From owner-sc22wg5+sc22wg5-dom8=www.open-std.org@open-std.org Sat Aug 18 03:31:28 2012 Return-Path: X-Original-To: sc22wg5-dom8 Delivered-To: sc22wg5-dom8@www.open-std.org Received: by www.open-std.org (Postfix, from userid 521) id B4C5035691B; Sat, 18 Aug 2012 03:31:28 +0200 (CEST) Delivered-To: sc22wg5@open-std.org Received: from mail.jpl.nasa.gov (sentrion1.jpl.nasa.gov [128.149.139.105]) by www.open-std.org (Postfix) with ESMTP id 5E40F3568AE for ; Sat, 18 Aug 2012 03:31:23 +0200 (CEST) Received: from [137.79.7.57] (math.jpl.nasa.gov [137.79.7.57]) by smtp.jpl.nasa.gov (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q7I1VK44006615 (using TLSv1/SSLv3 with cipher DHE-RSA-AES256-SHA (256 bits) verified NO) for ; Fri, 17 Aug 2012 18:31:21 -0700 Subject: Ballot on N1929 From: Van Snyder Reply-To: Van.Snyder@jpl.nasa.gov To: sc22wg5@open-std.org Content-Type: text/plain; charset="ISO-8859-1" Organization: Yes Date: Fri, 17 Aug 2012 18:31:20 -0700 Message-ID: <1345253480.17182.4463.camel@math.jpl.nasa.gov> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 (2.28.3-24.el6) Content-Transfer-Encoding: 7bit X-Source-Sender: Van.Snyder@jpl.nasa.gov X-AUTH: Authorized Sender: owner-sc22wg5@open-std.org Precedence: bulk ISO/IEC JTC1/SC22/WG5 N1935 WG5 letter ballot on N1929 John Reid, 17 August 2012 This is a WG5 letter ballot on N1929, draft Fortran Annex to TR 24772, Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Please answer the following question "Is N1929 ready for forwarding to WG23 as the Fortran Annex to TR 24772?" in one of these ways. 2) Yes, but I recommend the following changes. Replace "must" by "shall" throughout. Check throughout whether "may" ought to be "might" (almost always). Check throughout whether "when" should be "where" or "if" (almost always). Page 2, paragraph beginning "A program conforms": delete the second sentence ("Where the standard fails...") because it is redundant to the first paragraph on page 3 (or delete the first paragraph on page 3). Page 2, paragraph beginning "Annex B.1": replace "compilers" by "processors". Page 2, paragraph beginning "The Fortran standard defines a set of intrinsic procedures": replace "intrinsics" by "intrinsic procedures". Page 3, paragraph beginning "The values of data objects": Delete "that are guaranteed to be represented correctly" because it might leave the empty set. Page 4, first paragraph, replace "compilers" by "processors" four times. Delete "this" from "change this existing software". Page 5, first paragraph of Fortran.3.1, insert a penultimate sentence "Double precision real shall provide more digits of decimal precision than default real." Page 6, line 2, replace "range do not" by "range does not". Page 6, paragraph beginning "Derived types", insert "For derived type objects," before "Type changing assignments". Delete final sentence. Page 6, paragraph beginning "In addition to", specify what is Clause 6. Is it the clause in the Fortran standard, or a clause of the main body of 24772? Page 7, third paragraph of Fortran.4.1, replace "manipulating" by "manipulation". Page 9, second bullet in Fortran.5.2, replace "Do not create" by "Avoid creating". There are circumstances where equality (or inequality) is required, such as testing for zero. Page 9, third bullet in Fortran.5.2, either delete this item, or remark that it relies on a deleted feature. Page 9, fifth bullet in Fortran.5.2, replace "Avoid getting or setting" by "Avoid the use of bit operations to get or set", or "Do not use bit operations to get or set". Page 9, sixth and seventh bullets in Fortran.5.2, replace "when" by "where". Page 12, paragraph beginning "The Fortran standard requires": replace "with" by "during". Page 12, paragraph beginning "When a whole-array": delete second sentence as it is redundant with the next paragraph. Page 12, paragraph beginning "When a character assignment": replace "size" by "length". Page 13, first bullet on that page, replace "whenever" by "wherever". Page 13, second bullet on that page, replace "when arrays" by "when array". Page 13, third bullet on that page, replace "when" by "where". Page 13, second paragraph of Fortran.10.1, replace "with" by "during". Page 14, fourth bullet of Fortran.10.2, replace "whenever" by "wherever". Page 14, fifth bullet of Fortran.10.2, replace "when" by "where". Page 15, fourth bullet of Fortran.11.2, replace "whenever" by "wherever". Page 15, fifth bullet of Fortran.11.2, replace "when" by "where". Page 16, second