Showing papers on "Specification language published in 2013"

Why3: where programs meet provers

Abstract: We present Why3, a tool for deductive program verification, and WhyML, its programming and specification language. WhyML is a first-order language with polymorphic types, pattern matching, and inductive predicates. Programs can make use of record types with mutable fields, type invariants, and ghost code. Verification conditions are discharged by Why3 with the help of various existing automated and interactive theorem provers. To keep verification conditions tractable and comprehensible, WhyML imposes a static control of aliases that obviates the use of a memory model. A user can write WhyML programs directly and get correct-by-construction OCaml programs via an automated extraction mechanism. WhyML is also used as an intermediate language for the verification of C, Java, or Ada programs. We demonstrate the benefits of Why3 and WhyML on non-trivial examples of program verification.

Syntax-guided synthesis

Abstract: The classical formulation of the program-synthesis problem is to find a program that meets a correctness specification given as a logical formula. Recent work on program synthesis and program optimization illustrates many potential benefits of allowing the user to supplement the logical specification with a syntactic template that constrains the space of allowed implementations. Our goal is to identify the core computational problem common to these proposals in a logical framework. The input to the syntax-guided synthesis problem (SyGuS) consists of a background theory, a semantic correctness specification for the desired program given by a logical formula, and a syntactic set of candidate implementations given by a grammar. The computational problem then is to find an implementation from the set of candidate expressions so that it satisfies the specification in the given theory. We describe three different instantiations of the counter-example-guided-inductive-synthesis (CEGIS) strategy for solving the synthesis problem, report on prototype implementations, and present experimental results on an initial set of benchmarks.

A new skill based robot programming language using UML/P Statecharts

Abstract: This paper introduces the new robot programming language LightRocks(Light Weight Robot Coding for Skills), a domain specific language (DSL) for robot programming. The language offers three different level of abstraction for robot programming. On lowest level skills are coded by domain experts. On a more abstract level these skills are supposed to be combined by shop floor workers or technicians to define tasks. The language is designed to allow as much flexibility as necessary on the lowest level of abstraction and is kept as simple as possible with the more abstract layers. A Statechart like model is used to describe the different levels of detail. For this we apply the UML/P and the language workbench MontiCore. To this end we are able to generate code while hiding controller specific implementation details. In addition the development in LightRocks is supported by a generic graphical editor implemented as an Eclipse plugin.

OCRA: a tool for checking the refinement of temporal contracts

Abstract: Contract-based design enriches a component model with properties structured in pairs of assumptions and guarantees. These properties are expressed in term of the variables at the interface of the components, and specify how a component interacts with its environment: the assumption is a property that must be satisfied by the environment of the component, while the guarantee is a property that the component must satisfy in response. Contract-based design has been recently proposed in many methodologies for taming the complexity of embedded systems. In fact, contract-based design enables stepwise refinement, compositional verification, and reuse of components. However, only few tools exist to support the formal verification underlying these methods. OCRA (Othello Contracts Refinement Analysis) is a new tool that provides means for checking the refinement of contracts specified in a linear-time temporal logic. The specification language allows to express discrete as well as metric real-time constraints. The underlying reasoning engine allows checking if the contract refinement is correct. OCRA has been used in different projects and integrated in CASE tools.

Monitoring properties of analog and mixed-signal circuits

Abstract: In this paper, we present a comprehensive overview of the property-based monitoring framework for analog and mixed-signal systems. Our monitoring approach is centered around the Signal Temporal Logic (Stl) specification language, and is implemented in a stand-alone monitoring tool (Amt). We apply this property-based methodology to two industrial case studies and briefly present some recent extensions of Stl that were motivated by practical needs of analog designers.

On Sound Compilation of Reals

Abstract: Writing accurate numerical software is hard because of many sources of unavoidable uncertainties, including finite numerical precision of implementations. We present a programming model where the user writes a program in a real-valued implementation and specification language that explicitly includes different types of uncertainties. We then present a compilation algorithm that generates a conventional implementation that is guaranteed to meet the desired precision with respect to real numbers. Our verification step generates verification conditions that treat different uncertainties in a unified way and encode reasoning about floating-point roundoff errors into reasoning about real numbers. Such verification conditions can be used as a standardized format for verifying the precision and the correctness of numerical programs. Due to their often non-linear nature, precise reasoning about such verification conditions remains difficult. We show that current state-of-the art SMT solvers do not scale well to solving such verification conditions. We propose a new procedure that combines exact SMT solving over reals with approximate and sound affine and interval arithmetic. We show that this approach overcomes scalability limitations of SMT solvers while providing improved precision over affine and interval arithmetic. Using our initial implementation we show the usefullness and effectiveness of our approach on several examples, including those containing non-linear computation.

Toward the implementation of a topic specific dialogue based natural language chatbot as an undergraduate advisor

Abstract: In this work, we explain the design of a chat robot that is specifically tailored for providing FAQBot system for university students and with the objective of an undergraduate advisor in student information desk. The chat robot accepts natural language input from users, navigates through the Information Repository and responds with student information in natural language. In this paper, we model the Information Repository by a connected graph where the nodes contain information and links interrelates the information nodes. The design semantics includes AIML (Artificial Intelligence Mark up Language) specification language for authoring the information repository such that chat robot design separates the information repository from the natural language interface component. Correspondingly, in the experiment, we constructed three experimental systems (a pure dialog systems associated with natural language knowledge based entries, a domain knowledge systems engineered with information content and a hybrid system, combining dialog and domain knowledge). Consequently, the information repository can easily be modified and focussed on particular topic without recreating the code design. Experimental parameters and outcome suggests that topic specific dialogue coupled with conversational knowledge yield the maximum dialogue session than the general conversational dialogue.

mosaik - A modular platform for the evaluation of agent-based Smart Grid control

Abstract: Smart Grids rely on the use of ICT for managing large numbers of active components and sensors to keep demand and generation of electricity at equilibrium while operating multiple resources within their operational limits. Due to the distributed nature of these resources, their heterogeneity as well as their sheer number, is a challenging task. Control strategies as well as novel paradigms need to be developed and thoroughly evaluated through extensive simulations. In order to yield scientifically sound and reliable results, these simulations have to rely on valid and (ideally) established models, e.g., from industry. Therefore, it is desirable to reuse these models as often as possible by combining them into new, potentially large-scale test scenarios. The introduced mosaik framework presents a flexible architecture as well as a powerful modeling and specification language to automate the process of composing existing models and simulation platforms into large-scale simulation scenarios.

Common specification language for static and dynamic analysis of C programs

Abstract: Various combinations of static and dynamic analysis techniques were recently shown to be beneficial for software verification. A frequent obstacle to combining different tools in a completely automatic way is the lack of a common specification language. Our work proposes to translate a Pre-Post based specification into executable C code. This paper presents e-acsl, subset of the acsl specification language for C programs, and its automatic translator into C implemented as a Frama-C plug-in. The resulting C code is executable and can be used by a dynamic analysis tool. We illustrate how the PathCrawler test generation tool automatically treats such pre- and postconditions specified as C functions.

Methods to explore design space for MPEG RMC codec specifications

Abstract: The recent MPEG Reconfigurable Media Coding (RMC) standard aims at defining media processing specifications (e.g. video codecs) in a form that abstracts from the implementation platform, but at the same time is an appropriate starting point for implementation on specific targets. To this end, the RMC framework has standardized both an asynchronous dataflow model of computation and an associated specification language. Either are providing the formalism and the theoretical foundation for multimedia specifications. Even though these specifications are abstract and platform-independent the new approach of developing implementations from such initial specifications presents obvious advantages over the approaches based on classical sequential specifications. The advantages appear particularly appealing when targeting the current and emerging homogeneous and heterogeneous manycore or multicore processing platforms. These highly parallel computing machines are gradually replacing single-core processors, particularly when the system design aims at reducing power dissipation or at increasing throughput. However, a straightforward mapping of an abstract dataflow specification onto a concurrent and heterogeneous platform does often not produce an efficient result. Before an abstract specification can be translated into an efficient implementation in software and hardware, the dataflow networks need to be partitioned and then mapped to individual processing elements. Moreover, system performance requirements need to be accounted for in the design optimization process. This paper discusses the state of the art of the combinatorial problems that need to be faced at this design space exploration step. Some recent developments and experimental results for image and video coding applications are illustrated. Both well-known and novel heuristics for problems such as mapping, scheduling and buffer minimization are investigated in the specific context of exploring the design space of dataflow program implementations.

The Distributed Ontology, Modeling and Specification Language.

