Are there any type safe languages with deterministic compilers?

Question

This article about BIND9 concludes with the statement:

The point I'm trying to make here is that BIND9 should not be exposed to the public. It has code problems that should be unacceptable in this day and age of cybersecurity. Even if it were written perfectly, it has far too many features to be trustworthy. Its feature-richness makes it a great hidden master, it's just all those feature get in the way of it being a simple authoritative slave server, or a simple resolver. They shouldn't rewrite it from scratch, but if they did, they should choose a safe language and not use C/C++.

When investigating C#, I see this by Eric Lippert, saying that C# will never compile to the exact same binary due to changes in the MVID column.

Question

Is there any combination of a type safe programming language and compiler that results in deterministic builds?

Answer 1

There are tools to make builds deterministic. However it is not as simple as picking the correct language and compiler. You also have to eliminate all sources of non-determinism from the build. This mostly consists of time stamps and check sums. See https://reproducible-builds.org/docs/deterministic-build-systems/ for a more complete list of non-determinism.

Reproducible-Builds also lists several projects who use deterministic builds (https://reproducible-builds.org/who/). I noticed that a few used a combination of c or c++ and Gitian (https://github.com/devrandom/gitian-builder) using build scripts that strip non-determinism. For an example read the instructions for bitcoin core https://github.com/bitcoin/bitcoin/blob/master/doc/gitian-building.md.