These bad boys were introduced by the SSE2 instruction set

Notes on SSE Intrinsics in general

Data types:

__m128 f; // = {float f0, f1, f2, f3} __m128d d; // = {double d0, d1} __m128i i; // 16 8-bit, 8-16 bit, 4 32-bit or 2-64 bit ints

mm<intrin_op>_<suffix> --

Suffixes: p -- packed; s -- single;

1. RDTSCP -- timestamp counter for 64 bit architectures
2. MFENCE -- memory fencing, which serialises all load/store operations that were issued prior to the call to _mm_mfence()
3. CLFLUSH -- Flush cache line If missing the cache is flushed with writing to this array uint8_t cache_flush_array[CACHE_FLUSH_STRIDE * CACHE_FLUSH_ITERATIONS]; ^{2048 4096}

4.

• Sets cache_hit_threshold to 120
• malicious_x is the secret string address, calculated by secret - (char*) array1 = 131152 which is the distance from array1 to secret ^{(char*) (uint8_t*)}

WHY?

Memory Structure	Contents	Relative address in bytes
int array1_size	Contains 16	0
uint8_t unused1[64]		4
uint8_t array1[16]	Contains ints 1-16	68
uint8_t unused2[64]		84
uint8_t array2[256 * 512]		148
char* secret	Contains the secret	131220
uint8_t temp	Contains 0	131220 + secret length

Experiment results

Initially we changed the ration between the leading suggestion and second best guess from 2 to 1.5. This improved performnace from ~3.5-4s to ~1second on default threshold. After that we decided to check how changing threshold affects runtime and discovered the following data for our runs 20_30