Yunhe Shi, David Gregg, Andrew Beatty, M. Anton Ertl. Virtual Machine Showdown: Stack Versus Registers (англ.) // VEE '05: Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments. — Chicago, Illinois, USA: ACM, 2005. — P. 153 - 163. — ISBN 1-59593-047-7. — doi:10.1145/1064979.1065001.
Ando Saabas, Tarmo Uustalu.Type systems for optimizing stack-based code // Electronic Notes in Theoretical Computer Science. — 2007. — Вып. 190.1. — С. 103-119.. — doi:10.1016/j.entcs.2007.02.063. Архивировано 26 мая 2016 года.: «virtual stack or virtual register VMs can be executed more efficiently using an interpreter. Virtual register machines can be an attractive alternative to stack architectures because they allow the number of executed VM instructions to be substantially reduced.»
fortiguard.com
Haifei Li, Understanding and Exploiting Flash ActionScript VulnerabilitiesАрхивировано 26 ноября 2013 года., 2011 «Bytecode -> Verification process … ActionScript Vulnerabilities are due to various program flow calculating errors in the Verification/Generation Process (the Verification Flow and the Execution Flow are not the same)»
fu-berlin.de
inf.fu-berlin.de
Mark Dowd (X-Force Researcher IBM Internet Security Systems), Leveraging the ActionScript Virtual Machine (недоступная ссылка), IBM 2008 «if there was a way to execute AS3 instructions that had never been verified, it would be quite dangerous. Unverified instructions would be able to manipulate the native runtime stack … The attack works by manipulating a data structure used by the AVM2 verifier such that it doesn’t correctly verify the ActionScript instructions for a given method»
Verification of Bytecode in a Virtual machineАрхивировано 30 апреля 2013 года. // International Journal of Advanced Research in Computer Science and Software Engineering Vol.3 Issue 3 March 2013, ISSN 2277-128X: «Java byte code verification has been studied extensively from a correctness perspective, and several vulnerabilities have been found and eliminated in this process»
ioc.ee
cs.ioc.ee
Ando Saabas, Tarmo Uustalu.Type systems for optimizing stack-based code // Electronic Notes in Theoretical Computer Science. — 2007. — Вып. 190.1. — С. 103-119.. — doi:10.1016/j.entcs.2007.02.063. Архивировано 26 мая 2016 года.: «virtual stack or virtual register VMs can be executed more efficiently using an interpreter. Virtual register machines can be an attractive alternative to stack architectures because they allow the number of executed VM instructions to be substantially reduced.»
Haifei Li (Microsoft), Inside AVMАрхивная копия от 21 ноября 2014 на Wayback Machine // REcon 2012, Montreal «Most Flash vulnerabilities are ActionScript-related … Faults on verification cause highly-dangerous JIT type confusion vulnerabilities. • highly-dangerous means perfect exploitation: bypassing ASLR+DEP, with %100 reliability, no heapSpray, no JITSpray. • JIT type confusion bugs are due to faults in the verification of AVM!»
Gerwin Klein and Martin Wildmoser, Verified Bytecode SubroutinesАрхивная копия от 10 августа 2017 на Wayback Machine // Journal of Automated Reasoning 30.3-4 (2003): 363—398. «Bytecode verification is a static check for bytecode safety. Its purpose is to ensure that the JVM only executes safe code: no operand stack over- or underflows, no ill-formed instructions, no type errors»
Ando Saabas, Tarmo Uustalu.Type systems for optimizing stack-based code // Electronic Notes in Theoretical Computer Science. — 2007. — Вып. 190.1. — С. 103-119.. — doi:10.1016/j.entcs.2007.02.063. Архивировано 26 мая 2016 года.: «virtual stack or virtual register VMs can be executed more efficiently using an interpreter. Virtual register machines can be an attractive alternative to stack architectures because they allow the number of executed VM instructions to be substantially reduced.»
Gerwin Klein and Martin Wildmoser, Verified Bytecode SubroutinesАрхивная копия от 10 августа 2017 на Wayback Machine // Journal of Automated Reasoning 30.3-4 (2003): 363—398. «Bytecode verification is a static check for bytecode safety. Its purpose is to ensure that the JVM only executes safe code: no operand stack over- or underflows, no ill-formed instructions, no type errors»
Haifei Li, Understanding and Exploiting Flash ActionScript VulnerabilitiesАрхивировано 26 ноября 2013 года., 2011 «Bytecode -> Verification process … ActionScript Vulnerabilities are due to various program flow calculating errors in the Verification/Generation Process (the Verification Flow and the Execution Flow are not the same)»
Haifei Li (Microsoft), Inside AVMАрхивная копия от 21 ноября 2014 на Wayback Machine // REcon 2012, Montreal «Most Flash vulnerabilities are ActionScript-related … Faults on verification cause highly-dangerous JIT type confusion vulnerabilities. • highly-dangerous means perfect exploitation: bypassing ASLR+DEP, with %100 reliability, no heapSpray, no JITSpray. • JIT type confusion bugs are due to faults in the verification of AVM!»
Verification of Bytecode in a Virtual machineАрхивировано 30 апреля 2013 года. // International Journal of Advanced Research in Computer Science and Software Engineering Vol.3 Issue 3 March 2013, ISSN 2277-128X: «Java byte code verification has been studied extensively from a correctness perspective, and several vulnerabilities have been found and eliminated in this process»
