it’s joever for Cniles (I am one of them 😔)
Critical support for automated generation of garbage code for American military.
unsafeeverywhere
Many such cases
us military to run C code through chatGPT to get rust code
recent breakthroughs in machine learning techniques, like large language models (LLMs), have created an environment that may lend itself to a new class of solutions.
DARPA’s Translating All C to Rust (TRACTOR) program wants to seize this opportunity by substantially automating the translation of the world’s legacy C code to Rust.
“You can go to any of the LLM websites, start chatting with one of the AI chatbots, and all you need to say is ‘here’s some C code, please translate it to safe idiomatic Rust code,’ cut, paste, and something comes out, and it’s often very good
This sounds cool in theory, but would be extremely hard to pull off in any kind of meaningful fashion I think simply because Rust is just too different from C. You can probably make something to very roughly “transpile” C to Rust, but the Rust code that is generated probably wouldn’t be good and will probably be a pain to work with simply because it’d end up being a mess and at that point, if you’re going to have to end up refactoring a ton of generated code, you may as well just rewrite it yourself so it is actually half decent code.
Also considering that a lot of this C code is going to be extremely critical code pathways, like making sure your banks don’t collapse and your energy plants don’t blow up, the major pain paths for migrating to another language are going to be rigorously testing every last path through it, not rewriting it.
Your bank runs on COBOL and your energy plants run on one of a family of PLC (programmable logic controller) languages. Most of the critical path in your day-to-day that runs C is the gaping security hole that is the internet.
Unlimited memory safety vulnerabilities on the first world!
Just write everything in java and run the OS on the JVM
Just rewrite everything the DOD hosts on a server to use spring boot.
instead of using pooled resources to create a new program which would educate and gainfully employ thousands or tens of thousands (idk how big a task this is as I’m tech illiterate but I’m blindly assuming its on the scale of the US national highway system when first implemented) they’re going to use a robot to make bad code
capitalism is very efficient
I wonder what the inside of DARPA is like. Full of the worst nerds paid too much money to fuck around with explosives. Lots of true believers of tech and America
Learn to
codewrite prompts
Instead of mass translating C code in some insane ready-to-ruin codebases project, why not just… make a compiler that addresses the vulnerabilities?
They did, it’s called
rustc. A compliant C compiler cannot escape giving a programmer unfettered access to manipulate memory, so the problem is not in the compiler. There are safe subsets of C that don’t exhibit these problems, but a compiler that only supports such a subset is no longer a C compiler.Thanks, guess that makes sense, kinda.
I actually find Rust pretty OK. The only things that I don’t like about Rust is its quirky syntax. And its primitive implementation of OOP. And its compiler. And
cargo. And the ecosystem…OK well maybe I don’t find Rust actually OK. Why did we have to invent a whole new language if we could improve standards and compilers for existing languages?
So are they gonna stop using Linux or try to do this with the kernel?
I do kinda like the idea of using CHERI to run all this C code with memory safety properties enforced by hardware instead of rewriting it all in rust, but whatever either works
