• Jakob Gruber's avatar
    [regexp] Add a backtracking limit in the interpreter · 48756fcf
    Jakob Gruber authored
    V8 uses a backtracking regexp engine, which has the caveat that some
    regexp patterns can have exponential runtime behavior when excessive
    backtracking is involved.
    
    Especially when regexp patterns are user-controlled, it would be useful
    to be able to set an upper limit for a single regexp execution. This CL
    takes an initial step in that direction by adding a backtracking limit
    (intended to approximate execution time):
    
    - The limit is stored in the JSRegExp's data array.
    - A limit can currently only be set through the %NewRegExpWithLimit
    runtime function.
    - The limit is applied during interpreter execution. When exceeded, the
    interpreter stops execution and returns FAILURE (even if continued
    execution would at some later point have resulted in SUCCESS).
    
    In follow-up CLs, this mechanism will be extended to work in jitted
    regexp code, and exposed through the V8 API.
    
    Bug: v8:9695
    Change-Id: Iadb5c100052f4a63b26f1ec49cf97c6713a66b9b
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864934
    Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
    Auto-Submit: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
    Reviewed-by: 's avatarPeter Marshall <petermarshall@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#64417}
    48756fcf
js-regexp.h 11.6 KB