Summary: std.random.RandomSample and RandomCover are poorly
           Product: D
           Version: D2
          Platform: Other
        OS/Version: Windows
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Phobos

--- Comment #0 from Vladimir Panteleev <> 2011-12-05 
04:00:22 PST ---
The following tests will always fail:

    int[] a = [ 0, 1, 2, 3, 4, 5, 6, 7, 8 ];
    assert(!equal(randomCover(a, rndGen()), randomCover(a, rndGen())));
    assert(!equal(randomSample(a, 5, rndGen()), randomSample(a, 5, rndGen())));

The reason why these tests will fail is that both functions take the RNG by
value. Not only is this unintuitive, this is also a security liability -
someone depending on these functions to generate random identifiers can be
surprised that two successive calls generate the same ID.

I strongly suggest that RNG types are disallowed from being implicitly copied.
Even though pseudo-random number generators shouldn't be used for security
purposes, they're still likely to be used in such contexts - especially
considering lack of better sources of random data in Phobos.

Configure issuemail:
------- You are receiving this mail because: -------

Reply via email to