We want to concentrate on the development of mathematical libraries for theorem proving tools. This objective contributes to two main areas of application: tools for mathematicians and correctness verification tools for software dealing with numerical computation.

In the short term, we aim for mathematical libraries that concern polynomials, algebra, group theory, floating point numbers, real numbers, big integers, probabilities and geometrical objects. In the long run, we think that this will involve any function that may be of use in embedded software for control or robotics (in what is called hybrid systems, systems that contain both software and physical components) and in cryptographical systems. We want to integrate these libraries in theorem proving tools because we believe they will become important tools for mathematical practice and for engineers who need to prove the correctness of their algorithms and software.

We believe that theorem proving tools are good tools to produce highly dependable software, because they provide a framework where algorithms and specifications can be studied uniformly and often provide means to mechanically derive programs that are correct by construction.

We also study the extensibility of interactive theorem proving tools based on decision procedures that free designers from the burden of verifying some of the required properties. We often rely on “satisfiability modulo theory” procedures, which can be connected to theorem proving tools in a way that preserves the trustability of the final results.

The calculus of inductive constructions is a branch of type theory that serves as a foundation for theorem proving tools, especially the Coq proof assistant. It is powerful enough to formalize complex mathematics, based on algebraic structures and operations. This is especially important as we want to produce proofs of logical properties for these algebraic structures, a goal that is only marginally addressed in most scientific computation systems.

The calculus of inductive constructions also makes it possible to write algorithms as recursive functional programs which manipulate tree-like data structures. A third important characteristic of this calculus is that it is also a language for manipulating proofs. All this makes this calculus a tool of choice for our investigations. However, this language still is the object of improvements and part of our work focusses on these improvements.

To produce certified algorithms, we use the following approach: instead of attempting to prove properties of an existing program written in a conventional programming language such as C or Java, we produce new programs in the calculus of constructions whose correctness is an immediate consequence of their construction. This has several advantages. First, we work at a high level of abstraction, independently of the target implementation language. Secondly, we concentrate on specific characteristics of the algorithm, and abstract away from the rest (for instance, we abstract away from memory management or data implementation strategies). Therefore, we are able to address more high-level mathematics and to express more general properties without being overwhelmed by implementation details.

However, this approach also presents a few drawbacks. For instance, the calculus of constructions usually imposes that recursive programs should explicitly terminate for all inputs. For some algorithms, we need to use advanced concepts (for instance, well-founded relations) to make the property of termination explicit, and proofs of correctness become especially difficult in this setting.

To bridge the gap between our high-level descriptions of algorithms and conventional programming languages, we investigate the algorithms that are present in programming language implementations, for instance algorithms that are used in a compiler or a static analysis tool. When working on these algorithms, we usually base our work on the semantic description of the programming language. The properties that we attempt to prove for an algorithm are, for example, that an optimization respects the meaning of programs or that the programs produced are free of some unwanted behavior. In practice, we rely on this study of programming language semantics to propose extensions to theorem proving tools or to verify that compilers for conventional programming languages are exempt from bugs.

Our effort to setup a consortium around the Coq system has made significant progress this year as illustrated by two noticeable events: the first engineer was hired by InriaSoft for this consortium (Maxime Dénès) and the first funding was collected from academic partners (the first is Princeton University).

*The Coq Proof Assistant*

Keywords: Proof - Certification - Formalisation

Scientific Description: Coq is an interactive proof assistant based on the Calculus of (Co-)Inductive Constructions, extended with universe polymorphism. This type theory features inductive and co-inductive families, an impredicative sort and a hierarchy of predicative universes, making it a very expressive logic. The calculus allows to formalize both general mathematics and computer programs, ranging from theories of finite structures to abstract algebra and categories to programming language metatheory and compiler verification. Coq is organised as a (relatively small) kernel including efficient conversion tests on which are built a set of higher-level layers: a powerful proof engine and unification algorithm, various tactics/decision procedures, a transactional document model and, at the very top an IDE.

Functional Description: Coq provides both a dependently-typed functional programming language and a logical formalism, which, altogether, support the formalisation of mathematical theories and the specification and certification of properties of programs. Coq also provides a large and extensible set of automatic or semi-automatic proof methods. Coq's programs are extractible to OCaml, Haskell, Scheme, ...

