random: Optimize Randomizer::getBytes() (#15228)

This patch greatly improves the performance for the common case of using a
64-bit engine and requesting a length that is a multiple of 8.

random: Optimize Randomizer::getBytes() (#15228)

This patch greatly improves the performance for the common case of using a
64-bit engine and requesting a length that is a multiple of 8.

It does so by providing a fast path that will just `memcpy()` (which will be
optimized out) the returned uint64_t directly into the output buffer,
byteswapping it for big endian architectures.

The existing byte-wise copying logic was mostly left alone. It only received an
optimization of the shifting and masking that was previously applied to
`Randomizer::getBytesFromString()` in 1fc2ddc9966ab0951183db22ae140a8ee2691401.

Co-authored-by: Saki Takamachi <saki@php.net>

show more ...

random: Remove engine_combinedlcg.c (#15216)

The standalone engine cannot be usefully used for any other purpose. Remove it
and inline the implementation into the `php_combined_lcg()` fu

random: Remove engine_combinedlcg.c (#15216)

The standalone engine cannot be usefully used for any other purpose. Remove it
and inline the implementation into the `php_combined_lcg()` function.

show more ...

Fix GH-15094: php_random_default_engine() is not C++ conforming

Using compound literals is conforming to C99 (and up), but not with any
C++ standard. Since the code is in a public heade

Fix GH-15094: php_random_default_engine() is not C++ conforming

Using compound literals is conforming to C99 (and up), but not with any
C++ standard. Since the code is in a public header, it might be used
by C++ extensions. Unfortunately, we cannot even used designated
initializers, because these are a C++20 feature, so we stick with
classic C/C++ code.

Closes GH-15100.

show more ...

Add zend_random_bytes(), zend_random_bytes_insecure() functions (#14054)

Co-authored-by: Tim Düsterhus <tim@bastelstu.be>

random: Make php_random_bytes() useable early during engine startup (#14291)

php_random_bytes() can now be used before RANDOM_G() is initialized

random: Remove internal aliases for the global Mt19937 functionality (#14314)

* random: Remove `php_rand()`

This effectively is just a slim wrapper around `(zend_long)php_mt_rand()`

random: Remove internal aliases for the global Mt19937 functionality (#14314)

* random: Remove `php_rand()`

This effectively is just a slim wrapper around `(zend_long)php_mt_rand()`. It
is not compatible between 32-bit and 64-bit builds of PHP, due to the use of
`zend_long`, which may result in negative integersbeing returned on 32-bit
platforms, whereas 64-bit platforms will be compatible with `php_mt_rand()`. An
example would be the `0` seed, which emits 2357136044 on 64-bit platforms and
-1937831252 on 32-bit platforms.

Users of `php_rand()` should ideally migrate to one of the more modern engines,
with extension-specific state. If drop-in compatibility is desired, they can
just cast the result of `php_mt_rand()`. But providing it out of the box does
not provide a value-add and is potentially dangerous.

* random: Remove `php_srand()`

With `php_rand()` gone, preserving its companion `php_srand()` is just
confusing. The same recommendations apply: Migrate to a modern engine if
possible and just call `php_mt_srand()` with an appropriately casted input.

* random: Remove `PHP_RAND_MAX` and `RAND_MAX`

These are the companions to `php_rand()`, which was removed in a previous
commit.

Generally speaking the maximum returnable value is not particularly useful
anyways. Attempting it to create a random float by dividing the returned
integer by the maximum value would result in a bias if the maximum value would
be larger than 2**53 and even for that case, the various `range()` helpers
allow to easily retrieve a uniformly distributed integer from a suitable range.

* UPGRADING.INTERNALS

show more ...

random: Improve the output quality of RANDOM_SEED() (#13730)

* random: Improve the output quality of RANDOM_SEED()

Previously 4 consecutive calls to `RANDOM_SEED()` each for 4 diffe

random: Improve the output quality of RANDOM_SEED() (#13730)

* random: Improve the output quality of RANDOM_SEED()

Previously 4 consecutive calls to `RANDOM_SEED()` each for 4 different CLI
requests resulted in:

$ sapi/cli/php test.php
2c13e9fde9caa
2c13e9fd1d6b0
2c13e9fd4de34
2c13e9fd1610e
$ sapi/cli/php test.php
2c1436764fe07
2c14367621770
2c143676c0bf6
2c143676e02f5
$ sapi/cli/php test.php
2c144995a0626
2c14499590fe2
2c144995c65db
2c14499536833
$ sapi/cli/php test.php
2c145cb30860b
2c145cb3ec027
2c145cb33b4ca
2c145cb38ff63

Now they result in:

$ sapi/cli/php test.php
6796973ace1b5f3d
1913daf5c158cb4b
255dbf24237bc8c9
7c3ba22e60f35196
$ sapi/cli/php test.php
afb7cc9ba9819cd2
3e01a71b91ad020c
6b718364d3ef108
bdcd17beeb4b31d2
$ sapi/cli/php test.php
53d36eb9b83f8788
4381c85e816187aa
2e9b32ee9898e71e
31d15c946842bddb
$ sapi/cli/php test.php
2037a3cba88114b4
ba0b0d93a9bb43aa
e13d82d2421269e2
191de474f3292240

* tree-wide: Replace GENERATE_SEED() by php_random_generate_fallback_seed()

* random: Fix NTS build

* random: Fix Windows build

show more ...

random: Convert `RANDOM_SEED()` from a macro to a function (#13575)

* random: Convert `RANDOM_SEED()` from a macro to a function

* random: Fix GENERATE_SEED()'s prototype

random: Clean Up the Mt19937 state struct (#13577)

* random: Make Mt19937's `mode` field an enum

* random: Reorder the `php_random_status_state_mt19937` struct

Empirical te

random: Clean Up the Mt19937 state struct (#13577)

* random: Make Mt19937's `mode` field an enum

* random: Reorder the `php_random_status_state_mt19937` struct

Empirical testing did not show any differences in performance, but it makes
sense to me to put the `count` field (which is accessed for every invocation of
Mt19937) at the beginning of the struct, keeping it near the values from the
state array that are returned first, resulting in only a single cache line load
if only a small amount of numbers are requested.

It naturally follows to also put the `mode` field there and move the
humongous state array to the end.

* random: Remove the `MT_N` constant

`MT_N` is an awfully generic name that bleeds into every file including
`php_random.h`. As it's an implementation detail, remove it entirely to keep
`php_random.h` clean.

To prevent the state struct from diverging from the implementation, the size of
the state vector is statically verified. Furthermore there are phpt tests
verifying the Mt19937 output across a reload, revealing when the state vector
is reloaded too early or too late.

show more ...

random: Embed the Mt19937 and CombinedLCG state within the module globals (#13579)

These are always dynamically allocated in GINIT, thus always take up memory. By
embedding them here we

random: Embed the Mt19937 and CombinedLCG state within the module globals (#13579)

These are always dynamically allocated in GINIT, thus always take up memory. By
embedding them here we can avoid the dynamic allocation and additional pointer
indirection accessing them.

The test script:

<?php
for ($i = 0; $i < 9999999; $i++) mt_rand(1, 100);

Appears to run slightly faster with this change applied: Before this change it
always ran in just over 3 seconds, after this change I was also seeing times
below 3 seconds. Howver results are too close and too jittery to state this
performance improvement as a fact.

show more ...

random: Clean up seeding API (#13540)

* random: Expose xoshiro256**'s seeding functions

* random: Expose pcgoneseq128xslrr64's seeding functions

* random: Expose Mt19937's

random: Clean up seeding API (#13540)

* random: Expose xoshiro256**'s seeding functions

* random: Expose pcgoneseq128xslrr64's seeding functions

* random: Expose Mt19937's seeding functions

* random: Expose CombinedLCG's seeding functions

* random: Call php_random_mt19937_seed32 to seed the global Mt19937

This avoids the function pointer indirection and improves type safety.

* random: NULL the generic seeding function

Different engines work quite differently, it is not useful to attempt to seed
them in a generic way using a 64 bit integer. As an example Mt19937 completely
ignores the upper 32 bits.

* random: Remove the `seed` member from `php_random_algo`

See the explanation in the previous commit for the reasoning. This member is
unused since the previous commit and was not consistently available even before
that (specifically for the Secure engine).

* UPGRADING.INTERNALS

* random: Remove useless cast in `php_mt_srand()`

show more ...

random: Adjust `status` to `state` (#13521)

* random: Rename `status` local to `state`

* random: Rename `php_random_algo_with_state`'s `status` member to `state`

random: Pass algorithm and state together as `php_random_algo_with_state` (#13350)

* random: Remove `php_random_status`

Since 162e1dce9870168cb8c65c013f2b5a510b6536b1, the `php_rand

random: Pass algorithm and state together as `php_random_algo_with_state` (#13350)

* random: Remove `php_random_status`

Since 162e1dce9870168cb8c65c013f2b5a510b6536b1, the `php_random_status` struct
contains just a single `void*`, resulting in needless indirection when
accessing the engine state and thus decreasing readability because of the
additional non-meaningful `->state` references / the local helper variables.

There is also a small, but measurable performance benefit:

<?php
$e = new Random\Engine\Xoshiro256StarStar(0);
$r = new Random\Randomizer($e);

for ($i = 0; $i < 15; $i++)
var_dump(strlen($r->getBytes(100000000)));

goes from roughly 3.85s down to 3.60s.

The names of the `status` variables have not yet been touched to keep the diff
small. They will be renamed to the more appropriate `state` in a follow-up
cleanup commit.

* Introduce `php_random_algo_with_state`

show more ...

random: Move CSPRNG API into php_random_csprng.h (#13290)

This allows consumers of just the CSPRNG to include a much smaller header. It
also allows to verify at a glance whether a source

random: Move CSPRNG API into php_random_csprng.h (#13290)

This allows consumers of just the CSPRNG to include a much smaller header. It
also allows to verify at a glance whether a source file might use non-secure
randomness.

This commit includes the new header wherever the CSPRNG is used, possibly
replacing the inclusion of php_random.h if nothing else is used, but also
includes it in the main php_random.h header for compatibility.

Somewhat related to 45f8cfaf104f504340b0073b9736bb50a88d70a1,
2b30f18708b4f73d2c1d29d3a92a606ebdc5ac4c, and
b14dd85dca3b67a5462f5ed9b6aa0dc22beb615c.

show more ...

random: Split the uint128 implementation into its own header (#13132)

The implementation of `php_random_uint128_*` exists specifically for
pcgoneseq128xslrr66 and takes up a third of php

random: Split the uint128 implementation into its own header (#13132)

The implementation of `php_random_uint128_*` exists specifically for
pcgoneseq128xslrr66 and takes up a third of php_random.h. Split it into its own
header to keep php_random.h focused on the functionality directly related to
randomness.

show more ...

random: Optimize data flow for the `generate` function of native engines (#13043)

Instead of returning the generated `uint64_t` and providing the size (i.e. the
number of bytes of the ge

random: Optimize data flow for the `generate` function of native engines (#13043)

Instead of returning the generated `uint64_t` and providing the size (i.e. the
number of bytes of the generated value) out-of-band via the
`last_generated_size` member of the `php_random_status` struct, the `generate`
function is now expected to return a new `php_random_result` struct containing
both the `size` and the `result`.

This has two benefits, one for the developer:

It's no longer possible to forget setting `last_generated_size` to the correct
value, because it now happens at the time of returning from the function.

and the other benefit is for performance:

The `php_random_result` struct will be returned as a register pair, thus the
`size` will be directly available without reloading it from main memory.

