1 // Copyright 2006 The RE2 Authors. All Rights Reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 // Regular expression parser.
6
7 // The parser is a simple precedence-based parser with a
8 // manual stack. The parsing work is done by the methods
9 // of the ParseState class. The Regexp::Parse function is
10 // essentially just a lexer that calls the ParseState method
11 // for each token.
12
13 // The parser recognizes POSIX extended regular expressions
14 // excluding backreferences, collating elements, and collating
15 // classes. It also allows the empty string as a regular expression
16 // and recognizes the Perl escape sequences \d, \s, \w, \D, \S, and \W.
17 // See regexp.h for rationale.
18
19 #include <ctype.h>
20 #include <stddef.h>
21 #include <stdint.h>
22 #include <string.h>
23 #include <algorithm>
24 #include <map>
25 #include <string>
26 #include <vector>
27
28 #include "util/util.h"
29 #include "util/logging.h"
30 #include "util/strutil.h"
31 #include "util/utf.h"
32 #include "re2/pod_array.h"
33 #include "re2/regexp.h"
34 #include "re2/stringpiece.h"
35 #include "re2/unicode_casefold.h"
36 #include "re2/unicode_groups.h"
37 #include "re2/walker-inl.h"
38
39 #if defined(RE2_USE_ICU)
40 #include "unicode/uniset.h"
41 #include "unicode/unistr.h"
42 #include "unicode/utypes.h"
43 #endif
44
45 namespace re2 {
46
47 // Controls the maximum repeat count permitted by the parser.
48 static int maximum_repeat_count = 1000;
49
FUZZING_ONLY_set_maximum_repeat_count(int i)50 void Regexp::FUZZING_ONLY_set_maximum_repeat_count(int i) {
51 maximum_repeat_count = i;
52 }
53
54 // Regular expression parse state.
55 // The list of parsed regexps so far is maintained as a vector of
56 // Regexp pointers called the stack. Left parenthesis and vertical
57 // bar markers are also placed on the stack, as Regexps with
58 // non-standard opcodes.
59 // Scanning a left parenthesis causes the parser to push a left parenthesis
60 // marker on the stack.
61 // Scanning a vertical bar causes the parser to pop the stack until it finds a
62 // vertical bar or left parenthesis marker (not popping the marker),
63 // concatenate all the popped results, and push them back on
64 // the stack (DoConcatenation).
65 // Scanning a right parenthesis causes the parser to act as though it
66 // has seen a vertical bar, which then leaves the top of the stack in the
67 // form LeftParen regexp VerticalBar regexp VerticalBar ... regexp VerticalBar.
68 // The parser pops all this off the stack and creates an alternation of the
69 // regexps (DoAlternation).
70
71 class Regexp::ParseState {
72 public:
73 ParseState(ParseFlags flags, const StringPiece& whole_regexp,
74 RegexpStatus* status);
75 ~ParseState();
76
flags()77 ParseFlags flags() { return flags_; }
rune_max()78 int rune_max() { return rune_max_; }
79
80 // Parse methods. All public methods return a bool saying
81 // whether parsing should continue. If a method returns
82 // false, it has set fields in *status_, and the parser
83 // should return NULL.
84
85 // Pushes the given regular expression onto the stack.
86 // Could check for too much memory used here.
87 bool PushRegexp(Regexp* re);
88
89 // Pushes the literal rune r onto the stack.
90 bool PushLiteral(Rune r);
91
92 // Pushes a regexp with the given op (and no args) onto the stack.
93 bool PushSimpleOp(RegexpOp op);
94
95 // Pushes a ^ onto the stack.
96 bool PushCaret();
97
98 // Pushes a \b (word == true) or \B (word == false) onto the stack.
99 bool PushWordBoundary(bool word);
100
101 // Pushes a $ onto the stack.
102 bool PushDollar();
103
104 // Pushes a . onto the stack
105 bool PushDot();
106
107 // Pushes a repeat operator regexp onto the stack.
108 // A valid argument for the operator must already be on the stack.
109 // s is the name of the operator, for use in error messages.
110 bool PushRepeatOp(RegexpOp op, const StringPiece& s, bool nongreedy);
111
112 // Pushes a repetition regexp onto the stack.
113 // A valid argument for the operator must already be on the stack.
114 bool PushRepetition(int min, int max, const StringPiece& s, bool nongreedy);
115
116 // Checks whether a particular regexp op is a marker.
117 bool IsMarker(RegexpOp op);
118
119 // Processes a left parenthesis in the input.
120 // Pushes a marker onto the stack.
121 bool DoLeftParen(const StringPiece& name);
122 bool DoLeftParenNoCapture();
123
124 // Processes a vertical bar in the input.
125 bool DoVerticalBar();
126
127 // Processes a right parenthesis in the input.
128 bool DoRightParen();
129
130 // Processes the end of input, returning the final regexp.
131 Regexp* DoFinish();
132
133 // Finishes the regexp if necessary, preparing it for use
134 // in a more complicated expression.
135 // If it is a CharClassBuilder, converts into a CharClass.
136 Regexp* FinishRegexp(Regexp*);
137
138 // These routines don't manipulate the parse stack
139 // directly, but they do need to look at flags_.
140 // ParseCharClass also manipulates the internals of Regexp
141 // while creating *out_re.
142
143 // Parse a character class into *out_re.
144 // Removes parsed text from s.
145 bool ParseCharClass(StringPiece* s, Regexp** out_re,
146 RegexpStatus* status);
147
148 // Parse a character class character into *rp.
149 // Removes parsed text from s.
150 bool ParseCCCharacter(StringPiece* s, Rune *rp,
151 const StringPiece& whole_class,
152 RegexpStatus* status);
153
154 // Parse a character class range into rr.
155 // Removes parsed text from s.
156 bool ParseCCRange(StringPiece* s, RuneRange* rr,
157 const StringPiece& whole_class,
158 RegexpStatus* status);
159
160 // Parse a Perl flag set or non-capturing group from s.
161 bool ParsePerlFlags(StringPiece* s);
162
163
164 // Finishes the current concatenation,
165 // collapsing it into a single regexp on the stack.
166 void DoConcatenation();
167
168 // Finishes the current alternation,
169 // collapsing it to a single regexp on the stack.
170 void DoAlternation();
171
172 // Generalized DoAlternation/DoConcatenation.
173 void DoCollapse(RegexpOp op);
174
175 // Maybe concatenate Literals into LiteralString.
176 bool MaybeConcatString(int r, ParseFlags flags);
177
178 private:
179 ParseFlags flags_;
180 StringPiece whole_regexp_;
181 RegexpStatus* status_;
182 Regexp* stacktop_;
183 int ncap_; // number of capturing parens seen
184 int rune_max_; // maximum char value for this encoding
185
186 ParseState(const ParseState&) = delete;
187 ParseState& operator=(const ParseState&) = delete;
188 };
189
190 // Pseudo-operators - only on parse stack.
191 const RegexpOp kLeftParen = static_cast<RegexpOp>(kMaxRegexpOp+1);
192 const RegexpOp kVerticalBar = static_cast<RegexpOp>(kMaxRegexpOp+2);
193
ParseState(ParseFlags flags,const StringPiece & whole_regexp,RegexpStatus * status)194 Regexp::ParseState::ParseState(ParseFlags flags,
195 const StringPiece& whole_regexp,
196 RegexpStatus* status)
197 : flags_(flags), whole_regexp_(whole_regexp),
198 status_(status), stacktop_(NULL), ncap_(0) {
199 if (flags_ & Latin1)
200 rune_max_ = 0xFF;
201 else
202 rune_max_ = Runemax;
203 }
204
205 // Cleans up by freeing all the regexps on the stack.
~ParseState()206 Regexp::ParseState::~ParseState() {
207 Regexp* next;
208 for (Regexp* re = stacktop_; re != NULL; re = next) {
209 next = re->down_;
210 re->down_ = NULL;
211 if (re->op() == kLeftParen)
212 delete re->name_;
213 re->Decref();
214 }
215 }
216
217 // Finishes the regexp if necessary, preparing it for use in
218 // a more complex expression.
219 // If it is a CharClassBuilder, converts into a CharClass.
FinishRegexp(Regexp * re)220 Regexp* Regexp::ParseState::FinishRegexp(Regexp* re) {
221 if (re == NULL)
222 return NULL;
223 re->down_ = NULL;
224
225 if (re->op_ == kRegexpCharClass && re->ccb_ != NULL) {
226 CharClassBuilder* ccb = re->ccb_;
227 re->ccb_ = NULL;
228 re->cc_ = ccb->GetCharClass();
229 delete ccb;
230 }
231
232 return re;
233 }
234
235 // Pushes the given regular expression onto the stack.
236 // Could check for too much memory used here.
PushRegexp(Regexp * re)237 bool Regexp::ParseState::PushRegexp(Regexp* re) {
238 MaybeConcatString(-1, NoParseFlags);
239
240 // Special case: a character class of one character is just
241 // a literal. This is a common idiom for escaping
242 // single characters (e.g., [.] instead of \.), and some
243 // analysis does better with fewer character classes.
244 // Similarly, [Aa] can be rewritten as a literal A with ASCII case folding.
245 if (re->op_ == kRegexpCharClass && re->ccb_ != NULL) {
246 re->ccb_->RemoveAbove(rune_max_);
247 if (re->ccb_->size() == 1) {
248 Rune r = re->ccb_->begin()->lo;
249 re->Decref();
250 re = new Regexp(kRegexpLiteral, flags_);
251 re->rune_ = r;
252 } else if (re->ccb_->size() == 2) {
253 Rune r = re->ccb_->begin()->lo;
254 if ('A' <= r && r <= 'Z' && re->ccb_->Contains(r + 'a' - 'A')) {
255 re->Decref();
256 re = new Regexp(kRegexpLiteral, flags_ | FoldCase);
257 re->rune_ = r + 'a' - 'A';
258 }
259 }
260 }
261
262 if (!IsMarker(re->op()))
263 re->simple_ = re->ComputeSimple();
264 re->down_ = stacktop_;
265 stacktop_ = re;
266 return true;
267 }
268
269 // Searches the case folding tables and returns the CaseFold* that contains r.
270 // If there isn't one, returns the CaseFold* with smallest f->lo bigger than r.
271 // If there isn't one, returns NULL.
LookupCaseFold(const CaseFold * f,int n,Rune r)272 const CaseFold* LookupCaseFold(const CaseFold *f, int n, Rune r) {
273 const CaseFold* ef = f + n;
274
275 // Binary search for entry containing r.
276 while (n > 0) {
277 int m = n/2;
278 if (f[m].lo <= r && r <= f[m].hi)
279 return &f[m];
280 if (r < f[m].lo) {
281 n = m;
282 } else {
283 f += m+1;
284 n -= m+1;
285 }
286 }
287
288 // There is no entry that contains r, but f points
289 // where it would have been. Unless f points at
290 // the end of the array, it points at the next entry
291 // after r.
292 if (f < ef)
293 return f;
294
295 // No entry contains r; no entry contains runes > r.
296 return NULL;
297 }
298
299 // Returns the result of applying the fold f to the rune r.
ApplyFold(const CaseFold * f,Rune r)300 Rune ApplyFold(const CaseFold *f, Rune r) {
301 switch (f->delta) {
302 default:
303 return r + f->delta;
304
305 case EvenOddSkip: // even <-> odd but only applies to every other
306 if ((r - f->lo) % 2)
307 return r;
308 FALLTHROUGH_INTENDED;
309 case EvenOdd: // even <-> odd
310 if (r%2 == 0)
311 return r + 1;
312 return r - 1;
313
314 case OddEvenSkip: // odd <-> even but only applies to every other
315 if ((r - f->lo) % 2)
316 return r;
317 FALLTHROUGH_INTENDED;
318 case OddEven: // odd <-> even
319 if (r%2 == 1)
320 return r + 1;
321 return r - 1;
322 }
323 }
324
325 // Returns the next Rune in r's folding cycle (see unicode_casefold.h).
326 // Examples:
327 // CycleFoldRune('A') = 'a'
328 // CycleFoldRune('a') = 'A'
329 //
330 // CycleFoldRune('K') = 'k'
331 // CycleFoldRune('k') = 0x212A (Kelvin)
332 // CycleFoldRune(0x212A) = 'K'
333 //
334 // CycleFoldRune('?') = '?'
CycleFoldRune(Rune r)335 Rune CycleFoldRune(Rune r) {
336 const CaseFold* f = LookupCaseFold(unicode_casefold, num_unicode_casefold, r);
337 if (f == NULL || r < f->lo)
338 return r;
339 return ApplyFold(f, r);
340 }
341
342 // Add lo-hi to the class, along with their fold-equivalent characters.
343 // If lo-hi is already in the class, assume that the fold-equivalent
344 // chars are there too, so there's no work to do.
AddFoldedRange(CharClassBuilder * cc,Rune lo,Rune hi,int depth)345 static void AddFoldedRange(CharClassBuilder* cc, Rune lo, Rune hi, int depth) {
346 // AddFoldedRange calls itself recursively for each rune in the fold cycle.
347 // Most folding cycles are small: there aren't any bigger than four in the
348 // current Unicode tables. make_unicode_casefold.py checks that
349 // the cycles are not too long, and we double-check here using depth.
350 if (depth > 10) {
351 LOG(DFATAL) << "AddFoldedRange recurses too much.";
352 return;
353 }
354
355 if (!cc->AddRange(lo, hi)) // lo-hi was already there? we're done
356 return;
357
358 while (lo <= hi) {
359 const CaseFold* f = LookupCaseFold(unicode_casefold, num_unicode_casefold, lo);
360 if (f == NULL) // lo has no fold, nor does anything above lo
361 break;
362 if (lo < f->lo) { // lo has no fold; next rune with a fold is f->lo
363 lo = f->lo;
364 continue;
365 }
366
367 // Add in the result of folding the range lo - f->hi
368 // and that range's fold, recursively.
369 Rune lo1 = lo;
370 Rune hi1 = std::min<Rune>(hi, f->hi);
371 switch (f->delta) {
372 default:
373 lo1 += f->delta;
374 hi1 += f->delta;
375 break;
376 case EvenOdd:
377 if (lo1%2 == 1)
378 lo1--;
379 if (hi1%2 == 0)
380 hi1++;
381 break;
382 case OddEven:
383 if (lo1%2 == 0)
384 lo1--;
385 if (hi1%2 == 1)
386 hi1++;
387 break;
388 }
389 AddFoldedRange(cc, lo1, hi1, depth+1);
390
391 // Pick up where this fold left off.
392 lo = f->hi + 1;
393 }
394 }
395
396 // Pushes the literal rune r onto the stack.
PushLiteral(Rune r)397 bool Regexp::ParseState::PushLiteral(Rune r) {
398 // Do case folding if needed.
399 if ((flags_ & FoldCase) && CycleFoldRune(r) != r) {
400 Regexp* re = new Regexp(kRegexpCharClass, flags_ & ~FoldCase);
401 re->ccb_ = new CharClassBuilder;
402 Rune r1 = r;
403 do {
404 if (!(flags_ & NeverNL) || r != '\n') {
405 re->ccb_->AddRange(r, r);
406 }
407 r = CycleFoldRune(r);
408 } while (r != r1);
409 return PushRegexp(re);
410 }
411
412 // Exclude newline if applicable.
413 if ((flags_ & NeverNL) && r == '\n')
414 return PushRegexp(new Regexp(kRegexpNoMatch, flags_));
415
416 // No fancy stuff worked. Ordinary literal.
417 if (MaybeConcatString(r, flags_))
418 return true;
419
420 Regexp* re = new Regexp(kRegexpLiteral, flags_);
421 re->rune_ = r;
422 return PushRegexp(re);
423 }
424
425 // Pushes a ^ onto the stack.
PushCaret()426 bool Regexp::ParseState::PushCaret() {
427 if (flags_ & OneLine) {
428 return PushSimpleOp(kRegexpBeginText);
429 }
430 return PushSimpleOp(kRegexpBeginLine);
431 }
432
433 // Pushes a \b or \B onto the stack.
PushWordBoundary(bool word)434 bool Regexp::ParseState::PushWordBoundary(bool word) {
435 if (word)
436 return PushSimpleOp(kRegexpWordBoundary);
437 return PushSimpleOp(kRegexpNoWordBoundary);
438 }
439
440 // Pushes a $ onto the stack.
PushDollar()441 bool Regexp::ParseState::PushDollar() {
442 if (flags_ & OneLine) {
443 // Clumsy marker so that MimicsPCRE() can tell whether
444 // this kRegexpEndText was a $ and not a \z.
445 Regexp::ParseFlags oflags = flags_;
446 flags_ = flags_ | WasDollar;
447 bool ret = PushSimpleOp(kRegexpEndText);
448 flags_ = oflags;
449 return ret;
450 }
451 return PushSimpleOp(kRegexpEndLine);
452 }
453
454 // Pushes a . onto the stack.
PushDot()455 bool Regexp::ParseState::PushDot() {
456 if ((flags_ & DotNL) && !(flags_ & NeverNL))
457 return PushSimpleOp(kRegexpAnyChar);
458 // Rewrite . into [^\n]
459 Regexp* re = new Regexp(kRegexpCharClass, flags_ & ~FoldCase);
460 re->ccb_ = new CharClassBuilder;
461 re->ccb_->AddRange(0, '\n' - 1);
462 re->ccb_->AddRange('\n' + 1, rune_max_);
463 return PushRegexp(re);
464 }
465
466 // Pushes a regexp with the given op (and no args) onto the stack.
PushSimpleOp(RegexpOp op)467 bool Regexp::ParseState::PushSimpleOp(RegexpOp op) {
468 Regexp* re = new Regexp(op, flags_);
469 return PushRegexp(re);
470 }
471
472 // Pushes a repeat operator regexp onto the stack.
473 // A valid argument for the operator must already be on the stack.
474 // The char c is the name of the operator, for use in error messages.
PushRepeatOp(RegexpOp op,const StringPiece & s,bool nongreedy)475 bool Regexp::ParseState::PushRepeatOp(RegexpOp op, const StringPiece& s,
476 bool nongreedy) {
477 if (stacktop_ == NULL || IsMarker(stacktop_->op())) {
478 status_->set_code(kRegexpRepeatArgument);
479 status_->set_error_arg(s);
480 return false;
481 }
482 Regexp::ParseFlags fl = flags_;
483 if (nongreedy)
484 fl = fl ^ NonGreedy;
485
486 // Squash **, ++ and ??. Regexp::Star() et al. handle this too, but
487 // they're mostly for use during simplification, not during parsing.
488 if (op == stacktop_->op() && fl == stacktop_->parse_flags())
489 return true;
490
491 // Squash *+, *?, +*, +?, ?* and ?+. They all squash to *, so because
492 // op is a repeat, we just have to check that stacktop_->op() is too,
493 // then adjust stacktop_.
494 if ((stacktop_->op() == kRegexpStar ||
495 stacktop_->op() == kRegexpPlus ||
496 stacktop_->op() == kRegexpQuest) &&
497 fl == stacktop_->parse_flags()) {
498 stacktop_->op_ = kRegexpStar;
499 return true;
500 }
501
502 Regexp* re = new Regexp(op, fl);
503 re->AllocSub(1);
504 re->down_ = stacktop_->down_;
505 re->sub()[0] = FinishRegexp(stacktop_);
506 re->simple_ = re->ComputeSimple();
507 stacktop_ = re;
508 return true;
509 }
510
511 // RepetitionWalker reports whether the repetition regexp is valid.
512 // Valid means that the combination of the top-level repetition
513 // and any inner repetitions does not exceed n copies of the
514 // innermost thing.
515 // This rewalks the regexp tree and is called for every repetition,
516 // so we have to worry about inducing quadratic behavior in the parser.
517 // We avoid this by only using RepetitionWalker when min or max >= 2.
518 // In that case the depth of any >= 2 nesting can only get to 9 without
519 // triggering a parse error, so each subtree can only be rewalked 9 times.
520 class RepetitionWalker : public Regexp::Walker<int> {
521 public:
RepetitionWalker()522 RepetitionWalker() {}
523 virtual int PreVisit(Regexp* re, int parent_arg, bool* stop);
524 virtual int PostVisit(Regexp* re, int parent_arg, int pre_arg,
525 int* child_args, int nchild_args);
526 virtual int ShortVisit(Regexp* re, int parent_arg);
527
528 private:
529 RepetitionWalker(const RepetitionWalker&) = delete;
530 RepetitionWalker& operator=(const RepetitionWalker&) = delete;
531 };
532
PreVisit(Regexp * re,int parent_arg,bool * stop)533 int RepetitionWalker::PreVisit(Regexp* re, int parent_arg, bool* stop) {
534 int arg = parent_arg;
535 if (re->op() == kRegexpRepeat) {
536 int m = re->max();
537 if (m < 0) {
538 m = re->min();
539 }
540 if (m > 0) {
541 arg /= m;
542 }
543 }
544 return arg;
545 }
546
PostVisit(Regexp * re,int parent_arg,int pre_arg,int * child_args,int nchild_args)547 int RepetitionWalker::PostVisit(Regexp* re, int parent_arg, int pre_arg,
548 int* child_args, int nchild_args) {
549 int arg = pre_arg;
550 for (int i = 0; i < nchild_args; i++) {
551 if (child_args[i] < arg) {
552 arg = child_args[i];
553 }
554 }
555 return arg;
556 }
557
ShortVisit(Regexp * re,int parent_arg)558 int RepetitionWalker::ShortVisit(Regexp* re, int parent_arg) {
559 // Should never be called: we use Walk(), not WalkExponential().
560 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
561 LOG(DFATAL) << "RepetitionWalker::ShortVisit called";
562 #endif
563 return 0;
564 }
565
566 // Pushes a repetition regexp onto the stack.
567 // A valid argument for the operator must already be on the stack.
PushRepetition(int min,int max,const StringPiece & s,bool nongreedy)568 bool Regexp::ParseState::PushRepetition(int min, int max,
569 const StringPiece& s,
570 bool nongreedy) {
571 if ((max != -1 && max < min) ||
572 min > maximum_repeat_count ||
573 max > maximum_repeat_count) {
574 status_->set_code(kRegexpRepeatSize);
575 status_->set_error_arg(s);
576 return false;
577 }
578 if (stacktop_ == NULL || IsMarker(stacktop_->op())) {
579 status_->set_code(kRegexpRepeatArgument);
580 status_->set_error_arg(s);
581 return false;
582 }
583 Regexp::ParseFlags fl = flags_;
584 if (nongreedy)
585 fl = fl ^ NonGreedy;
586 Regexp* re = new Regexp(kRegexpRepeat, fl);
587 re->min_ = min;
588 re->max_ = max;
589 re->AllocSub(1);
590 re->down_ = stacktop_->down_;
591 re->sub()[0] = FinishRegexp(stacktop_);
592 re->simple_ = re->ComputeSimple();
593 stacktop_ = re;
594 if (min >= 2 || max >= 2) {
595 RepetitionWalker w;
596 if (w.Walk(stacktop_, maximum_repeat_count) == 0) {
597 status_->set_code(kRegexpRepeatSize);
598 status_->set_error_arg(s);
599 return false;
600 }
601 }
602 return true;
603 }
604
605 // Checks whether a particular regexp op is a marker.
IsMarker(RegexpOp op)606 bool Regexp::ParseState::IsMarker(RegexpOp op) {
607 return op >= kLeftParen;
608 }
609
610 // Processes a left parenthesis in the input.
611 // Pushes a marker onto the stack.
DoLeftParen(const StringPiece & name)612 bool Regexp::ParseState::DoLeftParen(const StringPiece& name) {
613 Regexp* re = new Regexp(kLeftParen, flags_);
614 re->cap_ = ++ncap_;
615 if (name.data() != NULL)
616 re->name_ = new std::string(name);
617 return PushRegexp(re);
618 }
619
620 // Pushes a non-capturing marker onto the stack.
