The research conducted in

Since 2012, the team has also extended its scope to the study of the homotopy of rewriting systems, which shares foundational tools with recent advanced works on the semantics of type theories.

Proof theory is the branch of logic devoted to the study of the structure of proofs. An essential contributor to this field is Gentzen who developed in 1935 two logical formalisms that are now central to the study of proofs. These are the so-called “natural deduction”, a syntax that is particularly well-suited to simulate the intuitive notion of reasoning, and the so-called “sequent calculus”, a syntax with deep geometric properties that is particularly well-suited for proof automation.

Proof theory gained a remarkable importance in computer science when it
became clear, after genuine observations first by Curry in
1958 , then by Howard and de Bruijn at the end of the
60's , , that proofs had the very same
structure as programs: for instance, natural deduction proofs can be
identified as typed programs of the ideal programming language known
as

This proofs-as-programs correspondence has been the starting point to a large spectrum of researches and results contributing to deeply connect logic and computer science. In particular, it is from this line of work that Coquand and Huet's Calculus of Constructions , stemmed out – a formalism that is both a logic and a programming language and that is at the source of the Coq system .

The

To explain the Curry-Howard correspondence, it is important to
distinguish between intuitionistic and classical logic: following
Brouwer at the beginning of the 20^{th} century,
classical logic is a logic that accepts the use of reasoning by
contradiction while intuitionistic logic proscribes it. Then,
Howard's observation is that the proofs of the intuitionistic natural
deduction formalism exactly coincide with
programs in the (simply typed)

A major achievement has been accomplished by Martin-Löf who designed in 1971 a formalism, referred to as modern type theory, that was both a logical system and a (typed) programming language .

In 1985, Coquand and Huet , in the Formel
team of Inria-Rocquencourt explored an alternative approach
based on Girard-Reynolds' system

The first public release of CoC dates back to 1989. The same project-team developed the programming language Caml (nowadays called OCaml and coordinated by the Gallium team) that provided the expressive and powerful concept of algebraic data types (a paragon of it being the type of lists). In CoC, it was possible to simulate algebraic data types, but only through a not-so-natural not-so-convenient encoding.

In practice, the Calculus of Inductive Constructions derives its strength from being both a logic powerful enough to formalise all common mathematics (as set theory is) and an expressive richly-typed functional programming language (like ML but with a richer type system, no effects and no non-terminating functions).

Since 1984, about 40 persons have contributed to the development of Coq, out of which 7 persons have contributed to bring the system to the place it is now. First Thierry Coquand through his foundational theoretical ideas, then Gérard Huet who developed the first prototypes with Thierry Coquand and who headed the Coq group until 1998, then Christine Paulin who was the main actor of the system based on the CIC and who headed the development group from 1998 to 2006. On the programming side, important steps were made by Chet Murthy who raised Coq from the prototypical state to a reasonably scalable system, Jean-Christophe Filliâtre who turned to concrete the concept of a small trustful certification kernel on which an arbitrary large system can be set up, Bruno Barras and Hugo Herbelin who, among other extensions, reorganised Coq on a new smoother and more uniform basis able to support a new round of extensions for the next decade.

The development started from the Formel team at Rocquencourt but, after Christine Paulin got a position in Lyon, it spread to École Normale Supérieure de Lyon. Then, the task force there globally moved to the University of Orsay when Christine Paulin got a new position there. On the Rocquencourt side, the part of Formel involved in ML moved to the Cristal team (now Gallium) and Formel got renamed into Coq. Gérard Huet left the team and Christine Paulin started to head a Coq team bilocalised at Rocquencourt and Orsay. Gilles Dowek became the head of the team which was renamed into LogiCal. Following Gilles Dowek who got a position at École Polytechnique, LogiCal moved to the new Inria Saclay research center. It then split again, giving birth to ProVal. At the same time, the Marelle team (formerly Lemme, formerly Croap) which has been a long partner of the Formel team, invested more and more energy in the formalisation of mathematics in Coq, while contributing importantly to the development of Coq, in particular nowadays for what regards user interfaces.

After various other spreadings resulting from where the wind pushed former PhD students, the development of Coq got multi-site with the development now realised by employees of Inria, the CNAM and Paris 7.

We next briefly describe the main components of Coq.

The architecture adopts the so-called de Bruijn principle: the well-delimited *kernel*
of Coq ensures the correctness
of the proofs validated by the system. The kernel is rather stable
with modifications tied to the evolution of the underlying Calculus of
Inductive Constructions formalism. The kernel includes an
interpreter of the programs expressible in the CIC and this
interpreter exists in two flavours: a customisable lazy evaluation
machine written in OCaml and a call-by-value bytecode interpreter
written in C dedicated to efficient computations. The kernel also
provides a module system.

The concrete user language of Coq, called *Gallina*, is a
high-level language built on top of the CIC. It includes a type
inference algorithm, definitions by complex pattern-matching, implicit
arguments, mathematical notations and various other high-level
language features. This high-level language serves both for the
development of programs and for the formalisation of mathematical
theories. Coq also provides a large set of commands. Gallina and
the commands together forms the *Vernacular* language of Coq.

The standard library is written in the vernacular language of Coq.
There are libraries for various arithmetical structures and various
implementations of numbers (Peano numbers, implementation of

The tactics are the methods available to conduct proofs. This includes the basic inference rules of the CIC, various advanced higher level inference rules and all the automation tactics. Regarding automation, there are tactics for solving systems of equations, for simplifying ring or field expressions, for arbitrary proof search, for semi-decidability of first-order logic and so on. There is also a powerful and popular untyped scripting language for combining tactics into more complex tactics.

Note that all tactics of Coq produce proof certificates that are checked by the kernel of Coq. As a consequence, possible bugs in proof methods do not hinder the confidence in the correctness of the Coq checker. Note also that the CIC being a programming language, tactics can have their core written (and certified) in the own language of Coq if needed.

