Edit

IABSD.fr/src/lib/libc/stdlib/random.c

Branch :

  • Show log

    Commit

  • Author : tb
    Date : 2017-11-28 06:55:49
    Hash : e34cb67c
    Message : GNU ld has prefixed the contents of .gnu.warning.SYMBOL sections with "warning: " since 2003, so the messages themselves need not contain the prefix anymore. From Scott Cheloha ok jca, deraadt

  • lib/libc/stdlib/random.c
  • /*	$OpenBSD: random.c,v 1.31 2017/11/28 06:55:49 tb Exp $ */
    /*
     * Copyright (c) 1983 Regents of the University of California.
     * All rights reserved.
     *
     * Redistribution and use in source and binary forms, with or without
     * modification, are permitted provided that the following conditions
     * are met:
     * 1. Redistributions of source code must retain the above copyright
     *    notice, this list of conditions and the following disclaimer.
     * 2. Redistributions in binary form must reproduce the above copyright
     *    notice, this list of conditions and the following disclaimer in the
     *    documentation and/or other materials provided with the distribution.
     * 3. Neither the name of the University nor the names of its contributors
     *    may be used to endorse or promote products derived from this software
     *    without specific prior written permission.
     *
     * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
     * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
     * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     * SUCH DAMAGE.
     */
    
    #include <fcntl.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    
    #include "thread_private.h"
    
    /*
     * random.c:
     *
     * An improved random number generation package.  In addition to the standard
     * rand()/srand() like interface, this package also has a special state info
     * interface.  The initstate() routine is called with a seed, an array of
     * bytes, and a count of how many bytes are being passed in; this array is
     * then initialized to contain information for random number generation with
     * that much state information.  Good sizes for the amount of state
     * information are 32, 64, 128, and 256 bytes.  The state can be switched by
     * calling the setstate() routine with the same array as was initiallized
     * with initstate().  By default, the package runs with 128 bytes of state
     * information and generates far better random numbers than a linear
     * congruential generator.  If the amount of state information is less than
     * 32 bytes, a simple linear congruential R.N.G. is used.
     *
     * Internally, the state information is treated as an array of int32_t; the
     * zeroeth element of the array is the type of R.N.G. being used (small
     * integer); the remainder of the array is the state information for the
     * R.N.G.  Thus, 32 bytes of state information will give 7 int32_ts worth of
     * state information, which will allow a degree seven polynomial.  (Note:
     * the zeroeth word of state information also has some other information
     * stored in it -- see setstate() for details).
     * 
     * The random number generation technique is a linear feedback shift register
     * approach, employing trinomials (since there are fewer terms to sum up that
     * way).  In this approach, the least significant bit of all the numbers in
     * the state table will act as a linear feedback shift register, and will
     * have period 2^deg - 1 (where deg is the degree of the polynomial being
     * used, assuming that the polynomial is irreducible and primitive).  The
     * higher order bits will have longer periods, since their values are also
     * influenced by pseudo-random carries out of the lower bits.  The total
     * period of the generator is approximately deg*(2**deg - 1); thus doubling
     * the amount of state information has a vast influence on the period of the
     * generator.  Note: the deg*(2**deg - 1) is an approximation only good for
     * large deg, when the period of the shift register is the dominant factor.
     * With deg equal to seven, the period is actually much longer than the
     * 7*(2**7 - 1) predicted by this formula.
     */
    
    /*
     * For each of the currently supported random number generators, we have a
     * break value on the amount of state information (you need at least this
     * many bytes of state info to support this random number generator), a degree
     * for the polynomial (actually a trinomial) that the R.N.G. is based on, and
     * the separation between the two lower order coefficients of the trinomial.
     */
    #define	TYPE_0		0		/* linear congruential */
    #define	BREAK_0		8
    #define	DEG_0		0
    #define	SEP_0		0
    
    #define	TYPE_1		1		/* x**7 + x**3 + 1 */
    #define	BREAK_1		32
    #define	DEG_1		7
    #define	SEP_1		3
    
    #define	TYPE_2		2		/* x**15 + x + 1 */
    #define	BREAK_2		64
    #define	DEG_2		15
    #define	SEP_2		1
    
    #define	TYPE_3		3		/* x**31 + x**3 + 1 */
    #define	BREAK_3		128
    #define	DEG_3		31
    #define	SEP_3		3
    
    #define	TYPE_4		4		/* x**63 + x + 1 */
    #define	BREAK_4		256
    #define	DEG_4		63
    #define	SEP_4		1
    
    /*
     * Array versions of the above information to make code run faster --
     * relies on fact that TYPE_i == i.
     */
    #define	MAX_TYPES	5		/* max number of types above */
    
    static int degrees[MAX_TYPES] =	{ DEG_0, DEG_1, DEG_2, DEG_3, DEG_4 };
    static int seps [MAX_TYPES] =	{ SEP_0, SEP_1, SEP_2, SEP_3, SEP_4 };
    
