Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:113049
Return-Path: <zeriyoshi@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 93538 invoked from network); 2 Feb 2021 12:59:11 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 2 Feb 2021 12:59:11 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 485D41804E1
	for <internals@lists.php.net>; Tue,  2 Feb 2021 04:42:24 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <zeriyoshi@gmail.com>
Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue,  2 Feb 2021 04:42:23 -0800 (PST)
Received: by mail-ej1-f50.google.com with SMTP id b9so10129965ejy.12
        for <internals@lists.php.net>; Tue, 02 Feb 2021 04:42:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=0l/3cLMwEHUiIA+q+7AbjO+yphJe0+ucC5KzSJud8vM=;
        b=Vk5NNEPhq9bJRZu5wJMKYutGRynlQBLZWEZcrJQDrnBGmHGiiiYN9tYxNmXo9PMU4O
         NNsiajW5gIvgysrrjQLgzk3iQKE5PZghOGDWFc9djvKHEnqU6YV8Sjrfs4h7hYgtQJrb
         PbJkECaMXYlb7CebCkNUq3sdPbIOYS64fb2zcC7X/0sYGnkWoI4SQOv6APTxr942UG7i
         BEPcC2xP/xd9BUVwMYMmxyOzq+3Hy2kXsEc8XWNE2huXs+4diAxqC/MfSwpo9b545rG5
         pB6Q60EBHFehJR+N2VzUybPXV97uBoSUp7+rxbEpWCdpbPPWP8Xm855o2++Ch+aO6c3O
         UcVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=0l/3cLMwEHUiIA+q+7AbjO+yphJe0+ucC5KzSJud8vM=;
        b=LWaPhQkcZrQQIoZ3dB5ucafx2+/9ykYsCRYOQs/iEzeYZL5qT5W/JgfBzasUyiMhVC
         XwTrNY6QiKQTvhw258Gnu07rs6FsZsfdXqdDyV562AvDzrKbv3DM7vy7xfRwoRc+enjE
         HAPQW3gIKO1lEgT3F8EGyQcz8Ltu53AaYLv7cVbkFGXTjB2nydln43eDzKPKe14om0l6
         LBsi0y8UQFdpp689fD2vNbnqdMf4k7fvQAgzY4O957faz65NVOBDiqvlZFjr6Dbw9fCk
         FdAw3oEKUWmkK64r9VCkpufVMoczIFb3QKwJaPj04DLGTve8Jj7ZuPd+43XYGQdbzI8P
         74Tw==
X-Gm-Message-State: AOAM531+kvN9simxkgL8Kxh24DLf/9iceP4ebDikU5YvVdfwHJ7bD6vK
	3JRXgUTLF2x9Fh5zW1JxEcX2RwsrMpjsVbn6wubgS0m25a6d+Q==
X-Google-Smtp-Source: ABdhPJy2HaOi8YS1mIht+jiPIBLcW/yr7ynjsxlOY3umEHM22nypbYr+ikMy3dn4UpYsc9H+OtxerVrcKVmpt7wi7vk=
X-Received: by 2002:a17:906:149a:: with SMTP id x26mr5951282ejc.486.1612269738833;
 Tue, 02 Feb 2021 04:42:18 -0800 (PST)
MIME-Version: 1.0
References: <CABTDVhCtBn7T0YyB+55Mxxz1UCYi7ov_Se2nX-Uxh3EmK4XkdA@mail.gmail.com>
 <CABTDVhC7f4B9eB5dd9avMNQvt9iNtKy6EyqpRJDZmhckyr48Lw@mail.gmail.com> <CAAwdEzAue3SAALTR3TPa0XipVy-pqtM2YXdc4+BjURYJhDQc4g@mail.gmail.com>
In-Reply-To: <CAAwdEzAue3SAALTR3TPa0XipVy-pqtM2YXdc4+BjURYJhDQc4g@mail.gmail.com>
Date: Tue, 2 Feb 2021 21:42:07 +0900
Message-ID: <CABTDVhCF1fQP_X68MRNd0aOFaiJ=v1Qy6wU2VjCDNgw2=GqHNg@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000010ba6e05ba59cde4"
Subject: Re: [PHP-DEV] Re: [RFC] Object-scope RNG implementation
From: zeriyoshi@gmail.com (Go Kudo)

--00000000000010ba6e05ba59cde4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Alex

First, let me apologize for my poor English skills. It may contain rude
expressions, but it is not s intentional.

> The closest library I know and used when I had that need you mentioned is
a userland implementation: https://github.com/paragonie/RandomLib

This seems to be actively maintained, but is a fairly object-oriented-like
implementation.

> The library is organized nicely with a Generator class that depends on
constructor of a source for randomness.

This seems to be a more object-oriented implementation.

