This is an archive of the discontinued LLVM Phabricator instance.

Differential D125283

reverts "[libc++] Explicitly reject `uniform_int_distribution<bool>` and `<char>`."
AbandonedPublic

Authored by cjdb on May 9 2022, 5:54 PM.

Details

Reviewers
EricWF
ldionne
Group Reviewers
Restricted Project
Summary

[rand.req.genl/p1.5][1] states that template type parameters with the
name IntType are undefined if the type isn't an integer of at least
two bytes. It does not state that a program is ill-formed. This means
that it's a conforming extension for libc++ to support single-byte
integer types.

libc++ has supported this extension at least as far back as Clang 5,
regardless of developer intentions. As such, we're subject to Hyrum's
Law, and D114920 has unnecessarily and unforgivingly broken a fair
amount of user code. If libc++ has a genuine reason not to support
this extension, it should deprecate the extension and provide users with
both an explanation and a deadline, instead of abruptly flipping a
switch.

Adds test to improve confidence in these types being supported.

This reverts commit a3255f219a861fd91423def693e1b3ab3e012bec.

[1]: http://eel.is/c++draft/rand#req.genl-1.5

Diff Detail

Event Timeline

cjdb created this revision.May 9 2022, 5:54 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 9 2022, 5:54 PM
cjdb requested review of this revision.May 9 2022, 5:54 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 9 2022, 5:54 PM
Herald added a reviewer: Restricted Project. · View Herald Transcript
Herald added a subscriber: libcxx-commits. · View Herald Transcript
Harbormaster completed remote builds in B163604: Diff 428249.May 9 2022, 6:24 PM
manojgupta added a subscriber: manojgupta.May 10 2022, 1:02 PM

Thanks Christopher,

I am not sure of the rationale for the original patch. But it has caused wide spread breakages. When trying to fix them e.g,. by using uint16_t instead of unit8_t, the obvious question from code owners is why C++ can't or does not want support it?
So if there is not too much burden in supporting it, I'd appreciate that .

ldionne requested changes to this revision.May 11 2022, 6:46 AM

http://eel.is/c++draft/rand.req.genl#1 says that the effect of instantiating one of these templates with a type that isn't in <list-of-allowed-types> is undefined. That means it's undefined behavior, and we strive to catch cases where users rely on undefined behavior for various reasons, notably to make their code more portable (https://godbolt.org/z/E6oGjfjhP), but also because we can't guarantee what the behavior is for such inputs.

broken a fair amount of user code.

When I tried this change internally, I did see a few breakages, but all of them were really easy to fix and made the code better. I'm curious to hear about your experience.

If you'd like to pursue this change, what I'd support is adding a escape hatch such that __libcpp_random_is_valid_inttype<T>::value is always true, and removing that after LLVM 15 has been shipped. This won't really change the fact that user's code needs to be fixed, but it will give them a bit more time to procrastinate on doing it. If that helps, I'm OK with that approach.

This revision now requires changes to proceed.May 11 2022, 6:46 AM
cjdb added a subscriber: CrystalSplitter.May 11 2022, 11:13 AM
In D125283#3506131, @ldionne wrote:

http://eel.is/c++draft/rand.req.genl#1 says that the effect of instantiating one of these templates with a type that isn't in <list-of-allowed-types> is undefined. That means it's undefined behavior, and we strive to catch cases where users rely on undefined behavior for various reasons, notably to make their code more portable (https://godbolt.org/z/E6oGjfjhP), but also because we can't guarantee what the behavior is for such inputs.

Yes, it's undefined, which means that the standard places no requirements on an implementation. That means that implementations are allowed to treat this as an extension point. libc++ can absolutely guarantee the behaviour for such inputs, because it is the implementation. Choosing to not support it is certainly a valid option, but choosing to not support it after years of having done so is incredibly user-hostile.

As for portability:

  • libstdc++ accepts this code. Have you considered trying to get Microsoft/STL to adopt supporting all integer types instead of limiting the usability in libc++? That would be far more productive and would not be user-adverse.
  • libc++ has plenty of extension points, and if I recall correctly, some of them aren't even opt-outable (such as choosing to continue permitting uniform_int_distribution<__int128>).

broken a fair amount of user code.

When I tried this change internally, I did see a few breakages, but all of them were really easy to fix and made the code better. I'm curious to hear about your experience.

If you'd like to pursue this change, what I'd support is adding a escape hatch such that __libcpp_random_is_valid_inttype<T>::value is always true, and removing that after LLVM 15 has been shipped. This won't really change the fact that user's code needs to be fixed, but it will give them a bit more time to procrastinate on doing it. If that helps, I'm OK with that approach.

@CrystalSplitter can provide you with data points on how ChromeOS has been affected.

CrystalSplitter added a comment.May 11 2022, 12:25 PM

Hello.

I am on the ChromeOS C++ Toolchain team. I don't really interact much with the LLVM community personally, but nonetheless my work is quite affected by upstream LLVM changes. In this particular case, I'm the one who's cleaning up all the ChromeOS cases where this previous extension is used.

ChromeOS uses a lot of randomisation in tests. Notably, fuzzing frequently uses randomly generated bytes, and passing those around as bags of bytes to identify stability and security issues. It's not uncommon that uniform_int_distribution<uint8_t> or uniform_int_distribution<char> is used to generate these inputs.
Is this undefined? Yes! But it's also reliably worked up until now and is a valid extension. People are depending on this extension, regardless of whether they were aware it was an extension in the first place. They are all trivial to fix on a line-by-line difference, but it adds a burden when there are 30+ cases which all have different maintainers that one must collaborate with to get dependencies to compile. This list is still growing, because we haven't finished our investigation of how badly this breaks us.

This frustration is further fueled by the thought: Well, why isn't there support for it? There's no random algorithm which can generate a uniform random 16bit number but not a uniform random 8bit number. The implementation certainly isn't restricting us, and there's no added maintenance cost in doing so. I must then go and explain to maintainers that, while there's no technical reason this is a compiler error, we must change all the instantiations because this behaviour is not defined by the standard for ineffable reasons.

Some obvious public (still unfixed) examples in ChromeOS:

https://source.chromium.org/chromiumos/chromiumos/codesearch/+/main:src/aosp/system/update_engine/payload_generator/ab_generator_unittest.cc;l=68
https://source.chromium.org/chromiumos/chromiumos/codesearch/+/main:src/aosp/system/update_engine/payload_generator/delta_diff_utils_unittest.cc;l=198
https://source.chromium.org/chromiumos/chromiumos/codesearch/+/main:src/platform2/vm_tools/pstore_dump/persistent_ram_buffer_test.cc;l=30
https://source.chromium.org/chromiumos/chromiumos/codesearch/+/main:src/aosp/frameworks/native/services/surfaceflinger/tests/SurfaceInterceptor_test.cpp;l=454

This doesn't just affect ChromeOS notably. Here are some examples from Android:

https://cs.android.com/android/platform/superproject/+/master:external/ComputeLibrary/tests/validation/fixtures/ReductionOperationFixture.h;l=81
https://cs.android.com/android/platform/superproject/+/master:external/ComputeLibrary/tests/validation/fixtures/ConvolutionFixture.h;l=52
https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/biometrics/face/1.0/vts/functional/VtsHalBiometricsFaceV1_0TargetTest.cpp;l=196
https://cs.android.com/android/platform/superproject/+/master:external/pigweed/pw_tokenizer/generate_decoding_test_data.cc;l=220

Mordante added a subscriber: Mordante.May 11 2022, 12:29 PM
Mordante added inline comments.
libcxx/include/__random/binomial_distribution.h
30

If we decide to reenable this can you add comments to the class what we accept bool and char as an extension. That would avoid future confusion.

