Section: New Results

Automated Deduction

Participants : Sylvain Conchon, Évelyne Contejean, Jean-Christophe Filliâtre, Mohamed Iguernelala, Stéphane Lescuyer, Claude Marché, Alain Mebsout, Guillaume Melquiond, Xavier Urbain.

Formalization of an efficient SAT-solver

In an attempt to improve automation capabilities in the Coq proof assistant, Conchon and Lescuyer developed a tactic for the propositional fragment based on the DPLL procedure. Although formulas naturally arising in interactive proofs do not require a state-of-the-art SAT solver, the conversion to clausal form required by DPLL can strongly damage the performance of the procedure. In [26] , we have presented a reflexive DPLL algorithm formalized in Coq which outperforms the existing tactics. It is tightly coupled with a lazy CNF conversion scheme which, unlike Tseitin-style approaches, does not disrupt the procedure. This conversion relies on a lazy mechanism which requires slight adaptations of the original DPLL. As far as we know, this is the first formal proof of this mechanism and its Coq implementation raised interesting challenges.

Matching

Arthur Milchior did an undergraduate internship under the supervision of Sylvain Conchon and Jean-Christophe Filliâtre from June to August 2009. He improved a matching algorithm from L. de Moura and N. Bjørner and implemented it in the Alt-Ergo theorem prover [41] . More precisely, the improvement consisted in handling types in the matching compilation to take polymorphism into account. The experimental results showed a 30% speed-up with respect to the current matching implementation.

Integration of associative-commutative symbols in Alt-Ergo

Associative and commutative (AC) symbols are ubiquitous in mathematics and in the modelling of data structures (e.g. multisets). Handling AC via axiomatization, as done in Alt-Ergo before the internship of Iguernelala, is hightly inefficient and incomplete. Iguernelala, together with Conchon and Contejean, has proposed an extension of the congruence closure modulo an arbitrary theory at the core of Alt-Ergo to handle also (arbitrarily used-defined) AC symbols [39] . This extension is integrated to the distributed version of Alt-Ergo and enables, for instance, the combination of AC, linear arithmetics, and the theory of equality (congruence closure).

The Alt-Ergo theorem prover

Based on our experience with the development of Alt-Ergo , we have shown a small number of modifications needed to bring parametric polymorphism to our SMT solver [56] . The first one occurs in the typing module where unification is now necessary for solving polymorphic constraints over types. The second one consists in extending triggers' definition in order to deal with both term and type variables. Last, the matching module must be modified to account for the instantiation of type variables.

Concerning the prover itself, we fully formalized the core decision procedure CC(X) of Alt-Ergo in the Coq proof assistant. Moreover we provided a formal proof of soundness and completeness [71] .

Data structures

S. Conchon and J.-C. Filliâtre generalized an idea present in the work described in [73] , [72] and introduced the new notion of semi-persistence . A data structure is said to be semi-persistent when only the most recent version and its ancestors can be accessed or updated. Making a data structure semi-persistent may improve its time and space complexity. This is of particular interest in backtracking algorithms manipulating persistent data structures, where this property is usually satisfied. In particular, this is the case for the union-find data structure used internally by Alt-Ergo . S. Conchon and J.-C. Filliâtre proposed a proof system to statically check the valid use of semi-persistent data structures. It requires a few annotations from the user and then generates VCs that are automatically discharged by a dedicated decision procedure. An article was presented at ESOP'08  [74] .

Automated proofs and certificates

Coccinelle and CiME's traces

The powerful subterm criterion for termination of term rewriting systems is now part of the certified criteria in CiME\Coccinelle. In addition to providing its first Coq formalisation, É. Contejean, A. Paskevich, and X. Urbain extended the subterm criterion by weakening its premises  [78] . This is a joint work with J. Forest (ENSIIE), P. Courtieu, and O. Pons (CNAM).

To facilitate interactions between other provers and certifying engines, the CiME\Coccinelle team was involved in the definition of a certification problem format (CPF, http://cl-informatik.uibk.ac.at/software/cpf/ ) the major design of which was done in collaboration with the CeTA\IsaFoR group in Innsbruck, and with additional comments from the CoLoR group in Beijin.

Proofs of bounds on real-valued expressions

G. Melquiond has built a library for automatically proving bounds on expressions in the Coq system  [99] , [100] . This library performs automatic differentiation and interval arithmetic (with floating-point bounds). Its purpose is to help the user with the mathematical part of the certification of numerical programs.