regexp/syntax: quadratic time for compilation in some cases #39542
Comments
|
Note that it isn't just empty alternations such as " P.S., I haven't looked at the source code but it appears that " |
ianlancetaylor
changed the title
ianlancetaylor
added
help wanted
NeedsInvestigation
|
CC @rsc in case this has already been addressed in RE2. |
|
@krader1961 If it happens with longer alternations too, though we don't need to worry about it for regexes written by humans, it could be an issue with regexes written by computers. If I remember right, I've seen JS profanity filters that had their banned word list as a regex, all joined by pipe characters. That style of regex could be a problem if it has thousands of words. |
|
Unsurprisingly, "append" is essentially identical in RE2. |
|
Fixed in RE2 as per google/re2@e9d5179. Who wants to make the corresponding change for Go? |
ianlancetaylor
added
the
NeedsFix
gopherbot
removed
the
NeedsInvestigation
|
@junyer I'll give it a try. |
|
Change https://golang.org/cl/238079 mentions this issue: |
As discussed on https://groups.google.com/forum/#!topic/golang-nuts/8M-qVbRKIWA
Playground link to illustrate: https://play.golang.org/p/82UBmyfyqV-
Regular expressions with large numbers of empty alternations are taking a long time to compile. The time required is roughly quadratic in the length of the regex.
The quadratic algorithm is building the patchlist by repeatedly appending to it. Since it is a linked list with no tail pointer, appending to it is O(n). The
appendmethod is found in regexp/syntax/compile.go, at line 42.I don't know that this is exactly a bug, but it is surprising that although executing a regex is linear-time, compiling one isn't. It probably doesn't affect any useful regex, but it might be a DOS vector.
The text was updated successfully, but these errors were encountered: