fix: workaround a libstdc++ on random_device (#208)

On fairly recent versions of libstdc++ the `std::random_device` class
fails when used by multiple threads:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94087

We workaround this problem by detecting the version of the standard C++
library, and if it is `libstdc++` and it is a version after 20200128
then we use `rdrand` as the token value to initialize
`std::random_device`, which does not have the problem with multiple
threads.

Author: coryan

google/cloud/internal/random.cc

@@ -13,11 +13,66 @@
 // limitations under the License.
 
 #include "google/cloud/internal/random.h"
+#include <algorithm>
+#include <limits>
 
 namespace google {
 namespace cloud {
 inline namespace GOOGLE_CLOUD_CPP_NS {
 namespace internal {
+std::vector<unsigned int> FetchEntropy(std::size_t desired_bits) {
+  // We use the default C++ random device to generate entropy.  The quality of
+  // this source of entropy is implementation-defined:
+  //     http://en.cppreference.com/w/cpp/numeric/random/random_device/random_device
+  // However, in all the platforms we care about, this seems to be a reasonably
+  // non-deterministic source of entropy.
+  //
+  // On Linux with libstdc++ (the most common library on Linux) is based on
+  // either `/dev/urandom`, or (if available) the RDRAND [1], or the RDSEED [1]
+  // CPU instructions.
+  //
+  // On Linux with libc++ the default seems to be using `/dev/urandom`, but the
+  // library could have been compiled [2] to use `getentropy(3)` [3],
+  // `arc4random()` [4], or even `nacl` [5]. It does not seem like the library
+  // uses the RDRAND or RDSEED instructions directly. In any case, it seems that
+  // all the choices are good entropy sources.
+  //
+  // With MSVC the documentation says that the numbers are not deterministic,
+  // and cryptographically secure, but no further details are available:
+  //     https://docs.microsoft.com/en-us/cpp/standard-library/random-device-class
+  //
+  // On macOS the library is libc++ implementation so the previous comments
+  // apply.
+  //
+  // One would want to simply pass a `std::random_device` to the constructor for
+  // the random bit generators, but the C++11 approach is annoying, see this
+  // critique for the details:
+  //     http://www.pcg-random.org/posts/simple-portable-cpp-seed-entropy.html
+  //
+  // [1]: https://en.wikipedia.org/wiki/RDRAND
+  // [2]: https://github.com/llvm-mirror/libcxx/blob/master/src/random.cpp
+  // [3]: http://man7.org/linux/man-pages/man3/getentropy.3.html
+  // [4]: https://linux.die.net/man/3/arc4random
+  // [5]: https://en.wikipedia.org/wiki/NaCl_(software)
+  //
+#if defined(__GLIBCXX__) && __GLIBCXX__ >= 20200128
+  // Workaround for a libstd++ bug:
+  //     https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94087
+  // we cannot simply use `rdrand` everywhere because this is library and
+  // version specific, i.e., other standard C++ libraries do not support
+  // `rdrand`, and even older versions of libstdc++ do not support `rdrand`.
+  std::random_device rd("rdrand");
+#else
+  std::random_device rd;
+#endif  // defined(__GLIBCXX__) && __GLIBCXX__ >= 20200128
+
+  auto constexpr kWordSize = std::numeric_limits<unsigned int>::digits;
+  auto const n = (desired_bits + kWordSize - 1) / kWordSize;
+  std::vector<unsigned int> entropy(n);
+  std::generate(entropy.begin(), entropy.end(), [&rd]() { return rd(); });
+  return entropy;
+}
+
 std::string Sample(DefaultPRNG& gen, int n, std::string const& population) {
   std::uniform_int_distribution<std::size_t> rd(0, population.size() - 1);
 

google/cloud/internal/random.h

@@ -16,13 +16,17 @@
 #define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_INTERNAL_RANDOM_H
 