    /*
     * Initially, everything is set up as if from:
     *
     *	initstate(1, &randtbl, 128);
     *
     * Note that this initialization takes advantage of the fact that srandom()
     * advances the front and rear pointers 10*rand_deg times, and hence the
     * rear pointer which starts at 0 will also end up at zero; thus the zeroeth
     * element of the state information, which contains info about the current
     * position of the rear pointer is just
     *
     *	MAX_TYPES * (rptr - state) + TYPE_3 == TYPE_3.
     */
    
    static int32_t randtbl[DEG_3 + 1] = {
    	TYPE_3,
    	0x991539b1, 0x16a5bce3, 0x6774a4cd, 0x3e01511e, 0x4e508aaa, 0x61048c05, 
    	0xf5500617, 0x846b7115, 0x6a19892c, 0x896a97af, 0xdb48f936, 0x14898454, 
    	0x37ffd106, 0xb58bff9c, 0x59e17104, 0xcf918a49, 0x09378c83, 0x52c7a471, 
    	0x8d293ea9, 0x1f4fc301, 0xc3db71be, 0x39b44e1c, 0xf8a44ef9, 0x4c8b80b1, 
    	0x19edc328, 0x87bf4bdd, 0xc9b240e5, 0xe9ee4b1b, 0x4382aee7, 0x535b6b41, 
    	0xf3bec5da,
    };
    
    /*
     * fptr and rptr are two pointers into the state info, a front and a rear
     * pointer.  These two pointers are always rand_sep places aparts, as they
     * cycle cyclically through the state information.  (Yes, this does mean we
     * could get away with just one pointer, but the code for random() is more
     * efficient this way).  The pointers are left positioned as they would be
     * from the call
     *
     *	initstate(1, randtbl, 128);
     *
     * (The position of the rear pointer, rptr, is really 0 (as explained above
     * in the initialization of randtbl) because the state table pointer is set
     * to point to randtbl[1] (as explained below).
     */
    static int32_t *fptr = &randtbl[SEP_3 + 1];
    static int32_t *rptr = &randtbl[1];
    
    /*
     * The following things are the pointer to the state information table, the
     * type of the current generator, the degree of the current polynomial being
     * used, and the separation between the two pointers.  Note that for efficiency
     * of random(), we remember the first location of the state information, not
     * the zeroeth.  Hence it is valid to access state[-1], which is used to
     * store the type of the R.N.G.  Also, we remember the last location, since
     * this is more efficient than indexing every time to find the address of
     * the last element to see if the front and rear pointers have wrapped.
     */
    static int32_t *state = &randtbl[1];
    static int32_t *end_ptr = &randtbl[DEG_3 + 1];
    static int rand_type = TYPE_3;
    static int rand_deg = DEG_3;
    static int rand_sep = SEP_3;
    
    static int random_deterministic;
    
    static void *random_mutex;
    static long random_l(void);
    
    #define LOCK()		_MUTEX_LOCK(&random_mutex)
    #define UNLOCK()	_MUTEX_UNLOCK(&random_mutex)
    
    /*
     * srandom:
     *
     * Initialize the random number generator based on the given seed.  If the
     * type is the trivial no-state-information type, just remember the seed.
     * Otherwise, initializes state[] based on the given "seed" via a linear
     * congruential generator.  Then, the pointers are set to known locations
     * that are exactly rand_sep places apart.  Lastly, it cycles the state
     * information a given number of times to get rid of any initial dependencies
     * introduced by the L.C.R.N.G.  Note that the initialization of randtbl[]
     * for default usage relies on values produced by this routine.
     */
    static void
    srandom_l(unsigned int x)
    {
    	int i;
    	int32_t test;
    	div_t val;
    
    	random_deterministic = 1;
    	if (rand_type == TYPE_0)
    		state[0] = x;
    	else {
    		/* A seed of 0 would result in state[] always being zero. */
    		state[0] = x ? x : 1;
    		for (i = 1; i < rand_deg; i++) {
    			/*
    			 * Implement the following, without overflowing 31 bits:
    			 *
    			 *	state[i] = (16807 * state[i - 1]) % 2147483647;
    			 *
    			 *	2^31-1 (prime) = 2147483647 = 127773*16807+2836
    			 */
    			val = div(state[i-1], 127773);
    			test = 16807 * val.rem - 2836 * val.quot;
    			state[i] = test + (test < 0 ? 2147483647 : 0);
    		}
    		fptr = &state[rand_sep];
    		rptr = &state[0];
    		for (i = 0; i < 10 * rand_deg; i++)
    			(void)random_l();
    	}
    }
    
    void
    srandom(unsigned int x)
    {
    	random_deterministic = 0;
    }
    
    void
    srandomdev(void)
    {
    	random_deterministic = 0;	/* back to the default */
    }
    
    void
    srandom_deterministic(unsigned int x)
    {
    	LOCK();
    	srandom_l(x);
    	UNLOCK();
    }
    
