Closed Bug 1780215 Opened 3 years ago Closed 3 years ago

first two calls to Math.random have the same first 4 digits when using spidermonkey compiled to wasm

Categories

(Core :: JavaScript Engine, defect, P1)

Product:
Core
Component:
JavaScript Engine
Version:
Firefox 101
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
104 Branch
Tracking Flags:
Tracking Status
firefox104 --- fixed

People

(Reporter: me, Assigned: me)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1780215 - Use arc4random_buf within GenerateRandomBytesFromOS when compiling to wasi
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:101.0) Gecko/20100101 Firefox/101.0

Steps to reproduce:

compile spidermonkey to wasm and execute:

for (let i = 0; i < 5; i++)
    print(Math.random());

The first two calls have the same first 3 or 4 digits

This is because js::GenerateXorShift128PlusSeed wants two seed values and uses js::GenerateRandomSeed() to get those values, js::GenerateRandomSeed() tries to get values from mozilla::RandomUint64 but that is returning Nothing(), causing js::GenerateRandomSeed() to fallback to using the current time as it's return value.

Having the same value for both seeds seems to have the unintended result that the first two calls to the PRNG have the same first 3 or 4 digits.

This can be reproduced on this page which uses spidermonkey compiled to wasm https://jandem.github.io/sm-wasi/?source=for%20(let%20i%20%3D%200%3B%20i%20%3C%205%3B%20i%2B%2B)%0A%20%20%20%20print(Math.random())%3B%0A

Actual results:

The first two calls have the same first 3 or 4 digits

Expected results:

The first two calls should not have the same first 3 or 4 digits

wasi-libc provides arc4random methods - https://github.com/WebAssembly/wasi-libc/blob/7a21011e98dd9268a33f90fd282db92cbdd1b9d1/libc-top-half/musl/include/stdlib.h#L205-L213

Without this change, js::GenerateRandomSeed will fallback to using a timestamp for the random seed (https://searchfox.org/mozilla-central/rev/3e1a721bce1da3ae04675539b39a4e95b25a046d/js/src/jsmath.cpp#491-494) which is used as both seed values within the PRNG(https://searchfox.org/mozilla-central/rev/3e1a721bce1da3ae04675539b39a4e95b25a046d/js/src/jsmath.cpp#501-502) - having the same value for both seeds seems to cause the first two PRNG calls to produce the same first 4 decimal places.

This change stops the timestamp fallback from being used when compiling to wasm/wasi which avoids this issue.

The Bugbug bot thinks this bug should belong to the 'Core::JavaScript: WebAssembly' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → JavaScript: WebAssembly
Product: Firefox → Core
Component: JavaScript: WebAssembly → JavaScript Engine
Blocks: sm-wasi
Severity: -- → S3
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P1
Attachment #9286050 - Attachment description: WIP: Bug 1780215 - Use arc4random_buf within GenerateRandomBytesFromOS when compiling to wasi → Bug 1780215 - Use arc4random_buf within GenerateRandomBytesFromOS when compiling to wasi
Assignee: nobody → me
Status: NEW → ASSIGNED
Pushed by jdemooij@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/97bac5fe1880 Use arc4random_buf within GenerateRandomBytesFromOS when compiling to wasi r=jandem

https://hg.mozilla.org/mozilla-central/rev/97bac5fe1880

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox104: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 104 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: