Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Pointer Ownership Model

  • June 2013
  • By David Svoboda
  • In this paper, David Svoboda describes the Pointer Ownership Model, which can statically identify classes of errors involving dynamic memory in C/C++ programs.
  • Secure Coding
  • Publisher: Software Engineering Institute
  • Abstract

    Pointers are a dangerous feature provided by C/C++, and incorrect use of pointers is a common source of bugs and vulnerabilities. Most new languages lack pointers or severely restrict their capabilities. Nonetheless, many C/C++ programmers work with pointers safely, by maintaining an internal model of when memory accessed through pointers should be allocated and subsequently freed. This model is frequently not documented in the program. The Pointer Ownership Model (POM) can statically identify certain classes of errors involving dynamic memory in C/C++ programs. It works by requiring the developer to identify responsible pointers, whose objects must be explicitly freed before the pointers themselves may be destroyed. POM can be statically analyzed to ensure that the design is consistent and secure, and that the code correctly implements the design. Consequently, POM can be used to identify, and eliminate many dynamic memory errors from C programs.
  • Download