Home. 
Search
.

transparent
transparent
transparent
  Library.Mailing List Archive

Altova Mailing List Archives


Re: [xml-dev] New release (2.8) of XSV

From: ht@---.--.--.-- (----- -. --------)
To: daniel@--------.---
Date: 10/11/2004 3:57:00 PM
Daniel Veillard <daniel@v...> writes:

> On Sun, Oct 10, 2004 at 10:57:32PM +0100, Henry S. Thompson wrote:
>> Daniel Veillard <daniel@v...> writes:
>> 
>> > libxml2 regexps used counters since day 1 for min/maxoccurs
>> > implementation.  The explosion didn't look a supportable
>> > alternative to me as it opens the door to trivial DoS attacks or
>> > forces to break the schemas validation which is also a big
>> > problem if you consider schemas as a contract between two
>> > communicating parties.
>> 
>> I would be very interested, as I'm sure would others, in a description
>> of your algorithm.
>
> Well nothing fancy really. You need to add state to the regexp, in
> that case the state is the number of time you went through the
> transition labelled by the element name:namespace pair. Due to the
> single particle rule, it means you have no need to be able to
> rollback the state to enter a different transition labelled by the
> same name:namespace pair.  Which means the effective state required
> is purely linear based on the number of counted transition you have
> in your regexp: one integer counter is sufficient per such
> transition in the regexp runtime structure. It's actually more
> automata with state that I'm using than pure regexps.  And the
> generated constructs for something like x{a,b} involves 3 states
> (IIRC) a couple of epsilon transitions and the counted regexp, but
> it's not really rocket sience either, very similar to what I was
> taught in the classroom.

Right, that works fine for exponents on individual elements, but I
don't see how it works for groups.

Here's a real example from a published schema document [1]:

<xsd:sequence minOccurs="0" maxOccurs="1000">
    <xsd:element ref="ReferenceIdentification" minOccurs="0"/>
    <xsd:element ref="Message" minOccurs="0" maxOccurs="1000"/>
</xsd:sequence>

Or consider a (constructed) case that's tricky in a different way:

<xsd:sequence minOccurs="2" maxOccurs="2">
    <xsd:element ref="a" minOccurs="1" maxOccurs="2"/>
    <xsd:element ref="b" minOccurs="0"/>
</xsd:sequence>

which allows _inter alia_

 <a/><a/>
 <a/><a/><a/>
 <a/><a/><a/><a/>

ht
 
[1] http://www.idealliance.org/spacexml/files/spacexmlv100.zip
-- 
 Henry S. Thompson, HCRC Language Technology Group, University of Edinburgh
                     Half-time member of W3C Team
    2 Buccleuch Place, Edinburgh EH8 9LW, SCOTLAND -- (44) 131 650-4440
            Fax: (44) 131 650-4587, e-mail: ht@i...
                   URL: http://www.ltg.ed.ac.uk/~ht/
[mail really from me _always_ has this .sig -- mail without it is forged spam]

From veillard@v... Mon Oct 11 15:17:46 2004
Received: from bart.w3.org ([128.30.52.40])
	by frink.


transparent
Print
Mail
Like It
Disclaimer
.

These Archives are provided for informational purposes only and have been generated directly from the Altova mailing list archive system and are comprised of the lists set forth on www.altova.com/list/index.html. Therefore, Altova does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content on the Altova Mailing List Archive(s), regardless of who originates that content. You expressly understand and agree that you bear all risks associated with using or relying on that content. Altova will not be liable or responsible in any way for any content posted including, but not limited to, any errors or omissions in content, or for any losses or damage of any kind incurred as a result of the use of or reliance on any content. This disclaimer and limitation on liability is in addition to the disclaimers and limitations contained in the Website Terms of Use and elsewhere on the site.

.
.

transparent
transparent
 
Company | Legal | Press | Partners | Careers | Sitemap | Contact Us | Altova Blog | Mobile | Full Site
 
Use of this site is governed by our Terms & Conditions and Privacy Policy Copyright 2005-2012 Altova. All Rights Reserved.
transparentGSA