maat::Settings class

Tweakable settings and options for the engine.

Most of the settings can be enabled or disabled by setting it to true or false. A few others are more fine-grain and can be assigned an arbitrary number (e.g symptr_max_range)

❱   Base classes

class Serializable
Virtual interface that serializable classes must implement.

❱   Public functions

auto class_uid() const -> serial::uid_t virtual
Return the class uid (see ClassId enum)

void dump(serial::Serializer&) const virtual
Dump the object contents in a serializer stream.

void load(serial::Deserializer&) virtual
Restore an object from a deserializer stream.

❱   Public variables

bool force_simplify
Systematically simplify abstract expressions during execution.

bool ignore_missing_imports
Don't stop executing when emulation is missing for an external function.

bool ignore_missing_syscalls
Don't stop executing when emulation is missing for a system call.

bool record_path_constraints
Record path constraints in the path manager.

bool symptr_read
Allow reading memory from fully-symbolic pointers.

bool symptr_write
Allow writing memory from fully-symbolic pointers.

bool symptr_assume_aligned
Assume that symbolic pointers are memory aligned according to the address size. That reduces the number of possible states when reading and writing memory using symbolic pointers.

bool symptr_limit_range
Arbitrary limit the range of possible values (aka. value set) for symbolic pointers. It results in a memory state that lacks accuracy (states for a pointer value exceeding the range are lost) but makes execution more efficient by drastically reducing the size of memory expressions. The maximal range size can be specified with the symptr_max_range_size setting.

unsigned int symptr_max_range
Maximal range size for a symbolic pointer value set (see symptr_limit_range)

bool symptr_refine_range
Use the solver to refine the range of possible values (aka. value set) for symbolic pointers. If there are many symbolic memory accesses this can significantly impact runtime performance. The amount of time given to the solver to refine a pointer's range can be tweaked using the symptr_refine_timeout setting.

unsigned int symptr_refine_timeout
Timeout in milliseconds for the solver when refining symbolic pointer value sets (see symptr_refine_range).

bool log_insts
Log every executed instruction.

bool log_calls
Log every executed syscall/function (whose symbol is known to the engine)