Release Functional Description: Version 8.7 features a large amount of work on cleaning and speeding up the code base, notably the work of Pierre-Marie Pédrot on making the tactic-level system insensitive to existential variable expansion, providing a safer API to plugin writers and making the code more robust.

New tactics: Variants of tactics supporting existential variables "eassert", "eenough", etc. by Hugo Herbelin. Tactics "extensionality in H" and "inversion_sigma" by Jason Gross, "specialize with" accepting partial bindings by Pierre Courtieu.

Cumulative Polymorphic Inductive Types, allowing cumulativity of universes to go through applied inductive types, by Amin Timany and Matthieu Sozeau.

The SSReflect plugin by Georges Gonthier, Assia Mahboubi and Enrico Tassi was integrated (with its documentation in the reference manual) by Maxime Dénès, Assia Mahboubi and Enrico Tassi.

The "coq_makefile" tool was completely redesigned to improve its maintainability and the extensibility of generated Makefiles, and to make "_CoqProject" files more palatable to IDEs by Enrico Tassi.

A lot of other changes are described in the CHANGES file.

News Of The Year: Version 8.7 was released in October 2017 and version 8.7.1 in December 2017, development started in January 2017. This is the second release of Coq developed on a time-based development cycle. Its development spanned 9 months from the release of Coq 8.6 and was based on a public road-map. It attracted many external contributions. Code reviews and continuous integration testing were systematically used before integration of new features, with an important focus given to compatibility and performance issues.

The main scientific advance in this version is the integration of cumulative inductive types in the system. More practical advances in stability, performance, usability and expressivity of tactics were also implemented, resulting in a mostly backwards-compatible but appreciably faster and more robust release. Much work on plugin extensions to Coq by the same development team has also been going on in parallel, including work on JSCoq by Emilio JG Arias, Ltac 2 by P.M-Pédrot, which required synchronised changes of the main codebase. In 2017, the construction of the Coq Consortium by Yves Bertot and Maxime Dénès has greatly advanced and is now nearing its completion.

Participants: Abhishek Anand, C. J. Bell, Yves Bertot, Frédéric Besson, Tej Chajed, Pierre Courtieu, Maxime Denes, Julien Forest, Emilio Jesús Gallego Arias, Gaëtan Gilbert, Benjamin Grégoire, Jason Gross, Hugo Herbelin, Ralf Jung, Matej Kosik, Sam Pablo Kuper, Xavier Leroy, Pierre Letouzey, Assia Mahboubi, Cyprien Mangin, Érik Martin-Dorel, Olivier Marty, Guillaume Melquiond, Pierre-Marie Pédrot, Benjamin C. Pierce, Lars Rasmusson, Yann Régis-Gianas, Lionel Rieg, Valentin Robert, Thomas Sibut-Pinote, Michael Soegtrop, Matthieu Sozeau, Arnaud Spiwack, Paul Steckler, George Stelle, Pierre-Yves Strub, Enrico Tassi, Hendrik Tews, Laurent Théry, Amin Timany, Vadim Zaliva and Théo Zimmermann

Partners: CNRS - Université Paris-Sud - ENS Lyon - Université Paris-Diderot

Contact: Matthieu Sozeau

Publication: The Coq Proof Assistant, version 8.7.1

URL: http://

Functional Description: EasyCrypt is a toolset for reasoning about relational properties of probabilistic computations with adversarial code. Its main application is the construction and verification of game-based cryptographic proofs. EasyCrypt can also be used for reasoning about differential privacy.

Participants: Benjamin Grégoire, Gilles Barthe and Pierre-Yves Strub

Contact: Gilles Barthe

*Embeddable Lambda Prolog Interpreter*

Keywords: Constraint Programming - Programming language - Higher-order logic

Functional Description: ELPI is a lambdaProlog interpreter written in OCaml, easy to embed in software written in the same language.

Contact: Enrico Tassi

*Mathematical Components library*

Functional Description: The Mathematical Components library is a set of Coq libraries that cover the mechanization of the proof of the Odd Order Theorem.

Release Functional Description: The library includes 16 more theory files, covering in particular field and Galois theory, advanced character theory, and a construction of algebraic numbers.

