The aim of the Parsifal team is to develop and exploit proof theory and type theory in the specification, verification, and analysis of computational systems.
Expertise: the team conducts basic research in proof theory and type theory. In particular, the team is developing results that help with automated deduction and with the manipulation and communication of formal proofs.
Design: based on experience with computational systems and theoretical results, the team develops new logical principles, new proof systems, and new theorem proving environments.
Implementation: the team builds prototype systems to help validate basic research results.
Examples: the design and implementation efforts are guided by examples of specification and verification problems. These examples not only test the success of the tools but also drive investigations into new principles and new areas of proof theory and type theory.
The foundational work of the team focuses on structural and analytic proof theory, i.e., the study of formal proofs as algebraic and combinatorial structures and the study of proof systems as deductive and computational formalisms. The main focus in recent years has been the study of the sequent calculus and of the deep inference formalisms.
An important research question is how to reason about computational specifications that are written in a relational style. To this end, the team has been developing new approaches to dealing with induction, co-induction, and generic quantification. A second important question is of canonicity in deductive systems, i.e., when are two derivations “essentially the same”? This crucial question is important not only for proof search, because it gives an insight into the structure and an ability to manipulate the proof search space, but also for the communication of proof objects between different reasoning agents such as automated theorem provers and proof checkers.
Important application areas currently include:
Meta-theoretic reasoning on functional programs, such as terms
in the
Reasoning about behaviors in systems with concurrency and
communication, such as the
Combining interactive and automated reasoning methods for induction and co-induction
Verification of distributed, reactive, and real-time algorithms that are often specified using modal and temporal logics
Representing proofs as documents that can be printed, communicated, and checked by a wide range of computational logic systems.
Development of cost models for the evaluation of proofs and programs.
There are two broad approaches for computational specifications. In the computation as model approach, computations are encoded as mathematical structures containing nodes, transitions, and state. Logic is used to describe these structures, that is, the computations are used as models for logical expressions. Intensional operators, such as the modals of temporal and dynamic logics or the triples of Hoare logic, are often employed to express propositions about the change in state.
The computation as deduction approach, in contrast, expresses computations logically, using formulas, terms, types, and proofs as computational elements. Unlike the model approach, general logical apparatus such as cut-elimination or automated deduction becomes directly applicable as tools for defining, analyzing, and animating computations. Indeed, we can identify two main aspects of logical specifications that have been very fruitful:
Proof normalization, which treats the state of a
computation as a proof term and computation as normalization of the
proof terms. General reduction principles such as
Proof search, which views the state of a computation as a a structured collection of formulas, known as a sequent, and proof search in a suitable sequent calculus as encoding the dynamics of the computation. Logic programming is based on proof search , and different proof search strategies can be used to justify the design of new and different logic programming languages .
While the distinction between these two aspects is somewhat informal, it helps to identify and classify different concerns that arise in computational semantics. For instance, confluence and termination of reductions are crucial considerations for normalization, while unification and strategies are important for search. A key challenge of computational logic is to find means of uniting or reorganizing these apparently disjoint concerns.
An important organizational principle is structural proof theory, that is, the study of proofs as syntactic, algebraic and combinatorial objects. Formal proofs often have equivalences in their syntactic representations, leading to an important research question about canonicity in proofs – when are two proofs “essentially the same?” The syntactic equivalences can be used to derive normal forms for proofs that illuminate not only the proofs of a given formula, but also its entire proof search space. The celebrated focusing theorem of Andreoli identifies one such normal form for derivations in the sequent calculus that has many important consequences both for search and for computation. The combinatorial structure of proofs can be further explored with the use of deep inference; in particular, deep inference allows access to simple and manifestly correct cut-elimination procedures with precise complexity bounds.
Type theory is another important organizational principle, but most popular type systems are generally designed for either search or for normalization. To give some examples, the Coq system that implements the Calculus of Inductive Constructions (CIC) is designed to facilitate the expression of computational features of proofs directly as executable functional programs, but general proof search techniques for Coq are rather primitive. In contrast, the Twelf system that is based on the LF type theory (a subsystem of the CIC), is based on relational specifications in canonical form (i.e., without redexes) for which there are sophisticated automated reasoning systems such as meta-theoretic analysis tools, logic programming engines, and inductive theorem provers. In recent years, there has been a push towards combining search and normalization in the same type-theoretic framework. The Beluga system , for example, is an extension of the LF type theory with a purely computational meta-framework where operations on inductively defined LF objects can be expressed as functional programs.
The Parsifal team investigates both the search and the normalization aspects of computational specifications using the concepts, results, and insights from proof theory and type theory.
The team has spent a number of years in designing a strong new logic that can be used to reason (inductively and co-inductively) on syntactic expressions containing bindings. This work is based on earlier work by McDowell, Miller, and Tiu , and on more recent work by Gacek, Miller, and Nadathur . The Parsifal team, along with our colleagues in Minneapolis, Canberra, Singapore, and Cachen, have been building two tools that exploit the novel features of this logic. These two systems are the following.
Abella, which is an interactive theorem prover for the full logic.
Bedwyr, which is a model checker for the “finite” part of the logic.
We have used these systems to provide formalize reasoning of a number
of complex formal systems, ranging from programming languages to the
Since 2014, the Abella system has been extended with a number of new features. A number of new significant examples have been implemented in Abella and an extensive tutorial for it has been written .
The team is developing a framework for defining the semantics of proof evidence. With this framework, implementers of theorem provers can output proof evidence in a format of their choice: they will only need to be able to formally define that evidence's semantics. With such semantics provided, proof checkers can then check alleged proofs for correctness. Thus, anyone who needs to trust proofs from various provers can put their energies into designing trustworthy checkers that can execute the semantic specification.
In order to provide our framework with the flexibility that this ambitious plan requires, we have based our design on the most recent advances within the theory of proofs. For a number of years, various team members have been contributing to the design and theory of focused proof systems and we have adopted such proof systems as the corner stone for our framework.
We have also been working for a number of years on the implementation of computational logic systems, involving, for example, both unification and backtracking search. As a result, we are also building an early and reference implementation of our semantic definitions.
Deep inference , is a novel methodology for presenting deductive systems. Unlike traditional formalisms like the sequent calculus, it allows rewriting of formulas deep inside arbitrary contexts. The new freedom for designing inference rules creates a richer proof theory. For example, for systems using deep inference, we have a greater variety of normal forms for proofs than in sequent calculus or natural deduction systems. Another advantage of deep inference systems is the close relationship to categorical proof theory. Due to the deep inference design one can directly read off the morphism from the derivations. There is no need for a counter-intuitive translation.
The following research problems are investigated by members of the Parsifal team:
Find deep inference system for richer logics. This is necessary for making the proof theoretic results of deep inference accessible to applications as they are described in the previous sections of this report.
Investigate the possibility of focusing proofs in deep inference. As described before, focusing is a way to reduce the non-determinism in proof search. However, it is well investigated only for the sequent calculus. In order to apply deep inference in proof search, we need to develop a theory of focusing for deep inference.
Proof nets and atomic flows are abstract (graph-like) presentations of proofs such that all "trivial rule permutations" are quotiented away. Ideally the notion of proof net should be independent from any syntactic formalism, but most notions of proof nets proposed in the past were formulated in terms of their relation to the sequent calculus. Consequently we could observe features like “boxes” and explicit “contraction links”. The latter appeared not only in Girard's proof nets for linear logic but also in Robinson's proof nets for classical logic. In this kind of proof nets every link in the net corresponds to a rule application in the sequent calculus.
Only recently, due to the rise of deep inference, new kinds of proof nets have been introduced that take the formula trees of the conclusions and add additional “flow-graph” information (see e.g., , and . On one side, this gives new insights in the essence of proofs and their normalization. But on the other side, all the known correctness criteria are no longer available.
This directly leads to the following research questions investigated by members of the Parsifal team:
Finding (for classical logic) a notion of proof nets that is deductive, i.e., can effectively be used for doing proof search. An important property of deductive proof nets must be that the correctness can be checked in linear time. For the classical logic proof nets by Lamarche and Straßburger this takes exponential time (in the size of the net).
Studying the normalization of proofs in classical logic using atomic flows. Although there is no correctness criterion they allow to simplify the normalization procedure for proofs in deep inference, and additionally allow to get new insights in the complexity of the normalization.
In the proof normalization approach, computation is usually reformulated as the evaluation of functional programs, expressed as terms in a variation over the
Models like Turing machines or RAM rely on atomic computational steps and thus admit quite obvious cost models for time and space. The
Nonetheless, it turns out that the number of
With the recent recruitment of Accattoli, the team's research has expanded in this direction. The topics under investigations are:
Complexity of Abstract Machines. Bounding and comparing the overhead of different abstract machines for different evaluation schemas (weak/strong call-by-name/value/need
Reasonable Space Cost Models. Essentially nothing is known about reasonable space cost models. It is known, however, that environment-based execution model—which are the mainstream technology for functional programs—do not provide an answer. We are exploring the use of the non-standard implementation models provided by Girard's Geometry of Interaction to address this question.
The goal of combining model checking with inductive and co-inductive theorem in a rather appealing one. The strengths of systems in these two different approaches are strikingly different. A model checker is capable of exploring a finite space automatically: such a tool can repeatedly explores all possible cases of a given a computational space. On the other hand, a theorem prover might be able to prove clever things about a search space. For example, a model checker could attempt to discover whether or not there exists a winning strategy for, say, tic-tac-toe while an inductive theorem prover might be able to prove that if there is a winning strategy for one board then there is a winning strategy for any symmetric version of that board. Of course, the ability to combine proofs from these approaches could drastically reduce the amount of state exploration and verification of proof certificates that are needed to prove the existence of winning strategies.
