diff -r 352d15782d35 -r 71fc4a7a7039 handouts/ho01.tex --- a/handouts/ho01.tex Sat May 05 10:31:00 2018 +0100 +++ b/handouts/ho01.tex Fri Jun 01 15:28:37 2018 +0100 @@ -36,7 +36,7 @@ %https://www.youtube.com/watch?v=gmhMQfFQu20 \begin{document} -\fnote{\copyright{} Christian Urban, King's College London, 2014, 2015, 2016, 2017} +\fnote{\copyright{} Christian Urban, King's College London, 2014, 2015, 2016, 2017, 2018} \section*{Handout 1} @@ -46,8 +46,8 @@ Knuth-Morris-Pratt algorithm, which is currently the most efficient general string search algorithm. But often we do \emph{not} just look for a particular string, but for string patterns. For example, in -program code we need to identify what are the keywords (if, then, -while, for, etc), what are the identifiers (variable names). A pattern for +program code we need to identify what are the keywords (\texttt{if}, \texttt{then}, +\texttt{while}, \texttt{for}, etc), what are the identifiers (variable names). A pattern for identifiers could be stated as: they start with a letter, followed by zero or more letters, numbers and underscores. Often we also face the problem that we are given a string (for example some user input) and @@ -106,7 +106,7 @@ \noindent according to the regular expression we specified in line \eqref{email} above. Whether this is intended or not is a different question (the second email above is actually an acceptable email -address acording to the RFC 5322 standard for email addresses). +address according to the RFC 5322 standard for email addresses). As mentioned above, identifiers, or variables, in program code are often required to satisfy the constraints that they start @@ -140,7 +140,7 @@ \pcode{re\{n\}} & matches exactly \pcode{n} number of occurrences of preceding expression\\ \pcode{re\{n,m\}} & matches at least \pcode{n} and at most {\tt m} -occurences of the preceding expression\\ +occurrences of the preceding expression\\ \pcode{[...]} & matches any single character inside the brackets\\ \pcode{[^...]} & matches any single character not inside the @@ -191,7 +191,7 @@ before (remember the PRA module?). Why on earth then is there any interest in studying them again in depth in this module? Well, one answer is in the following two graphs about regular expression -matching in Python, Ruby and Java. +matching in Python, Ruby and Java (Version 8). \begin{center} \begin{tabular}{@{\hspace{-1mm}}c@{\hspace{1mm}}c@{}} @@ -211,7 +211,7 @@ axis lines=left, width=5.5cm, height=4.5cm, - legend entries={Python, Java}, + legend entries={Python, Java 8}, legend pos=north west, legend cell align=left] \addplot[blue,mark=*, mark options={fill=white}] table {re-python2.data}; @@ -273,7 +273,7 @@ \end{center} \noindent -A similar problem also occured in the Atom editor: +A similar problem also occurred in the Atom editor: \begin{center} \url{http://davidvgalbraith.com/how-i-fixed-atom/} @@ -283,14 +283,15 @@ Such troublesome regular expressions are sometimes called \emph{evil regular expressions} because they have the potential to make regular expression matching engines to topple over, like in Python, Ruby and -Java. This ``toppling over'' is also sometimes called \emph{catastrophic - backtracking}. The problem with evil regular expressions is that -they can have some serious consequences, for example, if you use them -in your web-application. The reason is that hackers can look for these -instances where the matching engine behaves badly and then mount a -nice DoS-attack against your application. These attacks are already -have their own name: \emph{Regular Expression Denial of Service - Attacks (ReDoS)}. +Java. This ``toppling over'' is also sometimes called +\emph{catastrophic backtracking}. I have also seen the term +\emph{eternal matching} used for this. The problem with evil regular +expressions is that they can have some serious consequences, for +example, if you use them in your web-application. The reason is that +hackers can look for these instances where the matching engine behaves +badly and then mount a nice DoS-attack against your application. These +attacks are already have their own name: \emph{Regular Expression + Denial of Service Attacks (ReDoS)}. It will be instructive to look behind the ``scenes'' to find out why Python and Ruby (and others) behave so badly when @@ -405,23 +406,23 @@ will be helpful. For example we will write $(r_1 + r_2)^*$, which is different from, say $r_1 + (r_2)^*$. The former means roughly zero or more times $r_1$ or $r_2$, while the latter -means $r_1$ or zero or more times $r_2$. This will turn out to +means $r_1$, or zero or more times $r_2$. This will turn out to be two different patterns, which match in general different strings. We should also write $(r_1 + r_2) + r_3$, which is different from the regular expression $r_1 + (r_2 + r_3)$, but in case of $+$ and $\cdot$ we actually do not care about the order and just write $r_1 + r_2 + r_3$, or $r_1 \cdot r_2 -\cdot r_3$, respectively. The reasons for this will become +\cdot r_3$, respectively. The reasons for this carelessness will become clear shortly. In the literature you will often find that the choice $r_1 + r_2$ is written as $r_1\mid{}r_2$ or $r_1\mid\mid{}r_2$. Also, often our $\ZERO$ and $\ONE$ are written $\varnothing$ and $\epsilon$, respectively. Following the convention in the -literature, we will often omit the $\cdot$ all together. This +literature, we will often omit the $\cdot$. This is to make some concrete regular expressions more readable. For example the regular expression for email addresses shown -in \eqref{email} would look like +in \eqref{email} would fully expanded look like \[ \texttt{[...]