A computer implemented method for analyzing a computer software program comprising both C++ and C string components, wherein the method includes building a memory model abstraction of any memory used by the program strings. Various memory models are presented that find invalid memory accesses in terms of validity of memory regions and buffer overflows. The model supports analyzing the interaction of C and C++ components—in particular, it focuses on the interaction of C and C++ strings. The conversion of C++ strings to C strings is accomplished through a non-transferable ownership attribute that is to be respected by the C strings. The models can then be analyzed using static analysis techniques such as abstract interpretation and model checking, or through dynamic analysis. In so doing we allow discovery of potential memory safety violations in programs involving conversions between C and C++ strings.