DoLeftParenNoCapture()621 bool Regexp::ParseState::DoLeftParenNoCapture() {
622 Regexp* re = new Regexp(kLeftParen, flags_);
623 re->cap_ = -1;
624 return PushRegexp(re);
625 }
626
627 // Processes a vertical bar in the input.
DoVerticalBar()628 bool Regexp::ParseState::DoVerticalBar() {
629 MaybeConcatString(-1, NoParseFlags);
630 DoConcatenation();
631
632 // Below the vertical bar is a list to alternate.
633 // Above the vertical bar is a list to concatenate.
634 // We just did the concatenation, so either swap
635 // the result below the vertical bar or push a new
636 // vertical bar on the stack.
637 Regexp* r1;
638 Regexp* r2;
639 if ((r1 = stacktop_) != NULL &&
640 (r2 = r1->down_) != NULL &&
641 r2->op() == kVerticalBar) {
642 Regexp* r3;
643 if ((r3 = r2->down_) != NULL &&
644 (r1->op() == kRegexpAnyChar || r3->op() == kRegexpAnyChar)) {
645 // AnyChar is above or below the vertical bar. Let it subsume
646 // the other when the other is Literal, CharClass or AnyChar.
647 if (r3->op() == kRegexpAnyChar &&
648 (r1->op() == kRegexpLiteral ||
649 r1->op() == kRegexpCharClass ||
650 r1->op() == kRegexpAnyChar)) {
651 // Discard r1.
652 stacktop_ = r2;
653 r1->Decref();
654 return true;
655 }
656 if (r1->op() == kRegexpAnyChar &&
657 (r3->op() == kRegexpLiteral ||
658 r3->op() == kRegexpCharClass ||
659 r3->op() == kRegexpAnyChar)) {
660 // Rearrange the stack and discard r3.
661 r1->down_ = r3->down_;
662 r2->down_ = r1;
663 stacktop_ = r2;
664 r3->Decref();
665 return true;
666 }
667 }
668 // Swap r1 below vertical bar (r2).
669 r1->down_ = r2->down_;
670 r2->down_ = r1;
671 stacktop_ = r2;
672 return true;
673 }
674 return PushSimpleOp(kVerticalBar);
675 }
676
677 // Processes a right parenthesis in the input.
DoRightParen()678 bool Regexp::ParseState::DoRightParen() {
679 // Finish the current concatenation and alternation.
680 DoAlternation();
681
682 // The stack should be: LeftParen regexp
683 // Remove the LeftParen, leaving the regexp,
684 // parenthesized.
685 Regexp* r1;
686 Regexp* r2;
687 if ((r1 = stacktop_) == NULL ||
688 (r2 = r1->down_) == NULL ||
689 r2->op() != kLeftParen) {
690 status_->set_code(kRegexpUnexpectedParen);
691 status_->set_error_arg(whole_regexp_);
692 return false;
693 }
694
695 // Pop off r1, r2. Will Decref or reuse below.
696 stacktop_ = r2->down_;
697
698 // Restore flags from when paren opened.
699 Regexp* re = r2;
700 flags_ = re->parse_flags();
701
702 // Rewrite LeftParen as capture if needed.
703 if (re->cap_ > 0) {
704 re->op_ = kRegexpCapture;
705 // re->cap_ is already set
706 re->AllocSub(1);
707 re->sub()[0] = FinishRegexp(r1);
708 re->simple_ = re->ComputeSimple();
709 } else {
710 re->Decref();
711 re = r1;
712 }
713 return PushRegexp(re);
714 }
715
716 // Processes the end of input, returning the final regexp.
DoFinish()717 Regexp* Regexp::ParseState::DoFinish() {
718 DoAlternation();
719 Regexp* re = stacktop_;
720 if (re != NULL && re->down_ != NULL) {
721 status_->set_code(kRegexpMissingParen);
722 status_->set_error_arg(whole_regexp_);
723 return NULL;
724 }
725 stacktop_ = NULL;
726 return FinishRegexp(re);
727 }
728
729 // Returns the leading regexp that re starts with.
730 // The returned Regexp* points into a piece of re,
731 // so it must not be used after the caller calls re->Decref().
LeadingRegexp(Regexp * re)732 Regexp* Regexp::LeadingRegexp(Regexp* re) {
733 if (re->op() == kRegexpEmptyMatch)
734 return NULL;
735 if (re->op() == kRegexpConcat && re->nsub() >= 2) {
736 Regexp** sub = re->sub();
737 if (sub[0]->op() == kRegexpEmptyMatch)
738 return NULL;
739 return sub[0];
740 }
741 return re;
742 }
743
744 // Removes LeadingRegexp(re) from re and returns what's left.
745 // Consumes the reference to re and may edit it in place.
746 // If caller wants to hold on to LeadingRegexp(re),
747 // must have already Incref'ed it.
RemoveLeadingRegexp(Regexp * re)748 Regexp* Regexp::RemoveLeadingRegexp(Regexp* re) {
749 if (re->op() == kRegexpEmptyMatch)
750 return re;
751 if (re->op() == kRegexpConcat && re->nsub() >= 2) {
752 Regexp** sub = re->sub();
753 if (sub[0]->op() == kRegexpEmptyMatch)
754 return re;
755 sub[0]->Decref();
756 sub[0] = NULL;
757 if (re->nsub() == 2) {
758 // Collapse concatenation to single regexp.
759 Regexp* nre = sub[1];
760 sub[1] = NULL;
761 re->Decref();
762 return nre;
763 }
764 // 3 or more -> 2 or more.
765 re->nsub_--;
766 memmove(sub, sub + 1, re->nsub_ * sizeof sub[0]);
767 return re;
768 }
769 Regexp::ParseFlags pf = re->parse_flags();
770 re->Decref();
771 return new Regexp(kRegexpEmptyMatch, pf);
772 }
773
774 // Returns the leading string that re starts with.
775 // The returned Rune* points into a piece of re,
776 // so it must not be used after the caller calls re->Decref().
LeadingString(Regexp * re,int * nrune,Regexp::ParseFlags * flags)777 Rune* Regexp::LeadingString(Regexp* re, int *nrune,
778 Regexp::ParseFlags *flags) {
779 while (re->op() == kRegexpConcat && re->nsub() > 0)
780 re = re->sub()[0];
781
782 *flags = static_cast<Regexp::ParseFlags>(re->parse_flags_ & Regexp::FoldCase);
783
784 if (re->op() == kRegexpLiteral) {
785 *nrune = 1;
786 return &re->rune_;
787 }
788
789 if (re->op() == kRegexpLiteralString) {
790 *nrune = re->nrunes_;
791 return re->runes_;
792 }
793
794 *nrune = 0;
795 return NULL;
796 }
797
798 // Removes the first n leading runes from the beginning of re.
799 // Edits re in place.
RemoveLeadingString(Regexp * re,int n)800 void Regexp::RemoveLeadingString(Regexp* re, int n) {
801 // Chase down concats to find first string.
802 // For regexps generated by parser, nested concats are
803 // flattened except when doing so would overflow the 16-bit
804 // limit on the size of a concatenation, so we should never
805 // see more than two here.
806 Regexp* stk[4];
807 size_t d = 0;
808 while (re->op() == kRegexpConcat) {
809 if (d < arraysize(stk))
810 stk[d++] = re;
811 re = re->sub()[0];
812 }
813
814 // Remove leading string from re.
815 if (re->op() == kRegexpLiteral) {
816 re->rune_ = 0;
817 re->op_ = kRegexpEmptyMatch;
818 } else if (re->op() == kRegexpLiteralString) {
819 if (n >= re->nrunes_) {
820 delete[] re->runes_;
821 re->runes_ = NULL;
822 re->nrunes_ = 0;
823 re->op_ = kRegexpEmptyMatch;
824 } else if (n == re->nrunes_ - 1) {
825 Rune rune = re->runes_[re->nrunes_ - 1];
826 delete[] re->runes_;
827 re->runes_ = NULL;
828 re->nrunes_ = 0;
829 re->rune_ = rune;
830 re->op_ = kRegexpLiteral;
831 } else {
832 re->nrunes_ -= n;
833 memmove(re->runes_, re->runes_ + n, re->nrunes_ * sizeof re->runes_[0]);
834 }
835 }
836
837 // If re is now empty, concatenations might simplify too.
838 while (d > 0) {
839 re = stk[--d];
840 Regexp** sub = re->sub();
841 if (sub[0]->op() == kRegexpEmptyMatch) {
842 sub[0]->Decref();
843 sub[0] = NULL;
844 // Delete first element of concat.
845 switch (re->nsub()) {
846 case 0:
847 case 1:
848 // Impossible.
849 LOG(DFATAL) << "Concat of " << re->nsub();
850 re->submany_ = NULL;
851 re->op_ = kRegexpEmptyMatch;
852 break;
853
854 case 2: {
855 // Replace re with sub[1].
856 Regexp* old = sub[1];
857 sub[1] = NULL;
858 re->Swap(old);
859 old->Decref();
860 break;
861 }
862
863 default:
864 // Slide down.
865 re->nsub_--;
866 memmove(sub, sub + 1, re->nsub_ * sizeof sub[0]);
867 break;
868 }
869 }
870 }
871 }
872
873 // In the context of factoring alternations, a Splice is: a factored prefix or
874 // merged character class computed by one iteration of one round of factoring;
875 // the span of subexpressions of the alternation to be "spliced" (i.e. removed
876 // and replaced); and, for a factored prefix, the number of suffixes after any
877 // factoring that might have subsequently been performed on them. For a merged
878 // character class, there are no suffixes, of course, so the field is ignored.
879 struct Splice {
Splicere2::Splice880 Splice(Regexp* prefix, Regexp** sub, int nsub)
881 : prefix(prefix),
882 sub(sub),
883 nsub(nsub),
884 nsuffix(-1) {}
885
886 Regexp* prefix;
887 Regexp** sub;
888 int nsub;
889 int nsuffix;
890 };
891
892 // Named so because it is used to implement an explicit stack, a Frame is: the
893 // span of subexpressions of the alternation to be factored; the current round
894 // of factoring; any Splices computed; and, for a factored prefix, an iterator
895 // to the next Splice to be factored (i.e. in another Frame) because suffixes.
896 struct Frame {
Framere2::Frame897 Frame(Regexp** sub, int nsub)
898 : sub(sub),
899 nsub(nsub),
900 round(0) {}
901
902 Regexp** sub;
903 int nsub;
904 int round;
905 std::vector<Splice> splices;
906 int spliceidx;
907 };
908
909 // Bundled into a class for friend access to Regexp without needing to declare
910 // (or define) Splice in regexp.h.
911 class FactorAlternationImpl {
912 public:
913 static void Round1(Regexp** sub, int nsub,
914 Regexp::ParseFlags flags,
915 std::vector<Splice>* splices);
916 static void Round2(Regexp** sub, int nsub,
917 Regexp::ParseFlags flags,
918 std::vector<Splice>* splices);
919 static void Round3(Regexp** sub, int nsub,
920 Regexp::ParseFlags flags,
921 std::vector<Splice>* splices);
922 };
923
924 // Factors common prefixes from alternation.
925 // For example,
926 // ABC|ABD|AEF|BCX|BCY
927 // simplifies to
928 // A(B(C|D)|EF)|BC(X|Y)
929 // and thence to
930 // A(B[CD]|EF)|BC[XY]
931 //
932 // Rewrites sub to contain simplified list to alternate and returns
933 // the new length of sub. Adjusts reference counts accordingly
934 // (incoming sub[i] decremented, outgoing sub[i] incremented).
FactorAlternation(Regexp ** sub,int nsub,ParseFlags flags)935 int Regexp::FactorAlternation(Regexp** sub, int nsub, ParseFlags flags) {
936 std::vector<Frame> stk;
937 stk.emplace_back(sub, nsub);
938
939 for (;;) {
940 auto& sub = stk.back().sub;
941 auto& nsub = stk.back().nsub;
942 auto& round = stk.back().round;
943 auto& splices = stk.back().splices;
944 auto& spliceidx = stk.back().spliceidx;
945
946 if (splices.empty()) {
947 // Advance to the next round of factoring. Note that this covers
948 // the initialised state: when splices is empty and round is 0.
