Since 2012, the research conducted in

2021 is the final year of the project-team which shall be replaced, early 2022, by a newly created team, named PiCube, welcoming new members and exploring new research directions which will be presented in this report.

Proof theory is the branch of logic devoted to the study of the structure of proofs. An essential contributor to this field is Gentzen 63 who developed in 1935 two logical formalisms that are now central to the study of proofs. These are the so-called “natural deduction”, a syntax that is particularly well-suited to simulate the intuitive notion of reasoning, and the so-called “sequent calculus”, a syntax with deep geometric properties that is particularly well-suited for proof automation.

Proof theory gained a remarkable importance in computer science when it
became clear, after genuine observations first by Curry in
1958 54, then by Howard and de Bruijn at the end of the
60's 75, 44, that proofs had the very same
structure as programs: for instance, natural deduction proofs can be
identified as typed programs of the ideal programming language known
as

This proofs-as-programs correspondence has been the starting point to a large spectrum of researches and results contributing to deeply connect logic and computer science. In particular, it is from this line of work that Coquand and Huet's Calculus of Constructions 53, 51 stemmed out – a formalism that is both a logic and a programming language and that is at the source of the Coq system 93.

The

To explain the Curry-Howard correspondence, it is important to
distinguish between intuitionistic and classical logic: following
Brouwer at the beginning of the 20th century,
classical logic is a logic that accepts the use of reasoning by
contradiction while intuitionistic logic proscribes it. Then,
Howard's observation is that the proofs of the intuitionistic natural
deduction formalism exactly coincide with
programs in the (simply typed)

A major achievement has been accomplished by Martin-Löf who designed in 1971 a formalism, referred to as modern type theory, that was both a logical system and a (typed) programming language 85.

In 1985, Coquand and Huet 53, 51 in the Formel
team of INRIA-Rocquencourt explored an alternative approach
based on Girard-Reynolds' system

The first public release of CoC dates back to 1989. The same project-team developed the programming language Caml (nowadays called OCaml and coordinated by the Gallium team) that provided the expressive and powerful concept of algebraic data types (a paragon of it being the type of lists). In CoC, it was possible to simulate algebraic data types, but only through a not-so-natural not-so-convenient encoding.

In 1989, Coquand and Paulin 52 designed an extension of the Calculus of Constructions with a generalisation of algebraic types called inductive types, leading to the Calculus of Inductive Constructions (CIC) that started to serve as a new foundation for the Coq system. This new system, which got its current definitive name Coq, was released in 1991.

In practice, the Calculus of Inductive Constructions derives its strength from being both a logic powerful enough to formalise all common mathematics (as set theory is) and an expressive richly-typed functional programming language (like ML but with a richer type system, no effects and no non-terminating functions).

During 1984-2012 period, about 40 persons have contributed to the development of Coq, out of which 7 persons have contributed to bring the system to the place it was six years ago. First Thierry Coquand through his foundational theoretical ideas, then Gérard Huet who developed the first prototypes with Thierry Coquand and who headed the Coq group until 1998, then Christine Paulin who was the main actor of the system based on the CIC and who headed the development group from 1998 to 2006. On the programming side, important steps were made by Chet Murthy who raised Coq from the prototypical state to a reasonably scalable system, Jean-Christophe Filliâtre who turned to concrete the concept of a small trustful certification kernel on which an arbitrary large system can be set up, Bruno Barras and Hugo Herbelin who, among other extensions, reorganised Coq on a new smoother and more uniform basis able to support a new round of extensions for the next decade.

The development started from the Formel team at Rocquencourt but, after Christine Paulin got a position in Lyon, it spread to École Normale Supérieure de Lyon. Then, the task force there globally moved to the University of Orsay when Christine Paulin got a new position there. On the Rocquencourt side, the part of Formel involved in ML moved to the Cristal team (now Gallium) and Formel got renamed into Coq. Gérard Huet left the team and Christine Paulin started to head a Coq team bilocalised at Rocquencourt and Orsay. Gilles Dowek became the head of the team which was renamed into LogiCal. Following Gilles Dowek who got a position at École Polytechnique, LogiCal moved to the new INRIA Saclay research center. It then split again, giving birth to ProVal. At the same time, the Marelle team (formerly Lemme, formerly Croap) which has been a long partner of the Formel team, invested more and more energy in the formalisation of mathematics in Coq, while contributing importantly to the development of Coq, in particular for what regards user interfaces.

After various other spreadings resulting from where the wind pushed former PhD students, the development of Coq got multi-site with the development now realised mainly by employees of INRIA, the CNAM, and Paris Diderot.

In the last seven years, Hugo Herbelin and Matthieu Sozeau coordinated the development of the system, the official coordinator hat passed from Hugo to Matthieu in August 2016. The ecosystem and development model changed greatly during this period, with a move towards an entirely distributed development model, integrating contributions from all over the world. While the system had always been open-source, its development team was relatively small, well-knit and gathered regularly at Coq working groups, and many developments on Coq were still discussed only by the few interested experts.

The last years saw a big increase in opening the development to external scrutiny and contributions. This was supported by the “core” team which started moving development to the open GitHub platform (including since 2017 its bug-tracker 94 and wiki), made its development process public, starting to use public pull requests to track the work of developers, organising yearly hackatons/coding-sprints for the dissemination of expertise and developers & users meetings like the Coq Workshop and CoqPL, and, perhaps more anecdotally, retransmitting Coq working groups on a public YouTube channel.

This move was also supported by the hiring of Maxime Dénès in 2016 as an INRIA research engineer (in Sophia-Antipolis), and the work of Matej Košík (2-year research engineer). Their work involved making the development process more predictable and streamlined and to provide a higher level of quality to the whole system. In 2018, a second engineer, Vincent Laporte, was hired. Yves Bertot, Maxime Dénès and Vincent Laporte are developing the Coq consortium, which aims to become the incarnation of the global Coq community and to offer support for our users.

Today, the development of Coq involves participants from the INRIA project-teams pi.r2 (Paris), Marelle (Sophia-Antipolis), Toccata (Saclay), Gallinette (Nantes), Gallium (Paris), and Camus (Strasboug), the LIX at École Polytechnique and the CRI Mines-ParisTech. Apart from those, active collaborators include members from MPI-Saarbrucken (D. Dreyer's group), KU Leuven (B. Jacobs group), MIT CSAIL (A. Chlipala's group, which hosted an INRIA/MIT engineer, and N. Zeldovich's group), the Institute for Advanced Study in Princeton (from S. Awodey, T. Coquand and V. Voevodsky's Univalent Foundations program) and Intel (M. Soegtrop). The latest released versions have typically a couple of dozens of contributors (e.g. 40 for 8.8, 54 for 8.9, ...).

On top of the developer community, there is a much wider user community, as Coq is being used in many different fields. The Software Foundations series, authored by academics from the USA, along with the reference Coq'Art book by Bertot and Castéran 41, the more advanced Certified Programming with Dependent Types book by Chlipala 49 and the recent book on the Mathematical Components library by Mahboubi, Tassi et al. provide resources for gradually learning the tool.

In the programming languages community, Coq is being taught in two summer schools, OPLSS and the DeepSpec summer school. For more mathematically inclined users, there are regular Winter Schools in Nice and in 2017 there was a school on the use of the Univalent Foundations library in Birmingham.

Since 2016, Coq also provides a central repository for Coq packages,
the Coq opam archive, relying on the OCaml opam package manager and including
around 250 packages contributed by users. It would be too long
to make a detailed list of the uses of Coq in the wild. We only highlight
four research projects relying heavily on Coq. The Mathematical Components library has its origins in the formal
proof of the Four Colour Theorem and has grown to cover many areas of mathematics in Coq
using the now integrated (since Coq 8.7) SSReflect proof language.
The DeepSpec project is an NSF Expedition project led by
A. Appel whose aim is full-stack verification
of a software system, from machine-checked proofs of circuits to an operating system to a
web-browser, entirely written in Coq and integrating many large projects into one. The ERC CoqHoTT project led by N. Tabareau
aims to use logical tools to extend the expressive power of Coq, dealing with the univalence axiom and
effects. The ERC RustBelt project led by D. Dreyer concerns the development of rigorous formal foundations for the Rust programming language, using the Iris Higher-Order Concurrent Separation Logic Framework in Coq.

We next briefly describe the main components of Coq.

The architecture adopts the so-called de Bruijn principle: the well-delimited kernel
of Coq ensures the correctness
of the proofs validated by the system. The kernel is rather stable
with modifications tied to the evolution of the underlying Calculus of
Inductive Constructions formalism. The kernel includes an
interpreter of the programs expressible in the CIC and this
interpreter exists in two flavours: a customisable lazy evaluation
machine written in OCaml and a call-by-value bytecode interpreter
written in C dedicated to efficient computations. The kernel also
provides a module system.

The concrete user language of Coq, called Gallina, is a
high-level language built on top of the CIC. It includes a type
inference algorithm, definitions by complex pattern-matching, implicit
arguments, mathematical notations and various other high-level
language features. This high-level language serves both for the
development of programs and for the formalisation of mathematical
theories. Coq also provides a large set of commands. Gallina and
the commands together forms the Vernacular language of Coq.

The standard library is written in the vernacular language of Coq.
There are libraries for various arithmetical structures and various
implementations of numbers
(Peano numbers, implementation of

The tactics are the methods available to conduct proofs. This includes the basic inference rules of the CIC, various advanced higher level inference rules and all the automation tactics. Regarding automation, there are tactics for solving systems of equations, for simplifying ring or field expressions, for arbitrary proof search, for semi-decidability of first-order logic and so on. There is also a powerful and popular untyped scripting language for combining tactics into more complex tactics.

Note that all tactics of Coq produce proof certificates that are checked by the kernel of Coq. As a consequence, possible bugs in proof methods do not hinder the confidence in the correctness of the Coq checker. Note also that the CIC being a programming language, tactics can have their core written (and certified) in the own language of Coq if needed.

Extraction is a component of Coq that maps programs (or even computational proofs) of the CIC to functional programs (in OCaml, Scheme or Haskell). Especially, a program certified by Coq can further be extracted to a program of a full-fledged programming language then benefiting of the efficient compilation, linking tools, profiling tools, ... of the target language.

Coq is a feature-rich system and requires extensive training in order to be used proficiently; current documentation includes the reference manual, the reference for the standard library, as well as tutorials, and related tooling [sphinx plugins, coqdoc]. The jsCoq tool allows writing interactive web pages were Coq programs can be embedded and executed.

Coq is used in large-scale proof developments, and provides users miscellaneous tooling to help with them: the coq_makefile and Dune build systems help with incremental proof-checking; the Coq OPAM repository contains a package index for most Coq developments; the CoqIDE, ProofGeneral, jsCoq, and VSCoq user interfaces are environments for proof writing; and the Coq's API does allow users to extend the system in many important ways. Among the current extensions we have QuickChik, a tool for property-based testing; STMCoq and CoqHammer integrating Coq with automated solvers; ParamCoq, providing automatic derivation of parametricity principles; MetaCoq for metaprogramming; Equations for dependently-typed programming; SerAPI, for data-centric applications; etc... This also includes the main open Coq repository living at Github.

Dependently typed programming (shortly DTP) is an emerging concept
referring to the diffuse and broadening tendency to develop
programming languages with type systems able to express program
properties finer than the usual information of simply belonging to
specific data-types. The type systems of dependently-typed programming
languages allow to express properties dependent of the input and
the output of the program (for instance
that a sorting program returns a list of same size as its
argument). Typical examples of such languages were the Cayenne
language, developed in the late 90's at Chalmers University in Sweden
and the DML language developed at Boston. Since then, various new
tools have been proposed, either as typed programming languages whose
types embed equalities (

DTP contributes to a general movement leading to the fusion between logic and programming. Coq, whose language is both a logic and a programming language which moreover can be extracted to pure ML code plays a role in this movement and some frameworks combining logic and programming have been proposed on top of Coq (Concoqtion at Rice and Colorado, Ynot at Harvard, Why in the ProVal team at INRIA, Iris at MPI-Saarbrucken). It also connects to Hoare logic, providing frameworks where pre- and post-conditions of programs are tied with the programs.

DTP approached from the programming language side generally benefits of a full-fledged language (e.g. supporting effects) with efficient compilation. DTP approached from the logic side generally benefits of an expressive specification logic and of proof methods so as to certify the specifications. The weakness of the approach from logic however is generally the weak support for effects or partial functions.

In between the decidable type systems of conventional data-types based
programming languages and the full expressiveness of logically
undecidable formulae, an active field of research explores a spectrum
of decidable or semi-decidable type systems for possible use in
dependently typed programming languages. At the beginning of the spectrum,
this includes, for instance, the system F's extension ML

For two decades, the Curry-Howard correspondence has been limited to the intuitionistic case but since 1990, an important stimulus spurred on the community following Griffin's discovery that this correspondence was extensible to classical logic. The community then started to investigate unexplored potential connections between computer science and logic. One of these fields is the computational understanding of Gentzen's sequent calculus while another one is the computational content of the axiom of choice.

Indeed, a significant extension of the Curry-Howard correspondence has been
obtained at the beginning of the 90's thanks to the seminal
observation by Griffin 65 that some operators known as
control operators were typable by the principle of double negation
elimination (

Control operators are used to jump from one location of a
program to another. They were first considered in the 60's by
Landin 81 and Reynolds 88 and started to
be studied in an abstract way in the 80's by Felleisen et
al 61, leading to Parigot's

The Curry-Howard interpretation of sequent calculus started to be
investigated at the beginning of the 90's. The main technicality of
sequent calculus is the presence of left introduction inference
rules, for which two kinds of interpretations are
applicable. The first approach interprets left introduction rules as
construction rules for a language of patterns but it does not really
address the problem of the interpretation of the implication
connective. The second approach, started in 1994, interprets left
introduction rules as evaluation context formation rules. This line of
work led in 2000 to the design by Hugo Herbelin and
Pierre-Louis Curien of a symmetric calculus exhibiting deep dualities
between the notion of programs and evaluation contexts and between the
standard notions of call-by-name and call-by-value evaluation semantics.

Abstract machines came as an intermediate evaluation device, between
high-level programming languages and the computer microprocessor. The
typical reference for call-by-value evaluation of

Delimited control extends the expressiveness of control operators with
effects: the fundamental result here is a completeness result by
Filinski 62: any side-effect expressible in monadic
style (and this covers references, exceptions, states, dynamic
bindings, ...) can be simulated in

Like ordinary categories, higher-dimensional categorical structures originate in algebraic topology. Indeed, fundamental $\infty $-groupoid

In the last decades, the importance of higher-dimensional categories has grown fast, mainly with the new trend of categorification that currently touches algebra and the surrounding fields of mathematics. Categorification is an informal process that consists in the study of higher-dimensional versions of known algebraic objects (such as higher Lie algebras in mathematical physics 39) and/or of “weakened” versions of those objects, where equations hold only up to suitable equivalences (such as weak actions of monoids and groups in representation theory 56).

The categorification process has also reached logic, with the introduction of homotopy type theory. After a preliminary result that had identified categorical structures in type theory 74, it has been observed recently that the so-called “identity types” are naturally equiped with a structure of

Higher-dimensional categories are algebraic structures that contain, in essence, computational aspects. This has been recognised by Street 92, and independently by Burroni 45, when they have introduced the concept of computad or polygraph as combinatorial descriptions of higher categories. Those are directed presentations of higher-dimensional categories, generalising word and term rewriting systems.

