Since 2012, the research conducted in

2021 is the final year of the project-team which shall be replaced, early 2022, by a newly created team, named PiCube, welcoming new members and exploring new research directions which will be presented in this report.

Proof theory is the branch of logic devoted to the study of the structure of proofs. An essential contributor to this field is Gentzen 61 who developed in 1935 two logical formalisms that are now central to the study of proofs. These are the so-called “natural deduction”, a syntax that is particularly well-suited to simulate the intuitive notion of reasoning, and the so-called “sequent calculus”, a syntax with deep geometric properties that is particularly well-suited for proof automation.

Proof theory gained a remarkable importance in computer science when it
became clear, after genuine observations first by Curry in
1958 56, then by Howard and de Bruijn at the end of the
60's 73, 48, that proofs had the very same
structure as programs: for instance, natural deduction proofs can be
identified as typed programs of the ideal programming language known
as

This proofs-as-programs correspondence has been the starting point to a large spectrum of researches and results contributing to deeply connect logic and computer science. In particular, it is from this line of work that Coquand and Huet's Calculus of Constructions 55, 53 stemmed out – a formalism that is both a logic and a programming language and that is at the source of the Coq system 90.

The

To explain the Curry-Howard correspondence, it is important to
distinguish between intuitionistic and classical logic: following
Brouwer at the beginning of the 20th century,
classical logic is a logic that accepts the use of reasoning by
contradiction while intuitionistic logic proscribes it. Then,
Howard's observation is that the proofs of the intuitionistic natural
deduction formalism exactly coincide with
programs in the (simply typed)

A major achievement has been accomplished by Martin-Löf who designed in 1971 a formalism, referred to as modern type theory, that was both a logical system and a (typed) programming language 82.

In 1985, Coquand and Huet 55, 53 in the Formel
team of INRIA-Rocquencourt explored an alternative approach
based on Girard-Reynolds' system

The first public release of CoC dates back to 1989. The same project-team developed the programming language Caml (nowadays called OCaml and coordinated by the Gallium team) that provided the expressive and powerful concept of algebraic data types (a paragon of it being the type of lists). In CoC, it was possible to simulate algebraic data types, but only through a not-so-natural not-so-convenient encoding.

In 1989, Coquand and Paulin 54 designed an extension of the Calculus of Constructions with a generalisation of algebraic types called inductive types, leading to the Calculus of Inductive Constructions (CIC) that started to serve as a new foundation for the Coq system. This new system, which got its current definitive name Coq, was released in 1991.

In practice, the Calculus of Inductive Constructions derives its strength from being both a logic powerful enough to formalise all common mathematics (as set theory is) and an expressive richly-typed functional programming language (like ML but with a richer type system, no effects and no non-terminating functions).

During 1984-2012 period, about 40 persons have contributed to the development of Coq, out of which 7 persons have contributed to bring the system to the place it was six years ago. First Thierry Coquand through his foundational theoretical ideas, then Gérard Huet who developed the first prototypes with Thierry Coquand and who headed the Coq group until 1998, then Christine Paulin who was the main actor of the system based on the CIC and who headed the development group from 1998 to 2006. On the programming side, important steps were made by Chet Murthy who raised Coq from the prototypical state to a reasonably scalable system, Jean-Christophe Filliâtre who turned to concrete the concept of a small trustful certification kernel on which an arbitrary large system can be set up, Bruno Barras and Hugo Herbelin who, among other extensions, reorganised Coq on a new smoother and more uniform basis able to support a new round of extensions for the next decade.

The development started from the Formel team at Rocquencourt but, after Christine Paulin got a position in Lyon, it spread to École Normale Supérieure de Lyon. Then, the task force there globally moved to the University of Orsay when Christine Paulin got a new position there. On the Rocquencourt side, the part of Formel involved in ML moved to the Cristal team (now Gallium) and Formel got renamed into Coq. Gérard Huet left the team and Christine Paulin started to head a Coq team bilocalised at Rocquencourt and Orsay. Gilles Dowek became the head of the team which was renamed into LogiCal. Following Gilles Dowek who got a position at École Polytechnique, LogiCal moved to the new INRIA Saclay research center. It then split again, giving birth to ProVal. At the same time, the Marelle team (formerly Lemme, formerly Croap) which has been a long partner of the Formel team, invested more and more energy in the formalisation of mathematics in Coq, while contributing importantly to the development of Coq, in particular for what regards user interfaces.

After various other spreadings resulting from where the wind pushed former PhD students, the development of Coq got multi-site with the development now realised mainly by employees of INRIA, the CNAM, and Paris Diderot.

In the last seven years, Hugo Herbelin and Matthieu Sozeau coordinated the development of the system, the official coordinator hat passed from Hugo to Matthieu in August 2016. The ecosystem and development model changed greatly during this period, with a move towards an entirely distributed development model, integrating contributions from all over the world. While the system had always been open-source, its development team was relatively small, well-knit and gathered regularly at Coq working groups, and many developments on Coq were still discussed only by the few interested experts.

The last years saw a big increase in opening the development to external scrutiny and contributions. This was supported by the “core” team which started moving development to the open GitHub platform (including since 2017 its bug-tracker 91 and wiki), made its development process public, starting to use public pull requests to track the work of developers, organising yearly hackatons/coding-sprints for the dissemination of expertise and developers & users meetings like the Coq Workshop and CoqPL, and, perhaps more anecdotally, retransmitting Coq working groups on a public YouTube channel.

