Algorithmic complexity / performance issue on fuzzed input

Question

Algorithmic complexity / performance issue on fuzzed input

rohanpadhye opened this issue 6 years ago · 1 comments

Running with SIMPLE_OPTIMIZATIONS enabled on v20181210 (reproducible with much older versions too).

The following input takes 1.5 seconds to report syntax error on my Macbook:

((((((((((((((((((((((((e foo = 1; => 1;

The following takes 3 seconds:

((((((((((((((((((((((((((((((((((((e foo = 1; => 1;

The following takes 6 seconds:

((((((((((((((((((((((((((((((((((((((((((((e foo = 1; => 1;

The following takes 12 seconds:

(((((((((((((((((((((((((((((((((((((((((((((((e foo = 1; => 1;

The following takes 1+ minute:

(((((((((((((((((((((((((((((((((((((((((((((((((((((e foo = 1; => 1;

... and so on. I haven't measured the exact complexity but it is highly non-linear (possibly exponential). It is fairly easy to create a long enough string that practically leads to a complete hang.

Is this a performance bug?

Found using JQF: https://github.com/rohanpadhye/jqf

Answer 1 · 2018-12-17T18:59:37.000Z

Thanks for the simple repro cases! I think this should help quite a bit with finding the source of this performance issue in the parser.

Created internal bug b/121144320 track.