Minutes, IBIS Quality Task Group 12 January 2021 11:00-12:00 EST (08:00-09:00 PST) ROLL CALL Intel Technology * Michael Mirmak Micron Technology Randy Wolff Signal Integrity Software: * Mike LaBonte Teraspeed Labs: * Bob Ross Zuken USA: * Lance Wang Everyone in attendance marked by * NOTE: "AR" = Action Required. -----------------------MINUTES --------------------------- Mike LaBonte conducted the meeting. Call for IBIS related patent disclosures: - None Call for opens: - None Review of previous meeting minutes: Minutes from the December 22, 2020 and January 5, 2021 meetings were reviewed. Bob Ross moved to accept the minutes. Lance Wang seconded. Without objection, minutes were approved. ARs: - Mike LaBonte to research code analysis tool options - Done New parser bugs: Bob Ross reported there were no new bug reports. IBISCHK security fixes: Bob Ross thanked Michael Mirmak for providing static code analysis results for IBISCHK 7.0.0. Michael Mirmak said there were a lot more possible formalized checks for elevation of privileges, overwriting memory, etc. He said that even if we were not using the secure versions of input functions, we should at least be sure input functions are used in a secure way. For example, buffer overruns should at least have a graceful failure. He said spreadsheet programs can be made to read CSV inputs as executable expressions, with dangerous possibilities. Bob Ross said spreadsheet tools other than Excel might also be insecure. Mike LaBonte said he had asked Perforce for a quote on the Klocwork static code analysis tool. No quote had yet been provided. However, that was an enterprise scale tool, with a 5 seat minimum, so the price was expected to be high. Mike LaBonte said he had used a similar free tool SPLint (Secure Programming Lint) on the IBISCHK 7.0.2 code. With all checks enabled, that tool produced over 50,000 messages. Mike LaBonte used options to disable most checks, reducing the number to less than 200. He would run SPLint on the IBISCHK 7.0.0 code to compare against the results from Michael Mirmak. AR: Mike LaBonte to run SPLint analysis on IBISCHK 7.0.0 code for comparison Michael Mirmak suggested running IBISCHK on an internet connected system, attempting to evaluate whether IBIS-AMI models are making network connections. He said he would be able to rerun his checks as part of the development process. It may Michael take some time to get setup to analyze the IBISCHK 7.0.2 code, but he was working on that. Michael said we might consider using BlackDuck, a tool from Synopsys, for analysis. Mike LaBonte said SPLint had found many other code issues, and some were of concern. Michael Mirmak said correcting some issues might involve adding more checking code, and he felt that the performance impact of that should not be an issue. Mike LaBonte said he had conducted tests running IBISCHK on thousands of IBIS files, and it never took very long. Michael Mirmak said AMI introduced the possibility of running a malicious IBIS-AMI DLL, and that it might be good for ibischk to state what is not checked. Mike LaBonte said IBISCHK currently printed a statement concerning Executable line platforms not checked, and that might be a good place to add other statements about check limitations. Bob noted that we were pursuing parallel tasks, which Mike LaBonte summarized: - Getting a price quote for Klocwork (Mike LaBonte) - Investigating BlackDuck (???) - Intel analysis of IBISCHK 7.0.2 code (Michael Mirmak) - SPLint analysis of IBISCHK 7.0.0 code (Mike LaBonte) IBIS-ISS parser development: No discussion. IBISCHK 7.1.0: Mike LaBonte asked if Bob Ross had ever received any feedback from the IBISCHK developer on the usefulness of the 7.0.0 development contract. Bob said that was for us to delineate our requirements. Mike LaBonte felt we had added an appendix with a lot of detail. AR: Bob Ross to draft IBISCHK 7.1.0 parser development contract Tabled topics (no discussion without motion): - BIRD181.2 Mike LaBonte moved to adjourn. Randy Wolff seconded. Without objection the meeting ended. Meeting ended: 12:04 ET Next meeting January 19, 2021