This move was also supported by the hiring of Maxime Dénès in 2016 as an INRIA research engineer (in Sophia-Antipolis), and the work of Matej Košík (2-year research engineer). Their work involved making the development process more predictable and streamlined and to provide a higher level of quality to the whole system. In 2018, a second engineer, Vincent Laporte, was hired. Yves Bertot, Maxime Dénès and Vincent Laporte are developing the Coq consortium, which aims to become the incarnation of the global Coq community and to offer support for our users.

Today, the development of Coq involves participants from the INRIA project-teams pi.r2 (Paris), Marelle (Sophia-Antipolis), Toccata (Saclay), Gallinette (Nantes), Gallium (Paris), and Camus (Strasboug), the LIX at École Polytechnique and the CRI Mines-ParisTech. Apart from those, active collaborators include members from MPI-Saarbrucken (D. Dreyer's group), KU Leuven (B. Jacobs group), MIT CSAIL (A. Chlipala's group, which hosted an INRIA/MIT engineer, and N. Zeldovich's group), the Institute for Advanced Study in Princeton (from S. Awodey, T. Coquand and V. Voevodsky's Univalent Foundations program) and Intel (M. Soegtrop). The latest released versions have typically a couple of dozens of contributors (e.g. 40 for 8.8, 54 for 8.9, ...).

On top of the developer community, there is a much wider user community, as Coq is being used in many different fields. The Software Foundations series, authored by academics from the USA, along with the reference Coq'Art book by Bertot and Castéran 45, the more advanced Certified Programming with Dependent Types book by Chlipala 51 and the recent book on the Mathematical Components library by Mahboubi, Tassi et al. provide resources for gradually learning the tool.

In the programming languages community, Coq is being taught in two summer schools, OPLSS and the DeepSpec summer school. For more mathematically inclined users, there are regular Winter Schools in Nice and in 2017 there was a school on the use of the Univalent Foundations library in Birmingham.

Since 2016, Coq also provides a central repository for Coq packages,
the Coq opam archive, relying on the OCaml opam package manager and including
around 250 packages contributed by users. It would be too long
to make a detailed list of the uses of Coq in the wild. We only highlight
four research projects relying heavily on Coq. The Mathematical Components library has its origins in the formal
proof of the Four Colour Theorem and has grown to cover many areas of mathematics in Coq
using the now integrated (since Coq 8.7) SSReflect proof language.
The DeepSpec project is an NSF Expedition project led by
A. Appel whose aim is full-stack verification
of a software system, from machine-checked proofs of circuits to an operating system to a
web-browser, entirely written in Coq and integrating many large projects into one. The ERC CoqHoTT project led by N. Tabareau
aims to use logical tools to extend the expressive power of Coq, dealing with the univalence axiom and
effects. The ERC RustBelt project led by D. Dreyer concerns the development of rigorous formal foundations for the Rust programming language, using the Iris Higher-Order Concurrent Separation Logic Framework in Coq.

We next briefly describe the main components of Coq.

The architecture adopts the so-called de Bruijn principle: the well-delimited kernel
of Coq ensures the correctness
of the proofs validated by the system. The kernel is rather stable
with modifications tied to the evolution of the underlying Calculus of
Inductive Constructions formalism. The kernel includes an
interpreter of the programs expressible in the CIC and this
interpreter exists in two flavours: a customisable lazy evaluation
machine written in OCaml and a call-by-value bytecode interpreter
written in C dedicated to efficient computations. The kernel also
provides a module system.

The concrete user language of Coq, called Gallina, is a
high-level language built on top of the CIC. It includes a type
inference algorithm, definitions by complex pattern-matching, implicit
arguments, mathematical notations and various other high-level
language features. This high-level language serves both for the
development of programs and for the formalisation of mathematical
theories. Coq also provides a large set of commands. Gallina and
the commands together forms the Vernacular language of Coq.

The standard library is written in the vernacular language of Coq.
There are libraries for various arithmetical structures and various
implementations of numbers
(Peano numbers, implementation of

The tactics are the methods available to conduct proofs. This includes the basic inference rules of the CIC, various advanced higher level inference rules and all the automation tactics. Regarding automation, there are tactics for solving systems of equations, for simplifying ring or field expressions, for arbitrary proof search, for semi-decidability of first-order logic and so on. There is also a powerful and popular untyped scripting language for combining tactics into more complex tactics.

Note that all tactics of Coq produce proof certificates that are checked by the kernel of Coq. As a consequence, possible bugs in proof methods do not hinder the confidence in the correctness of the Coq checker. Note also that the CIC being a programming language, tactics can have their core written (and certified) in the own language of Coq if needed.

Extraction is a component of Coq that maps programs (or even computational proofs) of the CIC to functional programs (in OCaml, Scheme or Haskell). Especially, a program certified by Coq can further be extracted to a program of a full-fledged programming language then benefiting of the efficient compilation, linking tools, profiling tools, ... of the target language.

Coq is a feature-rich system and requires extensive training in order to be used proficiently; current documentation includes the reference manual, the reference for the standard library, as well as tutorials, and related tooling [sphinx plugins, coqdoc]. The jsCoq tool allows writing interactive web pages were Coq programs can be embedded and executed.

Coq is used in large-scale proof developments, and provides users miscellaneous tooling to help with them: the coq_makefile and Dune build systems help with incremental proof-checking; the Coq OPAM repository contains a package index for most Coq developments; the CoqIDE, ProofGeneral, jsCoq, and VSCoq user interfaces are environments for proof writing; and the Coq's API does allow users to extend the system in many important ways. Among the current extensions we have QuickChik, a tool for property-based testing; STMCoq and CoqHammer integrating Coq with automated solvers; ParamCoq, providing automatic derivation of parametricity principles; MetaCoq for metaprogramming; Equations for dependently-typed programming; SerAPI, for data-centric applications; etc... This also includes the main open Coq repository living at Github.

