Keywords
Computer Science and Digital Science
 A2.1.4. Functional programming
 A2.1.11. Proof languages
 A2.4.3. Proofs
 A3.1.1. Modeling, representation
 A7. Theory of computation
 A7.2. Logic in Computer Science
Other Research Topics and Application Domains
 B7. Transport and logistics
1 Team members, visitors, external collaborators
Research Scientists
 Gilles Dowek [Team leader, INRIA, Senior Researcher, HDR]
 Bruno Barras [INRIA, Researcher]
 Frederic Blanqui [INRIA, Senior Researcher, HDR]
 Valentin Blot [INRIA, Researcher]
 Théo Winterhalter [INRIA, Researcher, from Oct 2022]
PostDoctoral Fellows
 Claude Stolze [INRIA, from Oct 2022]
 Pierre Vial [INRIA, until Sep 2022]
PhD Students
 Luc Chabassier [ENS PARIS]
 Louise Dubois De Prisque [INRIA]
 Thiago Felicissimo Cesar [UNIV PARIS SACLAY]
 Émilie Grienenberger [ENS PARISSACLAY]
 Gabriel Hondet [INRIA, until Sep 2022]
 Amélie Ledein [INRIA]
Technical Staff
 Boris Djalal [INRIA, Engineer, until May 2022]
Interns and Apprentices
 Elliot Butte [INRIA, Intern, from Jun 2022 until Aug 2022]
 Quentin Buzet [Télécom Paris, Intern, from Jul 2022 until Aug 2022]
 Corentin Chabanol [CENTRALESUPELEC, Intern]
 Loris Cros [CENTRALESUPELEC, Intern, until Jul 2022]
 Yann Leray [ENS PARIS, Intern, from Nov 2022]
 Taïssir Marce [University Paris Saclay, Intern, from May 2022 until Aug 2022]
 Émile Oléon [ENS ParisSaclay, Intern, from Mar 2022 until Jul 2022]
 Thomas Traversié [CENTRALESUPELEC, Intern]
Administrative Assistant
 AissatouSadio Diallo [INRIA, from May 2022]
Visiting Scientist
 Cristian Sottile [UBA, from Oct 2022 until Oct 2022]
External Collaborators
 Guillaume Burel [ENSIIE]
 Catherine Dubois [ENSIIE, HDR]
 Yoan Géran [ENSMP]
 Olivier Hermant [ENSMP, HDR]
 JeanPierre Jouannaud [INRIA, HDR]
2 Overall objectives
2.1 Objectives
Deducteam investigates the design of logical frameworks, that is frameworks where various theories can be defined, and the use of such frameworks for interoperability between proof systems, cross verification of proofs, and the sustainability of proof libraries.
To achieve these goals, we develop
 a logical framework Dedukti, where various theories can be expressed,
 several implementations of this framework: Dkcheck, (formerly also called Dedukti), that is a small trust base, theory independent, proofchecker, Lambdapi, that is a system to develop Dedukti proofs interactively, and Kontroli that is a fast parallel proofchecker for Dedukti,
 tools to import proofs developed in external proof systems to Dedukti theories,
 tools to translate proofs from one Dedukti theory to another,
 tools to export proofs expressed in Dedukti theories to an external proof system,
 tools to prove the confluence, the termination, and the consistency of theories expressed in Dedukti,
 libraries Nubo and Logipedia of proofs expressed in various Dedukti theories.
2.2 History
The development of computerized proof systems such as Coq, HOL Light, or PVS is a major step forward in the quest of mathematical rigor. But it jeopardizes, once again, the universality of mathematical truth: we used to have proofs of Fermat’s little theorem, we now have Coq proofs of Fermat’s little theorem, HOL Light proofs of Fermat’s little theorem, PVS proofs of Fermat’s little theorem, etc., as each proof system defines its own language for mathematical statements and its own truth conditions for these statements. See, for instance, our invited talk at IJCAR this year 18: From the Universality of Mathematical Truth to the Interoperability of Proof Systems.
One way to address this issue is to express the theories implemented in these systems in a common logical framework and to determine, for each proof, which axioms it depends on. This way, a proof can be used in any system that supports these axioms, independently of the system it has been developed in.
The idea that systems such as Euclidean geometry, nonEuclidean geometries, set theory, with or without the axiom of choice, etc. should be expressed in the same logical framework appeared, in 1928, with the design of the first logical framework in the history of logic: predicate logic. Later, several more powerful logical frameworks have been designed: $\lambda $Prolog, Isabelle, the Edinburgh logical framework, Pure type systems, Deduction modulo theory, etc.
The logical framework that we use is a simple $\lambda $calculus with dependent types and rewrite rules, called the $\lambda \Pi $calculus modulo theory, or the MartinLöf logical framework. It generalizes all the mentioned frameworks. Its concrete syntax is the language Dedukti.
The first implementation of Dedukti, now called Dkcheck, was developed in 2011 by Mathieu Boespflug 30. Then, new versions of this implementation were developed and several theories were expressed in Dedukti, allowing to import proofs developed in Matita (with the tool Krajono), HOL Light (with the tool Holide), FoCaLiZe (with the tool Focalide), iProver, and Zenon, totalizing several hundred of megabytes of proofs.
We now focus on the translation of proofs from one Dedukti theory to another and on the exporting of proofs to other proof systems. In particular the Matita arithmetic library has been translated to a much weaker theory: constructive simple type theory, allowing to export it to Coq, Lean, PVS, HOL Light, and Isabelle/HOL. In the same way, the first book of Euclids elements, formalized in Coq, has been translated to predicate logic and exported to several systems, and a proof of Bertrand's theorem, originally developed in Matita, has been translated to predicative type theory, allowing its export to Agda.
This led us to develop an online proof repository Nubo and an online encyclopedia Logipedia, allowing to share and browse this library.
We also focus on the development of new theories in Dedukti, such as Simple type theory with predicate subtyping, implemented in the system PVS, several formulations of homotopy type theory, various formulations of set theory, in particular those used in B and TLA+, matching logic, etc.
Finally, we develop an interactive theorem prover Lambdapi for Dedukti. This interactive theorem prover is also used as a tool in the process of translating proofs from PVS and from automated theorem provers.
3 Research program
3.1 Logical Frameworks
A thesis, which is at the root of our research effort, is that logical systems should be expressed as theories in a logical framework. As a consequence, proofchecking systems should not be focused on one theory, such as Simple type theory, MartinLöf's type theory, or the Calculus of constructions, but should be theoryindependent. In the same way, proofsearch algorithms or the algorithmic interpretation of proofs should not depend on a theory, but this theory should just be a parameter. This is, for instance, expressed in the title of our invited talk at ICALP 2012: A theory independent CurryDe BruijnHoward correspondence31.
Various limits of Predicate logic have led to the development of various families of logical frameworks: $\lambda $Prolog and Isabelle have allowed terms containing bound variables, the Edinburgh logical framework has allowed proofs to be expressed as $\lambda $terms, Pure type systems have allowed propositions to be considered as terms, and Deduction modulo theory has allowed theories to be defined not only with axioms, but also with computation rules.
The $\lambda \Pi $calculus modulo theory, that is implemented in the system Dedukti and that is a synthesis of the Edinburgh logical framework and of Deduction modulo theory, subsumes them all. Our goal is to express as many theories as possible in Dedukti, express proofs in these theories and translate proofs from one theory to another.
3.2 Interoperability, cross verfication and sustainability of proof libraries
Using a single prover to check proofs coming from different systems and translating these proofs from one theory to another naturally leads to investigating how these proofs can be used in a system different from the one they have been developed in.
This issue is of prime importance because developments in proof systems are getting bigger and, unlike other communities in computer science, the proofchecking community has put little effort in the direction of standardization and interoperability.
A more recent trend is to use logical frameworks and proof translations for crosschecking. Checking a proof in several systems introduces some redundancy and hence reduces the probability that an incorrect proof is nevertheless successfully verified because of a bug in the proofchecker. This problem can be mitigated by developing proofs in systems that rely on a small and auditable trust base, that ensure a significantly lower probability for such undesirable events. In practice, however, this is not always possible, and our argument gets stronger when the proof has been developed in a theory that does not enjoy a small proof checker, but, instead, a complex, and sometimes heterogeneous, proofconstruction system. This is for instance the case of B set theory, the theory on which the B method is based. There are several powerful tools to build proofs in this theory, but no small independent proof checker. Defining such a theory in a logical framework such as Dedukti and translating the proofs built by these tools into this theory permits to increase in a substantial way the trust we can have in these proofs.
Finally, on a more longterm perspective, we know that some proofchecking systems are not maintained anymore (this is, for instance the case of Automath and LCF, the two first proof checkers in history). When such a system disappears, its libraries often disappear with it. We can hope that expressing the proofs in a universal format in place of a systemspecific one and preserving these proofs into a systemindependent online repository such as Nubo or Logipedia will increase the sustainability of these libraries.
3.3 Interactive theorem proving
We also investigate how the $\lambda \Pi $calculus modulo theory can be used as the basis of an interactive theorem prover. This leads to new scientific questions: first, how much can a tactic system be theoryindependent, and then how does rewriting extend the possibility to write tactics.
This has led to the development of Lambdapi, which is an interactive theorem prover for the $\lambda \Pi $calculus modulo theory. Several tactics have been developed for this system, which are intended to help a human user to write proofs in our system instead of writing proof terms by hand.
Such an interactive theorem prover happens to be very useful when we translate to Dedukti proofs coming from laconic systems that output a proof sketch rather than a full proof. In these cases, one first produces a proof skeleton with many gaps, that are filled, in a second step of the translation, with the help of automatic tactics.
3.4 Proof automation
Interoperability between interactive and automatic theorem provers can be fruitful to both systems: results coming from automatic solvers can be checked by a thirdparty software with an identified kernel, and interactive provers can benefit from more automation. We are pushing towards this last application by extending the SMTCoq plugin for the Coq proof assistant with new logical transformations that encode Coq goals into firstorder logic, which is the input logic of the class of automatic provers called SMT solvers.
4 Application domains
Our research project has lead us to focus on applications directed to the proofchecking community itself rather than to users of proofchecking. Indeed, translating proofs from one system to another, or building a systemindependent proof library is more a service to the proofchecking community than to the users of formal methods.
This situation is evolving fast, along with the rise of crossverification.
Providing a complementary smalltrustbase proof checker for B leads us to be in closer connection with the community using formal methods in the railways industry and more generally to the modelization of industrial system community.
This is materialized with the ICSPA ANR project. We also have a longterm collaboration with the air traffic control community through the PVS community.
5 Highlights of the year
 The COST action CA20111 EuroProofNet chaired by Frédéric Blanqui started its activities. In 2022, EuroProofNet funded 17 shortterm scientific missions and organized 2 schools (Dedukti and VTSA), 2 workshops (PAAR and 1st workshop of proof library management), 1 conference (AITP), a workshop Women in EuroProofNet, and 3 other working group meetings. EuroProofNet now has more than 300 participants from 42 countries.
 The ANR project ICSPA organized its kick off meeting on February 17th.
 Gabriel Hondet defended his PhD on expressing predicate subtyping in computational logical frameworks 26.
6 New software and platforms
6.1 New software
6.1.1 Lambdapi

