The widespread presence of Use-After-Free (UAF) vulnerabilities poses a serious threat to software security, with dangling pointers being considered the primary cause of these vulnerabilities. However, existing methods for defending against UAF vulnerabilities by eliminating dangling pointers need to interrupt the program's execution when encountering pointer assignment operations in order to store the memory addresses of the pointers in a specific data structure. This makes these methods not lightweight. To overcome this drawback, we propose a novel approach called LightDE. This method does not require storing the memory addresses of pointers during program execution. LightDE uses our proposed structure-sensitive pointer analysis method to determine which objects pointers point to and stores the pointing relationships in the program's data segment during program compilation. Since LightDE only needs to verify if pointers identified by the pointer analysis point to released objects when eliminating dangling pointers, it is very lightweight. Our experimental results show that LightDE can effectively defend against UAF vulnerabilities and the performance overhead it introduces is very low.

翻译：Use-After-Free（UAF）漏洞的广泛存在对软件安全构成了严重威胁，而悬空指针被认为是导致这些漏洞的主要原因。然而，现有的通过消除悬空指针来防御UAF漏洞的方法，在遇到指针赋值操作时需要中断程序执行，以便将指针的内存地址存储到特定的数据结构中。这使得这些方法不够轻量。为了克服这一缺点，我们提出了一种名为LightDE的新方法。该方法在程序执行期间无需存储指针的内存地址。LightDE使用我们提出的结构敏感指针分析方法来确定指针指向哪些对象，并在程序编译期间将指向关系存储在程序的数据段中。由于LightDE在消除悬空指针时，仅需验证由指针分析识别出的指针是否指向已释放的对象，因此它非常轻量。我们的实验结果表明，LightDE能够有效防御UAF漏洞，且其引入的性能开销非常低。