Ownership guided C to Rust translation
Hanliang Zhang, Cristina David, Yijun Yu, Meng Wang
TL;DR
The paper addresses safely translating large C codebases to Rust by inferring and enforcing Rust-compatibility ownership models. It introduces Crown, a pipeline that starts from c2rust-generated Rust, applies a scalable, flow- and field-sensitive ownership analysis, and retypes and rewrites pointers to produce safe Rust code validated by the Rust compiler. Key contributions include the formalization of ownership constraints, the novel ownership monotonicity concept, and a prototype tool that scales to hundreds of thousands of lines of code while outperforming the prior state-of-the-art in pointer safety conversion. The work has practical impact by enabling safer migration of legacy C software, reduces unsafe usage, and provides a foundation for future enhancements in handling real-world C idioms and memory management.
Abstract
Dubbed a safer C, Rust is a modern programming language that combines memory safety and low-level control. This interesting combination has made Rust very popular among developers and there is a growing trend of migrating legacy codebases (very often in C) to Rust. In this paper, we present a C to Rust translation approach centred around static ownership analysis. We design a suite of analyses that infer ownership models of C pointers and automatically translate the pointers into safe Rust equivalents. The resulting tool, Crown, scales to real-world codebases (half a million lines of code in less than 10 seconds) and achieves a high conversion rate.