Security is one of the biggest problems for the IoT right now
AdaCores Jamie Ayre talks Ada development, embedded, and the perils of the Internet of Things.
Jamie Ayre of software specialists AdaCore talks ancient language
history, modularity, and all things IoT with JAX at embedded world
JAXenter: What are the origins of
was created approximately 20 years ago now. It was incorporated in
September in 1994. The company came about because of a university
project to create a toolset for the Ada 95 programming language.
The project itself was sponsored by the Department of Defense who
stipulated the toolset should be as available as freely as possible
to as many people as possible.
It didn’t stipulate open source or free
software. That’s what we came up with as a distribution license, so
that people could access the technology, download it from the web,
basically play with it and discover the technology without having
to pay a fee. From the beginning of our company we’ve always had
what we call the public version.
Alongside that we have a professional toolset,
which comes with support, a certain type
of license, and it’s tested nightly through a
test suite. It’s basically the version that our
industrial developers, the Ada programmers
And what about the origins of Ada? It’s a very
old language compared to Java, C++ and so on,
In the seventies, the Department of Defense in
the US looked at its legacy systems. It turned out it had something
like 200 programming languages or subsets of programming languages
which were being used in its systems – a nightmare from a
maintainability point of view. They decided to find a programming
language that would fulfil all the requirements they needed. They
did a straw man competition, and there were three proposals for
programming languages. The green proposal won. It was led by a
Frenchman, Jean Ichbiah, who unfortunately passed away a couple of
years ago. And it became Ada.
There wasn’t a big compiler market, so
unfortunately you had two or three companies
who pretty much milked the situation. The
Department of Defense went to see a professor at NYU. They said to
him: The compiler you will build – we want it available to as many
people as possible, because we want people to use
Ada. Hence that compiler was built.
What happened next?
Since then Ada has gone on to become an ISO-standardized
language. Roughly every five to ten years they release a new
version of the language. Ada is not an easy language to program in
because it will push problems in your program up before compile
time. But of course in serious software development, that’s when
you want to know about the issues, the bugs. If you discover them
at runtime, it’s very expensive to fix
From the beginning Ada has been a language
that’s particularly suitable for systems where
a certain level of reliability is absolutely
necessary, something in mission-critical, safety-critical and
security-critical systems. So you find a lot of Ada in planes, in
trains. It’s also very readable, so if you look
at some code that was written 15 or 20 years ago, you will
understand what the developer was trying to
How big is the Ada community?
Difficult question. AdaCore currently has over 450 active
customer accounts. To go to the other end of the spectrum, there
are nearly two thousand in the LinkedIn Ada programming group. It’s
certainly a niche language, it’s not C, it’s not Java.
How has Ada benefitted from the open source
What’s been really interesting from a free software point
of view is to see how the use of the technology has grown through
an open source software business model. By that I mean the fact
that our technology is available for download, for people to try
out, play with, to contribute to, to patch – all the usual
open-software, open-source elements.
We’ve saved millions and millions of dollars on
marketing, as you can imagine. Quite honestly, without the Open
Source nature of these toolsets, the Ada programming language
wouldn’t be as popular as it is today. We’ve been
involved a long time with the GCC community, so all the sources
that we build are forked once a year when we
release our public version. Nearly all the technology we
build is fed back into the community.
We have of course benefitted enormously from the
GCC community because there are lots of features that somebody else
has built for other language compilers that we can take and use for
Ada. So it’s a really solid kind of technology for our industrial
What about modularity? Is that provided?
Yes. And there are lots of other qualities. We
were seeing some really interesting features being introduced in
Ada 2012. Especially contract-based-programming, that’s very
How big is AdaCore today?
We’re about 80 people worldwide now, and we have
a turnover of between 15 and 20 Million Dollars. I
think we’re probably one of the oldest companies in Europe that
from the outset, 20 years ago, have had a free software business
model. And I’m not sure there are many other
companies that have that kind of pedigree.
Was that your plan when you started out, or
did it just evolve naturally?
I think we were really lucky because the
founders of the company, who are still with the company, thought
long and hard about what was the best way to make sure they
fulfilled the Department of Defence’s requirement
of making the technology as available as possible.
They also then thought long and hard about how
to make money from this. In fact it’s a
very positive for the community because what we
sell is a yearly subscription. So at any point,
any of our customers can turn around and say:
“Stop”. Our technology is a GPL-license,
there are no locks in our technology, so anybody
could say: “I’m not paying that subscription anymore
but I’m going to keep the industrial version of your technology and
not pay you one cent more”. So we must be very
innovative in how we do business.
We’ve based that on several things: Firstly,
there’s an exceptional support system. The kind of programs that
these people are building, that our customers are building, and the
kind of programs the Ada language is used in are usually quite
long-lived: military, aerospace, satellite systems, railway systems
– systems that need a certain amount of reliability but also have a
certain longevity. And what these guys see is this: By purchasing
our yearly support packages they are getting a kind of insurance.
If something goes wrong, they can turn around to
AdaCore and say “Help me!” and we will say: “Most
The other thing is that it’s forced us to be very
innovative. We can’t just sit back and say “Right, there you go.
There’s the technology, we’ll sit back now for five years and not
do a thing.” We know very well that firstly there’s no incentive
for the customer to continue subscribing to get the updates for the
technology. Secondly people can build the sources – if they so
wished – from the GCC tree and add any features that the
AdaCore-technology doesn’t have, thus making it more attractive to
customers. So what we’ve done is continue to innovate. We add huge
amounts of new features each year trying to push customers to renew
the yearly subscriptions.
