3.1.1 Proofs as programs

Proof theory is the branch of logic devoted to the study of the structure of proofs. An essential contributor to this field is Gentzen  61 who developed in 1935 two logical formalisms that are now central to the study of proofs. These are the so-called “natural deduction”, a syntax that is particularly well-suited to simulate the intuitive notion of reasoning, and the so-called “sequent calculus”, a syntax with deep geometric properties that is particularly well-suited for proof automation.

Proof theory gained a remarkable importance in computer science when it became clear, after genuine observations first by Curry in 1958  56, then by Howard and de Bruijn at the end of the 60's  73, 48, that proofs had the very same structure as programs: for instance, natural deduction proofs can be identified as typed programs of the ideal programming language known as $\lambda$-calculus.

This proofs-as-programs correspondence has been the starting point to a large spectrum of researches and results contributing to deeply connect logic and computer science. In particular, it is from this line of work that Coquand and Huet's Calculus of Constructions  55, 53 stemmed out – a formalism that is both a logic and a programming language and that is at the source of the Coq system   90.

3.1.2 Towards the calculus of constructions

The $\lambda$-calculus, defined by Church  52, is a remarkably succinct model of computation that is defined via only three constructions (abstraction of a program with respect to one of its parameters, reference to such a parameter, application of a program to an argument) and one reduction rule (substitution of the formal parameter of a program by its effective argument). The $\lambda$-calculus, which is Turing-complete, i.e. which has the same expressiveness as a Turing machine (there is for instance an encoding of numbers as functions in $\lambda$-calculus), comes with two possible semantics referred to as call-by-name and call-by-value evaluations. Of these two semantics, the first one, which is the simplest to characterise, has been deeply studied in the last decades  44.

To explain the Curry-Howard correspondence, it is important to distinguish between intuitionistic and classical logic: following Brouwer at the beginning of the 20th century, classical logic is a logic that accepts the use of reasoning by contradiction while intuitionistic logic proscribes it. Then, Howard's observation is that the proofs of the intuitionistic natural deduction formalism exactly coincide with programs in the (simply typed) $\lambda$-calculus.

A major achievement has been accomplished by Martin-Löf who designed in 1971 a formalism, referred to as modern type theory, that was both a logical system and a (typed) programming language  82.

In 1985, Coquand and Huet  55, 53 in the Formel team of INRIA-Rocquencourt explored an alternative approach based on Girard-Reynolds' system $F$  62, 86. This formalism, called the Calculus of Constructions, served as logical foundation of the first implementation of Coq in 1984. Coq was called CoC at this time.

3.1.3 The Calculus of Inductive Constructions

The first public release of CoC dates back to 1989. The same project-team developed the programming language Caml (nowadays called OCaml and coordinated by the Gallium team) that provided the expressive and powerful concept of algebraic data types (a paragon of it being the type of lists). In CoC, it was possible to simulate algebraic data types, but only through a not-so-natural not-so-convenient encoding.

In 1989, Coquand and Paulin  54 designed an extension of the Calculus of Constructions with a generalisation of algebraic types called inductive types, leading to the Calculus of Inductive Constructions (CIC) that started to serve as a new foundation for the Coq system. This new system, which got its current definitive name Coq, was released in 1991.

In practice, the Calculus of Inductive Constructions derives its strength from being both a logic powerful enough to formalise all common mathematics (as set theory is) and an expressive richly-typed functional programming language (like ML but with a richer type system, no effects and no non-terminating functions).

3.2.1 The underlying logic and the verification kernel

The architecture adopts the so-called de Bruijn principle: the well-delimited kernel of Coq ensures the correctness of the proofs validated by the system. The kernel is rather stable with modifications tied to the evolution of the underlying Calculus of Inductive Constructions formalism. The kernel includes an interpreter of the programs expressible in the CIC and this interpreter exists in two flavours: a customisable lazy evaluation machine written in OCaml and a call-by-value bytecode interpreter written in C dedicated to efficient computations. The kernel also provides a module system.

3.2.2 Programming and specification languages

The concrete user language of Coq, called Gallina, is a high-level language built on top of the CIC. It includes a type inference algorithm, definitions by complex pattern-matching, implicit arguments, mathematical notations and various other high-level language features. This high-level language serves both for the development of programs and for the formalisation of mathematical theories. Coq also provides a large set of commands. Gallina and the commands together forms the Vernacular language of Coq.

3.2.3 Standard library

The standard library is written in the vernacular language of Coq. There are libraries for various arithmetical structures and various implementations of numbers (Peano numbers, implementation of $\mathbb{N}$, $\mathbb{Z}$, $\mathbb{Q}$ with binary digits, implementation of $\mathbb{N}$, $\mathbb{Z}$, $\mathbb{Q}$ using machine words, axiomatisation of $ℝ$). There are libraries for lists, list of a specified length, sorts, and for various implementations of finite maps and finite sets. There are libraries on relations, sets, orders.

3.2.4 Tactics

The tactics are the methods available to conduct proofs. This includes the basic inference rules of the CIC, various advanced higher level inference rules and all the automation tactics. Regarding automation, there are tactics for solving systems of equations, for simplifying ring or field expressions, for arbitrary proof search, for semi-decidability of first-order logic and so on. There is also a powerful and popular untyped scripting language for combining tactics into more complex tactics.

Note that all tactics of Coq produce proof certificates that are checked by the kernel of Coq. As a consequence, possible bugs in proof methods do not hinder the confidence in the correctness of the Coq checker. Note also that the CIC being a programming language, tactics can have their core written (and certified) in the own language of Coq if needed.

3.2.5 Extraction

Extraction is a component of Coq that maps programs (or even computational proofs) of the CIC to functional programs (in OCaml, Scheme or Haskell). Especially, a program certified by Coq can further be extracted to a program of a full-fledged programming language then benefiting of the efficient compilation, linking tools, profiling tools, ... of the target language.

3.2.6 Documentation

Coq is a feature-rich system and requires extensive training in order to be used proficiently; current documentation includes the reference manual, the reference for the standard library, as well as tutorials, and related tooling [sphinx plugins, coqdoc]. The jsCoq tool allows writing interactive web pages were Coq programs can be embedded and executed.

3.2.7 Proof development infrastructure

Coq is used in large-scale proof developments, and provides users miscellaneous tooling to help with them: the coq_makefile and Dune build systems help with incremental proof-checking; the Coq OPAM repository contains a package index for most Coq developments; the CoqIDE, ProofGeneral, jsCoq, and VSCoq user interfaces are environments for proof writing; and the Coq's API does allow users to extend the system in many important ways. Among the current extensions we have QuickChik, a tool for property-based testing; STMCoq and CoqHammer integrating Coq with automated solvers; ParamCoq, providing automatic derivation of parametricity principles; MetaCoq for metaprogramming; Equations for dependently-typed programming; SerAPI, for data-centric applications; etc... This also includes the main open Coq repository living at Github.

3.3.1 Type-checking and proof automation

In between the decidable type systems of conventional data-types based programming languages and the full expressiveness of logically undecidable formulae, an active field of research explores a spectrum of decidable or semi-decidable type systems for possible use in dependently typed programming languages. At the beginning of the spectrum, this includes, for instance, the system F's extension ML${}_F$ of the ML type system or the generalisation of abstract data types with type constraints (G.A.D.T.) such as found in the Haskell programming language. At the other side of the spectrum, one finds arbitrary complex type specification languages (e.g. that a sorting function returns a list of type “sorted list”) for which more or less powerful proof automation tools exist – generally first-order ones.

3.4.1 Control operators and classical logic

Indeed, a significant extension of the Curry-Howard correspondence has been obtained at the beginning of the 90's thanks to the seminal observation by Griffin  63 that some operators known as control operators were typable by the principle of double negation elimination ($\neg \neg A\Rightarrow A$), a principle that enables classical reasoning.

Control operators are used to jump from one location of a program to another. They were first considered in the 60's by Landin  79 and Reynolds  85 and started to be studied in an abstract way in the 80's by Felleisen et al  59, leading to Parigot's $\lambda \mu$-calculus  84, a reference calculus that is in close Curry-Howard correspondence with classical natural deduction. In this respect, control operators are fundamental pieces to establish a full connection between proofs and programs.

3.4.2 Sequent calculus

The Curry-Howard interpretation of sequent calculus started to be investigated at the beginning of the 90's. The main technicality of sequent calculus is the presence of left introduction inference rules, for which two kinds of interpretations are applicable. The first approach interprets left introduction rules as construction rules for a language of patterns but it does not really address the problem of the interpretation of the implication connective. The second approach, started in 1994, interprets left introduction rules as evaluation context formation rules. This line of work led in 2000 to the design by Hugo Herbelin and Pierre-Louis Curien of a symmetric calculus exhibiting deep dualities between the notion of programs and evaluation contexts and between the standard notions of call-by-name and call-by-value evaluation semantics.

3.4.3 Abstract machines

Abstract machines came as an intermediate evaluation device, between high-level programming languages and the computer microprocessor. The typical reference for call-by-value evaluation of $\lambda$-calculus is Landin's SECD machine  80 and Krivine's abstract machine for call-by-name evaluation  76, 75. A typical abstract machine manipulates a state that consists of a program in some environment of bindings and some evaluation context traditionally encoded into a “stack”.

3.4.4 Delimited control

Delimited control extends the expressiveness of control operators with effects: the fundamental result here is a completeness result by Filinski  60: any side-effect expressible in monadic style (and this covers references, exceptions, states, dynamic bindings, ...) can be simulated in $\lambda$-calculus equipped with delimited control.

3.5.1 Higher-dimensional algebra

Like ordinary categories, higher-dimensional categorical structures originate in algebraic topology. Indeed, $\infty$-groupoids have been initially considered as a unified point of view for all the information contained in the homotopy groups of a topological space $X$: the fundamental $\infty$-groupoid$\Pi \left(X\right)$ of $X$ contains the elements of $X$ as 0-dimensional cells, continuous paths in $X$ as 1-cells, homotopies between continuous paths as 2-cells, and so on. This point of view translates a topological problem (to determine if two given spaces $X$ and $Y$ are homotopically equivalent) into an algebraic problem (to determine if the fundamental groupoids $\Pi \left(X\right)$ and $\Pi \left(Y\right)$ are equivalent).

In the last decades, the importance of higher-dimensional categories has grown fast, mainly with the new trend of categorification that currently touches algebra and the surrounding fields of mathematics. Categorification is an informal process that consists in the study of higher-dimensional versions of known algebraic objects (such as higher Lie algebras in mathematical physics 43) and/or of “weakened” versions of those objects, where equations hold only up to suitable equivalences (such as weak actions of monoids and groups in representation theory 57).

The categorification process has also reached logic, with the introduction of homotopy type theory. After a preliminary result that had identified categorical structures in type theory 72, it has been observed recently that the so-called “identity types” are naturally equiped with a structure of $\infty$-groupoid: the 1-cells are the proofs of equality, the 2-cells are the proofs of equality between proofs of equality, and so on. The striking resemblance with the fundamental $\infty$-groupoid of a topological space led to the conjecture that homotopy type theory could serve as a replacement of set theory as a foundational language for different fields of mathematics, and homotopical algebra in particular.

3.5.2 Higher-dimensional rewriting

Higher-dimensional categories are algebraic structures that contain, in essence, computational aspects. This has been recognised by Street 89, and independently by Burroni 49, when they have introduced the concept of computad or polygraph as combinatorial descriptions of higher categories. Those are directed presentations of higher-dimensional categories, generalising word and term rewriting systems.

