vfs: check userland buffers before reading them.
[haiku.git] / src / system / libroot / posix / glibc / stdlib / random.c
blob8a32ee7103fb82fb61a27b182314dbc78098031d
1 /* Copyright (C) 1995 Free Software Foundation
3 The GNU C Library is free software; you can redistribute it and/or
4 modify it under the terms of the GNU Lesser General Public
5 License as published by the Free Software Foundation; either
6 version 2.1 of the License, or (at your option) any later version.
8 The GNU C Library is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 Lesser General Public License for more details.
13 You should have received a copy of the GNU Lesser General Public
14 License along with the GNU C Library; if not, write to the Free
15 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
16 02111-1307 USA. */
19 * This is derived from the Berkeley source:
20 * @(#)random.c 5.5 (Berkeley) 7/6/88
21 * It was reworked for the GNU C Library by Roland McGrath.
22 * Rewritten to use reentrant functions by Ulrich Drepper, 1995.
26 Copyright (C) 1983 Regents of the University of California.
27 All rights reserved.
29 Redistribution and use in source and binary forms, with or without
30 modification, are permitted provided that the following conditions
31 are met:
33 1. Redistributions of source code must retain the above copyright
34 notice, this list of conditions and the following disclaimer.
35 2. Redistributions in binary form must reproduce the above copyright
36 notice, this list of conditions and the following disclaimer in the
37 documentation and/or other materials provided with the distribution.
38 4. Neither the name of the University nor the names of its contributors
39 may be used to endorse or promote products derived from this software
40 without specific prior written permission.
42 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
43 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
45 ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
46 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
47 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
48 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
50 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
51 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 SUCH DAMAGE.*/
54 #include <bits/libc-lock.h>
55 #include <limits.h>
56 #include <stddef.h>
57 #include <stdlib.h>
60 /* An improved random number generation package. In addition to the standard
61 rand()/srand() like interface, this package also has a special state info
62 interface. The initstate() routine is called with a seed, an array of
63 bytes, and a count of how many bytes are being passed in; this array is
64 then initialized to contain information for random number generation with
65 that much state information. Good sizes for the amount of state
66 information are 32, 64, 128, and 256 bytes. The state can be switched by
67 calling the setstate() function with the same array as was initialized
68 with initstate(). By default, the package runs with 128 bytes of state
69 information and generates far better random numbers than a linear
70 congruential generator. If the amount of state information is less than
71 32 bytes, a simple linear congruential R.N.G. is used. Internally, the
72 state information is treated as an array of longs; the zeroth element of
73 the array is the type of R.N.G. being used (small integer); the remainder
74 of the array is the state information for the R.N.G. Thus, 32 bytes of
75 state information will give 7 longs worth of state information, which will
76 allow a degree seven polynomial. (Note: The zeroth word of state
77 information also has some other information stored in it; see setstate
78 for details). The random number generation technique is a linear feedback
79 shift register approach, employing trinomials (since there are fewer terms
80 to sum up that way). In this approach, the least significant bit of all
81 the numbers in the state table will act as a linear feedback shift register,
82 and will have period 2^deg - 1 (where deg is the degree of the polynomial
83 being used, assuming that the polynomial is irreducible and primitive).
84 The higher order bits will have longer periods, since their values are
85 also influenced by pseudo-random carries out of the lower bits. The
86 total period of the generator is approximately deg*(2**deg - 1); thus
87 doubling the amount of state information has a vast influence on the
88 period of the generator. Note: The deg*(2**deg - 1) is an approximation
89 only good for large deg, when the period of the shift register is the
90 dominant factor. With deg equal to seven, the period is actually much
91 longer than the 7*(2**7 - 1) predicted by this formula. */
95 /* For each of the currently supported random number generators, we have a
96 break value on the amount of state information (you need at least this many
97 bytes of state info to support this random number generator), a degree for
98 the polynomial (actually a trinomial) that the R.N.G. is based on, and
99 separation between the two lower order coefficients of the trinomial. */
101 /* Linear congruential. */
102 #define TYPE_0 0
103 #define BREAK_0 8
104 #define DEG_0 0
105 #define SEP_0 0
107 /* x**7 + x**3 + 1. */
108 #define TYPE_1 1
109 #define BREAK_1 32
110 #define DEG_1 7
111 #define SEP_1 3
113 /* x**15 + x + 1. */
114 #define TYPE_2 2
115 #define BREAK_2 64
116 #define DEG_2 15
117 #define SEP_2 1
119 /* x**31 + x**3 + 1. */
120 #define TYPE_3 3
121 #define BREAK_3 128
122 #define DEG_3 31
123 #define SEP_3 3
125 /* x**63 + x + 1. */
126 #define TYPE_4 4
127 #define BREAK_4 256
128 #define DEG_4 63
129 #define SEP_4 1
132 /* Array versions of the above information to make code run faster.
133 Relies on fact that TYPE_i == i. */
135 #define MAX_TYPES 5 /* Max number of types above. */
138 /* Initially, everything is set up as if from:
139 initstate(1, randtbl, 128);
140 Note that this initialization takes advantage of the fact that srandom
141 advances the front and rear pointers 10*rand_deg times, and hence the
142 rear pointer which starts at 0 will also end up at zero; thus the zeroth
143 element of the state information, which contains info about the current
144 position of the rear pointer is just
145 (MAX_TYPES * (rptr - state)) + TYPE_3 == TYPE_3. */
147 static int32_t randtbl[DEG_3 + 1] =
149 TYPE_3,
151 -1726662223, 379960547, 1735697613, 1040273694, 1313901226,
152 1627687941, -179304937, -2073333483, 1780058412, -1989503057,
153 -615974602, 344556628, 939512070, -1249116260, 1507946756,
154 -812545463, 154635395, 1388815473, -1926676823, 525320961,
155 -1009028674, 968117788, -123449607, 1284210865, 435012392,
156 -2017506339, -911064859, -370259173, 1132637927, 1398500161,
157 -205601318,
161 static struct random_data unsafe_state =
163 /* FPTR and RPTR are two pointers into the state info, a front and a rear
164 pointer. These two pointers are always rand_sep places aparts, as they
165 cycle through the state information. (Yes, this does mean we could get
166 away with just one pointer, but the code for random is more efficient
167 this way). The pointers are left positioned as they would be from the call:
168 initstate(1, randtbl, 128);
169 (The position of the rear pointer, rptr, is really 0 (as explained above
170 in the initialization of randtbl) because the state table pointer is set
171 to point to randtbl[1] (as explained below).) */
173 .fptr = &randtbl[SEP_3 + 1],
174 .rptr = &randtbl[1],
176 /* The following things are the pointer to the state information table,
177 the type of the current generator, the degree of the current polynomial
178 being used, and the separation between the two pointers.
179 Note that for efficiency of random, we remember the first location of
180 the state information, not the zeroth. Hence it is valid to access
181 state[-1], which is used to store the type of the R.N.G.
182 Also, we remember the last location, since this is more efficient than
183 indexing every time to find the address of the last element to see if
184 the front and rear pointers have wrapped. */
186 .state = &randtbl[1],
188 .rand_type = TYPE_3,
189 .rand_deg = DEG_3,
190 .rand_sep = SEP_3,
192 .end_ptr = &randtbl[sizeof (randtbl) / sizeof (randtbl[0])]
195 /* POSIX.1c requires that there is mutual exclusion for the `rand' and
196 `srand' functions to prevent concurrent calls from modifying common
197 data. */
198 __libc_lock_define_initialized (static, lock)
200 /* Initialize the random number generator based on the given seed. If the
201 type is the trivial no-state-information type, just remember the seed.
202 Otherwise, initializes state[] based on the given "seed" via a linear
203 congruential generator. Then, the pointers are set to known locations
204 that are exactly rand_sep places apart. Lastly, it cycles the state
205 information a given number of times to get rid of any initial dependencies
206 introduced by the L.C.R.N.G. Note that the initialization of randtbl[]
207 for default usage relies on values produced by this routine. */
208 void
209 __srandom (x)
210 unsigned int x;
212 __libc_lock_lock (lock);
213 (void) __srandom_r (x, &unsafe_state);
214 __libc_lock_unlock (lock);
217 weak_alias (__srandom, srandom)
218 weak_alias (__srandom, srand)
220 /* Initialize the state information in the given array of N bytes for
221 future random number generation. Based on the number of bytes we
222 are given, and the break values for the different R.N.G.'s, we choose
223 the best (largest) one we can and set things up for it. srandom is
224 then called to initialize the state information. Note that on return
225 from srandom, we set state[-1] to be the type multiplexed with the current
226 value of the rear pointer; this is so successive calls to initstate won't
227 lose this information and will be able to restart with setstate.
228 Note: The first thing we do is save the current state, if any, just like
229 setstate so that it doesn't matter when initstate is called.
230 Returns a pointer to the old state. */
231 char *
232 __initstate (seed, arg_state, n)
233 unsigned int seed;
234 char *arg_state;
235 size_t n;
237 int32_t *ostate;
239 __libc_lock_lock (lock);
241 ostate = &unsafe_state.state[-1];
243 __initstate_r (seed, arg_state, n, &unsafe_state);
245 __libc_lock_unlock (lock);
247 return (char *) ostate;
250 weak_alias (__initstate, initstate)
252 /* Restore the state from the given state array.
253 Note: It is important that we also remember the locations of the pointers
254 in the current state information, and restore the locations of the pointers
255 from the old state information. This is done by multiplexing the pointer
256 location into the zeroth word of the state information. Note that due
257 to the order in which things are done, it is OK to call setstate with the
258 same state as the current state
259 Returns a pointer to the old state information. */
260 char *
261 __setstate (arg_state)
262 char *arg_state;
264 int32_t *ostate;
266 __libc_lock_lock (lock);
268 ostate = &unsafe_state.state[-1];
270 if (__setstate_r (arg_state, &unsafe_state) < 0)
271 ostate = NULL;
273 __libc_lock_unlock (lock);
275 return (char *) ostate;
278 weak_alias (__setstate, setstate)
280 /* If we are using the trivial TYPE_0 R.N.G., just do the old linear
281 congruential bit. Otherwise, we do our fancy trinomial stuff, which is the
282 same in all the other cases due to all the global variables that have been
283 set up. The basic operation is to add the number at the rear pointer into
284 the one at the front pointer. Then both pointers are advanced to the next
285 location cyclically in the table. The value returned is the sum generated,
286 reduced to 31 bits by throwing away the "least random" low bit.
287 Note: The code takes advantage of the fact that both the front and
288 rear pointers can't wrap on the same call by not testing the rear
289 pointer if the front one has wrapped. Returns a 31-bit random number. */
291 long int
292 __random ()
294 int32_t retval;
296 __libc_lock_lock (lock);
298 (void) __random_r (&unsafe_state, &retval);
300 __libc_lock_unlock (lock);
302 return retval;
305 weak_alias (__random, random)