Do you have any serious competitors in
I would say, one of our biggest competitors is our own
public version [laughs]. In the Ada market there are probably three
of four players that provide Ada solutions. Our biggest competitors
are other programming languages, so C, C++ and stuff like
It surprises me that I’ve never come across
Ada. Lots of talk about C, C++, Java and so on, but not about
No, especially at this conference, a lot of
people have a C or C++ solution. But what we’re starting to see,
and this is interesting for AdaCore, because obviously we do a lot
of language promotion: More and more customers are coming from
non-traditional market sectors. Software is becoming really, really
important in a lot of embedded systems.
It’s eating the world, as people say…
… and this is the Internet of Things. But not
only is it becoming more and more important: it has to work. In the
past, if your cell phone failed, you just opened it up, rubbed the
battery, put it back in and started it up again. But when a cell
phone is used to call an ambulance or to manage your bank account,
or a cell phone is used to direct somebody, the software that does
that has to work.
A couple of years ago a guy stopped by [at
embedded world]. He built systems for automated processing in a
milk plant. He told us: “If our system fails, it may be that one of
the bottles falls off the system. If that happens and milk gets
spilled, certain sections of the plant have to
get shut down for a week and get cleaned. That’s a million Euro
We’re seeing more and more business in
industrial automation. Customers coming to
us because they need that reliability. One of our
oldest customers has a massive real time
system in a trading room algorithm. Of course if
that fails, nobody dies, but they will lose
massive amounts of money.
What about Ada’s interoperability with other
We know full well that in a lot of the systems
in which Ada is used a large part of it won’t be Ada. It’s just the
critical parts of it. To give you a concrete example, when you’re
on a flight over to New York and the video screen freezes, it’s
probably because it’s built in Java!
What I’m saying is: Ada works very well in
multilingual situations. We know there are certain parts, perhaps
less critical, that don’t require the same kind of reliability that
Ada offers and can be written in other languages. We actually have
a tool where you can interface Ada and Java.
Very cool. What are the biggest challenges for
the Internet of Things right now?
think one of the biggest challenges is security. A lot of systems
that are going to be part of the Internet of Things are not up to
scratch in terms of reliability, safety and security. This is my
biggest fear. In many industries software can do incredible things.
But when you sit down and think about it, do you really want that?
And how do you prove that the software is going to do what it says
it’s going to do? For example, one of those industries is the drone
industry. We can see the benefits, and I’m not just talking about
the big military ones, but also about the Amazon ones. They can
bring a lot of good, but the problem is that these systems are
flying in public airspaces, which not only means they can fall out
of the sky and hit people, but they can also hit other things that
are flying in these public airspaces and if the software is not up
to scratch or at least of a certain quality it can get pretty
something that can be addressed by standards or certificates or do
you think every vendor has to have his own answers to
I don’t know the answer to that. What I will say is that
if you look at some of the industries where standards are required,
where certification is required, there’s some pretty safe software
there. If you look at the civil avionics industry, I still don’t
believe there has been one loss of life due to a software failure.
There have been software problems, don’t get me wrong, but there
has never been a loss of life and that’s thanks in part to the very
strict nature of the DO-178C civil avionics software
It’s no coincidence that in the rail industry there’s a
lot of formal verification. These systems have to
work, and we’ve seen the catastrophic results that can come about
because of a system failure. As we move forward, we’re going to see
more and more autonomy given to thesystem and taken
away from the individual. If you look at the automotive industry,
there’s these fantastic adverts of self-parking
cars. When I see that, I immediately think to myself: But what
happens if a young child jumps out behind them? Has this system
been tested for that? Undoubtedly, I hope so, but is there a
certification to prove that at least the software has been tested
to a certain level and will do what it is supposed to do in certain
Is the Open Source model reconcilable with those security
Obviously we’ve worked on a lot of certified
projects, and we’re seeing the evolution of the Open Source
community. As a company we believe that for certain software
developments the open source community should be very strongly
considered, if not mandated. For various reasons. We’ve been
involved with research projects with large civil avionic primes.
These guys have benefitted from the mutualisation of effort in
building certain tools. They got involved in a research project, in
a community that is interested in building open source solutions.
Of course their competitors join in, smaller companies like AdaCore
join in, but it’s the overall outcome of the community that
benefits every member of the community. You have seen what GCC has
been for a lot of companies, and I honestly believe in the future
this is going to help a lot of the guys that are building safe and
To get safety certification, you often have to
take an instance of your software and say: At this instance I can
guarantee that the software will do what it is supposed to do. I’ve
done tests to prove that this is the case. So
what happens two years down the line when you want to
change your platform, when you want to change
your processes? Are there not certain elements,
if open source, with which it’s easier to
integrate hardware and still maintain the certification
of the whole system? We believe yes. It’s what’s
called the “big freeze”.
The second issue is security. We’ve always
believed that many eyes can see more flaws. For
example, If in some systems the source code was made available,
many people could see where the potential places
of security-breach are. A great example is the
voting machine scandal in Florida. Nobody has any
idea what happened, because the software
was proprietary, so you can’t go in there and see
and say: people can breach the software here.
We’re starting to see an adoption of the
industrial customers that is economically viable
for them because it allows them to really focus
on what their core job is.