases not needed in Ruby

Why are you saying that eval is evil?

In know that in Common Lisp, EVAL has properties that make its use
dubious in most cases. Mostly it's because it works in the global
environment.

But this is not the case of eval in Ruby. Since there's no compiler,
they can execute eval in the local lexical environment. So is there
remaining any evilness I don't know?

irb(main):001:0> (def f(e)
                    (a = 42)
                    (eval e)
                    (eval e)
                  end)
nil
irb(main):006:0> (f "puts a")
42
42
nil
irb(main):007:0> (f "puts a ; e=\"puts a+1\"")
42
43
nil

Mike Gold wrote:

The thing to remember is that local variables are always determined at
parse time.

Yeah. That's why debuggers list local varibales even before we arrive at
the assignment to them.

The contents of 'a=2' is not seen by the parser when the file is read,
so in the second case the 'a' in 'puts a' is determined to be a method
call: "call method 'a', then call method puts".

I don't think you are correct here. The string 'a=2' is first *parsed*,
only then evaluated. If your theory was correct, eval('whatever=567')
would have generated some error (because there's no 'whatever=' method).

Hi --

You can get a binding from any object that has a method to tell you
its binding. Something like this (off the top of my head) might work:

David A. Black wrote:

Hi --

The thing to remember is that local variables are always determined at
parse time.

The contents of 'a=2' is not seen by the parser when the file is read,
so in the second case the 'a' in 'puts a' is determined to be a method
call: "call method 'a', then call method puts".

Actually it can't tell whether it's a method or a variable, so you
get:

   undefined local variable or method `a' for main:Object (NameError)

No, that error message comes from rb_method_missing(), i.e., it was
determined to be a method call. Presumably it is worded that way for
the user's benefit, in case there was a misspelling or some such.
Locals are determined by the parser; method lookup is done when no such
local exists.

They're that way because of how they're scoped, but the assignments
themselves are handled by eval the same way as the local ones; that
is, there's no extra information available prior to the execution.

Locals are not handled in the same way. The local assignment syntax is
subject to special examination by the parser. This does not happen for
instance variables and globals. Again, it is the parser that determines
locals. If all assignments were the same, this would print '3':

  eval("a = 3", binding)
  puts a

Pickaxe gives this example:

def a
  print "Function 'a' called\n"
  99
end

for i in 1..2
  if i == 2
    print "a=", a, "\n"
  else
    a = 1
    print "a=", a, "\n"
  end
end

produces:

a=1
Function 'a' called
a=99

Pascal J. Bourguignon wrote:

badboy <badboy@heartofgold.co.cc> writes:

> Jonathan Wills schrieb:
>> Trying to switch a project of mine from python to ruby. Love ruby
so >> far, but I'm finding that the eval statement is a bit more
difficult to >> use than python's exec statement. Here is one of the
problems I'm >> having, RUBY_VERSION=1.9.1
>>
>> a = 1
>> eval('a=2')
>> puts a
>>
>> This will print out '2', as I want. However if I remove the first
line, >>
>> eval('a=2')
>> puts a
>>
>> r.rb:2:in `<main>': undefined local variable or method `a' for
>> main:Object (NameError)
>>
>>
>> Now if in the first case eval can change a variable in its scope,
why >> can't it also create a variable in that same scope? I may
also not be >> totally clear on the way ruby handles scoping, which
might be part of >> what I am having trouble understanding.
>>
>> Any help understanding the eval statement would be appreciated. I
will >> probably have more questions about it, but I'll leave at this
for now. >>
>> thanks,
>> -Jonathan
> why do you want to use eval?
> eval is evil and in most cases not needed in Ruby

Why are you saying that eval is evil?

In know that in Common Lisp, EVAL has properties that make its use
dubious in most cases. Mostly it's because it works in the global
environment.

But this is not the case of eval in Ruby. Since there's no compiler,
they can execute eval in the local lexical environment. So is there
remaining any evilness I don't know?

irb(main):001:0> (def f(e)
                    (a = 42)
                    (eval e)
                    (eval e)
                  end)
nil
irb(main):006:0> (f "puts a")
42
42
nil
irb(main):007:0> (f "puts a ; e=\"puts a+1\"")
42
43
nil

C:\>irb --prompt xmp
(def f(e)
                    (a = 42)
                    (eval e)
                    (eval e)
                  end)
    ==>nil
(f "puts a ; e='puts a+1'")
42
43
    ==>nil
(f "p a ; e='p a+1'")
42
43
    ==>nil

Without taking additional special care, restricting eval to the to a
particular binding doesn't contain it very much. eval can, unless
something is done to stop it, get access to every Object in the top
level environment.

