Tackling Adoption Challenges for Safe Programming Languages in Low-Level Systems Software

The C family of programming languages has historically been the de-facto choice for low-level systems programming. Most higher-level languages, including Java, either (i) do not offer the developer sufficient control over the program’s memory management, (ii) lack mechanisms for direct communication with hardware, or (iii) are far less efficient than C in terms of run-time performance and power consumption. Unfortunately, C is notoriously prone to memory errors. Hackers can exploit these memory errors to crash programs or seize control of their execution. In the past decade, we have seen the advent of several new and systems programming languages that possess all of C’s essential traits (i.e., efficiency and full control over hardware and memory management), and that are also safer and more productive than C. One notable example is Rust, a language that was initially developed by Mozilla and is now supported by the Rust foundation. Rust is a modern high-level language with a thriving developer ecosystem and great tooling. It can be used for all use cases where C was previously the only viable choice. It also offers strong safety guarantees: all programs written in standard Rust are provably memory- and type-safe. Despite its great promise, Rust is not seeing much adoption outside multi-billion dollar companies such as Microsoft, Google, Apple, and Amazon. There are two major reasons for its slow adoption. First, the conversion of legacy C code into Rust is, for the most part, a slow and error-prone process. Second, smaller companies often lack the resources to convert entire programs/components into Rust in one go. Instead, they must settle for a partial or incremental conversion, the result of which is a mixed-language program containing C code that has not been converted yet, as well as Rust code that has been converted. In a lot of cases, it is not clear how well Rust’s performance, efficiency, and safety properties hold up in a mixed-language program. This PhD project will explore two research directions. First, we will explore the state of the art in tools and techniques for automatic conversion of C code into Rust. This exploration will cover, at the very least, tools such as c2rust, corrode, and crust. We will apply these tools to a wide range of C programs and assess the quality and performance of the translated code. We will also study the limitations of these tools and improve them where feasible/necessary. Second, we will study the state of the art in mixed-language security. We will initially focus on defending against data-oriented programming attacks on mixed-language programs in which legacy C code containing memory errors interoperates with translated Rust code.