[Issue 7067] std.random.RandomSample and RandomCover are poorly designed
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Mon Dec 5 21:28:35 PST 2011
http://d.puremagic.com/issues/show_bug.cgi?id=7067
--- Comment #2 from Andrei Alexandrescu <andrei at metalanguage.com> 2011-12-05 21:28:32 PST ---
(In reply to comment #0)
> The following tests will always fail:
>
> int[] a = [ 0, 1, 2, 3, 4, 5, 6, 7, 8 ];
> assert(!equal(randomCover(a, rndGen()), randomCover(a, rndGen())));
> assert(!equal(randomSample(a, 5, rndGen()), randomSample(a, 5, rndGen())));
Good point.
> The reason why these tests will fail is that both functions take the RNG by
> value.
>
> Not only is this unintuitive, this is also a security liability -
> someone depending on these functions to generate random identifiers can be
> surprised that two successive calls generate the same ID.
I think we can safely eliminate this argument from the discussion.
> I strongly suggest that RNG types are disallowed from being implicitly copied.
> Even though pseudo-random number generators shouldn't be used for security
> purposes, they're still likely to be used in such contexts - especially
> considering lack of better sources of random data in Phobos.
The problem with taking a random generator by reference is that it then needs
to be escaped. So people would be quite surprised to see that:
auto gen = rndGen;
return randomSample(a, 5, gen);
has undefined behavior.
One way or another we need to solve this, e.g. by creating a wrapper with
reference semantics over generators. Ideas are welcome.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
More information about the Digitalmars-d-bugs
mailing list