The chemical reaction known as “rust” has long been an enemy of the U.S. military as it threatens many items made of metal, from small arms to warships. By contrast, the general-purpose programming language known as “Rust” has been praised for its performance and memory safety. It could also prove to be a solution to addressing the memory-safe issues in the legacy C and C++ languages.
The Defense Advanced Research Projects Agency announced it has launched the Translating All C to Rust (TRACTOR) program.
“It’s not enough to rely on bug-finding tools. The preferred approach is to use ‘safe’ programming languages that can reject unsafe programs at compile time, thereby preventing the emergence of memory safety issues,” wrote Dr. Dan Wallach, program manager at DARPA’s information innovation officer (I2O).
The TRACTOR program now seeks to automate the translation of legacy C code to Rust, and the goal of this effort is to achieve the same quality and style that a skilled Rust developer would produce, Wallach added. That could eliminate the entire class of memory safety security vulnerabilities present in C programs.
“This program may involve novel combinations of software analysis, such as static analysis and dynamic analysis, and machine learning techniques like large language models,” Wallach further suggested.
Creating Memory-Safe Coding
DARPA’s effort follows calls from the White House Office of the National Cyber Director (ONCD) and the Cybersecurity and Infrastructure Security Agency (CISA) to adopt Rust or other modern languages to address the issue of memory safety vulnerabilities. CISA warned last year that up to two-thirds of all software vulnerabilities could be linked to a lack of memory-safe coding.
“This is a pretty interesting project and is likely to have a good payoff over the long haul,” suggested Dr. Jim Purtilo, associate professor of computer science at the University of Maryland.
The issue is that any stray pointer that could let code corrupt memory will pose a risk, which necessitates the need for memory-safe code.
“The impact may be subtle, it might be dramatic system failure or it might mean the start of a more aggressive system intrusion,” Purtilo told ClearanceJobs. “C programs let it all hang out, as it were, and can be prone to memory issues accordingly. We’ve dealt with such things since the beginning of programming time, but the task only gets more difficult as our applications grow in recent years.”
This helps explain why memory-safe Rust is now seen as a great alternative.
“You can still manufacture spectacular bugs in Rust, but you have to work harder to do so, and in particular Rust systems will flag memory issues during development, which is where we’d like to deal with them,” Purtilo added. “Letting them lurk until deployment means we may have to spend lavishly to track obscure defects.”
DARPA Calling on Coders
DARPA’s TRACTOR program is now calling upon skilled Rust programmers to make the transition a bit easier, by hosting public competitions to test LLM-powered tools to help translate some of the code.
“You can go to any of the LLM websites, start chatting with one of the AI chatbots, and all you need to say is ‘here’s some C code, please translate it to safe idiomatic Rust code,’ cut, paste, and something comes out, and it’s often very good, but not always,” said Wallach, who is now serving as the TRACTOR program manager. “The research challenge is to dramatically improve the automated translation from C to Rust, particularly for program constructs with the most relevance.”
As Wallach noted, DARPA is already anticipating proposals that could include novel combinations of software analysis, such as static and dynamic analysis, and LLMs.
“Rust forces the programmer to get things right,” said Wallach. “It can feel constraining to deal with all the rules it forces, but when you acclimate to them, the rules give you freedom. They’re like guardrails; once you realize they’re there to protect you, you’ll become free to focus on more important things.”
It may not result in a perfect solution, however, but could be a much-needed step in the right direction.
“Converting C programs to Rust is something of a lateral move, but it makes sense,” Purtilo continued. “A lot of latent defects will emerge during conversion, and this in itself will let developers improve quality, but the real win is likely to be in doing maintenance on those apps later. When programmers extend a program for new functionality, they often don’t have a sense of all the assumptions made by the original programmers with respect to data and memory. That’s where major defects creep in. But having that code base in Rust means you’ll avoid a whole class of possible defects right from the start.”
The program will kick off on August 26 with a Proposers Day, where interested software engineers can attend in person or virtually. Participants will need to register by August 19, and details and registration information have been posted to SAM.Gov.