Static Analysis Framework for Detecting Use-After-Free Bugs in C++

TL;DR

This paper presents a static analysis framework for C++ that detects use-after-free bugs at compile-time by tracking object lifetimes, aiming to improve software security and reduce debugging costs.

Contribution

It introduces a novel static analysis approach that effectively detects use-after-free bugs in C++, tested on real-world projects with promising results.

Findings

Successfully detects multiple use-after-free patterns

Achieves good detection accuracy on real-world projects

Highlights scenarios with false positives

Abstract

Pointers are a powerful, but dangerous feature provided by the C and C++ programming languages, and incorrect use of pointers is a common source of bugs and security vulnerabilities. Making secure software is crucial, as vulnerabilities exploited by malicious actors not only lead to monetary losses, but possibly loss of human lives. Fixing these vulnerabilities is costly if they are found at the end of development, and the cost will be even higher if found after deployment. That is why it is desirable to find the bugs as early in the development process as possible. We propose a framework that can statically find use-after-free bugs at compile-time and report the errors to the users. It works by tracking the lifetime of objects and memory locations pointers might point to and, using this information, a possibly invalid dereferencing of a pointer can be detected. The framework was tested on over 100 handwritten small tests, as well as 5 real-world projects, and has shown good results detecting errors, while at the same time highlighting some scenarios where false positive reports may occur. Based on the results, it was concluded that our framework achieved its goals, as it is able to detect multiple patterns of use-after-free bugs, and correctly report the errors to the programmer.