 #include "google/cloud/version.h"
-#include <algorithm>
 #include <random>
 
 namespace google {
 namespace cloud {
 inline namespace GOOGLE_CLOUD_CPP_NS {
 namespace internal {
+/**
+ * Retrieve at least @p desired_bits of entropy from `std::random_device`.
+ */
+std::vector<unsigned int> FetchEntropy(std::size_t desired_bits);
+
 // While std::mt19937_64 is not the best PRNG ever, it is fairly good for
 // most purposes.  Please read:
 //    http://www.pcg-random.org/
@@ -35,34 +39,14 @@ using DefaultPRNG = std::mt19937_64;
  */
 template <typename Generator>
 Generator MakePRNG() {
-  // We use the default C++ random device to generate entropy.  The quality of
-  // this source of entropy is implementation-defined. The version in
-  // Linux with libstdc++ (the most common library on Linux) it is based on
-  // either `/dev/urandom`, or (if available) the RDRAND CPU instruction.
-  //     http://en.cppreference.com/w/cpp/numeric/random/random_device/random_device
-  // On Linux with libc++ it is also based on `/dev/urandom`, but it is not
-  // known if it uses the RDRND CPU instruction (though `/dev/urandom` does).
-  // On Windows the documentation says that the numbers are not deterministic,
-  // and cryptographically secure, but no further details are available:
-  //     https://docs.microsoft.com/en-us/cpp/standard-library/random-device-class
-  // One would want to simply pass this object to the constructor for the
-  // generator, but the C++11 approach is annoying, see this critique for
-  // the details:
-  //     http://www.pcg-random.org/posts/simple-portable-cpp-seed-entropy.html
-  // Instead we will do a lot of work below.
-  std::random_device rd;
-
   // We need to get enough entropy to fully initialize the PRNG, that depends
   // on the size of its state.  The size in bits is `Generator::state_size`.
   // We convert that to the number of `unsigned int` values; as this is what
   // std::random_device returns.
-  auto const S =
-      Generator::state_size *
-      (Generator::word_size / std::numeric_limits<unsigned int>::digits);
+  auto const desired_bits = Generator::state_size * Generator::word_size;
 
   // Extract the necessary number of entropy bits.
-  std::vector<unsigned int> entropy(S);
-  std::generate(entropy.begin(), entropy.end(), [&rd]() { return rd(); });
+  auto const entropy = FetchEntropy(desired_bits);
 
   // Finally, put the entropy into the form that the C++11 PRNG classes want.
   std::seed_seq seq(entropy.begin(), entropy.end());

google/cloud/internal/random_test.cc

@@ -14,10 +14,12 @@
 
 #include "google/cloud/internal/random.h"
 #include <gmock/gmock.h>
+#include <future>
+#include <vector>
 
 using namespace google::cloud::internal;
 
-TEST(BenchmarksRandom, Basic) {
+TEST(Random, Basic) {
   // This is not a statistical test for PRNG, basically we want to make
   // sure that MakeDefaultPRNG uses different seeds, or at least creates
   // different series:
@@ -29,3 +31,38 @@ TEST(BenchmarksRandom, Basic) {
   std::string s1 = gen_string();
   EXPECT_NE(s0, s1);
 }
+
+#if GOOGLE_CLOUD_CPP_HAVE_EXCEPTIONS
+/**
+ * @test verify that multiple threads can call MakeDefaultPRNG() simultaneously.
+ *
+ * This test verifies our code works around a bug in libstdc++:
+ *     https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94087
+ * When this bug is triggered, the standard library throws an exception and
+ * the test would just crash (or not compile, as we use EXPECT_NO_THROW). It is
+ * simpler to compile the test only when exceptions are enabled.
+ */
+TEST(Random, Threads) {
+  auto constexpr kNumWorkers = 64;
+  auto constexpr kIterations = 100;
+  std::vector<std::future<int>> workers(kNumWorkers);
+
+  std::generate_n(workers.begin(), workers.size(), [&] {
+    return std::async(std::launch::async, [&] {
+      for (auto i = 0; i != kIterations; ++i) {
+        auto g = MakeDefaultPRNG();
+        (void)g();
+      }
+      return kIterations;
+    });
+  });
+
+  int count = 0;
+  for (auto& f : workers) {
+    SCOPED_TRACE("testing with worker " + std::to_string(count++));
+    int result = 0;
+    EXPECT_NO_THROW(result = f.get());
+    EXPECT_EQ(result, kIterations);
+  }
+}
+#endif  // GOOGLE_CLOUD_CPP_HAVE_EXCEPTIONS