/[pcre]/code/trunk/HACKING
ViewVC logotype

Diff of /code/trunk/HACKING

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

code/trunk/doc/Tech.Notes revision 63 by nigel, Sat Feb 24 21:40:03 2007 UTC code/trunk/HACKING revision 127 by ph10, Mon Mar 19 11:44:45 2007 UTC
# Line 1  Line 1 
1  Technical Notes about PCRE  Technical Notes about PCRE
2  --------------------------  --------------------------
3    
4    These are very rough technical notes that record potentially useful information
5    about PCRE internals.
6    
7    Historical note 1
8    -----------------
9    
10  Many years ago I implemented some regular expression functions to an algorithm  Many years ago I implemented some regular expression functions to an algorithm
11  suggested by Martin Richards. These were not Unix-like in form, and were quite  suggested by Martin Richards. These were not Unix-like in form, and were quite
12  restricted in what they could do by comparison with Perl. The interesting part  restricted in what they could do by comparison with Perl. The interesting part
# Line 9  form of an expression was known in advan Line 15  form of an expression was known in advan
15  not operate by backtracking, as the original Henry Spencer code and current  not operate by backtracking, as the original Henry Spencer code and current
16  Perl code does, but instead checked all possibilities simultaneously by keeping  Perl code does, but instead checked all possibilities simultaneously by keeping
17  a list of current states and checking all of them as it advanced through the  a list of current states and checking all of them as it advanced through the
18  subject string. (In the terminology of Jeffrey Friedl's book, it was a "DFA  subject string. In the terminology of Jeffrey Friedl's book, it was a "DFA
19  algorithm".) When the pattern was all used up, all remaining states were  algorithm", though it was not a traditional Finite State Machine (FSM). When
20  possible matches, and the one matching the longest subset of the subject string  the pattern was all used up, all remaining states were possible matches, and
21  was chosen. This did not necessarily maximize the individual wild portions of  the one matching the longest subset of the subject string was chosen. This did
22  the pattern, as is expected in Unix and Perl-style regular expressions.  not necessarily maximize the individual wild portions of the pattern, as is
23    expected in Unix and Perl-style regular expressions.
24  By contrast, the code originally written by Henry Spencer and subsequently  
25  heavily modified for Perl actually compiles the expression twice: once in a  Historical note 2
26  dummy mode in order to find out how much store will be needed, and then for  -----------------
27  real. The execution function operates by backtracking and maximizing (or,  
28  optionally, minimizing in Perl) the amount of the subject that matches  By contrast, the code originally written by Henry Spencer (which was
29  individual wild portions of the pattern. This is an "NFA algorithm" in Friedl's  subsequently heavily modified for Perl) compiles the expression twice: once in
30  terminology.  a dummy mode in order to find out how much store will be needed, and then for
31    real. (The Perl version probably doesn't do this any more; I'm talking about
32  For the set of functions that forms PCRE (which are unrelated to those  the original library.) The execution function operates by backtracking and
33  mentioned above), I tried at first to invent an algorithm that used an amount  maximizing (or, optionally, minimizing in Perl) the amount of the subject that
34  of store bounded by a multiple of the number of characters in the pattern, to  matches individual wild portions of the pattern. This is an "NFA algorithm" in
35  save on compiling time. However, because of the greater complexity in Perl  Friedl's terminology.
36  regular expressions, I couldn't do this. In any case, a first pass through the  
37  pattern is needed, for a number of reasons. PCRE works by running a very  OK, here's the real stuff
38  degenerate first pass to calculate a maximum store size, and then a second pass  -------------------------
39  to do the real compile - which may use a bit less than the predicted amount of  
40  store. The idea is that this is going to turn out faster because the first pass  For the set of functions that form the "basic" PCRE library (which are
41  is degenerate and the second pass can just store stuff straight into the  unrelated to those mentioned above), I tried at first to invent an algorithm
42  vector. It does make the compiling functions bigger, of course, but they have  that used an amount of store bounded by a multiple of the number of characters
43  got quite big anyway to handle all the Perl stuff.  in the pattern, to save on compiling time. However, because of the greater
44    complexity in Perl regular expressions, I couldn't do this. In any case, a
45    first pass through the pattern is helpful for other reasons.
46    
47    Computing the memory requirement: how it was
48    --------------------------------------------
49    
50    Up to and including release 6.7, PCRE worked by running a very degenerate first
51    pass to calculate a maximum store size, and then a second pass to do the real
52    compile - which might use a bit less than the predicted amount of memory. The
53    idea was that this would turn out faster than the Henry Spencer code because
54    the first pass is degenerate and the second pass can just store stuff straight
55    into the vector, which it knows is big enough.
56    
57    Computing the memory requirement: how it is
58    -------------------------------------------
59    
60    By the time I was working on a potential 6.8 release, the degenerate first pass
61    had become very complicated and hard to maintain. Indeed one of the early
62    things I did for 6.8 was to fix Yet Another Bug in the memory computation. Then
63    I had a flash of inspiration as to how I could run the real compile function in
64    a "fake" mode that enables it to compute how much memory it would need, while
65    actually only ever using a few hundred bytes of working memory, and without too
66    many tests of the mode that might slow it down. So I re-factored the compiling
67    functions to work this way. This got rid of about 600 lines of source. It
68    should make future maintenance and development easier. As this was such a major
69    change, I never released 6.8, instead upping the number to 7.0 (other quite
70    major changes are also present in the 7.0 release).
71    
72    A side effect of this work is that the previous limit of 200 on the nesting
73    depth of parentheses was removed. However, there is a downside: pcre_compile()
74    runs more slowly than before (30% or more, depending on the pattern) because it
75    is doing a full analysis of the pattern. My hope is that this is not a big
76    issue.
77    
78    Traditional matching function
79    -----------------------------
80    
81    The "traditional", and original, matching function is called pcre_exec(), and
82    it implements an NFA algorithm, similar to the original Henry Spencer algorithm
83    and the way that Perl works. Not surprising, since it is intended to be as
84    compatible with Perl as possible. This is the function most users of PCRE will
85    use most of the time.
86    
87    Supplementary matching function
88    -------------------------------
89    
90    From PCRE 6.0, there is also a supplementary matching function called
91    pcre_dfa_exec(). This implements a DFA matching algorithm that searches
92    simultaneously for all possible matches that start at one point in the subject
93    string. (Going back to my roots: see Historical Note 1 above.) This function
94    intreprets the same compiled pattern data as pcre_exec(); however, not all the
95    facilities are available, and those that are do not always work in quite the
96    same way. See the user documentation for details.
97    
98    The algorithm that is used for pcre_dfa_exec() is not a traditional FSM,
99    because it may have a number of states active at one time. More work would be
100    needed at compile time to produce a traditional FSM where only one state is
101    ever active at once. I believe some other regex matchers work this way.
102    
103    
104    Format of compiled patterns
105    ---------------------------
106    
107  The compiled form of a pattern is a vector of bytes, containing items of  The compiled form of a pattern is a vector of bytes, containing items of
108  variable length. The first byte in an item is an opcode, and the length of the  variable length. The first byte in an item is an opcode, and the length of the
109  item is either implicit in the opcode or contained in the data bytes which  item is either implicit in the opcode or contained in the data bytes that
110  follow it. A list of all the opcodes follows:  follow it.
111    
112    In many cases below "two-byte" data values are specified. This is in fact just
113    a default when the number is an offset within the compiled pattern. PCRE can be
114    compiled to use 3-byte or 4-byte values for these offsets (impairing the
115    performance). This is necessary only when patterns whose compiled length is
116    greater than 64K are going to be processed. In this description, we assume the
117    "normal" compilation options. "Two-byte" data values that are counts (e.g. for
118    quantifiers) are always just two bytes.
119    
120    A list of all the opcodes follows:
121    
122  Opcodes with no following data  Opcodes with no following data
123  ------------------------------  ------------------------------
# Line 48  These items are all just one byte long Line 126  These items are all just one byte long
126    
127    OP_END                 end of pattern    OP_END                 end of pattern
128    OP_ANY                 match any character    OP_ANY                 match any character
129      OP_ANYBYTE             match any single byte, even in UTF-8 mode
130    OP_SOD                 match start of data: \A    OP_SOD                 match start of data: \A
131      OP_SOM,                start of match (subject + offset): \G
132    OP_CIRC                ^ (start of data, or after \n in multiline)    OP_CIRC                ^ (start of data, or after \n in multiline)
133    OP_NOT_WORD_BOUNDARY   \W    OP_NOT_WORD_BOUNDARY   \W
134    OP_WORD_BOUNDARY       \w    OP_WORD_BOUNDARY       \w
# Line 61  These items are all just one byte long Line 141  These items are all just one byte long
141    OP_EODN                match end of data or \n at end: \Z    OP_EODN                match end of data or \n at end: \Z
142    OP_EOD                 match end of data: \z    OP_EOD                 match end of data: \z
143    OP_DOLL                $ (end of data, or before \n in multiline)    OP_DOLL                $ (end of data, or before \n in multiline)
144    OP_RECURSE             match the pattern recursively    OP_EXTUNI              match an extended Unicode character
145      OP_ANYNL               match any Unicode newline sequence
146    
147    
148  Repeating single characters  Repeating single characters
149  ---------------------------  ---------------------------
150    
151  The common repeats (*, +, ?) when applied to a single character appear as  The common repeats (*, +, ?) when applied to a single character use the
152  two-byte items using the following opcodes:  following opcodes:
153    
154    OP_STAR    OP_STAR
155    OP_MINSTAR    OP_MINSTAR
156      OP_POSSTAR
157    OP_PLUS    OP_PLUS
158    OP_MINPLUS    OP_MINPLUS
159      OP_POSPLUS
160    OP_QUERY    OP_QUERY
161    OP_MINQUERY    OP_MINQUERY
162      OP_POSQUERY
163    
164  Those with "MIN" in their name are the minimizing versions. Each is followed by  In ASCII mode, these are two-byte items; in UTF-8 mode, the length is variable.
165  the character that is to be repeated. Other repeats make use of  Those with "MIN" in their name are the minimizing versions. Those with "POS" in
166    their names are possessive versions. Each is followed by the character that is
167    to be repeated. Other repeats make use of
168    
169    OP_UPTO    OP_UPTO
170    OP_MINUPTO    OP_MINUPTO
171      OP_POSUPTO
172    OP_EXACT    OP_EXACT
173    
174  which are followed by a two-byte count (most significant first) and the  which are followed by a two-byte count (most significant first) and the
175  repeated character. OP_UPTO matches from 0 to the given number. A repeat with a  repeated character. OP_UPTO matches from 0 to the given number. A repeat with a
176  non-zero minimum and a fixed maximum is coded as an OP_EXACT followed by an  non-zero minimum and a fixed maximum is coded as an OP_EXACT followed by an
177  OP_UPTO (or OP_MINUPTO).  OP_UPTO (or OP_MINUPTO or OPT_POSUPTO).
178    
179    
180  Repeating character types  Repeating character types
# Line 99  byte. The opcodes are: Line 186  byte. The opcodes are:
186    
187    OP_TYPESTAR    OP_TYPESTAR
188    OP_TYPEMINSTAR    OP_TYPEMINSTAR
189      OP_TYPEPOSSTAR
190    OP_TYPEPLUS    OP_TYPEPLUS
191    OP_TYPEMINPLUS    OP_TYPEMINPLUS
192      OP_TYPEPOSPLUS
193    OP_TYPEQUERY    OP_TYPEQUERY
194    OP_TYPEMINQUERY    OP_TYPEMINQUERY
195      OP_TYPEPOSQUERY
196    OP_TYPEUPTO    OP_TYPEUPTO
197    OP_TYPEMINUPTO    OP_TYPEMINUPTO
198      OP_TYPEPOSUPTO
199    OP_TYPEEXACT    OP_TYPEEXACT
200    
201    
202  Matching a character string  Match by Unicode property
203    -------------------------
204    
205    OP_PROP and OP_NOTPROP are used for positive and negative matches of a
206    character by testing its Unicode property (the \p and \P escape sequences).
207    Each is followed by two bytes that encode the desired property as a type and a
208    value.
209    
210    Repeats of these items use the OP_TYPESTAR etc. set of opcodes, followed by
211    three bytes: OP_PROP or OP_NOTPROP and then the desired property type and
212    value.
213    
214    
215    Matching literal characters
216  ---------------------------  ---------------------------
217    
218  The OP_CHARS opcode is followed by a one-byte count and then that number of  The OP_CHAR opcode is followed by a single character that is to be matched
219  characters. If there are more than 255 characters in sequence, successive  casefully. For caseless matching, OP_CHARNC is used. In UTF-8 mode, the
220  instances of OP_CHARS are used.  character may be more than one byte long. (Earlier versions of PCRE used
221    multi-character strings, but this was changed to allow some new features to be
222    added.)
223    
224    
225  Character classes  Character classes
226  -----------------  -----------------
227    
228  When characters less than 256 are involved, OP_CLASS is used for a character  If there is only one character, OP_CHAR or OP_CHARNC is used for a positive
229  class. If there is only one character, OP_CHARS is used for a positive class,  class, and OP_NOT for a negative one (that is, for something like [^a]).
230  and OP_NOT for a negative one (that is, for something like [^a]). However, in  However, in UTF-8 mode, the use of OP_NOT applies only to characters with
231  UTF-8 mode, this applies only to characters with values < 128, because OP_NOT  values < 128, because OP_NOT is confined to single bytes.
 is confined to single bytes.  
232    
233  Another set of repeating opcodes (OP_NOTSTAR etc.) are used for a repeated,  Another set of repeating opcodes (OP_NOTSTAR etc.) are used for a repeated,
234  negated, single-character class. The normal ones (OP_STAR etc.) are used for a  negated, single-character class. The normal ones (OP_STAR etc.) are used for a
235  repeated positive single-character class.  repeated positive single-character class.
236    
237  OP_CLASS is followed by a 32-byte bit map containing a 1 bit for every  When there's more than one character in a class and all the characters are less
238  character that is acceptable. The bits are counted from the least significant  than 256, OP_CLASS is used for a positive class, and OP_NCLASS for a negative
239  end of each byte.  one. In either case, the opcode is followed by a 32-byte bit map containing a 1
240    bit for every character that is acceptable. The bits are counted from the least
241    significant end of each byte.
242    
243    The reason for having both OP_CLASS and OP_NCLASS is so that, in UTF-8 mode,
244    subject characters with values greater than 256 can be handled correctly. For
245    OP_CLASS they don't match, whereas for OP_NCLASS they do.
246    
247  For classes containing characters with values > 255, OP_XCLASS is used. It  For classes containing characters with values > 255, OP_XCLASS is used. It
248  optionally uses a bit map (if any characters lie within it), followed by a list  optionally uses a bit map (if any characters lie within it), followed by a list
249  of pairs and single characters. There is a flag character than indicates  of pairs and single characters. There is a flag character than indicates
250  whether it's a positive or a negative class.  whether it's a positive or a negative class.
251    
252    
# Line 148  OP_REF is followed by two bytes containi Line 259  OP_REF is followed by two bytes containi
259  Repeating character classes and back references  Repeating character classes and back references
260  -----------------------------------------------  -----------------------------------------------
261    
262  Single-character classes are handled specially (see above). This applies to  Single-character classes are handled specially (see above). This section
263  OP_CLASS and OP_REF. In both cases, the repeat information follows the base  applies to OP_CLASS and OP_REF. In both cases, the repeat information follows
264  item. The matching code looks at the following opcode to see if it is one of  the base item. The matching code looks at the following opcode to see if it is
265    one of
266    
267    OP_CRSTAR    OP_CRSTAR
268    OP_CRMINSTAR    OP_CRMINSTAR
# Line 162  item. The matching code looks at the fol Line 274  item. The matching code looks at the fol
274    OP_CRMINRANGE    OP_CRMINRANGE
275    
276  All but the last two are just single-byte items. The others are followed by  All but the last two are just single-byte items. The others are followed by
277  four bytes of data, comprising the minimum and maximum repeat counts.  four bytes of data, comprising the minimum and maximum repeat counts. There are
278    no special possessive opcodes for these repeats; a possessive repeat is
279    compiled into an atomic group.
280    
281    
282  Brackets and alternation  Brackets and alternation
# Line 171  Brackets and alternation Line 285  Brackets and alternation
285  A pair of non-capturing (round) brackets is wrapped round each expression at  A pair of non-capturing (round) brackets is wrapped round each expression at
286  compile time, so alternation always happens in the context of brackets.  compile time, so alternation always happens in the context of brackets.
287    
288  Non-capturing brackets use the opcode OP_BRA, while capturing brackets use  [Note for North Americans: "bracket" to some English speakers, including
289  OP_BRA+1, OP_BRA+2, etc. [Note for North Americans: "bracket" to some English  myself, can be round, square, curly, or pointy. Hence this usage.]
290  speakers, including myself, can be round, square, curly, or pointy. Hence this  
291  usage.]  Non-capturing brackets use the opcode OP_BRA. Originally PCRE was limited to 99
292    capturing brackets and it used a different opcode for each one. From release
293  Originally PCRE was limited to 99 capturing brackets (so as not to use up all  3.5, the limit was removed by putting the bracket number into the data for
294  the opcodes). From release 3.5, there is no limit. What happens is that the  higher-numbered brackets. From release 7.0 all capturing brackets are handled
295  first ones, up to EXTRACT_BASIC_MAX are handled with separate opcodes, as  this way, using the single opcode OP_CBRA.
296  above. If there are more, the opcode is set to EXTRACT_BASIC_MAX+1, and the  
297  first operation in the bracket is OP_BRANUMBER, followed by a 2-byte bracket  A bracket opcode is followed by LINK_SIZE bytes which give the offset to the
298  number. This opcode is ignored while matching, but is fished out when handling  next alternative OP_ALT or, if there aren't any branches, to the matching
299  the bracket itself. (They could have all been done like this, but I was making  OP_KET opcode. Each OP_ALT is followed by LINK_SIZE bytes giving the offset to
300  minimal changes.)  the next one, or to the OP_KET opcode. For capturing brackets, the bracket
301    number immediately follows the offset, always as a 2-byte item.
 A bracket opcode is followed by two bytes which give the offset to the next  
 alternative OP_ALT or, if there aren't any branches, to the matching KET  
 opcode. Each OP_ALT is followed by two bytes giving the offset to the next one,  
 or to the KET opcode.  
302    
303  OP_KET is used for subpatterns that do not repeat indefinitely, while  OP_KET is used for subpatterns that do not repeat indefinitely, while
304  OP_KETRMIN and OP_KETRMAX are used for indefinite repetitions, minimally or  OP_KETRMIN and OP_KETRMAX are used for indefinite repetitions, minimally or
305  maximally respectively. All three are followed by two bytes giving (as a  maximally respectively. All three are followed by LINK_SIZE bytes giving (as a
306  positive number) the offset back to the matching BRA opcode.  positive number) the offset back to the matching bracket opcode.
307    
308  If a subpattern is quantified such that it is permitted to match zero times, it  If a subpattern is quantified such that it is permitted to match zero times, it
309  is preceded by one of OP_BRAZERO or OP_BRAMINZERO. These are single-byte  is preceded by one of OP_BRAZERO or OP_BRAMINZERO. These are single-byte
# Line 201  opcodes which tell the matcher that skip Line 311  opcodes which tell the matcher that skip
311  valid branch.  valid branch.
312    
313  A subpattern with an indefinite maximum repetition is replicated in the  A subpattern with an indefinite maximum repetition is replicated in the
314  compiled data its minimum number of times (or once with a BRAZERO if the  compiled data its minimum number of times (or once with OP_BRAZERO if the
315  minimum is zero), with the final copy terminating with a KETRMIN or KETRMAX as  minimum is zero), with the final copy terminating with OP_KETRMIN or OP_KETRMAX
316  appropriate.  as appropriate.
317    
318  A subpattern with a bounded maximum repetition is replicated in a nested  A subpattern with a bounded maximum repetition is replicated in a nested
319  fashion up to the maximum number of times, with BRAZERO or BRAMINZERO before  fashion up to the maximum number of times, with OP_BRAZERO or OP_BRAMINZERO
320  each replication after the minimum, so that, for example, (abc){2,5} is  before each replication after the minimum, so that, for example, (abc){2,5} is
321  compiled as (abc)(abc)((abc)((abc)(abc)?)?)?. The 99 and 200 bracket limits do  compiled as (abc)(abc)((abc)((abc)(abc)?)?)?, except that each bracketed group
322  not apply to these internally generated brackets.  has the same number.
323    
324    When a repeated subpattern has an unbounded upper limit, it is checked to see
325    whether it could match an empty string. If this is the case, the opcode in the
326    final replication is changed to OP_SBRA or OP_SCBRA. This tells the matcher
327    that it needs to check for matching an empty string when it hits OP_KETRMIN or
328    OP_KETRMAX, and if so, to break the loop.
329    
330    
331  Assertions  Assertions
# Line 225  each alternative of a lookbehind asserti Line 341  each alternative of a lookbehind asserti
341  fixed lengths.  fixed lengths.
342    
343    
344  Once-only subpatterns  Once-only (atomic) subpatterns
345  ---------------------  ------------------------------
346    
347  These are also just like other subpatterns, but they start with the opcode  These are also just like other subpatterns, but they start with the opcode
348  OP_ONCE.  OP_ONCE. The check for matching an empty string in an unbounded repeat is
349    handled entirely at runtime, so there is just this one opcode.
350    
351    
352  Conditional subpatterns  Conditional subpatterns
353  -----------------------  -----------------------
354    
355  These are like other subpatterns, but they start with the opcode OP_COND. If  These are like other subpatterns, but they start with the opcode OP_COND, or
356    OP_SCOND for one that might match an empty string in an unbounded repeat. If
357  the condition is a back reference, this is stored at the start of the  the condition is a back reference, this is stored at the start of the
358  subpattern using the opcode OP_CREF followed by two bytes containing the  subpattern using the opcode OP_CREF followed by two bytes containing the
359  reference number. If the condition is "in recursion" (coded as "(?(R)"), the  reference number. If the condition is "in recursion" (coded as "(?(R)"), or "in
360  same scheme is used, with a "reference number" of 0xffff. Otherwise, a  recursion of group x" (coded as "(?(Rx)"), the group number is stored at the
361  conditional subpattern always starts with one of the assertions.  start of the subpattern using the opcode OP_RREF, and a value of zero for "the
362    whole pattern". For a DEFINE condition, just the single byte OP_DEF is used (it
363    has no associated data). Otherwise, a conditional subpattern always starts with
364    one of the assertions.
365    
366    
367    Recursion
368    ---------
369    
370    Recursion either matches the current regex, or some subexpression. The opcode
371    OP_RECURSE is followed by an value which is the offset to the starting bracket
372    from the start of the whole pattern. From release 6.5, OP_RECURSE is
373    automatically wrapped inside OP_ONCE brackets (because otherwise some patterns
374    broke it). OP_RECURSE is also used for "subroutine" calls, even though they
375    are not strictly a recursion.
376    
377    
378    Callout
379    -------
380    
381    OP_CALLOUT is followed by one byte of data that holds a callout number in the
382    range 0 to 254 for manual callouts, or 255 for an automatic callout. In both
383    cases there follows a two-byte value giving the offset in the pattern to the
384    start of the following item, and another two-byte item giving the length of the
385    next item.
386    
387    
388  Changing options  Changing options
# Line 257  at compile time, and so does not cause a Line 399  at compile time, and so does not cause a
399  data.  data.
400    
401  Philip Hazel  Philip Hazel
402  August 2002  November 2006

Legend:
Removed from v.63  
changed lines
  Added in v.127

webmaster@exim.org
ViewVC Help
Powered by ViewVC 1.1.12