My recollection is that Larry Wehr ran nm on the compiler, possibly in response to the extra-byte quirk, and found a subroutine reference with no appearance in the source. If Ken hadn't kept the code so modular, they might never have noticed.

On Mon, Sep 20, 2021 at 9:53 AM Ken Thompson <kenbob@gmail.com> wrote:

pwb recompiled the compiler and it got 1 byte larger.
again, another byte. after that they played with it
until they broke the quine part. i am not sure that
if they ever realized what was going on.

the extra byte was my bug.


On Mon, Sep 20, 2021 at 4:58 AM Douglas McIlroy <douglas.mcilroy@dartmouth.edu> wrote:
>> > It's part of my academic project to work on provable compiler security.
>> > I tried to do it according to the "Reflections on Trusting Trust" by Ken
>> > Thompson, not only to show a compiler Trojan horse but also to prove that
>> > we can discover it.
>>
>> Of course it can be discovered if you look for it. What was impressive about
>> the folks who got Thompson's compiler at PWB is that they found the horse
>> even though they weren't looking for it.

> I had not heard this story. Can you elaborate, please? My impression from having
> read the paper (a long time ago now) is that Ken did the experiment locally only.

Ken did it locally, but a vigilant person at PWB noticed there was an
experimental
compiler on the research machine and grabbed it. While they weren't looking for
hidden stuff, they probably were trying to find what was new in the
compiler. Ken
may know details about what they had in the way of source and binary.

Doug