http: optimize checkIsHttpToken for short strings

[JinhyeokFang]

Description

Optimize checkIsHttpToken performance by using a pre-computed lookup table for strings shorter than 10 characters instead of regex

Benchmark Results

Shows significant performance improvements for short strings, with minimal impact on longer strings:

http/check_is_http_token.js n=1000000 key=':' *** 188.25 % ±1.05% ±1.41% ±1.86% http/check_is_http_token.js n=1000000 key=':alternate-protocol' *** -3.76 % ±0.30% ±0.40% ±0.52% http/check_is_http_token.js n=1000000 key='((((())))' *** 188.71 % ±1.01% ±1.35% ±1.79% http/check_is_http_token.js n=1000000 key='@@' *** 187.33 % ±2.87% ±3.86% ±5.12% http/check_is_http_token.js n=1000000 key='中文呢' *** 108.16 % ±0.91% ±1.23% ±1.61% http/check_is_http_token.js n=1000000 key='Accept-Ranges' *** -2.18 % ±0.73% ±0.97% ±1.27% http/check_is_http_token.js n=1000000 key='alt-svc' *** 83.63 % ±0.46% ±0.61% ±0.80% http/check_is_http_token.js n=1000000 key='alternate-protocol:' * -1.31 % ±1.19% ±1.61% ±2.13% http/check_is_http_token.js n=1000000 key='alternate-protocol' *** -2.28 % ±0.45% ±0.60% ±0.79% http/check_is_http_token.js n=1000000 key='Cache-Control' *** -2.47 % ±0.34% ±0.46% ±0.60% http/check_is_http_token.js n=1000000 key='Connection' *** -1.86 % ±0.52% ±0.69% ±0.91% http/check_is_http_token.js n=1000000 key='Content-Encoding' *** -2.23 % ±0.65% ±0.86% ±1.12% http/check_is_http_token.js n=1000000 key='content-length' *** -2.61 % ±0.98% ±1.32% ±1.74% http/check_is_http_token.js n=1000000 key='Content-Location' *** -2.24 % ±0.44% ±0.58% ±0.76% http/check_is_http_token.js n=1000000 key='content-type' *** -1.34 % ±0.37% ±0.49% ±0.64% http/check_is_http_token.js n=1000000 key='Content-Type' *** -1.45 % ±0.31% ±0.42% ±0.54% http/check_is_http_token.js n=1000000 key='date' *** 145.58 % ±0.77% ±1.03% ±1.34% http/check_is_http_token.js n=1000000 key='ETag' *** 145.77 % ±0.56% ±0.75% ±0.98% http/check_is_http_token.js n=1000000 key='Expires' *** 83.44 % ±0.45% ±0.60% ±0.78% http/check_is_http_token.js n=1000000 key='Keep-Alive' *** -1.36 % ±0.41% ±0.55% ±0.71% http/check_is_http_token.js n=1000000 key='Last-Modified' *** -2.43 % ±0.38% ±0.51% ±0.67% http/check_is_http_token.js n=1000000 key='location' *** 71.30 % ±1.22% ±1.64% ±2.16% http/check_is_http_token.js n=1000000 key='server' *** 99.77 % ±0.50% ±0.66% ±0.86% http/check_is_http_token.js n=1000000 key='Server' *** 99.28 % ±0.53% ±0.71% ±0.92% http/check_is_http_token.js n=1000000 key='status' *** 98.86 % ±0.57% ±0.76% ±0.99% http/check_is_http_token.js n=1000000 key='TCN' *** 224.62 % ±1.33% ±1.78% ±2.34% http/check_is_http_token.js n=1000000 key='Transfer-Encoding' *** -1.98 % ±0.48% ±0.64% ±0.84% http/check_is_http_token.js n=1000000 key='Vary' *** 145.11 % ±0.85% ±1.13% ±1.49% http/check_is_http_token.js n=1000000 key='version' *** 83.58 % ±0.46% ±0.61% ±0.80% http/check_is_http_token.js n=1000000 key='x-frame-options' *** -2.59 % ±0.66% ±0.88% ±1.15% http/check_is_http_token.js n=1000000 key='x-xss-protection' *** -2.18 % ±0.39% ±0.52% ±0.68% 

[nodejs-github-bot]

Review requested:

• @nodejs/http
• @nodejs/net

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.30%. Comparing base (861d624) to head (b1f8b70).
⚠️ Report is 33 commits behind head on main.

Additional details and impacted files

@@ Coverage Diff @@## main #59832 +/- ## ========================================== + Coverage 88.26% 88.30% +0.03%  ========================================== Files 701 701 Lines 206774 206810 +36 Branches 39778 39780 +2 ========================================== + Hits 182514 182622 +108 + Misses 16298 16210 -88 - Partials 7962 7978 +16 

Files with missing lines	Coverage Δ
lib/_http_common.js	100.00% <100.00%> (ø)

... and 40 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Ethan-Arrowood]

I like it! Before we merge let's run benchmarks and be sure

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/69211/

[daeyeon]

Benchmark CI: https://ci.nodejs.org/view/Node.js%20benchmark/job/benchmark-node-micro-benchmarks/1734/console

08:39:30 http/check_is_http_token.js n=1000000 key=':' *** 224.81 % ±8.27% ±11.01% ±14.33% 08:39:30 http/check_is_http_token.js n=1000000 key=':alternate-protocol' -3.25 % ±5.76% ±7.67% ±9.98% 08:39:30 http/check_is_http_token.js n=1000000 key='((((())))' *** 236.05 % ±15.19% ±20.37% ±26.86% 08:39:30 http/check_is_http_token.js n=1000000 key='@@' *** 220.11 % ±7.32% ±9.77% ±12.77% 08:39:30 http/check_is_http_token.js n=1000000 key='Accept-Ranges' -0.35 % ±3.43% ±4.56% ±5.93% 08:39:30 http/check_is_http_token.js n=1000000 key='alt-svc' *** 65.58 % ±5.11% ±6.83% ±8.94% 08:39:30 http/check_is_http_token.js n=1000000 key='alternate-protocol:' * -2.01 % ±1.79% ±2.38% ±3.10% 08:39:30 http/check_is_http_token.js n=1000000 key='alternate-protocol' 1.43 % ±2.28% ±3.04% ±3.96% 08:39:30 http/check_is_http_token.js n=1000000 key='Cache-Control' -0.14 % ±3.11% ±4.14% ±5.39% 08:39:30 http/check_is_http_token.js n=1000000 key='Connection' 1.48 % ±2.74% ±3.64% ±4.75% 08:39:30 http/check_is_http_token.js n=1000000 key='Content-Encoding' 1.61 % ±2.93% ±3.90% ±5.08% 08:39:30 http/check_is_http_token.js n=1000000 key='content-length' -1.58 % ±2.55% ±3.39% ±4.43% 08:39:30 http/check_is_http_token.js n=1000000 key='Content-Location' 1.38 % ±2.52% ±3.35% ±4.36% 08:39:30 http/check_is_http_token.js n=1000000 key='content-type' -0.38 % ±3.37% ±4.48% ±5.84% 08:39:30 http/check_is_http_token.js n=1000000 key='Content-Type' -0.84 % ±3.33% ±4.43% ±5.76% 08:39:30 http/check_is_http_token.js n=1000000 key='date' *** 155.93 % ±6.71% ±9.01% ±11.90% 08:39:30 http/check_is_http_token.js n=1000000 key='ETag' *** 167.04 % ±4.69% ±6.26% ±8.19% 08:39:30 http/check_is_http_token.js n=1000000 key='Expires' *** 66.65 % ±4.58% ±6.10% ±7.95% 08:39:30 http/check_is_http_token.js n=1000000 key='Keep-Alive' -1.91 % ±2.57% ±3.42% ±4.45% 08:39:30 http/check_is_http_token.js n=1000000 key='Last-Modified' -1.97 % ±2.76% ±3.67% ±4.77% 08:39:30 http/check_is_http_token.js n=1000000 key='location' *** 47.84 % ±4.54% ±6.07% ±7.94% 08:39:30 http/check_is_http_token.js n=1000000 key='server' *** 75.46 % ±4.14% ±5.53% ±7.24% 08:39:30 http/check_is_http_token.js n=1000000 key='Server' *** 79.92 % ±5.56% ±7.44% ±9.77% 08:39:30 http/check_is_http_token.js n=1000000 key='status' *** 79.03 % ±5.31% ±7.10% ±9.31% 08:39:30 http/check_is_http_token.js n=1000000 key='TCN' *** 215.88 % ±6.17% ±8.27% ±10.91% 08:39:30 http/check_is_http_token.js n=1000000 key='Transfer-Encoding' -0.99 % ±2.16% ±2.87% ±3.74% 08:39:30 http/check_is_http_token.js n=1000000 key='Vary' *** 157.55 % ±6.81% ±9.11% ±11.98% 08:39:30 http/check_is_http_token.js n=1000000 key='version' *** 61.80 % ±5.12% ±6.85% ±8.97% 08:39:30 http/check_is_http_token.js n=1000000 key='x-frame-options' 0.11 % ±2.85% ±3.79% ±4.93% 08:39:30 http/check_is_http_token.js n=1000000 key='x-xss-protection' 2.38 % ±2.85% ±3.80% ±4.94% 08:39:30 http/check_is_http_token.js n=1000000 key='中文呢' *** 135.25 % ±5.50% ±7.37% ±9.68% 

