ArsenyBochkarev
commented
6 days ago I was able to utilize the HotColdSplitting pass for that purpose:
- I cut it and move the cut version into a separate pass called
BasicBlocksExtraction - In a new pass, single blocks are treated as separate regions
- All blocks are extracted in a separate sections with prefix
__llvm_extracted
The test used for this pass: test.txt
Results with and without --fuzz=l1i option:
Fuzzed: fuzzed_res.txt
Nonfuzzed: nonfuzzed_res.txt
We need to fuzz L1I caches by splitting basic blocks from it more or less evenly across the binary being generated. This can be achieved by using the HotColdSplitting pass unconditionally for as much BBs as possible
The effect we're trying to achieve here is something close to cache contention.