perf(dfast): close level 3 parity gap — compress 11.0× → 5.5× of donor

[polaz]

Summary

Closes the bulk of Phase 7c parity work on dfast level 3 across two of three axes; decompress and medium/large memory are left for a follow-up PR. Picked up a cross-level small-input perf win while addressing review feedback — the FSE default-table cache (commit f928ef4) shaved ~38 µs off FrameCompressor::new for every compression call regardless of level.

Honest framing on the "Compressed size" column below: our output is 7% smaller than donor on the decodecorpus-z000033 corpus. That is NOT confirmation that we beat donor — it is more likely a signal of algorithmic divergence (we are doing extra match-finding work the donor's fast path skips), which is consistent with us still being 5.5× slower. The deviation may turn out to be the cause of the speed gap, not a separate win. To confirm what donor would have emitted on the same input we still need a per-sequence diff harness (see the "Deferred" section).

Cumulative deltas (compress/level_3_dfast/decodecorpus-z000033, 1 022 035 B input)

Axis	Before this PR	After this PR	Donor (FFI 1.5.7)	Status
Compress time	32.07 ms (11.0×)	16.11 ms (5.5×)	2.94 ms	−50% closed
Compressed size	556 121 B (+5.5%)	489 846 B (−7.07%)	527 148 B	diverged; likely a cost source, not a win — see note above
Decompress time	4.43 ms (5.3×)	4.43 ms	0.84 ms	deferred
Memory (small ≤4 KiB)	378 KiB	249 KiB (−34%)	178 KiB	partial close
Memory (medium 1 MiB)	5.01 MiB	unchanged	3.80 MiB	deferred
Memory (large 100 MiB stream)	9.92 MiB	unchanged	3.80 MiB	deferred

Small-input speedup (FSE cache, all levels)

FrameCompressor::new used to rebuild the three predefined LL/ML/OF FSE tables on every call (~12 µs per build_table_from_probabilities × 3 = ~38 µs). Two-stage fix during the review rounds on this PR:

1. Cache the tables in process-local AtomicPtr<FSETable> and clone on each ctor (commit f928ef4) — drops the build cost but pays ~4-5 µs per clone of three 256-element SymbolStates arrays.
2. Switch the cache return type to &'static FSETable and store the static reference inside FseTables directly (commit 0338876) — the clone disappears, the field becomes a pointer-sized copy.

Effect on small-1k-random/matrix/pure_rust at level 2 dfast measured locally on darwin/aarch64 with criterion:

	Initial baseline	After f928ef4 (cache + clone)	After 0338876 (&'static)	FFI 1.5.7
compress_slice_to_vec	44.25 µs (22.07 MiB/s, 13.4× FFI)	12.67 µs (77.11 MiB/s, 3.9× FFI)	6.08 µs (160.75 MiB/s, 1.83× FFI)	3.31 µs (298.24 MiB/s)

7.3× total compress-time speedup on the small-input scenario. Applies to every level — FseTables::new() runs inside the constructor regardless of strategy. The residual ~2.8 µs gap to FFI is per-frame setup not covered by this change (CompressedBlockScratch::default() Vec allocations, MatchGeneratorDriver Simple-variant init then reset to the level's backend, frame header / hash setup); deferred to a follow-up.

Per-scenario sanity at level_3_dfast (no regressions)

Scenario	Rust (this PR)	FFI 1.5.7	Δ
small-1k-random	1 038 B	1 038 B	=
small-10k-random	10 254 B	10 254 B	=
small-4k-log-lines	150 B	156 B	−4%
decodecorpus-z000033	489 846 B	527 148 B	−7%
high-entropy-1m	1 048 616 B	1 048 613 B	+3 B (noise)
low-entropy-1m	150 B	159 B	−6%

Structural changes (30 commits)

dfast matcher rewrite (Phase 7c core)

