<center><img src=img/MScAI_brand.png width=70%></center>

# `eval` and `exec`

`eval` is a special function which takes in a string, which is assumed to be a valid Python expression, and evaluates it.

In [2]:
s = "any((x > 3) for x in [0, 1, 2, 3, 4])"
eval(s)

True

<center><img src=img/repl.svg width=30%></center>

When we type code at the Python command-line, the Python interpreter receives a string. It converts it by running `eval`!

In fact, a command-line (not only in Python) is often called a *read-eval-print* loop for this reason.

### An `eval` application

Remember we mentioned when studying Scikit-Learn that when we create a logistic regression, that object has a string representation, from `__repr__`, like this:

In [3]:
from sklearn.linear_model import LogisticRegression

In [9]:
LR = LogisticRegression(C=1.5, fit_intercept=False, max_iter=200)

In [11]:
print(LR)

LogisticRegression(C=1.5, fit_intercept=False, max_iter=200)



That string has a nice property: we could copy and paste it into IPython or Jupyter Notebook to re-create the object later: `lr = <copy and paste here!>`

However, what if we wanted to do this for many models in a loop with different hyperparameters? In other words we have created many models and saved their text representations in files, and later want to do something else with them. This could be good for reproducibility. But we can't just copy-and-paste them in a loop!

But that's where `eval` comes in:

```python
for fname in fnames:
    s = open(fname).read()
    lr = eval(s)
```

### Python ~ JSON

`eval` works well with all sorts of Python *literals*, e.g. `int`s, `float`s, `str`s, `{}` for dictionaries, `[]` for lists, and so on. Therefore, we might save a Python object to disk just by taking the string representation, and then load it back in later, effectively treating Python as if it was JSON. This can be very useful in **logging** from a long-running program.

In [1]:
x = {"a": [3, 4, 5], "b": [5, 6, 7]}
open("data/eval_test.txt", "w").write(repr(x))
y = eval(open("data/eval_test.txt").read())
y

{'a': [3, 4, 5], 'b': [5, 6, 7]}

(There is also the `json` module in the standard library if we want to deal with JSON properly.)

### Security with `eval`

`eval` is dangerous, because it executes a piece of code. If you write a program with `eval` and provide the input, e.g. from a file you saved earlier, that's fine. If you write a program with `eval` and accept input from anonymous users over the internet, you might have some problems.



### `exec`

As we have seen, `eval` allows us to evaluate a Python **expression**. 

An **expression** is a piece of Python code that has a single value, like a generalisation of a **formula** in maths. It can have arithmetic, Boolean operators, function calls, object constructors, and so on. It does not have assignment statements, conditionals, loops, function definitions (except maybe `lambda`), class definitions. It can have multiple lines only if they're all part of a single value, eg:

```python
(x,
 y,
 z)
```

But sometimes, we might have Python code `s` which is not a single expression. In such a case, `eval` doesn't work. It expects a single expression only:

In [4]:
s = """
def f(x):
    print(x**2)
for i in range(5):
    f(i)
"""
c = eval(s)


SyntaxError: invalid syntax (<string>, line 2)

There is another function, `exec`, which **executes** arbitrary Python code.

In [5]:
exec(s)

0
1
4
9
16


An arbitrary piece of code doesn't have a value, in contrast to an expression. So, `exec` doesn't return a value. 

Everything we said about `eval` security applies even more so to `exec`, because it has even greater flexibility!