[Issue 7067] std.random.RandomSample and RandomCover are poorly designed

d-bugmail at puremagic.com d-bugmail at puremagic.com
Mon Dec 5 21:28:35 PST 2011


http://d.puremagic.com/issues/show_bug.cgi?id=7067



--- Comment #2 from Andrei Alexandrescu <andrei at metalanguage.com> 2011-12-05 21:28:32 PST ---
(In reply to comment #0)
> The following tests will always fail:
> 
>     int[] a = [ 0, 1, 2, 3, 4, 5, 6, 7, 8 ];
>     assert(!equal(randomCover(a, rndGen()), randomCover(a, rndGen())));
>     assert(!equal(randomSample(a, 5, rndGen()), randomSample(a, 5, rndGen())));

Good point.

> The reason why these tests will fail is that both functions take the RNG by
> value.
>
> Not only is this unintuitive, this is also a security liability -
> someone depending on these functions to generate random identifiers can be
> surprised that two successive calls generate the same ID.

I think we can safely eliminate this argument from the discussion.

> I strongly suggest that RNG types are disallowed from being implicitly copied.
> Even though pseudo-random number generators shouldn't be used for security
> purposes, they're still likely to be used in such contexts - especially
> considering lack of better sources of random data in Phobos.

The problem with taking a random generator by reference is that it then needs
to be escaped. So people would be quite surprised to see that:

auto gen = rndGen;
return randomSample(a, 5, gen);

has undefined behavior.

One way or another we need to solve this, e.g. by creating a wrapper with
reference semantics over generators. Ideas are welcome.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------


More information about the Digitalmars-d-bugs mailing list