In the recent years, the algebraic structure of polygraph has led to a new theory of rewriting, called higher-dimensional rewriting, as a unifying point of view for usual rewriting paradigms, namely abstract, word and term rewriting 78, 81, 68, 69, and beyond: Petri nets 71 and formal proofs of classical and linear logic have been expressed in this framework 70. Higher-dimensional rewriting has developed its own methods to analyse computational properties of polygraphs, using in particular algebraic tools such as derivations to prove termination, which in turn led to new tools for complexity analysis 46.

3.5.3 Squier theory

The homotopical properties of higher categories, as studied in mathematics, are in fact deeply related to the computational properties of their polygraphic presentations. This connection has its roots in a tradition of using rewriting-like methods in algebra, and more specifically in the works of Anick 40 and Squier 88, 87: Squier has proved that, if a monoid $M$ can be presented by a finite, terminating and confluent rewriting system, then its third integral homology group $H_3(M,\mathbb{Z})$ is finitely generated and the monoid $M$ has finite derivation type (a property of homotopical nature). This allowed him to conclude that finite convergent rewriting systems were not a universal solution to decide the word problem of finitely generated monoids. Since then, Yves Guiraud and Philippe Malbos have shown that this connection was part of a deeper unified theory when formulated in the higher-dimensional setting 11, 12, 66, 67, 65.

In particular, the computational content of Squier's proof has led to a constructive methodology to produce, from a convergent presentation, coherent presentations and polygraphic resolutions of algebraic structures, such as monoids 11 and algebras 10. A coherent presentation of a monoid $M$ is a 3-dimensional combinatorial object that contains not only a presentation of $M$ (generators and relations), but also higher-dimensional cells, corresponding each to two fundamentally different proofs of the same equality: this is, in essence, the same as the proofs of equality of proofs of equality in homotopy type theory. When this process of “unfolding” proofs of equalities is pursued in every dimension, one gets a polygraphic resolution of the starting monoid $M$. This object has the following desirable qualities: it is free and homotopically equivalent to $M$ (in the canonical model structure of higher categories 77, 41). A polygraphic resolution of an algebraic object $X$ is a faithful formalisation of $X$ on which one can perform computations, such as homotopical or homological invariants of $X$. In particular, this has led to new algorithms and proofs in representation theory 8, and in homological algebra 6410. See 13 for a summary of these results.

7.1.1 Coq

• Name:
  The Coq Proof Assistant
• Keywords:
  Proof, Certification, Formalisation
• Scientific Description:
  Coq is an interactive proof assistant based on the Calculus of (Co-)Inductive Constructions, extended with universe polymorphism. This type theory features inductive and co-inductive families, an impredicative sort and a hierarchy of predicative universes, making it a very expressive logic. The calculus allows to formalize both general mathematics and computer programs, ranging from theories of finite structures to abstract algebra and categories to programming language metatheory and compiler verification. Coq is organised as a (relatively small) kernel including efficient conversion tests on which are built a set of higher-level layers: a powerful proof engine and unification algorithm, various tactics/decision procedures, a transactional document model and, at the very top an integrated development environment (IDE).
• Functional Description:
  Coq provides both a dependently-typed functional programming language and a logical formalism, which, altogether, support the formalisation of mathematical theories and the specification and certification of properties of programs. Coq also provides a large and extensible set of automatic or semi-automatic proof methods. Coq's programs are extractible to OCaml, Haskell, Scheme, ...
• Release Contributions:

  Coq version 8.16 integrates changes to the Coq kernel and performance improvements along with a few new features. We highlight some of the most impactful changes here:

  The guard checker (see Guarded) now ensures strong normalization under any reduction strategy.

  Irrelevant terms (in the SProp sort) are now squashed to a dummy value during conversion, fixing a subject reduction issue and making proof conversion faster.

  Introduction of reversible coercions, which allow coercions relying on meta-level resolution such as type-classes or canonical structures. Also allow coercions that do not fullfill the uniform inheritance condition.

  Generalized rewriting support for rewriting with Type-valued relations and in Type contexts, using the Classes.CMorphisms library.

  Added the boolean equality scheme command for decidable inductive types.

  Added a Print Notation command.

  Incompatibilities in name generation for Program obligations, eauto treatment of tactic failure levels, use of ident in notations, parsing of module expressions.

  Standard library reorganization and deprecations.

  Improve the treatment of standard library numbers by Extraction.

  See https://coq.inria.fr/refman/changes.html#version-8-16 for a detailed changelog.

• News of the Year:
  Coq version 8.16 integrates changes to the Coq kernel and performance improvements along with a few new features. See the detailed changes at https://coq.inria.fr/refman/changes.html#version-8-16 for an overview of the new features and changes, along with the full list of contributors.
• URL:
  http://­coq.­inria.­fr/
• Contact:
  Matthieu Sozeau
• Participants:
  Yves Bertot, Frederic Besson, Tej Chajed, Cyril Cohen, Pierre Corbineau, Pierre Courtieu, Maxime Denes, Jim Fehrle, Julien Forest, Emilio Jesús Gallego Arias, Gaetan Gilbert, Georges Gonthier, Benjamin Grégoire, Jason Gross, Hugo Herbelin, Vincent Laporte, Olivier Laurent, Assia Mahboubi, Kenji Maillard, Érik Martin-Dorel, Guillaume Melquiond, Pierre-Marie Pedrot, Clément Pit-Claudel, Kazuhiko Sakaguchi, Vincent Semeria, Michael Soegtrop, Arnaud Spiwack, Matthieu Sozeau, Enrico Tassi, Laurent Théry, Anton Trunov, Li-Yao Xia, Theo Zimmermann, Gaetan Gilbert
• Partners:
  CNRS, Université Paris-Sud, ENS Lyon, Université Paris-Diderot

