Bug 36673
| Summary: | Math.random repeats values in different workers | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ben Shapiro <webkit> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | ap, bfulgham, cben, jiewen_tan, oliver, webkit |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | OS X 10.6 | ||
Ben Shapiro
When calling Math.random() in different workers, Math.random() is returning the same values in the same order in each worker.
For example, when executing the following code (in an object) in webkit in multiple workers, the object's redness is set to the same value in each worker:
this.redness = Math.round(255*Math.random());
I do not have this problem in Chrome or in Firefox.
If additional detail is required, the complete code is at the following URL:
http://github.com/bennytheshap/sabmit/raw/master/sabmit/public/javascripts/turtlestuff/turtle_base.js
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Oliver Hunt
We seed the random number generator with WTF::currentTime at JSGlobalData.cpp:146 -- theoretically if we're spinning the new contexts up fast enough they'll all have the same seed. Should we seed with randomNumber() instead?
I haven't tested to confirm this myself so this is simply theorising...
Ben Shapiro
What's odd is that it happens even when the workers are created with a large amount of time between them.
To see this in action, go here:
http://evil.getdown.org:3000/breeds/1
Click the Hatch! button. It behaves as expected on Firefox and Chrome.
Oliver Hunt
Just discovered that when we switched to our new random number generator, we reintroduced seeding from the current time, if the new workers are all initialiser sufficiently quickly, the generator gets a shared seed.
Beni Paskin-Cherniavsky
Is this still relevant?
I think your comments refer to
https://trac.webkit.org/changeset/50789/trunk/JavaScriptCore/runtime/JSGlobalData.cpp
but JSGlobalData.cpp has been renamed VM.cpp since and no longer includes any seeding.
Seeding WeakRandom from time was fixed in Aug 2010 in https://trac.webkit.org/changeset/65947 .
What I see now:
Math.random()
https://trac.webkit.org/browser/trunk/Source/JavaScriptCore/runtime/MathObject.cpp?rev=154868
calls exec->lexicalGlobalObject()->weakRandomNumber() implemented in
https://trac.webkit.org/browser/trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h?rev=154868#L490
as a shallow wrapper for
https://trac.webkit.org/browser/trunk/Source/JavaScriptCore/runtime/WeakRandom.h
It is initialized in
https://trac.webkit.org/browser/trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp?rev=154868#L138
from randomNumber():
https://trac.webkit.org/browser/trunk/Source/WTF/wtf/RandomNumber.cpp?rev=154868
which is a shallow wrapper for cryptographicallyRandomNumber() which is a shared ARC4Random state:
https://trac.webkit.org/browser/trunk/Source/WTF/wtf/CryptographicallyRandomNumber.cpp?rev=154868#L168
which initializes itself in ARC4RandomNumberGenerator::stir() from strong OS randomness:
https://trac.webkit.org/browser/trunk/Source/WTF/wtf/OSRandomSource.h?rev=154868
Phew.
--
There is also
https://trac.webkit.org/browser/trunk/Source/WTF/wtf/RandomNumberSeed.h?rev=154868
which *does* initialize on Unix from time & process id.
But what it initializes are rand()/random() which are not used in any way for Math.random() AFAICT.