Verifying Object-Oriented Code Using Object Propositions

The modular verification of object-oriented code is made difficult by the presence of aliasing. If there are multiple clients depending on the properties of an object, one client may break the property that others depend on. Knowledge of both aliasing and predicates allows us to verify whether clients and implementations are compliant with specifications. We have developed a modular verification approach, by introducing the novel abstraction object propositions, that combines predicates and information about object aliasing. In our methodology, even if shared data is modified, we know that an object invariant specified by a client holds. This allows two references pointing to the same object to have a consistent view of the object. Our object invariant is different than a class invariant such as the ones in ESC/Java, as in our system two objects of the same class are allowed to have different invariants. Although there are separation logic approaches that can be used to specify similar programs, the specifications are complex and not modular. In separation logic, the specification of a method must describe all the heap cells that the method touches. The exact data shared between objects will then be exposed. With the help of access permissions, we are able to hide the aliasing information when possible. This is very important for software evolution because local changes to the code in a system should not modify the specification of other parts of the system.