Forester Virtual Machine

Forest automata were developed for verification of programs manipulating dynamic linked data structures such as various forms of singly and doubly- linked lists or trees, targeting properties like no null-pointer dereferences, absence of garbage, shape properties, etc. They are an extension of tree au- tomata. A heap is split into several “separated” parts such that each of them can be represented by a tree automaton. The automata can refer to each other allowing the different parts of the heaps to mutually refer to their boundaries. Forest automata also allow for a hierarchical representation of heaps by allow- ing alphabets of the tree automata to contain other, nested tree automata. Program instructions can be encoded as operations on our representation structure. This allows verification of programs based on symbolic state-space exploration together with refinable abstraction within the so-called abstract regular tree model checking. A motivation for the approach is to combine ad- vantages of automata-based approaches (higher generality and flexibility of the abstraction) with some advantages of separation-logic-based approaches (efficiency). The approach have been implemented in the tool Forester and successfully tested on multiple non-trivial case studies, including manipula- tions of complex data structures as complex as skip lists.