From 03df9dd50bca06f08b413b4c5b3eb2a60e66a4c6 Mon Sep 17 00:00:00 2001 From: "whesse@chromium.org" Date: Thu, 30 Jun 2011 13:07:43 +0000 Subject: [PATCH] Improve pseudorandom number generation and move the PNG state to Isolate. Review URL: http://codereview.chromium.org/7248060 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8490 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/isolate.h | 2 ++ src/v8.cc | 48 ++++++++++++++++++++---------------------------- 2 files changed, 22 insertions(+), 28 deletions(-) diff --git a/src/isolate.h b/src/isolate.h index dc9f67ec3..3e3bf3678 100644 --- a/src/isolate.h +++ b/src/isolate.h @@ -332,6 +332,8 @@ class HashMap; V(int, bad_char_shift_table, kUC16AlphabetSize) \ V(int, good_suffix_shift_table, (kBMMaxShift + 1)) \ V(int, suffix_table, (kBMMaxShift + 1)) \ + V(uint32_t, random_seed, 4) \ + V(uint32_t, private_random_seed, 4) \ ISOLATE_INIT_DEBUG_ARRAY_LIST(V) typedef List DebugObjectCache; diff --git a/src/v8.cc b/src/v8.cc index 0b562fc28..bd902e83e 100644 --- a/src/v8.cc +++ b/src/v8.cc @@ -100,42 +100,36 @@ void V8::TearDown() { } -static uint32_t random_seed() { - if (FLAG_random_seed == 0) { - return random(); +static void seed_random(uint32_t* state) { + for (int i = 0; i < 4; ++i) { + state[i] = FLAG_random_seed; + while (state[i] == 0) { + state[i] = random(); + } } - return FLAG_random_seed; } -typedef struct { - uint32_t hi; - uint32_t lo; -} random_state; - - // Random number generator using George Marsaglia's MWC algorithm. -static uint32_t random_base(random_state *state) { - // Initialize seed using the system random(). If one of the seeds - // should ever become zero again, or if random() returns zero, we - // avoid getting stuck with zero bits in hi or lo by re-initializing - // them on demand. - if (state->hi == 0) state->hi = random_seed(); - if (state->lo == 0) state->lo = random_seed(); - - // Mix the bits. - state->hi = 36969 * (state->hi & 0xFFFF) + (state->hi >> 16); - state->lo = 18273 * (state->lo & 0xFFFF) + (state->lo >> 16); - return (state->hi << 16) + (state->lo & 0xFFFF); +static uint32_t random_base(uint32_t* state) { + // Initialize seed using the system random(). + // No non-zero seed will ever become zero again. + if (state[0] == 0) seed_random(state); + + // Mix the bits. Never replaces state[i] with 0 if it is nonzero. + state[0] = 18273 * (state[0] & 0xFFFF) + (state[0] >> 16); + state[1] = 36969 * (state[1] & 0xFFFF) + (state[1] >> 16); + state[2] = 23208 * (state[2] & 0xFFFF) + (state[2] >> 16); + state[3] = 27753 * (state[3] & 0xFFFF) + (state[3] >> 16); + + return ((state[2] ^ state[3]) << 16) + ((state[0] ^ state[1]) & 0xFFFF); } // Used by JavaScript APIs uint32_t V8::Random(Isolate* isolate) { ASSERT(isolate == Isolate::Current()); - // TODO(isolates): move lo and hi to isolate - static random_state state = {0, 0}; - return random_base(&state); + return random_base(isolate->random_seed()); } @@ -144,9 +138,7 @@ uint32_t V8::Random(Isolate* isolate) { // leaks that could be used in an exploit. uint32_t V8::RandomPrivate(Isolate* isolate) { ASSERT(isolate == Isolate::Current()); - // TODO(isolates): move lo and hi to isolate - static random_state state = {0, 0}; - return random_base(&state); + return random_base(isolate->private_random_seed()); } -- 2.34.1