Finding Spectre vulnerabilities with smatch

The benefit can be much bigger than that. E.g. in code like "struct { int n; bool last; char pad[56]; } *p; while (!p->last) { sum += p->n; ++p; }", if you did all the loads and branches sequentially based on their dependencies, it would take ~100ns per iteration (since you can't start the next load of p until you've checked the result of the the previous load). But if you predict the branches then you can queue up dozens of (speculative) loads at once, and complete dozens of iterations per 100ns (limited only by memory bandwidth and queue sizes), which is a massive improvement. That extra parallelism is worth a tiny reduction in cache efficiency.

(In practice you'd need slightly more complicated code to avoid simply being optimised by the cache prefetcher etc, but presumably that kind of code comes up enough in benchmarks and/or real applications to be a worthwhile optimisation, given that Intel has been doing it for two decades.)