Opened 8 months ago

Last modified 3 weeks ago

#22769 new task

Investigate the reproducibility of Rust binaries

Reported by: isis Owned by:
Priority: Medium Milestone: Tor: 0.3.4.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: rust, SponsorZ
Cc: mcs, boklm, acrichton@…, gk, infinity0, chelseakomlo Actual Points:
Parent ID: Points: 3
Reviewer: Sponsor: SponsorV


If we are going to start writing more Tor things in Rust, it would be nice to understand the reproducibility of binaries created with rustc. I suspect the Tor Browser Team would also be interested in having these results, since parts of Firefox are now written in Rust, and soon (ESR 58?) it will no longer be optional to use them.

Note: this ticket is not about the reproducibility of rustc iteself. That is an extremely deep rabbit hole (trust me, I have a rustc chained back to the OCaml days). Someday we may need to explore that, but that time is not now.

My approach for this task would be probably be to create a Docker instance which builds some trivial Rust program, and then run the Docker instance on different machines and compare the hashes of the binaries (then optionally investigate the differences using whatever tools like running strings and moving up to Ida or whatever).

Child Tickets

Change History (17)

comment:1 Changed 8 months ago by catalyst

Milestone: Tor: 0.3.2.x-final

comment:2 Changed 8 months ago by mcs

Cc: mcs added

comment:3 Changed 8 months ago by boklm

Cc: boklm added

comment:4 Changed 7 months ago by alexcrichton

Cc: acrichton@… added

comment:5 Changed 7 months ago by alexcrichton

Cc: acrichton@… removed

comment:6 Changed 7 months ago by alexcrichton

The upstream issue here is and recent comments ( may mean that rustc may effectively have those done!

comment:7 Changed 7 months ago by alexcrichton

Cc: acrichton@… added

comment:8 Changed 7 months ago by gk

Cc: gk added

comment:9 Changed 7 months ago by isis

Cc: infinity0 added

The upstream issue that Alex mentioned is being worked on quite a lot by Ximin, so I'm adding him to the CC. (Hope that's okay, and feel free to unsubscribe, Ximin!)

comment:10 Changed 7 months ago by infinity0

Sure that's OK. I'll just note though that the ticket linked is about reproducibility of rustc itself (the "extremely deep rabbit hole"), which probably is a super-set of the original goal.

For example, cargo is already reproducible (when not varying build-paths). However, it's possible that compilation of cargo and rustc only exercise "some parts" of rustc, whereas more complex programs might exercise rustc in different ways that reveal other unreproducible behaviour. You'll have to run tests and see.

comment:11 Changed 7 months ago by chelseakomlo

Cc: chelseakomlo added

comment:12 Changed 5 months ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

comment:13 Changed 5 months ago by cypherpunks

Last edited 5 weeks ago by cypherpunks (previous) (diff)

comment:14 Changed 4 months ago by

There's a lot of work done by a contributor in investigating exactly what things cause irreproducibility in Rust.

You can find this at , along with instructions for making it work reproducibly in qemu.

comment:15 Changed 4 months ago by infinity0

Thanks. :) In fact he contacted me (as part of the reproducible builds team) back when he wrote this article, and we mentioned him on our weekly blog post:

I wonder why his post is only just getting a lot more visibility now, funny how the media goes.

comment:16 Changed 4 months ago by nickm

Sponsor: SponsorZSponsorV

comment:17 Changed 3 weeks ago by dgoulet

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final

Moving a bunch of tickets from 033 to 034.

Note: See TracTickets for help on using tickets.