[摘要] Defects that arise due to violating a prescribed order for executing statements or executing a disallowed sequenceof statements can be hard to detect since the sequence is often spread over multiple functions and source code files. In this dissertation, we develop a verification tool which uses a sound and precise static analysis to verify temporal specifications that can involve multiple objects.Statically analyzing properties that involve multiple objects requires two separate abstractions; one that abstracts the objects in the program and the second which abstracts the state of a group of objects. We present two such abstractions. Objects are abstracted using a storeless heap abstraction. This provides flow-sensitive tracking of individual objects along control flow paths and precise may-alias information. The state abstraction leverages the object abstraction to abstract the state of a group of related objects. We use the IFDS algorithm to implement an analysis that computes the object and state abstractions. Since the original IFDS algorithm is not directly suitable for domains involving objects and pointers, we present four extensions to the original IFDS algorithm. We also present results of an empirical study to measure the precision of the analysis. The performance of the analysis is improved through the use of two types of method summaries. Callee summaries guarantee that using the summary instead of flow-sensitive analysis of the callee does not degrade the precision of the abstraction at the callsite for the callee. For further performance gains, caller summariesthat make conservative assumptions for aliasing between parameters of a function call are used. We present results from empirically evaluating the use of these summaries for the object analysis. Finally, to make the analysis practical for use in the development life cycle, we present a verification tool to configure the analysis and visualize the results. The tool provides a number of configuration options to run the analysis. The analysis results are presented in a list displaying statements flagged as possible violations of a property and, for each violation, thesequence of events (statements) that lead to this violation.