1. Donor outer/inner loop rewrite of start_matching_fast_loop (78f51da5):
   • Outer while per match, inner loop per scan position carrying hl0/idxl0/hl1/idxl1 between iterations
   • Two-position lookahead (hl1 precomputed, reused on miss as next iter's hl0)
   • Hash table updated at curr BEFORE match check (donor zstd_double_fast.c:187)
   • Short check is 4-byte gate only (donor MEM_read32); forward common_prefix_len runs only on hit
   • _search_next_long retry with precomputed idxl1 follows donor's preferred-longer-match policy
   • Probes inlined into hot loop via raw pointer arithmetic; probe_slot_match is kept for cold callers
2. MIN_MATCH 6→5 (c6eb5a83) — donor clevels.h:31 default level 3 dfast mls=5; we were silently dropping every 5-byte match.
3. Scalar mul hash (67a47858) — drop CRC32d kernel dispatch on dfast hot path; donor ZSTD_hash8 is one multiply.
4. Repcode peek at ip+1 (5372ae99) — donor zstd_double_fast.c:190 unconditional peek.
5. inline(always) on probe chain (233603fd) — collapse best_match → hash_candidate → probe_slot_match so &self field loads hoist into the hot loop.
6. Skip-step grows by distance (8e72d58b) — donor parity; step grows every kStepIncr positions traveled, not on consecutive-miss threshold.
7. rep1-only inline peek (1e6d5dd5) — donor zstd_double_fast.c inline hot path checks only offset_1; full rep0/rep1/rep2 walk lives in lazy/btopt. Speed −16%, size also −494 B (fewer rep2/rep3 picks displacing better hash matches).
8. LTO=fat + codegen-units=1 scoped to [profile.bench] (70f966b5, bac47a6) — full cross-crate inlining for benches without forcing 5–10× release build-time on cli and downstream consumers.
9. all_blocks adaptive seed in FrameCompressor::compress (079615c0) — scale initial accumulator capacity by source-size hint; saves ~130 KiB peak for ≤4 KiB inputs without regression on medium/large.
10. Fast-loop OOB fix (ef906f7) — tighten fast-loop guards to HASH_READ_SIZE = 8. Previous + DFAST_MIN_MATCH_LEN (5) let the unconditional 8-byte u64::read_unaligned for the long-hash probe read up to 3 bytes past the live history end. Linux fuzz ASan caught it on a 7-byte input (crash-01be...); regression test added in tests/fuzz_regressions.rs.
11. Fast-loop rebase (87a62e3) — call ensure_room_for at fast-loop entry. The inner loop's packed_curr cast (abs_ip0 - position_base) as u32 could truncate after a long stream of all-miss / non-hashable blocks (fast-loop bypasses insert_position's rebase).
12. trim_to_window reclaims prefix (87a62e3) — append compact_history() after the eviction loop so an explicit trim actually frees memory instead of leaving the dead prefix resident until the next add_data.

Cross-level perf + parity refinements (review-driven, recent rounds)

13. FSE default-table cache (f928ef4) — three predefined LL/ML/OF tables now cached in per-helper static AtomicPtr<FSETable>. FrameCompressor::new clones from the cache instead of rebuilding (~38 µs → ~3 µs). Affects every level on every call. core::sync::atomic works in both std and no_std builds; cache slot is selected by the static identity of each helper, not by pointer comparison on the distribution slice (the const slices don't have a stable address guarantee).
14. Tail-position probe (f9d36b1) — added probe_tail_ip0_only, called when the outer iter sees ip0 still hashable but ip1 past the end (boundary pos == current_len - HASH_READ_SIZE). Previously the outer guard broke unconditionally there and left the last hashable position to the seeder, which inserts but does NOT search — a real match in the tail window of a short block would be dropped. Mirrors the inner loop's long+short probe at ip0; the rep peek and _search_next_long retry are skipped (both depend on ip1), matching donor's iend-boundary tradeoff.
15. Short-hash floor enforcement (f9d36b1) — the 4-byte equality gate plus forward extension can produce match_len < 5. Previously the fast loop committed below-floor short hits; now short_cand.match_len >= DFAST_MIN_MATCH_LEN is checked before committing, the _search_next_long retry can still upgrade to a valid long match. Matches the floor probe_slot_match already enforces on the long-hash main path; emitting a 4-byte non-rep match would mint a 13–17-bit offset that costs more than the payload buys.
16. Inner-loop exit shape (900f2114) — replaced implicit Option<MatchCandidate> + sibling tail_seed_anchor pairing with explicit enum InnerExit { Committed(MatchCandidate), Tail(usize) }. Every break 'inner now picks a variant; the post-loop match is exhaustive.
17. Probe equality gate width (ecd2bfd7) — probe_slot_match takes a gate_len parameter (8 for long-hash callers, 4 for short-hash). Replaces the prior 1-byte precheck which let 8-byte-collision short matches slip past the gate.
18. Empty-block guards (ecd2bfd7) — skip_matching / skip_matching_dense / start_matching early-return on current_len == 0. add_data short-circuits empty input without pushing to window_blocks; without the guard these methods would re-seed the previous block's retained tail on every empty flush.
19. trim_to_window Dfast signature (0cbb3004) — drops the unused _reuse_space: impl FnMut(Vec<u8>) parameter. Dfast's history-only storage has no per-block Vec to recycle; saves the cold-path monomorphization that would otherwise inline an empty closure.
20. Doc + soundness polish (0cbb3004) — compress_slice_to_vec now documents # Panics modes; start_matching_fast_loop grows a raw-pointer aliasing invariant block enumerating which fields are accessed through cached raw pointers vs &self (so a future refactor adding a &mut self call inside the loop knows to either hoist the call or reload the cached pointers).
21. FSE cache returns &'static FSETable (0338876) — the AtomicPtr-cached default tables flow as &'static FSETable rather than owned FSETable, eliminating ~4-5 µs of FSETable::clone per FrameCompressor::new. FseTables stores the static reference; clone_fse_tables (used by the block-split estimator) becomes a pointer-sized copy on the three default fields. Cumulative small-input speedup vs baseline goes from 3.5× to 7.3× (44.25 µs → 6.08 µs on 1 KiB random / level 2 dfast). Companion review cleanups in the same commit: probe_tail_ip0_only switches to &self (read-only after the previous round dropped dead writes); get_last_space (trait dispatch entry point) returns &[] on empty window_blocks instead of panicking, mirroring the internal-callsite gate pattern; compress_to_vec rustdoc explicitly calls out "NOT a streaming API" since it materializes the source fully before any compression runs.