Our first step to providing an integration of model checking and
(inductive) theorem proving was the development of a strong logic, that we call
Bedwyr's tabling mechanism has been extended so that its it can make use of previously proved lemmas. For instance, when trying to prove that some board position has a winning strategy, an available stored lemma can now be used to obtain the result if some symmetric board position is already in the table.
For more about recent progress on providing checkable proof
certificates for model checking, see the web site for Bedwyr
http://
Traditionally, theorem provers—whether interactive or automatic—are usually monolithic: if any part of a formal development was to be done in a particular theorem prover, then the whole of it would need to be done in that prover. Increasingly, however, formal systems are being developed to integrate the results returned from several, independent and high-performing, specialized provers: see, for example, the integration of Isabelle with an SMT solver as well as the Why3 and ESC/Java systems.
Within the Parsifal team, we have been working on foundational aspects
of this multi-prover integration problem. As we have
described above, we have been developing a formal framework for
defining the semantics of proof evidence. We have also been working
on prototype checkers of proof evidence which are capable of
executing such formal definitions. The proof definition language
described in the papers , is
currently given an implementation in the
Using
Instead of integrating different provers by exchanging proof evidence and relying on a backend proof-checker, another approach to integration consists in re-implementing the theorem proving techniques as proof-search strategies, on an architecture that guarantees correctness. Focused systems can serve as the basis of such an architecture, identifying points for choice and backtracking, and providing primitives for the exploration of the search space. These form a trusted Application Programming Interface that can be used to program and experiment various proof-search heuristics without worrying about correctness. No proof-checking is needed if one trusts the implementation of the API.
This approach has led to the development of the Psyche engine.
Two major research directions are currently being explored, based on the above:
The first one is about understanding how to deal with quantifiers in presence of one or more theories: On the one hand, traditional techniques for quantified problems, such as unification or quantifier elimination are usually designed for either the empty theory or very specific theories. On the other hand, the industrial techniques for combining theories (Nelson-Oppen, Shostak) are designed for quantifier-free problems, and quantifiers are there dealt with incomplete clause instantiation methods or trigger-based techniques . We are working on making the two approaches compatible.
The above architecture's modular approach raises the question of how its different modules can safely cooperate (in terms of guaranteed correctness), while some of them are trusted and others are not. The issue is particularly acute if some of the techniques are run concurrently and exchange data at unpredictable times. For this we explore new solutions based on Milner's LCF . In , we argued that our solutions in particular provide a way to fulfil the “Strategy Challenge for SMT-solving” set by De Moura and Passmore .
Accattoli's paper with Ugo Dal Lago titled “Beta Reduction is Invariant, Indeed” that appeared in CSL-LICS 2014 was invited to a special issue of LMCS of selected papers from that meeting.
Miller ended his second and final term as the Editor-in-Chief of the ACM Transactions on Computational Logic. He remains as an Area Editor for Proof Theory.
Miller was a plenary speaker at the joint meeting of LOPSTR 2015 and PPDP 2015 (Siena, Italy) and was an invited speaker at LSFA 2015 (Natal Brazil) and in the Session on History and Philosophy of Computing at the 15th Congress of Logic, Methodology and Philosophy of Science, Helsinki.
Miller spoke at the ETH Zurich Department of Computer Science Distinguished Colloquium Series on April 20.
Graham-Lengrand gave an invited talk at the IFIP Working Group 1.6 on Term Rewriting, on the occasion of its 2015 annual meeting in Warsaw, Poland.
Accattoli was an invited speaker at the 16th International Workshop on Logic and Computational Complexity (Kyoto, Japan, 5th of July).
Functional Description
Abella is an interactive theorem prover for reasoning about computations given as relational specifications. Abella is particuarly well suited for reasoning about binding constructs.
In 2015, Abella has been extended with
support for polymorphic definitions and theorems;
schemas and automatically derived theorems about them;
the ability to record and replay automated search;
a number of new examples from process calculi, including a
contributed example from Horace Blanc about relating the
One further development is that Abella can now be compiled into JavaScript and run completely inside any modern browser, thanks to the js_of_ocaml compiler from OCaml bytecode to JavaScript. We expect this to become rather crucial in popularization of Abella, particularly in a pedagogical context, since it does not require any local software installation—just a modern web browser.
Participants: Dale Miller, Kaustuv Chaudhuri, Horace Blanc
Partner: Department of Computer Science and Engineering, University of Minnesota
Contact: Kaustuv Chaudhuri
Online version: http://
Bedwyr - A proof search approach to model checking
Functional Description
Bedwyr is a generalization of logic programming that allows model checking directly on syntactic expression possibly containing bindings. This system, written in OCaml, is a direct implementation of two recent advances in the theory of proof search.
It is possible to capture both finite success and finite failure in a sequent calculus. Proof search in such a proof system can capture both “may” and “must” behavior in operational semantics. Higher-order abstract syntax is directly supported using term-level lambda-binders, the nabla quantifier, higher-order pattern unification, and explicit substitutions. These features allow reasoning directly on expressions containing bound variables.
