Concrat: An Automatic C-to-Rust Lock API Translator for Concurrent Programs (2301.10943v2)

Abstract: Concurrent programs suffer from data races. To prevent data races, programmers use locks. However, programs can eliminate data races only when they acquire and release correct locks at correct timing. The lock API of C, in which people have developed a large portion of legacy system programs, does not validate the correct use of locks. On the other hand, Rust, a recently developed system programming language, provides a lock API that guarantees the correct use of locks via type checking. This makes rewriting legacy system programs in Rust a promising way to retrofit safety into them. Unfortunately, manual C-to-Rust translation is extremely laborious due to the discrepancies between their lock APIs. Even the state-of-the-art automatic C-to-Rust translator retains the C lock API, expecting developers to replace them with the Rust lock API. In this work, we propose an automatic tool to replace the C lock API with the Rust lock API. It facilitates C-to-Rust translation of concurrent programs with less human effort than the current practice. Our tool consists of a Rust code transformer that takes a lock summary as an input and a static analyzer that efficiently generates precise lock summaries. We show that the transformer is scalable and widely applicable while preserving the semantics; it transforms 66 KLOC in 2.6 seconds and successfully handles 74% of real-world programs. We also show that the analyzer is scalable and precise; it analyzes 66 KLOC in 4.3 seconds.

Overview of "Concrat: An Automatic C-to-Rust Lock API Translator for Concurrent Programs"

The paper "Concrat: An Automatic C-to-Rust Lock API Translator for Concurrent Programs" presents an innovative tool designed to facilitate the translation of concurrent C programs to Rust by addressing the discrepancies between their respective lock APIs. The authors identify the inherent challenges posed by manual translation due to syntactical and semantic differences, particularly the validation of data-lock and flow-lock relations. The proposed solution, Concrat, automates this process and aims to preserve concurrency and enhance safety while minimizing human effort.

Motivation and Approach

Concurrent programming in C, using the pthreads API, often encounters data races if locks are not used correctly. Rust's lock API, however, guarantees safety through type checking. The authors argue that translating legacy C programs to Rust could significantly mitigate these concurrency issues. Nonetheless, existing translators like C2Rust fall short as they do not convert C's lock API into Rust's, necessitating manual corrections by programmers.

Concrat addresses this gap by automating C-to-Rust translation, particularly the transformation of lock APIs. It encompasses a static analysis component to generate lock summaries and a code transformer that utilizes these summaries for translation. The static analysis combines both bottom-up and top-down approaches to accurately infer lock usage, a crucial step that ensures the transformed code maintains the original program semantics.

Key Contributions and Results

1. Transformation Methodology: The paper details an automatic code transformer that identifies and replaces C lock API calls with their Rust equivalents. Through precise tracking of data-lock and flow-lock relations, achieved via well-designed static analysis methods, the tool generates code structured similarly to human-written Rust.
2. Static Analysis Framework: The proposed static analysis precisely calculates the flow-lock relations, crucial for the transformer to produce compilable Rust code. The paper highlights its scalability, handling 66 KLOC in a mere 2.6 seconds, and translates 74% of real-world programs into compilable Rust code.
3. Comparison with Existing Tools: Concrat is evaluated against the state-of-the-art static analyzer Goblint, demonstrating superior scalability and precision. While Goblint struggles with large programs, often due to time limits or internal errors, Concrat consistently delivers faster results with higher precision.
4. Correctness: Most transformed programs pass their test cases, affirming that Concrat preserves the semantics of the original C programs. However, some nuances such as handling conditional lock acquisitions and lock aliasing still present challenges.

Implications and Future Work

The work has significant implications for improving the safety of legacy systems by facilitating their transition to Rust, which inherently provides better concurrency guarantees. This automation can expedite efforts to modernize existing codebases, potentially unveiling hidden concurrency issues or simplifying the implementation of new features.

Future developments could expand Concrat's capabilities, addressing limitations like conditional lock handling and functions with lock argument patterns. Moreover, extending the methodology to incorporate other safe language features, or integrating options for refining thread analysis, could further enhance its applicability and utility.

Conclusion

The paper presents a compelling case for Concrat as a robust solution to automate the migration of concurrent C code to Rust, enhancing safety through rigorous static analysis and efficient code transformation. As a step towards harmonizing legacy system safety with modern programming practices, Concrat marks significant progress in the field of automated software translation, setting a precedent for future innovations in this domain.