Static Analysis for Regular Expression Exponential Runtime via Substructural Logics (Extended)

TL;DR

This paper presents a static analysis technique that detects whether regular expressions can cause exponential runtime in backtracking matching, improving accuracy by using substructural logics and reachability analysis.

Contribution

It introduces a more precise static analysis method for REDoS detection by leveraging powers, products of transition relations, and substructural calculus.

Findings

The analysis accurately detects exponential runtime potential in regular expressions.

The approach reduces the REDoS problem to a reachability problem.

Correctness is established through a substructural calculus of search trees.

Abstract

Regular expression matching using backtracking can have exponential runtime, leading to an algorithmic complexity attack known as REDoS in the systems security literature. In this paper, we build on a recently published static analysis that detects whether a given regular expression can have exponential runtime for some inputs. We systematically construct a more accurate analysis by forming powers and products of transition relations and thereby reducing the REDoS problem to reachability. The correctness of the analysis is proved using a substructural calculus of search trees, where the branching of the tree causing exponential blowup is characterized as a form of non-linearity.