Towards feasible, machine-assisted verification of object-oriented programs

This thesis provides an account of a development of tools towards making verification of object-oriented programs more feasible. We note that proofs in program verification logics are typically long, yet, mathematically, not very deep; these observations suggest the thesis that computers can significantly ease the burden of program verification. We give evidence supporting this by applying computers to (1) automatically check and (2) automatically infer large parts of proofs. Taking the logic (AL) of Abadi and Leino as our starting point, we initially show how the logic can be embedded into a higher-order logic theorem prover, by way of introducing axioms, using a mix of both higher-order abstract syntax (HOAS) and a direct embedding of the assertion logic. The tenacity and exactness of the theorem prover ensures that no proof obligation is inadvertently lost during construction of a proof; we inherit any automatic facilities such as tactics which take us part way towards goal (2); and moreover, we achieve goal (1), since we inherit machine proofs which can be checked automatically. We present som

Composite objects: dynamic representation and encapsulation by static classification of object references

The composition of several objects to one higher-level, composite object is a central technique in the construction of object-oriented software systems and for the management of their structural and dynamic complexity. Standard object-oriented programming languages, however, focus their support on the elementary objects and on class inheritance (the other central technique). They do not provide for the expression of objects' composition, and do not ensure any kind of encapsulation of composite objects. In particular, there is no guarantee that composite objects control the changes of their own state (state encapsulation). We propose to advance software quality by new program annotations that document the design with respect to object composition and, based on them, new static checks that exclude designs violating the encapsulation of composite objects' state. No significant restrictions are imposed on the composite objects' internal structure and dynamic construction. Common design patterns like Iterators and Abstract Factories are supported. We extend a subset of the Java language by mode annotations at all types of object references, and a user-specified classification of all methods into potentially state changing mutators and read-only observers. The modes superimpose composition relationships between objects connected by paths of references at run-time. The proposed mode system limits, orthogonally to the type system, the invocation of mutator methods (depending on the mode of the reference to the receiver object), the permissibility of reference passing (as parameter or result), and the compatibility between references of different modes. These restrictions statically guarantee state encapsulation relative to the mode-expressed object composition structure

Denotational semantics for Abadi and Leino's logic of objects

Abadi-Leino Logic is a Hoare-calculus style logic for a simple imperative and object-based language where every object comes with its own method suite. Consequently, methods need to reside in the store (rdquohigher-order storerdquo). We present a new soundness proof for this logic using a denotational semantics where object specifications are recursive predicates on the domain of objects. Our semantics reveals which of the limitations of Abadi and Leinorsquos logic are deliberate design decisions and which follow from the use of higher-order store. We discuss the implications for the development of other, more expressive, program logics

Semantics and logic of object calculi

The main contribution of this paper is a formal characterization of recursive object specifications and their existence based on a denotational untyped semantics of the object calculus. Existence is not guaranteed but can be shown employing Pitts’ results on relational properties of domains. The semantics can be used to analyse and verify Abadi and Leino's object logic but it also suggests extensions. For example, specifications of methods may not only refer to fields but also to methods of objects in the store. This can be achieved without compromising the existence theorem. An informal logic of predomains is in use intentionally in order to avoid any commitment to a particular syntax of specification logic

Semantics and logic of object calculi

The main contribution of this paper is a formal characterization of recursive object specifications and their existence based on a denotational untyped semantics of the object calculus. Existence is not guaranteed but can be shown employing Pitts’ results on relational properties of domains. The semantics can be used to analyse and verify Abadi and Leino's object logic but it also suggests extensions. For example, specifications of methods may not only refer to fields but also to methods of objects in the store. This can be achieved without compromising the existence theorem. An informal logic of predomains is in use intentionally in order to avoid any commitment to a particular syntax of specification logic