Annual Report 1996

2 Status of Implementation of Projects

UNU/IIST views its six major lines of programmatic activities as one "Programme". This Programme is decomposed into a number of individually managed and staffed projects:

Joint Computing Science Research with Fellows
Joint Advanced Software Technology Development with Fellows
Fellow Training
Off-shore Post-graduate/Post-doctoral Computing Science Courses
Events with Fellows
Dissemination

All projects are designed to serve the public and private sector institutions of developing countries by increasing self-reliance in the following three areas:

[(a)] own development, by industry, of advanced software technology
[(b)]highest-level post-graduate software engineering education
[(c)] internationalized computing science research

These projects are closely interlinked. All UNU/IIST research, as well as advanced development projects, have a training component and involve one or more fellows.

Likewise, the post-graduate courses and the seminars and events sponsored or organized by UNU/IIST fit into UNU/IIST's research and advanced development agenda.

UNU/IIST's emphasis is on research into, advanced development of and training in methods for the development of Real-time, Reactive, Hybrid and Safety Critical Systems and in Software Support for Infrastructure Systems -- the former a major focal point for international research and the latter a major concern in the socio-economic development of developing countries.

2.1 The Research Agenda

2.1.1 DeTfoRS: Design Techniques for Real-time Systems

Synopsis:
Real-time and reactive systems (including safety criticality) form an important class of today's computer controlled systems. The DeTfoRS research project is concerned with formal design of safety critical, real-time, reactive and hybrid systems. Such research has been rapidly expanding in the 1990s. UNU/IIST -- as one of the main research forces in developing and applying Duration Calculus (abbreviated as DC) -- has become an acknowledged leader in this field.
Budget provision and status of expenditures:
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996 : US$124,000
2. Visiting experts and consultants: US$30,000
3. Fellowship and training: US$50,000
4. Research related travel: US$11,000
5. Overhead costs (equipment, books, etc.): US$42,000
UNU/IIST Staff, Fellows and Visitors
The following UNU/IIST staff, Fellows and visitors have been working on the project in 1996:
Staff
1. Zhou Chaochen (Sabbatical leave from August 1995 until end July 1996)
2. Dang Van Hung
3. Xu Qiwen.
Fellows
1. Phan Hong Giang: 4 September 1995 -- 31 January 1996, Vietnam
2. Yang Zhenyu: 28 August 1995 -- 30 April 1996, P R China
3. Ko Kwang Il: 8 January -- 13 February 1996, Republic of Korea
4. Li Xuandong: 2 January -- 6 September 1996, P R China
5. Mao Xiaoguang: 19 February -- 31 August 1996, P R China
6. Wang Ji: 2 April -- 31 August 1996, P R China
7. Li Yangmin: 30 May -- 30 November 1996, P R China
8. Suman Roy: 1 June 1996 -- 26 January 1997, India
9. Manoranjan Satpathy: 1 June -- 29 December 1996, India
10. Pham Hong Thai: 1 September 1996 -- May 31 1997, Vietnam
11. Swarup Mohalik: 1 September -- 29 November 1996, India
12. Gao Jianping : 27 September 1996 -- 26 July 1997, P R China
Visiting Experts
1. Rogerio de Lemos: 21 April -- 22 May, 1996
  Newcastle University, UK
2. Paritosh K. Pandya: 1 May -- 31 July and 7-8 October, 1996,
  Tata Institute of Fundamental Research, India
3. Chen Zhongji: 5 August -- 4 September 1996
  Beijing University of Aeronautics & Astronautics, P R China
4. Yuan ChongYi: 6-31 August 1996
  Beijing University, P R China
Partner Institutions
1. Academia Sinica, Software Institute, P R China
2. Beijing University of Aeronautics and Astronautics, P R China
3. Changsha Institute of Technology, Hunan, P R China
4. De La Salle University, Philippines
5. Institute of Information Technology, Hanoi, Vietnam
6. Nanjing University, P R China
7. Pohang University of Science and Technology, Republic of Korea
8. Shanghai Jiao Tong Univ., Shanghai, P R China
9. Tata Institute of Fundamental Research, Bombay, India
10. University of Indonesia, Jakarta, Indonesia
11. Vietnam National University, Hanoi, Vietnam
Research Achievements and Outputs
During all of 1996, UNU/IIST staff and fellows, with visitors and collaborators, have studied DC-based techniques for specification, refinement and verification of real-time, reactive and hybrid systems, and also tools to support the techniques. The achievements include:
1. an adequate first order interval logic, which can express unbounded liveness and fairness, and also notions of mathematical analysis [1];
2. semantics and verification of phase transition systems (a mathematical model of hybrid systems) [2];
3. techniques to digitize real-time systems [3];
4. a formal notation to describe components and combinations of hybrid systems [4];
5. formal specification of hybrid system stability [5];
6. techniques to derive control programs/automata from requirements [6][7];
7. real-time semantics of programming languages, for which super-dense computation is assumed [8];
8. specification and verification techniques for real-time schedulers and programs [9][10];
9. extensions of existing model checking and decidability algorithms of DC [11]; and
10. a proof assistant tool for interval logics and DC [12].
The research achievements in this period resulted in 15 papers. Among them 9 papers have been presented (two as invited lectures) or accepted by professional conferences. (In this period, one earlier UNU/IIST report has been presented in a conference as an invited lecture, and two have been published or accepted by journals.)
DeTfoRS Research Plans
The UNU/IIST DeTfoRS research in the area of real-time systems has trained 18 fellows. The impact is high. Some of the seconding institutions have taken up the UNU/IIST research agenda, e.g. in India and in China. UNU/IIST will therefore continue this research.
[]Topics
The main DeTfoRS research topics in future would be:
- DC-based Approach to Real-time Programming
  This research tries to develop and integrate existing techniques for specification, refinement and verification of real-time programs, and hence to provide real-time programming with methodology as well as platforms. The specification language is Duration Calculus or a subset of it, and the implementation languages can be communication oriented or shared variable oriented. Intermediate languages can be real-time automata or an executable subset of DC. Both deduction tools and model checking tools will be investigated. Case studies will be carried out, for instance, in the area of resource scheduling and circuit design.
- Formal Description and Verification of Hybrid Systems
  We intend to use the formal notation, proposed in [4], to describe various components of hybrid systems and their interfaces, such as actuator, sensor, holder, A/D and D/A ² converters, and conventional as well as hybrid controls, e.g. PID ³ control, controlled switch, controlled jump and autonomous jump. Since the semantics of the formal notation is given as DC formulas, verification laws for hybrid systems can be developed with DC. Tools for assisting proofs involving continuous mathematics has existed (see Bruno Dutertre [13]), and can also be built on the top of the proof tool for the first order interval logic [12], which supports formalization of continuous mathematics.
- Logical Foundations for Duration Calculus
  We will pursue research on fundamental issues of interval logics and DC, such as expressiveness, completeness, decidability etc. That research can strengthen power of the DC logic, and provide algorithms for building tools.
- Teaching Material
  It is time to write a text book for DC and its applications in the design of the real-time systems. This book can help UNU/IIST's training objective in this area. Springer-Verlag has approached Zhou Chaochen and his collaborator, Michael R. Hansen at the Technical University of Denmark, with this in mind.
[]Off-Shore Research
We refer, in general, to section 6.4 and appendix A.
As UNU/IIST has trained 18 Fellows in this area, and some of the seconding institutions in developing countries have taken up UNU/IIST's DeTfoRS research agenda, UNU/IIST will conduct off-shore research in the DeTfoRS area. In other words, UNU/IIST will support former Fellows and visitors to organize, in their home countries, groups, which do research according to the UNU/IIST agenda. UNU/IIST could subsidize their research resources, to the order of typically US$5,000 annually for say two groups of 2-5 persons, and also finance visits to/from UNU/IIST. In this way, UNU/IIST can pursue technical dissemination to more people via its visitors trained Fellows.

