Questions about the results in incidents_profile.txt

[enlighten5]

Hi, This is a very interesting work! I tried some simple binaries with it and have some questions about interpreting the results. I was wondering what do s2, s3, and IM1, IM2 in the incidents_profile.txt really mean? To me, it's like s2 is <TB, RS>, and s3 is <TB, RS, LS>. Moreover, is the result of <TB, SW> shown in incidents_profile.txt? or should I enable some options if I want to find <TB, SW>? I think it treats the fread() as a taint source. but I did not observe any tainted branch for some of the binaries. do you think it's something related to the binary itself or the taint propagation? Thank you in advance!

[winter2020]

The detection of speculative write is enabled. but you have to check the disassembly code at the detected location to know whether it is a read or write.