The first six commits in the branch are continuation of pre-Phase-7c work (split dfast hash table sizing, port donor single-slot storage, drop window-Vec byte duplication, compress_slice_to_vec allocation tightening, insert_positions inner-loop hoisting). The new structural work begins with c6eb5a83.

Donor-deviation audit

Every commit either (a) moves toward donor parity (most), or (b) does strictly less work and runs faster. Two specific deviations remain:

• kStepIncr = 64 (donor 256) — our step ramp is 4× more aggressive. This favours speed at the cost of scan coverage.
• Dense complementary insert at match (donor uses sparse 3-point curr+2, ip-2, ip-1) — tested swapping to donor's sparse pattern; it regressed both axes (+4% slower, +2.3% larger output). The hash coverage from dense insert compensates for our probe_slot_match doing full forward common_prefix_len on short hits. Switching all probes to donor's 4-byte-gate-only shape would make the sparse insert the right choice; revisit then.

These two deviations together likely explain part of the −7% size delta vs donor on this corpus (extra hash-table coverage finds matches donor's fast path would have skipped). Treating that delta as a "win" is premature until a per-sequence Rust↔FFI diff harness shows whether donor leaves matches on the table or whether our extra inserts are pure overhead.

Deferred (follow-up PRs)

• Decompress 5.3× gap. Profile shows FSE state machine + Huffman decoder dominate; closing the gap needs a 200–500 LOC rewrite per module (audit vs donor FSE_decompress_usingDTable and HUF_decompress*).
• Sequence-stream comparator. Per-sequence diff Rust↔FFI on small fixtures, needed to validate whether our −7% size delta is a real algorithmic win or extra cost we're paying.
• Medium/large memory. Need a per-allocation-site tracker in compare_ffi_memory.rs to identify the source of the residual gap before further work.
• Residual per-frame ctor cost. After the FSE cache + &'static refactor the small-input bench is 1.83× FFI; remaining ~2.8 µs is CompressedBlockScratch::default() Vec init + MatchGeneratorDriver Simple-variant init that resets to the level's actual backend on first compress() + per-frame header/hash setup. Each needs its own profile + measurement loop.
• rep1-only simplification for fast/row/lazy paths analogous to dfast.
• scalar→NEON-overshoot match copy for matches <16 bytes in simd_copy.rs (~1% decompress win).
• block_content_buffer 0-fill skip via set_len + read_exact (~1% decompress win).
• SIMD-XXH64 for frame checksum (~3–4% compress win).

