Memory-Safe Systems Programming: Migrating Critical Infrastructure from C and C++ to Rust While Preserving ABI Compatibility and Performance

Abstract

For half a century the systems world has been built in C and C++, languages that hand the programmer complete control over memory and, with it, complete responsibility for getting that control right. The record shows we rarely do. Independent analyses from Microsoft, the Chromium project, and government security agencies converge on the same uncomfortable figure: roughly seven in ten serious vulnerabilities trace back to memory-safety mistakes such as buffer overflows, use-after-free, and data races. Rust offers a way out without surrendering the performance that drew engineers to C in the first place. Its ownership model and borrow checker prove, at compile time, that a program is free of whole classes of these defects, while generating native code with no garbage collector and no managed runtime. This paper examines what it actually takes to move existing critical infrastructure to Rust rather than rewrite it wholesale. We describe the ownership discipline that delivers the guarantees, the role of the unsafe keyword and the foreign-function interface in talking to legacy C, the incremental migration strategies that keep a system shippable throughout, and the evidence on performance parity. We close with the honest limits: a steep learning curve, an immature corner of the ecosystem for some domains, and the fact that unsafe code and FFI boundaries remain places where the compiler's promises stop.