1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "partition_alloc/partition_alloc_base/rand_util.h"
6
7 #include <stddef.h>
8 #include <stdint.h>
9
10 #include <algorithm>
11 #include <cmath>
12 #include <limits>
13 #include <memory>
14 #include <vector>
15
16 #include "partition_alloc/partition_alloc_base/check.h"
17 #include "partition_alloc/partition_alloc_base/logging.h"
18 #include "partition_alloc/partition_alloc_base/time/time.h"
19 #include "testing/gtest/include/gtest/gtest.h"
20
21 namespace partition_alloc::internal::base {
22
TEST(PartitionAllocBaseRandUtilTest,RandBytes)23 TEST(PartitionAllocBaseRandUtilTest, RandBytes) {
24 const size_t buffer_size = 50;
25 char buffer[buffer_size];
26 memset(buffer, 0, buffer_size);
27 base::RandBytes(buffer, buffer_size);
28 std::sort(buffer, buffer + buffer_size);
29 // Probability of occurrence of less than 25 unique bytes in 50 random bytes
30 // is below 10^-25.
31 EXPECT_GT(std::unique(buffer, buffer + buffer_size) - buffer, 25);
32 }
33
34 // Verify that calling base::RandBytes with an empty buffer doesn't fail.
TEST(PartitionAllocBaseRandUtilTest,RandBytes0)35 TEST(PartitionAllocBaseRandUtilTest, RandBytes0) {
36 base::RandBytes(nullptr, 0);
37 }
38
39 // Make sure that it is still appropriate to use RandGenerator in conjunction
40 // with std::random_shuffle().
TEST(PartitionAllocBaseRandUtilTest,RandGeneratorForRandomShuffle)41 TEST(PartitionAllocBaseRandUtilTest, RandGeneratorForRandomShuffle) {
42 EXPECT_EQ(base::RandGenerator(1), 0U);
43 EXPECT_LE(std::numeric_limits<ptrdiff_t>::max(),
44 std::numeric_limits<int64_t>::max());
45 }
46
TEST(PartitionAllocBaseRandUtilTest,RandGeneratorIsUniform)47 TEST(PartitionAllocBaseRandUtilTest, RandGeneratorIsUniform) {
48 // Verify that RandGenerator has a uniform distribution. This is a
49 // regression test that consistently failed when RandGenerator was
50 // implemented this way:
51 //
52 // return base::RandUint64() % max;
53 //
54 // A degenerate case for such an implementation is e.g. a top of
55 // range that is 2/3rds of the way to MAX_UINT64, in which case the
56 // bottom half of the range would be twice as likely to occur as the
57 // top half. A bit of calculus care of jar@ shows that the largest
58 // measurable delta is when the top of the range is 3/4ths of the
59 // way, so that's what we use in the test.
60 constexpr uint64_t kTopOfRange =
61 (std::numeric_limits<uint64_t>::max() / 4ULL) * 3ULL;
62 constexpr double kExpectedAverage = static_cast<double>(kTopOfRange / 2);
63 constexpr double kAllowedVariance = kExpectedAverage / 50.0; // +/- 2%
64 constexpr int kMinAttempts = 1000;
65 constexpr int kMaxAttempts = 1000000;
66
67 double cumulative_average = 0.0;
68 int count = 0;
69 while (count < kMaxAttempts) {
70 uint64_t value = base::RandGenerator(kTopOfRange);
71 cumulative_average = (count * cumulative_average + value) / (count + 1);
72
73 // Don't quit too quickly for things to start converging, or we may have
74 // a false positive.
75 if (count > kMinAttempts &&
76 kExpectedAverage - kAllowedVariance < cumulative_average &&
77 cumulative_average < kExpectedAverage + kAllowedVariance) {
78 break;
79 }
80
81 ++count;
82 }
83
84 ASSERT_LT(count, kMaxAttempts) << "Expected average was " << kExpectedAverage
85 << ", average ended at " << cumulative_average;
86 }
87
TEST(PartitionAllocBaseRandUtilTest,RandUint64ProducesBothValuesOfAllBits)88 TEST(PartitionAllocBaseRandUtilTest, RandUint64ProducesBothValuesOfAllBits) {
89 // This tests to see that our underlying random generator is good
90 // enough, for some value of good enough.
91 uint64_t kAllZeros = 0ULL;
92 uint64_t kAllOnes = ~kAllZeros;
93 uint64_t found_ones = kAllZeros;
94 uint64_t found_zeros = kAllOnes;
95
96 for (size_t i = 0; i < 1000; ++i) {
97 uint64_t value = base::RandUint64();
98 found_ones |= value;
99 found_zeros &= value;
100
101 if (found_zeros == kAllZeros && found_ones == kAllOnes) {
102 return;
103 }
104 }
105
106 FAIL() << "Didn't achieve all bit values in maximum number of tries.";
107 }
108
109 // Benchmark test for RandBytes(). Disabled since it's intentionally slow and
110 // does not test anything that isn't already tested by the existing RandBytes()
111 // tests.
TEST(PartitionAllocBaseRandUtilTest,DISABLED_RandBytesPerf)112 TEST(PartitionAllocBaseRandUtilTest, DISABLED_RandBytesPerf) {
113 // Benchmark the performance of |kTestIterations| of RandBytes() using a
114 // buffer size of |kTestBufferSize|.
115 const int kTestIterations = 10;
116 const size_t kTestBufferSize = 1 * 1024 * 1024;
117
118 std::unique_ptr<uint8_t[]> buffer(new uint8_t[kTestBufferSize]);
119 const TimeTicks now = TimeTicks::Now();
120 for (int i = 0; i < kTestIterations; ++i) {
121 base::RandBytes(buffer.get(), kTestBufferSize);
122 }
123 const TimeTicks end = TimeTicks::Now();
124
125 PA_LOG(INFO) << "RandBytes(" << kTestBufferSize
126 << ") took: " << (end - now).InMicroseconds() << "µs";
127 }
128
TEST(PartitionAllocBaseRandUtilTest,InsecureRandomGeneratorProducesBothValuesOfAllBits)129 TEST(PartitionAllocBaseRandUtilTest,
130 InsecureRandomGeneratorProducesBothValuesOfAllBits) {
131 // This tests to see that our underlying random generator is good
132 // enough, for some value of good enough.
133 uint64_t kAllZeros = 0ULL;
134 uint64_t kAllOnes = ~kAllZeros;
135 uint64_t found_ones = kAllZeros;
136 uint64_t found_zeros = kAllOnes;
137
138 InsecureRandomGenerator generator =
139 InsecureRandomGenerator::ConstructForTesting();
140
141 for (size_t i = 0; i < 1000; ++i) {
142 uint64_t value = generator.RandUint64();
143 found_ones |= value;
144 found_zeros &= value;
145
146 if (found_zeros == kAllZeros && found_ones == kAllOnes) {
147 return;
148 }
149 }
150
151 FAIL() << "Didn't achieve all bit values in maximum number of tries.";
152 }
153
154 namespace {
155
156 constexpr double kXp1Percent = -2.33;
157 constexpr double kXp99Percent = 2.33;
158
ChiSquaredCriticalValue(double nu,double x_p)159 double ChiSquaredCriticalValue(double nu, double x_p) {
160 // From "The Art Of Computer Programming" (TAOCP), Volume 2, Section 3.3.1,
161 // Table 1. This is the asymptotic value for nu > 30, up to O(1 / sqrt(nu)).
162 return nu + sqrt(2. * nu) * x_p + 2. / 3. * (x_p * x_p) - 2. / 3.;
163 }
164
ExtractBits(uint64_t value,int from_bit,int num_bits)165 int ExtractBits(uint64_t value, int from_bit, int num_bits) {
166 return (value >> from_bit) & ((1 << num_bits) - 1);
167 }
168
169 // Performs a Chi-Squared test on a subset of |num_bits| extracted starting from
170 // |from_bit| in the generated value.
171 //
172 // See TAOCP, Volume 2, Section 3.3.1, and
173 // https://en.wikipedia.org/wiki/Pearson%27s_chi-squared_test for details.
174 //
175 // This is only one of the many, many random number generator test we could do,
176 // but they are cumbersome, as they are typically very slow, and expected to
177 // fail from time to time, due to their probabilistic nature.
178 //
179 // The generator we use has however been vetted with the BigCrush test suite
180 // from Marsaglia, so this should suffice as a smoke test that our
181 // implementation is wrong.
ChiSquaredTest(InsecureRandomGenerator & gen,size_t n,int from_bit,int num_bits)182 bool ChiSquaredTest(InsecureRandomGenerator& gen,
183 size_t n,
184 int from_bit,
185 int num_bits) {
186 const int range = 1 << num_bits;
187 PA_BASE_CHECK(static_cast<int>(n % range) == 0)
188 << "Makes computations simpler";
189 std::vector<size_t> samples(range, 0);
190
191 // Count how many samples pf each value are found. All buckets should be
192 // almost equal if the generator is suitably uniformly random.
193 for (size_t i = 0; i < n; i++) {
194 int sample = ExtractBits(gen.RandUint64(), from_bit, num_bits);
195 samples[sample] += 1;
196 }
197
198 // Compute the Chi-Squared statistic, which is:
199 // \Sum_{k=0}^{range-1} \frac{(count - expected)^2}{expected}
200 double chi_squared = 0.;
201 double expected_count = n / range;
202 for (size_t sample_count : samples) {
203 double deviation = sample_count - expected_count;
204 chi_squared += (deviation * deviation) / expected_count;
205 }
206
207 // The generator should produce numbers that are not too far of (chi_squared
208 // lower than a given quantile), but not too close to the ideal distribution
209 // either (chi_squared is too low).
210 //
211 // See The Art Of Computer Programming, Volume 2, Section 3.3.1 for details.
212 return chi_squared > ChiSquaredCriticalValue(range - 1, kXp1Percent) &&
213 chi_squared < ChiSquaredCriticalValue(range - 1, kXp99Percent);
214 }
215
216 } // namespace
217
TEST(PartitionAllocBaseRandUtilTest,InsecureRandomGeneratorChiSquared)218 TEST(PartitionAllocBaseRandUtilTest, InsecureRandomGeneratorChiSquared) {
219 constexpr int kIterations = 50;
220
221 // Specifically test the low bits, which are usually weaker in random number
222 // generators. We don't use them for the 32 bit number generation, but let's
223 // make sure they are still suitable.
224 for (int start_bit : {1, 2, 3, 8, 12, 20, 32, 48, 54}) {
225 int pass_count = 0;
226 for (int i = 0; i < kIterations; i++) {
227 size_t samples = 1 << 16;
228 InsecureRandomGenerator gen =
229 InsecureRandomGenerator::ConstructForTesting();
230 // Fix the seed to make the test non-flaky.
231 gen.ReseedForTesting(kIterations + 1);
232 bool pass = ChiSquaredTest(gen, samples, start_bit, 8);
233 pass_count += pass;
234 }
235
236 // We exclude 1% on each side, so we expect 98% of tests to pass, meaning 98
237 // * kIterations / 100. However this is asymptotic, so add a bit of leeway.
238 int expected_pass_count = (kIterations * 98) / 100;
239 EXPECT_GE(pass_count, expected_pass_count - ((kIterations * 2) / 100))
240 << "For start_bit = " << start_bit;
241 }
242 }
243
244 } // namespace partition_alloc::internal::base
245