The distributed system comes with several example applications, including the finite pi-calculus (operational semantics, bisimulation, trace analyses, and modal logics), the spi-calculus (operational semantics), value-passing CCS, the lambda-calculus, winning strategies for games, and various other model checking problems.
Participant: Roberto Blanco Martinez
Contact: Quentin Heath
Checkers - A proof verifier
Keywords: Proof - Certification - Verification
Functional Description
Checkers is a tool in Lambda-prolog for the certification of proofs. Checkers consists of a kernel which is based on LKF and is based on the notion of ProofCert.
Participants: Tomer Libal and Giselle Reis
Contact: Tomer Libal
Keywords: Automated Theorem Proving - Intuitionistic Logic
Functional Description
Mætning is an automated theorem prover for first-order intuitionistic logic that is particularly suited for efficiently finding disproofs, i.e., for establishing that a given goal query is not provable. It is based on the focused inverse method , but augmented by a mechanism for building finite approximations for infinite search spaces that nevertheless guarantee soundness of a disproof.
Mætning has been released under the terms of the MIT license.
Participants: Taus Brock-Nannestad, Kaustuv Chaudhuri
Contact: Kaustuv Chaudhuri
Keywords: Proof-search - Correct-by-construction approach - Programmable Theorem Proving
Functional Description
Psyche is a modular platform for automated or interactive theorem proving, programmed in OCaml and built on an architecture (similar to LCF) where a small kernel interacts with plugins and decision procedures. The major effort in 2015 was a complete redesign of its architecture to allow the safe cooperation of various procedures (for e.g. different theories).
Participants: Assia Mahboubi, Jean-Marc Notin and Stéphane Graham-Lengrand
Contact: Assia Mahboubi and Stéphane Graham-Lengrand
We presented a system description of the
Checkers proof certifier, which implements some of the
theoretical ideas developed in the ProofCert project. This version
of the system is capable of certifying a subset of the E-Prover
superposition theorem prover. The system is mainly written in
We presented a paper detailing a higher-order pre-unification procedure with improved termination over existing procedures. The classic higher-order unification procedure was presented by G. Huet in 1975 and is still used as the main unification procedure for higher-order automated theorem provers. This procedure does not terminate. In this project we have investigated the reasons for that and have shown that by choosing a specific (but complete) search strategy, an additional set of non-unifiable problems can be detected. As an example, we have shown that all unification problems generated by the Leo-III theorem prover when proving Cantor's theorem are decided by this procedure, in contrast to the classical unification procedure.
LCF is a proof-search architecture, where search strategies are programmed via an API and successful proof-search runs are guaranteed correct, relying on the use of an abstract type theorem. We adapted the approach and defined principles for message-passing software architectures (where modules interact by exchanging messages), with the objective of guaranteeing message provenance and integrity. The principles rely on abstract types to sign messages at no run-time cost, and more generally rely on type-checking to provide static guarantees (i.e. at compile-time) that the messages produced by a trusted piece of code will not be altered or faked by an untrusted piece of code. We developed this primarily for safe theorem proving architectures, but the approach can be applied to other software architectures where modules with different levels of trust interact.
We published our approach to proof-search on quantified problems in presence of one theory , where we identify the specifications required of the theory for the proof-search process to be sound and complete. Theories with unification procedures or quantifier elimination procedures satisfy our specifications, where constraint streams and constraint projections play a key role key. Interestingly enough, Bjorner and Janota independently achieved a similar result with model projections. Our theory-generic approach allows a clear formulation of what it could mean to combine several quantifier-handling theories, hopefully generalising what the Nelson-Oppen combination technique does in a quantifier-free context. We recently obtained two new results towards this:
First, the cumbersome, stream-querying, and backtracking mechanisms that were required to implement have been re-expressed in a more satisfying message-passing computational framework.
Second, we re-expressed the standard quantifier-free combination techniques, mentioned above, as a concurrent message-passing interaction between different theory-specific procedures, and simplified their proofs of correctness. This led to the major redesign of Psyche, mentioned above.
In we presented a parametric system for abstract focusing, building on Zeilberger's work , and parametrically capturing classical and intuitionistic focused systems. We presented its semantics, building on Munch-Maccagnoni's work , in terms of abstract realizability models (which were independently identified by Krivine). The goal was to emphasize the similarities and differences between focusing and realizability, in the way they exploit the polarities of formulae. The system and its semantics led to a substantially formalisation in the proof assistant Coq.