In the recent years, the algebraic structure of polygraph has led to a new theory of rewriting, called higher-dimensional rewriting, as a unifying point of view for usual rewriting paradigms, namely abstract, word and term rewriting 80, 84, 70, 71, and beyond: Petri nets 73 and formal proofs of classical and linear logic have been expressed in this framework 72. Higher-dimensional rewriting has developed its own methods to analyse computational properties of polygraphs, using in particular algebraic tools such as derivations to prove termination, which in turn led to new tools for complexity analysis 42.

The homotopical properties of higher categories, as studied in mathematics, are in fact deeply related to the computational properties of their polygraphic presentations. This connection has its roots in a tradition of using rewriting-like methods in algebra, and more specifically in the works of Anick 36 and Squier 91, 90: Squier has proved that, if a monoid finite, terminating and confluent rewriting system, then its third integral homology group finite derivation type (a property of homotopical nature). This allowed him to conclude that finite convergent rewriting systems were not a universal solution to decide the word problem of finitely generated monoids. Since then, Yves Guiraud and Philippe Malbos have shown that this connection was part of a deeper unified theory when formulated in the higher-dimensional setting 11, 12, 68, 69, 67.

In particular, the computational content of Squier's proof has led to a constructive methodology to produce, from a convergent presentation, coherent presentations and polygraphic resolutions of algebraic structures, such as monoids 11 and algebras 10. A coherent presentation of a monoid

The application domains of the team researchers range from the formalization of mathematical theories and computational systems using the Coq proof assistant to the design of programming languages with rich type systems and the design and analysis of certified program transformations.

The environmental impact of the team is mainly two sorts:

Members of the team are committed to decreasing the environmental impact of our research. In the IRIF lab environment, a working group investigates the footprint of our scientific community and its practices (notably numerous international conferences) and the potential medium and long-term evolution that can be made. Several members of the team and active contributors or interested followers of the WG. As an achievement of this working group, recommendations have been made at the IRIF level to encourage every lab member to travel by train rather than by plane when the travel duration is not significantly longer by train.

The team published five papers in the LICS 2021 conference, authored by Antoine Allioux (with Eric Finster and Mathieu Sozeau), Thomas Ehrhard and Farzad Jafarrahmani, Hugo Herbelin (with Nuria Brede), Paul-André Melliès and Hugo Moeneclaey ; and a POPL 2022 paper authored by Paul-André Melliès (with Arthur Vale, Zhong Shao, Jérémie Koenig and Léo Stefanesco).

Coq was awarded early 2022 the open science free software award in the Scientific and Technical category (see website.

During 2021, one of the main creative aspects of the team's work has been to set up the new team and to design the new scientific proposal for the follow-up team that will be created after the end of

in order to reduce the “technological gap” which currently separates the vernacular language used by the working mathematicians in their daily practice and the formal language used today in a proof assistant such as Coq, Agda or Lean.

By building on these converging lines and combining them with an active involvement to the Coq ecosystem at all levels, and a firm commitment towards the formalisation of mathematics, the ambition of the Picube project is to provide the foundations for a new generation of proof assistants

The Picube team is organised in five research axis:

and includes three new members: Thomas Ehrhard (DR CNRS), Paul-André Melliès (DR CNRS and future team manager) and Daniela Petrişan (MdC UPC).

Coq version 8.14 integrates many usability improvements, as well as an important change in the core language. The main changes include:

- The internal representation of match has changed to a more space-efficient and cleaner structure, allowing the fix of a completeness issue with cumulative inductive types in the type-checker. The internal representation is now closer to the user-level view of match, where the argument context of branches and the inductive binders "in" and "as" do not carry type annotations.

- A new "coqnative" binary performs separate native compilation of libraries, starting from a .vo file. It is supported by coq_makefile.

- Improvements to typeclasses and canonical structure resolution, allowing more terms to be considered as classes or keys.

- More control over notation declarations and support for primitive types in string and number notations.

- Removal of deprecated tactics, notably omega, which has been replaced by a greatly improved lia, along with many bug fixes.

- New Ltac2 APIs for interaction with Ltac1, manipulation of inductive types and printing.

Many changes and additions to the standard library in the numbers, vectors and lists libraries. A new signed primitive integers library Sint63 is available in addition to the unsigned Uint63 library.

This software is a bot to help and automatize the development of the Coq proof assistant on the GitHub platform. It is written in OCaml and provides numerous features: synchronization between GitHub and GitLab to allow the use of GitLab for automatic testing (continuous integration), management of milestones on issues, management of the backporting process, merging of pull request upon request by maintainers, etc.

Most of the features are used only for the development of Coq, but the synchronization with GitLab feature is also used in dozens of independent projects.

The Julien Coolen's internship final release.

Added

Integrate with Jason Gross' coq-bug-minimizer tool. Merge a branch in the coq repository if some conditions are met, by writing @coqbot: merge now in a comment. Parameterize the bot with a configuration file. Installation as a GitHub App is supported. Report CI status checks with the Checks API when using the GitHub app. Report errors of jobs in allow failure mode when the Checks API is used.

