Ruby

I want this feature as a user of IO::Buffer#get_string and the author of GLib::Bytes#to_s. Both of them are for processing Apache Arrow data effectively.

When a String referencing a small slice of a large buffer remains reachable, the entire backing object is kept alive. This is the same concern that led Java to remove the shared-backing optimization from String.substring() in Java 7.

If we can embed the target data, I think that rb_str_new_external() can behave like rb_str_new() (we can copy the target data). If we do so, we can reuse the 4 flag value (STR_PRECOMPUTED_HASH) for this case. Because STR_PRECOMPUTED_HASH is used only for embedded string.

IO::Buffer#get_string now copies those bytes into a new String. With this API, the returned String can reference the source String directly:

return rb_enc_str_new_external((const char *)base + offset, length, encoding, buffer->source);

Can we use self not buffer->source for parent? If we use self not buffer->source, we can use this optimization for IO::Buffer.map (that doesn't use buffer->source) too.

Somewhat related proposal: [Feature #20878]

I also wonder, this new "external" string is supposed to be mutable? If so that may increase string.c complexity significantly, as all codepaths that normally resize the string buffer will need to behave differently with this new type of string.

Thanks @kou (Kouhei Sutou)

Can we use self not buffer->source for parent? If we use self not buffer->source, we can use this optimization for IO::Buffer.map (that doesn't use buffer->source) too.

The io_buffer_free method internally executes buffer->source = Qnil, so when self is used for parent, str would keep the IO::Buffer alive, but the IO::Buffer would release its T_STRING reference, potentially causing the T_STRING to be garbage collected.

Using buffer->source for parent is one of the simplest workarounds for this issue.
However, considering future applications to IO::Buffer.map, changing the behavior to use self for parent (while modifying io_buffer_free to skip the free operation while there are still references) would be the more clean solution to address this issue.

Thank you @byroot (Jean Boussier), for pointing out the concern.

We are designing this new "external" string to be mutable.
Regarding the complexity concern, the mechanism for handling cases where the zero-copy returned string is modified can be implemented without requiring new code paths by leveraging the existing STR_NOFREE mechanism.
Therefore, I do not expect this to significantly increase the complexity of string.c.

by leveraging the existing STR_NOFREE mechanism.

I see. So it's mutable, but Copy-on-Write. If you mutate the string, all the content is copied in a buffer managed by Ruby.

I see. So it's mutable, but Copy-on-Write. If you mutate the string, all the content is copied in a buffer managed by Ruby.

Yes, that's correct.

Another though: what does it means for coderanges? Since the buffer is owned by another object, it can be mutated without going through one of String methods, which means things like ENC_CODERANGE_CLEAR won't happen.

Perhaps it's acceptable, but that may cause weird behaviors for many methods.

Thank you for raising this, it's a good point worth keeping in mind.

The zero-copy path only applies to READONLY buffers, and T_STRING stored in buffer->source is guaranteed to be frozen by the design of IO::Buffer.for. Since there is currently no mechanism to modify the backing memory, I believe this has no impact.

However, when extended to IO::Buffer.map, shared mappings could cause the coderange to become stale, because an external process can modify the underlying file and those changes are immediately visible through the mapping.

himura467 (Akito Shitara) wrote:

rb_str_new_static avoids copying but is only safe for storage that lives forever.

For what it's worth, I'm unconvinced this existing optimization is paying off (and I intend to remove it from the fstring case, where it definitely isn't). At least in CRuby itself at boot we create ~500 strings using this and almost all of them are embeddable in a 40 byte object. The largest is only ~80 bytes (RUBY_DESCRIPTION) and the second-largest is only 50, so copying is trivial. We're creating less cache friendly strings for no reason.

There's also a small gotcha to strings being created with rb_str_new_static that any similar technique would inherit: they require that buf[0] to buf[len+enc.termlen] be readable for str_fill_term (documentation says len+1, but I think it's actually more for ex. utf16). That doesn't seem like a guarantee ex. g_bytes_get_data would provide when making a string containing the full buffer.

himura467 (Akito Shitara) wrote:

This relies on undocumented GC behavior, incurs ivar table allocation overhead, and leaves lifetime management entirely to the caller.

