The risks of memory safety bugs are well understood. Even expert developers struggle to correctly use C/C++. In the best case scenario, the development process is augmented by an array of bug finding tools such as fuzzers and static analyzers. Even so, we know that memory safety bugs invariably make it into the released code where they will be found by attackers.

For instance, Microsoft reported that over the last 12 years, 70% of Microsoft security patches address memory safety bugs. In 2017 and 2018, the number of memory safety bugs reported roughly doubled. This coincided with increased use of automatic bug finding tools (fuzzers and sanitizers) to find latent memory safety bugs.

How we can help

Immunant is developing the most feature complete C to Rust migration toolset: C2Rust. The code is open source, download or install it today, or try our online demo first.

We provide the following migration services:

  • Full-service migration to Rust: we handle everything for you, just add code.
  • Assisted migration: we work alongside your team to guide translation and refactoring.
  • C/C++/Rust interoperability & hardening: we ensure that C/C++ and Rust code interoperates correctly with a minium of boilerplate code.

Contact us to discuss whether migrating unsafe code is right for you.

Why now? Why C2Rust?

Two of the primary reasons why C and C++ still dominate systems programming, lack of alternatives and high switching costs, are being resolved today. It has never been more viable to transition away from C/C++ and the pitfalls they contain.

Alternatives: Languages thrive because they meet a particular need. C, for example, offers unrivaled portability, flexibility, and benefits from an extremely mature ecosystem. Until the Rust programming language took off, developers didn’t have a language that could compete head on with C and C++ in the niches they dominate. Thanks to its unique type system, Rust provides the memory safety that C/C++ lacks without forcing developers into a garbage-collected memory management paradigm or requiring any sort of runtime or virtual machine.

Switching costs: Manually rewriting existing C/C++ software in a new, safer language has generally been labor-intensive and expensive. Committing scarce developer resources to a rewrite project with such a high barrier to entry was often not an option. With our unique tooling, we bring the cost of porting to Rust down to a fraction of a manual rewrite. We have experience translating millions lines of C code to Rust using our C2Rust tools. Let us do the heavy lifting for you while meeting strict performance and correctness criteria.

Learn more and contribute on GitHub.