Section: New Results
Tools for proof environments
Gröbner bases
Participants : Loïc Pottier, Benjamin Grégoire, Laurent Théry.
To prove automatically polynomial equalities in Coq via the nullstellensatz theorem of Hilbert, we wrote a tactic that computes Gröbner bases, called gb , and tested it extensively on geometrical examples. After that, we remarked that the computation of the whole Gröbner basis was not necessary. We obtained a much more efficient tactic, which is able to prove state-of-the art geometrical theorems, like Pappus and Desargues. This work is part of our ANR funded Galapagos project.
Coq normalization
Participants : Loïc Pottier, Benjamin Grégoire.
In order to increase speed of computations in Coq, we reused a work on extraction done in 1998, to produce ocaml code from Coq terms. Using native compilation, this code produces the normal form of the term. The problem is then to lift the result in Coq, which has been done using the techniques developped in the VM of Coq. Experimental times on several big examples were good, not so far from times obtained by native compilation of extracted terms. We then concentrated on terms that normalize on pure inductive terms, as only needed by reflexive techniques, and began to develop a compiler from Coq to C. Experiments on examples are promising: computation times can be divided by 4.
Geometric proof environment
Participants : Yves Bertot, Tuan Minh Pham, Frédérique Guilhot.
To develop interactive proofs in geometry with a good feedback on the geometric figures, we developed a hybrid proof environment including the GeoGebra tool, a mainstream dynamic geometry tool, Coq, and Pcoq. This hybrid system makes it easy to integrate many functionalities for efficient man-machine interaction. In particular, we want to study a facility for fast use of geometric theorems that reuses ideas of proof-by-pointing and automatic computation of dependances as in Geoview, a previous experiment developed in our team.
Satisfiability in Coq
Participants : Michaël Armand, Benjamin Grégoire, Laurent Théry.
We have integrated state of the art procedures to perform boolean satisfiability checking inside Coq. We followed two different paths. In the first one, we directly programmed the standard DPLL algorithm inside Coq. This gave us a way to perform satisfiability by reflection. In the second one, we took advantage of the capability of a Sat solver like zchaff or minisat to produce a log of their run in terms of resolution traces and we have implemented a certified version of a trace checker. We tested boolean Gröbner bases on Sat test problems, because certificates are easy to obtain with this tool. Unfortunately, this technique is not powerful enough on the test corpus.
WP plugin for Frama-C framework
Participants : Anne Pacalet, Guillaume Claret.
Weakest Precondition computation is a way to provide proof obligations that ensures that some given properties of programs hold. This is an old technique, but it is difficult to apply on the C language. The 2009-2011 objective is to develop, together with the CEA, a WP plugin for the C static analysis framework Frama-C. Our aim is to provide several memory models in order to adapt the abstraction level of the verification. During 2009, we managed to develop a generic engine and two memory models : one that is very abstract but only applies to few programs, and another low level one that can apply only to small sequences. Both are correct, but the challenge is then either to find an intermediate model or to make the two existing models collaborate, in order to be able to process real applications. In parallel to the tool development, we tried to formalize some parts of the models using the COQ proof assistant to check the correctness of new ideas.
Certification of cryptographic primitives
Participants : Gilles Barthe [ IMDEA Madrid ] , Benjamin Grégoire, Daniel Hedin [ IMDEA Madrid ] , Sylvain Heraud, Santiago Zanella.
CertiCrypt is an automated framework to construct and verify security proofs of cryptographic systems in the computational model. It was the subject of two papers, an overview at Principles of Programming Langages [9] and a paper on Full-Domain Hash Signature at Security and Privacy [8] . We also worked on Zero-Knoweledge Protocols, Full Domain Hash (FDH), Optimal Asymmetric Encryption Padding (OAEP IND-CCA2) and a hash function based on elliptic curves.
In [16] , we extended our earlier work on specification of protcols of classes. We deal with a variant of generic classes and multithreaded classes. Because little support currently exists to help writing method contracts, our technique helps programmers to check their contracts early in the development process.
In [5] , we extend our earlier work on specifications of iterators with separation logic contracts. We present examples of iterator clients and implementations and proofs that they adhere to the iterator protocol.
In [14] , we describe an algorithm to disprove entailment between separation logic formulas. This is of interest wherever entailment checking is performed (such as in program verifiers). Our algorithm has been implemented and verified in Coq.
In [15] , we show how, given a program and its separation logic proof, one can parallelize and optimize this program and transform its proof simultaneously to obtain a proven parallelized and optimized program (using the éterlou program, in the tom rewriting framework). A longer version of this publication appeared in technical report 6806 [21] .
