The research conducted in

Since 2012, the team has also extended its scope to the study of the homotopy of rewriting systems, which shares foundational tools with recent advanced works on the semantics of type theories.

Proof theory is the branch of logic devoted to the study of the structure of proofs. An essential contributor to this field is Gentsen 62 who developed in 1935 two logical formalisms that are now central to the study of proofs. These are the so-called “natural deduction”, a syntax that is particularly well-suited to simulate the intuitive notion of reasoning, and the so-called “sequent calculus”, a syntax with deep geometric properties that is particularly well-suited for proof automation.

Proof theory gained a remarkable importance in computer science when it
became clear, after genuine observations first by Curry in
1958 55, then by Howard and de Bruijn at the end of the
60's 74, 98, that proofs had the very same
structure as programs: for instance, natural deduction proofs can be
identified as typed programs of the ideal programming language known
as

This proofs-as-programs correspondence has been the starting point to a large spectrum of researches and results contributing to deeply connect logic and computer science. In particular, it is from this line of work that Coquand and Huet's Calculus of Constructions 54, 52 stemmed out – a formalism that is both a logic and a programming language and that is at the source of the Coq system 95.

The

To explain the Curry-Howard correspondence, it is important to
distinguish between intuitionistic and classical logic: following
Brouwer at the beginning of the 20th century,
classical logic is a logic that accepts the use of reasoning by
contradiction while intuitionistic logic proscribes it. Then,
Howard's observation is that the proofs of the intuitionistic natural
deduction formalism exactly coincide with
programs in the (simply typed)

A major achievement has been accomplished by Martin-Löf who designed in 1971 a formalism, referred to as modern type theory, that was both a logical system and a (typed) programming language 85.

In 1985, Coquand and Huet 54, 52 in the Formel
team of INRIA-Rocquencourt explored an alternative approach
based on Girard-Reynolds' system

The first public release of CoC dates back to 1989. The same project-team developed the programming language Caml (nowadays called OCaml and coordinated by the Gallium team) that provided the expressive and powerful concept of algebraic data types (a paragon of it being the type of lists). In CoC, it was possible to simulate algebraic data types, but only through a not-so-natural not-so-convenient encoding.

In 1989, Coquand and Paulin 53 designed an extension of the Calculus of Constructions with a generalisation of algebraic types called inductive types, leading to the Calculus of Inductive Constructions (CIC) that started to serve as a new foundation for the Coq system. This new system, which got its current definitive name Coq, was released in 1991.

In practice, the Calculus of Inductive Constructions derives its strength from being both a logic powerful enough to formalise all common mathematics (as set theory is) and an expressive richly-typed functional programming language (like ML but with a richer type system, no effects and no non-terminating functions).

During 1984-2012 period, about 40 persons have contributed to the development of Coq, out of which 7 persons have contributed to bring the system to the place it was six years ago. First Thierry Coquand through his foundational theoretical ideas, then Gérard Huet who developed the first prototypes with Thierry Coquand and who headed the Coq group until 1998, then Christine Paulin who was the main actor of the system based on the CIC and who headed the development group from 1998 to 2006. On the programming side, important steps were made by Chet Murthy who raised Coq from the prototypical state to a reasonably scalable system, Jean-Christophe Filliâtre who turned to concrete the concept of a small trustful certification kernel on which an arbitrary large system can be set up, Bruno Barras and Hugo Herbelin who, among other extensions, reorganised Coq on a new smoother and more uniform basis able to support a new round of extensions for the next decade.

The development started from the Formel team at Rocquencourt but, after Christine Paulin got a position in Lyon, it spread to École Normale Supérieure de Lyon. Then, the task force there globally moved to the University of Orsay when Christine Paulin got a new position there. On the Rocquencourt side, the part of Formel involved in ML moved to the Cristal team (now Gallium) and Formel got renamed into Coq. Gérard Huet left the team and Christine Paulin started to head a Coq team bilocalised at Rocquencourt and Orsay. Gilles Dowek became the head of the team which was renamed into LogiCal. Following Gilles Dowek who got a position at École Polytechnique, LogiCal moved to the new INRIA Saclay research center. It then split again, giving birth to ProVal. At the same time, the Marelle team (formerly Lemme, formerly Croap) which has been a long partner of the Formel team, invested more and more energy in the formalisation of mathematics in Coq, while contributing importantly to the development of Coq, in particular for what regards user interfaces.

After various other spreadings resulting from where the wind pushed former PhD students, the development of Coq got multi-site with the development now realised mainly by employees of INRIA, the CNAM, and Paris Diderot.

In the last seven years, Hugo Herbelin and Matthieu Sozeau coordinated the development of the system, the official coordinator hat passed from Hugo to Matthieu in August 2016. The ecosystem and development model changed greatly during this period, with a move towards an entirely distributed development model, integrating contributions from all over the world. While the system had always been open-source, its development team was relatively small, well-knit and gathered regularly at Coq working groups, and many developments on Coq were still discussed only by the few interested experts.

The last years saw a big increase in opening the development to external scrutiny and contributions. This was supported by the “core” team which started moving development to the open GitHub platform (including since 2017 its bug-tracker 97 and wiki), made its development process public, starting to use public pull requests to track the work of developers, organising yearly hackatons/coding-sprints for the dissemination of expertise and developers & users meetings like the Coq Workshop and CoqPL, and, perhaps more anecdotally, retransmitting Coq working groups on a public YouTube channel.

This move was also supported by the hiring of Maxime Dénès in 2016 as an INRIA research engineer (in Sophia-Antipolis), and the work of Matej Košík (2-year research engineer). Their work involved making the development process more predictable and streamlined and to provide a higher level of quality to the whole system. In 2018, a second engineer, Vincent Laporte, was hired. Yves Bertot, Maxime Dénès and Vincent Laporte are developing the Coq consortium, which aims to become the incarnation of the global Coq community and to offer support for our users.

Today, the development of Coq involves participants from the INRIA project-teams pi.r2 (Paris), Marelle (Sophia-Antipolis), Toccata (Saclay), Gallinette (Nantes), Gallium (Paris), and Camus (Strasboug), the LIX at École Polytechnique and the CRI Mines-ParisTech. Apart from those, active collaborators include members from MPI-Saarbrucken (D. Dreyer's group), KU Leuven (B. Jacobs group), MIT CSAIL (A. Chlipala's group, which hosted an INRIA/MIT engineer, and N. Zeldovich's group), the Institute for Advanced Study in Princeton (from S. Awodey, T. Coquand and V. Voevodsky's Univalent Foundations program) and Intel (M. Soegtrop). The latest released versions have typically a couple of dozens of contributors (e.g. 40 for 8.8, 54 for 8.9, ...).

