Thursday, September 19, 2013

How to kill Java with a Regular Expression

We recently stumbled upon a phenomen we absolutely weren't aware of: You can kill any Java IDE and also any Java process with a simple regular expression...

Back in university, I was taught that regular expressions, which are called regular grammers or type 3 grammers  always end up in an finite state automaton and can therefore be processed in linear time (input length doubles, processing time doubles). However, that's only true for "sane" expressions. A regular expression can also result in an non-deterministic finite state automaton and things can get messed up quite bad.

Consider the expression: (0*)*A  This will any number of zeros, followed by an upper case A. Now if you use Matcher.find() for this expression, everything is fine as long as there is a match in the input. However, if you call this, with "00000000000000000000" as input, your program will hang (and so will the regex console in Eclipse or IntelliJ and every (Java-based) online regex service).

What at first glance looks like an infinite loop, truns out to be catastrophic backtracking. What this basically means is, that the matcher detects, that no A was found at the end of the input. Now the outer quantifier goes on step back - the inner one forward and again - no result. Therefore the matcher goes back step by step retrying all combinations to find a match. It will eventually return (without a match) but the complexity (and therefore the runtime) of this is expotential (adding one character to the input doubles the runtime). A detailed description can be found here: catastrophic backtracking

Here are some runtimes I measured (which almost exactly double for each character added):

0000000000: 0.1ms
00000000000: 0.2ms
000000000000: 0.7ms
0000000000000: 1.3ms
00000000000000: 1.7ms
000000000000000: 3.5ms
0000000000000000: 7.2ms
00000000000000000: 13.9ms
000000000000000000: 27.5ms
0000000000000000000: 55.5ms
00000000000000000000: 113.0ms
000000000000000000000: 226.4ms
0000000000000000000000: 439.1ms
00000000000000000000000: 886.0ms


As a little side-note: For micro benchmarks like this, you always need to "warm" up the JVM as the HotSpot JIT will jump in at some point and optimize the code. Therefore the first run looks like this:

0000000000: 6.8ms
00000000000: 11.8ms
000000000000: 25.5ms
0000000000000: 39.5ms
00000000000000: 6.3ms   <- JIT jumped in and started to translate
000000000000000: 5.4ms     to native code.
0000000000000000: 7.1ms

00000000000000000: 14.2ms
000000000000000000: 26.8ms
0000000000000000000: 54.4ms
00000000000000000000: 109.6ms
000000000000000000000: 222.1ms
0000000000000000000000: 439.2ms
00000000000000000000000: 885.6ms


So what's the take-away here? If you're running a server application or anything critical used by many users, don't let them enter regular expressions unless you really trust them. There are regex implementations out there, which detect this problem and abort, but Java (up to JDK 8) doesn't.

Note: You can test this with your local IDE or a small Java program to your hearts content - but please don't start to knock out all the regex tester websites out there. Those guys provide a nice tool free of charge, so it would be quite unfair..

Here is the tiny benchmark I used:

public class Test {
    public static void main(String[] args) {
        for (int runs = 0; runs < 2; runs++) {
            Pattern pattern = Pattern.compile("(0*)*A");
            // Run from 5 to 25 characters
            for (int length = 5; length < 25; length++) {
                // Build input of specified length
                String input = "";
                for (int i = 0; i < length; i++) { input += "0"; }
               
                // Measure the average duration of two calls... 
                long start = System.nanoTime();
                for (int i = 0; i < 2; i++) {
                    pattern.matcher(input).find();
                }
                System.out.println(input + ": " 

                       + ((System.nanoTime() - start) / 2000000d) 
                       + "ms");
            }
        }
    }
}



Wednesday, September 4, 2013

A Monoflop class for easier looping...

Whether you want to join the contents of a collection or build a URL query string. There are lot's of cases where you have to handle to first iteraton of a loop a bit different from all others. Often I used this construct:

List<String> listToJoin = ...
boolean first = true;
StringBuilder result = new StringBuilder();
for(String item : listToJoin) {
   if (!first) {
      result.append(", ");
   }
   first = false;
   result.append(item);
}

System.out.println(result);
Yes, this works like a charm, but just looks plain ugly. And don't ask how long one has to debug if you get the position of the first = false wrong.

A simple class called Monoflop can help here. A properly commented version can be found on GitHub, but a very short version will do here:

public class Monoflop {

    private boolean toggled = false;
    /**
     * Reads and returns the internal state.

     * Toggles it to true once.
     */
    public boolean successiveCall() {
        if (toggled) {
            return true;
        }
        toggled = true;
        return false;
    }

    /**
     * Inverse of successiveCall

     */
 
    public
boolean firstCall() {
        return !successiveCall();
    }

}
Using this neat helper results in the following:
List<String> listToJoin = ...
Monoflop mf = new Monoflop();
StringBuilder result = new StringBuilder();
for(String item : listToJoin) {
   if (mf.successiveCall()) {
      result.append(", ");
   }
   result.append(item);
}

System.out.println(result);
Granted, you didn't save a whole lot of line in this example. However the logic is much more visible and you have less possibilities for errors. The only thing which is a bit misleading is that a call named successiveCall() has side-effects. On the otherhad, as it toggles the internal state, I didn't want to make it a getter (isSuccessiveCall()) since that would be even more evil.

Feel free to use this class in your own code base (but use the one from GitHub - as it is better documented). However, if you like it and you have uses for the fastest dependency injection framework out there, with lots of other features, check out: http://sirius-lib.net (GitHub). SIRIUS (which contains Monoflop) is OpenSource (MIT license) and developed and maintained by scireum GmbH.

Monday, September 2, 2013

S3 Emulator / Running S3 Locally


We've all been there: You're in a remote spot, distant from all your daily stress and hassle. A romantic candle light setup puts you in the right mood - Nothing can stop you from coding on your newest cloud project like there's no morning. Nothing? Well, without a proper internet connection, accessing S3 and the like is quite unpleasant. But fear no more! With S3 ninja you can setup a S3 / Ceph compatible API in seconds.

Download the latest zip from s3ninja.net, follow the installation instrcutions and you're ready to go. Being a java application, you need nothing but an installed Java JRE (1.6.xx). At last a word of caution: S3 ninja is intended to be a simple easy to use emulator for the S3 API. It has neither caching nor any kind of replcation layer.

Feel like hacking? Both, S3 ninja and its underlying server platform SIRIUS are open source and welcome contributions: Project on Github

This is what the main GUI looks like. On the left it even shows you the credentials to use, to test your hash generation:

In the (API) Acess Logs all calls against the S3 API are tracked and visualized: