Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:117899
Return-Path: <tim@bastelstu.be>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 48087 invoked from network); 10 Jun 2022 08:56:13 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 Jun 2022 08:56:13 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 657B9180210
	for <internals@lists.php.net>; Fri, 10 Jun 2022 03:42:41 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS24940 176.9.0.0/16
X-Spam-Virus: No
X-Envelope-From: <tim@bastelstu.be>
Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 10 Jun 2022 03:42:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be;
	s=mail20171119; t=1654857758;
	bh=20CBSUmtmj0k4d/QSU12fsIcq0JZwmfsplhrheMBWI4=;
	h=Date:Subject:To:References:From:In-Reply-To:From;
	b=ozihHlVj+oeM1BBgVOHPdIhOWxfn+z9tWGuUb7TgHwKXc/T21hsrYGOdLqeVn0If2
	 abHt+DUukAEr+2EeZAip4+5/BCdisnwm+JHECH2SztiEBF4jcevCM0Z2/ws6/V6Py4
	 ccxH6VEPhAYBJNnMeXl3QXn+XaMdDao8F7iSrJoVD9H36wF7e6ckxex5kySBd+ObxH
	 5vOZIUg5vNkNN8weDSSm9iRmp8ujJYx9kr4dVgHlORo7v+RkHQ8CkBpzP7ss5PXDEP
	 2kGlAiyLKbQof8sFBJSU3rmlHBQ/mzQGRD9Qoy1xRlme+Lm/qlaTvd/QcqCF/GbBpm
	 N6w7PVt/9RbAA==
Message-ID: <9c907fc8-ae1c-7c2f-c77a-727d03e70407@bastelstu.be>
Date: Fri, 10 Jun 2022 12:42:36 +0200
MIME-Version: 1.0
Content-Language: en-US
To: Go Kudo <g-kudo@colopl.co.jp>, internals@lists.php.net
References: <CAMs36Hdq7Bh+fj62NBY7L5RSMy-4OOncs3fKzUQu9GzUf-zMWw@mail.gmail.com>
 <77a67ec1-2b32-0e86-3714-9b2600691c18@bastelstu.be>
 <CAMs36HdOvg0im4m=tzkO56LrUd22u-Ck0u39gBCpTBToqU4fRg@mail.gmail.com>
In-Reply-To: <CAMs36HdOvg0im4m=tzkO56LrUd22u-Ck0u39gBCpTBToqU4fRg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] [RFC] [Vote] Pre-vote announcement for Random Extension
 5.x
From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=)

Hi

On 6/10/22 12:02, Go Kudo wrote:
>> It has a single generate(): string method that generates random numbers
> as a binary string. This string must be non-empty and attempting to return
> an empty will result in a RuntimeException.
>> If you implement a random number generator in PHP, the generated numbers
> must be converted to binary using the pack() function, and the values must
> be little-endian.

Thanks, that looks good to me.

> * class Random Randomizer
> 
>> The same current PHP algorithm is used to generate random numbers within
> the specified range in Randomizer::getInt(). This is necessary for backward
> compatibility.
>> It also provides a guarantee of consistency in the future.
> 
> However, I understand that perhaps this fix will not satisfy your request.
> I just do not have a good understanding of your intentions due to my poor
> English....

Don't worry. I understand that using a foreign language can sometimes be 
hard - I am not a native speaker of English either and I suspect that 
this also applies to many other participants.

> I am considering the following possibilities regarding your intentions:
> 
> 1. Should be stated in detail so that consistency of results is maintained
> in the future.
> 2. Current PHP ranged random number generation algorithm has room for
> improvement and should be examined further
> 3. Consistency of results is difficult to maintain in the future (Maybe
> incorrect)
> 
> In case 1, I think the following statement would satisfy the requirement.
> 
>> The values generated by the seedable Engine guarantee future
> reproducibility of results, and the Randomizer uses the results to process
> them, so if the results generated by the Engine are identical, the
> Randomizer's results will also be consistent.
> 
> Although the consistency of the Randomizer results is not mentioned here,
> it would be a clear BC Break if the results were to change after the
> Randomizer is officially implemented, so I do think it is sufficient that
> an RFC be created and voted on as necessary.

If I understand you correctly, then (1) is what I am looking for: It 
should be spelled out explicitly what behavior the user may rely on and 
what should be considered an implementation detail.

Something like the following would work for me:

----

The engines implement a specific well-defined random number generator. 
For a given seed it is guaranteed that they return the same sequence as 
the reference implementation.

For the Randomizer it is considered a breaking change if the observable 
behavior of the methods changes. For a given seeded engine and identical 
method parameters the following must hold:

- The number of calls to the Engine's ->generate() method remains the same.
- The return value remains the same for a given result retrieved from 
->generate().

Any changes to the Randomizer that violate these guarantees require a 
separate RFC.

----

> In case 2, I also thought about it along the way. Nikita also taught me
> about better algorithms: https://externals.io/message/115918#115982
> 
> But, I also think that the current PHP implementation is good enough, and
> there is no need to change it to the point of breaking compatibility.
> 
> I think the current global scope MT implementation is very troublesome for
> some use cases and should first be able to be drop-in-replaceable with this
> implementation.
> 
> In case 3, I think it is necessary to guarantee consistency at least once
> at the language level, even though this may change in the future. I have
> already indicated the need for this in the RFC.

Can you comment on whether the Randomizer behaves identically on both 32 
and 64 bit PHP and also on little endian and big endian architectures? 
As an example: Will ->getInt() calculate the same "uniform distribution" 
on all bitnesses? If not I consider that a bug.

The engines *should* behave identically, because of the "little endian 
string" return value.

If that's already the case then something like the following should be 
added to the RFC guarantees:

- The implementation will guarantee that the same results are returned 
independent of the processor architecture (little endian / big endian) 
and integer bit length's (32 / 64).

> Most of all, I do not believe you intend this to be the case. (And this
> sentence is not intended to offend you either. Please don't misunderstand
> me.)
> 


Best regards
Tim Düsterhus