2.1.2 Descartes: Design Calculi and Research for Telecommunication Systems

Synopsis: This research project is concerned with formal techniques, and tools in support of them, to complement SDL ⁴for more rigorous approaches to software development in telecommunications. The project addresses research topics aimed at enhancing the possibilities for advanced analysis of behavioural properties of systems described in SDL, thus enabling better founded validation of initial specifications, and at turning SDL into a fully-fledged design calculus, thus enabling design steps made using SDL to be justified by formal verification.
Period: 1 January 1996 - 31 December 1997
Budget provision and status of expenditures:
100% funded by UNU/IIST - Cooperative research with Laboratory of Formal Methods, PUC-Rio, is partly funded by CNPq (Brazil). Expenditures until end 1996 were:
1. Staff costs for 1996 : US$61,000
2. Fellowship and training: US$28,000
3. Overhead costs (equipment, books, etc.): US$11,000
Staff: Kees Middelburg
Fellows:
1. [1.] Radu Soricut: 1 September 1996 - 31 May 1997, Romania
2. [2.] Bogdan Warinski: 1 September 1996 - 31 May 1997, Romania
3. [3.] Yaroslav Ussenko: 1 September 1996 - 31 May 1997, Ukraine
Partner Institutions:
1. [1.] Polytechnical University Bucharest, Romania
2. [2.] Kiev University, Ukraine
3. [3.] Laboratory of Formal Methods, Pontifical Catholic University of Rio de Janeiro
4. [4.] Equitel (Brazilian telecommunications company)
Outputs: The period January 1996 - August 1996 has mainly been used to start up the project. This includes the identification and selection of fellows and partner institutions and preparatory work on research topics. Besides the mini-course "Beyond SDL", complementing DesCaRTeS, has been developed. This mini-course, consisting of six one hour lectures on selected research topics of DesCaRTeS, have been given in Ankara (Turkey), Bucharest (Romania) and Kiev (Ukraine) in April and May 1996. The fellows from Romania and Ukraine were identified amongst the course participants. The mini-course has also been given in Manila (Philippines) in December 1996. The achievements in this initial period also include research reports on:
1. a process algebra semantics of an `interesting' subset of SDL [14];
2. the connection between Duration Calculus and the kind of timed transition systems that underlies an operational semantics that is being developed for the above-mentioned `interesting' subset of SDL [15].
In the period September 1996 - December 1997 achievements are expected with respect to the following research topics:
1. an operational semantics for a simplified version of SDL (SDL^-) that permits to link up with logics that are intended to express the behavioural properties of systems;
2. (i) logics that are suitable to express the behavioural properties that can be represented by SDL^- specifications, and (ii) tools that permit to check whether behavioural properties expressed in such logics are actually represented by given SDL^- specifications;
3. (i) semantic models for SDL^- that match the concepts around which SDL^- has been set up well, and (ii) a semantics of SDL^-, based on such a model, that is fully abstract with respect to its operational semantics;
4. rules of reasoning for SDL^- which are sound with respect to its semantics; and
5. the semantic relation between SDL^- and Duration Calculus [16].
Most research topics are being addressed.
Planned activities: In addition to the research work on the above-mentioned topics, a major activity is planned for the second half of 1997. The plans are to give a research course in China, Africa (South Africa), Asia (Pakistan, Iran or Indonesia), and Latin America (Chile, Argentina or Brazil). It will be a three week course consisting of two parts:
1. first an intensive one week course on research topics from DesCaRTeS;
2. followed by two weeks working with a small group of people, selected during the first week, on one or more of these research topics.
The second part is essentially a course in doing computer science research by carrying out exploratory research experiments. Thus, the whole will be a (computer) science course related to telecommunications. We are still investigating whether it can be extended to a science and technology course in collaboration with a telecommunications industry.
It is planned that some of the promising participants of the second part are offered UNU/IIST sponsored PhD fellowships at Utrecht University after the return of Kees Middelburg to The Netherlands at the end of 1997.
Narrative
Until recently, the field of telecommunications has focused on technology relevant to switching and transmission. This technology was used to provide the only telecommunication service offered, namely the "Plain Old Telephone Service" (POTS). Fast technological developments have made it possible to provide many new services with all kinds of additional features. Higher level services are realized by protocols using lower level services, and telecommunications systems have become rather extensive and complex. Therefore the focus is now changing over to the telecommunication services.
