The project-team investigates the design of logical frameworks, in order to ensure interoperability between proof systems, and to the development of system-independent proof libraries. To achieve these goals, we develop

The idea that systems such as Euclidean geometry or set theory should be expressed, not as independent systems, but in a logical framework appeared with the design of the first logical framework: predicate logic, in 1928. Later, several more powerful logical frameworks have been designed:

The logical framework that we use is a simple Dedukti.

The first version of Dedukti was developed in 2011 by Mathieu Boespflug 35. From 2012 to 2015, new versions of Dedukti were developed and several theories were expressed in Dedukti, allowing to import proofs developed in Matita (with the tool Krajono), HOL Light (with the tool Holide), FoCaLiZe (with the tool Focalide), iProver, and Zenon, totalizing several hundred of megabytes of proofs. The development of Dedukti has now been completed.

We now focus on the translation of proofs from one Dedukti theory to another and to the exporting of proofs to other proof systems. In particular the Matita arithmetic library has been translated to a much weaker theory: constructive simple type theory, allowing to export it to Coq, Lean, PVS, HOL Light, and Isabelle/HOL. In the same way, the first book of Euclids elements, formalized in Coq has been exported to these systems as well. This led us to develop an online proof repository Nubo and an on-line encyclopedia Logipedia, allowing to share and browse this library.

We also focus on the development of new theories in Dedukti.

Finally, we develop an interactive theorem prover Lambdapi based on the same formalism as Dedukti. This interactive theorem prover is also used as a tool in the process of translating proofs from PVS and from automated theorem provers.

A thesis, which is at the root of our research effort, is that
logical systems should be expressed as theories in a logical framework. As a consequence, proof-checking systems should not be focused on one theory, such as Simple type theory, Martin-Löf's type theory, or the Calculus of constructions, but should be theory independent.
On the more theoretical side, the proof search algorithms, or the algorithmic interpretation of proofs should not depend on the theory in which proofs are expressed, but this theory should just be a parameter. This is for instance expressed in the title of our
invited talk at ICALP 2012: A theory independent Curry-De
Bruijn-Howard correspondence36.

Various limits of Predicate logic have led to the development of various families of logical frameworks:

The Dedukti and that is a synthesis of the Edinburgh logical framework and of Deduction modulo theory, subsumes them all.

Using a single prover to check proofs coming from different systems naturally leads to investigate how these proofs can be translated from one theory to another and used in a system different from the system in which they have been developed. This issue is of prime importance because developments in proof systems are getting bigger and, unlike other communities in computer science, the proof checking community has given little effort in the direction of standardization and interoperability.

For each proof, independently of the system in which it has been
developed, we should be able to identify the systems in which it can
be expressed. For instance, we have shown that many proofs developed
in the Matita prover did not use the full strength of the logic
of Matita and could be exported, for instance, to the systems of
the HOL family, that are based on a weaker logic.

Rather than importing proofs from one system, transforming them, and exporting them to another system, we can use the same tools to develop a system-independent online repository of proofs Nubo and even a system-independent proof encyclopedia Logipedia. In such a repository, each proof is labeled with the theories in which it can be expressed and so with the systems in which it can be used.

We also want to investigate how the

This has led to the development of Lambdapi, which is an interactive theorem prover for the

Interoperability between interactive and automatic theorem provers can be fruitful to both systems: results coming from automatic solvers can be checked by a third-party software with an identified kernel, and interactive provers can benefit from more automation. We are pushing towards this last application by extending the SMTCoq plugin for the Coq proof assistant with new logical transformations that encode Coq goals into first-order logic, which is the input logic of the class of automatic provers called SMT solvers.

Our main impact applications, for instance to proofs of programs, or to air traffic control, are through our cooperation with other teams.

We view our work on interoperability and on the design of a formal proof encyclopedia as a service to the formal proof community.

Frédéric Blanqui's European COST project EuroProofNet has been accepted. EuroProofNet is the European research network on digital proofs. It aims at boosting the interoperability and usability of proof systems. It started on November 2021 and already gathers more than 220 researchers from 30 different countries. EuroProofNet organizes meetings and schools, and provides grants to its members for short-term scientific missions in another lab or country.

Frédéric Blanqui and Gabriel Hondet published a new release of the proof assistant Lambdapi. Lambdapi has been used in various works and, in particular, in Quentin Garchery's PhD 38.

Yacine El Haddad defended his PhD thesis on the integration of automated theorem provers in proof assistants 23.

Gilles Dowek and Alejandro Díaz-Caro have received the Best paper award (shared with another paper) at the 18th International Colloquium on Theoretical Aspects of Computing.

Renaud Vilmart received an accessit to the 2020 Gilles Kahn Ph.D. thesis award.

Yoan Géran has received the Best student paper award at the 46th International Symposium on Mathematical Foundations of Computer Science.

Lambdapi is an interactive proof development system featuring dependent types like in Martin-Lőf’s type theory, but allowing to define objects and types using oriented equations, aka rewriting rules, and reason modulo those equations. This allows to simplify some proofs, and formalize complex mathematical objects that are otherwise impossible or difficult to formalize in more traditional proof systems.

Lambdapi comes with Emacs and VSCode support.

Lambdapi can also read and output Dedukti files, and can thus be used as an higher-level intermediate language for translating proofs from one system to Dedukti.

Lambdapi is a logical framework and does not come with a pre-defined logic. However, it is easy to define a logic by declaring a few symbols and rules. A library of pre-defined logic is also provided.

Here are some of the features of Lambdapi: - Emacs and VSCode plugins (based on LSP) - support for unicode (UTF-8) and user-defined infix operators - symbols can be declared commutative, or associative and commutative - some arguments can be declared as implicit: the system will try to find out their value automatically - symbol and rule declarations are separated so that one can easily define inductive-recursive types or turn a proved equation into a rewriting rule - support for interactive resolution of typing goals, and unification goals as well, using tactics - a rewrite tactic similar to the one of SSReflect in Coq - the possibility of calling external automated provers - a command is provided for automatically generating an induction principle for (mutually defined) strictly-positive inductive types - Lambdapi can call external provers for checking the confluence and termination of user-defined rewriting rules by translating them to the XTC and HRS formats used in the termination and confluence competitions

Dedukti is a proof-checker for the LambdaPi-calculus modulo. As it can be parametrized by an arbitrary set of rewrite rules, defining an equivalence relation, this calculus can express many different theories. Dedukti has been created for this purpose: to allow the interoperability of different theories.

Dedukti's core is based on the standard algorithm for type-checking semi-full pure type systems and implements a state-of-the-art reduction machine inspired from Matita's and modified to deal with rewrite rules.

Dedukti's input language features term declarations and definitions (opaque or not) and rewrite rule definitions. A basic module system allows the user to organize his project in different files and compile them separately.

Dedukti features matching modulo beta for a large class of patterns called Miller's patterns, allowing for more rewriting rules to be implemented in Dedukti.

Logipedia is composed of two distinct parts: 1) A back-end that translates proofs expressed in a theory encoded in Dedukti to other systems such as Coq, Lean or HOL 2) A front-end that prints these proofs in a "nice way" via a website. Using the website, the user can search for a definition or a theorem then, download the whole proof into the wanted system.

Currently, the available systems are: Coq, Matita, Lean, PVS and OpenTheory. The proofs comes from a logic called STTForall.

In the long run, more systems and more logic should be added.

A termination-checker for higher-order rewriting with dependent types.

Took part in the Termination Competition 2018 ( http://termination-portal.org/wiki/Termination_Competition_2018 ) in the "Higher-Order Rewriting (union Beta)" category.

Frédéric Blanqui and Gabriel Hondet published a new release of Lambdapi. Lambdapi is a proof assistant for the λΠ-calculus modulo rewriting. It extends Dedukti with meta-variables, implicit arguments, etc. and an interactive proof mode for solving typing and unification goals using tactics. Typing goals corresponding to first-order formulas can be discharged by calling external automated theorem provers via the Why3 library. Lambdapi can read and output Dedukti files and can thus be used as an intermediate higher-level language for translating proofs from one system to Dedukti.

Many improvements have been made on Lambdapi in 2021: parser generator changed to Menhir; generation of induction principles extended to parametrized strictly-positive types; addition of the tactics induction, admit and generalize; addition of associative and commutative symbols; addition of structured proof scripts (Aurélien Castre's internship), improvement of the Emacs and VSCode interface (Ashish Kumar Barnawal).

Lambdapi has been used in 2021 by:

Loris Cros, in his internship supervised by Bruno Barras, has continued developing algorithms to check criterions related to confluence of rewrite systems in Dedukti. He also started the implemtation of a completion algorithm in order to deal with rewriting modulo associativity and commutativity (AC).

