← Back to Blog
EN中文

Domain Regex Engine DFA Optimization & Linear Scanning

In high-performance network infrastructure, the implementation of regular expressions dictates the life or death of a system. Many general-purpose regex engines (like PCRE) are based on Backtracking mechanisms. While powerful—supporting complex features like backreferences—their time complexity can be exponential when facing malicious inputs or edge cases.

For a crawler or gateway that needs to process massive amounts of domain and path matching, what we need is determinism. Regardless of input length or rule complexity, matching time should be linear. This is where Deterministic Finite Automata (DFA) come into play.

This article demonstrates how to build a simplified DFA-based matching model in Modern C++ (C++20), highlighting its advantages in zero-copy scenarios.

Why Choose DFA?

Regex engines generally fall into two categories:

  1. NFA (Nondeterministic Finite Automata) / Backtracking: Flexible but slow. Vulnerable to ReDoS attacks.
  2. DFA (Deterministic Finite Automata): For every character in the input string, the state machine's transition is unique.

The core characteristic of a DFA is: It has no memory and does not backtrack. It only looks forward. This means its execution speed depends solely on the length of the input string, unrelated to the complexity of the regex (complexity is offloaded to the compilation phase).

C++20 Implementation: Zero-Copy State Machine

We can leverage C++20's std::string_view to implement a zero-copy scanner. Our goal is to build a state machine that accepts a stream of characters and decides the next step based on the current state.

State Definition

First, we define a simple state transition table. In this demo, we'll hardcode a simple DFA to match patterns like *.jpg or /api/* instead of writing a full regex compiler.

#include <iostream>
#include <string_view>
#include <vector>
#include <array>

// Simple State ID
using StateId = size_t;

struct State {
    bool is_final = false;
    // ASCII character transition table: char -> next StateId
    // 0 represents invalid/error state
    std::array<StateId, 256> transitions = {0}; 
};

class DFAScanner {
    std::vector<State> states;
    StateId current_state = 1; // 1 is the start state

public:
    DFAScanner() {
        // Initialize an empty state as state 0 (dead state)
        states.emplace_back(); 
        // Initialize start state 1
        states.emplace_back();
    }

    // Add transition rule (simulating regex compilation)
    void add_transition(StateId from, char input, StateId to) {
        if (from >= states.size()) states.resize(from + 1);
        if (to >= states.size()) states.resize(to + 1);
        states[from].transitions[static_cast<unsigned char>(input)] = to;
    }

    void set_final(StateId id) {
        if (id >= states.size()) states.resize(id + 1);
        states[id].is_final = true;
    }

    // Core scanning logic: No branch misprediction, no backtracking
    bool scan(std::string_view text) {
        current_state = 1; // Reset
        for (char c : text) {
            StateId next = states[current_state].transitions[static_cast<unsigned char>(c)];
            if (next == 0) return false; // Match failed, fail fast
            current_state = next;
        }
        return states[current_state].is_final;
    }
};

The Power of Linear Scanning

The scan function above is the soul of the engine. Note its structure:

  1. No recursion.
  2. No complex if-else chains.
  3. No fallback pointers.

It's just simple array lookups: next = table[current][char]. While this memory access pattern might cause CPU cache misses, it is far more stable than NFA backtracking when handling large numbers of rules.

Building for Real-World Use

In production, you wouldn't write add_transition manually. You would use tools like RE2 or Ragel to compile regular expressions into such state tables.

For example, for the rule /api/*:

  1. State 1 receives / -> State 2
  2. State 2 receives a -> State 3
  3. ...
  4. Final state receives any char -> points to itself (loop) and is marked final.

Trade-off: Memory vs. Speed

The downside of DFA is state explosion. Complex regexes can generate massive state tables, consuming significant memory.

In optimizing components like HostRotor for crawlers, common practices include:

  • Restricting Regex Subset: Only allow specific syntax that doesn't cause state explosion.
  • Lazy DFA: Instead of generating all states at once, compute and cache state transitions at runtime (Lazy DFA, similar to RE2's approach).

Conclusion

Modern C++ gives us powerful tools to control memory layout and execution flow. By understanding how DFAs work, we can build URL matchers that are both safe and extremely fast—cornerstone technology for any high-performance network service.

In this domain, "fast" doesn't just mean speed; it means predictability.