Keywords:
Dependent types, Rewriting, Proof assistant

Functional Description:
Lambdapi is an interactive proof development system featuring dependent types like in MartinLőf’s type theory, but allowing to define objects and types using oriented equations, aka rewriting rules, and reason modulo those equations. This allows to simplify some proofs, and formalize complex mathematical objects that are otherwise impossible or difficult to formalize in more traditional proof systems.
Lambdapi comes with Emacs and VSCode support.
Lambdapi can also read and output Dedukti files, and can thus be used as an higherlevel intermediate language for translating proofs from one system to Dedukti.
Lambdapi is a logical framework and does not come with a predefined logic. However, it is easy to define a logic by declaring a few symbols and rules. A library of predefined logic is also provided.
Here are some of the features of Lambdapi:  Emacs and VSCode plugins (based on LSP)  support for unicode (UTF8) and userdefined infix operators  symbols can be declared commutative, or associative and commutative  some arguments can be declared as implicit: the system will try to find out their value automatically  symbol and rule declarations are separated so that one can easily define inductiverecursive types or turn a proved equation into a rewriting rule  support for interactive resolution of typing goals, and unification goals as well, using tactics  a rewrite tactic similar to the one of SSReflect in Coq  the possibility of calling external automated provers  a command is provided for automatically generating an induction principle for (mutually defined) strictlypositive inductive types  Lambdapi can call external provers for checking the confluence and termination of userdefined rewriting rules by translating them to the XTC and HRS formats used in the termination and confluence competitions
 URL:

Contact:
Frederic Blanqui
6.1.2 Dedukti

Keyword:
Logical Framework

Functional Description:
Dedukti is a proofchecker for the LambdaPicalculus modulo. As it can be parametrized by an arbitrary set of rewrite rules, defining an equivalence relation, this calculus can express many different theories. Dedukti has been created for this purpose: to allow the interoperability of different theories.
Dedukti's core is based on the standard algorithm for typechecking semifull pure type systems and implements a stateoftheart reduction machine inspired from Matita's and modified to deal with rewrite rules.
Dedukti's input language features term declarations and definitions (opaque or not) and rewrite rule definitions. A basic module system allows the user to organize his project in different files and compile them separately.
Dedukti features matching modulo beta for a large class of patterns called Miller's patterns, allowing for more rewriting rules to be implemented in Dedukti.
 URL:
 Publications:

Contact:
Francois Thire

Participants:
Francois Thire, Gaspard Ferey, Guillaume Genestier, Rodolphe Lepigre
6.1.3 personoj

Keywords:
PVS, Automated theorem proving, Dedukti, Machine translation

Functional Description:
Personoj comprises a set of PVS patches that may be used to export PVS specifications (propositions and definitions) or to export successive sequents of a proof to lambdapi. Another program is able to process these sequents and call automated theorem provers through Why3 to prove the implications of the successive sequents.

Contact:
Gabriel Hondet
6.1.4 Agda2Dedukti

Keywords:
Compilation, Proof assistant, Higherorder logic, Rewriting systems

Functional Description:
Translation of Agda proofs to the Logical Framework Dedukti.
 URL:

Contact:
Guillaume Genestier

Partner:
Chalmers University
6.1.5 Coqine

Name:
Coq In dEdukti

Keywords:
Higherorder logic, Formal methods, Proof

Functional Description:
CoqInE is a plugin for the Coq software translating Coq proofs into Dedukti terms. It provides a Dedukti signature file faithfully encoding the underlying theory of Coq (or a sufficiently large subset of it). Current development is mostly focused on implementing support for Coq universe polymorphism. The generated ouput is meant to be typecheckable using the latest version of Dedukti.
 URL:

Contact:
Guillaume Burel
6.1.6 Krajono

Keyword:
Proof

Functional Description:
Krajono translates Matita proofs into Dedukti[CiC] (encoding of CiC in Dedukti) terms.

Contact:
Francois Thire
6.1.7 Holide

Keyword:
Proof

Functional Description:
Holide translates HOL proofs to Dedukti[OT] proofs, using the OpenTheory standard (common to HOL Light and HOL4). Dedukti[OT] being the encoding of OpenTheory in Dedukti.
 URL:

Contact:
Guillaume Burel
6.1.8 Logipedia

Name:
Logipedia

Keywords:
Formal methods, Web Services, Logical Framework

Functional Description:
Logipedia is composed of two distinct parts: 1) A backend that translates proofs expressed in a theory encoded in Dedukti to other systems such as Coq, Lean or HOL 2) A frontend that prints these proofs in a "nice way" via a website. Using the website, the user can search for a definition or a theorem then, download the whole proof into the wanted system.
Currently, the available systems are: Coq, Matita, Lean, PVS and OpenTheory. The proofs comes from a logic called STTForall.
In the long run, more systems and more logic should be added.

Release Contributions:
This is the beta version of Logipedia. It implements the functionalities mentioned above.
 URL:

Contact:
Francois Thire
6.1.9 nubo

Name:
Nubo

Keywords:
Interoperability, Proof

Functional Description:
Nubo is a repository of formal proofs for computer scientists and mathematicians. Nubo aims to leverage the interoperability issues raised by the substantial quantity of proof systems. To do so, it relies on a formalism in which many proofs of other systems can be stated. This formalism allows to translate formal developements to and fro foreign systems. Nubo stores, classifies and serves those formal developments expressed in this general formalism. As such, developers may exchange their proofs, whatever their favourite system is.
 URL:

Contact:
Gabriel Hondet
6.1.10 ekstrakto

Keywords:
TPTP, TSTP, Proof assistant, Dedukti

Functional Description:
Extracting TPTP problems from a TSTP trace. Proof reconstruction in Dedukti from TSTP trace.
 URL:

Contact:
Mohamed Yacine El Haddad
6.1.11 Zenon Modulo

Keywords:
Firstorder logic, Automated theorem proving, Deduction Modulo

Functional Description:
Zenon Modulo is an extension of the automated theorem prover Zenon. Compared to Super Zenon, it can deal with rewrite rules both over propositions and terms. Like Super Zenon, Zenon Modulo is able to deal with any firstorder theory by means of a similar heuristic.
 URL:

Contact:
Pierre Halmagrand
6.1.12 CoLoR

Name:
Coq Library on Rewriting and termination

Keywords:
Coq, Formalisation

Functional Description:
CoLoR is a Coq library on rewriting theory and termination. It provides many definitions and theorems on various mathematical structures (quasiordered sets, relations, ordered semirings, etc.), data structures (lists, vectors, matrices, polynomials, finite graphs), term structures (strings, firstorder terms, lambdaterms, etc.), transformation techniques (dependency pairs, semantic labeling, etc.) and (non)termination criteria (polynomial and matrix interpretations, recursive path ordering, computability closure, etc.).
 URL:
 Publications:

Authors:
Frederic Blanqui, Sebastien Hinderer

Contact:
Frederic Blanqui
6.1.13 SizeChangeTool

Keywords:
Rewriting systems, Proof assistant, Termination

Functional Description:
A terminationchecker for higherorder rewriting with dependent types.
Took part in the Termination Competition 2018 ( http://terminationportal.org/wiki/Termination_Competition_2018 ) in the "HigherOrder Rewriting (union Beta)" category.
 URL:

Contact:
Guillaume Genestier

Partner:
Mines ParisTech
6.1.14 SKonverto

Name:
SKonverto

Keywords:
Skolemization, Firstorder logic, Proof assistant

Functional Description:
SKonverto is a tool that transforms Lambdapi proofs containing Skolem symbols into proofs without these symbols.
 URL:

Contact:
Mohamed Yacine El Haddad
6.1.15 Predicativize

Name:
Predicativize

Keywords:
Dedukti, Proof assistant, Interoperability

Functional Description:
Predicativize is a tool allowing for the translation of proofs from a core impredicative type theory to a core predicative theory featuring universe polymorphism. It works by calculating constraints between universe levels, which are then solved using universe level unification, generating then a predicative universe polymorphic definition. The theory behind the tool is provided in the paper "Translating proofs from an impredicative type system to a predicative one", by Thiago Felicissimo, Frédéric Blanqui and Ashish Kumar Barnawal. Predicativize was used to translate Matita's arithmetic library to Agda.
 URL:

Contact:
Thiago Felicissimo Cesar
6.1.16 KaMeLo

Name:
KaMeLo

Keywords:
K Framework, Matching Logic, Semantics, Rewriting systems

Functional Description:
Translation of the K framework to the Logical Framework Dedukti. The input is written in Matching Logic.
 URL:

Contact:
Amélie Ledein
6.1.17 MM2DK

Keywords:
Metamath, Logical Framework

Functional Description:
Translation of the K framework to the Logical Framework Dedukti. The input is written in Matching Logic
 URL:

Contact:
Amélie Ledein

Participant:
Elliot Butte
7 New results
7.1 Implementations of Dedukti
7.1.1 Lambdapi
Participants: Frédéric Blanqui, Bruno Barras, Gabriel Hondet, Quentin Buzet.
Many improvements have been made on Lambdapi in 2022: replacement of the typechecking algorithm by a refinement algorithm, extension of the why3 tactic to handle quantifiers, incremental local confluence checking, postfix operators, addition of a coercion mechanism based on rewrite rules, and export to Coq. Moreover, an open Opam repository for Lambdapi developments has been created.
Lambdapi standard library has been extended. Quentin Buzet (Télécom Paris intern) formalized many functions and properties on natural numbers and polymorphic lists inspired of the SSreflect library in Coq. Quentin Garchery's (EPI Toccata) formalization of binary integers has been integrated by Frédéric Blanqui who simplified the used logic from the calculus of constructions to firstorder logic.
Lambdapi has also new users. Stephan Merz (Inria Nancy) formalized the set theory on which the TLA proof system is based, Claude Stolze started to formalize the B set theory, JeanPaul Bodeveix (Toulouse) used it to formalize proofs coming from Rodin, Artur Kornilowicz (Poland) started to use it to translate the proofs of the Mizar proof checker.
Bruno Barras has improved the efficiency of a callbyneed abstract machine that implements $\beta $reduction and rewriting. Some significative improvements have been carried out by using datastructures requiring less comparisons. However, memory allocation and garbage collection remains a source of inefficiency that shall be addressed in the future. This would allow to integrate this machine to the main development branch.
7.2 Theory of the lambdaPicalculus modulo rewriting and other logical formalisms
7.2.1 Subtheories
Participants: Frédéric Blanqui, Gilles Dowek, Émilie Grienenberger.
The theory $\mathcal{U}$ is a theory that contains several theories as fragments, in particular Predicate logic, Ecumenical predicate logic, Simple type theory, Simple type theory with predicate subtyping, and the Calculus of Constructions. This theory has been introduced in 2021 in an extended abstract. The long version of this paper has been accepted to publication in Logical Methods in Computer Science in 2022.
For this theory, the fragment theory shows the modularity of the subtheories of the theory $\mathcal{U}$, that is that each subtheory can be used with no reference to the symbols and axioms not in the theory. However the application of this theorem to a specific subtheory requires a proof that this theory is welltyped. This proof must be provided for each of the subtheories — for example for each of the 13 fragments of the theory $\mathcal{U}$. A natural follow up of this work is to seach for welltypedness criteria.
Émilie Grienenberger has provided a sufficient condition for a fragment to be welltyped if the theory from which it has been extracted is. This condition is inspired by welltypedness criteria studied by R. Saillard 33. She has proved that every fragment of a strongly wellformed theory is well typed.
She has then proved that if Saillard's algorithm establishing that a theory is weakly wellformed succeeds for one theory, then all its fragments are well typed.
This work based on the results of R. Saillard 33, has moreover led to a transformation of some of Saillard's proof that happened not to be fully correct.
7.2.2 Confluence and levels
Participants: Corentin Chabanol, JeanPierre Jouannaud, Gilles Dowek.
Confluence and termination of rewrite rules including betareduction in the presence of dependent types, depend on each other. In the general case, we must therefore prove the confluence of untyped computations, a problem that we have completely solved in the case of left linear rules 12. In the left nonlinear case, the confluence not being generally satisfied, we proposed a solution which proves the confluence of the only terms $t$ having a level, integer which characterizes a certain level of nesting of the betaredexes potentially belonging to a left nonlinear rule instance applying to $t$32. Corentin Chabanol showed that the calculus of levels is reduced to a system of constraints in algebra (max, plus) on integers, constraints which also intervene in type inference, and are studied in this respect in the team . The calculation of levels is being implemented by Corentin Chabanol.
7.2.3 Completion of rewrite systems
Participants: Loris Cros, Bruno Barras.
In his last year of his programme recherche supervised by Bruno Barras, Loris Cros has finished the implementation of a completion algorithm in lambdapi. The main issue was to adapt an algorithm found in the literature to rewrite rules where the left handside is expressed as a pattern. When the algorithm terminates, it produces a confluent rewrite system which equational theory is the same as the system given as input. It remains to evaluate the cases where this algorithm produces a result. The main motivating example for this work is the de Morgan algebras.
7.3 Expressing theories in Dedukti
7.3.1 Predicate subtying and PVS
Participants: Gabriel Hondet, Frédéric Blanqui, Gilles Dowek.
Gabriel Hondet defended his PhD on expressing predicate subtyping in computational logical frameworks 26. Safe programming as well as most proof systems rely on typing. The more a type system is expressive, the more these types can be used to encode invariants which are therefore verified mechanically through type checking procedures. Predicate subtyping extends simple type theory by allowing terms to be defined by predicates. A predicate subtype $\{x:AP\left(x\right)\}$ is inhabited by terms t of type $A$ for which $P\left(t\right)$ holds. This extension provides a rich and intuitive but undecidable type system. This work is dedicated to the encoding of predicate subtyping in Dedukti: a logical framework with computation rules. We begin by encoding explicit predicate subtyping for which terms of type A are syntactically different from terms of type $\{x:AP\left(x\right)\}$. Predicate subtyping, is often used implicitly, with no syntactic difference between terms of type A and terms of type $\{x:AP\left(x\right)\}$. We enrich our logical framework with a term refiner which can add these syntactic markers in order to make subtyping explicit in terms. This transformation is used to translate the standard library of PVS, a proof assistant using extensively predicate subtyping, to Dedukti.
7.3.2 New expression of Pure Type Systems
Participants: Thiago Felicissimo, Frédéric Blanqui, Gilles Dowek.
Thiago Felicissimo worked on the theory of Dedukti encodings. Conservativity is an important property that ensures that every proof that is checked correct in Dedukti corresponds to a correct proof in the encoded system. But proving the conservativity of encodings is generally hard, and because of this many encodings used in practice lack a conservativity result. In 20, he proposes a different encoding of Pure Type Systems in Dedukti which do not only allow for simple conservativity proofs, but also provides an adequacy theorem — i.e., a onetoone syntactic correspondence between the (quotiented) framework syntax and the syntax of the encoded system. Unlike most conservativity proofs, his proof does not rely on the normalization of the rewrite rules of the encoding, a property that is known to be hard to show. Given that Pure Type Systems are the basis of many other type systems, his approach should be in general applicable to most encodings.
7.3.3 Universes
Participants: Yoan Géran, Olivier Hermant, Gilles Dowek, Frédéric Blanqui.
Universes are a feature of several type theories, such as those implemented in Agda and Coq. These two theories have however different universe systems: the one of Agda is predicative and the one of Coq impredicative. In the past, the predicative case has been studied by Thiago Felicissimo and the impredicative one by Gaspard Férey. In this last case, however the confluence of the theory was left as a conjecture.
Yoan Géran has given a new definition of impredicative universes, simplifying Férey's and proved termination and confluence.
Most definitions of universes in Dedukti use a unary successor symbol and a binary max symbol. To decide the word problem in this maxsuccessor algebra, all the proposed definitions use rewriting with matching modulo associativity and commutativity (AC), which is of high complexity and difficult to add in standard algorithms for βreduction and typechecking. Frédéric Blanqui has shown that it is possible to get rid of matching modulo AC by enforcing terms to be in some special canonical form with respect to AC, and by using rewriting rules taking advantage of this canonical form. This work has been presented at the 7th International Conference on Formal Structures for Computation and Deduction (FSCD) 14.
7.3.4 Set theory
Participants: Thomas Traversié, Valentin Blot, Gilles Dowek, Claude Stolze, Catherine Dubois, Olivier Hermant.
Thomas Traversié, during his internship supervised by Valentin Blot and Gilles Dowek, implemented set theory in Lambdapi, using an encoding of sets with a structure of pointed graphs 25. This work has been presented in Haïfa, at the workshop LFMTP.
Claude Stolze started a postdoc in October 2022 on expressing in Dedukti the B set theory used by Atelier B. He is also working on a translator from proof obligations generated by Atelier B into Lambdapi. The translator can be found at Bpogtranslator repository on github.
7.3.5 Cubical Type Theory
Participants: Émile Oléon, Bruno Barras.
In his internship supervised by Bruno Barras, Émile Oléon has translated by hand a proof expressed in Cubical Agda in the Dedukti encoding of Two Layers Type Theory instantiated with the primitives of Cubical Type Theory. He translated the proof that the loop space of the circle is $\mathbb{Z}$. This paves the way to an automatic translation procedure of Cubical Agda proofs to Dedukti.
7.3.6 Matching Logic
Participants: Amélie Ledein, Valentin Blot, Catherine Dubois.
Amélie Ledein defined a partial shallow embedding of Matching Logic. This embedding is partial because the positive occurrence criteria isn't check by the embedding itself, and it is difficult to find Matching Logic proofs using some rules of the Matching Logic proof system. This initial work began with the study of the formalization of Matching Logic in Metamath, and continues with the objective of better understanding Matching Logic. This is also the objective of other researchers doing similar work in Coq and Lean, with whom Amélie Ledein is collaborating, as well as the K team itself.
