RFR: 8248862: Implement Enhanced Pseudo-Random Number Generators [v3]

Rémi Forax github.com+828220+forax at openjdk.java.net
Wed Nov 25 14:16:05 UTC 2020 

On Wed, 25 Nov 2020 13:09:03 GMT, Jim Laskey <jlaskey at openjdk.org> wrote:

>> This PR is to introduce a new random number API for the JDK. The primary API is found in RandomGenerator and RandomGeneratorFactory. Further description can be found in the JEP https://openjdk.java.net/jeps/356 .
>> 
>> javadoc can be found at http://cr.openjdk.java.net/~jlaskey/prng/doc/api/java.base/java/util/random/package-summary.html
>> 
>> old PR:  https://github.com/openjdk/jdk/pull/1273
>
> Jim Laskey has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8248862: Implement Enhanced Pseudo-Random Number Generators
>   
>   Changes to RandomGeneratorFactory requested by @PaulSandoz

src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 335:

> 333:                         ctorBytes = tmpCtorBytes;
> 334:                         ctorLong = tmpCtorLong;
> 335:                         ctor = tmpCtor;

This one is a volatile write, so the idea is that ctorBytes and ctorLong does not need to be volatile too, which i think is not true if there is a code somewhere that uses ctorBytes or ctorLong without reading ctor.
This code is too smart for me, i'm pretty sure it is wrong too on non TSO cpu.

src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 480:

> 478:         } catch (Exception ex) {
> 479:             // Should never happen.
> 480:             throw new IllegalStateException("Random algorithm " + name() + " is missing a default constructor");

chain the exception ...

src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 497:

> 495:             ensureConstructors();
> 496:             return ctorLong.newInstance(seed);
> 497:         } catch (Exception ex) {

this one is very dubious because the result in an exception is thrown is a random generator with the wrong seed

src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 517:

> 515:             ensureConstructors();
> 516:             return ctorBytes.newInstance((Object)seed);
> 517:         } catch (Exception ex) {

same as above

-------------

PR: https://git.openjdk.java.net/jdk/pull/1292

More information about the security-dev mailing list