The method of proof by bisimulation has proved to be a very successful
technique for showing the equivalence of processes. Unfortunately,
in process calculi with infinite transition systems, such as in
calculi with a replication operator, finding a bisimulation requires
exploring an infinite search space, which moreover often tends to
have rather intricate and complex structure. One way to combat this
complexity—i.e., reduce the size of candidate bisimulation
sets—is to identify redundancies among their members and then to
replace redundant classes by unique inhabitants. This yields
families of bisimulation-up-to proof methods that are
parametric over the redundancy relation. For instance, if we
consider bisimilarity itself as the redundancy, then we obtain
bisimulation up to bisimilarity; with this relation, the
singleton set
Since a priori there is no restriction on such redundancy
relations, a key theoretical question is when a bisimulation-up-to
relation is sound, i.e., that it is contained in a
bisimulation. In the literature there have been a number of
techniques proposed for showing soundness, but they often require
the use of complex reasoning about lattices of fixed points.
In (CPP'15) we show how to use the
built-in coinduction facilities of the Abella theorem prover to
produce comparatively lightweight proofs of the soundness of many
common bisimulation-up-to techniques for CCS and the
In formal proof languages based on type theory, it is often the case
that a theorem is proved for a certain kind of typing context, but
needs to be used in a different context. For example, theorems about
natural numbers may be proved in an empty typing context, since the
type of natural numbers contains no higher-order features (i.e.,
natural numbers are closed), but we may need to use these properties
of natural numbers when reasoning about
One way to achieve such reuse automatically is a technique called subordination, which is based on analyzing the constructors for a certain type and defining syntactic criteria under which certain normal terms of one type can have subterms of another type. Unfortunately, the classical definition of subordination lacks a proof-theoretic justification, and has surprising properties in third-order (and higher) signatures.
In (TLCA'15), we propose a proof-theoretic characterization of a kind of dual to subordination, called independence, that characterizes when normal terms of one type cannot contain subterms of another type. This is achieved by means of proving an inductive strengthening lemma about the signatures in the two-level logic approach. We also show how to automatically prove such lemmas in certain commonly encountered situations in the theorem prover Abella.
High-performance automated reasoning techniques such as resolution
and the inverse method are well suited for proving true
conjectures, but are ill-behaved for false conjectures. For
example, for a simple theory of even numbers that states that 0 is
even and that
In (TABLEAUX'15), we show how to finitely constrain the search space of saturation-based theorem provers by the use of unsound extensions of the goal query. These unsound extensions, when combined with forward subsumption, guarantee that only a finite number of consequences would ever be constructed based on any goal query, so the proof search procedure is guaranteed to terminate. If a proof is found among them that does not use the unsound extensions, then we can can succeed with that proof. If no proof is found, then we can soundly assert that the original goal query was also unprovable, since even a weakened version of it was unprovable. The only other possibility is that a proof is found using the unsound extension; in this case, we use the particular instance of unsoundness to refine the original unsound goal to prevent it from being found again, while maintaining the invariant that the search space is finite, and rerun the search. Since first-order logic is undecidable, we may need to repeat the refinement procedure indefinitely, but for many kinds of domains, particularly those arising from typed signatures (such as the even numbers example above), we do eventually find a saturating approximation that guarantees that the conjecture has no proof.
This algorithm has been implemented as part of the Mætning theorem prover explained in the section on Software above. We plan to extend it in the future with various automatic refinement heuristics.
Bigraphs were proposed by Robin Milner as a model of ubiquitous
computing, which is computation that is aware both of
location and of connections. As a formalism it
subsumes many other process calculi such as CCS and the
In recent years, many members (and ex-members) of the Parsifal team have been experimenting with a variant of linear logic that has not just a single pair but an arbitrary family of exponential connectives that are arranged in a pre-order. Each such pair of subexponentials may admit or reject the structural properties of weakening and contraction. One benefit of subexponentials is that it allows for querying the absence of certain kinds of exponential formulas without requiring all non-exponential formulas to be deleted as a consequence, which is the issue with ordinary linear logic.
In (LPAR'15), we show how to represent the structure of bigraphs in terms of a simple theory of linear logic with subexponentials (SEL). We show that our representation is adequate, i.e., that it respects the composition and juxtaposition operations on bigraphs. Moreover, we show how one can ask queries about the nesting of places in the representation without modifying it, which gives us a technical means of encoding bigraph reactions as well. Some of the details for bigraph reactions remain to be worked out in future work.
In a recent workshop on Linearity , we have published the formal proof (that was obtained in 2009) that linear logic with three subexponentials in a certain lattice is undecidable. An extended version of this paper was submitted to a special issue on Linearity in Mathematical Structures in Computer Science and was accepted in November 2015.
The preprint of that extended paper gives a direct embedding of propositional MALL (multiplicative and additive linear logic) using only multiplicative connectives and five subexponentials. This means that the additive connectives are, in fact, redundant when we have multiplicatives and subexponentials. Moreover, in the first-order case this encoding is polynomial and focally adequate, which means that MALL can be simulated at the highest fidelity – at the level of individual inference rules.
Focusing is a proof-theoretical tecnique for eliminating unnecessary nondeterminism in proofs. Because it cuts down on nondeterminism, focusing is particularly useful for directing proof search. Focusing thus plays a key role in explaining the meaning and behaviour of logic programs.
Despite this success in clarifying the operational semantics of logic
programming, focusing has not been as widely studied in the Curry-Howard style
“proofs as programs” interpretation.
Early results in this area established that
In (PPDP'15) we show how a proof-term
assignment to (a variant of) Liang and Miller's focused sequent calculus LJF
permits a uniform treatment of the call-by-value and call-by-name reduction
strategies of the
In the seminal work of Paul Blain Levy, the call-by-push-value language was
introduced as a way of subsuming the call-by-value and call-by-name strategies
of the
Linear Logic enjoys strong symmetries inherited from classical logic while providing a constructive framework comparable to intuitionistic logic. However, the computational interpretation of sequent calculus presentations of linear logic remains problematic, mostly because of the many rule permutations allowed in the sequent calculus.
In focused variants of Linear Logic, most of these rule permutations are eliminated by the focusing restriction — during focusing, a single formula is decomposed eagerly, and the focus is passed down to its subformulas. Conversely, during inversion, all invertible connectives are decomposed. Moreover, this decomposition is made fully determinstic by keeping the connectives in question in a list, and only decomposing the first connective of this list.
The end result of this is that a focused proof in Linear Logic almost always has one particular formula singled out as the one that will be decomposed. Thus, somewhat curiously, focused Linear Logic behaves much more like an intuitionistic sequent calculus (where at all times there is a single “special” formula on the right hand side of the sequent) than a classical calculus.
In (MFPS'15), we study a term assignment
for a focused version of Multiplicative Exponential Linear Logic (MELL), and
show how the focusing technique gives rise to a calculus that
straightforwardly embeds both a linear variant of the
Recently, we observed that the set of all sound linear inference rules in propositional logic is already coNP-complete . This means that every boolean tautology can be written as a (left-and right-) linear rewrite rule. This raises the question of whether there is a rewriting system on linear terms of propositional logic that is sound and complete for the set of all such rewrite rules. We have shown (in a joint work with Anupam Das) that, as long as reduction steps are polynomial-time decidable, such a rewriting system does not exist unless coNP=NP. This is published in .
The elegant theory of the call-by-value
The literature about abstract machines for the strong evaluation (i.e., possibly under abstraction) of the ordinary (i.e., call-by-name)
We have continued to explore a number of new aspects of framework we call Foundational Proof Certificates (FPCs). Besides having defined and implemented prototype checkers for FPCs in classical and intuitionistic logic we have also extended the proof theory underlying numerous modal logics so that FPCs can be applied to modal logics . We have also extended the notion of FPC to work also in the model checking setting . In both the modal logic and model checking domains, the key to getting FPCs to work is to have descriptions of focused proof systems available for those logics.
Given that FPCs are declarative and semantically simple structures, it has been possible to find numerous applications of them outside the problem of simply checking them. It was shown, for example, that FPCs can be used to help define the semantics of the output from traditional theorem provers . We have also used FPCs as proof outlines in order to define high-level tactics to direct proof search .
There has been a great deal of interest in recent years to providing interesting functional programming primitives that are based on classical logic and not just intuitionistic logic. Unfortunately, the standard sequent calculus proof theory for classical logic is far too chaotic to provide such a foundation. We have recently proposed adding to classical (linear) logic an assortment of subexponentials and to provide a rigid structure for their placement within formulas. This new framework allows for sequent calculus proof theory to provide to the functional programming paradigm the feature often called multi-level delimited control . The main result in that paper is also noteworthy in that it shows how to build certain complex synthetic connectives even though the standard approach (using focusing proof systems) cannot be used.
Title: ProofCert: Broad Spectrum Proof Certificates
Programm: FP7
Type: ERC
Duration: January 2012 - December 2016
Coordinator: Inria
Inria contact: Dale Miller
'There is little hope that the world will know secure software if we cannot make greater strides in the practice of formal methods: hardware and software devices with errors are routinely turned against their users. The ProofCert proposal aims at building a foundation that will allow a broad spectrum of formal methods—ranging from automatic model checkers to interactive theorem provers—to work together to establish formal properties of computer systems. This project starts with a wonderful gift to us from decades of work by logicians and proof theorist: their efforts on logic and proof has given us a universally accepted means of communicating proofs between people and computer systems. Logic can be used to state desirable security and correctness properties of software and hardware systems and proofs are uncontroversial evidence that statements are, in fact, true. The current state-of-the-art of formal methods used in academics and industry shows, however, that the notion of logic and proof is severely fractured: there is little or no communication between any two such systems. Thus any efforts on computer system correctness is needlessly repeated many time in the many different systems: sometimes this work is even redone when a given prover is upgraded. In ProofCert, we will build on the bedrock of decades of research into logic and proof theory the notion of proof certificates. Such certificates will allow for a complete reshaping of the way that formal methods are employed. Given the infrastructure and tools envisioned in this proposal, the world of formal methods will become as dynamic and responsive as the world of computer viruses and hackers has become.'