7.1.2 Rewr

• Name:
  Rewriting methods in algebra
• Keywords:
  Computer algebra system (CAS), Rewriting systems, Algebra
• Functional Description:
  Rewr is a prototype of computer algebra system, using rewriting methods to compute resolutions and homotopical invariants of monoids. The library implements various classical constructions of rewriting theory (such as completion), improved by experimental features coming from Garside theory, and allows homotopical algebra computations based on Squier theory. Specific functionalities have been developed for usual classes of monoids, such as Artin monoids and plactic monoids.
• URL:
  https://­www.­imj-prg.­fr/­~yves.­guiraud/­programmes/­rewr
• Publications:
  hal-00326974, hal-00531242, hal-00682233, hal-00818253, hal-00932845, hal-01141226
• Contact:
  Yves Guiraud
• Participants:
  Yves Guiraud, Samuel Mimram

7.1.3 Catex

• Keywords:
  LaTeX, String diagram, Algebra
• Functional Description:
  Catex is a Latex package and an external tool to typeset string diagrams easily from their algebraic expression. Catex works similarly to Bibtex.
• URL:
  https://­www.­imj-prg.­fr/­~yves.­guiraud/­programmes/­catex
• Contact:
  Yves Guiraud
• Participant:
  Yves Guiraud

7.1.4 Cox

• Keywords:
  Computer algebra system (CAS), Rewriting systems, Algebra
• Functional Description:
  Cox is a Python library for the computation of coherent presentations of Artin monoids, with experimental features to compute the lower dimensions of the Salvetti complex.
• URL:
  https://­www.­imj-prg.­fr/­~yves.­guiraud/­programmes/­cox
• Publications:
  hal-00682233, hal-00818253
• Contact:
  Yves Guiraud
• Participant:
  Yves Guiraud

7.1.5 coqbot

• Keywords:
  Web API, Automation, Software engineering
• Functional Description:

  This software is a bot to help and automatize the development of the Coq proof assistant on the GitHub platform. It is written in OCaml and provides numerous features: synchronization between GitHub and GitLab to allow the use of GitLab for automatic testing (continuous integration), management of milestones on issues, management of the backporting process, merging of pull request upon request by maintainers, etc.

  Most of the features are used only for the development of Coq, but the synchronization with GitLab feature is also used in dozens of independent projects.

• Release Contributions:

  The Julien Coolen's internship final release.

  Added

  Integrate with Jason Gross' coq-bug-minimizer tool. Merge a branch in the coq repository if some conditions are met, by writing @coqbot: merge now in a comment. Parameterize the bot with a configuration file. Installation as a GitHub App is supported. Report CI status checks with the Checks API when using the GitHub app. Report errors of jobs in allow failure mode when the Checks API is used.

  Changed

  Refactored the architecture of the application and of the bot-components library Always create a merge commit when pushing to GitLab. More informative bot merge commit title for GitLab CI.

• URL:
  https://­github.­com/­coq/­bot/
• Contact:
  Theo Zimmermann

7.1.6 jsCoq

• Keywords:
  Coq, Program verification, Interactive, Formal concept analysis, Proof assistant, Ocaml, Education, JavaScript
• Functional Description:
  jsCoq is an Online Integrated Development Environment for the Coq proof assistant and runs in your browser! It aims to enable new UI/interaction possibilities and to improve the accessibility of the Coq platform itself.
• Release Contributions:
  - Port to Coq 8.14 - Improved packaging system for libraries - Improved display and interaction - Settings panel
• URL:
  https://­github.­com/­ejgallego/­jscoq
• Publication:
  hal-01425752
• Contact:
  Emilio Jesus Gallego Arias
• Participants:
  Emilio Jesus Gallego Arias, Shachar Itzhaky
• Partners:
  Mines ParisTech, Technion, Israel Institute of Technology

7.1.7 coq-serapi

• Keywords:
  Interaction, Coq, Ocaml, Data centric, User Interfaces, GUI (Graphical User Interface), Toolkit
• Scientific Description:
  SerAPI is a library for machine-to-machine interaction with the Coq proof assistant, with particular emphasis on applications in IDEs, code analysis tools, and machine learning. SerAPI provides automatic serialization of Coq's internal OCaml datatypes from/to JSON or S-expressions (sexps).
• Functional Description:
  SerAPI is a library for machine-to-machine interaction with the Coq proof assistant, with particular emphasis on applications in IDEs, code analysis tools, and machine learning. SerAPI provides automatic serialization of Coq's internal OCaml datatypes from/to JSON or S-expressions (sexps).
• Release Contributions:
  - Support for Coq 8.15 -
• News of the Year:
  In 2021, SerAPI has seen a sizable increase of users, and many bugs and improvements have been made in response to users requests. Also, SerAPI has been updated to support Coq 8.13, 8.14, and 8.15 versions.
• URL:
  https://­github.­com/­ejgallego/­coq-serapi
• Publication:
  hal-01384408
• Contact:
  Emilio Jesus Gallego Arias
• Participants:
  Karl Palmskog, Theo Zimmermann, Shachar Itzhaky, Jason Gross
• Partner:
  KTH Royal Institute of Technology

7.1.8 pyCoq

• Keywords:
  Coq, Python
• Functional Description:
  PyCoq is a set of bindings and libraries allowing to interact with the Coq interactive proof assistant from inside Python 3.
• Release Contributions:
  Initial release
• URL:
  https://­github.­com/­ejgallego/­pycoq
• Contact:
  Emilio Jesus Gallego Arias
• Participant:
  Thierry Martinez

8.1.1 An analysis of the constructive content of Henkin's proof of Gödel's completeness theorem

Together with Ilik, Herbelin submitted a paper analyzing the constructive content of Henkin's proof of Gödel's completeness theorem

Gödel’s completeness theorem for classical first-order logic is one of the most basic theorems of logic and Henkin's proof method is probably the most widely taught. Central to any foundational course in logic, it connects the notion of valid formula to the notion of provable formula. In this paper, they survey a few standard formulations and proofs of this completeness theorem before focusing on the formal description of a slight modification of Henkin’s proof within intuitionistic second-order arithmetic.

In the context of the completeness of intuitionistic logic with respect to various semantics such as Kripke or Beth semantics, it is standard to follow the Curry-Howard correspondence and to interpret the proofs of completeness as programs which turn proofs of validity for these semantics into proofs of derivability. They apply this approach to Henkin’s proof to phrase it as a program which transforms any proof of validity with respect to Tarski semantics into a proof of derivability. This sheds an “effective” light on the relation between Tarski semantics and syntax: proofs of validity are syntactic objects that we can manipulate and compute with, just like ordinary syntax.

8.1.2 Differentials and distances in probabilistic coherence spaces

Ehrhard published a paper developing the differential aspects of probabilistic coherence spaces, a denotational model of Linear Logic which provides a faithful account of stochastic programs. In this model programs are represented as analytic functions which can be written as powerseries with non-negative coefficients and such functions can be deriveted an arbitrary number of times, whatever be their type. Thomas Ehrhard explored two related applications of the corresponding derivatives. First he showed how derivatives allow to compute the expectation of execution time in the weak head reduction of probabilistic PCF (pPCF). Next he applied a general notion of “local” differential of morphisms to the proof of a Lipschitz property of these morphisms allowing in turn to relate the observational distance on pPCF terms to a distance the model is naturally equipped with. This suggests that extending probabilistic programming languages with derivatives, in the spirit of the differential lambda-calculus, could be quite meaningful.

In more recent developments, currently submitted  58, Ehrhard has developed a categorical and syntactical framework for such differential models of Linear Logic, where addition is only partially defined: the fundamental observation is that, even if the differential calculus requires addition as it is well known, one does not need all of them and many models of Linear Logic feature enough additions for hosting a fully-fledged differential calculus. This shows that, contrarily to what was believed earlier, differential Linear Logic and the differential lambda-calculus are compatible with deterministic computations.

8.1.3 Layered and Object-Based Game Semantics

Large-scale software verification relies critically on the use of compositional languages, semantic models, specifications, and verification techniques. In collaboration with Zhong Shao's CertiKOS group (Yale) and Léo Stefanesco (MPI Kaiserslautern), Melliès has developed 23 a layered and object-based game semantics based on coherence spaces. In the resulting game semantics of low-level concurrent code, every program is interpreted as a concurrent and possibly non-deterministic strategy connecting an underlay signature to an overlay signature. The interpretation of the low-level code relies on a non-commutative form $A\mapsto †A$ of the exponential modality of Linear Logic, equipped with permutations in order to encode concurrency, revisiting an idea promoted by Uday Reddy in the 1990s. After formulating layer implementations as regular maps between object spaces, a notion of concurrent object space is designed, where sequential traces may be identified modulo permutation of independent operations. As illustrated by a ticket lock implementation, the model is used to express protected shared object concurrency, in a simple model based on regular maps between concurrent object spaces. This work aims at developing a compositional model for certified abstraction layers which can be used to build certified heterogeneous systems such as CertiKOS, taking advantage of the compositionality principles of denotational semantics.

8.1.4 Tracking Redexes in the Lambda Calculus

Levy wrote a book chapter36 to be published in 202 in which he reviews notions of residuals of redexes to keep track of redexes along reductions in the lambda calculus and families of redexes keep track of redexes created along these reductions. He discusses how their relation to a labeled-calculus and extends these properties to combinatory logic, term rewriting systems, process calculi and proofnets of linear logic.

8.1.5 Controlling sequentialization in proof nets

In a collaboration with Aurore Alcolei and Luc Pellissier, Alexis Saurin internalised the notion of jumps of linear logic proof-nets (which can be used as an alternative to boxes) in a slight extension of MLL. Jumps which have been extensively studied by Faggian and di Giamberardino (building on prior work by Curien and Faggian on L-nets) can express intermediate degrees of sequentialization between a sequent calculus proof and a fully desequentialized proof-net. In this still ongoing work, Alcolei, Pellissier and Saurin analyzed the logical strength of jumps by internalizing them in an extention of MLL where axioms on a specific formula introduce constraints on the possible sequentializations. The jumping formula needs to be treated non-linearly, which they do either axiomatically, or by embedding it in a very controlled fragment of multiplicative-exponential linear logic, uncovering the exponential logic of sequentialization.

8.1.6 Algebraic Logic Programming

Emilio J. Gallego Arias and Jim Lipton continued work on algebraic models of proof search, in particular they have developed a notion of step-indexed tabular alegory which provides an improved semantic setting for the proof search machine developed in Gallego's PhD.

Jim Lipton visited the team in the summer 2022.

8.2.1 Proof theory of non-wellfounded and circular proofs

8.2.2 On the semantics of finitary and non-wellfounded proofs

8.2.3 Quantum programming languages with inductive and coinductive types

Chardonnet's PhD research focuses on extending quantum programming languages with inductive and coinductive types, under the hypothesis of quantum control (as in QML  39 compared to classical control). In 2021, Chardonnet, Saurin and Valiron developed their work on a language of type isomorphisms with inductive and coinductive types and understanding the connections of those reversible programs with $\mu MALL$ type isomorphisms and more specifically with $\mu MALL$ focused circular proof isomorphisms. In particular, they studied the expressiveness of a restricted validity condition for a class of type isomorphisms, relating it with the class of recursive primitive permutations by Paolini, Piccolo and Roversi. A preliminary version was presented in TLLA 2021. The extended new version will be published in CSL'23 33.

8.3.1 Coherent presentations of monoids

The work of Alen Đurić, Pierre-Louis Curien and Yves Guiraud on coherent presentations of monoids admitting a Garside family has been submitted, and presented at the workshop “Braids and beyond" held in memory of Patrick Dehornoy in September 2021 22.