Still we first need to decide whether or allow the extension.

ldionne added a comment.May 11 2022, 3:01 PM

@cjdb @CrystalSplitter I understand your frustration with something that "used to work" and doesn't anymore. My main concern is that there must be a reason why these types are disallowed in the first place -- did you try to investigate why there was such a restriction in the Standard in the first place? If you do, perhaps we can use the result of that investigation to better inform on whether we should support that extension (or just lift it and change the Standard).

cjdb added a comment.May 11 2022, 4:28 PM
In D125283#3507460, @ldionne wrote:

@cjdb @CrystalSplitter I understand your frustration with something that "used to work" and doesn't anymore. My main concern is that there must be a reason why these types are disallowed in the first place -- did you try to investigate why there was such a restriction in the Standard in the first place? If you do, perhaps we can use the result of that investigation to better inform on whether we should support that extension (or just lift it and change the Standard).

These types were never disallowed. If they were disallowed, then we would have either a _Mandates_ or _Constraints_ paragraph, or wording that uses the terms "ill-formed" or "ill-formed, no diagnostic required". We instead have "undefined", which translates to "behavior for which this document imposes no requirements [Note 1 ... Permissible undefined behavior ranges from ignoring the situation completely with unpredictable results, to behaving during translation or program execution in a documented manner characteristic of the environment (with or without the issuance of a diagnostic message)..." (emphasis mine). In other words, so long as we document the behaviour, we can define it as valid in some fashion. As it stands, the implementation of uniform_int_distribution is inconsistent with your concern: it is also undefined to support __int128, yet it's documented as being supported.

Prior to making this CL we looked at N1398, N1452, a few in the lineage of N2111, and LWG2326. None of this seems to explain why neither single-byte nor extended integral types are undefined.

EricWF added a comment.May 20 2022, 11:37 AM

GCC ships this as an extension. I can't find a reason why the extension would be non-conforming or dangerous, and it seems like a safer way for users to generate char values, rather than expecting the user to correctly pass the numerical_limits<char>::max() to the constructor.
I think we should reach out to someone at Microsoft (maybe STL), and see how open they are to shipping this as an extension. If they're willing then we avoid the portability trap that we're trying to protect users from.

ldionne added a subscriber: CaseyCarter.May 23 2022, 9:35 AM
In D125283#3528195, @EricWF wrote:

GCC ships this as an extension. I can't find a reason why the extension would be non-conforming or dangerous, and it seems like a safer way for users to generate char values, rather than expecting the user to correctly pass the numerical_limits<char>::max() to the constructor.
I think we should reach out to someone at Microsoft (maybe STL), and see how open they are to shipping this as an extension. If they're willing then we avoid the portability trap that we're trying to protect users from.

@CaseyCarter Would you be willing to, as an extension, support char in the random distributions? This is currently marked as being undefined by http://eel.is/c++draft/rand.req.genl#1. If you are willing, then I could also write a short paper to suggest adding it to the spec, since all three major implementations would support it.

cjdb added a comment.May 23 2022, 4:28 PM
In D125283#3531777, @ldionne wrote:
In D125283#3528195, @EricWF wrote:

GCC ships this as an extension. I can't find a reason why the extension would be non-conforming or dangerous, and it seems like a safer way for users to generate char values, rather than expecting the user to correctly pass the numerical_limits<char>::max() to the constructor.
I think we should reach out to someone at Microsoft (maybe STL), and see how open they are to shipping this as an extension. If they're willing then we avoid the portability trap that we're trying to protect users from.

@CaseyCarter Would you be willing to, as an extension, support char in the random distributions? This is currently marked as being undefined by http://eel.is/c++draft/rand.req.genl#1. If you are willing, then I could also write a short paper to suggest adding it to the spec, since all three major implementations would support it.

I'm not sure why there's so much resistance to reverting. libc++:

  1. has users with broken code right now;
  2. actively supports uniform_int_distribution<__int128_t>, which is also undefined (I don't get why you consider signed char, unsigned char, char, and bool to be problematic, but not __int128_t and unsigned __int128_t);
  3. has licence to make it an extension without Microsoft/STL's support;

You can also propose standardising this right now.

ldionne added a comment.May 24 2022, 12:18 PM
In D125283#3532818, @cjdb wrote:

I'm not sure why there's so much resistance to reverting. libc++:

  1. has users with broken code right now;
  2. actively supports uniform_int_distribution<__int128_t>, which is also undefined (I don't get why you consider signed char, unsigned char, char, and bool to be problematic, but not __int128_t and unsigned __int128_t);
  3. has licence to make it an extension without Microsoft/STL's support;

You can also propose standardising this right now.

I don't know whether our distributions actually work with these types. This explicit rejection was added in D114920, which was itself prompted by discussions on D114129, whose goal was to fix http://llvm.org/PR51520 (an overflow in uniform_int_distribution<__int128_t>). What tells us that we don't have similar problems with uniform_int_distribution<char> & friends. They are not tested, so anything is possible. Then, add the fact that the Standard made those undefined, which I consider a red flag; without diving into the implementation of those distributions, I'm thinking there might be a good reason why they didn't require implementations to support those types, e.g. maybe the usual algorithms don't work properly for types of that size.

So, given this uncertainty, I think it's better for everyone (our users especially) to get this compile-time error. However, if this patch showed that our implementation indeed supports these types properly, it would become a simple question of "do we want to support them as an extension, like we do for __int128_t", and that's easier to answer.

If you can add tests to show that distributions work with these types, I'd be OK with that. We still have until June 8th to cherry-pick to LLVM 14, so we could even backport to LLVM 14 and avoid breaking users for just one release (which would be very annoying indeed).

EricWF added a comment.May 24 2022, 12:42 PM
In D125283#3535047, @ldionne wrote:

If you can add tests to show that distributions work with these types, I'd be OK with that. We still have until June 8th to cherry-pick to LLVM 14, so we could even backport to LLVM 14 and avoid breaking users for just one release (which would be very annoying indeed).

Given the poor state of testing for the current random implementation, and given that writing really really high quality tests to prove the disctributions is hard, can you say what level of testing you would find sufficient?

Could we simply instantiate the type, get some results, maybe validate them *maybe*, with the intention of letting sanitizers find any overflows or UB?

cjdb added a comment.May 24 2022, 12:42 PM
In D125283#3535047, @ldionne wrote:
In D125283#3532818, @cjdb wrote:

I'm not sure why there's so much resistance to reverting. libc++:

  1. has users with broken code right now;
  2. actively supports uniform_int_distribution<__int128_t>, which is also undefined (I don't get why you consider signed char, unsigned char, char, and bool to be problematic, but not __int128_t and unsigned __int128_t);
  3. has licence to make it an extension without Microsoft/STL's support;

You can also propose standardising this right now.

