[Tutor] eval use (directly by interpreter vs with in a script)

Steven D'Aprano steve at pearwood.info
Tue Nov 4 20:18:28 CET 2014

On Tue, Nov 04, 2014 at 04:11:13PM +0000, Albert-Jan Roskam wrote:

> Hmm, I get 1900 occurrences of eval() (and 700 of frozenset, just 
> curious) in Python. That's MUCH, I must be something wrong, but I am 
> rushing now!

For what it's worth, in Python 2.7, and *only* looking at the top level 
of the standard library, I get 23 occurances of "eval(". 11 of those are 
false positives, that is, comments, docstrings, or functions named 

[steve at ando ~]$ python2.7 -c "import timeit; print(timeit.__file__)"
[steve at ando ~]$ grep "eval(" /usr/local/lib/python2.7/*.py | wc -l
[steve at ando ~]$ grep "eval(" /usr/local/lib/python2.7/*.py
/usr/local/lib/python2.7/ast.py:def literal_eval(node_or_string):
/usr/local/lib/python2.7/bdb.py:    def runeval(self, expr, globals=None, locals=None):
/usr/local/lib/python2.7/bdb.py:            return eval(expr, globals, locals)
/usr/local/lib/python2.7/bdb.py:                val = eval(b.cond, frame.f_globals,
/usr/local/lib/python2.7/decimal.py:        # Invariant:  eval(repr(d)) == d
/usr/local/lib/python2.7/dumbdbm.py:                key, pos_and_siz_pair = eval(line)
/usr/local/lib/python2.7/gettext.py:    return eval('lambda n: int(%s)' % plural)
/usr/local/lib/python2.7/mhlib.py:    def do(s): print s; print eval(s)
/usr/local/lib/python2.7/pdb.py:                    func = eval(arg,
/usr/local/lib/python2.7/pdb.py:            return eval(arg, self.curframe.f_globals,
/usr/local/lib/python2.7/pdb.py:                x = eval(arg, {}, {})
/usr/local/lib/python2.7/pdb.py:            value = eval(arg, self.curframe.f_globals,
/usr/local/lib/python2.7/pdb.py:def runeval(expression, globals=None, locals=None):
/usr/local/lib/python2.7/pdb.py:    return Pdb().runeval(expression, globals, locals)
/usr/local/lib/python2.7/pprint.py:    """Determine if saferepr(object) is readable by eval()."""
/usr/local/lib/python2.7/rexec.py:The class RExec exports methods r_exec(), r_eval(), r_execfile(), and
/usr/local/lib/python2.7/rexec.py:exec, eval(), execfile() and import, but executing the code in an
/usr/local/lib/python2.7/rexec.py:    def r_eval(self, code):
/usr/local/lib/python2.7/rexec.py:        return eval(code, m.__dict__)
/usr/local/lib/python2.7/rexec.py:    def s_eval(self, *args):
/usr/local/lib/python2.7/rexec.py:        Similar to the r_eval() method, but the code will be granted access
/usr/local/lib/python2.7/rlcompleter.py:            thisobject = eval(expr, self.namespace)
/usr/local/lib/python2.7/warnings.py:            cat = eval(category)

You'll note that most of the actual calls to eval are in the Python 
debugger, pdb, which makes sense.

Looking one directory down, I get a further 260 such instances, 224 of 
which are in the "test" subdirectory:

[steve at ando ~]$ grep "eval(" /usr/local/lib/python2.7/*/*.py | wc -l
[steve at ando ~]$ grep "eval(" /usr/local/lib/python2.7/test/*.py | wc -l

Digging deeper still, I find that IDLE also includes many calls to 
eval(), as does the turtle graphics module (which is old and hasn't had 
much love for a long time). There is also a large test suite with many 
calls to eval() in 2to3, as well as many hundreds of false positives, 
e.g. sympy defines dozens of classes with an eval method.

Since these results depend on what third-party libraries have been 
installed, your results may vary.


More information about the Tutor mailing list