Right now, the abuse filter uses a "condition limit" which measures the complexity of the expressions that it is asked to evaluate, but not the difficulty in doing so. A complex regex can consume the same number of conditions as a trivial equivalence test, but take 100 times longer to evaluate. As a result, the current condition limit is only weakly connected to overall performance.

I propose to add a total run time limit to the Abuse Filter as a more practical measure of performance / complexity. It is hard to know what an appropriate limit is because we don't currently track total filter run time in a systematic way, but my guess is that a limit of 1-2 seconds will more than accommodate the existing filter sets applied to edits (with the typical run time being substantially less than 1 second).

Given a reasonable run time limit, it would probably also make sense to remove or greatly increase the condition limit, so that the run time limit is the primary constraint on the number of allowed filters.