Verification gates

• cargo nextest run --lib --features hash,std,dict_builder — 481 passed, 0 failed (includes new interop_7_byte_input_does_not_oob_in_dfast_fast_loop regression).
• cargo clippy --all-targets --features hash,std,dict_builder — 0 warnings.
• cargo fmt --check — clean.
• level22_sequences_match_donor_on_corpus_proxy — donor-parity canary at level 22 (untouched by this PR).
• huff0::level22_emitted_literal_sections_are_accepted_by_donor_huf_reader — donor reader-acceptance canary.
• 1 000-iteration roundtrip fuzzes (roundtrip_compressible_data_1000_iterations, roundtrip_random_data_1000_iterations, roundtrip_streaming_api_1000_iterations) — all green.
• Linux fuzz interop smoke job — now passes after the HASH_READ_SIZE guard fix; previously failed on the 7-byte input.

Test plan

• CI green on all matrix shards (test/lint/build/codecov/fuzz/CodeRabbit)
• No regression on level 22 sequence parity
• No regression on per-scenario size delta at level 3 dfast
• Donor outer/inner rewrite reviewed for borrow-checker / safety invariants
• rep1-only inline peek isolated to dfast fast loop; repcode_candidate_shared unchanged for lazy/opt callers
• cargo bench --bench compare_ffi re-run on fresh checkout, numbers match the table above

Summary by CodeRabbit

• New Features

  • Added direct byte slice compression method

• Bug Fixes

  • Fixed memory access issue during compression
  • Improved match detection accuracy

• Performance & Optimization

  • Optimized table caching for reduced recomputation
  • Enhanced dynamic buffer allocation based on input size
  • Streamlined compression matching with improved window management

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 40daf3aa-5172-46cd-a5b8-970cd4d93356

📥 Commits

Reviewing files that changed from the base of the PR and between 0cbb300 and 0338876.

📒 Files selected for processing (7)

• zstd/src/encoding/blocks/compressed.rs
• zstd/src/encoding/dfast/mod.rs
• zstd/src/encoding/frame_compressor.rs
• zstd/src/encoding/match_generator.rs
• zstd/src/encoding/mod.rs
• zstd/src/fse/fse_encoder.rs
• zstd/src/fse/mod.rs

---

📝 Walkthrough

Walkthrough

This PR refactors the Dfast match generator to single-slot hash tables with contiguous history, introduces compress_bound and compress_slice_to_vec, tiers FrameCompressor output seeding by source-size hint, updates benches to use the new API, adds FSE table caching, and includes tests (including a 7-byte fuzz regression).

Changes

Dfast backend single-slot redesign and size-hint optimization

Layer / File(s)	Summary
Build profile and ignore configuration Cargo.toml, .gitignore	Bench profile adds lto = "fat" and codegen-units = 1; .gitignore excludes .local/ and fresh zstd/fuzz/artifacts/**.
New compress API and preallocation helper zstd/src/encoding/mod.rs	Adds compress_bound const fn and compress_slice_to_vec(source, level) which preallocates output by min(compress_bound, OUTPUT_BLOCK_CAP); compress_to_vec delegates to the new API.
FrameCompressor size-hint-driven allocation zstd/src/encoding/frame_compressor.rs	Read source_size_hint into a local and seed all_blocks capacity tiered by hinted size (tiny/small seed caps vs default ~130KiB).
Benchmark compression measurement updates zstd/benches/compare_ffi.rs, zstd/benches/compare_ffi_memory.rs	Bench measurement and report-generation compression calls switched from compress_to_vec to compress_slice_to_vec.
Dfast core types and sizing zstd/src/encoding/dfast/mod.rs	Introduce HASH_READ_SIZE and DFAST_REP_MIN_MATCH_LEN; replace per-block window buffers with window_blocks and contiguous history; change short_hash/long_hash to single-slot Vec<u32> with independent short_hash_bits/long_hash_bits.
History and lifecycle operations zstd/src/encoding/dfast/mod.rs	reduce, reset, add_data, trim_to_window, and get_last_space now manage window_blocks/history, evict by block-length accounting, and no longer use reuse callbacks.
Fast-loop scanning and hash probing zstd/src/encoding/dfast/mod.rs	start_matching_fast_loop rewritten into donor outer/inner scanning; added probe_tail_ip0_only; probe_slot_match centralizes gating and match extension.
Rep-extension and insertion semantics zstd/src/encoding/dfast/mod.rs	extend_with_repcode_after_match enforces a rep floor with a cheap 4-byte gate; post-match hash inserts are sparse single-slot overwrites; insert_positions/insert_position reworked and hot helpers annotated.
Match generator integration zstd/src/encoding/match_generator.rs	DFAST_MIN_MATCH_LEN lowered to 5; DFAST_SEARCH_DEPTH removed; MatchGeneratorDriver::reset and trim_after_budget_retire updated to new Dfast reset/trim signatures and window accounting.
Tests & regressions zstd/src/encoding/match_generator.rs, zstd/src/tests/fuzz_regressions.rs	Add dfast_accepts_exact_five_byte_match; update sizing and trimming tests to assert single-slot table sizes and window-based eviction; add interop_7_byte_input_does_not_oob_in_dfast_fast_loop fuzz regression test.
FSE encoder caching zstd/src/fse/fse_encoder.rs	Cache default FSE tables for predefined distributions using AtomicPtr singletons and return &'static FSETable to callers; update call sites to use references.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

