search

clang-randstruct / llvm-project

Randomize the order of fields in a structure layout as a compile-time hardening feature
3 stars 1 forks source link

Use alternative source of randomness #44

Open connorkuehl opened 5 years ago

connorkuehl commented 5 years ago

Per this comment on our RFC

default_random_engine and shuffle are insufficient since they're implementation-defined.

Maybe LLVM's got a randomness implementation in their development kit or we need to find some alternative with a compatible license.

tim-pugh commented 5 years ago

https://clang.llvm.org/docs/Toolchain.html

I think if we build the entire toolchain perhaps we can use their implementation:

https://github.com/clang-randstruct/llvm-project/blob/develop/libcxx/include/random

I'm familiar with building the full toolchain but I suspect the build will increase by a huge factor, so be prepared

tim-pugh commented 5 years ago

From what I've read specifying a specific algorithm should do the trick as opposed to relying on a default one

mt19937_64 looks to be a good fit

http://www.cplusplus.com/reference/random/mt19937_64/

tim-pugh commented 5 years ago

The PR for swapping to default_random_engine to mt19937_64 has been merged.

What remains is moving away from shuffle to a different implementation.