Changed

Refactored the architecture of the application and of the bot-components library Always create a merge commit when pushing to GitLab. More informative bot merge commit title for GitLab CI.

Hugo Herbelin developed in collaboration with Nuria Brede (U. Potsdam) a unified approach of the underlying logical structure of choice and bar induction principles 23. The work was presented at LICS 2021, TYPES 2021 and at the Proof Society Virtual Seminar.

Building on the work initiated in 2020, Alexis Saurin expanded his work on proof-net construction building on an interpretation a general view of sequentialization as a converse operation to proof construction for a class of correctness criteria. This approach contrast to focusing proof-search which reduces the non-determinism of the search for a proof by adding sequentializability constraints in sequent proofs (sometimes refered to as hypersequentialized in this case) preserving the completeness of the resulting proof-search space. After considering paraproofnet-search as a dual operation to the parsing correctness criterion, he is currently investigating how proof-structures contractibility properties, which can also be viewed as a distributed sequentialization of a proof-graph, can lead to proof construction mechanisms.

Late 2021, he started a collaboration with Aurore Alcolei and Luc Pellissier on a related topic, namely an approach to interactive proof construction in game-semantical frameworks (concurrent games, ludics...) to express the search for proofs as specified by a set of counter-strategies presented as proof-nets, or more abstractly desequentialized strategies.

Emilio J. Gallego Arias and Jim Lipton continued work on algebraic models of proof search, in particular they have developed a notion of step-indexed tabular alegory which provides an improved semantic setting for the proof search machine developed in Gallego's PhD.

Alexis Saurin generalized the cut-elimination-theorem for non-wellfounded proofs of multiplicative additive linear logic with least and greatest fixed points (

An advantage of this approach is to abstract from the precise choice of a validity condition making the proof quite robust wrt. modifications of the validity conditions. For instance it adapts nicely to bouncing validity.

Together with Luc Pellissier (LACL, Université Paris Est-Créteil), Abhishek De and Alexis Saurin generalized infinets 55 (proof-nets for non-wellfounded proofs of

In a collaboration with Anupam Das, Abhishek De and Alexis Saurin investigated the decision problems for variants of linear logic with fixed-points. Decision problems for fragments of linear logic exhibiting `infinitary' behaviour (such as exponentials) are notoriously complicated. In this work, they addressed the decision problems for variations of linear logic with fixed points (muMALL), in particular, recent systems based on `circular' and `non-wellfounded' reasoning. In particular, they show that muMALL is undecidable.

More explicitly, they show that the general non-wellfounded system is

In 2021 Thomas Ehrhard, motivated by an earlier wook 58 (long version to appear in the journal LMCS in 2022), has developed the differential aspects of probabilistic coherence spaces, a denotational model of Linear Logic which provides a faithful account of stochastic programs. In this model programs are represented as analytic functions which can be written as powerseries with non-negative coefficients and such functions can be deriveted an arbitrary number of times, whatever be their type. Ehrhard has developed a categorical and syntactical framework for such differential models of Linear Logic, where addition is only partially defined: the fundamental observation is that, even if the differential calculus requires addition as it is well known, one does not need all of them and many models of Linear Logic feature enough additions for hosting a fully-fledged differential calculus. This shows that, contrarily to what was believed earlier, differential Linear Logic and the differential lambda-calculus are compatible with deterministic computations. An article 57 is currently submitted to a journal.

With his PhD student Farzad Jafarrahmani, Ehrhard has developed a categorical semantics of Linear Logic with least and greatest fixpoints of types, with logical fixpoint rules generalizing those introduced by David Baelde, adapting Park's rules. They have also developed a concrete example of such categories, the non-uniform totality spaces, where least and greatest fixpoints have distinct interpretations. This work has been published 59.

Thomas Ehrhard, Farzad Jafarrahmani and Alexis Saurin extended the previous work to polarized Linear Logic with fixed-points. One of our objectives is to develop Linear Logic foundations to inductive and coinductive types in Coq.

Last, they presented to TLLA 2021 60 the first results on extending the above interpretation to circular proofs unveiling the denotational counterpart of the validity condition of circular proofs.

The truth semantics of linear logic (i.e. phase semantics) is often overlooked despite having a wide range of applications and deep connections with several denotational semantics. In phase semantics one is concerned about the provability of formulas rather than the contents of their proofs (or refutations).

Abhishek De, Farzad Jafarrahmani and Alexis Saurin extended the phase semantics of MALL to

They also considered a constructive fragment that yields a Tait-style wellfounded system (

With his Master student Naim Favier, Alexis Saurin studied polarization properties of linear logics from the point of view of phase semantics, obtainined a semantic proof of focusing in the case of MALL that he is currently working at lifting to

Chardonnet's PhD research focuses on extending quantum programming languages with inductive and coinductive types, under the hypothesis of quantum control (as in QML 35 compared to classical control).
In 2021, Chardonnet, Saurin and Valiron developed their work
on a language of type isomorphisms with inductive and coinductive types and understanding the connections of those reversible programs with

In a collaboration with Valiron and Vilmart, Chardonnet investigated an asynchronous model of Geometry of Interaction for the pure ZX-Calculus, a graphical language for quantum computation, and its extension to ground-processes. This GoI semantics takes the form of a Token Machine. They showed how to connect this new semantics to the usual standard interpretation of the ZX-diagrams. This was published in MFCS 2021 47.

