[C-safe-secure-studygroup] Fwd: (SC22WG14.14627) N2139 2017/03/28 Seacord, C Safe Secure Coding Rules Study Group

McCall, Gavin (G.F.) gavin.mccall at visteon.com
Thu Mar 30 16:13:37 UTC 2017


Reading IEC61508-7:2000 section C.4.6, we read

The language should be fully and unambiguously defined.

Should provide run-time type and array bound checking. // array bounds overflow eliminated

Table C.1 states for C, as defined by WG14 to be
SIL 1 R
SIL 2 -
SIL 3 NR
SIL 4 NR

R -> Recommended. - -> no opinion. NR -> Not Recommended. HR -> Highly Recommended.

In comparison, ADA, MODULA-2 and PASCAL are rated either HR or R at higher SILs.

C only becomes HR when

a)      A subset is used

b)      A Coding standard is used

c)       Use of static analysis tools

--

Is C “fully and unambiguously defined”?

To make a version of C more useful for us implementer’s, a C that is “fully and unambiguously defined” would be a great first step.

To be able to select run-time type and array bound checking would remove my need to look for this explicitly. This would be a great language feature, with a mechanism to turn off by explicit request.

I would prefer a future version if IEC61508-7 to state that using C 202x is Highly Recommended at SIL1 and SIL2.

Gavin



From: C-safe-secure-studygroup [mailto:c-safe-secure-studygroup-bounces at lists.trustable.io] On Behalf Of Robert Seacord
Sent: 29 March 2017 15:20
To: C Safety and Security Study Group Discussion <C-safe-secure-studygroup at lists.trustable.io>
Subject: [C-safe-secure-studygroup] Fwd: (SC22WG14.14627) N2139 2017/03/28 Seacord, C Safe Secure Coding Rules Study Group

---------- Forwarded message ----------
From: "Andrew Banks" <andrew at andrewbanks.com<mailto:andrew at andrewbanks.com>>
Date: Mar 29, 2017 3:49 AM
Subject: (SC22WG14.14627) N2139 2017/03/28 Seacord, C Safe Secure Coding Rules Study Group
To: <sc22wg14 at open-std.org<mailto:sc22wg14 at open-std.org>>
Cc: "Mailing list for members of the MISRA C WG" <misra-c-wg at list.misra.org.uk<mailto:misra-c-wg at list.misra.org.uk>>, "David Ward" <david.ward at horiba-mira.com<mailto:david.ward at horiba-mira.com>>


Ladies and Gentlemen,

When Robert circulated his report to the Study Group mailing list, I posted the reply, below.

Quite frankly, I am unimpressed that he has now circulated it to WG14 without correction.

Andrew

MISRA C Chairman

_____________________________________________
From: Andrew Banks [mailto:andrew at andrewbanks.com]
Sent: 24 March 2017 14:20
To: 'c-safe-secure-studygroup at lists.trustable.io<mailto:c-safe-secure-studygroup at lists.trustable.io>'
Cc: David Ward
Subject: RE: Schedule

RcS wrote

>> I've attached a draft of a presentation that can be used to talk about the

>> study group... it's a work in progress.

While this is Robert's personal position, there are a couple of points to be made, to address clear suggestions of bias:

•       Slide 13 - why is MIRA highlighted as being "a for profit organisation"?  MIRA contribute staff time for project management, in the same way as the other (commercial) member companies contribute staff time for document development.  CERT is not tagged as "a US-Government funded organisation"

•       Slides 14-17 are taken (without attribution) directly from a MISRA report to WG14…

•       Slide 19 - the restrictions in MISRA are not for the fun of it.

o       major restrictions and prohibitions on many of the remaining standard headers in hosted implementations to prevent vulnerabilities due to unspecified and undefined behaviour.

•       Slide 18 - as Addendum 2 show:

o       MISRA C is perfectly suitable as a Security Standard

o       MISRA C is a subset by design and intent - the Yes/No answers infer a clear bias towards against a C subset (contrary to perceived opinion eg ISO26262 & DO178)

A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20170330/a0b9bf5c/attachment-0001.html>


More information about the C-safe-secure-studygroup mailing list