Document ISO/IEC/JTC 1/SC 22/WG 23 N0695

Draft Minutes Post-Meeting 47 Telecon
13 February 2017


Hubert Tong
Michael Wong

Meeting Location :


Meeting Times:

13 February 2017: 2100-2300 UTC



1 Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

1.3 Procedures for this Meeting

1.4 Approval of previous Minutes (for face-to-face meetings only)

1.5 Review of actions items and resolutions, Action Item and Decision Logs

1.6 Approval of Agenda [N 0680]

1.7 Future Meeting Schedule


Pre-mtg 55



TBD September 2018

CSA Toronto, Canada with SC 22



With WG 9 and Ada Europe




TBD April 2018

Czech Republic with C

Pre-mtg 52

TBD March 2018


22-23 January 2018

Phoenix, AZ




Teleconference (UTC 2000, 2 hr)



Teleconference (UTC 2000, 2 hr)


17-18 August 2017

BSI London (with SC 22 Plenary)


19-20 June 2017

Vienna, Austria with Ada Europe(2 day)



Teleconference (UTC 2000, 2 hr)


6-7 April 2017

IBM Markham, Canada (2 day)


Mar 6, 17

Teleconference (UTC 2100, 2 hr)



Teleconference (UTC 2100, 2 hr)

Dedicated topic, Templates and Generics in Part 1, capturing C++ issues.

2. Liaison Activities (not for discussion at this meeting)

2.1 SC 22

2.2 PL 22 (Open)

2.3 PL22.3/WG5 (Fortran)

2.4 WG4 (COBOL)

2.5 WG9 (Ada)

2.6 PL22.11/WG14 (C)

2.7 PL22.16/WG21 (C++)

2.8 Ecma International, TC49/TG2 (C#)

2.9 Ecma International, TC39 (ECMAScript)

2.10 MISRA (C)

2.11 MISRA (C++)

2.12 SPARK

2.13 SC7/WG19 (UML)

2.14 SC27/WG3, WG4 Security

2.15 Other Liaison Activities or National body reports

3. Document Review

3.1 TR 24772-1 Vulnerabilities, language independent

Document N0689, clause 40 Templates and Generics.

At the present time, clause 40 reflects the view of templates and generics from a perspective similar to Ada. C++ has a different model of generics. This meeting is to discuss the different models of templates and generics, and determine how to update 6.40 to reflect a broader view and to capture what vulnerabilities exist from the C++ model.

Since attendees from a WG 21 background are not familiar with the document, our style of writing and constructing vulnerability descriptions, nor the model presented in clause 6.40, we defer discussion until the next WebEx session or meeting 48.

3.2 TR 24772-2 Ada language specific part

3.3 TR 24772-3 C language specific part

3.4 TR 24772-4 Python language specific part

3.5 TR 24772-8 Fortran

3.6 TR 24772-9 C++

Document N0691 is the first draft of a potential C++ Part. It is largely a remapping of Part 3 C. C++ participants are requested to review the document and suggest ways to sharpen the C-specific discussions, to capture ways that C++ features can mitigate vulnerabilities, and to help capture C++ vulnerabilities that do not exist in C.

Section 3 Terms and definitions – We agree to leave the definitions in place and review them later once significant portions of the vulnerabilities have been worked on.

AI 47-12 – Clive – check that updates made to Part 1 6.4 floating point to see if captured in Part 3.

We discuss N0691 and begin to make some changes, but terminate that effort when some of the participants state that they do not think that the larger C++ standardization committee will accept the approach taken.

Suggestion – create a C++ annex that reflects the vulnerabilities in C++ without restating all of the vulnerabilities in the C subset. At the same time this annex needs to acknowledge that the vulnerabilities exist, and recommend ways to ensure that developers are not inadvertently hitting those vulnerabilities.

Team of Paul, Michael and Hubert to try a tack of pushing the C-specific guidelines to Part 3 or Part 1 and running the approach through the WG 21 leadership. Clive to continue working through the document to capture the differences between C and C++ w.r.t vulnerabilities.

3.7 Bibliography for each TR24772 Part

3.8 Dirty Dozen Rules for C, generic, and other languages

4 Strategy (Face to face meetings only)

5 Publicity (Face to face meetings only)

6 Other Business

6.1 Review of Assignment of responsibilities

7. Resolutions and Action Items

8. Adjournment