Pure software approach for preventing branch-target-injection
Use return (another form of an indirect jump) instruction
architecturally capture spec 은 절대 실행 안되지만 branch prediction
Speculation uses return stack buffer (RSB). RSB, at the top, has an address that correspond to an infinite loop, a harmless path to speculate into. RSB, unlike BTB, cannot be polluted by adversaries.