Section: New Results
Software specification and verification
Tools for TLA+
Participants : Damien Doligez, Jael Kriener, Leslie Lamport [Microsoft Research] , Stephan Merz [EPI VeriDis] , Tomer Libal [Microsoft Research-Inria Joint Centre] , Hernán Vanzetto [Microsoft Research-Inria Joint Centre] .
Damien Doligez is head of the “Tools for Proofs” team in the Microsoft-Inria Joint Centre. The aim of this team is to extend the TLA+ language with a formal language for hierarchical proofs, formalizing the ideas in  , and to build tools for writing TLA+ specifications and mechanically checking the corresponding formal proofs.
This year, the TLA+ tools were released as open-source (MIT license), and in September we released a new version of the TLA+ Proof System (TLAPS), an environment for writing and checking TLA+ proofs. This environment is described in  .
We have implemented a (not yet released) extension of TLAPS to deal with proofs of temporal formulas, using the propositional temporal logic prover LS4 as a back-end. Until now, TLAPS could only be used to prove safety properties (invariants). With this new version, our users will be able to prove liveness properties (absence of deadlock), refinement relations between specifications, etc.
Jael Kriener started a 2-year post-doc contract in December. She is working on theoretical and implementation aspects of TLA+ and TLAPS.
The Zenon automatic theorem prover
Participants : Damien Doligez, David Delahaye [CNAM] , Pierre Halmagrand [CNAM] , Olivier Hermant [Mines ParisTech] , Mélanie Jacquel [CNAM] .
Damien Doligez continued the development of Zenon, a tableau-based prover for first-order logic with equality and theory-specific extensions.
David Delahaye and Mélanie Jacquel designed and implemented (with some help from Damien Doligez) an extension of Zenon called SuperZenon, based on the Superdeduction framework of Brauner, Houtmann, and Kirchner  . Mélanie Jacquel defended her thesis on this subject in April.
Implementing hash-consed structures in Coq
Participants : Thomas Braibant, Jacques-Henri Jourdan, David Monniaux [CNRS, VERIMAG] .
Hash-consing is a programming technique used to implement maximal sharing of immutable values in memory, keeping a single copy of semantically equivalent objects. Hash-consed data-structures give a unique identifier to each object, allowing fast hashing and comparisons of objects. This may lead to major improvements in execution time by itself, but it also make it possible to do efficient memoization of computations.
Hash-consing and memoization are examples of imperative techniques that are of prime importance for performance, but are not easy to implement and prove correct using the purely functional language of a proof assistant such as Coq. In a joint article at ITP 2013  , we described three different implementation techniques for hash-consed data-structures in Coq through the running example of Binary Decision Diagrams (BDDs). BDDs are representations of Boolean functions, and are often used in software and hardware verification tools (e.g., model checkers).
We substantially improved the work described in this ITP 2013 article afterwards. First, we came up with a fourth implementation technique for hash-consed data-structures in Coq. Then, we performed an in-depth comparative study of how our “design patterns” for certified hash-consing fare on two real-scale examples: BDDs and lambda-terms. This work is currently under revision for publication in a journal.
Working with names and binders
Participant : François Pottier.
François Pottier released dblib, a Coq library that helps work with de Bruijn indices in a generic and lightweight manner. This library is used in the formalization of Mezzo (see section 6.2.1 ). It is available at http://gallium.inria.fr/~fpottier/ .