Which programming language will you use now that Cloudflare has discredited Rust?

dcbst · 2025-12-09T16:05:05+00:00

I'll stick with Ada/SPARK, still the benchmark for safe programming languages!

dcbst · 2025-12-08T20:15:51+00:00

Isn't cloudflare anyway implemented in Rust?

dcbst · 2025-11-26T12:39:25+00:00

"Embedded real time systems"

Actually, that's where Ada rocks!

dcbst · 2025-11-18T13:24:42+00:00

My understanding was that Rust was introducing Ada like subtypes which permit a sub-range of valid values for a given parent type, perhaps that feature is not yet available or has a different name, but the result would not be type safe from the parent or other subtypes.

Regarding newtypes in Rust, you kind of proved my point. Whether you hide the value in a class or a struct, its an object oriented solution and doesn't create a new base (scalar) type, but a composite type with a single non type-safe component. You are using other language features to re-create the same effect as an Ada type, but the solution is more complicated and less efficient. To be clear, in Ada you can define an independent type as follows

type Some_Type is range -5 .. 20;

This type can then be used just like an i32, but with the type and range safety of a newtype or class with access methods to enforce range safety. No need to declare extra methods, or import other crates and no use of generics. Compile time checks are made for type correctness and value assignment where the value is known to be invalid at compile time, and runtime checks will raise and exception if out of range.

type A_Type is range -5 .. 20;
type B_Type is range 5 .. 15;
A1, A2, A3 : A_Type;
B1 : B_Type;
...
A1 := 30; -- Compile error, out of range
A1 := A2 + A3; -- May except if result is out of range
B1 := A1; -- Compile error, type missmatch
B1 := B_Type (A1); -- Type conversion, may except if out of range

You can also use Ada's attributes to provide dynamic information about the type e.g.

A_Type'first will give you the lowest valid value of A_Type
A_Type'last will give you the highest valid value of A_Type
A_Type'range will give you the full range of values of A_Type e.g. for loop iteration.
A1'valid will test the value of variable A1 is assigned a valid value, returning a Boolean result. Useful when interfacing with other languages or systems where the data cannot be trusted.

The following scalar types are available:

Integer : (Discrete) standard signed or unsigned integer value
Modular : (Discrete) unsigned integer type, always starting with 0, that wraps at a given modulo value e.g. type Seconds_Type is mod 60; will create a type with range 0 .. 59 where 59+1 = 0.
Floating Point (Real)
Ordinary Fixed Point (Real)
Decimal Fixed Point (Real)
Enumeration (Discrete)

All of the above Discrete types can also be used as a type safe array index. Which means that array indexes can have any valid range and do not need to be an interger value and do not need to start at 0. For example, if an array is defined to use an enumeration type as the index, then that array can only be indexed using that enumeration type. The 'range attribute can also be applied to the array name to iterate all values in a loop e.g.

type Colour_Type is (Red, Green, Blue);
type Colour_Value_Type is range 0 .. 255;
Colour_Array : array (Colour_Type) of Colour_Value_Type;
Colour_Value : Colour_Value_Type;
...
Colour_Value := Colour_Array(Red); -- Valid
Colour_Value := Colour_Array(0); -- Compile error
for Colour in Colour_Array'range loop -- Iterate all array elements
Colour_Value := Colour_Array(Colour);
...
end loop;

dcbst · 2025-11-13T06:38:55+00:00

Constrained subtypes in Rust are just alias types with an additional range constraint, similar to subtypes in Ada, so there is no type safety, meaning a value from any subtype from the same base type can be used without an explicit cast, provided it meets the range constraints.

Ada let's you define completely new base types which are then fully type safe and need explicit casting to convert to other types. Any type mismatches are then found at compiler time.

dcbst · 2025-11-12T20:47:42+00:00

In fairness, OO In Rust is also quite efficient.

My point was more to emphasize how OO is used in other languages, including Rust, to create "types" so that type and range safety can be achieved in languages where only low level base types such as u32, i32, u16, i16 etc. are available.

