blocks|key|1098654|text|我想我会使用eval()，但首先要检查以确保字符串是一个有效的数学表达式，而不是恶意的东西。您可以使用正则表达式进行验证。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1098655|eval()还采用额外的参数，您可以使用这些参数来限制其操作的名称空间，以获得更高的安全性。|1098656|entityMap^0|6|6|0|0|6|0^^$0|@$1|2|3|4|5|6|7|J|8|@$9|K|A|L|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|M|8|@$9|N|A|O|B|C]]|D|@]|E|$]]|$1|H|3|-4|5|6|7|P|8|@]|D|@]|E|$]]]|I|$]]

I think I would use <code>eval()</code>, but would first check to make sure the string is a valid mathematical expression, as opposed to something malicious. You could use a regex for the validation.

<code>eval()</code> also takes additional arguments which you can use to restrict the namespace it operates in for greater security.

blocks|key|1313725|text|Pyparsing可用于解析数学表达式。特别是，fourFn.py展示了如何解析基本的算术表达式。下面，为了便于重用，我将fourFn重新包装到一个数字解析器类中。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1313726|from+__future__+import+division
from+pyparsing+import+(Literal,+CaselessLiteral,+Word,+Combine,+Group,+Optional,
+++++++++++++++++++++++ZeroOrMore,+Forward,+nums,+alphas,+oneOf)
import+math
import+operator

__author__+=+'Paul+McGuire'
__version__+=+'$Revision:+0.0+$'
__date__+=+'$Date:+2009-03-20+$'
__source__+=+'''http://pyparsing.wikispaces.com/file/view/fourFn.py
http://pyparsing.wikispaces.com/message/view/home/15549426
'''
__note__+=+'''
All+I've+done+is+rewrap+Paul+McGuire's+fourFn.py+as+a+class,+so+I+can+use+it
more+easily+in+other+places.
'''


class+NumericStringParser(object):
++++'''
++++Most+of+this+code+comes+from+the+fourFn.py+pyparsing+example

++++'''

++++def+pushFirst(self,+strg,+loc,+toks):
++++++++self.exprStack.append(toks[0])

++++def+pushUMinus(self,+strg,+loc,+toks):
++++++++if+toks+and+toks[0]+==+'-':
++++++++++++self.exprStack.append('unary+-')

++++def+__init__(self):
++++++++"""
++++++++expop+++::+'%5E'
++++++++multop++::+'*'+%7C+'/'
++++++++addop+++::+'%2B'+%7C+'-'
++++++++integer+::+['%2B'+%7C+'-']+'0'..'9'%2B
++++++++atom++++::+PI+%7C+E+%7C+real+%7C+fn+'('+expr+')'+%7C+'('+expr+')'
++++++++factor++::+atom+[+expop+factor+]*
++++++++term++++::+factor+[+multop+factor+]*
++++++++expr++++::+term+[+addop+term+]*
++++++++"""
++++++++point+=+Literal(".")
++++++++e+=+CaselessLiteral("E")
++++++++fnumber+=+Combine(Word("%2B-"+%2B+nums,+nums)+%2B
++++++++++++++++++++++++++Optional(point+%2B+Optional(Word(nums)))+%2B
++++++++++++++++++++++++++Optional(e+%2B+Word("%2B-"+%2B+nums,+nums)))
++++++++ident+=+Word(alphas,+alphas+%2B+nums+%2B+"_$")
++++++++plus+=+Literal("%2B")
++++++++minus+=+Literal("-")
++++++++mult+=+Literal("*")
++++++++div+=+Literal("/")
++++++++lpar+=+Literal("(").suppress()
++++++++rpar+=+Literal(")").suppress()
++++++++addop+=+plus+%7C+minus
++++++++multop+=+mult+%7C+div
++++++++expop+=+Literal("%5E")
++++++++pi+=+CaselessLiteral("PI")
++++++++expr+=+Forward()
++++++++atom+=+((Optional(oneOf("-+%2B"))+%2B
+++++++++++++++++(ident+%2B+lpar+%2B+expr+%2B+rpar+%7C+pi+%7C+e+%7C+fnumber).setParseAction(self.pushFirst))
++++++++++++++++%7C+Optional(oneOf("-+%2B"))+%2B+Group(lpar+%2B+expr+%2B+rpar)
++++++++++++++++).setParseAction(self.pushUMinus)
++++++++#+by+defining+exponentiation+as+"atom+[+%5E+factor+]..."+instead+of
++++++++#+"atom+[+%5E+atom+]...",+we+get+right-to-left+exponents,+instead+of+left-to-right
++++++++#+that+is,+2%5E3%5E2+=+2%5E(3%5E2),+not+(2%5E3)%5E2.
++++++++factor+=+Forward()
++++++++factor+<<+atom+%2B+\
++++++++++++ZeroOrMore((expop+%2B+factor).setParseAction(self.pushFirst))
++++++++term+=+factor+%2B+\
++++++++++++ZeroOrMore((multop+%2B+factor).setParseAction(self.pushFirst))
++++++++expr+<<+term+%2B+\
++++++++++++ZeroOrMore((addop+%2B+term).setParseAction(self.pushFirst))
++++++++#+addop_term+=+(+addop+%2B+term+).setParseAction(+self.pushFirst+)
++++++++#+general_term+=+term+%2B+ZeroOrMore(+addop_term+)+%7C+OneOrMore(+addop_term)
++++++++#+expr+<<++general_term
++++++++self.bnf+=+expr
++++++++#+map+operator+symbols+to+corresponding+arithmetic+operations
++++++++epsilon+=+1e-12
++++++++self.opn+=+{"%2B":+operator.add,
++++++++++++++++++++"-":+operator.sub,
++++++++++++++++++++"*":+operator.mul,
++++++++++++++++++++"/":+operator.truediv,
++++++++++++++++++++"%5E":+operator.pow}
++++++++self.fn+=+{"sin":+math.sin,
+++++++++++++++++++"cos":+math.cos,
+++++++++++++++++++"tan":+math.tan,
+++++++++++++++++++"exp":+math.exp,
+++++++++++++++++++"abs":+abs,
+++++++++++++++++++"trunc":+lambda+a:+int(a),
+++++++++++++++++++"round":+round,
+++++++++++++++++++"sgn":+lambda+a:+abs(a)+>+epsilon+and+cmp(a,+0)+or+0}

++++def+evaluateStack(self,+s):
++++++++op+=+s.pop()
++++++++if+op+==+'unary+-':
++++++++++++return+-self.evaluateStack(s)
++++++++if+op+in+"%2B-*/%5E":
++++++++++++op2+=+self.evaluateStack(s)
++++++++++++op1+=+self.evaluateStack(s)
++++++++++++return+self.opn[op](op1,+op2)
++++++++elif+op+==+"PI":
++++++++++++return+math.pi++#+3.1415926535
++++++++elif+op+==+"E":
++++++++++++return+math.e++#+2.718281828
++++++++elif+op+in+self.fn:
++++++++++++return+self.fn[op](self.evaluateStack(s))
++++++++elif+op[0].isalpha():
++++++++++++return+0
++++++++else:
++++++++++++return+float(op)

++++def+eval(self,+num_string,+parseAll=True):
++++++++self.exprStack+=+[]
++++++++results+=+self.bnf.parseString(num_string,+parseAll)
++++++++val+=+self.evaluateStack(self.exprStack[:])
++++++++return+val|code-block|syntax|javascript|1313727|您可以像这样使用它|1313728|nsp+=+NumericStringParser()
result+=+nsp.eval('2%5E4')
print(result)
#+16.0

result+=+nsp.eval('exp(2%5E4)')
print(result)
#+8886110.520507872|1313729|entityMap|0|LINK|mutability|MUTABLE|url|https://github.com/pyparsing/pyparsing|1|https://github.com/pyparsing/pyparsing/blob/master/examples/fourFn.py^0|0|9|0|O|9|1|0|0|0|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@$A|X|B|Y|1|Z]|$A|10|B|11|1|12]]|C|$]]|$1|D|3|E|5|F|7|13|8|@]|9|@]|C|$G|H]]|$1|I|3|J|5|6|7|14|8|@]|9|@]|C|$]]|$1|K|3|L|5|F|7|15|8|@]|9|@]|C|$G|H]]|$1|M|3|-4|5|6|7|16|8|@]|9|@]|C|$]]]|N|$O|$5|P|Q|R|C|$S|T]]|U|$5|P|Q|R|C|$S|V]]]]

<a href="https://github.com/pyparsing/pyparsing" rel="noreferrer">Pyparsing</a> can be used to parse mathematical expressions. In particular, <a href="https://github.com/pyparsing/pyparsing/blob/master/examples/fourFn.py" rel="noreferrer">fourFn.py</a>
shows how to parse basic arithmetic expressions. Below, I've rewrapped fourFn into a numeric parser class for easier reuse. 

<pre><code>from __future__ import division
from pyparsing import (Literal, CaselessLiteral, Word, Combine, Group, Optional,
 ZeroOrMore, Forward, nums, alphas, oneOf)
import math
import operator

__author__ = 'Paul McGuire'
__version__ = '$Revision: 0.0 $'
__date__ = '$Date: 2009-03-20 $'
__source__ = '''http://pyparsing.wikispaces.com/file/view/fourFn.py
http://pyparsing.wikispaces.com/message/view/home/15549426
'''
__note__ = '''
All I've done is rewrap Paul McGuire's fourFn.py as a class, so I can use it
more easily in other places.
'''


class NumericStringParser(object):
 '''
 Most of this code comes from the fourFn.py pyparsing example

 '''

 def pushFirst(self, strg, loc, toks):
 self.exprStack.append(toks[0])

 def pushUMinus(self, strg, loc, toks):
 if toks and toks[0] == '-':
 self.exprStack.append('unary -')

 def __init__(self):
 """
 expop :: '^'
 multop :: '*' | '/'
 addop :: '+' | '-'
 integer :: ['+' | '-'] '0'..'9'+
 atom :: PI | E | real | fn '(' expr ')' | '(' expr ')'
 factor :: atom [ expop factor ]*
 term :: factor [ multop factor ]*
 expr :: term [ addop term ]*
 """
 point = Literal(".")
 e = CaselessLiteral("E")
 fnumber = Combine(Word("+-" + nums, nums) +
 Optional(point + Optional(Word(nums))) +
 Optional(e + Word("+-" + nums, nums)))
 ident = Word(alphas, alphas + nums + "_$")
 plus = Literal("+")
 minus = Literal("-")
 mult = Literal("*")
 div = Literal("/")
 lpar = Literal("(").suppress()
 rpar = Literal(")").suppress()
 addop = plus | minus
 multop = mult | div
 expop = Literal("^")
 pi = CaselessLiteral("PI")
 expr = Forward()
 atom = ((Optional(oneOf("- +")) +
 (ident + lpar + expr + rpar | pi | e | fnumber).setParseAction(self.pushFirst))
 | Optional(oneOf("- +")) + Group(lpar + expr + rpar)
 ).setParseAction(self.pushUMinus)
 # by defining exponentiation as "atom [ ^ factor ]..." instead of
 # "atom [ ^ atom ]...", we get right-to-left exponents, instead of left-to-right
 # that is, 2^3^2 = 2^(3^2), not (2^3)^2.
 factor = Forward()
 factor &lt;&lt; atom + \
 ZeroOrMore((expop + factor).setParseAction(self.pushFirst))
 term = factor + \
 ZeroOrMore((multop + factor).setParseAction(self.pushFirst))
 expr &lt;&lt; term + \
 ZeroOrMore((addop + term).setParseAction(self.pushFirst))
 # addop_term = ( addop + term ).setParseAction( self.pushFirst )
 # general_term = term + ZeroOrMore( addop_term ) | OneOrMore( addop_term)
 # expr &lt;&lt; general_term
 self.bnf = expr
 # map operator symbols to corresponding arithmetic operations
 epsilon = 1e-12
 self.opn = {"+": operator.add,
 "-": operator.sub,
 "*": operator.mul,
 "/": operator.truediv,
 "^": operator.pow}
 self.fn = {"sin": math.sin,
 "cos": math.cos,
 "tan": math.tan,
 "exp": math.exp,
 "abs": abs,
 "trunc": lambda a: int(a),
 "round": round,
 "sgn": lambda a: abs(a) &gt; epsilon and cmp(a, 0) or 0}

 def evaluateStack(self, s):
 op = s.pop()
 if op == 'unary -':
 return -self.evaluateStack(s)
 if op in "+-*/^":
 op2 = self.evaluateStack(s)
 op1 = self.evaluateStack(s)
 return self.opn[op](op1, op2)
 elif op == "PI":
 return math.pi # 3.1415926535
 elif op == "E":
 return math.e # 2.718281828
 elif op in self.fn:
 return self.fn[op](self.evaluateStack(s))
 elif op[0].isalpha():
 return 0
 else:
 return float(op)

 def eval(self, num_string, parseAll=True):
 self.exprStack = []
 results = self.bnf.parseString(num_string, parseAll)
 val = self.evaluateStack(self.exprStack[:])
 return val
</code></pre>

You can use it like this

<pre><code>nsp = NumericStringParser()
result = nsp.eval('2^4')
print(result)
# 16.0

result = nsp.eval('exp(2^4)')
print(result)
# 8886110.520507872
</code></pre>

blocks|key|1098900|text|在干净的命名空间中使用eval：|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1098901|>>>+ns+=+{'__builtins__':+None}
>>>+eval('2+**+4',+ns)
16|code-block|syntax|javascript|1098902|干净的命名空间应该防止注入。例如：|1098903|>>>+eval('__builtins__.__import__("os").system("echo+got+through")',+ns)
Traceback+(most+recent+call+last):
++File+"<stdin>",+line+1,+in+<module>
++File+"<string>",+line+1,+in+<module>
AttributeError:+'NoneType'+object+has+no+attribute+'__import__'|1098904|否则你会得到：|1098905|>>>+eval('__builtins__.__import__("os").system("echo+got+through")')
got+through
0|1098906|您可能希望提供对数学模块的访问权限：|1098907|>>>+import+math
>>>+ns+=+vars(math).copy()
>>>+ns['__builtins__']+=+None
>>>+eval('cos(pi/3)',+ns)
0.50000000000000011|1098908|entityMap^0|B|4|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Y|8|@$9|Z|A|10|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|11|8|@]|D|@]|E|$I|J]]|$1|K|3|L|5|6|7|12|8|@]|D|@]|E|$]]|$1|M|3|N|5|H|7|13|8|@]|D|@]|E|$I|J]]|$1|O|3|P|5|6|7|14|8|@]|D|@]|E|$]]|$1|Q|3|R|5|H|7|15|8|@]|D|@]|E|$I|J]]|$1|S|3|T|5|6|7|16|8|@]|D|@]|E|$]]|$1|U|3|V|5|H|7|17|8|@]|D|@]|E|$I|J]]|$1|W|3|-4|5|6|7|18|8|@]|D|@]|E|$]]]|X|$]]

Use <code>eval</code> in a clean namespace:

<pre><code>&gt;&gt;&gt; ns = {'__builtins__': None}
&gt;&gt;&gt; eval('2 ** 4', ns)
16
</code></pre>

The clean namespace should prevent injection. For instance:

<pre><code>&gt;&gt;&gt; eval('__builtins__.__import__("os").system("echo got through")', ns)
Traceback (most recent call last):
 File "&lt;stdin&gt;", line 1, in &lt;module&gt;
 File "&lt;string&gt;", line 1, in &lt;module&gt;
AttributeError: 'NoneType' object has no attribute '__import__'
</code></pre>

Otherwise you would get:

<pre><code>&gt;&gt;&gt; eval('__builtins__.__import__("os").system("echo got through")')
got through
0
</code></pre>

You might want to give access to the math module:

<pre><code>&gt;&gt;&gt; import math
&gt;&gt;&gt; ns = vars(math).copy()
&gt;&gt;&gt; ns['__builtins__'] = None
&gt;&gt;&gt; eval('cos(pi/3)', ns)
0.50000000000000011
</code></pre>

blocks|key|1313958|text|这是一个很晚的回复，但我认为对以后的参考很有帮助。您可以使用SymPy，而不是编写自己的数学解析器(尽管上面的pyparsing示例很棒)。我对它没有太多的经验，但它包含了一个比任何人都可能为特定应用程序编写的更强大的数学引擎，并且基本表达式计算非常简单：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1313959|>>>+import+sympy
>>>+x,+y,+z+=+sympy.symbols('x+y+z')
>>>+sympy.sympify("x**3+%2B+sin(y)").evalf(subs={x:1,+y:-3})
0.858879991940133|code-block|syntax|javascript|1313960|确实很酷！from+sympy+import+*引入了更多的函数支持，如trig函数、特殊函数等，但我在这里避免了这些，以显示其来源。|offset|length|style|CODE|1313961|entityMap^0|0|0|5|J|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Q|8|@$I|R|J|S|K|L]]|9|@]|A|$]]|$1|M|3|-4|5|6|7|T|8|@]|9|@]|A|$]]]|N|$]]

