78

The TRACTOR program aims to automate the translation of legacy C code to Rust. The goal is to achieve the same quality and style that a skilled Rust developer would produce, thereby eliminating the entire class of memory safety security vulnerabilities present in C programs. This program may involve novel combinations of software analysis, such as static analysis and dynamic analysis, and machine learning techniques like large language models.

Highlights from the forum thread:

There's even a conspiracy theory that the Rust Foundation's 501 organization type was chosen so it can conduct lobbying. The implication being that the Rust Foundation is behind government recommendations to move toward memory safe languages. (Big Borrow-Checker, if you will).

Assuming a worst case scenario, this could be the worst thing to happen to Rust’s image. We end up with billions of lines of rewritten Rust code that is full of soundness and logic bugs, and that no one understands.

DARPA funds some projects on a "there is an infinitesimal chance of success, but if you succeed, it's a big deal" basis. Silent Talk is an example here - very unlikely to succeed, even at the beginning, but if you could hold a radio conversation without sound, that'd be a huge deal for special operations forces.

you are viewing a single comment's thread
view the rest of the comments
[-] IllNess@infosec.pub 26 points 3 months ago

I'm gonna guess this is going to be a major pain to debug.

[-] simple@lemm.ee 29 points 3 months ago

Translating entire codebases with LLMs? What could POSSIBLY go wrong?

I also don't see how it would ever be possible to directly translate C to Rust. They're so fundamentally different that things are bound to not work the same.

[-] IllNess@infosec.pub 12 points 3 months ago

I don't even understand how they are going to get around the memory security they are doing this translation for. Watch them have to break the security features of Rust just to make certain programs work.

[-] FaceDeer@fedia.io 9 points 3 months ago

I would expect that's part of the point, if a C program can't be converted to a language that doesn't allow memory violations that probably indicates that there are execution pathways that result in memory violations.

[-] FaceDeer@fedia.io 9 points 3 months ago

What could go wrong with using human programmers to convert it?

If you're going to insist on perfection for something like this then you're probably never going to get anything done. Convert the program and then test and debug it just like you'd do with any newly written code. The idea is to make it easier to do that, not to make it so you don't have to do it at all.

[-] technocrit@lemmy.dbzer0.com 6 points 3 months ago* (last edited 3 months ago)

I’m gonna guess this is going to be a major ~~pain~~ profit to debug.

Some "AI" grifters gonna be showering in that state paper.

this post was submitted on 02 Aug 2024
78 points (94.3% liked)

Technology

59674 readers
1800 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS