C2SaferRust: Transforming C Projects into Safer Rust with NeuroSymbolic Techniques (2501.14257v1)

Abstract: In recent years, there has been a lot of interest in converting C code to Rust, to benefit from the memory and thread safety guarantees of Rust. C2Rust is a rule-based system that can automatically convert C code to functionally identical Rust, but the Rust code that it produces is non-idiomatic, i.e., makes extensive use of unsafe Rust, a subset of the language that doesn't have memory or thread safety guarantees. At the other end of the spectrum are LLMs, which produce idiomatic Rust code, but these have the potential to make mistakes and are constrained in the length of code they can process. In this paper, we present C2SaferRust, a novel approach to translate C to Rust that combines the strengths of C2Rust and LLMs. We first use C2Rust to convert C code to non-idiomatic, unsafe Rust. We then decompose the unsafe Rust code into slices that can be individually translated to safer Rust by an LLM. After processing each slice, we run end-to-end test cases to verify that the code still functions as expected. We also contribute a benchmark of 7 real-world programs, translated from C to unsafe Rust using C2Rust. Each of these programs also comes with end-to-end test cases. On this benchmark, we are able to reduce the number of raw pointers by up to 38%, and reduce the amount of unsafe code by up to 28%, indicating an increase in safety. The resulting programs still pass all test cases. C2SaferRust also shows convincing gains in performance against two previous techniques for making Rust code safer.

• The paper presents a neuro-symbolic method combining deterministic transpilers and LLM refinements to transform legacy C projects into safer, idiomatic Rust.
• Methodology segments unsafe Rust output into translation units for targeted refinement, achieving up to 38% reduction in raw pointer declarations and refining overall safety.
• Empirical results on GNU Coreutils confirm that the approach reduces unsafe code by up to 28% while maintaining functional parity with the original C implementations.

An Expert Assessment of "C2SaferRust: Transforming C Projects into Safer Rust with NeuroSymbolic Techniques"

The paper "C2SaferRust: Transforming C Projects into Safer Rust with NeuroSymbolic Techniques" addresses a significant challenge in systems programming: the automatic translation of legacy C codebases into Rust. Rust is acclaimed for its memory and thread safety features, attributes that are sorely lacking in C, which often lead to security vulnerabilities. The novelty of this approach lies in leveraging the strengths of both deterministic transpilers and probabilistic LLMs to enhance code safety while maintaining functionality.

Motivation and Approach

The authors tackle the problem of transforming C into Rust—specifically, converting non-idiomatic, unsafe Rust code (resulting from tools like C2Rust) into safer, more idiomatic Rust. The core innovation of the paper is in combining neuro-symbolic methods: using a deterministic tool (C2Rust) to convert C to unsafe Rust and then applying an LLM to refine the unsafe Rust to safer, idiomatic Rust.

C2SaferRust operates by first generating a baseline conversion of C code using the C2Rust transpiler. This initial pass often results in Rust code that correctly translates functionality but relies heavily on Rust's unsafe features. The paper posits that while these transpilers ensure functional equivalence, they do not leverage Rust's safety guarantees due to excessive use of raw pointers and unsafe blocks.

The neuro-symbolic aspect is particularly intriguing: the transpiler's output is segmented into "translation units," which are then processed using an LLM. This process involves several steps:

• Decomposition: The unsafe Rust code is broken down into smaller units to fit within the context window of the LLM and to mitigate error propagation stemming from longer inputs.
• Translation and Validation: Each unit is translated into safer Rust, followed by rigorous testing to ensure functional parity with the original C code. This is critical for validating that program behavior remains unchanged.
• Iterative Refinement: The translated code is iteratively refined based on feedback from both compiler and test cases.

Empirical Evaluation

The authors contribute a dataset derived from 7 programs in the GNU Coreutils, providing a robust benchmark for evaluating C2SaferRust's effectiveness against prior work such as Laertes and CROWN. These baselines are known for their strong emphasis on reducing unsafe constructs, primarily raw pointer utilization.

The paper presents concrete improvements:

• Reduction of raw pointer declarations and dereferences by up to 38% and 27%, respectively.
• Decrease in lines of unsafe code by up to 28%.
• Demonstrated robustness in handling complex, real-world codebases, achieving better safety metrics compared to existing methodologies.

The use of a comprehensive test suite provided by Coreutils ensures that the translated code is not just theoretically safe but practically verified against real-world scenarios.

Implications and Future Directions

C2SaferRust marks a significant step in practical language translation for systems coding, offering a pathway to modernize vast C codebases prevalent in safety-critical systems such as operating systems and device drivers.

Practically, this approach reduces the manual effort required while ensuring that the translated Rust code better conforms to safe programming practices, potentially mitigating vulnerabilities associated with C's memory management.

Theoretically, C2SaferRust provides an insightful example of how neuro-symbolic approaches can be effectively applied to enhance LLM capabilities, particularly in maintaining semantic integrity across vastly different language paradigms.

Future research could focus on extending this approach to encompass code constructs beyond functions, such as global variables and complex data structures, thereby increasing the scope of transition from C to Rust. Furthermore, integrating a mechanism to handle FFI (foreign function interface) calls—translating or substituting these with idiomatic Rust counterparts—could push the boundaries of automatic translation towards generating fully idiomatic Rust code.

In conclusion, C2SaferRust represents a significant advancement in automated code translation, propelling the capabilities of LLMs in this domain and offering tangible benefits to industries reliant on legacy code infrastructure.