For example try running this in irb:

hash = Hash.new
object = Object.new
def object.get_binding
  binding
end
b = object.get_binding
eval('ObjectSpace.each_object {|o| next if o.frozen?; begin def
o.inspect; "pwned"; end; rescue TypeError; end}',a)
hash #=>pwned

If you run untrusted code in eval without being extra careful, it can
reach out of the binding its in and stomp over other objects, even
outside of that binding.

Albert Schlef wrote:

Jonathan Wills wrote:

eval('a=2')
puts a

r.rb:2:in `<main>': undefined local variable or method `a' for
main:Object (NameError)

Mike Gold wrote:

The contents of 'a=2' is not seen by the parser when the file is read,
so in the second case the 'a' in 'puts a' is determined to be a method
call: "call method 'a', then call method puts".

I don't think you are correct here. The string 'a=2' is first *parsed*,
only then evaluated.

I can't pinpoint where the misunderstanding is. The _contents_ of 'a=2'
is not seen by the parser when the file is read, meaning the parser just
sees a string and nothing more. The AST of the file would be the same
if the string were 'foo'. Because no local assignment syntax is
encountered by the parser _when the file is read_, the 'a' in 'puts a'
is determined to be a method call.

The parsing and evaluating of 'a=2' is done separately at runtime, long
after the 'a' in 'puts a' was determined to be a method call.

If your theory was correct, eval('whatever=567')
would have generated some error (because there's no 'whatever=' method).

I don't know what this theory is, but in any case 'whatever=567' would
not under any circumstances be interpreted as calling method
'whatever='. The syntax x=y is always local assignment.
(self.whatever=567 for the method call.)

Hi --

Mike Gold wrote:

The thing to remember is that local variables are always determined at
parse time.

Yeah. That's why debuggers list local varibales even before we arrive at
the assignment to them.

It's also the reason for the classic example:

   if false
     x = 1
   end

   p x # nil
   p y # Error: unknown

which never fails to widen some eyes

David

Christopher Dicely wrote:

can run ruby code. Basically I want the user to be able to supply an
unspecified number of ruby files, all of which will get run, and not
have to worry about namespace collisions. Additionally I want access to
the scopes that those files were executed in after they are done. I
know I can create a binding from my current scope, but if I put anything
in it, it can get modified when I do my_binding.eval.

You can get a binding from any object that has a method to tell you
its binding. Something like this (off the top of my head) might work:
---
class ExecutionContext
  private_class_method :new

  @@contexts = {}

  def self.(key)
    @@contexts[key]
  end

  def self.new_binding(key)
    new(key).binding
  end

  def initialize(key)
    raise KeyError if @@contexts[key]
    @@contexts[key] = self
  end

  def get_binding
    binding
  end
end
---

So, when you want a new binding to use, you call
ExecutionContext.new_binding(key), and to get back the a binding used
previously, you call ExecutionContext[key].get_binding, where "key" is
the key given when you called new_binding to generate the binding.

But while these are mostly "fresh" bindings, they are nothing at all
like safe sandboxes. You may need something like this:
http://github.com/why/sandbox/tree/master

Interesting. Someone else has shown me a similar way of getting a fresh
context. Do you know what exactly about it is unlike a sandbox? I know
that with this approach that code that I run can use the require
statement and it will drop such files into my scope, but are there any
other sort of problems?

Are there any plans for ruby to support a sandboxed eval like I can get
in python? I might be willing to contribute such a thing if it could
get added into the standard interpreter.

thanks

Mike Gold wrote:
If all assignments were the same, this would print '3':

  eval("a = 3", binding)
  puts a

Or even better,

  eval("a = 3", binding)
  p local_variables #=> ["a"]
  p a #=> undefined local variable or method `a'

We see that the local exists, but because the parser has not seen the "a
= ..." syntax, we can't access it.