• feat: encoder architecture rewrite (split monolith, const-generic Strategy, arena allocator) #111: Directly related — touches Dfast hash-table layout, min-match behavior, and match_generator refactors in the same backend.

Possibly related PRs

• structured-world/structured-zstd#125: Overlaps on rep-extension semantics and Dfast rep-chain changes.
• structured-world/structured-zstd#121: Overlaps on add_data and match-loop/indexing arithmetic.
• structured-world/structured-zstd#34: Related Dfast state/FrameCompressor wiring changes.

"🐇 I nibbled through the code today,
single slots and windows paved the way.
Bounds keep safe, the loops behave —
slice seeds buffers, fuzz no longer fray.
Hooray — a tidy, hop-filled day!"

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main performance improvement: reducing dfast level 3 compression time from 11.0× to 5.5× relative to donor baseline, making it the primary focus of this substantial refactor.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch perf/#111-phase7c-dfast-level3-memory-tail

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 94.12587% with 42 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
zstd/src/encoding/dfast/mod.rs	92.58%	41 Missing ⚠️
zstd/src/encoding/match_generator.rs	98.80%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[Copilot]

Pull request overview

Phase 7c parity push for dfast Level 3: rewrites the dfast fast loop to follow donor's outer/inner structure with two-position lookahead, lowers DFAST_MIN_MATCH_LEN from 6→5, drops the 4-slot bucket layout in favor of donor-parity single-u32 slots with independently sized long/short tables, switches dfast hashing to a single scalar multiply, removes the duplicate VecDeque<Vec<u8>> byte store, and trims output-buffer pre-allocation in compress_to_vec/FrameCompressor::compress. Also enables fat LTO + codegen-units = 1 for all release builds.

Changes:

• Donor-parity dfast rewrite: single-slot tables, outer/inner loop with two-position lookahead, rep1-only inline peek, _search_next_long retry.
• Memory: drop window VecDeque<Vec<u8>> byte duplication, adaptive all_blocks capacity, new compress_slice_to_vec API + compress_bound helper.
• Workspace [profile.release] set to fat LTO + 1 codegen unit; .local/ gitignored.

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
zstd/src/encoding/dfast/mod.rs	Donor-parity fast loop rewrite, single-slot tables, history-only storage, split hash sizing.
zstd/src/encoding/match_generator.rs	DFAST_MIN_MATCH_LEN 6→5, new DFAST_SHORT_HASH_BITS_DELTA, driver paths updated for dfast no-Vec retention, test updates.
zstd/src/encoding/mod.rs	New compress_bound and compress_slice_to_vec; compress_to_vec delegates.
zstd/src/encoding/frame_compressor.rs	Adaptive all_blocks initial capacity based on size hint.
zstd/benches/compare_ffi.rs	Use compress_slice_to_vec.
zstd/benches/compare_ffi_memory.rs	Use compress_slice_to_vec.
Cargo.toml	Workspace-level [profile.release] fat LTO + codegen-units = 1.
.gitignore	Ignore .local/.