7.4 Translations
7.4.1 From Isabelle to Dedukti
Participants: Frédéric Blanqui.
In the framework of his PHC Sakura project, Frédéric Blanqui, together with Jérémy Dubut and Akihisa Yamada (AIST Tokyo, Japan) improved the translator from Isabelle to Dedukti and Lambdapi. It is now possible to export most of the Isabelle/HOL standard library.
7.4.2 From PVS to Dedukti
Participants: Gabriel Hondet, Frédéric Blanqui, Gilles Dowek.
Gabriel Hondet developed a tool, Personoj, to translate the terms and statements of PVS to Lambdapi.
7.4.3 From impredicative to predicative type theory
Participants: Thiago Felicissimo, Frédéric Blanqui, Gilles Dowek.
Thiago Felicissimo, Frédéric Blanqui and Ashish Kumar Barnawal (former intern from India) worked on the translation of proofs in impredicative type systems to predicative ones using universe polymorphism 28. As the development of formal proofs is a timeconsuming task, it is important to devise ways of sharing the already written proofs to prevent wasting time redoing them. One of the challenges in this domain is to translate proofs written in proof assistants based on impredicative logics, such as Coq, Matita and the HOL family, to proof assistants based on predicative logics like Agda, whenever impredicativity is not used in an essential way. They developed an algorithm to do such a translation between a core impredicative type system and a core predicative one allowing prenex universe polymorphism like in Agda. It consists in trying to turn a potentially impredicative term into a universe polymorphic term as general as possible. The use of universe polymorphism is justified by the fact that mapping an impredicative universe to a fixed predicative one is not sufficient in most cases. During the algorithm, one needs to solve unification problems modulo the maxsuccessor algebra on universe levels. But, in this algebra, there are solvable problems having no most general solution. They however provide an incomplete algorithm whose solutions, when it succeeds, are most general ones. The proposed translation is of course partial, but in practice allows one to translate many proofs that do not use impredicativity in an essential way. Indeed, it was implemented in the tool Predicativize and then used to translate semiautomatically many nontrivial developments from Matita’s arithmetic library to Agda, including Bertrand’s Postulate and Fermat’s Little Theorem, which were not available in Agda yet.
7.4.4 From Coq to Dedukti
Participants: Yoan Géran, Olivier Hermant, Gilles Dowek.
Yoan Géran worked on an encoding of the Coq universes in order to improve the translation from Coq to Dedukti. These universes are expressed with the functions max and successor, the natural numbers and variables together with another symbol $R$ to handle impredicativity such that $R(x,0)=0$ and $R(x,s(y\left)\right)=max(x,s(y\left)\right)$. Yoan Géran showed that any term of this grammar can be written as the maximum of a list of subterms where the subterms are expressed in a subgrammar, and the study of this subgrammar led to a normal form for its terms.
7.4.5 From Predicate logic to the tactic language of Coq
Participants: Yoan Géran, Olivier Hermant, Gilles Dowek.
Yoan Géran has implemented a tool to translate proofs from a Dedukti expression of Predicate logic to the tactic language of Coq. As an example, he translated the proofs of the first book of Euclid Elements: dktactgeo on github.
These proofs were obtained in three steps. The original developement is a Coq library (GeoCoq/Elements/OriginalProofs on github). This library has been translated, by Gaspard Férey in a Dedukti expression of the type theory of Coq (GeoCoqInEEuclid on github).
Yoan Géran then showed that these proofs can be expressed in Simple type theory with polymorphsm (which led to translations to Coq, HOL Light, Matita, Lean, Open Theory, and PVS using Logipedia (sttfageocoqeuclid on github) and to Predicate Logic (plthgeocoqeuclid on github).
The proofs obtained are then more readable than the one obtained using Logipedia, and translators from the encoding of the Predicate Logic to other proof system could be written in the same way, leading to the export of proofs in a readable format using Dedukti.
7.4.6 From the K Framework to Dedukti
Participants: Amélie Ledein, Valentin Blot, Catherine Dubois.
Amélie Ledein defined an encoding from K to Dedukti via Matching Logic, in order to execute programs within Dedukti. This work has been presented at JFLA2022 23.
This work was then extended by a penandpaper formalization of the translation performed internally by K. This extension has been submitted to TYPES2022 postproceedings 29.
Amélie Ledein defined a partial shallow embedding of Matching Logic. To validate it, Amélie Ledein checked the proof objects generated by K's automatic prover in the particular case of program execution. Ongoing work consists in isolating a simpler fragment of Matching Logic that is sufficient for expressing this kind of proofs.
7.4.7 From Metamath to Dedukti
Participants: Amélie Ledein, Valentin Blot, Catherine Dubois.
Metamath is an american logical framework from the 90's. Matching Logic (the theoretical foundation of K) was formalized within this framework. Moreover, 74 out of the 100 theorems of Freek Wiedijk's list were formalized in metamath.
Amélie Ledein defined both a deep and a shallow emdbeddings of Metamath into Dedukti24. During his M1 internship, Elliot Butte contributed to the implementation of the shallow embedding.
One future challenge consists in trying to determine the encoded features (subtyping, overloading, etc.) before translating them. Another challenge would be to define an interpretation, within Dedukti, from a deep embedding into a shallow one.
7.5 Other research projects
7.5.1 Automation for the Coq proof assistant
Participants: Valentin Blot, Louise Dubois de Prisque, Chantal Keller, Pierre Vial.
In order to automatize the Coq proof assistant, tactics which send a firstorder goal to SMT solvers are available in the SMTCoq plugin.
Valentin Blot, Louise Dubois de Prisque and Pierre Vial, with the external collaboration of Denis Cousineau, Enzo Crance, Chantal Keller and Assia Mahboubi, developed a new Coq automatic tactic 16 which generates and proves firstorder statements about Coq terms (datatypes and functions). This enriches the semantics of information transmitted to SMTCoq and increases automation in the Coq proof assistant.
This tactic snipe is modular and combines independent transformations, which allows incremental development.
7.5.2 Extensions of proof assistants with rewrite rules
Participants: Yann Leray, Théo Winterhalter.
Yann Leray has been working on an extension of the Coq proof assistant with userdefined rewrite rules: both on the practical level (as a fork of the Coq repository for now) and on the theoretical level. This latter point is performed as part of the MetaCoq project aiming to specify and verify Coq as well as studying its metatheory. In other words, the idea is to both be able to enjoy and test new features while figuring out the proper restrictions needed to make sure good properties of the system (such as confluence or type safety) are preserved.
Théo Winterhalter has been working on pushing this idea of rewrite rules even further by considering local computation instead. More precisely, a type theory can be extended with a local binder for new computational theories, the same way new hypotheses can currently be introduced. This would allow a user to locally rely on rewrite rules to perform a proof, without polluting the global theory, or the base of assumptions of the whole system.
7.5.3 Bar recursive interpretation of secondorder arithmetic
Participants: Valentin Blot.
Valentin Blot defined a bar recursive computational interpretation of secondorder arithmetic presented as a secondorder theory with quantification on predicates 15, rather than a firstorder theory equipped with the axiom scheme of comprehension. This brings closer together the two existing interpretations of secondorder arithmetic: polymorphic $\lambda $calculus and bar recursion.
7.5.4 Quantum Computing
Participants: Gilles Dowek, Alejandro DíazCaro.
Gilles Dowek and Alejandro DíazCaro have extended linear logic with two rules for addtion and multiplication and shown a purely syntactic linearity theorem for this logic: the closed proofterms of a linear implication commute with addition and multiplication by a scalar. Together with the supperposition connective introduced in a previous work, the proofterms of this logic form a complete quantum programming language. This work has been presented at FSCD 2022 17.
7.5.5 Encoding the diagrammatic reasoning in Type Theory
Participants: Luc Chabassier, Bruno Barras.
In his PhD supervised by Bruno Barras, Luc Chabassier has carried out experiments to figure out how the difficulty of categoretical proof could be reduced in standard proof assistants, more specifically on Coq. He started developing a decision procedure for problems that were usually solved with diagrammatic reasoning, in an attempt to circumvent the difficulty of embedding diagrammatic reasoning in Coq. However, as this problem is undecidable. he designed a pretty good but incomplete algorithm for this problem, and he implemented it as a Coq plugin, released on opam. At that point it turned out to be too simple for real usecases, but further work may extend it to cover more cases, making it more usable.
Another way to face the undecidability of the above problem is to create an interactive way to work with diagrams in proof assistants, that would use the previously created procedure as an helper. Luc Chabassier has started the design and implementation of such an idea. However it is not yet ready for release.
8 Bilateral contracts and grants with industry
8.1 Bilateral contracts with industry
Participants: Valentin Blot, Pierre Vial, Boris Djalal, Louise Dubois De Prisque.
Valentin Blot and Chantal Keller have funding for a 4year project (2021–2025) involving a PhD student, a research engineer (2 years) and a postdoctoral researcher (2 years). This funding is part of the Inria  Nomadic labs partnership for Tezos blockchain.
9 Partnerships and cooperations
9.1 International initiatives
9.1.1 STIC/MATH/CLIMAT AmSud projects
QAPLA

