The widespread presence of Use-After-Free (UAF) vulnerabilities poses a serious threat to software security, with dangling pointers being considered the primary cause of these vulnerabilities. However, existing methods for defending against UAF vulnerabilities by eliminating dangling pointers need to interrupt the program's execution when encountering pointer assignment operations to look up the objects pointed to by the pointers and store the memory addresses of the pointers in a specific data structure. This makes these methods not lightweight. To overcome this drawback, we propose a novel approach called LightDE. This method does not require storing the memory addresses of pointers or locating the objects pointed to by pointers during program execution. LightDE uses our proposed structure-sensitive pointer analysis method to determine the objects pointed to by pointers and stores the pointing relationships in the program's data segment during program compilation. Since LightDE only needs to check whether the pointers identified by the pointer analysis point to the released objects when the objects are released, LightDE is very lightweight. Our experimental results show that LightDE can effectively defend against UAF vulnerabilities, and the additional performance overhead it introduces is very low.

翻译：Use-After-Free（UAF）漏洞的普遍存在对软件安全构成了严重威胁，而悬空指针被认为是导致这些漏洞的主要原因。然而，现有通过消除悬空指针来防御UAF漏洞的方法，需要在遇到指针赋值操作时中断程序执行，以查找指针所指向的对象，并将指针的内存地址存储在特定的数据结构中。这使得这些方法不够轻量。为了克服这一缺点，我们提出了一种名为LightDE的新方法。该方法不需要在程序执行期间存储指针的内存地址或定位指针所指向的对象。LightDE使用我们提出的结构敏感指针分析方法来确定指针所指向的对象，并在程序编译期间将指向关系存储在程序的数据段中。由于LightDE仅需在对象被释放时检查指针分析所识别的指针是否指向已释放的对象，因此LightDE非常轻量。我们的实验结果表明，LightDE能够有效防御UAF漏洞，且其引入的额外性能开销非常低。