diff options
| author | Gregory Maxwell <greg@xiph.org> | 2013-02-15 15:27:57 -0800 |
|---|---|---|
| committer | Gregory Maxwell <greg@xiph.org> | 2013-02-18 14:13:39 -0800 |
| commit | 907a2aa4c78833ce93455567ae10ff2f506e752e (patch) | |
| tree | ac144e428ed415231c36e6580c2cf9b69d1bd821 /src/wallet.cpp | |
| parent | 2f0fa79db290d5139c27409055b2035099afa6fd (diff) | |
| download | bitcoin-907a2aa4c78833ce93455567ae10ff2f506e752e.tar.xz | |
Internal RNG for approximateBestSubset to prevent degenerate behavior.
This fixes test_bitcoin failures on openbsd reported by dhill on IRC.
On some systems rand() is a simple LCG over 2^31 and so it produces
an even-odd sequence. ApproximateBestSubset was only using the least
significant bit and so every run of the iterative solver would be the
same for some inputs, resulting in some pretty dumb decisions.
Using something other than the least significant bit would paper over
the issue but who knows what other way a system's rand() might get us
here. Instead we use an internal RNG with a period of something like
2^60 which is well behaved. This also makes it possible to make the
selection deterministic for the tests, if we wanted to implement that.
Diffstat (limited to 'src/wallet.cpp')
| -rw-r--r-- | src/wallet.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/wallet.cpp b/src/wallet.cpp index 2317ac31ac..067473d087 100644 --- a/src/wallet.cpp +++ b/src/wallet.cpp @@ -973,6 +973,8 @@ static void ApproximateBestSubset(vector<pair<int64, pair<const CWalletTx*,unsig vfBest.assign(vValue.size(), true); nBest = nTotalLower; + seed_insecure_rand(); + for (int nRep = 0; nRep < iterations && nBest != nTargetValue; nRep++) { vfIncluded.assign(vValue.size(), false); @@ -982,7 +984,13 @@ static void ApproximateBestSubset(vector<pair<int64, pair<const CWalletTx*,unsig { for (unsigned int i = 0; i < vValue.size(); i++) { - if (nPass == 0 ? rand() % 2 : !vfIncluded[i]) + //The solver here uses a randomized algorithm, + //the randomness serves no real security purpose but is just + //needed to prevent degenerate behavior and it is important + //that the rng fast. We do not use a constant random sequence, + //because there may be some privacy improvement by making + //the selection random. + if (nPass == 0 ? insecure_rand()&1 : !vfIncluded[i]) { nTotal += vValue[i].first; vfIncluded[i] = true; |