The Stealth team, in collaboration with researchers from the University of Vermont, is developing software to aid in the translation of code from older and less secure programming languages to new languages with stronger guards against errors. “SALSA: Securing Antiquated Languages via program Synthesis and human Assistance” is a SBIR effort under the DARPA Lifting Legacy Code to Safer Languages (LiLaC-SL) program.
Code maintenance is a significant part of the cost of software development, and maintaining legacy code written in older languages comes with additional challenges: older languages lack safety features such as memory safety, and software developers increasingly lack fluency in those older languages. Translating legacy code into modern languages is a natural way for software companies and other organizations who rely on software to reduce their maintenance costs.
The major obstacles today to code translation today are cost and reliability. There are fewer and fewer developers familiar with older languages, and so translating by hand is often prohibitively expensive. Although existing automatic solutions exist, they often produce code that is difficult to read, or that even escapes safety checks, and so do not solve the problem of maintainability.
Software vulnerabilities are a concern for individuals and companies seeking to reduce their risk profiles, but they’re also a collective concern. Making critical infrastructure safer and more reliable helps everyone. Therefore, SALSA tools developed under DARPA LiLaC-SL will be released as open-source software at the conclusion of the project.
Existing technologies translate from the source language to the target language without fully examining the code being translated. They rely on syntax-based rules to replace each element in the source language with a semantically identical element in the target. In particular, the translation will often insert special syntax to escape the target language’s safety checks, mimicking unsafe behavior in the source language, even if the source code happens to be safe.
SALSA improves on this by looking at the program itself and synthesizing a new program in the target language, behaviorally identical to the original. The output code is entirely safe, cleaner and easier to read, and most importantly ready for developers to pick up and keep developing.
This work was done in collaboration with the University of Vermont, and supported by DARPA under contract number HR001122C0047, Distribution Statement A: “Approved for Public Release, Distribution Unlimited. If you have any questions, please contact the Public Release Center”. The views, opinions and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.