Topic: D0205R1 -- Final draft for "Allow Seeding Random

Author: Moritz Klammler <>
Date: Wed, 10 Feb 2016 19:09:42 +0100
Raw View
Content-Type: text/plain; charset=UTF-8

Attached is my final draft for the proposal.  My plans are to formally
submit it tomorrow.  Until then, I can still apply last-minute fixes but
given how little time is left, I know that this is unrealistic.

There is also an implementation of the proposal available now:

Thank you to all who have provided feedback so far.


You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at

Content-Type: text/html; charset=utf-8
Content-Disposition: attachment; filename=d0205r1.html
Content-Transfer-Encoding: quoted-printable
Content-Description: D0205R1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "

<html xmlns=3D"" xml:lang=3D"en" lang=3D"en">
    <title>D0205R1 &mdash; Allow Seeding Random Number Engines with std::ra=
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8=
" />
    <meta name=3D"description"
          content=3D"The purpose of this proposal is to make properly seedi=
ng a random number engine in a
                   non-deterministic way easy and fast.

                   In order to achieve this, the following changes are prop=

                    - Introduction of a new concept *seed generator*, which=
 is a relaxation of *seed sequence*
                      (=C2=A7&nbsp; [rand.req.seedseq]).

                    - Addition of a member function `generate` to `std::ran=
dom_device` in order to make it model the new

                   The changes are non-breaking and can be implemented as a=
 pure library solution with current C++14
                   features." />
    <meta name=3D"keywords"
          content=3D"ISO, C++, C++14, C++17, random, seed, random number en=
gine, RNG, PRNG, std::seed_seq,
                   std::random_device, entropy, Moritz Klammler" />
    <style type=3D"text/css">
      /* <![CDATA[ */

      body {
        font-family: serif;
        font-size: 12pt;
        margin: 2em;

      p {
        text-align: justify;

      pre, code {
        font-family: monospace;
        font-size: inherit;
        /* color: #5c3566;  */

      pre .comment {
        font-style: italic;

      blockquote {
        margin-left: 2em;
        padding: 0.2ex 1em 0.3ex 1em;
        background-color: #eeeeec;
        border-left: 5px solid #babdb6;

      ol.toc {
        list-style: none;
        margin-left: 2em;
        padding: 0;

      ol.toc li {

      /* ]]> */
    <script type=3D"text/javascript">
      /* <![CDATA[ */

      function replace_email() {
        var node =3D document.getElementById('email');
        var email =3D node.innerHTML.replace(/\\x2E/g, '\x2E').replace(/\\x=
40/g, '\x40');
        node.innerHTML =3D email;
        node.href =3D 'mailto:' + email;

