RustAssure: Differential Symbolic Testing for LLM-Transpiled C-to-Rust Code
Yubo Bai, Tapti Palit
TL;DR
RustAssure addresses the risk of LLM-generated C-to-Rust translations by pairing automatic transpilation with differential symbolic testing to verify semantic parity. It uses an LLM Invoker with prompt engineering and a Semantic Similarity Checker that performs symbolic execution and graph-based comparison across languages, bridging memory-layout and type differences. On five real-world codebases and four LLMs, RustAssure achieved $89.8\%$ compilable Rust translations and $72\%$ of cases semantically equivalent, while uncovering semantic bugs not detected by some baselines. The work demonstrates both practical viability for automated safe Rust migration and the potential for cross-language symbolic verification to improve LLM reliability.
Abstract
Rust is a memory-safe programming language that significantly improves software security. Existing codebases written in unsafe memory languages, such as C, must first be transpiled to Rust to take advantage of Rust's improved safety guarantees. RustAssure presents a system that uses Large Language Models (LLMs) to automatically transpile existing C codebases to Rust. RustAssure uses prompt engineering techniques to maximize the chances of the LLM generating idiomatic and safe Rust code. Moreover, because LLMs often generate code with subtle bugs that can be missed under traditional unit or fuzz testing, RustAssure performs differential symbolic testing to establish the semantic similarity between the original C and LLM-transpiled Rust code. We evaluated RustAssure with five real-world applications and libraries, and showed that our system is able to generate compilable Rust functions for 89.8% of all C functions, of which 69.9% produced equivalent symbolic return values for both the C and Rust functions.