5.1.1 Coq

• Name: The Coq Proof Assistant
• Keywords: Proof, Certification, Formalisation
• Scientific Description: Coq is an interactive proof assistant based on the Calculus of (Co-)Inductive Constructions, extended with universe polymorphism. This type theory features inductive and co-inductive families, an impredicative sort and a hierarchy of predicative universes, making it a very expressive logic. The calculus allows to formalize both general mathematics and computer programs, ranging from theories of finite structures to abstract algebra and categories to programming language metatheory and compiler verification. Coq is organised as a (relatively small) kernel including efficient conversion tests on which are built a set of higher-level layers: a powerful proof engine and unification algorithm, various tactics/decision procedures, a transactional document model and, at the very top an IDE.
• Functional Description: Coq provides both a dependently-typed functional programming language and a logical formalism, which, altogether, support the formalisation of mathematical theories and the specification and certification of properties of programs. Coq also provides a large and extensible set of automatic or semi-automatic proof methods. Coq's programs are extractible to OCaml, Haskell, Scheme, ...
• Release Contributions:

  Some highlights from this release are:

  • Introduction of primitive persistent arrays in the core language, implemented using imperative persistent arrays.
  • Introduction of definitional proof irrelevance for the equality type defined in the SProp sort.
  • Many improvements to the handling of notations, including number notations, recursive notations and notations with bindings. A new algorithm chooses the most precise notation available to print an expression, which might introduce changes in printing behavior.

  See the Zenodo citation https://zenodo.org/record/4501022#.YB00r5NKjlw for more information on this release.

• News of the Year:

  Coq version 8.13 integrates many usability improvements, as well as extensions of the core language. The main changes include:

  • Introduction of primitive persistent arrays in the core language, implemented using imperative persistent arrays.
  • Introduction of definitional proof irrelevance for the equality type defined in the SProp sort.
  • Cumulative record and inductive type declarations can now specify the variance of their universes.
  • Various bugfixes and uniformization of behavior with respect to the use of implicit arguments and the handling of existential variables in declarations, unification and tactics.
  • New warning for unused variables in catch-all match branches that match multiple distinct patterns.
  • New warning for Hint commands outside sections without a locality attribute, whose goal is to eventually remove the fragile default behavior of importing hints only when using Require. The recommended fix is to declare hints as export, instead of the current default global, meaning that they are imported through Require Import only, not Require. See the following rationale and guidelines for details.
  • General support for boolean attributes.
  • Many improvements to the handling of notations, including number notations, recursive notations and notations with bindings. A new algorithm chooses the most precise notation available to print an expression, which might introduce changes in printing behavior.
  • Tactic improvements in lia and its zify preprocessing step, now supporting reasoning on boolean operators such as Z.leb and supporting primitive integers Int63.
  • Typing flags can now be specified per-constant / inductive.
  • Improvements to the reference manual including updated syntax descriptions that match Coq's grammar in several chapters, and splitting parts of the tactics chapter to independent sections.

  See the changelog for an overview of the new features and changes, along with the full list of contributors. https://coq.github.io/doc/v8.13/refman/changes.html#version-8-13

• URL: http://coq.inria.fr/
• Authors: Bruno Barras, Yves Bertot, Frédéric Besson, Pierre Corbineau, Cristina Cornes, Judicaël Courant, Pierre Courtieu, Pierre Crégut, David Delahaye, Maxime Denes, Jean-Christophe Filliâtre, Julien Forest, Emilio Jesus Gallego Arias, Gaëtan Gilbert, Georges Gonthier, Benjamin Grégoire, Hugo Herbelin, Gérard Huet, Vincent Laporte, Pierre Letouzey, Assia Mahboubi, Pascal Manoury, Guillaume Melquiond, César Munoz, Chetan Murthy, Amokrane Saibi, Catherine Parent, Christine Paulin Mohring, Pierre-Marie Pédrot, Loïc Pottier, Matthieu Sozeau, Arnaud Spiwack, Enrico Tassi, Laurent Théry, Benjamin Werner, Théo Zimmermann
• Contacts: Hugo Herbelin, Matthieu Sozeau
• Participants: Yves Bertot, Frédéric Besson, Tej Chajed, Cyril Cohen, Pierre Corbineau, Pierre Courtieu, Maxime Denes, Jim Fehrle, Julien Forest, Emilio Jesús Gallego Arias, Gaëtan Gilbert, Georges Gonthier, Benjamin Grégoire, Jason Gross, Hugo Herbelin, Vincent Laporte, Olivier Laurent, Assia Mahboubi, Kenji Maillard, Érik Martin-Dorel, Guillaume Melquiond, Pierre-Marie Pédrot, Clément Pit-Claudel, Kazuhiko Sakaguchi, Vincent Semeria, Michael Soegtrop, Arnaud Spiwack, Matthieu Sozeau, Enrico Tassi, Laurent Théry, Anton Trunov, Li-Yao Xia, Théo Zimmermann
• Partners: CNRS, Université Paris-Sud, ENS Lyon, Université Paris-Diderot

5.1.2 Math-Components

• Name: Mathematical Components library
• Keyword: Proof assistant
• Functional Description: The Mathematical Components library is a set of Coq libraries that cover the prerequiste for the mechanization of the proof of the Odd Order Theorem.
• Release Contributions:

  This release is compatible with Coq 8.10, 8.11 and Coq 8.12. The main changes are:

  - support for Coq 8.7, 8.8 and 8.9 have been dropped,

  - a change of implementation of intervals and the updated theory,

  - the addition of kernel lemmas for matrices,

  - generalized many lemmas for path and sorted,

  - several lemma additions, name changes and bug fixes.

• URL: http://math-comp.github.io/math-comp/
• Contacts: Assia Mahboubi, Enrico Tassi, Georges Gonthier
• Participants: Alexey Solovyev, Andrea Asperti, Assia Mahboubi, Cyril Cohen, Enrico Tassi, François Garillot, Georges Gonthier, Ioana Pasca, Jeremy Avigad, Laurence Rideau, Laurent Théry, Russell O'Connor, Sidi Ould Biha, Stéphane Le Roux, Yves Bertot

5.1.3 Easycrypt

• Keywords: Proof assistant, Cryptography
• Functional Description: EasyCrypt is a toolset for reasoning about relational properties of probabilistic computations with adversarial code. Its main application is the construction and verification of game-based cryptographic proofs. EasyCrypt can also be used for reasoning about differential privacy.
• URL: https://www.easycrypt.info/trac/
• Contact: Gilles Barthe
• Participants: Benjamin Grégoire, Gilles Barthe, Pierre-Yves Strub

5.1.4 ELPI

• Name: Embeddable Lambda Prolog Interpreter
• Keywords: Constraint Programming, Programming language, Higher-order logic
• Scientific Description:

  The programming language has the following features

  - Native support for variable binding and substitution, via an Higher Order Abstract Syntax (HOAS) embedding of the object language. The programmer needs not to care about De Bruijn indexes.

  - Native support for hypothetical context. When moving under a binder one can attach to the bound variable extra information that is collected when the variable gets out of scope. For example when writing a type-checker the programmer needs not to care about managing the typing context.

  - Native support for higher-order unification variables, again via HOAS. Unification variables of the meta-language (lambdaProlog) can be reused to represent the unification variables of the object language. The programmer does not need to care about the unification-variable assignment map and cannot assign to a unification variable a term containing variables out of scope, or build a circular assignment.

  - Native support for syntactic constraints and their meta-level handling rules. The generative semantics of Prolog can be disabled by turning a goal into a syntactic constraint (suspended goal). A syntactic constraint is resumed as soon as relevant variables get assigned. Syntactic constraints can be manipulated by constraint handling rules (CHR).

  - Native support for backtracking, to ease implementation of search.

  - The constraint store is extensible. The host application can declare non-syntactic constraints and uses custom constraint solvers to check their consistency.