Extraction is a component of Coq that maps programs (or even computational proofs) of the CIC to functional programs (in OCaml, Scheme or Haskell). Especially, a program certified by Coq can further be extracted to a program of a full-fledged programming language then benefiting of the efficient compilation, linking tools, profiling tools, ... of the target software.

Dependently typed programming (shortly DTP) is an emerging concept
referring to the diffuse and broadening tendency to develop
programming languages with type systems able to express program
properties finer than the usual information of simply belonging to
specific data-types. The type systems of dependently-typed programming
languages allow to express properties *dependent* of the input and
the output of the program (for instance
that a sorting program returns a list of same size as its
argument). Typical examples of such languages were the Cayenne
language, developed in the late 90's at Chalmers University in Sweden
and the DML language developed at Boston. Since then, various new
tools have been proposed, either as typed programming languages whose
types embed equalities (

DTP contributes to a general movement leading to the fusion between logic and programming. Coq, whose language is both a logic and a programming language which moreover can be extracted to pure ML code plays a role in this movement and some frameworks combining logic and programming have been proposed on top of Coq (Concoqtion at Rice and Colorado, Ynot at Harvard, Why in the ProVal team at Inria). It also connects to Hoare logic, providing frameworks where pre- and post-conditions of programs are tied with the programs.

DTP approached from the programming language side generally benefits of a full-fledged language (e.g. supporting effects) with efficient compilation. DTP approached from the logic side generally benefits of an expressive specification logic and of proof methods so as to certify the specifications. The weakness of the approach from logic however is generally the weak support for effects or partial functions.

In between the decidable type systems of conventional data-types based
programming languages and the full expressiveness of logically
undecidable formulae, an active field of research explores a spectrum
of decidable or semi-decidable type systems for possible use in
dependently typed programming languages. At the beginning of the spectrum,
this includes, for instance, the system F's extension ML

For two decades, the Curry-Howard correspondence has been limited to the intuitionistic case but since 1990, an important stimulus spurred on the community following Griffin's discovery that this correspondence was extensible to classical logic. The community then started to investigate unexplored potential connections between computer science and logic. One of these fields is the computational understanding of Gentzen's sequent calculus while another one is the computational content of the axiom of choice.

Indeed, a significant extension of the Curry-Howard correspondence has been
obtained at the beginning of the 90's thanks to the seminal
observation by Griffin that some operators known as
control operators were typable by the principle of double negation
elimination (

Control operators are used to jump from one location of a
program to another. They were first considered in the 60's by
Landin and Reynolds and started to
be studied in an abstract way in the 80's by Felleisen *et
al* , leading to Parigot's

The Curry-Howard interpretation of sequent calculus started to be
investigated at the beginning of the 90's. The main technicality of
sequent calculus is the presence of *left introduction* inference
rules, for which two kinds of interpretations are
applicable. The first approach interprets left introduction rules as
construction rules for a language of patterns but it does not really
address the problem of the interpretation of the implication
connective. The second approach, started in 1994, interprets left
introduction rules as evaluation context formation rules. This line of
work led in 2000 to the design by Hugo Herbelin and
Pierre-Louis Curien of a symmetric calculus exhibiting deep dualities
between the notion of programs and evaluation contexts and between the
standard notions of call-by-name and call-by-value evaluation semantics.

Abstract machines came as an intermediate evaluation device, between
high-level programming languages and the computer microprocessor. The
typical reference for call-by-value evaluation of

Delimited control extends the expressiveness of control operators with
effects: the fundamental result here is a completeness result by
Filinski : any side-effect expressible in monadic
style (and this covers references, exceptions, states, dynamic
bindings, ...) can be simulated in

Like ordinary categories, higher-dimensional categorical structures originate in algebraic topology. Indeed, *fundamental $\infty $-groupoid*

In the last decades, the importance of higher-dimensional categories has grown fast, mainly with the new trend of *categorification* that currently touches algebra and the surrounding fields of mathematics. Categorification is an informal process that consists in the study of higher-dimensional versions of known algebraic objects (such as higher Lie algebras in mathematical physics ) and/or of “weakened” versions of those objects, where equations hold only up to suitable equivalences (such as weak actions of monoids and groups in representation theory ).

Since a few years, the categorification process has reached logic, with the introduction of homotopy type theory. After a preliminary result that had identified categorical structures in type theory , it has been observed recently that the so-called “identity types” are naturally equiped with a structure of

Higher-dimensional categories are algebraic structures that contain, in essence, computational aspects. This has been recognised by Street , and independently by Burroni , when they have introduced the concept of *computad* or *polygraph* as combinatorial descriptions of higher categories. Those are directed presentations of higher-dimensional categories, generalising word and term rewriting systems.

In the recent years, the algebraic structure of polygraph has led to a new theory of rewriting, called *higher-dimensional rewriting*, as a unifying point of view for usual rewriting paradigms, namely abstract, word and term rewriting , , , , and beyond: Petri nets and formal proofs of classical and linear logic have been expressed in this framework . Higher-dimensional rewriting has developed its own methods to analyse computational properties of polygraphs, using in particular algebraic tools such as derivations to prove termination, which in turn led to new tools for complexity analysis .

The homotopical properties of higher categories, as studied in mathematics, are in fact deeply related to the computational properties of their polygraphic presentations. This connection has its roots in a tradition of using rewriting-like methods in algebra, and more specifically in the work of Anick and Squier , in the 1980s: Squier has proved that, if a monoid *finite*, *terminating* and *confluent* rewriting system, then its third integral homology group *finite derivation type* (a property of homotopical nature). This allowed him to conclude that finite convergent rewriting systems were not a universal solution to decide the word problem of finitely generated monoids. Since then, Yves Guiraud and Philippe Malbos have shown that this connection was part of a deeper unified theory when formulated in the higher-dimensional setting , , , , .

In particular, the computational content of Squier's proof has led to a constructive methodology to produce, from a convergent presentation, *coherent presentations* and *polygraphic resolutions* of algebraic structures, such as monoids and algebras . A coherent presentation of a monoid

Keywords: Proof - Certification - Formalisation

Functional Description

Coq provides both a dependently-typed functional programming language and a logical formalism, which, altogether, support the formalisation of mathematical theories and the specification and certification of properties of programs. Coq also provides a large and extensible set of automatic or semi-automatic proof methods. Coq's programs are extractible to OCaml, Haskell, Scheme, ...

