News: 1723451591

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

LLM-driven C-to-Rust. Not just a good idea, a genie eager to escape

(2024/08/12)


Opinion Rust changes worlds. The iron ore we mine to feed the industrial age started out as iron atoms dissolved in oceans two billion years ago. Then photosynthesis happened, pouring out oxygen that rusted that iron out of the water into the solid minerals we've found so useful today. Much the same is happening with Rust the programming language, as it becomes the mechanism of choice for turning prehistoric C code into secure, performant material fit for the future.

One of the modern entities playing the role of ancient bubbling slime is DARPA, the Defense Advanced Research Projects Agency, the American agency that worries about the future of warrior tech. It knows as well as anyone how fallible software can harsh the martial mellow. It very much wants to clean up C code. To that end, it has [1]proposed using machine learning to analyze the stuff and ladle it out as buckets of Rust .

The thinking is sound. General purpose large language model (LLM) tools like ChatGPT and Gemini do a surprisingly good job as they stand, so a specialized tool trained and tuned for this one task is an attractive area to investigate. There's still no real understanding of LLMs' tendency to hallucinate, but that's not exactly unknown in human developers and everyone copes. As the old saying goes: Berkeley gave us Unix and acid, and that's no coincidence.

[2]

More soberly, assuming that the technology works, there is one class of problems it won't be able to deal with: what if the source code isn't available? You can't dream that up on a silicon trip. The good news is, there's no need to do so. Decompilation is a process of taking an executable binary and reconstructing a version of the source code that can be examined, edited, and recompiled. It's quite an intensive forensic process; compiled code is usually stripped of human-readable labels, names and comments. It takes a lot of experience and time to reverse-engineer those back into raw decompiled code. Not so much of a problem for an analytic tool that doesn't much care about what things are called, but what patterns they fall into.

[3]

[4]

Things are made easier by the way compilers produce compiled code. They build their output from standard blocks in standard ways, meat and drink to a model trained on large amounts of data with those things in common. It is at the very least intriguing to think of a C-to-Rust tool with a decompilation front end. It is more fun still when you think that the same idea will work for code written in any language, with the right training. Turing machine equivalence isn't just a good idea, it's the law.

Let's not stop there. Let's add another mature, widespread technology - Just In Time or JIT. It's what turns the JavaScript your browser consumes to the executable binary version your processor runs, and is similarly part of emulation and instruction set translation layers. Normally, developers run the compilation process on their computers and distribute the executable: JIT moves that to your own machine. Adding this to a decompiling Rustifier creates a security amplifier that doesn't rely on anyone else deciding to do the work. It doesn't matter how proprietary, old or obscure the code is, this will open it up, rebuild it more safely, and let you get on with things.

[5]

There are reasons to think this will never be practicable, reasons to think that it could, and two good unanswered questions if this does work. The obvious arguments against attempting it are reliability and resources: can an LLM be trusted with security-critical code when we don't know how it works and, in this use case, won't understand the results whether they're good or bad? Causes for optimism here are the restricted scope of the problem and the specificity of the training data.

Resources are tricky. Decompilation and recompilation can run even powerful systems into the dust. There are many, many architectural and implementation techniques to speed this up: JIT has gone from unusable treacle to invisibly swift. Also, if there's one thing the world is not lacking, it's AI accelerator engines. Nobody knows how well LLM-driven decompilers will work. It's no surprise, given the importance of decompilation to threat analysis, that [6]people are starting to work that one out .

Which leaves just two really good questions. Is it legal, and where does it end? The legal issue is like the ongoing and as yet undecided matter of whether the IP in training data extends to an LMM's output. Big Tech says no. But this is far spicier, in that it is in part a machine for turning closed source into open source. Big Tech will not like that. Big Tech may not be able to do anything about it, however. Hey, bro, we hear you like disruption.

[7]The cybersecurity QA trifecta of fail that may burn down the world

[8]How to maintain code for a century: Just add Rust

[9]Hey Microsoft – what ever happened to 'Developers, developers, developers'?

[10]Fragile Agile development model is a symptom, not a source, of project failure

The last and best question is where does this lead? Automating and democratizing the creation and application of security patches is cool enough in itself. What the underlying technology is doing, however, is simultaneously turning everything into open source while removing the one huge barrier to open source's true potential. FOSS grants everyone the power to change software to behave as one wants and needs, unbeholden to decisions other people make. That only works if you're a skilled programmer who understands tool sets. There aren't that many of those.

