Abstract
Rust is a relatively new programming language that targets efficient and safe systems-level applications. It includes a sophisticated type system that allows for provable memory- and thread-safety, and is explicitly designed to take the place of unsafe languages such as C and C++ in the coding ecosystem. There is a large existing C and C++ codebase (many of which have been affected by bugs and security vulnerabilities due to unsafety) that would benefit from being rewritten in Rust to remove an entire class of potential bugs. However, porting these applications to Rust manually is a daunting task.
In this paper we investigate the problem of automatically translating C programs into safer Rust programs--that is, Rust programs that improve on the safety guarantees of the original C programs. We conduct an in-depth study into the underlying causes of unsafety in translated programs and the relative impact of fixing each cause. We also describe a novel technique for automatically removing a particular cause of unsafety and evaluate its effectiveness and impact. This paper presents the first empirical study of unsafety in translated Rust programs (as opposed to programs originally written in Rust) and also the first technique for automatically removing causes of unsafety in translated Rust programs.
Supplemental Material
Available for Download
The supplementary material including the detailed rewrite rules, expanded examples referred in the paper, and a brief introduction to Rust's ownership system; and extended tech report version of the paper.
- [n.d.]. Rust Compiler Error Index. https://doc.rust-lang.org/error-index.htmlGoogle Scholar
- [n.d.]. Rust support hits linux-next. https://lwn.net/Articles/849849/Google Scholar
- [n.d.]. Supporting Linux kernel development in Rust. https://lwn.net/Articles/829858/Google Scholar
- 2021. NVD - CVE-2021-21148. https://nvd.nist.gov/vuln/detail/CVE-2021-21148Google Scholar
- 2021. NVD - CVE-2021-3156. https://nvd.nist.gov/vuln/detail/CVE-2021-3156Google Scholar
- Lars Ole Andersen. 1994. Program Analysis and Specialization for the C Programming Language.Google Scholar
- Brian Anderson, Lars Bergstrom, David Herman, Josh Matthews, Keegan McAllister, Manish Goregaokar, Jack Moffitt, and Simon Sapin. 2015. Experience Report: Developing the Servo Web Browser Engine using Rust. arXiv:1505.07383 [cs], May, arxiv:1505.07383 arXiv: 1505.07383.Google Scholar
- Vytautas Astrauskas, Christoph Matheja, Federico Poli, Peter Müller, and Alexander J. Summers. 2020. How Do Programmers Use Unsafe Rust? Proc. ACM Program. Lang., 4, OOPSLA (2020), Article 136, Nov., 27 pages. https://doi.org/10.1145/3428204 Google Scholar
Digital Library
- Marek Baranowski, Shaobo He, and Zvonimir Rakamarić. 2018. Verifying Rust programs with SMACK. In International Symposium on Automated Technology for Verification and Analysis. 528–535.Google Scholar
Cross Ref
- Sergio Benitez. 2016. Short Paper: Rusty Types for Solid Safety. In Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security (PLAS ’16). Association for Computing Machinery, New York, NY, USA. 69–75. isbn:978-1-4503-4574-3 https://doi.org/10.1145/2993600.2993604 Google Scholar
Digital Library
- Chandrasekhar Boyapati, Robert Lee, and Martin Rinard. 2002. Ownership Types for Safe Programming: Preventing Data Races and Deadlocks. In Proceedings of the 17th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA ’02). ACM, New York, NY, USA. 211–230. isbn:978-1-58113-471-1 https://doi.org/10.1145/582419.582440 Google Scholar
Digital Library
- Chandrasekhar Boyapati, Alexandru Salcianu, William Beebee, Jr., and Martin Rinard. 2003. Ownership Types for Safe Region-based Memory Management in Real-time Java. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI ’03). ACM, New York, NY, USA. 324–337. isbn:978-1-58113-662-3 https://doi.org/10.1145/781131.781168 Google Scholar
