Document ISO/IEC/JTC 1/SC 22/WG 23 N0695

Draft Minutes Post-Meeting 47 Telecon
ISO/IEC JTC 1/SC 22/WG23
13 February 2017

Attendees

Stephen
Clive
Tullio
Larry
Hubert Tong
Michael Wong


Meeting Location :

Teleconference/Webex


Meeting Times:

13 February 2017: 2100-2300 UTC

IMPORTANT:

Agenda

1 Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

1.3 Procedures for this Meeting

1.4 Approval of previous Minutes (for face-to-face meetings only)

1.5 Review of actions items and resolutions, Action Item and Decision Logs

1.6 Approval of Agenda [N 0680]

1.7 Future Meeting Schedule


2018





Pre-mtg 55

01/11/18



#54

TBD September 2018

CSA Toronto, Canada with SC 22


#53

15-16/06/18

With WG 9 and Ada Europe


Pre-mtg-53

Teleconference



#52

TBD April 2018

Czech Republic with C


Pre-mtg 52

TBD March 2018


#51

22-23 January 2018

Phoenix, AZ


2017

pre-mtg-51

20/11/17

Teleconference (UTC 2000, 2 hr)


post-mtg-50

16/10/17

Teleconference (UTC 2000, 2 hr)


#50

17-18 August 2017

BSI London (with SC 22 Plenary)


#49

19-20 June 2017

Vienna, Austria with Ada Europe(2 day)


post-mtg-48

15/05/17

Teleconference (UTC 2000, 2 hr)


#48

6-7 April 2017

IBM Markham, Canada (2 day)


pre-mtg-48

Mar 6, 17

Teleconference (UTC 2100, 2 hr)

Post-mtg-47

13/02/17

Teleconference (UTC 2100, 2 hr)

Dedicated topic, Templates and Generics in Part 1, capturing C++ issues.



2. Liaison Activities (not for discussion at this meeting)

2.1 SC 22

2.2 PL 22 (Open)

2.3 PL22.3/WG5 (Fortran)

2.4 WG4 (COBOL)

2.5 WG9 (Ada)

2.6 PL22.11/WG14 (C)

2.7 PL22.16/WG21 (C++)

2.8 Ecma International, TC49/TG2 (C#)

2.9 Ecma International, TC39 (ECMAScript)

2.10 MISRA (C)

2.11 MISRA (C++)

2.12 SPARK

2.13 SC7/WG19 (UML)

2.14 SC27/WG3, WG4 Security

2.15 Other Liaison Activities or National body reports

3. Document Review

3.1 TR 24772-1 Vulnerabilities, language independent

Document N0689, clause 40 Templates and Generics.

At the present time, clause 40 reflects the view of templates and generics from a perspective similar to Ada. C++ has a different model of generics. This meeting is to discuss the different models of templates and generics, and determine how to update 6.40 to reflect a broader view and to capture what vulnerabilities exist from the C++ model.

3.2 TR 24772-2 Ada language specific part



3.3 TR 24772-3 C language specific part

3.4 TR 24772-4 Python language specific part

3.5 TR 24772-8 Fortran

3.6 TR 24772-9 C++

Document N0691 is the first draft of a potential C++ Part. It is largely a remapping of Part 3 C. C++ participants are requested to review the document and suggest ways to sharpen the C-specific discussions, to capture ways that C++ features can mitigate vulnerabilities, and to help capture C++ vulnerabilities that do not exist in C.

We discuss N0

Section 3 Terms and definitions – We agree to leave the definitions in place and review them later once significant portions of the vulnerabilities have been worked on.



AI – Clive – check that updates made to Part 1 6.4 floating point to see if captured in Part 3.

Suggestion – create a C++ annex that re

Team of Paul, Michael and Hubert to try a tack of pushing the C-specific guidelines to Part 3 or Part 1 and running the approach through the WG 21 leadership. Clive to continue working through the document to capture the differences between C and C++ w.r.t vulnerabilities.

3.7 Bibliography for each TR24772 Part

3.8 Dirty Dozen Rules for C, generic, and other languages

4 Strategy (Face to face meetings only)

5 Publicity (Face to face meetings only)

6 Other Business

6.1 Review of Assignment of responsibilities


7. Resolutions and Action Items

8. Adjournment