# rand.3erl - Man Page

Pseudo random number generation.

## Description

This module provides a pseudo random number generator. The module contains a number of algorithms. The uniform distribution algorithms are based on the Xoroshiro and Xorshift algorithms by Sebastiano Vigna. The normal distribution algorithm uses the Ziggurat Method by Marsaglia and Tsang on top of the uniform distribution algorithm.

For most algorithms, jump functions are provided for generating non-overlapping sequences for parallel computations. The jump functions perform calculations equivalent to perform a large number of repeated calls for calculating new states, but execute in a time roughly equivalent to one regular iteration per generator bit.

At the end of this module documentation there are also some niche algorithms to be used without this module's normal plug-in framework API that may be useful for special purposes like short generation time when quality is not essential, for seeding other generators, and such.

The following algorithms are provided:

*exsss*:Xorshift116**, 58 bits precision and period of 2^116-1

Jump function: equivalent to 2^64 calls

This is the Xorshift116 generator combined with the StarStar scrambler from the 2018 paper by David Blackman and Sebastiano Vigna: Scrambled Linear Pseudorandom Number Generators

The generator does not need 58-bit rotates so it is faster than the Xoroshiro116 generator, and when combined with the StarStar scrambler it does not have any weak low bits like*exrop*(Xoroshiro116+).

Alas, this combination is about 10% slower than*exrop*, but is despite that the*default algorithm*thanks to its statistical qualities.*exro928ss*:Xoroshiro928**, 58 bits precision and a period of 2^928-1

Jump function: equivalent to 2^512 calls

This is a 58 bit version of Xoroshiro1024**, from the 2018 paper by David Blackman and Sebastiano Vigna: Scrambled Linear Pseudorandom Number Generators that on a 64 bit Erlang system executes only about 40% slower than the*defaultexsssalgorithm*but with much longer period and better statistical properties, but on the flip side a larger state.

Many thanks to Sebastiano Vigna for his help with the 58 bit adaption.*exrop*:Xoroshiro116+, 58 bits precision and period of 2^116-1

Jump function: equivalent to 2^64 calls

*exs1024s*:Xorshift1024*, 64 bits precision and a period of 2^1024-1

Jump function: equivalent to 2^512 calls

*exsp*:Xorshift116+, 58 bits precision and period of 2^116-1

Jump function: equivalent to 2^64 calls

This is a corrected version of the previous*default algorithm*, that now has been superseded by Xoroshiro116+ (*exrop*). Since there is no native 58 bit rotate instruction this algorithm executes a little (say < 15%) faster than*exrop*. See the algorithms' homepage.

The current *default algorithm* is *exsss* (Xorshift116**). If a specific algorithm is required, ensure to always use *seed/1* to initialize the state.

Which algorithm that is the default may change between Erlang/OTP releases, and is selected to be one with high speed, small state and "good enough" statistical properties.

Undocumented (old) algorithms are deprecated but still implemented so old code relying on them will produce the same pseudo random sequences as before.

**Note:**

There were a number of problems in the implementation of the now undocumented algorithms, which is why they are deprecated. The new algorithms are a bit slower but do not have these problems:

Uniform integer ranges had a skew in the probability distribution that was not noticable for small ranges but for large ranges less than the generator's precision the probability to produce a low number could be twice the probability for a high.

Uniform integer ranges larger than or equal to the generator's precision used a floating point fallback that only calculated with 52 bits which is smaller than the requested range and therefore were not all numbers in the requested range even possible to produce.

Uniform floats had a non-uniform density so small values i.e less than 0.5 had got smaller intervals decreasing as the generated value approached 0.0 although still uniformly distributed for sufficiently large subranges. The new algorithms produces uniformly distributed floats on the form N * 2.0^(-53) hence equally spaced.

Every time a random number is requested, a state is used to calculate it and a new state is produced. The state can either be implicit or be an explicit argument and return value.

The functions with implicit state use the process dictionary variable *rand_seed* to remember the current state.

If a process calls *uniform/0*, *uniform/1* or *uniform_real/0* without setting a seed first, *seed/1* is called automatically with the *default algorithm* and creates a non-constant seed.

The functions with explicit state never use the process dictionary.

*Examples:*

Simple use; creates and seeds the *default algorithm* with a non-constant seed if not already done:

R0 = rand:uniform(), R1 = rand:uniform(),

Use a specified algorithm:

_ = rand:seed(exs928ss), R2 = rand:uniform(),

Use a specified algorithm with a constant seed:

_ = rand:seed(exs928ss, {123, 123534, 345345}), R3 = rand:uniform(),

Use the functional API with a non-constant seed:

S0 = rand:seed_s(exsss), {R4, S1} = rand:uniform_s(S0),

Textbook basic form Box-Muller standard normal deviate

R5 = rand:uniform_real(), R6 = rand:uniform(), SND0 = math:sqrt(-2 * math:log(R5)) * math:cos(math:pi() * R6)

Create a standard normal deviate:

{SND1, S2} = rand:normal_s(S1),

Create a normal deviate with mean -3 and variance 0.5:

{ND0, S3} = rand:normal_s(-3, 0.5, S2),

**Note:**

The builtin random number generator algorithms are not cryptographically strong. If a cryptographically strong random number generator is needed, use something like *crypto:rand_seed/0*.

For all these generators except *exro928ss* and *exsss* the lowest bit(s) has got a slightly less random behaviour than all other bits. 1 bit for *exrop* (and *exsp*), and 3 bits for *exs1024s*. See for example the explanation in the Xoroshiro128+ generator source code:

Beside passing BigCrush, this generator passes the PractRand test suite up to (and included) 16TB, with the exception of binary rank tests, which fail due to the lowest bit being an LFSR; all other bits pass all tests. We suggest to use a sign test to extract a random Boolean value.

If this is a problem; to generate a boolean with these algorithms use something like this:

(rand:uniform(256) > 128) % -> boolean()

((rand:uniform(256) - 1) bsr 7) % -> 0 | 1

For a general range, with *N = 1* for *exrop*, and *N = 3* for *exs1024s*:

(((rand:uniform(Range bsl N) - 1) bsr N) + 1)

The floating point generating functions in this module waste the lowest bits when converting from an integer so they avoid this snag.

## Data Types

builtin_alg()= exsss | exro928ss | exrop | exs1024s | exsp | exs64 | exsplus | exs1024 | dummy

alg()= builtin_alg() | atom()

alg_handler()= #{type := alg(), bits => integer() >= 0, weak_low_bits => integer() >= 0, max => integer() >= 0, next := fun((alg_state()) -> {integer() >= 0, alg_state()}), uniform => fun((state()) -> {float(), state()}), uniform_n => fun((integer() >= 1, state()) -> {integer() >= 1, state()}), jump => fun((state()) -> state())}

alg_state()= exsplus_state() | exro928_state() | exrop_state() | exs1024_state() | exs64_state() | dummy_state() | term()

state()= {alg_handler(), alg_state()}

Algorithm-dependent state.

export_state()= {alg(), alg_state()}

Algorithm-dependent state that can be printed or saved to file.

seed()= [integer()] | integer() | {integer(), integer(), integer()}

A seed value for the generator.

A list of integers sets the generator's internal state directly, after algorithm-dependent checks of the value and masking to the proper word size. The number of integers must be equal to the number of state words in the generator.

An integer is used as the initial state for a SplitMix64 generator. The output values of that is then used for setting the generator's internal state after masking to the proper word size and if needed avoiding zero values.

A traditional 3-tuple of integers seed is passed through algorithm-dependent hashing functions to create the generator's initial state.

exsplus_state()

Algorithm specific internal state

exro928_state()

Algorithm specific internal state

exrop_state()

Algorithm specific internal state

exs1024_state()

Algorithm specific internal state

exs64_state()

Algorithm specific internal state

dummy_state()= uint58()

Algorithm specific internal state

splitmix64_state()= uint64()

Algorithm specific state

uint58()= 0..288230376151711743

0 .. (2^58 - 1)

uint64()= 0..18446744073709551615

0 .. (2^64 - 1)

mwc59_state()= 1..574882961707499518

1 .. ((16#1ffb072 * 2^29 - 1) - 1)

## Plug-in Framework API

## Exports

bytes(N :: integer() >= 0) -> Bytes :: binary()

