Expand description
S4 圧縮 codec layer。バックエンドを差し替え可能にする中立 trait を提供する。
§採用 backend (2026-05 検討)
- nvCOMP (NVIDIA proprietary、要 license 確認): Bitcomp / gANS / zstd-GPU
- DietGPU (Meta, MIT): ANS-only、license clean な fallback
- CPU zstd: GPU 無し環境向け究極の fallback / test bed
Re-exports§
pub use registry::CodecRegistry;pub use dispatcher::CodecDispatcher;
Modules§
- cpu_
gzip - RFC 1952 gzip codec via
flate2(v0.4 #26). - cpu_
zstd - CPU zstd backend — GPU 非搭載環境向け究極の fallback、および test bed。
- dietgpu
- DietGPU (Meta, MIT) backend ラッパー — nvCOMP ライセンス障害時の OSS fallback。
- dispatcher
- PUT 時にどの codec で圧縮するかを選ぶ dispatcher。
- index
- Frame index — Range GET の partial fetch を可能にするための sidecar object 形式。
- multipart
- Multipart upload で使う on-the-wire フレーム形式。
- nvcomp
- nvCOMP (NVIDIA proprietary) backend ラッパー。
- passthrough
- 無圧縮 codec — テストおよび圧縮無効化フラグ用。
- registry
- 複数 Codec を保持し、
CodecKindベースで dispatch するレジストリ。
Structs§
- Chunk
Manifest - 圧縮済 chunk のメタ情報。S3 オブジェクトの metadata に格納される。
- Compress
Telemetry - v0.8 #55: per-op telemetry returned by
CodecRegistry::compress_with_telemetry/decompress_with_telemetry. Lets the s4-server caller stamp Prometheus metrics (s4_gpu_compress_seconds,s4_gpu_throughput_bytes_per_sec,s4_gpu_oom_total) without s4-codec needing ametricsdep itself — callback pattern keeps the codec dep tree slim. - Parse
Codec Kind Error
Enums§
- Codec
Error - codec 操作のエラー型。
anyhow::Errorではなく専用型にすることで、上位 (S4Service) が HTTP エラーコードを意味的に出し分けやすくする。 - Codec
Kind - 圧縮 codec の種類 (manifest に記録、後段の decompress で codec を確定するために使う)
Constants§
- DECOMPRESS_
BOOTSTRAP_ CAPACITY - v0.8.6 #89: bootstrap capacity for the decompressed-output
Vecso theVec::with_capacity(original_size)pre-allocation can no longer be driven into RSS-OOM by a forged manifest. Small enough (1 MiB) that even an attacker claimingoriginal_size = u32::MAXonly reserves 1 MiB up front;read_to_endgrows the buffer as actual decompressed bytes arrive (capped atmanifest.original_size + 1024by the existing decompression-bomb guard). - MAX_
DECOMPRESSED_ BYTES - v0.8.6 #89: maximum decompressed payload size honoured at decompress
entry by every codec. Manifests claiming a larger
original_sizeare rejected pre-allocation as forged / corrupted, so a malicious manifest cannot driveVec::with_capacity(huge)into an OOM (memory-DoS) before the CRC check ever runs.
Traits§
- Codec
- pluggable な圧縮 backend trait。
Functions§
- looks_
like_ oom - v0.8 #55: heuristic OOM classifier. nvCOMP / cudarc surface OOM as a
CodecError::Backend(anyhow!("...out of memory..."))(the underlying CUDA driver returnsCUDA_ERROR_OUT_OF_MEMORYwhichcudarc/ nvCOMP stringify); we substring-match for the well-known fragments so the metric stamp doesn’t need to thread a typed error variant through the FFI boundary. Returnstrueonly on a high-confidence match; non-OOM backend errors (CRC mismatch, IO error, etc.) yieldfalseand are stamped as plains4_requests_total{result="err"}without bumping the OOM counter. - validate_
decompress_ manifest - v0.8.6 #89: shared pre-allocation manifest validator invoked by every
decompress path (CpuZstd / CpuGzip / nvCOMP Zstd / Bitcomp /
GDeflate). Centralising the check keeps every decompress site using
identical limits and error shapes, so one missed update can’t
reintroduce the alloc-before-validate bug. Returns the
usize-narrowedoriginal_sizeready forVec::with_capacity, or a typedCodecErrorthe caller propagates verbatim.