Pointer Ownership Model

The incorrect use of pointers in the C and C++ programming languages is a common source of bugs and vulnerabilities. Most languages that are newer than C eliminate pointers or severely restrict their capabilities. Nonetheless, many C and C++ programmers work with pointers safely by maintaining a mental model of when memory accessed through pointers should be allocated and subsequently freed. This mental model is seldom documented outside of the evidence of its application in the source code.

The Pointer Ownership Model (POM) improves the ability of developers to statically analyze C programs for errors involving dynamic memory. To make a program comply with POM, a developer must identify the program's "responsible" pointers, whose objects must be explicitly freed before the pointers themselves may be destroyed. Any program that complies with POM can be statically analyzed to ensure that the design is consistent and secure and that the code correctly implements the design. Consequently, POM can be used to diagnose and eliminate many dynamic memory errors from C programs.