Returns, for a specified integer *N >= 0*, a *binary()* with that number of random bytes. Generates as many random numbers as required using the selected algorithm to compose the binary, and updates the state in the process dictionary accordingly.

bytes_s(N :: integer() >= 0, State :: state()) -> {Bytes :: binary(), NewState :: state()}

Returns, for a specified integer *N >= 0* and a state, a *binary()* with that number of random bytes, and a new state. Generates as many random numbers as required using the selected algorithm to compose the binary, and the new state.

export_seed() -> undefined | export_state()

Returns the random number state in an external format. To be used with *seed/1*.

export_seed_s(State :: state()) -> export_state()

Returns the random number generator state in an external format. To be used with *seed/1*.

jump() -> NewState :: state()

Returns the state after performing jump calculation to the state in the process dictionary.

This function generates a *not_implemented* error exception when the jump function is not implemented for the algorithm specified in the state in the process dictionary.

jump(State :: state()) -> NewState :: state()

Returns the state after performing jump calculation to the given state.

This function generates a *not_implemented* error exception when the jump function is not implemented for the algorithm specified in the state.

normal() -> float()

Returns a standard normal deviate float (that is, the mean is 0 and the standard deviation is 1) and updates the state in the process dictionary.

normal(Mean :: number(), Variance :: number()) -> float()

Returns a normal N(Mean, Variance) deviate float and updates the state in the process dictionary.

normal_s(State :: state()) -> {float(), NewState :: state()}

Returns, for a specified state, a standard normal deviate float (that is, the mean is 0 and the standard deviation is 1) and a new state.

normal_s(Mean :: number(), Variance :: number(), State0 :: state()) -> {float(), NewS :: state()}

Returns, for a specified state, a normal N(Mean, Variance) deviate float and a new state.

seed(AlgOrStateOrExpState :: builtin_alg() | state() | export_state()) -> state()

seed(Alg :: default) -> state()

Seeds random number generation with the specifed algorithm and time-dependent data if *AlgOrStateOrExpState* is an algorithm. *Alg = default* is an alias for the *default algorithm*.

Otherwise recreates the exported seed in the process dictionary, and returns the state. See also *export_seed/0*.

seed(Alg :: builtin_alg(), Seed :: seed()) -> state()

seed(Alg :: default, Seed :: seed()) -> state()

Seeds random number generation with the specified algorithm and integers in the process dictionary and returns the state. *Alg = default* is an alias for the *default algorithm*.

seed_s(AlgOrStateOrExpState :: builtin_alg() | state() | export_state()) -> state()

seed_s(Alg :: default) -> state()

Seeds random number generation with the specifed algorithm and time-dependent data if *AlgOrStateOrExpState* is an algorithm. *Alg = default* is an alias for the *default algorithm*.

Otherwise recreates the exported seed and returns the state. See also *export_seed/0*.

seed_s(Alg :: builtin_alg(), Seed :: seed()) -> state()

seed_s(Alg :: default, Seed :: seed()) -> state()

Seeds random number generation with the specified algorithm and integers and returns the state. *Alg = default* is an alias for the *default algorithm*.

uniform() -> X :: float()

Returns a random float uniformly distributed in the value range *0.0 =< X < 1.0* and updates the state in the process dictionary.

The generated numbers are on the form N * 2.0^(-53), that is; equally spaced in the interval.

**Warning:**

This function may return exactly *0.0* which can be fatal for certain applications. If that is undesired you can use *(1.0 - rand:uniform())* to get the interval *0.0 < X =< 1.0*, or instead use *uniform_real/0*.

If neither endpoint is desired you can test and re-try like this:

my_uniform() -> case rand:uniform() of 0.0 -> my_uniform(); X -> X end end.

uniform_real() -> X :: float()

Returns a random float uniformly distributed in the value range *DBL_MIN =< X < 1.0* and updates the state in the process dictionary.

Conceptually, a random real number *R* is generated from the interval *0 =< R < 1* and then the closest rounded down normalized number in the IEEE 754 Double precision format is returned.

**Note:**

The generated numbers from this function has got better granularity for small numbers than the regular *uniform/0* because all bits in the mantissa are random. This property, in combination with the fact that exactly zero is never returned is useful for algorithms doing for example *1.0 / X* or *math:log(X)*.