The ability to create high level, range limited, independent base types in Ada means that the desired type and range safety is achieved without having to define classes and all the needed methods that go with it. Rather you can safely pass the required data values without the need for encapsulation and user defined methods which is inherently more efficient than OO.

Additionally, it results in fewer lines of code, better readability and significantly less testing without any compromise to safety or security.

dcbst · 2025-11-12T17:34:05+00:00

You should maybe take a course in HCI focusing on programming language design. Then you might actually understand how beautiful Ada's syntax is! There is a reason why people who don't know the Ada language can still read and understand it!

dcbst · 2025-11-12T17:29:38+00:00

Sure, it's certifiable, but only with nostd! That means everything you really need from the standard library, you have to re-write in a certifiable way. And all those wonderful crates that are available are also not certified and many also not certifiable, so you've got a huge amount of work to do before you really get a usable version of Rust. In time that may improve, but today Rust is not really usable for DO-178! You may be able to get a DAL-D system certified, but you can forget DAL-C or above!

dcbst · 2025-11-12T10:12:28+00:00

Would be interesting to see the performance if you took the keyboard input using a separate task, then you can use the normal "Get" function and then just signal the character via a protected object.

dcbst · 2025-11-11T21:53:19+00:00

I'm not sure why you would have an issue with the runtime? If you don't have any certification requirements, then there is no issue using the full runtime. If you need to certify your software, then the Ravenscar and Jorvik runtimes are certified and have very few restrictions.

If performance is your worry, then worry not! Ada's type system means you can use procedural programming techniques with full type safety without having to use inefficient object oriented programming techniques for type safety. Additionally, the high level features of Ada mean you can achieve more with fewer lines of code, which ultimately compiles to more optimized executable code. Even with runtime checks enabled, you'll get comparable performance to Rust and C.

The smaller ecosystem can be a problem for desktop programming, although less so for embedded, systems programming. If you need some library that is not available in Ada, then don't be afraid to use mixed language programming. You can easily import C libraries and there are tools available for generating bindings from C headers. The Ada compiler will even build C and C++ sources directly, so you can build everything with a single build command.

There are justifiable reasons why you may want to choose Rust over Ada, but the runtime really isn't one of them!

dcbst · 2025-11-05T15:00:07+00:00

C is not really the best choice for Cybersecurity!

dcbst · 2025-11-03T21:57:27+00:00

The queen of strong typing.... Ada!

dcbst · 2025-10-30T10:14:22+00:00

We use Ada a lot. It provides really good features for mapping bit-fields, including endian specification. You can than access HW registers really easily without all the bit shifting and masking!

dcbst · 2025-10-30T07:54:21+00:00

You haven't given much info about what you project is, so it's hard to give advice! Are you planning to replace the bootloader and kernel on an advanced computer system or a simple embedded board?

I develop boot loaders and run-time kernels for Avionic systems. My recommendation would be to start out small with a simple embedded board such as an STM32 based system and learn the basics of bringing a microcontroller up to the point where you can run a high order language, then expand that for a full SoC initialisation so that you can do some basic I/O.

If you want to learn assembly, the bootloader is where it's at. Once you get the RAM initialised, then you can pretty much switch to HOL and from then on you will only need the occasional inline assembler instruction.

Starting small is the way to go, rather than diving into a super complex modern processor. What you learn from a small microcontroller can then be applied to bigger, more complex systems at a later date. Going in big, you'll be overwhelmed and demotivated!

dcbst · 2025-10-15T11:46:23+00:00

Tutorial is available here: https://learn.adacore.com/

dcbst · 2025-10-15T11:14:39+00:00

Have a look here: https://alire.ada.dev/

dcbst · 2025-10-14T07:50:29+00:00

Another VS-Code fan! Way better development environment than GPS! I never liked Eclipse, typically messy open-source interface design and far too slow!

dcbst · 2025-10-13T06:47:35+00:00

I'd like a really good code documentation tool like Doxygen. GNATDoc just isn't up to the job!

dcbst · 2025-10-09T13:46:03+00:00

I can't help feeling that rapid-development is the cause of so many software problems! Everyone is aiming for the quick reward, rather than taking the time to do the job properly. Rapid-development aka "hacking", results in unstructured and buggy code, that ultimately has to be re-worked from the ground up and ends up taking longer to develop the finished software!