      /* ]]> */
  <body onload=3D"replace_email()">
    <h1>Allow Seeding Random Number Engines with <code>std::random_device</=
    <table border=3D"0" cellspacing=3D"0" cellpadding=3D"5">
        <td>Document number:</td>
        <td>Programming Language C++</td>
        <td>Study Group 6 (Numerics), Library Evolution Working Group, Libr=
ary Working Group</td>
          Moritz Klammler
          &lt;<code><a id=3D"email">moritz\x2Eklammler\x40gmail\x2Ecom</a><=
          (OpenPGP: <code>2732 DA32 C8D0 EEEC A081 BE9D CF6C 5166 F393 A9C0=
    <h2 id=3D"sec-toc">Table of Contents</h2>
    <ol class=3D"toc">
      <li><a href=3D"#sec-intro">1. Introduction</a></li>
        <a href=3D"#sec-motivation-scope">2. Motivation and Scope</a>
        <ol class=3D"toc">
          <li><a href=3D"#sec-background">2.1 Background</a></li>
          <li><a href=3D"#sec-current-problem">2.2 The Problem with the Cur=
rent Standard Library</a></li>
          <li><a href=3D"#sec-proposed-solution">2.3 The Proposed Solution<=
        <a href=3D"#sec-impact-std">3. Impact on the Standard</a>
        <ol class=3D"toc">
          <li><a href=3D"#sec-rand-req-eng">3.1 Clarification on Random Num=
ber Engine Requirements</a></li>
          <li><a href=3D"#sec-deprecation">3.2 Deprecation of Existing Feat=
        <a href=3D"#sec-design-decisions">4. Design Decisions</a>
        <ol class=3D"toc">
            <a href=3D"#sec-alt-solutions">4.1 Alternative Solutions</a>
            <ol class=3D"toc">
              <li><a href=3D"#sec-alt-adapter">4.1.1 Provide a Generic Adap=
ter Type instead of Modifying <code>std::random_device</code></a></li>
              <li><a href=3D"#sec-int-types">4.1.2 Integer Types</a></li>
          <li><a href=3D"#sec-shortcomings">4.2 Shortcomings</a></li>
          <li><a href=3D"#sec-impact-stdlib-impl">4.3 Impact on Standard Li=
brary Implementations</a></li>
          <li><a href=3D"#sec-implementations">4.4 Implementations</a></li>
      <li><a href=3D"#sec-prop-word">5. Proposed Wording</a></li>
      <li><a href=3D"#sec-acknowledgments">Acknowledgments</a></li>
      <li><a href=3D"#sec-references">References</a></li>
    <h2 id=3D"sec-intro">1. Introduction</h2>
      The purpose of this proposal is to make properly seeding a random num=
ber engine in a non-deterministic way easy
      and fast.
      In order to achieve this, the following changes are proposed:
          Introduction of a new concept <em>seed generator</em>, which is a=
 relaxation of <em>seed sequence</em>
          (=C2=A7&nbsp; [rand.req.seedseq]).
          Addition of a member function <code>generate</code> to
          <code>std::random_device</code> in order to make it model the new=
      The changes are non-breaking and can be implemented as a pure library=
 solution with current C++14 features.
    <h2 id=3D"sec-motivation-scope">2. Motivation and Scope</h2>
    <h3 id=3D"sec-background">2.1 Background</h3>
      C++11 introduced a powerful random number generation library (=C2=A7&=
nbsp;26.5 [rand]) under
      the <code>&lt;random&gt;</code> header.  It provides <em>random numbe=
r engines</em> (=C2=A7&nbsp;
      [rand.req.eng]) that can be used either directly as a source of unifo=
rmly distributed pseudo random integers of
      unsigned type or together with <em>random number distributions</em> (=
=C2=A7&nbsp; [rand.req.dist]) to produce
      pseudo random numbers according to a variety of distributions.
      If an engine has an internal state of <var>N</var> bits, it can produ=
ce at most 2<sup><var>N</var></sup> different
      sequences and the longest sequence it can produce will have a period =
of at most 2<sup><var>N</var></sup> values
      until it necessarily starts repeating itself.  Applications that wish=
 to produce high-quality pseudo random
      numbers will therefore choose an engine such as the Mersenne twister =
with a large internal state.  Choosing an
      engine with a large internal state helps ensuring that the period of =
the generated sequence will be large.
      However, in order to ensure that the number of different sequences th=
e engine can produce is also exponential in
      the size of its state, it has to be made sure that the initial state =
is evenly distributed across all possible
      states.  This is done by <em>seeding</em> the random number engine.  =
If each of the 2<sup><var>N</var></sup>
      states should be chosen with equal probability as the initial state, =
seeding requires 2<sup><var>N</var></sup>
      bits of entropy.
      The standard library provides the type <code>std::random_device</code=
> (=C2=A7&nbsp;26.5.6 [rand.device]),
      a <em>uniform random number generator</em> (=C2=A7&nbsp; [ran=
d.req.urng]) that is supposed (but, unfortunately,
      not required) to produce a non-deterministic sequence of uniformly di=
stributed integers of type
      <code>unsigned int</code>.  The natural choice for an application tha=
t wishes to generate pseudo random numbers
      and does not need (and often doesn't want) reproducibility is to use =
it for seeding a random engine that is then
      used to produce pseudo random numbers.
    <h3 id=3D"sec-current-problem">2.2 The Problem with the Current Standar=
d Library</h3>
      Unfortunately, the current standard library does not provide any conv=
enient way to use
      a <code>std::random_device</code> to properly (in the sense that each=
 initial state is equally likely) seed a
      random engine.
      The na&iuml;ve approach that most people seem to use is the following.
    <pre>template &lt;typename EngineT&gt;
  <span class=3D"comment">// requires(RandomNumberEngine(EngineT))</span>
seed_non_deterministically_1st(EngineT&amp; engine)
  std::random_device rnddev {};
      This code is severely flawed.  If <code>EngineT</code> is <code>std::=
mt19937</code>, it has a state size of
      19&#x202f;968&nbsp;bits.  However, if an <code>unsigned int</code> is=
 32&nbsp;bits (as is the common case on many
      platforms today), then of the up to 2<sup>19&#x202f;968</sup> states,=
 at most 2<sup>32</sup> (that is one
      2<sup>&minus;19&#x202f;936</sup>-th) can possibly be chosen!
      To illustrate that this is in fact a real problem, O'Neill&nbsp;[<a h=
ref=3D"#ref-01">1</a>] has pointed out that a
      <code>std::mt19937</code> engine seeded like above can never produce =
certain integers as its first value.  This
      can have bad consequences on real-world programs.  A program that inc=
orrectly assumes that an impossible number
      will eventually be produced as the engine's first (or <var>n</var>-th=
) output is broken in a very subtle way.
      After all, it would take extensive and practically unrealistic unit t=
esting to do an exhaustive search over the
      possible seeds and even detect the bug.
      In addition to seeding an engine with an integer, the standard librar=
y also provides a way to seed it with a
      so-called <em>seed sequence</em> (=C2=A7&nbsp; [rand.req.seed=
seq]).  A seed sequence may be constructed in a
      deterministic way from zero or more integers that provide some initia=
l entropy.  The numbers are then possibly
      scrambled and stored in some internal state of the seed sequence whic=
h can be externalized using
      the <code>param</code> member function.  Such a memento may then be u=
sed to re-create a seed sequence of the same
      type in the same state.  A seed sequence provides a member function <=
code>generate</code> that takes a pair of
      random access iterators and assigns a uniformly distributed unsigned =
32 bit integer to each element in the range
      denoted by the iterator pair.  The standard library provides a single=
 implementation of a seed sequence in
      <code>std::seed_seq</code> (=C2=A7&nbsp; [rand.util.seedseq])=
..  This type can be used to seed a random engine
      more thoroughly.
    <pre>template &lt;typename EngineT, std::size_t StateSize =3D EngineT::=
  <span class=3D"comment">// requires(RandomNumberEngine(EngineT))</span>
seed_non_deterministically_2nd(EngineT&amp; engine)
  using engine_type =3D typename EngineT::result_type;
  using device_type =3D std::random_device::result_type;
  using seedseq_type =3D std::seed_seq::result_type;
  constexpr auto bytes_needed =3D StateSize * sizeof(engine_type);
  constexpr auto numbers_needed =3D (sizeof(device_type) &lt; sizeof(seedse=
    ? (bytes_needed / sizeof(device_type))
    : (bytes_needed / sizeof(seedseq_type));
  std::array&lt;device_type, numbers_needed&gt; numbers {};
  std::random_device rnddev {};
  std::generate(std::begin(numbers), std::end(numbers), std::ref(rnddev));
  std::seed_seq seedseq(std::cbegin(numbers), std::cend(numbers));
      This code has a number of problems.
          It is absurdly complicated for what could rightfully be expected =
to be a simple task.  (Even the author is not
          absolutely sure it is correct.)  It is unrealistic (and unreasona=
ble) to expect a casual user to come up with
          such a seeding procedure.
          It is not as general as one might hope it is.  The <em>random num=
ber engine</em> concept does not require that
          an engine exposes its <code>state_size</code> as
          <code>std::mersenne_twister_engine</code> does.  (The author beli=
eves that making this constant part of the
          requirements would have been a good idea but it is too late for t=
his now.)  This forces the user of the
          function to look up the actual state size in the documentation an=
d provide the correct value as the
