The aim of the Parsifal team is to develop and exploit proof theoryand type theoryin the specification and verification of computational systems.
Expertise: the team conducts basic research in proof theory and type theory. In particular, the team is developing results that help with automated deduction and with the manipulation and communication of formal proofs.
Design: based on experience with computational systems and theoretical results, the team develops new logical principles, new proof systems, and new theorem proving environments.
Implementation: the team builds prototype systems to help validate basic research results.
Examples: the design and implementation efforts are guided by examples of specification and verification problems. These examples not only test the success of the tools but also drive investigations into new principles and new areas of proof theory and type theory.
The foundational work of the team focuses on structuraland analyticproof theory, i.e., the study of formal proofs as algebraic and combinatorial structures and the study of proof systems as deductive and computational formalisms. The main focus in recent years has been the study of the sequent calculusand of the deep inferenceformalisms.
An important research question is how to reason about computational specifications that are written in a relationalstyle. To this end, the team has been developing new approaches to dealing with induction, coinduction, and generic quantification. A second important question is of canonicityin deductive systems, i.e., when are two derivations “essentially the same”? This crucial question is important not only for proof search, because it gives an insight into the structure and an ability to manipulate the proof search space, but also for the communication of proof objectsbetween different reasoning agents such as automated theorem provers and proof checkers.
Important application areas currently include:
Metatheoretic reasoning on functional programs, such as terms in the calculus
Reasoning about behaviors in systems with concurrency and communication, such as the calculus, game semantics, etc.
Combining interactive and automated reasoning methods for induction and coinduction
Verification of distributed, reactive, and realtime algorithms that are often specified using modal and temporal logics
Probabilistic and stochastic reasoning systems commonly used in security, networking, and biological domains
Vivek Nigam (PhD from Parsifal September 2009) was awarded an Alexander von Humboldt scholarship to join Martin Hoffman's group in LMU (Munich, Germany) for two years (20102012)
There are two broad approaches for computational specifications. In the computation as modelapproach, computations are encoded as mathematical structures containing nodes, transitions, and state. Logic is used to describethese structures, that is, the computations are used as models for logical expressions. Intensional operators, such as the modals of temporal and dynamic logics or the triples of Hoare logic, are often employed to express propositions about the change in state.
The computation as deductionapproach, in contrast, expresses computations logically, using formulas, terms, types, and proofs as computational elements. Unlike the model approach, general logical apparatus such as cutelimination or automated deduction becomes directly applicable as tools for defining, analyzing, and animating computations. Indeed, we can identify two main aspects of logical specifications that have been very fruitful:
Proof normalization, which treats the state of a computation as a proof term and computation as normalization of the proof terms. General reduction principles such as reduction or cutelimination are merely particular forms of proof normalization. Functional programming is based on normalization , and normalization in different logics can justify the design of new and different functional programming languages .
Proof search, which views the state of a computation as a a structured collection of formulas, known as a sequent, and proof search in a suitable sequent calculus as encoding the dynamics of the computation. Logic programming is based on proof search , and different proof search strategies can be used to justify the design of new and different logic programming languages .
While the distinction between these two aspects is somewhat informal, it helps to identify and classify different concerns that arise in computational semantics. For instance, confluence and termination of reductions are crucial considerations for normalization, while unification and strategies are important for search. A key challenge of computational logic is to find means of uniting or reorganizing these apparently disjoint concerns.
An important organizational principle is structural proof theory, that is, the study of proofs as syntactic, algebraic and combinatorial objects. Formal proofs often have equivalences in their syntactic representations, leading to an important research question about canonicityin proofs – when are two proofs “essentially the same?” The syntactic equivalences can be used ro derive normal forms for proofs that illuminate not only the proofs of a given formula, but also its entire proof search space. The celebrated focusingtheorem of Andreoli identifies one such normal form for derivations in the sequent calculus that has many important consequences both for search and for computation. The combinatorial structure of proofs can be further explored with the use of deep inference; in particular, deep inference allows access to simple and manifestly correct cutelimination procedures with precise complexity bounds.
Type theory is another important organizational principle, but most popular type systems are generally designed for either search or for normalization. To give some examples, the Coq system that implements the Calculus of Inductive Constructions (CIC) is designed to facilitate the expression of computational features of proofs directly as executable functional programs, but general proof search techniques for Coq are rather primitive. In contrast, the Twelf system that is based on the LF type theory (a subsystem of the CIC), is based on relational specifications in canonical form ( i.e., without redexes) for which there are sophisticated automated reasoning systems such as metatheoretic analysis tools, logic programming engines, and inductive theorem provers. In recent years, there has been a push towards combining search and normalization in the same typetheoretic framework. The Beluga system , for example, is an extension of the LF type theory with a purely computational metaframework where operations on inductively defined LF objects can be expressed as functional programs.
