We want to concentrate on the development of mathematical libraries for theorem proving tools. This objective contributes to two main areas of application: tools for mathematicians and correctness verification tools for software dealing with numerical computation.

In the short term, we aim for mathematical libraries that concern polynomials, algebra, group theory, floating point numbers, real numbers, big integers, probabilities and geometrical objects. In the long run, we think that this will involve any function that may be of use in embedded software for automatics or robotics (in what is called hybrid systems, systems that contain both software and physical components) and in cryptographical systems. We want to integrate these libraries in theorem proving tools because we believe they will become important tools for mathematical practice and for engineers who need to prove the correctness of their algorithms and software.

We believe that theorem proving tools are good tools to produce highly dependable software, because they provide a framework where algorithms and specifications can be studied uniformly and often provide means to mechanically derive programs that are correct by construction.

Mathematical knowledge can also be made concrete in the form of decision procedures, often of the form of “satisfiability modulo theory” which can be connected to theorem proving tools in a way that preserves the trustability of the final results.

A major result of our team this year is the IND-CCA proof of cryptographic security of RSA-OAEP, in an effort undertaken mostly by two Marelle researchers and using the Certicrypt tool developed in our team.

A second highlight of the impact of our work is the translation in Chinese of the Coq'Art book, which was a major publication of our team a few years ago.

The calculus of inductive constructions is a branch of type theory that serves as a foundation for theorem proving tools, especially the Coq proof assistant. It is powerful enough to formalize complex mathematics, based on algebraic structures and operations. This is especially important as we want to produce proofs of logical properties for these algebraic structures, a goal that is only marginally addressed in most scientific computation systems.

The calculus of inductive constructions also makes it possible to write algorithms as recursive functional programs, which manipulate tree-like data structures. A third important characteristic of this calculus is that it is also a language for manipulating proofs. All this makes this calculus a tool of choice for our investigations. However, this language is still being improved and part of our work concerns these improvements.

To produce certified algorithms, we use the following approach: instead of attempting to prove properties of an existing program written in a conventional programming language such as C or Java, we produce new programs in the calculus of constructions whose correctness is an immediate consequence of their construction. This has several advantages. First, we work at a high level of abstraction, independently of the target implementation language. Second, we concentrate on specific characteristics of the algorithm, and abstract away from the rest (for instance, we abstract away from memory management or data implementation strategies). Thus, we are able to address more high-level mathematics and to express more general properties without being overwhelmed by implementation details.

However, this approach also presents a few drawbacks. For instance, the calculus of constructions usually imposes that recursive programs should explicitly terminate for all inputs. For some algorithms, we need to use advanced concepts (for instance, well-founded relations) to make the property of termination explicit, and proofs of correctness become especially difficult in this setting.

To bridge the gap between our high-level descriptions of algorithms and conventional programming languages, we also investigate the algorithms that occur when implementing programming languages, for instance algorithms that are used in a compiler or a static analysis tool. For these algorithms, we generally base our work on the semantic description of a language. The properties that we attempt to prove for an algorithm are, for example, that an optimization respects the meaning of programs or that the programs produced are free of some unwanted behavior. In practice, we rely on this study of programming language semantics to propose extensions to theorem proving tools or to participate in the verification that compilers for conventional programming languages are exempt of bugs.

We study how to improve mechanical tools for searching and verifying mathematical proofs so that they become practical for engineers and mathematicians to develop software and formal mathematical theories. There are two complementary objectives. The first is to improve the means of interaction between users and computers, so that the tools become usable by engineers, who have otherwise little interest in proof theory, and by mathematicians, who have little interest in programming or other kinds of formal constraints. The second objective is to make it easier to maintain large formal mathematical developments, so they can be re-used in a wide variety of contexts. Thus, we hope to increase the use of formal methods in software development, both by making it easier for beginners and by making it more efficient for expert users.

For some applications, it is mandatory to build zero-default software. One way to reach this high level of reliability is to develop not only the program, but also a formal proof of its correctness. In the Marelle team, we are interested in certifying algorithms and programs for scientific computing. This is related to algorithms used in industry in the following respects:

Arithmetical hardware in micro-processors,

Arithmetical libraries in embedded software where accuracy is critical (global positioning, transportation, aeronautics),

Verification of geometrical properties for robots (medical robotics),

Verification of probabilities of breaking for cryptographic algorithms,

Fault-tolerant and dependable systems.

