I put together some notes about the round table. I cc'd each person who gave me their email addresses at the event as well.
EuroLLVM 2019 - April 8, 2019
Current API load/costs/perf hits
ARM - data flow tracking part of mitigations is about ⅔ of the overhead, can possibly get it down to 50%
Google - saw the same wrt data flow tracking. Also noted that in the non-public Google spot API the specific code path with the spot mitigation had a higher cost than the code path with Speculative Load Hardening
Test suites that show mitigations work
People at Google are planning to work on this. Right now there are mainly small, non-public proofs of concept.
ARM API history
Originally the ARM spot mitigation API was quickly put together to meet the disclosure deadline. It has evolved since then, but not based on usage from users.
ARM would like to hear from users about their experience working with Spectre mitigations.
People at Google are working on doc with suggestions on how to mitigate with respect to Spectre
Suggested reading from discussion of possible mitigation that didn't seem viable: Why Spectre is Here to Stay