Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:119256
Return-Path: <kudo.go.1133@colopl.co.jp>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 98949 invoked from network); 10 Jan 2023 22:03:36 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 Jan 2023 22:03:36 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id B28CA1804A9
	for <internals@lists.php.net>; Tue, 10 Jan 2023 14:03:35 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <kudo.go.1133@colopl.co.jp>
Received: from mail-qv1-f41.google.com (mail-qv1-f41.google.com [209.85.219.41])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 10 Jan 2023 14:03:35 -0800 (PST)
Received: by mail-qv1-f41.google.com with SMTP id i12so9469688qvs.2
        for <internals@lists.php.net>; Tue, 10 Jan 2023 14:03:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=colopl.co.jp; s=google;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=uRC5TjCbdakoy8tOqFFnqT2J1PAeZvwUYmuRRSK2GEg=;
        b=LAF1APKb95h0LBul9w/OhPOxOvCCUfagXl8FOMkj8VWOHzzhxxg+XiOar7gk5rYV3g
         iA5lnuw64Bos8cct5sZ/r3yq7zmdV9x8xd5v1ADlwcoFp/lZj+K+ALw82I4g7eq9S3Ld
         4L6gXk75NL6S5kLwsDtZAtZ9yS9IrH1fHqq2BUH8iJLvP9sVG44iAG3uapqNzbbHZU5R
         EpC6ks1KIGs5m6TXLN0e5i+T4CRMZRpv/kYj6SxcOP/vzRGFLPXd5IxvfjhHko8Cr7Kz
         eOYW/Oe7r5aGz2wER7zLuPI+gtxf5qnBH2JnYsKD1fgacrRiDCdiWNlfV+MfeEBnQ7cW
         gyfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=uRC5TjCbdakoy8tOqFFnqT2J1PAeZvwUYmuRRSK2GEg=;
        b=5yFBr5BJzsI5DVFNT/AT7TR3RgCW2YSvV13DcOVLTJxg2I4UglT3KEdGEJNa/fu8RD
         niQ9eDrYfBlNM4IeDvtxlkABeL/Q2U3uNUWUSGQaG5MHAMDi7bOHIsOXISYdH+ITf2yA
         r5JTDeXWhyNvESiuQzi/U73EwjjuEnt/Oe1AITUNoFErB5j48AjU4S/XpCsjTGVI+o10
         KoRzBa7YBdgF+GwQi4o58YoRyeoVtK5lgELP1N0w1cdgFvUwmiW8M+lK78RgZnbA2egE
         +MmoPjaESskBX0Mh+0Ryzj6da1sr+XNjj8qT4c4rbGWZ/4lqWmwQRGLq1RdydzINLs0e
         ZhVg==
X-Gm-Message-State: AFqh2kqBHLx0/IK8KWcfDj8YgEf1M12KL8Aw1ZMAFEYI8K7pKDEPrZ39
	NJhXn4FD2rdBlwEw4Bo2fM+2FiA0yUf/RAFKPtCOR4p8t7m3T2s=
X-Google-Smtp-Source: AMrXdXsPgSHy8kZjka5vi562DPrUIbYkjyB+ucZexsKL+jLHjY5NHs9KwvVEHJPZ5AytssWsv80oZbA4Jlmhf5xFQ7s=
X-Received: by 2002:ad4:548f:0:b0:50c:bbc4:12f7 with SMTP id
 pv15-20020ad4548f000000b0050cbbc412f7mr2832276qvb.87.1673388214354; Tue, 10
 Jan 2023 14:03:34 -0800 (PST)
MIME-Version: 1.0
References: <CAMs36HdC6k0pjvjiXJDJhnUjSPeOnGSUFMn0FmyE2e0fZ1cCdQ@mail.gmail.com>
 <046f5d6d-772b-15b5-e162-9309f67eba97@bastelstu.be>
In-Reply-To: <046f5d6d-772b-15b5-e162-9309f67eba97@bastelstu.be>
Date: Wed, 11 Jan 2023 07:03:23 +0900
Message-ID: <CAMs36Hf5aVHAw1fV=igS1rx9inib=wiZvxBJHgX2C1R2Lyn28w@mail.gmail.com>
To: =?UTF-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>, internals@lists.php.net
Content-Type: multipart/alternative; boundary="00000000000016a74805f1f00e84"
Subject: Re: [PHP-DEV] ext-random: add random_float() ?
From: g-kudo@colopl.co.jp (Go Kudo)