See *uniform_real_s/1* for more explanation.

uniform(N :: integer() >= 1) -> X :: integer() >= 1

Returns, for a specified integer *N >= 1*, a random integer uniformly distributed in the value range *1 =< X =< N* and updates the state in the process dictionary.

uniform_s(State :: state()) -> {X :: float(), NewState :: state()}

Returns, for a specified state, random float uniformly distributed in the value range *0.0 =< X < 1.0* and a new state.

The generated numbers are on the form N * 2.0^(-53), that is; equally spaced in the interval.

**Warning:**

This function may return exactly *0.0* which can be fatal for certain applications. If that is undesired you can use *(1.0 - rand:uniform(State))* to get the interval *0.0 < X =< 1.0*, or instead use *uniform_real_s/1*.

If neither endpoint is desired you can test and re-try like this:

my_uniform(State) -> case rand:uniform(State) of {0.0, NewState} -> my_uniform(NewState); Result -> Result end end.

uniform_real_s(State :: state()) -> {X :: float(), NewState :: state()}

Returns, for a specified state, a random float uniformly distributed in the value range *DBL_MIN =< X < 1.0* and updates the state in the process dictionary.

Conceptually, a random real number *R* is generated from the interval *0 =< R < 1* and then the closest rounded down normalized number in the IEEE 754 Double precision format is returned.

**Note:**

The generated numbers from this function has got better granularity for small numbers than the regular *uniform_s/1* because all bits in the mantissa are random. This property, in combination with the fact that exactly zero is never returned is useful for algorithms doing for example *1.0 / X* or *math:log(X)*.

The concept implicates that the probability to get exactly zero is extremely low; so low that this function is in fact guaranteed to never return zero. The smallest number that it might return is *DBL_MIN*, which is 2.0^(-1022).

The value range stated at the top of this function description is technically correct, but *0.0 =< X < 1.0* is a better description of the generated numbers' statistical distribution. Except that exactly 0.0 is never returned, which is not possible to observe statistically.

For example; for all sub ranges *N*2.0^(-53) =< X < (N+1)*2.0^(-53)* where *0 =< integer(N) < 2.0^53* the probability is the same. Compare that with the form of the numbers generated by *uniform_s/1*.

Having to generate extra random bits for small numbers costs a little performance. This function is about 20% slower than the regular *uniform_s/1*

uniform_s(N :: integer() >= 1, State :: state()) -> {X :: integer() >= 1, NewState :: state()}

Returns, for a specified integer *N >= 1* and a state, a random integer uniformly distributed in the value range *1 =< X =< N* and a new state.

## Niche Algorithms API

This section contains special purpose algorithms that does not use the plug-in framework API, for example for speed reasons.

Since these algorithms lack the plug-in framework support, generating numbers in a range other than the generator's own generated range may become a problem.

There are at least 3 ways to do this, assuming that the range is less than the generator's range:

**Modulo:**To generate a number

*V*in the range 0..*Range*-1:- Generate a number
*X*. - Use
*V = X rem Range*as your value.

This method uses

*rem*, that is, the remainder of an integer division, which is a slow operation.Low bits from the generator propagate straight through to the generated value, so if the generator has got weaknesses in the low bits this method propagates them too.

If

*Range*is not a divisor of the generator range, the generated numbers have a bias. Example:Say the generator generates a byte, that is, the generator range is 0..255, and the desired range is 0..99 (

*Range=100*). Then there are 3 generator outputs that produce the value 0, that is; 0, 100 and 200. But there are only 2 generator outputs that produce the value 99, which are; 99 and 199. So the probability for a value*V*in 0..55 is 3/2 times the probability for the other values 56..99.If

*Range*is much smaller than the generator range, then this bias gets hard to detect. The rule of thumb is that if*Range*is smaller than the square root of the generator range, the bias is small enough. Example:A byte generator when

*Range=20*. There are 12 (*256 div 20*) possibilities to generate the highest numbers and one more to generate a number*V*< 16 (*256 rem 20*). So the probability is 13/12 for a low number versus a high. To detect that difference with some confidence you would need to generate a lot more numbers than the generator range, 256 in this small example.- Generate a number
**Truncated multiplication:**To generate a number

*V*in the range 0..*Range*-1, when you have a generator with the range 0..2^*Bits*-1:- Generate a number
*X*. - Use
*V = X*Range bsr Bits*as your value.

If the multiplication

*X*Range*creates a bignum this method becomes very slow.High bits from the generator propagate through to the generated value, so if the generator has got weaknesses in the high bits this method propagates them too.

If

*Range*is not a divisor of the generator range, the generated numbers have a bias, pretty much as for the*Modulo*method above.- Generate a number
**Shift or mask:**To generate a number in the range 0..2^

*RBits*-1, when you have a generator with the range 0..2^*Bits*:- Generate a number
*X*. - Use
*V = X band ((1 bsl RBits)-1)*or*V = X bsr (Bits-RBits)*as your value.

Masking with

*band*preserves the low bits, and right shifting with*bsr*preserves the high, so if the generator has got weaknesses in high or low bits; choose the right operator.If the generator has got a range that is not a power of 2 and this method is used anyway, it introduces bias in the same way as for the

*Modulo*method above.- Generate a number
**Rejection:**- Generate a number
*X*. - If
*X*is in the range, use*V = X*as your value, otherwise reject it and repeat.

In theory it is not certain that this method will ever complete, but in practice you ensure that the probability of rejection is low. Then the probability for yet another iteration decreases exponentially so the expected mean number of iterations will often be between 1 and 2. Also, since the base generator is a full length generator, a value that will break the loop must eventually be generated.

- Generate a number

Chese methods can be combined, such as using the *Modulo* method and only if the generator value would create bias use *Rejection*. Or using *Shift or mask* to reduce the size of a generator value so that *Truncated multiplication* will not create a bignum.

The recommended way to generate a floating point number (IEEE 745 double, that has got a 53-bit mantissa) in the range 0..1, that is 0.0 =< *V* <1.0 is to generate a 53-bit number *X* and then use *V = X * (1.0/((1 bsl 53)))* as your value. This will create a value on the form *N**2^-53 with equal probability for every possible *N* for the range.

## Exports

splitmix64_next(AlgState :: integer()) -> {X :: uint64(), NewAlgState :: splitmix64_state()}

Returns a random 64-bit integer *X* and a new generator state *NewAlgState*, according to the SplitMix64 algorithm.

This generator is used internally in the *rand* module for seeding other generators since it is of a quite different breed which reduces the probability for creating an accidentally bad seed.

exsp_next(AlgState :: exsplus_state()) -> {X :: uint58(), NewAlgState :: exsplus_state()}

Returns a random 58-bit integer *X* and a new generator state *NewAlgState*, according to the Xorshift116+ algorithm.

This is an API function into the internal implementation of the *exsp* algorithm that enables using it without the overhead of the plug-in framework, which might be useful for time critial applications. On a typical 64 bit Erlang VM this approach executes in just above 30% (1/3) of the time for the default algorithm through this module's normal plug-in framework.

To seed this generator use *{_, AlgState} = rand:seed_s(exsp)* or *{_, AlgState} = rand:seed_s(exsp, Seed)* with a specific *Seed*.

**Note:**

This function offers no help in generating a number on a selected range, nor in generating a floating point number. It is easy to accidentally mess up the fairly good statistical properties of this generator when doing either. See the recepies at the start of this Niche algorithms API description. Note also the caveat about weak low bits that this generator suffers from. The generator is exported in this form primarily for performance.

exsp_jump(AlgState :: exsplus_state()) -> NewAlgState :: exsplus_state()

Returns a new generator state equivalent of the state after iterating over *exsp_next/1* 2^64 times.

See the description of jump functions at the top of this module description.

mwc59(CX0 :: mwc59_state()) -> CX1 :: mwc59_state()

Returns a new generator state *CX1*, according to a Multiply With Carry generator, which is an efficient implementation of a Multiplicative Congruential Generator with a power of 2 multiplier and a prime modulus.

This generator uses the multiplier 2^32 and the modulus 16#7fa6502 * 2^32 - 1, which have been selected, in collaboration with Sebastiano Vigna, to avoid bignum operations and still get good statistical quality. It can be written as:*C = CX0 bsr 32**X = CX0 band ((1 bsl 32)-1))**CX1 = 16#7fa6502 * X + C*

Because the generator uses a multiplier that is a power of 2 it gets statistical flaws for collision tests and birthday spacings tests in 2 and 3 dimensions, and even these caveats apply only to the MWC "digit", that is the low 32 bits (due to the multiplier) of the generator state.