Abstract: There is a diversity of ontology languages in use, among them OWL, RDF, OBO, Common Logic, and F-logic. Related languages such as UML class diagrams, entity-relationship diagrams and object role modelling provide bridges from ontology modelling to applications, e.g. in software engineering and databases. Another diversity appears at the level of ontology modularity and relations among ontologies. There is ontology matching and alignment, module extraction, interpolation, ontologies linked by bridges, interpretation and refinement, and combination of ontologies. The Distributed Ontology, Modelling and Specification Language (DOL) aims at providing a unified meta language for handling this diversity. In particular, DOL provides constructs for (1) “as-is” use of ontologies formulated in a specific ontology language, (2) ontologies formalised in heterogeneous logics, (3) modular ontologies, and (4) links between ontologies. This paper sketches the design of the DOL language. DOL will be submitted as a proposal within the OntoIOp (Ontology Integration and Interoperability) standardisation activity of the Object Management Group (OMG).

Verifying conformance of multi-agent commitment-based protocols

Abstract: Although several approaches have been proposed to specify multi-agent commitment-based protocols that capture flexible and rich interactions among autonomous and heterogeneous agents, very few of them synthesize their formal specification and automatic verification in an integrated framework. In this paper, we present a new logic-based language to specify commitment-based protocols, which is derived from ACTL^*^c, a logic extending CTL^* with modalities to represent and reason about social commitments and their actions. We present a reduction technique that formally transforms the problem of model checking ACTL^*^c to the problem of model checking GCTL^* (an extension of CTL^* with action formulae). We prove that the reduction technique is sound and we fully implement it on top of the CWB-NC model checker to automatically verify the NetBill protocol, a motivated and specified example in the proposed specification language. We also apply the proposed technique to check the compliance of another protocol: the Contract Net protocol with given properties and report and discuss the obtained results. We finally develop a new symbolic algorithm to perform model checking dedicated to the proposed logic.

High-Level Mission Specification and Planning for Collaborative Unmanned Aircraft Systems Using Delegation

Abstract: Automated specification, generation and execution of high level missions involving one or more heterogeneous unmanned aircraft systems is in its infancy. Much previous effort has been focused on the development of air vehicle platforms themselves together with the avionics and sensor subsystems that implement basic navigational skills. In order to increase the degree of autonomy in such systems so they can successfully participate in more complex mission scenarios such as those considered in emergency rescue that also include ongoing interactions with human operators, new architectural components and functionalities will be required to aid not only human operators in mission planning, but also the unmanned aircraft systems themselves in the automatic generation, execution and partial verification of mission plans to achieve mission goals. This article proposes a formal framework and architecture based on the unifying concept of delegation that can be used for the automated specification, generation and execution of high-level collaborative missions involving one or more air vehicles platforms and human operators. We describe an agent-based software architecture, a temporal logic-based mission specification language, a distributed temporal planner and a task specification language that when integrated provide a basis for the generation, instantiation and execution of complex collaborative missions on heterogeneous air vehicle systems. A prototype of the framework is operational in a number of autonomous unmanned aircraft systems developed in our research lab.

Integrating discrete controller synthesis into a reactive programming language compiler

Abstract: We define a mixed imperative/declarative programming language: declarative contracts are enforced upon imperatively described behaviors. This paper describes the semantics of the language, making use of the notion of Discrete Controller Synthesis (DCS). We target the application domain of adaptive and reconfigurable systems: our language can serve programming closed-loop adaptation controllers, enabling flexible execution of functionalities w.r.t. changing resource and environment conditions. DCS is integrated into a1 programming language compiler, which facilitates its use by users and programmers, performing executable code generation. The tool is concretely built upon the basis of a reactive programming language compiler, where the nodes describe behaviors that can be modeled in terms of transition systems. Our compiler integrates this with a DCS tool, making it a new environment for formal methods. We define the trace semantics of our contracts language, describe its compilation and establish its correctness, and discuss implementation and examples.