The Parsifal team investigates both the search and the normalization aspects of computational specifications using the concepts, results, and insights from proof theory and type theory.
Focusing
is a general observation that
proofs in sequent calculi can be organized into an
alternating pair of dual
phases– negative (sometimes called
asynchronous) and positive (sometimes called
synchronous). Each phase consists of a maximal chain
of inferences of the the same
polarity,
i.e., the phases represent
synthetic,
macro, or
“big step”inference rules for clumps of connectives of
the same polarity. For example, focusing tells us that the
top level connective in the formula
A(
BC), assuming
A,
Band
Care negative, is the ternary connective

(
)instead of the composition of two
binary connectives; in particular,
BCneed not even be considered as a subformula. Indeed,
focusing has proven to be crucial in controlling the search
behavior of automated theorem provers
,
.
Focusing is very important for logical specifications of computations because synthetic inference rules have a direct correspondence with computational steps. When a system is encoded logically, we can identify at least three levels of adequacyof the encoding:
Global adequacy, wherein the encoding does not necessarily respect the structure of the computation, but where soundness is ensured globally. For instance, an encoding of one proof system in another is globally adequate if it preserves truth and provability.
Full adequacy, where the structure of the entire computation is preserved. For encodings of proof systems, full adequacy corresponds to a onetoone correspondence between full proofs in the source and the target of the encoding.
Local adequacy, where the structure of individual steps of a computation is preserved, i.e., the encoding is a bisimulation. An encoding of a proof system is locally adequate if the encoding preserves the individual inference rules of the proof system.
Locally adequate encodings give the best indication of the strength and generality of proof systems, but in all but the most trivial cases such encodings only exist if the target of the encoding is a focused proof system. The members of the Parsifal team have identified and proved a number of adequacy results in recent years , , , .
Focusing is therefore an important tool in the study of universalityof proof systems. We already know that linear logic can serve as a uniform metalanguage for a number of proof systems, both classical and intuitionistic, but these encoded systems generally are not able to communicate with each other. Liang and Miller have been building proof systems for combinations of classical, intuitionistic, and linear logics that allows proofs in these different systems to communicate via carefully chosen cuts.
A long term project of members of the Parsifal team has been the design of a powerful logic to reason about computational specifications written in logic. Coming up with the design of a logic that allows reasoning richly over relational specifications involving bindings in syntax has been a long standing problem, dating from at least the early papers by McDowell and Miller . In 2010, Gacek, Miller, and Nadathur (a colleague from the University of Minnesota) have completed the design the the logic that extends earlier work on this topic by including a novel generalization to syntactic identity. This extensions involved adding the “nominal abstraction” operator. With the addition of this predicate the resulting logic gained enough expressive power to allow for natural and declarative descriptions of invariants over logicbased context.
The presence of nominal abstraction in makes it possible for that logic to express predicates that strongly resemble those found in Pitt's “nominal logic” . While and nominal logic different in several ways, it is possible to find an interesting subset of both logics that do, in fact, correspond directly. In particular, Gacek showed that Prolog (a subset of nominal logic) can be directly translated into subset of .
The logic is the logic that is implemented by the Abella prover of Andrew Gacek. This implementation has permitted a large number of example theorems and proofs to be done completely formally within . As a result, we have gained a great deal of confidence in the expressive strengths of his logic.
Deep inference , is a novel methodology for presenting deductive systems. Unlike traditional formalisms like the sequent calculus, it allows rewriting of formulas deep inside arbitrary contexts. The new freedom for designing inference rules creates a richer proof theory. For example, for systems using deep inference, we have a greater variety of normal forms for proofs than in sequent calculus or natural deduction systems. Another advantage of deep inference systems is the close relationship to categorical proof theory. Due to the deep inference design one can directly read off the morphism from the derivations. There is no need for a counterintuitive translation.