This is a massively late reply, but I think useful for future reference. Rather than write your own math parser (although the pyparsing example above is great) you could use SymPy. I don't have a lot of experience with it, but it contains a much more powerful math engine than anyone is likely to write for a specific application and the basic expression evaluation is very easy:

<pre><code>&gt;&gt;&gt; import sympy
&gt;&gt;&gt; x, y, z = sympy.symbols('x y z')
&gt;&gt;&gt; sympy.sympify("x**3 + sin(y)").evalf(subs={x:1, y:-3})
0.858879991940133
</code></pre>

Very cool indeed! A <code>from sympy import *</code> brings in a lot more function support, such as trig functions, special functions, etc., but I've avoided that here to show what's coming from where.

blocks|key|1314127|text|eval是邪恶的|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1314128|eval("__import__('os').remove('important+file')")+#+arbitrary+commands
eval("9**9**9**9**9**9**9**9",+{'__builtins__':+None})+#+CPU,+memory|code-block|syntax|javascript|1314129|注意:即使您使用None设置__builtins__，仍然可以使用自省来突破：|1314130|eval('(1).__class__.__bases__[0].__subclasses__()',+{'__builtins__':+None})|1314131|使用ast计算算术表达式|1314132|import+ast
import+operator+as+op

#+supported+operators
operators+=+{ast.Add:+op.add,+ast.Sub:+op.sub,+ast.Mult:+op.mul,
+++++++++++++ast.Div:+op.truediv,+ast.Pow:+op.pow,+ast.BitXor:+op.xor,
+++++++++++++ast.USub:+op.neg}

def+eval_expr(expr):
++++"""
++++>>>+eval_expr('2%5E6')
++++4
++++>>>+eval_expr('2**6')
++++64
++++>>>+eval_expr('1+%2B+2*3**(4%5E5)+/+(6+%2B+-7)')
++++-5.0
++++"""
++++return+eval_(ast.parse(expr,+mode='eval').body)

def+eval_(node):
++++if+isinstance(node,+ast.Num):+#+<number>
++++++++return+node.n
++++elif+isinstance(node,+ast.BinOp):+#+<left>+<operator>+<right>
++++++++return+operators[type(node.op)](eval_(node.left),+eval_(node.right))
++++elif+isinstance(node,+ast.UnaryOp):+#+<operator>+<operand>+e.g.,+-1
++++++++return+operators[type(node.op)](eval_(node.operand))
++++else:
++++++++raise+TypeError(node)|1314133|您可以轻松地限制每个操作或任何中间结果的允许范围，例如，限制a**b的输入参数|1314134|def+power(a,+b):
++++if+any(abs(n)+>+100+for+n+in+[a,+b]):
++++++++raise+ValueError((a,b))
++++return+op.pow(a,+b)
operators[ast.Pow]+=+power|1314135|或者限制中间结果的大小：|1314136|import+functools

def+limit(max_=None):
++++"""Return+decorator+that+limits+allowed+returned+values."""
++++def+decorator(func):
++++++++@functools.wraps(func)
++++++++def+wrapper(*args,+**kwargs):
++++++++++++ret+=+func(*args,+**kwargs)
++++++++++++try:
++++++++++++++++mag+=+abs(ret)
++++++++++++except+TypeError:
++++++++++++++++pass+#+not+applicable
++++++++++++else:
++++++++++++++++if+mag+>+max_:
++++++++++++++++++++raise+ValueError(ret)
++++++++++++return+ret
++++++++return+wrapper
++++return+decorator

eval_+=+limit(max_=10**100)(eval_)|1314137|示例|1314138|>>>+evil+=+"__import__('os').remove('important+file')"
>>>+eval_expr(evil)+#doctest:%2BIGNORE_EXCEPTION_DETAIL
Traceback+(most+recent+call+last):
...
TypeError:
>>>+eval_expr("9**9")
387420489
>>>+eval_expr("9**9**9**9**9**9**9**9")+#doctest:%2BIGNORE_EXCEPTION_DETAIL
Traceback+(most+recent+call+last):
...
ValueError:|1314139|entityMap^0|0|4|0|0|8|4|E|C|0|0|2|3|0|0|U|4|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|16|8|@$9|17|A|18|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|19|8|@]|D|@]|E|$I|J]]|$1|K|3|L|5|6|7|1A|8|@$9|1B|A|1C|B|C]|$9|1D|A|1E|B|C]]|D|@]|E|$]]|$1|M|3|N|5|H|7|1F|8|@]|D|@]|E|$I|J]]|$1|O|3|P|5|6|7|1G|8|@$9|1H|A|1I|B|C]]|D|@]|E|$]]|$1|Q|3|R|5|H|7|1J|8|@]|D|@]|E|$I|J]]|$1|S|3|T|5|6|7|1K|8|@$9|1L|A|1M|B|C]]|D|@]|E|$]]|$1|U|3|V|5|H|7|1N|8|@]|D|@]|E|$I|J]]|$1|W|3|X|5|6|7|1O|8|@]|D|@]|E|$]]|$1|Y|3|Z|5|H|7|1P|8|@]|D|@]|E|$I|J]]|$1|10|3|11|5|6|7|1Q|8|@]|D|@]|E|$]]|$1|12|3|13|5|H|7|1R|8|@]|D|@]|E|$I|J]]|$1|14|3|-4|5|6|7|1S|8|@]|D|@]|E|$]]]|15|$]]

<h2><code>eval</code> is evil</h2>

<pre><code>eval("__import__('os').remove('important file')") # arbitrary commands
eval("9**9**9**9**9**9**9**9", {'__builtins__': None}) # CPU, memory
</code></pre>

Note: even if you use set <code>__builtins__</code> to <code>None</code> it still might be possible to break out using introspection:

<pre><code>eval('(1).__class__.__bases__[0].__subclasses__()', {'__builtins__': None})
</code></pre>

<h2>Evaluate arithmetic expression using <code>ast</code></h2>

<pre><code>import ast
import operator as op

# supported operators
operators = {ast.Add: op.add, ast.Sub: op.sub, ast.Mult: op.mul,
 ast.Div: op.truediv, ast.Pow: op.pow, ast.BitXor: op.xor,
 ast.USub: op.neg}

def eval_expr(expr):
 """
 &gt;&gt;&gt; eval_expr('2^6')
 4
 &gt;&gt;&gt; eval_expr('2**6')
 64
 &gt;&gt;&gt; eval_expr('1 + 2*3**(4^5) / (6 + -7)')
 -5.0
 """
 return eval_(ast.parse(expr, mode='eval').body)

def eval_(node):
 if isinstance(node, ast.Num): # &lt;number&gt;
 return node.n
 elif isinstance(node, ast.BinOp): # &lt;left&gt; &lt;operator&gt; &lt;right&gt;
 return operators[type(node.op)](eval_(node.left), eval_(node.right))
 elif isinstance(node, ast.UnaryOp): # &lt;operator&gt; &lt;operand&gt; e.g., -1
 return operators[type(node.op)](eval_(node.operand))
 else:
 raise TypeError(node)
</code></pre>

You can easily limit allowed range for each operation or any intermediate result, e.g., to limit input arguments for <code>a**b</code>:

<pre><code>def power(a, b):
 if any(abs(n) &gt; 100 for n in [a, b]):
 raise ValueError((a,b))
 return op.pow(a, b)
operators[ast.Pow] = power
</code></pre>

Or to limit magnitude of intermediate results:

<pre><code>import functools

def limit(max_=None):
 """Return decorator that limits allowed returned values."""
 def decorator(func):
 @functools.wraps(func)
 def wrapper(*args, **kwargs):
 ret = func(*args, **kwargs)
 try:
 mag = abs(ret)
 except TypeError:
 pass # not applicable
 else:
 if mag &gt; max_:
 raise ValueError(ret)
 return ret
 return wrapper
 return decorator

eval_ = limit(max_=10**100)(eval_)
</code></pre>

<h3>Example</h3>

<pre><code>&gt;&gt;&gt; evil = "__import__('os').remove('important file')"
&gt;&gt;&gt; eval_expr(evil) #doctest:+IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
TypeError:
&gt;&gt;&gt; eval_expr("9**9")
387420489
&gt;&gt;&gt; eval_expr("9**9**9**9**9**9**9**9") #doctest:+IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
ValueError:
</code></pre>

blocks|key|1099279|text|好吧，那么eval的问题是，即使你摆脱了__builtins__，它也可以很容易地摆脱沙箱。所有用于转义沙箱的方法都归结为使用getattr或object.__getattribute__+(通过.操作符)通过某个允许的对象(''.__class__.__bases__[0].__subclasses__或类似对象)获取对某个危险对象的引用。通过将__builtins__设置为None来消除getattr。object.__getattribute__是困难的，因为它不能简单地被删除，因为object是不可变的，而且删除它会破坏一切。然而，eval只能通过.操作符访问，所以从输入中清除它就足以确保__getattribute__不会脱离它的沙箱。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1099280|在处理公式时，小数的唯一有效用法是在小数前面或后面跟[0-9]时，因此我们只需删除.的所有其他实例。|1099281|import+re
inp+=+re.sub(r"\.(?![0-9])","",+inp)
val+=+eval(inp,+{'__builtins__':None})|code-block|syntax|javascript|1099282|请注意，虽然python通常将1+%2B+1.视为1+%2B+1.0，但这将删除尾随的.，只留下1+%2B+1。您可以将)、和EOF添加到允许遵循.的列表中，但是为什么要麻烦呢？|1099283|entityMap^0|K|C|1R|7|1Z|N|2Q|1|35|14|4V|C|5A|4|5H|7|5P|N|6V|6|7T|1|8E|G|0|Q|5|15|1|0|0|F|6|N|7|13|1|18|5|1I|1|1L|3|1V|1|0^^$0|@$1|2|3|4|5|6|7|Q|8|@$9|R|A|S|B|C]|$9|T|A|U|B|C]|$9|V|A|W|B|C]|$9|X|A|Y|B|C]|$9|Z|A|10|B|C]|$9|11|A|12|B|C]|$9|13|A|14|B|C]|$9|15|A|16|B|C]|$9|17|A|18|B|C]|$9|19|A|1A|B|C]|$9|1B|A|1C|B|C]|$9|1D|A|1E|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|1F|8|@$9|1G|A|1H|B|C]|$9|1I|A|1J|B|C]]|D|@]|E|$]]|$1|H|3|I|5|J|7|1K|8|@]|D|@]|E|$K|L]]|$1|M|3|N|5|6|7|1L|8|@$9|1M|A|1N|B|C]|$9|1O|A|1P|B|C]|$9|1Q|A|1R|B|C]|$9|1S|A|1T|B|C]|$9|1U|A|1V|B|C]|$9|1W|A|1X|B|C]|$9|1Y|A|1Z|B|C]]|D|@]|E|$]]|$1|O|3|-4|5|6|7|20|8|@]|D|@]|E|$]]]|P|$]]

Okay, so the problem with eval is that it can escape its sandbox too easily, even if you get rid of <code>__builtins__</code>. All the methods for escaping the sandbox come down to using <code>getattr</code> or <code>object.__getattribute__</code> (via the <code>.</code> operator) to obtain a reference to some dangerous object via some allowed object (<code>''.__class__.__bases__[0].__subclasses__</code> or similar). <code>getattr</code> is eliminated by setting <code>__builtins__</code> to <code>None</code>. <code>object.__getattribute__</code> is the difficult one, since it cannot simply be removed, both because <code>object</code> is immutable and because removing it would break everything. However, <code>__getattribute__</code> is only accessible via the <code>.</code> operator, so purging that from your input is sufficient to ensure eval cannot escape its sandbox. 
In processing formulas, the only valid use of a decimal is when it is preceded or followed by <code>[0-9]</code>, so we just remove all other instances of <code>.</code>.

<pre><code>import re
inp = re.sub(r"\.(?![0-9])","", inp)
val = eval(inp, {'__builtins__':None})
</code></pre>

Note that while python normally treats <code>1 + 1.</code> as <code>1 + 1.0</code>, this will remove the trailing <code>.</code> and leave you with <code>1 + 1</code>. You could add <code>)</code>,<code></code>, and <code>EOF</code> to the list of things allowed to follow <code>.</code>, but why bother?

blocks|key|1099442|text|您可以使用ast模块并编写NodeVisitor来验证每个节点的类型是否为白名单的一部分。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1099443|import+ast,+math

locals+=++{key:+value+for+(key,value)+in+vars(math).items()+if+key[0]+!=+'_'}
locals.update({"abs":+abs,+"complex":+complex,+"min":+min,+"max":+max,+"pow":+pow,+"round":+round})

class+Visitor(ast.NodeVisitor):
++++def+visit(self,+node):
+++++++if+not+isinstance(node,+self.whitelist):
+++++++++++raise+ValueError(node)
+++++++return+super().visit(node)

++++whitelist+=+(ast.Module,+ast.Expr,+ast.Load,+ast.Expression,+ast.Add,+ast.Sub,+ast.UnaryOp,+ast.Num,+ast.BinOp,
++++++++++++ast.Mult,+ast.Div,+ast.Pow,+ast.BitOr,+ast.BitAnd,+ast.BitXor,+ast.USub,+ast.UAdd,+ast.FloorDiv,+ast.Mod,
++++++++++++ast.LShift,+ast.RShift,+ast.Invert,+ast.Call,+ast.Name)

def+evaluate(expr,+locals+=+{}):
++++if+any(elem+in+expr+for+elem+in+'\n#')+:+raise+ValueError(expr)
++++try:
++++++++node+=+ast.parse(expr.strip(),+mode='eval')
++++++++Visitor().visit(node)
++++++++return+eval(compile(node,+"<string>",+"eval"),+{'__builtins__':+None},+locals)
++++except+Exception:+raise+ValueError(expr)|code-block|syntax|javascript|1099444|因为它通过白名单而不是黑名单工作，所以它是安全的。它唯一可以访问的函数和变量是您显式授予它访问权限的函数和变量。我用与数学相关的函数填充了一个dict，以便您可以根据需要轻松地提供对这些函数的访问，但您必须显式使用它。|1099445|如果字符串试图调用未提供的函数，或调用任何方法，则会引发异常，并且不会执行。|1099446|因为这使用了Python内置的解析器和计算器，所以它还继承了Python的优先级和提升规则。|1099447|>>>+evaluate("7+%2B+9+*+(2+<<+2)")
79
>>>+evaluate("6+//+2+%2B+0.0")
3.0|1099448|上面的代码只在Python+3上测试过。|1099449|如果需要，您可以在此函数上添加超时装饰器。|1099450|entityMap^0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|V|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|W|8|@]|9|@]|A|$]]|$1|I|3|J|5|6|7|X|8|@]|9|@]|A|$]]|$1|K|3|L|5|6|7|Y|8|@]|9|@]|A|$]]|$1|M|3|N|5|D|7|Z|8|@]|9|@]|A|$E|F]]|$1|O|3|P|5|6|7|10|8|@]|9|@]|A|$]]|$1|Q|3|R|5|6|7|11|8|@]|9|@]|A|$]]|$1|S|3|-4|5|6|7|12|8|@]|9|@]|A|$]]]|T|$]]

You can use the ast module and write a NodeVisitor that verifies that the type of each node is part of a whitelist.

<pre><code>import ast, math

locals = {key: value for (key,value) in vars(math).items() if key[0] != '_'}
locals.update({"abs": abs, "complex": complex, "min": min, "max": max, "pow": pow, "round": round})

class Visitor(ast.NodeVisitor):
 def visit(self, node):
 if not isinstance(node, self.whitelist):
 raise ValueError(node)
 return super().visit(node)

 whitelist = (ast.Module, ast.Expr, ast.Load, ast.Expression, ast.Add, ast.Sub, ast.UnaryOp, ast.Num, ast.BinOp,
 ast.Mult, ast.Div, ast.Pow, ast.BitOr, ast.BitAnd, ast.BitXor, ast.USub, ast.UAdd, ast.FloorDiv, ast.Mod,
 ast.LShift, ast.RShift, ast.Invert, ast.Call, ast.Name)

def evaluate(expr, locals = {}):
 if any(elem in expr for elem in '\n#') : raise ValueError(expr)
 try:
 node = ast.parse(expr.strip(), mode='eval')
 Visitor().visit(node)
 return eval(compile(node, "&lt;string&gt;", "eval"), {'__builtins__': None}, locals)
 except Exception: raise ValueError(expr)
</code></pre>

Because it works via a whitelist rather than a blacklist, it is safe. The only functions and variables it can access are those you explicitly give it access to. I populated a dict with math-related functions so you can easily provide access to those if you want, but you have to explicitly use it.

