|
|
|
|
|
|
by Xylakant
991 days ago
|
|
|
Reflections on trusting trust is a great paper, but it's not the reason to have certified compilers. There are better steps to build a trust-root for your compiler, for example bootstrapping the rust compiler from source, by either starting out from the early versions or by using mrustc. Certification aims to solve a different, but maybe related, problem. Essentially "how do we verify that the compiler does what it's supposed to do." At its very basic level, it could be described as formalized qualitiy management. So certifying the rust compiler first involved deriving a sufficiently complete spec from the existing RFCs, deriving the requirements for the compiler from that and then verifying that the compiler upholds that. It also requires describing the verification process, issue managegment handling, etc. We have another blog post describing the qualification process in a little more detail https://ferrous-systems.com/blog/qualifying-rust-without-for... Disclosure: I'm one of the founders and managing directors at Ferrous Systems |
|
|