One reason for using categories in proof theory is to give a precise algebraic meaning to the identity of proofs: two proofs are the same if and only if they give rise to the same morphism in the category. Finding the right axioms for the identity of proofs for classical propositional logic has for long been thought to be impossible, due to “Joyal's Paradox”. For the same reasons, it was believed for a long time that it it not possible to have proof nets for classical logic. Nonetheless, Lutz Strassburger and François Lamarche provided proof nets for classical logic in , and analyzed the category theory behind them in . In and , one can find a deeper analysis of the category theoretical axioms for proof identification in classical logic. Particular focus is on the socalled medial rulewhich plays a central role in the deep inference deductive system for classical logic.
The following research problems are investigated by members of the Parsifal team:
Find deep inference system for richer logics. This is necessary for making the proof theoretic results of deep inference accessible to applications as they are described in the previous sections of this report.
Investigate the possibility of focusing proofs in deep inference. As described before, focusing is a way to reduce the nondeterminism in proof search. However, it is well investigated only for the sequent calculus. In order to apply deep inference in proof search, we need to develop a theory of focusing for deep inference.
Use the results on deep inference to find new axiomatic description of categories of proofs for various logics. So far, this is well understood only for linear and intuitionistic logics. Already for classical logic there is no common accepted notion of proof category. How logics like LINC can be given a categorical axiomatisation is completely open.
Proof nets and atomic flows are abstract (graphlike) presentations of proofs such that all "trivial rule permutations" are quotiented away. Ideally the notion of proof net should be independent from any syntactic formalism. But due to the almost absolute monopoly of the sequent calculus, most notions of proof nets proposed in the past were formulated in terms of their relation to the sequent calculus. Consequently we could observe features like “boxes” and explicit “contraction links”. The latter appeared not only in Girard's proof nets for linear logic but also in Robinson's proof nets for classical logic. In this kind of proof nets every link in the net corresponds to a rule application in the sequent calculus.
The concept of deep inference allows to design entirely new kinds of proof nets. The work by Lamarche and Strassburger , have extended the theory of proof nets for multiplicative linear logic to multiplicative linear logic with units. This seemingly small step—just adding the units—had for long been an open problem, and the solution was found only by consequently exploiting the new insights coming from deep inference. A proof net no longer just mimics the sequent calculus proof tree, but rather an additional graph structure that is put on top of the formula tree (or sequent forest) of the conclusion. The work on proof nets within the team is focused on the following two directions:
Extend the work of Lamarche and Strassburger to larger fragments of linear logic, containing the additives, the exponentials, and the quantifiers, as started in .
Finding (for classical logic) a notion of proof nets that is deductive, i.e., can effectively be used for doing proof search. An important property of deductive proof nets must be that the correctness can be checked in linear time. For the classical logic proof nets by Lamarche and Strassburger this takes exponential time (in the size of the net). We hope that eventually deductive proof nets will provide a “bureaucracyfree” formalism for proof search.
Studying the normalization of proofs in classical logic using atomic flows. Although there is no correctness criterion they allow to simplify the normalization procedure for proofs in deep inference, and additionally allow to get new insights in the complexity of the normalization.
One of the main problems of proof theory is to prove cut elimination for new logics. Usually, a cut elimination proof is a tedious case analysis, and, in general, it is very fragile and not modular . That means that a minor change in the deductive system makes the cut elimination proof break down, and for every new system one has to start from scratch.
It is therefore an important research task, to find a more systematic approach to cut elimination proofs. That is to say, to find general guidelines that ensure the cut elimination property for large classes of systems, in a similar way as it has been done for display logics .
Crossfertilizing ideas between the proof search approach
and the proof normalization approach, Lengrand has interacted
with the TypiCal (INRIA Saclay) and the
r^{2}(INRIA Rocquencourt) projectteams.
In proof assistants based on the proof normalization approach, or Type Theory, it is a hard challenge to design and understand their proof search mechanisms. Based on ideas from , a major effort has been spent on using concepts from the proof search approach, like focused proof systems, in order to rationalize the implemented mechanisms.
By doing so, we have helped improve the Coq system, by impacting the design of the new version of the tool's proof engine. One of these proof search mechanisms, known as pattern unification, has again become a hot topic of Coq's design, after Lengrand's use of Coq to specify a particular algorithm has revealed a drastic need for this missing feature.
It also emerged from Lengrand's interaction with these projectteams, that bridging Type Theory with the proof theory developed at Parsifal confirms the need for more extensionality on the functions programmed in Coq. Efforts to add such extensionality are ongoing.