In telecommunications, SDL [17] is by far the most widely used specification language. The first version of SDL became a recommendation of the International Telecommunications Union (ITU) in 1976. It originated from an informal graphical description technique already commonly used in the telecommunications field at the time of the first computer controlled telephone switches. Since then it has been extended several times, and the recent revised version of SDL became a recommendation in 1992. In the telecommunications field, SDL has survived Estelle [18] and LOTOS [19], and it will presumably still be used for a long time.
The UNU/IIST research project DesCaRTeS, is focusing attention on formal techniques, and tools in support of them, to complement SDL for more rigorous approaches to software development in telecommunications.
Initial specification of telecommunication services is usually done with the intention to analyze the behavioural properties of these services and thus to validate the initial specifications. During their design, telecommunication services are increasingly described at different levels of abstraction. This gives rise to a growing need to verify that the properties represented by one specification are preserved in another, more concrete, specification and thus to justify design steps. The current situation is that there are only means for limited analysis and no means at all for formal verification. Prerequisites for advanced analysis and formal verification is a somewhat simplified version of SDL and an adequate semantics for it. Only after that, possibilities for advanced analysis can be elaborated and proof rules for formal verification devised.
DesCaRTeS aims at solving basic technical problems which telecommunications manufacturers and operators encounter in their current practice as developers and providers of telecommunication services. It does so by enhancing the possibilities for advanced analysis of the behavioural properties of services described in SDL, including time related properties. It thus adds rules of reasoning to SDL and turns it into a fully-fledged design calculus. This enables design steps to be justified by formal verification if appropriate.

2.2 The Advanced Development Agenda

2.2.1 Introduction

The Advanced Development Projects of UNU/IIST are all loosely grouped by the idea of `Software for Infrastructures', and we first need to clarify this notion.

According to the World Bank, "infrastructure" is an umbrella term for many activities referred to as "social overhead capital" by some development economists, and encompasses activities that share technical and economic features (such as economies of scale and spill-overs from users to non-users). We take a more technical view, and see infrastructures as concerned with supporting other systems or activities. Software for infrastructures is likely to be distributed and concerned in particular with supporting communication of data, people and/or materials. Hence issues of openness, timeliness, security, lack of corruption and resilience are often important. The Software for Infrastructures orientation represents a major, novel and very effective research and advanced development initiative. UNU/IIST is very proud of its contributions so far!

2.2.2 Motivation

UNU/IIST pursues advanced development projects in order to fulfill its Charter:

to train Fellows from the public and private sectors: universities, research institutes, business and industry
to contribute to research -- by trying also to understand the nature of infrastructures
to propagate Design Calculi-oriented (i.e. Formal) Methods for software development to universities, business and industry
to help develop advanced, initially public domain software in close cooperation with industry and business
to help bring software producing and/or software-reliant industries, businesses and other institutions of developing countries at least on a par with those of industrialized countries
to disseminate results, including abilities and software, to other developing countries

UNU/IIST is thereby contributing to the UNU's Medium Term Programme III.

So why do we consider infrastructure software to be a suitable area for UNU/IIST to be engaged in?

Political:

The UN System and the international reconstruction and development banks prioritize, rightly we believe, infrastructure developments.

Size:

Infrastructure software tends to be large, or at least part of large systems. Its rôle is often to provide a framework for other system components, "packages", to cooperate and inter-work. Large software is notoriously difficult and expensive to create and error-prone when built. Our formal approach based on domain analysis is particularly well suited to handling the problems of large systems.

Opportunity:

There is little computer science research into this area. Infrastructure projects frequently involve exploring new architectures, new paradigms and hence provide a research component.

There is a further research element in that we would look to characterize the notion of "infrastructure" more precisely. Certainly, there are aspects which such systems share. Transportation systems share notions of "network", "traffic" and "schedule". There is scope for generalization and reuse of descriptions of these notions. Systems such as those being developed in the manufacturing project MIICI share notions of a software "bus" with which various packages may be integrated. This last has led us into the area of Open Distributed Processing (ODP) and we are starting a separate research project CASINO (Categories for System Integration) that is investigating the formal description of ODP and OMG (Object Management Group) in terms of Category Theory [20].

