Appendix C: Bibliography

Sources are organized by category. All URLs were verified accessible as of the time of writing. Online resources are subject to change.

CPU Architecture Manuals and Specifications

Intel Corporation. Intel® 64 and IA-32 Architectures Software Developer's Manuals. Order Number 253665. Available at: https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html The definitive reference for x86-64 architecture. Volume 1: Basic Architecture. Volume 2A/B/C/D: Instruction Set Reference (A-Z). Volume 3A/B/C/D: System Programming Guide (paging, interrupts, VMX, performance monitoring). The instruction set reference (Volume 2) is consulted for every instruction encoding, flag effect, and exception condition cited in this book.

AMD. AMD64 Architecture Programmer's Manual. Publication numbers 24592-24596. Available at: https://developer.amd.com/resources/developer-guides-manuals/ AMD's perspective on the x86-64 architecture they originated. AMD Volume 2 (System Programming) and Volume 3 (General-Purpose and System Instructions) are particularly useful for OS development.

Arm Limited. Arm Architecture Reference Manual for A-profile architecture. DDI0487. Available at: https://developer.arm.com/documentation/ddi0487 The authoritative ARM64 (AArch64) reference. Part A covers the application level; Part D covers the system level. Chapters on the exception model, memory model, and instruction encoding are the most frequently consulted.

RISC-V Foundation. The RISC-V Instruction Set Manual, Volume I: Unprivileged ISA. Document version 20191213. Available at: https://riscv.org/technical/specifications/ The base RISC-V specification. At roughly 250 pages for the base ISA, significantly shorter and more readable than x86-64 or ARM64 equivalents. Chapter 2 (RV32I/RV64I Integer Instruction Set) and the ABI specification are the most relevant for assembly programming.

Intel Corporation. Intel® Control-flow Enforcement Technology Specification. Available at: https://www.intel.com/content/www/us/en/developer/articles/technical/technical-look-control-flow-enforcement-technology.html The architectural specification for CET SHSTK and IBT. Describes the shadow stack page attributes, the CALL/RET hardware behavior, the ENDBR64 instruction, and the #CP exception. Essential reading for Chapter 36-37 security content.

Intel Corporation. Intel® 64 and IA-32 Architectures Optimization Reference Manual. Order Number 248966. Available at: https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html Instruction latency and throughput tables, microarchitecture-specific optimization guidance, vectorization guidance, and performance monitoring counter descriptions.

ABI and Calling Convention Specifications

System V ABI AMD64 Supplement. System V Application Binary Interface — AMD64 Architecture Processor Supplement. Version 1.0 (2018), H.J. Lu (editor). Available at: https://gitlab.com/x86-psABIs/x86-64-ABI The authoritative System V AMD64 ABI specification. Defines argument passing, register usage, stack alignment, the red zone, data type representations, and the ELF file format extensions for x86-64.

ARM Limited. Procedure Call Standard for the Arm 64-bit Architecture (AAPCS64). Document IHI0055. Available at: https://developer.arm.com/documentation/ihi0055 The ARM64 calling convention specification. Defines X0-X7 as argument registers, X30 as the link register, callee-saved registers (X19-X28), and stack alignment requirements.

RISC-V Foundation. RISC-V ELF psABI Specification. Available at: https://github.com/riscv-non-isa/riscv-elf-psabi-doc The RISC-V ABI specification. Defines a0-a7 as argument registers, s0-s11 as callee-saved registers, and the calling convention for integer and floating-point arguments.

Compilers and Optimization

Cooper, Keith D. and Torczon, Linda. Engineering a Compiler. 3rd edition. Morgan Kaufmann, 2022. ISBN 978-0128154120. The standard academic compiler textbook. Chapters on intermediate representations (Chapter 5), data flow analysis (Chapter 9), register allocation (Chapter 13), and instruction selection (Chapter 11) directly connect to what compilers produce in assembly output.

Aho, Alfred V., Lam, Monica S., Sethi, Ravi, and Ullman, Jeffrey D. Compilers: Principles, Techniques, and Tools. 2nd edition. Pearson, 2006. ISBN 978-0321486813. The "Dragon Book." The foundational compiler textbook. Less accessible than Cooper and Torczon for a first read, but the chapters on code optimization (Chapter 9) provide the theoretical foundation for understanding optimization passes.

Fog, Agner. Instruction Tables: Lists of Instruction Latencies, Throughputs and Micro-operation Breakdowns for Intel, AMD and VIA CPUs. Free PDF, updated regularly. Available at: https://agner.org/optimize/ The essential performance reference for x86-64 instruction timing. Per-instruction latency, throughput, and execution port breakdown for each microarchitecture generation. Consulted for all instruction timing claims in Part VI of this book.

Fog, Agner. Optimizing Software in C++: An Optimization Guide for Windows, Linux and Mac platforms. Free PDF. Available at: https://agner.org/optimize/ A comprehensive guide to software optimization from a microarchitecture perspective. Complements Part VI by providing detailed guidance on cache optimization, branch prediction, and SIMD programming.