Automated theorem proving has traditionally focused on classical firstorder logic, but nonclassical logics are increasingly becoming important in the specification and analysis of software. Most type systems are based on (possibly secondorder) propositional intuitionistic logic, for example, while resourcesensitive and concurrent systems are most naturally expressed in linear logic.
The members of the Parsifal team have a strong expertise in the design and implementation of performant automated reasoning systems for such nonclassical logics. In particular, the Linprover suite of provers continue to be the fastest automated theorem provers for propositional and firstorder linear logic.
Any nontrivial specification, of course, will involve theorems that are simply too complicated to prove automatically. It is therefore important to design semiautomated systems that allow the user to give high level guidance, while at the same time not having to write every detail of the formal proofs. High level proof languages in fact serve a dual function – they are more readily comprehended by human readers, and they tend to be more robust with respect to maintenance and continued evolution of the systems. Members of the Parsifal team, in association with other INRIA teams and Microsoft Research, have been building a heterogeneous semiautomatic proof system for verifying distributed algorithms (see Section. ).
On a more foundational level, the team has been developing many new insights into the structure of proofs and the proof searh spaces. Two directions, in particular, present tantalizing possibilities:
The concept of multifocusing can be used to expose concurrency in computational behavior, which can in turn be exploited to prune areas of the proof search space that explore irrelevant interleavings of concurrent actions.
The use of bounded search, where the bounds can be shown to be complete by metatheoretic analysis, can be used to circumvent much of the nondeterminism inherent in resourcesensitive logics such as linear logic. The lack of proofs of a certain bound can then be used to justify the presence or absence of properties of the encoded computations.
Much of the theoretical work on automated reasoning has been motivated by examples and implementations, and the Parsifal team intends to continue to devote significant effort in these directions.
There has been increasing interest in the use of formal methods to provide proofs of properties of programs and programming languages. Tony Hoare's Grand Challenge titled “Verified Software: Theories, Tools, Experiments” has as a goal the construction of “verifying compilers” for a world where programs would only be produced with machineverified guarantees of adherence to specified behavior. Guarantees could be given in a number of ways: proof certificates being one possibility.
The Parsifal team has developed several tools and techniques for reasoning about the metatheory of programming languages. One of the most important requirements for progamming languages is the ability to reason about data structures with binding constructs upto equivalence. The use of higherorder syntax and nominal techniques for such data structures was pioneered by Miller, Nadathur and Tiu. The Abella system (see Section. ) implements a refinement of a number of these ideas and has been used to give full solutions to sections of the POPLMark challenge in addition to fully formal proofs of a number of other theorems in the metatheory of the calculus.
Another important feature for the metatheory of progamming languages is the ability to reason about inductive and coinductive data structures and algorithms. While systems such as Coq can represent such inductive proofs as fixpoints, there is only very primitive support for general automated reasoning over inductive definitions. The Tac system built in the Parsifal team has been used to investigate automated inductive theorem proving from a more foundational perspective. Tac can already perform a number of sophisticated inductive proofs automatically.
Modern programming languages are increasingly incorporating distributed, concurrent, reactive, and realtime elements. In such languages, it is often necessary to reason not about executions but about behaviors, that is, it is necessary to compare the behavior of two different programs instead of characterizing all executions of a single program. The Bedwyr tool built at Parsifal is a symbolic model checker that can automatically prove behavioral equivalence between calculus processes. It is a prototype of the kind of formal tools that will be necessary for the programming languages of the future.
One of the benefits of focused proof systems (see Section. ) is the ability to treat computational steps as single synthetic rules. If the computational steps belong to a particular proof search strategy, then it becomes possible to represent, precisely, the traces of that strategy as synthetic proofs.
Recently, members of the Parsifal team have shown how to specify a large variety of proof systems—including natural deduction, the sequent calculus, and various tableau and free deduction systems—uniformly using either focused linear logic , or focused intuitionistic logic as the metalanguage. In the presence of induction and coinduction, arbitrary finite computations can be embedded into single synthetic steps .
It seems clear that a suitably general focused proof system can serve as a universal proof language for a large variety of proof systems. We can identify at least the following major challenges:
Can focused proof systems serve as a framework for broad spectrum proof certificates for such domains as proofcarrying code or proofcarrying authorization?
Can one design a proof language based on focused proofs that allows for a variable amount of verbosity in terms of a tunable trade off between simplicity of the proof checker (or, equivalently, the amount of search that the proof checker is allowed to perform) and the size of proof certificates?
Can one design a generic universal proof checker for a large variety of proof systems?
