Opened 12 months ago

Last modified 2 months ago

#22769 new task

Investigate the reproducibility of Rust binaries

Reported by: isis Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: rust, SponsorZ, 034-triage-20180328, 034-removed-20180328
Cc: mcs, boklm, acrichton@…, gk, infinity0, chelseakomlo Actual Points:
Parent ID: Points: 3
Reviewer: Sponsor: SponsorV

Description

If we are going to start writing more Tor things in Rust, it would be nice to understand the reproducibility of binaries created with rustc. I suspect the Tor Browser Team would also be interested in having these results, since parts of Firefox are now written in Rust, and soon (ESR 58?) it will no longer be optional to use them.

Note: this ticket is not about the reproducibility of rustc iteself. That is an extremely deep rabbit hole (trust me, I have a rustc chained back to the OCaml days). Someday we may need to explore that, but that time is not now.

My approach for this task would be probably be to create a Docker instance which builds some trivial Rust program, and then run the Docker instance on different machines and compare the hashes of the binaries (then optionally investigate the differences using whatever tools like running strings and moving up to Ida or whatever).

Child Tickets

Change History (20)

comment:1 Changed 12 months ago by catalyst

Milestone: Tor: 0.3.2.x-final

comment:2 Changed 12 months ago by mcs

Cc: mcs added

comment:3 Changed 12 months ago by boklm

Cc: boklm added

comment:4 Changed 11 months ago by alexcrichton

Cc: acrichton@… added

comment:5 Changed 11 months ago by alexcrichton

Cc: acrichton@… removed

comment:6 Changed 11 months ago by alexcrichton

The upstream issue here is https://github.com/rust-lang/rust/issues/34902 and recent comments (https://github.com/rust-lang/rust/issues/34902#issuecomment-314078652) may mean that rustc may effectively have those done!

comment:7 Changed 11 months ago by alexcrichton

Cc: acrichton@… added

comment:8 Changed 11 months ago by gk

Cc: gk added

comment:9 Changed 11 months ago by isis

Cc: infinity0 added

The upstream issue that Alex mentioned is being worked on quite a lot by Ximin, so I'm adding him to the CC. (Hope that's okay, and feel free to unsubscribe, Ximin!)

comment:10 Changed 11 months ago by infinity0

Sure that's OK. I'll just note though that the ticket linked is about reproducibility of rustc itself (the "extremely deep rabbit hole"), which probably is a super-set of the original goal.

For example, cargo is already reproducible (when not varying build-paths). However, it's possible that compilation of cargo and rustc only exercise "some parts" of rustc, whereas more complex programs might exercise rustc in different ways that reveal other unreproducible behaviour. You'll have to run tests and see.

comment:11 Changed 11 months ago by chelseakomlo

Cc: chelseakomlo added

comment:12 Changed 9 months ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

comment:13 Changed 9 months ago by cypherpunks

Last edited 5 months ago by cypherpunks (previous) (diff)

comment:14 Changed 8 months ago by manish.earth

There's a lot of work done by a contributor in investigating exactly what things cause irreproducibility in Rust.

You can find this at https://users.rust-lang.org/t/testing-out-reproducible-builds/9758 , along with instructions for making it work reproducibly in qemu.

comment:15 Changed 8 months ago by infinity0

Thanks. :) In fact he contacted me (as part of the reproducible builds team) back when he wrote this article, and we mentioned him on our weekly blog post: https://reproducible.alioth.debian.org/blog/posts/97

I wonder why his post is only just getting a lot more visibility now, funny how the media goes.

comment:16 Changed 8 months ago by nickm

Sponsor: SponsorZSponsorV

comment:17 Changed 5 months ago by dgoulet

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final

Moving a bunch of tickets from 033 to 034.

comment:18 Changed 3 months ago by nickm

Keywords: 034-triage-20180328 added

comment:19 Changed 3 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:20 Changed 2 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

Note: See TracTickets for help on using tickets.