This as-yet imaginary tool, built out of very real components, changes all that. A robot that can wrap an LLM around code to unpick it, rewrite it and rebuild it can make many changes at the prompting of an unskilled user. Get rid of unwanted options and change behavior. That could be as simple as making menus look and feel as you like, or as interesting as removing the ability of a package to send data back to a third party. Or… it's difficult to foresee the consequences of such a huge granting of powers to ordinary people.

[11]

As a thought experiment it's a doozie. As a target achievable through existing and in-reach technologies, it's a game-changer that rewrites the relationship between people and machines – and the companies that seek to control both. When we say disruption, bro, we mean it. ®

Get our [12]Tech Resources



[1] https://www.theregister.com/2024/08/03/darpa_c_to_rust/

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZrndRnWlSz1sq7b5zok8@gAAAJA&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZrndRnWlSz1sq7b5zok8@gAAAJA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZrndRnWlSz1sq7b5zok8@gAAAJA&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZrndRnWlSz1sq7b5zok8@gAAAJA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://news.ycombinator.com/item?id=39733275

[7] https://www.theregister.com/2024/08/05/opinion_ml_social_media_cybersecurity/

[8] https://www.theregister.com/2024/07/23/opinion_column/

[9] https://www.theregister.com/2024/07/15/opinion_development_ms/

[10] https://www.theregister.com/2024/06/10/agile_opinion_column/

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZrndRnWlSz1sq7b5zok8@gAAAJA&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[12] https://whitepapers.theregister.com/



Good luck

G40

See also the gutting of librsvg.

https://medium.com/codex/i-spent-18-months-rebuilding-my-algorithmic-trading-in-rust-im-filled-with-regret-d300dcc147e0

Re: Good luck

Spazturtle

I don't think that article says what you think it does, at the end he says that Rust is obviously superior to C++. He just thinks that JavaScript/TypeScript and Python are better languages.

Re: Good luck

Dan 55

He doesn't say why it's better than C++, and would probably find memory safety could be improved by refactoring using the language features offered by the newest revisions.

Re: Good luck

Anonymous Coward

I've seen probably 10:1 more posts from developers seeing a positive change in rewriting their codebase in Rust. Actually, I particularly keep seeing this specific story floating around saying the contrary, and not many others. There are others, just far less than the positive ones I've seen.

Hilarious

m4r35n357

Converting machine code to rust with a glorified spam filter - what could possibly go wrong?

Anonymous Coward

>a machine for turning closed source into open source. Big Tech will not like that.

I don't think they care. Proprietary software hasn't been a viable business model in a decade. If a business wants something closed off, now it's a service. You use a client (usually even an open source one!) that talks to the service, but you can never get the service's source code, you don't even have a binary to decompile. This is why MS moved their primary business model from Windows to Azure (and why Windows is rapidly going down the drain now). Not to mention Big Tech has been using Java for decades and that's exceedingly trivial to decompile, and they never cared about that. Primarily, they didn't care because they had legal protection around that, and the legality of LLM decompilation isn't know yet. But either way, like I said, they're not gonna care. At best, you might get one or two companies suing over general copyright (look & feel, etc.) but nothing major.

FALSE

fg_swe

I am actively using an automotive R+D software package that costs about 20k Euros per seat (Vector CANoe). It's dongled via Vector's CAN Adapter.

Similar things can be said about Lauterbach Trace32 debugger, the WinDriver(WindRiver ?) compiler and many other automotive SW engineering tools.

Vector seems to be thriving, when I look at their buildings and when I visit their cantina.

Destroying the Patterns Needed by LLMs

An_Old_Dog

IF this automatic decompilation method works, the proprietary-minded, thou-shalt-not-disassemble-so-sayeth-the-EULA tech bros will create a compiler post-processor or a compiler mod which salts the object file with random, "harmless" instructions, thus destroying the patterns needed by LLMs to successfully work.

karlkarl

> LLM-driven C-to-Rust.

Would it not be better served by the LLM "making safe" the AST before directly emitting the binary. The step to transpile to written Rust code first is pointless if the LLM has already confirmed and corrected the code.

Its like C++ used to transpile to C first (C-Front compiler). However it was later deemed better to bypass that stage and go straight to the IL/GIMPLE/binary, etc. The machine generated C wasn't that usful.

Its not like anyone is going to actually write with the machine generated Rust anyway. People will barely write with Rust as it is.

"Your mother was a hamster, and your father smelt of elderberries!"
-- Monty Python and the Holy Grail