Comments (7)
Copying from #439
Is it worth keeping the uninit
methods?
This brings up a more important question, does it even make sense to keep the uninit
methods at all? They add complexity and unsafe
code, but it's unclear if they are worth it. We have benchmarks which compare calling getrandom_uninit
vs zeroing a buffer and calling getrandom
. Even with very fast (> 100 MB/sec) rng sources, the uninit
methods aren't consistently faster (and any difference is within the margin of error).
On Linux (cargo bench --jobs=1
):
test aes128::bench_getrandom ... bench: 409 ns/iter (+/- 20) = 39 MB/s
test aes128::bench_getrandom_uninit ... bench: 413 ns/iter (+/- 37) = 38 MB/s
test p256::bench_getrandom ... bench: 421 ns/iter (+/- 19) = 76 MB/s
test p256::bench_getrandom_uninit ... bench: 416 ns/iter (+/- 23) = 76 MB/s
test p384::bench_getrandom ... bench: 527 ns/iter (+/- 126) = 91 MB/s
test p384::bench_getrandom_uninit ... bench: 543 ns/iter (+/- 169) = 88 MB/s
test page::bench_getrandom ... bench: 8,676 ns/iter (+/- 219) = 472 MB/s
test page::bench_getrandom_uninit ... bench: 8,591 ns/iter (+/- 551) = 476 MB/s
I would be fine removing the uninit
methods entirely, as it would simplify our implementation in multiple places.
from getrandom.
When working on Memory Sanitizer support (#463), I realized that the MaybeUninit
functionality is actually quite useful for testing, because we can use Memory Sanitizer to ensure that we at least write to the given buffer. We can't __msan_poison
a &mut [u8]
without trigger UB.
In particular, if/when we update the signature of custom implementations to take MaybeUninit
, then memory sanitizer will be able to also test them. So I think it is useful to keep around.
from getrandom.
In ring, currently I do use the pattern let mut x = [0; LEN]; init(&mut x)
in many places, but I am planning to replace those with use of MaybeUninit
exactly so I can use memory sanitizer to ensure that the init()
actually initializes what it is supposed to, instead of leaving some of the zeros untouched. I guess it will likely be the case for other getrandom
users.
from getrandom.
I don't think that MaybeUninit
adds a lot of complexity. Almost all backends (except js
) use raw pointers to call system APIs and there is no difference between casting pointer from &[u8]
and &mut [MaybeUninit<u8>]
. Buffer zeroization is unnecessary, even if it's performance impact is negligible compared to syscalls. So I am in favor of keeping the uninit
function.
from getrandom.
+1 to keeping it
from getrandom.
I think it is fine to keep it. We have this unsafe code in getrandom
mostly because stabilizing some libcore features related to MaybeUninit
is taking a long time. In the future we'll be able to eliminate the unsafe bits. In the meantime, we've done quite a bit to ensure that the unsafe bits are safe. So I am fine with closing this issue, assuming this also means that we're committing to changing the custom API to be MaybeUninit
-aware if/when we change that API.
from getrandom.
Sounds good to me. Personally, I think the only strong argument to keep it is @briansmith's point about sanitizers, but that is a very good point.
from getrandom.
Related Issues (20)
- Remove fallback logic for FreeBSD
- Investigate removing fallback logic for Solaris/Illumos HOT 1
- Windows: Switch to using ProcessPRNG by default. HOT 31
- `libc` `v0.2.154` yanked HOT 2
- Support `x86_64-unknown-linux-none` HOT 32
- Implementation of `dlsym`-based `Weak` is not sandbox-friendly HOT 6
- Use VM to run tests
- Release 0.3? HOT 8
- Document and Test that `getrandom()` never panics. HOT 3
- Feature handing changes HOT 2
- API Changes HOT 6
- Run `cargo clippy` in CI for all targets
- Potential improvements to use of `/dev/random` on Linux/Android HOT 5
- use_file: Just use `libstd` on targets that we know have libstd, instead of pthreads + libc. HOT 20
- Deprecate and remove `impl From<NonZeroU32> for Error`. HOT 1
- Crate libc 0.2.154 is yanked HOT 6
- Force use of `rdrand` feature instead of `linux_android` implementation HOT 2
- Consider updating to `wasi v0.13.1+wasi-0.2.0`
- $20 in $SOL to whoever can help me solve this getrandom error when i run anchor build HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from getrandom.