Integration:

Large systems tend to grow piecemeal by the additions and development of separate packages. These are bought and tailored, or developed in-house, and the problems of integration become rapidly apparent. (We mentioned previously the idea of the software bus and the issues of openness and distribution.) Our techniques involving abstraction and formal modeling is a promising approach to these problems. This also indicates that there is a second sense in which our projects are concerned with infrastructure, with supporting other software.

Market:

Infrastructure software is not in general available off the shelf, because it is generally large and as a package would need considerable adaptation to the needs of the users, their organizational structure, their computing and communications structure, etc. So such software needs to be purpose-built, and, using modern techniques, can be developed in developing countries, either in-house or by local software houses.

Extensibility:

The projects we undertake at UNU/IIST are necessarily small and only a part of complete infrastructure systems. But by undertaking a domain analysis that is wider than the immediate subsystem to be developed we create an initial model that is easily and consistently extensible into other subsystems.

Development:

There is a danger that software development in developing countries is limited to coding, based on analysis and design done elsewhere. Infrastructure software requires considerable domain analysis and architectural design. Training people to develop such systems provides them with the knowledge and skills they need to develop other systems from beginning to end.

2.2.3 Project Structure

The typical project structure is as follows:

Partner identification:: We find one or more partners -- universities, research institutes or companies -- from one or more developing countries. This often happens through our advanced courses.
Initial:: Fellows from partners come to UNU/IIST typically for 6-12 months, to do the initial domain analysis and requirements capture. This results in both natural language (English) documents and formal specifications.
Prototype:: Perhaps as part of the initial phase, perhaps as part of a new one with new Fellows, a prototype may be created. This serves to train in the final stages of software development and also allows the project to obtain feedback from potential users.
Product:: The focus of the project moves away from UNU/IIST to the developing countries involved and produces a product. UNU/IIST adopts a consultancy role.

2.2.4 Funding

Partners are asked to contribute to the initial and prototype phases, and to increase their share of funding with each phase. Whether they are able to do so varies. Partners are expected to fund the product phase themselves.

Since the results of the initial and prototype stages are wholly or partly funded by UNU/IIST they are therefore in the public domain.

2.2.5 Technical Approach

There are two aspects of our technical approach that are critical.

Formality
Formal techniques have two particular characteristics that allow us to deal successfully with large and complex systems.
1. Abstraction
  At a particular stage in development one can abstract away from some details while concentrating on others.
2. Rigour
  Formal systems allow one to prove properties of systems, anything from full correctness to particular properties (such as safety properties). Full proof of correctness is beyond the state of the art at present; rigour allows one to use (and document) informal arguments which can be backed up formally if required. The amount of rigour will vary between projects and between parts of a single project; rigour gives us flexibility.
Domain analysis
Domain analysis is the exploration and formal description of the domain in which the system will operate. For example, in the RaCoSy project, concerned with train rescheduling for the Chinese Railways, we start out by asking, and formally answering, the questions "What is a railway?" and "What is a timetable?". These lead to other questions: "What is a station?", "What is a (railway) network?". Answering such questions, plus others about how these concepts relate, gives us a formal model of the domain. Only when we have elaborated such a model can we go on to do the requirements capture of the actual system being developed.
Domain analysis is often wider than the immediate system to be developed. For example, the same domain analysis of railways was used by another Fellow working on station management. Broad domain analysis helps the development of related systems in the same domain; we might say that the result of domain analysis provides an "infrastructure" for software package development.

The particular formal method we use in the advanced development projects is RAISE. It is the most broadly applicable of the formal methods available, and also mature, with good documentation and tools. With the help of CRI, the tool providers, we also make sure that our partners receive the tools (free of charge for research and education) for their continued work.

2.2.6 Infrastructure Projects

The following is a brief description of current advanced development projects with indication as to budget and the staff, fellows and visitors involved:

RaCoSy:

Railway computing system, specifically for rescheduling of trains [21][22][23].

