Tuesday, May 20, 2008

PHP rand(0,1) on Windows < OpenSSL rand() on Debian

512x512 image made using `if rand(0,1)` on PHP/Windows

(Please excuse the inflammatory title.)

Bo Allen recently made a post regarding the difference between true random and pseudorandom numbers, using 512x512 bitmaps as illustration.

Some might doubt his result on Windows, as the image seems to be too predictable. Initially, I passed it off as PHP using the default Windows pseudorandom number generator, which is a Linear Congruential Generator.

The default windows rand() function is implemented as follows (coefficients from this site, many others have them also):

unsigned long randState = 0;

//Get random number
unsigned long rand(void) {
randState = randState * 214013 + 2531011L;
return (randState >> 16) & 0x7fff;

//Seed RNG
void srand(unsigned long seed) {
randState = seed;

Here is Bo Allen's code:
// Requires the GD Library
header ("Content-type: image/png");
$im = @imagecreatetruecolor(512, 512)
or die("Cannot Initialize new GD image stream");
$white = imagecolorallocate($im, 255, 255, 255);
imagesetpixel($im, $x, $y, $white);

Let's have a look at how PHP does rand(0,1). All code is from the php-5.2.6 source release.

/* {{{ proto int rand([int min, int max])
Returns a random number */
long min;
long max;
long number;
int argc = ZEND_NUM_ARGS();

if (argc != 0 &&
zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE)

number = php_rand(TSRMLS_C);
if (argc == 2) {
RAND_RANGE(number, min, max, PHP_RAND_MAX);

/* }}} */

A bit of digging reveals that php_rand is just a wrapper to the system's random() function. Okay, so what exactly is RAND_RANGE?

#define RAND_RANGE(__n, __min, __max, __tmax) \
(__n) = (__min) + (long) ((double) ( (double) (__max) - (__min) + 1.0) \
* ((__n) / ((__tmax) + 1.0)))

Wow, that is some ugly code.

Python's default random generator uses Mersenne Twister, which is an excellent choice for any application outside of cryptography. Here's code that replicates Bo's experiment, including a re-implementation of php's broken rand() function.

import PIL.Image, random, time

class MsftRand(random.Random):
'''This is equivalent to rand() and srand() on the Windows platform'''
state = 0
def __init__(self): # constructor method
self.state = int(time.time()) # seconds since the epoch
def seed(self,s):
self.state = s
def setstate(self,s):
self.state = s
def getstate(self):
return self.state
def random(self): # returns a float [0,1)
self.state = (self.state * 214013 + 2531011) % 2**32
return float((self.state >> 16) & 0x7fff) / 2**15

class bogoRand(MsftRand):
'''This replicates how PHP does randint()'''
def randint(self, a, b):
self.state = (self.state * 214013 + 2531011) % 2**32
return a + int(float((float(b-a+1)*((self.state&0x7fff)/((1<<15)+1.0)))))

image = PIL.Image.new("1",(512,512)) # Creates a 512x512 bitmap

# creates a list of different RNG objects and names
rand_mapping = [ (MsftRand(), "Microsoft"),
(random.Random(), "Mersenne"),
(bogoRand(), "bogoRand") ]

for rnd, name in rand_mapping:
for y in xrange(512):
for x in xrange(512):
image.putpixel((x,y), rnd.randint(0,1))

This will create three images when you run it--random_Mersenne.png, which uses Python's default random generator and randint() implementations, random_Microsoft.png, which uses the Windows LCG and Python's randint() implementation, and random_bogoRand.png, which uses the Windows LCG and PHP's randint() implementation.

Here's what random_bogoRand.png looks like:

This doesn't look exactly like Bo's image, as I probably didn't exactly replicate all the quirks of PHP's RAND_RANGE macro. I could be using the wrong LCG as well.

The other two images have no patterns obvious to the eye. How does Python do randint()?

from Lib/rand.py:

def randint(self, a, b):
"""Return random integer in range [a, b], including both end points.
return self.randrange(a, b+1)
def randrange(self, start, stop):
#I'm paraphrasing here, it does checks to make sure the arguments
# are integers and other sanity stuff
return start + int(self.random() * (stop - start))

It's not that PRNGs are visibly flawed, it's that PHP has a terrible method of generating a random range.

Labels: , , ,


Blogger Bo said...

Wow, excellent follow-up! I appreciate the time you spent looking into the details of this.

Using PHP's mt_rand() function (which utilizes the Mersenne Twister) provides a better random value.

May 27, 2008 at 5:34 PM  
OpenID tml said...

After digging deeper into this, it seems likely that the real problem is two-fold:

first, rand() on Win32 has a period of 32767;

secondly, the RAND_RANGE define is trying to scale the generated number into the range you requested. This can result in some loss of randomness (see http://bugs.php.net/bug.php?id=45184).

Python's randrange() solves this by calling _randbelow() in a loop while you're outside the requested range - which is probably the best way to do it. There is some work on this that should be coming out as of 5.3 - thanks for bringing it up!

October 20, 2008 at 5:40 PM  
Blogger Hubadu said...

deja-vu on random.org

September 6, 2009 at 7:56 AM  
Blogger Eric said...

Even with PHP 5.3, the results aren't that much different. Using mt_rand instead, though, is mind-blowing...

PHP 5.3 with rand: http://twitpic.com/gq81b

PHP 5.3 with mt_rand: http://twitpic.com/gq827

September 6, 2009 at 10:01 AM  
Blogger Juln the Squid said...

Yes, you have to use mt_rand. That's why they describe it as "Generate a better random value".

September 6, 2009 at 2:47 PM  
Blogger jacquesm said...

If you want to do a comparison at least make it a meaningful one and use the rand function the way it is intended:

This will give your bit: "rand() & 1;", so imagesetpixel($im,$x,$y,rand() &1);

will do the job. To save you the typing you can look here:


That's on a linux box running php 4.4.2, the results look pretty random to me. To make the result reproducible I've seeded the PRNG with '0' using srand(0); at the beginning of the program.

If you want to use the 'scale' function in PHP for something that you should be doing by a one bit and then you will reap the results of that, you are effectively sampling the lowest bit after a bunch of float operations, which is clearly sub-optimal.

PHP can't correct for incorrect use.

As for the rest of your code, the $x=0; line can be dropped, there is no need to 'reset' your loop variable at the end of a loop, last I checked.

I'm no PHP fan but before you criticize a project make sure you understand the material.

September 6, 2009 at 4:06 PM  
Blogger abadinfluence said...


Public domain. Have fun.

September 8, 2009 at 12:11 AM  
Blogger Bo said...


1.) Linux was never the problem. Read the post title...

2.) Your code is wrong.

imagesetpixel($im,$x,$y,rand() &1);

...Pretty much just makes a black square.

3.) After fixing your code, your bitwise use of rand() on Windows actually makes an even worse random graphic.

4.) rand(0, 1) works just fine. Yes, rand() &1 is faster, but that doesn't mean rand(0, 1) is "wrong"... Especially since, in this case, rand(0, 1) produces better randomness.

September 3, 2011 at 4:06 PM  
Blogger Emmanuel Jeandel said...

Your analysis is completely wrong.

You made a mistake in the code for bogoRand. IF php were to call windows random(), the call would be:

return a + int(float((float(b-a+1)*((self.state&0x7fff >> 16)/((1<<15)+1.0)))))

You forgot the ">> 16", I hope it's not intentional. But IF php were to call windows random(), there would be no problem, as anyone can see by adding back the ">> 16" that is missing.

What's really happening is that PHP in the ZTS mode (I don't know what it stands for, but it has something to do with Thread Safety) uses its own version of random() which is defined by:

return ((*ctx = *ctx * 1103515245 + 12345) % ((u_long)PHP_RAND_MAX + 1));

And you can test that by replacing your code for bogoRand by:
def randint(self, a, b):
self.state = (self.state* 1103515245 + 12345) % (1 << 15)
return a + int(float((float(b-a+1)*((self.state/((1<<15)+1.0))))))

you will obtain EXACTLY what happens in Bo Allen post.

October 5, 2012 at 3:42 AM  
Blogger Andria BZ said...

This information is impressive; I am inspired with your post writing style & how continuously you describe this topic. After reading your post, thanks for taking the time to discuss this, I feel happy about it and I love learning more about this topic.
PHP Training in Chennai

July 30, 2015 at 4:47 AM  
Blogger Amirtha rao said...

This technical post helps me to improve my skills set, thanks for this wonder article I expect your upcoming blog, so keep sharing..
Web design course in Chennai|Web design training Chennai

August 5, 2015 at 1:53 AM  
Blogger Harshita said...

Wow, brilliant article that I was searching for. Helped a lot, as I used it in my work. Thanks a ton. Keep writing, would love to follow your posts.
PHP training | PHP training | PHP training

September 10, 2015 at 5:27 AM  
Blogger geethu said...

Thanks for sharing this unique and informative content which provided me the required information.
PHP Training in Chennai | PHP Course in Chennai | FITA Velachery

February 18, 2016 at 4:24 AM  
Blogger Addison adolf said...

Let Our Website Designers fabricate your fantasy site. We have more than 17 years of web outline experience

Contact us>>> App Buzz

February 18, 2016 at 10:33 PM  
Blogger Anastasia Amelie said...

For the individuals who are searching for a best showcasing module for a web shopping store, Restaurant or a little business shop then this is an absolute necessity purchase module for everybody.

best woocommerce plugins

March 4, 2016 at 4:55 AM  
Blogger caroline jesi said...

Thanks of sharing this post…Python is the fastest growing language that helps to get your dream job in a developing area. It says every fundamental in a programming, so if you want to become an expertise in python get some training
Python Training in Chennai|Python Training

March 14, 2016 at 3:14 AM  
Blogger Nicky Paul said...

A complete wordpress module to send sms with a high ability. Send SMS by means of WordPress, Subscribe SMS bulletin and Send SMS to Number(s), Subscribes
sms plugin

March 27, 2016 at 9:21 PM  
Blogger varshini devi said...

I am newbie of this PHP technology, this post helps me to know the introductory of PHP, Thanks for posting such a nice post.
PHP Training in Chennai|PHP Course in Chennai

June 23, 2016 at 5:51 AM  
Blogger Jhon Mick said...

It was amazing course for the fresh candidates who looking good career in IT industry.
web designing course in chennai|web designing training

June 24, 2016 at 4:56 AM  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home