On 2008 Apr 06, at 22:59, Elf wrote:
And as I believe I heard someone say on #scheme the other day, if
your program involves EVAL, it's probably broken. Even if the
EVAL is hidden behind something else.
This sentence makes no sense to me, as this would imply that all
programs are always broken.
eval running within the program, not the eval being used to run the
program.
so, like, what lambda internals do within a program, or what internal
let forms do, or like what happens to arguments before being passed to
procedures, or ....
None of those involves an explicit or implicit call to EVAL, they all
involve variations on application. An interpreter likely implements them
as calls to EVAL, but a compiler almost certainly doesn't.
I'm glad Scheme has EVAL, it lets us write the REPL and various tools in
Scheme, but, if Scheme (or Lisp in general) were widely used, EVAL-
injection
attacts would be very popular among crackers. It's a wonderful feature,
but must be used with great caution.
-- vincent
_______________________________________________
Chicken-users mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/chicken-users
