[Tutor] What are *appropriate* uses for exec() and eval() ?

[Danny Yoo]

On Mon, Feb 16, 2015 at 11:52 AM, boB Stepp <robertvstepp at gmail.com> wrote:
> I have heard periodically about the potential evils of using exec()
> and eval(), including today,  on this list. I gather that the first
> requirement for safely using these functions is that the passed
> argument MUST be from a trusted source. So what would be examples
> where the use of these functions IS appropriate?


Given that there are language environments that do perfectly ok
without those functions, the flippant answer would be: those functions
aren't necessary.

But to be more serious: they'd probably be most useful when you're
defining your own interactive programming environment.  For example,
consider a debugger or an IDE (such as IDLE.  Or if you come from the
Java world, imagine Eclipse).  In a debugger, you're running another
program, and allowing the user to do something programmatic in the
context of that program.  Setting breakpoints, or looking at the value
of certain expressions.  In this scenario, we want to be able to
access the same runtime data structures that drive the running
program... within the program itself!  It's this introspection that
drives the need for an eval or exec.

Enormously powerful.  Enormously dangerous in the wrong hands.

That being said, almost all programs are neither debuggers nor IDEs at
their heart.  (Despite the joke that every program strives to become
Emacs at a certain point.)