Dependently typed programming (shortly DTP) is an emerging concept
referring to the diffuse and broadening tendency to develop
programming languages with type systems able to express program
properties finer than the usual information of simply belonging to
specific data-types. The type systems of dependently-typed programming
languages allow to express properties dependent of the input and
the output of the program (for instance
that a sorting program returns a list of same size as its
argument). Typical examples of such languages were the Cayenne
language, developed in the late 90's at Chalmers University in Sweden
and the DML language developed at Boston. Since then, various new
tools have been proposed, either as typed programming languages whose
types embed equalities (

DTP contributes to a general movement leading to the fusion between logic and programming. Coq, whose language is both a logic and a programming language which moreover can be extracted to pure ML code plays a role in this movement and some frameworks combining logic and programming have been proposed on top of Coq (Concoqtion at Rice and Colorado, Ynot at Harvard, Why in the ProVal team at INRIA, Iris at MPI-Saarbrucken). It also connects to Hoare logic, providing frameworks where pre- and post-conditions of programs are tied with the programs.

DTP approached from the programming language side generally benefits of a full-fledged language (e.g. supporting effects) with efficient compilation. DTP approached from the logic side generally benefits of an expressive specification logic and of proof methods so as to certify the specifications. The weakness of the approach from logic however is generally the weak support for effects or partial functions.

In between the decidable type systems of conventional data-types based
programming languages and the full expressiveness of logically
undecidable formulae, an active field of research explores a spectrum
of decidable or semi-decidable type systems for possible use in
dependently typed programming languages. At the beginning of the spectrum,
this includes, for instance, the system F's extension ML

For two decades, the Curry-Howard correspondence has been limited to the intuitionistic case but since 1990, an important stimulus spurred on the community following Griffin's discovery that this correspondence was extensible to classical logic. The community then started to investigate unexplored potential connections between computer science and logic. One of these fields is the computational understanding of Gentzen's sequent calculus while another one is the computational content of the axiom of choice.

Indeed, a significant extension of the Curry-Howard correspondence has been
obtained at the beginning of the 90's thanks to the seminal
observation by Griffin 63 that some operators known as
control operators were typable by the principle of double negation
elimination (

Control operators are used to jump from one location of a
program to another. They were first considered in the 60's by
Landin 79 and Reynolds 85 and started to
be studied in an abstract way in the 80's by Felleisen et
al 59, leading to Parigot's

The Curry-Howard interpretation of sequent calculus started to be
investigated at the beginning of the 90's. The main technicality of
sequent calculus is the presence of left introduction inference
rules, for which two kinds of interpretations are
applicable. The first approach interprets left introduction rules as
construction rules for a language of patterns but it does not really
address the problem of the interpretation of the implication
connective. The second approach, started in 1994, interprets left
introduction rules as evaluation context formation rules. This line of
work led in 2000 to the design by Hugo Herbelin and
Pierre-Louis Curien of a symmetric calculus exhibiting deep dualities
between the notion of programs and evaluation contexts and between the
standard notions of call-by-name and call-by-value evaluation semantics.

Abstract machines came as an intermediate evaluation device, between
high-level programming languages and the computer microprocessor. The
typical reference for call-by-value evaluation of

Delimited control extends the expressiveness of control operators with
effects: the fundamental result here is a completeness result by
Filinski 60: any side-effect expressible in monadic
style (and this covers references, exceptions, states, dynamic
bindings, ...) can be simulated in

Like ordinary categories, higher-dimensional categorical structures originate in algebraic topology. Indeed, fundamental $\infty $-groupoid

In the last decades, the importance of higher-dimensional categories has grown fast, mainly with the new trend of categorification that currently touches algebra and the surrounding fields of mathematics. Categorification is an informal process that consists in the study of higher-dimensional versions of known algebraic objects (such as higher Lie algebras in mathematical physics 43) and/or of “weakened” versions of those objects, where equations hold only up to suitable equivalences (such as weak actions of monoids and groups in representation theory 57).

The categorification process has also reached logic, with the introduction of homotopy type theory. After a preliminary result that had identified categorical structures in type theory 72, it has been observed recently that the so-called “identity types” are naturally equiped with a structure of

Higher-dimensional categories are algebraic structures that contain, in essence, computational aspects. This has been recognised by Street 89, and independently by Burroni 49, when they have introduced the concept of computad or polygraph as combinatorial descriptions of higher categories. Those are directed presentations of higher-dimensional categories, generalising word and term rewriting systems.

In the recent years, the algebraic structure of polygraph has led to a new theory of rewriting, called higher-dimensional rewriting, as a unifying point of view for usual rewriting paradigms, namely abstract, word and term rewriting 78, 81, 68, 69, and beyond: Petri nets 71 and formal proofs of classical and linear logic have been expressed in this framework 70. Higher-dimensional rewriting has developed its own methods to analyse computational properties of polygraphs, using in particular algebraic tools such as derivations to prove termination, which in turn led to new tools for complexity analysis 46.