How does (co)induction in a focused proof system compare to type systems such as Deduction Modulo or Superdeduction that are parameterized on rewrite systems?
The earliest versions of the Abella theorem prover was written while Gacek was a PhD student at the University of Minnesota. During Gacek's post doc in the Parsifal team, he and Miller have designed and implemented more features into this prover. One such feature involves simplifying dependences among variables. More explicitly, for Abella to correctly capture the relationship between “metavariables” and binding, the prover takes several raisingsteps that are responsible for explicitly accounting for the dependence between these two kinds of variables. Given the typing discipline of Abella it is possible to statically determine that certain possible dependences are, in fact, vacuous. Abella is now able to remove these vacuous dependences: such a simplification makes it possible to make simplify many Abella proofs. Gacek, Miller, and Nadathur have also published two papers describing the underlying theory of Abella.
For more information, see the Abella home page.
Given the team's expertise with the structure of proofs and techniques for automation, we have taken on the implementation of the TAC prover. This prover, written in OCaml, has been used to prove a range of inductive theorems in a completely automatic fashion. The architecture, which is the subject of the conference paper , is based on recent work by the team on the structure of focused proofs for induction and coinduction. A goal of this prover is to completely automate a large number of shallow theorems within an inductive and coinductive setting: proofs of more significant theorems would then be organized as being simple lists of lemmas. While the automatic tactic of this prover will not likely prove particularly hard and deep theorems, the evidence we have gathered so far is that it is useful for automatically proving a great number of routine and shallow (but possibly tedious) theorems.
For more information, see the Tac home page.
The TLAPS is based on translation of a high level proof language into proof obligations for various backend reasoning systems, which include both off the shelf automated reasoning systems (theorem provers, SMT solvers, etc.) and systems that have been particularly engineered for the TLA language. The backend systems may produce proofs that are then formally checked in Isabelle/TLA +, an axiomatization of TLA in the Isabelle proof system. Some backend systems, such as decision procedures for arithmetic, do not currently produce proofs.
Also in 2010, the TLAPS was integrated into the TLA Toolbox, an integrated development environment (IDE) for many TLArelated tools, including the TLC model checker. The next public release will include support for reasoning about liveness, which will involve implementing a new temporal reasoning framework.
For more information, see the TLAPS home page.
In a joint work with Alessio Guglielmi (University of Bath), Tom Gundersen and Lutz Strassburger have given a novel method for normalizing proofs in classical logic, which is based on atomic flows. These are purely graphical devices that abstract away from much of the typical bureaucracy of proofs. We make crucial use of the path breaker, an atomicflow construction that avoids some unpleasant termination problems, and that can be used in any proof system with sufficient symmetry. We also give an original 2dimensionaldiagram exposition of atomic flows, which helps us to connect atomic flows with other known formalisms. This work has been published in LICS 2010 .
Nicolas Guenot and Lutz Strassburger have been working on extending the CurryHoward correspondence to the notion of deep inference. The result is a deductive system for intuitionistic logic within deep inference, together with a cut elimination procedure on one side, and a term calculus on the other side. The terms are a variation of lambda terms, and the normalization can simulate betareduction, and the rewrite rules are in onetoone correspondence to cut elimination reduction rules in the deductive system.
Subexponential logics are a family of refinements of classical logic that are each parameterized by a collection of subexponentialconnectives arranged in a (pre)order. Although the concept is quite old, Miller and Nigam have shown in 2009 that focused derivations in subexponential logics can adequately capture computations in a programming language consisting of loops, iteration, and loads and stores in locations. More generally, Miller has argued that subexponential logics have the potential to be the building blocks of future specification languages for logical and computational systems .
Chaudhuri has shown that the classical and intuitionistic dialects of polarized subexponential logics have the same expressive power, in the sense that partial derivations of sequents in one dialect are in onetoone correspondence with the partial derivations of the encoding of the sequents in the other dialect. This result generalizes several known adequacy theorems between particular subexponential logics, and gives a new adequacy result for encodings of intuitionistic logic in classical linear logic. This result was published in CSL 2010 .
