<?xml version="1.0" encoding="utf-8"?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><HEAD><TITLE>Homepage of Christian Urban</TITLE><BASE HREF="https://nms.kcl.ac.uk/christian.urban/"><script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-4143458-4']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();</script></HEAD><BODY TEXT="#000000" BGCOLOR="#4169E1" LINK="#0000EF" VLINK="#51188E" ALINK="#FF0000"><font face='Optima'><TABLE WIDTH="100%" BGCOLOR="#4169E1" BORDER="0" FRAME="border" CELLPADDING="11" CELLSPACING="2" RULES="all"><!-- left column --><TR><TD BGCOLOR="#FFFFFF" WIDTH="24%" VALIGN="TOP" ROWSPAN="9"><B>Links</B><BR><A HREF="https://nms.kcl.ac.uk/christian.urban/index.html">Home</A><BR><A HREF="https://nms.kcl.ac.uk/christian.urban/publications.html">Publications</A><BR><A HREF="https://nms.kcl.ac.uk/christian.urban/teaching.html">Teaching</A><BR><A HREF="https://nms.kcl.ac.uk/christian.urban/travelling.html">Recent Talks</A><BR><A HREF="https://nms.kcl.ac.uk/christian.urban/Nominal/">Nominal Isabelle</A><BR><BR><B>Handy Information</B><BR><A HREF="https://nms.kcl.ac.uk/christian.urban/logic.html">People in Logic</A><BR> <A HREF="https://nms.kcl.ac.uk/christian.urban/programming.html">Programming Languages</A><BR> <A HREF="https://nms.kcl.ac.uk/christian.urban/misc.html">Miscellaneous</A><BR><BR><table border="0"><tr><td><A HREF="https://nms.kcl.ac.uk/christian.urban/Nominal/"><IMG SRC="nominal-logo.gif" ALT="" style="border-width: 0px;" align="left"></A></td></tr><tr><td><A HREF="https://nms.kcl.ac.uk/christian.urban/Cookbook/"><IMG SRC="Cookbook/logo-documentation.gif" ALT="" style="border-width: 0px;" align="left"></A></td></tr></table></TD><!-- right column --><TD BGCOLOR="#FFFFFF" WIDTH="75%"><A NAME="Home"></A><TABLE><TR><TD WIDTH="75%"><H1>Christian Urban</H1><B>E-mail</B> christian.urban <I>at</I> kcl ac uk<BR><BR><B>Address</B> <A HREF="http://www.kcl.ac.uk/nms/depts/informatics/">Department of Informatics</A>,<A HREF="http://www.kcl.ac.uk">King's College London</A>,Bush House, 30 Aldwych, London WC2B 4BG, UK. My office is 7.07 on the 7th floor, North Wing, of the Bush House. <BR></TD><TD align="right" valign="top"> <A HREF="https://nms.kcl.ac.uk/christian.urban/picture-small.jpg"><IMG ALT="" SRC="picture-small.jpg" align="top"></A></TD></TR></TABLE><p> <IMG SRC="new.gif" ALT="" style="" align="left"><A HREF="https://nms.kcl.ac.uk/christian.urban/Cookbook" target="_top">Isabelle Programming Tutorial</A> (draft of a 200-page tutorial on Isabelle programming - updated to <A HREF="http://isabelle.in.tum.de">Isabelle 2019</A> thanks to Norbert Schirmer)<BR><BR></TD></TR><TR><TD BGCOLOR="#FFFFFF" WIDTH="75%"><B>Current Position</B> Since 2011 I have been a lecturer in the Department of Informatics at King's College London.This is similar to a position of an assistant professor in other places. In 2011,I was also offered a lectureship <A HREF="http://www.it.uu.se/" TITLE="Uppsala">here</A>, an associate professorship <A HREF="http://en.itu.dk/" TITLE="ITU, Copenhagen">here</A>,and full professorships <A HREF="https://en.wikipedia.org/wiki/University_of_Science_and_Technology_of_China" TITLE="IAS, Suzhou">here</A> and <A HREF="https://en.wikipedia.org/wiki/East_China_Normal_University" TITLE="Shanghai">here</A>. I thank all people involved for their efforts.<P><B>Past Positions</B> In April 2006, I was awarded an <A HREF="http://en.wikipedia.org/wiki/Emmy_Noether">Emmy-Noether</A> <A HREF="https://www.dfg.de/en/research_funding/programmes/individual/emmy_noether/">fellowship</A>, which I held at the <A HREF="http://www.in.tum.de/en.html">TU Munich</A> untilSeptember 2011.Between September 2008 and February 2009, I was an invited research scientist in the <A HREF="http://www.cs.princeton.edu/">Department of Computer Science</A> in Princeton.In 2004/05 I was an Alexander-von-Humboldt fellow in Munich and from 2000 until 2004 I was awarded a Research Fellowship in Cambridge. Before thatI did my PhD in Cambridge funded by two scholarships from the German Academic Exchange Service (<A HREF="http://www.daad.de/index.html">DAAD</A>).