DARPA suggests turning old C code automatically into Rust – using AI, of course

The US Defense Advanced Research Projects Agency (DARPA) is initiating a project called TRACTOR, aimed at automating the conversion of legacy C code into Rust, a memory-safe programming language. This initiative is driven by the need to address memory safety vulnerabilities, which are prevalent in large codebases and often lead to significant security issues. Dan Wallach, the program manager for TRACTOR, emphasized the potential of machine-learning tools to enhance the translation process, although current AI models can produce variable results. The software engineering community has increasingly recognized the limitations of C and C++ in terms of memory safety, prompting a shift towards languages like Rust, which inherently manage memory more securely.

The project aligns with broader governmental efforts, including recommendations from the White House and the Cybersecurity and Infrastructure Security Agency (CISA), to adopt memory-safe languages. While some industry experts acknowledge the benefits of transitioning to Rust, they also caution against completely abandoning C and C++, suggesting that adherence to standards and rigorous testing can mitigate risks. DARPA's goal is to achieve a high level of automation in code conversion, although challenges remain, particularly in translating complex C constructs that do not have direct equivalents in Rust. An event for potential TRACTOR project participants is scheduled for August 26, 2024, to discuss proposals and collaboration opportunities.