I don't know whether our distributions actually work with these types. This explicit rejection was added in D114920, which was itself prompted by discussions on D114129, whose goal was to fix http://llvm.org/PR51520 (an overflow in uniform_int_distribution<__int128_t>). What tells us that we don't have similar problems with uniform_int_distribution<char> & friends. They are not tested, so anything is possible. Then, add the fact that the Standard made those undefined, which I consider a red flag; without diving into the implementation of those distributions, I'm thinking there might be a good reason why they didn't require implementations to support those types, e.g. maybe the usual algorithms don't work properly for types of that size.

So, given this uncertainty, I think it's better for everyone (our users especially) to get this compile-time error. However, if this patch showed that our implementation indeed supports these types properly, it would become a simple question of "do we want to support them as an extension, like we do for __int128_t", and that's easier to answer.

If you can add tests to show that distributions work with these types, I'd be OK with that. We still have until June 8th to cherry-pick to LLVM 14, so we could even backport to LLVM 14 and avoid breaking users for just one release (which would be very annoying indeed).

If there's a technical reason why single byte integers can't be used in the algorithms, then it's definitely possible to make specialisations that do two-byte distributions and then contract to a single-byte type.

cjdb updated this revision to Diff 431838.May 24 2022, 4:42 PM
cjdb edited the summary of this revision. (Show Details)

adds test to improve confidence

Harbormaster completed remote builds in B166168: Diff 431838.May 24 2022, 5:05 PM
cjdb updated this revision to Diff 431844.May 24 2022, 5:08 PM

re-adds header to modulemap, fixes test to work in C++03 mode (apparently lambdas aren't backported)

Harbormaster completed remote builds in B166172: Diff 431844.May 24 2022, 8:18 PM
ldionne added a comment.May 25 2022, 6:44 AM
In D125283#3535124, @EricWF wrote:
In D125283#3535047, @ldionne wrote:

If you can add tests to show that distributions work with these types, I'd be OK with that. We still have until June 8th to cherry-pick to LLVM 14, so we could even backport to LLVM 14 and avoid breaking users for just one release (which would be very annoying indeed).

Given the poor state of testing for the current random implementation, and given that writing really really high quality tests to prove the disctributions is hard, can you say what level of testing you would find sufficient?

Whatever level of testing we have right now for other non-char non-bool types. It seems that this is what @cjdb is doing here, so that sounds reasonable to me (except we are missing tests for a couple distributions in this patch as commented).

libcxx/include/__random/binomial_distribution.h
28

Since we are removing the restriction for these distributions too, we should also be adding tests for their behavior.

libcxx/include/__random/uniform_int_distribution.h
242–244

I don't think I understand how this works for bool. Since anything non-0 will end up being considered true and only 0 is false, how do we achieve a uniform distribution by casting a uniformly-distributed unsigned char back to bool? Am I misunderstanding something?

libcxx/test/std/numerics/rand/rand.dis/rand.dist.uni/rand.dist.uni.int/eval.pass.cpp
114–115

Should that type be bool? You're getting bool out of dist(gen), aren't you?

cjdb added inline comments.May 25 2022, 8:41 AM
libcxx/include/__random/binomial_distribution.h
28

I'd do so if the tests checked short, etc. were valid, but I don't think it's my responsibility to fill out the tests when they don't check all standard-required patterns. Each of the things I haven't touched only test int and one of long or long long.

libcxx/include/__random/uniform_int_distribution.h
242–244

Good question, I don't have an answer. I can increase my sample size to boost confidence that the distribution is roughly uniform, if you'd like.

libcxx/test/std/numerics/rand/rand.dis/rand.dist.uni/rand.dist.uni.int/eval.pass.cpp
114–115

It can be bool, but it doesn't need to be. I didn't want to get yelled at for using the almost universally-hated vector<bool>.

manojgupta added inline comments.May 25 2022, 8:54 AM
libcxx/include/__random/uniform_int_distribution.h
242–244

Shouldn't just checking for lowest bit ( val & 0x1) work for bool uniform distribution?

ldionne added inline comments.May 27 2022, 12:14 PM
libcxx/include/__random/binomial_distribution.h
28

I think it's easier to forget about the fact that this code used to work by accident. With that in mind, what this patch effectively does is *add* a brand new extension (that we will document and support officially) for additional types in binomial_distribution & friends. What I'm saying is that this new extension needs to be tested, just like we test everything else in the library. Otherwise, we don't have a way to make sure that we support it properly, and that's one of the reason why we made sure that people would not use it by accident (by adding static_asserts).

I'm not asking that you improve the overall test coverage for the distributions on other standard-mandated types (although that would certainly be nice). Our testing of distributions is very light, and that's a shame. What I'm asking is to meet the bar that we have for all patches: that you test the new patterns that we did not officially support previously and that we will support going forward.

libcxx/include/__random/uniform_int_distribution.h
242–244

I just re-read the implementation and I think I get it, and I think it works. It's actually pretty simple -- we'll end up generating a discrete uniform distribution on unsigned char between 0 and 1, so that maps directly to false and true. Somehow I had in mind that we were generating a distribution from 0 to numeric_limits<unsigned char>::max(), which would not have worked.

libcxx/test/std/numerics/rand/rand.dis/rand.dist.uni/rand.dist.uni.int/eval.pass.cpp
114–115

This comment tied into my comment above about how the distribution is generated. If a distribution on 0, numeric_limits<unsigned char>::max() was generated instead and the result type was char instead of bool, this test would pass even though it should not. So I think it'd be better to use bool here, if only to show that we're really getting a bool out of the distribution.

cjdb updated this revision to Diff 432642.May 27 2022, 2:59 PM

replaces vector<signed char> with vector<bool>

cjdb marked 4 inline comments as done.May 27 2022, 3:04 PM
cjdb added inline comments.
libcxx/include/__random/binomial_distribution.h
28

I think it's easier to forget about the fact that this code used to work by accident. With that in mind, what this patch effectively does is *add* a brand new extension

No, it's not adding a brand new extension. libc++ has always supported this, regardless of the library's intention. That's how Hyrum's Law works.

Both Chrome OS and Android have been severely and adversely impacted by the changes made by D114920, which is why I'm trying to revert it. We were given no warning and no window of opportunity to change anything and have had the rug pulled out from under us. I am simply trying to unbreak the scores of packages that are using this as a result of this "accident", and would appreciate libc++ taking responsibility for the problems that D114920 has caused our teams.

I'm not asking that you improve the overall test coverage for the distributions on other standard-mandated types

That's exactly what's being asked here. You don't have the tests for short, unsigned int, etc., and in order for me to add tests for unsigned char and friends, I will need to do this very thing.

The lack of tests for supported code is indeed a shame, and it's the responsibility of libc++ developers to ensure that libc++ code is tested. I encourage libc++ contributors to take some time out to improve the tests for binomial_int_distribution and friends, but again, D125283 is a rollback of a patch that breaks downstream users who were not broken prior to this patch.

libcxx/include/__random/uniform_int_distribution.h
242–244

Sounds like I can close this thread out.

