Don’t Write, but Return: Replacing Output Parameters with Algebraic Data Types in C-to-Rust Translation
Authors: 
Jaemin Hong, 
Sukyoung RyuAuthors Info & Claims
Jaemin Hong, Sukyoung RyuAuthors Info & ClaimsArticle No.: 176, Pages 716 - 740
Abstract
Translating legacy system programs from C to Rust is a promising way to enhance their reliability. To alleviate the burden of manual translation, automatic C-to-Rust translation is desirable. However, existing translators fail to generate Rust code fully utilizing Rust’s language features, including algebraic data types. In this work, we focus on tuples and Option/Result types, an important subset of algebraic data types. They are used as functions’ return types to represent those returning multiple values and those that may fail. Due to the absence of these types, C programs use output parameters, i.e., pointer-type parameters for producing outputs, to implement such functions. As output parameters make code less readable and more error-prone, their use is discouraged in Rust. To address this problem, this paper presents a technique for removing output parameters during C-to-Rust translation. This involves three steps: (1) syntactically translating C code to Rust using an existing translator; (2) analyzing the Rust code to extract information related to output parameters; and (3) transforming the Rust code using the analysis result. The second step poses several challenges, including the identification and classification of output parameters. To overcome these challenges, we propose a static analysis based on abstract interpretation, complemented by the notion of abstract read/write sets, which approximate the sets of read/written pointers, and two sensitivities: write set sensitivity and nullity sensitivity. Our evaluation shows that the proposed technique is (1) scalable, with the analysis and transformation of 190k LOC within 213 seconds, (2) useful, with the detection of 1,670 output parameters across 55 real-world C programs, and (3) mostly correct, with 25 out of 26 programs passing their test suites after the transformation.
References
[1]
Brian Anderson, Lars Bergstrom, Manish Goregaokar, Josh Matthews, Keegan McAllister, Jack Moffitt, and Simon Sapin. 2016. Engineering the Servo Web Browser Engine Using Rust. In Proceedings of the 38th International Conference on Software Engineering Companion (ICSE ’16). Association for Computing Machinery, New York, NY, USA. 81–89. isbn:9781450342056 https://doi.org/10.1145/2889160.2889229
[2]
Yechan Bae, Youngsuk Kim, Ammar Askar, Jungwon Lim, and Taesoo Kim. 2021. Rudra: Finding Memory Safety Bugs in Rust at the Ecosystem Scale. In Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles (SOSP ’21). Association for Computing Machinery, New York, NY, USA. 84–99. isbn:9781450387095 https://doi.org/10.1145/3477132.3483570
[3]
Kevin Boos, Namitha Liyanage, Ramla Ijaz, and Lin Zhong. 2020. Theseus: An Experiment in Operating System Structure and State Management. In Proceedings of the 14th USENIX Conference on Operating Systems Design and Implementation (OSDI’20). USENIX Association, USA. Article 1, 19 pages. isbn:978-1-939133-19-9
[4]
Patrick Cousot and Radhia Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL ’77). Association for Computing Machinery, New York, NY, USA. 238–252. isbn:9781450373500 https://doi.org/10.1145/512950.512973
[5]
Mohan Cui, Chengjun Chen, Hui Xu, and Yangfan Zhou. 2023. SafeDrop: Detecting Memory Deallocation Bugs of Rust Programs via Static Data-Flow Analysis. ACM Trans. Softw. Eng. Methodol., 32, 4 (2023), Article 82, may, 21 pages. issn:1049-331X https://doi.org/10.1145/3542948
