The team investigates applications of recent results in proof theory to the design of logical frameworks and automated theorem proving systems. It develops the Dedukti logical framework and the iProver modulo and Zenon modulo automated theorem proving systems.

*Deduction modulo* is a formulation of predicate logic
where deduction is performed modulo an equivalence relation defined on
propositions. A typical example is the equivalence relation relating
propositions differing only by a re-arrangement of brackets around
additions, relating, for instance, the propositions *purely computational*.

Deduction modulo was proposed at the end of the 20th century as a tool to simplify the completeness proof of equational resolution. Soon, it was noticed that this idea was also present in other areas of logic, such as Martin-Löf's type theory, where the equivalence relation is definitional equality, Prawitz' extended natural deduction, etc. More generally, Deduction modulo gives an account on the way reasoning and computation are articulated in a formal proof, a topic slightly neglected by logic, but of prime importance when proofs are computerized.

The early research on Deduction modulo focused on the design of general proof search methods—Resolution modulo, tableaux modulo, etc.—that could be applied to any theory formulated in Deduction modulo, to general proof normalization and cut elimination results, to the definitions of models taking the difference between reasoning and computation into account, and to the definition of specific theories—simple type theory, arithmetic, some versions of set theory, etc.—as purely computational theories.

A new turn with Deduction modulo was taken when the idea of
reasoning modulo an arbitrary equivalence relation was applied to
typed

This led to the development of a general proof-checker based on the

A thesis, which is at the root of our research effort, and which was
already formulated in is that proof-checkers should be
theory independent. This is for instance expressed in the title of
our invited talk at Icalp 2012: *A theory independent Curry-De
Bruijn-Howard correspondence*. Such a theory independent
proof-checker is called a *Logical Framework*.

Using a single prover to check proofs coming from different provers naturally led to investigate how these proofs could interact one with another. This issue is of prime importance because developments in proof systems are getting bigger and, unlike other communities in computer science, the proof-checking community has given little effort in the direction of standardization and interoperability. On a longer term we believe that, for each proof, we should be able to identify the systems in which it can be expressed.

Deduction modulo has originally been proposed to solve a problem in
automated theorem proving and some of the early work in this area
focused on the design of an automated theorem proving method called
*Resolution modulo*, but this method was so complex that it was
never implemented. This method was simplified in 2010
and it could
then be implemented. This implementation that builds on the
iProver effort is called iProver modulo.

iProver modulo gave surprisingly good results , so that we use it now to search for proofs in many areas: in the theory of classes—also known as B set theory—, on finite structures, etc. Similar ideas have also been implemented for the tableau method with in particular several extensions of the Zenon automated theorem prover. More precisely, two extensions have been realized: the first one is called SuperZenon and is an extension to superdeduction (which is a variant of Deduction modulo), and the second one is called ZenonModulo , and is an extension to Deduction modulo. Both extensions have been extensively tested over first-order problems (of the TPTP library), and also provide good results in terms of number of proved problems. In particular, these tools provide good performances in set theory, so that SuperZenon has been successfully applied to verify B proof rules of Atelier B (work in collaboration with Siemens). Similarly, we plan to apply ZenonModulo in the framework of the BWare project to verify B proof obligations coming from the modeling of industrial applications.

More generally, we believe that proof-checking and automated theorem proving have a lot to learn from each other, because a proof is both a static linguistic object justifying the truth of a proposition and a dynamic process of proving this proposition.

The idea of Deduction modulo is that computation plays a major role in the foundations of mathematics. This led us to investigate the role played by computation in other sciences, in particular in physics. Some of this work can be seen as a continuation of Gandy's on the fact that the physical Church-Turing thesis is a consequence of three principles of physics, two well-known: the homogeneity of space and time, and the existence of a bound on the velocity of information, and one more speculative: the existence of a bound on the density of information.

This led us to develop physically oriented models of computations.

In parallel with this effort in logic and in the development of proof checkers and automated theorem proving systems, we always have been interested in using such tools. One of our favorite application domain is the safety of aerospace systems. Together with César Muñoz' team in Nasa-Langley, we have proved the correctness of several geometric algorithms used in air traffic control.

This has led us sometimes to develop such algorithms ourselves, and sometimes to develop tools for automating these proofs.

Set theory appears to be an appropriate theory for automated theorem provers based on Deduction modulo, in particular the several extensions of Zenon (SuperZenon and ZenonModulo). Modeling techniques using set theory are therefore good candidates to assess these tools. This is what we have done with the B method whose formalism relies on set theory. A collaboration with Siemens has been developed to automatically verify the B proof rules of Atelier B . From this work presented in the Doctoral dissertation of Mélanie Jacquel, the SuperZenon tool has been designed in order to be able to reason modulo the B set theory. As a sequel of this work, we contribute to the BWare project whose aim is to provide a mechanized framework to support the automated verification of B proof obligations coming from the development of industrial applications. In this context, we have recently designed ZenonModulo , (Pierre Halmagrand's PhD thesis, which has started on October 2013) to deal with the B set theory. In this work, the idea is to manually transform the B set theory into a theory modulo and provide it to ZenonModulo in order to verify the proof obligations of the BWare project.

