Unexpected Speculation Control Of _RETs_

Google observed some undocumented (to the best of their knowledge) behavior of the indirect branch predictors, specifically relative to ret instructions. The research they conducted appears to show that this behavior does not seem to create exploitable security vulnerabilities in the software they have tested. They would like to better understand the impact and implications for different software stacks, thus they welcome feedback or further research. Included is proof of concept code.