[6]
Al Danial. 2023. cloc. https://github.com/AlDanial/cloc
[7]
Sergio De Simone. 2022. Linux 6.1 Officially Adds Support for Rust in the Kernel. https://www.infoq.com/news/2022/12/linux-6-1-rust
[8]
Mehmet Emre, Peter Boyland, Aesha Parekh, Ryan Schroeder, Kyle Dewey, and Ben Hardekopf. 2023. Aliasing Limits on Translating C to Safe Rust. Proc. ACM Program. Lang., 7, OOPSLA1 (2023), Article 94, apr, 29 pages. https://doi.org/10.1145/3586046
[9]
Mehmet Emre, Ryan Schroeder, Kyle Dewey, and Ben Hardekopf. 2021. Translating C to Safer Rust. Proc. ACM Program. Lang., 5, OOPSLA (2021), Article 121, oct, 29 pages. https://doi.org/10.1145/3485498
[10]
GNU. 2023. GNU Package Blurbs. https://www.gnu.org/manual/blurbs.html
[11]
Maria Handjieva and Stanislav Tzolovski. 1998. Refining Static Analyses by Trace-Based Partitioning Using Control Flow. In Static Analysis, Giorgio Levi (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 200–214. isbn:978-3-540-49727-1
[12]
Ben Hardekopf and Calvin Lin. 2009. Semi-Sparse Flow-Sensitive Pointer Analysis. In Proceedings of the 36th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’09). Association for Computing Machinery, New York, NY, USA. 226–238. isbn:9781605583792 https://doi.org/10.1145/1480881.1480911
[13]
Jaemin Hong and Sukyoung Ryu. 2023. Concrat: An Automatic C-to-Rust Lock API Translator for Concurrent Programs. In Proceedings of the 45th International Conference on Software Engineering (ICSE ’23). IEEE Press, Melbourne, Victoria, Australia. 716–728. isbn:9781665457019 https://doi.org/10.1109/ICSE48619.2023.00069
[14]
Jaemin Hong and Sukyoung Ryu. 2024. Don’t Write, but Return: Replacing Output Parameters with Algebraic Data Types in C-to-Rust Translation (Artifact). https://doi.org/10.5281/zenodo.10795858
[15]
Tim Hutt. 2021. Would Rust secure cURL? https://blog.timhutt.co.uk/curl-vulnerabilities-rust/
[16]
Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2017. RustBelt: Securing the Foundations of the Rust Programming Language. Proc. ACM Program. Lang., 2, POPL (2017), Article 66, dec, 34 pages. https://doi.org/10.1145/3158154
[17]
Se-Won Kim, Xavier Rival, and Sukyoung Ryu. 2018. A Theoretical Foundation of Sensitivity in an Abstract Interpretation Framework. ACM Trans. Program. Lang. Syst., 40, 3 (2018), Article 13, aug, 44 pages. issn:0164-0925 https://doi.org/10.1145/3230624
[18]
Steve Klabnik and Carol Nichols. 2018. The Rust Programming Language (1 ed.). No Starch Press. isbn:978-1593278281
[19]
Stefan Lankes, Jens Breitbart, and Simon Pickartz. 2019. Exploring Rust for Unikernel Development. In Proceedings of the 10th Workshop on Programming Languages and Operating Systems (PLOS ’19). Association for Computing Machinery, New York, NY, USA. 8–15. isbn:9781450370172 https://doi.org/10.1145/3365137.3365395
[20]
Stefan Lankes, Jonathan Klimt, Jens Breitbart, and Simon Pickartz. 2020. RustyHermit: A Scalable, Rust-Based Virtual Execution Environment. In High Performance Computing: ISC High Performance 2020 International Workshops, Frankfurt, Germany, June 21–25, 2020, Revised Selected Papers. Springer-Verlag, Berlin, Heidelberg. 331–342. isbn:978-3-030-59850-1 https://doi.org/10.1007/978-3-030-59851-8_22
[21]
Amit Levy, Bradford Campbell, Branden Ghena, Daniel B. Giffin, Pat Pannuto, Prabal Dutta, and Philip Levis. 2017. Multiprogramming a 64kB Computer Safely and Efficiently. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP ’17). Association for Computing Machinery, New York, NY, USA. 234–251. isbn:9781450350853 https://doi.org/10.1145/3132747.3132786
[22]
Zhuohua Li, Jincheng Wang, Mingshen Sun, and John C.S. Lui. 2021. MirChecker: Detecting Bugs in Rust Programs via Static Analysis. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS ’21). Association for Computing Machinery, New York, NY, USA. 2183–2196. isbn:9781450384544 https://doi.org/10.1145/3460120.3484541
[23]
Yi Lin, Stephen M. Blackburn, Antony L. Hosking, and Michael Norrish. 2016. Rust as a Language for High Performance GC Implementation. In Proceedings of the 2016 ACM SIGPLAN International Symposium on Memory Management (ISMM 2016). Association for Computing Machinery, New York, NY, USA. 89–98. isbn:9781450343176 https://doi.org/10.1145/2926697.2926707
[24]
Michael Ling, Yijun Yu, Haitao Wu, Yuan Wang, James R. Cordy, and Ahmed E. Hassan. 2022. In Rust We Trust: A Transpiler from Unsafe C to Safer Rust. In Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings (ICSE ’22). Association for Computing Machinery, New York, NY, USA. 354–355. isbn:9781450392235 https://doi.org/10.1145/3510454.3528640
[25]
Robert C. Martin. 2008. Clean Code: A Handbook of Agile Software Craftsmanship (1st ed.). Pearson. isbn:9780132350884
[26]
Nicholas D. Matsakis and Felix S. Klock. 2014. The Rust Language. In Proceedings of the 2014 ACM SIGAda Annual Conference on High Integrity Language Technology (HILT ’14). Association for Computing Machinery, New York, NY, USA. 103–104. isbn:9781450332170 https://doi.org/10.1145/2663171.2663188
[27]
Laurent Mauborgne and Xavier Rival. 2005. Trace Partitioning in Abstract Interpretation Based Static Analyzers. In Proceedings of the 14th European Conference on Programming Languages and Systems (ESOP’05). Springer-Verlag, Berlin, Heidelberg. 5–20. isbn:3540254358 https://doi.org/10.1007/978-3-540-31987-0_2
[28]
Jan Midtgaard. 2012. Control-Flow Analysis of Functional Programs. ACM Comput. Surv., 44, 3 (2012), Article 10, jun, 33 pages. issn:0360-0300 https://doi.org/10.1145/2187671.2187672
[29]
Matthew Might, Yannis Smaragdakis, and David Van Horn. 2010. Resolving and Exploiting the K-CFA Paradox: Illuminating Functional vs. Object-Oriented Program Analysis. In Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’10). Association for Computing Machinery, New York, NY, USA. 305–315. isbn:9781450300193 https://doi.org/10.1145/1806596.1806631
[30]
Ana Milanova, Atanas Rountev, and Barbara G. Ryder. 2002. Parameterized Object Sensitivity for Points-to and Side-Effect Analyses for Java. In Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA ’02). Association for Computing Machinery, New York, NY, USA. 1–11. isbn:1581135629 https://doi.org/10.1145/566172.566174
[31]
Ana Milanova, Atanas Rountev, and Barbara G. Ryder. 2005. Parameterized Object Sensitivity for Points-to Analysis for Java. ACM Trans. Softw. Eng. Methodol., 14, 1 (2005), jan, 1–41. issn:1049-331X https://doi.org/10.1145/1044834.1044835
[32]
Vikram Narayanan, Tianjiao Huang, David Detweiler, Dan Appel, Zhaofeng Li, Gerd Zellweger, and Anton Burtsev. 2020. RedLeaf: Isolation and Communication in a Safe Operating System. In Proceedings of the 14th USENIX Conference on Operating Systems Design and Implementation (OSDI’20). USENIX Association, USA. Article 2, 19 pages. isbn:978-1-939133-19-9
[33]
Hakjoo Oh, Kihong Heo, Wonchan Lee, Woosuk Lee, and Kwangkeun Yi. 2012. Design and Implementation of Sparse Global Analyses for C-like Languages. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’12). Association for Computing Machinery, New York, NY, USA. 229–238. isbn:9781450312059 https://doi.org/10.1145/2254064.2254092