[nodejs-github-bot]

Landed in c8c6bfa

[jasnell]

FWIW, you can likely get a bit more of a performance improvement out of this with a few additional tweaks:

constpackedValidChars=[0x00000000,0x00000000,0x00000000,0x00000000,// 0-310x5f036600,0xffc07fff,0xffffffff,0xe3ffffff,// 32-127 (4 groups of 32)];functioncheckIsHttpToken(val){constlen=val.length;if(len>10)returntokenRegExp.test(val);if(len===0)returnfalse;for(leti=0;i<len;i++){constc=val.charCodeAt(i);if(c>=128)returnfalse;if((packedValidChars[c>>>5]&(1<<(c&31)))===0)returnfalse;}returntrue;}

http/check_is_http_token.js n=1000000 key=':' *** 118.92 % ±9.20% ±12.36% ±16.32% http/check_is_http_token.js n=1000000 key=':alternate-protocol' ** 8.43 % ±4.92% ±6.55% ±8.53% http/check_is_http_token.js n=1000000 key='((((())))' *** 115.60 % ±6.72% ±8.97% ±11.72% http/check_is_http_token.js n=1000000 key='@@' *** 113.27 % ±10.04% ±13.46% ±17.73% http/check_is_http_token.js n=1000000 key='Accept-Ranges' -3.22 % ±3.38% ±4.50% ±5.86% http/check_is_http_token.js n=1000000 key='alt-svc' *** 329.85 % ±14.15% ±19.03% ±25.19% http/check_is_http_token.js n=1000000 key='alternate-protocol:' *** 14.11 % ±3.20% ±4.26% ±5.54% http/check_is_http_token.js n=1000000 key='alternate-protocol' * -5.02 % ±4.79% ±6.39% ±8.34% http/check_is_http_token.js n=1000000 key='Cache-Control' ** -5.27 % ±3.92% ±5.22% ±6.79% http/check_is_http_token.js n=1000000 key='Connection' *** 354.04 % ±18.15% ±24.43% ±32.38% http/check_is_http_token.js n=1000000 key='Content-Encoding' -2.51 % ±3.02% ±4.02% ±5.23% http/check_is_http_token.js n=1000000 key='content-length' ** -5.36 % ±3.55% ±4.73% ±6.16% http/check_is_http_token.js n=1000000 key='Content-Location' -1.73 % ±3.35% ±4.46% ±5.80% http/check_is_http_token.js n=1000000 key='content-type' 3.93 % ±4.22% ±5.62% ±7.31% http/check_is_http_token.js n=1000000 key='Content-Type' -0.67 % ±3.92% ±5.22% ±6.79% http/check_is_http_token.js n=1000000 key='date' *** 284.10 % ±11.09% ±14.89% ±19.65% http/check_is_http_token.js n=1000000 key='ETag' *** 280.51 % ±15.62% ±21.01% ±27.83% http/check_is_http_token.js n=1000000 key='Expires' *** 333.47 % ±15.22% ±20.47% ±27.07% http/check_is_http_token.js n=1000000 key='Keep-Alive' *** 354.42 % ±15.04% ±20.22% ±26.74% http/check_is_http_token.js n=1000000 key='Last-Modified' -0.61 % ±4.28% ±5.70% ±7.43% http/check_is_http_token.js n=1000000 key='location' *** 344.17 % ±20.91% ±28.15% ±37.31% http/check_is_http_token.js n=1000000 key='server' *** 286.48 % ±20.73% ±27.92% ±37.03% http/check_is_http_token.js n=1000000 key='Server' *** 303.34 % ±19.30% ±25.98% ±34.42% http/check_is_http_token.js n=1000000 key='status' *** 325.70 % ±15.30% ±20.57% ±27.23% http/check_is_http_token.js n=1000000 key='TCN' *** 267.06 % ±15.14% ±20.36% ±26.96% http/check_is_http_token.js n=1000000 key='Transfer-Encoding' ** -4.72 % ±3.52% ±4.69% ±6.12% http/check_is_http_token.js n=1000000 key='Vary' *** 291.85 % ±10.86% ±14.61% ±19.34% http/check_is_http_token.js n=1000000 key='version' *** 307.96 % ±18.18% ±24.46% ±32.39% http/check_is_http_token.js n=1000000 key='x-frame-options' ** -3.96 % ±2.88% ±3.84% ±4.99% http/check_is_http_token.js n=1000000 key='x-xss-protection' -2.14 % ±3.06% ±4.07% ±5.30% http/check_is_http_token.js n=1000000 key='中文呢' *** 181.91 % ±10.54% ±14.15% ±18.66% 

