--- a/index.html Sat Sep 07 15:04:15 2019 +0100
+++ b/index.html Fri Sep 20 11:12:38 2019 +0100
@@ -14,7 +14,6 @@
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
-
</script>
</HEAD>
@@ -23,12 +22,13 @@
LINK="#0000EF"
VLINK="#51188E"
ALINK="#FF0000">
+<font face='Tahoma'>
<TABLE WIDTH="100%"
BGCOLOR="#4169E1"
BORDER="0"
FRAME="border"
- CELLPADDING="10"
+ CELLPADDING="11"
CELLSPACING="2"
RULES="all">
@@ -201,8 +201,8 @@
<TR>
<TD BGCOLOR="#FFFFFF" WIDTH="75%">
<B>Nominal Isabelle</B>
-I currently work on Nominal
-<A HREF="http://isabelle.in.tum.de">Isabelle</A> 2. This is joint work with
+I am the main developer of Nominal
+<A HREF="http://isabelle.in.tum.de">Isabelle</A>. This is joint work with
<A HREF="http://www21.in.tum.de/~berghofe/">Dr Stefan Berghofer</A>,
<A HREF="http://sketis.net/">Dr Markus Wenzel</A>,
<A HREF="http://cl-informatik.uibk.ac.at/users/cek/">Dr Cezary Kaliszyk</A>,
@@ -210,22 +210,69 @@
the Isabelle-team in Munich.
Many of the theoretical ideas originate from the nominal logic project - a wonderful project headed
by <A HREF="http://www.cl.cam.ac.uk/~amp12/">Prof. Andrew Pitts</A>.
-The aim of my work is to make formal reasoning involving binders as simple as
+The aim with this work is to make formal reasoning involving binders as simple as
on paper and the hope is to lure
<A HREF="http://alliance.seas.upenn.edu/~plclub/cgi-bin/poplmark/index.php?title=The_POPLmark_Challenge#Vision">masses</A> to automated
theorem proving. My funding for this work was provided in 2004 and 2005 by a research
fellowship from the
<A HREF="http://en.wikipedia.org/wiki/Alexander_von_Humboldt">Alexander-von-Humboldt</A>
<A HREF="http://www.humboldt-foundation.de/web/home.html">foundation</A>. During this time I was a visitor in the group of
-<A HREF="http://www.mathematik.uni-muenchen.de/~schwicht/">Prof. Helmut Schwichtenberg</A>.
-Since 2006 this work is supported by an
+<A HREF="http://www.mathematik.uni-muenchen.de/~schwicht/">Prof. Helmut Schwichtenberg</A> in Munich.
+Between 2006 and 2011 this work is supported by an
<A HREF="http://en.wikipedia.org/wiki/Emmy_Noether">Emmy-Noether</A>
-<A HREF="https://www.dfg.de/en/research_funding/programmes/individual/emmy_noether/">fellowship</A>.
+<A HREF="https://www.dfg.de/en/research_funding/programmes/individual/emmy_noether/">fellowship</A> at the TUM.
There is a <A HREF="https://nms.kcl.ac.uk/christian.urban/Nominal/">webpage</A> about Nominal
Isabelle, which also includes a list of projects that use Nominal Isabelle.
Users of Nominal Isabelle had their papers appearing at LICS, POPL, FOSSACS, SOS, TPHOLs, CPP, SEFM,
the Haskell Symposium and
-in the Journal of Automated Reasoning.
+in the Journal of Automated Reasoning. Nowadays, Nominal Isabelle 2 is part of the <A HREF="https://www.isa-afp.org">Archive of Formal Proofs</A>.
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="#FFFFFF" WIDTH="75%">
+<B>Real-Time Scheduling and Priority Inheritance</B>
+ In real-time operating systems with processes, resource locking and
+ priority scheduling, one faces the problem of
+ <A HREF="http://en.wikipedia.org/wiki/Priority_inversion">priority inversion</A> (processes
+ with lower priority block processes with higher priority indefinitely). If you do not prevent this problem,
+ then processes can behave erratically, as <A HREF="http://www.nasa.gov">NASA</A> found out the
+ <A HREF="http://catless.ncl.ac.uk/Risks/19.54.html#subj6">hard</A> way with their first
+ <A HREF="http://www.nasa.gov/mission_pages/mars-pathfinder/index.html">Mars Pathfinder mission</A>.
+ The priority inheritance protocol is a widely used scheduling algorithm that prevents
+ priority inversion. However, the <A HREF="http://dx.doi.org/10.1109/12.57058">original paper</A>
+ describing this algorithm contains an incorrect algorithm and a bogus(!) correctness proof.
