Since the 1970s, United States infrastructure and military operations have relied on C, a coding language first developed in 1972. However, the Defense Research Projects Agency (DARPA) has recently set out to translate all unsafe legacy C code into a safer yet more obscure language called Rust – a language some PV students are already familiar with.
Almost all critical infrastructure depends on legacy C code, unchanged for years. The C programming language has been around since 1972, and thus many aspects of the language are outdated, Yet, many remain in modern versions of the language for backwards compatibility.
C is an inherently unsafe language due to the fact that the programmer has direct control over the memory the program uses. It is a very thin abstraction over the direct instructions the CPU uses to move and process data, making it extremely easy to accidentally create a vulnerability when writing C code. According to research, 70% of all security vulnerabilities were related to memory safety.
One of the vulnerabilities includes use-after-free vulnerabilities in which the program retains a pointer (an address of another location in memory) after freeing said memory (giving it back to the operating system to be used by other programs), buffer overflow where the size of a user’s input isn’t checked before inserting it into a specific region of the computer’s with a certain size, potentially allowing other memory to be overwritten and many more vulnerabilities.
Any attacker can take advantage of these vulnerabilities by using them to control the memory of the program by inserting either malicious data or malicious instruction for the CPU to perform.
In the context of critical infrastructure and legacy code which may or may not be maintained to keep it secure, these vulnerabilities pose a huge risk. Rust solves all of these issues with a feature called the borrow checker.
The borrow checker analyzes every possible branch that the program could go down, and it ensures that all memory that is used is valid and that no unpredictable things happen with the memory being used by the program.
Rust’s compiler will not allow any code that has a chance of creating a memory vulnerability to be compiled, forcing the programmer to think about their memory usage and any possible vulnerabilities. Once a program compiles, the programmer can know for sure that the code is memory safe.
“It’s really something special,” said senior Rory Meeduri, who has been coding for years as part of the PV Robotics team. “If you try to create something that might cause a memory leak, Rust literally will stop you”.
Memory safety usually comes in the form of higher level languages in which the memory being used is so far abstracted that the programmer doesn’t even have to consider it. In contrast, rust provides the memory safety of a higher level language without removing the control and speed of a low level language like C.
Developed by Graydon Hoare and released in 2010, Rust is a relatively newer programming language. It has since gained widespread popularity due to its impressive memory safety and fast performance, making the language ideal for low-level coding applications.
DARPA’s Translating all C to Rust (TRACTOR ) program was launched earlier this year, but the massive undertaking has left the software engineering community confused as to exactly how DARPA plans to convert every single line of code accurately.
Currently, there are online tools and language models that are capable of translating segments of code from versions of C to Rust, but these tools are nowhere near advanced enough to take on the legacy C code contained in critical infrastructure.
Some have speculated about the use of artificial intelligence or large language models (LLMs) to convert C code. Many software engineers have raised questions about the processing power of large language models and the relatively limited scope of low-level coding commands. Additionally, AI models are prone to errors and could create the potential for even larger data breaches.
Rust is quite complicated for new programmers, but this hasn’t stopped some computer science students at PV from becoming interested in the language and its syntax. “The best thing about Rust is its compatibility. I can run it on all of my computers, which makes it super easy to keep track of all my side projects at once,” said AP Computer Science A student Will Rager.
With the amount of legacy C code there is, it is unlikely that it will all be replaced in any reasonable amount of time.
This doesn’t mean an attempt is futile, though. Google saw a 76% decrease in the memory bugs in the Android code base after deciding to write all new code for it in Rust.
As overwhelming as the task may seem for DARPA, they seem to be relying on younger generations to help tackle the problems with legacy C code. For lots of older software engineers, it can be hard to keep up with the constantly changing software development environment, especially when their familiar language is being replaced.
