Fix uniqid() performances

[manu0401]

If available, use uuidgen() system call instead of a loop on gettimeofday(), that improves performances lot.

[devnexen]

I am a bit confused here. uuidgen is on FreeBSD/NetBSD (other oses have different apis) which you detect at configure time. Why the particular NetBSD code path is needed ? we should fall into the code above I think ?

[devnexen]

Again, I do not really get the code duplication. But not sure it s worth the efforts to be honest considering later comments.

[bukka]

How can this be even executed - it's in elif section. Basically:

#ifdef HAVE_UUIDGEN
...
#elif HAVE_GETTIMEOFDAY
...
#ifdef HAVE_UUIDGEN

That doesn't make any sense to me. Am I missing anything?

[manu0401]

Sorry, I committed it a bit too early, I should I removed that section that was used in earlier tests. It is fixed now.

[devnexen]

Now that I remember, cpython used to use native calls for uuid generations, came back and forth to fix undesired behavior differences and ultimately decided to do one unique implementation in python.

[nielsdos]

Honestly, this function is so horrible that I wonder if we can't just replace the implementation with something entirely different but sane, given that deprecating it didn't pass.
I wonder if anyone relies on the documented behaviour that it's time based.

[TimWolla]

I wonder if anyone relies on the documented behaviour that it's time based.

As a weaker constraint that is also guaranteed by the time-based guarantee: The output is monotonically increasing, which is convenient for databases, because new values will not be distributed all over the place.

---

As I've also explained in my deprecation proposal (https://wiki.php.net/rfc/deprecations_php_8_4#deprecate_uniqid): Alternatives are already available that are better in every regard (except for “succinctness” perhaps) and changing the implementation will result in breaking changes for at least some of the users. Deprecating the function without intent of removal would have been the least impactful solution. Trying to make small incremental changes to uniqid() is just polishing a turd.

[TimWolla]

Besides the general remarks regarding the state of uniqid(), there are also issues with the proposed implementation.

In any case, I'm requesting an RFC being written to change the uniqid() implementation, due to the breaking changes with regard to documented behavior.

[TimWolla]

This output format is incompatible with the non-uuidgen output. It also leaks parts of the hosts MAC address and also doesn't actually provide “more entropy”, since the mac address is fixed on a single node.

[manu0401]

It is actually compatible, despite the fact I do not understand how gettimeofday+more entropy produces 14+8 characters, where I would expect 13+8 reading the code. Check it on your own:
$ php -r 'printf("%s\n", uniqid("", 1));'
67ee7f958a5b34.94453710

For the MAC address, I understand it is not included in UUID anymore:
$ uuidgen
bf0ff2ae-cf7a-46b1-bd2e-c3577268e311
$ uuidgen
39638058-e887-41a5-97d1-6451b0622763

But I can understand it may be platform dependent, and we must avoid using it in case it could contains the MAC.

[manu0401]

Some numbers to show how badly slow the original implementation can be, here on a NetBSD 10.0 amd64 Xen domU. First the original version, second the uuidgen() flavor. Note that this is 100 iterations versus 1M.

$ time php -r 'for ($i = 0; $i < 100; $i++) uniqid();'
19.10s real 6.13s user 6.39s system

$ time php -r 'for ($i = 0; $i < 1000000; $i++) uniqid();'
3.38s real 1.73s user 1.65s system