Refining Use-After-Free Defense: Eliminating Dangling Pointers in Registers and Memory.

The prevalence of use-after-free (UAF) vulnerabilities poses a significant threat to software security, with dangling pointers identified as the primary cause. However, existing de-fense methods suffer from bypass attacks, high runtime overhead, or only address memory dangling pointers while neglecting register-based ones that also contribute to UAF vulnerabilities. To overcome these shortcomings, we introduce a novel approach, ISDE, that eliminates both register and memory dangling point-ers with minimal additional runtime overhead. ISDE leverages an inter-procedural static pointer analysis method to statically collect object pointers during compilation, and uses the call graph and data flow graph to identify and eliminate potential dangling pointers. Our implementation of ISDE demonstrated its effectiveness in defending against real-world UAF vulnerabilities while maintaining efficiency in the SPEC CPU2006 evaluation.