필터 지우기
필터 지우기

How to check if eval() changes values of any local variables?

조회 수: 1 (최근 30일)
Kirill Andreev
Kirill Andreev 2012년 1월 16일
Dear all,
I have a GUI that lets users to evaluate custom scripts, mostly problem oriented functions. The scripts for running need to create some temporary variables and I would like to make sure that they don’t mess up the local workspace. Is there any clean and neat way to do?
Thank you for your help, Kirill Andreev

이 질문에 답변하려면 로그인하십시오.

답변 (3개)

Walter Roberson
Walter Roberson 2012년 1월 16일
No, it is always possible to escape from eval() and do arbitrary things. What-ever mechanisms MathWorks uses for the Contents are not available to users.
If you want security, do not use eval() on user input without having proven the input to be harmless (which is generally a tough task.)
Sean de Wolski
Sean de Wolski 2012년 1월 16일
Package their script into a function (using fopen/fwrite/fprintf so that it uses its own local workspace. Call the function.
Waallaa! No eval and no poofing
  댓글 수: 3
이전 댓글 1개 표시
Kirill Andreev
Kirill Andreev 2012년 1월 16일
Thank you everyone. I will try this function-wrapping suggestion. I understand that it would be hard to do it completely fool proof but I need something better than simple eval(). Most of the users who is going to use this application are going to run it as a complied GUI and I would consider it a very rare event if anyone will insert statement assignin() or similar.
Right now, before executing an external script, I dump all my local variables on disk and as soon the script is finished I resuscitate them. It is not very time efficient so I wondered if there is a better way.
Sean de Wolski
Sean de Wolski 2012년 1월 16일
Rather than saving them to disk you could set them to appdata, which will be MUCH faster:
doc setappdata/doc getappdata

댓글을 달려면 로그인하십시오.

Jan
Jan 2012년 1월 16일
You can shadow assignin by creating an own function with the same name. Then you can catch the 'base' and 'caller' argument and collect all changes separately from the actual workspace.
As long as the users can call eval, strange this will happen - promissed! Somebody will create a variable called 'load' and you will not be able to load the variable dump any longer.
  댓글 수: 2
Walter Roberson
Walter Roberson 2012년 1월 16일
And then the user will create a variable named "builtin"...
Kirill Andreev
Kirill Andreev 2012년 1월 16일
Generally speaking, as far as Matlab lets create variables with assignment operator and variables are given preference over functions, I am out of luck… It turns out that it is not completely true.
I was playing with clearvars function just to delete all local variables assigned by external script and reload all my variables from the disk. It turned out that clearvars is still treated by Matlab as a function after calling external script even if clearvars was used as a variable inside the script. Apparently, preference rules are different for variables created by eval() and for variables created in a usual way. Below couple examples. In first one clearvars is a variable as expected. And in the second one it is treated as a function even if a variable with the same name is created by eval(). I don’t know though if it is documented behaviour to rely on it.
function eval_test
clc
myvar = 10;
% eval('clearvars = 10;');
clearvars = 10;
clearvars
whos
====================
clearvars =
10
Name Size Bytes Class Attributes
ans 1x1 8 double
clearvars 1x1 8 double
myvar 1x1 8 double
>>
function eval_test
clc
myvar = 10;
eval('clearvars = 10;');
%clearvars = 10;
clearvars
whos
=================================
not output produced

댓글을 달려면 로그인하십시오.

카테고리

Help CenterFile Exchange에서 Workspace Variables and MAT-Files에 대해 자세히 알아보기

태그

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by