The PAREO team aims at designing and implementing tools for the specification, analysis and verification of software and systems. At the heart of our project is therefore the will to study fundamental aspects of programming languages (logic, semantics, algorithmics, etc.) and to make major contributions to the design of new programming languages. An important part of our research effort will be dedicated to the design of new fundamental concepts and tools to analyze existing programs and systems. To achieve this goal we focus on:

the improvement of theoretical foundations of rewriting and deduction;

the integration of the corresponding formal methods in programming and verification environments;

the practical applications of the proposed formalisms.

It is a common claim that rewriting is ubiquitous in computer science and mathematical logic. And indeed the rewriting concept appears from very theoretical settings to very practical implementations. Some extreme examples are the mail system under Unix that uses rules in order to rewrite mail addresses in canonical forms and the transition rules describing the behaviors of tree automata. Rewriting is used in semantics in order to describe the meaning of programming languages as well as in program transformations like, for example, re-engineering of Cobol programs . It is used in order to compute, implicitly or explicitly as in Mathematica or MuPAD, but also to perform deduction when describing by inference rules a logic , a theorem prover or a constraint solver . It is of course central in systems making the notion of rule an explicit and first class object, like expert systems, programming languages based on equational logic, algebraic specifications, functional programming and transition systems.

In this context, the study of the theoretical foundations of rewriting have to be continued and effective rewrite based tools should be developed. The extensions of first-order rewriting with higher-order and higher-dimension features are hot topics and these research directions naturally encompass the study of the rewriting calculus, of polygraphs and of their interaction. The usefulness of these concepts becomes more clear when they are implemented and a considerable effort is thus put nowadays in the development of expressive and efficient rewrite based programming languages.

Programming languages are formalisms used to describe programs, applications, or software which aim to be executed on a given hardware. In principle, any Turing complete language is sufficient to describe the computations we want to perform. However, in practice the choice of the programming language is important because it helps to be effective and to improve the quality of the software. For instance, a web application is rarely developed using a Turing machine or assembly language. By choosing an adequate formalism, it becomes easier to reason about the program, to analyze, certify, transform, optimize, or compile it. The choice of the programming language also has an impact on the quality of the software. By providing high-level constructs as well as static verifications, like typing, we can have an impact on the software design, allowing more expressiveness, more modularity, and a better reuse of code. This also improves the productivity of the programmer, and contributes to reducing the presence of errors.

The quality of a programming language depends on two main
factors. First, the *intrinsic design*, which describes the
programming model, the data model, the features provided by the
language, as well as the semantics of the constructs. The second
factor is the programmer and the application which is targeted. A
language is not necessarily good for a given application if the
concepts of the application domain cannot be easily
manipulated. Similarly, it may not be good for a given person if the
constructs provided by the language are not correctly understood by
the programmer.

In the *Pareo* group we target a population of programmers interested
in improving the long-term maintainability and the quality of their
software, as well as their efficiency in implementing complex
algorithms. Our privileged domain of application is large since it
concerns the development of *transformations*. This ranges from
the transformation of textual or structured documents such as XML,
to the analysis and the transformation of programs and models. This
also includes the development of tools such as theorem provers,
proof assistants, or model checkers, where the transformations of
proofs and the transitions between states play a crucial role.
In that context, the *expressiveness* of the programming
language is important. Indeed, complex encodings into low level data
structures should be avoided, in contrast to high level notions such
as abstract types and transformation rules that should be provided.

It is now well established that the notions of *term*
and *rewrite rule* are two universal abstractions well suited
to model tree based data types and the transformations that can be
done upon them. Over the last ten years we have developed a strong
experience in designing and programming with rule based
languages , , .
We have introduced and studied the notion of
*strategy* , which is a way to
control how the rules should be applied. This provides the
separation which is essential to isolate the logic and to make the
rules reusable in different contexts.

To improve the quality of programs, it is also essential to have a
clear description of their intended behaviors. For that, the
*semantics* of the programming language should be formally
specified.

There is still a lot of progress to be done in these directions. In particular, rule based programming can be made even more expressive by extending the existing matching algorithms to context-matching or to new data structures such as graphs or polygraphs. New algorithms and implementation techniques have to be found to improve the efficiency and make the rule based programming approach effective on large problems. Separating the rules from the control is very important. This is done by introducing a language for describing strategies. We still have to invent new formalisms and new strategy primitives which are both expressive enough and theoretically well grounded. A challenge is to find a good strategy language we can reason about, to prove termination properties for instance.

On the static analysis side, new formalized typing algorithms are needed to properly integrate rule based programming into already existing host languages such as Java. The notion of traversal strategy merits to be better studied in order to become more flexible and still provide a guarantee that the result of a transformation is correctly typed.

The huge diversity of the rewriting concept is obvious and when one wants to focus on the underlying notions, it becomes quickly clear that several technical points should be settled. For example, what kind of objects are rewritten? Terms, graphs, strings, sets, multisets, others? Once we have established this, what is a rewrite rule? What is a left-hand side, a right-hand side, a condition, a context? And then, what is the effect of a rule application? This leads immediately to defining more technical concepts like variables in bound or free situations, substitutions and substitution application, matching, replacement; all notions being specific to the kind of objects that have to be rewritten. Once this is solved one has to understand the meaning of the application of a set of rules on (classes of) objects. And last but not least, depending on the intended use of rewriting, one would like to define an induced relation, or a logic, or a calculus.

In this very general picture, we have introduced a calculus whose main
design concept is to make all the basic ingredients of rewriting
explicit objects, in particular the notions of rule
*application* and *result*. We concentrate on
*term* rewriting, we introduce a very general notion of rewrite
rule and we make the rule application and result explicit
concepts. These are the basic ingredients of the *rewriting-*
or * $\rho $-*calculus whose originality comes from the fact that terms, rules, rule
application and application strategies are all treated
at the object level (a rule can be applied on a rule for instance).

The

The study of the rewriting calculus turns out to be extremely
successful in terms of fundamental results and of
applications .
Different instances of this calculus together with their corresponding
type systems have been proposed and studied. The expressive power of
this calculus was illustrated by comparing it with similar formalisms
and in particular by giving a typed encoding of standard strategies
used in first-order rewriting and classical rewrite based languages
like *ELAN* and *Tom*.

Beside the theoretical transfer that can be performed via the
cooperations or the scientific publications, an important part of
the research done in the *Pareo* group team is published within
software. *Tom* is our flagship implementation. It is available
via the Inria Gforge (http://

Teaching: when (for good or bad reasons) functional
programming is not taught nor used, *Tom* is an interesting
alternative to exemplify the notions of abstract data type and
pattern-matching in a Java object oriented course.

Software quality: it is now well established that
functional languages such as Caml are very successful to produce
high-assurance software as well as tools used for software
certification. In the same vein, *Tom* is very well suited to
develop, in Java, tools such as provers, model checkers, or static
analyzers.

Symbolic transformation: the use of formal anchors makes
possible the transformation of low-level data structures such as C
structures or arrays, using a high-level formalism, namely pattern
matching, including associative matching. *Tom* is therefore a
natural choice each time a symbolic transformation has to be
implemented in C or Java for instance. *Tom* has been
successfully used to implement the Rodin simplifier, for the B
formal method.

Prototyping: by providing abstract data types, private
types, pattern matching, rules and strategies, *Tom* allows the
development of quite complex prototypes in a short time. When
using Java as the host-language, the full runtime library can be
used. Combined with the constructs provided by *Tom*, such as
strategies, this procures a tremendous advantage.

One of the most successful transfer is certainly the use of *Tom*
made by Business Objects/SAP. Indeed, after benchmarking several other
rule based languages, they decided to choose *Tom* to implement a
part of their software.
*Tom* is used in Paris, Toulouse and Vancouver. The standard
representation provided by *Tom* is used as an exchange format by the
teams of these sites.

ATerm (short for Annotated Term) is an abstract data type designed for the exchange of tree-like data structures between distributed applications.

The ATerm library forms a comprehensive procedural interface which enables creation and manipulation of ATerms in C and Java. The ATerm implementation is based on maximal subterm sharing and automatic garbage collection.

We are involved (with the CWI) in the implementation of the Java
version, as well as in the garbage collector of the C version. The
Java version of the ATerm library is used in particular by *Tom*.

The ATerm library is documented, maintained, and available at the
following address:
http://

Since 2002, we have developed a new system called *Tom*
, presented in
, . This
system consists of a pattern matching compiler which is particularly
well-suited for programming various transformations on trees/terms and
XML documents. Its design follows our experiments on the efficient
compilation of rule-based systems . The
main originality of this system is to be language and data-structure
independent. This means that the *Tom* technology can be used in a C,
C++ or Java environment. The tool can be seen as a Yacc-like compiler
translating patterns into executable pattern matching
automata. Similarly to Yacc, when a match is found, the corresponding
semantic action (a sequence of instructions written in the chosen
underlying language) is triggered and executed. *Tom* supports
sophisticated matching theories such as associative matching with
neutral element (also known as list-matching). This kind of matching
theory is particularly well-suited to perform list or XML based
transformations for example.