On top of the developer community, there is a much wider user community, as Coq is being used in many different fields. The Software Foundations series, authored by academics from the USA, along with the reference Coq'Art book by Bertot and Castéran 42, the more advanced Certified Programming with Dependent Types book by Chlipala 50 and the recent book on the Mathematical Components library by Mahboubi, Tassi et al. provide resources for gradually learning the tool.

In the programming languages community, Coq is being taught in two summer schools, OPLSS and the DeepSpec summer school. For more mathematically inclined users, there are regular Winter Schools in Nice and in 2017 there was a school on the use of the Univalent Foundations library in Birmingham.

Since 2016, Coq also provides a central repository for Coq packages,
the Coq opam archive, relying on the OCaml opam package manager and including
around 250 packages contributed by users. It would be too long
to make a detailed list of the uses of Coq in the wild. We only highlight
four research projects relying heavily on Coq. The Mathematical Components library has its origins in the formal
proof of the Four Colour Theorem and has grown to cover many areas of mathematics in Coq
using the now integrated (since Coq 8.7) SSReflect proof language.
The DeepSpec project is an NSF Expedition project led by
A. Appel whose aim is full-stack verification
of a software system, from machine-checked proofs of circuits to an operating system to a
web-browser, entirely written in Coq and integrating many large projects into one. The ERC CoqHoTT project led by N. Tabareau
aims to use logical tools to extend the expressive power of Coq, dealing with the univalence axiom and
effects. The ERC RustBelt project led by D. Dreyer concerns the development of rigorous formal foundations for the Rust programming language, using the Iris Higher-Order Concurrent Separation Logic Framework in Coq.

We next briefly describe the main components of Coq.

The architecture adopts the so-called de Bruijn principle: the well-delimited kernel
of Coq ensures the correctness
of the proofs validated by the system. The kernel is rather stable
with modifications tied to the evolution of the underlying Calculus of
Inductive Constructions formalism. The kernel includes an
interpreter of the programs expressible in the CIC and this
interpreter exists in two flavours: a customisable lazy evaluation
machine written in OCaml and a call-by-value bytecode interpreter
written in C dedicated to efficient computations. The kernel also
provides a module system.

The concrete user language of Coq, called Gallina, is a
high-level language built on top of the CIC. It includes a type
inference algorithm, definitions by complex pattern-matching, implicit
arguments, mathematical notations and various other high-level
language features. This high-level language serves both for the
development of programs and for the formalisation of mathematical
theories. Coq also provides a large set of commands. Gallina and
the commands together forms the Vernacular language of Coq.

The standard library is written in the vernacular language of Coq.
There are libraries for various arithmetical structures and various
implementations of numbers
(Peano numbers, implementation of

The tactics are the methods available to conduct proofs. This includes the basic inference rules of the CIC, various advanced higher level inference rules and all the automation tactics. Regarding automation, there are tactics for solving systems of equations, for simplifying ring or field expressions, for arbitrary proof search, for semi-decidability of first-order logic and so on. There is also a powerful and popular untyped scripting language for combining tactics into more complex tactics.

Note that all tactics of Coq produce proof certificates that are checked by the kernel of Coq. As a consequence, possible bugs in proof methods do not hinder the confidence in the correctness of the Coq checker. Note also that the CIC being a programming language, tactics can have their core written (and certified) in the own language of Coq if needed.

Extraction is a component of Coq that maps programs (or even computational proofs) of the CIC to functional programs (in OCaml, Scheme or Haskell). Especially, a program certified by Coq can further be extracted to a program of a full-fledged programming language then benefiting of the efficient compilation, linking tools, profiling tools, ... of the target language.

Coq is a feature-rich system and requires extensive training in order to be used proficiently; current documentation includes the reference manual, the reference for the standard library, as well as tutorials, and related tooling [sphinx plugins, coqdoc]. The jsCoq tool allows writing interactive web pages were Coq programs can be embedded and executed.

Coq is used in large-scale proof developments, and provides users miscellaneous tooling to help with them: the coq_makefile and Dune build systems help with incremental proof-checking; the Coq OPAM repository contains a package index for most Coq developments; the CoqIDE, ProofGeneral, jsCoq, and VSCoq user interfaces are environments for proof writing; and the Coq's API does allow users to extend the system in many important ways. Among the current extensions we have QuickChik, a tool for property-based testing; STMCoq and CoqHammer integrating Coq with automated solvers; ParamCoq, providing automatic derivation of parametricity principles; MetaCoq for metaprogramming; Equations for dependently-typed programming; SerAPI, for data-centric applications; etc... This also includes the main open Coq repository living at Github.

Dependently typed programming (shortly DTP) is an emerging concept
referring to the diffuse and broadening tendency to develop
programming languages with type systems able to express program
properties finer than the usual information of simply belonging to
specific data-types. The type systems of dependently-typed programming
languages allow to express properties dependent of the input and
the output of the program (for instance
that a sorting program returns a list of same size as its
argument). Typical examples of such languages were the Cayenne
language, developed in the late 90's at Chalmers University in Sweden
and the DML language developed at Boston. Since then, various new
tools have been proposed, either as typed programming languages whose
types embed equalities (

DTP contributes to a general movement leading to the fusion between logic and programming. Coq, whose language is both a logic and a programming language which moreover can be extracted to pure ML code plays a role in this movement and some frameworks combining logic and programming have been proposed on top of Coq (Concoqtion at Rice and Colorado, Ynot at Harvard, Why in the ProVal team at INRIA, Iris at MPI-Saarbrucken). It also connects to Hoare logic, providing frameworks where pre- and post-conditions of programs are tied with the programs.

DTP approached from the programming language side generally benefits of a full-fledged language (e.g. supporting effects) with efficient compilation. DTP approached from the logic side generally benefits of an expressive specification logic and of proof methods so as to certify the specifications. The weakness of the approach from logic however is generally the weak support for effects or partial functions.