If the string attempts to call functions that haven't been provided, or invoke any methods, an exception will be raised, and it will not be executed.

Because this uses Python's built in parser and evaluator, it also inherits Python's precedence and promotion rules as well.

<pre><code>&gt;&gt;&gt; evaluate("7 + 9 * (2 &lt;&lt; 2)")
79
&gt;&gt;&gt; evaluate("6 // 2 + 0.0")
3.0
</code></pre>

The above code has only been tested on Python 3.

If desired, you can add a timeout decorator on this function.

blocks|key|1099587|text|eval和exec如此危险的原因是，默认的compile函数将为任何有效的python表达式生成字节码，而默认的eval或exec将执行任何有效的python字节码。到目前为止，所有的答案都集中在限制可以生成的字节码(通过清理输入)，或者使用AST构建您自己的领域特定语言。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1099588|相反，您可以轻松地创建一个简单的eval函数，该函数不能做任何恶意的事情，并且可以很容易地对内存或所用时间进行运行时检查。当然，如果是简单的数学，那就有捷径了。|1099589|c+=+compile(stringExp,+'userinput',+'eval')
if+c.co_code[0]==b'd'+and+c.co_code[3]==b'S':
++++return+c.co_consts[ord(c.co_code[1])%2Bord(c.co_code[2])*256]|code-block|syntax|javascript|1099590|其工作方式很简单，任何常量数学表达式在编译期间都会被安全地计算并存储为常量。compile返回的代码对象由d+(+LOAD_CONST的字节码)、后跟要加载的常量的编号(通常是列表中的最后一个常量)和S+(+RETURN_VALUE的字节码)组成。如果此快捷方式不起作用，则意味着用户输入不是常量表达式(包含变量或函数调用或类似内容)。|1099591|这也为一些更复杂的输入格式打开了大门。例如：|1099592|stringExp+=+"1+%2B+cos(2)"|1099593|这需要实际计算字节码，这仍然非常简单。Python+bytecode是一种面向堆栈的语言，所以一切都是简单的TOS=stack.pop();+op(TOS);+stack.put(TOS)或类似的事情。关键是只实现安全的操作码(加载/存储值、数学操作、返回值)，而不是不安全的操作码(属性查找)。如果您希望用户能够调用函数(这就是不使用上面的快捷方式的全部原因)，只需简单地使您的CALL_FUNCTION实现只允许“安全”列表中的函数。|1099594|from+dis+import+opmap
from+Queue+import+LifoQueue
from+math+import+sin,cos
import+operator

globs+=+{'sin':sin,+'cos':cos}
safe+=+globs.values()

stack+=+LifoQueue()

class+BINARY(object):
++++def+__init__(self,+operator):
++++++++self.op=operator
++++def+__call__(self,+context):
++++++++stack.put(self.op(stack.get(),stack.get()))

class+UNARY(object):
++++def+__init__(self,+operator):
++++++++self.op=operator
++++def+__call__(self,+context):
++++++++stack.put(self.op(stack.get()))


def+CALL_FUNCTION(context,+arg):
++++argc+=+arg[0]%2Barg[1]*256
++++args+=+[stack.get()+for+i+in+range(argc)]
++++func+=+stack.get()
++++if+func+not+in+safe:
++++++++raise+TypeError("Function+%25r+now+allowed"%25func)
++++stack.put(func(*args))

def+LOAD_CONST(context,+arg):
++++cons+=+arg[0]%2Barg[1]*256
++++stack.put(context['code'].co_consts[cons])

def+LOAD_NAME(context,+arg):
++++name_num+=+arg[0]%2Barg[1]*256
++++name+=+context['code'].co_names[name_num]
++++if+name+in+context['locals']:
++++++++stack.put(context['locals'][name])
++++else:
++++++++stack.put(context['globals'][name])

def+RETURN_VALUE(context):
++++return+stack.get()

opfuncs+=+{
++++opmap['BINARY_ADD']:+BINARY(operator.add),
++++opmap['UNARY_INVERT']:+UNARY(operator.invert),
++++opmap['CALL_FUNCTION']:+CALL_FUNCTION,
++++opmap['LOAD_CONST']:+LOAD_CONST,
++++opmap['LOAD_NAME']:+LOAD_NAME
++++opmap['RETURN_VALUE']:+RETURN_VALUE,
}

def+VMeval(c):
++++context+=+dict(locals={},+globals=globs,+code=c)
++++bci+=+iter(c.co_code)
++++for+bytecode+in+bci:
++++++++func+=+opfuncs[ord(bytecode)]
++++++++if+func.func_code.co_argcount==1:
++++++++++++ret+=+func(context)
++++++++else:
++++++++++++args+=+ord(bci.next()),+ord(bci.next())
++++++++++++ret+=+func(context,+args)
++++++++if+ret:
++++++++++++return+ret

def+evaluate(expr):
++++return+VMeval(compile(expr,+'userinput',+'eval'))|1099595|显然，它的实际版本会更长一些(有119个操作码，其中24个与数学相关)。添加STORE_FAST和其他几个将允许像'x=5;return+x%2Bx或类似的输入，这很容易。它甚至可以用来执行用户创建的函数，只要用户创建的函数本身是通过VMeval执行的(不要使它们可调用！或者它们可以被用作某个地方的回调)。处理循环需要支持goto字节码，这意味着从for迭代器更改为while并维护指向当前指令的指针，但这并不太难。为了抵抗DOS，主循环应该检查自计算开始以来经过了多少时间，并且某些操作员应该拒绝超过某个合理限制的输入(BINARY_POWER是最明显的)。|1099596|虽然这种方法比简单表达式的简单语法解析器(参见上面关于获取编译的常量)要长一些，但它很容易扩展到更复杂的输入，并且不需要处理语法(compile接受任何复杂的东西，并将其简化为一系列简单的指令)。|1099597|entityMap^0|0|4|5|4|L|7|1K|4|1P|4|0|G|4|0|0|1H|1|1L|A|2S|1|2W|C|0|0|0|1I|14|5A|D|0|0|12|A|1L|F|4G|4|4T|3|52|5|78|C|0|1T|7|0^^$0|@$1|2|3|4|5|6|7|12|8|@$9|13|A|14|B|C]|$9|15|A|16|B|C]|$9|17|A|18|B|C]|$9|19|A|1A|B|C]|$9|1B|A|1C|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|1D|8|@$9|1E|A|1F|B|C]]|D|@]|E|$]]|$1|H|3|I|5|J|7|1G|8|@]|D|@]|E|$K|L]]|$1|M|3|N|5|6|7|1H|8|@$9|1I|A|1J|B|C]|$9|1K|A|1L|B|C]|$9|1M|A|1N|B|C]|$9|1O|A|1P|B|C]]|D|@]|E|$]]|$1|O|3|P|5|6|7|1Q|8|@]|D|@]|E|$]]|$1|Q|3|R|5|J|7|1R|8|@]|D|@]|E|$K|L]]|$1|S|3|T|5|6|7|1S|8|@$9|1T|A|1U|B|C]|$9|1V|A|1W|B|C]]|D|@]|E|$]]|$1|U|3|V|5|J|7|1X|8|@]|D|@]|E|$K|L]]|$1|W|3|X|5|6|7|1Y|8|@$9|1Z|A|20|B|C]|$9|21|A|22|B|C]|$9|23|A|24|B|C]|$9|25|A|26|B|C]|$9|27|A|28|B|C]|$9|29|A|2A|B|C]]|D|@]|E|$]]|$1|Y|3|Z|5|6|7|2B|8|@$9|2C|A|2D|B|C]]|D|@]|E|$]]|$1|10|3|-4|5|6|7|2E|8|@]|D|@]|E|$]]]|11|$]]

The reason <code>eval</code> and <code>exec</code> are so dangerous is that the default <code>compile</code> function will generate bytecode for any valid python expression, and the default <code>eval</code> or <code>exec</code> will execute any valid python bytecode. All the answers to date have focused on restricting the bytecode that can be generated (by sanitizing input) or building your own domain-specific-language using the AST. 

