I've read this incredible 3-page paper many times over the last few years, but I'm still not sure I grasp all its implications. The author fits three amazing demonstrations into this short paper, each building on the previous one:

  • How to create a program that prints its own source code as output
  • The bizarre semantics of compiling compilers written in their own language (e.g. the C compiler is written in C).
  • And finally, how even if you build a program from source code, the compiler you use can inject malicious code into the program during the compilation process.

The ultimate goal is to show how difficult it is to trust software, even if you build it yourself:

The  moral  is  obvious.  You can't  trust code  that  you did not  totally create yourself. (Especially code  from  companies  that employ people like me.) No  amount  of source-level verification or  scrutiny will protect  you from  using  untrusted  code.