Timeouts for Regexp is quite interesting. The engineering purity in me saddens at such a thought, but indeed it seems highly practical.

The syntax feels a little rough although I have no ideas how to make it better:

    Regexp.timeout = 1.0
    ...
    /^a*b?a*$/ =~ "a" * 50000 + "x"

I think I would favor the:

    long_time_re = Regexp.new("^a*b?a*$", timeout: 1.0)

version instead but I use the `=~` almost entirely, so that would still be a big style change. Probably end up setting a global timeout per app and then overriding for individual checks as needed?

I wonder why they didn't just include an option to use a non-backtracking algorithm, like re2's[1]. As far as I know, that would completely eliminate the possibility of catastrophic backtracking happening.

[1]: https://github.com/google/re2