HPCC-18585 Replace uses of rand() with fastRand()

[jakesmith]

Coverity can warn of an unsafe usage of rand(), where we want
a fast random call and know it's in a safe context explicitly use
one.
With an initial implementation that simply wraps rand() with a
coverity comment to suppress the WEAK_CRYPTO Coverity warning.

Signed-off-by: Jake Smith jake.smith@lexisnexisrisk.com

Type of change:

• This change is a bug fix (non-breaking change which fixes an issue).
• This change is a new feature (non-breaking change which adds functionality).
• This change improves the code (refactor or other change that does not change the functionality)
• This change fixes warnings (the fix does not alter the functionality or the generated code)
• This change is a breaking change (fix or feature that will cause existing behavior to change).
• This change alters the query API (existing queries will have to be recompiled)

Checklist:

• My code follows the code style of this project.
  • My code does not create any new warnings from compiler, build system, or lint.
• The commit message is properly formatted and free of typos.
  • The commit message title makes sense in a changelog, by itself.
  • The commit is signed.
• My change requires a change to the documentation.
  • I have updated the documentation accordingly, or...
  • I have created a JIRA ticket to update the documentation.
  • Any new interfaces or exported functions are appropriately commented.
• I have read the CONTRIBUTORS document.
• The change has been fully tested:
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have checked that this change does not introduce memory leaks.
  • I have used Valgrind or similar tools to check for potential issues.
• I have given due consideration to all of the following potential concerns:
  • Scalability
  • Performance
  • Security
  • Thread-safety
  • Premature optimization
  • Existing deployed queries will not be broken
  • This change fixes the problem, not just the symptom
  • The target branch of this pull request is appropriate for such a change.
• There are no similar instances of the same problem that should be addressed
  • I have addressed them here
  • I have raised JIRA issues to address them separately
• This is a user interface / front-end modification
  • I have tested my changes in multiple modern browsers
  • The component(s) render as expected

Testing:

Unit tests ran/passed.

[hpcc-jirabot]

https://track.hpccsystems.com/browse/HPCC-18585
Jira updated

[jakesmith]

@richardkchapman - please review

[richardkchapman]

Looking at the implementation of getRandom():

unsigned getRandom()
{
CriticalBlock block(gobalRandomSect); // this is a shame but it is not thread-safe without
return RandomMain.next();
}

this may not be such a brilliant idea

[richardkchapman]

Perhaps for the cases where all we want is a fast pseudo-random number for collision-avoidance or randomized testing purposes that does not need to be cryptographically secure, we should define something in jlib (call it fastrand() or similar) that just calls rand() but leaves us with only one place to mark as a coverity exception ?

[jakesmith]

Yes, probably.

There may be existing places that call getRandom() which are more time critical, but I don't think the places changed in this PR are / would be impacted by the crit entry / leave.
With the exception perhaps of the roxie ones which do e.g. : waiting.dequeue(getRandom() % lim);

[jakesmith]

Apparently rand() isn't thread safe anyway, though not sure what implications of re-entry are.

[jakesmith]

Introduced fastRand() with coverity suppression comment.

@richardkchapman - please review.

[richardkchapman]

The one coverity was complaining about specifically (on this occasion) was in datest.cpp, but does not appear to have been addressed here?

[jakesmith]

@richardkchapman - pushed wrong commit, re-pushed.

[HPCCSmoketest]

Automated Smoketest: ✅
Sha: f9e38f2
Build: success
Build: success
ECL Watch: Rebuilding Site

errors	warnings	build time
0	75	43.899 seconds

Install hpccsystems-platform-community_6.5.0-trunk0.el7.x86_64.rpm
HPCC Start: OK

Unit tests result:

Test	total	passed	failed	errors	timeout
unittest	101	101	0		0
wutoolTest(Dali)	19	19	0	0	0
wutoolTest(Cassandra)	19	19	0	0	0

Regression test result:

phase	total	pass	fail
setup (hthor)	11	11	0
setup (thor)	11	11	0
setup (roxie)	11	11	0
test (hthor)	744	744	0
test (thor)	639	639	0
test (roxie)	772	772	0

HPCC Stop: OK
HPCC Uninstall: OK