PHP :: Request #66728 :: gmp_random is obsolete, switch to gmp

gmp_random is obsolete, switch to gmp_urandomm

Submitted:

2014-02-17 20:52 UTC

Modified:

2016-03-27 11:36 UTC

Votes:	2
Avg. Score:	4.5 ± 0.5
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

asphp at dsgml dot com

Assigned:

nikic (profile)

Status:

Closed

Package:

GNU MP related

PHP Version:

Irrelevant

OS:

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 44 - 29 = ?
Subscribe to this entry?

[2014-02-17 20:52 UTC] asphp at dsgml dot com

Description:
------------
According to the docs mpz_random (i.e. gmp_random) is obsolete. It's also pretty useless since it returns digits in an undefined range.

Instead switch to mpz_urandomm which lets you specify the max directly.

PHP could either expose it as is and let people subtract to get the min, or PHP could make it easier and let people specify a min and max.

PHP could require that people manually initialize the random state, or just go ahead and do it for them with gmp_randinit_mt.

Also once this is a done a PHP warning should be emitted for use of gmp_random.

See: https://gmplib.org/manual/Integer-Random-Numbers.html

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-09-24 20:51 UTC] rainer dot jung at kippdata dot de

IMHO this issue can be closed: starting with PHP 5.6 there is gmp_random_range() which uses mpz_urandomm() and the old gmp_random() uses mpz_urandomb(). Both should be fine.

[2016-03-26 11:23 UTC] nikic@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic

[2016-03-26 11:23 UTC] nikic@php.net

Closing per previous comment.

[2016-03-27 03:40 UTC] asphp at dsgml dot com

I'm not sure this should be closed.

The gmp_random function is very confusing and basically useless.

The documentation says:

The number will be between zero and the number of bits per limb multiplied by limiter.

But the code actually uses mpz_urandomb which states:

 0 to 2^n-1, inclusive.

And the code does:

limiter * GMP_LIMB_BITS

So you end up with:

2^(limiter * GMP_LIMB_BITS) which is enormous and worse doesn't match the documentation.

The code for the function should stop multiplying by GMP_LIMB_BITS and the documentation should be updated to say it's simply 2^n.

[2016-03-27 03:44 UTC] asphp at dsgml dot com

It seems to me that actually gmp_random should be removed.

gmp_random_bits() does the 2^n, and gmp_random_range() does a regular range.

gmp_random does nothing of any value at all.

See also bug: #62375 - gmp_random does actually use that constant.

[2016-03-27 11:36 UTC] nikic@php.net

To clarify, I closed this issue because PHP 5.6 introduced gmp_random_bits() and gmp_random_range(), which supersede the gmp_random() function.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 07:01:29 2024 UTC