Title:
Qapla', Quantum aspects of programming langages

Program:
STICAmSud

Duration:
January 1, 2021 – December 31, 2022

Local supervisor:
Gilles Dowek

Partners:
 Universidad de Chile (Chili)
 Universidad de la República (Uruguay)

Inria contact:
Gilles Dowek

Summary:
QAPLA investigates develops a logical approach to the development of quantum programming languages
9.1.2 Participation in other International Programs
PHC Sakura project
Participants: Frédéric Blanqui, Thiago Felicissimo.

Title:
ADVANCED HIGHASSURANCE SOFTWARE TECHNOLOGY BY PROOF ASSISTANTS WITH HIGHERORDER REWRITING

Partner Institution(s):
 Gunma University, Kiryu, Japan
 AIST, Tokyo, Japan

Date/Duration:
2 years, 20222023

Funding:
Partenariat Hubert Curien (PHC) francojaponais
 Web site:
9.2 International research visitors
9.2.1 Visits to international teams
Research stays abroad
Frédéric Blanqui and Thiago Felicissimo both visited for 2 weeks Akihisa Yamada and Jérémy Dubut, AIST Tokyo, Japan, and Makoto Hamana, Gunma University, Kiryu, Japan (PHC Sakura project).
Amélie Ledein visited for 2 weeks the K Framework team in Iasi and Bucarest (Romania).
9.3 European initiatives
9.3.1 Horizon Europe
COST action CA20111 EuroProofNet

Description:
EuroProofNet is the European research network on digital proofs. It aims at boosting the interoperability and usability of proof systems. It has more than 300 participants from 42 different countries. It is chaired by Frédéric Blanqui.

