DARPA project for automated translation from C to Rust (2024) (www.darpa.mil)

DARPA has launched TRACTOR (Translating All C to Rust), a program to substantially automate converting legacy C code—ubiquitous across industry and DoD systems—into memory-safe Rust. The move targets the most common class of vulnerabilities: memory-safety bugs and undefined-behavior pitfalls endemic to C/C++. DARPA frames the effort as timely because of both the industry shift toward Rust and recent advances in machine learning (notably LLMs) that already produce passable translations but fall short on correctness, idiomatic style, and security-critical constructs. Technically, TRACTOR expects hybrid solutions that combine static and dynamic program analysis with LLM-powered synthesis to preserve semantics, handle undefined behavior, and produce Rust that resembles expert human output. The program will validate approaches through public competitions and expects proposals that demonstrate robustness on tricky constructs (pointer arithmetic, low-level concurrency, hardware interfaces) and provide rigorous verification/testing. If successful, TRACTOR could dramatically reduce the attack surface in legacy codebases and lower costs of modernizing critical software, but it will require advances in semantics-aware translation, verification, and end-to-end toolchains to ensure safety and performance parity. A Proposers Day is set for Aug. 26, 2024 (register by Aug. 19 at SAM.gov).