What do you mean by "undocumented GC behavior"?
Isn't it only relying on an object keeping its ivar values alive? That's well documented.

The returned String holds a direct GC reference to the source String, so it remains valid even after the buffer is freed.

This breaks RSTRING_PTR() guaranteeing to return a \0-terminated String, aka SHARABLE_MIDDLE_SUBSTRING not being enabled currently (#19315).
I don't think it makes sense to break that invariant in a single case, that would be very error-prone.
We should either remove the invariant completely (or design some migration path), or keep it holding always.

My feeling is rb_str_new_static() + rb_ivar_set() is good enough for this use case.

Thank you @jhawthorn (John Hawthorn)

For what it's worth, I'm unconvinced this existing optimization is paying off (and I intend to remove it from the fstring case, where it definitely isn't). At least in CRuby itself at boot we create ~500 strings using this and almost all of them are embeddable in a 40 byte object. The largest is only ~80 bytes (RUBY_DESCRIPTION) and the second-largest is only 50, so copying is trivial. We're creating less cache friendly strings for no reason.

The use cases we have in mind involve large or frequently accessed data where copy overhead matters. IO::Buffer#get_string on file mappings or network buffers is one example. That's a different concern from boot-time strings.

There's also a small gotcha to strings being created with rb_str_new_static that any similar technique would inherit: they require that buf[0] to buf[len+enc.termlen] be readable for str_fill_term (documentation says len+1, but I think it's actually more for ex. utf16). That doesn't seem like a guarantee ex. g_bytes_get_data would provide when making a string containing the full buffer.

For the MAPPED case the implementation guards with offset + length + termlen <= buffer->size, ensuring those bytes fall within the mapped region. For the string-backed case there's a gap when the requested encoding has a larger termlen than the source, so the guard should be offset + length + termlen <= buffer->size + src_termlen. We've updated the implementation accordingly. The g_bytes_get_data concern for full-buffer strings is valid: callers need to ensure at least termlen bytes past the data are allocated.

Thank you @Eregon (Benoit Daloze)

What do you mean by "undocumented GC behavior"?
Isn't it only relying on an object keeping its ivar values alive? That's well documented.

Agreed, "undocumented" was imprecise. What I meant is that the relationship is fragile at the API level: the two-step pattern can silently be omitted, the chosen key is a convention rather than a guarantee, and the ivar can be cleared by Ruby-level code (instance_variable_set), invalidating the pointer without any warning. The proposed API encodes the dependency into the allocation itself, making it impossible to accidentally omit.

This breaks RSTRING_PTR() guaranteeing to return a \0-terminated String, aka SHARABLE_MIDDLE_SUBSTRING not being enabled currently (#19315).
I don't think it makes sense to break that invariant in a single case, that would be very error-prone.
We should either remove the invariant completely (or design some migration path), or keep it holding always.
My feeling is rb_str_new_static() + rb_ivar_set() is good enough for this use case.

The concern is fair in the context of #19315: RSTRING_PTR() is widely assumed to return a \0-terminated pointer, and C extensions that pass it directly to C string functions would silently misbehave if ptr[len] is not \0.

That said, rb_str_new_static has the same property when used with arbitrary memory: it sets STR_NOFREE without writing \0 at ptr[len] (https://github.com/ruby/ruby/blob/b6e4fa71d514796ee826b1257bfd7b2a177f5f09/string.c#L1187). For the GLib::Bytes use case, g_bytes_get_data() does not guarantee a \0 byte past the end, so the existing workaround has the identical exposure at the RSTRING_PTR() level.

StringValueCStr is handled correctly for both: str_dependent_p returns true for STR_NOFREE strings, so str_fill_term takes the dependent path and calls str_make_independent_expand if \0 is absent, writing the terminator into a fresh allocation without touching the source.