The quality of the output value improves much by using a scrambler instead of just taking the low bits. Function *mwc59_value32* is a fast scrambler that returns a decent 32-bit number. The slightly slower *mwc59_value* scrambler returns 59 bits of very good quality, and *mwc59_float* returns a *float()* of very good quality.

The low bits of the base generator are surprisingly good, so the lowest 16 bits actually pass fairly strict PRNG tests, despite the generator's weaknesses that lie in the high bits of the 32-bit MWC "digit". It is recommended to use *rem* on the the generator state, or bit mask extracting the lowest bits to produce numbers in a range 16 bits or less. See the recepies at the start of this Niche algorithms API description.

On a typical 64 bit Erlang VM this generator executes in below 8% (1/13) of the time for the default algorithm in the plug-in framework API of this module. With the *mwc59_value32* scrambler the total time becomes 16% (1/6), and with *mwc59_value* it becomes 20% (1/5) of the time for the default algorithm. With *mwc59_float* the total time is 60% of the time for the default algorithm generating a *float()*.

**Note:**

This generator is a niche generator for high speed applications. It has a much shorter period than the default generator, which in itself is a quality concern, although when used with the value scramblers it passes strict PRNG tests. The generator is much faster than *exsp_next/1* but with a bit lower quality.

mwc59_value32(CX :: mwc59_state()) -> V :: 0..4294967295

Returns a 32-bit value *V* from a generator state *CX*. The generator state is scrambled using an 8-bit xorshift which masks the statistical imperfecions of the base generator *mwc59* enough to produce numbers of decent quality. Still some problems in 2- and 3-dimensional birthday spacing and collision tests show through.

When using this scrambler it is in general better to use the high bits of the value than the low. The lowest 8 bits are of good quality and pass right through from the base generator. They are combined with the next 8 in the xorshift making the low 16 good quality, but in the range 16..31 bits there are weaker bits that you do not want to have as the high bits of your generated values. Therefore it is in general safer to shift out low bits. See the recepies at the start of this Niche algorithms API description.

For a non power of 2 range less than about 16 bits (to not get too much bias and to avoid bignums) truncated multiplication can be used, which is much faster than using *rem*: *(Range*V) bsr 32*.

mwc59_value(CX :: mwc59_state()) -> V :: 0..576460752303423487

Returns a 59-bit value *V* from a generator state *CX*. The generator state is scrambled using an 4-bit followed by a 27-bit xorshift, which masks the statistical imperfecions of the base generator *mwc59* enough that all 59 bits are of very good quality.

Be careful to not accidentaly create a bignum when handling the value *V*.

It is in general general better to use the high bits from this scrambler than the low. See the recepies at the start of this Niche algorithms API description.

For a non power of 2 range less than about 29 bits (to not get too much bias and to avoid bignums) truncated multiplication can be used, which is much faster than using *rem*. Example for range 1'000'000'000; the range is 30 bits, we use 29 bits from the generator, adding up to 59 bits, which is not a bignum: *(1000000000 * (V bsr (59-29))) bsr 29*.

mwc59_float(CX :: mwc59_state()) -> V :: float()

Returns the generator value *V* from a generator state *CX*, as a *float()*. The generator state is scrambled as with *mwc59_value/1* before converted to a *float()*.

mwc59_seed() -> CX :: mwc59_state()

mwc59_seed(S :: 0..288230376151711743) -> CX :: mwc59_state()

Returns a generator state *CX*. *S* is hashed to create the generator state, to avoid that similar seeds create similar sequences.

Without *S*, the generator state is created as for *seed_s(atom())*.

## Referenced By

arc4random(3), arc4random.3bsd(3), drand48(3), drand48_r(3), generate_randfile(1), ksh93(1), mcookie(1), memcached_behavior(3), memcached_behavior_get(3), memcached_behavior_set(3), perl561delta(1), perl56delta(1), random(3), random_r(3), unu-1op(1), zshmodules(1).