CRAM: C++ to Rust Assisted Migration
Near-automatic migration of C++ source into idiomatic, human-maintainable Rust code.
C++ to Rust Assisted Migration (CRAM) semi-automatically migrates well-designed, general-purpose C++ code into the Rust programming language. The motivation is to benefit from Rust’s safe programming abstractions, especially its memory access interface, enforced via an ownership model. The end-goal is to reduce program crashes, hangs, and security vulnerabilities caused by low-level memory management performed by the programmer, a common risk associated with legacy languages. The migrated source code will be human-readable and ready for further development in Rust.
Our philosophy is that Rust’s programming abstractions merely enforce what a safety-conscious C++ programmer should be doing anyway, even if the C++ language does not require it. Our migration therefore first refactors the given C++ program to a new C++ program, attempting to enforce many of the Rust programming abstractions at the C++ level. This prepares and facilitates, possibly even enables, the actual translation into Rust. Our migration then continues by identifying computational patterns in the C++ program and translating them into Rust code templates, supported by a library for code pattern translation.
Need
C++ is not memory safe. Software bugs cost the economy billions of dollars annually. A large fraction are memory errors, which are among the most difficult to repair. Memory safe roadmaps are being recognized as a best practice [CISA].
Today, adopting a new language requires either manual code translation or full-scale reimplementation of legacy code bases.
These approaches are slow, costly, and error-prone, especially if the target language is unfamiliar.
Solution
Rust is a modern, efficient, and safe language, wiping out many memory-related programming errors.
CRAM migrates general-purpose C++ code to equivalent, human-maintainable, idiomatic Rust.
Benefits:
- Largely frees human engineer from the chores of code translation or reimplementation
- Enables future development of modern, safe, and community-supported code
- Offers hardened and improved C++ as a refactoring by-product
System and Workflow
Refactored C++: available as a stand-alone capability, but also for migration transparency.
User monitoring: migration performed in rounds; user able to inspect changes side-by-side.
Automation: 100% for well-designed code built on top of the C++ STL; interactive for non-idiomatic C++.
Migration to Memory Safe in Practice C
- GrammaTech’s experts, supported by technology developed together with DARPA, can automatically migrate 10’s of thousands of lines of code automatically.
- Time to migrate C++ to Rust is orders of magnitude faster and more accurate than manual migration.
- Provide verification of equivalent end-product functionality
- GrammaTech C++ refactoring has produced a 2.7x performance improvement, with a further 2.3x performance improvement (similar final performance to hand-crafted Rust code) following GrammaTech automated migration to Rust. Results can vary depending on initial code quality.
Delivery Model
- As a Service: GrammaTech offers code migration as a service provided by GrammaTech’s skilled code analysis and migration experts, supported by the above tool set to perform reverse engineering work, deliver insights, security evaluations, transformations, and hardened output code
-
The GrammaTech team is also available to:
- Extend applicability of migration tool set to cover specific customer needs, such as low-level, C-style code fragments, code specialized for a non-mainstream (e.g., proprietary) compiler
- Provide C++ refactoring (no Rust migration), with refactoring goals specified by customer
Distribution Statement ‘A’ (Approved for Public Release, Distribution Unlimited)
This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No.HR0011-22-C-0025. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Defense Advanced Research Projects Agency (DARPA).