Here’s information specific to the Tiny C Compiler (tcc or TinyCC), originally developed by Fabrice Bellard. I used this small compiler for a lot of my work. tcc is Free-libre / open source software, so it can be reviewed and modified by anyone, and its small size also had many advantages for me.
For more on tcc, see tinycc.org and the Tiny C compiler (tcc) project page on Savannah (mailing list especially). Note that Fabrice Bellard, tcc's creator, is busy with other projects; Rob Landley has a tcc fork (see his code and Mercurial log). You can also see the Wikipedia entry on the Tiny C Compiler (tcc).
In any scientific work it’s important to be able to duplicate the work. If you want to duplicate my ACSAC work, here are copies of tcc-0.9.20.tar.gz, tcc-0.9.21.tar.gz, and tcc-0.9.22.tar.gz, along with tcc-bugfix.txt; that should be enough to let you duplicate what I did. You can even download my script retrust; it's a very messy script that does more than necessary, but it does perform the entire test automatically (as well as some other tests to show the impact of various changes). I didn't use it for the paper, but you can also get tcc-0.9.23.tar.gz on this site
I had two problems with tcc as described in the ACSAC paper. One was a typecasting bug; David Heine has posted a patch, which was later included in Landley's fork (along with a test case). The other was a failure to zero some bits of long double values; Landley's fork includes a patch from Felix Nawothnig to zero the high bits of long double floating point constants.
Since the ACSAC paper, I've submitted a number of patches to tcc to fix problems.
Most of my patches weren't really developed by me all; they were fixes originally developed by grischka, but they were never polished into a mergeable form. He posted a single mega-patch, which is almost never a good idea. I then extracted some stuff I needed from that mega-patch, turning them into a bunch of single-purpose patches that could actually be sensibly merged:
I didn't extract everything; grischka-todo.txt lists what is missing.
Other things I did:
Feel free to go back to the main page about trusting trust. You can also view my book on writing secure programs, FlawFinder, or my home page.