[randomness final part] Update math/rand usage

[tarakby]

This PR is the last of multiple small PRs updating the usage of math/rand in all the repo, for two purposes:

• move on from using math/rand in production code (seed length is too short, randomness quality is low)
• even though math/rand can be used in test files, the functions Seed and Read are deprecated in Go1.20 and should not be used as the repo prepares to upgrade the Go version.

Previous related PRs include:

1. [randomness part 1] New utils/rand package for non-deterministic true randomness #4062
2. [randomness part 2] improve usafeRandom and update math/rand in FVM #4067
3. [Randomness part 3] Remove math/rand from integration and insecure modules #4106
4. [Randomness part 4] Update math/rand usage in crypto module and improve randomness tests #4111
5. [Randmomness part 5] update math/rand usage in ledger #4112
6. [randomness part 6] update math/rand usage in /consenus and /engine #4258
7. Side change: Clean up DKG simulation in bootstrap #4259
8. [randomness part 8] update math/rand usage in /cmd/bootstrap #4362

This final PR of the list has the following changes:

• update Identifier and IdentifierList random functions to use utils/rand (backed by secure crypto/rand) instead of relying on math/rand. The random functions are Sample, Shuffle, SamplePct.
• update calls of all random functions above (with new returned error)
• replace math/rand PRG in DefaultLibp2pBackoffConnectorFactory by a secure PRG (cc @yhassanzadeh13)
• remove 1.20 deprecated math/rand functions Seed and Read from test files (this means some tests are now deterministic! which is temporary till Go1.20 is used), and use crypto/rand in some tests.
• add a new make target that checks math/rand is not imported in production code, to avoid the package is re-introduced in the future.

[github-actions]

FVM Benchstat comparison

This branch with compared with the base branch onflow:master commit 117fcc0

The command (for i in {1..7}; do go test ./fvm ./engine/execution/computation --bench . --tags relic -shuffle=on --benchmem --run ^$; done) was used.