Instead, you can easily create a simple <code>eval</code> function that is incapable of doing anything nefarious and can easily have runtime checks on memory or time used. Of course, if it is simple math, than there is a shortcut.

<pre><code>c = compile(stringExp, 'userinput', 'eval')
if c.co_code[0]==b'd' and c.co_code[3]==b'S':
 return c.co_consts[ord(c.co_code[1])+ord(c.co_code[2])*256]
</code></pre>

The way this works is simple, any constant mathematic expression is safely evaluated during compilation and stored as a constant. The code object returned by compile consists of <code>d</code>, which is the bytecode for <code>LOAD_CONST</code>, followed by the number of the constant to load (usually the last one in the list), followed by <code>S</code>, which is the bytecode for <code>RETURN_VALUE</code>. If this shortcut doesn't work, it means that the user input isn't a constant expression (contains a variable or function call or similar). 

This also opens the door to some more sophisticated input formats. For example:

<pre><code>stringExp = "1 + cos(2)"
</code></pre>

This requires actually evaluating the bytecode, which is still quite simple. Python bytecode is a stack oriented language, so everything is a simple matter of <code>TOS=stack.pop(); op(TOS); stack.put(TOS)</code> or similar. The key is to only implement the opcodes that are safe (loading/storing values, math operations, returning values) and not unsafe ones (attribute lookup). If you want the user to be able to call functions (the whole reason not to use the shortcut above), simple make your implementation of <code>CALL_FUNCTION</code> only allow functions in a 'safe' list.

<pre><code>from dis import opmap
from Queue import LifoQueue
from math import sin,cos
import operator

globs = {'sin':sin, 'cos':cos}
safe = globs.values()

stack = LifoQueue()

class BINARY(object):
 def __init__(self, operator):
 self.op=operator
 def __call__(self, context):
 stack.put(self.op(stack.get(),stack.get()))

class UNARY(object):
 def __init__(self, operator):
 self.op=operator
 def __call__(self, context):
 stack.put(self.op(stack.get()))


def CALL_FUNCTION(context, arg):
 argc = arg[0]+arg[1]*256
 args = [stack.get() for i in range(argc)]
 func = stack.get()
 if func not in safe:
 raise TypeError("Function %r now allowed"%func)
 stack.put(func(*args))

def LOAD_CONST(context, arg):
 cons = arg[0]+arg[1]*256
 stack.put(context['code'].co_consts[cons])

def LOAD_NAME(context, arg):
 name_num = arg[0]+arg[1]*256
 name = context['code'].co_names[name_num]
 if name in context['locals']:
 stack.put(context['locals'][name])
 else:
 stack.put(context['globals'][name])

def RETURN_VALUE(context):
 return stack.get()

opfuncs = {
 opmap['BINARY_ADD']: BINARY(operator.add),
 opmap['UNARY_INVERT']: UNARY(operator.invert),
 opmap['CALL_FUNCTION']: CALL_FUNCTION,
 opmap['LOAD_CONST']: LOAD_CONST,
 opmap['LOAD_NAME']: LOAD_NAME
 opmap['RETURN_VALUE']: RETURN_VALUE,
}

def VMeval(c):
 context = dict(locals={}, globals=globs, code=c)
 bci = iter(c.co_code)
 for bytecode in bci:
 func = opfuncs[ord(bytecode)]
 if func.func_code.co_argcount==1:
 ret = func(context)
 else:
 args = ord(bci.next()), ord(bci.next())
 ret = func(context, args)
 if ret:
 return ret

def evaluate(expr):
 return VMeval(compile(expr, 'userinput', 'eval'))
</code></pre>

Obviously, the real version of this would be a bit longer (there are 119 opcodes, 24 of which are math related). Adding <code>STORE_FAST</code> and a couple others would allow for input like <code>'x=5;return x+x</code> or similar, trivially easily. It can even be used to execute user-created functions, so long as the user created functions are themselves executed via VMeval (don't make them callable!!! or they could get used as a callback somewhere). Handling loops requires support for the <code>goto</code> bytecodes, which means changing from a <code>for</code> iterator to <code>while</code> and maintaining a pointer to the current instruction, but isn't too hard. For resistance to DOS, the main loop should check how much time has passed since the start of the calculation, and certain operators should deny input over some reasonable limit (<code>BINARY_POWER</code> being the most obvious).

While this approach is somewhat longer than a simple grammar parser for simple expressions (see above about just grabbing the compiled constant), it extends easily to more complicated input, and doesn't require dealing with grammar (<code>compile</code> take anything arbitrarily complicated and reduces it to a sequence of simple instructions).

blocks|key|1314656|text|这是我在不使用eval的情况下解决这个问题的方法。适用于Python2和Python3。它不适用于负数。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1314657|$+python+-m+pytest+test.py|code-block|syntax|javascript|1314658|test.py|1314659|from+solution+import+Solutions

class+SolutionsTestCase(unittest.TestCase):
++++def+setUp(self):
++++++++self.solutions+=+Solutions()

++++def+test_evaluate(self):
++++++++expressions+=+[
++++++++++++'2%2B3=5',
++++++++++++'6%2B4/2*2=10',
++++++++++++'3%2B2.45/8=3.30625',
++++++++++++'3**3*3/3%2B3=30',
++++++++++++'2%5E4=6'
++++++++]
++++++++results+=+[x.split('=')[1]+for+x+in+expressions]
++++++++for+e+in+range(len(expressions)):
++++++++++++if+'.'+in+results[e]:
++++++++++++++++results[e]+=+float(results[e])
++++++++++++else:
++++++++++++++++results[e]+=+int(results[e])
++++++++++++self.assertEqual(
++++++++++++++++results[e],
++++++++++++++++self.solutions.evaluate(expressions[e])
++++++++++++)|1314660|solution.py|1314661|class+Solutions(object):
++++def+evaluate(self,+exp):
++++++++def+format(res):
++++++++++++if+'.'+in+res:
++++++++++++++++try:
++++++++++++++++++++res+=+float(res)
++++++++++++++++except+ValueError:
++++++++++++++++++++pass
++++++++++++else:
++++++++++++++++try:
++++++++++++++++++++res+=+int(res)
++++++++++++++++except+ValueError:
++++++++++++++++++++pass
++++++++++++return+res
++++++++def+splitter(item,+op):
++++++++++++mul+=+item.split(op)
++++++++++++if+len(mul)+==+2:
++++++++++++++++for+x+in+['%5E',+'*',+'/',+'%2B',+'-']:
++++++++++++++++++++if+x+in+mul[0]:
++++++++++++++++++++++++mul+=+[mul[0].split(x)[1],+mul[1]]
++++++++++++++++++++if+x+in+mul[1]:
++++++++++++++++++++++++mul+=+[mul[0],+mul[1].split(x)[0]]
++++++++++++elif+len(mul)+>+2:
++++++++++++++++pass
++++++++++++else:
++++++++++++++++pass
++++++++++++for+x+in+range(len(mul)):
++++++++++++++++mul[x]+=+format(mul[x])
++++++++++++return+mul
++++++++exp+=+exp.replace('+',+'')
++++++++if+'='+in+exp:
++++++++++++res+=+exp.split('=')[1]
++++++++++++res+=+format(res)
++++++++++++exp+=+exp.replace('=%25s'+%25+res,+'')
++++++++while+'%5E'+in+exp:
++++++++++++if+'%5E'+in+exp:
++++++++++++++++itm+=+splitter(exp,+'%5E')
++++++++++++++++res+=+itm[0]+%5E+itm[1]
++++++++++++++++exp+=+exp.replace('%25s%5E%25s'+%25+(str(itm[0]),+str(itm[1])),+str(res))
++++++++while+'**'+in+exp:
++++++++++++if+'**'+in+exp:
++++++++++++++++itm+=+splitter(exp,+'**')
++++++++++++++++res+=+itm[0]+**+itm[1]
++++++++++++++++exp+=+exp.replace('%25s**%25s'+%25+(str(itm[0]),+str(itm[1])),+str(res))
++++++++while+'/'+in+exp:
++++++++++++if+'/'+in+exp:
++++++++++++++++itm+=+splitter(exp,+'/')
++++++++++++++++res+=+itm[0]+/+itm[1]
++++++++++++++++exp+=+exp.replace('%25s/%25s'+%25+(str(itm[0]),+str(itm[1])),+str(res))
++++++++while+'*'+in+exp:
++++++++++++if+'*'+in+exp:
++++++++++++++++itm+=+splitter(exp,+'*')
++++++++++++++++res+=+itm[0]+*+itm[1]
++++++++++++++++exp+=+exp.replace('%25s*%25s'+%25+(str(itm[0]),+str(itm[1])),+str(res))
++++++++while+'%2B'+in+exp:
++++++++++++if+'%2B'+in+exp:
++++++++++++++++itm+=+splitter(exp,+'%2B')
++++++++++++++++res+=+itm[0]+%2B+itm[1]
++++++++++++++++exp+=+exp.replace('%25s%2B%25s'+%25+(str(itm[0]),+str(itm[1])),+str(res))
++++++++while+'-'+in+exp:
++++++++++++if+'-'+in+exp:
++++++++++++++++itm+=+splitter(exp,+'-')
++++++++++++++++res+=+itm[0]+-+itm[1]
++++++++++++++++exp+=+exp.replace('%25s-%25s'+%25+(str(itm[0]),+str(itm[1])),+str(res))

++++++++return+format(exp)|1314662|entityMap^0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|R|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|S|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|T|8|@]|9|@]|A|$E|F]]|$1|K|3|L|5|6|7|U|8|@]|9|@]|A|$]]|$1|M|3|N|5|D|7|V|8|@]|9|@]|A|$E|F]]|$1|O|3|-4|5|6|7|W|8|@]|9|@]|A|$]]]|P|$]]

Here's my solution to the problem without using eval. Works with Python2 and Python3. It doesn't work with negative numbers.

<pre><code>$ python -m pytest test.py
</code></pre>

test.py

<pre><code>from solution import Solutions

class SolutionsTestCase(unittest.TestCase):
 def setUp(self):
 self.solutions = Solutions()

 def test_evaluate(self):
 expressions = [
 '2+3=5',
 '6+4/2*2=10',
 '3+2.45/8=3.30625',
 '3**3*3/3+3=30',
 '2^4=6'
 ]
 results = [x.split('=')[1] for x in expressions]
 for e in range(len(expressions)):
 if '.' in results[e]:
 results[e] = float(results[e])
 else:
 results[e] = int(results[e])
 self.assertEqual(
 results[e],
 self.solutions.evaluate(expressions[e])
 )
</code></pre>

solution.py

<pre><code>class Solutions(object):
 def evaluate(self, exp):
 def format(res):
 if '.' in res:
 try:
 res = float(res)
 except ValueError:
 pass
 else:
 try:
 res = int(res)
 except ValueError:
 pass
 return res
 def splitter(item, op):
 mul = item.split(op)
 if len(mul) == 2:
 for x in ['^', '*', '/', '+', '-']:
 if x in mul[0]:
 mul = [mul[0].split(x)[1], mul[1]]
 if x in mul[1]:
 mul = [mul[0], mul[1].split(x)[0]]
 elif len(mul) &gt; 2:
 pass
 else:
 pass
 for x in range(len(mul)):
 mul[x] = format(mul[x])
 return mul
 exp = exp.replace(' ', '')
 if '=' in exp:
 res = exp.split('=')[1]
 res = format(res)
 exp = exp.replace('=%s' % res, '')
 while '^' in exp:
 if '^' in exp:
 itm = splitter(exp, '^')
 res = itm[0] ^ itm[1]
 exp = exp.replace('%s^%s' % (str(itm[0]), str(itm[1])), str(res))
 while '**' in exp:
 if '**' in exp:
 itm = splitter(exp, '**')
 res = itm[0] ** itm[1]
 exp = exp.replace('%s**%s' % (str(itm[0]), str(itm[1])), str(res))
 while '/' in exp:
 if '/' in exp:
 itm = splitter(exp, '/')
 res = itm[0] / itm[1]
 exp = exp.replace('%s/%s' % (str(itm[0]), str(itm[1])), str(res))
 while '*' in exp:
 if '*' in exp:
 itm = splitter(exp, '*')
 res = itm[0] * itm[1]
 exp = exp.replace('%s*%s' % (str(itm[0]), str(itm[1])), str(res))
 while '+' in exp:
 if '+' in exp:
 itm = splitter(exp, '+')
 res = itm[0] + itm[1]
 exp = exp.replace('%s+%s' % (str(itm[0]), str(itm[1])), str(res))
 while '-' in exp:
 if '-' in exp:
 itm = splitter(exp, '-')
 res = itm[0] - itm[1]
 exp = exp.replace('%s-%s' % (str(itm[0]), str(itm[1])), str(res))

 return format(exp)
</code></pre>

blocks|key|1314735|text|基于Perkins'+amazing+approach，我更新和改进了他的简单代数表达式(没有函数或变量)的“快捷方式”。现在它可以在Python+3.6%2B上工作，并避免了一些陷阱：|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1314736|import+re,+sys

#+Kept+outside+simple_eval()+just+for+performance
_re_simple_eval+=+re.compile(rb'd([\x00-\xFF]%2B)S\x00')

def+simple_eval(expr):
++++c+=+compile(expr,+'userinput',+'eval')
++++m+=+_re_simple_eval.fullmatch(c.co_code)
++++if+not+m:
++++++++raise+ValueError(f"Not+a+simple+algebraic+expresion:+{expr}")
++++return+c.co_consts[int.from_bytes(m.group(1),+sys.byteorder)]|code-block|syntax|javascript|1314737|测试，使用其他答案中的一些示例：|1314738|for+expr,+res+in+(
++++('2%5E4',+++++++++++++++++++++++++6++++++),
++++('2**4',+++++++++++++++++++++++16++++++),
++++('1+%2B+2*3**(4%5E5)+/+(6+%2B+-7)',++-5.0++++),
++++('7+%2B+9+*+(2+<<+2)',+++++++++++79++++++),
++++('6+//+2+%2B+0.0',++++++++++++++++3.0++++),
++++('2%2B3',+++++++++++++++++++++++++5++++++),
++++('6%2B4/2*2',++++++++++++++++++++10.0++++),
++++('3%2B2.45/8',++++++++++++++++++++3.30625),
++++('3**3*3/3%2B3',+++++++++++++++++30.0++++),
):
++++result+=+simple_eval(expr)
++++ok+=+(result+==+res+and+type(result)+==+type(res))
++++print("{}+{}+=+{}".format("OK!"+if+ok+else+"FAIL!",+expr,+result))|1314739|OK!+2%5E4+=+6
OK!+2**4+=+16
OK!+1+%2B+2*3**(4%5E5)+/+(6+%2B+-7)+=+-5.0
OK!+7+%2B+9+*+(2+<<+2)+=+79
OK!+6+//+2+%2B+0.0+=+3.0
OK!+2%2B3+=+5
OK!+6%2B4/2*2+=+10.0
OK!+3%2B2.45/8+=+3.30625
OK!+3**3*3/3%2B3+=+30.0|1314740|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/a/35930111/624066^0|2|P|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@$A|X|B|Y|1|Z]]|C|$]]|$1|D|3|E|5|F|7|10|8|@]|9|@]|C|$G|H]]|$1|I|3|J|5|6|7|11|8|@]|9|@]|C|$]]|$1|K|3|L|5|F|7|12|8|@]|9|@]|C|$G|H]]|$1|M|3|N|5|F|7|13|8|@]|9|@]|C|$G|H]]|$1|O|3|-4|5|6|7|14|8|@]|9|@]|C|$]]]|P|$Q|$5|R|S|T|C|$U|V]]]]

Based on <a href="https://stackoverflow.com/a/35930111/624066">Perkins' amazing approach</a>, I've updated and improved his &quot;shortcut&quot; for simple algebraic expressions (no functions or variables). Now it works on Python 3.6+ and avoids some pitfalls:
<pre><code>import re, sys

