Transputer compilation In this section we define the compilation to Transputer instructions which still uses abstract auxiliary OCCAM daemon functions. We proceed stepwise, defining for each Occam statement S the value of compile together with the TRANSPUTER ground rules for the execution of the code. Each time we show that this implements correctly the semantics of S as compiled to and executed in OCCAM daemon . Declarations The compilation of variable declarations remains the same as in OCCAM daemon . For the channel declarations (see subsection 4.3.) we have to compile the pseudo instruction init chan for the initialization of channels to nil. This is realized by first loading nil into the register Areg (using the MINT instruction) and then storing it from there to the channel (using the local storing instruction STL) with appropriate address: compile(CHAN id 1 ; : : : ; id r : S; e; m;x) = compile(init chan( ~ id); e 0 ; m;x); compile(S; e 0 ; m+ r; x) where ~ i...

In this paper I answer the question how evolving algebras can be used for the design and analysis of complex hardware and software systems. I present the salient features of this new method and illustrate them through several examples from my work on specification and verification of programming languages, compilers, protocols and architectures. The definition of a mathematical model for Hennessy and Patterson's RISC architecture DLX serves as a running example; this model is used in [24] to prove the correctness of instruction pipelining. I will point out the yet unexplored potential of the evolving algebra method for large-scale industrial applications.

The specification of all aspects of a programming language requires adequate formal models and tool support. Montages specifications combine graphical and textual elements to yield language descriptions similar in structure, length, and complexity to those in common language manuals, but with a formal semantics. A broad range of people involved in programming language design and use may find it convenient to use Montages in combination with the tool GEM-MEX. It allows the automatic generation of high-quality documents, type-checkers, interpreters and symbolic debuggers.

SLDNF-resolution is complete for allowed programs and allowed queries. But the condition of allowedness is very stringent and excludes many common Prolog constructs. We show that allowedness is a special case of a more general principle. We show that if the clauses of a normal program are correct with respect to an input/output specification then SLDNFresolution is complete for it. An input/output specification assigns to every predicate a set of positive and a set of negative mode specifications. A mode specification declares the arguments of predicates as input arguments, output arguments or normal arguments. Positive modes are used in positive calls and negative modes are used in negative calls. Definite programs together with definite goals, allowed programs together with allowed goals and many programs and goals used in practice are correct with respect to some input/output specification. Therefore our results imply that the three-valued Fitting/Kunen completion is the right declarative semantics for negation as failure. Keywords: Logic programming, negation as failure, SLDNF-resolution, completion of programs, three-valued logic. 1

This is a tutorial introduction into the evolving algebra approach to design and verification of complex computing systems. It is written to be used by the working computer scientist. We explain the salient features of the methodology by showing how one can develop from scratch an easily understandable and transparent evolving algebra model for PVM, the widespread virtual architecture for heterogeneous distributed computing. Introduction In 1988 Yuri Gurevich has discovered the notion of evolving algebra in an attempt to sharpen Turing's thesis by complexity theoretic considerations (see [22]). Through numerous case studies (see [4] for an annotated list which is complete up to 1994) it has become clear since then that using the notion of evolving algebras one can develop a powerful and elegant specification methodology which has a huge yet unexplored potential for industrial applications. In this report we are going to explain the basic concepts of this approach to the design and ana...

We axiomatize the Prolog selection rule which always selects the leftmost literal in a goal. We introduce a new completion of a logic program which we call the #-completion of the program. The #-completion is formulated as a first-order theory in a language extended by new predicate symbols which express success, failure and left-termination of queries. The main results of the paper are the following. If a query succeeds, fails or is left-terminating under the Prolog selection rule, then the corresponding formula in the extended language is provable from the #-completion. Conversely, if a logic program and a query are correct with respect to some mode assignment and if one can prove in the #-completion that the query succeeds and is leftterminating, then the goal is successful and Prolog, using its depth first search, will compute an answer substitution for the goal. This result can even be extended to so called non-floundering queries. 1

We survey research in the automation of deductive inference, from its beginnings in the early history of computing to the present day. We identify and describe the major areas of research interest and their applications. The area is characterised by its wide variety of proof methods, forms of automated deduction and applications.

Abstract: Failure resilience is an essential requirement for database systems, yet there has been little e ort to specify and verify techniques for failure recovery formally. The desire to improve performance has resulted in algorithms of considerable sophistication, yet understood by few and prone to errors. In this paper, we illustrate how the methodology of Gurevich Abstract State Machines can elucidate recovery and provide formal rigor to the design of a recovery algorithm. In a series of re nements, we model a recovery algorithm at several levels of abstraction, verifying the correctness of each model. This work suggests that our approach can be applied to more advanced recovery mechanisms.

We capture the principal models of computation and specification in the literature by a uniform set of transparent mathematical descriptions which—starting from scratch—provide the conceptual basis for a comparative study 1. 1

Machine has been derived --- refining stepwise the formal Prolog specification of [3] --- and used to prove the correctness of a general compilation scheme for Prolog programs on the WAM. Here we use the Glavan-- Rosenzweig concurrency theory (developed in the meantime within the framework of 490 evolving algebras [7]) which allows us to extend the methodology to a mathematical correctness proof for a general compilation scheme of Occam programs on the Transputer [13], [14], [19], wrt a truly concurrent model of the language. To justify fully the ultimate correctness claim, we start from a primary, high level, truly concurrent operational semantics for Occam. The model is `primary' in the sense that it is intended to capture directly, in a mathematical form, the intuitive programmer's view of the language and its dynamics. This is not to say that we would accept any particular implementation as being a definition of the language. It is the other way round: : : : unless there is a pri...