Stories with Tag Ada

• Nvidia Security Team: “What if we just stopped using C?” (2022)

  permalink

  Posted: 2025-02-10 09:16:04

  Verbose tl;dr

  Nvidia's security team advocates shifting away from C/C++ due to its susceptibility to memory-related vulnerabilities, which account for a significant portion of their reported security issues. They propose embracing memory-safe languages like Rust, Go, and Java to improve the security posture of their products and reduce the time and resources spent on vulnerability remediation. While acknowledging the performance benefits often associated with C/C++, they argue that modern memory-safe languages offer comparable performance while significantly mitigating security risks. This shift requires overcoming challenges like retraining engineers and integrating new tools, but Nvidia believes the long-term security gains outweigh the transitional costs.

  In a 2022 blog post titled "Nvidia Security Team: 'What if we just stopped using C?'" hosted on the AdaCore blog, the author discusses a presentation given by Nvidia's security team exploring the possibility of transitioning away from C and C++ in their codebase due to the inherent security risks associated with these languages. The post emphasizes the prevalence of memory safety vulnerabilities, such as buffer overflows, use-after-free errors, and double frees, which plague C and C++ development and contribute significantly to exploitable security flaws. These vulnerabilities arise from the manual memory management paradigm prevalent in these languages, giving developers extensive control over memory allocation and deallocation, but also leaving them prone to errors.

  The Nvidia team highlighted the increasing cost and complexity of mitigating these vulnerabilities, outlining the various techniques they currently employ, including code reviews, static analysis tools, and dynamic analysis tools like sanitizers. While acknowledging the effectiveness of these methods to a certain extent, they pointed out that these strategies are reactive rather than preventative and require significant ongoing investment. Furthermore, these mitigations don't address the root cause of the problem: the inherent unsafety of manual memory management.

  The post then elaborates on Nvidia's exploration of alternative, memory-safe languages like Rust, Go, and Ada. The blog post focuses particularly on Ada and SPARK, a formally verifiable subset of Ada, emphasizing their robust type system, compile-time error checking, and built-in memory safety features as attractive alternatives to the vulnerabilities of C and C++. The argument presented is that these languages, through their design and features, inherently prevent many of the memory-related vulnerabilities that plague C and C++, leading to more secure code by design.

  While acknowledging the significant undertaking of migrating away from a large, established C/C++ codebase, the Nvidia team expressed a belief that the long-term benefits in terms of improved security, reduced development costs associated with vulnerability mitigation, and a more robust and reliable software ecosystem justify the investment. The post concludes by highlighting Ada and SPARK as strong contenders for replacing C and C++ in safety-critical and security-sensitive applications, and portrays Nvidia's exploration as a significant indication of the growing industry interest in memory-safe languages for mitigating increasingly prevalent and costly security vulnerabilities. This exploration signals a potential shift in programming paradigms for large organizations concerned with software security, moving towards languages that prioritize memory safety by design.

  • Nvidia
  • Security
  • C Programming Language
  • Memory Safety
  • software vulnerabilities
  • Rust
  • C++
  • Ada
  • Programming Languages
  • Software Development
  • 2022

  Summary of Comments ( 148 )
  https://news.ycombinator.com/item?id=42998383

  Verbose tl;dr

  Hacker News commenters largely agree with the AdaCore blog post's premise that C is a major source of vulnerabilities. Many point to Rust as a viable alternative, highlighting its memory safety features and performance. Some discuss the practical challenges of transitioning away from C, citing legacy codebases, tooling, and the existing expertise surrounding C. Others explore alternative approaches like formal verification or stricter coding standards for C. A few commenters push back on the idea of abandoning C entirely, arguing that its performance benefits and low-level control are still necessary for certain applications, and that focusing on better developer training and tools might be a more effective solution. The trade-offs between safety and performance are a recurring theme.

  The Hacker News post titled "Nvidia Security Team: “What if we just stopped using C?” (2022)" has generated a lively discussion with numerous comments. Many commenters agree with the premise that C is inherently unsafe and contributes significantly to software vulnerabilities. Several suggest Rust as a strong contender for replacing C, citing its memory safety features and performance characteristics.

  A recurring theme is the inertia within organizations and the perceived cost and effort of transitioning away from C. Some commenters express skepticism about the feasibility of such a move, particularly in large, established codebases. Others counter this by arguing that the long-term benefits of improved security and reduced maintenance outweigh the initial investment.

  Several compelling comments delve deeper into specific aspects:

  • Some discuss the cultural shift required within development teams to adopt new languages and practices. They emphasize the importance of training and education in ensuring a successful transition.
  • Others point out that while Rust offers advantages, it's not a silver bullet. It has a steeper learning curve than C and may not be suitable for all use cases, especially those requiring very low-level control or interaction with legacy systems.
  • The idea of gradual migration is also discussed, where new code is written in safer languages like Rust while existing C code is maintained or incrementally rewritten. This approach is seen as more pragmatic than a complete overhaul.
  • Some comments highlight the success stories of other companies that have adopted Rust, citing improved security and developer productivity. These examples serve as evidence for the practicality of transitioning away from C.
  • A few commenters raise the issue of tooling and ecosystem maturity. While the Rust ecosystem is rapidly evolving, it's not as mature as C's, which could pose challenges for certain projects.
  • The performance comparison between C and Rust is also a point of discussion. While Rust is generally considered performant, there are specific scenarios where C might offer slight advantages, though these are becoming increasingly rare.

