There is a pure-Rust compiler backend in the works, but that's going to take a long time to mature so it's just pragmatic to use LLVM in the meantime. Especially since the exploitation potential is pretty contrived in this case - if you compile compromised code then you're probably owned anyway, regardless of the backends memory safety.
Thankfully the “trust” you need out of a compiler is very very different. It would be closer to claiming you need to compile it on a Rust OS too because you’re trusting a large C/C++ app.
Separation of concerns solves this because the compiler has minimal impact on the trustedness of the code the Rust compiler generates. Indeed, one would expect that all the ways that the LLVM compiler fails are ways any Rust implementation would fail too - by generating the wrong code which is rarely if ever due to memory safety or thread safety issues. There may be other reasons to write the compiler backend in Rust but I wouldn’t put the trust of compiled Rust code as anywhere near the top of reasons to do that.
There is a pure-Rust compiler backend in the works, but that's going to take a long time to mature so it's just pragmatic to use LLVM in the meantime. Especially since the exploitation potential is pretty contrived in this case - if you compile compromised code then you're probably owned anyway, regardless of the backends memory safety.
What is the concern with LLVM? I'm asking because I genuinely don't know.
I think the issue he's pointing at is that LLVM is itself written in C++ - so the entire "trusted" Rust toolchain depends on trusting a huge C++ app.
Thankfully the “trust” you need out of a compiler is very very different. It would be closer to claiming you need to compile it on a Rust OS too because you’re trusting a large C/C++ app.
Separation of concerns solves this because the compiler has minimal impact on the trustedness of the code the Rust compiler generates. Indeed, one would expect that all the ways that the LLVM compiler fails are ways any Rust implementation would fail too - by generating the wrong code which is rarely if ever due to memory safety or thread safety issues. There may be other reasons to write the compiler backend in Rust but I wouldn’t put the trust of compiled Rust code as anywhere near the top of reasons to do that.
I would assume that because it is written in unsafe C++, it creates technical debt that should addressed rather soon.