Military researchers ask industry for ways of translating legacy software automatically from C to Rust

Sept. 11, 2024
TRACTOR seeks to use machine automation to translate legacy C to Rust, with the same quality and style that a skilled Rust developer would employ.

ARLINGTON, Va. – U.S. military researchers are asking industry to find ways of translating old software written in the C programming language automatically to the Rust programming language in efforts to enhance efficiency and resistance to cyber attacks.

Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., issued a program solicitation on Friday (DARPA-PS-24-20) for the Translating All C TO Rust (TRACTOR) program.

TRACTOR aims to achieve a high degree of automation towards translating legacy C to Rust, with the same quality and style that a skilled Rust developer would employ, in hopes of permanently eliminating the entire class of memory safety security vulnerabilities present in C programs. Performers might employ combinations of static analysis, dynamic analysis, and large machine learning language models.

The C programming language has been available since 1972, and many military software applications are written in C and its sister more-advanced programming language called C++. The C language is showing its age, and is vulnerable to modern cyber attacks.

Related: Researchers to brief industry on project to translate software written in C automatically to Rust language

Rust, on the other hand, has been available since 2015, and emphasizes performance, type safety, and concurrency. It enforces memory safety by pointing to valid memory without a garbage collector. Rust has far fewer cyber vulnerabilities than the older C language, experts say.

Buffer overflow vulnerabilities and other related memory-safety software flaws enable an attacker to inject messages that hijack control of a computer. These vulnerabilities are possible because programs written in C and C++ don’t force their developers to check conditions like array bounds or pointer arithmetic for correctness.

Newer languages like Rust can eliminate these kinds of cyber vulnerabilities completely, while preserving efficiency. Still, significant and expensive manual effort is necessary today to rewrite legacy code into Rust.

Although software experts have applied sophisticated tools in efforts to mitigate memory safety issues in C and C++, the software engineering community largely has concluded that bug-finding tools are not sufficient.

Related: MIL-STD-1553-equipped rugged computer for avionics embedded computing applications introduced by Kontron

TRACTOR has two technical areas: C to rust translation research; and theoretical translation research.

The core technical challenge of translating C to safe idiomatic Rust revolves around the ability of the C programming language to express concepts that are not allowed in safe idiomatic Rust. C programs can do pointer arithmetic or otherwise treat pointers as if they were integers.

Additionally, Rust has restrictions on how to manage mutable state because C programs cannot simply be transliterated into Rust and be expected to work correctly.

In a multi-threaded context, C programs often will include their own concurrency primitives or may depend on machine-specific memory system semantics, while Rust offers structured concurrency features that are safe and portable.

While the specific multi-threaded challenges have not yet been selected, teams should plan on supporting POSIX-style threads. Similarly, proposals should assume that “C” means “C as compiled by the current LLVM clang compiler.” Support for other C compilers is not required.

Related: Migrating safety-critical systems raises software issues

Theoretical translation, meanwhile, involves multi-threaded C programs that may depend on machine-specific memory semantics, while translating these programs to safe idiomatic Rust with all of Rust’s structured concurrency features.

Translation between C concurrency and Rust will require formal modeling tools that enable software developers to reason about equivalence of the translated code. Even defining equivalence in this context is a significant research challenge.

Companies interested should submit abstracts no later than 20 Sept. 2024 to the DARPA Broad Agency Announcement Tool (BAAT) online at https://baa.darpa.mil/Public/SecurityAgreement. Full proposals are due no later than 6 Nov. 2024 to the DARPA BAAT at https://baa.darpa.mil/Public/SecurityAgreement.

Email questions or concerns to DARPA at [email protected]. More information is online at https://sam.gov/opp/7f104d07619542f7bf85b2297deeb6b0/view.

About the Author

John Keller | Editor-in-Chief

John Keller is the Editor-in-Chief, Military & Aerospace Electronics Magazine--provides extensive coverage and analysis of enabling electronics and optoelectronic technologies in military, space and commercial aviation applications. John has been a member of the Military & Aerospace Electronics staff since 1989 and chief editor since 1995.

Voice your opinion!

To join the conversation, and become an exclusive member of Military Aerospace, create an account today!