perf: performance optimizations

[ReneWerner87]

Updated performance comparison (current branch vs origin/master)

Measured with go test -run=^$ -bench='...' -benchmem and benchstat on darwin/arm64 (Apple M2 Pro).
Targeted regressions were reworked and re-measured with -count=10.

Re-validated formerly negative cases (count=10)

Function	Benchmark case	Before -> After	Change
ParseInt	fiber	7.458ns -> 6.428ns	-13.81%
ParseInt	fiber_bytes	7.852ns -> 6.843ns	-12.85%
ParseInt	default	16.36ns -> 16.04ns	-1.99%
ParseFloat64	fiber	11.08ns -> 11.00ns	~ (no significant change)
ParseFloat64	fiber_bytes	11.36ns -> 11.24ns	-1.01%
ParseFloat32	fiber	11.94ns -> 11.85ns	~ (no significant change)
ParseFloat32	fiber_bytes	12.29ns -> 12.22ns	~ (no significant change)

Other improvements from this optimization set

Function	Benchmark case	Before -> After	Change
TrimSpace	fiber/no-trim	1.8040ns -> 0.6094ns	-66.2%
TrimSpaceBytes	fiber/no-trim	1.8030ns -> 0.6046ns	-66.5%
ConvertToBytes	fiber	9.507ns -> 3.913ns	-58.8%
ParseVendorSpecificContentType	vendorContentType	25.220ns -> 9.163ns	-63.7%
FormatUint8	fiber	3.3710ns -> 0.2971ns	-91.2%
FormatInt8	fiber	10.4100ns -> 0.2981ns	-97.1%
GenerateSecureToken	32_bytes	313.9ns -> 289.4ns	-7.8%
GenerateSecureToken	16_bytes	307.7ns -> 276.4ns	-10.2%
SecureToken	TokenGenerators/SecureToken	311.6ns -> 289.1ns	-7.2%
ParseUint	fiber	7.149ns -> 6.532ns	-8.6%
ParseUint	fiber_bytes	7.467ns -> 7.118ns	-4.7%
ParseInt8	fiber	4.706ns -> 4.349ns	-7.6%
ParseUint8	fiber	3.758ns -> 3.375ns	-10.2%
ToUpper	large-lower	49.09ns -> 33.57ns	-31.6%
ToUpper	very-large-lower	123.40ns -> 99.72ns	-19.2%
ToLower	very-large-upper	127.7ns -> 104.1ns	-18.5%
ToLower	large-upper	40.56ns -> 33.96ns	-16.3%

Notes

• The overflow bug fix for very large integer inputs is preserved.
• No memory regressions in the re-validated parser set (0 B/op, 0 allocs/op).

Summary by CodeRabbit

• Performance Improvements
  • Faster trimming, case conversion, integer parsing, token generation, and small-number formatting via new fast paths and precomputed lookups.
  • Improved HTTP content-type parsing for certain vendor MIME variants.
• Bug Fixes
  • Safer handling of empty and edge-case inputs to prevent incorrect results and panics.
• Tests
  • Removed a test that simulated random-read failure and its panic assertion.

[gemini-code-assist]

Summary of Changes

Hello @ReneWerner87, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a series of targeted performance optimizations across various utility functions. The changes focus on reducing memory allocations, leveraging precomputed values, and implementing fast paths for common scenarios in string manipulation, secure token generation, number parsing, and content-type handling. The aim is to enhance the overall efficiency and speed of these frequently used operations within the codebase.