The homotopical properties of higher categories, as studied in mathematics, are in fact deeply related to the computational properties of their polygraphic presentations. This connection has its roots in a tradition of using rewriting-like methods in algebra, and more specifically in the works of Anick 40 and Squier 88, 87: Squier has proved that, if a monoid finite, terminating and confluent rewriting system, then its third integral homology group finite derivation type (a property of homotopical nature). This allowed him to conclude that finite convergent rewriting systems were not a universal solution to decide the word problem of finitely generated monoids. Since then, Yves Guiraud and Philippe Malbos have shown that this connection was part of a deeper unified theory when formulated in the higher-dimensional setting 11, 12, 66, 67, 65.

In particular, the computational content of Squier's proof has led to a constructive methodology to produce, from a convergent presentation, coherent presentations and polygraphic resolutions of algebraic structures, such as monoids 11 and algebras 10. A coherent presentation of a monoid

The application domains of the team researchers range from the formalization of mathematical theories and computational systems using the Coq proof assistant to the design of programming languages with rich type systems and the design and analysis of certified program transformations.

The environmental impact of the team is mainly two sorts:

Members of the team are committed to decreasing the environmental impact of our research. In the IRIF lab environment, a working group investigates the footprint of our scientific community and its practices (notably numerous international conferences) and the potential medium and long-term evolution that can be made. Several members of the team and active contributors or interested followers of the WG. As an achievement of this working group, recommendations have been made at the IRIF level to encourage every lab member to travel by train rather than by plane when the travel duration is not significantly longer by train.

One main event and highlight of this year 2022 has been the creation of the Picube team the 1st of December, after its formal presentation to the project committee in May, and its official validation in November after examination by a committee of experts from INRIA, CNRS and Université Paris Cité. As it was already the case with the PiR2 team, the new Picube team is a joint research team between Université Paris Cité, INRIA Paris and the CNRS. The Picube team is hosted by the Institut de Recherche en Informatique Fondamentale (IRIF) lab and all researchers of the team are thus members of the IRIF lab. The purpose of the Picube research team is to take advantage of the most recent advances in

in order to reduce the gap which currently separates the the vernacular language used by the working mathematicians in their daily practice and the formal language used today in proof assistants such as Coq, Agda or Lean. The research project builds on the knowledge and expertise of the PiR2 team, and integrates to it a number of new ingredients in the direction of certified mathematics, differential and probabilistic programming, and machine learning. The project is structured into five scientific areas of focus:

Except for Yves Guiraud (CR INRIA) who decided to join the Ouragan INRIA team and IMJ-PRG, all the former members of PiR2 are also members of the Picube team. The Picube research team incorporates moreover three new members: Thomas Ehrhard (DR CNRS), Daniela Petrişan (MdC Université Paris Cité) and Paul-André Melliès (DR CNRS) who will become the team leader. Thomas Ehrhard is a specialist of proof theory and programming language semantics. He will bring to the team his deep understanding of the emerging connections between linear logic and functional analysis, with promising connections to differential and probabilistic programming. Daniela Petrişan is a specialist of categorical and topological methods in logic, automata theory and programming language semantics. She will bring to the team her expertise on topological and metric interpretations of type theory and process calculi, with the hope of building a unified framework integrating coalgebraic methods and dependent type theory. Paul-André Melliès is a specialist of category theory and programming language semantics, with a fascination for the numerous emerging connections between Martin-Löf type theory, homotopy theory, linear logic, game semantics and higher-order automata theory.

In the continuation of the work of the PiR2 team, the Picube research team will contribute to the education of new generations of students taking the lead in proof assistant technology and formalisation of mathematics and computer science. We will benefit from the fact that Picube is a joint project team with the IRIF lab of Université de Paris, within the Fondation des Sciences Mathématiques de Paris (FSMP) and with an active participation of its members to the Master Logique Mathématique et Fondements de l’Informatique (LMFI) and the Master Parisien de Recherche en Informatique (MPRI) both taught in the Bâtiment Sophie Germain where the IRIF lab is located. We believe that the development of a formal corpus of mathematics is a foundational challenge potentially as important as the Bourbaki enterprise initiated in the late 1930s.

The work of the team was affected by several problems:

Coq version 8.16 integrates changes to the Coq kernel and performance improvements along with a few new features. We highlight some of the most impactful changes here:

The guard checker (see Guarded) now ensures strong normalization under any reduction strategy.

Irrelevant terms (in the SProp sort) are now squashed to a dummy value during conversion, fixing a subject reduction issue and making proof conversion faster.

Introduction of reversible coercions, which allow coercions relying on meta-level resolution such as type-classes or canonical structures. Also allow coercions that do not fullfill the uniform inheritance condition.

Generalized rewriting support for rewriting with Type-valued relations and in Type contexts, using the Classes.CMorphisms library.

Added the boolean equality scheme command for decidable inductive types.

Added a Print Notation command.

Incompatibilities in name generation for Program obligations, eauto treatment of tactic failure levels, use of ident in notations, parsing of module expressions.

Standard library reorganization and deprecations.

Improve the treatment of standard library numbers by Extraction.

See https://coq.inria.fr/refman/changes.html#version-8-16 for a detailed changelog.

This software is a bot to help and automatize the development of the Coq proof assistant on the GitHub platform. It is written in OCaml and provides numerous features: synchronization between GitHub and GitLab to allow the use of GitLab for automatic testing (continuous integration), management of milestones on issues, management of the backporting process, merging of pull request upon request by maintainers, etc.

Most of the features are used only for the development of Coq, but the synchronization with GitLab feature is also used in dozens of independent projects.

The Julien Coolen's internship final release.

