The most secure programming language you’ve probably never even heard of…

What have power plants, railways, aviation, rockets, space vehicles, satellites, banking systems and military applications in common?
Let’s find out.

Photo by Robin Sommer on Unsplash

Introduction

All these things I mentioned in the beginning have multiple things in common:
They are all over the globe.
They are critical infrastructure.
They are low-level systems.
They need to be secure.
They were written in Ada.

What the (s)hell is Ada?

There’s a nice list of projects where Ada has been used:
https://www2.seas.gwu.edu/~mfeldman/ada-project-summary.html

Here’s an introductory video:

This seems weird…and dated…and kinda odd to write…and confusing…

The first question I asked myself was if it is really usable today or just a nice concept. Does it feature a completely esoteric syntax? Is it only procedural? Is it dated…or maybe has it stood well over time?

Here are some of it’s specs:

  • Full Object-Oriented Programming Support
  • Encourages Model Based Engineering
  • Integrates easily with C/C++
  • Has it’s own IDE or can be integrated into your favorite one
  • Is low level and suitable for embedded systems and still memory safe
  • It’s great for concurrency and real-time systems
  • Nicely supports big codebases
  • Supports many many processors

I was surprised by how modern the language actually is. It also sounds cool to try, but is it really worth learning? And there still has to be a reason why so many critical projects depend on it.

It’s simple.

It’s safety.

No, that’s not Princess Leia Organa of Alderaan but Ada Lovelace. She was the “first programmer”.

Securit’what?

Java has a garebage collector! Why should I use this strange thing instead of Java?

Even today Ada still has its perks over any other language in terms of security and correctness. Here are some of the many security features:

  • Ada notices many bugs at compile-time which other languages only discover at run-time
  • Ada has mandatory bounds checking. For example, array operations have to be safe.
  • Ada doesn’t compile code with accidental assignment bugs (= instead of ==).
  • Ada lets you specify if method parameters can be read or written.
  • Ada avoids statement group indentation level errors.
  • Ada is type safe. It is an integral part of the language and prevents common semantic errors.
  • Ada is memory safe/pointer safe.
  • Ada’s Syntax is build to be as safe as possible, making it easier for the programmer.
  • Ada features a contract system. Ada has a feature which is called “contracts”. Contracts are preconditions and postconditions which are assigned to methods which have to be satisfied.
  • Ada has a subset called the SPARK (PRO) Language/Toolset. It makes the language formally analyzable and makes your code mathematically verifiable. Properly coded it can eliminate most Run-Time exceptions. A list can be found here: https://www.adacore.com/sparkpro

Simply said it prevents most common programming errors as much as possible.

Okay okay enough of this management talk, I wanna see some code!

Ada “Hello World”

Here’s some “Hello World” code.
Not that bad, right? It might be a bit different then what you’re used to, but it’s simple and can be read easily. Generally, the language has a bit of a Go vibe to it (But Ada was way first).

Summary

I would be very happy to hear your thoughts and comments. What do you think of it? Would you give Ada a try? Or what are you using instead?

That’s super cool! I wanna know more!

This is the official website:

And a helpful page to get started:

And last but not least…Here’s your door to explore Ada for yourself:

Swiss Security Researcher & CTF Enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store