Reflections on Trusting Trust

I’m working a project to add a bug to Clang that is inspired by Ken Thompson’s famous article. My question is where in clang should I edit to add source to the input source? I need my added source to be internal to clang so that when I compile normal clang with my binary the bug will still exist in the new compiler.

Best,
Willem Wyndham
Phd Student UMD, College Park

I'm working a project to add a bug to Clang that is inspired by Ken Thompson's famous article. My question is where in clang should I edit to add source to the input source? I need my added source to be internal to clang so that when I compile normal clang with my binary the bug will still exist in the new compiler.

You probably want to examine and transform the Abstract Syntax Tree (AST) instead of the program's actual source. I have not worked with the Clang libraries myself, but from what I understand, Clang provides something like LLVM's transform passes for modifying the AST.

Clang has some bug detection code that you could look at; this would help you learn how to examine the AST.

Regards,

John Criswell