Ah, but julia does emit a lot of indirect jumps (callq) even if the target should be known. Simple example on 0.6:
f(V,i)=V[i]
X=rand(4)
@code_native f(X,2)
.text
leaq -1(%rsi), %rax
cmpq 24(%rdi), %rax
jae L20
movq (%rdi), %rax
vmovsd -8(%rax,%rsi,8), %xmm0 # xmm0 = mem[0],zero
retq
L20:
pushq %rbp
movq %rsp, %rbp
movq %rsp, %rcx
leaq -16(%rcx), %rax
movq %rax, %rsp
movq %rsi, -16(%rcx)
movabsq $jl_bounds_error_ints, %rcx
movl $1, %edx
movq %rax, %rsi
callq *%rcx
nopw (%rax,%rax)
This code is vulnerable to spectre. I can mistrain the branch predictor to assume that the bound-check fails (jae) and mistrain the branch-target-predictor to jump (callq) to my favorite gadget.
Edit: Technically, this chains attacks 1 and 2 in the google terminology.
Edit 2: Maybe these indirect calls are worth fixing anyway, and should even improve performance (in a mostly negligible way, mostly reducing codesize and speeding up exceptions). No reason for codegen to not emit a direct call (we know which exception we want to raise).