    /*
     * initstate:
     *
     * Initialize the state information in the given array of n bytes for future
     * random number generation.  Based on the number of bytes we are given, and
     * the break values for the different R.N.G.'s, we choose the best (largest)
     * one we can and set things up for it.  srandom() is then called to
     * initialize the state information.
     * 
     * Note that on return from srandom(), we set state[-1] to be the type
     * multiplexed with the current value of the rear pointer; this is so
     * successive calls to initstate() won't lose this information and will be
     * able to restart with setstate().
     * 
     * Note: the first thing we do is save the current state, if any, just like
     * setstate() so that it doesn't matter when initstate is called.
     *
     * Returns a pointer to the old state.
     */
    char *
    initstate(u_int seed, char *arg_state, size_t n)
    {
    	char *ostate = (char *)(&state[-1]);
    
    	LOCK();
    	random_deterministic = 1;
    	if (rand_type == TYPE_0)
    		state[-1] = rand_type;
    	else
    		state[-1] = MAX_TYPES * (rptr - state) + rand_type;
    	if (n < BREAK_0) {
    		UNLOCK();
    		return(NULL);
    	}
    	if (n < BREAK_1) {
    		rand_type = TYPE_0;
    		rand_deg = DEG_0;
    		rand_sep = SEP_0;
    	} else if (n < BREAK_2) {
    		rand_type = TYPE_1;
    		rand_deg = DEG_1;
    		rand_sep = SEP_1;
    	} else if (n < BREAK_3) {
    		rand_type = TYPE_2;
    		rand_deg = DEG_2;
    		rand_sep = SEP_2;
    	} else if (n < BREAK_4) {
    		rand_type = TYPE_3;
    		rand_deg = DEG_3;
    		rand_sep = SEP_3;
    	} else {
    		rand_type = TYPE_4;
    		rand_deg = DEG_4;
    		rand_sep = SEP_4;
    	}
    	state = &(((int32_t *)arg_state)[1]);	/* first location */
    	end_ptr = &state[rand_deg];	/* must set end_ptr before srandom */
    	srandom_l(seed);
    	if (rand_type == TYPE_0)
    		state[-1] = rand_type;
    	else
    		state[-1] = MAX_TYPES*(rptr - state) + rand_type;
    	UNLOCK();
    	return(ostate);
    }
    
    /*
     * setstate:
     *
     * Restore the state from the given state array.
     *
     * Note: it is important that we also remember the locations of the pointers
     * in the current state information, and restore the locations of the pointers
     * from the old state information.  This is done by multiplexing the pointer
     * location into the zeroeth word of the state information.
     *
     * Note that due to the order in which things are done, it is OK to call
     * setstate() with the same state as the current state.
     *
     * Returns a pointer to the old state information.
     */
    char *
    setstate(char *arg_state)
    {
    	int32_t *new_state = (int32_t *)arg_state;
    	int32_t type = new_state[0] % MAX_TYPES;
    	int32_t rear = new_state[0] / MAX_TYPES;
    	char *ostate = (char *)(&state[-1]);
    
    	LOCK();
    	random_deterministic = 1;
    	if (rand_type == TYPE_0)
    		state[-1] = rand_type;
    	else
    		state[-1] = MAX_TYPES * (rptr - state) + rand_type;
    	switch(type) {
    	case TYPE_0:
    	case TYPE_1:
    	case TYPE_2:
    	case TYPE_3:
    	case TYPE_4:
    		rand_type = type;
    		rand_deg = degrees[type];
    		rand_sep = seps[type];
    		break;
    	default:
    		UNLOCK();
    		return(NULL);
    	}
    	state = &new_state[1];
    	if (rand_type != TYPE_0) {
    		rptr = &state[rear];
    		fptr = &state[(rear + rand_sep) % rand_deg];
    	}
    	end_ptr = &state[rand_deg];		/* set end_ptr too */
    	UNLOCK();
    	return(ostate);
    }
    
    /*
     * random:
     *
     * If we are using the trivial TYPE_0 R.N.G., just do the old linear
     * congruential bit.  Otherwise, we do our fancy trinomial stuff, which is
     * the same in all the other cases due to all the global variables that have
     * been set up.  The basic operation is to add the number at the rear pointer
     * into the one at the front pointer.  Then both pointers are advanced to
     * the next location cyclically in the table.  The value returned is the sum
     * generated, reduced to 31 bits by throwing away the "least random" low bit.
     *
     * Note: the code takes advantage of the fact that both the front and
     * rear pointers can't wrap on the same call by not testing the rear
     * pointer if the front one has wrapped.
     *
     * Returns a 31-bit random number.
     */
    static long
    random_l(void)
    {
    	int32_t i;
    
    	if (random_deterministic == 0)
    		return arc4random() & 0x7fffffff;
    
    	if (rand_type == TYPE_0)
    		i = state[0] = (state[0] * 1103515245 + 12345) & 0x7fffffff;
    	else {
    		*fptr += *rptr;
    		i = (*fptr >> 1) & 0x7fffffff;	/* chucking least random bit */
    		if (++fptr >= end_ptr) {
    			fptr = state;
    			++rptr;
    		} else if (++rptr >= end_ptr)
    			rptr = state;
    	}
    	return((long)i);
    }
    
    long
    random(void)
    {
    	long r;
    	LOCK();
    	r = random_l();
    	UNLOCK();
    	return r;
    }
    
    #if defined(APIWARN)
    __warn_references(random,
        "random() may return deterministic values, is that what you want?");
    #endif