Minutes from the 12 Jan 2021 IBIS Quality Task Group meeting are attached.
Mike
Minutes, IBIS Quality Task Group
12 January 2021
11:00-12:00 EST (08:00-09:00 PST)
ROLL CALL
Intel Technology * Michael Mirmak
Micron Technology Randy Wolff
Signal Integrity Software: * Mike LaBonte
Teraspeed Labs: * Bob Ross
Zuken USA: * Lance Wang
Everyone in attendance marked by *
NOTE: "AR" = Action Required.
-----------------------MINUTES ---------------------------
Mike LaBonte conducted the meeting.
Call for IBIS related patent disclosures:
- None
Call for opens:
- None
Review of previous meeting minutes:
Minutes from the December 22, 2020 and January 5, 2021 meetings were reviewed.
Bob Ross moved to accept the minutes. Lance Wang seconded. Without objection,
minutes
were approved.
ARs:
- Mike LaBonte to research code analysis tool options
- Done
New parser bugs:
Bob Ross reported there were no new bug reports.
IBISCHK security fixes:
Bob Ross thanked Michael Mirmak for providing static code analysis results for
IBISCHK 7.0.0. Michael Mirmak said there were a lot more possible formalized
checks
for elevation of privileges, overwriting memory, etc. He said that even if we
were
not using the secure versions of input functions, we should at least be sure
input
functions are used in a secure way. For example, buffer overruns should at
least have
a graceful failure. He said spreadsheet programs can be made to read CSV
inputs as
executable expressions, with dangerous possibilities. Bob Ross said
spreadsheet tools
other than Excel might also be insecure.
Mike LaBonte said he had asked Perforce for a quote on the Klocwork static code
analysis
tool. No quote had yet been provided. However, that was an enterprise scale
tool,
with a 5 seat minimum, so the price was expected to be high. Mike LaBonte said
he had
used a similar free tool SPLint (Secure Programming Lint) on the IBISCHK 7.0.2
code.
With all checks enabled, that tool produced over 50,000 messages. Mike LaBonte
used
options to disable most checks, reducing the number to less than 200. He would
run
SPLint on the IBISCHK 7.0.0 code to compare against the results from Michael
Mirmak.
AR: Mike LaBonte to run SPLint analysis on IBISCHK 7.0.0 code for comparison
Michael Mirmak suggested running IBISCHK on an internet connected system,
attempting
to evaluate whether IBIS-AMI models are making network connections. He said he
would
be able to rerun his checks as part of the development process. It may Michael
take
some time to get setup to analyze the IBISCHK 7.0.2 code, but he was working on
that.
Michael said we might consider using BlackDuck, a tool from Synopsys, for
analysis.
Mike LaBonte said SPLint had found many other code issues, and some were of
concern.
Michael Mirmak said correcting some issues might involve adding more checking
code,
and he felt that the performance impact of that should not be an issue. Mike
LaBonte
said he had conducted tests running IBISCHK on thousands of IBIS files, and it
never
took very long.
Michael Mirmak said AMI introduced the possibility of running a malicious
IBIS-AMI
DLL, and that it might be good for ibischk to state what is not checked. Mike
LaBonte
said IBISCHK currently printed a statement concerning Executable line platforms
not
checked, and that might be a good place to add other statements about check
limitations.
Bob noted that we were pursuing parallel tasks, which Mike LaBonte summarized:
- Getting a price quote for Klocwork (Mike LaBonte)
- Investigating BlackDuck (???)
- Intel analysis of IBISCHK 7.0.2 code (Michael Mirmak)
- SPLint analysis of IBISCHK 7.0.0 code (Mike LaBonte)
IBIS-ISS parser development:
No discussion.
IBISCHK 7.1.0:
Mike LaBonte asked if Bob Ross had ever received any feedback from the IBISCHK
developer on the usefulness of the 7.0.0 development contract.
Bob said that was for us to delineate our requirements.
Mike LaBonte felt we had added an appendix with a lot of detail.
AR: Bob Ross to draft IBISCHK 7.1.0 parser development contract
Tabled topics (no discussion without motion):
- BIRD181.2
Mike LaBonte moved to adjourn. Randy Wolff seconded. Without objection the
meeting ended.
Meeting ended: 12:04 ET
Next meeting January 19, 2021