On Tue, Feb 23, 2016 at 5:41 PM, Yasuo Ohgaki wrote:
Hi all,
On Tue, Feb 23, 2016 at 6:30 AM, Yasuo Ohgaki wrote:

We have issue on pseudo random generators generates only odd/even


We should raise E_WARNING/E_NOTICE if user supplies random number
range that generated random number cannot be random at least.
Patch for rand/mt_rand.

It seems we need more reliable(fool proof) pseudo random generator.
Anyone working on this?

We may extends rand()/mt_rand() so that they work with larger range by
calling random generators multiple times. If this is implemented, the
patch raises errors is not required. mt_rand() extension breaks compatibility
with other MT rand implementations, but we already broke it. Therefore, it
should not matter. (This was the reason why mt_rand() wasn't made to support
64bit int, IIRC)

IMO, we should provide better pseudo random generators than now.

Any comments?
This is edge case that produces odd/even numbers only.
This is the worst case. Current implementation uses 32bit int for
generating random numbers and any number exceeds the range could be
biased because the result is computed by RAND_RANGE() which uses
double for arithmetic. PHP allows huge min/max without any
warning/error under 64bit OS.

Limiting range can prevent this and we can be sure rand()/mt_rand()
produce the same random numbers on both 32/64 bit platform. (If rand()
uses the same algorithm, of course)
Valid range is limited to 2^31 according to current implementation.

Actual range could be determined by PHP_RAND_MAX/PHP_MT_RAND_MAX, but
I heard Windows' PHP_RAND_MAX is only 2^15. Is this correct? I don't
prefer to have strict range error for these systems. I'll write patch
that does not raise warning for smaller PHP_RAND_MAX. It's unreliable
pseudo random generator anyway. It should not matter much.

Any comments for adding out of range warnings to rand()/mt_rand()? If
nobody has comment on this, I'll write RFC for additional warnings.
Anyone prefer to extend rand()/mt_rand() for 64bit OSes?
Thing is the MT algorithm may not be design to do that, at all but was
designed for 32-bit integers. I won't be in favor of changing (again)
the implementation without any safety about the results (safety means
compliance or be even more different from the MT algorithms).

Adding warning when the given ranges are out of bounds sound good, and
reduce them within the maximum range.

I joined the other person proposing not to change anything else in our
MT implementation as there is little to no benefit.

If we need pure implementation of one pseudo RNG or another, we can
provide new implementations. But changing again this one may bring
more troubles than what we are trying to solve.


@pierrejoye | http://www.libgd.org

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 8 of 17 | next ›
Discussion Overview
groupphp-internals @
postedFeb 22, '16 at 9:31p
activeFeb 24, '16 at 10:10p



site design / logo © 2019 Grokbase