Is it safe to assume boost::uuid won't return a duplicate?
Asked Answered
G

3

3

I'm using boost uuid to generate session ids.

std::string SessionGenerator::generate()
{
    boost::uuids::uuid id = m_rgen();
    m_ss.clear();
    m_ss.str("");
    m_ss << id;

    return m_ss.str();
}

Is it safe to assume that I'm never going to get a duplicate or should I be doing checks against active sessions?

Thanks

Glycolysis answered 8/6, 2012 at 15:33 Comment(2)
You know that "U" part of UUID does stand for "Unique"...Unblock
Yes but if boost has a bad random algorithm that does not matter.Glycolysis
B
8

Well, it depends.

When UUIDs are generated by one of the defined mechanisms, they are either guaranteed to be unique, different from all other generated UUIDs (that is, it has never been generated before and it will never be generated again), or it is extremely likely to be unique (depending on the mechanism).

It means that the problem may be on the generator you're using. They say they're using ITU-T specification.

Let's go to page 7 of the document. If you're using time and you can assume that:

  • System time will not change.
  • Node ID used to identify the machine won't change.

Then you can at least assert that:

"The UUID will be different from all other generated UUIDs" because time flows and the granularity is 100 ns.

There could be a collision if you need to share generated UUID with other machines or the time will change (do not forget that twice per year in many country there is time adjustment). That's why there is a Clock sequence field. Moreover it's pretty small so in this case you fall to assert that:

"The UUID is extremely likely to be unique."

If you're using, instead of this, a random number generator then you can assert only that:

"The UUID is extremely likely to be unique." because the requirement of a random number generator is not to generate unique numbers (but with a good random number generator your extremely likely will be EXTREMELY likely).

So in normal conditions (for example if you do not move one network card from one computer to the other and you change the time back to the past) I suppose that you can assume they're unique (using time). If you're using a random number generator you can't assume they're unique but just extremely likely to be unique (about probability of collisions...well...if it happens with a good random number generator you should stay at home for the next meteor shower).

References
http://blogs.msdn.com/b/oldnewthing/archive/2008/06/27/8659071.aspx
http://en.wikipedia.org/wiki/Birthday_attack

Bluma answered 8/6, 2012 at 15:40 Comment(0)
B
1

If a single generator is producing all your uuids, they should be guaranteed unique. Disclaimer, I haven't looked at the code or documentation to verify this, but it is a design goal.

There are different classes of uuids, some of which include bits from the machine or environment on which it's running. Those will lessen the chances of collision with IDs produced elsewhere.

Even in the worst case, your chances of mangling an ID due to RAM errors are much higher than producing two identical IDs. And nobody worries about that.

Bassoon answered 8/6, 2012 at 15:40 Comment(0)
D
0

No you cannot assume that you never get a duplicate.
BUT you can have a look at wikipedia for the probability to get a duplicate.
And since boost followed the ITU specification, I think you can assume that there will never be a duplicate.

Drab answered 8/6, 2012 at 15:41 Comment(2)
If you do the math, there's a higher chance of an alien invasion than a UUID collision.Unblock
@tadam ROFL thank you, it's good to start a new day laughing!Bluma

© 2022 - 2024 — McMap. All rights reserved.