1 /* Copyright (C) 1995-2022 Free Software Foundation, Inc.
2 
3    The GNU C Library is free software; you can redistribute it and/or
4    modify it under the terms of the GNU Lesser General Public
5    License as published by the Free Software Foundation; either
6    version 2.1 of the License, or (at your option) any later version.
7 
8    The GNU C Library is distributed in the hope that it will be useful,
9    but WITHOUT ANY WARRANTY; without even the implied warranty of
10    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
11    Lesser General Public License for more details.
12 
13    You should have received a copy of the GNU Lesser General Public
14    License along with the GNU C Library; if not, see
15    <https://www.gnu.org/licenses/>.  */
16 
17 /*
18  * This is derived from the Berkeley source:
19  *	@(#)random.c	5.5 (Berkeley) 7/6/88
20  * It was reworked for the GNU C Library by Roland McGrath.
21  * Rewritten to use reentrant functions by Ulrich Drepper, 1995.
22  */
23 
24 /*
25    Copyright (C) 1983 Regents of the University of California.
26    All rights reserved.
27 
28    Redistribution and use in source and binary forms, with or without
29    modification, are permitted provided that the following conditions
30    are met:
31 
32    1. Redistributions of source code must retain the above copyright
33       notice, this list of conditions and the following disclaimer.
34    2. Redistributions in binary form must reproduce the above copyright
35       notice, this list of conditions and the following disclaimer in the
36       documentation and/or other materials provided with the distribution.
37    4. Neither the name of the University nor the names of its contributors
38       may be used to endorse or promote products derived from this software
39       without specific prior written permission.
40 
41    THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
42    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43    IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44    ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
45    FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46    DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47    OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48    HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49    LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50    OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51    SUCH DAMAGE.*/
52 
53 #include <libc-lock.h>
54 #include <limits.h>
55 #include <stddef.h>
56 #include <stdlib.h>
57 
58 
59 /* An improved random number generation package.  In addition to the standard
60    rand()/srand() like interface, this package also has a special state info
61    interface.  The initstate() routine is called with a seed, an array of
62    bytes, and a count of how many bytes are being passed in; this array is
63    then initialized to contain information for random number generation with
64    that much state information.  Good sizes for the amount of state
65    information are 32, 64, 128, and 256 bytes.  The state can be switched by
66    calling the setstate() function with the same array as was initialized
67    with initstate().  By default, the package runs with 128 bytes of state
68    information and generates far better random numbers than a linear
69    congruential generator.  If the amount of state information is less than
70    32 bytes, a simple linear congruential R.N.G. is used.  Internally, the
71    state information is treated as an array of longs; the zeroth element of
72    the array is the type of R.N.G. being used (small integer); the remainder
73    of the array is the state information for the R.N.G.  Thus, 32 bytes of
74    state information will give 7 longs worth of state information, which will
75    allow a degree seven polynomial.  (Note: The zeroth word of state
76    information also has some other information stored in it; see setstate
77    for details).  The random number generation technique is a linear feedback
78    shift register approach, employing trinomials (since there are fewer terms
79    to sum up that way).  In this approach, the least significant bit of all
80    the numbers in the state table will act as a linear feedback shift register,
81    and will have period 2^deg - 1 (where deg is the degree of the polynomial
82    being used, assuming that the polynomial is irreducible and primitive).