In between the decidable type systems of conventional data-types based
programming languages and the full expressiveness of logically
undecidable formulae, an active field of research explores a spectrum
of decidable or semi-decidable type systems for possible use in
dependently typed programming languages. At the beginning of the spectrum,
this includes, for instance, the system F's extension ML

For two decades, the Curry-Howard correspondence has been limited to the intuitionistic case but since 1990, an important stimulus spurred on the community following Griffin's discovery that this correspondence was extensible to classical logic. The community then started to investigate unexplored potential connections between computer science and logic. One of these fields is the computational understanding of Gentzen's sequent calculus while another one is the computational content of the axiom of choice.

Indeed, a significant extension of the Curry-Howard correspondence has been
obtained at the beginning of the 90's thanks to the seminal
observation by Griffin 64 that some operators known as
control operators were typable by the principle of double negation
elimination (

Control operators are used to jump from one location of a
program to another. They were first considered in the 60's by
Landin 81 and Reynolds 90 and started to
be studied in an abstract way in the 80's by Felleisen et
al 59, leading to Parigot's

The Curry-Howard interpretation of sequent calculus started to be
investigated at the beginning of the 90's. The main technicality of
sequent calculus is the presence of left introduction inference
rules, for which two kinds of interpretations are
applicable. The first approach interprets left introduction rules as
construction rules for a language of patterns but it does not really
address the problem of the interpretation of the implication
connective. The second approach, started in 1994, interprets left
introduction rules as evaluation context formation rules. This line of
work led in 2000 to the design by Hugo Herbelin and
Pierre-Louis Curien of a symmetric calculus exhibiting deep dualities
between the notion of programs and evaluation contexts and between the
standard notions of call-by-name and call-by-value evaluation semantics.

Abstract machines came as an intermediate evaluation device, between
high-level programming languages and the computer microprocessor. The
typical reference for call-by-value evaluation of

Delimited control extends the expressiveness of control operators with
effects: the fundamental result here is a completeness result by
Filinski 60: any side-effect expressible in monadic
style (and this covers references, exceptions, states, dynamic
bindings, ...) can be simulated in

Like ordinary categories, higher-dimensional categorical structures originate in algebraic topology. Indeed, fundamental $\infty $-groupoid

In the last decades, the importance of higher-dimensional categories has grown fast, mainly with the new trend of categorification that currently touches algebra and the surrounding fields of mathematics. Categorification is an informal process that consists in the study of higher-dimensional versions of known algebraic objects (such as higher Lie algebras in mathematical physics 39) and/or of “weakened” versions of those objects, where equations hold only up to suitable equivalences (such as weak actions of monoids and groups in representation theory 58).

The categorification process has also reached logic, with the introduction of homotopy type theory. After a preliminary result that had identified categorical structures in type theory 73, it has been observed recently that the so-called “identity types” are naturally equiped with a structure of

Higher-dimensional categories are algebraic structures that contain, in essence, computational aspects. This has been recognised by Street 94, and independently by Burroni 47, when they have introduced the concept of computad or polygraph as combinatorial descriptions of higher categories. Those are directed presentations of higher-dimensional categories, generalising word and term rewriting systems.

In the recent years, the algebraic structure of polygraph has led to a new theory of rewriting, called higher-dimensional rewriting, as a unifying point of view for usual rewriting paradigms, namely abstract, word and term rewriting 80, 84, 69, 70, and beyond: Petri nets 72 and formal proofs of classical and linear logic have been expressed in this framework 71. Higher-dimensional rewriting has developed its own methods to analyse computational properties of polygraphs, using in particular algebraic tools such as derivations to prove termination, which in turn led to new tools for complexity analysis 44.

The homotopical properties of higher categories, as studied in mathematics, are in fact deeply related to the computational properties of their polygraphic presentations. This connection has its roots in a tradition of using rewriting-like methods in algebra, and more specifically in the works of Anick 36 and Squier 93, 92: Squier has proved that, if a monoid finite, terminating and confluent rewriting system, then its third integral homology group finite derivation type (a property of homotopical nature). This allowed him to conclude that finite convergent rewriting systems were not a universal solution to decide the word problem of finitely generated monoids. Since then, Yves Guiraud and Philippe Malbos have shown that this connection was part of a deeper unified theory when formulated in the higher-dimensional setting 11, 12, 67, 68, 66.

In particular, the computational content of Squier's proof has led to a constructive methodology to produce, from a convergent presentation, coherent presentations and polygraphic resolutions of algebraic structures, such as monoids 11 and algebras 10. A coherent presentation of a monoid

The application domains of the team researchers range from the formalization of mathematical theories and computational systems using the Coq proof assistant to the design of programming languages with rich type systems and the design and analysis of certified program transformations.

The environmental impact of the team is mainly two sorts:

Members of the team are committed to decreasing the environmental impact of our research. In the IRIF lab environment, a working group investigates the footprint of our scientific community and its practices (notably numerous international conferences) and the potential medium and long-term evolution that can be made. Several members of the team and active contributors or interested followers of the WG. As an achievement of this working group, recommendations have been made at the IRIF level to encourage every lab member to travel by train rather than by plane when the travel duration is not significantly longer by train.

Pierre-Louis Curien was the recipient of the Grand Prix Inria - Académie des Sciences 2020. (https://

Some highlights from this release are:

- Introduction of primitive persistent arrays in the core language, implemented using imperative persistent arrays. - Introduction of definitional proof irrelevance for the equality type defined in the SProp sort. - Many improvements to the handling of notations, including number notations, recursive notations and notations with bindings. A new algorithm chooses the most precise notation available to print an expression, which might introduce changes in printing behavior.

See the Zenodo citation for more information on this release: https://zenodo.org/record/4501022#.YB00r5NKjlw

Coq version 8.13 integrates many usability improvements, as well as extensions of the core language. The main changes include: - Introduction of primitive persistent arrays in the core language, implemented using imperative persistent arrays. - Introduction of definitional proof irrelevance for the equality type defined in the SProp sort. - Cumulative record and inductive type declarations can now specify the variance of their universes. - Various bugfixes and uniformization of behavior with respect to the use of implicit arguments and the handling of existential variables in declarations, unification and tactics. - New warning for unused variables in catch-all match branches that match multiple distinct patterns. - New warning for Hint commands outside sections without a locality attribute, whose goal is to eventually remove the fragile default behavior of importing hints only when using Require. The recommended fix is to declare hints as export, instead of the current default global, meaning that they are imported through Require Import only, not Require. See the following rationale and guidelines for details. - General support for boolean attributes. - Many improvements to the handling of notations, including number notations, recursive notations and notations with bindings. A new algorithm chooses the most precise notation available to print an expression, which might introduce changes in printing behavior. - Tactic improvements in lia and its zify preprocessing step, now supporting reasoning on boolean operators such as Z.leb and supporting primitive integers Int63. - Typing flags can now be specified per-constant / inductive. - Improvements to the reference manual including updated syntax descriptions that match Coq's grammar in several chapters, and splitting parts of the tactics chapter to independent sections.

See the changelog for an overview of the new features and changes, along with the full list of contributors. https://coq.github.io/doc/v8.13/refman/changes.html#version-8-13

Equations is a tool designed to help with the definition of programs in the setting of dependent type theory, as implemented in the Coq proof assistant. Equations provides a syntax for defining programs by dependent pattern-matching and well-founded recursion and compiles them down to the core type theory of Coq, using the primitive eliminators for inductive types, accessibility and equality. In addition to the definitions of programs, it also automatically derives useful reasoning principles in the form of propositional equations describing the functions, and an elimination principle for calls to this function. It realizes this using a purely definitional translation of high-level definitions to core terms, without changing the core calculus in any way, or using axioms.

The main features of Equations include:

Dependent pattern-matching in the style of Agda/Epigram, with inaccessible patterns, with and where clauses. The use of the K axiom or a proof of K is configurable, and it is able to solve unification problems without resorting to the K rule if not necessary.

Support for well-founded and mutual recursion using measure/well-foundedness annotations, even on indexed inductive types, using an automatic derivation of the subterm relation for inductive families.

Support for mutual and nested structural recursion using with and where auxilliary definitions, allowing to factor multiple uses of the same nested fixpoint definition. It proves the expected elimination principles for mutual and nested definitions.

Automatic generation of the defining equations as rewrite rules for every definition.

Automatic generation of the unfolding lemma for well-founded definitions (requiring only functional extensionality).

Automatic derivation of the graph of the function and its elimination principle. In case the automation fails to prove these principles, the user is asked to provide a proof.

A new dependent elimination tactic based on the same splitting tree compilation scheme that can advantageously replace dependent destruction and sometimes inversion as well. The as clause of dependent elimination allows to specify exactly the patterns and naming of new variables needed for an elimination.

A set of Derive commands for automatic derivation of constructions from an inductive type: its signature, no-confusion property, well-founded subterm relation and decidable equality proof, if applicable.

Equations is a function definition plugin for Coq (supporting Coq 8.11 to 8.13, with special support for the Coq-HoTT library), that allows the definition of functions by dependent pattern-matching and well-founded, mutual or nested structural recursion and compiles them into core terms. It automatically derives the clauses equations, the graph of the function and its associated elimination principle.

Equations is based on a simplification engine for the dependent equalities appearing in dependent eliminations that is also usable as a separate tactic, providing an axiom-free variant of dependent destruction.

This version of Equations is based on an improved simplification engine for the dependent equalities appearing during dependent eliminations that is also usable as a separate dependent elimination tactic, providing an axiom-free variant of dependent destruction and a more powerful form of inversion.

This is a bugfix release of version 1.2 working with Coq 8.11 to Coq 8.13 See https://mattam82.github.io/Coq-Equations/equations/2019/05/17/1.2.html for the 1.2 release notes. New in this version:

Fixed issue #297: dependent elimination simplification mistreated let-bindings Fixed issue #295: discrepancy between the syntax in the manual and the implementation Ensure that NoConfusion is derived before EqDec as it is necessary to solve the corresponding obligation.

This software is a bot to help and automatize the development of the Coq proof assistant on the GitHub platform. It is written in OCaml and provides numerous features: synchronization between GitHub and GitLab to allow the use of GitLab for automatic testing (continuous integration), management of milestones on issues, management of the backporting process, merging of pull request upon request by maintainers, etc.

Most of the features are used only for the development of Coq, but the synchronization with GitLab feature is also used in dozens of independent projects.

The Julien Coolen's internship final release.

Added

Integrate with Jason Gross' coq-bug-minimizer tool. Merge a branch in the coq repository if some conditions are met, by writing @coqbot: merge now in a comment. Parameterize the bot with a configuration file. Installation as a GitHub App is supported. Report CI status checks with the Checks API when using the GitHub app. Report errors of jobs in allow failure mode when the Checks API is used.

Changed

Refactored the architecture of the application and of the bot-components library Always create a merge commit when pushing to GitLab. More informative bot merge commit title for GitLab CI.

In collaboration with Thomas Letan (ANSSI), Yann Régis-Gianas developed and proved several properties of a simple web server implemented in Coq using FreeSpec, a compositional framework to verify effectful software components in Coq. This work has been presented at CPP 2020 28, 22.

Hugo Herbelin et Étienne Miquey developed a calculus of explicit stores describing the operations and rewriting rules needed to explicitly manage and type extensible environments as part of a syntactic calculus 27. This is similar to calculi with explicit substitutions turning the meta-operation of substitution into a syntactic one, but adding here the possibility to dynamically expand or modify the substitution.

Félix Castro started his PhD under the joint supervision of Hugo Herbelin (INRIA) and Alexandre Miquel (IMERL, Facultad de Ingeniería, Universidad de la República, Uruguay) in September 2019. His PhD work focuses on the computational contents of Gödel's constructible universe, which, in particular, justifies the Axiom of Choice. (Previously, he worked on the formalisation of the ramified analytical hierarchy in classical second-order arithmetic.)

During his first year, he worked on the computational contents of logical translations by relativization (such as the syntactical translation implementing Gödel's constructible universe). His approach aims at establishing that, as the double-negation-translation justifies the addition of continuations in a programming language (representing proofs of an intuitionistic logic via the Curry-Howard correspondence), this kind of logical translation (by relativization) justifies the addition of a "quote" instruction in the programming counter-part of the logical system which is the source of the translation.

Hugo Herbelin developed in collaboration with Nuria Brede (U. Potsdam) a unified approach of the underlying logical structure of choice and bar induction principles 32.