Checking a simplified version of `php_random_range64()` on Compiler Explorer
(“Godbolt”) with clang 17 shows a single change in the resulting assembly
showcasing the improvement (https://godbolt.org/z/G4WjdYxqx):

- add rbp, qword ptr [r14]
+ add rbp, rdx

Empirical testing confirms a measurable performance increase for the
`Randomizer::getBytes()` method:

<?php
$e = new Random\Engine\Xoshiro256StarStar(0);
$r = new Random\Randomizer($e);

var_dump(strlen($r->getBytes(100000000)));

goes from 250ms (before the change) to 220ms (after the change). While
generating 100 MB of random data certainly is not the most common use case, it
confirms the theoretical improvement in practice.

show more ...

random: Remove RAND_RANGE_BADSCALING (#12374)

This macro is no longer used within php-src since
60ace13f9c5e2828bfa1c177479039f6abbd4319, it invokes undefined behavior
depending on t

random: Remove RAND_RANGE_BADSCALING (#12374)

This macro is no longer used within php-src since
60ace13f9c5e2828bfa1c177479039f6abbd4319, it invokes undefined behavior
depending on the input and the corresponding MT_RAND_PHP mode was deprecated in
PHP 8.3.

Thus remove this macro. Any remaining non-php-src user should just inline it
into their code, but should ideally migrate to a non-biased scaler. In any case
the undefined behavior of the original implementation should be accounted for.

show more ...

Remove includes

Merge branch 'PHP-8.2'

* PHP-8.2:
Fix undefined behaviour in GENERATE_SEED()
Fix undefined behaviour when writing 32-bit values in phar/tar.c

Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
Fix undefined behaviour in GENERATE_SEED()
Fix undefined behaviour when writing 32-bit values in phar/tar.c

Merge branch 'PHP-8.2'

* PHP-8.2:
random: Add missing `php.h` include to php_random.h (#10764)

random: Add missing `php.h` include to php_random.h (#10764)

`PHPAPI` is defined in `php.h`. It appears that without the explicit include,
recent versions of Visual Studio Code’s intelli

random: Add missing `php.h` include to php_random.h (#10764)

`PHPAPI` is defined in `php.h`. It appears that without the explicit include,
recent versions of Visual Studio Code’s intellisense (rightfully) no longer
detect `PHPAPI`. This will then lead to a misparsing of the file, because
`PHPAPI` is assumed to be the return type and the actual return type is assumed
to be the function name, thus expecting a semicolon after the actual return
type. This in turn colors the entire header in red due to the detected syntax
error(s), making development very hard / impossible.

This did not cause issues outside of the IDE use case, because apparently all
users of `php_random.h` include `php.h` before including `php_random.h`.

show more ...

random: Convert `php_random_(bytes|int)_(silent|throw)` into inline functions (#10763)

Compared to macros, inline functions are more robust and easier to debug.

Also, use true/false

random: Convert `php_random_(bytes|int)_(silent|throw)` into inline functions (#10763)

Compared to macros, inline functions are more robust and easier to debug.

Also, use true/false at the same time instead of 1 and 0.

show more ...

random: Fix return type of php_random_(bytes|int) (#10687)

These return a `zend_result`, not `int`.

Add Randomizer::nextFloat() and Randomizer::getFloat() (#9679)

* random: Add Randomizer::nextFloat()

* random: Check that doubles are IEEE-754 in Randomizer::nextFloat()

*

Add Randomizer::nextFloat() and Randomizer::getFloat() (#9679)

* random: Add Randomizer::nextFloat()

* random: Check that doubles are IEEE-754 in Randomizer::nextFloat()

* random: Add Randomizer::nextFloat() tests

* random: Add Randomizer::getFloat() implementing the y-section algorithm

The algorithm is published in:

Drawing Random Floating-Point Numbers from an Interval. Frédéric
Goualard, ACM Trans. Model. Comput. Simul., 32:3, 2022.
https://doi.org/10.1145/3503512

* random: Implement getFloat_gamma() optimization

see https://github.com/php/php-src/pull/9679/files#r994668327

* random: Add Random\IntervalBoundary

* random: Split the implementation of γ-section into its own file

* random: Add tests for Randomizer::getFloat()

* random: Fix γ-section for 32-bit systems

* random: Replace check for __STDC_IEC_559__ by compile-time check for DBL_MANT_DIG

* random: Drop nextFloat_spacing.phpt

* random: Optimize Randomizer::getFloat() implementation

* random: Reject non-finite parameters in Randomizer::getFloat()

* random: Add NEWS/UPGRADING for Randomizer’s float functionality

show more ...