Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:114680
Return-Path: <nikita.ppv@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 44614 invoked from network); 1 Jun 2021 10:30:38 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 1 Jun 2021 10:30:38 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id D580D1804CC
	for <internals@lists.php.net>; Tue,  1 Jun 2021 03:43:36 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <nikita.ppv@gmail.com>
Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com [209.85.208.170])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue,  1 Jun 2021 03:43:36 -0700 (PDT)
Received: by mail-lj1-f170.google.com with SMTP id a4so11802349ljq.9
        for <internals@lists.php.net>; Tue, 01 Jun 2021 03:43:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=4+kPf+hYExLg0GeYGbH59PYBvDlFA8uuWebA9tGu6/s=;
        b=bzMu7JM2FeMctojR8bbCRqGenH2UQJninqxpOTmmWDFEW8nGy8iZZ/BATeaf3uFuhP
         IOYJYcBKLngUsLnvba/fc6ArY40kQO48CxWFUx+W1IuwMwn+Eb6rJ2VIZaR6vLC5jtIn
         A53QrI86fCDjp9K+KyU7G0mp+p5a4UGzHgLWzd7QaDNwRIEEiMgJnLGv1F0p2r8hsNUM
         FX7Gp6FGgxYBncv/SP0+XH6Dkqih7thxnp2j1qs/EaMt3PdHbbec9P0uiAzpc98h0NEg
         rI/6M8a+gc24oxvC6aYQartWjGf0ss5cHfs1S+DYTk+0HoU6UYx7jHfV9WWSZH58tEEh
         l+3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=4+kPf+hYExLg0GeYGbH59PYBvDlFA8uuWebA9tGu6/s=;
        b=dop4jeM1GhYfTy2JKlRaMT5KXLy1gtPayXGts9l1ZICl9TGnGIzv25A4lsTxaLvGfU
         rM+Zv7VscVwnicnrKUNuEwhu6B3wS7NAg1BxqgrXIggaivqiOIjfQ+qYKI3az8mXYUgV
         YbRA+TCXImwlNgQPra3C6XYrVENp+APASG3xHra5RfWsu6KoAUqAymHYgazjir/3yhFJ
         Dc7U+ePyACBi06q9P7qEkyuLgAYOxMrR330QxyuYHMIFSIifq6UPLcMsCFS76vboaFob
         P66DYeRjjQpdqs5ytQNh7G0JqqJwarAYP7fcwZbDFQ0hcip/WKZsZCpJ5L6jJ/Y5iPpd
         SNxQ==
X-Gm-Message-State: AOAM533676XE+oqzw2ueAeOGMsi0MKfpFdNdbpFdjAHI93FzT+iDhd4O
	CNilaqBBsc3V7DuW3sVGe0PSLwXP+KrVW+QO+WQ=
X-Google-Smtp-Source: ABdhPJxxlvg+/E/FA5xQ07hk6FIoqQ877lIn1zFcZ33gfLy6KFCGPKVlJYjlX7m6QEMvQK5vMSu6G4b0YFV8RNqvikI=
X-Received: by 2002:a2e:9189:: with SMTP id f9mr21529853ljg.353.1622544212846;
 Tue, 01 Jun 2021 03:43:32 -0700 (PDT)
MIME-Version: 1.0
References: <CABTDVhDRH8+0WG0nJ5QRYVT9-8m1u2VMe-gvY5cWra-OKQ4t+g@mail.gmail.com>
 <CABTDVhBrpNjhN00fYY3iktW_XX1pTeJPQEdzc72qGOO2XXXknw@mail.gmail.com> <CABTDVhAP55PT4x61MT7KotuiLO3=AAban7_7cL-eOT5EQE2CTA@mail.gmail.com>
In-Reply-To: <CABTDVhAP55PT4x61MT7KotuiLO3=AAban7_7cL-eOT5EQE2CTA@mail.gmail.com>
Date: Tue, 1 Jun 2021 12:43:16 +0200
Message-ID: <CAF+90c8n-ouuzeG=S67jUDeW=Ss__d6_jiH=+ANjL3vWnDijbw@mail.gmail.com>
To: Go Kudo <zeriyoshi@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000706c8b05c3b203c8"
Subject: Re: [PHP-DEV] Re: [RFC] [Draft] Add Randomizer class (before: Add RNG extension)
From: nikita.ppv@gmail.com (Nikita Popov)

--000000000000706c8b05c3b203c8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, May 31, 2021 at 4:04 PM Go Kudo <zeriyoshi@gmail.com> wrote:

> Hi Internals.
>

Hi :) Thanks for your continued work on this RFC. This is a tough one, with
a lot of feedback, some of it contradictory. I'm still going to add my 2c..=
.

I think that this proposal can basically work out in two ways:

1. Pragmatic: Have a Random class that represents both the raw randomness
source and ways to use it.
2. Pure: Separate the randomness source from transformations based on it.

Your current design sits in a weird middle ground between these, where you
can extend the Random class to insert a user-provided randomness source.

I think you should pick between one or the other option. If you pick the
first option, then user-extensibility should simply not be supported at
all. The class should be final, and only support a limit set of
extension-provided RNGs. This is a pragmatic design that covers most
use-cases.

If you pick the second option, then you should consistently separate the
source for both extension-provided RNGs and user-provided ones. I don't
think it makes sense to have extension provided RNGs use a `new
Random(RANDOM_XORSHIFT128PLUS)` interface, while user-provided ones use
`new Random(new SomeRandomSource)`. Going down this route, it should be
`new Random(new XorShift128Plus)`. This is a pure design, which also means
that it's more complicated, and may make simple usages harder (though there
is certainly room for a Random::createDefault() here.)

As a minor note, I don't think we should add something like
random.ignore_generated_size_exceeded. Our general policy is to avoid the
introduction of ini settings that affect runtime behavior where possible.
We should pick one of the behaviors here and stick with it.

Regards,
Nikita

I apologize for the discussion outside the ML. Here's a brief history.
>
> https://github.com/php/php-src/pull/7079
>
> - To test the implementation, I sent a Pull-Request to php-src on GitHub.
> - An excellent point was made, and we ended up having a discussion about =
it
> on GitHub.
> - I was going to change the current implementation RFC to Under Discussio=
n,
> but decided against it.
>
> Also, sorry for the delay in answering your questions. I am not very good
> at English and it is taking me a long time.
>
> The current implementation and RFC:
>
> - https://github.com/php/php-src/pull/7079
> - https://wiki.php.net/rfc/rng_extension
>
> However, the implementation of this user-defined class is very ugly and w=
e
> intend to improve it as follows.
>
> Before:
> ```php
>
> class Random
> {
>     public function __construct(string $algo =3D RANDOM_XORSHIFT128PLUS, =
?int
> $seed =3D null) {}
>     //....
> }
>
> class UserDefinedRandom extends Random
> {
>     protected function next(): int
>     {
>         return 1;
>      }
> }
> ```
>
> After:
> ```php
> interface RandomNumberGenerator
> {
>     public function generate(): int;
> }
>
>
> final class Random
> {
>     public function __construct(string|RandomNumberGenerator $algo =3D
> RANDOM_XORSHIFT128PLUS, ?int $seed =3D null) {}
> }
> ```
>
> 2021=E5=B9=B45=E6=9C=8826=E6=97=A5(=E6=B0=B4) 0:35 Go Kudo <zeriyoshi@gma=
il.com>:
>
> > Hi, Thanks for the response.
> >
> > The RFC has been revised based on the points you pointed out.
> >
> > https://wiki.php.net/rfc/rng_extension
> >
> > The main changes are as follows:
> >
> > - Class name has been changed from `Randomizer` to `Random` .
> > - Added a static method `getNonBiasedMax()` to get the safe range.
> > - `int()` and `bytes()` have been renamed to `getInt()` and `getBytes()=
`
> > for avoid future reserved words.
> > - `getInt()` arguments no longer accept null.
> > - `shuffle(array|string $target): array|string` has been separated into
> > `arrayShuffle(array $array)` and `stringShuffle(string $string): string=
`
> > for more comfortable static-analysis.
> > - fix: php_random_algo struct (included uint64_t -> int64_t)
> >
> > Answer a few questions:
> >
> > > When $seed is null, what is used for the seed value?
> >
> > Depends on the algo's implementation, but basically it is using interna=
l
> > `php_random_int()`.
> > It is similar to `mt_srand()` on PHP 8.1.
> >
> >
> >
> https://github.com/php/php-src/commit/53ee3f7f897f7ee33a4c452100146480433=
86e13
> >
> > > Why cancelled RNG Extension?
> >
> > As a result of discussions during the draft, the functions became a
> single
> > class and no longer need to be separated. The functionality for random
> > numbers is now included in ext/standard and will conform to this. (e.g.
> > rand.c random.c)
> >
> > > Deprecation
> >
> > Dropped in the last RFC update.
> > These were premature and should not have been included with the RFCs th=
at
> > add new features.
> >
> > If the direction seems generally okay, I'd like to start implementing i=
t
> > to show more details.
> >
> > Regards,
> > Go Kudo
> >
> > 2021=E5=B9=B45=E6=9C=8823=E6=97=A5(=E6=97=A5) 5:56 Go Kudo <zeriyoshi@g=
mail.com>:
> >
> >> Hi, Internals and all participated in the previous discussion.
> >>
> >> RFCs have been cleaned up and the proposal has been substantially
> changed.
> >>
> >> https://wiki.php.net/rfc/rng_extension
> >>
> >> First of all, I apologize for not checking out the implementation of
> >> password_hash(), which is a precedent to learn from.
> >>
> >> I think I've answered all the questions I've been getting on Open
> Issues.
> >> If I have left anything out, please let me know.
> >>
> >> Regards,
> >> Go Kudo
> >>
> >
>

--000000000000706c8b05c3b203c8--