Translating C To Rust: Lessons from a User Study

TL;DR

This study compares human and automatic translation of C to Rust, revealing humans produce safer, more effective code with diverse strategies, highlighting areas for improving automatic tools.

Contribution

It provides insights into human translation strategies from C to Rust, demonstrating their effectiveness over current automatic tools and informing future translator development.

Findings

Humans produce safer Rust translations than automatic tools.

Users often choose zero-cost abstractions for safety.

Diverse translation strategies emerge among users.

Abstract

Rust aims to offer full memory safety for programs, a guarantee that untamed C programs do not enjoy. How difficult is it to translate existing C code to Rust? To get a complementary view from that of automatic C to Rust translators, we report on a user study asking humans to translate real-world C programs to Rust. Our participants are able to produce safe Rust translations, whereas state-of-the-art automatic tools are not able to do so. Our analysis highlights that the high-level strategy taken by users departs significantly from those of automatic tools we study. We also find that users often choose zero-cost (static) abstractions for temporal safety, which addresses a predominant component of runtime costs in other full memory safety defenses. User-provided translations showcase a rich landscape of specialized strategies to translate the same C program in different ways to safe Rust, which future automatic translators can consider.