Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:91358 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 57803 invoked from network); 23 Feb 2016 12:46:24 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Feb 2016 12:46:24 -0000 Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.172 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.214.172 mail-ob0-f172.google.com Received: from [209.85.214.172] ([209.85.214.172:36528] helo=mail-ob0-f172.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BF/72-38634-D945CC65 for ; Tue, 23 Feb 2016 07:46:21 -0500 Received: by mail-ob0-f172.google.com with SMTP id gc3so192754185obb.3 for ; Tue, 23 Feb 2016 04:46:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=bD+da5PNj6hmRsvZSX4kplcSL2sS9+PDcklZ02F2DjI=; b=h67zaXsDVV63th0Hz8TCrbvgXYB6gQu9k9QbRFOVI+83Tz9lvG5RkCuvSJBR7C/Da4 ExzedDCwwjVRGVNmjXHxZUV3ANaWtohLh+xvwsJ2Vz5Buu9JpBM7KenA/JPbPpOZGXV7 aKjw/Exg5zyqKw8XxeJl1uNE3QKzPZgUVxjX0N4kxn+d6jiPM6tJRZq1q/W3XENHgPpY tw6RX0ucP7togMlihHaMJdNejys2coiPMli4cEmUg1CzIs9mV7UPJO7WtDeH0EoM1BDo +Cx9LnTKrxdgEsebd9v8gmUg7Tuc1QJaj+gD3ugMUfa0mfKMqaQCMP33SMlIM1Wbobbu x9+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=bD+da5PNj6hmRsvZSX4kplcSL2sS9+PDcklZ02F2DjI=; b=AP1s54DxUI1Lzf/EdV5IjVbUp17VBM3t79xwaUK0fQhNH8xP18/KuRuctFG6y/+9NB 6S0AKH/2E+pnZDzhDX4Ps1qo789xUSZWAVmk/SPNCIjQ35m42/e0952BvJET5Yk0a7bR jrAEgxBj0OAqbBDUvs3vmpwP/4bJOxGLcEst3rds38JO05lM5jn3iiJG/W8ThuNbHy9S ooMuW+67chMSj09Q/Y8fSH56tRpxV7Ru67RDYbWNiiwf+kW/Fs1tLFofP/1UhPgaNjud Z4ZYmTPtcj9akfNFndRP6sQW2axA55Vszbn+o48j1D9ZNH+mQclzfnDg49LS/8foywa+ kP9w== X-Gm-Message-State: AG10YOQIOwfi6J39eoikOq7f+aokgaOBDENy4CYI39TGTzzbQl7Yvxxv1SnziAHV1Tp7JRaPxshC7KtxDMa53w== MIME-Version: 1.0 X-Received: by 10.182.38.199 with SMTP id i7mr28723895obk.86.1456231578335; Tue, 23 Feb 2016 04:46:18 -0800 (PST) Received: by 10.202.95.68 with HTTP; Tue, 23 Feb 2016 04:46:18 -0800 (PST) In-Reply-To: References: Date: Tue, 23 Feb 2016 19:46:18 +0700 Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Re: PRNG: Raise warning and/or provide better pseudo random generator? From: pierre.php@gmail.com (Pierre Joye) hi, On Tue, Feb 23, 2016 at 5:41 PM, Yasuo Ohgaki wrote: > Hi all, > > On Tue, Feb 23, 2016 at 6:30 AM, Yasuo Ohgaki wrote: >> >> We have issue on pseudo random generators generates only odd/even >> numbers. >> >> https://bugs.php.net/bug.php?id=63174 >> https://news.ycombinator.com/item?id=9941364 >> >> We should raise E_WARNING/E_NOTICE if user supplies random number >> range that generated random number cannot be random at least. >> Patch for rand/mt_rand. >> https://gist.github.com/yohgaki/1519f65dffd66735bafe >> >> It seems we need more reliable(fool proof) pseudo random generator. >> Anyone working on this? >> >> We may extends rand()/mt_rand() so that they work with larger range by >> calling random generators multiple times. If this is implemented, the >> patch raises errors is not required. mt_rand() extension breaks compatibility >> with other MT rand implementations, but we already broke it. Therefore, it >> should not matter. (This was the reason why mt_rand() wasn't made to support >> 64bit int, IIRC) >> >> IMO, we should provide better pseudo random generators than now. >> >> Any comments? > > This is edge case that produces odd/even numbers only. > https://3v4l.org/kYpAF > This is the worst case. Current implementation uses 32bit int for > generating random numbers and any number exceeds the range could be > biased because the result is computed by RAND_RANGE() which uses > double for arithmetic. PHP allows huge min/max without any > warning/error under 64bit OS. > > Limiting range can prevent this and we can be sure rand()/mt_rand() > produce the same random numbers on both 32/64 bit platform. (If rand() > uses the same algorithm, of course) > https://gist.github.com/yohgaki/1519f65dffd66735bafe > Valid range is limited to 2^31 according to current implementation. > > Actual range could be determined by PHP_RAND_MAX/PHP_MT_RAND_MAX, but > I heard Windows' PHP_RAND_MAX is only 2^15. Is this correct? I don't > prefer to have strict range error for these systems. I'll write patch > that does not raise warning for smaller PHP_RAND_MAX. It's unreliable > pseudo random generator anyway. It should not matter much. > > > Any comments for adding out of range warnings to rand()/mt_rand()? If > nobody has comment on this, I'll write RFC for additional warnings. > Anyone prefer to extend rand()/mt_rand() for 64bit OSes? Thing is the MT algorithm may not be design to do that, at all but was designed for 32-bit integers. I won't be in favor of changing (again) the implementation without any safety about the results (safety means compliance or be even more different from the MT algorithms). Adding warning when the given ranges are out of bounds sound good, and reduce them within the maximum range. I joined the other person proposing not to change anything else in our MT implementation as there is little to no benefit. If we need pure implementation of one pseudo RNG or another, we can provide new implementations. But changing again this one may bring more troubles than what we are trying to solve. Cheers, -- Pierre @pierrejoye | http://www.libgd.org