-
Notifications
You must be signed in to change notification settings - Fork 432
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crate refactor #161
Crate refactor #161
Conversation
README.md
Outdated
use rand::thread_rng; | ||
|
||
let x: u32 = thread_rng().next_u32(); | ||
println!("{}", u32) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
println!("{}", x)
src/dist/default.rs
Outdated
|
||
use Rng; | ||
use dist::Distribution; | ||
use dist::uniform::{SampleUniform, /*SampleUniform01,*/ codepoint}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what's the purpose of this comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To avoid an unused item warning (see FIXME further down)
Why is |
src/sequence.rs
Outdated
/// println!("{:?}", choices[..].choose(&mut rng)); | ||
/// assert_eq!(choices[..0].choose(&mut rng), None); | ||
/// ``` | ||
fn choose<R: Rng>(self, rng: &mut R) -> Option<T>; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
About dynamic dispatch: The new trait looks a lot better prepared for trait objects already. Wide use of <R: ?Sized + Rng>
through the crate should make it possible to use dynamic dispatch, it's just a major breaking change of Rand and other trait implementors, but if that's not an issue, we can do it.
(There's two ways to go about it, using R: ?Sized + Rng
with a &mut R
parameter or using R: Rng
and an R
parameter, both work the same way if you have a blanket implementation of Rng for &mut R where R: Rng
; I think the &mut R
parameter is just as good a choice, but the second form could make it easier if you have Rng "adaptors" or whatever..)
Either way, better usability of Rng from trait objects is something I've wished for, but it's not relevant for all use cases.
As someone not deeply invested in the differences between different random number generators & distributions and so forth, the way I want to use the rand crate is this:
This seems ot have removed both of these features, and its not clear how they were replaced. How do I prepare a random value of my type with this API? What was wrong with these two features? It would be helpful, with a huge change like this, to host the rustdoc output so users can easily see the API change. EDIT: To be a bit clearer, the main way I use rand is to create values when writing unit tests, for which I want a "reasonable default" source of randomness & to avoid thinking about it. |
@withoutboats The Rand trait and its derive seems like an independent part, that can easily be its own crate IMO |
It would be extremely silly for the rand crate to not include the trait for making random values of arbitrary types. Having some sort of sub-crate for just the generators might be fine, but the main crate "rand" should be the one-stop place for all of the common randomness needs. |
I'd also much rather prefer for the |
|
Sure, it's silly to toss out Rand from the rand crate, clearly, but it's an add-on concept that stands separately. The rng is the core. The current (The Rand in the proposal on internals could be better.) Edit: See, no |
Internals threads are a mess to read due to internals screwing up the browser's search functionality, but that proposal gives
|
I think it's unfortunate that we need to worry about RNGError in all cases. Some RNGs simply will never error, and it's a shame that they're having to take on that weight. Can we arrange things into RNGs that will sometimes error (I guess certain crypto RNGs?) and RNGs that will never error? |
Result<T, !>. Although it does need a bit of work to be a "solution".
…On Jul 31, 2017 4:16 AM, "Lokathor" ***@***.***> wrote:
I think it's unfortunate that we need to worry about RNGError in all
cases. Some RNGs simply will never error, and it's a shame that they're
having to take on that weight. Can we arrange things into RNGs that will
sometimes error (I guess certain crypto RNGs?) and RNGs that will never
error?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#161 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AApc0obZskdmb7_7BsKo_m7keY8TGnTJks5sTSrcgaJpZM4Om2-3>
.
|
Lots of comments, good... Thanks @bluss , I will look at dynamic dispatch.
It seems better from my POV to write a little more code to specify the distribution of each value when interacting with the generator.
|
@withoutboats yeah, I wanted to. Any suggestion how? |
I'd recommend just hosting it in a Github Pages repo https://pages.github.com/ |
Another issue : Is an associated Afaik, there are no Also, if I understand, we must keep the |
@burdges I am not an RNG expert, but I would expect most seedable RNGs that are not for cryptography to just never error out once they've been properly seeded. The seeding process might have a problem somehow, but once that works you've just got some state and some step function and that's it. What errors are left? I mean your number stream will loop, but that's not an error. I guess what I'm trying to get at is that the rand crate needs to support the idea that you get some tiny amount of entropy from the OS (say, one or two u64 values) and then you make your own generator and you run it as often as you want without ever talking to the OS about it again, and you just accept the fact that it'll loop eventually. You want this to program video games with. I think we all understand that "you can program video games with it" is one of the biggest drivers of a programming language's growth. |
I'd say even non-cryptographic random number generators should error rather than loop, provided their design permits detecting the loop, although not all designs permit this. We do want We could just add an |
I've said this elsewhere but I think the right solutions might be : |
Wait, I didn't notice the error part before?
Most PRNGs are pretty simple functions that won't error. Detecting a cycle isn't as simple as detecting the same output value because internal state is bigger than that; the only trivial way to do it would be to copy the entire internal state. But for games and simulators you wouldn't want it to error, because most of the time it wouldn't matter: the game/sim state would be quite different by this point, and likely the repeated values would get used for different things, so it wouldn't be noticeable. For scientific simulations it might be useful to get a warning when an RNG repeats itself, but that's about it. For me, making generators return a result is a complete no-go. If crypto people really want this, maybe there should be separate crypto and numeric generators — but that would be a huge pain with duplicate code (some generators maybe, some distributions), and randomised algorithms could probably work with either — except in a few cases predictable numbers in randomised algs might allow DoS attacks. Maybe what could work instead is a |
@bluss: There's two ways to go about it, using R: ?Sized + Rng with a &mut R parameter or using R: Rng and an R parameter ... I don't think they are equivalent: an On the other hand the |
This is reminding me of the Out Of Memory discussions happening elsewhere in the rust world lately. The "normal" case not wanting to be burdened with all the result checking that would come from being absolutely technically correct. I think that splitting things up probably is the best route
Then the I don't recall it getting much attention, but right now there's also a EDIT: Spelling I guess, whoops. |
I just copied As an aside, I doubt even all CSPRNGs error eventually, maybe even SHAKE fails that. We'll obviously want an Anyways.. You cannot create an infallable PRNG from a failable one @Lokathor except by panicing because the infallable PRNG cannot know how many times some probabilistic algorithm, like the Ziggurat used in every distribution, will call the failable PRNG. You'd damage the entropy pool by sucking out megabytes. In principle, you could've method that asks if the PRNG can provide enough output. In that way, a developer can give an upper bound on the entropy they require without consuming anything until needed. I suppose the trait might look like
so the About the only issue I forsee here would be if developers start writing |
@burdges please read this post on the internals thread about why user-space CSPRNGs are a bad idea and the side notes about how "available entropy" is at best a guess. By the way, fallible is spelt with an i... ... but I still prefer the design I mentioned earlier:
|
That's an unrelated conversation. Yes, user-space CSPRNGs used for many or unrelated tasks suck, but that irrelevant. CSPRNGs play an essential role in any protocol with commitments. Actually virtually every cryptographic protocol incorporates a CSPRNGs, namely its KDFs, usually it merely needs to convert non-uniform randomness into uniform randomness, but sometimes it needs much more. And sometimes it needs to sample non-uniform distributions, like anything lattice-base or anything that must generate an agreed upon delay (anonymity protocols). Anyway, the reason properly used CSPRNGs need to be recreated isn't to limit the quantity of output, but because they only serve a specific role where some protocol needs determinism. Also, if |
Anyways, if I understand, the worries over CSPRNGs mean Now backwards compatibility may require |
Yeah, I get that from the crypto perspective, RNGs should be able to return errors by default. But: can that be implemented without forcing numerical users using infallible RNGs to unwrap everywhere, and without significant overhead? Otherwise it seems very difficult to find a design without significant compromise from one point of view. Backwards compatibility isn't the issue; compatibility between these two types of RNG is. My proposal was to make fallible RNGs compatible with the (infallible) Anyway: I've implemented the new |
@burdges I think you misunderstood what I meant when I suggested that a @dhardy your updated docs show random as a top level function of the crate, but don't show the I'm not fully up on how the thread local storage works, but could |
That is kind of the goal here :-)
Rename `AsciiWordChar` and optimize `Codepoint`
Add HC-128 RNG
And a little cleanup around the init functions
Replace `convert_slice_{32,64}` with `read_u{32,64}_into`
Restrict the seed type to a few more array sizes
Make u128 range use widening multiply
* Move the check if it is time to reseed out of the `try_reseed_if_necessary` and make sure that function does not get inlined. * Invert the counter direction. This way we can compare against 0 instead of `self.threshold` * Doing the reseed check after generating a value turns out to be a bit faster.`
Also minor doc fix
Reseeding perf
This PR is not the way you want to merge the work from your branch, right? Do you want to keep it open? I get a mail for every commit that happens in https://github.com/dhardy/rand because of it 😄 |
Sorry, didn't realise I was spamming everyone via this PR! You're right, lets close this. |
This is a rough preview of what these RFCs may result in:
Current state in my repo
rustdoc for refactor
This is a major break-anything-I-like refactor of
rand
, in an attempt to fix a bunch of issues I and others have found. I don't expect it to be merged as-is, but hopefully a view of whatrand
could be will help answer questions about how it should be.There are a few bits unfinished (see TODO and FIXME); also some changes from other PRs should be integrated. Possibly there are a couple of things which could be cleaned up further. But mostly this is ready for review now.
Comments welcome. Each commit should be fairly clean with a low number of changes, but put together there are a lot of changes.