Period: 15 April 1993 - end of 1996 (with a possible extension dependent on talks with institutions in Russian Federation)
Budget provision and status of expenditures:
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996 : US$20,000
2. Fellowship and training: US$6,000
3. Overhead costs (equipment, books, etc.): US$5,000
Synopsis:
This research and development project is concerned with an overall determination of a normative software architecture that will allow co-existence of, data exchange between and mutual invocation among arbitrary Railway Computing Systems (hence RaCoSy) software packages.
Work so far done has concentrated on the scheduling and rescheduling of trains.
UNU/IIST Staff, Fellows and Visitors:
Staff:
1. Chris George
2. Dines Bjørner
3. Bo Stig Hansen
Visitor:
1. Nikolaj S. Nikitchenko: 19 August 1996 - 26 December 1996
1996 Fellows:
1. Liu Lian Suo : 25 July 1995 -- 23 March 1996, P R China
2. Yang Dong : 25 July 1995 -- 23 March 1996, P R China
3. Hans Laustrup: 19 September 1996 -- 31 January 1997, Denmark⁵
Partner Institutions:
1. Ministry of Railways, P R China
2. Zhengzhou Railway Administration, Zhengzhou, P R China
3. Chinese University of Hong Kong
4. Exploratory negotiations are currently underway with interested institutions in the Russian Federation
Outputs: A substantial compendium of documents covering the domain analysis, requirements capture, prototype running map design and code and distributed architecture has been produced. There are also a number of research reports on particular topics, including one published conference paper [21][22][23].
Planned activities: Work with China has stopped. We are seeking new partners, and have found some interest in the Russian Federation.
Narrative:
During 1994 four Fellows joint with UNU/IIST staff and visiting experts developed a set of domain analysis, requirements capture, software architecture and design descriptions for an operational single standing (i.e. non-distributed) Running Map train rescheduling system.
During mid-94 to mid-95 one Fellow did the domain analysis, requirements capture software architecture and partial implementation of a Station Management system.
During mid-95 to early-96 two new Fellows together with UNU/IIST staff further developed the running map specification, in particular to make it more flexible and handle a variety of train types. It was intended to deal also with distributed train dispatching but the Fellows had to return to China before schedule and before this was completed.
During mid-95 to mid-96 there was a collaborative project between UNU/IIST and the Chinese University of Hong Kong (CUHK). Students and staff from CUHK created a functional extension of the running map tool that used constraint propagation techniques to provide more active support for rescheduling by suggesting possible schedule changes to deal with problems.[24]

A General Theory of Transport has been researched [25].

ABC'2000:

Airline business computing [26][27].

Synopsis:
The project is studying the day to day operation of an airline, including financing, scheduling and timetabling of flights, ticketing and reservations, maintenance and availability of aircraft, passenger and cargo services, air traffic control, etc. Domain analysis and requirements capture documents have been produced.
Period:
31 August 1995 to 30 September 1996. Work on the project will be continued if further Fellows are found.
Budget provision and status of expenditures:
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996 : US$24,000
2. Fellowship and training: US$7,300
3. Research related travel: US$4,600
4. Overhead costs (equipment, books, etc.): US$7,200
UNU/IIST Staff, Fellows and Visitors:
Staff:
1. Richard Moore
2. Dines Bjørner
3. Bo Stig Hansen
1996 Fellow:
1. Dao Nam Anh : 31 August 1995 -- 30 September 1996 VietNam
Partners:
1. Vietnam Airlines
Outputs: A paper describing the domain analysis for the project and its formalization and generalization was accepted for presentation at the 1996 Asia-Pacific Software Engineering Conference which took place in Seoul, Korea in December 1996. Several internal reports have been produced.
Planned activities: The project will further develop in 1997 subject to identification of Fellows. Discussions are on-going with Vietnam Airlines to send other fellows, as are discussions with institutions in Thailand.

MIICI:

Manufacturing industry information and command infrastructure system [28][29][30][26][31][32][33][34].

Synopsis:
The project performs a broad study of the issues pertinent to the manufacturing industry. The high-level goal is to investigate how information technology can be best applied to support the development of manufacturing enterprises in developing countries, able to respond quickly and intelligently to changing market demands. The emphasis is on creating mathematical models of enterprises (in all aspects of marketing, administration, finance and especially production), supply-chains and products, as a prerequisite for the systematic development of software for information and command infrastructure. In particular, the project will study applicability of the emerging ODP (Open Distributed Processing) and OMG (Object Management Group) Reference Models as the underlying computational structure for agile manufacturing, perhaps allowing to share production services and resources across the Internet.
Period 1995-1997
Budget provision and status of expenditures
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996 : US$33,000
2. Fellowship and training: US$18,800
3. Research related travel: US$3,700
4. Overhead costs (equipment, books, etc.): US$15,200
UNU/IIST Staff, Fellows and Visitors
Staff:
1. Tomasz Janowski
2. Bo Stig Hansen
1996 Fellows:
1. Cleta Milagros Acebedo : 10 September 1995 -- 31 May 1996, Philippines
2. Erwin Paguio : 10 September 1995 -- 31 May 1996, Philippines
3. Rumel V. Atienza : 1 September -- 31 December 1996, Philippines
4. Ou Song : 1 December 1996 -- 31 August 1997, P R China
5. Kåre Sloth Jensen: 3 September 1996 -- 31 January 1997, Denmark ⁶
6. Two additional fellows will probably be invited from partner institutions in Brazil and China for 8 month fellowship starting late Fall/Winter 1996/97
Partner Institutions
1. De la Salle University, Philippines
2. Qinhua University, P R China
3. Harbin Institute of Technology, P R China
4. Pontifical Catholic University-Parana, Curitiba, Brazil
5. Universidade Nova de Lisboa, Portugal
Output:
Four UNU/IIST Research Reports which document different phases of the project: informal domain analysis [31], development of the formal models for competing [32] and cooperating enterprises [34] and design of the simulation software for education and training (the business game) [33]. The third document was presented at the Workshop on Theoretical Problems in Manufacturing Systems Design and Control, Lisbon, June 1996 and will appear in the formal proceedings.
Planned activities :
To show how the two formal models, for competing enterprises ("Towards the Formal Model ..") and for cooperating enterprises ("Virtual Enterprise: On Refinement ..") can be put together and how existing techniques for marketing (Parker's model) and decision-making can be captured within this model.

MultiScript:

Multi-lingual script system [35].