  - Clauses are graftable. The user is free to extend an existing program by inserting/removing clauses, both at runtime (using implication) and at "compilation" time by accumulating files.

  Most of these features come with lambdaProlog. Constraints and propagation rules are novel in ELPI.

• Functional Description:

  ELPI implements a variant of lambdaProlog enriched with Constraint Handling Rules, a programming language well suited to manipulate syntax trees with binders and unification variables.

  ELPI is a research project aimed at providing a programming platform for the so called elaborator component of an interactive theorem prover.

  ELPI is designed to be embedded into larger applications written in OCaml as an extension language. It comes with an API to drive the interpreter and with an FFI for defining built-in predicates and data types, as well as quotations and similar goodies that come in handy to adapt the language to the host application.

• Release Contributions:

  - Improvements to the parser (parsing negative numbers)

  - Improvements to the foreign function interface (accepting ternary comparison, instead of equality)

  - addition of ternary comparisons to the standard library

  - inclusion of a builtin comparison cmp_term

  - inclusion of a builtin function to check whether a term is ground

• URL: https://github.com/lpcic/elpi/
• Publications: hal-01176856, hal-01410567, hal-01897468
• Contact: Enrico Tassi
• Participants: Claudio Sacerdoti Coen, Enrico Tassi

5.1.5 coq-elpi

• Keywords: Metaprogramming, Extension
• Scientific Description: Coq-elpi provides a Coq plugin that embeds ELPI. It also provides a way to embed Coq's terms into lambdaProlog using the Higher-Order Abstract Syntax approach (HOAS) and a way to read terms back. In addition to that it exports to ELPI a set of Coq's primitives, e.g. printing a message, accessing the environment of theorems and data types, defining a new constant and so on. For convenience it also provides a quotation and anti-quotation for Coq's syntax in lambdaProlog. E.g. {{nat}} is expanded to the type name of natural numbers, or {{A -> B}} to the representation of a product by unfolding the -> notation. Finally it provides a way to define new vernacular commands and new tactics.
• Functional Description: Coq plugin embedding ELPI
• Release Contributions: Minor relase for extra API for global reference data types
• Publications: hal-01897468, hal-01637063
• Contact: Enrico Tassi
• Participant: Enrico Tassi

5.1.6 MaskComp

• Keyword: Masking
• Functional Description: MaskComp is a compiler generating masked implementations protected against side channel attacks based on differential power analysis. It takes a unmasked program in a syntax close to C and generates a new C protected program. We do not claim that the generated C program will be secure after compilation (the C compiler may break protection), but it provides a good support for generating masked implementation.
• URL: https://sites.google.com/site/maskingcompiler/home
• Contact: Benjamin Grégoire

5.1.7 Jasmin

• Name: Jasmin compiler and analyser
• Keywords: Cryptography, Static analysis, Compilers
• Functional Description:

  The Jasmin programming language smoothly combines high-level and low-level constructs, so as to support “assembly in the head” programming. Programmers can control many low-level details that are performance-critical: instruction selection and scheduling, what registers to spill and when, etc. The language also features high-level abstractions (variables, functions, arrays, loops, etc.) to structure the source code and make it more amenable to formal verification. The Jasmin compiler produces predictable assembly and ensures that the use of high-level abstractions incurs no run-time penalty.

  The semantics is formally defined to allow rigorous reasoning about program behaviors. The compiler is formally verified for correctness (the proof is machine-checked by the Coq proof assistant). This justifies that many properties can be proved on a source program and still apply to the corresponding assembly program: safety, termination, functional correctness…

  Jasmin programs can be automatically checked for safety and termination (using a trusted static analyzer). The Jasmin workbench leverages the EasyCrypt toolset for formal verification. Jasmin programs can be extracted to corresponding EasyCrypt programs to prove functional correctness, cryptographic security, or security against side-channel attacks (constant-time).