Highlights

• Optimized Token Generation: Implemented a fast path for GenerateSecureToken when generating the default 32-byte length tokens, significantly reducing heap allocations by using fixed-size arrays.
• Precomputed String Conversions for Integers: Introduced precomputed string representations for all uint8 and int8 values, making FormatUint8 and FormatInt8 much faster by avoiding runtime string conversions for common values.
• Fast Path for Byte Size Parsing: Added a fast path to ConvertToBytes to efficiently handle simple numeric strings (e.g., '42', '42B') without engaging the more complex parsing logic.
• Optimized Content-Type Parsing: Introduced constants and a fast path in ParseVendorSpecificContentType for common application/ content types (JSON, XML, form-urlencoded), returning precomputed strings directly.
• Faster Integer Parsing for Small Values: Implemented fast paths for ParseInt8 and ParseUint8 for short numeric strings (up to 3 digits) and optimized parseSigned and parseUnsigned for strings up to 19 digits, avoiding generic parsing functions.
• Improved Float Parsing Precision and Speed: Utilized a precomputed fracScale array in parseFloat to calculate fractional parts more efficiently, enhancing both performance and potentially precision.
• Vectorized Case Conversion: Enhanced ToLower and ToUpper functions with a vectorized loop (processing 4 characters at a time) for improved performance on longer strings after the first case change is detected.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• common.go
  • Added defaultSecureTokenLength and maxFastTokenEncodedLength constants.
  • Implemented a fast path in GenerateSecureToken for 32-byte tokens to reduce heap allocations.
  • Updated SecureToken to use the new defaultSecureTokenLength constant.
  • Introduced a fast path in ConvertToBytes for simple numeric and byte-suffixed strings.
• format.go
  • Declared uint8Strs and int8Strs arrays for precomputing string representations of uint8 and int8 values.
  • Populated uint8Strs and int8Strs in the init() function.
  • Added formatUint8Slow helper function.
  • Refactored FormatUint8 and FormatInt8 to use the precomputed string arrays.
• http.go
  • Defined constants for common application/ content types and their prefix length.
  • Added a fast path in ParseVendorSpecificContentType to return precomputed strings for common types.
• parse.go
  • Introduced fracScale array for precomputed fractional values.
  • Implemented fast paths in ParseInt8 and ParseUint8 for short numeric strings (up to 3 digits).
  • Optimized parseSigned and parseUnsigned with a fast path for strings up to 19 digits, avoiding parseDigits for these cases.
  • Modified parseFloat to use the fracScale array for fractional part calculation.
• strings.go
  • Optimized ToLower and ToUpper functions by processing multiple characters at a time (4-byte chunks) after the first case change, improving conversion speed.

Activity

• No specific activity (comments, reviews, etc.) was provided for this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codecov]

Codecov Report

❌ Patch coverage is 89.18919% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.52%. Comparing base (6af6221) to head (3d4eff5).
⚠️ Report is 8 commits behind head on master.

Files with missing lines	Patch %	Lines
parse.go	81.35%	7 Missing and 4 partials ⚠️
common.go	85.29%	2 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #184      +/-   ##
==========================================
- Coverage   84.77%   84.52%   -0.26%     
==========================================
  Files          12       12              
  Lines         939     1053     +114     
==========================================
+ Hits          796      890      +94     
- Misses        124      136      +12     
- Partials       19       27       +8     

Flag	Coverage Δ
unittests	84.52% <89.18%> (-0.26%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gemini-code-assist]

Code Review

This pull request introduces a series of well-implemented performance optimizations across various utility functions, including stack allocation, pre-computed tables for formatting and parsing, fast paths for common cases, and loop unrolling, which significantly improve code efficiency. However, a critical security vulnerability was identified in the integer parsing logic, specifically within the parseDigits function. Its flawed overflow check can be bypassed, leading to silent integer overflows for large inputs (20+ digits), which could cause logic errors in applications. It is recommended to implement a more robust overflow check in parseDigits and parseFloat. Additionally, a minor improvement for the parseFloat implementation has been suggested.

[Copilot]

Pull request overview

This PR implements multiple performance optimizations across the utils package, focusing on reducing allocations and improving throughput for common operations. The changes target hot paths in string case conversion, integer parsing, float parsing, integer formatting, and HTTP content type processing.

Changes:

• Added loop unrolling (4-way) for string case conversion after detecting the first character requiring conversion
• Introduced fast paths for small integer parsing (≤3 digits for 8-bit types, ≤19 digits for 64-bit types) to avoid overflow checks
• Replaced runtime division with lookup table for float fractional part scaling
• Precomputed all uint8 and int8 string representations to eliminate formatting overhead
• Added stack-allocated buffers for default-length secure token generation
• Optimized ConvertToBytes with fast path for plain numeric strings

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
strings.go	Added 4-way loop unrolling for case conversion after first character needing conversion is found
parse.go	Added fast paths for 8-bit integer parsing, inline digit parsing for ≤19 digits, and fracScale lookup table for float parsing
http.go	Added fast path returning precomputed constants for common content types (json, xml, form-urlencoded)
format.go	Precomputed all 256 uint8 and int8 string representations in init() for O(1) formatting
common.go	Added fast path with stack-allocated buffers for default 32-byte token generation and numeric-only ConvertToBytes inputs

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Walkthrough

Small-to-medium functional optimizations across utils: whitespace trimming, case conversion, numeric formatting and parsing, secure-token generation, ConvertToBytes fast-path, and vendor-specific application/* MIME mapping. Changes add fast paths, precomputed lookups, and tighter overflow/empty-input guards.