          second <code>template</code> parameter.  (One could write type tr=
aits for the engines provided by the standard
          library and fall back to <code>sizeof</code> as a reasonable esti=
mate for third-party types, faithfully
          assuming they won't allocate memory to hold state on the free sto=
          It is not as accurate as it should be.  Assuming that <code>std::=
random_device</code> produces truly
          independent uniform random numbers, <code>std::seed_seq</code> ac=
          <em>introduces</em> non-uniformity&nbsp;[<a href=3D"#ref-01">1</a=
>].  (O'Neill provides experimental evidence for
          this.  Anyway, it is clear that a deterministic algorithm can onl=
y ever reduce but never increase the entropy
          of a given seed.)
          It is not as efficient as it could be.  While all that's really n=
eeded is copying a sequence of random bytes
          into the internal state of the engine, the <code>std::random_devi=
ce</code> first copies them into a
          stack-based <code>std::array</code> from which the <code>std::see=
d_seq</code> copies them into a heap
          allocated (!)  internal buffer, scrambles them in a (in this case=
 counter-productive) attempt to remove bias
          until the engine finally copies them to their final destination. =
 To make matters worse, the
          <code>std::random_device</code> does not know in advance how many=
 bytes will be needed.  Therefore, on
          implementations where it reads from a file such as <code>/dev/ura=
ndom</code>, it cannot buffer the reads
    <h3 id=3D"sec-proposed-solution">2.3 The Proposed Solution</h3>
      With this proposal adopted, properly seeding a random engine could be=
 as simple as this.
    <pre>template &lt;typename EngineT&gt;
  <span class=3D"comment">// requires(RandomNumberEngine(EngineT))</span>
seed_non_deterministically_3rd(EngineT&amp; engine)
  std::random_device rnddev {};
  engine.seed(rnddev);  <span class=3D"comment">// note: passing rnddev its=
elf as opposed to the</span>
                        <span class=3D"comment">// result of invoking its c=
all operator</span>
      This would be made possible by adding a <code>generate</code> member =
function to
      <code>std::random_device</code> directly and relaxing the type requir=
ements on the argument to
      the <code>seed</code> member function to only require that <code>gene=
rate</code> member function.
      There would be no unnecessary copies, no unneeded tempering, no dynam=
ic memory allocation, no introduced bias and
      little chance to get anything wrong on the user's side.
    <h2 id=3D"sec-impact-std">3. Impact on the Standard</h2>
      This proposal could be implemented with very little changes, none of =
which would be breaking anything.  No core
      language changes are needed.
      The requirements on the type parameter for a random engine's <code>se=
ed</code> member function (and the
      corresponding constructor) should be relaxed such that it only requir=
es the <code>generate</code> member function
      from <em>seed sequence</em>.  Bolas&nbsp;[<a href=3D"#ref-02">2</a>] =
has argued that even today, a conforming
      implementation isn't allowed to <em>call</em> anything but <code>gene=
rate</code> and perhaps <code>size</code> due
      to existing complexity requirements.  Unfortunately, it may still enf=
orce their presence via type checks.
      To allow also other types than <code>std::random_device</code> to be =
used, a new concept
      <em>seed generator</em> that only specifies the <code>generate</code>=
 member function should be introduced and
      the <em>seed sequence</em> concept be defined as a refinement of it.
      The specification of <code>std::random_device</code> should be change=
d such that it meets the requirements
      of <em>seed generator</em>.  The only thing that is needed here is th=
e addition of the <code>generate</code>
      member function.
      This proposal has no dependencies on any other proposal.  The author =
is not aware of any other proposal that
      depends on or conflicts with this proposal.  In particular, it is ort=
hogonal to N3547&nbsp;[<a href=3D"#ref-05">5</a>].
      (However, the sample implementation of <code>std::randomize</code> in=
 that paper could benefit from the feature
      suggested in this proposal.)
    <h3 id=3D"sec-rand-req-eng">3.1 Clarification on Random Number Engine R=
      Currently, table&nbsp;117 in section&nbsp; [rand.req.eng] def=
ines the various overloads of the
      <code>seed</code> member function of a type <code>E</code> that meets=
 the requirements of <em>random number
      engine</em> in terms of the corresponding constructor and equality op=
erator.  For example, <code>e.seed(q)</code>
      is defined to have the effect that <q>post: <code>e&nbsp;=3D=3D&nbsp;=
