Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:117049 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 65275 invoked from network); 17 Feb 2022 06:19:53 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 17 Feb 2022 06:19:53 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 382B91804A7 for ; Wed, 16 Feb 2022 23:38:02 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-yb1-f182.google.com (mail-yb1-f182.google.com [209.85.219.182]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 16 Feb 2022 23:38:01 -0800 (PST) Received: by mail-yb1-f182.google.com with SMTP id j2so11419248ybu.0 for ; Wed, 16 Feb 2022 23:38:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=colopl.co.jp; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BN8wahTyEjfUpux6KwuTNNWcZj/LQoiJIjS4rY+cxjk=; b=TEfaDMU5AFJqzZ7fMS2IzuaGOezXjJitPqG2/kIz4AF1vCI4ihs/ifG1Xf64lNB3Yc S37nXGULOgQRhNKfqcJA3yhIfvC58IYF6BHU0Hky1T61OdL+wsDWjXhvkleXjpPC6glW 37Nr4JVqVmM7s4i16RwltBMlLPOrBjMCWZe7pdH2YjxdYjWdfJMczZWuTnqVpQ3byYG6 SEa3YNjjfJ7SJOOltsAO5U5RSBvFge/JM61/He+f0f7c5mKDROKMTCGnZtTDLSyMJ5bx aN0oFHSZ+QWQnQC5tTuASlmvrpEC1Sg56nwwUtRTLJ2nrBj+3u+05LxpAYYrP3/UJTwC Ff6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BN8wahTyEjfUpux6KwuTNNWcZj/LQoiJIjS4rY+cxjk=; b=JSiHNC6xy+gI05RCC9cp0/O06QmNR0u3S+qc1DlLiPSyndc7bJVrlwZGRtxBsb/y45 A8h8MPFBU0PW/kTw4bfrSBH0HEXFDBf4fWf2BeLNrXvf4sjyZYT18ZrDQV1nEh85OJbM nIgVeFMoHFHRiKQ1zcd7Upb2kihAAgZ+yv6Veeg+2EMOqLyIHSmqO4UaAce9y1w4GHyy Jlc5B5Tvi5nDBpAQqwSn4S/YnV+U8hXVwkRF3BNS3hl+NFeuP8ExuT3Zncqla1b5z1+m jZ7CRoHkIJejsvADIYsu6LLZfMbwjATql+a6Vtbvl1ZOhp8NfcaHR6APoX8gRbkbTBPi 3n9A== X-Gm-Message-State: AOAM533Tjo8FrwBMG66bmceA6LX+6iezb4yAhByvzDJLHlmjUOCsb8A+ GDsm62xpQUS+vXo84HPZIrXAzwquCCg/YYuy2yZhzQTkrjIP X-Google-Smtp-Source: ABdhPJw4MfcQsD+u7Ae50iwfGTNJtocXow4rPoWljgRwFs9jEoAZ3u1cD3RYBFv7wkJXzQU6XX2uY2ekBzrpGb8RKLs= X-Received: by 2002:a25:3626:0:b0:620:ea14:a2ed with SMTP id d38-20020a253626000000b00620ea14a2edmr1239202yba.656.1645083481202; Wed, 16 Feb 2022 23:38:01 -0800 (PST) MIME-Version: 1.0 References: <41a1b458-4941-f34e-f1b4-e25b3298b80a@bastelstu.be> <553ba7ca-3821-c2d9-f88f-b216013a887b@bastelstu.be> <2c667812-88c8-0b7b-3558-561a1348d0b2@bastelstu.be> <5f496cf9-8754-b009-9cb5-b978222b2249@bastelstu.be> In-Reply-To: Date: Thu, 17 Feb 2022 16:37:50 +0900 Message-ID: To: =?UTF-8?Q?Tim_D=C3=BCsterhus?= Cc: internals@lists.php.net Content-Type: multipart/alternative; boundary="0000000000008600e405d831d807" Subject: Re: [PHP-DEV] [RFC] [Under Discussion] Random Extension 4.0 From: g-kudo@colopl.co.jp (Go Kudo) --0000000000008600e405d831d807 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable 2022=E5=B9=B42=E6=9C=8816=E6=97=A5(=E6=B0=B4) 21:25 Tim D=C3=BCsterhus : > Hi > > On 2/16/22 12:39, Go Kudo wrote: > >> Is the nextByteSize() method actually required? PHP strings already > know > > their own length. > > > > This is a convenience of the current implementation. > > You already said that you will think of some good ideas, but I'd like to > be clear that the convenience of the internal implementation should not > be something that affects the user-facing implementation. > > In fact with the current implementation I can trivially create a > memory-unsafety bug: > > > use Random\Engine; > use Random\Randomizer; > > final class Bug implements Engine { > public function generate(): string > { > return ''; > } > > public function nextByteSize(): int { > return 7; > } > } > > $e =3D new Bug(); > $g =3D new Randomizer($e); > > var_dump(\bin2hex($g->getBytes(8))); > > Results in: > > > =3D=3D116755=3D=3D Use of uninitialised value of size 8 > > =3D=3D116755=3D=3D at 0x6180C8: php_bin2hex (string.c:111) > > =3D=3D116755=3D=3D by 0x6185D2: zif_bin2hex (string.c:220) > > =3D=3D116755=3D=3D by 0x79BDB4: ZEND_DO_ICALL_SPEC_RETVAL_USED_H= ANDLER > (zend_vm_execute.h:1312) > > =3D=3D116755=3D=3D by 0x8194F0: execute_ex (zend_vm_execute.h:55= 503) > > =3D=3D116755=3D=3D by 0x81ED86: zend_execute (zend_vm_execute.h:= 59858) > > =3D=3D116755=3D=3D by 0x75A923: zend_execute_scripts (zend.c:174= 4) > > =3D=3D116755=3D=3D by 0x69C8C4: php_execute_script (main.c:2535) > > =3D=3D116755=3D=3D by 0x8E0B19: do_cli (php_cli.c:965) > > =3D=3D116755=3D=3D by 0x8E1DF9: main (php_cli.c:1367) > > =3D=3D116755=3D=3D > > =3D=3D116755=3D=3D Use of uninitialised value of size 8 > > =3D=3D116755=3D=3D at 0x618100: php_bin2hex (string.c:112) > > =3D=3D116755=3D=3D by 0x6185D2: zif_bin2hex (string.c:220) > > =3D=3D116755=3D=3D by 0x79BDB4: ZEND_DO_ICALL_SPEC_RETVAL_USED_H= ANDLER > (zend_vm_execute.h:1312) > > =3D=3D116755=3D=3D by 0x8194F0: execute_ex (zend_vm_execute.h:55= 503) > > =3D=3D116755=3D=3D by 0x81ED86: zend_execute (zend_vm_execute.h:= 59858) > > =3D=3D116755=3D=3D by 0x75A923: zend_execute_scripts (zend.c:174= 4) > > =3D=3D116755=3D=3D by 0x69C8C4: php_execute_script (main.c:2535) > > =3D=3D116755=3D=3D by 0x8E0B19: do_cli (php_cli.c:965) > > =3D=3D116755=3D=3D by 0x8E1DF9: main (php_cli.c:1367) > > =3D=3D116755=3D=3D > > string(16) "0000000000000000" > > For userland implementations you really must derive the size from the > returned bytestring. Otherwise it's easy for a developer to create an > implementation where nextByteSize() and generate() disagree. Even if the > memory-unsafety is fixed, this will result in frustration for the user. > > For native implementations you can keep some explicit width in the code, > if that helps with performance. > > Best regards > Tim D=C3=BCsterhus > Hi Tim The following points have been fixed: - `nextByteSize(): int` has been removed from Random\Engine - If the width of the RNG is statically defined, it will now be used preferentially - Added Xoshiro256StarStar - Fixed an endianness issue And updated RFC https://wiki.php.net/rfc/rng_extension I also had a PHP implementation of Xorshift128Plus on hand, so I included it in the tests. https://github.com/colopl/php-src/blob/upstream_rfc/scoped_rng_for_pr/ext/r= andom/tests/engine/user_xorshift128plus.phpt Xoshiro128PlusPlus has been dropped from the bundle due to width issues. If necessary, it will be implemented as an extension to PECL. However, it is built in as a test of the userland implementation https://github.com/colopl/php-src/blob/upstream_rfc/scoped_rng_for_pr/ext/r= andom/tests/engine/user_xoshiro128plusplus.phpt This seems to have solved the whole problem. How about it? Regards Go Kudo --0000000000008600e405d831d807--