SafeTrans: LLM-assisted Transpilation from C to Rust
Muhammad Farrukh, Smeet Shah, Baris Coskun, Michalis Polychronakis
TL;DR
This work addresses the challenge of migrating large legacy C codebases to memory-safe Rust by introducing SafeTrans, an end-to-end framework that leverages LLMs for C-to-Rust transpilation followed by iterative basic and guided repairs and runtime validation. The approach produces significantly safer and more idiomatic Rust than rule-based methods, achieving substantial gains in translation correctness (up to ~80% computational accuracy for top models) and demonstrable mitigation of memory-related vulnerabilities via Rust’s ownership model. The study analyzes Rust-specific translation errors, demonstrates the effectiveness of guided repair for common error codes, and validates vulnerability mitigation using ESBMC across a CodeNet-derived dataset of 2,653 C programs. The results suggest that, with targeted prompting and feedback loops, LLM-assisted transpilation can enable scalable, automated migration to Rust, with practical implications for software security and maintenance; the authors also provide open data and a prototype to support future work.
Abstract
Rust is a strong contender for a memory-safe alternative to C as a "systems" programming language, but porting the vast amount of existing C code to Rust is a daunting task. In this paper, we evaluate the potential of large language models (LLMs) to automate the transpilation of C code to idiomatic Rust, while ensuring that the generated code mitigates any memory-related vulnerabilities present in the original code. To that end, we present the design and implementation of SafeTrans, a framework that uses LLMs to i) transpile C code into Rust and ii) iteratively fix any compilation and runtime errors in the resulting code. A key novelty of our approach is the introduction of a few-shot guided repair technique for translation errors, which provides contextual information and example code snippets for specific error types, guiding the LLM toward the correct solution. Another novel aspect of our work is the evaluation of the security implications of the transpilation process, i.e., whether potential vulnerabilities in the original C code have been properly addressed in the translated Rust code. We experimentally evaluated SafeTrans with six leading LLMs and a set of 2,653 C programs accompanied by comprehensive unit tests, which were used for validating the correctness of the translated code. Our results show that our iterative repair strategy improves the rate of successful translations from 54% to 80% for the best-performing LLM (GPT-4o), and that all types of identified vulnerabilities in the original C code are effectively mitigated in the translated Rust code.