We participate in the collaborative research agreement “Mathematical Components” with Microsoft Research. This project aims at evaluating the applicability of a new approach to mathematical proofs called “small-scale reflection”, especially in the domain of finite group theory .

This year, we have consolidated the Phd work of Sidi Ould Biha. The algebraic structures for linear algebra are now part of the main development line of the "Mathematical Components" libraries. In conjunction with some basic notions of representation theory, we have now all the pre-requisite elements for formalising the character theory that is needed for the Feit-Thompson theorem. In particular, we have included special support for finite aspects, for instance finite dimension vector spaces. This work is also supported by the Formath European project.

We completed our work on developing a proving tool that integrates the capabilities of a proof system lik Coq, a proo management interface like Pcoq, and a tool for dynamic geometry manipulation and visualization like GeoGebra. This work was presented at the UITP conference.

We integrated the previous work of F. Guilhot on the formalization of high-school geometry with the work of J. Narboux on the area method for automatic proof in geometry. This also involved removing many of the axioms present in the initial work of Guilhot, where axioms were often used for definitional purposes.

Last we completed our work on describing orientation in geometry proofs.

As part of our collaboration in the Formath European project, we gave a one week course of ssreflect at the university of La Rioja in Logroño, Spain, and we participated in the formalization of “incidence simplicial matrices” in ssreflect. We started working on an article describing this work.

As a contribution to our long term objective of developing a formally verified implementation of cylindrical algebraic decomposition, we studied the proof that the number of alternation in a polynomial's Bernstein coefficients gives an upper bound of the number roots for this polynomial in the corresponding interval. An article describing this work has been submitted for publication and is already available as a pre-print .

The libraries of the project "Mathematical Components" propose a rather complete formalisation of polynomials and matrices. Unfortunately, these objects cannot be used directly for computing. In her internship, Stefania Dumbrava has been working on providing some computational contents to these objects. In particular she has investigated how persistent arrays could be effectively used for this purpose.

The work we did on the formal verification of programs that combine Newton's method and rounding has been summarized in an article that is submitted for publication and is already available as a pre-print .

We have formalized a collection of criteria for the regularity of matrices with interval coefficients taken from the work of Rex and Rohn. This work leads to a publication in a conference and to a chapter in Ioana Pasca's thesis .

The formalization relies on a theorem of mathematics whose proof has yet to be completed: the Perron-Frobenius theorem. The formal verification of this theorem is under way, it implies adding new concepts to the libraries, among which complex numbers, general topology, compacts, etc.

We extended the Calculus of Inductive Constructions with a type-based mechanism for ensuring termination of recursive functions. In we published a preliminary version where only natural numbers are considered. We are currently working on the full version with inductive types which will be part of Jorge Luis Sacchini's Phd thesis.

We integrated the native compiler of the Ocaml language into a scheme for the efficient reduction of terms in the calculus of inductive constructions. On some examples, efficiency gains can reach a tenfold increase in speed. We expect this to have a strong impact on the capability to perform proofs by reflection involving heavy computation in the Coq system.

We completed our work on integrating SAT technology inside Coq. This work has been described in a publication at the conference ITP10 in Edinburgh . Furthermore this serves as a basis for the integration of SMT technology. We are now capable of replaying traces produced by the SMT prover VeriTthat deal with congruence closure. This works is supported by the ANR Decert project.

We completed our work of previous years on Gröbner bases for geometric theorems by publishing a paper .

We extended our formalisation of geometric algebras with some notions of bracket algebras. This lets us derive a reflexive tactic that is capable of proving elementary problems in incidence geometry fully automatically. This work was presented at the conference ADG'2010 in Munich. This work is also supported by the ANR Galapagos project.

We re-wrote and finished the implementation of the tactic “nsatz”, which implements Hilbert’s Nullstellensatz: it proves equations between polynomials from similar hypotheses. It extends the “ring” tactic. “nsatz” is implemented using the “type classes” of the Coq system, and works on integral domains, with specializations on Z, Q and R. This is available in the distributed version of the Coq system (8.3). We plan to extend this work by providing certificates in Coq for Gröbner bases, and other useful computational objects in computer algebra of this kind (dimension, invariants, etc).

We studied normalization of non-commutative polynomials ad exponentials in the Weyl algebra, and found a method of normalization by evaluation which reduces to the commutative case, which is suitable for an easy implementation and proof in Coq. Extension to non-commutative Gröbner bases is planned.

CertiCrypt is a general framework to certify the security of cryptographic primitives in the Coq proof assistant.

We have extended Certicrypt with new techniques allowing to complete the formal proof IND-CCA security of the OAEP padding schemes. The first technique is a logic for bounding the probability of an event in a game. The second technique clarifies the eager/lazy sampling methodology using a logic for swapping program statements. This work was published in .

We completed a machine-checked proof of the security of OAEP (a widely used public-key encryption scheme based on trapdoor permutations) security against adaptive chosen ciphertext attacks under the assumption that the underlying permutation is partial-domain one-way.

We studied Zero-knowledge proofs, which are widely applicable in cryptography, concentrating on -protocols, for which we provide the first compehensive formalization in .

We started work on formalizing a recent proof by Icart and Coron concerning the study of hash function using elliptic curves. This work re-uses our work on Certycript and our previous work on elliptic curves.

Based on our experience with Certicrypt, we have started the development of the tool Easycrypt. The goal of this work is to provide a friendly tool easily usable by cryptographers without knowledge of formal proof assistants. The idea is to use the techniques formally proved in Certycrypt and to call SMT-provers instead of using Coq. We have applied Easycrypt on a variety of academic examples and one bigger example: the proof of IND-CCA security of the Cramer-Shoup cryptosystem.

The drawback of this tool is that it provide less guarantees on the correctness of the proof than Certicrypt. To fill this gap we have started the generation of Coq file allowing to check the validity of Easycrypt proofs.

We collaborate with the CEA to develop Frama-C which is a suite of tools dedicated to the analysis of the source code of software written in C. The 2009-2011 objective is to develop a Weakest Precondition plugin to compute proof obligations that ensures that some given properties of programs hold. The chalenge is to provide several memory model in order adapt the abstraction level of the verification. In 2010, the 2009 results have been improved to add another memory model and to transform the prototype into a more usable tool. In the middle of 2010, we managed to provide an alpha version to selected users, and the first release within Frama-C distribution is planned for December.

We participate in the common laboratory between INRIA and Microsoft Research, in the Collaborative research actions “Mathematical components” and “Secure Distributed Computations and their Proofs”. Other participants in the first collaboration are the INRIA project-teams TYPICAL and PROVAL. The goals are to study finite group theory and efficient arithmetics. In the second collaboration, other participants are the INRIA teams INDES and MOSCOVA. We focus on formal proofs for computational Cryptography.

We collaborate with the CEA to develop Frama-C which is a suite of tools dedicated to the analysis of the source code of software written in C.

We lead the ANR project Galapagos, which started on Nov. 19th 2007. Other participants in this contract are the universities of Strasbourg and Poitiers, the ENSIEE in Evry and the Ecole Normale Supérieure in Lyon. The objective of this contract is to study the formal description of geometric concepts and algorithms.

We participate to the ANR SCALP, which started on January 1st, 2008. Other participants in this contract are DCS-Verimag (Grenoble), Plume-LIP (Lyon), Proval-LRI (Orsay), CPR-Cédric (Cnam, Paris). In this project we focus on the formalization of Cryptography.

We participate to the ANR project DeCert, which started on January 2009. Other participants are CEA List (Paris), LORIA-INRIA (Nancy), Celtique (IRISA Rennes), Proval (LRI Orsay), Typical (INRIA Saclay), Systerel (Aix-en-provence). The objective of the DeCert project is to design an architecture for cooperating decision procedures. To ensure trust in the architecture, the decision procedures will either be proved correct inside a proof assistant or produce proof witnesses allowing external checkers to verify the validity of their answers.

We participate to the ANR project TAMADI, which started in October 2010. Other participants are ARENAIRE-INRIA Rhone-Alpes and the PEQUAN team from University of Paris VI Pierre and Marie Curie. The objective of the TAMADI project is to study question of precision in floating-point arithmetic and to provide formal proofs on this topic.