Professor Chuck Liang visited the team from 25 May to 15 June 2015 in order to continue his collaborations with team members on basic questions of proof theory. This collaboration resulted in a paper that appears in LPAR 2015 on the topic of subexponentials and the Curry-Howard interpretation of logic.
Leonardo Lima is an intern funded by ProofCert during 1 Oct 2015 – 28 Feb 2016. He is a student of Prof. Vivek Nigam from Federal University of Paraíba, Brazil. He is working on formalizing the proof theory of linear logic within the Abella theorem prover.
Graham-Lengrand spent 6 months, from March 2015 to August 2015 at SRI International, USA. This visit was to start a collaboration with N. Shankar and B. Dutertre on new algorithms and new architectures for automated and interactive theorem proving.
L. Straßburger was on the Organization Committee for the International Workshop on Efficient and Natural Proof Systems, held at the University of Bath 14-16 December, 2015
K. Chaudhuri was the Program Committee chair of the following meeting.
LFMTP 2015: Logical Frameworks and Meta-Languages: Theory and Practice
Co-chaired with Iliano Cervesato, Carnegie Mellon University (Qatar)
D. Miller was on the Program Committees of the following meetings.
TABLEAUX 2015: Automated Reasoning with Analytic Tableaux and Related Methods, Wroclaw, Poland, September.
PPDP 2015: 17th International Symposium on Principles and Practice of Declarative Programming, Siena, Italy, 13-16 July.
PxTP 2015: Fourth Workshop on Proof eXchange for Theorem Proving, Berlin, Germany, 2-3 August.
ICALP 2015 (42nd International Colloquium on Automata, Languages, and Programming), Track B, Kyoto, Japan, 6-10 July.
S. Graham-Lengrand was on the Program Committees of the following meetings.
TABLEAUX 2015: Automated Reasoning with Analytic Tableaux and Related Methods, Wroclaw, Poland, September.
CSL 2015: 24th EACSL Annual Conference on Computer Science Logic, Berlin, Germany, 7-10 September.
K. Chaudhuri was on the Program Committees of the following meetings.
CPP 2015: ACM-SIGPLAN Conference on Certified Programs and Proofs
FICS 2015: International Workshop on Fixed Points in Computer Science
WoF 2015: International Workshop on Focusing
L. Straßburger was on the Program Committees of the following meetings.
FoSSaCS 2015: 18th International Conference on Foundations of Software Science and Computation Structures
WENSP: International Workshop on Efficient and Natural Proof Systems
G. Reis was on the Program Committee for the following meeting.
LFMTP 2015: Logical Frameworks and Meta-Languages: Theory and Practice
T. Libal was a reviewer for the following workshops:
Fourth Workshop on Proof eXchange for Theorem Proving.
S. Graham-Lengrand was a reviewer for the following conferences:
LPAR 2015: 20th International Conference on Logic for Programming, Artificial Intelligence and Reasoning, Suva, Fiji, November.
LICS 2015: 30th Annual ACM/IEEE Symposium on Logic in Computer Science, Kyoto, Japan, July.
D. Ilik was a reviewer for the following conferences:
ESOP 2015: 24th European Joint Conferences on Theory and Practice of Software
FoSSaCS 2015: 18th International Conference on Foundations of Software Science and Computation Structures
TLCA 2015: 13th International Conference on Typed Lambda Calculi and Applications
M. Volpe was a reviewer for the following conferences:
Tableaux 2015: 24th International Conference on Automated Reasoning with Analytic Tableaux and Related Methods, Wroclaw, Poland, September.
L. Straßburger was a reviewer for the following conferences:
TLCA 2015: 13th International Conference on Typed Lambda Calculi and Applications
LPAR 2015: 20th International Conference on Logic for Programming, Artificial Intelligence and Reasoning, Suva, Fiji, November.
FLOPS 2016: Thirteenth International Symposium on Functional and Logic Programming March 4-6, 2016, Kochi, Japan
B. Accattoli was a reviewer for the following conferences:
CSL 2015: 24th EACSL Annual Conference on Computer Science Logic, Berlin, Germany, 7-10 September.
TGC 2015: 10th International Symposium on Trustworthy Global Computing, Madrid, Spain, August 31 to September 1.
FoSSaCS 2016: 19th International Conference on Foundations of Software Science and Computation Structures, to be held in Eindhoven, The Netherlands, 2-8 April 2016.
T. Brock-Nannestad was a reviewer for the following conferences:
ITP 2015: 6th Conference on Interactive Theorem Proving, Nanjing, China, August 24–27 August, 2015.
CPP 2016: The 5th ACM SIGPLAN Conference on Certified Programs and Proofs, Saint Petersburg, Florida, USA, January 18–19, 2016.