E(q)</code></q> and complexity <q>same as
      <code>E(q)</code></q>.  This is unfortunate because for a <em>seed se=
quence</em> <code>q</code>, two successive
      calls to <code>q.generate</code> (even for ranges of identical size) =
do not have to produce the same sequence of
      numbers, even though <code>std::seed_seq</code> happens to behave tha=
t way.  The requirements for <em>seed
      sequence</em> don't mandate this; the respective row in table&nbsp;11=
5 says about
      <code>q.generate(rb,&nbsp;re)</code> (emphasis added):
        Does nothing if <code>rb&nbsp;=3D=3D&nbsp;re</code>.  Otherwise, fi=
lls the supplied sequence
        <code>[rb,&nbsp;re)</code> with 32-bit quantities that depend on th=
e sequence supplied to the constructor
        <strong>and possibly also depend on the history of <code>generate</=
code>'s previous invocations</strong>.
      Therefore, the author believes that it is not intended by the current=
 standard that the following code should be
      guaranteed to work.
<pre>template &lt;typename RandEngT, typename SeedSeqT&gt;
  <span class=3D"comment">// requires(RandomNumberEngine(RandEngT) &amp;&am=
p; SeedSequence(SeedSeqT))</span>
test(RandEngT&amp; engine, SeedSeqT&amp; seedseq)
  assert(engine =3D=3D RandEngT {seedseq});  <span class=3D"comment">// mig=
ht fire</span>
      Regardless of whether this proposal will be adopted, the wording in t=
able&nbsp;117 should be updated to make it
      clear that calling <code>seed</code> puts the engine into the same st=
ate as calling the corresponding constructor
      but not create the impression that the <code>assert</code>ion in the =
above example would necessarily hold.
    <h3 id=3D"sec-deprecation">3.2 Deprecation of Existing Features</h3>
      It is not proposed that any existing library features be deprecated.
      Possible candidates for deprecation could be
        <code>std::random_device::operator()</code> and
        the overload of <code>E::seed</code> that takes a single value of t=
ype <code>E::result_type</code> and the
        corresponding constructor of a <em>random number engine</em> <code>=
      The <code>operator()</code> of <code>std::random_device</code> should=
 definitely stay and not be deprecated.
      <code>std::random_device</code> meets the requirements of <em>uniform=
 random number generator</em> and as such
      needs that function.  Its presence is also not the root cause of the =
problem this proposal sets out to solve.  The
      problem is not how the integer is obtained but that using a single in=
teger as a seed is insufficient.
      Deprecating <code>E::seed</code> overloaded for <code>E::result_type<=
/code> and the corresponding constructor
      would be more sensible because those functions actually encourage poo=
rly seeding random number engines.  On the
      other hand, they remain useful in situations where people want to har=
d-code a specific seed (such as in
      <code>std::mt19937&nbsp;{42}</code>) and don't really care about unif=
ormly choosing an initial state from the
      entire state-space of the engine.
    <h2 id=3D"sec-design-decisions">4. Design Decisions</h2>
    <h3 id=3D"sec-alt-solutions">4.1 Alternative Solutions</h3>
      The proposed solution falls into two parts:
        relaxing the type requirements on the <code>seed</code> member func=
tion and
        making <code>std::random_device</code> comply with these relaxed re=
      The author is not aware of any substantially different alternative so=
lution regarding the relaxation of the type
      requirements.  This is confirmed by the observation that O'Neill&nbsp=
;[<a href=3D"#ref-01">1</a>] has independently
      suggested the same change back in April 2015.
    <h4 id=3D"sec-alt-adapter">4.1.1 Provide a Generic Adapter Type instead=
 of Modifying <code>std::random_device</code></h4>
      Instead of adding a member function to <code>std::random_device</code=
>, a new adapter type could be provided that
      would turn any <em>uniform random number generator</em> into a <em>se=
ed generator</em>.  This would have the
      advantage that one could also use, say, a <code>std::mt19937</code> e=
ngine to seed another <code>std::ranlux24</code>
      engine.  (However useful that may be.)  On the other hand, it would r=
equire more typing for the common case of
      seeding any random engine with a <code>std::random_device</code> as t=
he temporary adapter object would have to be
      created.  Such an adapter could also not take advantage of the size o=
f the range being known ahead of time.
      Anyway, here is a suggestion for this alternative.
    <pre>template &lt;typename UrngT&gt;
  <span class=3D"comment">// requires(UniformRandomNumberGenerator(UrngT))<=
class seed_gen


  UrngT urng_;


  template &lt;typename... ArgTs&gt;
  seed_gen(ArgTs&amp;&amp;... args) : urng_ {std::forward&lt;ArgTs&gt;(args=

  template &lt;typename FwdIterT&gt;
    <span class=3D"comment">// requires(ForwardIterator(FwdIterT)</span>
    <span class=3D"comment">//          &amp;&amp; Assignable(FwdIterT::val=
ue_type, std::uint32_t))</span>
  generate(const FwdIterT first, const FwdIterT last)
    std::uniform_int_distribution&lt;std::uint32_t&gt; dist {};
    std::generate(first, last, [this, &amp;dist](){ return dist(urng_); });

      It would then be used like this.
    <pre>std::seed_gen&lt;std::random_device&gt; generator {};
std::mt19937 engine {generator};
std::cout &lt;&lt; engine() &lt;&lt; '\n';</pre>
    <h4 id=3D"sec-int-types">4.1.2 Integer Types</h4>
      Another minor design variation would be to require
      <code>std::random_device::generate</code> to not assign 32&nbsp;bit v=
alues to each element in the range but rather
      set all bits of the dereferenced iterator to independently chosen ran=
dom values.  This would be a more natural
      (and, in many contexts, more useful) behavior but it wouldn't be comp=
atible with the existing specification
      of <em>seed sequence</em>.  Therefore, it seems better to stay with t=
he 32&nbsp;bit requirement.
      Conversely, <code>std::random_device</code>'s <code>result_type</code=
> could be changed to
      <code>std::uint32_t</code> and its <code>operator()</code> be require=
d to produce values in the range [0,
      2<sup>32</sup>).  This would integrate better with the other faciliti=
es but could potentially break existing
      (brittle) code (on exotic platforms) in subtle ways.  It could also a=
ffect performance adversely on platforms
      where <code>std::random_device::operator()</code> is implemented via =
a special hardware instruction and the result
      of that instruction is not a 32&nbsp;bit value.
    <h3 id=3D"sec-shortcomings">4.2 Shortcomings</h3>
      A known minor shortcoming of the proposed solution is that the <code>=
seed</code> function (and corresponding
      constructor) would have to take their argument by non-<code>const</co=
de> reference, so a temporary cannot bind to
      it which means that it is not possible to write the following code.
    <pre>auto engine =3D std::mt19937 {std::random_device {}};  <span class=
=3D"comment">// won't compile</span></pre>
      Instead, one has to write the slightly more verbose
    <pre>std::random_device device {};
auto engine =3D std::mt19937 {device};</pre>
      which leaves the <code>std::random_device</code> in scope longer than=
 necessary.  Since it can be quite large and
      might hold an open file handle, this is potentially undesirable.  To =
avoid this, a lambda can be used.
    <pre>auto engine =3D [](){
  std::random_device device {};  <span class=3D"comment">// Only lives as l=
ong as the lambda&hellip;</span>
  return std::mt19937 {device};  <span class=3D"comment">// &hellip;and the=
 copy is hopefully elided.</span>
    <h3 id=3D"sec-impact-stdlib-impl">4.3 Impact on Standard Library Implem=
      Little to no code should be required to change in the implementations=
 of the random engines.  A quick glance over
      the code of <code>libstdc++</code>&nbsp;[<a href=3D"#ref-03">3</a>] (=
GCC) and
      <code>libc++</code>&nbsp;[<a href=3D"#ref-04">4</a>] (Clang) has show=
n that there are no changes required for
      <code>libstdc++</code> and all that is needed for <code>libc++</code>=
 is removing or weakening the concept check.
      The to-be-added <code>generate</code> member function of <code>std::r=
andom_device</code> could be implemented in a
      compliant but na&iuml;ve way like this.
    <pre>template &lt;typename RandIterT&gt;
  <span class=3D"comment">// requires(RandomAccessIterator(RandIterT)</span>
  <span class=3D"comment">//          &amp;&amp; Unsigned(RandIterT::value_=
  <span class=3D"comment">//          &amp;&amp; (std::numeric_limits&lt;Ra=
ndIterT::value_type&gt;::digits &gt;=3D 32))</span>
random_device::generate(const RandIterT first, const RandIterT last)
  std::uniform_int_distribution&lt;std::uint32_t&gt; dist {};
  std::generate(first, last, [this, &amp;dist](){ return dist(*this); });
      Implementers will probably be interested to provide optimizations for=
 the case that <code>RandIterT</code> is a
      pointer or can be converted to a pointer (such as
      <code>std::vector&lt;unsigned&gt;::iterator_type</code>) so that inst=
ead of calling
      <code>(*this)()</code> for each element, they can fill in all bytes a=
t once if reading from a file
      like <code>/dev/urandom</code>.  Care has to be taken to handle the c=
ase where <code>sizeof(RandIterT::value_type)
      &gt; sizeof(std::uint32_t)</code> correctly.  This enhanced <code>std=
::random_device</code> could be useful in
      other contexts, too.
      It is worth mentioning that merely adding a member function does not =
break binary compatibility of existing code
      that uses <code>std::random_device</code>.
    <h3 id=3D"sec-implementations">4.4 Implementations</h3>
      A patch to implement this proposal for <code>libstdc++</code> can be =
found on the author's
      website&nbsp;[<a href=3D"#ref-07">7</a>] and will be continuously upd=
    <h2 id=3D"sec-prop-word">5. Proposed Wording</h2>
      All proposed changes to the standard mentioned in this section are re=
lative to N4140.
      Add a new section before the existing =C2=A7&nbsp; [rand.req.=
seeseq] to define
      <em>seed generator</em>.
        <strong>Seed generator requirements [rand.req.seedgen]</strong>
        A <em>seed generator</em> is an object that produces a requested nu=
mber of unsigned integer values <var>i</var>
        with 0 &le; <var>i</var> &lt; 2<sup>32</sup>.  The generated number=
s may be obtained from a non-deterministic
        source of entropy.
        A class <code>S</code> satisfies the requirements of a seed generat=
or if the expressions shown in the below
        table are valid and have the indicated semantics and if <code>S</co=
de> also satisfies all other requirements of
        this section.  In that table and throughout this section:
      <ol style=3D"list-style-type: lower-alpha">
          <code>T</code> is the type named by <code>S</code>'s associated
          <code>q</code> is a value of <code>S</code>;
          <code>rb</code> and <code>re</code> are mutable random access ite=
rators with an unsigned
          integer <code>value_type</code> of at least 32&nbsp;bits.
      <table border=3D"1" cellspacing=3D"0" cellpadding=3D"5">
          <th><p>Return type</p></th>