If the RSTRING_PTR() invariant concern is a blocker for this proposal, it applies equally to rb_str_new_static with non-literal memory. The longer-term fix (making RSTRING_PTR() itself handle lazy strings as discussed in #19315) would benefit both approaches.

byroot (Jean Boussier) wrote in #note-9:

Another though: what does it means for coderanges? Since the buffer is owned by another object, it can be mutated without going through one of String methods, which means things like ENC_CODERANGE_CLEAR won't happen.

Perhaps it's acceptable, but that may cause weird behaviors for many methods.

Good point. We should add "the buffer owned by another object must not be mutated" as a caller's responsibility.

jhawthorn (John Hawthorn) wrote in #note-11:

himura467 (Akito Shitara) wrote:

rb_str_new_static avoids copying but is only safe for storage that lives forever.

For what it's worth, I'm unconvinced this existing optimization is paying off (and I intend to remove it from the fstring case, where it definitely isn't). At least in CRuby itself at boot we create ~500 strings using this and almost all of them are embeddable in a 40 byte object. The largest is only ~80 bytes (RUBY_DESCRIPTION) and the second-largest is only 50, so copying is trivial. We're creating less cache friendly strings for no reason.

Interesting. We may be able to add an optimization for embeddable data if embedded String is faster: rb_str_new_static() returns a embedded String for embeddable data. But it's out-of-scope of this proposal. Let's discuss it separately. Do we already have an issue for this case?

There's also a small gotcha to strings being created with rb_str_new_static that any similar technique would inherit: they require that buf[0] to buf[len+enc.termlen] be readable for str_fill_term (documentation says len+1, but I think it's actually more for ex. utf16). That doesn't seem like a guarantee ex. g_bytes_get_data would provide when making a string containing the full buffer.

Good point. We should add "the buffer owned by another object must have len + enc.termlen size" as a caller's responsibility.

Eregon (Benoit Daloze) wrote in #note-12:

The returned String holds a direct GC reference to the source String, so it remains valid even after the buffer is freed.

This breaks RSTRING_PTR() guaranteeing to return a \0-terminated String, aka SHARABLE_MIDDLE_SUBSTRING not being enabled currently (#19315).

Good point. We should add "the buffer owned by another object must be zero-terminated" as a caller's responsibility.

We may be able to remove the restriction later. Let's discuss it in #19315 not here.

Let's focus on whether we should add a new API for rb_str_new_static() + rb_ivar_set() for memory efficient String creation or not in this issue. We have some missing features such as #19315 to use the new API widely for now. But we can improve the current situation step-by-step.

If we should consider this new API after all related improvements are done, let's do it.
If we can consider this new API that still has some restrictions for these listed use cases, let's discuss this now.

My feeling is rb_str_new_static() + rb_ivar_set() is good enough for this use case.

This proposal's motivation is memory efficiency. If we think memory overhead by rb_ivar_set() should not be cared, we don't need the proposed API.

Thanks for the proposal. Let me clarify my position.

I am not opposed to introducing this API in principle. The use case is real, and I do not think rb_str_new_static + ivar is a proper substitute. They have different lifetime semantics: rb_str_new_static is designed for storage that lives forever, while this proposal expresses a dependency on an arbitrary Ruby object whose lifetime is managed by GC. Encoding that dependency into the allocation itself is the right direction.

The blocker for me is the \0-termination invariant of RSTRING_PTR() that Eregon raised. Many C extensions rely on it. This is the same underlying question as #19315, and I would like to settle the direction there before committing to a new C API. Once we have decided how strings backed by externally-owned memory should behave with respect to RSTRING_PTR(), I am open to this proposal.

On the other concerns:

• Ensuring the source buffer is not mutated should be the caller's responsibility. The API does not need to defend against it.
• The termlen readability is worth thinking about, but I see it as future work, not a blocker.

Let us continue the discussion on #19315.

Matz.