Why Aren't Regular Expressions a Lingua Franca? An Empirical Study on the Re-use and Portability of Regular Expressions

by   James C. Davis, et al.

This paper explores the extent to which regular expressions (regexes) are portable across programming languages. Many languages offer similar regex syntaxes, and it would be natural to assume that regexes can be ported across language boundaries. But can regexes be copy/pasted across language boundaries while retaining their semantic and performance characteristics? In our survey of 158 professional software developers, most indicated that they re-use regexes across language boundaries and about half reported that they believe regexes are a universal language. We experimentally evaluated the riskiness of this practice using a novel regex corpus – 537,806 regexes from 193,524 projects written in JavaScript, Java, PHP, Python, Ruby, Go, Perl, and Rust. Using our polyglot regex corpus, we explored the hitherto-unstudied regex portability problems: logic errors due to semantic differences, and security vulnerabilities due to performance differences. We report that developers' belief in a regex lingua franca is understandable but unfounded. Though most regexes compile across language boundaries, 15 exhibit semantic differences across languages and 10 differences across languages. We explained these differences using regex documentation, and further illuminate our findings by investigating regex engine implementations. Along the way we found bugs in the regex engines of JavaScript-V8, Python, Ruby, and Rust, and potential semantic and performance regex bugs in thousands of modules.


page 6

page 8


Understanding Resolution of Multi-Language Bugs: An Empirical Study on Apache Projects

Background: In modern software systems, more and more systems are writte...

Universal Fuzzing via Large Language Models

Fuzzing has achieved tremendous success in discovering bugs and vulnerab...

Regexes are Hard: Decision-making, Difficulties, and Risks in Programming Regular Expressions

Regular expressions (regexes) are a powerful mechanism for solving strin...

Unifying Pointer Analyses for Polyglot Inter-operations through Summary Specialization

Modular analysis of polyglot applications is challenging because heap ob...

Automatically Generating Documentation for Lambda Expressions in Java

When lambda expressions were introduced to the Java programming language...

Memory and Resource Leak Defects and their Repairs in Java Projects

Despite huge software engineering efforts and programming language suppo...

Scalene: Scripting-Language Aware Profiling for Python

Existing profilers for scripting languages (a.k.a. "glue" languages) lik...

Please sign up or login with your details

Forgot password? Click here to reset