• URL: https://github.com/jasmin-lang/jasmin
• Publication: hal-02974993
• Contacts: Benjamin Grégoire, Vincent Laporte, Adrien Koutsos
• Participants: Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, Vincent Laporte

5.1.8 MaskVerif

• Name: MaskVerif
• Keywords: Masking, Hardware and Software Platform
• Functional Description: MaskVerif is a tool to verify the security of implementations protected against side channel attacks, in particular differential power analysis. It allows to check different security notions in the probing model: - Probing security - Non Interference - Strong Non Interference. The tool is able to analyse software implementations and hardware implementations (written in Verilog). It can prove the different security notions in presence of glitch or transition.
• URL: https://sites.google.com/view/maskverif/home
• Contact: Benjamin Grégoire

5.1.9 Math-comp-analysis

• Name: Mathematical Components Analysis
• Keyword: Proof assistant
• Functional Description: This library adds definitions and theorems for real numbers and their mathematical structures
• Release Contributions: Compatible with MathComp 1.12.0, and Coq 8.11, 8.12 and 8.13.
• News of the Year: In 2020, we unified norms and absolute values, added a topology and pseudo-metric on the extended reals, and provided a more complete theory about sequences and measure theory.
• URL: https://github.com/math-comp/analysis
• Publication: hal-01719918
• Contact: Cyril Cohen
• Participants: Cyril Cohen, Georges Gonthier, Marie Kerjean, Assia Mahboubi, Damien Rouhling, Laurence Rideau, Pierre-Yves Strub, Reynald Affeldt
• Partners: Ecole Polytechnique, AIST Tsukuba

8.1.1 Inria associate team not involved in an IIL

8.2.1 Visits of international scientists

Reynald Affeldt of AIST visited our team from January 1st to September 30th.

Swarn Priya visited our team for Master internship while a student at Purdue University.

8.3.1 ANR

• TECAP "Analyse de protocoles, Unir les outils existants", starting on October 1st, 2017, for 60 months, with a grant of 89 kEuros. Other partners are Inria teams PESTO (Inria Nancy grand-est), Ecole Polytechnique, ENS Cachan, IRISA Rennes, and CNRS. The corresponding researcher for this contract is Benjamin Grégoire.
• SafeTLS "La sécurisation de l'Internet du futur avec TLS 1.3" started on October 1st, 2016, for 60 months, with a grant of 147kEuros. Other partners are Université de Rennes 1, and secrétariat Général de la Défense et de la Sécurité Nationale. The corresponding researcher for this contract is Benjamin Grégoire.
• Scrypt "Compilation sécurisée de primitives cryptographiques" started on February 1st, 2019, for 48 months, with a grant of 100 kEuros. Other partners are Inria team Celtique (Inria Rennes Bretagne Atlantique), Ecole polytechnique, and AMOSSYS SAS. The corresponding researcher for this contract is Benjamin Grégoire.

8.3.2 FUI

The acronym FUI stands for “fonds unique interministériel” and is aimed at research and development projects in pre-industrial phase. The STAMP team is part of one such project.

• VERISICC (formal verification for masking techniques for security against side-channel attacks). This contract concerns 5 partners: Cryptoexperts a company from the Paris region (Île de France), ANSSI (Agence Nationale de Sécurité des Systèmes d'Information), Oberthur Technologies, University of Luxembourg, and STAMP. A sixth company (Ninjalabs) acts as a sub-contractant. The financial grant for STAMP is 391 kEuros, including 111kEuros that are reserved for the sub-contractant. This project started in October 2018 for a duration of 4 years. The corresponding researcher for this contract is Benjamin Grégoire.

9.1.1 Scientific events: organisation

9.1.2 Scientific events: selection

9.1.3 Journal

9.1.4 Invited talks

Christian Doczkal gave a talk at the 68NQRT seminar in Rennes in October on "Completeness of an Axiomatization of Graph Isomorphism in Coq".

Enrico Tassi gave a talk about Coq-Elpi at University of Saarland https://courses.ps.uni-saarland.de/acp_20/

Enrico Tassi gave a talk about extending Dedukti with Elpi at Deducteam, Inria Saclay Ile de France.