Digital Library
- David Bryant. 2016. A Quantum Leap for the Web. https://medium.com/mozilla-tech/a-quantum-leap-for-the-web-a3b7174b3c12Google Scholar
- Maciej Cielecki, Jȩdrzej Fulara, Krzysztof Jakubczyk, and Ł ukasz Jancewicz. 2006. Propagation of JML non-null annotations in Java programs. In Proceedings of the 4th international symposium on Principles and practice of programming in Java (PPPJ ’06). Association for Computing Machinery, New York, NY, USA. 135–140. isbn:978-3-939352-05-1 https://doi.org/10.1145/1168054.1168073 Google Scholar
Digital Library
- Citrus Developers. [n.d.]. Citrus / Citrus. https://gitlab.com/citrus-rs/citrusGoogle Scholar
- Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman. 2014. The Matter of Heartbleed. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC ’14). Association for Computing Machinery, New York, NY, USA. 475–488. isbn:978-1-4503-3213-2 https://doi.org/10.1145/2663716.2663755 Google Scholar
Digital Library
- Mehmet Emre and Ryan Schroeder. 2021. Artifact for "Translating C to Safer Rust". https://doi.org/10.5281/zenodo.5442253 Google Scholar
Digital Library
- Mehmet Emre, Ryan Schroeder, Kyle Dewey, and Ben Hardekopf. 2021. Supplementary Material on “Translating C to Safer Rust”. https://cs.ucsb.edu/~benh/research/papers/oopsla21-supplementary.pdfGoogle Scholar
- Mehmet Emre, Ryan Schroeder, Kyle Dewey, and Ben Hardekopf. 2021. Translating C to Safer Rust – Extended Version. https://cs.ucsb.edu/~benh/research/papers/oopsla21-extended.pdfGoogle Scholar
- Ana Nora Evans, Bradford Campbell, and Mary Lou Soffa. 2020. Is Rust Used Safely by Software Developers? In 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE). 246–257.Google Scholar
Digital Library
- Cormac Flanagan, Rajeev Joshi, and K. Rustan M. Leino. 2001. Annotation inference for modular checkers. Inform. Process. Lett., 77, 2 (2001), 97–108. issn:0020-0190 https://doi.org/10.1016/S0020-0190(00)00196-4 Google Scholar
Digital Library
- Cormac Flanagan and K. Rustan M. Leino. 2001. Houdini, an Annotation Assistant for ESC/Java. In FME 2001: Formal Methods for Increasing Software Productivity, Gerhard Goos, Juris Hartmanis, Jan van Leeuwen, José Nuno Oliveira, and Pamela Zave (Eds.). 2021, Springer Berlin Heidelberg, Berlin, Heidelberg. 500–517. isbn:978-3-540-41791-0 978-3-540-45251-5 https://doi.org/10.1007/3-540-45251-6_29 Series Title: Lecture Notes in Computer Science. Google Scholar
Cross Ref
- Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. 2002. Extended static checking for Java. In Proceedings of the ACM SIGPLAN 2002 conference on Programming language design and implementation (PLDI ’02). Association for Computing Machinery, New York, NY, USA. 234–245. isbn:978-1-58113-463-6 https://doi.org/10.1145/512529.512558 Google Scholar
Digital Library
- Tim Hutt. 2021. Would Rust secure cURL? https://timmmm.github.io/curl-vulnerabilities-rust/Google Scholar
- Immunant inc.. 2020. c2rust Manual Examples. https://c2rust.com/manual/examples/index.htmlGoogle Scholar
- Immunant inc.. 2020. immunant/c2rust. https://github.com/immunant/c2rust original-date: 2018-04-20T00:05:50Z.Google Scholar
- Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2017. RustBelt: Securing the Foundations of the Rust Programming Language. Proc. ACM Program. Lang., 2, POPL (2017), Article 66, Dec., 34 pages. https://doi.org/10.1145/3158154 Google Scholar
Digital Library
- S. Klabnik and C. Nichols. 2018. The Rust Programming Language. No Starch Press. isbn:978-1-59327-851-9 lccn:2018019844 https://doc.rust-lang.org/book/Google Scholar
- N.G. Leveson and C.S. Turner. 1993. An investigation of the Therac-25 accidents. Computer, 26, 7 (1993), 18–41. https://doi.org/10.1109/MC.1993.274940 Google Scholar
Digital Library
- Amit Levy, Michael P. Andersen, Bradford Campbell, David Culler, Prabal Dutta, Branden Ghena, Philip Levis, and Pat Pannuto. 2015. Ownership is theft: experiences building an embedded OS in rust. In Proceedings of the 8th Workshop on Programming Languages and Operating Systems (PLOS ’15). Association for Computing Machinery, New York, NY, USA. 21–26. isbn:978-1-4503-3942-1 https://doi.org/10.1145/2818302.2818306 Google Scholar
Digital Library
- Yi Lin, Stephen M. Blackburn, Antony L. Hosking, and Michael Norrish. 2016. Rust as a language for high performance GC implementation. In Proceedings of the 2016 ACM SIGPLAN International Symposium on Memory Management - ISMM 2016. ACM Press, Santa Barbara, CA, USA. 89–98. isbn:978-1-4503-4317-6 https://doi.org/10.1145/2926697.2926707 Google Scholar
Digital Library
- Boqin Qin, Yilun Chen, Zeming Yu, Linhai Song, and Yiying Zhang. 2020. Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs. 763–779. isbn:9781450376136 https://doi.org/10.1145/3385412.3386036 Google Scholar
Digital Library
- Eric Reed. 2015. Patina: A formalization of the Rust programming language. Master’s thesis. University of Washington Department of Computer Science and Engineering.Google Scholar
- Jamey Sharp. 2020. jameysharp/corrode. https://github.com/jameysharp/corrode original-date: 2016-05-05T21:12:52Z.Google Scholar
- Bjarne Steensgaard. 1996. Points-to Analysis in Almost Linear Time. In Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’96). ACM, New York, NY, USA. 32–41. isbn:978-0-89791-769-8 https://doi.org/10.1145/237721.237727 Google Scholar
Digital Library
- Jeff Vander Stoep and Stephen Hines. 2021. Rust in the Android platform. https://security.googleblog.com/2021/04/rust-in-android-platform.htmlGoogle Scholar
- The Rust developers. [n.d.]. The Rust Reference. https://doc.rust-lang.org/stable/reference/Google Scholar
- Mohsen Vakilian, Amarin Phaosawasdi, Michael D. Ernst, and Ralph E. Johnson. 2015. Cascade: A Universal Programmer-Assisted Type Qualifier Inference Tool. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. IEEE, Florence, Italy. 234–245. isbn:978-1-4799-1934-5 https://doi.org/10.1109/ICSE.2015.44 Google Scholar
Cross Ref
- F. Wang, F. Song, M. Zhang, X. Zhu, and J. Zhang. 2018. KRust: A Formal Executable Semantics of Rust. In 2018 International Symposium on Theoretical Aspects of Software Engineering (TASE). 44–51. https://doi.org/10.1109/TASE.2018.00014 Google Scholar
Cross Ref
- Aaron Weiss, Daniel Patterson, Nicholas D Matsakis, and Amal Ahmed. [n.d.]. Oxide: The Essence of Rust. 27.Google Scholar
Index Terms
Translating C to safer Rust
Recommendations
Rudra: Finding Memory Safety Bugs in Rust at the Ecosystem Scale
SOSP '21: Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems PrinciplesRust is a promising system programming language that guarantees memory safety at compile time. To support diverse requirements for system software such as accessing low-level hardware, Rust allows programmers to perform operations that are not protected ...
How do programmers use unsafe rust?
Rust’s ownership type system enforces a strict discipline on how memory locations are accessed and shared. This discipline allows the compiler to statically prevent memory errors, data races, inadvertent side effects through aliasing, and other errors ...
Understanding memory and thread safety practices and issues in real-world Rust programs
PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and ImplementationRust is a young programming language designed for systems software development. It aims to provide safety guarantees like high-level languages and performance efficiency like low-level languages. The core design of Rust is a set of strict safety rules ...






Comments