Parser: fix exponential parse time on speculative prefix parsing

Author: LucaCappelletti94

sqlparser_bench/benches/sqlparser_bench.rs

@@ -249,6 +249,28 @@ fn parse_not_chain(c: &mut Criterion) {
     group.finish();
 }
 
+/// Benchmark parsing pathological `IF(<keyword-fn>(<keyword-fn>(...x` chains
+/// that previously caused 2^N work in `parse_prefix`. Each nested
+/// `current_time(` segment used to be explored twice at every level (once via
+/// the speculative reserved-word arm, once via the unreserved-word fallback),
+/// doubling work per level. Post-fix the cost is linear in chain length.
+fn parse_prefix_keyword_call_chain(c: &mut Criterion) {
+    let mut group = c.benchmark_group("parse_prefix_keyword_call_chain");
+    let dialect = PostgreSqlDialect {};
+
+    for &n in &[10usize, 20, 30] {
+        let sql = String::from("if(") + &"current_time(".repeat(n) + "x";
+
+        group.bench_function(format!("chain_{n}"), |b| {
+            b.iter(|| {
+                let _ = Parser::parse_sql(&dialect, std::hint::black_box(&sql));
+            });
+        });
+    }
+
+    group.finish();
+}
+
 criterion_group!(
     benches,
     basic_queries,
@@ -257,6 +279,7 @@ criterion_group!(
     parse_compound_chain,
     parse_named_arg_chain,
     parse_compound_keyword_chain,
-    parse_not_chain
+    parse_not_chain,
+    parse_prefix_keyword_call_chain
 );
 criterion_main!(benches);

src/parser/mod.rs

@@ -17,6 +17,7 @@ use alloc::collections::BTreeSet;
 #[cfg(not(feature = "std"))]
 use alloc::{
     boxed::Box,
+    collections::BTreeMap,
     format,
     string::{String, ToString},
     vec,
@@ -26,6 +27,9 @@ use core::{
     fmt::{self, Display},
     str::FromStr,
 };
+#[cfg(feature = "std")]
+use std::collections::BTreeMap;
+
 use helpers::attached_token::AttachedToken;
 #[cfg(feature = "std")]
 use std::collections::BTreeSet;
@@ -371,6 +375,9 @@ pub struct Parser<'a> {
     /// `<ident>-NOT-<ident>.` ending in a parse error) trigger 2^N exploration
     /// because each `-NOT-` segment otherwise re-walks the rest of the chain.
     failed_unary_not_positions: BTreeSet<usize>,
+    /// Cached errors from failed `parse_prefix` calls, keyed by start
+    /// position. See [`Parser::parse_prefix`] for the 2^N pattern this guards.
+    failed_prefix_positions: BTreeMap<usize, ParserError>,
 }
 
 impl<'a> Parser<'a> {
@@ -398,6 +405,7 @@ impl<'a> Parser<'a> {
             recursion_counter: RecursionCounter::new(DEFAULT_REMAINING_DEPTH),
             options: ParserOptions::new().with_trailing_commas(dialect.supports_trailing_commas()),
             failed_unary_not_positions: BTreeSet::new(),
+            failed_prefix_positions: BTreeMap::new(),
         }
     }
 
@@ -460,6 +468,7 @@ impl<'a> Parser<'a> {
         self.tokens = tokens;
         self.index = 0;
         self.failed_unary_not_positions.clear();
+        self.failed_prefix_positions.clear();
         self
     }
 
@@ -1731,6 +1740,23 @@ impl<'a> Parser<'a> {
             return prefix;
         }
 
+        // Memoize failed attempts to break 2^N speculation: both the
+        // reserved-word and unreserved-word arms can recurse into the
+        // same downstream position, so without this short-circuit
+        // inputs like `IF(current_time(current_time(...x` re-walk the
+        // chain at every level.
+        let start_index = self.index;
+        if let Some(cached) = self.failed_prefix_positions.get(&start_index) {
+            return Err(cached.clone());
+        }
+        let result = self.parse_prefix_inner();
+        if let Err(ref e) = result {
+            self.failed_prefix_positions.insert(start_index, e.clone());
+        }
+        result
+    }
+
+    fn parse_prefix_inner(&mut self) -> Result<Expr, ParserError> {
         // PostgreSQL allows any string literal to be preceded by a type name, indicating that the
         // string literal represents a literal of that type. Some examples:
         //

tests/sqlparser_common.rs

@@ -19082,3 +19082,26 @@ fn parse_not_chain_no_exponential_blowup() {
     rx.recv_timeout(Duration::from_secs(5))
         .expect("parser should reject this quickly, not loop exponentially");
 }
+
+/// Regression test for the 2^N parse-time blowup in `parse_prefix` on inputs
+/// like `IF(current_time(current_time(...x`. Each nested `current_time(` used
+/// to be explored twice at every level (once via the speculative reserved-word
+/// arm, once via the unreserved-word fallback), doubling work per level.
+/// Post-fix the failing parse short-circuits via the position-keyed cache.
+#[test]
+fn parse_prefix_keyword_call_chain_no_exponential_blowup() {
+    use std::sync::mpsc;
+    use std::thread;
+    use std::time::Duration;
+
+    let sql = String::from("if(") + &"current_time(".repeat(30) + "x";
+
+    let (tx, rx) = mpsc::channel();
+    thread::spawn(move || {
+        let _ = Parser::parse_sql(&PostgreSqlDialect {}, &sql);
+        let _ = tx.send(());
+    });
+
+    rx.recv_timeout(Duration::from_secs(5))
+        .expect("parser should reject this quickly, not loop exponentially");
+}