Opened 3 months ago

Last modified 7 days ago

#22769 new task

Investigate the reproducibility of Rust binaries

Reported by: isis Owned by:
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: rust, SponsorZ
Cc: mcs, boklm, acrichton@…, gk, infinity0, chelseakomlo Actual Points:
Parent ID: Points: 3
Reviewer: Sponsor: SponsorZ


If we are going to start writing more Tor things in Rust, it would be nice to understand the reproducibility of binaries created with rustc. I suspect the Tor Browser Team would also be interested in having these results, since parts of Firefox are now written in Rust, and soon (ESR 58?) it will no longer be optional to use them.

Note: this ticket is not about the reproducibility of rustc iteself. That is an extremely deep rabbit hole (trust me, I have a rustc chained back to the OCaml days). Someday we may need to explore that, but that time is not now.

My approach for this task would be probably be to create a Docker instance which builds some trivial Rust program, and then run the Docker instance on different machines and compare the hashes of the binaries (then optionally investigate the differences using whatever tools like running strings and moving up to Ida or whatever).

Child Tickets

Change History (13)

comment:1 Changed 3 months ago by catalyst

Milestone: Tor: 0.3.2.x-final

comment:2 Changed 3 months ago by mcs

Cc: mcs added

comment:3 Changed 3 months ago by boklm

Cc: boklm added

comment:4 Changed 2 months ago by alexcrichton

Cc: acrichton@… added

comment:5 Changed 2 months ago by alexcrichton

Cc: acrichton@… removed

comment:6 Changed 2 months ago by alexcrichton

The upstream issue here is and recent comments ( may mean that rustc may effectively have those done!

comment:7 Changed 2 months ago by alexcrichton

Cc: acrichton@… added

comment:8 Changed 2 months ago by gk

Cc: gk added

comment:9 Changed 2 months ago by isis

Cc: infinity0 added

The upstream issue that Alex mentioned is being worked on quite a lot by Ximin, so I'm adding him to the CC. (Hope that's okay, and feel free to unsubscribe, Ximin!)

comment:10 Changed 2 months ago by infinity0

Sure that's OK. I'll just note though that the ticket linked is about reproducibility of rustc itself (the "extremely deep rabbit hole"), which probably is a super-set of the original goal.

For example, cargo is already reproducible (when not varying build-paths). However, it's possible that compilation of cargo and rustc only exercise "some parts" of rustc, whereas more complex programs might exercise rustc in different ways that reveal other unreproducible behaviour. You'll have to run tests and see.

comment:11 Changed 2 months ago by chelseakomlo

Cc: chelseakomlo added

comment:12 Changed 9 days ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

comment:13 Changed 7 days ago by cypherpunks

and soon (ESR 58?)

typo I guess. It's ESR 59 :)

Last edited 7 days ago by cypherpunks (previous) (diff)
Note: See TracTickets for help on using tickets.