change computation of hash value.

[funny-falcon]

To protect against Hash DoS, change the way hash value is computed.
Class|Struct should define method def hash(hasher) and call
hasher << @ivar inside.

As an option, for speed, and for backward compatibility, def hash
still could be implemented. It will be used for Hash of matched type.
Thread#hash and Signal#hash is implemented as unseeded cause they are
used before StdHasher @@seed is initialized.

But it is better to implement def hash(hasher).

StdHasher is default hasher that uses hash(hasher) and it is used as default
seeded hasher. It also implements unseeded for Enums.

Also, number normalization for hashing introduced, ie rule 'equality
forces hash equality' is forced (a == b => a.hash == b.hash).
Normalization idea is borrowed from Python implementation.
(idea by Akzhan Abdulin @akzhan)

Fixes #4578
Prerequisite for #4557
Replaces #4581

[funny-falcon]

Fresh PR in place of #4621

[akzhan]

This pull request is much broader than simply changing the hashing calculation. But these updates are really important.

[akzhan]

Latest builds of #4653 shows unstable behavior of constructors (Compiler can prefer another one under some conditions).

Please remove 'em and use to_big_X.

[straight-shoota]

This needs formatting.

[funny-falcon]

Can you hint which way?
I relied on crystal tool format, but it doesn't help much.

[straight-shoota]

Just apply proper indentation on this and the following lines. This line should be indented by 8 spaces for example.

[akzhan]

@funny-falcon indent by two spaces.

  def hash_normalize
    float_normalize_wrap do
      {% if flag?(:x86) || flag?(:x86_64) || flag(:arm) || flag(:aarch64) %}
        # it should work on every architecture where endianess of Float32 and Int32

no tabs please.

[funny-falcon]

I see: i used tabs unintentionally instead of spaces.
Fixed that, and reduced relying on macroses.

[konovod]

Afaik tool format don't touch macro ({% %}) lines, so they should be formatted manually.

[funny-falcon]

I removed usage of macros here in following commits.

[straight-shoota]

Why is this no longer a macro as in the first commit? Can this constant change at runtime?

[sdogruyol]

A constant can't change at runtime so that's not possible

[straight-shoota]

Sry, I meant if it can differ based on the system where the code is executed or is it fixed for every target architecture? If fixed, the appropriate branch should be chosen according to target arch at compile time.

[funny-falcon]

Unfortunately, you are right: it is tested in runtime even in release build.
Lets think a bit more.

[funny-falcon]

looks like crystal compiler does very strange things with constants:
even if it knows constant value at compile time and can use it in macros, it still inserts checks for constant's initializer in final code, and doesn't propagate them as real constants to llvm optimizer.

I add private def hash_bits and private def hash_modulus to workaround this issue.

[akzhan]

/cc @asterite

[akzhan]

Please drop this line, thanks.

[akzhan]

And this empty comment too.

[sdogruyol]

This is great 😍

[funny-falcon]

One question: does anyone uses Crystal on architectures with restricted unaligned read?
Looks like x86, x86_64 are certainly allow unaligned access.
arm and aarch64 allows to do unaligned read under certain conditions, but I'm not sure if program compilled with Crystal falls into that conditions.

Problem line is https://github.com/crystal-lang/crystal/pull/4675/files?diff=unified#diff-b88fe795012d5923ca24e66769201422R158 - permuting slice of bytes.

Can any one with access to arm with crystal run following, please:

   str = "1234567"
   buf = str.to_slice
   ptr = buf.to_unsafe
   4.times do |i|
     p (ptr+i).as(Pointer(UInt32)).value.to_s(16)
   end

[RX14]

@funny-falcon We probably do unaligned reads all over the stdlib. As long as there's a spec which will break and alert us to the problem on any new architectures with this limitation it's fine to do unaligned reads for now.

[ysbaddaden]

Antirez has a nice writeup about ARM and unaligned accesses:
http://antirez.com/news/111

ARMv5 doesn't allow unaligned accesses. ARMv6 allows word-sized unaligned accesses but fails on multiple words. The Linux kernel will rescue and fix unaligned accesses, so unaligned accesses do work on Linux on ARM, but with slow performance. As stated by @RX14 we probably have unaligned accesses in the core/stdlib, thought that doesn't mean we shouldn't care.

