hi, On Tue, Feb 23, 2016 at 5:41 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Hi all, > > On Tue, Feb 23, 2016 at 6:30 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: >> >> We have issue on pseudo random generators generates only odd/even >> numbers. >> >> https://bugs.php.net/bug.php?id=63174 >> https://news.ycombinator.com/item?id=9941364 >> >> We should raise E_WARNING/E_NOTICE if user supplies random number >> range that generated random number cannot be random at least. >> Patch for rand/mt_rand. >> https://gist.github.com/yohgaki/1519f65dffd66735bafe >> >> It seems we need more reliable(fool proof) pseudo random generator. >> Anyone working on this? >> >> We may extends rand()/mt_rand() so that they work with larger range by >> calling random generators multiple times. If this is implemented, the >> patch raises errors is not required. mt_rand() extension breaks compatibility >> with other MT rand implementations, but we already broke it. Therefore, it >> should not matter. (This was the reason why mt_rand() wasn't made to support >> 64bit int, IIRC) >> >> IMO, we should provide better pseudo random generators than now. >> >> Any comments? > > This is edge case that produces odd/even numbers only. > https://3v4l.org/kYpAF > This is the worst case. Current implementation uses 32bit int for > generating random numbers and any number exceeds the range could be > biased because the result is computed by RAND_RANGE() which uses > double for arithmetic. PHP allows huge min/max without any > warning/error under 64bit OS. > > Limiting range can prevent this and we can be sure rand()/mt_rand() > produce the same random numbers on both 32/64 bit platform. (If rand() > uses the same algorithm, of course) > https://gist.github.com/yohgaki/1519f65dffd66735bafe > Valid range is limited to 2^31 according to current implementation. > > Actual range could be determined by PHP_RAND_MAX/PHP_MT_RAND_MAX, but > I heard Windows' PHP_RAND_MAX is only 2^15. Is this correct? I don't > prefer to have strict range error for these systems. I'll write patch > that does not raise warning for smaller PHP_RAND_MAX. It's unreliable > pseudo random generator anyway. It should not matter much. > > > Any comments for adding out of range warnings to rand()/mt_rand()? If > nobody has comment on this, I'll write RFC for additional warnings. > Anyone prefer to extend rand()/mt_rand() for 64bit OSes?
Thing is the MT algorithm may not be design to do that, at all but was designed for 32-bit integers. I won't be in favor of changing (again) the implementation without any safety about the results (safety means compliance or be even more different from the MT algorithms). Adding warning when the given ranges are out of bounds sound good, and reduce them within the maximum range. I joined the other person proposing not to change anything else in our MT implementation as there is little to no benefit. If we need pure implementation of one pseudo RNG or another, we can provide new implementations. But changing again this one may bring more troubles than what we are trying to solve. Cheers, -- Pierre @pierrejoye | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
