Spectre code generation mitigations need to be taken seriously because timer mitigations many not be effective, see our proof of concept showing that there may be no practical safe timer mitigation threshold.
Subtraction with borrow appears a useful pattern for Spectre bound check mitigation and can be fused with the bounds check branch for use in web sandbox implementations.
Web browser vendors have started exploring the challenge of mitigating the Spectre vulnerabilities. Were bounds checks are necessarily being retained index masking is being explored. We offer one alternative that seems promising using a different approach, see the Spectre bounds check data flow mitigation