The most secure programming language you’ve probably never even heard of…

What have power plants, railways, aviation, rockets, space vehicles, satellites, banking systems and military applications in common?
Let’s find out.

Jannis Kirschner
Mar 14, 2019 · 4 min read
Photo by Robin Sommer on Unsplash

Introduction

In the last few days, I came across the sad news of the Boeing 737 Max 8 Airplanes which have crashed…arguably because of a software fault. This got me thinking, how is aviation software written? How does it get tested? What programming language does it use? Maybe Assembler? Or C? Or maybe Cobol or Fortran or whatever? What I found quite surprised me. Not only that I never even heard of the language and its features before, but that it’s omnipresent in critical infrastructure.

All these things I mentioned in the beginning have multiple things in common:
They are all over the globe.
They are critical infrastructure.
They are low-level systems.
They need to be secure.
They were written in Ada.

What the (s)hell is Ada?

Ada, named after Ada Lovelace, is a security/safety oriented programming language and one of the best to produce correct code. The Ada language is an international standard (ISO), and is maintained by an ISO working group (WG9). The company AdaCore maintains an extensive set of tools for Ada. It’s compiler “GNAT” is open source under the GPL 3+ Licence. AdaCore also maintains a source code analyzer for Ada, Commercial and Free development environments and offers customer support. It was mandatory a long time for US Military and GOV applications.

There’s a nice list of projects where Ada has been used:
https://www2.seas.gwu.edu/~mfeldman/ada-project-summary.html

Here’s an introductory video:

This seems weird…and dated…and kinda odd to write…and confusing…

The first question I asked myself was if it is really usable today or just a nice concept. Does it feature a completely esoteric syntax? Is it only procedural? Is it dated…or maybe has it stood well over time?

Here are some of it’s specs:

  • Full Object-Oriented Programming Support
  • Encourages Model Based Engineering
  • Integrates easily with C/C++
  • Has it’s own IDE or can be integrated into your favorite one
  • Is low level and suitable for embedded systems and still memory safe
  • It’s great for concurrency and real-time systems
  • Nicely supports big codebases
  • Supports many many processors

I was surprised by how modern the language actually is. It also sounds cool to try, but is it really worth learning? And there still has to be a reason why so many critical projects depend on it.

It’s simple.

It’s safety.

No, that’s not Princess Leia Organa of Alderaan but Ada Lovelace. She was the “first programmer”.

Securit’what?

Even today Ada still has its perks over any other language in terms of security and correctness. Here are some of the many security features:

  • Ada notices many bugs at compile-time which other languages only discover at run-time
  • Ada has mandatory bounds checking. For example, array operations have to be safe.
  • Ada doesn’t compile code with accidental assignment bugs (= instead of ==).
  • Ada lets you specify if method parameters can be read or written.
  • Ada avoids statement group indentation level errors.
  • Ada is type safe. It is an integral part of the language and prevents common semantic errors.
  • Ada is memory safe/pointer safe.
  • Ada’s Syntax is build to be as safe as possible, making it easier for the programmer.
  • Ada features a contract system. Ada has a feature which is called “contracts”. Contracts are preconditions and postconditions which are assigned to methods which have to be satisfied.
  • Ada has a subset called the SPARK (PRO) Language/Toolset. It makes the language formally analyzable and makes your code mathematically verifiable. Properly coded it can eliminate most Run-Time exceptions. A list can be found here: https://www.adacore.com/sparkpro

Simply said it prevents most common programming errors as much as possible.

Okay okay enough of this management talk, I wanna see some code!

Ada “Hello World”

Here’s some “Hello World” code.
Not that bad, right? It might be a bit different then what you’re used to, but it’s simple and can be read easily. Generally, the language has a bit of a Go vibe to it (But Ada was way first).

Summary

I hope I was able to show you an interesting new language. What’s next? Maybe you already knew Ada, that’s cool. Maybe you think the language is boring and useless, that’s cool as well. But maybe, just maybe this was able to show you something useful. For a side project — or as part of your secure architecture…that’d be super cool :)

I would be very happy to hear your thoughts and comments. What do you think of it? Would you give Ada a try? Or what are you using instead?

That’s super cool! I wanna know more!

Here’s a huge documentation about it’s security features:

This is the official website:

And a helpful page to get started:

And last but not least…Here’s your door to explore Ada for yourself:

Jannis Kirschner

Written by

Swiss Security Researcher & CTF Enthusiast

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade