Spectre-v1 really is the ghost that keeps haunting us. All the mitigations I'm aware of work by containing the domain, for example inter-process boundaries together with the MMU to limit the leaked surface. How are we developers supposed to reason about code where most conditions break the invariants we encoded?

The demonstrated exploit strategy is pretty cool.