NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit538b3b8

committed

Improve memory-usage accounting in regular-expression compiler.

This code previously counted the number of NFA states it created, andcomplained if a limit was exceeded, so as to prevent bizarre regex patternsfrom consuming unreasonable time or memory. That's fine as far as it went,but the code paid no attention to how many arcs linked those states. Sinceregexes can be contrived that have O(N) states but will need O(N^2) arcsafter fixempties() processing, it was still possible to blow out memory,and take a long time doing it too. To fix, modify the bookkeeping to countspace used by both states and arcs.I did not bother with including the "color map" in the accounting; itcan only grow to a few megabytes, which is not a lot in comparison towhat we're allowing for states+arcs (about 150MB on 64-bit machinesor half that on 32-bit machines).Looking at some of the larger real-world regexes captured in the Tclregression test suite suggests that the most that is likely to be neededfor regexes found in the wild is under 10MB, so I believe that the currentlimit has enough headroom to make it okay to keep it as a hard-wired limit.In connection with this, redefine REG_ETOOBIG as meaning "regularexpression is too complex"; the previous wording of "nfa has too manystates" was already somewhat inapropos because of the error code's usefor stack depth overrun, and it was not very user-friendly either.Back-patch to all supported branches.

1 parent6a71536 commit538b3b8Copy full SHA for 538b3b8

File tree

5 files changed

+27

-69

lines changed

src
- backend/regex
  - regc_nfa.c
  - regcomp.c
- include/regex

5 files changed

+27

-69

lines changed

`‎src/backend/regex/regc_nfa.c`

Lines changed: 14 additions & 61 deletions

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,6 @@ newnfa(struct vars * v,`
`63`	`63`	`nfa->nstates=0;`
`64`	`64`	`nfa->cm=cm;`
`65`	`65`	`nfa->v=v;`
`66`		`-nfa->size=0;`
`67`	`66`	`nfa->bos[0]=nfa->bos[1]=COLORLESS;`
`68`	`67`	`nfa->eos[0]=nfa->eos[1]=COLORLESS;`
`69`	`68`	`nfa->parent=parent;/* Precedes newfstate so parent is valid. */`
`@@ -92,57 +91,6 @@ newnfa(struct vars * v,`
`92`	`91`	`returnnfa;`
`93`	`92`	`}`
`94`	`93`
`95`		`-/*`
`96`		`- * TooManyStates - checks if the max states exceeds the compile-time value`
`97`		`- */`
`98`		`-staticint`
`99`		`-TooManyStates(structnfa*nfa)`
`100`		`-{`
`101`		`-structnfa*parent=nfa->parent;`
`102`		`-size_tsz=nfa->size;`
`103`		`-`
`104`		`-while (parent!=NULL)`
`105`		`-{`
`106`		`-sz=parent->size;`
`107`		`-parent=parent->parent;`
`108`		`-}`
`109`		`-if (sz>REG_MAX_STATES)`
`110`		`-return1;`
`111`		`-return0;`
`112`		`-}`
`113`		`-`
`114`		`-/*`
`115`		`- * IncrementSize - increases the tracked size of the NFA and its parents.`
`116`		`- */`
`117`		`-staticvoid`
`118`		`-IncrementSize(structnfa*nfa)`
`119`		`-{`
`120`		`-structnfa*parent=nfa->parent;`
`121`		`-`
