Skip to content

Dataset.eval works with >2 dims #11064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
max-sixty wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Dataset.eval works with >2 dims #11064

max-sixty wants to merge 4 commits into from
+791 −27

Conversation

@max-sixty
Copy link
Collaborator

@max-sixty max-sixty commented Dec 31, 2025
edited
Loading

this ended up being a much bigger effort than expected

  • we needed to leave behind pandas' implementation for Dataset.eval because it's limited to 2 dims
  • we keep the pandas' implementation for .query, because we should be more careful about changing that, it uses numexpr which is fast, and doesn't have a requirement for > 2 dims
  • so then I added the code that kept it consistent with the .query interface; e.g. and & or, etc

I added some similar constraints that pandas has around limiting what eval can do. I'm not that confident that it's robust. and not sure how valuable it is.

most of the added code is tests

Commentary from Claude below (+ Claude wrote the code, for transparency, albeit with lots of oversight)

This commit removes the dependency on pandas.eval() and implements a native expression evaluator in Dataset.eval() using Python's ast module. The new implementation provides better support for multi-dimensional arrays and maintains backward compatibility with deprecated operators through automatic transformation.

Key changes:

  • Remove pd.eval() call and replace with custom _eval_expression() method
  • Add _LogicalOperatorTransformer to convert deprecated operators (and/or/not) to bitwise operators (&/|/~) that work element-wise on arrays
  • Implement automatic transformation of chained comparisons to explicit bitwise AND operations
  • Add security validation to block lambda expressions and private attributes
  • Emit FutureWarning for deprecated constructs (logical operators, chained comparisons, parser= argument)
  • Support assignment statements (target = expression) in eval()
  • Make data variables and coordinates take priority in namespace resolution
  • Provide safe builtins (abs, min, max, round, len, sum, pow, any, all, type constructors, iteration helpers) while blocking import, open, etc.
  • Add comprehensive test coverage including edge cases, error messages, dask compatibility, and security validation
  • Closes #xxxx
  • Tests added
  • User visible changes (including notable bug fixes) are documented in whats-new.rst
  • New functions/methods are listed in api.rst

@max-sixty
Replace pandas.eval with native implementation
79fc511 
This commit removes the dependency on pandas.eval() and implements a native
expression evaluator in Dataset.eval() using Python's ast module. The new
implementation provides better support for multi-dimensional arrays and
maintains backward compatibility with deprecated operators through automatic
transformation.

Key changes:
- Remove pd.eval() call and replace with custom _eval_expression() method
- Add _LogicalOperatorTransformer to convert deprecated operators (and/or/not)
  to bitwise operators (&/|/~) that work element-wise on arrays
- Implement automatic transformation of chained comparisons to explicit
  bitwise AND operations
- Add security validation to block lambda expressions and private attributes
- Emit FutureWarning for deprecated constructs (logical operators, chained
  comparisons, parser= argument)
- Support assignment statements (target = expression) in eval()
- Make data variables and coordinates take priority in namespace resolution
- Provide safe builtins (abs, min, max, round, len, sum, pow, any, all, type
  constructors, iteration helpers) while blocking __import__, open, etc.
- Add comprehensive test coverage including edge cases, error messages, dask
  compatibility, and security validation
@max-sixty max-sixty mentioned this pull request Dec 31, 2025
Open
max-sixty and others added 3 commits January 1, 2026 10:57
@max-sixty
Merge branch 'main' into eval
ca87f1b
@max-sixty @claude
Fix mypy errors in eval tests
cac8e5a 
- Use pd.isna(ds["a"].values) instead of pd.isna(ds["a"]) since pandas
  type stubs don't have overloads for DataArray
- Use abs() instead of np.abs() to get DataArray return type

Co-authored-by: Claude <noreply@anthropic.com>
@max-sixty @claude
Remove security framing, frame restrictions as pd.eval() compatibility
67f27c2 
The lambda and dunder restrictions emulate pd.eval() behavior rather than
providing security guarantees. Pandas explicitly doesn't claim these as
security measures.

Co-authored-by: Claude <noreply@anthropic.com>
TomNicholas
TomNicholas reviewed Jan 2, 2026
View reviewed changes
xarray/core/dataset.py
# - pd.eval() with numexpr is faster and well-tested for query's use case
# -------------------------------------------------------------------------

class _LogicalOperatorTransformer(ast.NodeTransformer):
Copy link
Member

@TomNicholas TomNicholas Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this all be moved to a dedicated module?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TomNicholas TomNicholas TomNicholas left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@max-sixty @TomNicholas