              <code>T</code> is an unsigned integer type of at least 32 bit=
              Does nothing if <code>rb&nbsp;=3D=3D&nbsp;re</code>.  Otherwi=
se, fills the supplied sequence
              [<code>rb</code>,&nbsp;<code>re</code>) with 32-bit quantitie=
s in a possibly non-deterministic way.
      <p><!-- phantom space --></p>
      In the existing section =C2=A7&nbsp; [rand.req.seedseq], chan=
ge the beginning of the second paragraph as
      A class <code>S</code> satisfies the requirements of a seed sequence =
if it satisfies the requirements of a seed
      generator and in addition, the expressions [&hellip;]
      In the current table 115, remove the first (<code>S::result_type</cod=
      and the fifth (<code>q.generate(rb,&nbsp;re)</code>) row which will
      already be covered by the <em>seed generator</em> requirements.
      In section 26.5.6 [rand.device], add the following sentence at the en=
d of the first paragraph.
        It also meets the requirements of a seed generator.
      Add the following declaration to the <code>class</code> overview of <=
code>std::random_device</code> right after
      the <code>operator()</code> under the <q>generating functions</q> sec=
      <pre>template &lt;typename RandIterT&gt; void generate(RandIterT firs=
t, RandIterT last);</pre>
      After paragraph 7 of the same section, add the following specificatio=
      <pre>template &lt;typename RandIterT&gt; void generate(RandIterT firs=
t, RandIterT last);</pre>
        <em>Requires:</em> <code>RandIterT</code> must meet the requirement=
s of random access iterator and
        its <code>value_type</code> must be an unsigned integer of at least=
        <em>Effects:</em> Assigns non-deterministic 32 bit random values un=
iformly distributed over the interval [0,
        2<sup>32</sup>) to the elements in the sequence [<code>first</code>=
,&nbsp;<code>last</code>).  This function
        behaves as if it were implemented by the following code.
<pre>uniform_int_distribution&lt;uint32_t&gt; dist {};
generate(first, last, [this, &amp;dist](){ return dist(*this); });</pre>
        <em>Throws:</em> A value of an implementation-defined type derived =
from <code>exception</code> if a random
        number could not be obtained.  It is unspecified in this case what =
and whether any values have been assigned to
        the elements in the range.
      Replace section&nbsp; [rand.req.eng] paragraph&nbsp;4 letter&=
nbsp;d by the following sentence with the
      appropriate cross-reference to the section defining the requirements =
of <em>seed generator</em>.
        <code>q</code> is an lvalue satisfying the requirements of a seed g=
      Re-structure the first seven rows of the current table&nbsp;117 as fo=
llows.  It is believed that this preserves
      the intended meaning of the current wording but avoids confusion.
      <p><!-- phantom space --></p>
      <table border=3D"1" cellspacing=3D"0" cellpadding=3D"5">
          <th><p>Return type</p></th>
              Creates an engine with the same initial state as all other de=
fault-constructed engines of type
          <td><p><var>&Omicron;</var>(size of state)</p></td>
              Creates an engine that compares equal to <code>x</code>.
          <td><p><var>&Omicron;</var>(size of state)</p></td>
              Creates an engine with an initial state as if by first defaul=
t-constructing the engine and then calling
              <code>seed(s)</code> on it.
          <td><p>no worse than <code>E()</code> followed by <code>seed(s)</=
              Creates an engine with an initial state as if by first defaul=
t-constructing the engine and then calling
              <code>seed(q)</code> on it.
          <td><p>no worse than <code>E()</code> followed by <code>seed(q)</=
            <p>Puts the engine into the same state as a default-constructed=
 engine of type <code>E</code>.</p>
          <td><p><var>&Omicron;</var>(size of state)</p></td>
              Puts the egine into a state determined by <code>s</code>. [&n=
bsp;<em>Note:</em> For engines with an
              internal state larger than <code>sizeof(s)</code>, there will=
 be impossible states after calling this
              function. &mdash;&nbsp;<em>end note</em>&nbsp;]
          <td><p><var>&Omicron;</var>(size of state)</p></td>
              Puts the engine into a state that depends on a sequence produ=
ced by one call to <code>q.generate</code>
              for a range of the size of the engine's state.
              same as complexity of <code>q.generate</code> called on a ran=
ge of the size of the engine's state
      <p><!-- phantom space --></p>
    <h2 id=3D"sec-acknowledgments">Acknowledgments</h2>
      Melissa O'Neill has written a series of remarkable blog posts that di=
scuss the problems with seeding random
      engines in-depth.  Although not the initial motivation for the author=
 of this proposal, that blog post provided
      valuable theoretical and experimental support and the fact that its a=
uthor had independently suggested basically
      the same addition to the standard library was very affirming.
      The discussions with the principal author of <code>&lt;random&gt;</co=
de>, Walter Brown, were very enlightening and
      helped the author a lot figuring out the final details of the proposa=
      Nicol Bolas, Zhihao Yuan and Seth Cantrell have provided valuable fee=
dback on the
      <code></code> mailing list.
      Baum mit Augen's shared experience of struggling to properly seed a <=
code>std::mt19937</code> from
      a <code>std::random_device</code> and the following discussion with D=
eduplicator (out of which came an earlier
      version of the code for <code>seed_non_deterministically_2nd</code>) =
were part of the motivation for writing this
      proposal&nbsp;[<a href=3D"#ref-06">6</a>].
    <h2 id=3D"sec-references">References</h2>
    <ol class=3D"references">
      <li id=3D"ref-01">
        Melissa O'Neill,
        <em>C++ Seeding Surprises.</em>  2015-04-16,
        <a href=3D"
      <li id=3D"ref-02">
        Nicol Bolas, via <code></code>, 2016-01-03,
        <a href=3D"
      <li id=3D"ref-03">
        The <code>libc++</code> C++ Standard Library,
        <a href=3D""></a>
      <li id=3D"ref-04">
        The GNU Standard C++ Library Version&nbsp;3,
        <a href=3D"">
      <li id=3D"ref-05">
        Walter Brown,
        <em>Three <code>&lt;random&gt;</code> related Proposals.</em>
        N3547, 2013-03-12,
        <a href=3D"
      <li id=3D"ref-06">
        <q>Seed <code>std::mt19937</code> from <code>std::random_device</co=
        in: <em>Code Review</em>,
        <a href=3D"">http://cod=</a>
      <li id=3D"ref-07">
        <a href=3D""=