In addition, in a collaboration with Lemonnier and Valiron, he presented a categorical semantics for reversible computation. Focusing on a typed, functional reversible language based on Theseus, they discuss how join inverse rig categories do not in general capture pattern-matching, the core construct used in Theseus to enforce reversibility and then derive a categorical structure to add to join inverse rig categories in order to capture pattern-matching, showing how such a structure makes an adequate model for reversible pattern-matching. This work was published in MFPS 2021 46.

The work of Alen Đurić, Pierre-Louis Curien and Yves Guiraud on coherent presentations of monoids admitting a Garside family has been submitted, and presented at the workshop “Braids and beyond" held in memory of Patrick Dehornoy in September 2021 30.

Pierre-Louis Curien has found a new, elementary, proof of the isomorphism between many-to-one polygraphs on one hand, and opetopic sets on the other hand. This result had been proved quite indirectly by Harnik, Makkai, and Zawadowski in 2008. A more direct proof was given by Cédric Ho Tanh (former student of the team) in his PhD thesis (2019), with a reference to some results of Simon Henry. The new proof is entirely self-contained, and, more importantly, unveils invariants of the polygraphic syntax. It will be presented at the 2022 Workshop on Polynomial Functors to be held in April 2022 at the Topos Institute (virtually).

Antoine Allioux (PhD started in February 2018), Eric Finster, Yves Guiraud and Matthieu Sozeau continued to explore the development of higher algebra in type theory, based on an extension of type theory with a universe of strict polynomial monads. Their approach and their work on internalising the

Vincent Blazy, Hugo Herbelin and Pierre Letouzey continued a work aiming at making explicit the universe subtyping in the Calculus of Constructions (PhD thesis of Vincent Blazy). The first goal is to detect more easily each use of the Prop-Type cumulativity in Coq, with potential application to Coq extraction and also to the mathematical foundations.

Thierry Martinez carried on full time the implementation of a dependent pattern-matching compilation algorithm in Coq based on the PhD thesis work of Pierre Boutillier and on the internship work of Meven Bertrand. Together with Meven Bertrand and Hugo Herbelin, they almost reached the point of submitting a paper describing the implementation.

In January 2020, Théo Zimmermann was recruited on a three-year fixed term position to contribute both to the collaborative maintenance and evolution effort around Coq and its community, and to further investigate these software engineering aspects through empirical methods.

From a technical standpoint, in 2021, Théo Zimmermann has collaborated with Cyril Cohen (Inria Stamp) to create the Coq Nix Toolbox, which allows using the Nix package manager to contribute to and maintain Coq projects. In particular, this tool supports generating Continuous Integration (CI) configurations to test a project with its reverse dependencies (the projects that depend on it). This work was presented at the Coq Workshop 2021 32. He has also collaborated with Jason Gross (from MIT CSAIL) on integrating the bug minimizer created by Jason Gross in Coq's CI infrastructure, by relying on coqbot, the bot that Théo Zimmermann has created and maintains. This integration has allowed many Coq developers and contributors to benefit from automatic test-case reduction from CI failures. Théo Zimmermann is in the process of writing and submitting a paper on the topic, with Jason Gross and Adam Chlipala. The bot itself has also been the topic of another submission 31, with the various contributors to the bot as co-authors. In particular, the second co-author, Julien Coolen, was Théo Zimmerman's intern during the summer of 2020.

In June 2021, Théo Zimmermann supervised the internship of Jérémy Damour, who was tasked with several contributions to the Hydras & Co. project of Pierre Castéran. This work resulted in a publication at the national conference JFLA 2022 27.

From an empirical research standpoint, Théo Zimmermann has continued his collaboration with Jean-Rémy Falleri (from LaBRI) on understanding Community Package Maintenance Organizations. They have published a registered report about it at ICSME 2021 29, and are thus expected to submit a full journal version in 2022.

Finally, during the last three months of 2021, Théo Zimmermann has coordinated an ad hoc working group to prepare the Coq Community Survey that is being run in the beginning of 2022, with objectives to get an updated picture of the Coq community and to inform future decisions of the Coq development team. Emilio J. Gallego Arias also participated in this working group.

Emilio J. Gallego Arias continued work on revamping Coq's build system as to implement a workflow based on the state-of-the-art, industrial build system Dune. Many improvements were made including porting the OCaml parts of Coq to Dune, which allowed the team to remove large parts of custom build code, and with Ali Caglayan, Coq's test suite was made incremental. Additionally, Emilio J. Gallego Arias coordinated the release of Dune version 2.9. Many other improvements as to make Coq more modular and better prepared for upcoming incremental and multi-threaded type-checking were also made.

Hugo Herbelin, Emilio J. Gallego Arias and Théo Zimmermann, helped by members from Gallinette (Nantes) and Stamp (ex-Marelle, Sophia-Antipolis), devoted an important part of their time to coordinate the development, to review propositions of extensions of Coq from external and/or young contributors, and to propose themselves extensions, amounting to hundreths of proposals in the form of pull requests. Moreover, we organized a beginner-focused community Hackathon in early 2022, including a diversity session, with peak attendance of over 100 contributors. Similar community events are planned later on.