Added

Integrate with Jason Gross' coq-bug-minimizer tool. Merge a branch in the coq repository if some conditions are met, by writing @coqbot: merge now in a comment. Parameterize the bot with a configuration file. Installation as a GitHub App is supported. Report CI status checks with the Checks API when using the GitHub app. Report errors of jobs in allow failure mode when the Checks API is used.

Changed

Refactored the architecture of the application and of the bot-components library Always create a merge commit when pushing to GitLab. More informative bot merge commit title for GitLab CI.

Together with Ilik, Herbelin submitted a paper analyzing the constructive content of Henkin's proof of Gödel's completeness theorem

Gödel’s completeness theorem for classical first-order logic is one of the most basic theorems of logic and Henkin's proof method is probably the most widely taught. Central to any foundational course in logic, it connects the notion of valid formula to the notion of provable formula. In this paper, they survey a few standard formulations and proofs of this completeness theorem before focusing on the formal description of a slight modification of Henkin’s proof within intuitionistic second-order arithmetic.

In the context of the completeness of intuitionistic logic with respect to various semantics such as Kripke or Beth semantics, it is standard to follow the Curry-Howard correspondence and to interpret the proofs of completeness as programs which turn proofs of validity for these semantics into proofs of derivability. They apply this approach to Henkin’s proof to phrase it as a program which transforms any proof of validity with respect to Tarski semantics into a proof of derivability. This sheds an “effective” light on the relation between Tarski semantics and syntax: proofs of validity are syntactic objects that we can manipulate and compute with, just like ordinary syntax.

Ehrhard published a paper developing the differential aspects of probabilistic coherence spaces, a denotational model of Linear Logic which provides a faithful account of stochastic programs. In this model programs are represented as analytic functions which can be written as powerseries with non-negative coefficients and such functions can be deriveted an arbitrary number of times, whatever be their type. Thomas Ehrhard explored two related applications of the corresponding derivatives. First he showed how derivatives allow to compute the expectation of execution time in the weak head reduction of probabilistic PCF (pPCF). Next he applied a general notion of “local” differential of morphisms to the proof of a Lipschitz property of these morphisms allowing in turn to relate the observational distance on pPCF terms to a distance the model is naturally equipped with. This suggests that extending probabilistic programming languages with derivatives, in the spirit of the differential lambda-calculus, could be quite meaningful.

In more recent developments, currently submitted 58, Ehrhard has developed a categorical and syntactical framework for such differential models of Linear Logic, where addition is only partially defined: the fundamental observation is that, even if the differential calculus requires addition as it is well known, one does not need all of them and many models of Linear Logic feature enough additions for hosting a fully-fledged differential calculus. This shows that, contrarily to what was believed earlier, differential Linear Logic and the differential lambda-calculus are compatible with deterministic computations.

Large-scale software verification relies critically on the use of compositional languages,
semantic models, specifications, and verification techniques.
In collaboration with Zhong Shao's CertiKOS group (Yale) and Léo Stefanesco (MPI Kaiserslautern),
Melliès has developed 23 a layered and object-based game
semantics based on coherence spaces.
In the resulting game semantics of low-level concurrent code,
every program is interpreted as a concurrent and possibly non-deterministic strategy
connecting an underlay signature to an overlay signature.
The interpretation of the low-level code relies
on a non-commutative form

Levy wrote a book chapter36 to be published in 202 in which he reviews notions of residuals of redexes to keep track of redexes along reductions in the lambda calculus and families of redexes keep track of redexes created along these reductions. He discusses how their relation to a labeled-calculus and extends these properties to combinatory logic, term rewriting systems, process calculi and proofnets of linear logic.

In a collaboration with Aurore Alcolei and Luc Pellissier, Alexis Saurin internalised the notion of jumps of linear logic proof-nets (which can be used as an alternative to boxes) in a slight extension of MLL. Jumps which have been extensively studied by Faggian and di Giamberardino (building on prior work by Curien and Faggian on L-nets) can express intermediate degrees of sequentialization between a sequent calculus proof and a fully desequentialized proof-net. In this still ongoing work, Alcolei, Pellissier and Saurin analyzed the logical strength of jumps by internalizing them in an extention of MLL where axioms on a specific formula introduce constraints on the possible sequentializations. The jumping formula needs to be treated non-linearly, which they do either axiomatically, or by embedding it in a very controlled fragment of multiplicative-exponential linear logic, uncovering the exponential logic of sequentialization.

Emilio J. Gallego Arias and Jim Lipton continued work on algebraic models of proof search, in particular they have developed a notion of step-indexed tabular alegory which provides an improved semantic setting for the proof search machine developed in Gallego's PhD.

Jim Lipton visited the team in the summer 2022.

In collaboration with David Baelde, Amina Doumane and Denis Kuperberg, Alexis Saurin published at LICS 2022 25 a new validity criterion for circular and non-wellfoudned proofs that extends the original validity condition considered by Baelde, Doumane and Saurin in CSL 2016 1. This new condition is better-behaved wrt. the cut rules in that it takes into account the cut-axiom interaction in sequent proofs, allowing progressing threads to "bounce" on axioms and cut. This much more flexible criterion takes inspirations in Girard's geometry of interaction and works on additive proof-nets. The paper establishes cut-elimination and study the decidability properties of the validity condition. While the full bouncing validity is undecidable, they exhibit a hierarchy of criteria "of bounded heights" which are all decidable and the union of which corresponds to bouncing validity (which is, therefore, semi-decidable)

Alexis Saurin generalized the cut-elimination-theorem for non-wellfounded proofs of multiplicative additive linear logic with least and greatest fixed points (

Abhishek De completed his PhD on proof-nets for circular and non-wellfounded proofs, that he defended in december 1st.

In a collaboration with Anupam Das, Abhishek De and Alexis Saurin investigated the decision problems for variants of linear logic with fixed-points. Decision problems for fragments of linear logic exhibiting `infinitary' behaviour (such as exponentials) are notoriously complicated. In this work, they addressed the decision problems for variations of linear logic with fixed points (muMALL), in particular, recent systems based on `circular' and `non-wellfounded' reasoning. In particular, they show that muMALL is undecidable.

More explicitly, they show that the general non-wellfounded system is

Thomas Ehrhard, Farzad Jafarrahmani and Alexis Saurin extended the previous work by Ehrhard and Jafarrahmani to polarized Linear Logic with fixed-points. One of their objectives is to develop Linear Logic foundations to inductive and coinductive types in Coq.

They also extended the denotational semantics of

The truth semantics of linear logic (i.e. phase semantics) is often overlooked despite having a wide range of applications and deep connections with several denotational semantics. In phase semantics one is concerned about the provability of formulas rather than the contents of their proofs (or refutations).

Abhishek De, Farzad Jafarrahmani and Alexis Saurin extended the phase semantics of MALL to

They also considered a constructive fragment that yields a Tait-style wellfounded system (

Chardonnet's PhD research focuses on extending quantum programming languages with inductive and coinductive types, under the hypothesis of quantum control (as in QML 39 compared to classical control).
In 2021, Chardonnet, Saurin and Valiron developed their work
on a language of type isomorphisms with inductive and coinductive types and understanding the connections of those reversible programs with

The work of Alen Đurić, Pierre-Louis Curien and Yves Guiraud on coherent presentations of monoids admitting a Garside family has been submitted, and presented at the workshop “Braids and beyond" held in memory of Patrick Dehornoy in September 2021 22.

Pierre-Louis Curien has found a new, elementary, proof of the isomorphism between many-to-one polygraphs on one hand, and opetopic sets on the other hand. This result had been proved quite indirectly by Harnik, Makkai, and Zawadowski in 2008. A more direct proof was given by Cédric Ho Tanh (former student of the team) in his PhD thesis (2019), with a reference to some results of Simon Henry. The new proof is entirely self-contained, and, more importantly, unveils invariants of the polygraphic syntax. It will be presented at the 2022 Workshop on Polynomial Functors to be held in April 2022 at the Topos Institute (virtually).

Vincent Blazy, Hugo Herbelin and Pierre Letouzey continued a work aiming at making explicit the universe subtyping in the Calculus of Constructions (PhD thesis of Vincent Blazy). The first goal is to detect more easily each use of the Prop-Type cumulativity in Coq, with potential application to Coq extraction and also to the mathematical foundations.

Thierry Martinez carried on full time the implementation of a dependent pattern-matching compilation algorithm in Coq based on the PhD thesis work of Pierre Boutillier and on the internship work of Meven Bertrand. Together with Meven Bertrand and Hugo Herbelin, they almost reached the point of submitting a paper describing the implementation.

Théo Zimmermann was recruited in January 2020 on a three-year fixed term position to contribute both to the collaborative maintenance and evolution effort around Coq and its community, and to further investigate these software engineering aspects through empirical methods.

Théo Zimmermann is the initial author and main maintainer of coqbot, the bot used for everyday maintenance tasks in the Coq project. During the CoqDev project, the bot has been signicantly improved and has received contributions from Coq developers (Jason Gross, Pierre-Marie Pédrot, Gaetan Gilbert and Ali Caglayan more recently) as well as an intern that Théo Zimmermann supervised in 2020 (Julien Coolen, funded through the CoqDev project, now an engineer at Nomadic Labs). This has allowed to add many new features, in particular related to pull request testing and management (merging approved pull requests, closing stale pull requests, continuous integration with a reduced or extended suite of tests, including many external projects, etc.). The team published a paper about the followed approach 24 in IEEE Software (2022). The article describes some main features of the bot and the design choices that were made and how these design choices help with the maintenance and the evolution of the bot, by making it easier to adapt the bot to new use cases and to involve Coq contributors in the bot development.

Théo Zimmermann has also collaborated with Jason Gross (from MIT CSAIL) on integrating the bug minimizer created by Jason Gross in Coq's CI infrastructure, by relying on coqbot. This has allowed coqbot to automatically propose to produce reduced test cases for compatibility issues detected on external Coq projects by the continuous integration system, thus making it easier to understand what the compatibility issues are, when modifying Coq. Furthermore, this has allowed to conduct the first empirical evaluation of the bug minimizer and to improve it further based on the issues detected during this evaluation. They published their work, 28 at ITP 2022. This is the first formal publication on the bug minimizer itself.

Théo Zimmermann supervised in June 2021 the internship of Jérémy Damour, who was tasked with several contributions to the Hydras & Co. project of Pierre Castéran. This work resulted in a publication at the national conference JFLA 2022 30.

Finally, Théo Zimmermann has coordinated an ad hoc working group to prepare and then analyze the Coq Community Survey.
The survey was held in February 2022 and received 466
responses. It allowed to get an up-to-date picture of the Coq community and feedback on
which to base future development decisions. Since the survey, the working group has been
processing the responses and publishing partial results in the form of blog posts and a
presentation at the Coq workshop by Ana Borges.
Emilio J. Gallego Arias took an active part in this working group.