I tried to a qemu VM but the ARM emulator allows unaligned accesses, so I can't check what happens in /proc/cpu/alignment.

[ysbaddaden]

Note that LLVM can be smart and fix unaligned accesses at compile time when it's obvious.

[funny-falcon]

I've tested equivalent C program on Raspberry Pi2, and it handles unaligned read well, so I think no issue there.

[akzhan]

defenense > defense

[funny-falcon]

done.

[akzhan]

You should note that this method is used under some conditions.

[funny-falcon]

I improved comment.
I mentioned, that currently hash for BigFloat is not precise for numbers with big fractional part (ie it doesn't distinguish '1.0000000000000001' and '1.0000000000000002').
It happens, cause BigFloat#hash_normalize falls back to to_f.hash_normalize for such numbers.
It is possible to improve, using this float_normalize_reference and overloading Math.frexp. (or introducing BigFloat#frexp and using it).

Should it be done? (ie, is hashing of such numbers is common task?)
If yes, should it be done in this PR?

[akzhan]

Feel free to merge #4653 :-)

[akzhan]

But no, I think that's hashing of Big integers/floats is very uncommon task.

[funny-falcon]

Those implementation doesn' help, cause they still returns {Float64, Int}, so they strictly equal to Math.frexp v.to_f

[funny-falcon]

Implementation suitable for exact hashing should look like:

module Math
  def frexp(value : BigFloat)
    LibGMP.mpf_get_d_2exp(out exp, value)
    frac = BigFloat.new { |mpf|
      if exp >= 0      
        LibGMP.mpf_div_2exp(mpf, self, exp)
      else
        LibGMP.mpf_mul_2exp(mpf, self, -exp)
      end
    }
    {frac, exp}
  end
end

[funny-falcon]

But no, I think that's hashing of Big integers/floats is very uncommon task.

It is good.
Note, that BigInteger still hashed exactly. Also, BigFloat with big integer part and small fractional part are also hashed exactly.
Stop... I think, my last sentence is not true. 61bit Mersen Prime is larger than Float64 precision (53bit), so precision will be lost with conversion to_f.hash_normalize :-(
I should think about carefully.

[funny-falcon]

looks like, exact hashing for BigFloat is a single reliable way.

[akzhan]

Code is readable, effective and solves the task of protecting against Hash DoS attacks.

[Sija]

sures -> ensures

[Sija]

debug leftover?

[funny-falcon]

No, implementation description.

[Sija]

ditto

[funny-falcon]

It is implementation description

[Sija]

not exactly -> approximation

[funny-falcon]

it is "example". In fact, will be different on every process run.

[Sija]

Please, use triple backticks (```) for code blocks

[Sija]

fill -> feel

[Sija]

Why not just Hasher?

[funny-falcon]

Someone suggested, I don't remember exactly who. Why not StdHasher?
There is obviously could be different implementations, still usable with suggested protocol, so it is just 'standard hasher'.
But if you really think it should be Hasher, I'll rename it.

[Sija]

I get your drift, yet this Std abbreviation looks IMO odd, it would be a precedent in stdlib. Maybe someone have a better name?

[akzhan]

Hash::Hasher?

Hasher looks like too generic name.

[funny-falcon]

I renamed to Hash::Hasher.

[akzhan]

Btw, you can exec bin/crystal docs your files to preview generated documentation. Or make doc afair

[funny-falcon]

@akzhan

$ bin/crystal doc
Using compiled compiler at `.build/crystal'
Error in line 1: while requiring "./src/**"

in src/crystal/system/unix/arc4random.cr:1: expanding macro

{% skip_file unless flag?(:openbsd) %}
^

in src/crystal/system/unix/arc4random.cr:1: undefined macro variable 'skip_file'

{% skip_file unless flag?(:openbsd) %}
   ^~~~~~~~~

[Sija]

Note -> NOTE

[funny-falcon]

done

[RX14]

@funny-falcon That means your compiler version is too old.

[funny-falcon]

@RX14 how could be bin/crystal too old? I thought it runs just compiled binary.

[funny-falcon]

I've rebased. Hope this saga will end :-)

[RX14]

Why not just make this a random U32? If we use a constant with initializer (SEED = Random::System.rand(UInt32::MIN..UInt32::MAX)), shouldn't the constant be initialized on-demand, avoiding the need for special "unseeded" methods below?

[RX14]

Would be nice if this was renamed to something a bit more descriptive.

[RX14]

I think i'd just name this hash.

[RX14]

You can leave these trailing nils off if we have the : Nil restriction, iirc.

[RX14]

The only function of these methods seem to be calling permute. Why not move the permute body into this function?

[RX14]

Isn't the current implementation of this essentially @a *= 31 not a LFSR?

[RX14]

Why raw here? I think that the correct way to use hasher should always be << without anyone having to think about raw except people implementing hash(hasher) on numbers. Shouldn't raw be :nodoc:?

[RX14]

please split this into two assignments for readability.

[RX14]

oops

[funny-falcon]

Chris, most of your last remarks are meaningless, given it is just template for stronger algorithm you will have to implement soon after merging this.

Renaming hashit to hash is quite ridiculous: having same name+arity combinatiom for different semantic actions is error prone.

I will not waste my time on this PR anymore.

[funny-falcon]

And why do you think I use class variable instead of constant? To avoid "initialization on demand" inlined into every call to hash.

[RX14]

@funny-falcon seed is only used when initializing the hasher, so it's relatively off the hot path compared to say the inner loop of a hash function. Furthermore it's random so it doesn't help at all with further optimizations.

Where is there another self.hash method on Hasher?

I think that i've made some relatively minor requests for a cleanup which are relevant both to this algorithm and to the implemntation of any future algorithm. I see no reason why siphash-1-2 can't be implemented in << instead of permute.

[funny-falcon]

What if hot loop calls val.hash on integer, and val.hash it is not inlined, so SEED initialization could not be moved out of loop? What about code bloat, cause SEED initialization inlined in many places.

Isn't Hasher is also Object that already has Object#hash(h)?

Will you inline siphash implementation into every <<?

raw is needed cause there is difference between hashing int as number that needs normalization, and as opaque part of opaque structure, where normalisation is certainly not needed.

[RX14]

@funny-falcon

I think it's likely to be a very minor performance hi, more than worth it for the advantage of removing the complications of having to deal with initialization order and the unseeded method. @asterite would likely have more knowledge of the performance of class vars vs constants here.

We're talking about a class method, self.hash which is entirely seperate from #hash on the instance.

I'm not an expert in siphash, but wouldn't you would implement siphash in terms of one input length and the other << overloads would call the << overload which implements siphash.

Thanks, I hadn't thought of that. It appears the only differece (currently) between raw and << is for 64-bit signed and unsigned integers, would that change for example with siphash? Why can't we just mix in the higher then lower bits always and avoid this?

[funny-falcon]

You arguments are out of my sense of sanity.
Perhaps you are right, but I cann't get it.
I will not change this PR any more.

[asterite]

Class vars and non-simple constants are always lazily initialized because you never know when one constant will need the value of another constant. It's a way to avoid depending on the order of initialization.

Probably seed can be moved to a constant (that will always be lazily initialized, and checked on every access, but in any case I don't think this should affect performance much)

[funny-falcon]

Friends, I don't want to discus it any more. You may change anything after merging. Instead you pushing on me in this small details. I think code will be worse if I apply your last suggestions. Therefore I will not apply them.

I'm too tired of this PR. If you are not going to merge it in its current shape, I will close this PR and remove code after tomorrow.

[asterite]

@funny-falcon You are right. Open source can be a PITA, I feel the same every day.

I will take care of this issue, don't worry. Thank you for this contribution! I will probably copy some pieces of code, if that's OK with you.

[funny-falcon]

@asterite , thank you.
Yes, you (and anybody else) can copy code from this PR as much as you want.

[funny-falcon]

s/can/may/

[faustinoaq]

@funny-falcon Thanks for your time invested here, Sometimes Open Source software is very hard to manage.

I need to quote this:

Ary: ... The community part is a whole world of its own, tackling issues and PRs, and I'd say it's even more challenging (but also rewarding!) than developing the language itself :-)

[faustinoaq]

I'm too tired of this PR

I understand you, This PR is the most commented until now 😅

I think 216 comments in this PR is a record for this project.

stay tuned of #4946

[akzhan]

For now all great parts of #4675 now merged into master branch in some way.

Thanks again to all of us.