--00000000000016a74805f1f00e84
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

2022=E5=B9=B412=E6=9C=8829=E6=97=A5(=E6=9C=A8) 22:25 Tim D=C3=BCsterhus <ti=
m@bastelstu.be>:

> Hi
>
> On 12/20/22 07:27, Go Kudo wrote:
> > Now that my work is done, I was thinking about a proposal for a
> sunsetting
> > of existing functions for PHP 8.3 based on the features introduced in
> > ext-random, and I realized that there is no alternative to `lcg_value()=
`.
> >
> > Essentially, this could be completely replaced by
> > Random\Randomizer::getFloat(), but there are easier `random_int()` and
> > `random_bytes()` functions for ints and strings.
> >
> > The Randomizer may be overkill and complicated for PHP use cases where
> > random number reproducibility is not required in many cases.
> >
> > So, why not add a `random_float(): float` function? This function, like
> the
> > others, uses CSPRNG and returns a value between 0.0 and 1.0. This
> behavior
> > is `Closed` `Closed`.
> >
> > Opinions are welcome.
>
> I'm not convinced that a random_float() function is a good addition.
> Especially not with the proposed behavior:
>
> 1. Using the (0, 1, ClosedClosed) behavior does neither match
> Randomizer::nextFloat(), nor Randomizer::getFloat().
>
> 2. I consider the ClosedOpen behavior to be the "correct" default,
> because the interval can then be cleanly split into equally sized
> subintervals.
>
> --------------------
>
> But even when random_float() would work like Randomizer::nextFloat()
> (i.e. (0, 1, ClosedOpen)), I would not consider this a good addition:
>
> Users would likely attempt to scale the returned value to arbitrary
> ranges using the `($min + random_float() * ($max - $min))` construction,
> instead of using Randomizer::getFloat().
>
> As per Drawing Random Floating-Point Numbers from an Interval. Fr=C3=A9d=
=C3=A9ric
> Goualard, ACM Trans. Model. Comput. Simul., 32:3, 2022 this construction
> is unsafe, because is is both biased and also may return values outside
> the expected interval.
>
> --------------------
>
> So random_float() would rather need to behave like
> Randomizer::getFloat() instead of Randomizer::nextFloat() and then it
> would not be much simpler than using the Randomizer class directly. I
> further expect that needing to generate random floats is much rarer than
> needing to generate random integers or random bytes (for tokens), thus
> having convenience functions for those two, but not floats is acceptable
> and keeps the API surface simple, making it easier to document all the
> gotchas. Users can add convenience wrappers themselves.
>
> Best regards
> Tim D=C3=BCsterhus
>

Hi Tim

Thank you for the clear explanation. I generally understood the intent. And
once again I recognized that floating point random numbers are difficult to
handle.

I agree that the addition of the random_float() function is inappropriate.
However, with the goal of deprecating it in PHP 8.3 and deprecating RNGs
with virtual machine dependent state in PHP 9.x, I think we need to provide
a useful replacement for the lcg_value() function.

Do you have any good ideas on this?

Most likely, since the random numbers generated by lcg_value() are of low
quality and do not appear to be used very often, one idea would be to
simply remove it. However, I believe that the absence of an alternative
function is likely to generate negative opinions about its elimination.

Regards,
Go Kudo

--00000000000016a74805f1f00e84--