In Rust we Trust: Modern programming languages designed to enforce memory safety are gaining popularity. Rust, a language initiated by software developer Graydon Hoare while working at Mozilla, is now the official choice for a complex conversion project announced by the Pentagon's research agency.
DARPA is launching the Translating All C to Rust (TRACTOR) program, an AI-focused initiative aimed at "substantially" automating the conversion of C code into Rust. The programming community has grappled with memory safety issues in C and C++ for over two decades, DARPA noted, and there's now a consensus that native bug-finding tools are insufficient to address this critical architectural problem.
Memory safety issues are the most common type of security vulnerability disclosed by software companies and researchers. The C language, created in the 1970s and now running everything from smartphones to space vehicles and internet protocols, allows programmers to directly manipulate memory allocation.
Programming errors or unexpected behaviors in C routines can corrupt memory or provide hackers with exploits capable of compromising entire networks. In contrast, Rust was designed as a low-level, general-purpose language that enforces memory safety practices, ensuring all references point to valid memory addresses.
Rust has the potential to eliminate entire classes of security vulnerabilities and is being rapidly adopted by major tech corporations for their software projects. Microsoft plans to rewrite some core parts of Windows and Microsoft 365 applications in Rust. Similarly, Rust is being integrated into the Linux kernel, the Chromium layout engine, and other critical codebases used by millions worldwide.
The TRACTOR initiative arises from two recent cultural shifts: the widespread adoption of the Rust programming language and the development of advanced machine learning techniques. Large language models used by chatbots and other AI services are of particular interest to DARPA, as they could offer new solutions to the memory safety problem.
According to TRACTOR's program manager Dan Wallach, AI chatbots can already convert "some C code" to safe idiomatic Rust code quickly. However, the resulting code is not entirely error-free (or hallucination-free). TRACTOR aims to "dramatically improve" the ability of LLMs to automatically translate C code to Rust.
The public sector hosts a significant portion of software projects developed with legacy languages, and DARPA is well aware of this issue. According to Code Metal CEO Peter Morales, TRACTOR is a promising program that could significantly impact the cybersecurity market. Automatic code conversion is "definitely a DARPA-hard problem" with no easy, readily available magic AI solutions, Morales said.