# Kept outside simple_eval() just for performance
_re_simple_eval = re.compile(rb'd([\x00-\xFF]+)S\x00')

def simple_eval(expr):
 c = compile(expr, 'userinput', 'eval')
 m = _re_simple_eval.fullmatch(c.co_code)
 if not m:
 raise ValueError(f&quot;Not a simple algebraic expresion: {expr}&quot;)
 return c.co_consts[int.from_bytes(m.group(1), sys.byteorder)]
</code></pre>
Testing, using some of the examples in other answers:
<pre><code>for expr, res in (
 ('2^4', 6 ),
 ('2**4', 16 ),
 ('1 + 2*3**(4^5) / (6 + -7)', -5.0 ),
 ('7 + 9 * (2 &lt;&lt; 2)', 79 ),
 ('6 // 2 + 0.0', 3.0 ),
 ('2+3', 5 ),
 ('6+4/2*2', 10.0 ),
 ('3+2.45/8', 3.30625),
 ('3**3*3/3+3', 30.0 ),
):
 result = simple_eval(expr)
 ok = (result == res and type(result) == type(res))
 print(&quot;{} {} = {}&quot;.format(&quot;OK!&quot; if ok else &quot;FAIL!&quot;, expr, result))
</code></pre>
<pre><code>OK! 2^4 = 6
OK! 2**4 = 16
OK! 1 + 2*3**(4^5) / (6 + -7) = -5.0
OK! 7 + 9 * (2 &lt;&lt; 2) = 79
OK! 6 // 2 + 0.0 = 3.0
OK! 2+3 = 5
OK! 6+4/2*2 = 10.0
OK! 3+2.45/8 = 3.30625
OK! 3**3*3/3+3 = 30.0
</code></pre>

blocks|key|1099749|text|使用lark解析器库https://stackoverflow.com/posts/67491514/edit|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1099750|from+operator+import+add,+sub,+mul,+truediv,+neg,+pow
from+lark+import+Lark,+Transformer,+v_args

calc_grammar+=+f"""
++++?start:+sum
++++?sum:+product
++++++++%7C+sum+"%2B"+product+++->+{add.__name__}
++++++++%7C+sum+"-"+product+++->+{sub.__name__}
++++?product:+power
++++++++%7C+product+"*"+power++->+{mul.__name__}
++++++++%7C+product+"/"+power++->+{truediv.__name__}
++++?power:+atom
++++++++%7C+power+"%5E"+atom+->+{pow.__name__}
++++?atom:+NUMBER+++++++++++->+number
+++++++++%7C+"-"+atom+++++++++->+{neg.__name__}
+++++++++%7C+"("+sum+")"

++++%25import+common.NUMBER
++++%25import+common.WS_INLINE

++++%25ignore+WS_INLINE
"""


@v_args(inline=True)
class+CalculateTree(Transformer):
++++add+=+add
++++sub+=+sub
++++neg+=+neg
++++mul+=+mul
++++truediv+=+truediv
++++pow+=+pow
++++number+=+float


calc_parser+=+Lark(calc_grammar,+parser="lalr",+transformer=CalculateTree())
calc+=+calc_parser.parse


def+eval_expr(expression:+str)+->+float:
++++return+calc(expression)


print(eval_expr("2%5E4"))
print(eval_expr("-1*2%5E4"))
print(eval_expr("-2%5E3+%2B+1"))
print(eval_expr("2**4"))++#+Error|code-block|syntax|javascript|1099751|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/posts/67491514/edit^0|A|19|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@$A|R|B|S|1|T]]|C|$]]|$1|D|3|E|5|F|7|U|8|@]|9|@]|C|$G|H]]|$1|I|3|-4|5|6|7|V|8|@]|9|@]|C|$]]]|J|$K|$5|L|M|N|C|$O|P]]]]

Using lark parser library <a href="https://stackoverflow.com/posts/67491514/edit">https://stackoverflow.com/posts/67491514/edit</a>
<pre class="lang-py prettyprint-override"><code>from operator import add, sub, mul, truediv, neg, pow
from lark import Lark, Transformer, v_args

calc_grammar = f&quot;&quot;&quot;
 ?start: sum
 ?sum: product
 | sum &quot;+&quot; product -&gt; {add.__name__}
 | sum &quot;-&quot; product -&gt; {sub.__name__}
 ?product: power
 | product &quot;*&quot; power -&gt; {mul.__name__}
 | product &quot;/&quot; power -&gt; {truediv.__name__}
 ?power: atom
 | power &quot;^&quot; atom -&gt; {pow.__name__}
 ?atom: NUMBER -&gt; number
 | &quot;-&quot; atom -&gt; {neg.__name__}
 | &quot;(&quot; sum &quot;)&quot;

 %import common.NUMBER
 %import common.WS_INLINE

 %ignore WS_INLINE
&quot;&quot;&quot;


@v_args(inline=True)
class CalculateTree(Transformer):
 add = add
 sub = sub
 neg = neg
 mul = mul
 truediv = truediv
 pow = pow
 number = float


calc_parser = Lark(calc_grammar, parser=&quot;lalr&quot;, transformer=CalculateTree())
calc = calc_parser.parse


def eval_expr(expression: str) -&gt; float:
 return calc(expression)


print(eval_expr(&quot;2^4&quot;))
print(eval_expr(&quot;-1*2^4&quot;))
print(eval_expr(&quot;-2^3 + 1&quot;))
print(eval_expr(&quot;2**4&quot;)) # Error

</code></pre>

blocks|key|1099851|text|我来这里也是为了寻找一个数学表达式解析器。通过阅读一些答案和查找库，我偶然发现了我现在正在使用的py-expression。它基本上可以处理大量的运算符和公式构造，但是如果您遗漏了一些东西，您可以很容易地向它添加新的运算符/函数。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1099852|基本语法是：|1099853|from+py_expression.core+import+Exp
exp+=+Exp()

parsed_formula+=+exp.parse('a%2B4')

result+=+exp.eval(parsed_formula,+{"a":2})|code-block|syntax|javascript|1099854|到目前为止，我遇到的唯一问题是，它没有内置的数学常量，也没有机制将它们相加。不过，我只是提出了一个解决方案：https://github.com/FlavioLionelRita/py-expression/issues/7|1099855|entityMap|0|LINK|mutability|MUTABLE|url|https://pypi.org/project/py-expression/|1|https://github.com/FlavioLionelRita/py-expression/issues/7^0|1C|D|0|0|0|0|1I|1M|1|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@$A|X|B|Y|1|Z]]|C|$]]|$1|D|3|E|5|6|7|10|8|@]|9|@]|C|$]]|$1|F|3|G|5|H|7|11|8|@]|9|@]|C|$I|J]]|$1|K|3|L|5|6|7|12|8|@]|9|@$A|13|B|14|1|15]]|C|$]]|$1|M|3|-4|5|6|7|16|8|@]|9|@]|C|$]]]|N|$O|$5|P|Q|R|C|$S|T]]|U|$5|P|Q|R|C|$S|V]]]]

I came here looking for a mathematic expression parser as well. Reading through some of the answers and looking up libraries, I came across <a href="https://pypi.org/project/py-expression/" rel="nofollow noreferrer">py-expression</a> which I am now using. It basically handles a lot of operators and formula constructs, but if you're missing something you can easily add new operators/functions to it.
The basic syntax is:
<pre class="lang-py prettyprint-override"><code>from py_expression.core import Exp
exp = Exp()

parsed_formula = exp.parse('a+4')

result = exp.eval(parsed_formula, {&quot;a&quot;:2})
</code></pre>
The only issue that I've had with it so far is that it doesn't come with built-in mathematical constants nor a mechanism to add them in. I just proposed a solution to that however: <a href="https://github.com/FlavioLionelRita/py-expression/issues/7" rel="nofollow noreferrer">https://github.com/FlavioLionelRita/py-expression/issues/7</a>

<pre><code>stringExp = "2^4"
intVal = int(stringExp) # Expected value: 16
</code></pre>

This returns the following error:

<pre><code>Traceback (most recent call last): 
File "&lt;stdin&gt;", line 1, in &lt;module&gt;
ValueError: invalid literal for int()
with base 10: '2^4'
</code></pre>

I know that <code>eval</code> can work around this, but isn't there a better and - more importantly - safer method to evaluate a mathematical expression that is being stored in a string?

Evaluating a mathematical expression in a string

stringExp = "2^4"intVal = int(stringExp) # Expected value: 16这将返回以下错误：Traceback (most recent call last): File "<stdin>", line 1, in <module>ValueError: in...

问计算字符串中的数学表达式
EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问计算字符串中的数学表达式EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问计算字符串中的数学表达式
EN