Harbormaster completed remote builds in B166709: Diff 432642.May 27 2022, 4:00 PM
ldionne mentioned this in D126823: [libc++] Support int8_t and uint8_t in integer distributions as an extension.Jun 1 2022, 1:28 PM
ldionne added inline comments.Jun 1 2022, 1:47 PM
libcxx/include/__random/binomial_distribution.h
28

libc++ has always supported this, regardless of the library's intention. That's how Hyrum's Law works.

It's not because something compiles that it's supported or fine to use, and I don't think it's fair to invoke Hyrum's Law to pretend the contrary here. For instance, you can do all kinds of things like use std::sort with a non-strict-weak-ordering and it will compile, yet it's UB and it's clearly not something support. Have people been doing it and getting away with results that work for them? Definitely, in some cases. That's exactly what I'm worried about here, and that's why I want this to be tested. I don't want to allow something to compile if we don't know that it works properly -- that wouldn't be responsible for our users. In other words, I'd rather break some code than silently let code compile yet maybe be wrong, especially since we know this has happened in the past in this very area of the code.

it's the responsibility of libc++ developers to ensure that libc++ code is tested

With respect, this isn't a great way to engage with the project. This is an open source project, and we accept contributions based on their technical merit and their correctness. We do our very best to cater to our users needs, because that makes the project relevant. However, you seem to imply that libc++ (or its contributors) have a responsibility to answer to the needs of specific users, and I don't think that's right. ChromeOS is using something that is officially undefined in the Standard -- it's not libc++'s problem, really, and the adversarial mentality taken by this patch isn't the best way to fix things. If you didn't want to do the work, even just a comment on D114920 explaining the situation faced by ChromeOS would have been better, because we would have been in a situation to collaboratively find a solution instead of starting with the assertion that libc++ did something wrong.

I don't think it's useful to continue this thread. I went ahead and created a patch that should address the issues encountered by ChromeOS while increasing the consistency and test coverage of libc++: https://reviews.llvm.org/D126823. If you are OK with the direction taken in D126823, I think this patch can be abandoned.

Also, I was mistaken when I said this had shipped in LLVM 14 -- it has not, so we don't need to cherry-pick anything once this is fixed.

cjdb abandoned this revision.Jun 1 2022, 10:30 PM
cjdb added inline comments.
libcxx/include/__random/binomial_distribution.h
28

it's the responsibility of libc++ developers to ensure that libc++ code is tested

With respect, this isn't a great way to engage with the project. This is an open source project, and we accept contributions based on their technical merit and their correctness. We do our very best to cater to our users needs, because that makes the project relevant. However, you seem to imply that libc++ (or its contributors) have a responsibility to answer to the needs of specific users, and I don't think that's right. ChromeOS is using something that is officially undefined in the Standard -- it's not libc++'s problem, really, and the adversarial mentality taken by this patch isn't the best way to fix things. If you didn't want to do the work, even just a comment on D114920 explaining the situation faced by ChromeOS would have been better, because we would have been in a situation to collaboratively find a solution instead of starting with the assertion that libc++ did something wrong.

I understand that you're not interested in continuing the discussion, and I largely agree, but I do need to set the record straight on one thing. In its full context, the nested quote is not saying "take this patch and add the tests yourselves", which is how it is being framed here. I doubt you intentionally framed it this way, but the snippet comes across as hostile in isolation nonetheless. It's also not saying that libc++ is beholden to specific users. More explicitly, there are four key points that I was trying to communicate:

  1. the tests for binomial_int_distribution are lacking (which sucks),
  2. that adding comprehensive tests for binomial_int_distribution<bool>, etc., would be the same as adding comprehensive tests for binomial_int_distribution<short>, etc.,
  3. that I believe adding comprehensive tests for binomial_int_distribution<short>, etc., is a responsibility for libc++ regulars, and
  4. that adding such tests are beyond the scope of a revert.

In future, as requested, I'll comment on merged patches rather than proposing reverts.

If you are OK with the direction taken in D126823, I think this patch can be abandoned.

A forward-fix is also fine. @CrystalSplitter has provided commentary on D126823, since they're directly familiar with the pain points.

ldionne mentioned this in rG07e984bc5201: [libc++] Support int8_t and uint8_t in integer distributions as an extension.Jul 22 2022, 5:33 AM

Revision Contents

PathSize
libcxx/
docs/
7 lines
include/
__random/
6 lines
6 lines
7 lines
21 lines
6 lines
7 lines
18 lines
test/
libcxx/
numerics/
rand/
rand.req.urng/
std/
numerics/
rand/
rand.dis/
rand.dist.uni/
rand.dist.uni.int/
37 lines

Diff 432642

libcxx/docs/ReleaseNotes.rst

Show First 20 LinesShow All 73 Lines▼ Show 20 Lines- Some libc++ headers no longer transitively include all of:
- ``<chrono>`` - ``<chrono>``
- ``<functional>`` - ``<functional>``
- ``<utility>`` - ``<utility>``
If, after updating libc++, you see compiler errors related to missing declarations If, after updating libc++, you see compiler errors related to missing declarations
in namespace ``std``, it might be because one of your source files now needs to in namespace ``std``, it might be because one of your source files now needs to
include one or more of the headers listed above. include one or more of the headers listed above.
- The integer distributions ``binomial_distribution``, ``discrete_distribution``,
``geometric_distribution``, ``negative_binomial_distribution``, ``poisson_distribution``,
and ``uniform_int_distribution`` now conform to the Standard by rejecting
template parameter types other than ``short``, ``int``, ``long``, ``long long``,
(as an extension) ``__int128_t``, and the unsigned versions thereof.
In particular, ``uniform_int_distribution<int8_t>`` is no longer supported.
- The C++14 function ``std::quoted(const char*)`` is no longer supported in - The C++14 function ``std::quoted(const char*)`` is no longer supported in
C++03 or C++11 modes. C++03 or C++11 modes.
- Setting a custom debug handler with ``std::__libcpp_debug_function`` is not - Setting a custom debug handler with ``std::__libcpp_debug_function`` is not
supported anymore. Please migrate to using the new support for supported anymore. Please migrate to using the new support for
:ref:`assertions <assertions-mode>` instead. :ref:`assertions <assertions-mode>` instead.
- ``vector<bool>::const_reference``, ``vector<bool>::const_iterator::reference`` - ``vector<bool>::const_reference``, ``vector<bool>::const_iterator::reference``
▲ Show 20 LinesShow All 45 LinesShow Last 20 Lines

libcxx/include/__random/binomial_distribution.h

Show All 18 Lines
# pragma GCC system_header # pragma GCC system_header
#endif #endif
_LIBCPP_PUSH_MACROS _LIBCPP_PUSH_MACROS
#include <__undef_macros> #include <__undef_macros>
_LIBCPP_BEGIN_NAMESPACE_STD _LIBCPP_BEGIN_NAMESPACE_STD
template<class _IntType = int> template <class _IntType = int>
class _LIBCPP_TEMPLATE_VIS binomial_distribution class _LIBCPP_TEMPLATE_VIS binomial_distribution {
ldionneUnsubmitted
Not Done
ReplyInline Actions

Since we are removing the restriction for these distributions too, we should also be adding tests for their behavior.

ldionne: Since we are removing the restriction for these distributions too, we should also be adding…
cjdbAuthorUnsubmitted
Done
ReplyInline Actions

I'd do so if the tests checked short, etc. were valid, but I don't think it's my responsibility to fill out the tests when they don't check all standard-required patterns. Each of the things I haven't touched only test int and one of long or long long.

cjdb: I'd do so if the tests checked `short`, etc. were valid, but I don't think it's my…
ldionneUnsubmitted
Not Done
ReplyInline Actions

I think it's easier to forget about the fact that this code used to work by accident. With that in mind, what this patch effectively does is *add* a brand new extension (that we will document and support officially) for additional types in binomial_distribution & friends. What I'm saying is that this new extension needs to be tested, just like we test everything else in the library. Otherwise, we don't have a way to make sure that we support it properly, and that's one of the reason why we made sure that people would not use it by accident (by adding static_asserts).