Collapsed results for better readability

	old.txt	new.txt
	time/op		delta
pkg:github.com/onflow/flow-go/fvm goos:linux goarch:amd64
RuntimeTransaction/reference_tx-2	39.5ms ± 3%	39.8ms ± 2%	~	(p=0.628 n=7+6)
RuntimeTransaction/convert_int_to_string-2	43.8ms ±12%	42.2ms ± 5%	~	(p=0.535 n=7+7)
RuntimeTransaction/convert_int_to_string_and_concatenate_it-2	44.4ms ± 2%	43.2ms ± 4%	~	(p=0.177 n=5+6)
RuntimeTransaction/get_signer_address-2	40.6ms ± 4%	41.2ms ± 3%	~	(p=0.240 n=6+6)
RuntimeTransaction/get_public_account-2	43.9ms ± 2%	44.1ms ±12%	~	(p=0.731 n=6+7)
RuntimeTransaction/get_account_and_get_balance-2	311ms ± 5%	312ms ± 0%	~	(p=0.268 n=7+5)
RuntimeTransaction/get_account_and_get_available_balance-2	304ms ± 1%	304ms ± 1%	~	(p=0.731 n=6+7)
RuntimeTransaction/get_account_and_get_storage_capacity-2	270ms ± 1%	270ms ± 2%	~	(p=0.731 n=6+7)
RuntimeTransaction/get_signer_vault-2	48.7ms ± 4%	47.9ms ± 5%	~	(p=0.259 n=7+7)
RuntimeTransaction/get_signer_receiver-2	60.0ms ± 7%	60.2ms ± 2%	~	(p=0.836 n=7+6)
RuntimeTransaction/transfer_tokens-2	228ms ± 3%	225ms ± 4%	~	(p=0.097 n=7+7)
RuntimeTransaction/load_and_save_empty_string_on_signers_address-2	47.8ms ± 6%	47.8ms ± 4%	~	(p=1.000 n=7+7)
RuntimeTransaction/load_and_save_long_string_on_signers_address-2	96.3ms ± 4%	98.0ms ± 2%	~	(p=0.073 n=7+6)
RuntimeTransaction/create_new_account-2	906ms ± 1%	905ms ± 1%	~	(p=0.805 n=7+7)
RuntimeTransaction/call_empty_contract_function-2	43.6ms ± 5%	43.6ms ± 3%	~	(p=0.628 n=7+6)
RuntimeTransaction/emit_event-2	57.8ms ± 6%	57.7ms ± 4%	~	(p=1.000 n=7+7)
RuntimeTransaction/borrow_array_from_storage-2	152ms ± 2%	151ms ± 2%	~	(p=0.318 n=7+7)
RuntimeTransaction/copy_array_from_storage-2	155ms ± 3%	153ms ± 2%	~	(p=0.318 n=7+7)
RuntimeNFTBatchTransfer-2	133ms ± 6%	133ms ± 2%	~	(p=0.620 n=7+7)
pkg:github.com/onflow/flow-go/engine/execution/computation goos:linux goarch:amd64
ComputeBlock/16/cols/128/txes/1/max-concurrency-2	5.10s ± 0%	5.10s ± 1%	~	(p=1.000 n=6+7)
ComputeBlock/16/cols/128/txes/2/max-concurrency-2	5.41s ± 1%	5.41s ± 1%	~	(p=0.710 n=7+7)
pkg:github.com/onflow/flow-go/fvm goos:linux goarch:amd64
RuntimeTransaction/get_account_and_get_storage_used-2	46.7ms ± 4%	45.3ms ± 3%	−3.11%	(p=0.026 n=7+7)
	computation		delta
pkg:github.com/onflow/flow-go/fvm goos:linux goarch:amd64
RuntimeTransaction/reference_tx-2	202 ± 0%	202 ± 0%	~	(all equal)
RuntimeTransaction/convert_int_to_string-2	402 ± 0%	402 ± 0%	~	(all equal)
RuntimeTransaction/convert_int_to_string_and_concatenate_it-2	502 ± 0%	502 ± 0%	~	(all equal)
RuntimeTransaction/get_signer_address-2	302 ± 0%	302 ± 0%	~	(all equal)
RuntimeTransaction/get_public_account-2	402 ± 0%	402 ± 0%	~	(all equal)
RuntimeTransaction/get_account_and_get_balance-2	1.00k ± 0%	1.00k ± 0%	~	(all equal)
RuntimeTransaction/get_account_and_get_available_balance-2	3.10k ± 0%	3.10k ± 0%	~	(all equal)
RuntimeTransaction/get_account_and_get_storage_used-2	402 ± 0%	402 ± 0%	~	(all equal)
RuntimeTransaction/get_account_and_get_storage_capacity-2	1.70k ± 0%	1.70k ± 0%	~	(all equal)
RuntimeTransaction/get_signer_vault-2	402 ± 0%	402 ± 0%	~	(all equal)
RuntimeTransaction/get_signer_receiver-2	602 ± 0%	602 ± 0%	~	(all equal)
RuntimeTransaction/transfer_tokens-2	3.50k ± 0%	3.50k ± 0%	~	(all equal)
RuntimeTransaction/load_and_save_empty_string_on_signers_address-2	602 ± 0%	602 ± 0%	~	(all equal)
RuntimeTransaction/load_and_save_long_string_on_signers_address-2	602 ± 0%	602 ± 0%	~	(all equal)