We participate in the European project Formath, which is a STREP project in the ICT program (grant agreement number 243847). The other participants are the Universities of Göteborg (Sweden, coordinator), Nijmegen (the Netherlands), and La Rioja (Spain) and the Typical group from INRIA Saclay-Île de France. In this project, we concentrate on developing mathematical libraries for algebra, linear algebra, and algebraic topology.

As part of the Formath project, Yves Bertot and Laurence Rideau visited the University of Logroño in Spain in June for a week, where Laurence Rideau gave a course on
`ssreflect`and Yves Bertot developed a small demonstrator for algebraic topology.

Yves Bertot taught at the Asian School of Formal Methods in Beijing in August 2010.

Sylvain Heraud spent three months at AIST in Tokyo, Japan, to collaborate with David Nowak, on formal verification of polynomial time functions used in complexity theory.

Laurence Rideau was one of the organizers of the Conferences on Intelligent Computer Mathematics, which took place in Paris from July 5 to July 10, 2010. This event
federated the conferences
*Artificial Intelligence and Symbolic Computations*,
*Calculemus*,
*Mathematical Knowledge Management*, and the workshops
*Compact Computer Algebra*,
*Digital Mathematical Libraries*,
*Mathematically Intelligent Proof Search*,
*Programming Languages for Mechanized Mathematics Systems*,,
*OpenMath*,
*Symbolic Computation Infrastructure for Europe*.

Yves Bertot organized a one-day Coq Workshop in July in Edinburgh .

Members of the project-team participated in program committees for UITP, PAR, LFMTP, Coq-workshop, SAC-SVT, and for the Journals JAR (Journal of Automated Reasoning), JFR (Journal of Formalized Reasoning), JFP (Journal of Funcgtional Programming).

Members of the project-team refereed papers for the conferences Calculemus, ICFP (International Conference in Functional Programming), ITP (Interactive theorem proving), JFLA (Journées Francophones des Langages Applicatifs) UITP (User-Interfaces for Theorem Provers) and for the journals JFR (Journal of Formalized Reasoning), JAR (Journal of Automated Reasoning).

Members of the project reviewed projects for the Dutch organization for research (NWO)

Yves Bertot was a Jury member for the theses of Christophe Brun (U. Strasbourg) and A. Charguéraud (U. Paris-Diderot).

attended several meetings with CEA, in Saclay, in January, February, May, September, and December.

attended a Coq meeting in La Ciotat, in February.

visited IMDEA in Spain, in February and November, as part of his work for the SCALP ANR project.

attended the SAC conference in Sierre, Switzerland, in March.

attended the kick-off meeting for the Formath Workshop in Göteborg, in April.

attended the Unisciel conference in Valenciennes, in May.

presented her work in Saclay, in May.

attended the CICM event in Paris in July, and Ioana Pasca presented her work at the Calculemus conference.

attended the FLOC event in Edinburgh, UK, where Yves Bertot presented work at the Coq workshop and at the ITP conference, Tuan Minh Pham presented work at UITP, and Laurent Théry presented work at ITP.

attended the ADG conference in Munich, in July, where they presented extended abstracts.

attended a workshop on trusted extensions of theorem provers in Cambridge, UK, in August, where he gave an invited talk.

gave courses in Beijing, China, in August.

attended the Types conference in Warsaw, in October, where Yves Bertot gave an invited talk.

attended a meeting of the Coq working group in October.

attended the LPAR-17 conference in Yogyakarta (Indonesia), in October, where he presented work.

attended several meetings of the INRIA-Microsoft Research common laboratory, in June, October, November.

attended the MAP conference in Logroño, Spain, in November.

gave an invited talk at the GDR-LAC Workshop in Paris in November.

visited the University of Bologna in December.

attended a meeting of the ANR project DECERT in Paris, in November.

*Sémantique des langages de programmation I*(Programming language semantics I), 1st year Master (18 hours), University of Nice.
*Sémantique des langages de programmation, techniques avancées*(Programming language semantics, advanced techniques), 1st year Master, special cursus at University of Nice
(pensionnaires de l'école normale supérieure).

*Vérification et sécurité*, 2nd year Master, University of Nice (18 hours).

*Logic*Engineering School
*Polytech'Nice*, (38 hours), Lab sessions for the cours of programming language semantics (18 hours).

*Introduction to Coq*École des Mines de Paris, (3 hours).