TSL: A System for Generating Abstract Interpreters and its Application to Machine-Code Analysis

Abstract: This article describes the design and implementation of a system, called TSL (for Transformer Specification Language), that provides a systematic solution to the problem of creating retargetable tools for analyzing machine code. TSL is a tool generator---that is, a metatool---that automatically creates different abstract interpreters for machine-code instruction sets.The most challenging technical issue that we faced in designing TSL was how to automate the generation of the set of abstract transformers for a given abstract interpretation of a given instruction set. From a description of the concrete operational semantics of an instruction set, together with the datatypes and operations that define an abstract domain, TSL automatically creates the set of abstract transformers for the instructions of the instruction set. TSL advances the state-of-the-art in program analysis because it provides two dimensions of parameterizability: (i) a given analysis component can be retargeted to different instruction sets; (ii) multiple analysis components can be created automatically from a single specification of the concrete operational semantics of the language to be analyzed.TSL is an abstract-transformer-generator generator. The article describes the principles behind TSL, and discusses how one uses TSL to develop different abstract interpreters.

Assessing requirements-related risks through probabilistic goals and obstacles

Abstract: Requirements completeness is among the most critical and difficult software engineering challenges. Missing requirements often result from poor risk analysis at requirements engineering time. Obstacle analysis is a goal-oriented form of risk analysis aimed at anticipating exceptional conditions in which the software should behave adequately. In the identify-assess-control cycles of such analysis, the assessment step is not well supported by existing techniques. This step is concerned with evaluating how likely the obstacles to goals are and how likely and severe their consequences are. Those key factors drive the selection of most appropriate countermeasures to be integrated in the system goal model for increased completeness. Moreover, obstacles to probabilistic goals are currently not supported; such goals prescribe that some corresponding target property should be satisfied in at least X % of the cases. The paper presents a probabilistic framework for goal specification and obstacle assessment. The specification language for goals and obstacles is extended with a probabilistic layer where probabilities have a precise semantics grounded on system-specific phenomena. The probability of a root obstacle to a goal is thereby computed by up-propagation of probabilities of finer-grained obstacles through the obstacle refinement tree. The probability and severity of obstacle consequences is in turn computed by up-propagation from the obstructed leaf goals through the goal refinement graph. The paper shows how the computed information can be used to prioritize obstacles for countermeasure selection toward a more complete and robust goal model. A detailed evaluation of our framework on a non-trivial carpooling support system is also reported.

Lineal: A linear-algebraic lambda-calculus

Abstract: We provide a computational definition of the notions of vector space and bilinear functions. We use this result to introduce a minimal language combining higher-order computation and linear algebra. This language extends the Lambda-calculus with the possibility to make arbitrary linear combinations of terms alpha.t + beta.u. We describe how to "execute" this language in terms of a few rewrite rules, and justify them through the two fundamental requirements that the language be a language of linear operators, and that it be higher-order. We mention the perspectives of this work in the field of quantum computation, whose circuits we show can be easily encoded in the calculus. Finally, we prove the confluence of the entire calculus.

A Compositional Model for the Formal Specification of User Interface Software

Abstract: This thesis investigates abstractions for modelling user interface software, discussingtheir content and their formal representation. Specifically, it focuses on a class ofmodels, called formal interactor models, that incorporate some of the structure of theuser interface software. One such abstract model is put forward. This model is calledthe Abstraction-Display-Controller (ADC) interactor model; its definition draws fromresearch into user interface architectures and from earlier approaches to the formalspecification of user interfaces.The ADC formal interactor model is specified using a specification language calledLOTOS. Several small scale examples and a sizeable specification case studydemonstrate its use. A more rigorous discussion of the ADC model documents itsproperties as a representation scheme. The ADC interactor is compositional, meaningthat as a concept and as a representation scheme it applies both to the user interface as awhole and also to its components. This property is preserved when interactors arecombined to describe more complex entities or, conversely, when an interactor isdecomposed into smaller scale interactors. The compositionality property is formulatedin terms of some theorems which are proven. A discussion on the uses of the ADCmodel shows that it provides a framework for integrating existing research results in theverification of formally specified user interface software. Finally, the thesis proposes aconceptual and formal framework for relating interface models to models of users’ taskknowledge capturing some intuitions underlying task based design approaches.

