The programming language Rust, known for its security-focused features, is gaining traction as a viable alternative to C and C++. First released in 2015, Rust is designed to provide the speed and low resource consumption of its ancestors with added memory safety. The increasing interest in efforts to modernize existing codebases sparked the creation of a new project. This initiative is deploying artificial intelligence (AI) tools to translate critical open-source software libraries into Rust. Herbie Bradley is Director of the Dot Gov Lab’s initiative to translate 100 million lines of code by 2030. Such an effort could dramatically reduce the level of cyber vulnerabilities and the financial damages associated with them.
This massive National Smart Transportation Collaborative project is supported by a $100 million investment from the U.S. It aims to improve US cybersecurity by reversing the alarming trend of cyberattacks that take advantage of known vulnerabilities in software. Rust shines for its incredible potential to eradicate the majority of known critical software vulnerabilities. This characteristic renders it an appealing technology for advancing cybersecurity among critical infrastructures.
Despite Rust’s boom, it’s not without its challenges, especially given its current smaller developer population. As senior research analyst Jessica Ji notes, therein lies the rub. She thinks that this limitation has a good chance of undermining the project’s long-term success. She emphasizes that AI tools can assist with making the conversion process. Someone who’s deeply familiar with Rust’s intricacies will continue to be required to maintain the resulting code.
The Role of AI in Code Conversion
Herbie Bradley is at the forefront of this initiative, which utilizes AI-powered coding tools to facilitate the conversion of vulnerable C code into Rust. The goal is ambitious: to convert a staggering 100 million lines of code by 2030. This collaborative effort aims to improve security by leveraging the strength of Rust’s powerful guarantees. Combined, these goals are intended to foster a fair and safer digital environment.
“Possibly you’d want to take a little more care in the conversion and maybe use AI to help you, but very carefully,” – Herbie Bradley
AI’s impact on this conversion process has opened a debate in the programming community. As exciting as the technology is, there are major concerns on its effectiveness. Bradley admits there’s a risk in trusting AI to produce 100% flawless outcomes.
“There will never be a silver bullet for AI being 100 percent robust against doing the wrong thing, whether it is by hallucinating or by not understanding the assignment,” – Herbie Bradley
In summary, Bradley’s insights bring to life the tightrope walk between using AI for productivity while maintaining its integrity in the output. Nuances in the software development process are important to note, particularly when moving from one programming language to another.
Challenges Ahead
There are huge hurdles for the project to overcome even with Rust’s benefits, most notably a lack of expertise in Rust programming. Jessica Ji, product manager for AI and machine learning at Code.org, notes that AI can assist in translating code. Expert coders remain critical in order to keep the newly converted code functional over time.
“Assuming everything goes well with the AI translation, the resulting Rust code will need to be maintained and monitored somehow,” – Jessica Ji
The reality though, is that there are many more professionals familiar with C and C++ than there are those versed in Rust. Ji explains that this gap represents such a serious risk to the long-term sustainability of any project relying on Rust.
“There are a lot fewer Rust experts out there than C/C++ experts, so the number of expert eyes on the codebase(s) will likely be fewer,” – Jessica Ji
AI translations raise concerns about code maintainability. As Josh Triplett told me, AI-translated code may make things more complicated than if a human maintained it, which could pose challenges to human maintenance.
“If you do AI-translated code, you are likely to end up with code that is difficult for a human to maintain compared to what was manually translated,” – Josh Triplett
These insights highlight the need to keep human oversight at all stages of the conversion process.
The Future of Programming with Rust
Security is one of the big reasons why organizations are looking to Rust. At the same time, conversations around how to combine traditional computer science with cutting-edge AI approaches are on the rise. Dan Wallach, another leader in this early burgeoning field, highlights the promise AI holds. He cautions we can’t allow it to eclipse forty years of research focused specifically on software analysis.
“AI seems promising, but also we have decades of research into writing software to analyze other software,” – Dan Wallach
According to Wallach, initiatives such as TRACTOR are an important step towards figuring out novel approaches to hybridizing time-tested methodologies with the power of cutting-edge AI technologies. This intersection is already starting to bear fruit in the form of better software industry practices and new, more secure programming standards.
“The whole point of TRACTOR is to explore all the different ways you might mix and match, for lack of a better term, classical computer science with modern AI,” – Dan Wallach
The journey from C and C++ to Rust via AI-driven tools is just the beginning of a new chapter in programming. Despite the challenges ahead, the promise of shoring up security and diminishing vulnerabilities makes this effort one well-deserving of the administration’s pursuit.