8.3.2 Polygraphs and opetopes

Pierre-Louis Curien has found a new, elementary, proof of the isomorphism between many-to-one polygraphs on one hand, and opetopic sets on the other hand. This result had been proved quite indirectly by Harnik, Makkai, and Zawadowski in 2008. A more direct proof was given by Cédric Ho Tanh (former student of the team) in his PhD thesis (2019), with a reference to some results of Simon Henry. The new proof is entirely self-contained, and, more importantly, unveils invariants of the polygraphic syntax. It will be presented at the 2022 Workshop on Polynomial Functors to be held in April 2022 at the Topos Institute (virtually).

8.4.1 Dependent pattern-matching

Thierry Martinez carried on full time the implementation of a dependent pattern-matching compilation algorithm in Coq based on the PhD thesis work of Pierre Boutillier and on the internship work of Meven Bertrand. Together with Meven Bertrand and Hugo Herbelin, they almost reached the point of submitting a paper describing the implementation.

8.4.2 Software engineering aspects of the development of Coq

Théo Zimmermann was recruited in January 2020 on a three-year fixed term position to contribute both to the collaborative maintenance and evolution effort around Coq and its community, and to further investigate these software engineering aspects through empirical methods.

Théo Zimmermann is the initial author and main maintainer of coqbot, the bot used for everyday maintenance tasks in the Coq project. During the CoqDev project, the bot has been signicantly improved and has received contributions from Coq developers (Jason Gross, Pierre-Marie Pédrot, Gaetan Gilbert and Ali Caglayan more recently) as well as an intern that Théo Zimmermann supervised in 2020 (Julien Coolen, funded through the CoqDev project, now an engineer at Nomadic Labs). This has allowed to add many new features, in particular related to pull request testing and management (merging approved pull requests, closing stale pull requests, continuous integration with a reduced or extended suite of tests, including many external projects, etc.). The team published a paper about the followed approach 24 in IEEE Software (2022). The article describes some main features of the bot and the design choices that were made and how these design choices help with the maintenance and the evolution of the bot, by making it easier to adapt the bot to new use cases and to involve Coq contributors in the bot development.

Théo Zimmermann has also collaborated with Jason Gross (from MIT CSAIL) on integrating the bug minimizer created by Jason Gross in Coq's CI infrastructure, by relying on coqbot. This has allowed coqbot to automatically propose to produce reduced test cases for compatibility issues detected on external Coq projects by the continuous integration system, thus making it easier to understand what the compatibility issues are, when modifying Coq. Furthermore, this has allowed to conduct the first empirical evaluation of the bug minimizer and to improve it further based on the issues detected during this evaluation. They published their work, 28 at ITP 2022. This is the first formal publication on the bug minimizer itself.

Théo Zimmermann supervised in June 2021 the internship of Jérémy Damour, who was tasked with several contributions to the Hydras & Co. project of Pierre Castéran. This work resulted in a publication at the national conference JFLA 2022 30.

Finally, Théo Zimmermann has coordinated an ad hoc working group to prepare and then analyze the Coq Community Survey. The survey was held in February 2022 and received 466 responses. It allowed to get an up-to-date picture of the Coq community and feedback on which to base future development decisions. Since the survey, the working group has been processing the responses and publishing partial results in the form of blog posts and a presentation at the Coq workshop by Ana Borges. Emilio J. Gallego Arias took an active part in this working group.

8.4.3 Software infrastructure and Tools

Emilio J. Gallego Arias continued work on revamping Coq's build system as to implement a workflow based on the state-of-the-art, industrial build system Dune. Many improvements were made including porting the OCaml parts of Coq to Dune, which allowed the team to remove large parts of custom build code, and with Ali Caglayan, Coq's test suite was made incremental. Additionally, Emilio J. Gallego Arias coordinated the release of Dune version 2.9. Many other improvements as to make Coq more modular and better prepared for upcoming incremental and multi-threaded type-checking were also made.

Hugo Herbelin, Emilio J. Gallego Arias and Théo Zimmermann, helped by members from Gallinette (Nantes) and Stamp (ex-Marelle, Sophia-Antipolis), devoted an important part of their time to coordinate the development, to review propositions of extensions of Coq from external and/or young contributors, and to propose themselves extensions, amounting to hundreths of proposals in the form of pull requests. Moreover, we organized a beginner-focused community Hackathon in early 2022, including a diversity session, with peak attendance of over 100 contributors. Similar community events are planned later on.

Emilio J. Gallego Arias and Shachar Itzaky continued the development of the education-targeted tool jsCoq, which saw in 2021 5 new releases bringing many new features and refinements, and in particular a new backend that has made us declare the tool "production ready" for the first time.

Emilio J. Gallego Arias also maintained the coq-serapi tool, used in a few labs as the standard communication API with Coq to perform experiments (including machine learning ones). In collaboration with Thierry Martinez, Gallego Arias also released a pyCoq package which is specifically targeted at learning and software engineering researchers using Coq for their experiments.

8.5.1 Lexing and regular expressions in Coq

Pierre Letouzey continued working on a Coq formalisation started with Yann Régis-Gianas, on regular expressions (with complement and conjunction) and their Brzozowski derivatives. Many techniques have been attempted to prove correct the exact details used in a real-world implementation (ml-ulex), but a complete proof of this implementation is still elusive.

8.5.2 Hofstadter nested recursive functions and Coq

Pierre Letouzey continued this year the study of a family of nested recursive functions proposed by D. Hofstadter in his book “Gödel Escher Bach”. Some earlier conjectures have been proved. In particular, the appearance of a Rauzy fractal during this work is now better understood. The formalization of these proofs are pending, requiring quite some matrix theory and complex polynomials. Another important conjecture states that this family of nested functions is increasing. Despite some progress, this conjecture still lacks a complete proof. More details on this site.

