Nvidia Partners with AdaCore to Secure Self-Driving Firmware

AdaCore’s open source Ada and SPARK software will enhance the security of Nvidia’s self-driving solutions.

(Image courtesy: Nvidia Corporation)

As mobility software becomes increasingly complex and connected, so does the risk of human error and system safety. To combat this, New York-based software company AdaCore  will work with Nvidia Corporation  of Santa Clara, California to apply open-source Ada  and SPARK  programming languages for select software security firmware elements in highly-complex, safety-critical systems like Nvidia’s DRIVE AGX automated and autonomous vehicle solutions.

Both Ada and SPARK are designed to help meet the most stringent software requirements for safety and security. The Ada programming language has numerous built-in features that detect code defects early in the software life cycle. According to Shri Sundaram , who leads product management for the Nvidia DRIVE PX AI car computer for autonomous driving, these Ada features reduce the potential for human error and the need for extra cycles of testing and peer review after development.

The SPARK language – a restricted subset of Ada features designed to perform a formal mathematical proof – increases the certainty of catching defects early that might not have been detected otherwise. SPARK facilitates static analysis that can formally demonstrate certain properties of the code, ranging from correct data flows and absence of run-time errors such as overflow, to more advanced assertions and satisfaction of functional requirements.

Nvidia’s DRIVE AGX self-driving solutions are built on Nvidia’s Xavier autonomous driving processor. Xavier, an auto-grade, system-on-a-chip (SoC) is currently in production. It incorporates six different types of processors to run redundant and diverse algorithms for artificial intelligence (AI), sensor processing (camera, lidar, radar, and ultrasonic), mapping, and driving.

Read more: Nvidia’s newest AV processor: 30 trillion operations per second on 30 watts

“By integrating these languages into Nvidia hardware, the potential for the software to malfunction or be exploited is minimized. This verification process can happen faster and sooner in the development cycle, reducing waste,” writes Sundaram in his recent blog post, "Maximum Security Vision: Securing the Future of Safe Autonomous Driving ."

For industries that have strong safety, reliability, and security standards, like aerospace and automotive, languages that perform verifications can translate to nearly 40 percent cost and time savings from enhanced software verification, according to a study by consultancy VDC Research .

Read more: Nvidia’s new Level 2+ autonomy platform is making cars safer today

“Nvidia’s selection of Ada and SPARK ushers in a new era in the history of safety- and security-critical software development,” said Quentin Ochem, lead of Business Development at AdaCore. “We are proud to be contributing to the industrial standards set by such a market leader.” According to AdaCore, some Nvidia SOC product lines will migrate to a new architecture using the RISC-V Instruction Set Architecture (ISA) to facilitate this change. Also, Nvidia plans to upgrade select security-critical firmware software, rewriting it from C to Ada and SPARK. Both moves are intended to increase verification efficiencies to achieve compliance with the functional safety standard ISO-26262.

Read more: SAE International Cybersecurity Guidebook for Cyber-Physical Vehicle Systems

“Self-driving cars are extremely complex and require sophisticated software that needs the most rigorous standards out there,” said Daniel Rohrer, vice president of Software Security at Nvidia. “Taking measures like incorporating Ada and SPARK languages into Nvidia platforms can improve the robustness and assurances of our automotive security.”

AdaCore solutions have been fielded globally over the years to maintain a wide range of critical applications in domains such as commercial and military avionics, automotive, railway, space, defense systems, air traffic management/control, medical devices, and financial services.<>/p

William Kucinski  is content editor at SAE International in Warrendale, Pa. Previously, he worked as a writer at the NASA Safety Center in Cleveland, Ohio and was responsible for writing the agency’s System Failure Case Studies. His interests include literally anything that has to do with space, past and present military aircraft, and propulsion technology.

Contact him regarding any article or collaboration ideas by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it..