New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: compress/zstd: add new package #62513
Comments
Some comments on other popular compression formats and why Zstandard makes the cut, but not others:
Most compression formats (other than bzip2) are a combination of LZ77 with entropy encoding (and maybe other tricks like Markov chains for LZMA). The entropy encoding that GZIP uses is Huffman encoding, which can't compress better than 1-bit per byte. In terms of compression ratio, arithmetic encoding (which LZMA uses), range encoding, and ANS (which Zstandard uses) encoding provide better ratios. ANS has the benefit that is overcomes the limitations of Huffman encoding, is patent unencumbered (to my knowledge), and is also very fast. It seems unlikely a better entropy encoding than ANS will be discovered in the next decade. IMO, the lack of a formal specification should bar inclusion in stdlib as it makes "correctness" somewhat undefined. |
Makes sense but I have to say that I'm not sure that anybody could write a correct zstd decompressor based solely on reading RFC 8878. |
Heh... you're the expert there, having done it. I had written a Brotli decompressor solely from the draft RFC without looking at the implementation. This effort led to a number of updates to the draft so that it would be unambiguous when finalized. |
To add to the list of good points zstd has an extremely really wide range of levels available, depending on the compressor options you can have lz4 or gzip like ratios which have very low resource usage. |
@dsnet Just to clarify some mistakes in your initial post. zstd compression (nor deflate for that matter) uses any assembly or "unsafe" for compression. The assembly is used for decompression and can be fully disabled with a "noasm" tag. So obviously that is trivial to exclude.
Could you elaborate what you find particularly complex? I expect the stdlib would have the multithreading pulled out and only implement a fully synchronous mode, as well as possibly omitting dictionary features. Without that the API isn't really more complex than flate, gzip and similar. Without concurrency you can have the options on the Encoder (or Writer, whatever it is called), since you don't have any sharing to care about.
I could interpret this as an underhanded way of implying my library isn't safe to use. Probably not the intention, but just to be clear there is continuous fuzzing running and there is third party security review being done. Considering it doesn't use assembly, nor unsafe, I think it is fair to say that a battletested code is more secure than a freshly written code. If you want to write it, I will of course not take that fun from you - but to wrap it in an argument of "security" seems disingenuous or the very least not at all researched to me. I do think that features like concurrent (de)compression and possibly dictionaries should be taken out from the stdlib. I think having the |
@klauspost, thanks for your thoughts.
Correct. There should be no usages of goroutines in the stdlib implementation. The example in klauspost/compress#479 should be perfectly thread safe (as it is with the other stdlib packages). One "dictionary" feature we probably want to keep is the ability to specify the maximum window size.
Not at all the intention; I use your package quite extensively myself. That said, the stdlib avoids the use of assembly except for a few select places. Assembly can be a challenge to review and maintain. Continuous fuzzing is great, but takes a long time before confidence in the implementation is obtained. Fuzzing doesn't help when trying to review if a change to the assembly implementation is correct. I should also mention the asynchronous nature
I'm confused. Just above, you mentioned that assembly is used in your package for decompression, but here you saying it doesn't use assembly? Did you mean if you built it under
I'm not itching to write a zstd implementation from scratch. My end goal is to see support for it in stdlib. In my proposal, I deliberately didn't make a statement about how this would come to be fulfilled. Using the pure Go (i.e., no assembly) implementation of your package would be a reasonable possibility.
I personally find it rather strange that the Given the acceptance of #54078, I would rather see something like: func AppendCompress(dst, src []byte, level int) ([]byte, error)
func AppendDecompress(dst, src []byte, maxSize int) ([]byte, error) |
Yes. That is an essential security DOS mitigation. Though when I refer to dictionaries I only refer to predefined dictionaries that seeds the first blocks with backreferences and predefined entropy coders.
I assumed you were only looking for compression given there already is an internal decompressor, which I unfortunately haven't had the time to test. But since everything is marked by tags, taking it out is extremely easy.
I am not sure how you come to that. If you use it for streaming, you can only use it for one stream - that isn't different than a sync Writer. If you want writes to only happen when you are calling Write, yes, you need to disable concurrency - but that is an assumption you are making that doesn't hold. The documentation should be pretty clear on what you can expect. Either way, it is a non-issue since the concurrency should go. Both the compressor and the decompressor have an "async" and "sync" code path. Ripping out the async one is a minor task. Of course some cleanup can probably be done, but that is cosmetics.
So you want each of them to allocate, or try to hide the allocs with internal sync.Pools?
