The project-team investigates the design of logical frameworks, in order to ensure interoperability between proof systems, and to the development of system-independent proof libraries. To achieve these goals, we develop
The idea that systems such as Euclidean geometry or set theory should be expressed, not as independent systems, but in a logical framework appeared with the design of the first logical framework: predicate logic, in 1928. Later, several more powerful logical frameworks have been designed:
The logical framework that we use is a simple Dedukti.
The first version of Dedukti was developed in 2011 by Mathieu Boespflug 30. From 2012 to 2015, new versions of Dedukti were developed and several theories were expressed in Dedukti, allowing to import proofs developed in Matita (with the tool Krajono), HOL Light (with the tool Holide), FoCaLiZe (with the tool Focalide), iProver, and Zenon, totalizing several hundred of megabytes of proofs.
From 2015 to 2018, we focused on the translation of proofs from one Dedukti theory to another and to the exporting of proofs to other proof systems. In particular the Matita arithmetic library has been translated to a much weaker theory: constructive simple type theory, allowing to export it to Coq, Lean, PVS, HOL Light, and Isabelle/HOL. This led us to develop, in 2018, an online proof encyclopedia Logipedia, allowing to share and browse this library. We also focused on the development of new theories in Dedukti, and on an interactive theorem prover on top of Dedukti.
A thesis, which is at the root of our research effort, is that
logical systems should be expressed as theories in a logical framework. As a consequence, proof-checking systems should not be focused on one theory, such as Simple type theory, Martin-Löf's type theory, or the Calculus of constructions, but should be theory independent.
On the more theoretical side, the proof search algorithms, or the algorithmic interpretation of proofs should not depend on the theory in which proofs are expressed, but this theory should just be a parameter. This is for instance expressed in the title of our
invited talk at ICALP 2012: A theory independent Curry-De
Bruijn-Howard correspondence31.
Various limits of Predicate logic have led to the development of various families of logical frameworks:
The Dedukti and that is a synthesis of the Edinburgh logical framework and of Deduction modulo theory, subsumes them all.
Part of our research effort is focused on improving the
Using a single prover to check proofs coming from different systems naturally leads to investigate how these proofs can be translated from one theory to another and used in a system different from the system in which they have been developed. This issue is of prime importance because developments in proof systems are getting bigger and, unlike other communities in computer science, the proof checking community has given little effort in the direction of standardization and interoperability.
For each proof, independently of the system in which it has been
developed, we should be able to identify the systems in which it can
be expressed. For instance, we have shown that many proofs developed
in the Matita prover did not use the full strength of the logic
of Matita and could be exported, for instance, to the systems of
the HOL family, that are based on a weaker logic.
Rather than importing proofs from one system, transforming them, and exporting them to another system, we can use the same tools to develop system-independent proof encyclopedia called Logipedia. In such a library, each proof is labeled with the theories in which it can be expressed and so with the systems in which it can be used.
System independent proofs translated from the libraries of formal proof assistants are stored and classified into Nubo, a repository for interoperable formal proofs. Nubo allows to archive formal developments translated into Dedukti and ensure they are correct, so that translated libraries may be available anytime, and correct.
If our main goal with Dedukti is to import, transform, and export
proofs developed in other systems, we also want to investigate how Dedukti can be used as the basis of an interactive theorem prover. This leads to two new scientific questions: first, how much can a tactic system be theory independent, and then how does rewriting extends the possibility to write tactics.
This has led to the development of a new version of Dedukti, which supports metavariables. Several tactics have been developed for this system, which are intended to help a human user to write proofs in our system instead of writing proof terms by hand.
This work is a continuation of the previous work the team did on Demon, which was an extension of Dedukti, whereas the support for interactive theorem proving is now native in Dedukti.
Interoperability between interactive and automatic theorem provers can be fruitful to both systems: results coming from automatic solvers can be checked by a third-party software with an identified kernel, and interactive provers can benefit from more automation. We are pushing towards this last application by extending the SMTCoq plugin for the Coq proof assistant with new logical transformations that encode Coq goals into first-order logic, which is the input logic of the class of automatic provers called SMT solvers.
Our main impact applications, for instance to proofs of programs, or to air traffic control, are through our cooperation with other teams.
As a matter of fact, we view our work on interoperability and on the design of a formal proof encyclopedia as a service to the formal proof community.
Dedukti is a proof-checker for the LambdaPi-calculus modulo. As it can be parametrized by an arbitrary set of rewrite rules, defining an equivalence relation, this calculus can express many different theories. Dedukti has been created for this purpose: to allow the interoperability of different theories.
Dedukti's core is based on the standard algorithm for type-checking semi-full pure type systems and implements a state-of-the-art reduction machine inspired from Matita's and modified to deal with rewrite rules.
Dedukti's input language features term declarations and definitions (opaque or not) and rewrite rule definitions. A basic module system allows the user to organize his project in different files and compile them separately.
Dedukti features matching modulo beta for a large class of patterns called Miller's patterns, allowing for more rewriting rules to be implemented in Dedukti.
Logipedia is composed of two distinct parts: 1) A back-end that translates proofs expressed in a theory encoded in Dedukti to other systems such as Coq, Lean or HOL 2) A front-end that prints these proofs in a "nice way" via a website. Using the website, the user can search for a definition or a theorem then, download the whole proof into the wanted system.
Currently, the available systems are: Coq, Matita, Lean, PVS and OpenTheory. The proofs comes from a logic called STTForall.
In the long run, more systems and more logic should be added.
A termination-checker for higher-order rewriting with dependent types.
Took part in the Termination Competition 2018 ( http://
Diego Diverio (engineer SED), François Lefoulon (intern) and Ashish Kumar Barnawal (intern) developed the Emacs and VSCode interfaces of Dedukti v3 aka Lambdapi.
In her internship with Frédéric Blanqui and Catherine Dubois, Amélie Ledein added in Lambdapi, a tool for generating induction principles for first-order mutual data types.
Gabriel Hondet and Frédéric Blanqui published in 17 a description of the new rewriting engine of Lambdapi. Dedukti is a type-checker for the λΠ-calculus modulo rewriting, an extension of Edinburgh’s logical framework LF where functions and type symbols can be defined by rewrite rules. It therefore contains an engine for rewriting LF terms and types according to the rewrite rules given by the user. A key component of this engine is the matching algorithm to find which rules can be fired. In this paper, we describe the class of rewrite rules supported by Dedukti and the new implementation of the matching algorithm. Dedukti supports non-linear rewrite rules on terms with binders using higher-order pattern-matching as in Combinatory Reduction Systems (CRS). The new matching algorithm extends the technique of decision trees introduced by Luc Maranget in the OCaml compiler to this more general context.
During his postdoc, Rehan Malak extended Lambdapi so that the interactive proof mode can also be used for defining types and definitions.
During his postdoc, Michael Färber developed a small multi-threaded type-checker for Dedukti files 24. The lambda-Pi calculus modulo rewriting is a framework to uniformly express a multitude of logical systems. The reference proof checker for this calculus, Dedukti, has a relatively large kernel, making its correctness difficult to verify. This work deals with the question how small one can make a kernel that is sufficiently powerful to verify most Dedukti theories, such as those generated from proof assistants such as Isabelle or automated theorem provers such as iProver Modulo. The result of this work is a new proof checker called Kontroli, implementing a kernel that is more than five times smaller than Dedukti’s. Furthermore, unlike Dedukti, Kontroli allows for concurrent checking of theorems independently of the theory structure. Despite its small size, Kontroli is faster than Dedukti on all of five evaluated datasets obtained from automated and interactive theorem provers.
Frédéric Blanqui published in 15 a new criterion for checking the type safety of rewriting rules in the λΠ-calculus modulo rewriting. The expressiveness of dependent type theory can be extended by identifying types modulo some additional computation rules. But, for preserving the decidability of type-checking or the logical consistency of the system, one must make sure that those user-defined rewriting rules preserve typing. In this paper, he gives a new method to check that property using Knuth-Bendix completion.
Gaspard Férey has proposed, in his doctoral thesis prepared under the supervision of Gilles Dowek and Jean-Pierre Jouannaud, new confluence results for untyped higher-order rewrite systems including functional reductions, both left-linear ones and non-left-linear ones. These results have been presented at various specialized workshops and are now under evaluation by journals 252623.
Guillaume Genestier defended his PhD thesis on dependently-typed termination and embedding of extensional universe-polymorphic type theory using rewriting. Dedukti is a logical framework in which the user encodes the theory she wants to use via rewriting rules. To ensure the decidability of typing, the rewriting system must be terminating. After recalling some properties of pure type systems and their extension with rewriting, a termination criterion for higher-order rewriting with dependent types is presented. It is an extension of the dependency pairs to the λΠ-calculus modulo rewriting. This result features two main theorems. The first one states that the well-foundedness of the call relation defined from dependency pairs implies the strong normalization of the rewriting system. The second result of this part describes decidable sufficient conditions to use the first one. This decidable version of the termination criterion is implemented in “SizeChange Tool”. The second part of this thesis is dedicated to the use of the logical framework Dedukti to encode a rich type theory. We are interested in a fragment of the logic beyond Agda which includes two widely used features: extension of conversion with the eta rule and universe polymorphism. Once again, this work includes a theoretical part, with correct encodings of both features in the lambda-pi-calculus modulo rewriting, and a prototypical translator from Agda to Dedukti.
During his internship supervised by Bruno Barras and Valentin Blot, Valentin Maestracci has developed a Dedukti theory to encode Two-Layer Type Theories. He also extended this theory with a significant subset of the primitives of Cubical Type Theories 14
Bruno Barras and Rehan Malak have developed a library of semi-simplicial sets in Dedukti. As an application, they built a formal model of Girard's system F in semi-simplicial sets. This works has been accepted for a presentation at the conference TYPES 2020.
During his internship supervised by Bruno Barras, Nathan Guermond has studied encodings of set theories inside type theory, following the work of Aczel. He has shown that a weaker form of replacement (called functional replacement) can be derived in Zermelo set theory. This is an important step towards the formulation of a constructive set theory, encoded in type theory, and in which type theory can be encoded.
During his post-doc, Étienne Miquey worked with Valentin Blot on a new computational interpretation of the axiom of countable choice in a classical setting. This interpretation uses memoization, a technique developed by Étienne in his previous works, as well as bar induction principles 16.
Étienne Miquey, Valentin Blot and Alexandre Miquel supervised the internship of Simon Mirwasser. During this internship, Simon studied several variants of morphisms in the context of implicative algebras, a categorical model of Krivine's classical realizability developed by Alexandre Miquel.
Frédéric Blanqui and Gabriel Hondet submitted a paper on the encoding in the λΠ-calculus modulo rewriting of predicate subtyping and proof irrelevance as used in proof assistants like PVS. The λΠ-calculus modulo theory is a logical framework in which various logics and type systems can be encoded, thus helping the cross-verification and interoperability of proof systems based on those logics and type systems. In this paper, they show how to encode predicate subtyping and proof irrelevance, two important features of the PVS proof assistant. They prove that this encoding is correct and that encoded proofs can be mechanically checked by Dedukti. The paper is available on https://
Frédéric Blanqui, Gilles Dowek, Emilie Grienenberger, Gabriel Hondet and François Thiré worked on a new set of axioms for mathematics. They developed a theory in the λΠ-calculus modulo theory, the theory U, where all the proofs of Minimal predicate logic, Constructive predicate logic, Ecumenical predicate logic, Minimal simple type theory, Constructive simple type theory, Ecumenical simple type theory, Simple type theory with predicate subtyping, the Calculus of constructions, Simple type theory with prenex predicative polymorphism, and the Calculus of constructions with prenex predicative polymorphism can be expressed. The proofs in the theory U, can be classified into proofs in Minimal predicate logic, Constructive predicate logic, etc. just by identifying the axioms they use. We identify sub-theories of U that correspond to each of these theories, and we prove that when a proof in U uses only symbols of a sub-theory, then it is a proof in that sub-theory.
Gaspard Férey has proposed, in his doctoral thesis prepared under the supervision of Gilles Dowek and Jean-Pierre Jouannaud, a new formalization, in the λΠ-calculus modulo theory, of the Calculus of constructions with universe polymorphism.
François Thiré has defended his doctoral thesis prepared under the supervision of Gilles Dowek and Stéphane Graham-Lengrand, presenting a methodology to translate proofs from one theory to another within Dedukti. He has applied this methodology to the translation of a library of arithmetic results originally developed in the Calculus of constructions with inductive types and universes to a much weaker theory : Simple type theory with prenex object level polymorphism. This has permitted to export this proof to several systems including HOL Light, Isabelle / HOL, HOL 4, Coq, Lean, PVS and, of course, Matita.
Guillaume Genestier has published in http://
During his internship supervised by Frédéric Blanqui and Guillaume Genestier, Tristan Delort studied how to translate proofs in the STTfa logic to Agda 29.
Émilie Grienenberger has developed a new presentation of Ecumenical logic, that has permitted to develop a first version of Ecumenical simple type theory and to express it is Dedukti.
In a new contract with the society Nomadic Labs, Valentin Blot, Louise Dubois de Prisque and Pierre Vial started to design and implement automatic tactics for the Coq proof assistant based on external automatic solvers. The idea is to provide independent logical transformations that encode various aspects of Coq logic into first-order logic. Together, they will allow users to automatically encode some Coq goals into the input logic of SMT solvers, then rely on the SMTCoq project to discharge them.
Valentin Blot and Boris Djalal are working on the engineering part of this project, and started to design continuous integration for it and for the SMTCoq plugin.
This work is done in collaboration with Chantal Keller (Université Paris-Saclay).
Renaud Vilmart arrived late in 2020 (in November). He worked with former LRI collaborators on a kind of geometry of interaction for a graphical language for quantum computing called ZX-Calculus. He also works more generally on the development of this graphical language.
Valentin Blot obtained with Chantal Keller funding for a 4-year project involving a PhD student, a research engineer (2 years) and a post-doctoral researcher (2 years). This funding is part of the Inria - Nomadic labs partnership for Tezos blockchain.
The ANR PROGRAMme is an ANR for junior researcher Liesbeth Demol (CNRS, UMR 8163 STL, University Lille 3) to which G. Dowek participates. The subject is: “What is a program? Historical and Philosophical perspectives”. This project aims at developing the first coherent analysis and pluralistic understanding of “program” and its implications to theory and practice.
Frédéric Blanqui is Workshop Chair of the ACM/IEEE Symposium on Logic in Computer Science (LICS). He also has been member of the panel of the 9th Confluence Competition (CoCo'20).
Pablo Arrighi organized the conferences QPL 2020 and MFPS 2020.
Gilles Dowek has been member of the program committees of AUTOMATA, TYPES and IJCAR conferences.
Frédéric Blanqui has been member of the program committees of the 17th International Colloquium on Theoretical Aspects of Computing (ICTAC'20), the 13th Conference on Intelligent Computer Mathematics (CICM'20), the 15th International Workshop on Logical Frameworks and Meta Languages: Theory and Practice (LFMTP'20), the 23rd International Conference on Foundations of Software Science and Computation Structures (FoSSaCS'20).
Frédéric Blanqui has been reviewer for the TYPES 2019 conference (abstract and post-proceedings).
Bruno Barras has been a reviewer for the POPL 2021 conference.
Frédéric Blanqui has been invited to give a talk at the 9th International Workshop on Confluence (IWC'20).
Pablo Arrighi has given an invited talk at the 9th international conference on quantum walks and quantum simulation (QWQS'20).
Frédéric Blanqui is member of the steering committees of ACM/IEEE Symposium on Logic in Computer Science (LICS), and of the TYPES conference.
Gilles Dowek is a member of the scientific committee of “Société informatique de France”, “Main à la pâte”,“Comité national pilote d'éthique du numérique”, IRT SystemX, IHEST and member of “Comité national français d'histoire et de philosophie des sciences et des techniques”.