Date/Duration:
4 years, 01/11/21  30/10/25

Funding:
COST
 Web site:
9.4 National initiatives
9.4.1 ICSPA
Participants: Gilles Dowek, Catherine Dubois, Olivier Hermant, Claude Stolze.
The ANR project (20222025) ICSPA (Interoperable and Confident Setbased Proof Assistants) has been accepted in the context of the AAPG 2021 call. It is coordinated by Catherine Dubois and has the following academic partners Samovar – Inria Grand Est – Inria ParisSaclay – LIRMM – IRIT with the industrial partner Clearsy. The project starts on January 1st 2022. This project aims at reinforcing the confidence in proofs carried out mechanically for the setbased specification formalisms B, EventB, and TLA+ that are used in industry.This will be done by verifying these proofs formally and independently with the proof verifier Dedukti. The project also aims at designing and implementing an exchange framework, through which those three systems can share their proofs and theories, making them effectively interoperable.
9.4.2 PROGRAMme
Participants: Gilles Dowek.
The ANR PROGRAMme is an ANR for junior researcher Liesbeth Demol (CNRS, UMR 8163 STL, University Lille 3) to which G. Dowek participates. The subject is: “What is a program? Historical and Philosophical perspectives”. This project aims at developing the first coherent analysis and pluralistic understanding of “program” and its implications to theory and practice.
10 Dissemination
10.1 Promoting scientific activities
10.1.1 Scientific events: organisation
General chair, scientific chair
 Frédéric Blanqui and Gilles Dowek organized the 1st Dedukti school at Nantes, France, on 2425 June 2022.
 Frédéric Blanqui organized the 1st Workshop on the development, maintenance, refactoring and search of large libraries of proofs, at Tbilisi, Georgia, on 2425 September 2022.
 Frédéric Blanqui organized the 1st Dedukti tools developers meeting at Val d'Ajol, France, on 1618 October 2022.
Member of steering committee
 Valentin Blot is the workshop chair and a member of the steering committee of the ACM/IEEE Symposium on Logic In Computer Science (LICS).
 Frédéric Blanqui is member of the steering committee of the ACM/IEEE Symposium on Logic in Computer Science (LICS).
 Frédéric Blanqui is member of the steering committee of the international conference on types for proofs and programs (TYPES).
 Frédéric Blanqui is member of the steering committee of the international school on rewriting (ISR).
Local organizer
 Valentin Blot was the local organizer of the LHC days (Logique, Homotopie, Catégories), a working group of GDRIM (Groupe De Recherche Informatique Mathématiques).
10.1.2 Scientific events: selection
Member of the conference program committees
 Frédéric Blanqui was PC member of the following conferences: 11th International Joint Conference on Automated Reasoning (IJCAR'22), 28th International Conference on Types for Proofs and Programs (TYPES'22).
 Théo Winterhalter was a PC member of the 50th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2023).
 Olivier Hermant was a PC member of the "Approches Formelles dans l’Assistance au Développement de Logiciels" conference (AFADL 2022).
 Catherine Dubois was a PC member of the "Approches Formelles dans l’Assistance au Développement de Logiciels" conference (AFADL 2022).
10.1.3 Invited talks
 Frédéric Blanqui gave a two days lecture on proof interoperability at the 2022 Summer School on Verification Technology, Systems & Applications (VTSA), Saarbrücken, Germany.
 Gilles Dowek has been an invited speaker at IJCAR 2022 18.
10.1.4 Leadership within the scientific community
 Frédéric Blanqui is chair of the COST action CA20111 EuroProofNet, the European research network on digital proofs (>300 participants from 42 countries).
 Catherine Dubois is cochair of the GDR Génie de la Programmation et du Logiciel (GDR GPL).
 Olivier Hermant is a member of the scientific board of the GDR GPL.
10.1.5 Research administration
 Frédéric Blanqui is codirector of the STIC doctoral school on information and computer science of the University Paris Saclay (>500 PhD students).
 Frédéric Blanqui is member of the INRIA Evaluation Committee.
 Frédéric Blanqui is member of the INRIA Saclay Scientific Committee.
10.2 Teaching  Supervision  Juries
10.2.1 Teaching
 Master: Frédéric Blanqui, formal languages, 21h, M1, ENSIIE, France
 Master: Frédéric Blanqui, rewriting theory, 14h, M1, ENS ParisSaclay, France
 Master: Gilles Dowek, Foundations of proof systems, 22h30, M2, MPRI, France
 Master: Bruno Barras, Proof Assistants, 12h, M2, MPRI, France
 Master: Théo Winterhalter, Foundations of proof systems (master class), 1h30, M2, MPRI, France
 Master: Amélie Ledein, Software Engineering, 30h, M1, ENS ParisSaclay, France
 License: Thiago Felicissimo, functional programming  TP, 18h, Polytech ParisSaclay, France
 License: Thiago Felicissimo, logic  TD, 22h, L3, Faculté des Sciences d'Orsay, France
 License: Thiago Felicissimo, compilation  TD/TP, 24h, L3, Faculté des Sciences d'Orsay, France
 License: Thiago Felicissimo, objectoriented programming  TP, 21h, IUT d'Orsay, France
 License: Amélie Ledein, Compilation project, 15h, L3, ENS ParisSaclay, France
 License: Amélie Ledein, Logic project, 22h30, L3, ENS ParisSaclay, France
 License: Luc Chabassier, Logique, L3, 30h, ENS ParisSaclay, France
 License: Luc Chabassier, Projet base de données, 22h30, L3, ENS ParisSaclay, France
 License: Luc Chabassier, Archtecture et système, 22h30, L3, ENS ParisSaclay, France
 IUT: Yoan Géran, Algorithmic and programmation, 45h, IUT d'Orsay, France
 IUT: Luc Chabassier, C++ R1012, première année, 38h30, IUT d'Orsay, France
 IUT: Luc Chabassier, Projet c++ S102, première année, 10h30, IUT d'Orsay, France
 ENSTA Paris: Yoan Géran, Algorithmic, 16h
10.2.2 Supervision
 Frédéric Blanqui is the PhD supervisor of Gabriel Hondet and Thiago Felicissimo.
 Gilles Dowek is the PhD supervisor of Gabriel Hondet, Émilie Grienenberger, Thiago Felicissimo, and Yoan Géran.
 Olivier Hermant is the PhD supervisor of Yoan Géran.
 Chantal Keller is the PhD supervisor of Louise Dubois de Prisque.
 Catherine Dubois is the PhD supervisor of Amélie Ledein.
 Valentin Blot is the PhD supervisor of Amélie Ledein and Louise Dubois de Prisque.
 Bruno Barras is the PhD supervisor of Luc Chabassier.
 Théo Winterhalter supervises Yann Leray for a six months internship (post master).
 Gilles Dowek supervises Thomas Traversié and Corentin Chabanol for their programme recherche.
 Valentin Blot supervises Thomas Traversié for his programme recherche.
 Bruno Barras supervises the internship (master) of Émile Oléon and the programme recherche of Loris Cros.
 JeanPierre Jouannaud supervises Corentin Chabanol for his programme recherche.
10.2.3 Juries
 Frédéric Blanqui was reviewer of the PhD thesis of HansJorg Schurr (University of Nancy) on "Stronger SMT solvers for proof assistants – Proofs, quantifier simplification, strategy schedules".
10.3 Popularization
10.3.1 Internal or external Inria responsibilities
Gilles Dowek is a member of the Conseil ational du numérique.
Gilles Dowek is a member of the Conseil National Pilote d'Éthique du numérique.
Gilles Dowek is a member of the Scientific board of the Société informatique de France.
10.3.2 Articles and contents
 Frédéric Blanqui published an article on proof system interoperability on Binaire on 6 May 2022: L’interopérabilité des systèmes de preuve.
 Inria published an article of EuroProofNet on 1st March 2022: Proof assistants: strengthening the position of the EU through EuroProofNet.
11 Scientific production
11.1 Major publications

