search menu icon-carat-right cmu-wordmark

Pointer Ownership Model

June 2013 White Paper
David Svoboda

In this paper, David Svoboda describes the Pointer Ownership Model, which can statically identify classes of errors involving dynamic memory in C/C++ programs.


Software Engineering Institute


Pointers are a dangerous feature provided by C/C++, and incorrect use of pointers is a common source of bugs and vulnerabilities. Most new languages lack pointers or severely restrict their capabilities. Nonetheless, many C/C++ programmers work with pointers safely, by maintaining an internal model of when memory accessed through pointers should be allocated and subsequently freed. This model is frequently not documented in the program. The Pointer Ownership Model (POM) can statically identify certain classes of errors involving dynamic memory in C/C++ programs. It works by requiring the developer to identify responsible pointers, whose objects must be explicitly freed before the pointers themselves may be destroyed. POM can be statically analyzed to ensure that the design is consistent and secure, and that the code correctly implements the design. Consequently, POM can be used to identify, and eliminate many dynamic memory errors from C programs.