83    The higher order bits will have longer periods, since their values are
84    also influenced by pseudo-random carries out of the lower bits.  The
85    total period of the generator is approximately deg*(2**deg - 1); thus
86    doubling the amount of state information has a vast influence on the
87    period of the generator.  Note: The deg*(2**deg - 1) is an approximation
88    only good for large deg, when the period of the shift register is the
89    dominant factor.  With deg equal to seven, the period is actually much
90    longer than the 7*(2**7 - 1) predicted by this formula.  */
91 
92 
93 
94 /* For each of the currently supported random number generators, we have a
95    break value on the amount of state information (you need at least this many
96    bytes of state info to support this random number generator), a degree for
97    the polynomial (actually a trinomial) that the R.N.G. is based on, and
98    separation between the two lower order coefficients of the trinomial.  */
99 
100 /* Linear congruential.  */
101 #define	TYPE_0		0
102 #define	BREAK_0		8
103 #define	DEG_0		0
104 #define	SEP_0		0
105 
106 /* x**7 + x**3 + 1.  */
107 #define	TYPE_1		1
108 #define	BREAK_1		32
109 #define	DEG_1		7
110 #define	SEP_1		3
111 
112 /* x**15 + x + 1.  */
113 #define	TYPE_2		2
114 #define	BREAK_2		64
115 #define	DEG_2		15
116 #define	SEP_2		1
117 
118 /* x**31 + x**3 + 1.  */
119 #define	TYPE_3		3
120 #define	BREAK_3		128
121 #define	DEG_3		31
122 #define	SEP_3		3
123 
124 /* x**63 + x + 1.  */
125 #define	TYPE_4		4
126 #define	BREAK_4		256
127 #define	DEG_4		63
128 #define	SEP_4		1
129 
130 
131 /* Array versions of the above information to make code run faster.
132    Relies on fact that TYPE_i == i.  */
133 
134 #define	MAX_TYPES	5	/* Max number of types above.  */
135 
136 
137 /* Initially, everything is set up as if from:
138 	initstate(1, randtbl, 128);
139    Note that this initialization takes advantage of the fact that srandom
140    advances the front and rear pointers 10*rand_deg times, and hence the
141    rear pointer which starts at 0 will also end up at zero; thus the zeroth
142    element of the state information, which contains info about the current
143    position of the rear pointer is just
144 	(MAX_TYPES * (rptr - state)) + TYPE_3 == TYPE_3.  */
145 
146 static int32_t randtbl[DEG_3 + 1] =
147   {
148     TYPE_3,
149 
150     -1726662223, 379960547, 1735697613, 1040273694, 1313901226,
151     1627687941, -179304937, -2073333483, 1780058412, -1989503057,
152     -615974602, 344556628, 939512070, -1249116260, 1507946756,
153     -812545463, 154635395, 1388815473, -1926676823, 525320961,
154     -1009028674, 968117788, -123449607, 1284210865, 435012392,
155     -2017506339, -911064859, -370259173, 1132637927, 1398500161,
156     -205601318,
157   };
158 
159 
160 static struct random_data unsafe_state =
161   {
162 /* FPTR and RPTR are two pointers into the state info, a front and a rear
163    pointer.  These two pointers are always rand_sep places apart, as they
164    cycle through the state information.  (Yes, this does mean we could get
165    away with just one pointer, but the code for random is more efficient
166    this way).  The pointers are left positioned as they would be from the call:
167 	initstate(1, randtbl, 128);
168    (The position of the rear pointer, rptr, is really 0 (as explained above
169    in the initialization of randtbl) because the state table pointer is set
170    to point to randtbl[1] (as explained below).)  */
171 
172     .fptr = &randtbl[SEP_3 + 1],
173     .rptr = &randtbl[1],
174 
175 /* The following things are the pointer to the state information table,
176    the type of the current generator, the degree of the current polynomial
177    being used, and the separation between the two pointers.
178    Note that for efficiency of random, we remember the first location of
179    the state information, not the zeroth.  Hence it is valid to access
180    state[-1], which is used to store the type of the R.N.G.
181    Also, we remember the last location, since this is more efficient than
182    indexing every time to find the address of the last element to see if
183    the front and rear pointers have wrapped.  */
184 
185     .state = &randtbl[1],
186 
187     .rand_type = TYPE_3,
188     .rand_deg = DEG_3,
189     .rand_sep = SEP_3,
190 
191     .end_ptr = &randtbl[sizeof (randtbl) / sizeof (randtbl[0])]
192 };
193 
194 /* POSIX.1c requires that there is mutual exclusion for the `rand' and
195    `srand' functions to prevent concurrent calls from modifying common
196    data.  */
__libc_lock_define_initialized(static,lock)197 __libc_lock_define_initialized (static, lock)
198 
199 /* Initialize the random number generator based on the given seed.  If the
200    type is the trivial no-state-information type, just remember the seed.
201    Otherwise, initializes state[] based on the given "seed" via a linear
202    congruential generator.  Then, the pointers are set to known locations
203    that are exactly rand_sep places apart.  Lastly, it cycles the state
204    information a given number of times to get rid of any initial dependencies
205    introduced by the L.C.R.N.G.  Note that the initialization of randtbl[]
206    for default usage relies on values produced by this routine.  */
207 void
208 __srandom (unsigned int x)
209 {
210   __libc_lock_lock (lock);
211   (void) __srandom_r (x, &unsafe_state);
212   __libc_lock_unlock (lock);
213 }
214 
weak_alias(__srandom,srandom)215 weak_alias (__srandom, srandom)
216 weak_alias (__srandom, srand)
217 
218 /* Initialize the state information in the given array of N bytes for
219    future random number generation.  Based on the number of bytes we
220    are given, and the break values for the different R.N.G.'s, we choose
221    the best (largest) one we can and set things up for it.  srandom is
222    then called to initialize the state information.  Note that on return
223    from srandom, we set state[-1] to be the type multiplexed with the current
224    value of the rear pointer; this is so successive calls to initstate won't
225    lose this information and will be able to restart with setstate.
226    Note: The first thing we do is save the current state, if any, just like
227    setstate so that it doesn't matter when initstate is called.
228    Returns a pointer to the old state.  */
229 char *
230 __initstate (unsigned int seed, char *arg_state, size_t n)
231 {
232   int32_t *ostate;
233   int ret;
234 
235   __libc_lock_lock (lock);
236 
237   ostate = &unsafe_state.state[-1];
238 
239   ret = __initstate_r (seed, arg_state, n, &unsafe_state);
240 
241   __libc_lock_unlock (lock);
242 
243   return ret == -1 ? NULL : (char *) ostate;
244 }
245 
weak_alias(__initstate,initstate)246 weak_alias (__initstate, initstate)
247 
248 /* Restore the state from the given state array.
249    Note: It is important that we also remember the locations of the pointers
250    in the current state information, and restore the locations of the pointers
251    from the old state information.  This is done by multiplexing the pointer
252    location into the zeroth word of the state information. Note that due
253    to the order in which things are done, it is OK to call setstate with the
254    same state as the current state
255    Returns a pointer to the old state information.  */
256 char *
257 __setstate (char *arg_state)
258 {
259   int32_t *ostate;
260 
261   __libc_lock_lock (lock);
262 
263   ostate = &unsafe_state.state[-1];
264 
265   if (__setstate_r (arg_state, &unsafe_state) < 0)
266     ostate = NULL;
267 
268   __libc_lock_unlock (lock);
269 
270   return (char *) ostate;
271 }
272 
weak_alias(__setstate,setstate)273 weak_alias (__setstate, setstate)
274 
275 /* If we are using the trivial TYPE_0 R.N.G., just do the old linear
276    congruential bit.  Otherwise, we do our fancy trinomial stuff, which is the
277    same in all the other cases due to all the global variables that have been
278    set up.  The basic operation is to add the number at the rear pointer into
279    the one at the front pointer.  Then both pointers are advanced to the next
280    location cyclically in the table.  The value returned is the sum generated,
281    reduced to 31 bits by throwing away the "least random" low bit.
282    Note: The code takes advantage of the fact that both the front and
283    rear pointers can't wrap on the same call by not testing the rear
284    pointer if the front one has wrapped.  Returns a 31-bit random number.  */
285 
286 long int
287 __random (void)
288 {
289   int32_t retval;
290 
291   __libc_lock_lock (lock);
292 
293   (void) __random_r (&unsafe_state, &retval);
294 
295   __libc_lock_unlock (lock);
296 
297   return retval;
298 }
299 
300 weak_alias (__random, random)
301