Emilio J. Gallego Arias and Shachar Itzaky continued the development of the education-targeted tool jsCoq, which saw in 2021 5 new releases bringing many new features and refinements, and in particular a new backend that has made us declare the tool "production ready" for the first time.

Emilio J. Gallego Arias also maintained the coq-serapi tool, used in a few labs as the standard communication API with Coq to perform experiments (including machine learning ones). In collaboration with Thierry Martinez, Gallego Arias also released a pyCoq package which is specifically targeted at learning and software engineering researchers using Coq for their experiments.

Pierre Letouzey continued working on a Coq formalisation started with Yann Régis-Gianas, on regular expressions (with complement and conjunction) and their Brzozowski derivatives. Many techniques have been attempted to prove correct the exact details used in a real-world implementation (ml-ulex), but a complete proof of this implementation is still elusive.

Pierre Letouzey continued this year the study of a family of nested recursive functions proposed by D. Hofstadter in his book “Gödel Escher Bach”. Some earlier conjectures have been proved. In particular, the appearance of a Rauzy fractal during this work is now better understood. The formalization of these proofs are pending, requiring quite some matrix theory and complex polynomials. Another important conjecture states that this family of nested functions is increasing. Despite some progress, this conjecture still lacks a complete proof. More details on this site.

Daniel de Rauglaudre pursued his formalization in Coq of the Sensitivity Conjecture (which became a Theorem in 2019 thanks to Hao Huang 76). The sensitivity conjecture remained an open-problem for more than thirty years, aiming to relate the sensitivity of a Boolean function results to its input values to other complexity measures of Boolean functions, such as block sensitivity. De Rauglaudre started to formalize Huang's very succinct proof of the conjecture.

For proving some lemmas in this theorem, numerous formalizations in Linear Algebra (matrices, determinants, eigenvalues, permutations, sorting etc.) have been implemented. In this context, a study of algebra of ring-like structures has been started, and some syntax of iterators have been studied and added. This development is available a here.

Jean-Jacques Lévy pursues his work about formal proofs of graph algorithms. The goal is to provide computer-checked proofs of algorithms that remain human readable. At ITP 2019 48, they presented an article with Chen Ran, Cyril Cohen, Stephan Merz and Laurent Théry on three different ways of proving such an algorithm in Why3, Coq and Isabelle/HOL. By publishing the entire proofs, they encouraged the community to compare our proofs with the ones possible in other machine-checked proof systems.

Jean-Jacques Lévy now remodels his proof with new versions of Why3 and also plan to compare the existing Coq proof using Mathcomp/ssreflect with a proof using Coq classics. He still works on a proof of implementation of Tarjan SCC algorithm with imperative programming and memory pointers.

Hugo Herbelin and Ramkumar Ramachandra carried on their formalization in Coq of an original dependently-typed construction of semi-cubical sets inspired by the parametricity translation. This continued to highly stressed the limits of Coq, especially in terms of second-order unification, higher-order rewriting, efficiency.

Emilio J. Gallego Arias continued collaboration with Stefania Dumbrava and Cody Roux on the use of our verified Datalog engine 43 for the analysis of low-level binary code. In particular, using metacoq we have developed a method to translate datalog programs to Coq proof friendly specifications while preserving the semantic correspondence with the verified engine. This allows us to specify analysis as efficient datalog programs, but to prove properties about them using a more convenient native to Coq representation.

Esaïe Bauer, Emilio J. Gallego Arias and Alexis Saurin have started a Coq formalization of infinitary proofs and their validity checking using Parity Automaton. They have started from the proof methodology developed for the the math-comp library, but this particular topic poses many interesting challenges from the point of view of proof engineering, in particular related to the formalization of infinite graphs and automaton in a natural way.

Emilio J. Gallego Arias and Pierre Jouvelot presented their work on a formalized synchronous language for linear DSP processors at the FARM 2021 conference (part of ICFP), which was held virtually. The development produced a paper and uses techniques from the programming language literature such as logical relations to prove that every well typed program is linear (in the linear algebra sense). This opens up the door to many other interesting developments which are being discussed now.

Emilio J. Gallego Arias collaborated with Pierre Jouvelot on the formalized verification of the general Vickrey-Clarke-Groves mechanism (see for example 86) using Coq, designing a Coq-based framework for the specification and refinement of mechanisms, covering classical examples from the literature. This has resulted in a conference paper submission early 2022.

An industrial contract started with Nomadics Lab aiming at improving the development of Coq (continuous integration, merging of pull requests, bug tracking, improving the release process, ...) and of its package ecosystem (for instance building documented best practices, tools and easy installers for newcomers).

Theo Zimmermann started a three-year research engineer position in January 2020 funded by this contract, continuing his research and development work about improving the Software Engineering practices of the development of Coq, especially to continue the improvement of the collaborative development processes and of its ecosystem.