I'm not asking that you improve the overall test coverage for the distributions on other standard-mandated types (although that would certainly be nice). Our testing of distributions is very light, and that's a shame. What I'm asking is to meet the bar that we have for all patches: that you test the new patterns that we did not officially support previously and that we will support going forward.

ldionne: I think it's easier to forget about the fact that this code used to work by accident. With that…
cjdbAuthorUnsubmitted
Done
ReplyInline Actions

I think it's easier to forget about the fact that this code used to work by accident. With that in mind, what this patch effectively does is *add* a brand new extension

No, it's not adding a brand new extension. libc++ has always supported this, regardless of the library's intention. That's how Hyrum's Law works.

Both Chrome OS and Android have been severely and adversely impacted by the changes made by D114920, which is why I'm trying to revert it. We were given no warning and no window of opportunity to change anything and have had the rug pulled out from under us. I am simply trying to unbreak the scores of packages that are using this as a result of this "accident", and would appreciate libc++ taking responsibility for the problems that D114920 has caused our teams.

I'm not asking that you improve the overall test coverage for the distributions on other standard-mandated types

That's exactly what's being asked here. You don't have the tests for short, unsigned int, etc., and in order for me to add tests for unsigned char and friends, I will need to do this very thing.

The lack of tests for supported code is indeed a shame, and it's the responsibility of libc++ developers to ensure that libc++ code is tested. I encourage libc++ contributors to take some time out to improve the tests for binomial_int_distribution and friends, but again, D125283 is a rollback of a patch that breaks downstream users who were not broken prior to this patch.

cjdb: > I think it's easier to forget about the fact that this code used to work by accident. With…
ldionneUnsubmitted
Not Done
ReplyInline Actions

libc++ has always supported this, regardless of the library's intention. That's how Hyrum's Law works.

It's not because something compiles that it's supported or fine to use, and I don't think it's fair to invoke Hyrum's Law to pretend the contrary here. For instance, you can do all kinds of things like use std::sort with a non-strict-weak-ordering and it will compile, yet it's UB and it's clearly not something support. Have people been doing it and getting away with results that work for them? Definitely, in some cases. That's exactly what I'm worried about here, and that's why I want this to be tested. I don't want to allow something to compile if we don't know that it works properly -- that wouldn't be responsible for our users. In other words, I'd rather break some code than silently let code compile yet maybe be wrong, especially since we know this has happened in the past in this very area of the code.

it's the responsibility of libc++ developers to ensure that libc++ code is tested

With respect, this isn't a great way to engage with the project. This is an open source project, and we accept contributions based on their technical merit and their correctness. We do our very best to cater to our users needs, because that makes the project relevant. However, you seem to imply that libc++ (or its contributors) have a responsibility to answer to the needs of specific users, and I don't think that's right. ChromeOS is using something that is officially undefined in the Standard -- it's not libc++'s problem, really, and the adversarial mentality taken by this patch isn't the best way to fix things. If you didn't want to do the work, even just a comment on D114920 explaining the situation faced by ChromeOS would have been better, because we would have been in a situation to collaboratively find a solution instead of starting with the assertion that libc++ did something wrong.

I don't think it's useful to continue this thread. I went ahead and created a patch that should address the issues encountered by ChromeOS while increasing the consistency and test coverage of libc++: https://reviews.llvm.org/D126823. If you are OK with the direction taken in D126823, I think this patch can be abandoned.

Also, I was mistaken when I said this had shipped in LLVM 14 -- it has not, so we don't need to cherry-pick anything once this is fixed.

ldionne: > libc++ has always supported this, regardless of the library's intention. That's how Hyrum's…
cjdbAuthorUnsubmitted
Done
ReplyInline Actions

it's the responsibility of libc++ developers to ensure that libc++ code is tested

With respect, this isn't a great way to engage with the project. This is an open source project, and we accept contributions based on their technical merit and their correctness. We do our very best to cater to our users needs, because that makes the project relevant. However, you seem to imply that libc++ (or its contributors) have a responsibility to answer to the needs of specific users, and I don't think that's right. ChromeOS is using something that is officially undefined in the Standard -- it's not libc++'s problem, really, and the adversarial mentality taken by this patch isn't the best way to fix things. If you didn't want to do the work, even just a comment on D114920 explaining the situation faced by ChromeOS would have been better, because we would have been in a situation to collaboratively find a solution instead of starting with the assertion that libc++ did something wrong.

I understand that you're not interested in continuing the discussion, and I largely agree, but I do need to set the record straight on one thing. In its full context, the nested quote is not saying "take this patch and add the tests yourselves", which is how it is being framed here. I doubt you intentionally framed it this way, but the snippet comes across as hostile in isolation nonetheless. It's also not saying that libc++ is beholden to specific users. More explicitly, there are four key points that I was trying to communicate:

  1. the tests for binomial_int_distribution are lacking (which sucks),
  2. that adding comprehensive tests for binomial_int_distribution<bool>, etc., would be the same as adding comprehensive tests for binomial_int_distribution<short>, etc.,
  3. that I believe adding comprehensive tests for binomial_int_distribution<short>, etc., is a responsibility for libc++ regulars, and
  4. that adding such tests are beyond the scope of a revert.

In future, as requested, I'll comment on merged patches rather than proposing reverts.

If you are OK with the direction taken in D126823, I think this patch can be abandoned.

A forward-fix is also fine. @CrystalSplitter has provided commentary on D126823, since they're directly familiar with the pain points.

cjdb: > > it's the responsibility of libc++ developers to ensure that libc++ code is tested > > With…
{
static_assert(__libcpp_random_is_valid_inttype<_IntType>::value, "IntType must be an integer type larger than char");
MordanteUnsubmitted
Not Done
ReplyInline Actions

If we decide to reenable this can you add comments to the class what we accept bool and char as an extension. That would avoid future confusion.

Still we first need to decide whether or allow the extension.