Enrico Tassi gave a talk about the formalization of linear Pi-calculus at the VEST workshop http://groups.inf.ed.ac.uk/abcd/VEST.

Cyril Cohen and Enrico Tassi gave lectures about Coq and Mathcomp at Vrije Universiteit Amsterdam with Assia Mahboubi (EPC Gallinette)

9.1.5 Research administration

Yves Bertot is a member of the steering committee (comité de pilotage) for the Inria-Nomadic Labs collaboration concerning research relevant to the Tezos blockchain.

9.2.1 Teaching

• Master : Yves Bertot, “Proofs and reliable programming using Coq”, 21hours ETD, Sept-Nov 2020, Master Informatique et Interactions, Université Côte d'Azur, France.
• Continuing education : Yves Bertot and Pierre Boutry, "Coq : la preuve par le logiciel", Inria Academy, 28 hours, July, November, December 2020

9.2.2 Supervision

• PhD: Cécile Baritel-Ruet, Preuves Formelles de la Sécurité de Standards Cryptographiques, October 2020, supervised by Yves Bertot and Benjamin Grégoire 14.
• Yves Bertot and Laurence Rideau supervise the doctoral thesis of Sophie Bernard.
• Benjamin Grégoire and Tamara Rezk (Indes) supervise the doctoral thesis of Mohamad El Laz.
• Yves Bertot and Benjamin Grégoire supervise the doctoral thesis of Swarn Priya.

9.2.3 Juries

Yves Bertot was a member of the jury for the Habilitation of Assia Mahboubi (Inria Rennes, University of Nantes).

9.3.1 Internal or external Inria responsibilities

Laurence Rideau is a member of the editorial board for Interstices, an Inria sponsored outreach publication on the web.

9.3.2 Animation

Cyril Cohen opened a Zulip chat server, on 2020-05-06, for the Coq community at large, fostering communications way beyond gitter, discourse and coq-club. It regroups streams for several projects beyond Coq itself (CertiCoq, Coq Platform, coq-community, stdlib2, coq-elpi, equations, fiat-crypto, FreeSpec, Hierarchy Builder, hs-to-coq, jsCoq, math-comp and math-comp analysis, MetaCoq, Mtac2, SerAPI, User interfaces and VsCoq), Coq related workshops (Coq workshop 2020 and CUDW 2020 so far) and now schools and tutorials.

• Exported gitter data.
• Co-admin with Théo Zimmermann.
• Statistics https://coq.zulipchat.com/stats:
  • almost 40k messages sent and growing linearly
  • more than 600 users, roughly 50 to 70 daily active users, roughly between 100 and 150 fortnightly active user.
  • 80% messages are sent over public streams, 17% private
  • More than 1.5M message read.

International journals

• 3 articleAndrew W.A. Appel and YvesY. Bertot. C-language floating point proofs layered with VST and FlocqJournal of Formalized Reasoning131December 2020, 1-16
  HALDOIback to text
• 4 articleGillesG. Barthe, SoniaS. Belaïd, FrançoisF. Dupressoir, Pierre-AlainP.-A. Fouque, BenjaminB. Grégoire, François-XavierF.-X. Standaert and Pierre-YvesP.-Y. Strub. Improved parallel mask refreshing algorithms: generic solutions with parametrized non-interference and automated optimizationsJournal of Cryptographic Engineering101April 2020, 17-26
  HALDOIback to text
• 5 articleGillesG. Barthe, SandrineS. Blazy, BenjaminB. Grégoire, RémiR. Hutin, VincentV. Laporte, DavidD. Pichardie and AlixA. Trieu. Formal verification of a constant-time preserving C compilerProceedings of the ACM on Programming Languages4POPLJanuary 2020, 1-30
  HALDOIback to text
• 6 article GaetanG. Cassiers, BenjaminB. Grégoire, ItamarI. Levi and Francois-XavierF.-X. Standaert. Hardware Private Circuits: From Trivial Composition to Full Verification IEEE Transactions on Computers September 2020
  HAL DOI back to text
• 7 articleDanijelaD. Simić, FilipF. Marić and PierreP. Boutry. Formalization of the Poincaré Disc Model of Hyperbolic GeometryJournal of Automated Reasoning651April 2020, 31-73
  HALDOIback to text