Termination is an important property to verify, especially in critical applications. Automated termination provers use more and more complex theoretical results and external tools (e.g. sophisticated SAT solvers) that make their results not fully trustable and very difficult to check. To overcome this problem, a language for termination certificates, called CPF, has been developed since several years now. Deducteam develops a formally certified tool, Rainbow, based on the Coq library CoLoR, that is able to automatically verify the correctness of such termination certificates.

Deducteam develops several kinds of tools or libraries:

Proof checkers:

Dedukti: proof checker for the

Sukerujo: extension of Dedukti with syntactic constructions for records, strings, lists, etc.

Rainbow: CPF termination certificate verifier

Tools for translating into Dedukti's proof format proofs coming from various other provers:

Coqine translates Coq proofs

Focalide translates Focalize proofs

Holide translates OpenTheory proofs (HOL-Light, HOL4, ProofPower)

Krajono translates Matita proofs

Sigmaid translates ς-calculus

Automated theorem provers:

iProverModulo: theorem prover based on polarized resolution modulo

SuperZenon: extension of Zenon using superdeduction

ZenonArith: extension of Zenon using the simplex algorithm for arithmetic

ZenonModulo: extension of Zenon using deduction modulo and producing Dedukti proofs

Zipperposition: superposition prover featuring arithmetic and induction

HOT: automated termination prover for higher-order rewrite systems

Archsat: theorem prover using tableaux-like rules with a SAT core

Libraries or generation tools:

CoLoR: Coq library on rewriting theory and termination

Logtk: library for first-order automated reasoning

mSat: modular SAT/SMT solver with proof output

Moca: generator of construction functions for types with relations on constructors

The main novelties this year are:

CoLoR has been ported to Coq 8.5.

F. Blanqui started to develop a prototype for developing Dedukti proofs interactively.

A. Assaf, G. Burel, R. Cauderlier, D. Delahaye, G. Dowek, C. Dubois, F. Gilbert, P. Halmagrand, O. Hermant, and R. Saillard, have finished writing a general presentation of the Dedukti system. This paper is submitted for publication.

Under the supervision of P. Halmagrand and G. Burel, D. Pham worked on the conversion of TSTP proof traces, as produced by automated theorem provers such as E, Zipperposition or Vampire, into Dedukti proofs. To that purpose, he modified Zenon modulo so that it reads TSTP files and tries to reprove the proof steps given by the trace.

R. Cauderlier defended his PhD thesis on the translation of programming languages to Dedukti and interoperability of proof systems . He also presented his work on the use of Dedukti for rewriting-based proof transformation and on the translation of FoCaLiZe in Dedukti

G. Dowek and Y. Jiang have finished a paper on co-inductive and inductive complementation of inference systems. This paper is submitted for publication.

The paper of G. Dowek on the introduction of rules and derivations in a logic course has been published .

F. Gilbert has finished a paper on the automated constructivization of proofs, to appear in the proceedings of FOSSACS'17.

F. Thiré is working on the translation of the Fermat little theorem proof written in Matita to a proof written in HOL. A part of this work is developed in its internship report . He is continuing this translation during his PhD thesis.

The B Method is a formal method mainly used in the railway industry to specify and develop safety-critical software. To guarantee the consistency of a B project, one decisive challenge is to show correct a large amount of proof obligations, which are mathematical formulas expressed in a classical set theory extended with a specific type system. To improve automated theorem proving in the B Method, Pierre Halmagrand proposes , to use a first-order sequent calculus extended with a polymorphic type system, which is in particular the output proof-format of the tableau-based automated theorem prover Zenon. After stating some modifications of the B syntax and defining a sound elimination of comprehension sets, he proposes a translation of B formulas into a polymorphic first-order logic format. Then, he introduces the typed sequent calculus used by Zenon, and shows that Zenon proofs can be translated to proofs of the initial B formulas in the B proof system.

F. Blanqui revised his paper on “size-based termination of higher-order rewrite systems” submitted to the Journal of Functional Programming . This paper is concerned with the termination, in Church’ simply-typed λ-calculus, of the combination of β-reduction and arbitrary user-defined rewrite rules fired using matching modulo α-congruence only. Several authors have devised termination criteria for fixpoint-based function definitions using deduction rules for bounding the size of terms inhabiting inductively defined types, where the size of a term is (roughly speaking) the set-theoretical height of the tree representation of its normal form. In the present paper, we extend this approach to rewriting-based function definitions and more general notions of size.

G. Dowek has finished writing a paper on the notion of model and its
application to termination proofs for the

In

The paper of G. Dowek and P. Arrighi Free fall and cellular automata has been published . As a sequel of this paper, G. Dowek and P. Arrighi have written a short note .

A. Díaz-Caro and G. Dowek have developed a new typing system for
quantum

Under the supervision of S. Martiel and P. Arrighi, C. Chouteau worked on a particular notion of covariance in the model of causal graph dynamics. Causal graph dynamics are graph transformations constrained by Physics-inspired symmetries. The particular object of study of this internship was a restriction of this model to physical transformations of discrete geometrical spaces.

