Hi all, On Mon, Jan 30, 2017 at 11:25 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Our part could be fixed by us. Let's fix it now. > > Lauri made patch for unseeded mt_rand(). I'll prepare patch that allows > int array > initialization for mt_srand() so that whole state buffer can be > initialized as user specifies. > > void mt_srand(int|array $seed) > > where $seed could be > > $seed = [123456789, 987654321, ....]; // Up to max size of state buffer > > It can be said current mt_rand() is good enough for the purpose. I totally > agree with this. > However, I cannot agree that current mt_rand() implementation is > ideal/what it should be. > Seed is very important for PRNG and current seeding code/behavior has other issues. First issue is: 1) PHP does not care if seed is done by "user" or "system"(lcg random now). 2) If user seed by mt_srand(1234), then the seed is outstanding for mt_rand()/rand() calls across requests. Most users would expect "random seeding" when there is no mt_srand()/srand() in current execution while currently is not. I think of 2 choices to fix this behavior: 1) Set BG(mt_rand_is_seeded) = 0 by RINIT always and force to reseed by system when it is applicable. 2) Add new BG(mt_rand_is_user_seeded) flag if it is 1, BG(mt_rand_is_seeded) = 0 by RINIT. (A little efficient than 1) Thoughts? In addition to previous issue, rand()/srand() is alias of mt_rand()/mt_srand() now. Most developers expect rand() and mt_rand() as unrelated PRNG and may write following code srand(1234); $rnd = rand(); // We need the same rand() for XXX Somewhere in other code in the same app, $rnd = mt_rand(); // We need hard to predict non CS purpose random here. Obviously, the mt_rand() call is not random at all. This affects all of MT rand usage such as shuffle(), etc. Instead of sharing the same MT rand state, it may be better to have dedicated state for rand()/srand() at least. There are few functions use MT rand like shuffle(), but I would like to avoid to allocate state buffers for each MT rand usage. One possible resolution may be adding reseed flag to srand()/mt_srand(). // Force system reseeding srand(TRUE); mt_srand(TRUE); then users may be used as follows // Need randomness that is not affected by other parts of codes. i.e. srand(123)/mt_rand(123) somewhere else. mt_srand(TRUE); shuffle($my_random_array); I don't like this idea myself. I don't like seeding flag for shuffle()/etc neither. Writing code is easy, but this issue is not easy to fix. Any better ideas? Regards, -- Yasuo Ohgaki yohg...@ohgaki.net