Gilles Dowek has investigated a alternative presentation of Pure Type Systems, where the notion of well-formed context has been dropped. This work has been published in the proceedings of Logical Frameworks and Meta-Languages 31.

Frédéric Blanqui has investigated and implemented in Lambdapi how to encode type universes without using matching modulo associativity and commutativity, which is complex to implement. It is based on a technique introduced in 34.

Gilles Dowek, Gaspard Férey, Jean-Pierre Jouannaud, Jiaxiang Liu have investigated confluence criterions for non-terminating Higher-Order Rewrite Theories.

Frédéric Blanqui, Gilles Dowek, Émilie Grienenberger, Gabriel Hondet, and Francois Thiré have studied a theory in Dedukti, called U, that enables to express proofs in various theories (constructive and non constructive predicate logic, constructive and non constructive simple type theory, with and without polymorphism, with and without predicate subtyping, the Calculus of constructions, etc.) and shown that each of these theories corresponds to a selection of axioms in the theory U. This paper has been published in the proceedings of Formal Structures for Computation and Deduction 14.

During his Master internship, Luc Chabassier implemented in lambdapi a translation from the Extensional Type Theory (ETT) to Intensional Type Theory (ITT), inspired from the paper "Eliminating Reflection From Type Theory" (Winterhalter, Sozeau et Tabareau) 42. In contrast to what the authors did, his translation his well-typed by construction, rather than building an untyped term that has to be proved correct after the fact.

During his Master internship, Thiago Felicissimo worked on the translations from the proof assistant Agda to Dedukti and Lambdapi. In particular, he showed how to translate copattern matching coinduction 32, and implemented this in the tool Agda2Dedukti.

Gabriel Hondet and Frédéric Blanqui showed how to encode in the λΠ-calculus modulo rewriting, predicate subtyping and proof irrelevance, two important features of the PVS proof assistant. They proved that this encoding is correct and that encoded proofs can be mechanically checked by Dedukti, a type checker for the λΠ-calculus modulo theory using rewriting 39.

Luc Chabassier has started a Phd, supervised by Bruno Barras and Gilles Dowek, which goal is to study new approaches to formalize Category Theory in proof assistants, potentially exploiting the rewriting features of Dedukti.

Yoan Géran has started a Phd, supervised by Olivier Hermant and Gilles Dowek, on reverse mathematics in Dedukti. His objective is to refine the translation framework from Coq to Dedukti with a focus on universes, to develop the corresponding tool, Vodk, along with reverse mathematics techniques to analyze and minimize the Dedukti proofs.

Thomas Traversié, during his internship supervised by Valentin Blot and Gilles Dowek, implemented set theory in Lambdapi. In particular, he encoded sets by a structure of pointed graphs, following the lines given in the paper "Cut elimination for Zermelo set theory" (Dowek and Miquel) 37.

Yann Leray improved and developed the translations from the proof assistant Isabelle to Lambdapi and Dedukti 30.

During her thesis, which started in October 2020, Amélie Ledein is interested in the verification of formal semantics proofs (such as the proof that a language is deterministic or the so-called subject reduction property) of programming languages as well as the reuse of these proofs in another proof assistant. A first result obtained concerns the translation of K, a framework for defining formal semantics of programming languages from which different tools are automatically derived, into Dedukti. The implementation of this translation, named KaMeLo, is available here. This work was presented during an LVP research day in 2021, and will be published at the JFLA national conference in June 2022.

Gabriel Hondet investigated how to translate theories with implicit subtyping into Lambdapi without translating the subtyping derivations. The framework has been modified to be able to synthesise back the subtyping derivations using a generic coercion insertion algorithm. The mechanism has been implemented in the tool Personoj and tested on the translation of the standard library of PVS.

Yacine El Haddad, Guillaume Burel and Frédéric Blanqui showed the correctness of a de-skolemization transformation consisting in building a proof in a deep encoding of natural deduction in the λΠ-calculus modulo rewriting of a first-order formula from a proof of its skolemization. This transformation has been implemented in the tool SKonverto.

Yacine El Haddad defended his PhD thesis on the integration of automated theorem provers in proof assistants 23. His contributions are:

Yoan Géran, during his internship, has analyzed the GeoCoq proof library, that contain the proofs of Euclid's Elements, book I. He has shown that it can be shrinked from the Calculus of Constructions with universes to fit in a logic as weak as predicate logic. Through the tools developed at Deducteam, this allowed GeoCoq to be exported to 7 systems : HOL Light, Lean, Matita, OpenTheory (hence Isabelle/HOL and HOL4), and PVS.

