Minutes, IBIS Quality Task Group

5 January 2021

11:00-12:00 EST (08:00-09:00 PST)

ROLL CALL

Achronix Semiconductor:             Hansel Dsilva
Intel Corp.                         Michael Mirmak
Mentor, a Siemens Business          Arpad Muranyi
Micron Technology                 * Randy Wolff
Signal Integrity Software:        * Mike LaBonte
SPISim                              Wei-hsing Huang
Teraspeed Labs:                   * Bob Ross
Zuken USA:                        * Lance Wang
SAE ITC                             José Godoy

Everyone in attendance marked by *

NOTE: "AR" = Action Required.

-----------------------MINUTES ---------------------------
Mike LaBonte conducted the meeting.

Call for IBIS related patent disclosures:

- None


Call for opens:

- Mike LaBonte said the list of historical attendees in the minutes would be reset to those present today.


Review of previous meeting minutes:
Minutes from the December 22 meeting were not sent.


ARs:
- Bob Ross to ask Michael Mirmak for code analysis of IBISCHK 7.0.2 code
  - Done. No response yet.
- Bob Ross to ask IBISCHK developer for quote for security fixes
  - Done. Response received.


New parser bugs:
Bob Ross reported there were no new bug reports.


IBISCHK security fixes:
Mike LaBonte showed an email from developer Atul Agarwal, estimating the work required
to resolve security issues in IBISCHK.  Bob Ross said he had not shared the email with
Michael Mirmak.  He said the cost would depend on whether some fixes could be skipped,
based on judgments about how serious the issues were.  Lance Wang said it was possible
that some source code users were modifying the code themselves to resolve these issues.
He felt it would be a huge job to do all of the fixes, and that it was not certain that
IBISCHK was exposed to any real risks.  Mike said IBISCHK would be subject to buffer
overrun exploits because it reads IBIS files from outside sources.  A malicious IBIS
file could be created, that would load content into portions of memory that might then
be executed.

Lance suggested it might be easier to rewrite IBISCHK.  There were other reasons to
rewrite it, memory handling for example.  It was very old code.  Bob said there may
be 250 fixes required after analysis of the most recent 7.0.2 code.  Mike said some
fixes would be simple function name changes like sprintf to s_sprintf.  Randy agreed
that many of the required fixes were similar.  Mike and Bob agreed with the developer's
assertion that blind search and replace all would be dangerous.

Bob said it would be important not to incur new security issues in later code
developments.  He was concerned that we might not get quick turnaround check the results.
Bob wondered how much the Klocwork code analysis tool would cost, and could its purchase
be part of the contract.  Mike said it might have an annual license costing several
thousand dollars.  Randy said SAE ITC might object to the expenses, but we had not
had any discussion of parser funding policy with them.  Bob suggested we could ask
source code purchasers if they would pay $3,000 for the 7.1 code, which as a minor
release would normally be free of charge.  Mike suggested making the next release 8.0
if funding was an issue.  Randy suggested informing SAE ITC about any expected new
expenses in advance.  Bob said the quote for BUG214 plus IBIS 7.1 was about $12,800.
SAE ITC would classify that as a capital expense, and the amount was small compared
to revenue.  Mike said that summit expenses savings due to having virtual summits
might allow us to spend more on parser work.  Bob said we had a cumulative net loss of
$15,000 for summits since joining SAE ITC in 2013, relative to sponsorship revenue.
We had collected about $130,000 in dues however.  Bob concluded we did not need to
make the next release IBIS 8.0 to get more parser source revenue.  Randy said we had
given SAE ITC an estimate for parser expense of $10,000 in August of 2020.  Bob said
the 80 hour estimate would cost about $3,200.

Bob suggested getting a quote for Klocwork software. As an unincorporated entity we
might get a discount.  Mike felt the developer should be the purchaser, we could ask
him to get a quote.  Otherwise the purchaser might have to be SAE ITC.  Bob noted a
quote for the developer may be different because he is based in India.  Lance asked
about using other code analysis software.  He suggested we might want to update future
source code purchase agreements to state a limitation of liability, that the software
we use to verify must be sufficient, with no requirement to address issues found by
other software.  Mike agreed with that idea.  Randy said we might consider raising the
8.0 parser source code price to cover the cost of software tools.  Bob said we might
raise prices on an ongoing basis, to cover a permanent annual expense for software.
Mike said there might possibly be an analysis tool that is free of charge.

AR: Mike LaBonte to research code analysis tool options


IBIS-ISS parser development:
Bob Ross said he had a few more updates to make to BUG214.  Randy Wolff asked if
that would be discussed in the Open Forum meeting.  Bob said the bug had not yet
been classified.  He said we could save $2,000 or $3,000 by combining changes into a
single development project.  We needed to discuss this more in the task group before
a wider discussion.


Tabled topics (no discussion without motion):
  - BIRD181.2

Mike LaBonte moved to adjourn. Randy Wolff seconded. Without objection the meeting ended.

Meeting ended: 12:15 ET

Next meeting January 12, 2021