Changes

Cohort / File(s)	Summary
String & byte utilities byteseq.go, strings.go	TrimSpace: explicit empty check, adjusted i/j initialization and combined non-whitespace fast-path. ToLower/ToUpper: use length caching, lookup tables, 4-char unrolled loop, early-return when unchanged.
Token generation & byte-size conversion common.go, common_test.go	Adds defaultSecureTokenLength, maxFastTokenEncodedLength, readRandomOrPanic. GenerateSecureToken/SecureToken gain a fixed-size fast-path (panic on RNG failure). ConvertToBytes adds numeric-only fast-path. Removed a test that asserted panic-on-rand-fail.
Formatting precomputation format.go	Adds uint8Strs and int8Strs arrays populated in init, new formatUint8Slow helper, refactors FormatUint8/FormatInt8 to use lookups.
Numeric parsing parse.go	ParseInt, ParseInt8, ParseUint8: empty-input guards, small-length fast paths, explicit sign handling and overflow checks. parseDigits updated with cutoff/cutlim and digit counting to detect overflow.
HTTP content-type handling http.go	Maps vendor-specific application/* suffixes (json, xml, x-www-form-urlencoded) to canonical MIME types when applicable.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Create faster trimSpace method with benchmarks #164 — touches TrimSpace implementation and fast-path/index logic (closely related).
• refactor: simplify SecureToken API by removing the *Must variants #171 — related refactor to GenerateSecureToken/SecureToken and panic-on-rand-fail behavior.
• add parse functions #133 — related changes to numeric parsing functions and overflow handling.

Suggested labels

🧹 Updates

Suggested reviewers

• gaby
• sixcolors
• efectn

Poem

🐰 I nibbled bytes and hopped through code,

Trimmed the edges, cached the load,
I spun tokens, checked each digit's bound,
Small fast paths now make things sound —
✨🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'perf: performance optimizations' is overly vague and generic. It uses non-descriptive terms that don't convey meaningful information about the specific changes made across multiple files and functions.	Consider using a more specific title that highlights the primary optimization(s), such as 'perf: add fast-path optimizations for token generation and parsing' or similar to better describe the actual changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 80.95% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch performance_improvement

---

🧹 Recent nitpick comments

common.go (1)

77-86: Nit: encodedLen is always maxFastTokenEncodedLength on this branch.

Since this branch is guarded by length == defaultSecureTokenLength, base64.RawURLEncoding.EncodedLen(length) is always 43. You already have the maxFastTokenEncodedLength constant for this — using it directly would remove the redundant call and make the relationship explicit.

♻️ Suggested simplification

 	if length == defaultSecureTokenLength {
 		var randomBuf [defaultSecureTokenLength]byte
 		src := randomBuf[:]
 		readRandomOrPanic(src)
 
 		var encoded [maxFastTokenEncodedLength]byte
-		encodedLen := base64.RawURLEncoding.EncodedLen(length)
-		base64.RawURLEncoding.Encode(encoded[:encodedLen], src)
-		return string(encoded[:encodedLen])
+		base64.RawURLEncoding.Encode(encoded[:maxFastTokenEncodedLength], src)
+		return string(encoded[:maxFastTokenEncodedLength])
 	}

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4365ba9 and 3d4eff5.

📒 Files selected for processing (2)

• common.go
• common_test.go

💤 Files with no reviewable changes (1)

• common_test.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build (1.25.x, windows-latest)
• GitHub Check: Compare

🔇 Additional comments (4)

common.go (4)

22-25: LGTM!

Constants are correct. base64.RawURLEncoding.EncodedLen(32) indeed yields 43, and the inline comment makes the derivation clear.

---

27-35: LGTM!

Clear panic contract communicated via naming; the defensive check future-proofs against alternative rand.Reader implementations. Good inline documentation referencing the Go 1.24+ behavior.

---

93-97: LGTM!

Clean delegation using the named constant instead of a magic number.

---

142-168: LGTM — well-implemented fast path with correct overflow clamping.

The overflow detection logic on lines 152–156 correctly guards against uint64 wraparound, and the fallthrough to the existing backward-scanning slow path is seamless for inputs with unit prefixes or decimal points. Edge cases ("0", "42B", purely non-numeric, very large integers) are all handled correctly.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gaby]

Just one comment