Skip to content

buffer: optimize buffer.concat performance#61721

Open
mertcanaltin wants to merge 6 commits intonodejs:mainfrom
mertcanaltin:mert/buffer-concat-optimize-js
Open

buffer: optimize buffer.concat performance#61721
mertcanaltin wants to merge 6 commits intonodejs:mainfrom
mertcanaltin:mert/buffer-concat-optimize-js

Conversation

@mertcanaltin
Copy link
Member

@mertcanaltin mertcanaltin commented Feb 7, 2026
edited
Loading

Removed the _copyActual indirection in the copy loop and called TypedArrayPrototypeSet directly.
Split auto-length and explicit-length paths so the auto-length copy loop is branch free. Replaced Buffer.allocUnsafe with allocate to skip redundant validation.

benchmark results:

➜  node git:(mert/buffer-concat-optimize-js) ✗ node-benchmark-compare ./result.csv
                                                                            confidence improvement accuracy (*)    (**)   (***)
buffers/buffer-concat-fill.js n=800000 extraSize=1                                   *     10.37 %       ±9.47% ±13.37% ±19.13%
buffers/buffer-concat-fill.js n=800000 extraSize=1024                                       2.91 %       ±6.22%  ±8.53% ±11.62%
buffers/buffer-concat-fill.js n=800000 extraSize=256                                 *      7.05 %       ±6.13%  ±8.41% ±11.49%
buffers/buffer-concat.js n=800000 withTotalLength=0 pieceSize=1 pieces=16           **      1.76 %       ±1.18%  ±1.64%  ±2.26%
buffers/buffer-concat.js n=800000 withTotalLength=0 pieceSize=1 pieces=4           ***      5.20 %       ±1.21%  ±1.65%  ±2.25%
buffers/buffer-concat.js n=800000 withTotalLength=0 pieceSize=16 pieces=16          **      1.96 %       ±1.17%  ±1.61%  ±2.21%
buffers/buffer-concat.js n=800000 withTotalLength=0 pieceSize=16 pieces=4          ***      3.06 %       ±1.50%  ±2.06%  ±2.84%
buffers/buffer-concat.js n=800000 withTotalLength=0 pieceSize=256 pieces=16                 1.93 %       ±8.35% ±11.48% ±15.73%
buffers/buffer-concat.js n=800000 withTotalLength=0 pieceSize=256 pieces=4                  2.37 %       ±6.69%  ±9.34% ±13.12%
buffers/buffer-concat.js n=800000 withTotalLength=1 pieceSize=1 pieces=16                  -0.59 %       ±0.99%  ±1.36%  ±1.86%
buffers/buffer-concat.js n=800000 withTotalLength=1 pieceSize=1 pieces=4           ***      5.17 %       ±1.25%  ±1.71%  ±2.33%
buffers/buffer-concat.js n=800000 withTotalLength=1 pieceSize=16 pieces=16                  0.98 %       ±1.45%  ±2.02%  ±2.81%
buffers/buffer-concat.js n=800000 withTotalLength=1 pieceSize=16 pieces=4          ***      4.44 %       ±1.89%  ±2.62%  ±3.62%
buffers/buffer-concat.js n=800000 withTotalLength=1 pieceSize=256 pieces=16          *     -1.97 %       ±1.89%  ±2.63%  ±3.67%
buffers/buffer-concat.js n=800000 withTotalLength=1 pieceSize=256 pieces=4         ***      3.55 %       ±1.08%  ±1.49%  ±2.04%

Be aware that when doing many comparisons the risk of a false-positive result increases.
In this case, there are 15 comparisons, you can thus expect the following amount of false-positive results:
  0.75 false positives, when considering a   5% risk acceptance (*, **, ***),
  0.15 false positives, when considering a   1% risk acceptance (**, ***),
  0.01 false positives, when considering a 0.1% risk acceptance (***)
➜  node git:(mert/buffer-concat-optimize-js) ✗

@nodejs-github-bot nodejs-github-bot added buffer Issues and PRs related to the buffer subsystem. needs-ci PRs that need a full CI run. labels Feb 7, 2026
@codecov
Copy link

codecov bot commented Feb 7, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 89.74359% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.72%. Comparing base (3ab9dd8) to head (1898304).
⚠️ Report is 13 commits behind head on main.

Files with missing lines Patch % Lines
lib/buffer.js 89.74% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #61721      +/-   ##
==========================================
- Coverage   89.73%   89.72%   -0.01%     
==========================================
  Files         675      675              
  Lines      204502   204555      +53     
  Branches    39304    39311       +7     
==========================================
+ Hits       183502   183542      +40     
- Misses      13283    13309      +26     
+ Partials     7717     7704      -13
Files with missing lines Coverage Δ
lib/buffer.js 99.16% <89.74%> (-0.63%) ⬇️

... and 46 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

ChALkeR
ChALkeR reviewed Feb 7, 2026
View reviewed changes
Copy link
Member

@ChALkeR ChALkeR left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See #60399 (comment)

Shouldn't _copyActual be just using TypedArrayPrototypeSet since #60399?
cc @gurgunday

ChALkeR
ChALkeR reviewed Feb 7, 2026
View reviewed changes
benjamingr
benjamingr reviewed Feb 7, 2026
View reviewed changes
@gurgunday gurgunday added the needs-benchmark-ci PR that need a benchmark CI run. label Feb 7, 2026
gurgunday
gurgunday reviewed Feb 7, 2026
View reviewed changes
Copy link
Member

@gurgunday gurgunday left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the ping @ChALkeR

Yeah so other than inlining what we did in _copyActual (#60399), this PR avoids going through _copy even in the non sourceStart === 0 && nb === sourceLen (partial copy) case (I remember that we'd talked about doing this in a follow-up PR anyway)

I like that change

lib/buffer.js
Comment on lines +635 to +637
if (pos < length) {
TypedArrayPrototypeFill(buffer, 0, pos, length);
}
Copy link
Member

@gurgunday gurgunday Feb 7, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we even hit this part? I think this is unreachable because you moved type validation to the beginning and it will always fill after going through all of them?

Copy link
Member Author

@mertcanaltin mertcanaltin Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's still reachable if a buffer gets detached between the validation and copy loops buf.length becomes 0, pos won't advance, leaving uninitialized bytes without the zero-fill.

Copy link
Member

@gurgunday gurgunday Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really sure how it can be detached unless a length getter is compromised. It's all synchronous code here?

In any case, it would be nice to have coverage for it

Other than coverage, the PR LGTM

Copy link
Member

@Renegade334 Renegade334 Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about an assert here?

(Attempting to read from a detached buffer should throw an error from the engine in any case.)

Copy link
Member

@jasnell jasnell Feb 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the buffer gets detached between these points should actually cause the Uint8Array.prototype.set operation to fail.

Consider the example:

const u8_1 = new Uint8Array([1,2,3,4]);
const u8_2 = new Uint8Array([5,6,7,8]);

let called = false;

Object.defineProperty(u8_1, 'length', {
  get() {
    // The first time this is called, return the actual length of the array
    // The second time this is called, we'll also transfer the ArrayBuffer of the second

    if (!called) {
      called = true;
    } else {
      u8_2.buffer.transfer();
    }
    return 4;
  },
});

const buf = Buffer.concat([u8_1, u8_2]);
console.log(buf);
node:buffer:631
      TypedArrayPrototypeSet(buffer, buf, pos);
      ^

TypeError: Cannot perform %TypedArray%.prototype.set on a detached ArrayBuffer
    at Buffer.set (<anonymous>)
    at Buffer.concat (node:buffer:631:7)
    at Object.<anonymous> (/home/jsnell/tmp/fubar.js:20:20)
    at Module._compile (node:internal/modules/cjs/loader:1811:14)
    at Object..js (node:internal/modules/cjs/loader:1942:10)
    at Module.load (node:internal/modules/cjs/loader:1532:32)
    at Module._load (node:internal/modules/cjs/loader:1334:12)
    at wrapModuleLoad (node:internal/modules/cjs/loader:255:19)
    at Module.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:154:5)
    at node:internal/main/run_main_module:33:47

Node.js v26.0.0-pre

I'm all for being defensive here tho.

Copy link
Member

@jasnell jasnell Feb 8, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the bigger challenge here is that this does introduce a breaking security risk. Consider the following case:

const u8_1 = new Uint8Array([1,2,3,4]);
const u8_2 = new Uint8Array([5,6,7,8]);

let called = false;

Object.defineProperty(u8_1, 'length', {
  get() {
    return 100;
  },
});

const buf = Buffer.concat([u8_1, u8_2]);
console.log(buf);

Then comparing the output between current node.js and this PR:

// This PR
jsnell@james-cloudflare-build:~/projects/node/node$ ./node ~/tmp/fubar.js 
<Buffer 01 02 03 04 30 70 00 00 f0 b3 61 64 30 70 00 00 00 2d 8b 1d 77 5e 00 00 00 2d 8b 1d 77 5e 00 00 e9 1e 4a 3e ed 01 00 00 21 1f 4a 3e ed 01 00 00 71 1f ... 54 more bytes>

// Original
jsnell@james-cloudflare-build:~/projects/node/node$ node ~/tmp/fubar.js 
<Buffer 01 02 03 04 05 06 07 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... 54 more bytes>
jsnell@james-cloudflare-build:~/projects/node/node$

Copy link
Member

@Renegade334 Renegade334 Feb 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TypedArrayPrototypeGetLength would be the tonic there, presumably.

Copy link
Member

@jasnell jasnell Feb 8, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably. Also just make sure that Uint8Array.prototype.set itself does not call the user overide getter (it shouldn't.. but let's confirm)

Copy link
Member Author

@mertcanaltin mertcanaltin Feb 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, switched to TypedArrayPrototypeGetByteLength to avoid the spoofed length getter. Zero-fill kept as defensive measure.

gurgunday
gurgunday reviewed Feb 7, 2026
View reviewed changes
@mertcanaltin
Copy link
Member Author

mertcanaltin commented Feb 7, 2026

I updated bench result: #61721 (comment)

Renegade334
Renegade334 reviewed Feb 7, 2026
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChALkeR ChALkeR ChALkeR left review comments

@jasnell jasnell jasnell left review comments

@benjamingr benjamingr benjamingr left review comments

@Renegade334 Renegade334 Renegade334 left review comments

@gurgunday gurgunday gurgunday left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

buffer Issues and PRs related to the buffer subsystem. needs-benchmark-ci PR that need a benchmark CI run. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@mertcanaltin @ChALkeR @jasnell @benjamingr @Renegade334 @gurgunday @nodejs-github-bot