Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:80425
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 52451 invoked from network); 13 Jan 2015 00:27:20 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Jan 2015 00:27:20 -0000
Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain lerdorf.com designates 209.85.216.179 as permitted sender)
X-PHP-List-Original-Sender: rasmus@lerdorf.com
X-Host-Fingerprint: 209.85.216.179 mail-qc0-f179.google.com  
Received: from [209.85.216.179] ([209.85.216.179:39397] helo=mail-qc0-f179.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 57/00-51796-76664B45 for <internals@lists.php.net>; Mon, 12 Jan 2015 19:27:20 -0500
Received: by mail-qc0-f179.google.com with SMTP id c9so32740qcz.10
        for <internals@lists.php.net>; Mon, 12 Jan 2015 16:27:16 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
         :cc:subject:references:in-reply-to:content-type;
        bh=sRZ2NjOPiSELwDouMeoiaD1ioCkFtQQo01lhUsdQI6U=;
        b=Z8mMu8cBtFS9DGLoWT5tV87KD8zrmj9Cvr1zUNfPTi9QufHu+83A5KbTmGroWVUkWG
         p+D2Q/5AUonozGLgZ9X223K0NArDDTcfnklEPquiPVJFwmucrJCVzaUGAdwAPrJfTsSb
         vGg/XKQJX2B8ziDnv3PuKzifO4UFSXztRzjtTkWqWdZsHkGlo4r+iVLfqVaV/UJD1CoJ
         3dMh3IayunB3joupLmrub2K4be0DamCfPdA2U52x8twjqiBjGL88ZLCMES1wnm0ikpqi
         HbPv/uThNY7X1ZS7Duuy+DhMU5nH7c5VqX7AB8ka+vEVLMl+hB9QE+asLkMnh41VCOdR
         W5mg==
X-Gm-Message-State: ALoCoQm64ZxJYgWIzW/e+ww+GjRLlWkpLPtmNf1QKghy89vvlRCxdJgZuz0EuasxWuveuxdoid41
X-Received: by 10.140.35.114 with SMTP id m105mr51306932qgm.79.1421108836670;
        Mon, 12 Jan 2015 16:27:16 -0800 (PST)
Received: from [192.168.200.14] (c-50-131-44-225.hsd1.ca.comcast.net. [50.131.44.225])
        by mx.google.com with ESMTPSA id v10sm16297985qat.0.2015.01.12.16.27.14
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 12 Jan 2015 16:27:15 -0800 (PST)
Message-ID: <54B46661.7080001@lerdorf.com>
Date: Mon, 12 Jan 2015 16:27:13 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Andrea Faulds <ajf@ajf.me>
CC: Stanislav Malyshev <smalyshev@gmail.com>, 
 Yasuo Ohgaki <yohgaki@ohgaki.net>,
 PHP Internals List <internals@lists.php.net>
References: <E472413E-7615-49F9-BE6C-AAA0088C3F53@ajf.me> <54B30DB9.3000003@seld.be> <76B8D342-43E7-42E6-AD82-FCF7C5CA8658@ajf.me> <54B31D77.9010100@gmail.com> <976B7B2E-7BC9-4514-ABF3-C0DA3ED98897@ajf.me> <54B32145.80501@gmail.com> <B3E640CE-0361-4132-A849-20AFFC9D7AA8@ajf.me> <54B32BEA.5090507@gmail.com> <54B38EA6.8070402@lerdorf.com> <47FF88D5-14F8-4844-A9DD-51532FBF3588@ajf.me>
In-Reply-To: <47FF88D5-14F8-4844-A9DD-51532FBF3588@ajf.me>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="BAWoVVUEwAAu92BUEstgVXHhSL1TlUTGl"
Subject: Re: [PHP-DEV] rand(), mt_rand() and limits
From: rasmus@lerdorf.com (Rasmus Lerdorf)

--BAWoVVUEwAAu92BUEstgVXHhSL1TlUTGl
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 01/12/2015 01:31 AM, Andrea Faulds wrote:
> Hi Rasmus,
>=20
>> On 12 Jan 2015, at 09:06, Rasmus Lerdorf <rasmus@lerdorf.com> wrote:
>>
>> Yes, there is plenty of code out there that relies on srand()+rand()
>> returning a repeatable sequence of pseudo-random numbers. I have writt=
en
>> some myself. C devs are very familiar with this behaviour of srand.
>=20
> C devs are also familiar with the usage of strtok, but it doesn't make =
an API with global state any less flawed.
>=20
> The problem with rand() and srand() is they're used for three different=
 purposes, only one of which they're terribly fitting for:
>=20
> - To produce a non-repeatable sequence of random numbers (works OK if s=
rand() isn't used)
> - To produce a repeatable sequence of random numbers (works, but only i=
f you and the sole user of the global random number  generator, which is =
not guaranteed by any means)

Well, luckily PHP is not multi-threaded for the majority of PHP uses so
you can be pretty sure you are the only user in your process. I suppose
if you are in some massive framework and you have no idea what your
framework is doing you could perhaps run into problems, but then you
have other issues. Assuming you know what you are doing on a single
request you get a guaranteed repeatable sequence of numbers and this is
a super useful feature that we can't just arbitrarily kill because you
think some people might use it incorrectly.

-Rasmus


--BAWoVVUEwAAu92BUEstgVXHhSL1TlUTGl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlS0ZmEACgkQlxayKTuqOuBu5ACeNbcor3Cdygm3DNOh5+UFwf4/
QMQAni1E7NouFmgE0CibFAy9rmoxL/le
=gNuk
-----END PGP SIGNATURE-----

--BAWoVVUEwAAu92BUEstgVXHhSL1TlUTGl--