A CIFRE PhD application with the goal of developing an assistant for the verification of software using Coq based on machine-learning techniques has been submitted to the ANRT, in collaboration with the Equisafe.io enterprise. The prospective student, Thomas Binetruy-Pic, is expected to start his PhD first half of 2022.

VIP (Verification, Interaction and Proofs), from 2017 coordinated by Ying JIANG, involving as partners the Chinese Academy of Sciences.

Pierre-Louis Curien, Thomas Ehrhard, Emilio J. Gallego Arias, Hugo Herbelin, Paul-André Melliès and Alexis Saurin are members of the GDR Informatique Mathématique, in the LHC (Logique, Homotopie, Catégories) and Scalp (Structures formelles pour le calcul et les preuves) working groups. Alexis Saurin is coordinator of the Scalp working group (see website here).

Pierre-Louis Curien and Paul-André Melliès
are members of the GDR Topologie Algébrique, federating French researchers working on classical topics of algebraic topology and homological algebra, such as homotopy theory, group homology, K-theory, deformation theory, and on more recent interactions of topology with other themes, such as higher categories and theoretical computer science.

Alexis Saurin is member of the ${S}^{3}$ ANR project coordinated by Christine Tasson (Sorbonne Université) as well as the

Kostia Chardonnet, Abhishek De, Thomas Ehrhard, Farzad Jafarrahmani, Hugo Herbelin, Paul-André Melliès, Daniela Petrisan and Alexis Saurin (coordinator) are members of the four-year RECIPROG project.
RECIPROG is an ANR collaborative project (aka. PRC) started in the fall 2021-2022 and running till the end of 2025. ReCiProg aims at extending the proofs-as-programs correspondence to recursive programs and circular proofs for logic and type systems using induction and coinduction. The project will contribute both to the necessary theoretical foundations of circular proofs and to the software development allowing to enhance the use of coinductive types and coinductive reasoning in the Coq proof assistant: such coinductive types present, in the current state of the art serious defects that the project will aim at solving.

The project is coordinated by Alexis Saurin and has four sites: IRIF in Paris Where

Thomas Ehrhard and Alexis Saurin are members of the Emergence de la Ville de Paris RealiSe project, aiming at a convergence between the studies on the semantics of functional programs (and their probabilistic extensions) and of reactive and synchronous programs. The project is led by Christine Tasson, from LIP6, and also involves memebers of PARKA team.

Thomas Erhard, Emilio J. Gallego Arias, and Paul-André Melliès have started a collaboration with the Inria SIERRA team in order to relate programming languages methods with machine learning and optimization techniques.

Hugo Herbelin has given an invited talk at the Proof Theory Virtual Seminar on june 16th 2021, entited "On the logical structure of choice and bar induction principles".

Pierre-Louis Curien has given an invited talk “Coherent presentations of monoids with a Garside family” at the workshop Braids and beyond, in the memory of Patrick Dehornoy (Caen, September 8-10, 2021, website).

Jean-Jacques Lévy was invited to give a talk “Vive la Recherche en Informatique !” at the seminar of LMF (Laboratoire des Méthodes Formelles) in ENS Saclay (October 15).

Jean-Jacques Lévy gave a tutorial on “Finite Developments in the Lambda-Calculus” at ISR 2021 (the 12th International School on Rewriting), Madrid, 5-16 July 2021. [hal-03566512]

Alexis Saurin has given an invited talk at the Proof Theory Virtual Seminar, on november 17th, entitled "Virtuous circles in proofs" .

Alexis Saurin was a member of the CRCN and ISFP hiring committee for INRIA Saclay.

Alexis Saurin is a member of the research council for the Faculté des sciences of Université de Paris.

Thomas Ehrhard, Hugo Herbelin, Paul-André Melliès and Alexis Saurin seat and the scientific council of UFR d'informatique, Université de Paris.

Pierre-Louis Curien has been teaching a course “Homotopical algebra and higher categories" in the Master LMFI of Université de Paris in 2020-2021.

Thomas Ehrhard and Paul-André Melliès taught the course on denotational semantics at Master MPRI of Université de Paris in the first and second semester 2020-2021 and 2021-2022.

Hugo Herbelin and Hugo Moeneclaey taught a class on Homotopy Type Theory in the Master LMFI of Université de Paris in the second semester of 2020-2021.

Pierre Letouzey taught the course on functional programming, proof assistants and M2 LMFI.

Paul-André Melliès taught the course on lambda-calculus and categories at ENS Ulm (M1 MPRI).

Daniela Petrisan taught in the automata course of M2 MPRI.

Alexis Saurin has been teaching a course in proof theory in the Master LMFI of Université de Paris in the first semester of 2021-2022.

Jean-Jacques Lévy is member of the Inria-Alumni’s executive committee (6 meetings in 2021). He co-organized and organized 2 sessions about Quantum Computing (June 2) and Natural Language Processing (November 19).

Pierre-Louis Curien, jointly with Nicolas Curien, has published a recreational mathematics article with title “Quand les nombres content autant qu’ils comptent” in the journal La Recherche (numéro 561, juillet-août 2021).

Jean-Jacques Lévy has sent an article 83 about Tracking Redexes in the Lambda-Calculus for a chapter in the future book FSP92 (the French Science of Programming), edited by Bertrand Meyer (ETHZ).