I have a product that lets game developers create games. Inside of their games they are required to give all the elements of their games GUIDs. I’ve told them that they need to generate their guids using a specific mechanism, but they seem to think that it won’t cause any issues. What I’m concerned about is GUID collisions between games.
Some developers just sequentially increment the last digit of their GUID, others zero out the last block and increment other parts, well others just pull together a random armada of numbers and letters for each one.
My argument is that by doing this it dramatically increases the risk of colliding with other games that are both following the standard, and those that don’t.
Just as a heads up there are potentially hundreds of thousands of GUIDs involved here.
Am I right in thinking this, or is it really improbable that this will really happen?
14
Since you’re not in control of guid creation you need to expect that there will be a collision at some point (if there isn’t one already) and you have to expect that there will be novice developers who don’t see why starting at 1 and counting up is a problem.
To make it impossible you would have to issue all the guids yourself.
But, since people can access other people’s objects purely by a single ID, you also have a big security hole waiting to be exploited and depending on how you choose to fix that, this problem will may wind up a moot point.
3
I’ve told them that they need to generate their guids using a specific
mechanism
Are you in power? Reject code not using your mechanism.
If using the mechanism is a requirement then it’s bad developers don’t use it. But you might want to give them an easy implementation.
Btw. if your product lets’ programmers create games why not let your product generate the guids?
There’s a couple of things to note.
You will have collisions. Even if they are mathematically improbable, they’re still possible. And given Murphy’s Law, you will end up seeing the improbable become reality at the most inconvenient time, like when you’re trying to final. If you’re using any kind of hashing algorithm, you need to be aware that you will at some point have hash collision, and need a process to fix it. This is quite often just adding more, unique information into the hash.
If you’re letting people generate their own hash’s ids. You’re in for a world of hurt. There needs to be one way of hashing data, and that way needs to provide enough “uniqueness” to minimize collisions. Either that or you use a centralized GUID factory that doles out unique GUIDs. Of course, there are various threading issues with this approach.
Although you could simply have a GUID factory per thread, and give each GUID factory a different starting point a few billion id’s apart from each other. This can also be a handy way to work out which thread exploded.
The real answer to “which approach” you should take should come from how your resource system works. If you’re using a centralized asynchronous resource system (and you should be), you can assign GUID’s at that point. If you’re creating random objects all over the shop in various threads, then you’re going to have to go with one of the other options above.
3