949 round++;
950 } else if (spliceidx < static_cast<int>(splices.size())) {
951 // We have at least one more Splice to factor. Recurse logically.
952 stk.emplace_back(splices[spliceidx].sub, splices[spliceidx].nsub);
953 continue;
954 } else {
955 // We have no more Splices to factor. Apply them.
956 auto iter = splices.begin();
957 int out = 0;
958 for (int i = 0; i < nsub; ) {
959 // Copy until we reach where the next Splice begins.
960 while (sub + i < iter->sub)
961 sub[out++] = sub[i++];
962 switch (round) {
963 case 1:
964 case 2: {
965 // Assemble the Splice prefix and the suffixes.
966 Regexp* re[2];
967 re[0] = iter->prefix;
968 re[1] = Regexp::AlternateNoFactor(iter->sub, iter->nsuffix, flags);
969 sub[out++] = Regexp::Concat(re, 2, flags);
970 i += iter->nsub;
971 break;
972 }
973 case 3:
974 // Just use the Splice prefix.
975 sub[out++] = iter->prefix;
976 i += iter->nsub;
977 break;
978 default:
979 LOG(DFATAL) << "unknown round: " << round;
980 break;
981 }
982 // If we are done, copy until the end of sub.
983 if (++iter == splices.end()) {
984 while (i < nsub)
985 sub[out++] = sub[i++];
986 }
987 }
988 splices.clear();
989 nsub = out;
990 // Advance to the next round of factoring.
991 round++;
992 }
993
994 switch (round) {
995 case 1:
996 FactorAlternationImpl::Round1(sub, nsub, flags, &splices);
997 break;
998 case 2:
999 FactorAlternationImpl::Round2(sub, nsub, flags, &splices);
1000 break;
1001 case 3:
1002 FactorAlternationImpl::Round3(sub, nsub, flags, &splices);
1003 break;
1004 case 4:
1005 if (stk.size() == 1) {
1006 // We are at the top of the stack. Just return.
1007 return nsub;
1008 } else {
1009 // Pop the stack and set the number of suffixes.
1010 // (Note that references will be invalidated!)
1011 int nsuffix = nsub;
1012 stk.pop_back();
1013 stk.back().splices[stk.back().spliceidx].nsuffix = nsuffix;
1014 ++stk.back().spliceidx;
1015 continue;
1016 }
1017 default:
1018 LOG(DFATAL) << "unknown round: " << round;
1019 break;
1020 }
1021
1022 // Set spliceidx depending on whether we have Splices to factor.
1023 if (splices.empty() || round == 3) {
1024 spliceidx = static_cast<int>(splices.size());
1025 } else {
1026 spliceidx = 0;
1027 }
1028 }
1029 }
1030
Round1(Regexp ** sub,int nsub,Regexp::ParseFlags flags,std::vector<Splice> * splices)1031 void FactorAlternationImpl::Round1(Regexp** sub, int nsub,
1032 Regexp::ParseFlags flags,
1033 std::vector<Splice>* splices) {
1034 // Round 1: Factor out common literal prefixes.
1035 int start = 0;
1036 Rune* rune = NULL;
1037 int nrune = 0;
1038 Regexp::ParseFlags runeflags = Regexp::NoParseFlags;
1039 for (int i = 0; i <= nsub; i++) {
1040 // Invariant: sub[start:i] consists of regexps that all
1041 // begin with rune[0:nrune].
1042 Rune* rune_i = NULL;
1043 int nrune_i = 0;
1044 Regexp::ParseFlags runeflags_i = Regexp::NoParseFlags;
1045 if (i < nsub) {
1046 rune_i = Regexp::LeadingString(sub[i], &nrune_i, &runeflags_i);
1047 if (runeflags_i == runeflags) {
1048 int same = 0;
1049 while (same < nrune && same < nrune_i && rune[same] == rune_i[same])
1050 same++;
1051 if (same > 0) {
1052 // Matches at least one rune in current range. Keep going around.
1053 nrune = same;
1054 continue;
1055 }
1056 }
1057 }
1058
1059 // Found end of a run with common leading literal string:
1060 // sub[start:i] all begin with rune[0:nrune],
1061 // but sub[i] does not even begin with rune[0].
1062 if (i == start) {
1063 // Nothing to do - first iteration.
1064 } else if (i == start+1) {
1065 // Just one: don't bother factoring.
1066 } else {
1067 Regexp* prefix = Regexp::LiteralString(rune, nrune, runeflags);
1068 for (int j = start; j < i; j++)
1069 Regexp::RemoveLeadingString(sub[j], nrune);
1070 splices->emplace_back(prefix, sub + start, i - start);
1071 }
1072
1073 // Prepare for next iteration (if there is one).
1074 if (i < nsub) {
1075 start = i;
1076 rune = rune_i;
1077 nrune = nrune_i;
1078 runeflags = runeflags_i;
1079 }
1080 }
1081 }
1082
Round2(Regexp ** sub,int nsub,Regexp::ParseFlags flags,std::vector<Splice> * splices)1083 void FactorAlternationImpl::Round2(Regexp** sub, int nsub,
1084 Regexp::ParseFlags flags,
1085 std::vector<Splice>* splices) {
1086 // Round 2: Factor out common simple prefixes,
1087 // just the first piece of each concatenation.
1088 // This will be good enough a lot of the time.
1089 //
1090 // Complex subexpressions (e.g. involving quantifiers)
1091 // are not safe to factor because that collapses their
1092 // distinct paths through the automaton, which affects
1093 // correctness in some cases.
1094 int start = 0;
1095 Regexp* first = NULL;
1096 for (int i = 0; i <= nsub; i++) {
1097 // Invariant: sub[start:i] consists of regexps that all
1098 // begin with first.
1099 Regexp* first_i = NULL;
1100 if (i < nsub) {
1101 first_i = Regexp::LeadingRegexp(sub[i]);
1102 if (first != NULL &&
1103 // first must be an empty-width op
1104 // OR a char class, any char or any byte
1105 // OR a fixed repeat of a literal, char class, any char or any byte.
1106 (first->op() == kRegexpBeginLine ||
1107 first->op() == kRegexpEndLine ||
1108 first->op() == kRegexpWordBoundary ||
1109 first->op() == kRegexpNoWordBoundary ||
1110 first->op() == kRegexpBeginText ||
1111 first->op() == kRegexpEndText ||
1112 first->op() == kRegexpCharClass ||
1113 first->op() == kRegexpAnyChar ||
1114 first->op() == kRegexpAnyByte ||
1115 (first->op() == kRegexpRepeat &&
1116 first->min() == first->max() &&
1117 (first->sub()[0]->op() == kRegexpLiteral ||
1118 first->sub()[0]->op() == kRegexpCharClass ||
1119 first->sub()[0]->op() == kRegexpAnyChar ||
1120 first->sub()[0]->op() == kRegexpAnyByte))) &&
1121 Regexp::Equal(first, first_i))
1122 continue;
1123 }
1124
1125 // Found end of a run with common leading regexp:
1126 // sub[start:i] all begin with first,
1127 // but sub[i] does not.
1128 if (i == start) {
1129 // Nothing to do - first iteration.
1130 } else if (i == start+1) {
1131 // Just one: don't bother factoring.
1132 } else {
1133 Regexp* prefix = first->Incref();
1134 for (int j = start; j < i; j++)
1135 sub[j] = Regexp::RemoveLeadingRegexp(sub[j]);
1136 splices->emplace_back(prefix, sub + start, i - start);
1137 }
1138
1139 // Prepare for next iteration (if there is one).
1140 if (i < nsub) {
1141 start = i;
1142 first = first_i;
1143 }
1144 }
1145 }
1146
Round3(Regexp ** sub,int nsub,Regexp::ParseFlags flags,std::vector<Splice> * splices)1147 void FactorAlternationImpl::Round3(Regexp** sub, int nsub,
1148 Regexp::ParseFlags flags,
1149 std::vector<Splice>* splices) {
1150 // Round 3: Merge runs of literals and/or character classes.
1151 int start = 0;
1152 Regexp* first = NULL;
1153 for (int i = 0; i <= nsub; i++) {
1154 // Invariant: sub[start:i] consists of regexps that all
1155 // are either literals (i.e. runes) or character classes.
1156 Regexp* first_i = NULL;
1157 if (i < nsub) {
1158 first_i = sub[i];
1159 if (first != NULL &&
1160 (first->op() == kRegexpLiteral ||
1161 first->op() == kRegexpCharClass) &&
1162 (first_i->op() == kRegexpLiteral ||
1163 first_i->op() == kRegexpCharClass))
1164 continue;
1165 }
1166
1167 // Found end of a run of Literal/CharClass:
1168 // sub[start:i] all are either one or the other,
1169 // but sub[i] is not.
1170 if (i == start) {
1171 // Nothing to do - first iteration.
1172 } else if (i == start+1) {
1173 // Just one: don't bother factoring.
1174 } else {
1175 CharClassBuilder ccb;
1176 for (int j = start; j < i; j++) {
1177 Regexp* re = sub[j];
1178 if (re->op() == kRegexpCharClass) {
1179 CharClass* cc = re->cc();
1180 for (CharClass::iterator it = cc->begin(); it != cc->end(); ++it)
1181 ccb.AddRange(it->lo, it->hi);
1182 } else if (re->op() == kRegexpLiteral) {
1183 ccb.AddRangeFlags(re->rune(), re->rune(), re->parse_flags());
1184 } else {
1185 LOG(DFATAL) << "RE2: unexpected op: " << re->op() << " "
1186 << re->ToString();
1187 }
1188 re->Decref();
1189 }
1190 Regexp* re = Regexp::NewCharClass(ccb.GetCharClass(), flags);
1191 splices->emplace_back(re, sub + start, i - start);
1192 }
1193
1194 // Prepare for next iteration (if there is one).
1195 if (i < nsub) {
1196 start = i;
1197 first = first_i;
1198 }
1199 }
1200 }
1201
1202 // Collapse the regexps on top of the stack, down to the
1203 // first marker, into a new op node (op == kRegexpAlternate
1204 // or op == kRegexpConcat).
DoCollapse(RegexpOp op)1205 void Regexp::ParseState::DoCollapse(RegexpOp op) {
1206 // Scan backward to marker, counting children of composite.
1207 int n = 0;
1208 Regexp* next = NULL;
1209 Regexp* sub;
1210 for (sub = stacktop_; sub != NULL && !IsMarker(sub->op()); sub = next) {
1211 next = sub->down_;
1212 if (sub->op_ == op)
1213 n += sub->nsub_;
1214 else
1215 n++;
1216 }
1217
1218 // If there's just one child, leave it alone.
1219 // (Concat of one thing is that one thing; alternate of one thing is same.)
1220 if (stacktop_ != NULL && stacktop_->down_ == next)
1221 return;
1222
1223 // Construct op (alternation or concatenation), flattening op of op.
1224 PODArray<Regexp*> subs(n);
1225 next = NULL;
1226 int i = n;
1227 for (sub = stacktop_; sub != NULL && !IsMarker(sub->op()); sub = next) {
1228 next = sub->down_;
1229 if (sub->op_ == op) {
1230 Regexp** sub_subs = sub->sub();
1231 for (int k = sub->nsub_ - 1; k >= 0; k--)
1232 subs[--i] = sub_subs[k]->Incref();
1233 sub->Decref();
1234 } else {
1235 subs[--i] = FinishRegexp(sub);
1236 }
1237 }
1238
1239 Regexp* re = ConcatOrAlternate(op, subs.data(), n, flags_, true);
1240 re->simple_ = re->ComputeSimple();
1241 re->down_ = next;
1242 stacktop_ = re;
1243 }
1244
1245 // Finishes the current concatenation,
1246 // collapsing it into a single regexp on the stack.