It is well known that the polarityof the atomic propositions in linear logic is ambiguous – each atom may be assigneda polarity arbitrarily without destroying the completeness of focused derivations. If the atoms are assigned their polarity statically, that is, before proof search, then it is possible to obtain either forward chaining (also known as programdirected reasoning) or backward chaining (also known as goaldirected reasoning) semantics for logic programs based on the chosen assignments. However, it is not apparently possible to get the intersection of these two strategies with purely static assignments. Chaudhuri has shown that delaying the assignment of atomic polarities until the proof search context can justify a particular assignment can produce such a combined strategy. This dynamic assignment strategy enjoys all the benefits of forward chaining (locality, sharing, concurrency), but terminates and gives the same set of answers as backward chaining on terminating programs. Indeed, we obtain the same semantics as the socalled magic sets transformationof logic programs that is based on rewriting the original program and queries, but, since polarity assignment only constrains the proofs and does not alter the programs, we avoid the noncompositional overhead of program transformation. This work was published in LPAR 2010 .
The TLA +Proof System (TLAPS), developed at the INRIAMSR joint centre in association with a number of other INRIA teams, was released publicly. Chaudhuri designed and implemented the proof managercomponent of the tool that interprets high level TLA +proofs and delegates subproblems to various backend verifiers. The TLAPS was described in a paper published in IJCAR 2010 and its construction was elaborated and demonstrated further in an invited talk (given by Merz) at ICTAC 2010 . Merz has also demonstrated the TLAPS at a tutorial during IFM 2010.
One of the goals of this project was to give fully formalized correctness proofs of well known distributed algorithms such as Lamport's Bakery Algorithm for distributed mutual exclusion and the Paxos algorithm for distributed consensus. In 2009, the safety part of the correctness of the Bakery algorithm was successfully proved; this proof, initially several thousands of lines long, has been used as a benchmark for further development of the TLAPS and has now shrunk to less than 100 lines after improvements to backend reasoning; in the near future, we will be able to eliminate essentially the entire proof by using a new SMT backend, now in development.
In 2010, significant progress has also been made in proving a number of Paxos algorithms correct, including a novel unpublished version of Paxos that is Byzantine fault tolerant.
New complexity results have emerged from the study, in the framework of nonidempotent type systems, of how lambdacalculi manage resources.
It is wellknown that strongly normalising terms of the
calculus can be characterized by a type system using
intersections. A term is of type
ABif it is both of type
Aand type
B.
Intersections are usually considered idempotent in that
AA=
A. But recent studies have
suggested that dropping this property would enrich types with
quantitative information.
The first result is a refinement, with quantitative information, of the characterisation of strongly normalising terms : the relevant complexity measure here terms is the worstcase complexity (the length of longest reduction sequences). This quantitative information can now be read directly from typing trees. This result is accepted for publication at the FOSSACS'2011 conference .
This unveiled a tight connection between nonidempotent intersections and the way data are erased and duplicated in calculus, suggesting a move to the framework with explicit substitutions. These allow a finergrained control of erasure and duplication in calculus. The second result is a lift of the first one to the explicit substitution framework, where our analysis of resource management becomes finergrained and more interesting.
The third result is a new set of semantical tools for calculi, based on filters and orthogonality techniques. These tools simplify previously known proofs of strong normalisation for traditional typing systems like System F. terms typable in System F are strongly normalising and therefore typable with intersection types. In other words, the infinite polymorphism given by System F is in practice always reduced to the finite polymorphism given by intersection types. Our tools explain how.
This line of research pertains to the ANRproject PSI (described below).
Inspired by techniques from SATmodulotheory, we have designed a focused sequent calculus that can interact with theoryspecific decision procedures. Such a procedure is assumed to be able to decide the consistency, with respect to a particular theory, of conjunctions of atomic propositions (with free variables) written in the theory's syntax.
Our sequent calculus organises an interplay between a syntactic equality and a semantical / theorybased equality. It is modular over the theories considered and the decision procedures pluggedin.
We conjecture that the instance of our modular sequent calculus with the procedure known as Congruence Closure is sound and complete with respect to classical logic with Leibniz's equality.
We have a candidate system for making this sequent calculus suitable for proofsearch using metavariables and syntactic unification, whose cohabitation with theories is difficult (and is therefore absent from SATmodulotheory solvers).
In previous work, Joëlle Despeyroux and Kaustuv Chaudhuri have given an encoding of the synchronous stochastic calculus in a hybrid extension of intuitionistic linear logic (called HyLL). Precisely, they have shown that focused partial sequent derivations in the encoding are in bijection with stochastic traces. The modal worlds are used to represent the rates of stochastic interactions, and the connectives of hybrid logic are used to represent the constraints in the stochastic transition rules. These results were presented in an extended report, available from HAL .
