Should `from_seed` return a `Result`?

dhardy / rand

http://doc.rust-lang.org/rand

Other

2 stars 2 forks source link

Should `from_seed` return a `Result`? #67

Closed dhardy closed 6 years ago

dhardy commented 6 years ago

    fn from_seed(seed: Self::Seed) -> Self; // Result<Self, _> ?

For:

Some PRNGs cannot use certain seeds (e.g. Xorshift with 0); this gives a proper way of handling the issue

Against:

Another thing to unwrap or implement crude handling for in test code and code using fixed seeds

Alternatives:

Panic. This is what Xorshift does now but is for several uses bad.
Use a different (fixed) seed instead. This makes one (or some) seed(s) twice as likely as others, but given 64-bit or especially 128-bit seeds the chance is insignificant. More significantly it could mask bad code (always or often using zero), but we shouldn't rely on the PRNG for this anyway (after all some PRNGs accept all seeds).

I think mapping bad seeds to different fixed seeds is probably the best option (GSL does this).

Are there any other reasons seeding may fail? Since the seed passed to the function is a simple byte array, probably not (from_rng returns a Result primarily because the RNG may fail).

burdges commented 6 years ago

No Result. Individual Rngs should panic or replace bad seeds as they deem appropriate. Ideally, the documentation should cover any important consequences, but I'd think Xorshift's warnings not to use it for anything security related already suffices, not sure if it needs any warning for numerical users.

dhardy commented 6 years ago

Heh, I don't see why it matters significantly for either application actually. But panics should be avoided if reasonably possibly IMO.

pitdicker commented 6 years ago

Also 👍 for replacing an invalid seed like 0 with some other integer if necessary. I also went this route with my experiments with the previous idea of seed_from_u64.

Just to be clear, this problem only applies only to some small RNG's, not for cryptographic RNG's. Being able to work well with every possible seed is basically a requirement for them, otherwise they would leak details about the seed or internal state.

For small RNG's replacing the seed seems more in line with how they are used: all kinds of situations where random numbers should 'just work'. Especially when using manual seeding methods like from_seed and from_hashable. At most the results should be reproducible.

I propose 0x0DDB1A5E5BAD5EED ("odd biases? bad seed") as a standard replacement 😄. Or 0xBAD5EED for u32. They do not have a great ratio of 1 to 0 bits though, 38:26 and 19:13. But much better than 0:64.

Lokathor commented 6 years ago

If a bad seed comes in, replace with a known-good seed. Picking a seed that says something funny in hex is a plus.

Instead of Result we could use Option, since I'm not sure there's some great diversity of error messages anyway (And the docs on the generator would explain what None means for that generator).

Absolutely don't panic.