`122`		`-nfa->size++;`
`123`		`-while (parent!=NULL)`
`124`		`-{`
`125`		`-parent->size++;`
`126`		`-parent=parent->parent;`
`127`		`-}`
`128`		`-}`
`129`		`-`
`130`		`-/*`
`131`		`- * DecrementSize - decreases the tracked size of the NFA and its parents.`
`132`		`- */`
`133`		`-staticvoid`
`134`		`-DecrementSize(structnfa*nfa)`
`135`		`-{`
`136`		`-structnfa*parent=nfa->parent;`
`137`		`-`
`138`		`-nfa->size--;`
`139`		`-while (parent!=NULL)`
`140`		`-{`
`141`		`-parent->size--;`
`142`		`-parent=parent->parent;`
`143`		`-}`
`144`		`-}`
`145`		`-`
`146`	`94`	`/*`
`147`	`95`	`* freenfa - free an entire NFA`
`148`	`96`	`*/`
`@@ -188,25 +136,25 @@ newstate(struct nfa * nfa)`
`188`	`136`	`returnNULL;`
`189`	`137`	`}`
`190`	`138`
`191`		`-if (TooManyStates(nfa))`
`192`		`-{`
`193`		`-NERR(REG_ETOOBIG);`
`194`		`-returnNULL;`
`195`		`-}`
`196`		`-`
`197`	`139`	`if (nfa->free!=NULL)`
`198`	`140`	`{`
`199`	`141`	`s=nfa->free;`
`200`	`142`	`nfa->free=s->next;`
`201`	`143`	`}`
`202`	`144`	`else`
`203`	`145`	`{`
	`146`	`+if (nfa->v->spaceused >=REG_MAX_COMPILE_SPACE)`
	`147`	`+{`
	`148`	`+NERR(REG_ETOOBIG);`
	`149`	`+returnNULL;`
	`150`	`+}`
`204`	`151`	`s= (structstate*)MALLOC(sizeof(structstate));`
`205`	`152`	`if (s==NULL)`
`206`	`153`	`{`
`207`	`154`	`NERR(REG_ESPACE);`
`208`	`155`	`returnNULL;`
`209`	`156`	`}`
	`157`	`+nfa->v->spaceused+=sizeof(structstate);`
`210`	`158`	`s->oas.next=NULL;`
`211`	`159`	`s->free=NULL;`
`212`	`160`	`s->noas=0;`
`@@ -230,8 +178,6 @@ newstate(struct nfa * nfa)`
`230`	`178`	`}`
`231`	`179`	`s->prev=nfa->slast;`
`232`	`180`	`nfa->slast=s;`
`233`		`-/* track the current size and the parent size */`
`234`		`-IncrementSize(nfa);`
`235`	`181`	`returns;`
`236`	`182`	`}`
`237`	`183`
`@@ -294,7 +240,6 @@ freestate(struct nfa * nfa,`
`294`	`240`	`s->prev=NULL;`
`295`	`241`	`s->next=nfa->free;/* don't delete it, put it on the free list */`
`296`	`242`	`nfa->free=s;`
`297`		`-DecrementSize(nfa);`
`298`	`243`	`}`
`299`	`244`
`300`	`245`	`/*`
`@@ -312,11 +257,13 @@ destroystate(struct nfa * nfa,`
`312`	`257`	`{`
`313`	`258`	`abnext=ab->next;`
`314`	`259`	`FREE(ab);`
	`260`	`+nfa->v->spaceused-=sizeof(structarcbatch);`
`315`	`261`	`}`
`316`	`262`	`s->ins=NULL;`
`317`	`263`	`s->outs=NULL;`
`318`	`264`	`s->next=NULL;`
`319`	`265`	`FREE(s);`
	`266`	`+nfa->v->spaceused-=sizeof(structstate);`
`320`	`267`	`}`
`321`	`268`
`322`	`269`	`/*`
`@@ -437,12 +384,18 @@ allocarc(struct nfa * nfa,`
`437`	`384`	`structarcbatch*newAb;`
`438`	`385`	`inti;`
`439`	`386`
	`387`	`+if (nfa->v->spaceused >=REG_MAX_COMPILE_SPACE)`
	`388`	`+{`
	`389`	`+NERR(REG_ETOOBIG);`
	`390`	`+returnNULL;`
	`391`	`+}`
`440`	`392`	`newAb= (structarcbatch*)MALLOC(sizeof(structarcbatch));`
`441`	`393`	`if (newAb==NULL)`
`442`	`394`	`{`
`443`	`395`	`NERR(REG_ESPACE);`
`444`	`396`	`returnNULL;`
`445`	`397`	`}`
	`398`	`+nfa->v->spaceused+=sizeof(structarcbatch);`
`446`	`399`	`newAb->next=s->oas.next;`
`447`	`400`	`s->oas.next=newAb;`
`448`	`401`

