Memory safety

This article is about protection of memory in software development. For hardware protection of memory, see Memory protection.

Memory safety is a concern in software development that aims to avoid software bugs that cause security vulnerabilities dealing with random-access memory (RAM) access, such as buffer overflows and dangling pointers.

Computer languages such as C and C++ that support arbitrary pointer arithmetic, casting, and deallocation are typically not memory safe. There are several approaches to find errors in such languages: see the Detection section below.

Most high-level programming languages avoid the problem by disallowing pointer arithmetic and casting entirely, and by enforcing tracing garbage collection as the sole memory management scheme.

A language could support even more uses of pointer arithmetic, casting, and deallocation without sacrificing memory safety by using automated theorem proving as a form of static code analysis. ESC/Java with JML demonstrates a way that programmers can declare their invariants in ways that can be understood by a theorem prover.

Types of memory errors

Several types of memory errors can occur, depending on the programming language used:

Detection

There are many ways to detect memory errors in programs written in unsafe languages:

References

This article is issued from Wikipedia - version of the Friday, January 29, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.