Monster is an incomplete symbolic execution engine for 64-bit RISC-U binaries generated by Selfie. It can find bugs like division by zero of an unknown binary. It's incompleteness is used as an advantage, by using an shortest path exploration strategy based on the binary code structure, to prune the state search space optimistically. In the backend an incomplete SMT solver is implemented, which further boosts performance. Popular SMT solvers like Boolector and Z3 are also supported as an optional build option.
Once Rust is installed (see step 1 in "Toolchain Setup"), you can easily install the latest version of Monster with:
$ cargo install monster-rs --locked
$ monster --help
Usage
Add this to your Cargo.toml:
[dependencies]
monster-rs = "0"
Monster can be build and tested on all major platforms. Just make sure you build for one of these targets:
- x86_64-unknown-linux-gnu
- x86_64-apple-darwin
- x86_64-pc-windows-msvc
- Bootstrap Rust v1.57.0 from https://rustup.rs and make sure:
- you install it with one of the supported host triples and
- add it to your path
- Install Rustfmt (formatter) and Clippy (linter)
$ rustup component add rustfmt
$ rustup component add clippy
- Install tool for documentation generation
$ cargo install mdbook --locked
$ cargo install mdbook-linkcheck --locked
$ cargo install mdbook-graphviz --locked
- Install tools to build Selfie with our favorite package manager
MacOs:
$ brew install make gcc git
Linux:
$ apt install make gcc git
Windows:
$ choco install make -y
$ choco install mingw -y
$ choco install git -y
Tests can be executed on all platforms, alltough one
feature is not supported on Windows: boolector
- Test your toolchain setup by compiling monster:
$ cargo build --locked
- Execute tests:
$ cargo test --locked
Copyright (c) 2020, the Selfie authors. All rights reserved.
Licensed under the MIT license.