Skip to content

Replace GPL licensed Random with MIT licensed PCG random #4664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 29, 2025
Merged

Replace GPL licensed Random with MIT licensed PCG random #4664

merged 4 commits into from
Aug 29, 2025

Conversation

adinauer
Copy link
Member

@adinauer adinauer commented Aug 26, 2025
edited
Loading

📜 Description

Replace GPL licensed Random with MIT licensed PCG random

Here's benchmark results for generating UUIDs with different versions of Random:

Test Method Score (ops/s) Error (±) Percentage
java.security.SecureRandom 4,808,226.84 66,637.448 100.00%
java.util.Random 54,039,882.59 295,434.243 1,123.90%
PCG based Random 56,856,180.40 362,533.183 1,182.48%

This shows the new PCG based Random is similar in single threaded performance to java.util.Random which the old implementation was a subset of.

💡 Motivation and Context

Avoid GPL licensed code in SDK

💚 How did you test it?

📝 Checklist

  • I added tests to verify the changes.
  • No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled.
  • I updated the docs if needed.
  • I updated the wizard if needed.
  • Review from the native team if needed.
  • No breaking change or entry added to the changelog.
  • No breaking change for hybrid SDKs or communicated to hybrid SDKs.

🔮 Next steps

@adinauer Graphite App
Copy link
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@adinauer adinauer marked this pull request as ready for review August 26, 2025 09:39
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 26, 2025
edited
Loading

Performance metrics 🚀

  Plain With Sentry Diff
Startup time 380.04 ms 434.35 ms 54.31 ms
Size 1.58 MiB 2.10 MiB 533.44 KiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
ee747ae 405.43 ms 485.70 ms 80.28 ms
3699cd5 423.60 ms 495.52 ms 71.92 ms
ee747ae 400.46 ms 423.61 ms 23.15 ms
ee747ae 554.98 ms 611.50 ms 56.52 ms
ee747ae 374.71 ms 455.18 ms 80.47 ms
ee747ae 382.73 ms 435.41 ms 52.68 ms
ee747ae 396.82 ms 441.67 ms 44.86 ms
ee747ae 358.21 ms 389.41 ms 31.20 ms
7314dbe 437.83 ms 505.64 ms 67.81 ms
ee747ae 415.92 ms 470.15 ms 54.23 ms

App size

Revision Plain With Sentry Diff
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
3699cd5 1.58 MiB 2.10 MiB 533.45 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
7314dbe 1.58 MiB 2.10 MiB 533.45 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB

Previous results on branch: 08-26-replace_gpl_licensed_random_with_mit_licensed_pcg_random

Startup times

Revision Plain With Sentry Diff
d0d3ea6 376.63 ms 416.78 ms 40.14 ms

App size

Revision Plain With Sentry Diff
d0d3ea6 1.58 MiB 2.10 MiB 531.08 KiB

cursor[bot]

This comment was marked as outdated.

Sign in to view

@adinauer adinauer mentioned this pull request Aug 26, 2025
Closed
cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]
cursor bot reviewed Aug 29, 2025
View reviewed changes
sentry/src/main/java/io/sentry/util/Random.java
bits = ((l << 32) + (int) j >>> 1);
val = bits % n;
} while (bits - val + (n - 1) < 0);
return val;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Input Validation Flaws in Random Number Methods

The nextInt(int n) method is missing validation for n <= 0, which can cause an ArithmeticException (for n=0) or lead to unpredictable behavior and potential infinite loops (for n < 0). Similarly, nextLong(long n) only validates n == 0; negative n values can also cause unpredictable behavior or infinite loops. A stray semicolon at line 183 serves no purpose.

Additional Locations (1)

Fix in Cursor Fix in Web

sentry/src/main/java/io/sentry/util/Random.java
nextseed = (oldseed * multiplier + addend) & mask;
} while (!seed.compareAndSet(oldseed, nextseed));
return (int) (nextseed >>> (48 - bits));
// state = (state * MULT_64) + inc;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Random Class Regression Causes Thread Safety Issues

The Random class introduced a thread safety regression. It switched from AtomicLong and synchronized methods to unsynchronized plain long fields (state, inc). This creates race conditions, which can corrupt the internal state and degrade random number quality in concurrent use. The setSeed method, previously synchronized, now also lacks protection, as indicated by a TODO.

Additional Locations (1)

Fix in Cursor Fix in Web

@adinauer adinauer merged commit 85d7417 into main Aug 29, 2025
45 of 50 checks passed
@adinauer adinauer deleted the 08-26-replace_gpl_licensed_random_with_mit_licensed_pcg_random branch August 29, 2025 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@markushi markushi markushi approved these changes

@romtsn romtsn Awaiting requested review from romtsn romtsn is a code owner

@stefanosiano stefanosiano Awaiting requested review from stefanosiano stefanosiano is a code owner

@lcian lcian Awaiting requested review from lcian lcian is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adinauer @markushi