We know Python's eval() is evil
http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
and threads throughout StackOverflow suggest to use SymPy's evalf().
As a Python newbie, I can't really convince myself that evalf() is safe as I lack the skills. Can anyone elaborate on what evalf() does (different)?
There is nothing common between python eval and sympy evalf (the latter is for calculating the numeric value of sympy expression trees and it has nothing to do with parsing, while eval is all about parsing a string and evaluating it as if it is code).
On the other hand, sympify is just as dangerous as eval, because it actually uses eval.
There are two basic modes in which sympify is used and probably it is a bad idea that they got mixed in the same function:
sympify(some_object)would return a representation of the object more suited for use in a CAS, like transformingint(1)intosympy.Integer(1)sympify("some_text")would parse the text almost directly througheval(search for the import fromsympy.parsingpresent insympifyand follow it). It is safer as there are some constraints but it is not safe.
来源:https://stackoverflow.com/questions/16718644/how-safe-is-sympys-sympifystring-evalf