Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:91354
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 47302 invoked from network); 23 Feb 2016 10:42:16 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Feb 2016 10:42:16 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.179 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.161.179 mail-yw0-f179.google.com  
Received: from [209.85.161.179] ([209.85.161.179:33845] helo=mail-yw0-f179.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BF/B0-38634-5873CC65 for <internals@lists.php.net>; Tue, 23 Feb 2016 05:42:13 -0500
Received: by mail-yw0-f179.google.com with SMTP id h129so142887364ywb.1
        for <internals@lists.php.net>; Tue, 23 Feb 2016 02:42:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:content-type;
        bh=FRy5HvYHy55IzVIYoGA2TAFYGhLArVt2RLRdjpMO+QE=;
        b=M96eeHqyloocILFQuSi7iKWqLPzu8viXneGYJZ1Xa1sfvXN9OZUIHXC7gNF1mnaXcr
         yJOXOdlJ1ELz7q6jh3pcnLSeuUqQvmzAxi4eUG2LK0ufza1I0eVR3iQof7KSnK70GF6Q
         kL11DuuhE4SEA1916qFEeN7v6Z6/RCG8GltaMzKVEoFTrXawdExHpIiKXx6wIvKLHyd8
         AjlyMA/25dF/byptD1dpJZ+qHhjNS7YGkZsp0+2NbACYBpqtdpMxYXwgCOM+yC/kvz4U
         X1omrZbI2FjUFcp7PtV+7b678HKyzUUVIu/nt+Qtjw5gdNcmdutCnvhpfUH8xxNDrwCp
         jntQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:content-type;
        bh=FRy5HvYHy55IzVIYoGA2TAFYGhLArVt2RLRdjpMO+QE=;
        b=ZvcvIHXvUQ9FIn4lDe47I0BBc4BmZM2kAKRt/kI+hZSfnlSmvLUtsso1h5H9/sz5hd
         3Gp5SmD/KAjAddnwutJfgpSd8NQNHpwXQzkYY1rbFBgVMm62EO93/ew/f9LZmEZ5NX7H
         rtObiAd8oyOxGJIPZl2ZbkNlhSlYQ60wALdya9RVySYuWGlShGZj9o8kKSEHJsIFtHFx
         mVaVjET9ByyaQYCPtf2hAQLmwzgnJvCd77Qcdd4O9KnqDekbOS0+D2+nMtRaxnINQVy5
         J3fAUnVwjwMuN34+KWlfb1LpUyZTvby1pNWslf8y1oReRLW2YyqZUScR6jZqsHGtv4KY
         LOdg==
X-Gm-Message-State: AG10YOSVUvynuSiCdvavFc/MPSC4S1ezL9Sux2KEGYh96M3/7Gaa/jZQup7F6KAejmZyqkAGOmbL8lazW8kXoQ==
X-Received: by 10.13.226.149 with SMTP id l143mr16233272ywe.0.1456224130855;
 Tue, 23 Feb 2016 02:42:10 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.129.109.22 with HTTP; Tue, 23 Feb 2016 02:41:31 -0800 (PST)
In-Reply-To: <CAGa2bXaBoxMF9mpn0yjJ-sNZ+rYG=rpTB=iPP_t7RXsJGWafMQ@mail.gmail.com>
References: <CAGa2bXaBoxMF9mpn0yjJ-sNZ+rYG=rpTB=iPP_t7RXsJGWafMQ@mail.gmail.com>
Date: Tue, 23 Feb 2016 19:41:31 +0900
X-Google-Sender-Auth: LfgsyuS5P5WJ7_exEr5ADYthMuk
Message-ID: <CAGa2bXbOzvryXAnwBGFCVvfKOLqTDs8dLZK4FNLLKvnLL4i3VQ@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: PRNG: Raise warning and/or provide better pseudo random generator?
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi all,

On Tue, Feb 23, 2016 at 6:30 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
>
> We have issue on pseudo random generators generates only odd/even
> numbers.
>
> https://bugs.php.net/bug.php?id=63174
> https://news.ycombinator.com/item?id=9941364
>
> We should raise E_WARNING/E_NOTICE if user supplies random number
> range that generated random number cannot be random at least.
> Patch for rand/mt_rand.
> https://gist.github.com/yohgaki/1519f65dffd66735bafe
>
> It seems we need more reliable(fool proof) pseudo random generator.
> Anyone working on this?
>
> We may extends rand()/mt_rand() so that they work with larger range by
> calling random generators multiple times. If this is implemented, the
> patch raises errors is not required. mt_rand() extension breaks compatibility
> with other MT rand implementations, but we already broke it. Therefore, it
> should not matter. (This was the reason why mt_rand() wasn't made to support
> 64bit int, IIRC)
>
> IMO, we should provide better pseudo random generators than now.
>
> Any comments?

This is edge case that produces odd/even numbers only.
https://3v4l.org/kYpAF
This is the worst case. Current implementation uses 32bit int for
generating random numbers and any number exceeds the range could be
biased because the result is computed by RAND_RANGE() which uses
double for arithmetic. PHP allows huge min/max without any
warning/error under 64bit OS.

Limiting range can prevent this and we can be sure rand()/mt_rand()
produce the same random numbers on both 32/64 bit platform. (If rand()
uses the same algorithm, of course)
https://gist.github.com/yohgaki/1519f65dffd66735bafe
Valid range is limited to 2^31 according to current implementation.

Actual range could be determined by PHP_RAND_MAX/PHP_MT_RAND_MAX, but
I heard Windows' PHP_RAND_MAX is only 2^15. Is this correct? I don't
prefer to have strict range error for these systems. I'll write patch
that does not raise warning for smaller PHP_RAND_MAX. It's unreliable
pseudo random generator anyway. It should not matter much.

Any comments for adding out of range warnings to rand()/mt_rand()? If
nobody has comment on this, I'll write RFC for additional warnings.
Anyone prefer to extend rand()/mt_rand() for 64bit OSes?

Regards

--
Yasuo Ohgaki
yohgaki@ohgaki.net