C++ Logo

sg14

Advanced search

Re: [SG14] Dec 9 SG14 Safety Security call

From: Michael Wong <fraggamuffin_at_[hidden]>
Date: Wed, 9 Dec 2020 20:20:29 -0500
SG12 SG14 Notes by Michael with screen shots from Matthew Butler.
Sorry that we didn to get to Alex's paper. This paper will be treated based
on the formation of this group.
Thank you all for attending.

On Wed, Dec 9, 2020 at 9:54 AM Michael Wong <fraggamuffin_at_[hidden]> wrote:

> Thanks both, here is the adjusted agenda for today's call
>
> Topic: SG14 Low Latency Monthly
>
> This meeting is a special meeting to gather interest in Safety and
> Security proposed by Matthew Butler in May 2020 Sg14 meeting.
>
> Hi,
>
> Michael Wong is inviting you to a scheduled Zoom meeting.
>
> Topic: SG14 monthly Dec 2020-Feb 2021
> Time: Dec 9, 2020 02:00 PM Eastern Time (US and Canada)
> Every month on the Second Wed, until Feb 10, 2021, 3 occurrence(s)
> Dec 9, 2020 02:00 PM
> Jan 13, 2021 02:00 PM
> Feb 10, 2021 02:00 PM
> Please download and import the following iCalendar (.ics) files to
> your calendar system.
> Monthly:
> https://iso.zoom.us/meeting/tJcscuigqD8pHNESxi1bJ9ClURVqr_ZAvmv1/ics?icsToken=98tyKuCrrz4rEtKRsx-CRowqBY_4d_zwpilego14rwfsUiJ5OyD6A9B0I6BAKvnG
>
> Join from PC, Mac, Linux, iOS or Android:
> https://iso.zoom.us/j/93151864365?pwd=aDhOcDNWd2NWdTJuT1loeXpKbTcydz09
> Password: 789626
>
> Or iPhone one-tap :
> US: +12532158782,,93151864365# or +13017158592,,93151864365#
> Or Telephone:
> Dial(for higher quality, dial a number based on your current location):
> US: +1 253 215 8782 or +1 301 715 8592 or +1 312 626 6799 or +1
> 346 248 7799 or +1 408 638 0968 or +1 646 876 9923 or +1 669 900 6833
> or 877 853 5247 (Toll Free)
> Meeting ID: 931 5186 4365
> Password: 789626
> International numbers available: https://iso.zoom.us/u/abRrVivZoD
>
> Or Skype for Business (Lync):
> https://iso.zoom.us/skype/93151864365
>
> Agenda:
>
> 1. Opening and introduction
>
> ISO Code of Conduct
> <https://isotc.iso.org/livelink/livelink?func=ll&objId=20882226&objAction=Open&nexturl=%2Flivelink%2Flivelink%3Ffunc%3Dll%26objId%3D20158641%26objAction%3Dbrowse%26viewType%3D1>
>
> ISO patent policy.
>
> https://isotc.iso.org/livelink/livelink/fetch/2000/2122/3770791/Common_Policy.htm?nodeid=6344764&vernum=-2
>
>
> WG21 Code of COnduct:
>
>
> https://isocpp.org/std/standing-documents/sd-4-wg21-practices-and-procedures
>
> 1.1 Roll call of participants
>
John Macfarlane
Gaby Dos Reis
Matthew Butler
Aaron Ballman
Aleksandar Veselinovic
Alex Christensen
Anreas weisz
Andrew Lumsdaine
Antony Peacock
Arthur O'Dwyer
Ben Saks
Conor Horman
Daniel Papke
Edward Catchpole
erhard Ploederreder
Geoffrey Viola
Guy Davidson
Henry Miller
Herb Sutter
Inbal Levi
Jan Babst
JF Bastien
Ken Dinne
Kim Nillson
Mateusz Pusz
 Matthew Bentley
Miguel Ojeda
Paul Bendixen
 Rene Ferdinand Rivera Morell
Roberto Bagnara
Ronan Keryell
Roonen riedman
Ryan McDougall
Scott Schurr
Sophia Poirier
Staffan Tjernstrom
Stephanie Even
Michael Wong