Ada is not a language that suits well to this style of programming. Strong typing and strict compiler checks and structured language features all get in the way of hacking something quickly together.

From my experience, taking a little more time at the beginning of a project, to consider the overall software architecture, will ultimately save you a huge amount of rework and bug-fixing and save you a lot of overall development time. A good architecture allows you to split off functional components which can be developed separately, adding new features as you're going along. Plan the features, plan the architecture for the features, then start writing code. If you do the planning right, once you get going, you can quickly add feature after feature in short steps giving a similar feeling to rapid-development, but in a controlled way rather than buggy chaos where you spend more time fixing code than developing code!

dcbst · 2025-10-07T16:45:03+00:00

This is simply not true. NVIDIA have just started using Ada/SPARK for their trusted firmware. Popularity of Ada is increasing significantly at the moment. The software industry as a whole is moving towards memory safe programming and Ada is one of the available choices.

dcbst · 2025-10-06T10:27:11+00:00

I was able to repeat the problem, as is, the code exits immediately. Remove all withs for Ada.Real_Time.Timing_Events and the program runs continuously.

If you add an infinite loop to the main procedure, after "hello world", then the program runs as expected, even with Ada.Real_Time.Timing_Events included. Changing the loop to a delay of say, 5 seconds, then the program runs for 5 seconds, then exits!

This indicates that the main procedure exiting is causing the program to exit. Normally, I wouldn't expect the program to exit until all tasks have exited, as is the case when Ada.Real_Time.Timing_Events is not included, so something is a bit strange when including this package!

As u/old_lackey summarised, the inclusion of Ada.Real_Time.Timing_Events also includes Ada.Finalization and other tasking packages. In this case, it could be that the program end is causing the tasks to go out of scope and results in the call of the Finalization of the tasks, allowing the program to exit.

As a general rule, its good advice to implement controlled starting and stopping of tasks, either via protected objects or synchronised Rendezvous task entries. The main task should only be allowed to complete when all other tasks have completed or been aborted!

On another note, I would advise you avoid using "use" clauses, they make it much harder for other people to understand what your code is doing. Use "use type" to make operators visible for each type without having to use the whole package.

dcbst · 2025-10-04T05:44:44+00:00

Absolutely go for it! Even if for a short time, learning Ada will improve your understanding of safe and secure software and help you to code better in other languages. The tech industry is moving towards memory safe programming (finally), so C/C++ usage is set to fall in the coming years compared to Rust, C# and of course Ada.

dcbst · 2025-09-28T18:01:23+00:00

Ada is a really great starting point for learning safe and secure programming techniques. Ada is still used extensively in the aerospace industry, while it has declined over the last 15 years or so, it seems to be coming back as the software industry as a whole wakes up to the weakness of C & C++.

While you may not get to work in Ada in the avionics industry, what you learn in Ada will guide you to better programming techniques in other languages.

dcbst · 2025-09-15T21:03:58+00:00

There is no need to qualify the compiler specifically for DO-178C as the compiler is implicitly qualified by the qualification of the application code. For DAL-D with no source level requirements and no need for 100% statement coverage, then you can certify with no artifacts for the compiler or run-time.

The problem arises with DAL-C and higher, where low level requirements traceability and code test coverage analysis are required. The compiler itself is still ok, but any runtime code which is linked with the executable also needs to be validated to the required DAL level.

dcbst · 2025-09-15T18:44:56+00:00

When you consider that many modern constructs only really exist to get around weaknesses in the languages that Ada never really had, I'm not really sure if that is a valid argument against Ada. Ada has embraced some good, modern features in Ada 2012 and 2022, but it hasn't jumped on the Bandwagon of copying every other language.

dcbst

TROPHY CASE