+
+ We formalised our version of the priority inheritance protocol, including a generalisation
+ of the original work (we allow overlapping critical sections) in the theorem prover
+ <A HREF="http://isabelle.in.tum.de">Isabelle</A>.
+
+ In our formalisation we use the inductive method we learned from
+ <A HREF="https://www.cl.cam.ac.uk/~lp15/">Prof. Larry Paulson</A>.
+ He used this method in order to prove the correctness of security
+ protocols. We have implemented our algorithm on top of the
+ the small <A HREF="https://en.wikipedia.org/wiki/Pintos">PINTOS</A>
+ operating system used for teaching (we passed all their test cases and were
+ faster than their reference implementation).
+
+
+ While the problem with the original algorithm was already known for some time, the incorrect
+ specification seems to be still widely in use and described in many textbooks on real-time operating systems,
+ including famous and rather expensive
+ ones. Feel free to decide whether they are worth your time and money. Task: Spot the problems in
+ <A href="https://www.amazon.com/Real-Time-Systems-Design-Analysis-Practitioner-ebook/dp/B0062LNOCW">here</A>,
+ <A href="https://www.amazon.co.uk/Real-Time-Concepts-Embedded-Systems-Qing/dp/1578201241">here</A>,
+ <A href="https://www.amazon.co.uk/Real-Time-Systems-Jane-W-Liu/dp/0130996513">here</A>,
+ <A href="https://www.springer.com/gp/book/9780792392118">here</A> and
+ <A href="https://www.os-book.com/OS9/">here</A>!
+ Alternatively, you can look at the quotes and pointers in our
+ <A HREF="http://nms.kcl.ac.uk/christian.urban/Publications/pip.pdf">paper</A>. A notable
+ exception is the <A HREF="https://www.springer.com/gp/book/9781461406754">textbook</A>
+ by Buttazzo, who gives the correct specification. Unfortunately, his work did not
+ help us with proving the correctness of the priority inheritance protocol.
+
+ This is joint work with Prof. Xingyuan Zhang and his student Chunhan Wu from the
+ <A HREF="http://www.ust.com.cn/">PLA University of Science and Technology</A> in Nanjing.
</TD>
</TR>
@@ -261,39 +308,6 @@
</TD>
</TR>
-<!--
-<TR>
-<TD BGCOLOR="#FFFFFF" WIDTH="75%">
-<B>Priority Inheritance</B>
- In real-time operating systems with processes, resource locking and
- priority scheduling, one faces the problem of indefinite
- <A HREF="http://en.wikipedia.org/wiki/Priority_inversion">priority inversion</A> (processes
- with lower priority block processes with higher priority). If you do not prevent this problem,
- then processes can behave quite erratically, as <A HREF="http://www.nasa.gov">NASA</A> found out the
- <A HREF="http://catless.ncl.ac.uk/Risks/19.54.html#subj6">hard</A> way with their
- <A HREF="http://www.nasa.gov/mission_pages/mars-pathfinder/index.html">Mars Pathfinder mission</A>.
- The priority inheritance protocol is a widely used scheduling algorithm that prevents
- priority inversion. However, the <A HREF="http://dx.doi.org/10.1109/12.57058">original paper</A>
- describing this algorithm contains an incorrect algorithm and a bogus correctness proof
- (this seems to be the only "proof" about priority inheritance in the literature).
-
- We formalised the priority inheritance protocol, including a generalisation
- of the original work.
-
- using the inductive method we learned from
- <A HREF="https://www.cl.cam.ac.uk/~lp15/">Prof. Larry Paulson</A>.
- While the problem with the original algorithm was already known, the incorrect
- specification seems to be still in use
-
- <A HREF="http://mcs.une.edu.au/%7Eiam/Data/threads/node15.html">here</A>
- <A HREF="http://ems2.be/Portals/6/course_docs/OS_pathfinder_failure.ppt">
-
- This is joint work with Prof. Xingyuan Zhang and his student Chunhan Wu from the
- <A HREF="http://www.ust.com.cn/">PLA University of Science and Technology</A> in Nanjing.
-</TD>
-</TR>
--->
-
<TR>
<TD BGCOLOR="#FFFFFF" WIDTH="75%">
<B>Nominal Unification and Alpha-Prolog</B>
@@ -370,7 +384,7 @@
</TABLE>
<P>
-Time-stamp: <- 2017-09-26 19:52:51 by Christian Urban>
<a href="https://validator.w3.org/check/referer">[Validate this page.]</a>
+</font>
</BODY>
</HTML>