DARPA proposes using AI to automatically convert old C code into Rust for memory safety
To accelerate the transition to memory-safe programming languages, DARPA is developing TRACTOR, a programmatic code conversion vehicle that uses machine-learning tools to automate the conversion of legacy C code into Rust. This initiative aims to improve software security by reducing memory-related vulnerabilities.
The reason for this project is memory safety. Memory safety bugs, such as buffer overflows, account for most major vulnerabilities in large codebases. DARPA hopes AI models can help with language translation to make software more secure.
Tech giants like Google and Microsoft have been promoting the use of languages other than C and C++ that don’t require manual memory management. The software engineering community has reached a consensus: relying on bug-finding tools is not enough. Instead, there’s a need for programming languages that prioritize memory safety.
Rust, which has memory safety built-in, is gaining popularity for low-level systems programming. Initiatives like Prossimo aim to rewrite critical code in Rust to reduce security risks.
DARPA’s TRACTOR project aims to develop machine-learning tools that can automate the conversion of legacy C code into Rust. The research challenge is to improve automated translation from C to Rust, particularly for program constructs with relevance.
The private sector has pushed back against DARPA’s characterization, arguing that proper adherence to ISO standards and diligent application of testing tools can achieve comparable results without reinventing everything in Rust. However, the software engineering community has reached a consensus: memory safety is crucial.
Rust can help make software more secure, but it’s not a cure-all. Five Eyes agencies urge organizations to use memory-safe programming languages. The NSA recommends that organizations use memory-safe programming languages like Rust.
Peter Morales, CEO of Code Metal, believes the DARPA project is well-timed and will have a significant impact in the cybersecurity space where memory safety is already a major conversation. However, he notes that all languages are about trade-offs, and C and C++ may still be suitable for certain tasks.
The TRACTOR project’s goal is to achieve high automation levels, requiring overcoming technical challenges like bridging gaps between C and Rust. DARPA will hold an event on August 26, 2024, for those planning to submit proposals for the TRACTOR project.
Source: https://www.theregister.com/2024/08/03/darpa_c_to_rust/