This RFC also initially proposed an object-oriented implementation, but due
to the redundancy of the implementation and interoperability issues with
existing code, it was changed to a procedural-based implementation. (But it
is not as elegant as this library.)

https://wiki.php.net/rfc/object_scope_prng?rev=3D1610185985

And perhaps, if we want to provide an object-oriented implementation, it
would be preferable to separate it into a new dedicated module instead of a
standard module. Currently, it is implemented in the standard module for
the convenience of modifying existing functions.

Is this what you envision the whole thing to look like in the end?

```php

final class RandomGenerator
{
    public function __constrct(RandomSourceInterface $source): void {}
    public function randomInt(int $min, int $max): int {}
    public function randomFloat(): float {}
    public function randomBytes(int $size): string {}
    public function randomString(int $size, string $characters): striing {}
    // compatibility for some functions.
    public function arrayShuffle(array &$array): bool {}
    public function stringShuffle(string $string): string {}
    public function arrayRandom(array $array, int $num =3D 1):
int|string|array {}
}

interface RandomSourceInterface
{
    public function getBytes(int $size): string;
}

class RandomXorShift128PlusSource implements RandomSourceInterface {}
class RandomMT19937Source implements RandomSourceInterface {}
class RandomLibsodiumSource implements RandomSourceInterface {}
class SecureOsSpecificSource implements RandomSourceInterface {}
```

While this is certainly an appropriate object-oriented implementation, it
raises the following concerns.

- This implementation is much more complex than the PHP built-in random
number generator implementation.

Probably, many users will continue to use `mt_srand()` / `mt_rand()` in the
future. This can lead to dangerous implementations that rely on global
state.
This RFC does not go that far, but we are considering deprecating
`mt_srand()` and `mt_rand()` in the future (much further down the road).
In order to achieve this, I believe it is necessary to implement it in a
way that does not compromise usability.

- There are interoperability problems with existing functions.

It is difficult to notice that `shuffle()`, `str_shuffle()`, and
`array_rand()` rely on dangerous internal MT states, and it becomes
difficult to fix them.

I hope this RFC will move forward. Thanks for your input.

Regards,
Go Kudo

2021=E5=B9=B41=E6=9C=8827=E6=97=A5(=E6=B0=B4) 22:24 Alexandru P=C4=83tr=C4=
=83nescu <drealecs@gmail.com>:

>
> On Tue, Jan 26, 2021 at 8:06 PM Go Kudo <zeriyoshi@gmail.com> wrote:
>
>> RFCs have been reorganized and radically rewritten.
>> https://wiki.php.net/rfc/object_scope_prng
>>
>> The implementation is unchanged, but the background has been explained i=
n
>> more detail and the execution speed has been re-verified with PHP 8.1-de=
v.
>>
>> The proposal seems to have been received relatively positively by
>> externals, but there hasn't been much reaction. I'm unsure when I should
>> start voting on this RFC.
>>
>> Regards,
>> Go Kudo
>>
>> 2021=E5=B9=B41=E6=9C=889=E6=97=A5(=E5=9C=9F) 19:00 Go Kudo <zeriyoshi@gm=
ail.com>:
>>
>> > Hi internals.
>> >
>> > I think I'm ready to discuss this RFC.
>> > https://wiki.php.net/rfc/object_scope_prng
>> >
>> > Previous internals thread: https://externals.io/message/112525
>> >
>> > Now is the time to let me know what you think.
>> >
>> > Regards,
>> > Go Kudo
>> >
>>
>
> Hi  Go Kudo,
>
> The closest library I know and used when I had that need you mentioned is
> a userland implementation: https://github.com/paragonie/RandomLib,
> created by Anthony Ferrara and not maintained by Paragon Initiative
> Enterprises.
> The library is organized nicely with a Generator class that depends on
> constructor of a source for randomness. The source has just a simple meth=
od
> to obtain a specific number of bytes and that's all.
>
> I think the naming is what needs more input here. I'm thinking we can als=
o
> have:
> - a random bytes source/generator that can be very similar with what you
> propose: an interface, multiple internal classes, allowing userland extra
> classes.
> - a random generator class that would have multiple useful methods like:
> randomInt($min, $max), randomFloat(), randomBytes($size),
> randomString($size, $possibleCharacters) etc.
>
> As for namings, calling them
> - RandomGenerator final class that accepts at constructor a
> - RandomSource interface with one method getBytes($size) implemented by
> RandomXorShift128PlusSource, RandomMT19937Source, RandomLibsodiumSource,
> SecureOsSpecificSource etc.
> is a quick idea from me.
>
> State, when is the case, sits in the random source object and can be of
> course serialized.
>
> Other than this, initiative looks good.
> I apologize if I provided the feedback a bit late.
>
> Regards,
> Alex
>
>

--00000000000010ba6e05ba59cde4--