BLESS: Formal Specification and Verification of Behaviors for Embedded Systems with Software

Abstract: Recent experience in the avionics sector has demonstrated the benefits of using rigorous system architectural models, such as those supported by the standard Architectural and Analysis Definition Language (AADL), to ensure that multi-organization composition and integration tasks are successful. Despite its ability to capture interface signatures and system properties, such as scheduling periods and communication latencies as model attributes, AADL lacks a formal interface specification language, a formal semantics for component behavioral descriptions, and tools for reasoning about the compliance of behaviors to interface contracts. In this paper we introduce the Behavioral Language for Embedded Systems with Software (BLESS)—a behavioral interface specification language and proof environment for AADL. BLESS enables engineers to specify contracts on AADL components that capture both functional and timing properties. BLESS provides a formal semantics for AADL behavioral descriptions and automatic generation of verification conditions that, when proven by the BLESS proof tool, establish that behavioral descriptions conform to AADL contracts. We report on the application of BLESS to a collection of embedded system examples, including definition of multiple modes of a pacemaker.

Specification of Cyber-Physical Components with Formal Semantics --- Integration and Composition

Abstract: Model-Based Engineering of Cyber-Physical Systems CPS needs correct-by-construction design methodologies, hence CPS modeling languages require mathematically rigorous, unambiguous, and sound specifications of their semantics. The main challenge is the formalization of the heterogeneous composition and interactions of CPS systems. Creating modeling languages that support both the acausal and causal modeling approaches, and which has well-defined and sound behavior across the heterogeneous time domains is a challenging task. In this paper, we discuss the difficulties and as an example develop the formal semantics of a CPS-specific modeling language called CyPhyML. We formalize the structural semantics of CyPhyML by means of constraint rules and its behavioral semantics by defining a semantic mapping to a language for differential algebraic equations. The specification language is based on an executable subset of first-order logic, which facilitates model conformance checking, model checking and model synthesis.

GoalSPEC: A Goal Specification Language Supporting Adaptivity and Evolution

Abstract: The characteristic of being autonomous and proactive makes the agents able to explore a wide solution space, that dynamically changes or contains uncertainty. We propose a language for describing system goals that may be injected at run-time into the system. The novelty of our approach consists in decoupling the business goals what is expected and their implementation how to address the desired behavior. Indeed relieving the tension between 'what' and 'how' provides more degrees of freedom to the system. On the occurrence, agents of our system may exploit their features mainly autonomy and proactivity, but also learning and planning for getting benefits from a wider solution space. The result is that the system behavior may adapt to the current operating conditions. Moreover, the injection mechanism contributes to reduce the effort in evolving the system. This paper focuses on the goal specification language that is the base for enabling both adaptivity and evolution.

Software requirements specification analysis using natural language processing technique

Abstract: Understanding software requirements has been widely acknowledged as a crucial task in software development projects. This problem emerges since software requirements, which are originally specified using a particular natural language, are often ambiguous and incomplete. The condition will be completely different if the requirements are specified using formal language in which ambiguity and incompleteness could be obviously found and thus quickly anticipated. Transforming “natural” software requirements into a more formal specification may therefore reduce their ambiguity and incompleteness. This paper hence proposes a method to transform software requirements specified in a natural language to formal specification (in this context is object-oriented specification). The proposed method uses natural language processing technique.

Towards an Attribute Based Constraints Specification Language

Abstract: Recently, attribute based access control (ABAC) has received considerable attention from the security community for its policy flexibility and dynamic decision making capabilities. In ABAC, authorization decisions are based on various attributes of entities involved in the access (e.g., users, subjects, objects, context, etc.). In an ABAC system, correct attribute assignment to different entities is necessary for ensuring appropriate access. Although considerable research has been conducted on ABAC, so far constraints specification on attribute assignment to entities has not been systematically studied in the literature. In this paper, we propose an attribute-based constraints specification language(ABCL) for expressing a variety of constraints on values that different attributes of various entities in the system can take. ABCL can be used to specify constraints on a single attribute or across multiple attributes of a particular entity. Furthermore, constraints on attributes assignment across multiple entities (e.g., attributes of different users) can also be specified. Finally, we demonstrate the usefulness of ABCL in practical usage scenarios including banking domains.

