Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:119213 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 17223 invoked from network); 29 Dec 2022 13:25:06 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 29 Dec 2022 13:25:06 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id B96321804FF for ; Thu, 29 Dec 2022 05:25:05 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS24940 176.9.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 29 Dec 2022 05:25:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be; s=mail20171119; t=1672320303; bh=abjkOJY8MzxuMDGY/6fC3fDf19IRJvOTKZCbKHp61Go=; h=Date:Subject:To:References:From:In-Reply-To:From; b=mRdwpfxhwYVymEwgv0FNRsSTIKNZyNsxo4OFmm+QwUlO2zuArc97MU8RE6MUx+Z2q 0gxqxCldFseSQD57xPAYfnqo7CzmzoeL6Mf2StEEAVBRJYyhqEGDd/TxoLrRNwuS1b HDWTZZ8i09A/iyktanPpGohUfU5BUJzt510Re526+PT3HiUh8g+lE31p56y+/61YtB Efqm/+K+JnGuaqv5u7AUVFd+Lqd48uOZWERXUJ5v14AldY1egTCYHQqb052aKegBAO UKW0P+NyzrhYwuRtFYJQpWAMUfGRlXSFKMrmToGp5NBuSRpCQ+ubQUZITV878qdSne jZYE6DiYbUxLA== Message-ID: <046f5d6d-772b-15b5-e162-9309f67eba97@bastelstu.be> Date: Thu, 29 Dec 2022 14:25:00 +0100 MIME-Version: 1.0 Content-Language: en-US To: Go Kudo , internals@lists.php.net References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] ext-random: add random_float() ? From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=) Hi On 12/20/22 07:27, Go Kudo wrote: > Now that my work is done, I was thinking about a proposal for a sunsetting > of existing functions for PHP 8.3 based on the features introduced in > ext-random, and I realized that there is no alternative to `lcg_value()`. > > Essentially, this could be completely replaced by > Random\Randomizer::getFloat(), but there are easier `random_int()` and > `random_bytes()` functions for ints and strings. > > The Randomizer may be overkill and complicated for PHP use cases where > random number reproducibility is not required in many cases. > > So, why not add a `random_float(): float` function? This function, like the > others, uses CSPRNG and returns a value between 0.0 and 1.0. This behavior > is `Closed` `Closed`. > > Opinions are welcome. I'm not convinced that a random_float() function is a good addition. Especially not with the proposed behavior: 1. Using the (0, 1, ClosedClosed) behavior does neither match Randomizer::nextFloat(), nor Randomizer::getFloat(). 2. I consider the ClosedOpen behavior to be the "correct" default, because the interval can then be cleanly split into equally sized subintervals. -------------------- But even when random_float() would work like Randomizer::nextFloat() (i.e. (0, 1, ClosedOpen)), I would not consider this a good addition: Users would likely attempt to scale the returned value to arbitrary ranges using the `($min + random_float() * ($max - $min))` construction, instead of using Randomizer::getFloat(). As per Drawing Random Floating-Point Numbers from an Interval. Frédéric Goualard, ACM Trans. Model. Comput. Simul., 32:3, 2022 this construction is unsafe, because is is both biased and also may return values outside the expected interval. -------------------- So random_float() would rather need to behave like Randomizer::getFloat() instead of Randomizer::nextFloat() and then it would not be much simpler than using the Randomizer class directly. I further expect that needing to generate random floats is much rarer than needing to generate random integers or random bytes (for tokens), thus having convenience functions for those two, but not floats is acceptable and keeps the API surface simple, making it easier to document all the gotchas. Users can add convenience wrappers themselves. Best regards Tim Düsterhus