Harmonizing intra- and inter-object specification and verification

Abstract

Object-oriented approaches to designing information systems suggest to distinguish between intra- and inter-object aspects. While intra-object design and verification tools are being used on a large scale, inter-object techniques are not yet well established. There are a variety of approaches addressing the concurrency and communication aspects of multi-object systems, but fundamental problems remain.The TROLL object specification language project aims at providing logic-based formal semantics to intra- and inter-object aspects, among others. For the former, a conventional temporal logic was employed. For the latter, an extension called multi-object logic was developed. It has proven useful for semantics descriptions, recently also for a mobile-agent extension where the innovative contribution was to distinguish between the ever-mobile units and those which provide fixed subsystems as contexts for the mobile entities.While being developed for giving semantics, multi-object logics showed surprising potential for verification. Conventionally, intra-object verification techniques are applied to inter-object verification by building a global state space. This state space, however, grows exponentially with the number of objects in the system. In spite of sophisticated techniques which have been developed to overcome this 'state-space explosion' problem, there is a notorious complexity barrier. It is not feasible to verify large systems this way.In the multi-object logic approach, the construction of the global state space - or any fraction or abstraction thereof - is avoided. So it has the potential to handle large systems. The method is applicable in cases where the objects and interaction patterns in a system are known beforehand, when writing the global conditions to be checked. Although these conditions are bound to objects, they are 'global' in the sense that they may refer to the states of other objects at interaction points.This way, conditions concerning interacting objects may be written in a still basically sequential logic, although multiple objects are assumed to behave concurrently. Global checking conditions may then be automatically and equivalently split into local conditions for the objects involved, plus interaction requirements for these objects. All these conditions and requirements can be checked locally, one after the other, where only the objects involved in the condition have to be taken into account.While we are working on the potential of the approach for software engineering, it may have potential beyond: we are also working on a project to simulate and analyze biological processes using object-oriented techniques. For instance, model checking can be used to find possible scenarios leading to biological cell states of interest. Applying the multi-object approach here is a challenging problem.