Efficient Runtime Monitoring with Metric Temporal Logic: A Case Study in the Android Operating System

Abstract: We present a design and an implementation of a security policy specification language based on metric linear-time temporal logic (MTL). MTL features temporal operators that are indexed by time intervals, allowing one to specify timing-dependent security policies. The design of the language is driven by the problem of runtime monitoring of applications in mobile devices. A main case the study is the privilege escalation attack in the Android operating system, where an app gains access to certain resource or functionalities that are not explicitly granted to it by the user, through indirect control flow. To capture these attacks, we extend MTL with recursive definitions, that are used to express call chains betwen apps. We then show how the metric operators of MTL, in combination with recursive definitions, can be used to specify policies to detect privilege escalation, under various fine grained constraints. We present a new algorithm, extending that of linear time temporal logic, for monitoring safety policies written in our specification language. The monitor does not need to store the entire history of events generated by the apps, something that is crucial for practical implementations. We modified the Android OS kernel to allow us to insert our generated monitors modularly. We have tested the modified OS on an actual device, and show that it is effective in detecting policy violations.

Logical provenance in data-oriented workflows?

Abstract: We consider the problem of defining, generating, and tracing provenance in data-oriented workflows, in which input data sets are processed by a graph of transformations to produce output results. We first give a new general definition of provenance for general transformations, introducing the notions of correctness, precision, and minimality. We then determine when properties such as correctness and minimality carry over from the individual transformations' provenance to the workflow provenance. We describe a simple logical-provenance specification language consisting of attribute mappings and filters. We provide an algorithm for provenance tracing in workflows where logical provenance for each transformation is specified using our language. We consider logical provenance in the relational setting, observing that for a class of Select-Project-Join (SPJ) transformations, logical provenance specifications encode minimal provenance. We have built a prototype system supporting the features and algorithms presented in the paper, and we report a few preliminary experimental results.

Monitoring of Temporal First-Order Properties with Aggregations

Abstract: Compliance policies often stipulate conditions on aggregated data. Current policy monitoring approaches are limited in the kind of aggregations that they can handle. We rectify this as follows. First, we extend metric first-order temporal logic with aggregation operators. This extension is inspired by the aggregation operators common in database query languages like SQL. Second, we provide a monitoring algorithm for this enriched policy specification language. Finally, we experimentally evaluate our monitor’s performance.

Safety analysis integration in a SysML-based complex system design process

Abstract: Model-based system engineering is an efficient approach to specifying, designing, simulating and validating complex systems. This approach allows errors to be detected as soon as possible in the design process, and thus reduces the overall cost of the product. Uniformity in a system engineering project, which is by definition multidisciplinary, is achieved by expressing the models in a common modeling language such as SysML. This paper presents an approach to integrate safety analysis in SysML at early stages in the design process of safety-critical systems. Qualitative analysis is performed through functional as well as behavioral safety analysis and strengthened by formal verification method. This approach is applied to a real-life avionic system and contributes to the integration of formal models in the overall safety and systems engineering design process of complex systems.

Making domain-specific hardware synthesis tools cost-efficient

Abstract: Tools to design hardware at a high level of abstraction promise software-like productivity for hardware designs. Among them, tools like Spiral, HDL Coder, Optimus and MMAlpha target specific application domains and produce highly efficient implementations from high-level input specifications in a Domain Specific Language (DSL). But, developing similar domain-specific High-Level Synthesis (HLS) tools need enormous effort, which might offset their many advantages. In this paper, we propose a novel, cost-effective approach to develop domain-specific HLS tools. We develop the HLS tool by embedding its input DSL in Scala and using Lightweight Modular Staging (LMS), a compiler framework written in Scala, to perform optimizations at different abstraction levels. For example, to optimize computation on matrices, some optimizations are more effective when the program is represented at the level of matrices while others are better applied at the level of individual matrix elements. To illustrate the proposed approach, we create an HLS flow to automatically generate efficient hardware implementations of matrix expressions described in our own high-level specification language. Although a simple example, it shows how easy it is to reuse modules across different HLS flows and to integrate our flow with existing tools like LegUp, a C-to-RTL compiler, and FloPoCo, an arithmetic core generator. The results reveal that our approach can simultaneously achieve high productivity and design quality with a very reasonable tool development effort.

Capturing Motion in ISO-SpaceBank

Abstract: This paper presents the first description of the motion subcorpus of ISO-SpaceBank (MotionBank) and discusses how motion-events are represented in ISO-Space 1.5, a specification language for the representation of spatial information in language. We present data from this subcorpus with examples from the pilot annotation, focusing specifically on the annotation of motion-events and their various participants. These data inform further discussion of outstanding issues concerning semantic annotation, such as quantification and measurement. We address these questions briefly as they impact the design of ISO-Space.