Instead of completely zeroing match lists at the end of each scan (which is O(num_strings) and thus scales badly with large rule sets), keep track of which list entries have been used. Only those entries need to be zeroed at the end. This essentially changes the O(num_strings) to O(num_matched_strings), which is usually far lesser.
Instead of completely zeroing match lists at the end of each scan (which is O(num_strings) and thus scales badly with large rule sets), keep track of which list entries have been used. Only those entries need to be zeroed at the end. This essentially changes the O(num_strings) to O(num_matched_strings), which is usually far lesser.