What problem does this paper attempt to address?

The problem that this paper attempts to solve is: The existing methods for eliminating dangling pointers to defend against Use - After - Free (UAF) vulnerabilities are not lightweight enough, because these methods need to interrupt the execution flow during program runtime to record the memory addresses of pointers or locate the target objects of pointers. This results in significant runtime overhead, making these methods unsuitable for application scenarios with high - performance requirements. ### Specific description of the problem The UAF vulnerability refers to the continued use of pointers pointing to released memory after the memory has been freed, which may lead to serious security problems such as arbitrary code execution, privilege escalation, and data leakage. Dangling pointers are considered the main cause of UAF vulnerabilities. Existing methods for eliminating dangling pointers usually track the allocation and release operations of pointers by inserting functions at compile time and record the memory addresses of pointers at runtime. However, this method requires pausing program execution every time a pointer assignment operation is encountered, increasing the runtime overhead, and thus is not lightweight enough. ### Solution To solve this problem, the paper proposes a new method named LightDE. The main features of LightDE are as follows: 1. **Compile - time analysis and storage**: LightDE determines the objects pointed to by pointers through structure - sensitive pointer analysis at compile time and stores these pointing relationships in the data segment of the program. In this way, there is no need to record the memory addresses of pointers or locate target objects at runtime, thereby reducing the runtime overhead. 2. **Lightweight design**: Since the pointer relationships have been determined and stored at compile time, LightDE only needs to verify whether the pointers point to released objects at runtime, so it is very lightweight. 3. **High efficiency**: Experimental results show that LightDE can effectively defend against UAF vulnerabilities while introducing very low performance overhead. The geometric mean runtime overhead on the SPEC CPU2006 benchmark suite is only 8.66%, and the memory overhead is 7.26%. ### Specific implementation The working process of LightDE is divided into two phases: compile - time and runtime: - **Compile - time**: - Compile the source code into LLVM Intermediate Representation (IR). - Conduct structure - sensitive pointer analysis to determine the objects pointed to by pointers and their structural information. - Embed the pointer - pointing relationships into the data segment of the program. - Insert necessary instructions and functions to manage and handle the allocation and release of objects at runtime. - **Runtime**: - Initialize the data structure and create a LightDE thread. - When an object is allocated, insert a function to record the information of the runtime object. - When an object is released, the LightDE thread checks and eliminates dangling pointers. In this way, LightDE can effectively defend against UAF vulnerabilities without affecting program performance. ### Summary LightDE avoids additional runtime overhead by performing pointer analysis at compile time and embedding the results into the program, thus providing a lightweight and efficient method for defending against UAF vulnerabilities.