this post was submitted on 04 Aug 2024
202 points (96.8% liked)

Programming

17000 readers
80 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
202
DARPA suggests turning old C code automatically into Rust – using AI, of course (www.theregister.com)
submitted 1 month ago by [email protected] to c/[email protected]
60 comments fedilink hide all child comments
 

To accelerate the transition to memory safe programming languages, the US Defense Advanced Research Projects Agency (DARPA) is driving the development of TRACTOR, a programmatic code conversion vehicle.

The term stands for TRanslating All C TO Rust. It's a DARPA project that aims to develop machine-learning tools that can automate the conversion of legacy C code into Rust.

The reason to do so is memory safety. Memory safety bugs, such buffer overflows, account for the majority of major vulnerabilities in large codebases. And DARPA's hope is that AI models can help with the programming language translation, in order to make software more secure.

"You can go to any of the LLM websites, start chatting with one of the AI chatbots, and all you need to say is 'here's some C code, please translate it to safe idiomatic Rust code,' cut, paste, and something comes out, and it's often very good, but not always," said Dan Wallach, DARPA program manager for TRACTOR, in a statement.

you are viewing a single comment's thread
view the rest of the comments
[–] calcopiritus 4 points 1 month ago (1 children)

Just recently a bug was found in openssh that would let you log into the root user of any machine. With extreme skill and luck of course, but it was possible.

OpenSsh is probably one of the most safe C programs out there with the most eyes on it. Since it's the industry standard to remotely log in into any machine.

There is no such thing as fully tested and safe C. You can only hope that you find the bug before the attacker does. Which requires constant mantainance.

The the about rust is that the code can sit there unchanged and "rust". It's not hard to make a program in 2019 that hasn't needed any maintainance since then, and free of memory bugs.

[–] Anticorp 1 points 1 month ago (1 children)

Just so you know, that bug was a months long hack, probably by a State actor, not just something they didn't spot before.

[–] calcopiritus 1 points 1 month ago

It still goes to show that there's no fully tested C code. I'm sure OpenSSH has had the eyes of thousands of security researchers in it. Yet it still has memory-related bugs.