Closest participants: Benjamin Grégoire, Enrico Tassi, Bruno Barras, Yves Bertot, Pierre Courtieu, Maxime Dénès, Hugo Herbelin, Matej Košík, Pierre Letouzey, Assia Mahboubi, Cyprien Mangin, Guillaume Melquiond, Jean-Marc Notin, Pierre-Marie Pédrot, Yann Régis-Gianas, Matthieu Sozeau, Arnaud Spiwack, Théo Zimmermann.

Partners: CNRS - ENS Lyon - Université Paris-Diderot - Université Paris-Sud

Contact: Matthieu Sozeau

URL: http://

The 8.6 version of Coq was released in December 2016. It initiates a time-based
release cycle and concentrates on a smaller set of features than Coq 8.5 for
which compatibility and testing were done more intensively. In the

Matthieu Sozeau followed up his work on universe polymorphism making the explicit annotation system more accessible and resolving issues in the minimization algorithm used during refinement, resulting in a more predictable system. These improvements were used in the Coq/HoTT library for Homotopy Type Theory, which is described in an upcoming article .

Matthieu Sozeau implemented a new variant of the proof-search tactic for typeclasses that is set to replace the existing auto and eauto tactics in the following version. The new variant fully benefits from the features of the underlying proof engine, and allows much more control on proof-search (patterns used consistently, modes for triggering hints, ...). It is at the basis of the work of Théo Zimmermann described below.

Cyprien Mangin and Matthieu Sozeau continued work on the Equations plugin, modularizing it so that the use of axioms can be minimized, and making it compatible with developments in Homotopy Type Theory. To achieve this, it has moved to a simplification engine in ML based on telescopes and is able to produce axiom-free proofs of the examples that were previously implicitly using them. This work will be presented at the POPL workshop Type-Theoretic Tools (TTT), next January 2017.

Among other contributions, Hugo Herbelin, Pierre Letouzey, Matej Košík and Matthieu Sozeau worked at the maintenance of the system.

In particular, Pierre Letouzey vastly reworked the build mechanism of Coq, taking advantage of code evolutions driven by Pierre-Marie Pédrot. Pierre Letouzey also administrated (and improved) several machines or systems that are critical for the Coq community (web server, build test server, git repositories ...), in coordination with Inria's SIC support team.

Matej Košík developed a new benchmarking infrastructure based on Jenkins and continuous integration (http://

After 10 years coordinating the Coq development team, Hugo Herbelin handed over the coordination to Matthieu Sozeau.

A Coq working group is organised every two months (5 times a
year). Discussions about the development happen, in particular,
on `coq-dev@inria.fr`, Coq's GitHub http://

Matej Košík worked on the programming interfaces of Coq, starting to isolate a subset of key functions to be used by Coq plugin developers.

In collaboration with François Pottier (Inria Gallium), Yann Régis-Gianas maintained Menhir, an LR parser generator for OCaml. Yann Régis-Gianas develops the “Hacking Dojo”, a web platform to automatically grade programming exercises. The platform is now used in several courses of the University Paris Diderot. Yann Régis-Gianas develops a reference implementation of a syntactic analyzer for the POSIX shell programming language. This analyzer is used by the Colis project to analyze the scripts embedded in the packages of the Debian GNU/Linux distribution. In collaboration with Beta Ziliani (LIIS, Cordoba, Argentine), Yann Régis-Gianas, Béatrice Carré and Jacques-Pascal Deplaix develop MetaCoq, an extension of Coq to use Coq as a metalanguage for itself.

Yves Guiraud has updated the Catex tool for Latex, whose purpose is to automatise the production of string diagrams from algebraic expressions http://

Dependent types are a key feature of type systems, typically
used in the context of both richly-typed programming languages and
proof assistants. Control operators, which are connected with classical
logic along the proof-as-program correspondence, are known to misbehave
in the presence of dependent types , unless
dependencies are restricted to values.
As a step in his work to develop a sequent-calculus version of Hugo Herbelin's
*negative-elimination free* proofs.
The corresponding type system includes a list of explicit dependencies,
which maintains type safety. He showed that a continuation-passing style
translation can be derived by adding delimited continuations, and
how a chain of dependencies can be related to a manipulation of the return type
of this continuations.
This work has been accepted for publication at ESOP 2017 .

Alexis Saurin, in collaboration with Pierre-Marie Pédrot, extended their reconstruction of call-by-need based on linear head reduction with control. They showed how linear head reduction could be adapted to the

Guilhem Jaber, Gabriel Lewertowski, Pierre-Marie Pédrot, Matthieu Sozeau, and Nicolas Tabareau studied a variant of the forcing translation for dependent type theory, moving from the call-by-value variant to a call-by-name version which naturally preserves definitional equalities, avoiding the coherence pitfalls of the former one. This new version was inspired by Pierre-Marie Pédrot's former decomposition of forcing in call-by-push-value. It allows to show various metatheoretical results in a succint fashion, notably for the independence of axioms. Work is ongoing to produce more positive results including abstracting reasoning on step-indexing using this technique. This work was presented at LICS 2016 .

Étienne Miquey has been working with Alexandre Miquel in Montevideo on the
topic of implicative algebras. Implicative algebras are an algebraization of
the structure needed to develop a realizability model.
In particular, they give rise to the usual ordered combinatory algebras
and thus to the triposes used to model classical realizability.
An implicative algebra is given by an implicative structure (which consists
of a complete semi-lattice with a binary operation

This theme is part of the ANR project Rapido (see the National Initiatives section).

In collaboration with David Baelde, Amina Doumane and Alexis Saurin developed further the theory of infinite proofs. In their study of the proof theory of circular and infinitary proofs in

The usual result of focalisation for linear logic can actually be extended to circular proofs, but, contrarily to finitary

The proof of cut-elimination is quite involved and proceeds in two steps relying on semantic arguments, even though the paper actually proves a cut-elimination result and not only a cut-admissibility result as usual semantic arguments provide. A first part of the proof shows that some cut-reduction strategy is actually productive while a second part of the proof shows that the proof-object produced is actually a correct proof in the sense that it satisfies the validity condition of

Baelde, Doumane and Saurin are currently working with Jaber to extend the cut-elimination result to a more expressive validity condition for

In a joint work with David Baelde and Lucca Hirschi,
Amina Doumane and Alexis Saurin carried out a proof-theoretical
investigation of the linear-time

They do so in a way that combines the advantages of two lines of previous work: Kaivola gave a proof of completeness for an axiomatisation that amounts to a finitary proof system, but his proof is non-constructive and yields no reasonable procedure. On the other hand, Dax, Hofmann and Lange recently gave a deductive system that is appropriate for algorithmic proof search, but their proofs require a global validity condition and do not have a well understood proof theory.

They work with well-structured proof systems, effectively constructing proofs in a finitary sequent calculus that enjoys local correctness and cut elimination. This involves an intermediate circular proof system in which one can obtain proofs for all inclusions of parity automata, by adapting Safra's construction. In order to finally obtain finite proofs of Büchi inclusions, a translation result from circular to finite proofs is designed.

These results appeared in LICS 2016 (long version in ). Since then, Doumane extended the result and obtained a constructive proof of completeness for the full linear-time

In collaboration with Paul Laforgue (Master 1, University Paris Diderot), Yann Régis-Gianas studied the mechanisms of co-patterns introduced by Abel and Pientka from a programming language perspective. More precisely, they defined an untyped version of this calculus as well as an abstract machine to efficiently evaluate cofunctions. In addition, they designed several (type preserving) encodings of co-patterns using generalized algebraic datatypes and purely functional objects. Finally, they started to revisit an optimisation called "stream fusion" in a purely equational way by application of copattern-based program definitions.

In collaboration with Sylvain Ribstein (Master 1, University Paris Diderot), Yann Régis-Gianas defined an OCaml library for differential functional reactive programming (DFRP). This framework extends standard functional reactive programming with the possibility to modify past events and to compute the consequences of this modification in all the events that depend on it. A paper is in preparation.

Saurin and Tasson co-advised in the spring/summer of 2016 the master internship of Rémi Nollet who started his PhD thesis under their supervision in September 2016. The topic of his thesis is the extension of Curry-Howard correspondence between FRP and LTL as recently noticed by Jeffrey and Jeltsch. During his internship, Nollet studied various proof systems for LTL and compared them to type systems for FRP. He notably studied various translations between natural deduction and sequent calculus, which led him to study precisely the role played by structural rules in those translations and preparing the work for future extensions to classical constructive LTL, and to work out the foundations for an extension of Curien-Herbelin's system L, closer to abstract machines, for LTL.

Yves Guiraud has collaborated with Patrick Dehornoy (LNO, Univ. Caen) to develop an axiomatic setting for monoids with a special notion of quadratic normalisation map with good computational properties. This theory generalises the normalisation procedure known for monoids that admit a special family of generators called a Garside family to a much wider class that also includes the plactic monoids. It is proved that good quadratic normalisation maps correspond to quadratic convergent presentations, together with a sufficient condition for this to happen, based on the shape of the normalisation paths on length-three words. This work has been published in the International Journal of Algebra and Computation .

Building on this last article, Yves Guiraud currently collaborates with Matthieu Picantin (IRIF, Univ. Paris 7) to generalise the main results of Gaussent, Guiraud and Malbos on coherent presentations of Artin monoids , to monoids with a Garside family. This will allow an extension of the field of application of the rewriting methods to other geometrically interesting classes of monoids, such as the dual braid monoids.

Still in collaboration with Matthieu Picantin, Yves Guiraud develops an improvement of the classical Knuth-Bendix completion procedure, called the KGB completion procedure. The original algorithm tries to compute, from an arbitrary terminating rewriting system, a finite convergent presentation by adding relations to solve confluence issues. Unfortunately, this algorithm fails on standard examples, like most Artin monoids with their usual presentations. The KGB procedure uses the theory of Tietze transformations, together with Garside theory, to also add new generators to the presentation, trying to reach the convergent Garside presentation identified in . The KGB completion procedure is partially implemented in the prototype Rewr, developed by Yves Guiraud and Samuel Mimram.

With Eric Hoffbeck (LAGA, Univ. Paris 13), Yves Guiraud and Philippe Malbos have introduced in the setting of linear polygraphs to formalise a theory of linear rewriting, generalising Gröbner bases. They have adapted the method of Guiraud and Malbos to compute polygraphic resolutions of associative algebras, with applications to the decision of the Koszul homological property. They are currently finishing the major overhaul of this work, started in 2015, whose main goal is to ease the adaptation of the results to other algebraic varieties, like commutative algebras or Lie algebras.

Cyrille Chenavier, supervised by Yves Guiraud and Philippe Malbos, explored the use of Berger's theory of reduction operators to improve the theory of Gröbner bases for associative algebras. This work has permitted to unveil two interesting algebraic structures that are hidden in rewriting theory. First, the operations that associate a normal form to an arbitrary word admit a structure of lattice, that gives a new algebraic characterisation of confluence and a new algorithm for completion, based on an iterated use of the meet-operation of the lattice. Second, under mild technical conditions, the different normalisation strategies are related through braid-like relations, as in Artin monoids, that have been used to propose a new method for a particular problem in homological algebra (namely, the construction of a contracting homotopy for the Koszul complex). The second result is published in Algebra and Representation Theory , the first one is submitted for publication , and both are contained in Cyrille Chenavier's PhD thesis .

Yves Guiraud and Philippe Malbos have written a survey on the use of rewriting methods in algebra, centered on a formulation of Squier's homotopical and homological theorems in the modern language of higher-dimensional categories. This article is intended as an introduction to the domain, mainly for graduate students, and will appear in Mathematical Structures in Computer Science .

Maxime Lucas, supervised by Yves Guiraud and Pierre-Louis Curien, has applied the rewriting techniques of Guiraud and Malbos to prove coherence theorems for bicategories and pseudofunctors. He obtained a coherence theorem for pseudonatural transformations thanks to a new theoretical result, improving on the former techniques, that relates the properties of rewriting in 1- and 2-categories. This result is published in the Journal of Pure and Applied Algebra . Maxime is currently engaged into a major rework of the results of , that will produce improved methods to build Squier's polygraphic resolution from a convergent presentation, based on the use of cubical higher categories instead of globular ones. He has already achieved a first result in this direction , and conducted a major foundational work towars the full result , which have just been submitted for publication.

In collaboration with Paolo Giarrusso and Yufei Cai (Univ Marburg, Allemagne), Yann Régis-Gianas developed a new method to incrementalise higher-order programs using formal derivatives and static caching. Yann Régis-Gianas has developed a mechanized proof for this transformation. A paper will be submitted to ICFP 2017.

In collaboration with David Mentré (Mitsubishi), Thibaut Girka and Yann Régis-Gianas have developed a theoretical framework to define a notion of differential operational semantics: a general mathematical object to characterise the difference of behavior of two close programs. A paper is under submission. A technical report is available .

Thibaut Girka and Yann Régis-Gianas presented this work in several working groups: Gallium (Paris), “Journée annuelle du groupe LTP” of the GDR GPL (Saclay), LIMA (Nantes), IRIF (Paris).

Hugo Herbelin supervised the internship of Meven Bertrand on compiling dependent pattern-matching using a combination of techniques known as small inversion and generalization, as a following of Pierre Boutillier's PhD.

Théo Zimmermann has developed a tool for transferring theorems along isomorphic structures. The long-term objective is to provide a language of proof methods matching the level of abstraction common in mathematics. Théo Zimmermann is applying his tool to introduce higher "mathematical" levels of abstraction to the basic Coq method for applying theorems. The proof of concept of this idea will be presented at the TTT POPL workshop in January.

Matthieu Sozeau worked in collaboration with Beta Ziliani (assistant professor at Córdoba, Argentina) on a journal version of the formalisation of the unification algorithm used in Coq, which is central for working with advanced type inference features like Canonical Structures. The presentation of this journal version is incremental (it is presented feature by feature), with an aim of easing the understanding of how the algorithm actually works for users who want to take advantage of it. It has been accepted for publication in the Journal of Functional Programming.

Pierre Letouzey started exploring with the help of Matthieu Sozeau a version of Coq's logic (CIC) where the cumulativity rule would be explicit. This cumulativity rule is a form of coercion between Coq universes, and is done silently in Coq up to now. Having a version of CIC where the use of the cumulativity bewteen Prop and Type is traceable woud be of great interest. In particular this would lead to a solid ground for the Coq extraction tool and solve some of its current limitations. Moreover, an explicit cumulativity would also help significantly the studies of Coq theoretical models. Preliminary results are encouraging, but this work has not been finalized yet. This work is related to the studies of Ali Assaf (Google Zurich, formerly PhD student in the team Deducteam), but uses different technical choices for different goals. This work is now pursued by Gaëtan Gilbert (PhD student of Nicolas Tabareau and Matthieu Sozeau at the École des Mines in Nantes), with the goal of providing a version of the calculus of constructions with definitional proof-irrelevance. The absence of explicit cumulativity between Prop and Type was identified in earlier work by Benjamin Werner and Giesik Lee as an important obstacle to building models of the theory, we hence expect this work to simplify the (relative) consistency proof of the theory.

Jean-Jacques Lévy and Chen Ran (a PhD student of the Institute of Software, Beijing, visiting the Toccata team) pursue their work about formal proofs of algorithms. Their goal is to provide proofs of algorithms which ought to be both checked by computer and easily human readable. If these kinds of proofs exist for algorithms on inductive structures or recursive algorithms on arrays, they seem less easy to design for combinatorial structures such as graphs. In 2016, they completed proofs for algorithms computing the strongly connected components in graphs. There are mainly two algorithms: one by Kosaraju (1978) working in two phases (some formal proofs of it have already been achieved by Pottier with Coq-classic and by Théry and Gonthier with Coq-ssreflect), one by Tarjan (1972) working in a single pass.

Their proofs use a first-order logic with definitions of inductive predicates. This logic is the one defined in Why3 (research-team Toccata, Saclay). They widely use automatic provers interfaced by Why3. A very minor part of these proofs is also achieved in Coq. The difficulty of this approach is to combine automatic provers and intuitive design.

Part of this work (Tarjan 1972) is presented at JFLA 2017 in Gourette
A more comprehensive version is under submission to another conference
.
Scripts of proofs can be found at http://

This section reports on formalisation work by Daniel de Rauglaudre.

Puiseux' theorem states that the set of Puiseux series (series with rational powers) is an algebraically closed field, i.e. every non-constant polynomial with Puiseux series coefficients admits a zero. This theorem was formalized in Coq a couple of years ago, but it depended on five ad hoc axioms. This year, all these axioms have been grouped together into the only axiom LPO (Limited Principle of Omniscience), stating that for each sequence of booleans, we can decide whether it is always false or if there is at least one true element. This formalized theorem now depends only on this axiom.

Banach-Tarski Paradox states that, if we admit the axiom of choice, a sphere is equidecomposable into two spheres identical to the initial one. The equidecomposability is a property of geometric objects: two objects (sets) are equidecomposable if we can partition them into a same finite number of sets, and each set of the first object is mapped to a set of the second object by only rotations and translations. In other words, we break the first object into a finite number of pieces, and with them, we reconstitute the second object. Its pen and paper proof was done in 1924 by Banach and Tarski.

Its formal proof in Coq has been started this year. About 80% of the proof has been done. The already proved part includes a lemma which says that the sphere without some specific countable number of points is equidecomposable into twice itself. It also includes a formal proof that equidecomposability is an equivalence relation. This makes about 7000 lines of Coq. The remaining part is to formalize the proof that the sphere is equidecomposable into the sphere without this countable set of points.

The version of axiom of choice used for this proof is named TTCA (Type Theoretical Axiom of Choice, introduced by Benjamin Werner ), stating that for each equivalence relation, there exists a function mapping each relation class to one of its elements.

Alexis Saurin (coordinator) and Yann Régis-Gianas are members of the four-year RAPIDO ANR project, started in January 2015.
RAPIDO aims at investigating the use of proof-theoretical methods
to reason and program on infinite data objects. The goal of the project
is to develop logical
systems capturing infinite proofs (proof systems with least and
greatest fixed points as well as infinitary proof systems), to design
and to study programming languages for manipulating infinite data such
as streams both from a syntactical and semantical point of
view. Moreover, the ambition of the project is to apply the
fundamental results obtained from the proof-theoretical investigations
(i) to the development of software tools dedicated to the reasoning
about programs computing on infinite data, *e.g.* stream programs
(more generally coinductive programs), and (ii) to the study of
properties of automata on infinite words and trees from a proof-theoretical
perspective with an eye towards model-checking problems.
Other permanent members of the project are Christine Tasson from IRIF (PPS team), David Baelde from LSV,
ENS-Cachan, and Pierre Clairambault, Damien Pous and Colin Riba from LIP, ENS-Lyon.

Pierre-Louis Curien (coordinator), Yves Guiraud (local coordinator), Philippe Malbos and Samuel Mimram have been members of the three-year Focal project of the IDEX Sorbonne Paris Cité (July 2013 to June 2016). This project, giving the support for the PhD grant of Cyrille Chenavier, concerns the interactions between higher-dimensional rewriting and combinatorial algebra. This project is joint with mathematicians form LAGA (Univ. Paris 13).

Pierre-Louis Curien (coordinator), Yves Guiraud (local coordinator), Philippe Malbos and Samuel Mimram are members of the four-year Cathre ANR project, started in January 2014. This project, giving the support for the PhD grant of Maxime Lucas, investigates the general theory of higher-dimensional rewriting, the development of a general-purpose library for higher-dimensional rewriting, and applications in the fields of combinatorial linear algebra, combinatorial group theory and theoretical computer science. This project is joint with mathematicians and computer scientists from LAGA (Univ. Paris 13), LIX (École Polytechnique), ICJ (Univ. Lyon 1 and Univ. Saint-Étienne), I2M (Univ. Aix-Marseille) and IMT (Univ. Toulouse 3).

Pierre-Louis Curien, Yves Guiraud, Hugo Herbelin, Philippe Malbos, Samuel Mimram and Alexis Saurin are members of the GDR Informatique Mathématique, in the Géocal (Geometry of computation) and LAC (Logic, algebra and computation) working groups.

Pierre-Louis Curien, Yves Guiraud (local coordinator), Philippe Malbos, Samuel Mimram and Matthieu Sozeau are members of the GDR Topologie Algébrique, federating French researchers working on classical topics of algebraic topology and homological algebra, such as homotopy theory, group homology, K-theory, deformation theory, and on more recent interactions of topology with other themes, such as higher categories and theoretical computer science.

Hugo Herbelin was the coordinator of the PPS site for the ANR Récré (January 2012 to mid 2016). Récré is about realisability and rewriting, with applications to proving with side-effects and concurrency.

Yann Régis-Gianas collaborates with Mitsubishi Rennes on the topic of differential semantics. This collaboration led to the CIFRE grant for the PhD of Thibaut Girka.

Yann Régis-Gianas is a member of the ANR COLIS dedicated to the verification of Linux Distribution installation scripts. This project is joint with members of VALS (Univ Paris Sud) and LIFL (Univ Lille).

Matthieu Sozeau is a member of the CoqHoTT project led by Nicolas Tabareau (Ascola team, École des Mines de Nantes), funded by an ERC Starting Grant. The PhD grant of Gabriel Lewertowski was funded by the CoqHoTT ERC.

Hugo Herbelin is a deputy representative of France in the COST action EUTYPES.

Pierre-Louis Curien participates to the Associated Team CRECOGI (Concurrent, Resourceful and Effectful Computation, by Geometry of Interaction) between the project-team Focus (Bologna) and the University of Tokyo (principal investigators Ugo dal Lago and Ichiro Hasuo, started in 2015).

The project-team has collaborations with University of Aarhus (Denmark), University of Oregon, University of Tokyo, University of Sovi Sad and the Institute of Mathematics of the Serbian Academy of Sciences, University of Nottingham, Institute of Advanced Study, MIT, University of Cambridge, and Universidad Nacional de Córdoba.

Pierre-Louis Curien participates to the ANR International French-Chinese project LOCALI (Logical Approach to Novel Computational Paradigms), coordinated by Gilles Dowek (Deducteam).

Paolo Giarrusso (Univ. of Marburg) visited Yann Régis-Gianas in February 2016.

Lourdes del Carmen Gonzalez Huesca (Univ. of Mexico) visited Yann Régis-Gianas in December 2016.

Pierre-Louis Curien visited the Category Theory group at Macquarie University in June-July 2016 (collaborative work on the combinatorial structure of type dependency).

As a part of his joint PhD, Étienne Miquey worked most of the year in Montevideo within the Logic group of the Universidad de la República of Uruguay.

Yann Régis-Gianas is multimedia chair of the organizing committee of POPL 2017 that will be held in Paris in January 2017.

Yves Guiraud, Philippe Malbos and Samuel Mimram have organised the second edition of the Higher-Dimensional Rewriting and Applications (HDRA) workshop of the Formal Structures for Computation and Deduction conference (FSCD), held in Porto in June 2016. They plan to organise the third edition of HDRA, still with FSCD, in September 2017 in Oxford.

Yves Guiraud and Alexis Saurin, with Christine Tasson (IRIF), have organised the annual meeting of the Géocal and LAC working groups of the GDR Informatique Mathématique in Paris, in November 2016.

Yves Guiraud and Samuel Mimram, with Dimitri Ara (Univ. Aix-Marseille) are currently organising the Categories in Homotopy and Rewriting one-week conference, that will be held at the CIRM, in Marseille, in September 2017.

Matthieu Sozeau was member of the program committees of FSCD'16, ITP'16 and CoqPL'16.

Hugo Herbelin is a member of the steering committee of the conference *Formal Structures for Computation and Deduction* (FSCD).

Pierre-Louis Curien is member of the steering committee of the international workshop Games for Logic and Programming Languages (GaLop).

Matthieu Sozeau is member of the steering committee of the Dependently Typed Programming international workshop (DTP).

Pierre-Louis Curien is editor in chief of the Cambridge University Press journal Mathematical Structures in Computer Science (since January 2016).

The members of the team reviewed papers for numerous journals and international conferences.

Pierre-Louis Curien and Samuel Mimram gave invited talks at the annual meeting of the Géocal and LAC working groups of the GDR Informatique Mathématique (Paris, November).

Pierre-Louis Curien gave an invited talk at the annual meeting of the international ANR project Pace (between Univ. of Bologna, ENS Lyon and Shanghai Jiaotong University) on “Categorified cyclic operads” (Shanghai, November).

Hugo Herbelin gave an invited talk on “Proving with side-effects” at the Days in Logic meeting in Lisbon, Portugal.

Jean-Jacques Lévy gave an invited talk about “Strongly connected components in graphs, Formal proof of Tarjan 1972 algorithm” at the LTP (Langages, Types et Preuves) day, Saclay .

Matthieu Sozeau gave invited talks at the DeepSpec kickoff meeting in Princeton, NJ, USA, June 8th 2016, on “Coq 8.6” (together with Maxime Dénès), at the International Conference on Mathematical Software in Berlin, Germany, July 14th 2016, on “Coq for HoTT”, at the Categorical Logic and Univalent Foundations workshop, Leeds, UK, July 28th 2016, on “Forcing Translations in Type Theory”, and at the Coq Workshop in Nancy, France, August 26th 2016, on “Coq 8.6”.

Pierre-Louis Curien has been member of the “Comité de Sélection” for a professor position in discrete mathematics at the University Paul Sabatier in Toulouse.

Yann Régis-Gianas and Hugo Herbelin have been members of the “Comité de Sélection” for an assistant professor position at CNAM in Paris.

Yann Régis-Gianas has been member of the “Comité de Sélection” for an assistant professor position at IRIF in Paris.

Hugo Herbelin has been member of the “Comité de Sélection” for a starting researcher position at Inria Saclay.

Pierre-Louis Curien is a member of the Scientific Committee of the CIRM (since June 2013).

Pierre-Louis Curien, Hugo Herbelin and Yves Guiraud are members of the scientific council of the Computer Science deparment of University Paris 7.

Yves Guiraud is the head of the Preuves, Programmes and Systèmes (PPS) team of the IRIF laboratory (since April 2016), and a member of the IRIF council (since January 2016).

Étienne Miquey gave a talk on a computational reduction of dependent choice in classical logic to system F at TYPES'16 (Novi Sad, Serbia, May 2016).

Étienne Miquey gave a talk on realizability games for the specification problem during the workshop Realizability in Uruguay 2016 (Piriápolis, Uruguay, July 2016).

Cyrille Chenavier gave a talk at the workshop IWC, Obergurgl, Austria (September 2016).

Cyrille Chenavier, Maxime Lucas and Jovana Obradović gave talks at the workshop Categories, Homotopy and Rewriting (Toulouse, January) and at the workshop HDRA (Porto, June).

Jovana Obradović presented her works on cyclic operads at the Types Conference 2016 (Novi Sad, Serbia, May 2016) and at the Conference Logic and Applications 2016 (Dubrovnik, Croatia, September).

Hugo Herbelin gave a talk on proving Gödel's completeness theorem with side-effects at the Mathematics for Computation workshop in Niederalteich, Germany, May 2016.

Pierre-Louis Curien gave a talk at the Séminaire de Topologie of the University of Angers on the semantics of dependent types (January).

Yves Guiraud gave a talk in the Séminaire de Combinatoire of the University Paris 7 on an introduction to Squier's theory (November).

Hugo Herbelin gave a talk on a proof-as-program interpretation of the classical axiom of dependent choice at the Séminaire “Logique et Interactions” of the “Logique de la Programmation” team of the “Institut de Mathématiques de Marseille” (University Aix-Marseille, February).

Yann Régis-Gianas gave a talk about control operators in the history of programming at the Séminaire “Code Sources” organized by Baptiste Mélès.

Yann Régis-Gianas gave a talk about the writing style in programming at the conference “Current issues in the philosophy of practice of mathematics and informatics” (University of Toulouse, April).

Thibaut Girka gave a talk about difference languages at the Gallium seminar (Paris, September 2016) and at the TLP group of the GDR GPL (Saclay, November 2016).

Yann Régis-Gianas gave a talk about difference languages at the LIMA laboratory (Nantes, October 2016) and at the Semantic Working Group of IRIF (Paris, December 2016).

Matthieu Sozeau gave a talk about Equations: a function definition toolbox for Coq at Dagstuhl in March 2016.

Cyrille Chenavier gave a talk about confluence algebras at the Algebra working group of the LMPA, Calais, in February 2016.

Jovana Obradović gave a talk about categorified cyclic operads at the Proof Theory Seminar of the Mathematical Institute of the Serbian Academy of Sciences and Arts (Belgrade, December 2016).

Pierre-Louis Curien attended the conferences Types 2016 in Novi Sad (Serbia, May) and Logic and Applications in Dubrovnik (Croatia, September).

Cyrille Chenavier, Pierre-Louis Curien, Yves Guiraud, Maxime Lucas, Philippe Malbos, Samuel Mimram and Jovana Obradović attended the Category, Homotopy and Rewriting workshop in Toulouse (January 2016).