Synopsis:
The MultiScript project is studying the creation and presentation of documents in which more than one language is used, for example a dictionary from one language to another. Particular emphasis is being placed on preserving the natural reading/writing direction of each of the languages in the document, so that, for example, in a document containing both English and Mongolian text the English text would appear exactly like that you are currently reading whereas the Mongolian text would be written vertically in columns, the columns progressing from left to right.
The project is also contributing to the definition of an international standard encoding system for the Mongolian language which will form part of the UNICODE/ISO international standard, a coding system which covers the majority of the world's languages.
Period: 9 September 1995 to 30 June 1997
Budget provision and status of expenditures:
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996 : US$24,800
2. Fellowship and training: US$9,300
3. Research related travel: US$9,200
4. Overhead costs (equipment, books, etc.): US$8,000
UNU/IIST Staff, Fellows and Visitors:
Staff: Richard Moore
1996-1997 Fellows:
1. Myatav Erdenechimeg : 9 September 1995 -- 1 August 1996, Mongolia
2. Yumbayar Namsrai : 1 October 1996 -- 30 June 1997, Mongolia
Visitors : Oliver Corff, Technical University of Berlin
Partner Institutions: National University of Mongolia, Ulaanbaatar
Outputs: The project work relating to the UNICODE/ISO standard has led to the creation of a font covering the characters of the traditional Mongolian script.
Ms. M. Erdenechimeg gave an open seminar on the project, entitled "Multi-Lingual Script Processing", at Hong Kong University in April 1996.
A paper describing the domain analysis and the requirements capture for the MultiScript system has been submitted to the 1997 International Conference on the Computer Processing of Oriental Languages, to be held in Hong Kong in April 1997.
Planned activities: The project will design and build a prototype software system satisfying the defined requirements.
[Additional] Narrative:
As part of the standardization effort Ms. M. Erdenechimeg attended an International UNICODE/ISO Working Group in Copenhagen, Denmark, in April 1996, as well as a smaller meeting, attended only by the subgroup responsible specifically for the Mongolian language, in Beijing, China in August 1996.
Based on these meetings a draft proposal for the standard encoding of the traditional Mongolian script has been prepared for submission to the International UNICODE/ISO working group (Singapore January 1997).

MoFIT:

Ministry of Finance Information Technology, specifically a national financial information system [36][37][38][39][40][41][42][43].

Synopsis
The Vietnamese Ministry of Finance is undertaking, with World Bank support, the development and installation of a Financial Information System. Key functions include synthesis of state budget plans, management of fund allocations, formulation and review of tax policies, exchange of data between various levels and ministries.
This project will study appropriate infrastructures to support the accurate, timely and secure collection and analysis of data.
Period: January 1996 - 1997
Budget provision and status of expenditures
Partly funded by UNU/IIST. Three fellowships have been funded by GTZ of Germany. It is hoped that two fellows from Belarus and Russian Federation will be sponsored by European Bank for Reconstruction and Development or the World Bank.
Expenditures until end 1996 were:
1. Staff costs for 1996 : US$124,000
2. Visiting experts and consultants:US$30,000
3. Fellowship and training: US$50,000
4. Research related travel: US$11,000
5. Overhead costs (equipment, books, etc.): US$42,000
UNU/IIST Staff, Fellows and Visitors
Staff: Chris George
1996-1997 Fellows:
1. Nguyen Le Thu: 28 March -- 27 September 1996, VietNam
2. Le Linh Chi: 28 March -- 27 September 1996 VietNam
3. Phung Phuong Nam: 28 March -- 27 September 1996 and 14 October 1996 -- 13 April 1997, VietNam
4. Tran Mai Lien: 28 March 1996 -- 27 September 1996 VietNam
5. Do Tien Dung: 11 April 1996 -- 10 October 1996 and 14 October -13 April 1997, VietNam
6. Hong Xuan Muan: 15 January -- 14 July 1997, VietNam
7. Two fellows, one from Belarus and another from Russian Federation are expected to arrive in UNU/IIST in 1997.
Partner: Vietnam Ministry of Finance.
Exploratory talks are currently underway with interested institutions in Belarus and the Russian Federation on External Debt Management computing system. UNU/IIST is technically preparing for an EDMaCS sub-project of MoFIT.
Outputs:
During the period March -- September 1996 a number of documents were produced:
- Domain Analysis for a Budgetary System [43]
- External Debt Management [36]
- A Financial Information System: Domain Analysis: Narrative and Specification [37]
- Testing the Taxpayer Specification [38]
- Tax System Security [39]
- Tax Policy [40]
- Optimizing the Tax System Prototype [41]
Future outputs will include development of the formal model of the tax system, both in detail and outwards into a description of a full financial information system.
Narrative:
The project began with a planning meeting in Hanoi in September 1995.
In January 1996 a two-week course on formal development was presented by UNU/IIST at the Ministry of Finance (MoF) in Hanoi, attended by software engineers from the MoF and from the Institute of Information Technology (IoIT), long time partners with the MoF in developing financial software.
In March 1996 four software engineers from the MoF and one from IoIT came to UNU/IIST as Fellows for six months. Work in this period concentrated on the tax system, the part of Vietnam's financial structure that the Fellows knew best. The work done included both an informal description and a formal model of the tax system, an informal description and a formal model of the security system of the tax system, an analysis of likely future tax policy changes, and the creation of a prototype of the accounting part of the formal model for testing and optimization investigations.
Planned activities:
Work in the next period will develop the tax system model in more detail, in order to explore the requirements for the (distributed) implementation and will also create a wider specification of the full national financial information system encompassing, in particular, spending ministries and the role of the Treasury.