We are coordinators of the ANR-NFSC contract Locali with the Chinese Academy of Sciences.

We are members of the ANR BWare, which started on September 2012 (David Delahaye is the national leader of this project). The aim of this project is to provide a mechanized framework to support the automated verification of proof obligations coming from the development of industrial applications using the B method. The methodology used in this project consists in building a generic platform of verification relying on different theorem provers, such as first-order provers and SMT solvers. We are in particular involved in the introduction of Deduction modulo in the first-order theorem provers of the project, i.e. Zenon and iProver, as well as in the backend for these provers with the use of Dedukti.

We are members of the ANR Tarmac on models of computation, coordinated by Pierre Valarcher.

Program: CA COST Action CA15123

Project acronym: EUTYPES

Project title: European research network on types for programming and verification

Duration: 21/03/16 - 20/03/20

Coordinator: Herman Geuvers

** Login**

Title: Logic and Information

International Partner (Institution - Laboratory - Researcher):

Universidad de Buenos Aires (Argentina) - Ricardo Oscar Rodrigues

Duration: 2015 - 2016

This project aims to propose an improvement on a long-term already existing collaboration between Inria, the brazilians and the argentin named team. We already have a CAPES-COFECUB cooperation (n. 690/10, namely “Teorias lógicas contemporâneas e a filosofia da linguagem: questões epistemológicas e semânticas”) that leaded to many students interchange and technical visits of Professors, including the organisation of some workshops (the last one was the 2nd Workshop on Logic and Semantics, at UERJ, Ilha Grande-RJ, Brazil. Prof. Gilles Dowek is also a Co-Advisor with Prof. Edward Hermann Haeusler of a brazilian Ph.D. Candidate in this project (and a former one also in this project, these two candidates finalised recently a sandwich doctorate - similar to stage doctorale - at Inria). Prof. Gilles Dowek also collaborates with other members of this team and is supervising a post-doc project of another member. Since 2011 members of the team presents.

** FoQCoSS**

Title: Foundations of Quantum Computation: Syntax and Semantics

International Partners (Institution - Laboratory - Researcher):

Universidad Nacional de Quilmes (Argentina) - Alejandro Diaz-Caro

CNRS (France) - Simon Perdrix

Duration: 2016 - 2017

The design of quantum programming languages involves the study of many characteristics of languages which can be seen as special cases of classical systems: parallelism, probabilistic systems, non-deterministic systems, type isomorphisms, etc. This project proposes to study some of these characteristics, which are involved in quantum programming languages, but also have a more immediate utility in the study of nowadays systems. In addition, from a more foundational point of view, we are interested in the implications of computer science principles for quantum physics. For example, the consequences of the Church-Turing thesis for Bell-like experiments: if some of the parties in a Bell-like experiment use a computer to decide which measurements to make, then the computational resources of an eavesdropper have to be limited in order to have a proper observation of non-locality. The final aim is to open a new direction in the search for a framework unifying computer science and quantum physics.

Clément Chouteau, from May 2016 to July 2016

David Pham (Univ. Évry) from June 2016 to July 2016

F. Gilbert spent one month in the formal methods team at NASA Langley Research Center, to work with Cesar Munoz on the use of automated theorem provers to verify PVS proofs.

G. Dowek has co-organized the meeting Universality of Proofs in Dagstuhl.

G. Dowek is a member of the steering committee of FSCD.

F. Blanqui was member of the program committee of the 2016 Coq Workshop.

F. Blanqui reviewed papers for IJCAR 2016 and CSL 2016.

G. Dowek is an editor of TCS-C.

G. Dowek has been an invited speaker at ISEEP 2016.

G. Dowek has been an invited speaker at Physics and Computation 2016.

G. Dowek has been a member of a commitee dedicated to an update of the high school informatics curriculum.

G. Dowek is the President of the Scientific Board of the Société informatique de France.

G. Dowek is a member of the Scientific Board of la Main à la Pâte.

G. Dowek is a member of the commission de réflexion sur l'éthique de la recherche en sciences et technologies du numérique d'Allistene.

G. Dowek is a member of the comité national français d'histoire et de philosophie des sciences et des techniques.

F. Blanqui is co-director of the pole 4 (programming: models, algorithms, languages and architectures) of Paris-Saclay University's doctoral school on computer science.

F. Blanqui is referent of LSV PhD students.

G. Dowek is attached professor at the École normale supérieure de Paris-Saclay. He has given a course at MPRI. He has given a course to the student preparing the teacher's recruiting exam Agrégation. He is responsible for the second year of master.

F. Blanqui gave a course (15h) on rewriting theory at the MPRI.

PhD : Raphaël Cauderlier, Object-Oriented Mechanisms for Interoperability between Proof Systems, CNAM, 10/10/2016, Catherine Dubois

F. Blanqui was member of the 2016 Inria recruitment committee for young graduate scientists.

F. Blanqui was member of the jury for the best scientific production of the year within Paris-Saclay University's doctoral school on computer science.