RuntimeTransaction/create_new_account-2	202 ± 0%	202 ± 0%	~	(all equal)
RuntimeTransaction/call_empty_contract_function-2	402 ± 0%	402 ± 0%	~	(all equal)
RuntimeTransaction/emit_event-2	602 ± 0%	602 ± 0%	~	(all equal)
RuntimeTransaction/borrow_array_from_storage-2	2.60k ± 0%	2.60k ± 0%	~	(all equal)
RuntimeTransaction/copy_array_from_storage-2	2.60k ± 0%	2.60k ± 0%	~	(all equal)
	interactions		delta
pkg:github.com/onflow/flow-go/fvm goos:linux goarch:amd64
RuntimeTransaction/reference_tx-2	38.2k ± 0%	38.2k ± 0%	~	(p=0.056 n=7+6)
RuntimeTransaction/convert_int_to_string-2	38.2k ± 0%	38.2k ± 0%	~	(p=0.268 n=6+7)
RuntimeTransaction/convert_int_to_string_and_concatenate_it-2	38.2k ± 0%	38.2k ± 0%	~	(p=0.971 n=7+7)
RuntimeTransaction/get_signer_address-2	38.2k ± 0%	38.2k ± 0%	~	(p=0.161 n=7+6)
RuntimeTransaction/get_public_account-2	38.2k ± 0%	38.2k ± 0%	~	(p=0.826 n=7+7)
RuntimeTransaction/get_account_and_get_balance-2	46.4k ± 0%	46.4k ± 0%	~	(all equal)
RuntimeTransaction/get_account_and_get_available_balance-2	38.1k ± 0%	38.1k ± 0%	~	(p=0.195 n=7+7)
RuntimeTransaction/get_account_and_get_storage_used-2	38.2k ± 0%	38.2k ± 0%	~	(p=1.000 n=7+7)
RuntimeTransaction/get_account_and_get_storage_capacity-2	38.1k ± 0%	38.1k ± 0%	~	(p=0.212 n=7+7)
RuntimeTransaction/get_signer_vault-2	38.2k ± 0%	38.2k ± 0%	~	(p=0.988 n=7+7)
RuntimeTransaction/get_signer_receiver-2	38.2k ± 0%	38.2k ± 0%	~	(p=0.997 n=7+7)
RuntimeTransaction/transfer_tokens-2	38.1k ± 0%	38.1k ± 0%	~	(p=0.636 n=7+5)
RuntimeTransaction/load_and_save_empty_string_on_signers_address-2	38.3k ± 0%	38.3k ± 0%	~	(p=0.425 n=7+7)
RuntimeTransaction/load_and_save_long_string_on_signers_address-2	42.1k ± 0%	42.1k ± 0%	~	(p=0.074 n=7+7)
RuntimeTransaction/create_new_account-2	84.6k ± 0%	84.6k ± 0%	~	(p=0.567 n=6+6)
RuntimeTransaction/call_empty_contract_function-2	38.4k ± 0%	38.4k ± 0%	~	(p=0.330 n=7+7)
RuntimeTransaction/emit_event-2	38.4k ± 0%	38.4k ± 0%	~	(p=0.368 n=7+7)
RuntimeTransaction/borrow_array_from_storage-2	43.4k ± 0%	43.4k ± 0%	~	(p=0.091 n=6+5)
RuntimeTransaction/copy_array_from_storage-2	43.4k ± 0%	43.4k ± 0%	~	(p=0.293 n=7+7)
	alloc/op		delta
pkg:github.com/onflow/flow-go/fvm goos:linux goarch:amd64
RuntimeTransaction/reference_tx-2	35.5MB ± 2%	35.8MB ± 4%	~	(p=0.456 n=7+7)
RuntimeTransaction/convert_int_to_string-2	36.1MB ± 1%	36.3MB ± 5%	~	(p=0.902 n=7+7)
RuntimeTransaction/convert_int_to_string_and_concatenate_it-2	37.4MB ± 5%	36.8MB ± 3%	~	(p=0.318 n=7+7)
RuntimeTransaction/get_signer_address-2	36.2MB ± 2%	36.1MB ± 3%	~	(p=0.805 n=7+7)
RuntimeTransaction/get_public_account-2	37.2MB ± 2%	36.4MB ± 2%	~	(p=0.101 n=7+6)
RuntimeTransaction/get_account_and_get_balance-2	122MB ± 1%	123MB ± 2%	~	(p=0.628 n=6+7)
RuntimeTransaction/get_account_and_get_available_balance-2	110MB ± 3%	110MB ± 2%	~	(p=0.902 n=7+7)
RuntimeTransaction/get_account_and_get_storage_capacity-2	106MB ± 2%	107MB ± 3%	~	(p=0.383 n=7+7)
RuntimeTransaction/get_signer_vault-2	37.7MB ± 4%	38.3MB ± 3%	~	(p=0.209 n=7+7)
RuntimeTransaction/get_signer_receiver-2	41.6MB ± 8%	41.3MB ± 4%	~	(p=0.535 n=7+7)
RuntimeTransaction/transfer_tokens-2	82.1MB ± 5%	81.2MB ± 1%	~	(p=0.343 n=7+5)
RuntimeTransaction/load_and_save_empty_string_on_signers_address-2	37.3MB ± 6%	37.2MB ± 3%	~	(p=0.902 n=7+7)
RuntimeTransaction/load_and_save_long_string_on_signers_address-2	54.8MB ± 7%	53.8MB ± 9%	~	(p=0.620 n=7+7)
