From: qwx@sciops.net
To: 9front@9front.org
Subject: Re: [9front] [PATCH] libc: replace lrand's algorithm
Date: Wed, 03 Apr 2024 11:07:22 +0200 [thread overview]
Message-ID: <E83818F9683BE7AFFF0F3ABD01A7DF2B@wopr.sciops.net> (raw)
In-Reply-To: <24YLTYTO4Q79Z.243QVQUY1V3P5@e55-lap.my.domain>
On Tue Apr 2 16:38:36 +0200 2024, eolien55@disroot.org wrote:
> qwx@sciops.net wrote:
> > I like the idea of simplifying the tree and deleting some code,
> > but keep in mind that the xoroshiro128+ variant is what is
> > exposed by /dev/random via truerand(2).
>
> That's not quite it. What is exposed by /dev/random is actually
> a Chacha-based CSPRNG. truerand(2) is a cryptographic PRNG.
Ah, my bad, sorry.
> However, the kernel itself (via tcp, ip, sdp, esp...) uses
> a non-cryptographic PRNG (in nrand and rand calls, in the
> kernel). The kernel's PRNG was changed to xoroshiro128+
> in 10275ad6dd2. I believe it would make sense to either
> change libc's lrand to xoroshiro128+ too, or to change
> them both at the same time.
[...]
> > Most people are
> > uninsterested in a change here because of the dichotomy between
> > rand and truerand, the negligeable performance impact, etc.,
> > and beyond this, it gets into "this is like, my opinion man"
> > territory. I wouldn't mind replacing libc's lrand with a PCG
> > variant also exposing a 64bit version, which we don't have, if
> > it indeed also improves the statistical properties of the prng.
> > But that's like, my opinion man.
>
> Well, this is feasible. Both PCG and xoroshiro require 128 bits
> of state for a 64-bit output. kernel's implementation simulates
> 128-bits operations using 2 64-bit integers. It should be feasible
> to implement a PC64 with the same approach, or to implement
> xoroshiro128+ (or another variant, for statistical quality of the
> lower bits).
>
> I understand the change here is highly subjective, and has
> negligible performance impact (except for seeding/re-seeding).
> I still believe we could, and should, implement a better PRNG
> for libc. Kernel's PRNG has changed; why not libc's?
>
> I found (rand()<<16) + rand() in kernel's devsdp, which is
> strange considering lrand already has 32 bits of output. I
> think this should be considered a bug.
I think at this point it would be better to look at a patch, with the
changes mentioned after the first post, and a sweep through the other
implementations. There are some odd occurrences as you found; libc's
frand() is also somewhat suspect but will likely need to change if
lrand() does. We need a 16bit, 32bit, floating point, and possibly
64bit variant; this will clean up some code and remove some
redundancies which is always nice. Perhaps take the extreme route and
do *all* of the changes you'd like to see, so we could more easily
discuss each case. We then need to check if there's a performance
impact on non-amd64 arches. For xoroshiro128+ vs. pcg I'd be
interested to know if there's any significant difference between the
two in statistical properties and performance; if we make a change,
it'd be nice to pick the best alternative and make it once and for
all. Code size and simplicity also counts. Is there any other
variant that should be assessed?
> > I agree, though again, I don't know what the impact of such
> > a change would be.
>
> Arguably, very negligible. Both use random tests, and quality is
> somewhat important in these context. A little more than in, say,
> fortune(1), but way less than in tls(3). However, venti's randtest
> uses a hard-coded PRNG instead of libc's.
>
> Cheers,
> Elie Le Vaillant
In that case, I wouldn't touch venti either. There are at least two
projects for replacing venti with a new implementation; imo any such
changes should be made there.
Cheers,
qwx
next prev parent reply other threads:[~2024-04-03 9:09 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-29 8:19 Eolien55
2024-03-29 12:39 ` qwx
2024-03-29 16:02 ` Eolien55
2024-04-01 15:47 ` qwx
2024-04-02 14:37 ` Eolien55
2024-04-02 14:52 ` Stanley Lieber
2024-04-02 20:18 ` Eolien55
2024-04-03 9:07 ` qwx [this message]
2024-04-03 19:50 ` Ori Bernstein
2024-04-03 19:54 ` Ori Bernstein
2024-04-04 21:00 ` Eolien55
2024-04-20 12:46 ` cinap_lenrek
2024-04-20 12:58 ` cinap_lenrek
2024-04-20 13:01 ` cinap_lenrek
-- strict thread matches above, loose matches on Subject: below --
2024-03-29 8:15 Eolien55
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E83818F9683BE7AFFF0F3ABD01A7DF2B@wopr.sciops.net \
--to=qwx@sciops.net \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).