DoConcatenation()1247 void Regexp::ParseState::DoConcatenation() {
1248 Regexp* r1 = stacktop_;
1249 if (r1 == NULL || IsMarker(r1->op())) {
1250 // empty concatenation is special case
1251 Regexp* re = new Regexp(kRegexpEmptyMatch, flags_);
1252 PushRegexp(re);
1253 }
1254 DoCollapse(kRegexpConcat);
1255 }
1256
1257 // Finishes the current alternation,
1258 // collapsing it to a single regexp on the stack.
DoAlternation()1259 void Regexp::ParseState::DoAlternation() {
1260 DoVerticalBar();
1261 // Now stack top is kVerticalBar.
1262 Regexp* r1 = stacktop_;
1263 stacktop_ = r1->down_;
1264 r1->Decref();
1265 DoCollapse(kRegexpAlternate);
1266 }
1267
1268 // Incremental conversion of concatenated literals into strings.
1269 // If top two elements on stack are both literal or string,
1270 // collapse into single string.
1271 // Don't walk down the stack -- the parser calls this frequently
1272 // enough that below the bottom two is known to be collapsed.
1273 // Only called when another regexp is about to be pushed
1274 // on the stack, so that the topmost literal is not being considered.
1275 // (Otherwise ab* would turn into (ab)*.)
1276 // If r >= 0, consider pushing a literal r on the stack.
1277 // Return whether that happened.
MaybeConcatString(int r,ParseFlags flags)1278 bool Regexp::ParseState::MaybeConcatString(int r, ParseFlags flags) {
1279 Regexp* re1;
1280 Regexp* re2;
1281 if ((re1 = stacktop_) == NULL || (re2 = re1->down_) == NULL)
1282 return false;
1283
1284 if (re1->op_ != kRegexpLiteral && re1->op_ != kRegexpLiteralString)
1285 return false;
1286 if (re2->op_ != kRegexpLiteral && re2->op_ != kRegexpLiteralString)
1287 return false;
1288 if ((re1->parse_flags_ & FoldCase) != (re2->parse_flags_ & FoldCase))
1289 return false;
1290
1291 if (re2->op_ == kRegexpLiteral) {
1292 // convert into string
1293 Rune rune = re2->rune_;
1294 re2->op_ = kRegexpLiteralString;
1295 re2->nrunes_ = 0;
1296 re2->runes_ = NULL;
1297 re2->AddRuneToString(rune);
1298 }
1299
1300 // push re1 into re2.
1301 if (re1->op_ == kRegexpLiteral) {
1302 re2->AddRuneToString(re1->rune_);
1303 } else {
1304 for (int i = 0; i < re1->nrunes_; i++)
1305 re2->AddRuneToString(re1->runes_[i]);
1306 re1->nrunes_ = 0;
1307 delete[] re1->runes_;
1308 re1->runes_ = NULL;
1309 }
1310
1311 // reuse re1 if possible
1312 if (r >= 0) {
1313 re1->op_ = kRegexpLiteral;
1314 re1->rune_ = r;
1315 re1->parse_flags_ = static_cast<uint16_t>(flags);
1316 return true;
1317 }
1318
1319 stacktop_ = re2;
1320 re1->Decref();
1321 return false;
1322 }
1323
1324 // Lexing routines.
1325
1326 // Parses a decimal integer, storing it in *np.
1327 // Sets *s to span the remainder of the string.
ParseInteger(StringPiece * s,int * np)1328 static bool ParseInteger(StringPiece* s, int* np) {
1329 if (s->empty() || !isdigit((*s)[0] & 0xFF))
1330 return false;
1331 // Disallow leading zeros.
1332 if (s->size() >= 2 && (*s)[0] == '0' && isdigit((*s)[1] & 0xFF))
1333 return false;
1334 int n = 0;
1335 int c;
1336 while (!s->empty() && isdigit(c = (*s)[0] & 0xFF)) {
1337 // Avoid overflow.
1338 if (n >= 100000000)
1339 return false;
1340 n = n*10 + c - '0';
1341 s->remove_prefix(1); // digit
1342 }
1343 *np = n;
1344 return true;
1345 }
1346
1347 // Parses a repetition suffix like {1,2} or {2} or {2,}.
1348 // Sets *s to span the remainder of the string on success.
1349 // Sets *lo and *hi to the given range.
1350 // In the case of {2,}, the high number is unbounded;
1351 // sets *hi to -1 to signify this.
1352 // {,2} is NOT a valid suffix.
1353 // The Maybe in the name signifies that the regexp parse
1354 // doesn't fail even if ParseRepetition does, so the StringPiece
1355 // s must NOT be edited unless MaybeParseRepetition returns true.
MaybeParseRepetition(StringPiece * sp,int * lo,int * hi)1356 static bool MaybeParseRepetition(StringPiece* sp, int* lo, int* hi) {
1357 StringPiece s = *sp;
1358 if (s.empty() || s[0] != '{')
1359 return false;
1360 s.remove_prefix(1); // '{'
1361 if (!ParseInteger(&s, lo))
1362 return false;
1363 if (s.empty())
1364 return false;
1365 if (s[0] == ',') {
1366 s.remove_prefix(1); // ','
1367 if (s.empty())
1368 return false;
1369 if (s[0] == '}') {
1370 // {2,} means at least 2
1371 *hi = -1;
1372 } else {
1373 // {2,4} means 2, 3, or 4.
1374 if (!ParseInteger(&s, hi))
1375 return false;
1376 }
1377 } else {
1378 // {2} means exactly two
1379 *hi = *lo;
1380 }
1381 if (s.empty() || s[0] != '}')
1382 return false;
1383 s.remove_prefix(1); // '}'
1384 *sp = s;
1385 return true;
1386 }
1387
1388 // Removes the next Rune from the StringPiece and stores it in *r.
1389 // Returns number of bytes removed from sp.
1390 // Behaves as though there is a terminating NUL at the end of sp.
1391 // Argument order is backwards from usual Google style
1392 // but consistent with chartorune.
StringPieceToRune(Rune * r,StringPiece * sp,RegexpStatus * status)1393 static int StringPieceToRune(Rune *r, StringPiece *sp, RegexpStatus* status) {
1394 // fullrune() takes int, not size_t. However, it just looks
1395 // at the leading byte and treats any length >= 4 the same.
1396 if (fullrune(sp->data(), static_cast<int>(std::min(size_t{4}, sp->size())))) {
1397 int n = chartorune(r, sp->data());
1398 // Some copies of chartorune have a bug that accepts
1399 // encodings of values in (10FFFF, 1FFFFF] as valid.
1400 // Those values break the character class algorithm,
1401 // which assumes Runemax is the largest rune.
1402 if (*r > Runemax) {
1403 n = 1;
1404 *r = Runeerror;
1405 }
1406 if (!(n == 1 && *r == Runeerror)) { // no decoding error
1407 sp->remove_prefix(n);
1408 return n;
1409 }
1410 }
1411
1412 if (status != NULL) {
1413 status->set_code(kRegexpBadUTF8);
1414 status->set_error_arg(StringPiece());
1415 }
1416 return -1;
1417 }
1418
1419 // Returns whether name is valid UTF-8.
1420 // If not, sets status to kRegexpBadUTF8.
IsValidUTF8(const StringPiece & s,RegexpStatus * status)1421 static bool IsValidUTF8(const StringPiece& s, RegexpStatus* status) {
1422 StringPiece t = s;
1423 Rune r;
1424 while (!t.empty()) {
1425 if (StringPieceToRune(&r, &t, status) < 0)
1426 return false;
1427 }
1428 return true;
1429 }
1430
1431 // Is c a hex digit?
IsHex(int c)1432 static int IsHex(int c) {
1433 return ('0' <= c && c <= '9') ||
1434 ('A' <= c && c <= 'F') ||
1435 ('a' <= c && c <= 'f');
1436 }
1437
1438 // Convert hex digit to value.
UnHex(int c)1439 static int UnHex(int c) {
1440 if ('0' <= c && c <= '9')
1441 return c - '0';
1442 if ('A' <= c && c <= 'F')
1443 return c - 'A' + 10;
1444 if ('a' <= c && c <= 'f')
1445 return c - 'a' + 10;
1446 LOG(DFATAL) << "Bad hex digit " << c;
1447 return 0;
1448 }
1449
1450 // Parse an escape sequence (e.g., \n, \{).
1451 // Sets *s to span the remainder of the string.
1452 // Sets *rp to the named character.
ParseEscape(StringPiece * s,Rune * rp,RegexpStatus * status,int rune_max)1453 static bool ParseEscape(StringPiece* s, Rune* rp,
1454 RegexpStatus* status, int rune_max) {
1455 const char* begin = s->data();
1456 if (s->empty() || (*s)[0] != '\\') {
1457 // Should not happen - caller always checks.
1458 status->set_code(kRegexpInternalError);
1459 status->set_error_arg(StringPiece());
1460 return false;
1461 }
1462 if (s->size() == 1) {
1463 status->set_code(kRegexpTrailingBackslash);
1464 status->set_error_arg(StringPiece());
1465 return false;
1466 }
1467 Rune c, c1;
1468 s->remove_prefix(1); // backslash
1469 if (StringPieceToRune(&c, s, status) < 0)
1470 return false;
1471 int code;
1472 switch (c) {
1473 default:
1474 if (c < Runeself && !isalpha(c) && !isdigit(c)) {
1475 // Escaped non-word characters are always themselves.
1476 // PCRE is not quite so rigorous: it accepts things like
1477 // \q, but we don't. We once rejected \_, but too many
1478 // programs and people insist on using it, so allow \_.
1479 *rp = c;
1480 return true;
1481 }
1482 goto BadEscape;
1483
1484 // Octal escapes.
1485 case '1':
1486 case '2':
1487 case '3':
1488 case '4':
1489 case '5':
1490 case '6':
1491 case '7':
1492 // Single non-zero octal digit is a backreference; not supported.
1493 if (s->empty() || (*s)[0] < '0' || (*s)[0] > '7')
1494 goto BadEscape;
1495 FALLTHROUGH_INTENDED;
1496 case '0':
1497 // consume up to three octal digits; already have one.
1498 code = c - '0';
1499 if (!s->empty() && '0' <= (c = (*s)[0]) && c <= '7') {
1500 code = code * 8 + c - '0';
1501 s->remove_prefix(1); // digit
1502 if (!s->empty()) {
1503 c = (*s)[0];
1504 if ('0' <= c && c <= '7') {
1505 code = code * 8 + c - '0';
1506 s->remove_prefix(1); // digit
1507 }
1508 }
1509 }
1510 if (code > rune_max)
1511 goto BadEscape;
1512 *rp = code;
1513 return true;
1514
1515 // Hexadecimal escapes
1516 case 'x':
1517 if (s->empty())
1518 goto BadEscape;
1519 if (StringPieceToRune(&c, s, status) < 0)
1520 return false;
1521 if (c == '{') {
1522 // Any number of digits in braces.
1523 // Update n as we consume the string, so that
1524 // the whole thing gets shown in the error message.
1525 // Perl accepts any text at all; it ignores all text
1526 // after the first non-hex digit. We require only hex digits,
1527 // and at least one.
1528 if (StringPieceToRune(&c, s, status) < 0)
1529 return false;
1530 int nhex = 0;
1531 code = 0;
1532 while (IsHex(c)) {
1533 nhex++;
1534 code = code * 16 + UnHex(c);
1535 if (code > rune_max)
1536 goto BadEscape;
1537 if (s->empty())
1538 goto BadEscape;
1539 if (StringPieceToRune(&c, s, status) < 0)
1540 return false;
1541 }
1542 if (c != '}' || nhex == 0)
1543 goto BadEscape;
1544 *rp = code;
1545 return true;
1546 }
1547 // Easy case: two hex digits.
1548 if (s->empty())
1549 goto BadEscape;
1550 if (StringPieceToRune(&c1, s, status) < 0)
1551 return false;
1552 if (!IsHex(c) || !IsHex(c1))
1553 goto BadEscape;
1554 *rp = UnHex(c) * 16 + UnHex(c1);
1555 return true;
1556
1557 // C escapes.