Being able to use the same Reader/Writer for concurrent Encode/Decode operations would have to go, but it would at least give control over how each is reused. Sidenote, |
Stack allocate if possible, reusing the destination buffer if possible (e.g., we don't need to maintain the LZ77 window for decompression since it can be obtained from |
To comment more on the |
While zstd is a noble goal, I woul like to highlight that it still has zero support in browsers as of today. So for anyone looking to use a more efficient |
@silverwind I think this is more relevant for #62492. ZSTD has found many uses outside |
To offer a bit of commentary on how it would be used: at my company Zstandard is becoming our default general-purpose compression algorithm because it's strictly better than gzip on all the dimensions we care about. There are cases where we would decide to use gzip (for compatibility) or snappy (for very high throughput) but in the absence of specific requirements, Zstandard is the go-to. |
Yes, just wanted to mention it. I'm in favor of adding any of the "better then gzip" mechanisms to the standard library for both http transfer, but also |
Correct (and it already uses dst instead of a dedicated history). I can see the single-use decoder working stateless with hidden, internal buffers (for things like literal decompression, entropy decoders for example). For encoding you have rather big hash tables to deal with, which will put quite some pressure on the stack. Level 1 has 256K, Level 2 has 1.2MB, Level 3 is 4MB. So these would also need some internal pooling, since having those on stack and forcing zeroing on each call, wouldn't be very optimal. Again entropy/literal coders would need to have internal pools, since they are rather expensive to set up. Doable, but I am not generally a fan of having a bunch of pools on a package level. Streams will of course be stateful, so ignoring those for now. That said, I don't really see any problem in separating single-shot state from the Reader/Writer state and having an internal pool for those.
Sure. I can see that. I try to avoid global package state. That is the main reason I haven't added it, since it would be rather annoying if one bad actor could cause problems for others. A global "pool" is nice for resource control. It is pointless to run more than GOMAXPROCS EncodeAll/DecodeAll concurrently, since each will consume exactly one thread fully until it is done. That has a "play nice" feel for preemption, and limiting this below GOMAXPROCS will of course make sure that compression/decompression will never oversaturate a system. Without concurrency there isn't the main "annoyance" with the current API - that you have to So yeah, I can see that as a way of simplifying things. Let me know if I understood your ideas clearly. |
@dsnet I tested the
Assembly disabled. Using streaming interface. Multithreading disabled. So "not great, not terrible" applies it seems. With assembly the difference grows significantly. Also, I did find some bugs while testing casually. Bugs foundI ran my fuzz set through the decoder and found some differences/bugs. I don't really know where to report them (should I open an issue?) So I collapsed them here, since they aren't super relevant for this issue. Here are a bunch of samples: zstd-internal-problems.zip
|
All failures for https://github.com/klauspost/compress/blob/master/zstd/testdata/benchdecoder.zip are fixed when window size is configured according to RFC instead of zero.
I've created #63224 to address this. |
Change https://go.dev/cl/531075 mentions this issue: |
@klauspost Thanks for the bug reports, @AlexanderYastrebov Thanks for the quick fix. @klauspost Please do feel free to open bug reports against the code on this issue tracker. Or I'll take a look either way. |
Fix copyFromWindow when match extends past initial buffer size For golang#62513
Fix copyFromWindow when match extends past initial buffer size For golang#62513
So I've tested combined changes #63224 #63248 #63251 #63252 against both benchdecoder.zip and zstd-internal-problems.zip from #62513 (comment) and the only failures are due to unsupported dictionaries.
