oxidize-rb / rb-sys

Easily build Ruby native extensions in Rust
https://oxidize-rb.github.io/rb-sys/
Apache License 2.0
230 stars 35 forks source link

Bump regex from 1.9.4 to 1.9.6 #269

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps regex from 1.9.4 to 1.9.6.

Changelog

Sourced from regex's changelog.

1.9.6 (2023-09-30)

This is a patch release that fixes a panic that can occur when the default regex size limit is increased to a large number.

  • BUG aa4e4c71: Fix a bug where computing the maximum haystack length for the bounded backtracker could result underflow and thus provoke a panic later in a search due to a broken invariant.

1.9.5 (2023-09-02)

This is a patch release that hopefully mostly fixes a performance bug that occurs when sharing a regex across multiple threads.

Issue #934 explains this in more detail. It is also noted in the crate documentation. The bug can appear when sharing a regex across multiple threads simultaneously, as might be the case when using a regex from a OnceLock, lazy_static or similar primitive. Usually high contention only results when using many threads to execute searches on small haystacks.

One can avoid the contention problem entirely through one of two methods. The first is to use lower level APIs from regex-automata that require passing state explicitly, such as meta::Regex::search_with. The second is to clone a regex and send it to other threads explicitly. This will not use any additional memory usage compared to sharing the regex. The only downside of this approach is that it may be less convenient, for example, it won't work with things like OnceLock or lazy_static or once_cell.

With that said, as of this release, the contention performance problems have been greatly reduced. This was achieved by changing the free-list so that it was sharded across threads, and that ensuring each sharded mutex occupies a single cache line to mitigate false sharing. So while contention may still impact performance in some cases, it should be a lot better now.

Because of the changes to how the free-list works, please report any issues you find with this release. That not only includes search time regressions but also significant regressions in memory usage. Reporting improvements is also welcome as well! If possible, provide a reproduction.

Bug fixes:

  • [BUG #934](rust-lang/regex#934): Fix a performance bug where high contention on a single regex led to massive slow downs.
Commits
  • 11b4443 1.9.6
  • 3dda425 deps: bump regex-automata to 0.3.9
  • 03f00bd regex-automata-0.3.9
  • e467408 changelog: 1.9.6
  • aa4e4c7 automata: fix unintended panic in max_haystack_len
  • 27a2538 automata: add some #[inline] annotations
  • 061ee81 readme: visually emphasize performance criteria difference
  • 8275c1b doc: fix a few typos
  • cdc0dbd readme: add section about performance and benchmarks
  • 4aaf389 ci: pin to memchr 2.6.2 for MSRV CI job
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
ianks commented 1 year ago

@dependabot ignore this minor version

dependabot[bot] commented 1 year ago

OK, I won't notify you about version 1.9.x again, unless you re-open this PR.