1558 case 'n':
1559 *rp = '\n';
1560 return true;
1561 case 'r':
1562 *rp = '\r';
1563 return true;
1564 case 't':
1565 *rp = '\t';
1566 return true;
1567
1568 // Less common C escapes.
1569 case 'a':
1570 *rp = '\a';
1571 return true;
1572 case 'f':
1573 *rp = '\f';
1574 return true;
1575 case 'v':
1576 *rp = '\v';
1577 return true;
1578
1579 // This code is disabled to avoid misparsing
1580 // the Perl word-boundary \b as a backspace
1581 // when in POSIX regexp mode. Surprisingly,
1582 // in Perl, \b means word-boundary but [\b]
1583 // means backspace. We don't support that:
1584 // if you want a backspace embed a literal
1585 // backspace character or use \x08.
1586 //
1587 // case 'b':
1588 // *rp = '\b';
1589 // return true;
1590 }
1591
1592 LOG(DFATAL) << "Not reached in ParseEscape.";
1593
1594 BadEscape:
1595 // Unrecognized escape sequence.
1596 status->set_code(kRegexpBadEscape);
1597 status->set_error_arg(
1598 StringPiece(begin, static_cast<size_t>(s->data() - begin)));
1599 return false;
1600 }
1601
1602 // Add a range to the character class, but exclude newline if asked.
1603 // Also handle case folding.
AddRangeFlags(Rune lo,Rune hi,Regexp::ParseFlags parse_flags)1604 void CharClassBuilder::AddRangeFlags(
1605 Rune lo, Rune hi, Regexp::ParseFlags parse_flags) {
1606
1607 // Take out \n if the flags say so.
1608 bool cutnl = !(parse_flags & Regexp::ClassNL) ||
1609 (parse_flags & Regexp::NeverNL);
1610 if (cutnl && lo <= '\n' && '\n' <= hi) {
1611 if (lo < '\n')
1612 AddRangeFlags(lo, '\n' - 1, parse_flags);
1613 if (hi > '\n')
1614 AddRangeFlags('\n' + 1, hi, parse_flags);
1615 return;
1616 }
1617
1618 // If folding case, add fold-equivalent characters too.
1619 if (parse_flags & Regexp::FoldCase)
1620 AddFoldedRange(this, lo, hi, 0);
1621 else
1622 AddRange(lo, hi);
1623 }
1624
1625 // Look for a group with the given name.
LookupGroup(const StringPiece & name,const UGroup * groups,int ngroups)1626 static const UGroup* LookupGroup(const StringPiece& name,
1627 const UGroup *groups, int ngroups) {
1628 // Simple name lookup.
1629 for (int i = 0; i < ngroups; i++)
1630 if (StringPiece(groups[i].name) == name)
1631 return &groups[i];
1632 return NULL;
1633 }
1634
1635 // Look for a POSIX group with the given name (e.g., "[:^alpha:]")
LookupPosixGroup(const StringPiece & name)1636 static const UGroup* LookupPosixGroup(const StringPiece& name) {
1637 return LookupGroup(name, posix_groups, num_posix_groups);
1638 }
1639
LookupPerlGroup(const StringPiece & name)1640 static const UGroup* LookupPerlGroup(const StringPiece& name) {
1641 return LookupGroup(name, perl_groups, num_perl_groups);
1642 }
1643
1644 #if !defined(RE2_USE_ICU)
1645 // Fake UGroup containing all Runes
1646 static URange16 any16[] = { { 0, 65535 } };
1647 static URange32 any32[] = { { 65536, Runemax } };
1648 static UGroup anygroup = { "Any", +1, any16, 1, any32, 1 };
1649
1650 // Look for a Unicode group with the given name (e.g., "Han")
LookupUnicodeGroup(const StringPiece & name)1651 static const UGroup* LookupUnicodeGroup(const StringPiece& name) {
1652 // Special case: "Any" means any.
1653 if (name == StringPiece("Any"))
1654 return &anygroup;
1655 return LookupGroup(name, unicode_groups, num_unicode_groups);
1656 }
1657 #endif
1658
1659 // Add a UGroup or its negation to the character class.
AddUGroup(CharClassBuilder * cc,const UGroup * g,int sign,Regexp::ParseFlags parse_flags)1660 static void AddUGroup(CharClassBuilder *cc, const UGroup *g, int sign,
1661 Regexp::ParseFlags parse_flags) {
1662 if (sign == +1) {
1663 for (int i = 0; i < g->nr16; i++) {
1664 cc->AddRangeFlags(g->r16[i].lo, g->r16[i].hi, parse_flags);
1665 }
1666 for (int i = 0; i < g->nr32; i++) {
1667 cc->AddRangeFlags(g->r32[i].lo, g->r32[i].hi, parse_flags);
1668 }
1669 } else {
1670 if (parse_flags & Regexp::FoldCase) {
1671 // Normally adding a case-folded group means
1672 // adding all the extra fold-equivalent runes too.
1673 // But if we're adding the negation of the group,
1674 // we have to exclude all the runes that are fold-equivalent
1675 // to what's already missing. Too hard, so do in two steps.
1676 CharClassBuilder ccb1;
1677 AddUGroup(&ccb1, g, +1, parse_flags);
1678 // If the flags say to take out \n, put it in, so that negating will take it out.
1679 // Normally AddRangeFlags does this, but we're bypassing AddRangeFlags.
1680 bool cutnl = !(parse_flags & Regexp::ClassNL) ||
1681 (parse_flags & Regexp::NeverNL);
1682 if (cutnl) {
1683 ccb1.AddRange('\n', '\n');
1684 }
1685 ccb1.Negate();
1686 cc->AddCharClass(&ccb1);
1687 return;
1688 }
1689 int next = 0;
1690 for (int i = 0; i < g->nr16; i++) {
1691 if (next < g->r16[i].lo)
1692 cc->AddRangeFlags(next, g->r16[i].lo - 1, parse_flags);
1693 next = g->r16[i].hi + 1;
1694 }
1695 for (int i = 0; i < g->nr32; i++) {
1696 if (next < g->r32[i].lo)
1697 cc->AddRangeFlags(next, g->r32[i].lo - 1, parse_flags);
1698 next = g->r32[i].hi + 1;
1699 }
1700 if (next <= Runemax)
1701 cc->AddRangeFlags(next, Runemax, parse_flags);
1702 }
1703 }
1704
1705 // Maybe parse a Perl character class escape sequence.
1706 // Only recognizes the Perl character classes (\d \s \w \D \S \W),
1707 // not the Perl empty-string classes (\b \B \A \Z \z).
1708 // On success, sets *s to span the remainder of the string
1709 // and returns the corresponding UGroup.
1710 // The StringPiece must *NOT* be edited unless the call succeeds.
MaybeParsePerlCCEscape(StringPiece * s,Regexp::ParseFlags parse_flags)1711 const UGroup* MaybeParsePerlCCEscape(StringPiece* s, Regexp::ParseFlags parse_flags) {
1712 if (!(parse_flags & Regexp::PerlClasses))
1713 return NULL;
1714 if (s->size() < 2 || (*s)[0] != '\\')
1715 return NULL;
1716 // Could use StringPieceToRune, but there aren't
1717 // any non-ASCII Perl group names.
1718 StringPiece name(s->data(), 2);
1719 const UGroup *g = LookupPerlGroup(name);
1720 if (g == NULL)
1721 return NULL;
1722 s->remove_prefix(name.size());
1723 return g;
1724 }
1725
1726 enum ParseStatus {
1727 kParseOk, // Did some parsing.
1728 kParseError, // Found an error.
1729 kParseNothing, // Decided not to parse.
1730 };
1731
1732 // Maybe parses a Unicode character group like \p{Han} or \P{Han}
1733 // (the latter is a negated group).
ParseUnicodeGroup(StringPiece * s,Regexp::ParseFlags parse_flags,CharClassBuilder * cc,RegexpStatus * status)1734 ParseStatus ParseUnicodeGroup(StringPiece* s, Regexp::ParseFlags parse_flags,
1735 CharClassBuilder *cc,
1736 RegexpStatus* status) {
1737 // Decide whether to parse.
1738 if (!(parse_flags & Regexp::UnicodeGroups))
1739 return kParseNothing;
1740 if (s->size() < 2 || (*s)[0] != '\\')
1741 return kParseNothing;
1742 Rune c = (*s)[1];
1743 if (c != 'p' && c != 'P')
1744 return kParseNothing;
1745
1746 // Committed to parse. Results:
1747 int sign = +1; // -1 = negated char class
1748 if (c == 'P')
1749 sign = -sign;
1750 StringPiece seq = *s; // \p{Han} or \pL
1751 StringPiece name; // Han or L
1752 s->remove_prefix(2); // '\\', 'p'
1753
1754 if (!StringPieceToRune(&c, s, status))
1755 return kParseError;
1756 if (c != '{') {
1757 // Name is the bit of string we just skipped over for c.
1758 const char* p = seq.data() + 2;
1759 name = StringPiece(p, static_cast<size_t>(s->data() - p));
1760 } else {
1761 // Name is in braces. Look for closing }
1762 size_t end = s->find('}', 0);
1763 if (end == StringPiece::npos) {
1764 if (!IsValidUTF8(seq, status))
1765 return kParseError;
1766 status->set_code(kRegexpBadCharRange);
1767 status->set_error_arg(seq);
1768 return kParseError;
1769 }
1770 name = StringPiece(s->data(), end); // without '}'
1771 s->remove_prefix(end + 1); // with '}'
1772 if (!IsValidUTF8(name, status))
1773 return kParseError;
1774 }
1775
1776 // Chop seq where s now begins.
1777 seq = StringPiece(seq.data(), static_cast<size_t>(s->data() - seq.data()));
1778
1779 if (!name.empty() && name[0] == '^') {
1780 sign = -sign;
1781 name.remove_prefix(1); // '^'
1782 }
1783
1784 #if !defined(RE2_USE_ICU)
1785 // Look up the group in the RE2 Unicode data.
1786 const UGroup *g = LookupUnicodeGroup(name);
1787 if (g == NULL) {
1788 status->set_code(kRegexpBadCharRange);
1789 status->set_error_arg(seq);
1790 return kParseError;
1791 }
1792
1793 AddUGroup(cc, g, sign, parse_flags);
1794 #else
1795 // Look up the group in the ICU Unicode data. Because ICU provides full
1796 // Unicode properties support, this could be more than a lookup by name.
1797 ::icu::UnicodeString ustr = ::icu::UnicodeString::fromUTF8(
1798 std::string("\\p{") + std::string(name) + std::string("}"));
1799 UErrorCode uerr = U_ZERO_ERROR;
1800 ::icu::UnicodeSet uset(ustr, uerr);
1801 if (U_FAILURE(uerr)) {
1802 status->set_code(kRegexpBadCharRange);
1803 status->set_error_arg(seq);
1804 return kParseError;
1805 }
1806
1807 // Convert the UnicodeSet to a URange32 and UGroup that we can add.
1808 int nr = uset.getRangeCount();
1809 PODArray<URange32> r(nr);
1810 for (int i = 0; i < nr; i++) {
1811 r[i].lo = uset.getRangeStart(i);
1812 r[i].hi = uset.getRangeEnd(i);
1813 }
1814 UGroup g = {"", +1, 0, 0, r.data(), nr};
1815 AddUGroup(cc, &g, sign, parse_flags);
1816 #endif
1817
1818 return kParseOk;
1819 }
1820
1821 // Parses a character class name like [:alnum:].
1822 // Sets *s to span the remainder of the string.
1823 // Adds the ranges corresponding to the class to ranges.
ParseCCName(StringPiece * s,Regexp::ParseFlags parse_flags,CharClassBuilder * cc,RegexpStatus * status)1824 static ParseStatus ParseCCName(StringPiece* s, Regexp::ParseFlags parse_flags,
1825 CharClassBuilder *cc,
1826 RegexpStatus* status) {
1827 // Check begins with [:
1828 const char* p = s->data();
1829 const char* ep = s->data() + s->size();
1830 if (ep - p < 2 || p[0] != '[' || p[1] != ':')
1831 return kParseNothing;
1832
1833 // Look for closing :].