<P><B>Skolem Award 2015</B> Together with<A HREF="http://www.pps.univ-paris-diderot.fr/~tasson/">Christine Tasson</A>, I was awarded a<A HREF="http://cadeinc.org/Skolem-Award">Thoralf Skolem Award</A>, a ten-year test-of-time award from CADE. This was for our <A HREF="https://nms.kcl.ac.uk/christian.urban/Publications/nom-cade-05.ps">paper</A> on Nominal Techniques in Isabelle/HOL from 2005. The Skolem Award award was given also to Nicolaas de Bruijn, Zohar Manna and Nachum Derschowitz, amongst others.<P><B>Research Interests</B> theorem provers, verification, programming languages, compilers, algorithms, security, proof theory, type systems, concurrency, lambda calculus, unification, regular expressions, computability, complexity, functional and logic programming.<P><B>Teaching</B> I usually enjoy teaching. At King's my students nominated me for the TeachingExcellence Award in2012, 2015, 2016 and 2017, and for the best MSc Project supervisor in 2015.In 2014 I received both prizes for Best UG Project Supervisor and for BestMSc Project Supervisor in the <A HREF="http://www.kcl.ac.uk/nms/index.aspx">NMS Faculty</A>.In 2020, I was again nominated for the King's Education Award with a very kind<A HREF="https://nms.kcl.ac.uk/christian.urban/nomination2021.pdf">citation</A> from a student.<P><B>Conferences</B>UNIF'06 (member of PC), <A HREF="http://www.cs.mcgill.ca/~bpientka/lfmtp07">LFMTP'07</A> (member of PC), LFMTP'08 (PC co-chair), <A HREF="http://www.cis.upenn.edu/~sweirich/wmm/">WMM'08</A> (member of PC),LSFA'08 (invited speaker),<A HREF="http://www.inf.kcl.ac.uk/staff/maribel/TAASN.html">TAASN'09</A> (member of PC),<A HREF="http://lsfa09.cic.unb.br/">LSFA'09</A> (member of PC),<A HREF="https://nms.kcl.ac.uk/christian.urban/Nominal/activities/tphols09/idw.html">IDW'09</A> (organiser),<A HREF="http://www.seas.upenn.edu/~sweirich/wmm/wmm09.html">WMM'09</A> (PC chair),<A HREF="https://nms.kcl.ac.uk/christian.urban/Nominal/activities/tphols09/">TPHOLs'09</A> (PC co-chair),<A HREF="http://dream.inf.ed.ac.uk/events/automatheo-2010/">Automatheo'10</A> (member of PC),<A HREF="http://www.floc-conference.org/">ITP'10</A> (member of PC),UNIF'10 (invited speaker),<A HREF="http://www.cis.upenn.edu/~bcpierce/wmm/">WMM'10</A> (invited speaker),<A HREF="https://nms.kcl.ac.uk/christian.urban/Nominal/activities/idw10/idw.html">IDW'10</A> (co-organiser),CPP'11 (member of PC),<A HREF="http://www.rdp2011.uns.ac.rs/rta/">RTA'11</A> (member of PC),<A HREF="http://lfmtp11.cs.umn.edu">LFMTP'11</A> (member of PC),<A HREF="http://www.cs.uwyo.edu/~ruben/itp-2014">ITP'14</A> (member of PC),<A HREF="http://www.cicm-conference.org/2015/cicm.php?event=mkm">MKM'15</A> (member of PC),<A HREF="https://nms.kcl.ac.uk/christian.urban/itp-2015/">ITP'15</A> (PC co-chair),<A HREF="https://itp2016.inria.fr">ITP'16</A> (member of PC)<A HREF="http://lsfa.cic.unb.br">LSFA'17</A> (member of PC)<A HREF="http://itp2017.cic.unb.br">ITP'17</A> (member of PC)<A HREF="https://itp19.cecs.pdx.edu">ITP'19</A> (member of PC)<A HREF="https://ijcar2020.org">IJCAR'20</A> (member of PC)<A HREF="http://easyconferences.eu/itp2021bid/">ITP'21</A> (member of PC)<A HREF="http://www.cs.cmu.edu/~mheule/CADE28/">CADE'21</A> (member of PC)<P><A HREF="https://nms.kcl.ac.uk/christian.urban/itp-2015/">ITP'15</A> took place in Nanjing organisedby Xingyuan Zhang and me<BR><p><B>Current PhD</B> Chengsong Tan<BR><B>Former PhD</B> Fahad Ausaf (works at ARM in the VHDL compiler team)<BR><B>Former RAs</B> Chunhan Wu, <A HREF="http://cl-informatik.uibk.ac.at/users/cek/">Cezary Kaliszyk</A>, <A HREF="http://dpt-info.u-strasbg.fr/~narboux/">Julien Narboux</A><p> If I am not teaching or not doing any research, I am sometimes in the lavender <A HREF="https://nms.kcl.ac.uk/christian.urban/family.jpg">fields</A> of London, or I do <A HREF="https://nms.kcl.ac.uk/christian.urban/c.jpg">model-shoots</A> far away, or I am assistant to the resident <A HREF="https://nms.kcl.ac.uk/christian.urban/s1.jpg">chief</A> <A HREF="https://nms.kcl.ac.uk/christian.urban/s2.jpg">paleontologist</A>.