Paul Winalski <paul.winalski(a)gmail.com> wrote:
To get complete build reproducibility, your compiler
writers have to
be careful. It's very easy to introduce random variability that
doesn't affect the performance or semantics of the program.
The GNU compilers are already tested for complete reproducibility. We
at Cygnus Support built that infrastructure back in the 1990s, when we
made gcc into a cross-compiler (compiling on any architecture + OS,
targeting any other). We built the Deja Gnu test harness, and some
compiler/assembler/linker test suites, that rebuilt not just our own
tools, but also a test suite with hundreds or thousands of programs. We
compared their binaries until they were bit-for-bit identical when built
on many different host machines of different architectures.
To make it work, we had to fix many bugs and misfeatures, including even
some high-level design bugs, like object file formats that demanded a
timestamp (we decided that 0 was a fine timestamp). A few of those bugs
involved generating different but working instruction sequences -- I
recall fixing one that depended on an uninitialized local variable.
I have not been involved in the release process for gcc or other GNU
tools for many years, but I believe that these tests are still in use --
because the maintainers care. If *your* compiler isn't reproducible,
why not switch to a free software one that is?
The Reproducible Builds effort is standing on the shoulders of many
others who came before, and who value deterministic computer behavior
and access to the matching source code of the binaries that users
depend upon.
John Gilmore