PCRE has exponential worst-case time. See for example https://www.regular-expressions.info/catastrophic.html but searching for PCRE exponential time or worst case will find more. That's not the problem. The problem is that it isn't *obvious* which regexps are safe and that people are taught that regular expressions can be matched in linear time, which is sort of the point of them. But PCRE patterns *aren't* regular expressions.
On Wed, 6 Feb 2019 at 04:54, Pierce Ng <pie...@samadhiweb.com> wrote: > On Wed, Feb 06, 2019 at 12:26:00AM +1300, Richard O'Keefe wrote: > > Please DON'T move to PCRE. > > "Outside world standards"? There are so many. > > There are two important things to know about > > PCRE: (1) it is a popular open source regexp > > library for Perl-style regexps, (2) because of > > that, it is prone to truly horrendous performance > > problems. There are alternatives, such as re2, > > https://github.com/google/re2 , > > which are not subject to PCRE's intrinsic > > performance pathologies. As it happens, re2 > > supports *? +? and ??. > > Can you share some examples of PCRE's bad performance? > > Pierce > >