In order to automatize the Coq proof assistant, tactics which send a first-order goal to SMT solvers are available in the SMTCoq plugin.

Valentin Blot, Louise Dubois de Prisque and Pierre Vial, with the external collaboration of Chantal Keller, developed a new Coq automatic tactic15 which generates and proves first-order statements about Coq terms (datatypes and functions). This enriches the semantics of information transmitted to SMTCoq and increases automation in the Coq proof assistant.

This tactic snipe is modular and combines independent transformations, which allows incremental development.

Catherine Dubois, Amélie Ledein and Mathieu Montin (Loria) have developed the LIBNDT library, implemented both in Agda and Coq, concerning a class of nested inductive types. This library proposes a generic type LNDT (linked nested datatype) of which some common data types (List, Maybe, Nest and even Bush - in Agda only for the latter) can be constructed as various instances. A paper has been accepted for publication in the international workshop MSFP 2022 (Mathematically Structured Functional Programming).

Gilles Dowek and Alejandro Díaz-Caro have investigated an extension of propositional logic with a new connective, called sup, that has the introduction rules of the conjunction and the elimination rules of the disjunction and shown that this connective enables to model non-deterministic and non-reversible processes such as quantum measurement. This work 25 has been published in the proceedings of the 18th International Colloquium on Theoretical Aspects of Computing, where it has received the Best paper award (shared with another paper).

Renaud Vilmart, together with collaborators Benoît Valiron and Kostia Chardonnet have laid the foundations for a geometry of interaction-style of semantics for graphical language ZX-Calculus, devoted to quantum computing. This paper has been published in the proceedings of MFCS 2021 17, and also in the proceedings of TLLA 20121 16.

Renaud Vilmart has investigated the links between graphical language ZH-Calculus and Quantum Multiple-valued Decision Diagrams (QMDDs) used in verification of quantum processes. This paper has been published in the proceedings of MFCS 2021 19.

Renaud Vilmart has published a paper at FoSSaCS 2021 41. This paper does not appear in the team's publications, as it was submitted before the author joined Deducteam.

Pablo Arnault has introduced a discrete-time quantum walk (DQW) defined on a polar grid, a primer, and are hence able to define an angular momentum for this DQW, which is conserved at the discrete level, i.e., on the spacetime lattice. Ha has shown that in the continuum limit the standard relativistic Landau levels of the Dirac equation are recovered in the case the Hamiltonian has been codiagonalized with, not the linear momentum, but the angular one. Those results have been published in 13.

Pablo Arnault has shown that one can discretize the Dirac equation under the form of a DQW without specifying a particular representation of the Clifford algebra. A new Clifford algebra has been defined from the operators defining the DQW, by requiring that the square of the DQW delivers what we define as a valid discretization of the Dirac equation (this parallels exactly, at the discrete level, Dirac’s original procedure in the continuum). We then show that the DQW contains, natively, a Wilson term that enables to avoid fermion doubling, and this without breaking unitarity, while discrete-time versions of standard lattice gauge theory are usually formulated in a Lagrangian way so that unitarity is not in-built, has to be proven, and is actually frequently broken. Those results appear in 24.

Valentin Blot and Chantal Keller have funding for a 4-year project (2021–2025) involving a PhD student, a research engineer (2 years) and a post-doctoral researcher (2 years). This funding is part of the Inria - Nomadic labs partnership for Tezos blockchain.

Alejandro Díaz-Caro visited Deducteam for two weeks in November.

Gilles Dowek has visited the University of Buenos Aires for two weeks.

Gilles Dowek has visited the Pontifícia Universidade Católica do Rio de Janeiro for two weeks. He has give two talks there "A New connective in natural deduction, and its application to quantum computing" and "Ecumenism: logical constants and beyond".

EuroProofNet Frédéric Blanqui is the chair of the European COST action CA20111 EuroProofNet. EuroProofNet is the European research network on digital proofs. It aims at boosting the interoperability and usability of proof systems. It started on November 2021 and already gathers more than 220 researchers from 30 different countries. EuroProofNet organizes meetings and schools, and provides grants to its members for short-term scientific missions in another lab or country.

