One question: does OCaml actually guarantee that int is "modulo" — i.e. that overflow wraps? If not, I'll need to tweak things a bit.

The "Integer arithmetic" section in Pervasives' doc starts with:

Integers are 31 bits wide (or 63 bits on 64-bit processors). All operations are taken modulo 2^31
(or 2^63). They do not fail on overflow.

js_of_ocaml has 32-bit integers (with modulo semantics, I believe), and probably Bucklescript as well.

(I don't know what's the maximum string length for JS backends, but I can very well imagine that it is not small enough compared to max_int to make the overflow detection safe with the unrolling hack. That said, missing an overflow in a JS backend is probably harmless: no "segfault", just a JS exception.)

Which inputs did you use for the benchmark? The optimization is cute, but I wonder what's the impact on the whole String.concat (not just the length computation). If the cost of the first List.iter deserves the optimization, so should the cost of the second one.

For the benchmark I used separators of length zero and one (which together account for the majority of calls to String.concat in the OCaml implementation), and strings of length 26.

If the cost of the first List.iter deserves the optimization, so should the cost of the second one.

Indeed. And there are further opportunities to improve the performance of the function overall. For example, since zero-length separators are common, it might be worth detecting that case upfront and avoiding n-1 calls to unsafe_blit that have no effect.

The unrolling uses the following observation: since Sys.max_string_length is significantly smaller than max_int

I personally don't like this assumption and Alain already pointed places where it may not hold. Since I have the same bug in Astring I have been thinking about solving the problem a bit differently.

My idea is to check each addition of the members of the list and at the same time count the separators (in other words compute list length - 1). At the end of the loop we can do some arithmetic to see if 1) multiplying the sep length by the sep count would be greater than Sys.max_string_length 2) check if adding the total sep lengths to the accumulated lengths is greater than Sys.max_string_length.

Now, of course the sep count could overflow aswell. However in order to do on a 32-bit platform your list would need to be of length > (1 lsl 31). But this list would use ((1 lsl 31) * 4 * 2) / (1024 * 1024 * 1024) = 16Go of memory which is beyond the addressable memory limit.

What I said can be seen in code here.

I don't know what's the maximum string length for JS backends

js_of_ocaml retains 32-bit OCaml's string restrictions, but has 32-bit rather than 31-bit ints:

Bucklescript is less constrained by convention, and has Sys.max_string_length > max_int.

In JS vm, the string is represented by a rope, so the limit would be memory.
For this function in particular, we probably we will provide a much more efficient alternative for JS backend(shortcut String.concat avoid using buffer), so it may not affect us.
But it would be nice to avoid exception as a control flow if you can, local exception is preferred if necessary.

@yallop What are you benchmarking here exactly ? The cost of concat, or the cost of computing the final size ? A naive solution would be to keep the current (wrong) final size computation, but do an overflow check before the unsafe_blit operations ? Is it too inefficient ?

@yallop What are you benchmarking here exactly ? The cost of concat, or the cost of computing the final size ?

The cost of computing the final size.

A naive solution would be to keep the current (wrong) final size computation, but do an overflow check before the unsafe_blit operations ? Is it too inefficient ?

I haven't measured, but it sounds less efficient. Wouldn't that involve two checks before each write -- for overflow of offset+length, and for out-of-bounds writes? (Consider the case where the sum of the lengths of the strings is 3+2*max_int, i.e. 1.)

If you are only measuring the cost of the computation of the final size, I am a bit skeptical that it is worth adding so much complexity to make it efficient, when I would assume that most of the cost of String.concat comes from copying the strings content into the new string.

so much complexity

I don't think the code is complex at all. It's a simple recursive function that adds numbers and checks for overflow.

Which part do you consider difficult to understand?

Which part do you consider difficult to understand?

Personally I really dislike your assumption about the relationship between Sys.max_string_length and max_int at least it should be asserted in some kind of test (even though that test wouldn't be run e.g. in the js backends).

I'm also doubtful about the real world performance impact, as @lefessan suggests the nano seconds you are fishing are likely to be lost in the noise of the actual memory copies. If that is the case there is little point to be made to go through these convolutions to implement this.

I'm also doubtful about the real world performance impact

This was addressed in the description.

And the broader point is in danger of being lost in the noise: this PR is about fixing a bug (without degrading performance), and deliberately makes no claims about real world performance impacts.

Which part do you consider difficult to understand?

It's not the complexity of the code in terms of understanding (although understanding the code after 6 months takes more time than just after writing it), but in terms of number of lines. If we add 30 lines of code to fix an insignificant performance problem in each stdlib function, when just one line would be enough to fix the bug, the code of stdlib would just become unmanageable. Also, it seems easier to prove the function correct if there is only one check, instead of a call to an auxilliary function.

The patch is overly complicated and it might be slower in some backends (exception used as control flow here), I like @lefessan 's simple fix

@bobzhang: I have no idea what you mean by "exception used as control flow" (or what you mean by "complicated", for that matter).

Exceptions are used as, well, exceptions.

I mean complicated because a single line would fix the issue. (sorry for my poor English)

My thoughts:

• This bug needs to be fixed. Why did you close this PR?
• Loop unrolling looks like a premature optimization.
• @bobzhang is talking about the cost of setting a handler for Overflow, although I don't see any obvious way to avoid it.
• I don't understand how any int can be larger than max_int. There must be something very wrong in Bucklescript to make Sys.max_string_length > max_int true.
• I'd like to see the one-line fix that @lefessan is talking about.

@bobzhang is talking about the cost of setting a handler for Overflow, although I don't see any obvious way to avoid it.

FWIW the final solution I have in astring avoids it.

@damiendoligez Per discussions with @dbuenzli we will set Sys.max_string_length to max_int

@damiendoligez:

This bug needs to be fixed. Why did you close this PR?

For one thing, there's unanimous opposition from OCaml core developers and others. For another, a lot of the comments have been unsupported value judgements or technically-dubious assertions. To be fair, there have also been one or two reasonable points. Overall, though, this thread has been no fun at all.

Loop unrolling looks like a premature optimization.

Fair enough. I don't mind removing the unrolling. My personal view is that the tradeoff for standard library code should generally be slightly more in favour of performance over clarity, and that loop unrolling doesn't really affect clarity much anway. But others will (reasonably) differ here, and it's up to the core developers to decide.

@bobzhang is talking about the cost of setting a handler for Overflow, although I don't see any obvious way to avoid it.

It's easy to avoid: raise invalid_arg directly from the summation function and remove the handler in concat.

Here is a version (I have done a manual CSE on String.length to simplify the code):

let concat sep l =
  match l with
  | [] -> ""
  | hd :: tl ->
      let num = ref 0 and len = ref 0 in
      List.iter (fun s -> incr num; len := !len + length s) l;
      let r_len = !len + length sep * (!num - 1) in
      let r = B.create r_len in
      let hd_len = length hd in
      if hd_len > r_len then invalid_arg "String.concat overflow";
      unsafe_blit hd 0 r 0 hd_len;
      let pos = ref hd_len in
      let sep_length = length sep in
      List.iter
        (fun s ->
          let s_len = length s in
          let final_pos = !pos + sep_length + s_len in
          if final_pos > r_len then invalid_arg "String.concat overflow";
          unsafe_blit sep 0 r !pos sep_length;
          pos := !pos + sep_length;
          unsafe_blit s 0 r !pos s_len;
          pos := !pos + s_len)
        tl;
      Bytes.unsafe_to_string r

@lefessan: Your code is much larger than the version in the standard library:

• 40% more lines

• 60% more characters

• 70% more non-whitespace characters

@lefessan Should we protect the call to B.create so that users don't get an Invalid_argument referring to String.create when they call String.concat?

Wouldn't it be simpler and cleaner to compute the real length on the fly in the first List.iter (including the sep length) and checking against max_string_length during the accumulation?

Here is what I mean:

let concat sep l =
  match l with
  | [] -> ""
  | hd :: tl ->
      let len = ref (length hd) in
      List.iter
        (fun s ->
           len := !len + length sep + length s;
           if !len > Sys.max_string_length then
             invalid_arg "String.concat"
        )
        tl;
      let r = Bytes.create !len in
      unsafe_blit hd 0 r 0 (length hd);
      let pos = ref (length hd) in
      List.iter
        (fun s ->
          unsafe_blit sep 0 r !pos (length sep);
          pos := !pos + length sep;
          unsafe_blit s 0 r !pos (length s);
          pos := !pos + length s)
        tl;
      Bytes.unsafe_to_string r

(The overflow detection depends on the fact that max_string_length * 3 < max_int. This can be avoided at the cost of doing two tests.)

@yallop As I said, I did some manual CSE, so the longer code. Anyway, @alainfrisch 's solution is much better (although it could benefit from some CSE :-) ).

@lefessan: you argued that my code adds 30 lines (which it doesn't), and that your solution used only one line (which it doesn't).

By the way, you said that there was an "unanimous opposition from OCaml core developers and others", but, at least for me, the opposition was on the way you over-optimized your code, not on the fact that you found the bug and proposed a solution. Anyway, if you look at other PR (take a look at mine :-) ), you will see that the treatment is the same one for everybody.

@yallop If you look closely at my code, you will see that, except the additions of let for CSEing already existing computations, I only added 2 lines if XXX_len > r_len then invalid_arg.... Alain's solution only adds one.

Again, that's part of the reviewing process, you shouldn't take it personally when another developer complains about the length of your code, or proposes to use another solution, even if you think they are wrong.

And an optimized version:

let concat sep l =
  match l with
  | [] -> ""
  | hd :: tl ->
    let hd_len = length hd in
    let len = ref hd_len in
    let sep_len = length sep in

      let l = ref tl in
      while begin
        match !l with
        | [] -> false
        | s :: rest ->
           l := rest;
           len := !len + sep_len + length s;
           if !len > Sys.max_string_length then
             invalid_arg "String.concat";
           true
      end do () done;

      let r = Bytes.create !len in
      unsafe_blit hd 0 r 0 hd_len;
      let pos = ref hd_len in
      let l = ref tl in
      while begin
        match !l with
        | [] -> false
        | s :: rest ->
           l := rest;
           let s_len = length s in
           unsafe_blit sep 0 r !pos sep_len;
           pos := !pos + sep_len;
           unsafe_blit s 0 r !pos s_len;
           pos := !pos + s_len;
           true
      end do () done;

      Bytes.unsafe_to_string r

(about 25% faster than the current String.concat on:

let () =
  let s = String.make 16 ' ' in
  let l = [s;s;s;s;s;s;s;s;s;s] in
  for i = 1 to 10000000 do
   ignore (concat s l)
  done

)

you shouldn't take it personally when another developer complains about the length of your code

It's not just "another developer": it's one of the maintainers of the project. And it's not just about complaints; it's exaggerations and untruths.

If the OCaml team welcomes contributions of this sort, it would be better to at least strive for basic accuracy in reviews.

Reviews are essential, but they should aim to say what steps need to be taken to have the PR merged, not just list some things you don't like.

Alain's solution only adds one.

The current standard library code is 17 lines long. Alain's code is 23 lines long. (And he's just posted another version, 38 lines long.)

Reviews are essential, but they should aim to say what steps need to be taken to have the PR merged, not just list some things you don't like.

That's not how it works here. In many projects, there is only one project leader, who can spend all his time doing that. Unfortunately, that's not the case for OCaml, there are some project members with commit rights, that's my case, but I cannot say "here is what you have to do to have this PR merged", because other project members might disagree with me. So, I give my opinion, it's just one opinion among other ones, and many PRs have been merged in the last years/months against my opinion... Now, if other members also share that opinion, it becomes harder to dismiss it as just "exaggerations and untruths".

@yallop Frankly, I think you are overreacting to this. Most people involved in the discussion simply expressed their feeling that the extra logic to "remove the performance overhead" was not worth unless justified by benchmarks on the entire function. It's not a matter of number of lines or size of the patch, but about justifying the addition of potentially useless logic and avoiding premature optimization.

Now, if other members also share that opinion, it becomes harder to dismiss it as just "exaggerations and untruths".

Whether the code is 30 lines long isn't really something on which opinions can legitimately differ.

It's not a matter of number of lines

It's not the complexity of the code in terms of understanding [...] but in terms of number of lines.

Whether the code is 30 lines long isn't really something on which opinions can legitimately differ.

That seems about right (considering the two copies in Bytes and String), though, even if largely irrelevant in my opinion.

It's not a matter of number of lines
It's not the complexity of the code in terms of understanding [...] but in terms of number of lines.

Are you trying to make the point that different people have different opinions?

considering the two copies in Bytes and String

The claim was about 30 additional lines per function.

Are you trying to make the point that different people have different opinions?

I'm a bit disappointed to see this kind of comment from you, @alainfrisch, given how reasonable you usually are (and were in the early comments in this thread). I thought it was reasonable to group both excerpts together, given that you approved one and wrote the other.

@alainfrisch Could you submit a PR referencing this one with your code ? (the one with exactly 23 lines) So that we can close the issue.

Just a question for you guys: why do we care about optimizing String.concat? I can see a case for optimizing maps/sets/hashtables to death, but this? Can you even imagine a program where the performance of String.concat would be critical?

why do we care about optimizing String.concat?

It's certainly less important than for datastructures, but since we are all looking at this function very closely anyway, a 25% gain on a typical payload with only a few lines of extra source code (and probably smaller binary code) seems a reasonable tradeoff to me.

a 25% gain on a typical payload with only a few lines of extra source code (and probably smaller binary code) seems a reasonable tradeoff to me.

In that case I'm sure you'll like this implementation, which is just as fast as yours (i.e. 25% below the stdlib on your benchmark) and less than half the length

let check_pos v = if v < 0 then invalid_arg "String.concat" else v

let rec sum_lengths acc seplen = function
  | [] -> acc
  | [x] -> length x + acc
  | hd :: tl -> sum_lengths (check_pos (length hd + seplen + acc)) seplen tl

let rec unsafe_blits dst pos sep seplen = function
    [] -> dst
  | [x] ->
    unsafe_blit x 0 dst pos (length x); dst
  | hd :: tl ->
    unsafe_blit hd 0 dst pos (length hd);
    unsafe_blit sep 0 dst (pos + seplen) seplen;
    unsafe_blits dst (pos + seplen + length hd) sep seplen tl

let concat sep l =
  let sep_len = length sep in
  unsafe_blits (B.create (sum_lengths 0 sep_len l)) 0 sep sep_len l