DARPA declares war on memory errors: AI to transfer old C code to Rust

The US federal agency DARPA is launching a funding program in which artificial intelligence (AI) is to independently transfer existing C and C++ code into the modern programming language Rust - at a level that should correspond to the result of an experienced Rust programmer. This is intended to put a stop "once and for all" to the security vulnerabilities caused by memory access violations that have repeatedly crept into C code in particular. Under the name 'Translating All C To Rust' ('TRACTOR'), DARPA is soliciting proposals for AI systems that use machine learning (ML) and mainly large language models (LLMs) to "largely" handle this translation of program code fully automatically.

Although this is already possible, the TRACTOR project of DARPA's Information Innovation Office will endeavor to ensure that the results have the same code quality and the comparable style of an experienced Rust developer. The aim of the project is to eliminate the entire class of vulnerabilities caused by memory management errors in C, writes DARPA in a press release on Wednesday.

Code at the level of an experienced developer

Memory protection violations are predominant among the software vulnerabilities. Programming languages such as C contribute to this because they allow direct memory changes and their language standard does not provide for the handling of undefined states, argues the Defense Advanced Research Projects Agency, which is part of the US Department of Defense. Due to their long history and widespread use, they have been dealing with such security vulnerabilities in C and C++ code for over twenty years. According to DARPA, all efforts to improve the situation with debugging tools have proved inadequate - this is the consensus among software developers.

It is known that modern programming languages can be used to circumvent these types of vulnerabilities. Rather, the challenge is to rewrite existing C and C++ software on as large a scale as the urgency of the problem requires. Recently, however, a cultural shift towards the establishment of Rust and breakthroughs in machine learning have created an environment in which, according to DARPA, entirely new solutions to the problem are emerging.

Public competitions planned

AI chatbots can already transfer C code snippets into Rust today, said TRACTOR project manager Dan Wallach, and the result is often very good, but not always. AI research is now challenged to improve automatic translation significantly in Rust, especially of the most important program constructs. Wallach hopes that the project will produce proposals that combine static and dynamic code analysis and LLMs in new ways. "Rust forces programmers to do things right," said Wallach. It can feel like a constraint to deal with all the enforced rules, but once you get used to them, they allow freedom: the rules are like guardrails; once you realize that they protect you, you can focus on more important things. In the TRACTOR project, the skills of the submissions are to be tested in public competitions. Proposals can be submitted to DARPA until August 19; the submissions will be presented on August 26.

(tiw)