Author: Myriachan <>
Date: Thu, 11 Feb 2016 11:08:36 -0800 (PST)
Raw View
Content-Type: multipart/alternative;

Content-Type: text/plain; charset=UTF-8

Wouldn't this encourage the use of std::random_device, typically
implemented as a cryptographically-secure random number generator, to seed
an algorithm that is not cryptographically-secure, possibly making unaware
programmers believe that they are doing correct procedures for generating

There's nothing wrong with using std::random_device to seed a typical
random number generator, so long as you're aware that the result should not
be considered secure for cryptography.


On Wednesday, February 10, 2016 at 10:09:49 AM UTC-8, Moritz Klammler wrote:
> Attached is my final draft for the proposal.  My plans are to formally
> submit it tomorrow.  Until then, I can still apply last-minute fixes but
> given how little time is left, I know that this is unrealistic.
> There is also an implementation of the proposal available now:
> Thank you to all who have provided feedback so far.


You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at

Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Wouldn&#39;t this encourage the use of std::random_device,=
 typically implemented as a cryptographically-secure random number generato=
r, to seed an algorithm that is not cryptographically-secure, possibly maki=
ng unaware programmers believe that they are doing correct procedures for g=
enerating keys?<br><br>There&#39;s nothing wrong with using std::random_dev=
ice to seed a typical random number generator, so long as you&#39;re aware =
that the result should not be considered secure for cryptography.<br><br>Me=
lissa<br><br>On Wednesday, February 10, 2016 at 10:09:49 AM UTC-8, Moritz K=
lammler wrote:<blockquote class=3D"gmail_quote" style=3D"margin: 0;margin-l=
eft: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;">Attached is my f=
inal draft for the proposal. =C2=A0My plans are to formally
<br>submit it tomorrow. =C2=A0Until then, I can still apply last-minute fix=
es but
<br>given how little time is left, I know that this is unrealistic.
<br>There is also an implementation of the proposal available now:
<br>=C2=A0 =C2=A0 <a href=3D"
++/p0205/" target=3D"_blank" rel=3D"nofollow" onmousedown=3D"this.href=3D&#=
-R4hZYguKG7HLlKK3qAQUw&#39;;return true;" onclick=3D"this.href=3D&#39;http:=
KG7HLlKK3qAQUw&#39;;return true;"><wbr>computer-sci=
<br>Thank you to all who have provided feedback so far.


-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups &=
quot;ISO C++ Standard - Future Proposals&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"">std-proposa=</a>.<br />
To post to this group, send email to <a href=3D"mailto:std-proposals@isocpp="></a>.<br />
Visit this group at <a href=3D"
/</a>.<br />