One of the most successful applications of the stochastic calculus has been in representing signal transduction networks in cellular biology. An interesting application of this work would therefore be the direct representations of biological processes in HyLL, the original motivation for this line of investigation. Furthermore, other stochastic systems can, at least in principle, be similarly encoded in HyLL, giving us the linguistic ability to compare and combine systems represented using different stochastic formalisms.
This year, a new definition of the stochastic constraints part of the logic was given. While the new definition is more general than the previous one, it is still not yet satisfactory; More work is needed to provide hyll with the expressiveness of the traditional temporal logic used to reason on biological computations.
The ANRproject Blanc titled “INFER: Theory and Application of Deep Inference” that is coordinated by Lutz Straßburger has been accepted in September 2006. Besides Parsifal, the teams associated with this effort are represented by François Lamarche (INRIALoria) and Michel Parigot (CNRSPPS). Among the list of theoretical problems there is the fundamental need for a theory of correct identification of proofs, and its corollary, the development of a really general and flexible approach to proof nets. A closely related problem is the extension of the CurryHoward isomorphism to these new representations. Among the list of more practical problems to be consider is the question of strategy and complexity in proof search, in particular for higher order systems. These questions are intimately related to how proofs themselves are formulated in these systems. Given their common grounding in rewriting theory, the proposal plans to deepen the relationship between deep inference and well established techniques like deduction modulo and unification for quantifiers. The proposal also plans to explore the formulation and use of more “exotic” logical systems, for example, noncommutative logics, that have interesting applications, such as in linguistics and quantum computing.
Stephane Lengrand is the scientific leader of the ANRproject Jeunes chercheurs entitled “Proof Search control in Interaction with domainspecific methods”, which started in September 2009. Other founding members are among the INRIA projectteam “TypiCal” : G. Faure and A. Mahboubi. Since the project started, a Ph.D. student has joined the project's research effort, and another one (Mahfuza Farooque) has been recruited on the project's funds for three years, starting on 1 October 2010. A oneyear postdoc position, funded by the project, has been offered to a candidate who should be joining the team in 2011. The project aims at organising the interaction between generic proofsearch techniques as developed at Parsifal with decision procedures for specific theories. The project has set up a regular workgroup with experts on SATmodulotheory and developers of the AltErgo solver at the INRIA projectteam “Proval”. Importing techniques from SATmodulotheory (or automated reasoning) to a framework where proof objects are being dynamically constructed by proofsearch is the desired objective of this collaboration for the PSIproject. This objective converges with theirs in their efforts to extend the capabilities of the AltErgo solver.
The ANR Blanc titled “CPP: Confidence, Proofs, and Probabilities” has started 1 October 2009. This grant brings together the following institutions and individuals: LSV (Jean GoubaultLarrecq), CEA LIST (Eric Goubault, Olivier Bouissou, and Sylvie Putot), INRIA Saclay (Catuscia Palamidessi, Dale Miller, and Stephane Gaubert), Supelec L2S (Michel Kieffer and Eric Walter), and Supelec SSE (Gilles Fleury and Daniel Poulton). This project proposes to study the joint use of probabilistic and formal (deterministic) semantics and analysis methods, in a way to improve the applicability and precision of static analysis methods on numerical programs. The specific longterm focus is on control programs, e.g., PID (proportionalintegralderivative) controllers or possibly more sophisticated controllers, which are heavy users of floatingpoint arithmetic and present challenges of their own. To this end, we shall benefit from case studies and counsel from HispanoSuiza and Dassault Aviation, who will participate in this project, but preferred to remain formally nonmembers, for administrative reasons.
The ANR Blanc titled “Panda: Parallelism and Distribution Analysis” has started 1 October 2009. This project brings together researchers from INRIA Saclay (Comète and Parsifal), CEA LIST, MeASI as well labs in Paris (LIPN, PPS, LSV, LIP, LAMA), and on the Mediterranean (LIF, IML, Airbus). Scientifically, this proposal deals with the validation of concurrent and distributed programs, which is difficult because the number of its accessible states is too large to be enumerated, and even the number of control points, on which any abstract collecting semantics is based, explodes. This is due to the great number of distinct scheduling of actions in legal executions. This adds up to the important size of the codes, which, because they are less critical, are more often bigger. The objective of this project is to develop theories and tools for tackling this combinatorial explosion, in order to validate concurrent and distributed programs by static analysis, in an efficient manner. Our primary interest lies in multithreaded shared memory systems. But we want to consider a number of other paradigms of computations, encompassing most of the classical ones (messagepassing for instance as in POSIX or VXWORKS) as well as more recent ones.