Mordante: If we decide to reenable this can you add comments to the class what we accept `bool` and…
public: public:
// types // types
typedef _IntType result_type; typedef _IntType result_type;
class _LIBCPP_TEMPLATE_VIS param_type class _LIBCPP_TEMPLATE_VIS param_type
{ {
result_type __t_; result_type __t_;
double __p_; double __p_;
▲ Show 20 LinesShow All 190 LinesShow Last 20 Lines

libcxx/include/__random/discrete_distribution.h

Show All 21 Lines
# pragma GCC system_header # pragma GCC system_header
#endif #endif
_LIBCPP_PUSH_MACROS _LIBCPP_PUSH_MACROS
#include <__undef_macros> #include <__undef_macros>
_LIBCPP_BEGIN_NAMESPACE_STD _LIBCPP_BEGIN_NAMESPACE_STD
template<class _IntType = int> template <class _IntType = int>
class _LIBCPP_TEMPLATE_VIS discrete_distribution class _LIBCPP_TEMPLATE_VIS discrete_distribution {
{
static_assert(__libcpp_random_is_valid_inttype<_IntType>::value, "IntType must be an integer type larger than char");
public: public:
// types // types
typedef _IntType result_type; typedef _IntType result_type;
class _LIBCPP_TEMPLATE_VIS param_type class _LIBCPP_TEMPLATE_VIS param_type
{ {
vector<double> __p_; vector<double> __p_;
public: public:
▲ Show 20 LinesShow All 222 LinesShow Last 20 Lines

libcxx/include/__random/geometric_distribution.h

//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef _LIBCPP___RANDOM_GEOMETRIC_DISTRIBUTION_H #ifndef _LIBCPP___RANDOM_GEOMETRIC_DISTRIBUTION_H
#define _LIBCPP___RANDOM_GEOMETRIC_DISTRIBUTION_H #define _LIBCPP___RANDOM_GEOMETRIC_DISTRIBUTION_H
#include <__config> #include <__config>
#include <__random/is_valid.h>
#include <__random/negative_binomial_distribution.h> #include <__random/negative_binomial_distribution.h>
#include <iosfwd> #include <iosfwd>
#include <limits> #include <limits>
#if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER) #if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER)
# pragma GCC system_header # pragma GCC system_header
#endif #endif
_LIBCPP_PUSH_MACROS _LIBCPP_PUSH_MACROS
#include <__undef_macros> #include <__undef_macros>
_LIBCPP_BEGIN_NAMESPACE_STD _LIBCPP_BEGIN_NAMESPACE_STD
template<class _IntType = int> template <class _IntType = int>
class _LIBCPP_TEMPLATE_VIS geometric_distribution class _LIBCPP_TEMPLATE_VIS geometric_distribution {
{
static_assert(__libcpp_random_is_valid_inttype<_IntType>::value, "IntType must be an integer type larger than char");
public: public:
// types // types
typedef _IntType result_type; typedef _IntType result_type;
class _LIBCPP_TEMPLATE_VIS param_type class _LIBCPP_TEMPLATE_VIS param_type
{ {
double __p_; double __p_;
public: public:
▲ Show 20 LinesShow All 105 LinesShow Last 20 Lines

libcxx/include/__random/is_valid.h

Show All 12 Lines
#include <type_traits> #include <type_traits>
#if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER) #if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER)
# pragma GCC system_header # pragma GCC system_header
#endif #endif
_LIBCPP_BEGIN_NAMESPACE_STD _LIBCPP_BEGIN_NAMESPACE_STD
// [rand.req.genl]/1.5:
// The effect of instantiating a template that has a template type parameter
// named IntType is undefined unless the corresponding template argument is
// cv-unqualified and is one of short, int, long, long long, unsigned short,
// unsigned int, unsigned long, or unsigned long long.
template<class> struct __libcpp_random_is_valid_inttype : false_type {};
template<> struct __libcpp_random_is_valid_inttype<short> : true_type {};
template<> struct __libcpp_random_is_valid_inttype<int> : true_type {};
template<> struct __libcpp_random_is_valid_inttype<long> : true_type {};
template<> struct __libcpp_random_is_valid_inttype<long long> : true_type {};
template<> struct __libcpp_random_is_valid_inttype<unsigned short> : true_type {};
template<> struct __libcpp_random_is_valid_inttype<unsigned int> : true_type {};
template<> struct __libcpp_random_is_valid_inttype<unsigned long> : true_type {};
template<> struct __libcpp_random_is_valid_inttype<unsigned long long> : true_type {};
#ifndef _LIBCPP_HAS_NO_INT128
template<> struct __libcpp_random_is_valid_inttype<__int128_t> : true_type {};
template<> struct __libcpp_random_is_valid_inttype<__uint128_t> : true_type {};
#endif // _LIBCPP_HAS_NO_INT128
// [rand.req.urng]/3: // [rand.req.urng]/3:
// A class G meets the uniform random bit generator requirements if G models // A class G meets the uniform random bit generator requirements if G models
// uniform_random_bit_generator, invoke_result_t<G&> is an unsigned integer type, // uniform_random_bit_generator, invoke_result_t<G&> is an unsigned integer type,
// and G provides a nested typedef-name result_type that denotes the same type // and G provides a nested typedef-name result_type that denotes the same type
// as invoke_result_t<G&>. // as invoke_result_t<G&>.
// (In particular, reject URNGs with signed result_types; our distributions cannot // (In particular, reject URNGs with signed result_types; our distributions cannot
// handle such generator types.) // handle such generator types.)
Show All 9 Lines

libcxx/include/__random/negative_binomial_distribution.h

Show All 20 Lines
# pragma GCC system_header # pragma GCC system_header
#endif #endif
_LIBCPP_PUSH_MACROS _LIBCPP_PUSH_MACROS
#include <__undef_macros> #include <__undef_macros>
_LIBCPP_BEGIN_NAMESPACE_STD _LIBCPP_BEGIN_NAMESPACE_STD
template<class _IntType = int> template <class _IntType = int>
class _LIBCPP_TEMPLATE_VIS negative_binomial_distribution class _LIBCPP_TEMPLATE_VIS negative_binomial_distribution {
{
static_assert(__libcpp_random_is_valid_inttype<_IntType>::value, "IntType must be an integer type larger than char");
public: public:
// types // types
typedef _IntType result_type; typedef _IntType result_type;
class _LIBCPP_TEMPLATE_VIS param_type class _LIBCPP_TEMPLATE_VIS param_type
{ {
result_type __k_; result_type __k_;
double __p_; double __p_;
▲ Show 20 LinesShow All 139 LinesShow Last 20 Lines

libcxx/include/__random/poisson_distribution.h

//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef _LIBCPP___RANDOM_POISSON_DISTRIBUTION_H #ifndef _LIBCPP___RANDOM_POISSON_DISTRIBUTION_H
#define _LIBCPP___RANDOM_POISSON_DISTRIBUTION_H #define _LIBCPP___RANDOM_POISSON_DISTRIBUTION_H
#include <__config> #include <__config>
#include <__random/clamp_to_integral.h> #include <__random/clamp_to_integral.h>
#include <__random/exponential_distribution.h> #include <__random/exponential_distribution.h>
#include <__random/is_valid.h>
#include <__random/normal_distribution.h> #include <__random/normal_distribution.h>
#include <__random/uniform_real_distribution.h> #include <__random/uniform_real_distribution.h>
#include <cmath> #include <cmath>
#include <iosfwd> #include <iosfwd>
#include <limits> #include <limits>
#if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER) #if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER)
# pragma GCC system_header # pragma GCC system_header
#endif #endif
_LIBCPP_PUSH_MACROS _LIBCPP_PUSH_MACROS
#include <__undef_macros> #include <__undef_macros>
_LIBCPP_BEGIN_NAMESPACE_STD _LIBCPP_BEGIN_NAMESPACE_STD
template<class _IntType = int> template <class _IntType = int>
class _LIBCPP_TEMPLATE_VIS poisson_distribution class _LIBCPP_TEMPLATE_VIS poisson_distribution {
{
static_assert(__libcpp_random_is_valid_inttype<_IntType>::value, "IntType must be an integer type larger than char");
public: public:
// types // types
typedef _IntType result_type; typedef _IntType result_type;
class _LIBCPP_TEMPLATE_VIS param_type class _LIBCPP_TEMPLATE_VIS param_type
{ {
double __mean_; double __mean_;
double __s_; double __s_;
▲ Show 20 LinesShow All 238 LinesShow Last 20 Lines

