Accelerating Memory Safety: DARPA’s TRACTOR Program Transforms C to Rust
DARPA is accelerating the transition to memory-safe programming languages through the TRACTOR program, aimed at automated conversion of C code to Rust. This initiative is developing machine learning tools to automate the translation of legacy C code into Rust.
Memory safety issues are a primary cause of vulnerabilities in large codebases. DARPA hopes that AI models will assist in translating programming languages to make software more secure.
Technical giants such as Google and Microsoft have been warning about memory safety issues for several years and advocate for programming languages that do not require manual memory management, such as Rust. This has attracted the attention of governmental bodies like the White House and the Cybersecurity and Infrastructure Security Agency (CISA), which now recommend the use of memory-safe programming languages, including Rust, C#, Go, Java, Python, and Swift.
Proponents of C and C++ argue that strict adherence to ISO standards and the use of testing tools can yield comparable results. However, DARPA believes that memory safety issues in these languages remain significant.
Rust, released in 2015, ensures memory safety and is suitable for system programming requiring high performance. This language has gained popularity through initiatives like the Prossimo program, aimed at rewriting critical code, including the Network Time Protocol (NTP) daemon, in Rust to mitigate security risks.
The TRACTOR program is also garnering attention in the private sector. For instance, Code Metal, a company specializing in code transformation for hardware, finds DARPA’s program promising and timely. However, automated code translation remains a challenging task, especially due to the intricacies of pointer handling in C, which are prohibited in Rust.
DARPA will host an event for those planning to submit proposals for the TRACTOR program on August 26, 2024. Participants must register by August 19.