DiMulTS:

Digital multiplexed telephone system [44],

Synopsis:
This research, advanced development and training project is initially concerned with basic telecommunications protocol aspects, in particular for a special, new Digital Multiplexed Radio Telephone System currently being researched and developed by The Philippine Government's Advanced Science and Technology Institute (ASTI).
The system being developed in The Philippines is designed for particular circumstances common in Developing Countries: dispersed small population centres with difficult intervening terrain. Hence the project contributes to the areas of both self reliance and infra-structural development.
Period: 8 May 1995 -- 7 February 1996
Budget provision and status of expenditures:
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996 : US$4,900
2. Fellowship and training: US$1,000
3. Overhead costs (equipment, books, etc.): US$800
UNU/IIST Staff, Fellows and Visitors:
Staff: Chris George
1996 Fellow:
1. [ ] Roderick C.A.Durmiendo : 8 May 1995 -- 7 February 1996, Philippines
Partner institutions: Advanced Science and Technology Institute, The Philippines (ASTI)
Outputs:
Two research reports were produced [45][44] and [44] was presented at a "Refinement Workshop" in Australia.
Narrative:
Mr. Durmiendo spent 9 months at UNU/IIST working on the problem. Much of this time was spent a possible development route for what proved to be a very difficult problem. But by the end very substantial progress was made, and the work forms the basis of development of the actual system in The Philippines.
In February 1996 the Director of ASTI, Prof. R. Solis, visited UNU/IIST and discussed the project.
Planned activities:
Mr. Durmiendo may return to UNU/IIST for a brief spell, 2-4 months, during the next 12 months. Another Philippine fellow may also be identified to continue the work.

ATC'2000:

Air traffic control [46].

Synopsis:
The project will conduct a thorough analysis of the whole air traffic control domain, including the support technology used and the rules and regulations governing it, and on the basis of this will formulate requirements on possible software support systems. A prototype of one such support system will be designed and built.
Period: June 1995 - December 1997
Budget provision and status of expenditures:
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996 : US$16,000
2. Fellowship and training: US$9,000
3. Overhead costs (equipment, books, etc.): US$5,000
UNU/IIST Staff, Fellows and Visitors
Staff: Dines Bjørner, Richard Moore, Bo Stig Hansen
1996-1997 Fellows:
1. Karl P.H. Leung : June 1995 -- September 1996 Hong Kong⁷
2. Gueorgui Satchok : 1 September 1996 -- 31 May 1997 Belarus
3. Hans Laustrup : 3 September 1996 - 31 January 1997 Denmark⁸
Karl Leung has performed some preliminary study of the air traffic domain as part of his work towards a Ph.D. thesis at the University of Hong Kong (two 3 months' stay at UNU/IIST).
Planned activities: Strong interest in this project has been expressed by China, in particular Asia Simulation & Control, Zhuhai.
Exploratory talks are currently underway with interested institutions in the Russian Federation.

MiTraS:

Metropolitan Transportation Systems

Synopsis:
This project concerns domain analysis and requirements formulation within the domain of metropolitan transportation, including transportation by several media such as, subway, bus and taxi. Part of the project is theoretical, investigating the development of a very general theory of transportation which may be specialised to deal with many different sub-domains of transportation. Another part of the project is more practical, aiming at defining specific domain models, e.g. for bus transportation, and formulating requirements for software support, e.g. for coordination between different coordination media and optimal scheduling.
Period: 1. August 1996 - 31. May 1997
Budget provision and status of expenditures:
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996: USD12,000
2. Fellowships and training: USD15,100
3. Overhead Costs (equipment, books, etc.): USD6,000
UNU/IIST Staff, Fellows and Visitors
Staff: Dines Bjørner, Bo Stig Hansen
Visitor: Nicolaj S. Nikitchenko: 19 August 1996 - 26 December 1996
1996-1997 Fellows:
1. Gueorgui Satchok: 1 September 1996 - 31 May 1997 Belarus
Nicolaj S. Nikitchenko has written two reports on a general theory of transportation [25].
Planned Activities: (i) Continuation and generalisation of the scope of the MiTraS project. (ii) Preparation of proposal to be jointly submitted to The World Bank infoDev Programme.

UNU/FAS:

Financial Management for the United Nations University

Synopsis:
This project concerns domain analysis and requirements formulation for a financial management system. The purpose is firstly to record the users description of the problem domain in their own terms and in every detail. Secondly, to formulate a domain model based on concepts which on the one hand are intuitive and directly understandable by the professionals in the domain and on the other hand are general enough and have sufficiently precise definitions that they can be used for formulating the requirements to a computer based accounting system. And thirdly, to extract the requirements from the users problem description and express them unambiguously and clearly using the concepts of the domain model.
The requirements will form basis for the actual systems development carried out by Tata Consultancy Services in Pune, India.
Period: August 1996 - February 1997
Budget provision and status of expenditures:
100% funded by UNU: UNU Headquarters.
UNU/IIST Staff, Fellows and Visitors
Staff: Bo Stig Hansen, Prashant S. Gajjar
Planned Activities: Actual systems development by TCS: Tata Consultancy Services in the spring/summer of 1997.