Alexis Saurin worked on proof search in a proof-net scenario, that is proof-net search. A key aspect of proof construction is a management of non-determinism in bottom-up sequent-proof construction, be it when the search succeeds or when facing a failure and the need for backtracking. This is partially dealt with by focussing proof-construction, which reduces drastically the search space while retaining completeness of the resulting proof space (both at the provability level and at the denotational level).

His approach consists in considering the correctness problem of proof-structure for the larger class of para-proof structures (ie proof-structure admitting a generalized axiom deriving any sequent) viewing proof-search and sequentialisation as dual aspects of partial proof structures (that is proof nets with open premisses). Revisiting in particular two related correctness criteria in the framework of para-proof-structures (contractibility and Lafont's parsing criterion), he obtains a proof-construction algorithm in which the proof space is not a search tree, as in sequent-calculus, but a dag allowing to share proof-construction paths, for which proof-construction corresponds to "unparsing". A paper is currently being written.

Emilio Jesús Gallego Arias collaborated with Jim Lipton from Wesleyan
University on the development of algebraic models for proof search in
the context of logic programming. In particular, we have extended the
semantics of 61 to better account for the
recursive definition of relations, using techniques inspired in
step-indexing 43. A key point
of the extension is that the index category does account for
the particular proof search strategy as understood in logic
programming. For example, the category

In collaboration with David Baelde, Amina Doumane and Denis Kuperberg, Alexis Saurin extended the proof theory of infinite and circular proofs for fixed-point logics in various directions by relaxing the validity condition necessary to distinguish sound proofs from invalid ones. The original validity condition considered by Baelde, Doumane and Saurin in CSL 2016 1 rules out lots of proofs which are computationally and semantically sound and does not account for the cut-axiom interaction in sequent proofs. In the setting of sequent calculus, Alexis Saurin studied together with David Baelde, Amina Doumane and Denis Kuperberg a relaxed validity condition to allow infinite branches to be supported by threads which may leave the infinite branch, visiting other parts of the proofs and bounce on axioms and cuts. This allows for a much more flexible criterion, inspired from Girard's geometry of interaction. The most general form of this criterion does not ensure productivity in the sequent calculus due to a discrepancy between the sequential nature of proofs in sequent calculus and the parallel nature of threads. David Baelde, Amina Doumane, Denis Kuperberg and Alexis Saurin provided a slight restriction of the full bouncing validity which grants productivity and validity of the cut-elimination process. This restriction still strictly extends previous notions of validity and is actually expressive enough to be undecidable.

Several directions of research have therefore been investigated from that point:

A pre-publication is available 38.

Abhishek De and Alexis Saurin pursued their investigation of non-wellfounded and circular proofs nets (in the multiplicative setting), building on first results published in 2019 56.
Together with Luc Pellissier (LACL, Université Paris Est-Créteil), they generalized infinets solving some restrictions of the original presentation with respect to the use of the cut-inference.
Considering potentially infinite (non-wellfounded) proof-objects, it is natural to allow for infinitely many cut rules (typically when a cut occurs within a cycle of a regular proof). Their original proposal for non-wellfounded proof-nets only allowed finitely many cuts.
New results show how to integrate infinitely many cuts, while proposing a new presentation of the productive cut-elimination on

In a collaboration with Anupam Das (university of Birmingham), Abhishek De and Alexis Saurin studied regularization of non-wellfounded proofs in the sequent calculus of fixed-point logics, that is determining under which condition the existence of a non-wellfounded proof ensures the existence of a circular proof. After studying the setting of classical

This collaboration started in the spring 2020, during the Covid crisis and a planned visit of De to Birmingham had to be postponed till now. It is expected to occur in 2021.

Farzad Jafar-Rahmani started his PhD under the supervision of Thomas Ehrhard and Alexis Saurin in October 2019. His PhD work will focus on the denotational semantics of finitary and circular proofs of linear logic with fixed points.

Together with Ehrhard, he developed a categorical semantics of

The three of them are currently working on the interpretation of circular proofs and of the denotational counterpart of the validity condition of circular proofs. Moreover, they developed a system L for a polarized calculus and its categorical semantics.

Kostia Chardonnet started his PhD under the supervision of Alexis Saurin and Benoît Valiron in November 2019.
Chardonnet's PhD research focuses on extending quantum programming languages with inductive and coinductive types, under the hypothesis of quantum control (as in QML 35 compared to classical control).
Chardonnet, Saurin and Valiron published a first work 26 presenting a language of type isomorphisms with inductive and coinductive types and understanding the connections of those reversible programs with

In a collaboration with Valiron and Vilmart, Chardonnet investigated an asynchronous model of Geometry of Interaction for the pure ZX-Calculus, a graphical language for quantum computation, and its extension to ground-processes. This GoI semantics takes the form of a Token Machine. They showed how to connect this new semantics to the usual standard interpretation of the ZX-diagrams.

Colin Gonzalez is preparing a CIFFRE PhD under the joint supervision of Yann Régis-Gianas, Adrien Guatto and Ralf Treinen. His work aim at programming smartcontracts more easily by taking inspiration from spreadsheets and stream programming. To do this, his goal is to build a certified spreadsheet compiler to Michelson's smartcontracts.

Building on the similarity between the type a smartcontract executions and the type of streams, they first defined a programming language (Lisa) allowing structured programming of spreadsheets to be translated to a stream algebra. First results are the design of a Lisa interpreter, a propotype compiler from a toy spreadsheet language to Lisa and a compiler from a fragment of Lustre to Lisa.

Yves Guiraud works with Dimitri Ara (Univ. Aix-Marseille), Albert Burroni, Philippe Malbos (Univ. Lyon 1), François Métayer (Univ. Nanterre) and Samuel Mimram (École Polytechnique) on a reference book on the theory of polygraphs and higher-dimensional categories, and their applications in rewriting theory and homotopical algebra.

Yves Guiraud works with Marcelo Fiore (Univ. Cambridge) on the theoretical foundations of higher-dimensional algebra, in order to develop a common setting to develop rewriting methods for various algebraic structures at the same time. Practically, they aim at a definition of polygraphic resolutions of monoids in monoidal categories, based on the recent notion of

Building on 6, Yves Guiraud is currently finishing with Matthieu Picantin (Univ. Paris Diderot) a work that generalises already known constructions such as the bar resolution, several resolutions defined by Dehornoy and Lafont 57, and the main results of Gaussent, Guiraud and Malbos on coherent presentations of Artin monoids 8, to monoids with a Garside family. This allows an extension of the field of application of the rewriting methods to other geometrically interesting classes of monoids, such as the dual braid monoids.