Operating Systems

Arpaci-Dusseau, Remzi H. and Arpaci-Dusseau, Andrea C. Operating Systems: Three Easy Pieces. Arpaci-Dusseau Books, 2023. Available free at: https://pages.cs.wisc.edu/~remzi/OSTEP/ The clearest conceptual treatment of operating system internals: virtualization (processes, memory, scheduling), concurrency (locks, semaphores, condition variables), and persistence (I/O, filesystems). Reading OSTEP provides the conceptual vocabulary for what MinOS implements.

Love, Robert. Linux Kernel Development. 3rd edition. Addison-Wesley, 2010. ISBN 978-0672329463. A practical introduction to Linux kernel internals written by a kernel developer (author of the O(1) scheduler). Covers process management, scheduling, memory management, system calls, interrupts, and device drivers. Bridges from MinOS concepts to production Linux implementation.

Silberschatz, Abraham, Galvin, Peter B., and Gagne, Greg. Operating System Concepts. 10th edition. Wiley, 2018. ISBN 978-1119454083. The standard OS textbook used in university courses. Provides comprehensive coverage of scheduling algorithms, synchronization primitives, memory management, and file systems. More theoretical than OSTEP; useful as a reference.

Blundell, Nick. Writing a Simple Operating System — from Scratch. Free PDF. Available at: https://www.cs.bham.ac.uk/~exr/lectures/opsys/10_11/lectures/os-dev.pdf A short (hundreds of pages) walkthrough of writing a bootloader and minimal OS kernel from scratch on x86. The starting point for MinOS-style projects. Describes the boot sequence, mode switching, and basic kernel components at exactly the level of detail needed for Chapter 38.

Security Research

Aleph One (Elias Levy). "Smashing the Stack for Fun and Profit." Phrack Magazine, vol. 7, issue 49, 1996. Available at: http://phrack.org/issues/49/14.html The foundational paper on stack buffer overflow exploitation. Describes the stack frame layout, the return address overwrite technique, shellcode design, and NOP sleds on x86 Linux. Required reading for understanding where Chapter 35 techniques originate.

Shacham, Hovav. "The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)." ACM Conference on Computer and Communications Security (CCS), 2007. Available at: https://hovav.net/ucsd/dist/rop.pdf The paper that formally defined Return-Oriented Programming and proved its Turing completeness. Demonstrates that x86's variable-length encoding provides sufficient gadget density in any sufficiently large code segment. Foundational for Chapter 37.

Bosman, Erik and Bos, Herbert. "Framing Signals — A Return to Portable Shellcode." IEEE Symposium on Security and Privacy (S&P), 2014. The paper introducing Sigreturn-Oriented Programming (SROP). Demonstrates that the sigreturn system call can be used to set all registers to attacker-controlled values simultaneously, enabling powerful exploitation with minimal gadget requirements. Referenced in Chapter 37.

Bittau, Andrea, Belay, Adam, Mashtizadeh, Ali, Mazières, David, and Boneh, Dan. "Hacking Blind." IEEE Symposium on Security and Privacy (S&P), 2014. The paper introducing Blind ROP (BROP). Demonstrates exploitation of stack overflow vulnerabilities on remote servers without access to the binary, using repeated probing to discover gadgets. Referenced in Chapter 37.

Szekeres, László, Payer, Mathias, Wei, Tao, and Song, Dawn. "SoK: Eternal War in Memory." IEEE Symposium on Security and Privacy (S&P), 2013. A systematic survey of memory corruption vulnerabilities (buffer overflows, use-after-free, format strings, heap corruption) and mitigations (canaries, ASLR, NX, CFI). Provides the conceptual framework for evaluating mitigation effectiveness. Referenced in Chapters 35-37.

Erickson, Jon. Hacking: The Art of Exploitation. 2nd edition. No Starch Press, 2008. ISBN 978-1593271442. A comprehensive hands-on treatment of x86 exploitation including buffer overflows, shellcode engineering, format string attacks, and network-level exploitation. Includes a live Linux environment for practice. Recommended in Chapter 40 for readers who want to go deeper after Part VII.

Andriesse, Dennis. Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly. No Starch Press, 2018. ISBN 978-1593279127. Covers ELF binary format internals, binary instrumentation, disassembly, dynamic taint analysis, and symbolic execution. Bridges from the static analysis tools in Chapter 34 to automated vulnerability discovery.

Reverse Engineering

Eagle, Chris and Nance, Kara. The Ghidra Book: The Definitive Guide. No Starch Press, 2020. ISBN 978-1718501027. The authoritative guide to Ghidra. Covers the Ghidra interface, scripting (Java and Python APIs), headless analysis, plugin development, and collaboration features. The API reference is useful for automating RE tasks.