[JinhyeokFang]

Thanks for the suggestion, @jasnell. That's a good idea. I'll open a new PR to get this implemented.

[JinhyeokFang]

FWIW, you can likely get a bit more of a performance improvement out of this with a few additional tweaks:

constpackedValidChars=[0x00000000,0x00000000,0x00000000,0x00000000,// 0-31 => 0-1270x5f036600,0xffc07fff,0xffffffff,0xe3ffffff,// 32-127 (4 groups of 32) => 128-255];functioncheckIsHttpToken(val){constlen=val.length;if(len>10)returntokenRegExp.test(val);if(len===0)returnfalse;for(leti=0;i<len;i++){constc=val.charCodeAt(i);if(c>=128)returnfalse;if((packedValidChars[c>>>5]&(1<<(c&31)))===0)returnfalse;}returntrue;}

The packedValidChars array has its first four elements, which cover ASCII characters 0-127, initialized to 0.

Because of this, the check (packedValidChars[c >>> 5] & (1 << (c & 31))) === 0 will always evaluate to true for any character in that range. This causes the function to incorrectly return false for any valid input string.

The observed performance gain comes from this incorrect early return, not from a correctly implemented bitmask. The code as written would fail its tests.

[jasnell]

doh! heh, nice catch. Looking back at it i was testing it on invalid inputs lol

[PandaWorker]

It seems like it's supposed to be

constpackedValidChars=newUint32Array([0x00000000,0x03FF6CFA,0xC7FFFFFE,0x57FFFFFF,// 0-127]);functioncheckIsHttpToken(val: string): boolean{if(val.length===0)returnfalse;for(leti=0;i<val.length;i++){constcode=val.charCodeAt(i);if(code>=128)returnfalse;constgroup=code>>>5;constbitMask=1<<(code&31);if((packedValidChars[group]&bitMask)===0){returnfalse;}}returntrue;}consttokenRegExp=/^[\^_`a-zA-Z\-0-9!#$%&'*+.|~]+$/;functiontest(){for(letc=0;c<256;c++){constchar=String.fromCharCode(c);console.assert(checkIsHttpToken(char)===tokenRegExp.test(char),`char: ${char}`)}}test()