A permuted congruential generator is a pseudorandom number generationalgorithm developed in 2014 which applies an output permutation function to improve the statistical properties of a modulo-2nlinear congruential generator. It achieves excellent statistical performance with small and fast code, and small state size. A PCG differs from a classical linear congruential generator in three ways:
the LCG modulus and state is larger, usually twice the size of the desired output,
it uses a power-of-2 modulus, which results in a particularly efficient implementation with a full period generator and unbiased output bits, and
the state is not output directly, but rather the most significant bits of the state are used to select a bitwise rotation or shift which is applied to the state to produce the output.
It is the variable rotation which eliminates the problem of a short period in the low-order bits that power-of-2 LCGs suffer from.
Variants
The PCG family includes a number of variants. The core LCG is defined for widths from 8 to 128 bits, although only 64 and 128 bits are recommended for practical use; smaller sizes are for statistical tests of the technique. The additive constant in the LCG can be varied to produce different streams. The constant is an arbitrary odd integer, so it does not need to be stored explicitly; the address of the state variable itself can be used. There are several different output transformations defined. All perform well, but some have a larger margin than others. They are built from the following components:
RR: A random rotation, with output half the size of input. Given a 2b-bit input word, the top b−1 bits are used for the rotate amount, the next-most-significant 2b−1 bits are rotated right and used as the output, and the low 2b−1+1−b bits are discarded.
RS: A random shift, for cases where rotates are more expensive. Again, the output is half the size of the input. Beginning with a 2b-bit input word, the top b−3 bits are used for a shift amount, which is applied to the next-most-significant 2b−1+2b−3−1 bits, and the least significant 2b−1 bits of the result are output. The low 2b−1−2b−3−b+4 bits are discarded.
XSH: An xorshift operation, x ^= x >> constant. The constant is chosen to be half of the bits not discarded by the next operation.
XSL: A simplified version of xorshift, folding the value in half by XORing the high half into the low. The folded value is used for subsequent rotations.
RXS: An xorshift by a random amount.
M: A multiply by a fixed constant.
These are combined into the following recommended output transformations, illustrated here in their most common sizes:
XSH-RR: An xorshift mixes some high-order bits down, then bits 63–59 select a rotate amount to be applied to bits 27–58.
: ' count = ; x ^= x >> 18; return rotr32;.
XSH-RS: Similar, but fewer bits select the shift amount.
: ' count = ; x ^= x >> 22; return ;.
XSL-RR: A simplified version of XSH-RR, this is optimized for 128-bit states implemented using two words on 64-bit machines.
: ' count = ; x64 = ; return rotr64;
RXS-M-XS: The slowest and strongest output transformation when used to produce half-size output, this becomes the weakest when used as intended, to produce an output the same size as the state. For use when the state size must be limited to 32 or 64 bits.
: ' count=; x ^= x >> ; x *= 277803737u; return x ^ ;
: ' count=; x ^= x >> ; x *= 12605985483714917081u; return x ^ ;
XSL-RR-RR: Similar to the preceding, this turns 128 bits of state into 128 bits of output, when the application demands it.
Each step of these output transformations is either invertible or a truncation, so their composition maps the same fixed number of input states to each output value. This preserves the equidistribution of the underlying LCG. Finally, if a cycle length longer than 2128 is required, the generator can be extended with an array of sub-generators. One is chosen to be added to the main generator's output, and every time the main generator's state reaches zero, the sub-generators are cycled in a pattern which provides a period exponential in the total state size.
Example code
The generator recommended for most users is PCG-XSH-RR with 64-bit state and 32-bit output. It can be implemented as:
The generator applies the output transformation to the initial state rather than the final state in order to increase the available instruction-level parallelism to maximize performance on modern superscalar processors. A slightly faster version eliminates the increment, reducing the LCG to a multiplicative generator with a period of only 262, and uses the weaker XSH-RS output function:
The time saving is minimal, as the most expensive operation remains, so the normal version is preferred except in extremis. Still, this faster version also passes statistical tests. When executing on a 32-bit processor, the 64×64-bit multiply must be implemented using three 32×32→64-bit multiply operations. To reduce that to two, there are 32-bit multipliers which perform almost as well as the 64-bit one, such as 0xf13283ad, or 0xf2fc5985.
PCG was developed by applying TestU01 to reduced-size variants, and determining the minimum number of internal state bits required to pass BigCrush. BigCrush examines enough data to detect a period of 235, so even an ideal generator requires 36 bits of state to pass it. Some very poor generators can pass if given a large enough state; passing despite a small state is a measure of an algorithm's quality, and shows how large a safety margin exists between that lower limit and the state size used in practical applications. PCG-RXS-M-XS passes BigCrush with 36 bits of state, PCG-XSH-RR requires 39, and PCG-XSH-RS requires 49 bits of state. For comparison, xorshift*, one of the best of the alternatives, requires 40 bits of state, and Mersenne twister fails despite 19937 bits of state.