`‎src/backend/regex/regcomp.c`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -248,6 +248,7 @@ struct vars`
`248`	`248`	`structcveccv2;/ utility cvec */`
`249`	`249`	`structsubrelacons;/ lookahead-constraint vector */`
`250`	`250`	`intnlacons;/* size of lacons */`
	`251`	`+size_tspaceused;/* approx. space used for compilation */`
`251`	`252`	`};`
`252`	`253`
`253`	`254`	/* parsing macros; most know that `v' is the struct vars pointer */
`@@ -363,6 +364,7 @@ pg_regcomp(regex_t *re,`
`363`	`364`	`v->cv2=NULL;`
`364`	`365`	`v->lacons=NULL;`
`365`	`366`	`v->nlacons=0;`
	`367`	`+v->spaceused=0;`
`366`	`368`	`re->re_magic=REMAGIC;`
`367`	`369`	`re->re_info=0;/* bits get set during parse */`
`368`	`370`	`re->re_csize=sizeof(chr);`

`‎src/include/regex/regerrs.h`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@`
`75`	`75`	`},`
`76`	`76`
`77`	`77`	`{`
`78`		`-REG_ETOOBIG,"REG_ETOOBIG","nfa hastoomany states"`
	`78`	`+REG_ETOOBIG,"REG_ETOOBIG","regular expression istoocomplex"`
`79`	`79`	`},`
`80`	`80`
`81`	`81`	`{`

`‎src/include/regex/regex.h`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -152,7 +152,7 @@ typedef struct`
`152`	`152`	`#defineREG_INVARG16/* invalid argument to regex function */`
`153`	`153`	`#defineREG_MIXED17/* character widths of regex and string differ */`
`154`	`154`	`#defineREG_BADOPT18/* invalid embedded option */`
`155`		`-#defineREG_ETOOBIG 19/nfa hastoomany states /`
	`155`	`+#defineREG_ETOOBIG 19/regular expression istoocomplex /`
`156`	`156`	`#defineREG_ECOLORS 20/* too many colors */`
`157`	`157`	`#defineREG_CANCEL21/* operation cancelled */`
`158`	`158`	`/* two specials for debugging and testing */`

`‎src/include/regex/regguts.h`

Lines changed: 9 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -334,9 +334,6 @@ struct nfa`
`334`	`334`	`structcolormapcm;/ the color map */`
`335`	`335`	`colorbos[2];/* colors, if any, assigned to BOS and BOL */`
`336`	`336`	`coloreos[2];/* colors, if any, assigned to EOS and EOL */`
`337`		`-size_tsize;/* Current NFA size; differs from nstates as`
`338`		`- * it also counts the number of states in`
`339`		`- * children of this NFA. */`
`340`	`337`	`structvarsv;/ simplifies compile error reporting */`
`341`	`338`	`structnfaparent;/ parent NFA, if any */`
`342`	`339`	`};`
`@@ -384,10 +381,16 @@ struct cnfa`
`384`	`381`	`#defineNULLCNFA(cnfa)((cnfa).nstates == 0)`
`385`	`382`
`386`	`383`	`/*`
`387`		`- * Used to limit the maximum NFA size to something sane. [Tcl Bug 1810264]`
	`384`	`+ * This symbol limits the transient heap space used by the regex compiler,`
	`385`	`+ * and thereby also the maximum complexity of NFAs that we'll deal with.`
	`386`	`+ * Currently we only count NFA states and arcs against this; the other`
	`387`	`+ * transient data is generally not large enough to notice compared to those.`
	`388`	`+ * Note that we do not charge anything for the final output data structures`
	`389`	`+ * (the compacted NFA and the colormap).`
`388`	`390`	`*/`
`389`		`-#ifndefREG_MAX_STATES`
`390`		`-#defineREG_MAX_STATES100000`
	`391`	`+#ifndefREG_MAX_COMPILE_SPACE`
	`392`	`+#defineREG_MAX_COMPILE_SPACE \`
	`393`	`+(100000 * sizeof(struct state) + 100000 * sizeof(struct arcbatch))`
`391`	`394`	`#endif`
`392`	`395`
`393`	`396`	`/*`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit538b3b8

File tree

5 files changed

5 files changed

`‎src/backend/regex/regc_nfa.c`

`‎src/backend/regex/regcomp.c`

`‎src/include/regex/regerrs.h`

`‎src/include/regex/regex.h`

`‎src/include/regex/regguts.h`

0 commit comments