We have been designing a new functional programming language, MLTS, that uses the $\lambda$-tree syntax approach to encoding bindings that appear within data structures . In this setting, bindings never become free nor escape their scope: instead, binders in data structures are permitted to move into binders within programs phrases. The design of MLTS—whose concrete syntax is based on that of OCaml—includes additional sites within programs that directly support this movement of bindings. Our description of MLTS includes a typing discipline that naturally extends the typing of OCaml programs.

The operational semantics of MLTS is given using natural semantics for evaluation. We shall view such natural semantics as a logical theory with a rich logic that includes both nominal abstraction and the $\nabla$-quantifier: as a result, the natural semantic specification of MLTS can be given a succinct and elegant presentation.

We have developed a number of examples of how this new programming language can be used. Some of the most convincing of these examples are programs that manipuate untyped $\lambda$-terms. A web-based implementation of an MLTS interpreter is available to anyone with a modern web browser: simply visit https://trymlts.github.io/. Small MLTS programs can be composed and executed using that interpreter.

While model checking has often been considered as a practical alternative to building formal proofs, we have argued that the theory of sequent calculus proofs can be used to provide an appealing foundation for model checking . Given that the emphasis of model checking is on establishing the truth of a property in a model, our framework concentrates on additive inference rules since these provide a natural description of truth values via inference rules. Unfortunately, using these rules alone can force the use of inference rules with an infinite number of premises. In order to accommodate more expressive and finitary inference rules, multiplicative rules must be used, but limited to the construction of additive synthetic inference rules: such synthetic rules are described using the proof-theoretic notions of polarization and focused proof systems. This framework provides a natural, proof-theoretic treatment of reachability and non-reachability problems, as well as tabled deduction, bisimulation, and winning strategies. (Q. Heath collaborated on several parts of this research effort.)

We continued our research on combinatorial proofs as a notion of proof identity for classical logic. We managed to extend our results from last year: We show for various syntactic formalisms including sequent calculus, analytic tableaux, and resolution, how they can be translated into combinatorial proofs, and which notion of identity they enforce. This allows the comparison of proofs that are given in different formalisms.

These results have been presented at the MLA workshop ins Kanazawa and the IJCAR conference in Oxford, published in .

In a joint work with Willem Heijltjes (University of Bath) and Dominic Hughes (UC Berkeley) we present canonical proof nets for first-order additive linear logic, the fragment of linear logic with sum, product, and first-order universal and existential quantification. We present two versions of our proof nets. One, witness nets, retains explicit witnessing information to existential quantification. For the other, unification nets, this information is absent but can be reconstructed through unification. Unification nets embody a central contribution of the paper: first-order witness information can be left implicit, and reconstructed as needed. Witness nets are canonical for first-order additive sequent calculus. Unification nets in addition factor out any inessential choice for existential witnesses. Both notions of proof net are defined through coalescence, an additive counterpart to multiplicative contractibility, and for witness nets an additional geometric correctness criterion is provided. Both capture sequent calculus cut-elimination as a one-step global composition operation.

These results are published in and have been presented at the First workshop of the Proof Society in Ghent and at the 3rd FISP workshop in Vienna.

The decision problem for multiplicative exponential linear logic (MELL) is one of the most important open problems in the are of linear logic. in 2015 there has been an attempt by Bimbò to prove the decidability of MELL. However, we have found several mistakes in that work, and the main mistake is so serious that there is no obvious fix, and therefore the decidability of MELL remains to be open. As a side effect, our work contains a complete (syntactic) proof of the decidability of the relevant version of MELL, that is the logic obtained from MELL by replacing the linear logic contraction rule by a general unrestricted version of the contraction rule. These results are presented in .

We worked on the evolution of advanced features of the OCaml programming language, designing static analyses to ensure their safety through a scientific study their metatheory. Specifically, we worked on unboxed type declarations (during an internship by Simon Colin, M1 from École Polytechnique) and recursive value definitions (during an internship by Alban Reynaud, L3 from ENS Lyon). The two internships and followup work each resulted in both a change proposal to the OCaml implementation and a submission to an academic conference.

Thomas Réfis (Jane Street) and Frédéric Bour maintain the Merlin language server of OCaml, a tool that provides language-aware features to text editors. We collaborated with them on dissecting the tool and explaining its design and evolution (); the similarities and differences with usual compiler frontends may inform future language implementation work, and our language-agnostic presentation may be of use to tool designers for other languages and proof assistants.

In a programming system where programs are created in one programming language, we consider the addition of another programming language that interoperates with the first – and the reimplementation of some library/system functions in this new language. This can increase expressivity, but it could also break some assumptions made by programmers. Typically, adding a bridge to C or assembly code can introduce memory-unsafe code in a previously-safe system. In , we formalize a notion of “graceful” interoperability between two languages in this setting, determined by full abstraction, that is, preservation of equational reasoning. We instantiate this general idea by extending ML with an advanced expert language with linear types and linear mutable cells.

The two-level logic approach that underlies the Abella prover is excellent at reasoning about the inductive structure of terms with binding constructs, such as $\lambda$-terms from the $\lambda$-calculus. However, there is no built in support in Abella for reasoning about the inductive structure of (simultaneous) substitutions. This lack of this kind of support is often criticized in the $\lambda$-tree syntax representational style that is used in Abella; indeed, in a number of other systems based on this style, support for reasoning about substitutions is explicitly added into the trusted kernel. In  we show how to formalize substitutions in Abella in a fluent and high level manner, where all the meta-theory can be proven in a straightforward manner. We illustrate its use in giving a clean formulation of fact that the Howe extension of applicative similarity is a pre-congruence, a standard result from the meta-theory of the $\lambda$-calculus that requires sophistication in treating simultaneous substitutions.

Hybrid Linear Logic (HyLL) was proposed by Chaudhuri and Despeyroux in 2010 as a meta-logic for reasoning about constrained transition systems, with applications to a number of domains including formal molecular biology  . This logic is an extension of (intuitionistic) linear logic with hybrid connectives that can reason about monoidal constraint domains such as instants of time or rate functions. Linear logic with subexponential is a different extension of linear logic that has been proposed as a mechanism for capturing certain well known constrained settings such as bigraphs  or concurrent constraint programming  . In a paper accepted to MSCS  we show how to relate these two extensions of linear logic by giving an embedding of HyLL into linear logic with subexponentials. Furthermore, we show that subexponentials are able to give an adequate encoding of CTL$*$, which is beyond the expressive power of HyLL. Thus, subexponentials appear to be the better choice as a foundation for constraints in linear logic.

This work belongs to line of work Cost Models and Abstract Machines for Functional Programs, supported by the ANR project COCA HOLA, and it has been published in the proceedings of the international conference ICTAC 2018.

The Linear Substitution Calculus (LSC) is a refinement of the $\lambda$-calculus that is crucial for the study of cost models for functional programs, as it enables a sharp and yet simple decomposition of the evaluation of $\lambda$-terms, and it is employed in the proof of various results about cost models in the literature.

In this work we show that the LSC is isomorphic to the linear logic representation of the $\lambda$-calculus. More precisely, it is isomorphic to the proof nets presentation of such a fragment of linear logic. Proof nets are a graphical formalism, which—as most graphical formalisms—is handy for intuitions but not prone to formal reasoning. The result is relevant because it allows to manipulate formally a graphical formalism (proof nets) by means of an ordinary term syntax (the LSC).

This joint work with Delia Kesner (Paris Diderot University) belongs to line of work Cost Models and Abstract Machines for Functional Programs, supported by the ANR project COCA HOLA, and it has been published in the proceedings of the international conference ICFP 2018.

Intersection types are a classic tool in the study of the $\lambda$-calculus. They are known to characterise various termination properties.

It is also well-known that multi types, a variant of intersection types strongly related to linear logic, also characterise termination properties. Typing derivation of multi types, moreover, provide quantitative information such as the number of evaluation step and the size of the results, as first shown by de Carvalho.

In this work we provide some new results on this line of work, notably we provide the first quantitative study via multi types of the leftmost and linear head evaluation strategies. Moreover, we show that our approach covers also the other cases in the literature.

This joint work with Giulio Guerrieri (Bologna University) belongs to line of work Cost Models and Abstract Machines for Functional Programs, supported by the ANR project COCA HOLA, and it has been published in the proceedings of the international conference APLAS 2018.

The theory of the call-by-value $\lambda$-calculus has mostly been developed for closed programs, that is, programs without free variables. In the last few years, the authors dedicated considerable efforts to extend it to open terms, that is the case relevant for the implementation of proof assistants. The simplest presentation of the call-by-value $\lambda$-calculus for open terms is the fireball calculus.

In this work we extend the quantitative study via multi types mentioned in Tight Typings and Split Bounds to the fireball calculus.

Provability in intuitionistic propositional logic is decidable and, as revealed by the works of, e.g., Vorobev  , Hudelmaier  and Dyckhoff  , proof theory can provide natural decision procedures, which have been implemented in various software. More precisely, a decision procedure is obtained by performing direct root-first proof-search in (different variants of) a sequent calculus system called LJT (aka G4ip); termination is ensured by a property of the sequent calculus called depth-boundedness.

Independently from this, Claessen and Rosen  recently proposed a decision procedure for the same logic, based on a methodology used in the field of Satisfiability-Modulo-Theories (SMT). Their implementation clearly outperforms the sequent-calculus-based implementations.

In 2018 we managed to establish of formal connection between the G4ip sequent calculus and the algorithm from  , revealing the features that they share and the features that distinguish them. This connection is interesting because it gives a proof-theoretical light on SMT-solving techniques, and it opens the door to the design of an intuitionistic version of the CDCL algorithm used in SAT-solvers, which decides provability in classical logic.

In this work we study the computational meaning of the inference rules that are admissible, but not derivable, in intuitionistic logic .

An inference rule is admissible for a logic if whenever its antecedent is derivable, its conclusion was already derivable without the rule. In classical logic, whenever this is the case, then also the implication between antecedent and conclusion is derivable. The notion of an admissible rule is therefore internalized in the logic.

This is not the case for intuitionistic logic, and some rules that are admissible are not derivable: therefore they need reasoning outside the usual intuitionistic logic in order to be reduced to purely intuitionistic derivation.

In this work we propose a proof system with term annotations and reduction rules to give a computational meaning to these reductions.