Still with Matthieu Picantin, Yves Guiraud develops an improvement of the classical Knuth-Bendix completion procedure, called the KGB (for Knuth-Bendix-Garside) completion procedure. The original algorithm tries to compute, from an arbitrary terminating rewriting system, a finite convergent presentation, by adding relations to solve confluence issues. Unfortunately, this algorithm fails on standard examples, like most Artin monoids with their usual presentations. The KGB procedure uses the theory of Tietze transformations, together with Garside theory, to also add new generators to the presentation, trying to reach the convergent Garside presentation identified in 6. The KGB completion procedure is partially implemented in the prototype Rewr, developed by Yves Guiraud and Samuel Mimram.

Yves Guiraud has started a collaboration with Najib Idrissi and Muriel Livernet (IMJ-PRG, Univ. Paris Diderot) whose aim is to understand the relation between several different methods known to compute small resolutions of algebras and operads: those based on rewriting methods (Anick, Squier) and those that stem from Koszul duality theory.

Alen Đurić, in collaboration with Pierre-Louis Curien and Yves Guiraud, has found a common generalisation of two distinct generalisations of a result originally due to Deligne, who had shown how to give coherent presentations of aspherical Artin monoids. Here, coherent means, given a presentation by generators and relations, that a number of generating "2-relations" between the relations is provided that suffices to show that "all diagrams involving the relations" can be paved by these generating 2-relations (this is the beginning of a higher-dimensional story). The two distinct generalisations have been given by Gaussent, Guiraud and Malbos and concern Artin groups without the aspherical restriction on the one hand, and so-called Garside monoids on the other hand. The common generalisation concerns a large family of monoids admitting a Garside family. Beyond the technical details, what is important in this new development is to have worked out general conditions that make the coherence argument work. This work is on the edge of being submitted to a journal.

Amar Hadzihasanović has been a postdoc of the team (funded by FSMP) from end of November 2019 to end of September 2020. He has been working intensively on the study of shapes appropriate for the description of higher cells as needed in various approaches to higher categories and higher structures. During his stay, despite of the sanitary problems, Amar managed to considerably revise his last work "Diagrammatic sets and rewriting in weak higher categories". He also started a collaboration with Pierre-Louis Curien on a variation of the category of opetopes (see next section).

Cédric Ho Thanh defended his PhD thesis on October 15, 2020 31. Since November 2020, he is a postdoc in Ichiro Hasuo's lab, National Institute for Informatics, Tokyo. During the last year of his PhD, he pursued his collaboration with Chaitanya Leena Subramaniam on "opetopic algebras". Their most important result is to have found a common generalisation of the model category constructions of Joyal on simplicial sets on one hand, and of Moerdijk and coauthors on dendroidal sets. This work is part of his PhD thesis, and also submitted to journals33.

The on-going collaboration of Pierre-Louis Curien and Amar Hadzihasanović mentioned above concerns a treatment of opetopes and opetopic sets by means of techniques from poset topology: those techniques are well-adapted for the description of an alternative notion of category of opetopes, where the objects are restricted to be positive opetopes, but the morphisms are more liberal: in this category, the treatment of degeneracies migrates from objects to morphisms. The current focus of the joint research is to find a good presentation of this alternative category by generators and relations.

Antoine Allioux (PhD started in February 2018), Eric Finster, Yves Guiraud and Matthieu Sozeau are exploring the development of higher algebra in type theory. To formalise higher algebra, one needs a new source of coherent structures in type theory. During the first year of Allioux's PhD, they studied an internalisation of polynomial monads (of which opetopes and

Since then, they switched to a different view, instead extending type theory with a universe of strict polynomial monads. These strict structures allow, in turn, to present internally weak structures such as

Vincent Blazy, Hugo Herbelin and Pierre Letouzey started a work aiming at making explicit the universe subtyping in the Calculus of Constructions (master internship of Vincent Blazy, then start of his PhD thesis). The first goal is to detect more easily each use of the Prop-Type cumulativity in Coq, with potential application to Coq extraction and also to the mathematical foundations.

Hugo Herbelin and Hugo Moeneclaey worked on the explicit construction of a model for internal iterated parametricity using cubes. The progresses on this very technical task have been presented at the HoTT-UF'20 workshop.

Hugo Moeneclaey gave an alternative approach to building models for external iterated parametricity, sidestepping most technical problems using the theory of locally presentable categories. This method is applicable to build models for other interpretations of type theory.

Hugo Moeneclaey worked on a presentation of identity types in an arbitrary non-recursive higher inductive type as higher inductive types themselves. As an example the loop space of the circle is the type freely generated by a point and an auto-equivalence. This was done using the definition of higher inductive types by Kaposi and Kovacs. This work is still in progress.

Hugo Herbelin and Firmin Martin developed a variant of Girard-Reynolds' System F based on the axiom of separability rather than the axiom of comprehension. They derive from it a realisability semantics for the systems WKL

From August 2020, Thierry Martinez resumed full time the implementation of a dependent pattern-matching compilation algorithm in Coq based on the PhD thesis work of Pierre Boutillier and on the internship work of Meven Bertrand. Significantly enough, he exploited OCaml's GADT to ensure strong static invariants of his implementation.

In January 2020, Théo Zimmermann was recruited on a three-year fixed term position to contribute both to the collaborative maintenance and evolution effort around Coq and its community, and to further investigate these software engineering aspects through empirical methods. His practical contributions for 2020 include:

During the summer, Théo Zimmermann supervised the internship of Julien Coolen on the maintenance and evolution of coqbot. this bot, which was created by Théo Zimmermann during his PhD thesis in 2018, is relied on every day by the Coq developers for the management of the development activity on GitHub. This internship led to significant additions to the bot. One of the most impactful addition is a new feature allowing maintainers to merge pull requests with a comment. Previously, the maintainers had to use a script and set up a PGP key, and this had turned out to be a significant barrier of entry to the role of maintainer.