8.5.3 Sensitivity Conjecture in Coq

Daniel de Rauglaudre pursued his formalization in Coq of the Sensitivity Conjecture (which became a Theorem in 2019 thanks to Hao Huang  74). The sensitivity conjecture remained an open-problem for more than thirty years, aiming to relate the sensitivity of a Boolean function results to its input values to other complexity measures of Boolean functions, such as block sensitivity. De Rauglaudre started to formalize Huang's very succinct proof of the conjecture.

For proving some lemmas in this theorem, numerous formalizations in Linear Algebra (matrices, determinants, eigenvalues, permutations, sorting etc.) have been implemented. In this context, a study of algebra of ring-like structures has been started, and some syntax of iterators have been studied and added. This development is available a here.

8.5.4 Proofs of algorithms on graphs

Jean-Jacques Lévy pursues his work about formal proofs of graph algorithms. The goal is to provide computer-checked proofs of algorithms that remain human readable. At ITP 2019  50, they presented an article with Chen Ran, Cyril Cohen, Stephan Merz and Laurent Théry on three different ways of proving such an algorithm in Why3, Coq and Isabelle/HOL. By publishing the entire proofs, they encouraged the community to compare our proofs with the ones possible in other machine-checked proof systems.

Jean-Jacques Lévy now remodels his proof with new versions of Why3 and also plan to compare the existing Coq proof using Mathcomp/ssreflect with a proof using Coq classics. He still works on a proof of implementation of Tarjan SCC algorithm with imperative programming and memory pointers.

8.5.5 Iterated parametricity and semi-cubical sets

Hugo Herbelin and Ramkumar Ramachandra carried on their formalization in Coq of an original dependently-typed construction of semi-cubical sets inspired by the parametricity translation. This continued to highly stressed the limits of Coq, especially in terms of second-order unification, higher-order rewriting, efficiency.

8.5.6 Verified Datalog programs with applications to low-level binary analysis

Emilio J. Gallego Arias continued collaboration with Stefania Dumbrava and Cody Roux on the use of our verified Datalog engine  47 for the analysis of low-level binary code. In particular, using metacoq we have developed a method to translate datalog programs to Coq proof friendly specifications while preserving the semantic correspondence with the verified engine. This allows us to specify analysis as efficient datalog programs, but to prove properties about them using a more convenient native to Coq representation.

8.5.7 Infinitary Proofs and Parity Automaton

Esaïe Bauer, Emilio J. Gallego Arias and Alexis Saurin have started a Coq formalization of infinitary proofs and their validity checking using Parity Automaton. They have started from the proof methodology developed for the the math-comp library, but this particular topic poses many interesting challenges from the point of view of proof engineering, in particular related to the formalization of infinite graphs and automaton in a natural way.

8.5.8 Real-time Digital Signal Processing

Emilio J. Gallego Arias and Pierre Jouvelot presented their work on a formalized synchronous language for linear DSP processors at the FARM 2021 conference (part of ICFP), which was held virtually. The development produced a paper and uses techniques from the programming language literature such as logical relations to prove that every well typed program is linear (in the linear algebra sense). This opens up the door to many other interesting developments which are being discussed now.

8.5.9 Mechanism design

Emilio J. Gallego Arias collaborated with Pierre Jouvelot on the formalized verification of the general Vickrey-Clarke-Groves mechanism (see for example  83) using Coq, designing a Coq-based framework for the specification and refinement of mechanisms, covering classical examples from the literature. This has resulted in a draft 35 already presented as a poster at EC'22 38.

Participants: Emilio Gallego, Hugo Herbelin, Paul-André Melliès, Alexis Saurin, Théo Zimmermann.

10.1.1 Participation in other International Programs

Thomas Ehrhard chairs the french-italian GDRI on Linear Logic which is finishing this year. Paul-André Melliès and Alexis Saurin are also members of the GDRI.

Thomas Ehrhard and Paul-André Melliès are international members of the EPSRC project "Resources in Computation" chaired by Samson Abramsky (UCL) and Anuj Dawar (Cambridge).

Other international visits to the team

11.1.1 Scientific events: organisation

11.1.2 Journal

11.1.3 Invited talks

Paul-André Melliès and Alexis Saurin gave an invited lecture in the linear logic winter school held at CIRM from 24 to 28th january 2022 during the Logic and interaction weeks (CIRM 2022).

Alexis Saurin was an invited speaker at the Logic in Computer Science special session of the Logic Colloquium in Reykjavick (LC 2022), 27th june to 1st july 2022.

11.1.4 Leadership within the scientific community

Alexis Saurin is co-chair of the Scalp working group in GDR-IM (GT Scalp).

11.1.5 Research administration

Alexis Saurin is an elected member in conseil académique de la faculté des sciences de l'Université Paris Cité and of the commission recherche.

Paul-André Melliès is a member of the conseil de laboratoire de l'Institut de Recherche en Informatique Fondamentale (IRIF).

11.2.1 Supervision

11.2.2 Juries

Alexis Saurin was member of comité de sélection MCF for UFR de mathématiques in Université Paris Cité for hiring a MCF in mathematics for research integration to IRIF.

11.3.1 Education

Pierre-Louis Curien taught a course on homotopic algebra and higher categories in LMFI (Logique mathématiques et fondements de l'informatique) second-year Master, Université Paris Cité.

Pierre Letouzey taught a course on Coq in LMFI (Logique mathématiques et fondements de l'informatique) second-year Master, Université Paris Cité.

Alexis Saurin taught a lecture on Second-order quantification and fixed-points in logic in LMFI (Logique mathématiques et fondements de l'informatique) second-year master, Université Paris Cité.

Hugo Herbelin and Paul-André Melliès taught a course on homotopy type theory in LMFI (Logique mathématiques et fondements de l'informatique) second-year Master, Université Paris Cité.

Together with Michele Pagani (IRIF), Paul-André Melliès and Thomas Ehrhard taught a course on denotational semantics and linear logic at MPRI (Master Parisien de Recherche en Informatique) second-year Master, Université Paris Cité.

Paul-André Melliès taught a course on lambda-calculus and categories at MPRI (Master Parisien de Recherche en Informatique) first-year Master, at ENS Paris (Ecole Normale Supérieure).

International journals

• 22 articleP.-L.Pierre-Louis Curien, A.Alen Ðurić and Y.Yves Guiraud. Coherent presentations of monoids with a right-noetherian Garside family.Journal of Homotopy and Related Structures182023, 115-152
  HALDOIback to text
• 23 articleA.Arthur Oliveira Vale, P.-A.Paul-André Melliès, Z.Zhong Shao, J.Jérémie Koenig and L.Léo Stefanesco. Layered and Object-Based Game Semantics *.Proceedings of the ACM on Programming LanguagesJanuary 2022
  HALDOIback to text
• 24 articleT.Théo Zimmermann, J.Julien Coolen, J.Jason Gross, P.-M.Pierre-Marie Pédrot and G.Gaëtan Gilbert. The Advantages of Maintaining a Multitask, Project-Specific Bot: An Experience Report.IEEE SoftwareJune 2022, 2-7
  HALDOIback to text

International peer-reviewed conferences

• 25 inproceedingsD.David Baelde, A.Amina Doumane, D.Denis Kuperberg and A.Alexis Saurin. Bouncing threads for circular and non-wellfounded proofs -- Towards compositionality with circular proofs (Extended version).LICS '22: Proceedings of the 37th Annual ACM/IEEE Symposium on Logic in Computer ScienceLICS '22: Proceedings of the 37th Annual ACM/IEEE Symposium on Logic in Computer ScienceHaifa, IsraelAssociation for Computing Machinery2022
  HALDOIback to text
• 26 inproceedingsA.Anupam Das, A.Abhishek De and A.Alexis Saurin. Decision Problems for Linear Logic with Least and Greatest Fixed Points.7th International Conference on Formal Structures for Computation and Deduction (FSCD 2022)7th International Conference on Formal Structures for Computation and Deduction (FSCD 2022)Haifa, IsraelAugust 2022
  HALDOIback to text
• 27 inproceedingsA.Abhishek De, F.Farzad Jafarrahmani and A.Alexis Saurin. Phase Semantics for Linear Logic with Least and Greatest Fixed Points.FSTTCS 2022 - 42nd IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science250Chennai, IndiaDecember 2022, 35:1--35:23
  HALDOIback to text
• 28 inproceedingsJ.Jason Gross, T.Théo Zimmermann, M.Miraya Poddar-Agrawal and A.Adam Chlipala. Automatic Test-Case Reduction in Proof Assistants: A Case Study in Coq.Leibniz International Proceedings in Informatics (LIPIcs)13th International Conference on Interactive Theorem Proving (ITP 2022)23713th International Conference on Interactive Theorem Proving (ITP 2022)Haifa, IsraelAugust 2022, 18:1--18:18
  HALDOIback to text
• 29 inproceedingsP.-A.Paul-André Melliès. A Functorial Excursion Between Algebraic Geometry and Linear Logic.LICS 2022 : Proceedings of the 37th Annual ACM/IEEE Symposium on Logic in Computer ScienceLICS 2022 - 37th Annual ACM/IEEE Symposium on Logic in Computer ScienceHaifa, IsraelAugust 2022
  HALDOI

Conferences without proceedings

• 30 inproceedingsP.Pierre Castéran, J.Jérémy Damour, K.Karl Palmskog, C.Clément Pit-Claudel and T.Théo Zimmermann. Hydras & Co.: Formalized mathematics in Coq for inspiration and entertainment.Journées Francophones des Langages Applicatifs: JFLA 2022St-Médard d'Excideuil, FranceFebruary 2022
  HALback to text
• 31 inproceedingsP.-A.Paul-André Melliès and N.Noam Zeilberger. Parsing as a lifting problem and the Chomsky-Schützenberger representation theorem.MFPS 2022 - 38th conference on Mathematical Foundations for Programming SemanticsIthaca, NY, United StatesJuly 2022
  HAL
• 32 inproceedingsK.Karl Palmskog, E.Enrico Tassi and T.Théo Zimmermann. Reliably Reproducing Machine-Checked Proofs with the Coq Platform.RRRR 2022 - Workshop on Reproducibility and Replication of Research ResultsMunich, GermanyApril 2022
  HAL

Reports & preprints

• 33 miscK.Kostia Chardonnet, A.Alexis Saurin and B.Benoît Valiron. A Curry-Howard Correspondence for Linear, Reversible Computation.August 2022
  HALback to text
• 34 miscK.Kostia Chardonnet, M.Marc de Visme, B.Benoît Valiron and R.Renaud Vilmart. The Many-Worlds Calculus.August 2022
  HALDOI
• 35 reportP.Pierre Jouvelot and E. J.Emilio Jesús Gallego Arias. A Foundational Framework for the Specification and Verification of Mechanism Design.E-458.PDFMINES ParisTech - PSL Research UniversityMay 2022
  HALback to text
• 36 miscJ.-J.Jean-Jacques Levy. Tracking Redexes in the Lambda Calculus.February 2022
  HALback to text

Other scientific publications

• 37 miscA.Ana de Almeida Borges, J.-R.Jean-Rémy Falleri, J.Jim Fehrle, E. J.Emilio Jesús Gallego Arias, É.Érik Martin-Dorel, K.Karl Palmskog, A.Alexander Serebrenik and T.Théo Zimmermann. Coq Community Survey 2022: Summary of Results.Haifa, IsraelAugust 2022
  HAL
• 38 inproceedingsP.Pierre Jouvelot and E. J.Emilio Jesús Gallego Arias. A Foundational Framework for the Specification and Verification of Mechanism Design.EC'22 - Twenty-Third ACM Conference on Economics and ComputationColorado, United StatesJuly 2022
  HALback to text