111
submitted 2 months ago by thomask@lemmy.sdf.org to c/rust@programming.dev
you are viewing a single comment's thread
view the rest of the comments
[-] underscores@lemmy.dbzer0.com 18 points 2 months ago

A lot of this bootstrapping stuff comes back to the 'trusting trust' attack. You could write a compiler that adds some malicious code to programs it compiles. But the thing is, it could also insert it's own malicious code when compiling a compiler. So you look at your code, and the code of your compiler, and everything looks fine, but the exploit is still there. Someone wrote an example in rust.

Theoretically there could also be bugs that propagate this way. So to fully trust your code is doing what you think it is, you'd need a chain of compilers back to hand coded assembly.

[-] livingcoder@programming.dev 3 points 2 months ago* (last edited 2 months ago)

Why would a Rust compiler written in C be more trustworthy than one written in Rust?

If the idea is that, in an ideal world, we would compile each layer of compilers from assembly-up-to-Rust for each build, that seems even more risky as then you have to trust each compiler instead of just one.

[-] underscores@lemmy.dbzer0.com 8 points 2 months ago

That's already how it is now, we just don't usually think of it that way. You can't compile rust unless you already have a rust compiler. The current version was compiled in a previous version, which was compiled in a previous version, going through a chain of older versions and other languages. Anything along that chain could've theoretically had an influence on the current compiler.

It's not about the code itself being more trustworthy. The point is that when you bootstrap, you don't have to blindly trust any of the binaries, since it's source code the whole way down. Someone could bootstrap rustc like this, compare it to the binaries that already exist, and ideally they would be identical.

[-] livingcoder@programming.dev 4 points 2 months ago

Oh, okay. Thank you for clarifying. So doesn't that mean we should never have a compiler written in the same language that it compiles? Why would we ever choose to make the mistake of using the same language? Is it ever not a mistake?

[-] underscores@lemmy.dbzer0.com 4 points 2 months ago

It makes sense that if you're designing a language, you'd like the language you made and would want to use it. It's fine for compilers like that to exist, and even be the main one used, but ideally it shouldn't be the only compiler.

But there are technically ways to bootstrap a language without writing it in another language (other than a small core in assembly or something). You could design a tiny compiler that only handles a small subset of your language, then write a better compiler using only the features available in that subset. You can do this for several layers of compilers until you have the full language.

this post was submitted on 25 Aug 2024
111 points (97.4% liked)

Rust

5980 readers
79 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS