testng icon indicating copy to clipboard operation
testng copied to clipboard
verified publisher icon testng-team

UUID.randomUUID uses cryptographically strong pseudo random number generator which might cause slowness when executing tests

Open vlsi opened this issue 9 months ago • 1 comments

Currently, testng uses UUID.randomUUID multiple times, and I do not think it really requires cryptographic strength: https://github.com/search?q=repo%3Atestng-team%2Ftestng%20randomUUID&type=code

There was an attempt to make UUID.randomUUID more scalable, however, it has not been integrated yet: https://bugs.openjdk.org/browse/JDK-8308804

I would suggest replacing UUID.randomUUID with a variation that generates random out of ThreadLocalRandom.

Something like

      ThreadLocalRandom rnd = ThreadLocalRandom.current();
      return new UUID(
          (rnd.nextLong() & ~0xF000L) | 0x4000L, // set version to 4
          rnd.nextLong() & ~(3L << 62) | (2L << 62) // set variant to 10
      );

It would generate good-enough UUIDs without paying too much for the cryptographic random generator.

vlsi avatar Mar 07 '25 06:03 vlsi

Following the links, I found another implementation of this problem: https://github.com/palantir/tritium/blob/develop/tritium-ids/src/main/java/com/palantir/tritium/ids/UniqueIds.java

As I understand, the fix here is replacing all UUID.randomUUID by a new implementation. I've no idea about which one is better, so the initial proposition will be enough IMO.

juherr avatar Mar 07 '25 13:03 juherr