Comments suppressed due to low confidence (2)

zstd/src/encoding/dfast/mod.rs:591

• Same out-of-bounds-read concern as the outer-loop load: the unconditional 8-byte u64 read at concat_idx1 is gated only by ip1 + DFAST_MIN_MATCH_LEN (5) <= current_len. When ip1 is within 3 bytes of current_len, this reads past history.len() (the current block is always the trailing block in history, so there is no data after it). Donor C avoids this by clamping ilimit = iend - HASH_READ_SIZE. Either tighten the guard to ip1 + 8 <= current_len or guarantee 8 bytes of zero padding past every appended block.

                let v8_1 = unsafe {
                    (history_base_ptr.add(history_start_offset + concat_idx1) as *const u64)
                        .read_unaligned()
                };
                let hl1_idx = (v8_1.wrapping_mul(PRIME) >> long_shift) as usize;

zstd/src/encoding/dfast/mod.rs:757

• The new fast loop never advances pos on the "no match" path inside the inner loop except by step, and never updates the hash tables at intermediate positions skipped by step. Donor zstd_double_fast.c only inserts at curr (which this code does at line 525-528), so that part matches. However, when the inner loop exits with committed = None (line 752 break 'outer), seed_remaining_hashable_starts runs from pos (which still holds the outer-iter's starting pos, not the advanced ip1). The unreachable-tail positions between the outer-iter pos and the final ip1 therefore never get their hash entries seeded for the next block. Verify this matches donor's tail-seed behavior — if donor seeds from ip (advanced) rather than the outer start, this is a hash-coverage regression that will hurt cross-block ratio.

            match committed {
                Some((candidate, _match_pos_rel, _lit_len_at_match)) => {
                    let start = self.emit_candidate(
                        current_abs_start,
                        &mut literals_start,
                        candidate,
                        handle_sequence,
                    );
                    pos = start + candidate.match_len;
                    pos = self.extend_with_repcode_after_match(
                        current_abs_start,
                        current_len,
                        pos,
                        &mut literals_start,
                        handle_sequence,
                    );
                }
                None => break 'outer,
            }
        }

        self.seed_remaining_hashable_starts(current_abs_start, current_len, pos);
        self.emit_trailing_literals(literals_start, handle_sequence);

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@zstd/benches/compare_ffi.rs`:
- Around line 216-219: The timed pure_rust compress benchmark still calls the
old API; update the loop to use
structured_zstd::encoding::compress_slice_to_vec(&scenario.bytes[..],
level.rust_level) instead of compress_to_vec so the benchmark measures the new
slice API consistently—locate the pure_rust timed loop that assigns to
rust_compressed (and any other occurrences of compress_to_vec in that benchmark)
and replace them with calls to compress_slice_to_vec using the same inputs
(scenario.bytes and level.rust_level).

In `@zstd/src/encoding/match_generator.rs`:
- Around line 680-683: The current comment incorrectly states that
trim_to_window reports evicted bytes via the provided closure; update the
comment in match_generator.rs to reflect that we now use history as the sole
byte store and compute evicted bytes by comparing window_size before and after
calling trim_to_window (the eviction callback intentionally does not fire in
this path and the regression around the callback expects that behavior). Mention
the relevant symbols: history, window_size, and trim_to_window, and clarify that
eviction counts are derived from window_size delta rather than the closure so
future readers don't simplify this path incorrectly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f56b9396-0fdb-4610-8902-a2cdcace61cb

📥 Commits

Reviewing files that changed from the base of the PR and between 9d6a4fc and 079615c.

📒 Files selected for processing (8)

• .gitignore
• Cargo.toml
• zstd/benches/compare_ffi.rs
• zstd/benches/compare_ffi_memory.rs
• zstd/src/encoding/dfast/mod.rs
• zstd/src/encoding/frame_compressor.rs
• zstd/src/encoding/match_generator.rs
• zstd/src/encoding/mod.rs

[sw-release-bot]

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'structured-zstd vs C FFI (x86_64-gnu)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.30.

Benchmark suite	Current: 0338876	Previous: 1e0f695	Ratio
compress/level_22_btultra2/small-4k-log-lines/matrix/c_ffi	0.112 ms	0.067 ms	1.67
compress/level_22_btultra2/decodecorpus-z000033/matrix/c_ffi	269.687 ms	171.961 ms	1.57

This comment was automatically generated by workflow using github-action-benchmark.

CC: @polaz

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@zstd/src/encoding/dfast/mod.rs`:
- Around line 292-299: trim_to_window currently only updates window_blocks and
cursor counters but leaves the evicted prefix in the history Vec<u8>, so memory
isn't reclaimed; change the logic to accumulate the total evicted bytes (sum of
removed_len popped from window_blocks), update
window_size/history_start/history_abs_start as you already do, then remove that
prefix from the history buffer (e.g., by draining 0..total_evicted or replacing
history with history.split_off(total_evicted)) so the underlying allocation no
longer retains the dead prefix; adjust the function around trim_to_window,
window_blocks, history, history_start, and history_abs_start to perform the
single prefix-trim after the pop loop.
- Around line 483-577: The fast-loop can pack a truncated position into
packed_curr because position_base may be stale; before computing packed_curr and
writing to long_hash_ptr/short_hash_ptr (the code around packed_curr creation
and the unsafe writes for hl0_idx/hs0_idx), ensure the position window is valid
by calling the rebasing helper (ensure_room_for or equivalent) with the current
absolute position (e.g. ensure_room_for(abs_ip0/current_abs_start + ip0) or a
dedicated rebase call) so position_base is advanced if needed, then compute
packed_curr and proceed to store; this prevents u32 truncation of large absolute
positions that would poison the hash tables.

In `@zstd/src/encoding/match_generator.rs`:
- Around line 4862-4864: Update the test comment around the assertion involving
MIN_HINTED_WINDOW_LOG and MIN_WINDOW_LOG to remove the misleading phrase "so
both tables can equal the floor" and instead state that short-hash is clamped to
MIN_WINDOW_LOG to preserve the one-bit split model (i.e., the short table is at
the floor while the long table uses the hinted size represented by hinted_long /
1 << MIN_HINTED_WINDOW_LOG). Reference the symbols MIN_HINTED_WINDOW_LOG,
MIN_WINDOW_LOG and the local hinted_long in the comment so maintainers clearly
understand the intended sizing behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2867c792-63ee-4243-8f2f-39ccacdc6392

📥 Commits

Reviewing files that changed from the base of the PR and between 079615c and bac47a6.

📒 Files selected for processing (7)

• Cargo.toml
• zstd/benches/compare_ffi.rs
• zstd/fuzz/artifacts/interop/crash-01be627ce8fc516b40e237ce6115933fd74c0dc7
• zstd/src/encoding/dfast/mod.rs
• zstd/src/encoding/match_generator.rs
• zstd/src/encoding/mod.rs
• zstd/src/tests/fuzz_regressions.rs

[Copilot]

Pull request overview

Copilot reviewed 9 out of 10 changed files in this pull request and generated 10 comments.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 9 changed files in this pull request and generated 3 comments.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 9 changed files in this pull request and generated 7 comments.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@zstd/src/encoding/dfast/mod.rs`:
- Around line 879-955: The short-hit branch currently commits any 4-byte
equality; require DFAST_MIN_MATCH_LEN before committing: after computing
s_match_len (and before computing short_cand / setting chosen/committing), check
if s_match_len >= DFAST_MIN_MATCH_LEN and only then proceed to compute
short_cand and allow committing via InnerExit::Committed; otherwise treat it as
a non-accepted short hit and only permit promotion if the `_search_next_long`
retry (idxl1 -> l1_match_len) yields a strictly longer match that also meets the
minimum; if no valid upgrade occurs, do not break/commit—continue the loop.
Ensure checks reference idxs0, s_match_len, short_cand, idxl1, l1_match_len,
extend_backwards_shared and InnerExit::Committed.
- Around line 644-653: The check that currently does "if ip1 + HASH_READ_SIZE >
current_len { break 'outer; }" prematurely exits the outer loop when ip1 can't
read 8 bytes, skipping a still-hashable ip0; change this so we only break the
outer loop when ip0 is unhashable. Concretely, replace the unconditional break
with logic that checks ip0 + HASH_READ_SIZE and only breaks if ip0 is also out
of range; otherwise skip ip1-specific work (e.g., continue the outer loop or
proceed to handle ip0) so the final hashable start at pos is still probed.
Ensure you touch the block around ip0, ip1, pos, step, HASH_READ_SIZE and
current_len to implement this conditional behavior.

In `@zstd/src/encoding/match_generator.rs`:
- Around line 6985-6993: The test must assert the trim_to_window closure is not
invoked: wrap the closure passed to matcher.trim_to_window with a mutable flag
(e.g., called_or_triggered) or AtomicBool captured by the closure, have the
closure set that flag if invoked, call matcher.trim_to_window(|_| { ... }), then
assert the flag is still false along with the existing assertions on
matcher.window_size, matcher.window_blocks.len(), and matcher.history_abs_start;
this ensures the trim callback remains silent and the Dfast eviction contract is
preserved.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 51b581e1-6fb9-4788-9bfb-0fd7d2c74d51

📥 Commits

Reviewing files that changed from the base of the PR and between 8a6df9f and 900f211.

