Team Gallium

Overall Objectives
Scientific Foundations
Application Domains
New Results
Contracts and Grants with Industry
Other Grants and Activities

Section: New Results

Software-proof codesign

Extending ML with logical assertions

Participants : François Pottier, Yann Régis-Gianas.

François Pottier and Yann Régis-Gianas worked on generalized algebraic data types (GADTs), a modest extension to ML's algebraic data types that enables programmers to attach type equalities to values. From a propositions-as-types perspective, this extension provides a way of encoding and enforcing data structure invariants. The typechecker then plays the role of an automatic theorem prover. Yet, this approach to proving properties of programs has limited expressiveness. In a way, encoding properties of programs into ML types is an abuse of the ML typechecker, which, indeed, was meant to establish safety properties, not to prove more advanced correctness properties.

Realizing this, François Pottier and Yann Régis-Gianas extended ML with an assertion language, enabling programmers to explicitly state the intended properties of data structures and functions in first-order logic. They designed an algorithm that generates proof obligations out of programs. These proof obligations are discharged by a theorem prover such as Simplify. This approach was previously applied by other research groups to imperative and object-oriented languages (cf. ESC/Java, Caduceus, Krakatoa) but never to a functional language. The main issues in integrating logical assertions within a functional language include: finding a language design that facilitates reasoning about higher-order functional programs; and fostering the modular development of certified software components.

Yann Régis-Gianas developed a prototype implementation in order to experiment with several design choices. Several nontrivial algorithms have been proven using this tool, including the OCaml library for balanced binary search trees.

Focal and Zenon

Participants : Damien Doligez, Richard Bonichon, David Delahaye [ CNAM ] , Olivier Hermant [ project Logical and U. Paris 7 ] .

Focal — a joint effort with LIP6 (U. Paris 6) and Cedric (CNAM) — is a programming language and a set of tools for software-proof codesign. The most important feature of the language is an object-oriented module system that supports multiple inheritance, late binding, and parameterisation with respect to data and objects. Within each module, the programmer writes specifications, code, and proofs, which are all treated uniformly by the module system.

Focal proofs are done in a hierarchical language invented by Leslie Lamport [38] . Each leaf of the proof tree is a lemma that must be proved before the proof is detailed enough for verification by Coq. The Focal compiler translates this proof tree into an incomplete proof script. This proof script is then completed by Zenon, the automatic prover provided by Focal. zenon is a tableau-based prover for first-order logic with equality. It is developed by Damien Doligez with the help of David Delahaye (CNAM).

Zenon version 0.4.1 was released in April. A complete overhaul of Zenon was started shortly after this release, and is still in progress. It will enhance the efficiency of Zenon by using the inverse method to find instantiations of universal hypotheses.

Richard Bonichon, in cooperation with Damien Doligez, works on implementing ``deduction modulo'' within the Zenon prover. Deduction modulo adds rewriting systems over terms and propositions to the deduction process. It enables the replacement of deduction steps by computational simplifications, therefore leading to shorter, easier to find proofs. Richard Bonichon defended his PhD thesis in December [10] and published two papers with Olivier Hermant on tableaux methods and deduction modulo [17] , [18] .

Tools for TLA+

Participants : Damien Doligez, Leslie Lamport [ Microsoft Research ] , Stephan Merz [ project Mosel ] , Georges Gonthier [ Microsoft Research ] .

Damien Doligez is head of the ``Tools for Proofs'' team in the new Microsoft-INRIA Joint Center. The aim of this team is to extend the TLA+ language with a formal language for hierarchical proofs, formalizing the ideas in [38] , and to build tools for writing TLA+ specifications and mechanically checking the corresponding formal proofs.

This project was started in June. At this time, it has made internal progress on the design of the proof language and the architecture of the tools. In the long term, it aims at producing a development environment specialized for TLA+, with seamless integration of both Zenon and the Isabelle proof assistant.


Logo Inria