regexstreamdfanfa

Efficient (basic) regular expression implementation for streaming data


I'm looking for an implementation of regular expression matching that operates on a stream of data -- i.e., it has an API that allows a user to pass in one character at a time and report when a match is found on the stream of characters seen so far. Only very basic (classic) regular expressions are needed, so a DFA/NFA based implementation seems like it would be well-suited to the problem.

Based on the fact that it's possible to do regular expression matching using a DFA/NFA in a single linear sweep, it seems like a streaming implementation should be possible.

Requirements:

For the curious, my use case is the following: I have a system which intercepts memory writes inside a full system emulator, and I would like to have a way to identify memory writes that match a regular expression (e.g., one could use this to find the point in the system where a URL is written to memory).

I have found:

Apply a Regex on Stream?

Applying a regular expression to a Java I/O Stream

Code Guru - Building a Regular Expression Stream Search with the .NET Framework

But all of these attempt to convert the stream to a string first and then use a stock regular expression library.

Another thought I had was to modify the RE2 library, but according to the author it is architected around the assumption that the entire string is in memory at the same time.

If nothing's available, then I can start down the unhappy path of reinventing this wheel to fit my own needs, but I'd really rather not if I can avoid it. Any help would be greatly appreciated!


Solution

  • The "answer" to this unfortunately turns out to be that there is no prebuilt library for doing this. Instead I opted for the following compromise: I implemented a simple string matcher (no RE support), which keeps state using a single counter per stream and per search string, which tracks how many characters of the search string have been matched in that stream. It gets incremented with each correct character, and reset to zero when a non-matching character is found. This is fast and doesn't require too much memory overhead.

    For more complicated searches, I instead just dump all streams out to disk, and then search through them using traditional tools. It's extremely slow, but luckily most of our use cases can get by with just simple string matching.