📒 Files selected for processing (3)

• zstd/src/encoding/dfast/mod.rs
• zstd/src/encoding/match_generator.rs
• zstd/src/encoding/mod.rs

[coderabbitai]

♻️ Duplicate comments (1)

zstd/src/encoding/dfast/mod.rs (1)

879-957: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Short-hash path can commit matches below DFAST_MIN_MATCH_LEN floor.

The 4-byte equality gate at Line 890 accepts any collision where the first 4 bytes match. After forward extension (which can add 0 bytes if the 5th byte differs) and backward extension (which can also add 0 bytes), short_cand.match_len can be exactly 4. The _search_next_long retry only upgrades if it finds something strictly longer, so a 4-byte short-cand commits unchanged.

Meanwhile, probe_slot_match (Line 1437) explicitly rejects match_len < DFAST_MIN_MATCH_LEN. The fast-loop inline path bypasses that check.

Add a floor check before committing:

                         let short_cand = extend_backwards_shared(
                             concat,
                             history_abs_start,
                             cand_pos_s,
                             abs_ip0,
                             s_match_len,
                             lit_len_ip0,
                         );
+                        if short_cand.match_len < DFAST_MIN_MATCH_LEN {
+                            // 4-byte gate passed but total length < 5; treat as miss.
+                            // Continue inner loop without committing.
+                        } else {
                         // Donor `_search_next_long` retry...
                         let mut chosen = short_cand;
                         ...
                         break 'inner InnerExit::Committed(chosen);
+                        }

The retry should also only run when short_cand.match_len >= DFAST_MIN_MATCH_LEN, since the donor's _search_next_long is a quality optimization after a valid short hit, not a fallback for sub-threshold hits.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@zstd/src/encoding/dfast/mod.rs` around lines 879 - 957, The short-hash path
can commit matches shorter than DFAST_MIN_MATCH_LEN because the 4-byte gate
(using idxs0 and v4_0) allows a short_cand.match_len == 4 to be committed; fix
by adding a floor check before committing the short candidate: ensure
short_cand.match_len >= DFAST_MIN_MATCH_LEN (and only run the
`_search_next_long` retry when that condition holds) before calling
extend_backwards_shared and before returning Committed(chosen). Update the block
that computes short_cand (around use of idxs0, v4_0, extend_backwards_shared and
short_cand.match_len) to gate commit/upgrade logic with DFAST_MIN_MATCH_LEN.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@zstd/src/encoding/dfast/mod.rs`:
- Around line 879-957: The short-hash path can commit matches shorter than
DFAST_MIN_MATCH_LEN because the 4-byte gate (using idxs0 and v4_0) allows a
short_cand.match_len == 4 to be committed; fix by adding a floor check before
committing the short candidate: ensure short_cand.match_len >=
DFAST_MIN_MATCH_LEN (and only run the `_search_next_long` retry when that
condition holds) before calling extend_backwards_shared and before returning
Committed(chosen). Update the block that computes short_cand (around use of
idxs0, v4_0, extend_backwards_shared and short_cand.match_len) to gate
commit/upgrade logic with DFAST_MIN_MATCH_LEN.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 95a00898-d756-4a55-8511-fe6fd9637d4d

📥 Commits

Reviewing files that changed from the base of the PR and between 8a6df9f and 900f211.

📒 Files selected for processing (3)

• zstd/src/encoding/dfast/mod.rs
• zstd/src/encoding/match_generator.rs
• zstd/src/encoding/mod.rs

[Copilot]

Pull request overview

Copilot reviewed 9 out of 10 changed files in this pull request and generated 8 comments.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 10 changed files in this pull request and generated 6 comments.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 11 out of 12 changed files in this pull request and generated no new comments.

[polaz]

Superseded by #146 — same final tree, history squashed from 30 commits to 3 logical commits, scope clarified per restructured Phase 7 plan in #111 (this is Phase 7pre: enablement, not the original misleading 'level 3 parity gap' title). Closing to clean the review surface; CodeRabbit / Copilot will re-run on #146 from a clean slate.