[34]
Xavier Rival and Laurent Mauborgne. 2007. The Trace Partitioning Abstract Domain. ACM Trans. Program. Lang. Syst., 29, 5 (2007), aug, 26–es. issn:0164-0925 https://doi.org/10.1145/1275497.1275501
[35]
Stephan Roth. 2021. Clean C++20: Sustainable Software Development Patterns and Best Practices (2 ed.). Apress. isbn:978-1484259481
[36]
Rust. 2023. Guide to Rustc Development. https://rustc-dev-guide.rust-lang.org/
[37]
Rust. 2023. Guide to Rustc Development: The HIR. https://rustc-dev-guide.rust-lang.org/hir.html
[38]
Rust. 2023. Guide to Rustc Development: The MIR. https://rustc-dev-guide.rust-lang.org/mir/index.html
[39]
Rust. 2023. Module std::option. https://doc.rust-lang.org/std/option/index.html
[40]
Rust. 2023. Module std::result. https://doc.rust-lang.org/std/result/index.html
[41]
Rust. 2023. Primitive Type tuple. https://doc.rust-lang.org/std/primitive.tuple.html
[42]
Rust. 2023. Rust by Example: if let. https://doc.rust-lang.org/rust-by-example/flow_control/if_let.html
[43]
Micha Sharir and Amir Pnueli. 1981. Two Approaches to Interprocedural Data Flow Analysis. Prentice-Hall, Inc., Englewood Cliffs, New Jersey.
[44]
O. Shivers. 1988. Control Flow Analysis in Scheme. In Proceedings of the ACM SIGPLAN 1988 Conference on Programming Language Design and Implementation (PLDI ’88). Association for Computing Machinery, New York, NY, USA. 164–174. isbn:0897912691 https://doi.org/10.1145/53990.54007
[45]
Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhoták. 2011. Pick your contexts well. In Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM. https://doi.org/10.1145/1926385.1926390
[46]
Frances Wingerter. 2022. C2Rust is Back. https://immunant.com/blog/2022/06/back/
[47]
Hanliang Zhang, Cristina David, Yijun Yu, and Meng Wang. 2023. Ownership Guided C to Rust Translation. In Computer Aided Verification, Constantin Enea and Akash Lal (Eds.). Springer Nature Switzerland, Cham. 459–482. isbn:978-3-031-37709-9
Index Terms
- Don’t Write, but Return: Replacing Output Parameters with Algebraic Data Types in C-to-Rust Translation
Recommendations
Translating C to safer Rust
Rust is a relatively new programming language that targets efficient and safe systems-level applications. It includes a sophisticated type system that allows for provable memory- and thread-safety, and is explicitly designed to take the place of unsafe ...
Aliasing Limits on Translating C to Safe Rust
The Rust language was created to provide safe low-level systems programming. There is both industrial and academic interest in the problem of (semi-)automatically translating C code to Rust in order to exploit Rust's safety guarantees. We study the ...
Polymorphic algebraic data type reconstruction
PPDP '06: Proceedings of the 8th ACM SIGPLAN international conference on Principles and practice of declarative programmingOne of the disadvantages of statically typed languages is the programming overhead caused by writing all the necessary type information: Both type declarations and type definitions are typically required. Traditional type inference aims at relieving the ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 June 2024
Published in PACMPL Volume 8, Issue PLDI
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Research Foundation of Korea
- Institute for Information and communications Technology Promotion
- Samsung Electronics Co., Ltd
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 364Total Downloads
- Downloads (Last 12 months)364
- Downloads (Last 6 weeks)241
Reflects downloads up to 13 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in