Telephony Routing System

Synopsis: The project is looking at the routing of telephone calls and other communications within a communications network. In practice, the actual route chosen for a particular connection might be optimised with respect to several factors, including the distribution of the current load on the network, the length of the route, etc. The project will produce a generic specification of network routing in which such considerations are effectively a parameter and which will therefore be applicable in a very wide range of situations.
Period: 1 September 1996 to 31 May 1997
Budget provision and status of expenditures: Expenditures until end 1996 were:
1. Staff costs for 1996 : US$10,000
2. Fellowship and training: US$5,500
3. Overhead costs (equipment, books, etc.): US$4,000
UNU/IIST Staff and Fellow:
Staff: Richard Moore
Fellow: Hoang Thi Tung Lam, 1 September 1996 to 31 May 1997, Vietnam
Partner Institution: Vietnam Post and Telecommunications Training Centre
Output: A formal specification of a generic communications network is nearing completion.
Planned Activities: To further develop the specification to describe route selection in the network and to refine the resulting specification to one which describes the current Vietnamese telephone system more closely.

2.2.7 Related R&D Projects

Casino:

Categories for Systems Integration -- this R&D Programme is currently being prepared [20].

Synopsis:
This research project examines the problem of integrating heterogeneous applications: written in different languages, running on incompatible machines, using protocols that cannot talk to each other. It also looks at how the problems created in this environment are tackled within increasingly accepted distributed platforms like e.g. the Common Object Request Broker Architecture (CORBA) and how the new problems arise due to the lack of any semantic constraints in CORBA's (and any other we know) Interface Definition Language (IDL).
Period: 1996-1997
Budget provision and status of expenditures:
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996 : US$23,000
2. Fellowship and training: US$10,500
3. Overhead costs (equipment, books, etc.): US$5,000
UNU/IIST Staff, Fellows and Visitors:
Staff: Tomasz Janowski, Chris George
1996 Fellows:
1. Wojciech I. Mostowski : 1 July - 4 October 1996, Poland
2. Isabel L. Cafezeiro: 3 August 1996 -- 31 August 1996, Brazil⁹
3. Yun Xiaochun, a fellow from Harbin Institute of Technology is due to arrive 1 January 1997 for a 9 months fellowship.
4. Vladimir Zadorozny, a fellow from Russian Federation should arrive beginning 1997 for 9 months.
Output: Software has been created (from RSL specifications) for automatic translation of a class of equational specifications into transition systems (for graphical viewing) or process descriptions. Reports are currently written.
Planned Activities:
Activities have been initiated which correspond to the study of:
1. Distribution transparencies - common features of the distributed platforms that aim to free application designers from the difficulties of writing software for distributed, heterogeneous environments. We want to show how to specify transparencies and how to use syntactic transformations to formally verify them. This is to allow for the common treatment of different transparencies, for the use of standard techniques for provable correctness (with their tool support) and for the composition of transparencies.
2. Extending the IDL descriptions by the axioms of two kinds: representing the effects of one-step invocations of interface functions (as equations) and representing the properties that need to hold between the invocations (as modal or temporal properties). We see the promise of using the first for the formal verification (off-line) and the second, especially useful for the legacy systems, for on-line `safety' checks. Such on-line checks would be performed by the model-checking engine, generated as part of the IDL translation. We also want to study the use of model-checking for automatic discovery of services, via interface repositories or white (naming) or yellow (trading) pages.
3. ODP (Open Distributed Processing) and how category theory can provide the `neutral' and most abstract formalization of its viewpoint languages and modeling concepts allowing e.g. to formally address the issue of conformance. This conformance would allow for interoperability between, not only within distributed platforms.

REALM:

Spatial Data Types and Spatial Map Generalization [47][48][49].

Synopsis: This project deals with Map Generalization and the GIS-related problem of the automatic extraction of the essence of otherwise detailed graphics.
Period: 1.6.95 - 5.8.96
Budget provision and status of expenditures:
100% funded by UNU/IIST. Expenditures until end 1996 were:
1. Staff costs for 1996 : US$5,000
2. Fellowship and training: US$2,400
3. Overhead costs (equipment, books, etc.): US$2,400
UNU/IIST Staff, Fellows and Visitors:
Staff: Dang Van Hung and Tomasz Janowski
1996 Fellow:
1. Ngo Quoc Tao : 1 June 1995 -- 5 August 1996 VietNam¹⁰

GaDIIS:

Software Technology for Agenda'21: Decision Support Systems for Sustainable Development [50].

Synopsis: This `project' is a spin-off of the similarly named event. See section 4.2.
Period: March 1995-December 1996
Budget provision and status of expenditures:
100% funded by UNU/IIST.
1. Staff costs for 1996 : US$10,000
2. Fellowship and training: US$4,800
3. Overhead costs (equipment, books, etc.): US$4,600
UNU/IIST Staff, Fellows and Visitors:
Staff: Dines Bjørner
1996 Fellows:
1. Mohammad Rais, 1 June 1995 -- 31 March 1996, India¹¹
Partner Institutions:
1. Geography Institutes of the Academia Sinica and the GuangDong Academy of Science
2. GIS Department, Hong Kong University
3. African Informatics Research Group

2.2.8 Lecture Notes in Software Development

In all of the projects of section 2.2 UNU/IIST deploys and, in a sense enlarges upon the RAISE Method. In addition the Director is currently trying to put together a compendium on the "enlargement" [51] LSD: Logical Systems Development. A synopsis of this compendium can be found in [52] which gives a personal account of UNU/IIST's R&D projects.

info@iist.unu.edu, February 1997

Annual Report 1996