ISO/IEC JTC 1/SC 22/WG 23/N 0377
Minutes: Meeting #20
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
14-16 December 2011

These minutes are DRAFT until approved by WG 23 at a subsequent meeting.

1. Opening activities

1.1 Opening Comments (Benito)

Moore is the meeting host, but that's just a technicality because the meeting is at INCITS. Also, INCITS contributed food for the meeting.

1.2 Introduction of Participants/Roll Call

 Attending in person  Attending via telecon
 John Benito (convener)  David Keaton (US)
 Steve Michell (Canada  Erhard Ploedereder (WG9)
 Jim Moore (secretariat, US)  Tom Plum (US)
 Larry Wagoner (US)  Clive Pygott (UK)

1.3 Procedures for this Meeting (Benito)

The convener announces the usual procedures:

1.4 Approval of previous Minutes (Moore)

The minutes of Meeting #19 [N0363] are approved.

1.5 Review of previous actions items and resolutions, Action Item and Decision Logs

The secretary updated the Action Item list just prior to the meeting. The meeting reviews the status; a few are updated.

The convener has an idea of someone who might be willing to draft a C++ annex. He will try to obtain his assistance. Also, Michell has some ideas of persons who might be recruited. [Action Items #20-1 and #20-2]

1.6 Approval of Agenda

The agenda [N0371] was approved with changes by the Secretary to:

The convener says that the focus of the meeting is to talk about the current draft so that we can revise it as necessary and begin balloting.

1.7 Information on Future Meetings

1.7.1 Future Meeting Schedule

The previously planned schedule is:

WG23 #21 2012-03-28/30 Ottawa, Canada WG23 Meeting #21 Logistics [N0370]. Preliminary agenda [N0373].
WG23 #22 2012-06-20/22 Stuttgart, Germany WG23 Meeting #22 Logistics [N0374]. Preliminary agenda [N0375].
SC22 2012-09-10/11 Geneva, Switzerland SC 22 plenary meeting  
WG23 #23 2012-09-12/14 Geneva, Switzerland Colocated with SC 22 plenary meeting Preliminary agenda [N0354].
WG23 #24 2012-12 TBD Kona, Hawaii, USA    

We give the convener an action item to prepare a logistics document for the Geneva meeting. [Action Item #20-3]

We decide that Meeting #24 should be an electronic meeting instead of a physical meeting. The meeting will occupy three hours per day for three days with homework assignments. It is scheduled for 12-14 December 2012. The selected starting time is:

1.7.2 Future Agenda Items

We decide to add an agenda item to Meeting #21 to discuss promotion of the Technical Report. (After the meeting, the secretary added the item to [N0373], creating [N0380].)

1.7.3 [Added to agenda by Secretary] Review of Document Schedule

We review the current schedule [S0002] for producing the second edition of TR 24772.

According to the ISO/IEC Directives, JA.5.2, DTR ballot may be as short as 3 months. That is what we have already shown in the schedule. We decide that the current schedule remains appropriate.

Ada Europe is in Berlin during the week of 10 June 2013. We will also investigate colocating the meeting with WG9 at the conference. If we want to do this, Ploedereder needs to know quickly because hotel contracts willl be signed early in 2012. The convener is asked to consider such a meeting and commit if appropriate. [Action Item #20-4].

At this time, we will not schedule a meeting for 1Q2013. If there is work to do, we can schedule a telecon, or, if necessary, a physical meeting.

2. Reports on Liaison Activities

2.1 SC 22

Jim Moore reports that he recapped the history of the code-signing proposal at the plenary meeting of SC22. It was the consensus of the meeting that WG23 had taken appropriate steps to deal with the balloting results. WG23 was invited to resubmit a revised New Work Item Proposal accompanied by a preliminary working draft. That was done during November 2011. The submitted document, now under ballot by SC22, is [N0379].

2.2 PL22.3/WG5 (Fortran)

The convener reports that Nagle has a draft of a complete Fortran annex that is current with respect to [N0376]. The drafting group is about to submit the annex to the working group for comment.

2.3 PL22.4/WG4 (COBOL)

No report.

