upvote
This was done with mrustc, which produced byte identical output.
reply
Better than that, you can get a bootstrapped rust from the Guix project, which has bootstrapped its entire system from source code from only a tiny verifiable binary.
reply
It's not diverse in that case - it's the same compiler source compiled to binaries twice - it's just that with one compiler you've gone via a C intermediate representation. For the purposes of diversity it's the same as compiling rustc with the cranelift/gcc backend.
reply
From a "trusting trust" point of view, compiling rustc-translated-to-C with a C compiler (and comparing the result to normally-compiled rustc) is a valid demonstration, because we're again starting from code and can eliminate the possibility of a binary-resident compromise.

The actual issue here is that the translation was done using a rustc backend, and therefore an existing rustc binary which could be compromised and inject a "if (user=="wmanley") {...}" that isn't present in the original Rust code. If cilly was completely standalone (like mrustc), or if you had a rustc+cilly build you trusted, there would be no issue.

reply
reply
The sole and entire purpose of Diverse Double-Compiling is addressing Thompson's Trusting Trust: https://dwheeler.com/trusting-trust/
reply
I didn't know there's a solution, thanks!
reply
Reflections on Trusting TRust.
reply
Awesome idea!
reply