+} \;\cdot\; \texttt{@} \;\cdot\; @@ -559,7 +560,8 @@ \] \noindent That means two regular expressions are said to be -equivalent if they match the same set of strings. Therefore we +equivalent if they match the same set of strings. That is +there meaning is the same. Therefore we do not really distinguish between the different regular expression $(r_1 + r_2) + r_3$ and $r_1 + (r_2 + r_3)$, because they are equivalent. I leave you to the question @@ -584,7 +586,7 @@ was really a long time ago.} I got utterly confused about $\ONE$ (which my lecturer wrote as $\epsilon$) and the empty string (which he also wrote as $\epsilon$).\footnote{Obviously the lecturer must have - been bad ;o)} Since my then, I have used regular expressions for + been bad ;o)} Since then, I have used regular expressions for implementing lexers and parsers as I have always been interested in all kinds of programming languages and compilers, which invariably need regular expressions in some form or shape. @@ -596,7 +598,7 @@ them.\footnote{\url{http://isabelle.in.tum.de}} Theorem provers are systems in which you can formally reason about mathematical concepts, but also about programs. In this way -theorem provers can help with the manacing problem of writing bug-free code. Theorem provers have +theorem provers can help with the menacing problem of writing bug-free code. Theorem provers have proved already their value in a number of cases (even in terms of hard cash), but they are still clunky and difficult to use by average programmers. @@ -607,7 +609,7 @@ expressions, not needing any automata (you will see we only touch briefly on automata in lecture 3). Automata are usually the main object of study in formal language courses. The avoidance of automata -is crucial because automata are graphs and it is rather difficult to +is crucial for me because automata are graphs and it is rather difficult to reason about graphs in theorem provers. In contrast, reasoning about regular expressions is easy-peasy in theorem provers. Is this important? I think yes, because according to Kuklewicz nearly all @@ -629,20 +631,21 @@ theorem we can show that regular languages are closed under complementation, something which Gasarch in his blog\footnote{\url{http://goo.gl/2R11Fw}} assumed can only be -shown via automata. Even sombody who has written a 700+-page +shown via automata. So even somebody who has written a 700+-page book\footnote{\url{http://goo.gl/fD0eHx}} on regular -exprssions did not know better. Well, we showed it can also be +expressions did not know better. Well, we showed it can also be done with regular expressions only.\footnote{\url{http://nms.kcl.ac.uk/christian.urban/Publications/posix.pdf}} What a feeling when you are an outsider to the subject! To conclude: Despite my early ignorance about regular expressions, I -find them now very interesting. They have a beautiful mathematical -theory behind them, which can be sometimes quite deep and which -sometimes contains hidden snares. They have practical importance +find them now extremely interesting. They have practical importance (remember the shocking runtime of the regular expression matchers in Python, Ruby and Java in some instances and the problems in Stack -Exchange and the Atom editor). People who are not very familiar with -the mathematical background of regular expressions get them +Exchange and the Atom editor). They are used in tools like Snort and +Bro in order to monitor network traffic. They have a beautiful mathematical +theory behind them, which can be sometimes quite deep and which +sometimes contains hidden snares. People who are not very familiar +with the mathematical background of regular expressions get them consistently wrong (this is surprising given they are a supposed to be core skill for computer scientists). The hope is that we can do better in the future---for example by proving that the algorithms actually @@ -653,7 +656,7 @@ expressions have their shortcomings. There are some well-known ``theoretical'' shortcomings, for example recognising strings of the form $a^{n}b^{n}$ is not possible with regular expressions. This means -for example if we try to regognise whether parentheses are well-nested +for example if we try to recognise whether parentheses are well-nested in an expression is impossible with (basic) regular expressions. I am not so bothered by these shortcomings. What I am bothered about is when regular expressions are in the way of practical programming. For @@ -702,7 +705,7 @@ \begin{figure}[p]\small - \lstinputlisting[linebackgroundcolor={\ifodd\value{lstnumber}\color{capri!3}\fi}] + \lstinputlisting[numbers=left,linebackgroundcolor={\ifodd\value{lstnumber}\color{capri!3}\fi}] {../progs/crawler1.scala} \caption{The Scala code for a simple web-crawler that checks @@ -716,7 +719,7 @@ \begin{figure}[p]\small - \lstinputlisting[linebackgroundcolor={\ifodd\value{lstnumber}\color{capri!3}\fi}] + \lstinputlisting[numbers=left,linebackgroundcolor={\ifodd\value{lstnumber}\color{capri!3}\fi}] {../progs/crawler2.scala} \caption{A version of the web-crawler that only follows links @@ -731,7 +734,7 @@ \end{figure} \begin{figure}[p]\small - \lstinputlisting[linebackgroundcolor={\ifodd\value{lstnumber}\color{capri!3}\fi}] + \lstinputlisting[numbers=left,linebackgroundcolor={\ifodd\value{lstnumber}\color{capri!3}\fi}] {../progs/crawler3.scala} \caption{A small email harvester---whenever we download a