There’s a new movement afoot within the software engineering community – an effort known as “The Great Refactor.” The goal is to migrate 100 million lines of C and C++ code into Rust by 2030. This ambitious development project intends to make memory safety the default in some of the most critical open-source software libraries. This improvement is important, as memory-unsafe languages such as C and C++ account for nearly 70 percent of software vulnerabilities.
Rust is a systems programming language that first became available in 2015. It’s famous for the blazing performance it’s able to achieve, on par with C and C++. It does bring essential memory safety features that can eradicate 70% of all known software vulnerabilities. As the FTA’s initiative rolls out, experts point out the promise and pitfalls of this new frontier.
The Goals of The Great Refactor
By comparison, our Great Refactor would like to see the legacy code ported to Rust. This shift will make our infrastructure less vulnerable to cyberattacks, which are already a $2 billion threat when viewed in total. The initiative proposes the establishment of a “Focused Research Organization,” funded by the U.S. government with an estimated investment of $100 million.
It’s not an impossible goal according to Herbie Bradley, a PhD student at the University of Cambridge. “With a little oversight, programs containing up to 5,000 lines are within reach of being translated into Rust,” he states. This new approach allows for a radical rethinking of mission-critical software. It will then be retranslated into a language optimized for security.
The initiative has already started digging into this work! Currently, a highly-skilled evaluation team is busy sifting through the results these six funded teams are required to submit under the program. As they sift through the data, the emphasis remains on ensuring that the transition not only occurs but is sustainable for future maintenance.
Challenges in Translation and Expertise
Given all of its strengths, Rust certainly has a much smaller developer base than C and C++. This mismatch begs the question of where the Rust specialists will come from to maintain these new codebases translated to higher quality and safety. Jessica Ji, a senior research analyst at Georgetown University’s Center for Security and Emerging Technology, notes that “there are a lot fewer Rust experts out there than C/C++ experts, so the number of expert eyes on the codebase(s) will likely be fewer.”
Her observations underscore a critical issue: while AI tools can assist in code translation, the resulting output might not be as maintainable. Josh Triplett, an open-source developer who contributes to the Rust project, warns that “if you do AI-translated code, you are likely to end up with code that is difficult for a human to maintain compared to what was manually translated.”
For one thing, despite major improvements in AI coding tools, these solutions are not without their limitations. For example, the most recent tools can consistently translate programs under 1,000 lines in length with little to no human oversight. Larger programs are a bigger problem and need more people to watch them.
“There will never be a silver bullet for AI being 100 percent robust against doing the wrong thing, whether it is by hallucinating or by not understanding the assignment.” – Herbie Bradley
Ji further emphasizes the need for continued vigilance and maintenance after the code is translated. “Assuming everything goes well with the AI translation, the resulting Rust code will need to be maintained and monitored somehow,” she says. This leads to more questions about how the next advances in AI technology will align with programming and overall project development timelines.
The Role of AI in Software Development
AI technology is going to be a key factor in making this massive transition possible. It holds great potential for automating code translations, therefore making the potential future from The Great Refactor even come to fruition in a much shorter timeline. Experts caution against over-reliance on AI.
Dan Wallach, a computer scientist with decades of experience in both commercial software and analysis of that technology, underscores this critical point. Despite the potential of AI, there is still an ocean of institutional knowledge in the sector. “AI seems promising, but we have decades of research into writing software to analyze other software,” he states. This is an indication that combining proven traditional computer science principles with cutting-edge efficient AI practices may produce more fruitful results.
Wallach elaborates on this concept by stating, “The whole point of TRACTOR is to explore all the different ways you might mix and match… classical computer science with modern AI.” This hybrid approach would go a long way toward bridging the divide between our current expertise and the capabilities of emerging technologies.
Jessica Ji, to underscore what an opportune moment it is for these kinds of initiatives. “I think it’s a good time to pitch a proposal like this because AI companies are particularly incentivized to show off their models’ capabilities,” she observes. This alignment has resulted in an innovative environment that encourages collaboration between researchers and industry leaders.