D. Miller was Editor-in-Chief of the ACM Transactions on Computational Logic. He completed a six year term on June 2015.
D. Miller is on the editorial board of the following journals: ACM Transactions on Computational Logic, Journal of Automated Reasoning (Springer), Theory and Practice of Logic Programming (Cambridge University Press), and Journal of Applied Logic (Elsevier).
D. Miller served on as an editor for Logical Methods in Computer Science for the production of a special issue for papers from CSL-LICS 2014.
K. Chaudhuri served as a guest editor for Mathematical Structures in Computer Science special issue on Logical Frameworks and Meta Languages, based on selected papers from LFMTP 2015
T. Libal was a reviewer for the following journals:
Journal of Automated Reasoning (Springer).
S. Graham-Lengrand was a reviewer for the following journals: J. Appl. Logic, Theoret. Comput. Sci., Acta Inform.
D. Ilik was a reviewer for the following journals:
Mathematical Reviews (MathSciNet)
Zentralblatt MATH
M. Volpe was a reviewer for the following journals:
Annals of Mathematics and Artificial Intelligence;
Journal of Automated Reasoning;
Logica Universalis.
L. Straßburger was a reviewer for the following journals:
Logical Methods in Computer Science (two articles)
Theoretical Computer Science, Elsevier
Ontos Mathematical Logic, Walter De Gruyter
Logic Journal of the IGLP, Oxford University Press
B. Accattoli was a reviewer for the following journals:
Logical Methods in Computer Science (two articles)
Theoretical Computer Science, Elsevier
D. Miller was a plenary speaker at the joint meeting of LOPSTR 2015 and PPDP 2015 (Siena, Italy) and was an invited speaker at LSFA 2015 (Natal Brazil) and in the Session on History and Philosophy of Computing at the 15th Congress of Logic, Methodology and Philosophy of Science, Helsinki.
D. Miller gave spoke at the ETH Zurick Department of Computer Science Distinguished Colloquium Series on 20 April.
S. Graham-Lengrand gave an invited talk at the IFIP Working Group 1.6 on Term Rewriting, on the occasion of its 2015 annual meeting in Warsaw, Poland.
B. Accattoli was an invited speaker at the 16th International Workshop on Logic and Computational Complexity (Kyoto, Japan, 5th of July).
D. Miller was a member of the ACM SIGLOG Advisory Board, the LICS Organizing Board, the CPP Steering Committee, and the ACM SIGLOG Executive Committee Nominating Committee. He was also the Chair of the LICS 1995 Test-of-Time Award selection committee.
S. Graham-Lengrand is head of the French National Workgroup on Logic, Algebra, and Computation (part of GDR Informatique Mathématique, funded by CNRS).
K. Chaudhuri was elected to the Steering Committee of
LFMTP (http://
Licence: K. Chaudhuri, “INF 321 : Les principes des langages de programmation”, 40 hours eq. TD, L3, École polytechnique, France
Licence: K. Chaudhuri, “INF 431 : Programmation concurrente et distribuée”, 40 hours eq. TD, L3, École polytechnique, France
Licence: S. Graham-Lengrand, “INF411: Les bases de la programmation et de l'algorithmique”, 32 hours eq. TD, L3, École Polytechnique, France.
Master: S. Graham-Lengrand, “INF551: Computational Logic”, 45 hours eq. TD, M1, École Polytechnique, France.
Master: S. Graham-Lengrand, “MPRI 2-1: Logique linéaire et paradigmes logiques du calcul”, 12 hours, M2, Master Parisien de Recherche en Informatique, France.
Master: D. Miller, “MPRI 2-1: Logique linéaire et paradigmes logiques du calcul”, 12 hours, M2, Master Parisien de Recherche en Informatique, France.
Licence: T. Libal, “INF 321 : Les principes des langages de programmation”, 40 hours eq. TD, L3, École polytechnique, France
Master: T. Libal, “INF551: Computer-aided reasoning”, 20 hours eq. TD, M1, Êcole Polytechnique, France.
PhD: Zakaria Chihani, “Certification of first-order proofs in classical and intuitionistic logics”, École Polytechnique, 2 Nov 2015; supervised by Dale Miller.
PhD in progress: Sonia Marin, 1 Nov 2014, supervised by L. Straßburger and D. Miller
PhD in progress: Roberto Blanco, Ulysse Gérard, and Quentin Heath, supervised by D. Miller
Internship: Horace Blanc, May-September 2015, supervised by B. Accattoli.
D. Miller was a reporter and president for the PhD jury of Ali Assaf, École Polytechnique, 28 September.
S. Graham-Lengrand was a member of the PhD thesis committee of Simon Cruanes, École Polytechnique, 10 September.
K. Chaudhuri was a member of the PhD thesis committee of Yuting Wang, University of Minnesota, 5 November.
K. Chaudhuri organized a half-day tutorial on Abella as a
satellite event of CADE 2015 in Berlin. The slides from the talk
are available as , and the tutorial
web-site is: http://
G. Reis participated in “Fête de la Science” as an assistant to the programming activities.