Skip to content

Add thread safety to default random #16174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 15 commits into
base: master
Choose a base branch
from
Draft

Add thread safety to default random #16174

wants to merge 15 commits into from

Conversation

ysbaddaden
Copy link
Contributor

@ysbaddaden ysbaddaden commented Sep 27, 2025
edited
Loading

See #16157 and its comments for more details.

  • Add Random.default thread local:
    • Replaces all usages of Random::DEFAULT
    • Fix: thread safety of Enumerable#sample(n) (split thread local)
    • Fix: thread safety of Crystal::System::File.mktemp (resolve thread local on each attempt)
  • Remove most usages of Random.default to internalize its usage:
    • Add Random.next_int and Random.next_bool methods that can be called directly;
    • Prefer Random::Secure.random_bytes;
    • Methods taking a Random now default to random = nil
    • Docs are fixed to state that a custom Random instance can be passed for specific control.
  • Deprecate now unused Random::DEFAULT
  • Fix: deprecated Random::DEFAULT warning on Process.new on UNIX

To be defined: we might want to keep Random.default undocumented 🤔

Closes #16157.
Depends on #16173.

@ysbaddaden
Add thread_local macro
21c15e6 
This is a simple abstraction over the `ThreadLocal` annotation (for
quick access) that also injects a reference into `Thread.current` to
keep the value visible to the GC (that can't scan `ThreadLocal` values).

There is no support for destructors. When needed just use a class with a
finalizer: when the Thread is collected the thread local value will also
be collected, which will run the finalizer.
@ysbaddaden
Add Random.default (thread local)
6dd3fb1
@ysbaddaden
Prefer Random.default over Random::DEFAULT
6efc9b1
@ysbaddaden
Fix: Crystal::System::File.mktemp
f0e070c
@ysbaddaden
fixup! Add Random.default (thread local)
072e285
@ysbaddaden
Refactor Enumerable#sample and Indexable#sample to be thread safe
29fb671
@ysbaddaden ysbaddaden self-assigned this Sep 27, 2025
@ysbaddaden ysbaddaden added kind:bug A bug in the code. Does not apply to documentation, specs, etc. topic:multithreading labels Sep 27, 2025
@ysbaddaden ysbaddaden mentioned this pull request Sep 27, 2025
Merged
straight-shoota
straight-shoota reviewed Sep 27, 2025
View reviewed changes
@ysbaddaden
Fixes: interpreter + don't hardcode PCG32
c24b46e
@ysbaddaden
Fix: must hardcode Random::PCG32 in .dup_and_split_default
d6d5536 
ReferenceStorage(T) needs a concrete type (not Random) and
PCG32.new(self) requires the type to be a PCG32 instance (not any
Random).
straight-shoota
straight-shoota reviewed Sep 28, 2025
View reviewed changes
Blacksmoke16
Blacksmoke16 reviewed Sep 29, 2025
View reviewed changes
@ysbaddaden
Default random arguments are now nil instead of Random.default
48fdb86 
The goal is to avoid advertising a global random instance since even as
a thread local it ain't always safe to use. We shall instead treat it as
an internal implementation detail.
@ysbaddaden
Add Random.next_bool and .next_int and avoid Random.default
dd83e7e
@ysbaddaden
Deprecate Random::DEFAULT
009bc86
@ysbaddaden
Fix: don't print deprecated Random::DEFAULT warning on fork/exec
0b8b541 
Refactors the `Crystal::System::Process.fork` methods on UNIX to only
compile the call to `Random::DEFAULT` when using `Process.fork` not when
calling `Process.new` or `Process.run`.

The patch no longer hardcodes both `will_exec` paths, only the used ones
will be compiled.
@ysbaddaden
fixup! Default random arguments are now nil instead of Random.default
978a84e
Sija
Sija reviewed Oct 2, 2025
View reviewed changes
@straight-shoota
Copy link
Member

We should probably extract the refactor of Crystal::System::Process.fork. This change is not directly related to the thread safety of random.
And we need it for other reasons as well. For example, we might want to use clone(2) instead of fork for spawning a new process in order to get an atomic pidfd.

@ysbaddaden
Copy link
Contributor Author

Or move to posix_spawn (and pidfd_spawn on Linux) instead 😁

@ysbaddaden ysbaddaden mentioned this pull request Oct 8, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@straight-shoota straight-shoota straight-shoota left review comments

@Blacksmoke16 Blacksmoke16 Blacksmoke16 left review comments

+1 more reviewer

@Sija Sija Sija left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@ysbaddaden ysbaddaden

Labels

kind:bug A bug in the code. Does not apply to documentation, specs, etc. topic:multithreading

Projects

Multi-threading
Status: Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Random::DEFAULT is thread unsafe

4 participants

@ysbaddaden @straight-shoota @Sija @Blacksmoke16