1834 const char* q;
1835 for (q = p+2; q <= ep-2 && (*q != ':' || *(q+1) != ']'); q++)
1836 ;
1837
1838 // If no closing :], then ignore.
1839 if (q > ep-2)
1840 return kParseNothing;
1841
1842 // Got it. Check that it's valid.
1843 q += 2;
1844 StringPiece name(p, static_cast<size_t>(q - p));
1845
1846 const UGroup *g = LookupPosixGroup(name);
1847 if (g == NULL) {
1848 status->set_code(kRegexpBadCharRange);
1849 status->set_error_arg(name);
1850 return kParseError;
1851 }
1852
1853 s->remove_prefix(name.size());
1854 AddUGroup(cc, g, g->sign, parse_flags);
1855 return kParseOk;
1856 }
1857
1858 // Parses a character inside a character class.
1859 // There are fewer special characters here than in the rest of the regexp.
1860 // Sets *s to span the remainder of the string.
1861 // Sets *rp to the character.
ParseCCCharacter(StringPiece * s,Rune * rp,const StringPiece & whole_class,RegexpStatus * status)1862 bool Regexp::ParseState::ParseCCCharacter(StringPiece* s, Rune *rp,
1863 const StringPiece& whole_class,
1864 RegexpStatus* status) {
1865 if (s->empty()) {
1866 status->set_code(kRegexpMissingBracket);
1867 status->set_error_arg(whole_class);
1868 return false;
1869 }
1870
1871 // Allow regular escape sequences even though
1872 // many need not be escaped in this context.
1873 if ((*s)[0] == '\\')
1874 return ParseEscape(s, rp, status, rune_max_);
1875
1876 // Otherwise take the next rune.
1877 return StringPieceToRune(rp, s, status) >= 0;
1878 }
1879
1880 // Parses a character class character, or, if the character
1881 // is followed by a hyphen, parses a character class range.
1882 // For single characters, rr->lo == rr->hi.
1883 // Sets *s to span the remainder of the string.
1884 // Sets *rp to the character.
ParseCCRange(StringPiece * s,RuneRange * rr,const StringPiece & whole_class,RegexpStatus * status)1885 bool Regexp::ParseState::ParseCCRange(StringPiece* s, RuneRange* rr,
1886 const StringPiece& whole_class,
1887 RegexpStatus* status) {
1888 StringPiece os = *s;
1889 if (!ParseCCCharacter(s, &rr->lo, whole_class, status))
1890 return false;
1891 // [a-] means (a|-), so check for final ].
1892 if (s->size() >= 2 && (*s)[0] == '-' && (*s)[1] != ']') {
1893 s->remove_prefix(1); // '-'
1894 if (!ParseCCCharacter(s, &rr->hi, whole_class, status))
1895 return false;
1896 if (rr->hi < rr->lo) {
1897 status->set_code(kRegexpBadCharRange);
1898 status->set_error_arg(
1899 StringPiece(os.data(), static_cast<size_t>(s->data() - os.data())));
1900 return false;
1901 }
1902 } else {
1903 rr->hi = rr->lo;
1904 }
1905 return true;
1906 }
1907
1908 // Parses a possibly-negated character class expression like [^abx-z[:digit:]].
1909 // Sets *s to span the remainder of the string.
1910 // Sets *out_re to the regexp for the class.
ParseCharClass(StringPiece * s,Regexp ** out_re,RegexpStatus * status)1911 bool Regexp::ParseState::ParseCharClass(StringPiece* s,
1912 Regexp** out_re,
1913 RegexpStatus* status) {
1914 StringPiece whole_class = *s;
1915 if (s->empty() || (*s)[0] != '[') {
1916 // Caller checked this.
1917 status->set_code(kRegexpInternalError);
1918 status->set_error_arg(StringPiece());
1919 return false;
1920 }
1921 bool negated = false;
1922 Regexp* re = new Regexp(kRegexpCharClass, flags_ & ~FoldCase);
1923 re->ccb_ = new CharClassBuilder;
1924 s->remove_prefix(1); // '['
1925 if (!s->empty() && (*s)[0] == '^') {
1926 s->remove_prefix(1); // '^'
1927 negated = true;
1928 if (!(flags_ & ClassNL) || (flags_ & NeverNL)) {
1929 // If NL can't match implicitly, then pretend
1930 // negated classes include a leading \n.
1931 re->ccb_->AddRange('\n', '\n');
1932 }
1933 }
1934 bool first = true; // ] is okay as first char in class
1935 while (!s->empty() && ((*s)[0] != ']' || first)) {
1936 // - is only okay unescaped as first or last in class.
1937 // Except that Perl allows - anywhere.
1938 if ((*s)[0] == '-' && !first && !(flags_&PerlX) &&
1939 (s->size() == 1 || (*s)[1] != ']')) {
1940 StringPiece t = *s;
1941 t.remove_prefix(1); // '-'
1942 Rune r;
1943 int n = StringPieceToRune(&r, &t, status);
1944 if (n < 0) {
1945 re->Decref();
1946 return false;
1947 }
1948 status->set_code(kRegexpBadCharRange);
1949 status->set_error_arg(StringPiece(s->data(), 1+n));
1950 re->Decref();
1951 return false;
1952 }
1953 first = false;
1954
1955 // Look for [:alnum:] etc.
1956 if (s->size() > 2 && (*s)[0] == '[' && (*s)[1] == ':') {
1957 switch (ParseCCName(s, flags_, re->ccb_, status)) {
1958 case kParseOk:
1959 continue;
1960 case kParseError:
1961 re->Decref();
1962 return false;
1963 case kParseNothing:
1964 break;
1965 }
1966 }
1967
1968 // Look for Unicode character group like \p{Han}
1969 if (s->size() > 2 &&
1970 (*s)[0] == '\\' &&
1971 ((*s)[1] == 'p' || (*s)[1] == 'P')) {
1972 switch (ParseUnicodeGroup(s, flags_, re->ccb_, status)) {
1973 case kParseOk:
1974 continue;
1975 case kParseError:
1976 re->Decref();
1977 return false;
1978 case kParseNothing:
1979 break;
1980 }
1981 }
1982
1983 // Look for Perl character class symbols (extension).
1984 const UGroup *g = MaybeParsePerlCCEscape(s, flags_);
1985 if (g != NULL) {
1986 AddUGroup(re->ccb_, g, g->sign, flags_);
1987 continue;
1988 }
1989
1990 // Otherwise assume single character or simple range.
1991 RuneRange rr;
1992 if (!ParseCCRange(s, &rr, whole_class, status)) {
1993 re->Decref();
1994 return false;
1995 }
1996 // AddRangeFlags is usually called in response to a class like
1997 // \p{Foo} or [[:foo:]]; for those, it filters \n out unless
1998 // Regexp::ClassNL is set. In an explicit range or singleton
1999 // like we just parsed, we do not filter \n out, so set ClassNL
2000 // in the flags.
2001 re->ccb_->AddRangeFlags(rr.lo, rr.hi, flags_ | Regexp::ClassNL);
2002 }
2003 if (s->empty()) {
2004 status->set_code(kRegexpMissingBracket);
2005 status->set_error_arg(whole_class);
2006 re->Decref();
2007 return false;
2008 }
2009 s->remove_prefix(1); // ']'
2010
2011 if (negated)
2012 re->ccb_->Negate();
2013
2014 *out_re = re;
2015 return true;
2016 }
2017
2018 // Returns whether name is a valid capture name.
IsValidCaptureName(const StringPiece & name)2019 static bool IsValidCaptureName(const StringPiece& name) {
2020 if (name.empty())
2021 return false;
2022
2023 // Historically, we effectively used [0-9A-Za-z_]+ to validate; that
2024 // followed Python 2 except for not restricting the first character.
2025 // As of Python 3, Unicode characters beyond ASCII are also allowed;
2026 // accordingly, we permit the Lu, Ll, Lt, Lm, Lo, Nl, Mn, Mc, Nd and
2027 // Pc categories, but again without restricting the first character.
2028 // Also, Unicode normalization (e.g. NFKC) isn't performed: Python 3
2029 // performs it for identifiers, but seemingly not for capture names;
2030 // if they start doing that for capture names, we won't follow suit.
2031 static const CharClass* const cc = []() {
2032 CharClassBuilder ccb;
2033 for (StringPiece group :
2034 {"Lu", "Ll", "Lt", "Lm", "Lo", "Nl", "Mn", "Mc", "Nd", "Pc"})
2035 AddUGroup(&ccb, LookupGroup(group, unicode_groups, num_unicode_groups),
2036 +1, Regexp::NoParseFlags);
2037 return ccb.GetCharClass();
2038 }();
2039
2040 StringPiece t = name;
2041 Rune r;
2042 while (!t.empty()) {
2043 if (StringPieceToRune(&r, &t, NULL) < 0)
2044 return false;
2045 if (cc->Contains(r))
2046 continue;
2047 return false;
2048 }
2049 return true;
2050 }
2051
2052 // Parses a Perl flag setting or non-capturing group or both,
2053 // like (?i) or (?: or (?i:. Removes from s, updates parse state.
2054 // The caller must check that s begins with "(?".
2055 // Returns true on success. If the Perl flag is not
2056 // well-formed or not supported, sets status_ and returns false.
ParsePerlFlags(StringPiece * s)2057 bool Regexp::ParseState::ParsePerlFlags(StringPiece* s) {
2058 StringPiece t = *s;
2059
2060 // Caller is supposed to check this.
2061 if (!(flags_ & PerlX) || t.size() < 2 || t[0] != '(' || t[1] != '?') {
2062 LOG(DFATAL) << "Bad call to ParseState::ParsePerlFlags";
2063 status_->set_code(kRegexpInternalError);
2064 return false;
2065 }
2066
2067 t.remove_prefix(2); // "(?"
2068
2069 // Check for named captures, first introduced in Python's regexp library.
2070 // As usual, there are three slightly different syntaxes:
2071 //
2072 // (?P<name>expr) the original, introduced by Python
2073 // (?<name>expr) the .NET alteration, adopted by Perl 5.10
2074 // (?'name'expr) another .NET alteration, adopted by Perl 5.10
2075 //
2076 // Perl 5.10 gave in and implemented the Python version too,
2077 // but they claim that the last two are the preferred forms.
2078 // PCRE and languages based on it (specifically, PHP and Ruby)
2079 // support all three as well. EcmaScript 4 uses only the Python form.
2080 //
2081 // In both the open source world (via Code Search) and the
2082 // Google source tree, (?P<expr>name) is the dominant form,
2083 // so that's the one we implement. One is enough.
2084 if (t.size() > 2 && t[0] == 'P' && t[1] == '<') {
2085 // Pull out name.
2086 size_t end = t.find('>', 2);
2087 if (end == StringPiece::npos) {
2088 if (!IsValidUTF8(*s, status_))
2089 return false;
2090 status_->set_code(kRegexpBadNamedCapture);
2091 status_->set_error_arg(*s);
2092 return false;
2093 }
2094
2095 // t is "P<name>...", t[end] == '>'
2096 StringPiece capture(t.data()-2, end+3); // "(?P<name>"
2097 StringPiece name(t.data()+2, end-2); // "name"
2098 if (!IsValidUTF8(name, status_))
2099 return false;
2100 if (!IsValidCaptureName(name)) {
2101 status_->set_code(kRegexpBadNamedCapture);
2102 status_->set_error_arg(capture);
2103 return false;
2104 }
2105
2106 if (!DoLeftParen(name)) {
2107 // DoLeftParen's failure set status_.
2108 return false;
2109 }
2110
2111 s->remove_prefix(
2112 static_cast<size_t>(capture.data() + capture.size() - s->data()));
2113 return true;
2114 }
2115
2116 bool negated = false;
2117 bool sawflags = false;
2118 int nflags = flags_;
2119 Rune c;
2120 for (bool done = false; !done; ) {
2121 if (t.empty())
2122 goto BadPerlOp;
2123 if (StringPieceToRune(&c, &t, status_) < 0)
2124 return false;
2125 switch (c) {
2126 default:
2127 goto BadPerlOp;
2128
2129 // Parse flags.
