The recently discovered Spectre and Meltdown vulnerabilities have shown that speculative execution can inappropriately bypass safety checks in programs and lead to information leakage. Speculative execution mechanisms in hardware are carefully designed to restore architectural state upon detecting misspeculation. Yet unlike {\em architectural state}, which is the hardware state that is by definition visible to software, the microarchitectural state, or μ-state, is designed to be invisible to software and therefore is mostly not restored upon detection of misspeculation. Hardware uses μ-state to learn about program behavior and exploit both spatial and temporal locality in order to improve performance. That means that invisible μ-state directly affects the execution time of programs which constitutes a side-channel to reveal information about execution during speculation. One variant of Spectre showed how the contents of private memory can be encoded into μ-state by an attacker who has bypassed safety checks in speculative execution.