2.4 WG9 (Ada)

WG9 is working on a revision of the Ada language that is scheduled for balloting in 2012.

WG9 provided an annex that is now in [N0376]. Although some new sections were added, there wasn't much change in the existing text. WG9's review was thorough.

2.5 PL22.11/WG14 (C)

WG14 has submitted their revision of the C standard for publication in 2011. It supports threads and concurrency.

They also reviewed WG23's C-language annex favorably.

2.6 PL22.16/WG21 (C++)

The convener reports that their standard has been published but that they are receiving a lot of defect reports. It seems unlikely that they will be able to devote energy to an annex any time soon.

2.7 Ecma International, TC49/TG2 (C#)

No report.

2.8 Ecma International, TC39 (ECMAScript)

No report.

2.9 MISRA (C)

Pygott reports that MISRA C is planning to publish Issue 3 of its standard in spring of 2012.

2.10 MISRA (C++)

No activity.


No activity.

2.12 SPARK

The Convener has corresponded with Rod Chapman but has not yet reached an agreement to get a revised draft of an annex. We hope to receive a draft annex prior to going to PDTR ballot, i.e. during January 2012.

2.13 MDC (MUMPS)

No report.

2.14 SC7/WG19 (UML)

No report.

2.15 Other Liaison Activities or National body reports

3. Document Review

N0372 2012-11-01 Replaces [N0362] Proposed Python annex, contributed by Kevin Coyne [pdf]
N0376 2012-12-02 Replaces [N0352] Revised Baseline draft of 24772, Ed 2, contributed by editor [pdf]
N0379 2012-12-12   Submitted New Work Item Proposal and Preliminary Working Draft for Code Signing, contributed by SC22 Secretariat [pdf]

[N0379] is under ballot by SC 22. No discussion is appropriate while the ballet is underway.

[N0372] was contributed and superseded by its incorporation into [N0376], so any discussion should be directed at the latter document.

[N0376] is reviewed by the meeting. (The editor maintains a change history in [S0003].) The meeting's markup to the document is saved as [N0378].

We discuss whether the order in which the Clause 3 definitions should appear. We decide that they should be grouped by concept. Overnight, Clive prepares a proposal for the clusters [N0381]. We decide to use a hierarchy that is one level deep and use the clusters that Clive proposed as the labels of the sub-sections, except that we change "execution model" to "concurrency" and "properties" to "general".

Several individuals offered comments on [N0376] that were prepared before or doing the meeting. The accepted changes are indicated by "sticky notes" in [N0378].

Michell takes [Action Item #20-5] to rewrite 6.39 in terms of threads rather than tasks as well as propose any collateral changes. This could be submitted as part of Canada's comments. (It would be OK to circulate it informally before or during the ballot.)

The meeting decides to send marked up Python annex to Kevin for revision by end-of-year. After getting it back, the editor will circulate it for review and, if acceptable, include it in the PDTR. We delegate to the editor the authority to decide if the annex is acceptable for inclusion in the PDTR. National body commenting can determine if it remains in the PDTR.

We discuss how to obtain a SPARK Annex. The editor will provide the most recent version for posting on the web site [N0382]. Michell will review the document to select portions that require update. The draft and Michell's analysis will be sent to Rod Chapman [Action Item #20-6]. The existing draft, with any changes provided by Chapman, will be included in the PDTR ballot draft. Later comments can be offered through the national body commenting process.

4. Other Business

We discuss the process for updating language annexes. The conclusion is that we are responsible for our document. We should send all of the proposed changes to the appropriate language group, but if they are unresponsive, then we should proceed. We should invite each language group to provide a point of contact. If they don't provide a POC or the POC is unresponsive, we will perform our own best technical judgment.

Following the formal close of the meeting, there was a brief discussion of the idea to propose work on the so-called ESAPI interfaces [N0383]. (The draft document was logged so that working group members may look at it in anticipation of future discussion.)

5. Resolutions

We thank INCITS for hosting the meeting and ISO for the web conferencing system.

6. Adjournment

We adjourn on Friday at noon.