Title: Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
PDF: http://cpl0.net/~argp/papers/881dc45d33c7bfea662a0889918999e4.pdf

Uses TEMU to produce an execution/allocations log which is then parsed offline; for each freed heap object the pointers to it are labeled as dangling; taint propagation-like techniques are used to track pointers.

Original Twitter link: https://twitter.com/_argp/statuses/505011997445193728