RuntimeTransaction/create_new_account-2	186MB ± 3%	185MB ± 3%	~	(p=1.000 n=7+7)
RuntimeTransaction/call_empty_contract_function-2	36.8MB ± 3%	37.0MB ± 3%	~	(p=0.710 n=7+7)
RuntimeTransaction/emit_event-2	41.1MB ± 7%	40.6MB ± 3%	~	(p=0.620 n=7+7)
RuntimeTransaction/borrow_array_from_storage-2	71.1MB ± 3%	71.1MB ± 3%	~	(p=0.836 n=6+7)
RuntimeTransaction/copy_array_from_storage-2	83.2MB ± 1%	84.2MB ± 3%	~	(p=0.165 n=7+7)
RuntimeNFTBatchTransfer-2	54.7MB ± 6%	55.3MB ± 6%	~	(p=0.535 n=7+7)
pkg:github.com/onflow/flow-go/engine/execution/computation goos:linux goarch:amd64
ComputeBlock/16/cols/128/txes/1/max-concurrency-2	1.24GB ± 1%	1.24GB ± 1%	~	(p=0.128 n=7+7)
ComputeBlock/16/cols/128/txes/2/max-concurrency-2	1.29GB ± 1%	1.29GB ± 1%	~	(p=0.836 n=6+7)
pkg:github.com/onflow/flow-go/fvm goos:linux goarch:amd64
RuntimeTransaction/get_account_and_get_storage_used-2	38.3MB ± 2%	37.3MB ± 5%	−2.64%	(p=0.026 n=7+7)
	allocs/op		delta
pkg:github.com/onflow/flow-go/fvm goos:linux goarch:amd64
RuntimeTransaction/reference_tx-2	92.4k ± 0%	92.4k ± 0%	~	(p=0.274 n=7+7)
RuntimeTransaction/convert_int_to_string-2	105k ± 0%	105k ± 0%	~	(p=0.148 n=6+7)
RuntimeTransaction/convert_int_to_string_and_concatenate_it-2	116k ± 0%	116k ± 0%	~	(p=0.052 n=7+7)
RuntimeTransaction/get_signer_address-2	96.5k ± 0%	96.5k ± 0%	~	(p=0.087 n=6+6)
RuntimeTransaction/get_public_account-2	121k ± 0%	121k ± 0%	~	(p=0.597 n=7+7)
RuntimeTransaction/get_account_and_get_balance-2	1.33M ± 0%	1.33M ± 0%	~	(p=0.318 n=7+7)
RuntimeTransaction/get_account_and_get_available_balance-2	1.29M ± 0%	1.29M ± 0%	~	(p=0.435 n=7+7)
RuntimeTransaction/get_account_and_get_storage_capacity-2	1.16M ± 0%	1.16M ± 0%	~	(p=0.945 n=7+6)
RuntimeTransaction/get_signer_vault-2	137k ± 0%	137k ± 0%	~	(p=0.736 n=7+7)
RuntimeTransaction/get_signer_receiver-2	223k ± 0%	223k ± 0%	~	(p=0.731 n=7+6)
RuntimeTransaction/transfer_tokens-2	863k ± 0%	863k ± 0%	~	(p=0.383 n=7+6)
RuntimeTransaction/load_and_save_empty_string_on_signers_address-2	143k ± 0%	143k ± 0%	~	(p=0.350 n=6+7)
RuntimeTransaction/load_and_save_long_string_on_signers_address-2	226k ± 0%	226k ± 0%	~	(p=0.535 n=7+7)
RuntimeTransaction/create_new_account-2	2.36M ± 0%	2.36M ± 0%	~	(p=0.456 n=7+7)
RuntimeTransaction/call_empty_contract_function-2	110k ± 0%	110k ± 0%	~	(p=0.139 n=7+7)
RuntimeTransaction/emit_event-2	151k ± 0%	151k ± 0%	~	(p=0.620 n=7+7)
RuntimeTransaction/borrow_array_from_storage-2	372k ± 0%	372k ± 0%	~	(p=0.628 n=7+6)
RuntimeTransaction/copy_array_from_storage-2	304k ± 0%	304k ± 0%	~	(p=0.512 n=7+7)
pkg:github.com/onflow/flow-go/engine/execution/computation goos:linux goarch:amd64
ComputeBlock/16/cols/128/txes/2/max-concurrency-2	18.4M ± 0%	18.4M ± 0%	~	(p=0.710 n=7+7)
pkg:github.com/onflow/flow-go/fvm goos:linux goarch:amd64
RuntimeTransaction/get_account_and_get_storage_used-2	132k ± 0%	132k ± 0%	−0.01%	(p=0.023 n=7+7)
pkg:github.com/onflow/flow-go/engine/execution/computation goos:linux goarch:amd64
ComputeBlock/16/cols/128/txes/1/max-concurrency-2	17.8M ± 0%	17.8M ± 0%	−0.03%	(p=0.001 n=7+7)
pkg:github.com/onflow/flow-go/fvm goos:linux goarch:amd64
RuntimeNFTBatchTransfer-2	282k ± 0%	281k ± 0%	−0.28%	(p=0.022 n=6+7)
	us/tx		delta
pkg:github.com/onflow/flow-go/engine/execution/computation goos:linux goarch:amd64
ComputeBlock/16/cols/128/txes/1/max-concurrency-2	2.49k ± 0%	2.49k ± 1%	~	(p=1.000 n=6+7)
ComputeBlock/16/cols/128/txes/2/max-concurrency-2	2.64k ± 1%	2.64k ± 1%	~	(p=0.685 n=7+7)

