Section: New Software and Platforms
Coq
Keywords: Proof - Certification - Formalisation
Functional Description
Coq provides both a dependently-typed functional programming language and a logical formalism, which, altogether, support the formalisation of mathematical theories and the specification and certification of properties of programs. Coq also provides a large and extensible set of automatic or semi-automatic proof methods. Coq's programs are extractible to OCaml, Haskell, Scheme, ...
-
Participants: Benjamin Grégoire, Enrico Tassi, Bruno Barras, Yves Bertot, Pierre Boutillier, Xavier Clerc, Pierre Courtieu, Maxime Dénès, Stéphane Glondu, Vincent Gross, Hugo Herbelin, Pierre Letouzey, Assia Mahboubi, Julien Narboux, Jean-Marc Notin, Christine Paulin-Mohring, Pierre-Marie Pédrot, Loïc Pottier, Matthias Puech, Yann Régis-Gianas, François Ripault, Matthieu Sozeau, Arnaud Spiwack, Pierre-Yves Strub, Benjamin Werner, Guillaume Melquiond and Jean-Christophe Filliâtre
-
Partners: CNRS - Université Paris-Sud - ENS Lyon - Université Paris-Diderot
-
URL: http://coq.inria.fr/
Version 8.5
Cf. Highlights section. Version 8.5 includes as well a number of miscellaneous changes, at the level of tactics, of the specification language, of the Coq tools, of the standard library, altogether amounting to about 150 items in the change log of the version. In particular, Pierre-Marie Pédrot has been working on the overall optimisation of Coq, by tracking hotspots in the code. Coq v8.5 is currently much more efficient than its v8.4 counterpart, and is about as quick as v8.3, while having been expanded with a lot of additional features.
As a counterpart, the complexity of this new version induced a long phase of experimentation which included 3 different beta versions spanned over the whole 2015 year, with the final version being eventually released for the CoqPL workshop in January 2016.
Universes
Matthieu Sozeau followed up his work on universe polymorphism and uncovered important theoretical and practical problems regarding conversion and unification of universe polymorphic definitions in the presence of cumulativity and the Prop Type rule, as well as the invariants of the consistency checker. He also collaborated with Maxime Dénès and Benjamin Grégoire (Gallium and Marelle) on adapting the efficient conversion tests to universe polymorphism and with Enrico Tassi (Marelle) on the integration with the asynchronous proof development infrastructure. The universe polymorphic system is part of the 8.5 release.
The Equations plugin
Matthieu Sozeau continued work on the Equations plugin and fixed the remaining bugs preventing full automation of a middle-size example of formalisation – the normalisation proof of a predicate version of System F – together with Cyprien Mangin, during his master's internship. This involved finding a new termination proof for the calculus and making the dependent pattern-matching compilation more robust and axiom-free, using a different encoding of pattern-matching problems. This work was presented at LFMTP'15 in Berlin [29] . Since then, the system has been adapted to work with universe polymorphism and the new features of Coq 8.5.
Proof development in Coq
Pierre Letouzey developed a few new results about some Hofstadter sequences (see https://oeis.org/A005206 and https://oeis.org/A123070 ). These results have been proved in Coq, and they are presented in the technical report [39] .
Proofs of algorithms on graphs
Chen Ran (ISCAS/SKLCS, Beijing) and Jean-Jacques Lévy pursued their work about producing readable formal proofs of graph algorithms. This work is performed in Why3 and partly in Coq. Graph algorithms are a good testbed for experimenting correctness proofs of programs with shared structures. We considered basic algorithms such as depth-first-search, random walk, acyclicity test, articulation points, strongly connected components, minimum spanning trees. In each case, the goal is to provide a simple proof as abstract as possible, although checked by computer. A longer term objective is to give formal proofs which could be inserted in algorithms textbooks. A progress work paper is under submission [41] .
Development of programs for parallel and cloud computing
Frédéric Loulergue continued his work on the SyDPaCC framework. The goal of this framework is to ease the systematic development of correct parallel programs, in particular large-scale data-intensive applications. The parallel versions of the programs are written with a Coq axiomatisation of Bulk Synchronous Parallel ML (BSML) primitives. New results about SyDPaCC include the design and implementation of a new version of the core of the framework [21] . This new version has been used in a course of École des Jeunes Chercheur/se/s en Informatique Mathématique (EJCIM 2015) [38] .
As the SyDPaCC framework currently mixes certified code extracted from Coq and unverified code, Frédéric Loulergue and Pierre Letouzey have worked on an extended extraction that generates, when possible, OCaml conditions for preconditions on function arguments. This part is still on-going work.
Frédéric Loulergue collaborated with Frédéric Dabrowski and Thomas Pinsard (Univ. Orléans) on the semantics and compilation of languages with nested atomic sections and thread escape. In [18] , the focus is on the semantics of programming languages providing these features. The main contribution is the precise definition of atomicity, well-synchronisation and the proof that the latter implies the strong form of the former. A formalisation of the results in the Coq proof assistant is described.
In [27] , the compilation of a language with nested atomic sections and thread escape towards a language with threads and locks is addressed. The design decisions of this compilation pass and of the target language were made with respect to the ultimate goal of a mechanised proof of semantic preservation.
Frédéric Loulergue collaborated with Allan Blanchard, Nikolai Kosmatov and Matthieu Lemerre (CEA LIST) on the verification of a critical component of a hypervisor. In [23] , they present a case study on formal verification of the virtual memory system of the cloud hypervisor Anaxagoros, a microkernel designed for resource isolation and protection. The code under verification is specified and proven in the software verification framework, mostly using automatic theorem proving. The remaining properties are interactively proven with the Coq proof assistant.
Frédéric Loulergue collaborated with Asma Guesmi, Pascal Berthomé and Patrice Clemente (INSA Centre Val de Loire) on resources placement in the Cloud taking into account security requirements [28] .