2130 case 'i':
2131 sawflags = true;
2132 if (negated)
2133 nflags &= ~FoldCase;
2134 else
2135 nflags |= FoldCase;
2136 break;
2137
2138 case 'm': // opposite of our OneLine
2139 sawflags = true;
2140 if (negated)
2141 nflags |= OneLine;
2142 else
2143 nflags &= ~OneLine;
2144 break;
2145
2146 case 's':
2147 sawflags = true;
2148 if (negated)
2149 nflags &= ~DotNL;
2150 else
2151 nflags |= DotNL;
2152 break;
2153
2154 case 'U':
2155 sawflags = true;
2156 if (negated)
2157 nflags &= ~NonGreedy;
2158 else
2159 nflags |= NonGreedy;
2160 break;
2161
2162 // Negation
2163 case '-':
2164 if (negated)
2165 goto BadPerlOp;
2166 negated = true;
2167 sawflags = false;
2168 break;
2169
2170 // Open new group.
2171 case ':':
2172 if (!DoLeftParenNoCapture()) {
2173 // DoLeftParenNoCapture's failure set status_.
2174 return false;
2175 }
2176 done = true;
2177 break;
2178
2179 // Finish flags.
2180 case ')':
2181 done = true;
2182 break;
2183 }
2184 }
2185
2186 if (negated && !sawflags)
2187 goto BadPerlOp;
2188
2189 flags_ = static_cast<Regexp::ParseFlags>(nflags);
2190 *s = t;
2191 return true;
2192
2193 BadPerlOp:
2194 status_->set_code(kRegexpBadPerlOp);
2195 status_->set_error_arg(
2196 StringPiece(s->data(), static_cast<size_t>(t.data() - s->data())));
2197 return false;
2198 }
2199
2200 // Converts latin1 (assumed to be encoded as Latin1 bytes)
2201 // into UTF8 encoding in string.
2202 // Can't use EncodingUtils::EncodeLatin1AsUTF8 because it is
2203 // deprecated and because it rejects code points 0x80-0x9F.
ConvertLatin1ToUTF8(const StringPiece & latin1,std::string * utf)2204 void ConvertLatin1ToUTF8(const StringPiece& latin1, std::string* utf) {
2205 char buf[UTFmax];
2206
2207 utf->clear();
2208 for (size_t i = 0; i < latin1.size(); i++) {
2209 Rune r = latin1[i] & 0xFF;
2210 int n = runetochar(buf, &r);
2211 utf->append(buf, n);
2212 }
2213 }
2214
2215 // Parses the regular expression given by s,
2216 // returning the corresponding Regexp tree.
2217 // The caller must Decref the return value when done with it.
2218 // Returns NULL on error.
Parse(const StringPiece & s,ParseFlags global_flags,RegexpStatus * status)2219 Regexp* Regexp::Parse(const StringPiece& s, ParseFlags global_flags,
2220 RegexpStatus* status) {
2221 // Make status non-NULL (easier on everyone else).
2222 RegexpStatus xstatus;
2223 if (status == NULL)
2224 status = &xstatus;
2225
2226 ParseState ps(global_flags, s, status);
2227 StringPiece t = s;
2228
2229 // Convert regexp to UTF-8 (easier on the rest of the parser).
2230 if (global_flags & Latin1) {
2231 std::string* tmp = new std::string;
2232 ConvertLatin1ToUTF8(t, tmp);
2233 status->set_tmp(tmp);
2234 t = *tmp;
2235 }
2236
2237 if (global_flags & Literal) {
2238 // Special parse loop for literal string.
2239 while (!t.empty()) {
2240 Rune r;
2241 if (StringPieceToRune(&r, &t, status) < 0)
2242 return NULL;
2243 if (!ps.PushLiteral(r))
2244 return NULL;
2245 }
2246 return ps.DoFinish();
2247 }
2248
2249 StringPiece lastunary = StringPiece();
2250 while (!t.empty()) {
2251 StringPiece isunary = StringPiece();
2252 switch (t[0]) {
2253 default: {
2254 Rune r;
2255 if (StringPieceToRune(&r, &t, status) < 0)
2256 return NULL;
2257 if (!ps.PushLiteral(r))
2258 return NULL;
2259 break;
2260 }
2261
2262 case '(':
2263 // "(?" introduces Perl escape.
2264 if ((ps.flags() & PerlX) && (t.size() >= 2 && t[1] == '?')) {
2265 // Flag changes and non-capturing groups.
2266 if (!ps.ParsePerlFlags(&t))
2267 return NULL;
2268 break;
2269 }
2270 if (ps.flags() & NeverCapture) {
2271 if (!ps.DoLeftParenNoCapture())
2272 return NULL;
2273 } else {
2274 if (!ps.DoLeftParen(StringPiece()))
2275 return NULL;
2276 }
2277 t.remove_prefix(1); // '('
2278 break;
2279
2280 case '|':
2281 if (!ps.DoVerticalBar())
2282 return NULL;
2283 t.remove_prefix(1); // '|'
2284 break;
2285
2286 case ')':
2287 if (!ps.DoRightParen())
2288 return NULL;
2289 t.remove_prefix(1); // ')'
2290 break;
2291
2292 case '^': // Beginning of line.
2293 if (!ps.PushCaret())
2294 return NULL;
2295 t.remove_prefix(1); // '^'
2296 break;
2297
2298 case '$': // End of line.
2299 if (!ps.PushDollar())
2300 return NULL;
2301 t.remove_prefix(1); // '$'
2302 break;
2303
2304 case '.': // Any character (possibly except newline).
2305 if (!ps.PushDot())
2306 return NULL;
2307 t.remove_prefix(1); // '.'
2308 break;
2309
2310 case '[': { // Character class.
2311 Regexp* re;
2312 if (!ps.ParseCharClass(&t, &re, status))
2313 return NULL;
2314 if (!ps.PushRegexp(re))
2315 return NULL;
2316 break;
2317 }
2318
2319 case '*': { // Zero or more.
2320 RegexpOp op;
2321 op = kRegexpStar;
2322 goto Rep;
2323 case '+': // One or more.
2324 op = kRegexpPlus;
2325 goto Rep;
2326 case '?': // Zero or one.
2327 op = kRegexpQuest;
2328 goto Rep;
2329 Rep:
2330 StringPiece opstr = t;
2331 bool nongreedy = false;
2332 t.remove_prefix(1); // '*' or '+' or '?'
2333 if (ps.flags() & PerlX) {
2334 if (!t.empty() && t[0] == '?') {
2335 nongreedy = true;
2336 t.remove_prefix(1); // '?'
2337 }
2338 if (!lastunary.empty()) {
2339 // In Perl it is not allowed to stack repetition operators:
2340 // a** is a syntax error, not a double-star.
2341 // (and a++ means something else entirely, which we don't support!)
2342 status->set_code(kRegexpRepeatOp);
2343 status->set_error_arg(StringPiece(
2344 lastunary.data(),
2345 static_cast<size_t>(t.data() - lastunary.data())));
2346 return NULL;
2347 }
2348 }
2349 opstr = StringPiece(opstr.data(),
2350 static_cast<size_t>(t.data() - opstr.data()));
2351 if (!ps.PushRepeatOp(op, opstr, nongreedy))
2352 return NULL;
2353 isunary = opstr;
2354 break;
2355 }
2356
2357 case '{': { // Counted repetition.
2358 int lo, hi;
2359 StringPiece opstr = t;
2360 if (!MaybeParseRepetition(&t, &lo, &hi)) {
2361 // Treat like a literal.
2362 if (!ps.PushLiteral('{'))
2363 return NULL;
2364 t.remove_prefix(1); // '{'
2365 break;
2366 }
2367 bool nongreedy = false;
2368 if (ps.flags() & PerlX) {
2369 if (!t.empty() && t[0] == '?') {
2370 nongreedy = true;
2371 t.remove_prefix(1); // '?'
2372 }
2373 if (!lastunary.empty()) {
2374 // Not allowed to stack repetition operators.
2375 status->set_code(kRegexpRepeatOp);
2376 status->set_error_arg(StringPiece(
2377 lastunary.data(),
2378 static_cast<size_t>(t.data() - lastunary.data())));
2379 return NULL;
2380 }
2381 }
2382 opstr = StringPiece(opstr.data(),
2383 static_cast<size_t>(t.data() - opstr.data()));
2384 if (!ps.PushRepetition(lo, hi, opstr, nongreedy))
2385 return NULL;
2386 isunary = opstr;
2387 break;
2388 }
2389
2390 case '\\': { // Escaped character or Perl sequence.
2391 // \b and \B: word boundary or not
2392 if ((ps.flags() & Regexp::PerlB) &&
2393 t.size() >= 2 && (t[1] == 'b' || t[1] == 'B')) {
2394 if (!ps.PushWordBoundary(t[1] == 'b'))
2395 return NULL;
2396 t.remove_prefix(2); // '\\', 'b'
2397 break;
2398 }
2399
2400 if ((ps.flags() & Regexp::PerlX) && t.size() >= 2) {
2401 if (t[1] == 'A') {
2402 if (!ps.PushSimpleOp(kRegexpBeginText))
2403 return NULL;
2404 t.remove_prefix(2); // '\\', 'A'
2405 break;
2406 }
2407 if (t[1] == 'z') {
2408 if (!ps.PushSimpleOp(kRegexpEndText))
2409 return NULL;
2410 t.remove_prefix(2); // '\\', 'z'
2411 break;
2412 }
2413 // Do not recognize \Z, because this library can't
2414 // implement the exact Perl/PCRE semantics.
2415 // (This library treats "(?-m)$" as \z, even though
2416 // in Perl and PCRE it is equivalent to \Z.)
2417
2418 if (t[1] == 'C') { // \C: any byte [sic]
2419 if (!ps.PushSimpleOp(kRegexpAnyByte))
2420 return NULL;
2421 t.remove_prefix(2); // '\\', 'C'
2422 break;
2423 }
2424
2425 if (t[1] == 'Q') { // \Q ... \E: the ... is always literals
2426 t.remove_prefix(2); // '\\', 'Q'
2427 while (!t.empty()) {
2428 if (t.size() >= 2 && t[0] == '\\' && t[1] == 'E') {
2429 t.remove_prefix(2); // '\\', 'E'
2430 break;
2431 }
2432 Rune r;
2433 if (StringPieceToRune(&r, &t, status) < 0)
2434 return NULL;
2435 if (!ps.PushLiteral(r))
2436 return NULL;
2437 }
2438 break;
2439 }
2440 }
2441
2442 if (t.size() >= 2 && (t[1] == 'p' || t[1] == 'P')) {
2443 Regexp* re = new Regexp(kRegexpCharClass, ps.flags() & ~FoldCase);
2444 re->ccb_ = new CharClassBuilder;
2445 switch (ParseUnicodeGroup(&t, ps.flags(), re->ccb_, status)) {
2446 case kParseOk:
2447 if (!ps.PushRegexp(re))
2448 return NULL;
2449 goto Break2;
2450 case kParseError:
2451 re->Decref();
2452 return NULL;
2453 case kParseNothing:
2454 re->Decref();
2455 break;
2456 }
2457 }
2458
2459 const UGroup *g = MaybeParsePerlCCEscape(&t, ps.flags());
2460 if (g != NULL) {
2461 Regexp* re = new Regexp(kRegexpCharClass, ps.flags() & ~FoldCase);
2462 re->ccb_ = new CharClassBuilder;
2463 AddUGroup(re->ccb_, g, g->sign, ps.flags());
2464 if (!ps.PushRegexp(re))
2465 return NULL;
2466 break;
2467 }
2468
2469 Rune r;
2470 if (!ParseEscape(&t, &r, status, ps.rune_max()))
2471 return NULL;
2472 if (!ps.PushLiteral(r))
2473 return NULL;
2474 break;
2475 }
2476 }
2477 Break2:
2478 lastunary = isunary;
2479 }
2480 return ps.DoFinish();
2481 }
2482
2483 } // namespace re2
2484