> 1.2 Adopt agenda
>
Approved

> 1.3 Approve minutes from previous meeting, and approve publishing
> previously approved minutes to ISOCPP.org
>
> 1.4 Action items from previous meetings
>
> 2. Main issues (125 min)
>
> 2.1 General logistics
>
> Future meeting plans
>
> Dec 9, 2020 02:00 PM ET/1900 UTC: Safety Security
> Jan 13, 2021 02:00 PM ET/1900UTC: Games
> Feb 10, 2021 02:00 PM ET/1900 UTC: Embedded
>
> 2.2 Paper reviews
>
> Matthew Butler to review Safety Security Proposal: Safety & Security
> Review Group proposal for tomorrow:
> https://docs.google.com/document/d/e/2PACX-1vQSH4wLATLo3bLHjU71v4GwB0Ztr0UScV_hEyTFYTFzo0vt7euXdDkrilI2W-EulNL8ATvhWKVl9Hvp/pub
> .
>
  P2272 R1 SSRG proposal
perception problem
bloated code
they use smaller language, but they always grow
many moving parts
RG not an SG
like ABI RG
help language and library evolution
C++ experts who are also safe and secure and say I know how to exploit this
define a language language subset and show you the technique for using them
also covers education
all safety security systems have to address the same issues
memory, undefined, exception
should be D R0 paper
para for what is safety critical : any device with a human life attached to
it
security issue with cloud download
safety can be confused memory safety. life critical use, safety is
overloaded
C had a safety security in WG14, had very little consensus between security
and safety practitioners: security want code that was defect code, safety
need prove through analysis that it was correct, not as much overlap
how to handle that set of requirements in a single language ? it is done
through CERT C and MISRA C (which moves some to security space),
C standard has Annex K on Bounds checking, Annex L on analyzability related
Annex K, overlap to SG12 SG14
SG would not be invitation only
and also be passive on demand
attract experts, and help committee understand concerns, committee may
ignore that feedback
SG12 does not overlap WG23, SG12 is a partner that works with these
concerns, they have not address issues its more about enumerating
vulnerabilities
Safety security world thinks the e committee is not helping them,
mixin concerns by calling safety security, then split later

a list of security safety concerns, how to solve the is where WG14 ran into
problems

concern should be not undefined behaviour, SSRG would modify it for
expertise

SG12 questions? point out problem the nsolvin is easier

issues will go back and forth between EWG and SSRG: watch out for this APi

Safety Security is cross cutting, SG12 does not cover everything but
combined with WG23 helps
we don't want SGs competing with each other,
community is confused: Is C++ about performance, or security and safety

dynamic memory, and exception is very complicated and not a single SG can
solve the problem

my users do not have the technical capacity the way WG21 works, they
don't have the time to drive forward their own proposals and may not have
the knowhow of WG21 processes

we can be proactive on reaching out, or papers to run through the SG

Tool developers: is there a disconnect with them? solution may be in
tooling, and not just language, we need better tooling to help with safety
and security

different industry have different needs, also approach OS and chip design,
one that cannot be solved just by C++ language, library, or tools

who would reviewing papers with the ability to call the authors of those
papers into the meeting, and security group could have that mandate to
interview that mandate directly to reduce noise

scope and possible high workload, safety and security tends be slow, you do
have to take your time, part of the load balancing is not have everyone
review everything

do we have a critical mass of wg21 attendees who are familiar with our
process and have domain expertise.

SG12: topic is fundamental, and lower the confusion

Wg21 people with expertize:
Billy Baker
Ben Saks
Ryan MacDougal
Mateusz Pusz
John MacFarlane
Stephanie Even
Aaron Ballman
Andreas Weisz
Gaby Dos Reis
JF Bastien
Michael Wong
Matthew Butler

Not WG21 but experts

Ken Dunne
Jan Babst
Staffan Tjerstrom:





P1315: Secure clear Miguel
clear memory without optimizer removing the memory store

C has consensu that this can work
will it be imported to C++, need a C++ expert
SG22, SG12 saw it

optimizing away the call in C++ is the major problem,
any efor to say something should not be removed.


