## Section: New Results

### Tools for proof environments

#### Gröbner bases

Participants : Loïc Pottier, Benjamin Grégoire, Laurent Théry.

To prove automatically polynomial equalities in Coq via the
nullstellensatz theorem of Hilbert, we wrote a tactic that computes
Gröbner bases, called `gb` , and tested it extensively on
geometrical examples. After that, we remarked that the computation of
the whole Gröbner basis was not necessary. We
obtained a much more efficient tactic, which is able to prove
state-of-the art geometrical theorems, like Pappus and Desargues.
This work is part of our ANR funded Galapagos project.

#### Coq normalization

Participants : Loïc Pottier, Benjamin Grégoire.

In order to increase speed of computations in Coq, we reused a work on extraction done in 1998, to produce ocaml code from Coq terms. Using native compilation, this code produces the normal form of the term. The problem is then to lift the result in Coq, which has been done using the techniques developped in the VM of Coq. Experimental times on several big examples were good, not so far from times obtained by native compilation of extracted terms. We then concentrated on terms that normalize on pure inductive terms, as only needed by reflexive techniques, and began to develop a compiler from Coq to C. Experiments on examples are promising: computation times can be divided by 4.

#### Geometric proof environment

Participants : Yves Bertot, Tuan Minh Pham, Frédérique Guilhot.

To develop interactive proofs in geometry with a good feedback on the geometric figures, we developed a hybrid proof environment including the GeoGebra tool, a mainstream dynamic geometry tool, Coq, and Pcoq. This hybrid system makes it easy to integrate many functionalities for efficient man-machine interaction. In particular, we want to study a facility for fast use of geometric theorems that reuses ideas of proof-by-pointing and automatic computation of dependances as in Geoview, a previous experiment developed in our team.

#### Satisfiability in Coq

Participants : Michaël Armand, Benjamin Grégoire, Laurent Théry.

We have integrated state of the art procedures to perform boolean
satisfiability checking inside Coq. We followed two different
paths. In the first one, we directly programmed the standard DPLL
algorithm inside Coq. This gave us a way to perform satisfiability by
reflection. In the second one, we took advantage of the capability of
a Sat solver like `zchaff` or `minisat` to produce a log of their run in
terms of resolution traces and we have implemented a certified version
of a trace checker. We tested boolean Gröbner bases on Sat test
problems, because certificates are easy to obtain with this
tool. Unfortunately, this technique is not powerful enough on the test
corpus.

#### WP plugin for Frama-C framework

Participants : Anne Pacalet, Guillaume Claret.

Weakest Precondition computation is a way to provide proof obligations that ensures that some given properties of programs hold. This is an old technique, but it is difficult to apply on the C language. The 2009-2011 objective is to develop, together with the CEA, a WP plugin for the C static analysis framework Frama-C. Our aim is to provide several memory models in order to adapt the abstraction level of the verification. During 2009, we managed to develop a generic engine and two memory models : one that is very abstract but only applies to few programs, and another low level one that can apply only to small sequences. Both are correct, but the challenge is then either to find an intermediate model or to make the two existing models collaborate, in order to be able to process real applications. In parallel to the tool development, we tried to formalize some parts of the models using the COQ proof assistant to check the correctness of new ideas.

#### Certification of cryptographic primitives

Participants : Gilles Barthe [ IMDEA Madrid ] , Benjamin Grégoire, Daniel Hedin [ IMDEA Madrid ] , Sylvain Heraud, Santiago Zanella.

*CertiCrypt* is an automated framework to construct and verify
security proofs of cryptographic systems in the computational
model. It was the subject of two papers, an overview
at Principles of Programming
Langages [9] and a paper on
Full-Domain Hash Signature at Security and Privacy
[8] . We also worked on Zero-Knoweledge Protocols,
Full Domain Hash (FDH), Optimal Asymmetric Encryption Padding (OAEP IND-CCA2)
and a hash function based on elliptic curves.

In [16] , we extended our earlier work on specification of protcols of classes. We deal with a variant of generic classes and multithreaded classes. Because little support currently exists to help writing method contracts, our technique helps programmers to check their contracts early in the development process.

In [5] , we extend our earlier work on specifications of iterators with separation logic contracts. We present examples of iterator clients and implementations and proofs that they adhere to the iterator protocol.

In [14] , we describe an algorithm to disprove entailment between separation logic formulas. This is of interest wherever entailment checking is performed (such as in program verifiers). Our algorithm has been implemented and verified in Coq.

In [15] , we show how, given a program and its separation logic proof, one can parallelize and optimize this program and transform its proof simultaneously to obtain a proven parallelized and optimized program (using the éterlou program, in the tom rewriting framework). A longer version of this publication appeared in technical report 6806 [21] .