This is what it does but in the failing samples Dictionary_ID_Flag is not 0. |
@AlexanderYastrebov Thanks very much. |
For #62513 Change-Id: I295e72f71165665b8ea999e68a5586fa785b546d GitHub-Last-Rev: 902e952 GitHub-Pull-Request: #63252 Reviewed-on: https://go-review.googlesource.com/c/go/+/531217 Auto-Submit: Ian Lance Taylor <iant@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Bryan Mills <bcmills@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
@AlexanderYastrebov Great stuff! Dictionary set, but ID==0 is the same as "no dictionary" when using the official zstd, so you can safely support that. (I can't remember if I discussed this with the author, but it wasn't explicitly stated in the spec when I implemented it) Edit: Discussed here: facebook/zstd#2172 |
Set window size to frame content size when single segment flag is set. For #62513 Change-Id: I2a60c33123aca4f6a631e6d625f4582ff31a63cb GitHub-Last-Rev: 9bafe01 GitHub-Pull-Request: #63224 Reviewed-on: https://go-review.googlesource.com/c/go/+/531075 Auto-Submit: Ian Lance Taylor <iant@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Bryan Mills <bcmills@google.com>
A value of 0 has same meaning as no Dictionary_ID, in which case the frame may or may not need a dictionary to be decoded, and the ID of such a dictionary is not specified. See facebook/zstd#2172 For golang#62513
Change https://go.dev/cl/531515 mentions this issue: |
A value of 0 has same meaning as no Dictionary_ID, in which case the frame may or may not need a dictionary to be decoded, and the ID of such a dictionary is not specified. See facebook/zstd#2172 For golang#62513
For #62513 Change-Id: I2557aed5ae106ea4684bb599cce740e9da9df780 GitHub-Last-Rev: 2b7ddc6 GitHub-Pull-Request: #63251 Reviewed-on: https://go-review.googlesource.com/c/go/+/531295 Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
A value of 0 has same meaning as no Dictionary_ID, in which case the frame may or may not need a dictionary to be decoded, and the ID of such a dictionary is not specified. See facebook/zstd#2172 For #62513 Change-Id: If0eafcbc5d2188576f0cb687234e30c9eb4037a6 GitHub-Last-Rev: 9cf12dc GitHub-Pull-Request: #63268 Reviewed-on: https://go-review.googlesource.com/c/go/+/531515 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Than McIntosh <thanm@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com>
For #62513 Change-Id: I59c24b254d5073140811b41497eabb91fb0046e9 GitHub-Last-Rev: 4dd16fc GitHub-Pull-Request: #63248 Reviewed-on: https://go-review.googlesource.com/c/go/+/531255 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Than McIntosh <thanm@google.com>
Reset r.buffer on Reset to avoid subsequent Read calls observing previously decoded data. For golang#62513
Change https://go.dev/cl/531735 mentions this issue: |
Reset r.buffer on Reset to avoid subsequent Read calls observing previously decoded data. For #62513 Change-Id: Icb65e76b5c5c0af32b36ec3a5999dca86407cbc8 GitHub-Last-Rev: 99c0a6f GitHub-Pull-Request: #63288 Reviewed-on: https://go-review.googlesource.com/c/go/+/531735 Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Than McIntosh <thanm@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Change https://go.dev/cl/540415 mentions this issue: |
This change fixes an edge case in the zstd decompressor where an int conversion could result in a negative window size. Fixes #63979 For #62513 Change-Id: Ie714bf8fb51fa509b310deb8bd2c96bd87b52852 GitHub-Last-Rev: ab0be65 GitHub-Pull-Request: #63980 Reviewed-on: https://go-review.googlesource.com/c/go/+/540415 Reviewed-by: Cherry Mui <cherryyz@google.com> Run-TryBot: M Zhuo <mengzhuo1203@gmail.com> Reviewed-by: Bryan Mills <bcmills@google.com> Reviewed-by: M Zhuo <mengzhuo1203@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org>
This change fixes an edge case in the zstd decompressor where an int conversion could result in a negative window size. Fixes golang#63979 For golang#62513 Change-Id: Ie714bf8fb51fa509b310deb8bd2c96bd87b52852 GitHub-Last-Rev: ab0be65 GitHub-Pull-Request: golang#63980 Reviewed-on: https://go-review.googlesource.com/c/go/+/540415 Reviewed-by: Cherry Mui <cherryyz@google.com> Run-TryBot: M Zhuo <mengzhuo1203@gmail.com> Reviewed-by: Bryan Mills <bcmills@google.com> Reviewed-by: M Zhuo <mengzhuo1203@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org>
This proposal has been added to the active column of the proposals project |
Zstandard (RFC 8878) is well-positioned to replaced GZIP (RFC 1952) as the de-facto compression format.
Zstandard:
Given the likely ubiquitous place Zstandard is going have in the future, I propose first-class adoption of Zstandard in the stdlib.
Existing Go implementations:
unsafe
or assembly.Some goals for this package:
compress/gzip
.unsafe
or assembly similar to the existing compress package.compress/zstd
, while those want the best performance and/or advanced features of Zstandard can use @klauspost's package. Any stdlib packages (e.g.,net/http
that make use ofcompress/zstd
should make it possible to swap over to a differentzstd
implementation).compress/gzip
, which is generally good enough (although there is still room for performance optimizations), but power users can use github.com/klauspost/compress/gzip, which is much faster (as it makes use of assembly).We could:
Related issues:
Content-Encoding: zstd
tohttp.DefaultTransport
#62492The text was updated successfully, but these errors were encountered: