Re: [PATCH v2 3/3] treewide: use get_random_u32_between() when possible
From: Jason A. Donenfeld
Date: Wed Nov 16 2022 - 18:56:09 EST
On Wed, Nov 16, 2022 at 02:43:13PM -0800, Kees Cook wrote:
> On Mon, Nov 14, 2022 at 05:45:58PM +0100, Jason A. Donenfeld wrote:
> > - (get_random_u32_below(1024) + 1) * PAGE_SIZE;
> > + get_random_u32_between(1, 1024 + 1) * PAGE_SIZE;
>
> I really don't like "between". Can't this be named "inclusive" (and
> avoid adding 1 everywhere, which seems ugly), or at least named
> something less ambiguous?
>
> > - n = get_random_u32_below(100) + 1;
> > + n = get_random_u32_between(1, 101);
>
> Because I find this much less readable. "Below 100" is clear: 0-99
> inclusive, plus 1, so 1-100 inclusive. "Between 1 and 101" is not obvious
> to me to mean: 1-100 inclusive.
>
> These seem so much nicer:
> get_random_u32_inclusive(1, 1024)
> get_random_u32_inclusive(1, 100)
Yann pointed out something similar -- the half-closed interval being
confusing -- and while I was initially dismissive, I've warmed up to
doing this fully closed after sending a diff of that:
https://lore.kernel.org/lkml/Y3Qt8HiXj8giOnZy@xxxxxxxxx/
So okay, let's say that I'll implement the inclusive version instead. We
now have two problems to solve:
1) How/whether to make f(0, UR2_MAX) safe,
- without additional 64-bit arithmetic,
- minimizing the number of branches.
I have a few ideas I'll code golf for a bit.
2) What to call it:
- between I still like, because it mirrors "I'm thinking of a number
between 1 and 10 and..." that everybody knows,
- inclusive I guess works, but it's not a preposition,
- bikeshed color #3?
I think I can make progress with (1) alone by fiddling around with
godbolt enough, like usual. I could use some more ideas for (2) though.
Jason