[Issue 7067] New: std.random.RandomSample and RandomCover are poorly designed
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Mon Dec 5 04:00:30 PST 2011
http://d.puremagic.com/issues/show_bug.cgi?id=7067
Summary: std.random.RandomSample and RandomCover are poorly
designed
Product: D
Version: D2
Platform: Other
OS/Version: Windows
Status: NEW
Severity: normal
Priority: P2
Component: Phobos
AssignedTo: nobody at puremagic.com
ReportedBy: thecybershadow at gmail.com
CC: andrei at metalanguage.com
--- Comment #0 from Vladimir Panteleev <thecybershadow at gmail.com> 2011-12-05 04:00:22 PST ---
The following tests will always fail:
int[] a = [ 0, 1, 2, 3, 4, 5, 6, 7, 8 ];
assert(!equal(randomCover(a, rndGen()), randomCover(a, rndGen())));
assert(!equal(randomSample(a, 5, rndGen()), randomSample(a, 5, rndGen())));
The reason why these tests will fail is that both functions take the RNG by
value. Not only is this unintuitive, this is also a security liability -
someone depending on these functions to generate random identifiers can be
surprised that two successive calls generate the same ID.
I strongly suggest that RNG types are disallowed from being implicitly copied.
Even though pseudo-random number generators shouldn't be used for security
purposes, they're still likely to be used in such contexts - especially
considering lack of better sources of random data in Phobos.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
More information about the Digitalmars-d-bugs
mailing list