Sikorski, Michael and Honig, Andrew. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, 2012. ISBN 978-1593272906. The standard malware analysis textbook. Covers static analysis (IDA Pro), dynamic analysis (OllyDbg, process monitoring), anti-analysis techniques (anti-disassembly, anti-debugging, packing), and specific malware category analysis. The static analysis methodology in Chapter 34 draws on this work.

Kaspersky, Kris. Hacker Disassembling Uncovered. A-LIST Publishing, 2003. ISBN 978-1931769228. A dated but still valuable treatment of x86 disassembly, self-modifying code, anti-disassembly techniques, and the challenges of recovering high-level structure from assembly. The discussion of instruction stream parsing is relevant to understanding why disassemblers can be confused.

SIMD and Performance

Lomont, Chris. "Introduction to Intel Advanced Vector Extensions." Intel whitepaper. Available at: https://software.intel.com/content/www/us/en/develop/articles/introduction-to-intel-advanced-vector-extensions.html A concise introduction to AVX and AVX2 from Intel. Covers the register file (YMM), instruction categories, and the difference between 128-bit SSE and 256-bit AVX operations. Useful supplement to Chapters 20-24.

Harris, Mark and Garland, Michael. "Optimizing Parallel Reduction in CUDA." NVIDIA whitepaper. Available at: https://developer.download.nvidia.com/assets/cuda/files/reduction.pdf A study of the horizontal reduction problem (summing all elements of an array) in the CUDA/GPU context. The techniques — avoiding divergence, using shared memory, loop unrolling — illuminate the same performance considerations that apply to SIMD reduction in Chapter 24.

Online Resources and Tools

Compiler Explorer (godbolt.org). https://godbolt.org/ Interactive compiler output viewer. Write C/C++/Rust/Go/Zig source; see the compiled assembly from any compiler (GCC, Clang, MSVC, ICC) at any optimization level for any supported architecture. The most practical tool for understanding what compilers do. Used throughout this book to verify generated assembly.

OSDev Wiki. https://wiki.osdev.org/ The community reference for OS development from scratch. Pages on the x86 boot process, GDT/IDT setup, memory mapping, APIC, PCI, and filesystem implementation are directly relevant to the MinOS project in Chapter 38.

OSDev Forum. https://forum.osdev.org/ The accompanying community forum. Populated by hobbyist OS developers from beginner to advanced. The most effective place to ask technical questions about boot-time behavior, memory map issues, and hardware-specific quirks.

pwn.college (Arizona State University). https://pwn.college/ A structured, progressive CTF education platform. The "Program Security" and "Exploitation Mitigations" modules are direct continuations of Chapters 35-37. All challenges are carefully scaffolded from simple buffer overflows to advanced techniques.

CTFtime.org. https://ctftime.org/ The hub for the international CTF competition calendar. The writeup archive is searchable by category (pwn, rev, crypto) and difficulty. Reading other teams' writeups is the fastest way to learn techniques not covered in any textbook.

Agner Fog's Optimization Website. https://agner.org/optimize/ The definitive source for x86-64 instruction timing tables (updated for each new microarchitecture) and optimization guides. The instruction tables PDF is essential for accurate performance analysis.

lore.kernel.org — Linux Kernel Mailing List Archive. https://lore.kernel.org/ The complete, searchable archive of Linux kernel development mailing lists. Essential for understanding the kernel contribution process, patch review culture, and the technical discussions behind kernel decisions.

LiveOverflow YouTube Channel. https://www.youtube.com/c/LiveOverflow High-quality video explanations of binary exploitation, CTF challenges, and reverse engineering. The playlist on "Binary Exploitation" covers the same material as Chapters 35-37 in video format with live GDB demonstrations. Particularly useful for visual learners.

WebAssembly and JIT Compilation

WebAssembly Working Group. WebAssembly Core Specification. W3C Recommendation. Available at: https://webassembly.github.io/spec/core/ The normative WASM specification. The binary format, validation rules, and execution semantics are defined precisely. The type system section explains why WASM can be safely sandboxed.

Aycock, John. "A Brief History of Just-In-Time." ACM Computing Surveys, 35(2):97-113, 2003. A survey of JIT compilation from early self-modifying code (1960s) through modern implementations (V8, HotSpot, LLVM). Places the mmap/mprotect/call JIT pattern in historical context.

RISC-V

Patterson, David A. and Waterman, Andrew. The RISC-V Reader: An Open Architecture Atlas. Strawberry Canyon LLC, 2017. ISBN 978-0999249109. Written by RISC-V's architects. Short (238 pages), clear, and designed for readers who already know computer architecture. The ISA comparison appendices (RISC-V vs. x86-64 vs. ARM64) are immediately useful.

Patterson, David A. and Hennessy, John L. Computer Organization and Design: RISC-V Edition. Morgan Kaufmann, 2020. ISBN 978-0128203316. The standard computer architecture textbook updated for RISC-V. Covers pipeline design, cache organization, branch prediction hardware, and out-of-order execution at the microarchitecture level. Recommended for deeper hardware understanding after Chapter 17.