In addition to the notion of *rule*, *Tom* offers a
sophisticated way of controlling their application: a strategy
language. Based on a clear semantics, this language allows to define
classical traversal strategies such as *innermost*,
*outermost*, *etc.*. Moreover, *Tom* provides an extension of pattern matching, called
*anti-pattern matching*. This corresponds to a natural way to
specify *complements* (*i.e.*what should not be there to fire a
rule). *Tom* also supports the definition of cyclic graph
data-structures, as well as matching algorithms and rewriting rules for
term-graphs.

*Tom* is documented, maintained, and available at
http://

Control operators allow programs to have access and manipulate their execution
context. Abortive control operators, such as *call/cc* in Scheme or SML,
capture the entire execution context (also called continuation), while
delimited-control operators, such as *shift* and *reset* captures only
a part of the continuation (delimited by reset). We want to prove properties
(like equivalences between terms or termination) for languages with these
operators, using static analysis.

In , , we study the behavioral theory of a language with delimited control. More precisely, we define environmental bisimilarities for the delimited-control operators shift and reset. We consider two different notions of contextual equivalence: one that does not require the presence of a top-level control delimiter when executing tested terms, and another one, fully compatible with the original CPS semantics of shift and reset, that does. For each of them, we develop sound and complete environmental bisimilarities, and we discuss up-to techniques.

In , we define a calculus with higher-order
polymorphic functions, recursive types with arrow and product type constructors
and set-theoretic type connectives (union, intersection, and negation). We study
the explicitly-typed version of the calculus in which type instantiation is
driven by explicit instantiation annotations. In particular, we define an
explicitly-typed

Model Driven Engineering is a technique that has been applied quite successfully for the design of complex systems. Such systems cannot be released and embedded without complying with the certification required by the application domain: EN 50128 for railways, DO-178C for aeronautics, or ISO 26262 for automotive for instance.

Recently we have developed an extension of *Tom* to support the development of
Model Transformations and the generation of traces which are needed to give
confidence in the quality of the implemented transformation.

.

Quality is crucial for software systems and several aspects should be taken into account. Formal verification techniques like model checking and automated theorem proving can be used to guarantee the correctness of finite or infinite systems. While these approaches provide a high level of confidence they are sometimes difficult and expensive to apply. Software testing is another approach and although it cannot guarantee correctness it can be very efficient in finding errors.

We have proposed a property based testing framework for the *Tom*
language inspired from the ones prosed in the context of functional
programming. In the current version relatively simple properties can
be already expressed and tested on *Tom* programs. It consists of an
exhaustive approach testing all possible input values and guaranteeing
that the discovered counter-examples are the smallest ones (the size of
the inputs is clearly limited by the execution time) and a random
approach where inputs of bigger size could be tested but the minimal
counter-example is not guaranteed. A relatively simple shrinking
method which searches a smaller counter-example starting from an
initial relatively complex one has been also proposed. There is
ongoing work on the expressiveness of the property language and the
efficiency of the shrinking method.
The library is available at
http://

Nominal unification is proven to be quadratic in time and space. It was so by two different approaches, both inspired by the Paterson-Wegman linear unification algorithm, but dramatically different in the way nominal and first-order constraints are dealt with.

To handle nominal constraints, Levy and Villaret introduced the notion of replacing while Calvès and Fernández use permutations and sets of atoms. To deal with structural constraints, the former use multi-equation in a way similar to the Martelli-Montanari algorithm while the later mimic Paterson-Wegman.

We participate at the LORIA project entitled “Combining deduction engines into SMT”.

We participate in the “Logic and Complexity” part of the GDR–IM (CNRS Research Group on Mathematical Computer Science), in the projects “Logic, Algebra and Computation” (mixing algebraic and logical systems) and “Geometry of Computation” (using geometrical and topological methods in computer science).

