Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114530 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 18642 invoked from network); 20 May 2021 12:32:45 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 20 May 2021 12:32:45 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 5B6671804BD for ; Thu, 20 May 2021 05:42:46 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 20 May 2021 05:42:45 -0700 (PDT) Received: by mail-ed1-f43.google.com with SMTP id j10so1688393edw.8 for ; Thu, 20 May 2021 05:42:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=e29ADTr9dZs53Gck79EsZ1fgRxN0bNXHgk7fOzBsgnU=; b=TO45C0qDiRklHwBeBY+Qy3j8VEXbETc6NbXoaIP1BqHOO3O433dvywv507f2DTRqqP qftS1v/HT+d+9xVnnmwIbHcR9XOtbxSYIjU6wUXmVudANXrtGQDTGcfZ46JgFYaP3Jh+ 8mGyA81BIHipMZhIj1BOmpOMkmoxKAalMFaET+Th9gNmMa23ke18rSut2rxBmgi4yFRk cuefx+KsefCiHHdRfKGjrFN8aKxR8wYbMuH7HRCxUt++ZA9cakXwRnGCBPnHs84HVKks T7ABXx2Sx4jVl7gwObI9RhSCxwTR1ah50MiIOzbeP+pxfRZch3AB+A4HkLR4h5Vr7Z0g t3lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=e29ADTr9dZs53Gck79EsZ1fgRxN0bNXHgk7fOzBsgnU=; b=q0xF7MdjWl9S/pt3wv6/Voim1+iHegaf8cIQwqprDkjQK2hTr/6XCGDYCpHjVu/re4 x4rJBM2lAebIKxHCz7gbD4RVNbzUlqVU7GljF21CdMo+vgD60PmDctJXgeLidZ92vMdO txApJa9shYyBoCTDnIyAzKjYjgvHJ26f4Ei46xbrGkp1lklYwiJPGnWH7yldy8u0JZ/h QYf0LjQa3Dx9n9vW0kKVPjCkkb1BB+II/FWGfjq06wZML+r/RE46uy/Z9mHOGB/B/cSO HyYSu5F0QcY7xnAcWbxGdA9gN5Vh/rp0hQRBaJKfYkM5+jpstIIXqKcwkoWFpGlZidKZ 3J9A== X-Gm-Message-State: AOAM532hXLu9L+J93uqzzmQpHpuEUxDvLhrQvYdcUjj/4WI81m4a2IWA w2G4eRIEN1A2StWZ3LrqxqCqfFWtAilfXQPRDCo= X-Google-Smtp-Source: ABdhPJy45Id02iOyAdyI+hc4m+2X3l6rn3ngkWMd5DRQlS3dPhwYlOQtOmuIRSgaq4cB74JcpZhTIaeNM+C5KZNLhdA= X-Received: by 2002:aa7:c349:: with SMTP id j9mr4717220edr.135.1621514561679; Thu, 20 May 2021 05:42:41 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 20 May 2021 21:42:30 +0900 Message-ID: To: Guilliam Xavier , PHP internals Content-Type: multipart/alternative; boundary="00000000000072766405c2c247ca" Subject: Re: [PHP-DEV] [RFC] [Draft] Add RNG extension and deprecate mt_srand() From: zeriyoshi@gmail.com (Go Kudo) --00000000000072766405c2c247ca Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sorry. I couldn't make it in time for my lunch break. > How many bytes is `Source::next()` supposed to generate? Is it even intended to be called directly (vs `Randomizer::generateBytes(int $length)`)? No, this is not intended to be used directly. In fact, as many people have pointed out, I think it would be more appropriate to merge it into a single class. As per the original implementation (ext/orng), I didn't think it needed to be separated originally. One of the comments on a previous RFC suggested that it would probably be better to separate them, and I took that into account. > About the `MT19937PHP` variant: The PHP manual for `mt_srand()` describes the `MT_RAND_PHP` mode like this: "Uses an *incorrect* Mersenne Twister implementation which was used as the default up till PHP 7.1.0. This mode is available for backward compatibility."; do we really need/want to port it to this new extension? This is for backward compatibility. If it is not needed, we would like to eliminate the implementation itself. Well, to keep the language core clean, maybe this should be provided by an appropriate external extension. - `PlatformProvided` feels like the "odd one out" here: its constructor [assuming same as previous RFC] doesn't take a seed, and it isn't serializable; I understand why, but the main point of the RFC is "RNG reproducibility", which this class cannot achieve. You're absolutely right. I would like to remove this. > Technical, about `Randomizer::generateFloat()`: Is the returned float guaranteed to be finite (i.e. never NAN nor +/-INF)? And may it ever return -0.0 (negative zero)? and even if not, is 0.0 twice as likely as other floats? Also, no `generateFloat(float $min, float $max)` variant like for `generateInt()`? As a matter of fact, we believe that the functions provided by this class are sufficient for `mt_rand()`, `shuffle()`, `str_shuffle()`, and `array_rand()` equivalents. At most, the equivalent of `random_byte()` might be provided. I'll reorganize these. Thanks for the detailed remarks. Based on these, I would like to clean up the RFC. Regards, Go Kudo 2021=E5=B9=B45=E6=9C=8819=E6=97=A5(=E6=B0=B4) 18:46 Guilliam Xavier : > > > On Tue, May 18, 2021 at 6:19 PM Go Kudo wrote: > >> Hello internals. >> >> I have created a draft of the RFC. >> >> https://wiki.php.net/rfc/rng_extension >> > > Hello Go Kudo, > > First of all, thank you for the (re)work. > > I think the API looks better, but I still have some remarks/questions > (roughly in order of appearance, with some overlap): > > - How many bytes is `Source::next()` supposed to generate? Is it even > intended to be called directly (vs `Randomizer::generateBytes(int > $length)`)? > > - The stubs in "Proposal" should show `__construct()` signatures for the > classes implementing `Source`. > > - About the `MT19937PHP` variant: The PHP manual for `mt_srand()` > describes the `MT_RAND_PHP` mode like this: "Uses an *incorrect* Mersenne > Twister implementation which was used as the default up till PHP 7.1.0. > This mode is available for backward compatibility."; do we really need/wa= nt > to port it to this new extension? > > - I think you said in the past that `XorShift128Plus` should be the > preferred/default implementation, and `MT19937` is only provided for > compatibility/migration? But if so, that's not clear at all in the RFC. > > - `PlatformProvided` feels like the "odd one out" here: its constructor > [assuming same as previous RFC] doesn't take a seed, and it isn't > serializable; I understand why, but the main point of the RFC is "RNG > reproducibility", which this class cannot achieve. > Also, we already have `random_bytes()`/`random_int()`, and you're > proposing to change `shuffle()`/`str_shuffle()`/`array_rand()`'s internal > RNG from `mt_rand()`-like to `random_bytes()`-like, so what reason would > there be to use this class? only `generateFloat()`? but couldn't that be = a > new global function `random_float()`? > All in all, wouldn't it be simpler to drop `PlatformProvided`, and have > all `Source` implementations take a seed on construction and be > serializable? > > - Technical, about `Randomizer::generateFloat()`: Is the returned float > guaranteed to be finite (i.e. never NAN nor +/-INF)? And may it ever retu= rn > -0.0 (negative zero)? and even if not, is 0.0 twice as likely as other > floats? > Also, no `generateFloat(float $min, float $max)` variant like for > `generateInt()`? > > - **About main usage of the API:** To get e.g. $n (say 3) pseudo-random > integers between $min (say 0) and $max (say 100) using the "best" > implementation (which we have to know/guess is XorShift128+, isn't it?), = we > must: *first* choose a $seed (`time()`, maybe?), *then* do `$source =3D n= ew > XorShift128Plus($seed);` *and* `$rng =3D new Randomizer($source);` [even = if > $source (and $seed) could be inlined, that's still several "steps"], *the= n* > we can finally call `$rng->generateInt($min, $max);` $n times. Is that > correct? > If so, it may make sense from the implementer side, but from the user > side it doesn't look like the most friendly. > Also, that lets the possibility of constructing a second Randomizer > using the same $source (or `$rng->getSource()`), which could be undesirab= le > for reproducibility, isn't it? > Wouldn't it be better to "merge" Randomizer into the interface/classes? > Actually I see that's the case in your other project ext/orng ( > https://github.com/zeriyoshi/php-ext-orng/blob/master/rng/rnginterface.st= ub.php > and > https://github.com/zeriyoshi/php-ext-orng/blob/master/rng/xorshift128plus= .stub.php > ), why the different approach for ext/rng? > Maybe even better (and already suggested), have Randomizer constructor > take an *optional* algorithm (string, default XorShift128Plus::class?) an= d > an *optional* seed (int, default time()?) and construct the source > internally (and don't expose it)? So we could do just `$rng =3D new > Randomizer();` to rely on the defaults (then call `$rng->generateInt($min= , > $max);` $n times). > > - Finally, I think the vote should be split into 3 parts: the new classes= , > the deprecations (which itself could be split between [mt_]srand and > [mt_]rand), and the change of internal RNG for > shuffle/str_shuffle/array_rand. > > Best regards, > > -- > Guilliam Xavier > --00000000000072766405c2c247ca--