DARPA wants to automate translating all C code to Rust.
DARPA is going to have a "Hybrid Proposers Day" August 26th, 2024, 10am to 2pm, in Arlington, Virginia, for potential contractors to propose solutions to "Translating All C to Rust (TRACTOR)".
"Buffer overflow vulnerabilities and other related 'memory safety' software flaws allow an attacker to inject messages that hijack control of a computer. These vulnerabilities are only possible because programs written in C and C++ don't force their developers to check conditions, such as array bounds or pointer arithmetic, for correctness. Google and Microsoft have estimated that 70% of their security vulnerabilities stem from these and other related memory safety issues. While there are a variety of approaches to mitigate these risks, newer languages, like Rust, can completely eliminate them while preserving efficiency. Unfortunately, significant and expensive manual effort is required to rewrite legacy code into idiomatic Rust."
"After at least two decades of experience applying sophisticated tools towards mitigating memory safety issues in C and C++, the software engineering community has largely concluded that bug finding tools are not sufficient. Rather, the consensus is that it is preferable to use 'safe' programming languages that reject unsafe programs at compile time."
"The TRACTOR program aims to achieve a high degree of automation towards translating legacy C to Rust, with the same quality and style that a skilled Rust developer would employ, thereby permanently eliminating the entire class of memory safety security vulnerabilities present in C programs. Performers might employ novel combinations of software analysis (e.g., static analysis and dynamic analysis), and machine learning techniques (e.g., large language models)."
Translating All C to Rust (TRACTOR)
#solidstatelife #ai #genai #llms #programmingnlanguages #computerscience