  The comments overall reflect a general sentiment that while moving away from C is a significant undertaking, it is a necessary step towards building more secure and reliable software. The discussion acknowledges the complexities and challenges involved but also expresses optimism about the potential benefits and the growing momentum behind safer alternatives like Rust.

• Ada crate of the year 2024 announced

  permalink

  Posted: 2025-02-09 19:37:38

  Verbose tl;dr

  AdaCore has announced the winners of its "Ada/SPARK Crate of the Year 2024" competition. The gold award went to Libadalang-TV, a library providing a tree view for Libadalang, simplifying Ada and SPARK code analysis. Silver was awarded to Ada-Scintilla, a binding for the Scintilla editing component, enhancing Ada and SPARK development environments. Finally, Florist, a tool for static analysis of formal verification results, took home the bronze. These crates demonstrate community contributions to improving the Ada and SPARK ecosystem, providing valuable tools for development, analysis, and verification.

  The AdaCore blog has formally declared the victors of the prestigious "Ada and SPARK Crate of the Year" competition for the year 2024. This annual event celebrates excellence and innovation within the Ada and SPARK programming communities, specifically focusing on high-quality, reusable software components packaged as "crates," a term borrowed from the Rust ecosystem and adapted for Ada and SPARK. The competition aims to highlight the practical utility and robustness of Ada and SPARK in diverse domains while encouraging developers to contribute valuable resources to the broader ecosystem.

  This year's competition saw a diverse array of submissions demonstrating the versatility and power of these languages. After a meticulous evaluation process undertaken by a panel of expert judges, two outstanding crates emerged victorious. The first winner, "libkeccak," developed by Fabien Chouteau, provides a highly optimized implementation of the Keccak cryptographic hash function family. This library is significant for its performance characteristics, which are crucial for security-sensitive applications, and for its adherence to rigorous software engineering principles. Its selection underscores the suitability of Ada and SPARK for developing robust and efficient cryptographic primitives.

  The second winning crate, "GtkAda_QueryBuilder," crafted by Yannick Moy, addresses the practical needs of developers working with databases within the context of the GtkAda GUI framework. This crate streamlines the process of constructing complex database queries, simplifying a task that can often be tedious and error-prone. By offering a user-friendly interface for building queries, this crate significantly enhances developer productivity and contributes to the creation of more robust and reliable database-driven applications. The judges recognized the practical value of this contribution for Ada and SPARK developers working on real-world projects.

  The announcement highlights not just the winning crates but also acknowledges the broader context of growth and development within the Ada and SPARK ecosystem. It emphasizes the increasing adoption of these languages for critical systems and the ongoing efforts to foster a thriving community of developers. The "Crate of the Year" competition serves as a testament to the ongoing vitality and innovation within the Ada and SPARK communities, showcasing their commitment to producing high-quality, reusable software components for a wide range of applications. By celebrating these achievements, AdaCore encourages further development and contributions to the ecosystem, fostering a virtuous cycle of innovation and growth within the Ada and SPARK programming world.

  • Ada
  • programming language
  • AdaCore
  • Crate of the Year
  • 2024
  • Software Development
  • static analysis
  • Formal Verification
  • Spark

  Summary of Comments ( 1 )
  https://news.ycombinator.com/item?id=42993086

  Verbose tl;dr

  Hacker News users discussed the winning Ada/SPARK crates, expressing interest in Creatif's accessibility features for blind programmers and praising its maintainers' dedication. Some questioned the term "crate" in the Ada context, suggesting "package" or "library" as more fitting. A few comments highlighted Ada's strengths in safety-critical systems, contrasting its niche status with the broader popularity of Rust, while also acknowledging Rust's growing presence in similar domains. One commenter pondered the reasons behind Ada's limited adoption despite its technical merits.

  The Hacker News post "Ada crate of the year 2024 announced" (linking to the Adacore blog post about the winners) has a modest number of comments, mostly focusing on the niche nature of Ada and Spark, and some of their perceived advantages and disadvantages.

  One commenter highlights the apparent contradiction in terms of "Ada crate," pointing out that "crate" is Rust terminology and suggesting "package" or "library" would be more appropriate in the Ada context. This spurred a short thread discussing how the term "crate" might be a deliberate attempt to make Ada/Spark seem more modern and appealing to a wider audience, acknowledging the possibility of it backfiring due to appearing forced or unfamiliar to those already within the Ada community.

  Another commenter expresses surprise at Ada still being used and wonders about its current applications. This led to a discussion about its continued prevalence in safety-critical systems, particularly in aerospace and defense, where its strong typing and formal verification capabilities (especially with Spark) are highly valued. Specific examples, like its use in the Boeing 787 and Airbus A350 flight control systems, were mentioned to illustrate this point. A related comment acknowledged the language's robustness and reliability, but also pointed out the perceived steep learning curve as a potential barrier to wider adoption.

  There's a short exchange about the challenges of recruiting Ada developers, with one commenter suggesting that the limited pool of skilled programmers might be a contributing factor to higher development costs. Another comment countered this by arguing that the initial investment in training and development can be offset by the reduced need for debugging and maintenance down the line due to the language's focus on correctness.

  Finally, there's a comment mentioning the availability of open-source Ada tools and libraries, suggesting that the ecosystem is not as limited as some might assume. This comment also links to the Alire package manager, presented as a way to simplify the process of building and managing Ada projects.

  In summary, the comments section explores themes surrounding Ada and Spark's niche status, its strengths in safety-critical systems, the challenges associated with its learning curve and developer pool, and the existence of resources for those interested in learning more. The overall tone is generally respectful and informative, with commenters offering different perspectives on the language and its ecosystem.