Théo Zimmermann's research focused on the model of community organizations for the collaborative maintenance of packages which he discovered during his PhD thesis and applied to create the coq-community organization mentioned above. He published and presented a paper about it in the ICSE workshop SoHEAL 2020 29. Since then, he has pursued this investigation further in collaboration with Jean-Rémy Falleri from LaBRI (Bordeaux).

Emilio J. Gallego Arias continued work on improving the incremental proof checking infrastructure for Coq, with a particular focus on the integration of Coq with the industrial-scale Dune build system. Jointly with the rest of the Dune development team, support for composition of Coq “theories” was added and released, together with many other fixes and improvements, including extraction and native compute support, and the full porting of the Coq codebase to Dune. This new tooling, despite its experimental nature, has seen a good adoption by users and researchers. Emilio J. Gallego Arias was invited to a one week “Dune Retreat” — funded by Jane Street — where extended discussion and work about this project was pursued with the rest of the Dune team.

Emilio J. Gallego Arias and Karl Palmskog released a new version of the Coq SerAPI tool, with improvements and new functionality to enable new applications such as 86. Significant feedback from researchers has been gathered as to improve the tool, with a particular focus on mechanized-treatment of proofs by diverse tooling such as machine learning 49 or software engineering tooling.

Emilio J. Gallego Arias and Shachar Itzhaky released a new version of the Coq educational frontend jsCoq 7, with significant improvements both in the frontend, the backend, and the package system. In particular, jsCoq has reached the milestone where we consider that standard Coq textbooks such as Software Foundations run in a stable fashion. jsCoq has been used in several Coq courses in the 2020 year (we estimate at least in the dozens).

Emilio J. Gallego Arias maintains an ongoing collaboration with the Deducteam group at INRIA Saclay on the topic of interactive proof methods and standards; work in 2020 has included the co-supervision of two interns and improvements towards the specification and use of the Language Server Protocol in the context of interactive proof assistants.

Hugo Herbelin, Emilio J. Gallego Arias and Théo Zimmermann, helped by members from Gallinette (Nantes) and Stamp (ex-Marelle, Sophia-Antipolis), devoted an important part of their time to coordinate the development, to review propositions of extensions of Coq from external and/or young contributors, and to propose themselves extensions.

Emilio J. Gallego Arias and Théo Zimmerman took the roles of release managers for the Coq 8.12 release cycle. Coq 8.12.0 was released in July, Coq 8.12.1 was released in November and Coq 8.12.2 was released in December.

Cyril Cohen (Stamp) and Théo Zimmermann replaced the Coq Gitter communication channels by a Zulip server supporting multiple topics. Hundreds of messages are posted every week.

In 2020, Hugo Herbelin contributed about 200 pull requests to Coq, covering maintenance, bug fixes, extensions of the support for notations, refinements of the phase of elaboration of user syntax to checked expresions, code cleanup (especially regarding implicit arguments and notations).

Emilio J. Gallego Arias contributed over 300 changes to Coq of diverse nature, most of them to improve the Coq codebase in preparation for further work on incremental and multi-core aware type checking. He also reviewed and merged over 200 pull requests, with around 2000 total interactions [comments, issues, etc...].

The joint work of Pierre-Louis Curien with Jovana Obradović (former PhD student of the team and now researcher at the Institute of Mathematics of the Serbian Academy of Sciences), Zoran Petrić and other Serbian colleagues on designing a formal deductive system capturing the proofs of incidence theorems has been published in the journal Annals of Pure and Applied Logic 23.

In relation with a logic course for master students, Pierre Letouzey continued a Coq formalisation of the first-order predicate calculus, with the help of Samuel Ben Hamou (internship, 1st year ENS Saclay).
The logical rules are expressed in a natural deduction style (with explicit contexts), with two possible low-level representations of formulas (quantifiers with names or “locally nameless”). After a completeness theorem last year, this time the use of specific theories like Peano and ZF have been investigated.
This development is available at https://

Pierre Letouzey and Yann Régis-Gianas continued working on a Coq formalisation of regular expressions (with complement and conjunction) and their Brzozowski derivatives. This year, Antimorov derivatives have also been studied in this Coq formalization. Many techniques have also been attempted to prove correct the exact details used in a real-world implementation (ml-ulex), but a complete proof of this implementation is still elusive.

Daniel de Rauglaudre started a formalization in Coq the Sensitivity Conjecture, which became a Theorem in 2019 thanks to Hao Huang 75. The sensitivity conjecture remained an open-problem for more than thirty years, aiming to relate the sensitivity of a Boolean function results to its input values to other complexity measures of Boolean functions, such as block sensitivity. De Rauglaudre started to formalize Huang's very succinct proof of the conjecture.

For proving some lemmas in this theorem, numerous formalizations in Linear Algebra (matrices, determinants, eigenvalues, permutations, etc.) had to be implemented. In this context, a study of algebra of ring-like structures has been started, and some syntax of iterators have been studied and added. This development is available at at https://

Jean-Jacques Lévy and Chen Ran (a PhD student at the Institute of Software, Beijing) pursued their work about formal proofs of graph algorithms. Their goal is to provide computer-checked proofs of algorithms that remain the human-readable. In 2019, they presented at ITP 2019 a joint paper with Cyril Cohen, Stephan Merz and Laurent Théry on this work 48. This article compared formal proofs in three different systems (Why3, Coq, Isabelle/HOL) of Tarjan's linear-time algorithm (1972) computing the strongly connected components in directed graphs.

In July 2020, Chen Ran passed her PhD degree at Iscas, Beijing (adviser Zhang Wenhui). Jean-Jacques Lévy currently works on a proof of the implementation of this algorithm with imperative programming and memory pointers. He also plans to produce formal proofs of other abstract algorithms such as the Hopcroft-Tarjan (1972) linear-time algorithm for planarity testing in undirected graphs.

Hugo Herbelin and Ramkumar Ramachandra started the formalization in Coq of an original dependently-typed construction of semi-cubical sets inspired by the parametricity translation (see Section 8.4.2). This highly stressed the limits of Coq.

Emilio J. Gallego Arias collaborated with Stefania Dumbrava and Cody Roux on the use of our verified Datalog engine 45 for the analysis of low-level binary code; we have made significant progress towards the verification in Coq of the alias analysis proposed in 46.

