Stabilize RandomSource and DefaultRandomSource#157168
Conversation
joshtriplett
added
the
T-libs-api
rustbot
added
the
S-waiting-on-author
This comment has been minimized.
This comment has been minimized.
This provides enough of an interface for people to obtain random bytes. The `Distribution` trait and the `random` function remain unstable; those don't need to block stabilization of `RandomSource` and `DefaultRandomSource`. Similarly, this leaves a `fill_buf` function using `BorrowedCursor` as future work.
joshtriplett
force-pushed
the
stabilize-random-source
branch
from
18dd02e to
eb9d7c8
Compare
|
If it’s only the first call that can fail, could we put |
|
@jdahlstrom That would force every caller to deal with it, albeit only once. If we (in the future) provide a fallible |
|
I'm un-marking this as a draft. Based on experiments with As for |
rustbot
added
the
S-waiting-on-review
rustbot
removed
the
S-waiting-on-author
|
rustbot has assigned @Mark-Simulacrum. Use Why was this reviewer chosen?The reviewer was selected based on:
|
joshtriplett
added
I-libs-api-nominated
|
cc @dhardy @newpavlov (rand maintainers) |
6 participants
Stabilization report
This partial stabilization provides enough of an interface for people to obtain random bytes, which is a common need in the ecosystem, currently fulfilled via the
getrandomcrate.There have been many requests for a
fill_bytesinterface in the standard library. Per previous libs-api discussions,DefaultRandomSource.fill_bytescan serve that function, rather than adding a separate free function.🚲 Bikeshedding 🚲
We could call this
Rng/DefaultRngrather thanRandomSource/DefaultRandomSource.Alternatives and Future Work
Uninitialized buffers
We're likely to add a
fill_buffunction to fill aBorrowedCursor<'_, u8>. We can do so onceBorrowedBuf/BorrowedCursoris stable. Deferring this means we will need to support trait impls that providefill_bytesbut notfill_buf, which we might not need to if we waited until afterBorrowedBuf/BorrowedCursoris stable. However, that isn't any worse of a problem than we already have withio::Read, and we don't necessarily want to couple the stabilization ofBorrowedBuf/BorrowedCursorwithDistributions
The
Distributiontrait and therandomfunction remain unstable; those don't need to block stabilization ofRandomSourceandDefaultRandomSource.Optimized paths for
u32/u64Some RNGs can provide faster results for generating a whole
u32/u64rather than individual bytes.The definition and documentation of
fill_bytessays:We hope that this will allow RNGs that can generate whole words to do so efficiently as a fast path in
fill_bytes/fill_buf. If dedicatednext_u32/next_u64functions still end up being substantially faster, we can always add them as optional trait methods in the future.Resultversus panickingThere's been extensive discussion about whether the function should return a
Resultrather than panicking, or providing an additional such function. The previous conclusion from libs-api was that while it's possible for the first such call to fail (e.g. because the OS or sandbox provides no access to randomness at all), subsequent calls should never fail, and user code will not be prepared to deal with such failure.Furthermore, an API returning
Resultwould propagate throughout higher-level calls, forcing operations as simple as "roll a d20" to either returnResultor callexpect/unwrap. And even providing atryvariant will lead to higher-level APIs having to consider which variant to call. We should, instead, make the guarantee that a well-behaved underlying OS won't panic after the first call.Note, in particular, that
HashMapalready fails via panic if it can't get data from itsRandomState.If there's a need to allow error recovery for the "no OS/sandbox support" case, we could provide a one-time call to check for an error. Or, such users could continue using
getrandomor the underlying OS APIs.If we did want to make every call fallible, we have the capability, using upcoming language features ("supertrait auto impl"), to add a
TryRandomSourcesupertrait without breaking backwards compatibility.