</TD></TR><TR><TD BGCOLOR="#FFFFFF" WIDTH="75%"><B>Nominal Isabelle</B> I am the main developer of Nominal <A HREF="http://isabelle.in.tum.de">Isabelle</A>. This is joint work with <A HREF="http://www21.in.tum.de/~berghofe/">Dr Stefan Berghofer</A>,<A HREF="http://sketis.net/">Dr Markus Wenzel</A>,<A HREF="http://cl-informatik.uibk.ac.at/users/cek/">Dr Cezary Kaliszyk</A>,<A HREF="http://user.it.uu.se/~tjawe125/">Dr Tjark Weber</A> and the Isabelle-team in Munich.Many of the theoretical ideas originate from the nominal logic project - a wonderful project headed by <A HREF="http://www.cl.cam.ac.uk/~amp12/">Prof. Andrew Pitts</A>. The aim with this work is to make formal reasoning involving binders as simple as on paper and the hope is to lure <A HREF="http://alliance.seas.upenn.edu/~plclub/cgi-bin/poplmark/index.php?title=The_POPLmark_Challenge#Vision">masses</A> to automatedtheorem proving. My funding for this work was provided in 2004 and 2005 by a research fellowship from the <A HREF="http://en.wikipedia.org/wiki/Alexander_von_Humboldt">Alexander-von-Humboldt</A><A HREF="https://www.humboldt-foundation.de">foundation</A>. During this time I was a visitor in the group of <A HREF="http://www.mathematik.uni-muenchen.de/~schwicht/">Prof. Helmut Schwichtenberg</A> in Munich.Between 2006 and 2011 this work is supported by an<A HREF="http://en.wikipedia.org/wiki/Emmy_Noether">Emmy-Noether</A> <A HREF="https://www.dfg.de/en/research_funding/programmes/individual/emmy_noether/">fellowship</A> at the TUM.There is a <A HREF="https://nms.kcl.ac.uk/christian.urban/Nominal/">webpage</A> about NominalIsabelle, which also includes a list of projects that use Nominal Isabelle.Users of Nominal Isabelle had their papers appearing at LICS, POPL, FOSSACS, SOS, TPHOLs, CPP, SEFM,the Haskell Symposium andin the Journal of Automated Reasoning. Nowadays, Nominal Isabelle 2 is part of the <A HREF="https://www.isa-afp.org">Archive of Formal Proofs</A>.</TD></TR><TR><TD BGCOLOR="#FFFFFF" WIDTH="75%"><B>Real-Time Scheduling and Priority Inheritance</B> In real-time operating systems with processes, resource locking and priority scheduling, one faces the problem of <A HREF="http://en.wikipedia.org/wiki/Priority_inversion">priority inversion</A> (processes with lower priority block processes with higher priority indefinitely). If you do not prevent this problem, then processes can behave erratically, as <A HREF="http://www.nasa.gov">NASA</A> found out the <A HREF="http://catless.ncl.ac.uk/Risks/19.54.html#subj6">hard</A> way with their first <A HREF="http://www.nasa.gov/mission_pages/mars-pathfinder/index.html">Mars Pathfinder mission</A>. The priority inheritance protocol is a widely used scheduling algorithm that prevents priority inversion. However, the <A HREF="http://dx.doi.org/10.1109/12.57058">original paper</A> describing this algorithm contains an incorrect algorithm and a bogus(!) correctness proof. We formalised our version of the priority inheritance protocol, including a generalisation of the original work (we allow overlapping critical sections) in the theorem prover <A HREF="http://isabelle.in.tum.de">Isabelle</A>. In our formalisation we use the inductive method we learned from <A HREF="https://www.cl.cam.ac.uk/~lp15/">Prof. Larry Paulson</A>. He used this method in order to prove the correctness of cryptographic protocols. We have implemented our algorithm on top of the the small <A HREF="https://en.wikipedia.org/wiki/Pintos">PINTOS</A> operating