tl;dr
Ideally you shouldn’t use eval
, because it inhibits many optimizations and makes code run slower. new Function(argname1, argname2, ..., code)
doesn’t inhibit optimizations, so it’s a better way to dynamically generate code. (This may require passing in arguments instead of using names for local variables. That’s the price you pay to play nice with compilers that could optimize but for eval
.)
Nevertheless, it’s still possible to use eval
in ES5. eval
of normal code behaves as it always has. But eval
of strict mode code behaves differently: any variables created by the code being evaluated affect only that code, not the enclosing scope. (The enclosing scope’s variables are still visible in the eval
code if they aren’t shadowed.) Firefox now correctly binds variables created by strict mode eval
code, completing the last major component of strict mode (though bugs remain). These programs demonstrate the idea:
var x = 2, y = 3; print(eval("var x = 9; x")); // prints 9 print(x); // prints 9 print(eval("'use strict'; var x = 5; x")); // prints 5 print(eval("'use strict'; var x = 7; x")); // prints 7 print(eval("'use strict'; y")); // prints 3 print(x); // prints 9
"use strict"; var x = 2, y = 3; // NB: Strictness propagates into eval code evaluated by a // direct call to eval — a call occurring through an // expression of the form eval(...). print(eval("var x = 5; x")); // prints 5 print(eval("var x = 7; x")); // prints 7 print(eval("y")); // prints 3 print(x); // prints 2
This partially defangs eval
. But even strict mode eval
inhibits optimizations, so you are still better off avoiding it.
eval
is a double-edged sword
eval
is one of the most powerful parts of JavaScript: it enables runtime code generation. You can compile code to perform specific operations, avoiding unnecessary general-purpose overhead — a powerful concept. (But you’d be better off using new Function(argname1, argname2, ..., code)
, which doesn’t inhibit optimizations and still enables code generation, at loss of the ability to capture the local scope. Code using eval
may see considerable speedups: for example, roc’s CPU emulator sped up ~14% switching from eval
to Function
. Less beefy code won’t see that magnitude of win, yet why give up performance when you have a ready alternative?)
Yet at the same time, eval
is too powerful. As inline assembly is to C or C++ (at least without the information gcc‘s asm
syntax requires), so is eval
to JavaScript. In both instances a powerful construct inhibits many optimizations. Even if you don’t care about optimizations or performance, eval
‘s ability to introduce and delete bindings makes code that uses it much harder to reason about.
eval
arbitrarily mutates variables
At its simplest, eval
can change the value of any variable:
function test(code) { var v = 1; eval(code); return v; } assert(test("v = 2") === 2);
Thus you can’t reorder or constant-fold assignments past eval
: eval
forces everything to be “written to disk” so that the eval
code can observe it, and likewise it forces everything to be read back “from disk” when needed next. Without costly analysis you can’t store v
in a register across the call.
eval
can insert bindings after compilation
eval
‘s ability to add bindings is worse. This can make it impossible to say what a name refers to until runtime:
var v; function test(code) { eval(code); return v; }
Does the v
in the return statement mean the global variable? You can’t know without knowing the code eval
will compile and run. If that code is "var v = 17;"
it refers to a new variable. If that code is "/* psych! */"
it refers to the global variable. eval
in a function will deoptimize any name in that function which refers to a variable in an enclosing scope. (And don’t forget that the name test
itself is in an enclosing scope: if the function returned test
instead of v
, you couldn’t say whether that test
referred to the enclosing function or to a new variable without knowing code
.)
eval
can remove bindings added after compilation
You can also delete bindings introduced by eval
(but not any other variables):
var v = 42; function test(code) { eval(code); function f(code2) { eval(code2); return function g(code3) { eval(code3); return v; }; } return f; } var f = test("var v = 17;"); var g = f("var v = 8675309;"); assert(g("/* nada */") === 8675309); assert(g("var v = 5;") === 5); assert(g("delete v") === 17); assert(g("delete v") === 42); assert(g("delete v") === 42); // can't delete non-eval var (thankfully)
So not only can you not be sure what binding a name refers to given eval
, you can’t even be sure what binding it refers to over time! (Throw generators into the game and you also have to account for a scope without a binding containing that binding even after a function has “returned”.)
eval
can affect enclosing scopes
Worst, none of these complications (and I’ve listed only a few) are limited to purely local variables. eval
can affect any variable it can see at runtime, whether in its immediate function or in any enclosing function or globally. eval
is the fruit of the poisonous tree: it taints not just the scope containing it, but all scopes containing it.
Save us, ES5!
ES5 brings some relief from this madness: strict mode eval
can no longer introduce or delete bindings. (Normal eval
remains unchanged.) Deleting a binding is impossible in strict mode because delete name
is a syntax error. And instead of introducing bindings in the calling scope, eval
of strict mode code introduces bindings for that code only:
var x = 2, y = 3; print(eval("var x = 9; x")); // prints 9 print(x); // prints 9 print(eval("'use strict'; var x = 5; x")); // prints 5 print(eval("'use strict'; var x = 7; x")); // prints 7 print(eval("'use strict'; y")); // prints 3 print(x); // prints 9
This works best if you have strict mode all the way down, so that eval
can never affect the bindings of any scope (and so you don’t need "use strict"
at the start of every eval
code):
"use strict"; var x = 2, y = 3; // NB: Strictness propagates into eval code evaluated by a // direct call to eval — a call occurring through an // expression of the form eval(...). print(eval("var x = 5; x")); // prints 5 print(eval("var x = 7; x")); // prints 7 print(eval("y")); // prints 3 print(x); // prints 2
Names in strict mode code can thus be associated without having to worry about eval
in strict mode code altering bindings, preserving additional optimization opportunities.
Firefox now correctly implements strict mode eval
code binding semantics (modulo bugs, of course).
So if I write strict mode code, should I use eval
?
eval
‘s worst aspects are gone in strict mode, but using it still isn’t a good idea. It can still change variables in ways the JavaScript compiler can’t detect, so strict mode eval
still generally forces every variable to be saved before it occurs and to be reloaded when needed. This deoptimization is unavoidable if runtime code generation can affect dynamically-determined local variables. It’s still better to use Function
than to use eval
.
Also, as a temporary SpiderMonkey-specific concern, we don’t perform many of the binding optimizations strict mode eval
enables. Binding semantics might (I haven’t tested, and it’s entirely possible the extra work is unnoticeable in practice) slow down strict eval
compared to normal eval
. Strict mode eval
performance in SpiderMonkey won’t be much better than that of regular eval
, and it might be slightly worse. We’ll fix this over time, but for now don’t expect strict mode eval
to improve performance. (If you really need performance, don’t use eval
.)
Conclusion
eval
is powerful — arguably too powerful. ES5’s strict mode blunts eval
‘s sharpest corners to simplify it and permit typical optimizations in code using it. But while strict mode eval
is better than regular eval
, Function
is still the best way to generate code at runtime. If you must use eval
, consider using strict mode eval
for a simpler binding model and eventual performance benefits.
You can experiment with a version of Firefox with these changes by downloading a nightly build. (Don’t forget to use the profile manager if you want to keep the settings you use with your primary Firefox installation pristine.)