To accelerate the transition to memory safe programming languages, the US Defense Advanced Research Projects Agency (DARPA) is driving the development of TRACTOR, a programmatic code conversion vehicle.

The term stands for TRanslating All C TO Rust. It’s a DARPA project that aims to develop machine-learning tools that can automate the conversion of legacy C code into Rust.

The reason to do so is memory safety. Memory safety bugs, such buffer overflows, account for the majority of major vulnerabilities in large codebases. And DARPA’s hope is that AI models can help with the programming language translation, in order to make software more secure.

“You can go to any of the LLM websites, start chatting with one of the AI chatbots, and all you need to say is ‘here’s some C code, please translate it to safe idiomatic Rust code,’ cut, paste, and something comes out, and it’s often very good, but not always,” said Dan Wallach, DARPA program manager for TRACTOR, in a statement.

  • MajorHavoc@programming.dev
    link
    fedilink
    arrow-up
    106
    arrow-down
    6
    ·
    edit-2
    3 months ago

    “You can go to any of the LLM websites, start chatting with one of the AI chatbots, and all you need to say is ‘here’s some C code, please translate it to safe idiomatic Rust code,’ cut, paste, and something comes out, and it’s often very good, but not always,” said Dan Wallach, DARPA program manager for TRACTOR, in a statement.

    “This parlor trick impressed me. I’m sure it can scale to solve difficult real world problems.”

    It’s a promising approach worth trying, but I won’t be holding my breath.

    If DARPA really wanted safer languages, they could be pushing test coverage, not blindly converting stable well tested C code into untested Rust code.

    This, like most AI speculation, reeks of looking for shortcuts instead of doing the boring job at hand.

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      arrow-up
      10
      ·
      3 months ago

      I’m thinking they also want to future proof this.

      The quantity of C devs are dying. It’s a really difficult language to get competent with.

    • thingsiplay@beehaw.org
      link
      fedilink
      arrow-up
      9
      ·
      3 months ago

      Also:

      As to the possibility of automatic code conversion, Morales said, “It’s definitely a DARPA-hard problem.” The number of edge cases that come up when trying to formulate rules for converting statements in different languages is daunting, he said.

      • FizzyOrange@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        3 months ago

        Ada is not strictly safer. It’s not memory safe for example, unless you never free. The advantage it has is mature support for formal verification. But there’s literally no way you’re going to be able to automatically convert C to Ada + formal properties.

        In any case Rust has about a gazillion in-progress attempts at adding various kinds of formal verification support. Kani, Prusti, Cruesot, Verus, etc. etc. It probably won’t be long before it’s better than Ada.

        Also if your code is Ada then you only have access to the tiny Ada ecosystem, which is probably fine in some domains (e.g. embedded) but not in general.

    • sudo42@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      3 months ago

      A: “We really need this super-important and highly-technical job done.”
      B: “We could just hire a bunch of highly-technical people to do it.”
      A: “No, we would have to hire people and that would cost us millions.”
      B: “We could spend billions on untested technology and hope for the best.”
      A: “Excellent work B! Charge the government $100M for our excellent idea.”