paragraph of Fortran.12.1, replace "may" by "might". Page 17, subclause Fortran.14.1, add a paragraph after the first one "Fortran pointers by default are initially undefined, not nullified". Page 17, subclause Fortran.14.2, add bullets "o Explicitly nullify pointers if there is a possibility their association status might be inquired before they are associated. o Use default initialization in the declarations of pointer components. o Use initialization in the declarations of all pointers that have the SAVE attribute." Page 18, first bullet, replace "whenever the pointer has" by "if the pointer might have". Page 18, add a second bullet, "Do not pointer-assign a pointer to a target if the pointer might have a longer lifetime than the TARGET attribute of the target." Page 18, first bullet of Fortran.16.1, insert "procedure" after "intrinsic". Page 20, subclause Fortran.21.2, add a bullet "Use compiler options where available, or a static analysis tool, to detect variables to which a valis is assigned but that are not referenced." Page 21, second bullet of Fortran.22.2, replace "whenever" by "wherever". Page 21, first bullet of Fortran.23.2, add "Use implicit none to enforce this." Page 22, first paragraph of Fortran.25.1, delete sentence "These operators have the same precedence order for defined operations" because it is false. Page 25, second bullet in Fortran.28.2, replace "every statement is executed" by "the test suite causes every statement to be executed". Page 25, fourth bullet in Fortran.28.2, delete "of a computational algorithm". Page 27, second bullet of Fortran.32.2, replace "when" by "wher". Page 28, third paragraph of Fortran.34.1, replace "may have" by "has"; replace "when" by "if" or "where"; replace "interface block" by "interface body" twice. Replace "return values" by "result variables". Page 29, first bullet of Fortran.35.2, replece "whenever the pointer has" by "if the pointer might have". Page 29, subclause Fortran.35.2, add a second bullet "Do not pointer-assign to a target if the pointer might have a longer lifetime than the TARGET attribute of the target. Page 29, second bullet of Fortran.35.2, replece "whenever" by "wherever". Page 30, second bullet of Fortran.36.2, replace "interface blocks" by "interfaces" or "interface bodies". Page 30, first bullet of Fortran.37.2, delete "when evaluating mathematical quantities". Page 31, second bullet of Fortran.38.2, insert "intrinsic or" before "library". Page 32, subclause Fortran.41.2, add a bullet "Use a tool during testing to detect memory leaks." Page 33, second bullet of Fortran.43.2, add a sentence "Give the component the PRIVATE attribute." Page 33, subclause Fortran.44.1, replace "intrinsics" by "intrinsic procedures" twice. Page 34, subclause 45.2, add a bullet "Provide explicit interfaces using interface bodies for library procedures that are not module procedures." Page 34, first sentence of Fortran.46.1, replace "may" by "can". Page 35, subclause Fortran.48.2, replace "interface blocks" by "interface bodies". Add a bullet "Prefer libraries that provide procedures as module procedures rather than external procedures." Page 36, second and third paragraphs of Fortran.50.1, replace "may" by "might" thrice. Page 36, third bullet of Fortran.50.2, replace "whenever" by "wherever". Page 37, first paragraph of Fortran.51.1, replace "compilers" by "processors". Page 37, third bullet of Fortran.51.2 replace "compilers" by "processors". Page 38, first bullet of Fortran.52.2, replace "interface block" by "interface body". Page 38, second paragraph of Fortran 53.1, replace "may" by "might". Page 39, subclause Fortran.55.2, add bullets "o Avoid use of nonstandard intrinsic procedures. o Specify the INTRINSIC attribute for all nonstandard intrinsic procedures." Page 40, first paragraph of Fortran.57.1, replace "compilers" by "processors". Replace "may" by "might". Page 41, after sixth bullet of Fortran.58.1, add a bullet "Requiring that processors have the ability to detect and report the occurrence within a submitted program unit of pointer assignment of a pointer whose lifetime is known to be longer than the lifetime of the TARGET attribute of the target." Page 42, add a bullet "Providing a method to specify units of measure for numeric variables, rules for combining variables for which units of measure are specified, facilities for checking and converting units of measure during formatted input, and facilities for displaying units of measure in formatted output."