The C language has traditionally emphasized programs' runtime performance, achieved by leaving low-level memory management to the programmer. Countless program crashes, hangs, and security vulnerabilities have been attributed to uninformed or malicious use of this feature. In contrast, languages considered to be (memory-)safe restrict direct memory access by programmers and include C#, Java, Rust, and Go. Migrating actively used code in C and its extension C++ to one of these languages allows this code to benefit from the safer languages' advantages. We propose an approach to semi-automatically migrating well-designed C++ code into a safer language. We believe we can build substantial tool support for such a migration. We propose Rust as the target language and therefore dub our effort CRAM ("C++ to Rust Assisted Migration"). The reasons for choosing Rust include its safe programming features, its promise to deliver well-performing system-level and network applications, and that it is a modern language with many features beyond those related to safety. We are seeking a form of language migration that results in well-designed, human-maintainable programs in Rust, which we can hand back to the developer with a good conscience. Our vision is that our tool will be applied to code that is under active development. To support post-migration development, the code needs to be readable, have human-friendly variable names, and it must be idiomatic Rust code, resting on that language's native design pillars. Human-maintainability is also critical for post-processing automatically migrated code does not yet satisfy all our requirements. Our approach will lead to programs that take full advantage of Rust's safety and other features. As a by-product of the migration process, we will generate strong program-specific certifications of the result, including both statements relating the source and target programs, and reasoning about the stand-alone target program. Our migration tool CRAM will be developed as open-source software. Stable revisions, along with benchmarks and milestone migration results, will be made available on a public website. We plan to engage with the Rust programmer community, to stay abreast of the advances the language's developments and adjust CRAM accordingly. Potential commercialization will serve the urgent need of both the Government and the private sector to respond to the inherent risks of continued reliance on existing C/C++ code bases. GrammaTech has a long history of successful commercialization of products developed by its research division.
