203
DARPA suggests turning old C code automatically into Rust – using AI, of course
(www.theregister.com)
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Follow the wormhole through a path of communities [email protected]
But if they have fully tested and safe C, and they're converting it to Rust using AI, that seems more dangerous, not less.
Just recently a bug was found in openssh that would let you log into the root user of any machine. With extreme skill and luck of course, but it was possible.
OpenSsh is probably one of the most safe C programs out there with the most eyes on it. Since it's the industry standard to remotely log in into any machine.
There is no such thing as fully tested and safe C. You can only hope that you find the bug before the attacker does. Which requires constant mantainance.
The the about rust is that the code can sit there unchanged and "rust". It's not hard to make a program in 2019 that hasn't needed any maintainance since then, and free of memory bugs.
Just so you know, that bug was a months long hack, probably by a State actor, not just something they didn't spot before.
It still goes to show that there's no fully tested C code. I'm sure OpenSSH has had the eyes of thousands of security researchers in it. Yet it still has memory-related bugs.
There is no fully tested and safe C. There's only C that hasn't had a buffer overflow, free after use, ... yet.
It's hyperbole, but the amount of actually tested C without bugs is few and far between. Most C/C++ code doesn't have unit, nor integration tests, and I have barely seen fuzzing (which seems to be the most prominent out there).
Anti Commercial-AI license
That would be perfectly safe in any language.
use after free, whoops
Anti Commercial-AI license
Safest C is a Hello World program.