Subject: Integrating SMT solvers into Spike

Date: from Mar 2013 until May 2013

Institution: West Timisoara University (Romania)

Subject: Property Based Testing

Date: from Feb 2013 until Jun 2013

Institution: Erasmus Mundus MSc in Dependable Software Systems

Subject: Generation of Terms

Date: from Jun 2013 until Sept 2013

Institution: Mines-Nancy, 2nd year student

Jean-Christophe Bach:

Member of the LORIA laboratory council

Member of the organizing committee of the “Journées GDR–GPL” colocated with the AFADL and CIEL conferences

Christophe Calvès

Member of the organizing committee of the “Journées GDR–GPL” colocated with the AFADL and CIEL conferences

Horatiu Cirstea:

PC member of RuleML 2013 (International RuleML Symposium on Rule Interchange and Applications).

PC member of SCSS 2013 (International Symposium on Symbolic Computation in Software Science).

Steering committee of RULE.

Responsible for the Master speciality “Logiciels: Théorie, méthodes et ingénierie”.

Member of the organizing committee of the “Journées GDR–GPL” colocated with the AFADL and CIEL conferences

Sergueï Lenglet:

Invited speaker at the “Journées LAC”

Reviewer for the TCS (Theoretical Computer Science) journal

Pierre-Etienne Moreau:

Member of the GDR–GPL (CNRS Research Group on Software Engineering) board.

Member of the national committee for Inria “Médiation Scientifique”.

Head of the local committee for Inria “détachements” and “délégations”.

Head of the Computer Science department at Ecole des Mines de Nancy.

President of the organizing committee of the “Journées GDR–GPL 2013” colocated with the AFADL and CIEL conferences

PC member of SLE 2013 (6th International Conference on Software Language Engineering), SCSS 2013 (5th International Symposium on Symbolic Computation in Software Science),

Member of the organizing committee of WASDeTT 2013 (4th International Workshop on Academic Software Development Tools and Techniques)

Sorin Stratulat:

Member of the LITA Laboratory Council.

Member of the program committee of the 9th International Conference on Information Assurance and Security (IAS ’13)

Member of the program committee of the 6th International Conference on Computational Intelligence in Security for Information Systems (CISIS'13)

Member of the program committee of the 5th International Symposium of Symbolic Computation in Software Science (SCSS '13)

Tutorial speaker at the Conference on Automated Reasoning with Analytic Tableaux and Related Methods (TABLEAUX 2013)

Speaker at

Workshop on Inductive Theorem Proving 23-24 November 2013, Imperial College London, UK

LIX Colloquium on the Theory and Application of Formal Proofs, 5-7 November 2013, Ecole Polytechnique, Palaiseau, France

Workshop on Proof Search in Axiomatic Theories and Type Theories (PSATTT), 8 November 2013, Ecole Polytechnique, Palaiseau, France

Licence : Pierre-Etienne Moreau, Responsible of the course “Introduction to Algorithms and Programming” (http://

PhD in progress : Jean-Christophe BACH, "Transformation de modèles et certification", November 1st 2010, Pierre-Etienne Moreau

PhD in progress : Amira HENAIEN, "Certiﬁcation du raisonnement formel porté sur des systèmes d’information critiques.", November 1st 2010, Sorin Stratulat

Horatiu Cirstea:

PhD committee of Henri Debrat, “Certification formelle de la correction d'algorithmes de Consensus”, Nancy 2013

Pierre-Etienne Moreau:

PhD committee of Mathieu Giorgino, reviewer, Toulouse, 2013: “Inductive Representation, Proofs and Refinement of Pointer Structures”

PhD committee of Clément Guy, reviewer, Rennes, 2013: “Facilités de typage pour l'ingénierie des langages”

PhD committee of Pengfei Liu, reviewer, Bordeaux, 2013: “Intégration de politiques de sécurité dans des systèmes ubiquitaires”

PhD committee of Laurent Wouters, Paris, 2013: “Multi-Domain Expert-User Modeling Infrastructure”

Jean-Christophe Bach participated to scientific mediation by proposing
several activities to demonstrate the *algorithmic thinking* at the
core of the Computer Science without requiring any computer or even electric
devices. These activities are the first part of the CSIRL (Computer Science
In Real Life) project which aims to popularize computer science and to
initiate children, school students and non-scientists into this domain. These
activities were presented during the high school students welcome at LORIA
and Inria - Nancy Grand Est, and also during
APMEP

Jean-Christophe Bach was also involved in popularization activities with
Interstices

Pierre-Etienne Moreau gave two lectures about “Robotics and Programming” in the ISN course (Informatique et Science du Numérique), in order to help professors of “classes de terminale” to teach this discipline.

Pierre-Etienne Moreau organized a three day course about “Algorithms, Programming and Databases” in order to help professors of “classes préparatoires aux grandes écoles” to teach this discipline.