libcxx/include/__random/uniform_int_distribution.h

Show First 20 LinesShow All 150 Lines▼ Show 20 Lines for (size_t __k = __n0_; __k < __n_; ++__k)
_Sp <<= __w0_ + 1; _Sp <<= __w0_ + 1;
else else
_Sp = 0; _Sp = 0;
_Sp += __u & __mask1_; _Sp += __u & __mask1_;
} }
return _Sp; return _Sp;
} }
template<class _IntType = int> template <class _IntType = int> // __int128_t is also supported as an extension here
class uniform_int_distribution class uniform_int_distribution {
{
static_assert(__libcpp_random_is_valid_inttype<_IntType>::value, "IntType must be an integer type larger than char");
public: public:
// types // types
typedef _IntType result_type; typedef _IntType result_type;
class param_type class param_type
{ {
result_type __a_; result_type __a_;
result_type __b_; result_type __b_;
▲ Show 20 LinesShow All 50 Lines▼ Show 20 Lines#endif
friend bool operator==(const uniform_int_distribution& __x, friend bool operator==(const uniform_int_distribution& __x,
const uniform_int_distribution& __y) const uniform_int_distribution& __y)
{return __x.__p_ == __y.__p_;} {return __x.__p_ == __y.__p_;}
friend bool operator!=(const uniform_int_distribution& __x, friend bool operator!=(const uniform_int_distribution& __x,
const uniform_int_distribution& __y) const uniform_int_distribution& __y)
{return !(__x == __y);} {return !(__x == __y);}
}; };
template <class _Tp>
struct __unsigned_equivalent : make_unsigned<_Tp> {};
template <>
struct __unsigned_equivalent<bool> {
using type = unsigned char;
};
template<class _IntType> template<class _IntType>
template<class _URNG> template<class _URNG>
typename uniform_int_distribution<_IntType>::result_type typename uniform_int_distribution<_IntType>::result_type
uniform_int_distribution<_IntType>::operator()(_URNG& __g, const param_type& __p) uniform_int_distribution<_IntType>::operator()(_URNG& __g, const param_type& __p)
_LIBCPP_DISABLE_UBSAN_UNSIGNED_INTEGER_CHECK _LIBCPP_DISABLE_UBSAN_UNSIGNED_INTEGER_CHECK
{ {
static_assert(__libcpp_random_is_valid_urng<_URNG>::value, ""); static_assert(__libcpp_random_is_valid_urng<_URNG>::value, "");
typedef typename conditional<sizeof(result_type) <= sizeof(uint32_t), uint32_t, using _UIntType =
typename make_unsigned<result_type>::type>::type _UIntType; _If<sizeof(result_type) <= sizeof(uint32_t), uint32_t, typename __unsigned_equivalent<result_type>::type>;
const _UIntType _Rp = _UIntType(__p.b()) - _UIntType(__p.a()) + _UIntType(1); const _UIntType _Rp = _UIntType(__p.b()) - _UIntType(__p.a()) + _UIntType(1);
ldionneUnsubmitted
Done
ReplyInline Actions

I don't think I understand how this works for bool. Since anything non-0 will end up being considered true and only 0 is false, how do we achieve a uniform distribution by casting a uniformly-distributed unsigned char back to bool? Am I misunderstanding something?

ldionne: I don't think I understand how this works for `bool`. Since anything non-`0` will end up being…
cjdbAuthorUnsubmitted
Done
ReplyInline Actions

Good question, I don't have an answer. I can increase my sample size to boost confidence that the distribution is roughly uniform, if you'd like.

cjdb: Good question, I don't have an answer. I can increase my sample size to boost confidence that…
manojguptaUnsubmitted
Done
ReplyInline Actions

Shouldn't just checking for lowest bit ( val & 0x1) work for bool uniform distribution?

manojgupta: Shouldn't just checking for lowest bit ( val & 0x1) work for bool uniform distribution?
ldionneUnsubmitted
Done
ReplyInline Actions

I just re-read the implementation and I think I get it, and I think it works. It's actually pretty simple -- we'll end up generating a discrete uniform distribution on unsigned char between 0 and 1, so that maps directly to false and true. Somehow I had in mind that we were generating a distribution from 0 to numeric_limits<unsigned char>::max(), which would not have worked.

ldionne: I just re-read the implementation and I think I get it, and I think it works. It's actually…
cjdbAuthorUnsubmitted
Done
ReplyInline Actions

Sounds like I can close this thread out.

cjdb: Sounds like I can close this thread out.
if (_Rp == 1) if (_Rp == 1)
return __p.a(); return __p.a();
const size_t _Dt = numeric_limits<_UIntType>::digits; const size_t _Dt = numeric_limits<_UIntType>::digits;
typedef __independent_bits_engine<_URNG, _UIntType> _Eng; typedef __independent_bits_engine<_URNG, _UIntType> _Eng;
if (_Rp == 0) if (_Rp == 0)
return static_cast<result_type>(_Eng(__g, _Dt)()); return static_cast<result_type>(_Eng(__g, _Dt)());
size_t __w = _Dt - __countl_zero(_Rp) - 1; size_t __w = _Dt - __countl_zero(_Rp) - 1;
if ((_Rp & (numeric_limits<_UIntType>::max() >> (_Dt - __w))) != 0) if ((_Rp & (numeric_limits<_UIntType>::max() >> (_Dt - __w))) != 0)
▲ Show 20 LinesShow All 47 LinesShow Last 20 Lines

libcxx/test/libcxx/numerics/rand/rand.req.urng/valid_int_type.verify.cpp

  • This file was deleted.
//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// <random>
#include <random>
void test()
{
{
std::binomial_distribution<bool> baddist; //expected-error@*:* {{IntType must be an integer type larger than char}}
std::binomial_distribution<int> okdist;
(void)baddist;
(void)okdist;
}
{
std::discrete_distribution<bool> baddist; //expected-error@*:* {{IntType must be an integer type larger than char}}
std::discrete_distribution<int> okdist;
(void)baddist;
(void)okdist;
}
{
std::geometric_distribution<bool> baddist; //expected-error@*:* {{IntType must be an integer type larger than char}}
std::geometric_distribution<int> okdist;
(void)baddist;
(void)okdist;
}
{
std::negative_binomial_distribution<bool> baddist; //expected-error@*:* {{IntType must be an integer type larger than char}}
std::negative_binomial_distribution<int> okdist;
(void)baddist;
(void)okdist;
}
{
std::poisson_distribution<bool> baddist; //expected-error@*:* {{IntType must be an integer type larger than char}}
std::poisson_distribution<int> okdist;
(void)baddist;
(void)okdist;
}
{
std::uniform_int_distribution<bool> baddist; //expected-error@*:* {{IntType must be an integer type larger than char}}
std::uniform_int_distribution<int> okdist;
(void)baddist;
(void)okdist;
}
}

libcxx/test/std/numerics/rand/rand.dis/rand.dist.uni/rand.dist.uni.int/eval.pass.cpp

Show All 10 Lines
// <random> // <random>
// template<class _IntType = int> // template<class _IntType = int>
// class uniform_int_distribution // class uniform_int_distribution
// template<class _URNG> result_type operator()(_URNG& g); // template<class _URNG> result_type operator()(_URNG& g);
#include <random> #include <random>
#include <algorithm>
#include <cassert> #include <cassert>
#include <climits> #include <climits>
#include <cstddef> #include <cstddef>
#include <iterator>
#include <limits> #include <limits>
#include <numeric> #include <numeric>
#include <vector> #include <vector>
#include "test_macros.h" #include "test_macros.h"
// The __int128 conversions to/from floating point crash on MinGW on x86_64. // The __int128 conversions to/from floating point crash on MinGW on x86_64.
// This is fixed in Clang 14 by https://reviews.llvm.org/D110413. // This is fixed in Clang 14 by https://reviews.llvm.org/D110413.
▲ Show 20 LinesShow All 64 Lines▼ Show 20 Lines
} }
template <class ResultType, class EngineType> template <class ResultType, class EngineType>
void test_statistics() void test_statistics()
{ {
test_statistics<ResultType, EngineType>(0, std::numeric_limits<ResultType>::max()); test_statistics<ResultType, EngineType>(0, std::numeric_limits<ResultType>::max());
} }
// Since the values should be uniformly distributed, and there's only two
// values, we should have roughly half `false` and half `true`. That means we
// can have a simple test for `bool`.
template <class EngineType>
void test_bool_statistics() {
EngineType gen;
std::uniform_int_distribution<bool> dist(false, true);
assert(dist.a() == false);
assert(dist.b() == true);
// We use 100x more values than non-bool tests to secure >99.9% confidence.
std::vector<bool> values(1000000);
for (auto i : values) {
ldionneUnsubmitted
Done
ReplyInline Actions

Should that type be bool? You're getting bool out of dist(gen), aren't you?

ldionne: Should that type be `bool`? You're getting `bool` out of `dist(gen)`, aren't you?
cjdbAuthorUnsubmitted
Done
ReplyInline Actions

It can be bool, but it doesn't need to be. I didn't want to get yelled at for using the almost universally-hated vector<bool>.

cjdb: It can be `bool`, but it doesn't need to be. I didn't want to get yelled at for using the…
ldionneUnsubmitted
Done
ReplyInline Actions

This comment tied into my comment above about how the distribution is generated. If a distribution on 0, numeric_limits<unsigned char>::max() was generated instead and the result type was char instead of bool, this test would pass even though it should not. So I think it'd be better to use bool here, if only to show that we're really getting a bool out of the distribution.

ldionne: This comment tied into my comment above about how the distribution is generated. If a…
i = dist(gen);
}
double average = std::accumulate(values.begin(), values.end(), 0.0) / values.size();
assert(0.49875 < average && average < 0.50125);
}
int main(int, char**) int main(int, char**)
{ {
test_statistics<int, std::minstd_rand0>(); test_statistics<int, std::minstd_rand0>();
test_statistics<int, std::minstd_rand>(); test_statistics<int, std::minstd_rand>();
test_statistics<int, std::mt19937>(); test_statistics<int, std::mt19937>();
test_statistics<int, std::mt19937_64>(); test_statistics<int, std::mt19937_64>();
test_statistics<int, std::ranlux24_base>(); test_statistics<int, std::ranlux24_base>();
test_statistics<int, std::ranlux48_base>(); test_statistics<int, std::ranlux48_base>();
test_statistics<int, std::ranlux24>(); test_statistics<int, std::ranlux24>();
test_statistics<int, std::ranlux48>(); test_statistics<int, std::ranlux48>();
test_statistics<int, std::knuth_b>(); test_statistics<int, std::knuth_b>();
test_statistics<int, std::minstd_rand0>(-6, 106); test_statistics<int, std::minstd_rand0>(-6, 106);
test_statistics<int, std::minstd_rand>(5, 100); test_statistics<int, std::minstd_rand>(5, 100);
test_statistics<char, std::minstd_rand0>();
test_statistics<signed char, std::minstd_rand0>();
test_statistics<short, std::minstd_rand0>(); test_statistics<short, std::minstd_rand0>();
test_statistics<int, std::minstd_rand0>(); test_statistics<int, std::minstd_rand0>();
test_statistics<long, std::minstd_rand0>(); test_statistics<long, std::minstd_rand0>();
test_statistics<long long, std::minstd_rand0>(); test_statistics<long long, std::minstd_rand0>();
test_statistics<unsigned char, std::minstd_rand0>();
test_statistics<unsigned short, std::minstd_rand0>(); test_statistics<unsigned short, std::minstd_rand0>();
test_statistics<unsigned int, std::minstd_rand0>(); test_statistics<unsigned int, std::minstd_rand0>();
test_statistics<unsigned long, std::minstd_rand0>(); test_statistics<unsigned long, std::minstd_rand0>();
test_statistics<unsigned long long, std::minstd_rand0>(); test_statistics<unsigned long long, std::minstd_rand0>();
test_bool_statistics<std::minstd_rand0>();
test_bool_statistics<std::minstd_rand>();
test_bool_statistics<std::mt19937>();
test_bool_statistics<std::mt19937_64>();
test_bool_statistics<std::ranlux24_base>();
test_bool_statistics<std::ranlux48_base>();
test_bool_statistics<std::ranlux24>();
test_bool_statistics<std::ranlux48>();
test_bool_statistics<std::knuth_b>();
test_statistics<char, std::minstd_rand0>(CHAR_MIN, CHAR_MAX);
test_statistics<signed char, std::minstd_rand0>(SCHAR_MIN, SCHAR_MAX);
test_statistics<short, std::minstd_rand0>(SHRT_MIN, SHRT_MAX); test_statistics<short, std::minstd_rand0>(SHRT_MIN, SHRT_MAX);
// http://eel.is/c++draft/rand.req#genl-1.5 // http://eel.is/c++draft/rand.req#genl-1.5
// The effect of instantiating a template that has a parameter // The effect of instantiating a template that has a parameter
// named IntType is undefined unless the corresponding template // named IntType is undefined unless the corresponding template
// argument is cv-unqualified and is one of short, int, long, // argument is cv-unqualified and is one of short, int, long,
// long long, unsigned short, unsigned int, unsigned long, // long long, unsigned short, unsigned int, unsigned long,
// or unsigned long long. // or unsigned long long.
Show All 14 Lines
libcxx/include/__random/uniform_int_distribution.h