> P1315R5 - Miguel Ojeda - secure_clear
>
P1315: Secure clear Miguel
clear memory without optimizer removing the memory store

C has consensu that this can work
will it be imported to C++, need a C++ expert to help
WG142, SG12 saw it


> P1705R1 - Shafik Yaghmour - Enumerating Core Undefined Behavior
>
P1705: Shafik
list each UB in the core behaviour
reviewed by SG12: write a mock annex, 80% done
SG12 has seen it from Michael Spencer
presented to EWG
practical goal,
any proposal UB should be added to an annex

most people think UB that compiler to just translate C++ to assembly
statements one by one, that is not the case

is it a defect report to highlight the omission if it is not there already?
annex is nonnormative, then we just go to normal DR process

> P1861R1 - Alex Christensen - Secure Networking in C++
> P2234 - Scott Schurr -"Consider a UB and IF-NDR Audit"
>
P2234 consider a UB and IF-NDR audit by Scott Shur
find UB very hard to reason about, been looking for leverage
illorm and no diagnostic required MDR, there are over 900 including whats
in the library
examining the UB we have and how much we really need
if UB is non-essential can we re examine them and can we make it safer
such an audit can be useful
UB makes the language hard to reason about,
will schedule SG 12 review or this,

been wanting this since 2014, like signed integer, but there could be
contentions
if there are things that could be push back to the compilation stage then
all for it but UB can be positive for safety and security

uninit variables is a source of security issues, but having all init var 0
init is not the best either as 0 could be bad,UB gives leeway for a number
of things, can't really standardize that, Core of the problem is that there
is bug in the language, how can we have a language without those pitfalls

signed integer arith overflow from lawrence Crowl is another
similar example; because optimizer has become very aggressive

How do you reconcile the 2 things if goal is to reduce UB? we categorize UP
and give rationale and can we achieve the same goal by down grading to impl
specified , or impl defined

people equate UB with discoverability because it allows sanitizer to
discover it,

ubsan can trap for overflow detections but these tools are hard to deploy
e.g. Donald Knuth has an overflow in this book but not found for years

unsigned overflow, if you remove UB it removes the overflow detection; so
can UB discussion be combined with contracts; these are things that
optimizers are allowed to make assumptions about? right contracts want
focus on safety