Emilio J. Gallego Arias collaborated with Pierre Jouvelot and Lucas Sguerra on the formalized verification of the general Vickrey-Clarke-Groves (see for example 87) mechanism using Coq. The work has resulted in a paper submission early 2021.

An industrial contract started with Nomadics Lab aiming at improving the development of Coq (continuous integration, merging of pull requests, bug tracking, improving the release process, ...) and of its package ecosystem (for instance building documented best practices, tools and easy installers for newcomers).

Theo Zimmermann started a three-year research engineer position in January 2020 funded by this contract, continuing his research and development work about improving the Software Engineering practices of the development of Coq, especially to continue the improvement of the collaborative development processes and of its ecosystem.

Pierre-Louis Curien is a member of the Equipe associée CRECOGI (Concurrent, Resourceful and Effectful COmputation, by Geometry of Interaction) coordinated by Ugo dal Lago (Focus team, Bologna), with the National Institute of Informatics, Tokyo (Ichiro Hasuo) which planned to have its final meeting as a Shonan meeting, Japan, in November 2020. This event has been postponed to November 2021.

Pierre-Louis Curien is coordinator on the French side of the project VIP (Verification, Interaction, and Proofs) (2017-2020) of the Inria - Chinese Academy of Sciences (CAS) program, with the Institute of Sotware of the CAS. The final meeting of the project, to be held in Beijing, has been postponed to 2021. The Chinese coordinator Ying Jiang has retired and been replaced as coordinator by Peng Wu.

As part of his joint-PhD, Félix Castro spent most of 2020 abroad: after attending a summer school of COQ in Chile (CASS 2020) in January 2020, he spent the rest of the year in Uruguay, coming back to France in December 2020.

Pierre-Louis Curien was awarded a 6-week Research fellowship at the Oberwolfach Mathematical Research Institute (Germany) (split in two stays, in July and September 2020). He worked there on his new course on homotopical algebra and higher categories that he will teach at the master LMFI of Université de Paris.

Emilio J. Gallego Arias was awarded a 3-month Van Vleck Research Fellowship at Weysleyan University (Connecticut, USA) with the goal to continue work with Jim Lipton on the development of algebraic models for proof search. The stay was planned to take place February-April 2020, but was interrupted half-way due to the COVID crisis.

Pierre-Louis Curien and Alexis Saurin are members of GDRI-LL, an international joint GDR between France and Italy, supported by CNRS.

Pierre-Louis Curien, Emilio J. Gallego Arias, Yves Guiraud, Hugo Herbelin, and Alexis Saurin are members of the GDR Informatique Mathématique, in the LHC (Logique, Homotopie, Catégories) and Scalp (Structures formelles pour le calcul et les preuves) working groups. Alexis Saurin is coordinator of the Scalp working group.

Pierre-Louis Curien and Yves Guiraud (local coordinator until Sept. 2019) are members of the GDR Topologie Algébrique, federating French researchers working on classical topics of algebraic topology and homological algebra, such as homotopy theory, group homology, K-theory, deformation theory, and on more recent interactions of topology with other themes, such as higher categories and theoretical computer science.

Yves Guiraud is member of the GDR Tresses, federating French researchers working on algebraic, algorithmic and topological aspects of braid groups, low-dimensional topology, and connected subjects.

Yves Guiraud coordinates the four-year Action Exploratoire INRIA Réal (Réécriture Algébrique, started in 2020). Its aim is to continue the unification of rewriting-like methods in abtract and higher algebra, with a view toward applications in homological and higher algebra, and group and representation theory. This investigation is pursued in immersion at IMJ-PRG, the fundamental maths common laboratory of Sorbonne Université and Université Paris Diderot.

Emilio J. Gallego Arias is a member of the GDR Génie de la Programation et du Logiciel, in the LTP (Langages, Types et Preuves) group.

Yann Régis-Gianas collaborates with Mitsubishi Rennes on the topic of differential semantics. (This collaboration led in the past to the CIFRE grant for the PhD of Thibaut Girka.)

Yann Régis-Gianas collaborates with ANSSI on the topic of certified full programming in Coq.

Yann Régis-Gianas collaborates with Nomadic Labs on the topic of certified smart contract compilation.

Yann Régis-Gianas is a member of the ANR COLIS dedicated to the verification of Linux Distribution installation scripts. This project is joint with members of VALS (Univ Paris Sud) and LIFL (Univ Lille). Yann Régis-Gianas published a paper about the verification of POSIX shell scripts at TACAS 41 and a journal paper presenting Morbig, a static parser for POSIX shell 89.

Alexis Saurin is member of the

Yves Guiraud is an elected member of the “Comité de Centre” of the “Centre INRIA de Paris”.

Alexis Saurin is a member of the Emergence – Ville de Paris project "Realise" led by Christine Tasson.

Emilio Gallego, Hugo Herbelin and Théo Zimmermann chaired the Coq workshop 2020, which was planned as part of the IJCAR-FSCD joint conference and eventually happened entirely online due to the Covid-19 pandemic.

Yann Régis-Gianas was organizing chair of JFLA 2020, which took place in Gruissan from january 29th to february 1st.

Yann Régis-Gianas was co-chair of the JFLA 2020 program committee 30.

Théo Zimmermann was a program committee member for the 36th IEEE International Conference on Software Maintenance and Evolution (ICSME 2020).

Pierre-Louis Curien was a program committee member of the conference Formal Structures for Computation and Deduction (FSCD) 2020, as well as of its affiliated workshop "Geometric and Categorical Structures in Computation and Deduction”.

Théo Zimmermann participated in the review process for the Haskell Conference 2020.

Pierre-Louis Curien is editor-in-chief of the journal Mathematical Structrures in Computer Science.

Théo Zimmermann gave an invited talk at IRIT on the challenges in the collaborative evolution of Coq and its ecosystem.

Pierre-Louis Curien is an invited speaker at the Conference “Braids and beyond”, in memory of Patrick Dehornoy, which was planned in September 2020 in Caen and has been postponed to 2021.

Emilio J. Gallego Arias gave an invited talk at SystemX at the invitation of Kalpana Singh on the subject of applications to Coq to SystemX projects.

Hugo Herbelin gave an invited talk at the JFLA conference on cubical type theory.

Yves Guiraud is an elected member of the “Conseil scientifique” of the “UFR de mathématiques de l'Université de Paris”