´╗┐ The C and C++ standards information: ISO/IEC, ANSI, POSIX, Single Unix Specification, ANSI C, GNU and cert.org Secure C/C++ coding

 | Main | Next >| C & C++ Code Listing | C & C++ Compiler, IDE | Site Index |



C/C++ Standards



  1. It is worth to check the C and C++ standard updates regarding the new and obsolete features, the future trend and getting the standard references.  The following paragraphs give brief information about C, C++ and other related standards.  For full information please visit their websites.

  2. The ISO/IEC (International Organization for Standardization/ The International Electrotechnical Commission) Programming languages, their environments and system software interfaces documentation can be obtained at ISO/IEC Programming Language Standard Documentation.  The related documentations are:


    ISO/IEC 9899:1999            - C.

    ISO/IEC 14882:2003          - C++.

    ISO/IEC 9945-1:2003        - POSIX, Part 1.

    ISO/IEC 9945-2:2003        - POSIX, Part 2.

    ISO/IEC 9945-3:2003        - POSIX, Part 3.

    ISO/IEC 9945-4:2003        - POSIX, Part 4.

    ISO/IEC 23270:2003          - C#








  1. Freely Available Standards ISO/IEC Standard can be found at iso.org.

  2. Take note that the C# standard is available in ISO/IEC but not Java (Sun Microsystems).  WG was standardization Working Group of the SC which is a SubCommittee of the JTC1, a Joint Technical Committee of ISO and IEC.  SC22 (SubCommittee 22) is the international standardization subcommittee for programming languages, their environments and system software interfaces.  Their web site is available at Open Standard.  It is worth to visit the site for latest updates and the obsolete items of the standards.  For C, C++ and POSIX WG information is summarized as follows:


    1. JTC1/SC22/WG14 is the international standardization working group for the C programming language. The latest revision is  C11 which can be found at ISO/IEC 9899:2011. The Embedded C also included under WG14. Historically, C programming language evolved from C89/C90/C95, C99 and the latest is C11.

    2. The JTC1/SC22/WG21 is the international standardization working group for the C++ programming language.

    3. POSIX was under WG15 but this working group was already disbanded in September 2004.   POSIX is an Operating System interface standardized by ISO/IEC, IEEE and The Open Group.  A POSIX Advisory Group (PAG) was formed to take over some of the activities of WG15.  WG15 is liaised by The Open Group (X/Open).  The latest specification available is  A Single UNIX Specification Version 3.

    4. This standard incorporating the IEEE Std 1003.1 and ISO/IEC 9945 and integrating the industry's Open Systems standards.  ISO/IEC 9945 consists of the following parts (The ISO/IEC codes shown above), under the general title: Information technology Portable Operating System Interface (POSIX┬«):


      1. Part 1: Base Definitions.

      2. Part 2: System Interfaces.

      3. Part 3: Shell and Utilities.

      4. Part 4: Rationale.


  3. The GNU C Library can be found at GNU.ORG and GNU C++ library can be found at GNU C++ library. Both incorporate the latest ISO/IEC C and C++ standards respectively. The ANSI (American National Standards Institute) C and C++ are covered by the ISO/IEC standards and they are more general.

  4. Though the performances of C and C++ still considered 'critical', the current unsecured standard C and C++ functions (libraries) such as string manipulations generated many vulnerabilities for decades. Many C and C++ implementations depend on the programmers side to make it secure. Rather than designing new C/C++ libraries from scratch, typical steps taken just doing the patches to the libraries. You can find Secure C and C++ standards published by CERT.ORG: CERT C Programming Language Secure Coding Standard and CERT C++ Programming Language Secure Coding Standard also available in the same page. You can download many pdf docs from their publication and presentation page.

  5. Other resource related to C & C++ Secure coding can be found IEEE.org. You may want to try a certification of secure coding, Secure Programming Skills Assessment (SPSA) at SANS.org.

  6. Before the new C++ standard was gazetted, Microsoft has proposed C++/CLI and approved by ECMA (ECMA-372). This C++/CLI is implemented in the .NET programming language family, the C++ .NET and it is a Microsoft extension to the C++. You can download and read the C++/CLI design rationale by Herb Sutter.  Some arguments from UK for this C++/CLI standardization can be found at Bjarne Stroustrup website (pdf) and more information on this matter can be found at theregister.co.uk. At the end ISO only maintain the CLI standard and new C++ standard has been gazetted with 'nick name' C++11. Originally C++11 proposed by Dr. Bjarne Stroustrup, dubbed as C++0X and then C++09 (supposed to be published in 2009) implementing new features and extensions. However the standard version was gazetted in 2011. So, the C++ standards evolved from C++98, C++03 and the latest is C++11.




 | Main | Next >| C & C++ Code Listing | C & C++ Compiler, IDE | Site Index |