International peer-reviewed conferences

• 8 inproceedingsReynaldR. Affeldt, CyrilC. Cohen, MarieM. Kerjean, AssiaA. Mahboubi, DamienD. Rouhling and KazuhikoK. Sakaguchi. Competing inheritance paths in dependent type theory: a case study in functional analysisIJCAR 2020 - International Joint Conference on Automated ReasoningParis, FranceJune 2020, 1-19
  HALback to text
• 9 inproceedingsJosé BacelarJ. Almeida, ManuelM. Barbosa, GillesG. Barthe, BenjaminB. Grégoire, AdrienA. Koutsos, VincentV. Laporte, TiagoT. Oliveira and Pierre-YvesP.-Y. Strub. The Last Mile: High-Assurance and High-Speed Cryptographic ImplementationsSP 2020 - IEEE Symposium on Security and Privacy2020 IEEE Symposium on Security and Privacy (SP)San Francisco, United Stateshttps://www.ieee-security.org/TC/SP2020/index.htmlMay 2020, 965-982
  HALDOIback to textback to text
• 10 inproceedingsCyrilC. Cohen, KazuhikoK. Sakaguchi and EnricoE. Tassi. Hierarchy Builder: algebraic hierarchies made easy in Coq with ElpiFSCD 2020 - 5th International Conference on Formal Structures for Computation and Deduction5th International Conference on Formal Structures for Computation and Deduction (FSCD 2020)167Paris, France2020, 34:1--34:21
  HALback to text
• 11 inproceedings ChristianC. Doczkal and DamienD. Pous. Completeness of an Axiomatization of Graph Isomorphism via Graph Rewriting in Coq CPP 2020 - 9th ACM SIGPLAN International Conference on Certified Programs and Proofs Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP ’20) New Orleans, LA, United States 2020
  HAL DOI back to text
• 12 inproceedingsMohamadM. El Laz, BenjaminB. Grégoire and TamaraT. Rezk. Security Analysis of ElGamal ImplementationsSECRYPT 2020 - 17th International Conference on Security and CryptographyLieusaint - Paris, FranceJuly 2020, 310-321
  HALDOIback to text

Conferences without proceedings

• 13 inproceedings MarcoM. Maggesi and EnricoE. Tassi. Private types in Higher Order Logic Programming Workshop on Trends, Extensions, Applications and Semantics of Logic Programming (TEASE-LP) Virtual Event, France May 2020
  HAL back to text

Doctoral dissertations and habilitation theses

• 14 thesis CécileC. Baritel-Ruet. Formal Security Proofs of Cryptographic Standards Université côte d'azur October 2020
  HAL back to text

Reports & preprints

• 15 misc ConsortiumC. ICUBAM, LaurentL. Bonnasse-Gahot, MaximeM. Dénès, GabrielG. Dulac-Arnold, SertanS. Girgin, FrançoisF. Husson, ValentinV. Iovene, JulieJ. Josse, AntoineA. Kimmoun, FrançoisF. Landes, Jean-PierreJ.-P. Nadal, RomainR. Primet, FredericoF. Quintao, Pierre GuillaumeP. Raverdy, VincentV. Rouvreau, OlivierO. Teboul and RomanR. Yurchak. ICU Bed Availability Monitoring and analysis in the Grand Est region of France during the COVID-19 epidemic May 2020
  HAL back to text
• 16 misc Jean-MichelJ.-M. Muller and LaurenceL. Rideau. Formalization of double-word arithmetic, and comments on "Tight and rigorous error bounds for basic building blocks of double-word arithmetic" October 2020
  HAL back to text
• 17 misc LaurentL. Théry. Playing with the Tower of Hanoi Formally July 2020
  HAL back to text