[codecov-commenter]

Codecov Report

Merging #4052 (8e21991) into master (2528190) will decrease coverage by 1.86%.
The diff coverage is 46.64%.

@@            Coverage Diff             @@
##           master    #4052      +/-   ##
==========================================
- Coverage   56.25%   54.40%   -1.86%     
==========================================
  Files         653      914     +261     
  Lines       64699    85199   +20500     
==========================================
+ Hits        36396    46351    +9955     
- Misses      25362    35263    +9901     
- Partials     2941     3585     +644     

Flag	Coverage Δ
unittests	54.40% <46.64%> (-1.86%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
cmd/scaffold.go	14.83% <0.00%> (+0.06%)	⬆️
engine/access/rpc/backend/backend_transactions.go	46.07% <0.00%> (-0.08%)	⬇️
model/flow/identifierList.go	22.36% <0.00%> (+0.84%)	⬆️
model/verification/chunkDataPackRequest.go	43.75% <0.00%> (-6.25%)	⬇️
module/metrics/herocache.go	0.00% <0.00%> (ø)
module/metrics/network.go	0.00% <0.00%> (ø)
module/metrics/noop.go	0.00% <0.00%> (ø)
network/p2p/inspector/internal/cache/cache.go	64.70% <ø> (ø)
network/p2p/middleware/middleware.go	1.71% <0.00%> (ø)
network/p2p/p2pbuilder/libp2pNodeBuilder.go	0.00% <0.00%> (ø)
... and 26 more

... and 245 files with indirect coverage changes

[peterargue]

looks good

[tarakby]

@peterargue I'm thinking of adding a Makefile target that checks math/rand is not used in any production code and that is required to pass for PR merging. While this current PR removes all the package usage, I'm confident it will make its way back to the repo in the next months if we don't enforce it somehow 😄 What do you think?

[Update]: I added this check.

[yhassanzadeh13]

Thanks for the refactoring. I reviewed mostly the relevant parts to my domain.

[yhassanzadeh13]

Looks great; thanks for refactoring.