Cyrille Chenavier, Maxime Lucas, Philippe Malbos and Samuel Mimram attended the HDRA workshop in Lisbon (June 2016).

Hugo Herbelin attended the Days in Logic meeting in Lisbon (Portugal, January), the Mathematics for Computation workshop in Niederalteich (Germany, May), the conferences Types 2016 in Novi Sad (Serbia, May), the Coq coding sprint in Sophia-Antipolis (May-June), the DeepSpec kick-off meeting in Princeton (USA, June), the FSCD conference in Porto (Portugal, June), the Coq workshop and ITP 2016 (Nancy, August), as well as the Dagstuhl seminar on universality of proofs (October).

Jean-Jacques Lévy participated to CPP and POPL 2016 conferences, Saint Petersburgh, USA, January 18-22, and the Robin Milner Award reception, the Royal Society, London, November 24 (X. Leroy (research team Gallium) was awarded).

Matthieu Sozeau attended POPL 2016, ICMS 2016, ITP 2016, the Coq coding sprint, the DeepSpec kick-off meeting in Princeton as well as the Dagstuhl seminar on proofs of functional programs (March).

Théo Zimmermann attended the conference CICM 2016 in Białystok (Poland, July). He gave a talk there to present his PhD subject. He also attended the Coq coding sprint.

This is one of the working groups of PPS, jointly organised by Hugo Herbelin and Matthieu Sozeau.

Several members of the team participate actively in this weekly working group of PPS, organised by François Métayer (IRIF) since 2009.

Master: Pierre-Louis Curien teaches in the course Models of programming languages: domains, categories, games of the MPRI (together with Thomas Ehrhard and Paul-André Melliès).

Master: Hugo Herbelin teaches the course on the proof-as-program correspondence for classical logic and beyond at the LMFI.

Master: Pierre Letouzey teaches two short courses to the LMFI Master 2 students : “Models of programming” and ”Introduction to computed-aided formal proofs”. These two courses come in addition to Pierre Letouzey's regular duty as teacher in the Computer Science department of Paris 7 (including a course on Compilation to M2-Pro students).

Master: Yann Régis-Gianas took part in the MPRI course entitled “Type systems”: he gave a 12-hour course about generalised algebraic data types, higher-order Hoare logic and dependently typed programming.

Master: Matthieu Sozeau taught the MPRI course on Advanced uses of proof assistants (12 hours + a project), together with Assia Mahboubi (Inria SpecFun).

MOOC: In collaboration with Roberto Di Cosmo and Ralf Treinen, Yann Régis-Gianas has created a MOOC about the OCaml programming language. The first edition took place in 2015, the second edition in 2016.

Internship: Yves Guiraud has supervised the M2 internship of Amina Bendjaafar.

Internship: Hugo Herbelin has supervised the L3 internship of Meven Bertrand.

Internship: Hugo Herbelin has supervised the pre-doctoral internship of Théo Zimmermann.

Internship: Yann Régis-Gianas has supervised the M1 internship of Paul Laforgue.

Internship: Yann Régis-Gianas has supervised the M1 internship of Sylvain Ribstein.

PhD (completed): Cyrille Chenavier, supervised by Yves Guiraud and Philippe Malbos, successfully defended in December 2016

PhD in progress: Guillaume Claret, Programmation avec effets en Coq, (started in September 2012), supervised by Hugo Herbelin and Yann Régis-Gianas, defense planned in February 2017.

PhD in progress: Amina Doumane, supervised by Alexis Saurin, David Baelde and Pierre-Louis Curien.

PhD in progress: Thibaut Girka, Differential semantics (started in January 2014), supervised by Roberto Di Cosmo and Yann Régis-Gianas.

PhD in progress: Maxime Lucas, supervised by Yves Guiraud and Pierre-Louis Curien.

Phd in progress: Cyprien Mangin, Dependent Pattern-Matching, induction-induction and higher inductive types, September 2015, supervised by Matthieu Sozeau and Bruno Barras.

PhD in progress: Étienne Miquey, Réalisabilité classique et effets de bords, September 2014, supervised by Hugo Herbelin and Alexandre Miquel.

PhD in progress: Jovana Obradović, Cyclic operads: syntactic, algebraic and categorified aspects, supervised by Pierre-Louis Curien.

PhD stopped: Gabriel Lewertowski, On forcing in type theory, supervised by Matthieu Sozeau and Nicolas Tabareau. Gabriel stopped his PhD in september 2016 and is now working at la Pitié Salpêtrière as an engineer.

PhD starting: Gaëtan Gilbert, Definitional Proof Irrelevance, supervised by Nicolas Tabareau and Matthieu Sozeau.

PhD starting: Théo Zimmermann, supervised by Hugo Herbelin.

Pierre-Louis Curien was referee for the habilitations of Emmanuel Haucourt (Paris 7, September) and Samuel Mimram (Paris 7, September). He was president of the jury of the thesis of Matteo Acclavio (Univ. de la Méditerranée, December).

Pierre-Louis Curien (president), Yves Guiraud and Philippe Malbos were members of the jury of the thesis of Cyrille Chenavier (Univ. Paris 7, December).

Hugo Herbelin was referee for the habilitation of Nicolas Tabareau (Nantes, November). He was a referee of the jury of the thesis of Jirka Maršík (LORIA, December).

Matthieu Sozeau was a member of the jury of the thesis of Kevin Quirin (EMN Nantes, December).

Yann Régis-Gianas is a member of the jury of the competitive examination for the entrance to the Écoles Normales Supérieures and the École Polytechnique.

Yann Régis-Gianas co-organised the “Journée Francilienne de Programmation”, a programming contest between undergraduate students of three universities of Paris (UPD, UPMC, UPS). Yann Régis-Gianas organised, and Étienne Miquey took part in the animation of the (computer science part of the) “Fête de la Science” event at the University Paris 7. Yann Régis-Gianas gave several presentations about “What is programming?” in primary and high schools of Paris and its region.