Structural is an ANRFWF project submitted to the “Programme Blanc International Annexe projets francoautrichiens.” This project, which involves Parsifal, the University of Paris 7, and the University of Vienna, was accepted in December 2010 and will start in 2011.
The REDO project is an INRIA funded ARC between INRIA Nancy Grand Est, the University of Bath, and INRIA Saclay – ÎledeFrance. It started in January 2009 and lasts 2 years. Coordinator is Lutz Straßburger.
Slimmer stands for Sophisticated logic implementations for modeling and mechanical reasoningis an “Equipe Associée” with seed money from INRIA. This project is initially designed to bring together the Parsifal personnel and Gopalan Nadathur's Teyjus team at the University of Minnesota (USA). Separate NSF funding for this effort has also been awards to the University of Minnesota. We are planning to expand the scope of this project to include other French and nonFrench sites, in particular, Alwen Tiu (Australian National University), Elaine Pimentel (Universidade Federal de Minas Gerais, Brazil) and Brigitte Pientka (McGill University, Canada).
Dale Miller has served on the following programme committees:
LPAR17: 17th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning, Yogyakarta, Indonesia, 11–15 October
IFIPTCS 2010: International Conference on Theoretical Computer Science, part of the World Computer Congress in Brisbane, Australia, 20–23 September
Workshop on Proof Systems for Program Logics, FLoC 2010, Edinburgh, United Kingdom, 10 July
Workshop on Logics for Agents and Mobility, FLoC 2010, Edinburgh, United Kingdom, 15 July
Workshop on ProofSearch in Type Theories, FLoC 2010, Edinburgh, United Kingdom, 15 July
Workshop on Programming Languages for Mechanized Mathematics Systems (PLMMS), 5 July
He also serves on the editorial board of the following journals:
ACM Transactions on Computational Logic (ToCL). EditorinChief since 1 June 2009; Area editor for Proof Theory since 1999
Journal of Automated Reasoning, published by Springer. Member of Editorial Board since 2010
Journal of Applied Logic, published by Elsevier. Area editor for “Type Theory for Theorem Proving Systems” since 2003
Journal of Logic and Computation, published by Oxford University Press. Associate editor since 1989
Journal of Functional and Logic Programming, published by European Association for Programming Languages and Systems (EAPLS). Permanent member of the Editorial Board. 1996–2010
His other professional duties include:
Member of the “comité d'enseignement et recherche du Département d'Informatique de l'École Polytechnique (DIX)”, from October 2010
Member of the “comité de sélection sur le poste 27PR90 `Logique et vérification”' at Rennes 1, May 2010.
Member of the “comité de programmes”, Digiteo, during 2010
Stéphane Lengrand has served on the following programme committees:
LICS25: TwentyFifth Annual IEEE Symposium on Logic In Computer Science (LICS 2010), Edinburgh, United Kingdom, 11–14 July
Workshop on ProofSearch in Type Theories, FLoC 2010, Edinburgh, United Kingdom, 15 July
Workshop on Classical Logic and Computation, colocated with MFCS'2010 and CSL'2010, Brno, Czech Republic, 21–22 August
Lutz Straßburger organized the third REDO meeting in Bath, UK, 14–16 September
Kaustuv Chaudhuri serves on the “commission développement technologique (CDT)” for INRIA Saclay – ÎledeFrance since February 2010
Parsifal has also hosted the following short term scientific visitors:
Murdoch J. Gabbay, Lecturer, HeriottWatt University, Edinburgh, United Kingdom, 2–5 January & 4–9 October & 2731 October & 11–18 November & 22–28 December,
Dan R. Ghica, Senior Lecturer, University of Birmingham, United Kingdom, 14–25 November
Chuck Liang, Associate Professor, Hofstra University, NY, USA, 22 June – 2 July & 9–18 December
Gopalan Nadathur, Professor, University of Minnesota, MN, USA, 17–30 May and 3–9 December 2010.
Dale Miller taught 12 hours at MPRI (Master Parisien de Recherche en Informatique) in the Course 21: Logique linéaire et paradigmes logiques du calcul.
Dale Miller taught 10 hours in a graduate course at the University of Milan for one week in March 2010.
Lutz Straßburger taught a course Introduction to Proof Theoryat ESSLLI 2010 in Copenhagen in August 2010.