The ANR project (2022-2025) ICSPA (Interoperable and Confident Set-based Proof Assistants) has been accepted in the context of the AAPG 2021 call. It is coordinated by Catherine Dubois and has the following academic partners Samovar – Inria Grand Est – Inria Paris-Saclay – LIRMM – IRIT with the industrial partner Clearsy. The project starts on January 1st 2022. This project aims at reinforcing the confidence in proofs carried out mechanically for the set-based specification formalisms B, Event-B, and TLA+ that are used in industry.This will be done by verifying these proofs formally and independently with the proof verifier Dedukti. The project also aims at designing and implementing an exchange framework, through which those three systems can share their proofs and theories, making them effectively interoperable.

The ANR PROGRAMme is an ANR for junior researcher Liesbeth Demol (CNRS, UMR 8163 STL, University Lille 3) to which G. Dowek participates. The subject is: “What is a program? Historical and Philosophical perspectives”. This project aims at developing the first coherent analysis and pluralistic understanding of “program” and its implications to theory and practice.

Frédéric Blanqui was PC member of FSCD'21, CICM'21 and TYPES'21.

Gilles Dowek has been a PC member of CADE, ITP, Happoc, and NFR.

Renaud Vilmart has reviewed papers for Logics in Computer Science (LICS), Quantum Physics and Logics (QPL) and Symposium on Theory of Computing (STOC).

Renaud Vilmart has reviewed papers for Journal of the ACM (JACM), Logical Methods in Computer Science (LMCS), Physical Review A (PRA), Theoretical Computer Science (TCS) and Transactions on Quantum Computing (TQC).

Gilles Dowek has given an invited talk "Sharing proofs across logics and systems: a boost for formal methods?" at ABZ 2021.

Gilles Dowek has given an invited talk "Sharing geometry proofs across logics and systems" at the 13th International Conference on Automated Deduction in Geometry.

Gilles Dowek has given an invited talk "A framework to express the axioms of mathematics" at the VI congresso latinoamericano de matemáticos.

Gilles Dowek has given an invited talk "How can we make formal proof teachable?" at Theorem Proving Components for Educational Software 2021.

Gilles Dowek has given an invited talk Explanation: from ethics to logic" at the Symposium Fairness, Integrity and Transparency in Formal Systems: Challenges for a Society Increasingly Dominated by Technology, co-organised by the Japan Association for Philosophy of Science and the Division for Logic, Methodology and Philosophy of Science and Technology of the International Union of History and Philosophy of Science and Technology. The video is online.

Bruno Barras has given an invited talk “Type Theory in Set Theory, in Type Theory" at the conference celebrating the 90 Years of Gödel's Incompleteness Theorems, held in Nürtingen (Germany), in July 2021.

Frédéric Blanqui is member of the steering committees of the International School on Rewriting (ISR), the international TYPES conference, and of the ACM/IEEE Symposium on Logic in Computer Science (LICS).

Gilles Dowek is a member of the of the Comité national pilote d'éthique du numérique.

Gilles Dowek is a member of the Conseil national du numérique.

Gilles Dowek is a member of the Scientific board of the Societé informatique de France.

Gilles Dowek is a member of the Comite national francais d'histoire et de philosophie des sciences et des techniques.

Frédéric Blanqui is assistant director of the doctoral school ED STIC on computer science of the University Paris-Saclay.

Frédéric Blanqui and Gilles Dowek advise the doctoral work of Gabriel Hondet.

Frédéric Blanqui and Gilles Dowek advise the doctoral work of Thiago Felicissimo.

Bruno Barras and Gilles Dowek advise the doctoral work of Luc Chabassier.

Gilles Dowek and Olivier Hermant advise the doctoral work of Yoan Géran.

Frédéric Blanqui and Gilles Dowek have advised the masters internship of Thiago Felicissimo.

Gilles Dowek and Olivier Hermant have advised the masters internship of Yoan Géran.

Gilles Dowek has advised the masters internship of Oleksii Tsokurov.

Valentin Blot and Gilles Dowek advise the parcours recherche of Thomas Traversié.

Gilles Dowek and Jean-Pierre Jouannaud advise the parcours recherche of Corentin Chabanol.

Bruno Barras advise the parcours recherche of Loris Cros.

Frédéric Blanqui is member of the Evaluation Committee of Inria.

Frédéric Blanqui is member of the scientific committee of Inria Saclay.

Renaud Vilmart has written an article for the blog “Binaire du Monde”, related to his PhD work.