From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Newsgroups: gmane.emacs.help Subject: Re: eval myths - Re: How to tame compiler? Date: Sat, 1 May 2021 10:13:04 +0200 Message-ID: <20210501081304.GA13575@tuxteam.de> References: <874kfn292f.fsf@disroot.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ew6BAiZeqk4r7MaW" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="33678"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/1.5.21 (2010-09-15) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Sat May 01 10:13:49 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lckl3-0008f7-Dh for geh-help-gnu-emacs@m.gmane-mx.org; Sat, 01 May 2021 10:13:49 +0200 Original-Received: from localhost ([::1]:59248 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lckl2-00014W-HZ for geh-help-gnu-emacs@m.gmane-mx.org; Sat, 01 May 2021 04:13:48 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:37308) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lckkU-00014M-VQ for help-gnu-emacs@gnu.org; Sat, 01 May 2021 04:13:14 -0400 Original-Received: from mail.tuxteam.de ([5.199.139.25]:37794) by eggs.gnu.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.90_1) (envelope-from ) id 1lckkS-000775-4n for help-gnu-emacs@gnu.org; Sat, 01 May 2021 04:13:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tuxteam.de; s=mail; h=From:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:Date; bh=Y036GmIDch1jHAS7eKs3wR17T7FM3Y3vBai8vry5GLo=; b=BZp9lpTcQEgnkOD87Pl1K+ZWKTEvdgWcHBSgpCmOHb583C5eoAXFbT/XnCnnGCNqpZ6X0DMKXGK+r9zQhkXALg3m6wO1d4BH5jyAY3m7Vv1VOiyhtcEm4lt0pn0CPuL6VRMqBzHHNzx0qm2e6XlqxUGJHdpGWKC9eXpl6cZnvVer8h3Gny758n9fCV/FFUR/gqjV8Is2wgjYX17uzFU2KrWZ9ZmR6zmrvBybx3oiSa9/Q0ABgMk0EjxPxgKutvPXfUTuK7OUkmWKuMV/HkgL7NRffs17fXn84J0tvlEh/wYLpJpka8euqwGZtL9ajPXPUIUts+8hR5VazndZYuKnSw==; Original-Received: from tomas by mail.tuxteam.de with local (Exim 4.80) (envelope-from ) id 1lckkK-00045O-BL for help-gnu-emacs@gnu.org; Sat, 01 May 2021 10:13:04 +0200 Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=5.199.139.25; envelope-from=tomas@tuxteam.de; helo=mail.tuxteam.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:129263 Archived-At: --ew6BAiZeqk4r7MaW Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 30, 2021 at 11:23:03PM +0300, Jean Louis wrote: > * Jorge P. de Morais Neto [2021-04-30 17:29]: > > Hi all! > >=20 > > Em [2021-04-22 qui 10:46:59-0400], Stefan Monnier escreveu: > >=20 > > >> Is there a way to avoid these warnings? > > > > > > Yes: don't abuse `eval` ;-) > >=20 > > Jean Louis, could you provide a little more detail on what are you using > > ~eval~ for? [...] > Good read: > https://en.wikipedia.org/wiki/Eval#Security_risks >=20 > My eval-ing is equally dangerous as Org Babel evaling. If I write some > destructive commands, well, it will be destructive. Framing this from the security point of view to then deconstruct that frame leads up a blind alley. Actually, it's a kind of strawman [1] :-) Not that the security aspect isn't important. Actually, it has the potential to illustrate the underlying problem, but it is /not/ the underlying problem. What, for me, was elucidating was to try to think about what environment eval is supposed to "see". Imagine, in a lexical context, (let ((x 5)) (eval '(+ x 2))) [QUESTION TO THE EXPERTS] Why is this code (let ((x 5)) (eval '(+ x 2) t)) complaining "eval: Symbol=E2=80=99s value as variable is void: x" when I `C-x e' it in my scratch buffer? Yes, `lexical-binding' is t in the buffer [END OF QUESTION] Is eval supposed to "see" x? Now, if you have a compiler which does constant folding [0] ("ah, x, in this context /can/ only be 5, so we substitute its value in all expressions..."). Look up the documentation of `eval' in the Emacs Lisp manual for the path elisp has chosen. As soon as eval is involved, that is a bad plan. What if deep there in the eval, there is a (setq x 99)? Which isn't known at compile time, because... eval? So whenever there's an eval, the compiler has to drop nearly all its instruments. And this is bad :-) This is not really easy to grasp, but you'll always hear people who have done that tour (Stefan has!) to somewhat discourage the use of eval. Yes, it's there, is a tool, use it -- but it'll take you some time and a couple of scars until you fully master it. Usually, the problem you want to solve isn't nearly general enough to warrant the full eval. Put in other words: before you use eval, try to give an account of the full evaluation environment passed to it: `x' is bound to 5 (see above), `current-buffer' to some funny function, there is a function `strokes-describe-stroke' (did you know that one? I didn't)... and so on. There's that phrase "eval is evil" (I saw it first mentioned by Christian Queinnec in his book [2a], [2b]). You can use it conveniently in your search engine to see folks out there arguing the exact way you do and the answers given (most of the time it's javascript these days, because it's the language you get paid for currently, but the underlying problem is similar). Note that I have very little clue on all those things. Stefan has. If he says "think before eval", I'd strongly recommend doing some reading and experimenting. The journey could end up being panoramic :-) Cheers [0] https://en.wikipedia.org/wiki/Constant_folding [1] The kind I'd call "involuntary strawman". Security often has to play involuntary strawman. [2a] https://christian.queinnec.org/ [2b] https://christian.queinnec.org/WWW/LiSP.html -- t --ew6BAiZeqk4r7MaW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAmCNDZAACgkQBcgs9XrR2kaPEACffVCR3kFZwK4rq+Clfbl/AilB gToAn3AtyZH3V3pzybsSVKm54MIgiH+O =4elh -----END PGP SIGNATURE----- --ew6BAiZeqk4r7MaW--