1
inproceedingsExpressing theories in the
$$ $$ calculus modulo theory and in the Dedukti system.22nd International Conference on Types for Proofs and Programs, TYPES 2016Novi SAd, SerbiaMay 2016  2 articleA generalization of the TakeutiGandy interpretation.Mathematical Structures in Computer Science2552015, 10711099URL: https://doi.org/10.1017/S0960129514000504
 3 articleDefinitions by rewriting in the Calculus of Constructions.Mathematical Structures in Computer Science1512005, 3792
 4 articleThe Computability Path Ordering.Logical Methods in Computer ScienceOctober 2015
 5 inproceedingsAn interpretation of system F through bar recursion.32nd ACM/IEEE Symposium on Logic in Computer ScienceIEEE2017
 6 articleFirstOrder Automated Reasoning with Theories: When Deduction Modulo Theory Meets Practice.Journal of Automated Reasoning2019

7
inproceedingsEmbedding Pure Type Systems in the
$$ $$ calculus modulo.Typed lambda calculi and applications4583Lecture Notes in Computer ScienceSpringerVerlag2007, 102117  8 articleTheorem proving modulo.Journal of Automated Reasoning312003, 3373
 9 articleResolution is CutFree.Journal of Automated Reasoning443March 2010, 245276
 10 articleTableaux Modulo Theories Using Superdeduction.Global Journal of Advanced Software Engineering (GJASE)1December 2014, 113
 11 articleVerifying B Proof Rules using Deep Embedding and Automated Theorem Proving.Software and Systems Modeling (SoSyM)June 2013
11.2 Publications of the year
International journals
 12 articleConfluence of leftlinear higherorder rewrite theories by checking their nested critical pairs.Mathematical Structures in Computer ScienceJanuary 2022, 136
 13 articleUnification of Drags and Confluence of Drag Rewriting.Journal of Logical and Algebraic Methods in Programming131February 2023, 26
International peerreviewed conferences
 14 inproceedingsEncoding Type Universes Without Using Matching Modulo Associativity and Commutativity.FSCD 2022  7th International Conference on Formal Structures for Computation and Deduction2287th International Conference on Formal Structures for Computation and Deduction (FSCD 2022)Haifa, IsraelJune 2022, 14
 15 inproceedingsA direct computational interpretation of secondorder arithmetic via update recursion.LICS 2022  37th Annual ACM/IEEE Symposium on Logic in Computer ScienceHaïfa, IsraelAugust 2022
 16 inproceedingsCompositional preprocessing for automated reasoning in dependent type theory.CPP 2023  Certified Programs and ProofsBoston, United States2023
 17 inproceedingsLinear LambdaCalculus is Linear.LIPICSFormal Structures for Computation and Deduction228Haifa, IsraelAugust 2022
 18 inproceedingsFrom the Universality of Mathematical Truth to the Interoperability of Proof Systems.LNAIInternational Joint Conference on Automated Reasoning13385Haifa, IsraelAugust 2022
 19 inproceedingsSafe, Fast, Concurrent Proof Checking for the lambdaPi Calculus Modulo Rewriting.11th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP ’22)Philadelphia, PA, United StatesJanuary 2022
 20 inproceedingsAdequate and Computational Encodings in the Logical Framework Dedukti.FSCD 2022  7th International Conference on Formal Structures for Computation and DeductionHaifa, IsraelAugust 2022
 21 inproceedingsClassical simulation of quantum circuits with partial and graphical stabiliser decompositions.17th Conference on the Theory of Quantum Computation, Communication and Cryptography (TQC 2022)23217th Conference on the Theory of Quantum Computation, Communication and Cryptography (TQC 2022)5UrbanaChampaign, United StatesJuly 2022, 5:1  5:13
National peerreviewed Conferences
 22 inproceedingsBécassine à la chasse au Coq (démonstration).Journées Francophones des Langages ApplicatifsJFLA 2022  Journées Francophones des Langages ApplicatifsSaintMédardd'Excideuil, FranceJune 2022
 23 inproceedingsVers une traduction de K en Dedukti.Journées Francophones des Langages ApplicatifsJFLA 2022  Journées Francophones des Langages ApplicatifsSaintMédardd'Excideuil, FranceJune 2022
 24 inproceedingsTraduire l'univers des mathématiques en Dedukti, sans univers.Journées Francophones des Langages ApplicatifsJFLA 2023  34èmes Journées Francophones des Langages ApplicatifsPrazsurArly, FranceJanuary 2023, 172189
Conferences without proceedings
 25 inproceedingsAn Implementation of Set Theory with Pointed Graphs in Dedukti.LFMTP 2022  International Workshop on Logical Frameworks and MetaLanguages : Theory and PracticeHaïfa, IsraelAugust 2022
Doctoral dissertations and habilitation theses
 26 thesisExpressing predicate subtyping in computational logical frameworks.Université ParisSaclaySeptember 2022
Reports & preprints
 27 miscA New Connective in Natural Deduction, and its Application to Quantum Computing ⋆.January 2022
 28 miscTranslating proofs from an impredicative type system to a predicative one.November 2022
 29 miscA semantics of K into Dedukti.December 2022
11.3 Cited publications

30
phdthesisConception d'un noyau de vérification de preuves pour le
$$ calcul modulo.École Polytechnique2011  31 inproceedingsA Theory Independent Curryde Bruijnhoward Correspondence.Proceedings of the 39th International Colloquium Conference on Automata, Languages, and Programming  Volume Part IIICALP'12Berlin, HeidelbergWarwick, UKSpringerVerlag2012, 1315URL: http://dx.doi.org/10.1007/9783642315855_2
 32 inproceedingsConfluence in NonLeftLinear Untyped HigherOrder Rewrite Theories.PPDP 2021  23rd International Symposium on Principles and Practice of Declarative ProgrammingTallin, EstoniaSeptember 2021

33
phdthesisTypechecking in the
$$ Calculus Modulo: Theory and Practice.MINES ParisTech2015