A use-after-free vulnerability detection method for multi-threaded programs based on an improved Petri net and value flow graph

Use-After-Free (UAF) vulnerability is one of the common vulnerabilities in multi-threaded programs. Its static detection methods based on value flow analysis commonly show good analysis precision and efficiency. However, most of them do not adequately consider the causality constraints caused by different concurrency primitives and complex control structures, which may lead to false positives. Hence, this work proposes a static UAF vulnerability detection method based on an improved Petri net and value flow graph. Firstly, source codes of a multi-threaded program are transformed into intermediate codes, based on which a segmented Petri net is constructed, and control flow causality constraints are analyzed from the net. Then, a static value flow graph of a multi-threaded program is constructed, segment information in the corresponding segmented Petri net is associated with the graph, and UAF triggering and condition-satisfied constraints are analyzed from the graph. Finally, the compatibility among control flow causality, UAF triggering, and condition-satisfied constraints is analyzed to detect UAF vulnerabilities. This work conducts experiments on public and synthetic datasets. Experimental results show that the proposed method’s recall rate and precision are 25% and 33.3% higher than those of Canary, respectively; the proposed method’s recall rate and precision are 3% and 15.1% higher than those of Saber, respectively; and the proposed method’s time complexity is reduced by 12.6 ms and 21.3 ms compared with Canary and Saber, respectively.