system used for teaching (we passed all their test cases and were faster than their reference implementation). While the problem with the original algorithm was already known for some time, the incorrect specification seems to be still widely in use and described in many textbooks on real-time operating systems, including famous and rather expensive ones. Feel free to decide whether they are worth your time and money. Task: Spot the problems in <A href="https://www.amazon.com/Real-Time-Systems-Design-Analysis-Practitioner-ebook/dp/B0062LNOCW">here</A>, <A href="https://www.amazon.co.uk/Real-Time-Concepts-Embedded-Systems-Qing/dp/1578201241">here</A>, <A href="https://www.amazon.co.uk/Real-Time-Systems-Jane-W-Liu/dp/0130996513">here</A>, <A href="https://www.springer.com/gp/book/9780792392118">here</A> and <A href="https://www.os-book.com/OS9/">here</A>! Alternatively, you can look at the quotes and pointers in our <A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/pip.pdf">paper</A>. A notable exception is the <A HREF="https://www.springer.com/gp/book/9781461406754">textbook</A> by Buttazzo, who gives the correct specification. Unfortunately, his work did not help us with proving the correctness of the priority inheritance protocol. This is joint work with Prof. Xingyuan Zhang and his student Chunhan Wu from the PLA University of Science and Technology in Nanjing. </TD></TR><TR><TD BGCOLOR="#FFFFFF" WIDTH="75%"><B>Myhill-Nerode and Regular Expressions</B> Out of frustration of having to teach reasoning in theorem provers with worn-out examples likefib and even/odd, we implemented a large part of regular language theory in Isabelle/HOL.This <A HREF="http://afp.sourceforge.net/devel-entries/Myhill-Nerode.shtml">implementation</A> gives rise to much more interesting examples, as shown <A HREF="http://www.cs.cmu.edu/~rwh/papers/regexp/jfp.pdf">here</A> and <A HREF="http://ropas.snu.ac.kr/~kwang/paper/06-jfp-yi.pdf">here</A>. It turns out thatformalisations of automata theory are a huge <A HREF="https://lists.cam.ac.uk/pipermail/cl-isabelle-users/2005-September/msg00012.html">pain</A> in theorem provers, especially in those that are based on HOL. We therefore went against the <A HREF="http://www.cs.cornell.edu/~kozen/papers/papers_by_year.htm#K97a">mainstream</A> and used in our formalisation regular expressions exclusively,because they are much more convenient for formal reasoning. The results weformalised include: the Myhill-Nerode theorem, the closure of regular languagesunder complementation, finiteness of derivatives of regular expressions and a surprising result about Subseq, which according to this <A HREF="http://blog.computationalcomplexity.org/2006/01/theorem-that-should-be-better-known.html">blog</A> should be better known. We also answered a<A HREF="http://blog.computationalcomplexity.org/2013/02/proving-dfa-langs-closed-under-concat.html">question</A> from the same blog about"proving Reg-exp-langs [being] closed under complementation without using equiv to DFA's"....yes we can!This is joint work with Prof. XingyuanZhang and his student Chunhan Wu from the PLA University of Science and Technology in Nanjing. My funding for this work came from the <A HREF="http://sinogermanscience.dfg.nsfc.cn/de/index.html">Chinese-German Research Centre</A>. </TD></TR><TR><TD BGCOLOR="#FFFFFF" WIDTH="75%"><B>Nominal Unification and Alpha-Prolog</B> <A HREF="https://nms.kcl.ac.uk/christian.urban/Unification">Nominal unification</A> is one outcome of my involvement in the nominal logic project in Cambridge. Another is the logic programming language alpha-Prolog (joint work with <A HREF="http://homepages.inf.ed.ac.uk/jcheney/">Dr James Cheney</A>), which uses nominal unification - click for details <A HREF="http://homepages.inf.ed.ac.uk/jcheney/programs/aprolog/">here</A>.The nominal unification algorithm has been <A HREF="https://nms.kcl.ac.uk/christian.urban/Unification">formally verified</A> in Isabelle. This was possible since this unification algorithm is formulated in a simple first-order language (unlike other algorithms for higher-order unification). <A HREF="https://nms.kcl.ac.uk/maribel.fernandez/">Prof. Maribel Fernandez</A> and her studentimproved the nominal unification algorithm to be quadratic. <A HREF="http://www.cs.indiana.edu/~dfried/">Prof. Daniel Friedman</A> and his group use nominal unification in their alpha-Kanren system implemented in Scheme. This work has also found its way into <A HREF="http://clojure.org">Clojure</A> as the <A HREF="https://github.com/clojure/core.logic/wiki/core.logic.nominal">core.logic.nominal</A> package.My funding for this work was provided through a research fellowship from <A HREF="http://www.corpus.cam.ac.uk">Corpus Christi College</A>, Cambridge. </TD></TR><TR><TD BGCOLOR="#FFFFFF" WIDTH="75%"><B>Classical Logic</B>I was Ph.D. student in the University of Cambridge <A HREF="http://www.cl.cam.ac.uk">Computer Laboratory</A>and for three years called Gonville and Caius College my home. I was very lucky to have <A HREF="https://labs.oracle.com/pls/apex/f?p=labs:bio:0:2044">Dr Gavin Bierman</A>as supervisor. My research in Cambridge was also very much influenced by <A HREF="http://www.dpmms.cam.ac.uk/~martin/">Prof. Martin Hyland</A>.Some details on my thesis "Classical Logic and Computation" are <A HREF="https://nms.kcl.ac.uk/christian.urban/PhD/index.html">elsewhere</A>, includinga <A HREF="https://nms.kcl.ac.uk/christian.urban/Cut/cutapplet.html">Java Applet</A> that 'visualises' some of the results from the thesis. I completed the writing ofthe thesis in <A HREF="http://iml.univ-mrs.fr/ldp/">Marseille</A> in the group of <A HREF="http://girard.perso.math.cnrs.fr/Accueil.html">Prof. Jean-Yves Girard</A>. My study in Cambridge was funded by two <A HREF="http://www.daad.de/index.html">scholarships</a> from the German government; my year in Marseille by a TMR-fellowship from the EU. My PhD was also one starting point for the EPSRC Project on the Semantics of Classical Proofs. The strong normalisation result in the PhD has been used in 2007 by <A HREF="https://jao2015.sciencesconf.org/conference/jao2015/pages/Claude_Kirchner.pdf">Prof. Claude Kirchner</A> and his students for proving consistency of their superdeduction system lemuridae.</TD></TR><TR><TD BGCOLOR="#FFFFFF" WIDTH="75%"><B>Forum</B> I implemented Forum, a programming language based on classical linear logic, as my M.Phil. thesis. This was joint work with <A HREF="https://st-andrews.academia.edu/RoyDyckhoff">Dr Roy Dyckhoff</A>. Details can be found <A HREF="https://rd.host.cs.st-andrews.ac.uk/logic/nonmac/">here</A> and<A HREF="http://www.lix.polytechnique.fr/Labo/Dale.Miller/forum/">here</A>. During myM.Phil study I spent one month in Philadelphia invited by <A HREF="http://www.lix.polytechnique.fr/~dale/">Prof. Dale Miller</A>.</TD></TR><TR><TD BGCOLOR="#FFFFFF" WIDTH="75%"><B>G4ip</B> An implementation of G4ip using the imperative language Pizza can be found <A HREF="https://nms.kcl.ac.uk/christian.urban/Prover/index.html">here</A>.<A HREF="http://pizzacompiler.sourceforge.net">Pizza</A>, written around 1996, is a conservative extension of Java and a precursor of Scala. My implementation illustrates the technique of success continuations in proof search. <B>Update:</B> This ancient work inspired<A HREF="http://rosien.net/">Adam Rosien</A> to re-surrect some parts of it in<A HREF="https://github.com/arosien/sequentish/blob/master/src/main/scala/net/rosien/sequentish/LJT.scala">Scala</A> [<A HREF="https://github.com/arosien/sequentish">github</A>, <A HREF="https://arosien.github.io/sequentish/slides.html#/">slides</A>]</TD></TR></TABLE><P><a href="https://validator.w3.org/check/referer">[Validate this page.]</a></font></BODY></HTML>