[HN Gopher] C2rust: Transpile C to Rust
___________________________________________________________________
C2rust: Transpile C to Rust
Author : juancampa
Score : 33 points
Date : 2022-02-01 21:06 UTC (1 hours ago)
(HTM) web link (c2rust.com)
(TXT) w3m dump (c2rust.com)
| acomjean wrote:
| We used to call fortran transpired into ada: adatran.
|
| Adatran was terrible. Hard to impossible to edit if something
| needed fixing. Used none of the features that made Ada a decent
| language. The very limited code they did this to did work
| however. This was a huge project and included C and ada code.
|
| What do we call C code transpiled to Rust. Crust?
| pcwalton wrote:
| > What do we call C code transpiled to Rust. Crust?
|
| Fun fact: in ancient Rust, what we now call extern "C"
| functions were called "crust" functions, pronounced like the
| word.
| detaro wrote:
| Have their been any large projects that used this as a starting
| point for a port? I would be curious how it works out in
| practice.
| steveklabnik wrote:
| What I am most curious about is the final paragraph of
| https://github.com/immunant/c2rust#acknowledgements-and-lice...
|
| There was a while there where they were trying to test this out
| on the cvs codebase, IIRC. It's a good candidate: upstream
| doesn't exactly move quickly, but is very much a real-world
| codebase, still in use.
| neopallium wrote:
| I just started using c2rust on openjpeg [0] (jpeg 2000
| encoder/decoder) today and already have it working as a drop in
| replacement for the C libopenjp2.so on Linux. Still has a lot
| of unsafe code, but it does work. Which will be a big help with
| testing during refactoring to idiomatic safe Rust.
|
| c2rust also has a refactor command that helps with refactoring
| the generated Rust code.
|
| [0] https://github.com/Neopallium/openjpeg/tree/c2rust
| pornel wrote:
| I've used my homebrew c2rust converter[1] to translate lodepng
| and pngquant[2] libraries to Rust. My two key takeaways are:
|
| Good test coverage is _essential_ for this. Count how many bugs
| you 've written when you were writing this code for the first
| time. Even if your bug-rate is 99% better during the rewrite,
| that may still be a significant number. Fine-grained tests
| aren't necessary, but end-to-end tests that touch every feature
| are crucial to catch regressions.
|
| Once the rough conversion is done, it is necessary to refactor
| the code to take advantage of Rust's idioms to get safety
| benefits. Just 1:1 conversion is underwhelming, and it feels
| like replacing gcc with rustc. I did not realize just how
| recklessly pointer-heavy C tends to be until I saw it through
| Rusty lens.
|
| The lodepng conversion was "meh". It's a good C code, but its
| structure was very different from what you'd do in Rust (e.g.
| Rust prefers generics over pointer casts, iterators over
| indexing or pointer arithmetic, has interfaces for steaming
| processing that C lacks). I don't know how far I can refactor
| the code to Rusty idioms and still call it lodepng :)
|
| OTOH the pngquant codebase was mine, and I'm happy with the
| results. When converting I took advantage of Rust idioms, and
| the Rust version is nicer to maintain and even a bit faster.
|
| [1]: https://lib.rs/crates/citrus [2]:
| https://pngquant.org/rust.html
| billconan wrote:
| But what about borrow checking? Will the transpiled code be
| runnable.
| [deleted]
| qw3rty01 wrote:
| it doesn't convert pointers to references, it just uses
| pointers, so the borrow checker isn't invoked.
| TheMagicHorsey wrote:
| For the non-Rust programmers here, does that mean you don't
| get Rust's memory safety with this transpiler?
| [deleted]
| qw3rty01 wrote:
| Correct, although it looks like converting some parts to
| safe code may be a future goal
| steveklabnik wrote:
| What they've stated previously is that they plan to go
| with the approach of "compile C to unsafe Rust" and
| "compile unsafe Rust to safe Rust" as two separate things
| that could be chained together. I don't remember if it's
| meant to be literally another tool or just the general
| approach, but seems very interesting and sensible to me!
| necubi wrote:
| That's correct. There's no way to translate arbitrary C
| to memory safe code.
| jacquesm wrote:
| If you could, you wouldn't need Rust in the first place.
| estebank wrote:
| The transpiled code will use pointers, it will not transform
| C-isms that could map to Rust-isms (like borrowing instead of
| pointers, or iterators instead of pointer arithmetic). This
| is meant to be only the first step in a Rust refactor.
|
| https://galois.com/blog/2018/08/c2rust/
|
| https://github.com/immunant/c2rust/wiki/Known-Limitations-
| of...
___________________________________________________________________
(page generated 2022-02-01 23:00 UTC)