Stack is automatic memory for local variables, function calls, and return addresses. It grows downward, is fast, and automatically managed. Heap is manual memory for dynamic allocation via malloc/free. It grows upward, is slower (system call), and requires explicit management. Stack overflow occurs on deep recursion; heap exhaustion on too many allocations.

A segmentation fault (segfault) occurs when a program tries to access memory it doesn't own. Common causes: dereferencing a NULL pointer, accessing freed memory (dangling pointer), writing to read-only memory (const violation), or stack overflow that corrupts the guard page. The OS terminates the program because the memory access violates protection boundaries.

When you add n to a pointer ptr + n, the compiler multiplies n by the size of the pointed-to type. For int *ptr, ptr + 1 advances by 4 bytes (sizeof int). This allows iterating through arrays: arr[i] is equivalent to *(arr + i). The type information is crucial—the compiler knows the element size without you explicitly calculating.

A memory leak occurs when dynamically allocated memory is no longer referenced but never freed, causing the program's memory footprint to grow over time. Detection methods include:

• Valgrind (memcheck) — Run your program under Valgrind to get a detailed report of unfreed allocations with stack traces
• AddressSanitizer (ASAN) — Compile with -fsanitize=address to detect leaks at runtime
• LeakSanitizer (LSAN) — Often bundled with ASAN; detects leaks at program exit
• Manual tracking — Override malloc/free with wrappers that log allocation metadata

All three are C standard library functions for dynamic memory allocation:

• malloc(n) — Allocates n bytes of uninitialized memory. Faster but the caller must initialize contents
• calloc(count, size) — Allocates count * size bytes and zero-initializes every byte. Slightly slower but safer for structures that require a known initial state
• realloc(ptr, new_size) — Resizes a previously allocated block, potentially moving it to a new location. Returns a pointer to the resized block (may differ from the original)

A dangling pointer is a pointer that references memory that has already been freed or deallocated. Dereferencing it causes undefined behavior (crash, corruption, or security vulnerability). Prevention strategies:

• Set pointer to NULL immediately after calling free()
• Use smart pointers (C++ unique_ptr, shared_ptr) that automatically nullify on destruction
• Avoid returning pointers to local (stack) variables from functions
• Use static analysis tools and runtime detectors (ASAN, Valgrind)

While both provide indirection, they differ fundamentally:

• Nullability — Pointers can be null; references must always refer to a valid object
• Rebinding — Pointers can be reassigned to point elsewhere; references are bound at initialization and cannot be reseated
• Syntax — Pointers use * for dereferencing and & for address-of; references use transparent syntax (no explicit dereference)
• Arithmetic — Pointer arithmetic is supported; reference arithmetic is not
• Use case — Prefer references for function parameters (especially const&), pointers for nullable parameters or dynamic data structures

Smart pointers are RAII wrappers that automate memory management. The three standard ones:

• std::unique_ptr — Exclusive ownership. Cannot be copied, only moved. Use when exactly one owner exists (e.g., a tree node owning its children)
• std::shared_ptr — Shared ownership via reference counting. Use when multiple owners share an object's lifetime (e.g., graph structures, caches)
• std::weak_ptr — Non-owning observer that breaks circular references in shared_ptr graphs. Use with shared_ptr to avoid memory leaks

restrict is a type qualifier that tells the compiler a pointer is the only way to access the object it points to within its scope. This enables optimizations (like eliminating redundant loads) that would otherwise be unsafe due to pointer aliasing:

• Without restrict, the compiler must assume dst and src in memcpy might overlap, preventing certain optimizations
• With restrict, the compiler can reorder loads/stores aggressively for better performance
• Violating the contract (accessing memory through another pointer) is undefined behavior

The heap allocator stores metadata alongside each allocated block, typically in a header just before the returned pointer. This header contains:

• The size of the allocated block (in bytes or chunks)
• Status flags (allocated/free, alignment info)
• Linked-list pointers for free-list management in certain allocator designs
• When free(ptr) is called, the allocator reads the header at ptr - sizeof(header) to determine the block size and return it to the free pool

Memory fragmentation occurs when free memory is broken into small, non-contiguous chunks over time, making it hard to satisfy large allocation requests. Two types:

• External fragmentation — Free memory exists but is scattered across many small gaps; a large malloc may fail despite sufficient total free space
• Internal fragmentation — Allocated blocks are larger than requested due to alignment padding or minimum chunk sizes, wasting memory within blocks
• Impact: increased cache misses (poor locality), allocation failures, and performance degradation in long-running processes
• Mitigations: slab allocators, memory pools, compacting garbage collectors, or arena-style allocation strategies

When copying an object that contains pointer members:

• Shallow copy — Copies the pointer value (address), so both the original and copy point to the same memory. This can lead to double-free or dangling pointer bugs when one is destroyed
• Deep copy — Allocates new memory and copies the data the pointer points to, so each object owns its own independent data. Requires implementing a proper copy constructor and assignment operator in C++
• Rule of Three/Five: if a class manages a resource (dynamic memory), you must implement destructor, copy constructor, and copy assignment operator (or use RAII wrappers)

A function pointer stores the address of a function and allows invoking it indirectly. Declaration syntax: return_type (*ptr_name)(parameter_types). Use cases:

• Callbacks — Passing a function to a library (e.g., qsort comparator, signal handlers)
• Dispatch tables — Array of function pointers to implement state machines or command patterns without switch/if chains
• Plugins / dynamic loading — dlsym() returns function pointers for dynamically loaded symbols
• Virtual functions (under the hood) — C++ vtables are arrays of function pointers

RAII (Resource Acquisition Is Initialization) is a C++ idiom where resource management is tied to object lifetime:

• Acquire the resource in the constructor (e.g., malloc in a smart pointer constructor)
• Release the resource in the destructor (e.g., free when the smart pointer goes out of scope)
• This guarantees deterministic cleanup: when the object is destroyed (stack unwinding, exception, or scope exit), the resource is freed automatically
• Benefits: no manual free calls, exception safety, and elimination of most memory leak and dangling pointer bugs

Read const declarations from right to left:

• const int* ptr (or int const* ptr) — Pointer to a constant integer. The pointed-to value cannot be modified through ptr, but ptr itself can be reassigned to point elsewhere
• int* const ptr — Constant pointer to a (non-const) integer. The pointer cannot be reassigned, but the value it points to can be modified
• const int* const ptr — Constant pointer to a constant integer. Neither the pointer nor the value can be modified
• Use case: const int* for read-only access (function parameters), int* const for fixed memory-mapped registers

AddressSanitizer (ASAN) is a runtime memory error detector for C/C++ that instruments code at compile time. It catches:

• Out-of-bounds accesses (heap, stack, and global buffer overflows)
• Use-after-free (dangling pointer dereference)
• Double-free and invalid free
• Memory leaks (via the companion LeakSanitizer)
• Stack-use-after-return and stack-use-after-scope
• Activate with -fsanitize=address -fno-omit-frame-pointer in GCC/Clang; adds ~2x slowdown but catches nearly all memory safety bugs

A void* is a generic pointer that can hold the address of any data type without knowing its type:

• Uses: Generic functions (like memcpy, qsort), callback contexts, opaque handles in C APIs
• Limitations: Cannot be dereferenced directly (the compiler doesn't know the type size); must be cast to a typed pointer first
• Pointer arithmetic is not allowed on void* in standard C (GCC allows it as an extension treating it as char*, but it's non-portable)
• Type safety is lost — the programmer must ensure the correct type is used when casting back; misuse leads to undefined behavior

Alignment requirements enforce that data is stored at memory addresses that are multiples of their size (e.g., 4-byte int starts at an address divisible by 4). Compilers insert padding bytes between struct members to satisfy alignment:

• Padding — Unused bytes inserted between members to align each member to its natural boundary
• Effect on pointer offsets: The offsetof macro can be used to compute member offsets. Pointer arithmetic between members ((char*)&s.member2 - (char*)&s.member1) accounts for padding bytes
• Reordering members from largest to smallest can minimize padding waste. Use #pragma pack to force packing (at the cost of performance on some architectures)
• Untagged struct layouts across compilers or with different packing settings cause ABI incompatibilities

A double pointer (int**) is a pointer to a pointer. Use cases:

• Modifying a pointer argument — If a function needs to allocate memory and assign it to a caller's pointer variable, you pass a pointer to that pointer (int** ptr). Example: void allocate(int** p, int n) { *p = malloc(n * sizeof(int)); }
• Dynamic 2D arrays — Array of pointers where each pointer points to a row: int** matrix = malloc(rows * sizeof(int*));
• Linked list manipulation — Removing a node from a singly linked list can use a pointer-to-pointer to avoid special-casing the head
• Function pointer tables — Multi-level indirection in dispatch mechanisms

C is strictly pass-by-value, but pointers enable pass-by-reference semantics:

• Pass-by-value — A copy of the variable is passed; modifications inside the function do not affect the caller. Example: void swap_bad(int a, int b) — swaps only copies
• Simulated pass-by-reference — The address of the variable is passed as a pointer; the function dereferences the pointer to modify the original. Example: void swap_good(int *a, int *b) { int t = *a; *a = *b; *b = t; }
• For large structs, passing a const* is both more efficient (avoids copying) and allows read-only access when const-qualified
• Always check for NULL when accepting pointers that are expected to point to valid data