30 years of saying UB is bad and rebranding is hard

UB is not really for developers, its for implementers, yes agree

Scott will work on revision R1,

> 2.2.1 any other proposal for reviews?
>
> SG14/SG19 features/issues/defects:
>
>
> https://docs.google.com/spreadsheets/d/1JnUJBO72QVURttkKr7gn0_WjP--P0vAne8JBfzbRiy0/edit#gid=0
>
>
> 2.3 Domain-specific discussions
>
> 2.3.1 SIG chairs
>
> - Embedded Programming chairs: Ben Craig, Wouter van Ooijen and Odin
> Holmes, John McFarlane
>
> - Financial/Trading chairs: Staffan Tjernström, Carl Cooke, Neal
> Horlock,
> Mateusz Pusz, Clay Trychta,
> - Games chairs: Rene Riviera, Guy Davidson and Paul Hampson
> - Linear Algebra chairs: Bob Steagall, Mark Hoemmen, Guy Davidson
>
> 2.4 Other Papers and proposals
>
> 2.5 Future F2F meetings:
>
> 2.6 future C++ Standard meetings:
> https://isocpp.org/std/meetings-and-participation/upcoming-meetings
>
> - 2020-11: (New York, tentative) Cancelled.
> - 2021-02-22 to 27: Kona, HI, USA Cancelled
>
> 3. Any other business
> Reflector
> https://lists.isocpp.org/mailman/listinfo.cgi/sg14
> As well as look through papers marked "SG14" in recent standards committee
> paper mailings:
> http://open-std.org/jtc1/sc22/wg21/docs/papers/2015/
> http://open-std.org/jtc1/sc22/wg21/docs/papers/2016/
>
> Code and proposal Staging area
> https://github.com/WG21-SG14/SG14
> 4. Review
>
> 4.1 Review and approve resolutions and issues [e.g., changes to SG's
> working draft]
>
> 4.2 Review action items (5 min)
>
> 5. Closing process
>
> 5.1 Establish next agenda
>
> 5.2 Future meeting
>
> Dec 9, 2020 02:00 PM Eastern Time (1900 UTC) : Security: Mathew
> Butler
>
> Jan 13, 2021 02:00 PM Eastern Time ( 1900 UTC ): Games: Rene
>
> Feb 10, 2021 02:00 PM Eastern Time ( 1900 UTC ): Embedded :
>
> Kind Rgds
>
> On Tue, Dec 8, 2020 at 11:20 PM Matthew Butler via SG14 <
> sg14_at_[hidden]> wrote:
>
>> Thanks, John. I will try to get this on the agenda for tomorrow if at all
>> possible,
>>
>> All, here is the Safety & Security Review Group proposal for tomorrow:
>> https://docs.google.com/document/d/e/2PACX-1vQSH4wLATLo3bLHjU71v4GwB0Ztr0UScV_hEyTFYTFzo0vt7euXdDkrilI2W-EulNL8ATvhWKVl9Hvp/pub.
>> It's very short so I will put it last on the agenda for tomorrow.
>>
>> See you all then.
>>
>> Thanks,
>> Matt
>>
>> On Tue, Dec 8, 2020 at 10:36 AM John McFarlane <john_at_[hidden]>
>> wrote:
>>
>>> If we're looking at P1705, should we also review P2234 "Consider a UB
>>> and IF-NDR Audit"?
>>>
>>> On Tue, 8 Dec 2020 at 03:56, Matthew Butler via SG14 <
>>> sg14_at_[hidden]> wrote:
>>>
>>>> We have 3 other papers to review as well:
>>>>
>>>> P1315R5 - Miguel Ojeda - secure_clear
>>>> P1705R1 - Shafik Yaghmour - Enumerating Core Undefined Behavior
>>>> P1861R1 - Alex Christensen - Secure Networking in C++
>>>>
>>>>
>>>>
>>>> On Mon, Dec 7, 2020 at 8:49 PM Michael Wong via SG14 <
>>>> sg14_at_[hidden]> wrote:
>>>>
>>>>> Topic: SG14 Low Latency Monthly
>>>>>
>>>>> This meeting is a special meeting to gather interest in Safety and
>>>>> Security proposed by Matthew Butler in May 2020 Sg14 meeting.
>>>>>
>>>>> Hi,
>>>>>
>>>>> Michael Wong is inviting you to a scheduled Zoom meeting.
>>>>>
>>>>> Topic: SG14 monthly Dec 2020-Feb 2021
>>>>> Time: Dec 9, 2020 02:00 PM Eastern Time (US and Canada)
>>>>> Every month on the Second Wed, until Feb 10, 2021, 3 occurrence(s)
>>>>> Dec 9, 2020 02:00 PM
>>>>> Jan 13, 2021 02:00 PM
>>>>> Feb 10, 2021 02:00 PM
>>>>> Please download and import the following iCalendar (.ics) files to
>>>>> your calendar system.
>>>>> Monthly:
>>>>> https://iso.zoom.us/meeting/tJcscuigqD8pHNESxi1bJ9ClURVqr_ZAvmv1/ics?icsToken=98tyKuCrrz4rEtKRsx-CRowqBY_4d_zwpilego14rwfsUiJ5OyD6A9B0I6BAKvnG
>>>>>
>>>>> Join from PC, Mac, Linux, iOS or Android:
>>>>> https://iso.zoom.us/j/93151864365?pwd=aDhOcDNWd2NWdTJuT1loeXpKbTcydz09
>>>>> Password: 789626
>>>>>
>>>>> Or iPhone one-tap :
>>>>> US: +12532158782,,93151864365# or +13017158592,,93151864365#
>>>>> Or Telephone:
>>>>> Dial(for higher quality, dial a number based on your current
>>>>> location):
>>>>> US: +1 253 215 8782 or +1 301 715 8592 or +1 312 626 6799
>>>>> or +1 346 248 7799 or +1 408 638 0968 or +1 646 876 9923 or +1 669 900
>>>>> 6833 or 877 853 5247 (Toll Free)
>>>>> Meeting ID: 931 5186 4365
>>>>> Password: 789626
>>>>> International numbers available: https://iso.zoom.us/u/abRrVivZoD
>>>>>
>>>>> Or Skype for Business (Lync):
>>>>> https://iso.zoom.us/skype/93151864365
>>>>>
>>>>> Agenda:
>>>>>
>>>>> 1. Opening and introduction
>>>>>
>>>>> ISO Code of Conduct
>>>>> <https://isotc.iso.org/livelink/livelink?func=ll&objId=20882226&objAction=Open&nexturl=%2Flivelink%2Flivelink%3Ffunc%3Dll%26objId%3D20158641%26objAction%3Dbrowse%26viewType%3D1>
>>>>>
>>>>> ISO patent policy.
>>>>>
>>>>> https://isotc.iso.org/livelink/livelink/fetch/2000/2122/3770791/Common_Policy.htm?nodeid=6344764&vernum=-2
>>>>>
>>>>>
>>>>> WG21 Code of COnduct:
>>>>>
>>>>>
>>>>> https://isocpp.org/std/standing-documents/sd-4-wg21-practices-and-procedures
>>>>>
>>>>> 1.1 Roll call of participants
>>>>>
>>>>> 1.2 Adopt agenda
>>>>>
>>>>> 1.3 Approve minutes from previous meeting, and approve publishing
>>>>> previously approved minutes to ISOCPP.org
>>>>>
>>>>> 1.4 Action items from previous meetings
>>>>>
>>>>> 2. Main issues (125 min)
>>>>>
>>>>> 2.1 General logistics
>>>>>
>>>>> Future meeting plans
>>>>>
>>>>> Dec 9, 2020 02:00 PM ET/1900 UTC: Safety Security
>>>>> Jan 13, 2021 02:00 PM ET/1900UTC: Games
>>>>> Feb 10, 2021 02:00 PM ET/1900 UTC: Embedded
>>>>>
>>>>> 2.2 Paper reviews
>>>>>
>>>>> Matthew BUtler to review Safety Security Proposal
>>>>>
>>>>> 2.2.1 any other proposal for reviews?
>>>>>
>>>>> SG14/SG19 features/issues/defects:
>>>>>
>>>>>
>>>>> https://docs.google.com/spreadsheets/d/1JnUJBO72QVURttkKr7gn0_WjP--P0vAne8JBfzbRiy0/edit#gid=0
>>>>>
>>>>>
>>>>> 2.3 Domain-specific discussions
>>>>>
>>>>> 2.3.1 SIG chairs
>>>>>
>>>>> - Embedded Programming chairs: Ben Craig, Wouter van Ooijen and Odin
>>>>> Holmes, John McFarlane
>>>>>
>>>>> - Financial/Trading chairs: Staffan Tjernström, Carl Cooke, Neal
>>>>> Horlock,
>>>>> Mateusz Pusz, Clay Trychta,
>>>>> - Games chairs: Rene Riviera, Guy Davidson and Paul Hampson
>>>>> - Linear Algebra chairs: Bob Steagall, Mark Hoemmen, Guy Davidson
>>>>>
>>>>> 2.4 Other Papers and proposals
>>>>>
>>>>> 2.5 Future F2F meetings:
>>>>>
>>>>> 2.6 future C++ Standard meetings:
>>>>> https://isocpp.org/std/meetings-and-participation/upcoming-meetings
>>>>>
>>>>> - 2020-11: (New York, tentative) Cancelled.
>>>>> - 2021-02-22 to 27: Kona, HI, USA Cancelled
>>>>>
>>>>> 3. Any other business
>>>>> Reflector
>>>>> https://lists.isocpp.org/mailman/listinfo.cgi/sg14
>>>>> As well as look through papers marked "SG14" in recent standards
>>>>> committee
>>>>> paper mailings:
>>>>> http://open-std.org/jtc1/sc22/wg21/docs/papers/2015/
>>>>> http://open-std.org/jtc1/sc22/wg21/docs/papers/2016/
>>>>>
>>>>> Code and proposal Staging area
>>>>> https://github.com/WG21-SG14/SG14
>>>>> 4. Review
>>>>>
>>>>> 4.1 Review and approve resolutions and issues [e.g., changes to SG's
>>>>> working draft]
>>>>>
>>>>> 4.2 Review action items (5 min)
>>>>>
>>>>> 5. Closing process
>>>>>
>>>>> 5.1 Establish next agenda
>>>>>
>>>>> 5.2 Future meeting
>>>>>
>>>>> Dec 9, 2020 02:00 PM Eastern Time (1900 UTC) : Security: Mathew
>>>>> Butler
>>>>>
>>>>> Jan 13, 2021 02:00 PM Eastern Time ( 1900 UTC ): Games: Rene
>>>>>
>>>>> Feb 10, 2021 02:00 PM Eastern Time ( 1900 UTC ): Embedded :
>>>>>
>>>>> Kind Rgds
>>>>> _______________________________________________
>>>>> SG14 mailing list
>>>>> SG14_at_[hidden]
>>>>> https://lists.isocpp.org/mailman/listinfo.cgi/sg14
>>>>>
>>>> _______________________________________________
>>>> SG14 mailing list
>>>> SG14_at_[hidden]
>>>> https://lists.isocpp.org/mailman/listinfo.cgi/sg14
>>>>
>>> _______________________________________________
>> SG14 mailing list
>> SG14_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/sg14
>>
>

Received on 2020-12-09 19:20:47