All geek questions in one place

Generating strings and executing them as programs at runtime

This is a difficult question by the way, and I'm not sure what its correct term (if any) will be. I am curious what languages ​​allow you to "grow" a string during program execution, and then execute it as part of the program. The only language I know about this allows you to do this Snobol.

Reading a Wikipedia entry for Tcl, however, it seems like it's also possible to do this?

I always thought that this is a great feature, even if it cannot be used a lot. Thanks.

PS: Mark it with Snobol, Spitbol, ​​but you don't have a reputation for creating new tags.

+1
source share
3 answers

I am curious what languages ​​allow you to "create" a string during program execution, and then execute it as part of the program.

Look for languages ​​that support eval or, more generally, run-time meta-programming . Virtually every language supports eval (even strong, statically typed languages ​​like Haskell). Many runtimes created for languages ​​that are mainly implemented through bytecode interpretation (for example, Lisp-like languages, Erlang, or Java) support the ability to insert new (byte) code at run time. When you can insert new code dynamically, you can write eval or make a “monkey patch”.

Even in language implementations without specific support for full metaprogramming or even dynamic linking, there are often ways to dynamically generate code under the control of a programmer, either through reflection mechanisms or libraries for supporting code generation (for example, LLVM).

In addition to a simple one-stage eval , more generally, languages ​​that support multi- stage computation allow programs to be generated from one stage to another for an arbitrary number of stages, making it possible to safely, arbitrarily socket evals .

To quote Taha, who has a multi-step programming thesis , introduces much of the theory.

Program generation is a powerful and common way to develop software. It has been used to improve code reuse, product reliability and maintainability, developer productivity and resource utilization, and developer productivity.

The languages ​​you are looking for usually contain three primitives in one form or another:

  • delay
  • splicing
  • run

to delay the calculation by one step (for example, quoting a fragment as a string), combining it into a running program and executing this fragment (in Lisp, backtick, comma, and eval).

Lisp and eval

A generalization of eval for multi-stage programming

In multi-stage programming:

  • Taha, Multistage Programming: Its Theory and Applications
  • Nielson, Fleming and Nielson, Hanne Riis, two-level functional languages, introduced languages ​​with 2 levels.
  • Taha, Walid and Sheard, Tim, multi-stage programming with explicit annotations are simple operators to support all metaprogramming methods at runtime.

Providing types for multi-stage programming

Formal descriptions of multi-stage computations are quite complex and include unusual methods (for programming languages), such as modal logic.

Providing metaprogram types:

  • Wickline, Philip and Lee, Peter and Pfenning, Frank and Davies, Rowan, Modal, as intermediate specifications for generating code at runtime.

Security concerns

The complexity of formalizing the semantics of multi-stage programming explains why they often confuse systems to work, and why eval can open up so many security problems: it becomes unclear what code is executed, when and exactly what data is converted to code. Getting the header from one stage to another is more difficult, which leads to attacks with code injections. Such complexity does not help security.

+5
source

Certainly can be done in many interpreted scripting languages. And some languages ​​are specifically designed for this. This can be done, as far as I know, in:

  • Perl
  • Php
  • Lisp (and dialects such as CL, Clojure, schema, etc.).
  • Javascript
+3
source

This can be done in all dialects of Lisp where this function originated under the name eval , as well as in Prolog ( call/1 ) and any number of other languages. Most of them contain the name eval , and most of them are dynamic languages.

Saying this is hardly a great feature. I would call this a serious security issue, given how easy it is to abuse this feature. If you want to execute dynamic code, then writing your own, limited, micro-interpreter (or using something like Lua) is almost always better.

+3
source

Source: https://habr.com/ru/post/890560/

More articles:


All Articles