Emilio J. Gallego Arias continued work on revamping Coq's build system as to implement a workflow based on the state-of-the-art, industrial build system Dune. Many improvements were made including porting the OCaml parts of Coq to Dune, which allowed the team to remove large parts of custom build code, and with Ali Caglayan, Coq's test suite was made incremental. Additionally, Emilio J. Gallego Arias coordinated the release of Dune version 2.9. Many other improvements as to make Coq more modular and better prepared for upcoming incremental and multi-threaded type-checking were also made.

Hugo Herbelin, Emilio J. Gallego Arias and Théo Zimmermann, helped by members from Gallinette (Nantes) and Stamp (ex-Marelle, Sophia-Antipolis), devoted an important part of their time to coordinate the development, to review propositions of extensions of Coq from external and/or young contributors, and to propose themselves extensions, amounting to hundreths of proposals in the form of pull requests. Moreover, we organized a beginner-focused community Hackathon in early 2022, including a diversity session, with peak attendance of over 100 contributors. Similar community events are planned later on.

Emilio J. Gallego Arias and Shachar Itzaky continued the development of the education-targeted tool jsCoq, which saw in 2021 5 new releases bringing many new features and refinements, and in particular a new backend that has made us declare the tool "production ready" for the first time.

Emilio J. Gallego Arias also maintained the coq-serapi tool, used in a few labs as the standard communication API with Coq to perform experiments (including machine learning ones). In collaboration with Thierry Martinez, Gallego Arias also released a pyCoq package which is specifically targeted at learning and software engineering researchers using Coq for their experiments.

Pierre Letouzey continued working on a Coq formalisation started with Yann Régis-Gianas, on regular expressions (with complement and conjunction) and their Brzozowski derivatives. Many techniques have been attempted to prove correct the exact details used in a real-world implementation (ml-ulex), but a complete proof of this implementation is still elusive.

Pierre Letouzey continued this year the study of a family of nested recursive functions proposed by D. Hofstadter in his book “Gödel Escher Bach”. Some earlier conjectures have been proved. In particular, the appearance of a Rauzy fractal during this work is now better understood. The formalization of these proofs are pending, requiring quite some matrix theory and complex polynomials. Another important conjecture states that this family of nested functions is increasing. Despite some progress, this conjecture still lacks a complete proof. More details on this site.

Daniel de Rauglaudre pursued his formalization in Coq of the Sensitivity Conjecture (which became a Theorem in 2019 thanks to Hao Huang 74). The sensitivity conjecture remained an open-problem for more than thirty years, aiming to relate the sensitivity of a Boolean function results to its input values to other complexity measures of Boolean functions, such as block sensitivity. De Rauglaudre started to formalize Huang's very succinct proof of the conjecture.

For proving some lemmas in this theorem, numerous formalizations in Linear Algebra (matrices, determinants, eigenvalues, permutations, sorting etc.) have been implemented. In this context, a study of algebra of ring-like structures has been started, and some syntax of iterators have been studied and added. This development is available a here.

Jean-Jacques Lévy pursues his work about formal proofs of graph algorithms. The goal is to provide computer-checked proofs of algorithms that remain human readable. At ITP 2019 50, they presented an article with Chen Ran, Cyril Cohen, Stephan Merz and Laurent Théry on three different ways of proving such an algorithm in Why3, Coq and Isabelle/HOL. By publishing the entire proofs, they encouraged the community to compare our proofs with the ones possible in other machine-checked proof systems.

Jean-Jacques Lévy now remodels his proof with new versions of Why3 and also plan to compare the existing Coq proof using Mathcomp/ssreflect with a proof using Coq classics. He still works on a proof of implementation of Tarjan SCC algorithm with imperative programming and memory pointers.

Hugo Herbelin and Ramkumar Ramachandra carried on their formalization in Coq of an original dependently-typed construction of semi-cubical sets inspired by the parametricity translation. This continued to highly stressed the limits of Coq, especially in terms of second-order unification, higher-order rewriting, efficiency.

Emilio J. Gallego Arias continued collaboration with Stefania Dumbrava and Cody Roux on the use of our verified Datalog engine 47 for the analysis of low-level binary code. In particular, using metacoq we have developed a method to translate datalog programs to Coq proof friendly specifications while preserving the semantic correspondence with the verified engine. This allows us to specify analysis as efficient datalog programs, but to prove properties about them using a more convenient native to Coq representation.

Esaïe Bauer, Emilio J. Gallego Arias and Alexis Saurin have started a Coq formalization of infinitary proofs and their validity checking using Parity Automaton. They have started from the proof methodology developed for the the math-comp library, but this particular topic poses many interesting challenges from the point of view of proof engineering, in particular related to the formalization of infinite graphs and automaton in a natural way.

Emilio J. Gallego Arias and Pierre Jouvelot presented their work on a formalized synchronous language for linear DSP processors at the FARM 2021 conference (part of ICFP), which was held virtually. The development produced a paper and uses techniques from the programming language literature such as logical relations to prove that every well typed program is linear (in the linear algebra sense). This opens up the door to many other interesting developments which are being discussed now.

Emilio J. Gallego Arias collaborated with Pierre Jouvelot on the formalized verification of the general Vickrey-Clarke-Groves mechanism (see for example 83) using Coq, designing a Coq-based framework for the specification and refinement of mechanisms, covering classical examples from the literature. This has resulted in a draft 35 already presented as a poster at EC'22 38.

The team has an ongoing industrial contract started with Nomadics Lab aiming at improving the development of Coq (continuous integration, merging of pull requests, bug tracking, improving the release process, ...) and of its package ecosystem (for instance building documented best practices, tools and easy installers for newcomers). Theo Zimmermann decided to quit in the end of 2022 his 3-year engineer position (started in January 2020 funded by this contract) after getting a maître de conférences position in Telecom Paris Tech. His role has been to pursue his research and development work about improving the Software Engineering practices of the development of Coq, especially to continue the improvement of the collaborative development processes and of its ecosystem. The team plans to continue having scientific collaboration with Zimmermann on this topic.

Thomas Ehrhard chairs the french-italian GDRI on Linear Logic which is finishing this year. Paul-André Melliès and Alexis Saurin are also members of the GDRI.

Thomas Ehrhard and Paul-André Melliès are international members of the EPSRC project "Resources in Computation" chaired by Samson Abramsky (UCL) and Anuj Dawar (Cambridge).

Pierre-Louis Curien, Thomas Ehrhard, Emilio J. Gallego Arias, Hugo Herbelin, Paul-André Melliès and Alexis Saurin are members of the GDR Informatique Mathématique, in the LHC (Logique, Homotopie, Catégories) and Scalp (Structures formelles pour le calcul et les preuves) working groups. Alexis Saurin is coordinator of the Scalp working group (see website here).

Pierre-Louis Curien and Paul-André Melliès
are members of the GDR Homotopie, federating French researchers working on classical topics of algebraic topology and homological algebra, such as homotopy theory, group homology, K-theory, deformation theory, and on more recent interactions of topology with other themes, such as higher categories and theoretical computer science.

Alexis Saurin is member of the ${S}^{3}$ ANR project coordinated by Christine Tasson (Sorbonne Université).

Kostia Chardonnet, Abhishek De, Thomas Ehrhard, Farzad Jafarrahmani, Hugo Herbelin, Paul-André Melliès, Daniela Petrisan and Alexis Saurin (coordinator) are members of the four-year RECIPROG project.
RECIPROG is an ANR collaborative project (aka. PRC) started in the fall 2021-2022 and running till the end of 2025. ReCiProg aims at extending the proofs-as-programs correspondence to recursive programs and circular proofs for logic and type systems using induction and coinduction. The project will contribute both to the necessary theoretical foundations of circular proofs and to the software development allowing to enhance the use of coinductive types and coinductive reasoning in the Coq proof assistant: such coinductive types present, in the current state of the art serious defects that the project will aim at solving.

The project is coordinated by Alexis Saurin and has four sites: IRIF in Paris Where

Two project workshops were organized in 2022: in Lyon in May 2022 and in Paris in December 2022.

In collaboration with Riccardo Brasca and Antoine Chambert-Loir, two mathematicians specialists in number theory working at the Institut de Mathématiques de Jussieu Paris Rive Gauche (IMJ-PRG), Hugo Herbelin, Pierre Letouzey, Paul-André Melliès and Alexis Saurin submitted an Emergence Recherche project to the Université Paris Cité, APRAPRAM. The aim of the project is to contribute to a formalization of Fermat's last theorem in the special case of regular primes, targeting a cross-fertilization between the lean and coq communities.

Alexis Saurin is member of the organizing committee of the annual Scalp meeting, to be held at CIRM in February 2023.

Emilio Gallego, Hugo Herbelin, Paul-André Melliès and Alexis Saurin, together with Chantal Keller and Marie Kerjean, are members of the organizing committee of the thematic day on proof assistants to be held at JNIM 2023 (Journées nationales du GDR-IM) early april 2023.

Paul-André Melliès is a member of the editorial board of the journal Theoretical Computer Science.

Paul-André Melliès and Alexis Saurin gave an invited lecture in the linear logic winter school held at CIRM from 24 to 28th january 2022 during the Logic and interaction weeks (CIRM 2022).

Alexis Saurin was an invited speaker at the Logic in Computer Science special session of the Logic Colloquium in Reykjavick (LC 2022), 27th june to 1st july 2022.

Alexis Saurin is co-chair of the Scalp working group in GDR-IM (GT Scalp).

Alexis Saurin is an elected member in conseil académique de la faculté des sciences de l'Université Paris Cité and of the commission recherche.

Paul-André Melliès is a member of the conseil de laboratoire de l'Institut de Recherche en Informatique Fondamentale (IRIF).

Alexis Saurin was member of comité de sélection MCF for UFR de mathématiques in Université Paris Cité for hiring a MCF in mathematics for research integration to IRIF.

Pierre-Louis Curien taught a course on homotopic algebra and higher categories in LMFI (Logique mathématiques et fondements de l'informatique) second-year Master, Université Paris Cité.

Pierre Letouzey taught a course on Coq in LMFI (Logique mathématiques et fondements de l'informatique) second-year Master, Université Paris Cité.

Alexis Saurin taught a lecture on Second-order quantification and fixed-points in logic in LMFI (Logique mathématiques et fondements de l'informatique) second-year master, Université Paris Cité.

Hugo Herbelin and Paul-André Melliès taught a course on homotopy type theory in LMFI (Logique mathématiques et fondements de l'informatique) second-year Master, Université Paris Cité.

Together with Michele Pagani (IRIF), Paul-André Melliès and Thomas Ehrhard taught a course on denotational semantics and linear logic at MPRI (Master Parisien de Recherche en Informatique) second-year Master, Université Paris Cité.

Paul-André Melliès taught a course on lambda-calculus and categories at MPRI (Master Parisien de Recherche en Informatique) first-year Master, at ENS Paris (Ecole Normale Supérieure).