A team of computer scientists from Microsoft and Inria has made a significant breakthrough in software development, creating a tool that can automatically translate C code to memory-safe Rust. This innovation has the potential to revolutionize the way software is developed, making it more secure and efficient.
Memory errors, such as out-of-bounds reads and writes and use-after-free bugs, have long plagued applications, causing problems ranging from minor execution glitches to global security nightmares. The infamous WannaCry, Slammer, and Heartbleed exploits, and the more recent LDAP Nightmare, were all enabled by buffer overflows. These memory safety vulnerabilities stem from the use of older programming languages such as C and C++, which lack automated memory management capabilities and rely on programmers to take care of nitty-gritty details like bounds checking themselves.
In contrast, memory-safe languages like Rust automate the allocation and deallocation of memory and prevent memory-access bugs like out-of-bounds errors. According to Anne Thomas, VP & distinguished analyst at Gartner, "Approximately 70% of software security issues are related to incorrect memory handling." The US Office of the National Cyber Director (ONCD) has also called for the adoption of memory-safe programming languages, recommending that C and C++ be replaced by languages like Rust, Python, C#, Go, and Java.
However, replacing C and C++ may be easier said than done. Jason Andersen, VP and principal analyst at Moor Insights & Strategy, notes that C is very useful at the system level, making it remarkably sticky and performant. A bridge to memory safety is needed, and that's where the new tool comes in.
Dubbed Mini-C, the tool was created by Aymeric Fromherz of Inria and Jonathan Protzenko of Microsoft Azure Research. It's a subset of C that can be translated into memory-safe Rust automatically. To produce safe Rust, Fromherz and Protzenko developed a "data-oriented, applicative subset of C," which may require users to make "minimal adjustments" to the source C program to accommodate the subset. Once in this subset, their approach then automatically produces valid, safe Rust code.
The researchers evaluated their approach on two projects: the HACL* verified cryptographic library, which contains 80K of C code, and the EverParse CBOR parser's 1.4k lines of C. They found that HACL* source required only "minimal" adjustments and EverParse needed no changes to become Mini-C and then translate to Rust. The resulting Rust code is not only memory-safe but also offers modern language features like concurrency primitives, pattern matching, and a powerful type system, leading to more concise, expressive, and maintainable code.
Industry analysts see significant value in this innovation. Jim Mercer, program VP, software development, DevOps & DevSecOps at IDC, believes that this technique could have a lot of value for developers coding in C since it can jumpstart the transition to Rust and also aid in helping these programmers learn Rust, which can be a challenging transition. Moor's Andersen adds that using Gen AI to help accelerate Mini-C and the migration process further could be promising.
However, there are also concerns and caveats. Gartner's Thomas notes that the tool only works on a subset of the C language – what they call Mini-C – and that most C and C++ applications use aspects of C/C++ that don't fit into the Mini-C subset. IDC's Mercer agrees that Mini-C is only a start and that rewriting or even having AI rewrite C code into Rust can require the developer's time and considerable testing to ensure the system is still working and performant.
Andersen observes that any solution like this would be helpful since it potentially resolves some of the migration issues, but that unfortunately comes with many caveats. He cites the risk that older code bases may not be as amenable to the technique as HACL*, so "customer mileage will vary significantly." Funding of the project is also an issue, and finding skilled developers with the required level of C expertise is difficult.
Despite these challenges, the potential impact of this innovation cannot be overstated. As Andersen says, "We need to get something like this into an open-source community and get some committers doing some work." With continued development and community support, this tool could revolutionize software development, making it more secure, efficient, and sustainable.