Participants: Alexey Solovyev, Andrea Asperti, Assia Mahboubi, Cyril Cohen, Enrico Tassi, François Garillot, Georges Gonthier, Ioana Pasca, Jeremy Avigad, Laurence Rideau, Laurent Théry, Russell O'Connor, Sidi Ould Biha, Stéphane Le Roux and Yves Bertot

Contact: Assia Mahboubi

Keywords: Semantic - Programming language - Coq

Functional Description: A didactical Coq development to introduce various semantics styles. Shows how to derive an interpreter, a verifier, or a program analyser from formal descriptions, and how to prove their consistency.

This is a library for the Coq system, where the description of a toy programming language is presented. The value of this library is that it can be re-used in classrooms to teach programming language semantics or the Coq system. The topics covered include introductory notions to domain theory, pre and post-conditions, abstract interpretation, and the proofs of consistency between all these point of views on the same programming language. Standalone tools for the object programming language can be derived from this development.

Participants: Christine Paulin and Yves Bertot

Contact: Yves Bertot

URL: http://

Functional Description: Ssreflect is a tactic language extension to the Coq system, developed by the Mathematical Components team.

Participants: Assia Mahboubi, Cyril Cohen, Enrico Tassi, Georges Gonthier, Laurence Rideau, Laurent Théry and Yves Bertot

Contact: Yves Bertot

Keywords: Formal methods - Security - Cryptography

Functional Description: autoGnP is an automated tool for analyzing the security of padding-based public-key encryption schemes (i.e. schemes built from trapdoor permutations and hash functions). This years we extended the tool to be able to deal with schemes based on cyclic groups and bilinear maps.

Participants: Benjamin Grégoire, Gilles Barthe and Pierre-Yves Strub

Contact: Gilles Barthe

We are designing a Coq plugin named elpi providing an extension language based on

Another experiment was conducted by Cyril Cohen on using elpi to compute genericity theorems. For now the unary and binary cases have been covered in a concise fashion.

An article on this topic has been submitted to MSCS , a presentation will also be given at the CoqPL workshop .

The work of previous years on Coqoon has been published in an international journal .

Sophie Bernard completed a proof of the Lindemann-Weierstrass theorem concerning the algebraic independence of spans of exponentials of rationally dependent numbers. This result required that we extend the theory of symmetric multivariate polynomials in order to formalize the notion of conjugates of a polynomial. This was described in an article presented at an international conference and at a workshop associated to ANR project FastRelax.

This work mainly concerns Univalent Foundations and Homotopy Type Theory,
especially in the form of cubical type theory. The code is visible at
https://

Anders Mörtberg extended work with Ralph Matthes, Benedikt Ahrens and Vladimir Voevodsky on the representation of syntax of programming languages using category theory in univalent type theory. This paper was accepted for publication in JAR.

Anders Mörtberg also prepared a series of lectures introducing to cubical type theory. this lead to invited talks at the workshops "Type Theory based Tools (TTT)", and "Syntax and Semantics of Type Theory".

As part of the ANR Fastrelax project, we have started to formalize double-word arithmetic algorithms, in particular the sum of a double-word and a floating point number and the sum of two double-word numbers described in the article " Tight and rigourous error bounds for basic building blocks of double-word arithmetic" . The formalization is progressing. A notable event is that we detected a small error in the article proof, which required a correction by the authors.

We show how a library of formalized mathematics about continuous functions can be used to derive an algorithm that compares two floating point number one in base 2 and one in base 10 .

The towers of Hanoi is a classical example that illustrates the power of recursive programming. Proving that the recursive program solves the problem is elementary but proving that it is a minimal solver is harder. This is even more difficult if we consider the general problem that considers arbitrary starting and final positions. We present the formalisation of this problem in the Mathematical Component Library .

We studied formal proofs for several algorithms used to computed

We resumed our collaboration with the team at AIST for the formal description of robotics aspects . Reynald Affeldt visited Sophia Antipolis for 10 days during which we improved the connection between our library for algebra and the Coquelicot library for analysis.

To study problems in control, we worked on the notion of compacts and showed how to express it using filters, as in Coquelicot.

We experimented with sets of notations to make computing with limits simpler. We also generalized the notion of "big enough" that can usually be found when reasoning about functions at infinity (or sequences) so that it now works with arbitrary filters. Finally, we started experimenting with a new point of view on "small o" notations.

We also started work on formalizing in Coq the Cauchy-Lipschitz theorem (also known as Picard-Lindelöf), which proves the existence and uniqueness of solutions to differential equations.

We expect all these small advances to prepare the ground for work on various aspects of robotics and control. Part of this work was published in an international conference .

We worked on dynamical systems and differential equations. Damien Rouhling fully formalized in Coq LaSalle's invariance principle with the help of Cyril Cohen. This principle uses Lyapunov functions to prove the stability of a dynamical system defined by a differential equation. We wrote a paper about this formalization, which has been published in the proceedings of the ITP 2017 conference .

We improved this formalization to apply this principle to an example of robotics and control theory. We formalized in Coq the correctness of a control function for an inverted pendulum. Damien Rouhling wrote a paper about this, accepted for publication at an international conference in early 2018 .

We studied algorithms to compute strongly connected components in graphs, as a way to prepare a comparative study with the work of Levy and Chen: "A Semi-Automatic Proof of Strong Connectivity" .

In a similar vein, Yves Bertot and Clément Sartori have been studying the combinatorial aspects of triangulations, and in particular Delaunay triangulations, seen as graphs. In the long run, we expect this effort to contribute to formal descriptions of Voronoi diagrams and uses in robot motion planning.

The CoqEAL library provides a framework to connect efficient executable functional programs to the algorithms that are described formally using the mathematical components library. Key aspects rely on the capacity to refine abstract views of the algorithms and data into concrete views, where the efficiency can be fine-tuned. For this refinement, we also need to rely on properties of programming languages such as parametricity. We experimented on relying on the ELPI plugin to implement this parametricity feature. In the long run, this means that the ELPI plugin should play an instrumental role in making CoqEAL easy to use and to extend.

We formalized exterior algebras as vector spaces with dimension

Our study of cylindrical algebraic decomposition requires that we find a good representation of semi-algebraic sets, which are usually determined by a collections of comparisons between polynomial formulas. We wrote an article on this topic, which has been accepted for publication at an international conference to be held in early 2018 .

This year, we proposed new logics to make a link between "probabilistic Relationnal Hoare Logic" and the traditionnal notion of couplings from probability theory . We have also showed that coupling can be use to prove non-relationnal properties like uniformity and probabilistic independence .

We used Easycrypt to prove the security of Secure Function Evaluation (SFE) based on garble circuits .

We develop a certified compiler named Jasmin to generate high-speed and high-assurance cryptographic code.

Differential power analysis (DPA) is a side-channel attack in which an adversary retrieves cryptographic material by measuring and analyzing the power consumption of the device on which the cryptographic algorithm under attack executes. We introduced new notions/models allowing to check the correctness of counter measures (masking schemes) .

We completed a formal proof of security for CMAC, a scheme for cipher-based message authentication code. A publication is being submitted on this topic. We also experimented on a formal study of the forking lemma, which is present in many security proofs for signing schemes that rely on lattice problems.

The lessons derived from these experiments lead us to proposing new tools for matching instructions and unifying formulas with meta-variables in EasyCrypt.

Most of the work described here is inspired by the experiment of giving formal proofs in Coq of the exercises found in Bourbaki's exposition of set theory. However, some of the results go beyond what can be found in Bourbaki.

We studied order relations by proving several properties about the *length* and *width* of order
relations, for instance showing that when a set has

We also studied ordinal addition, which is non-commutative. Given a finite sequence of ordinals, one can compute the number of different results of the sum of these elements, depending on the order in which this sequence is taken. There is an explicit formula for this number, with a proof that we formalized.

Last, we studied a footnote from Bourbaki, that indicates that 1 is a notation for a term whose normal form
has several tens of thousands of signs. We compute this size (about

We are currently members of four projects funded by the French national agency for research funding.

TECAP "Analyse de protocoles, Unir les outils existants", starting on October 1st, 20117, for 60 months, with a grant of 89 kEuros. Other partners are Inria teams PESTO (Inria Nancy grand-est), Ecole Polytechnique, ENS Cachan, IRISA Rennes, and CNRS. The corresponding researcher for this contract is Benjamin Grégoire.

SafeTLS "La sécurisation de l'Internet du futur avec TLS 1.3" started on October 1st, 2016, for 60 months, with a grant of 147kEuros. Other partners are Université de Rennes 1, and secrétariat Général de la Défense et de la Sécurité Nationale. The corresponding researcher for this contract is Benjamin Grégoire.

BRUTUS "Chiffrements authentifiés et résistants aux attaques par canaux auxiliaires", started on October 1st, 2014, for 60 months, with a grant of 41 kEuros for Marelle. Other partners are Université de Rennes 1, CNRS, secrétariat Général de la défense et de la sécurité nationale, and Université des Sciences et Technologies de Lille 1. The corresponding researcher for this contract is Benjamin Grégoire.

FastRelax, "Fast and Reliable Approximations", started on October 1st, 2014, for 60 months, with a grant of 75 kEuros for Marelle. Other partners are Inria Grenoble (ARIC project-team), LAAS-CNRS (Toulouse), Inria Saclay (Toccata and Specfun project-teams), and LIP6-CNRS (Paris). The corresponding researcher for this contract is Laurence Rideau.

We have sustained collaborations with the team of Thierry Coquand at Chalmers and the University of Göteborg in Sweden and with the team of Gilles Barthe at IMDEA in Spain.

In September, we organized a meeting on formal proofs for cryptography, with the following attendants: Manuel Barbosa (Portugal), Gilles Barthe (Spain), Vincent Laporte (Spain), Jose Carlos Bacelar Almeida (Portugal), Pierre-Yves Strub (France), Ko Stoffelen (the Netherlands), Benoit Viguier (the Netherlands), Chitchanok Chuengsatiansup (France).

We have frequent visits by Gilles Barthe, François Dupressoir (IMDEA, Madrid) and visits of Benjamin Grégoire at IMDEA Madrid.

Benjamin Grégoire visited University of Minho in May to work on the Jasmin compiler with Manuel Barbosa.

In our activity to setup the Coq consortium, we have frequent interaction with A. Appel (U. Princeton), B. Pierce (U. Penn), Zhong Shao (Yale University), A. Chlipala (MIT), and G. Morrissett (Cornell University).

We received Reynald Affeldt from AIST for a 10-days visit in November.

Anders Mörtberg was an organizer of the 3rd workshop on Homotopy Type Theory and Univalent Foundations in Oxford, 8-9 September.

Yves Bertot was program committee co-chair for CPP'17 (Certified Programs and Proofs), in Paris, in January 2017.

Yves Bertot is program committee co-chair for CoqPL'18 (Coq for Programming Lanugages), in Los Angeles, in January 2018.

Laurence Rideau was member of the program committee for JFLA'2018 (Journées francophones des langages applicatifs).

Members of the team reviewed papers for JFLA (Journées Francophones des Langages Applicatifs), PoPL (Principles of Programming Languages), CPP (Certified Programs and Proofs), ITP (Interactive Theorem Proving), LPAR (Logic for Programming, Artificial Inteligence, and Reasoning), TACAS (Tools and Algorithms for the Construction and Analysis of Systems).

Members of the team reviewed papers for JAR (Journal of Automated Reasoning), and MSCS (Mathematical Structures in Computer Science).

Anders Mörtberg gave an invited talk at TTT (Type-Theory based Tools) in Paris in January and an invited talk at the workshop on Syntax and Semantics of Type Theory in Ljubljana in February.

Cyril Cohen was invited for a talk at the workshop on Real Verification in South Korea in July.

Damien Rouhling gave an invited talk at a meeting of the ANR-funded FastRelax project.

Yves Bertot performed a project review for the Dutch research funding agency (NWO).

Yves Bertot is a member of the "Bureau du comité des projets".

Yves Bertot is a member of the scientific committee for Academy "RISE" of University Côte d'azur.

Yves Bertot was a member of the national working group for the strategic plan of Inria.

Benjamin Grégoire is a member of the committee on the computer tool usage (CUMI) for the Sophia-Antipolis Méditerranée Inria center.

José Grimm is a member of the local committee for hygiene and work safety.

Laurence Rideau was a member of the Jury for hiring new researchers at Inria Sophia Antipolis (Jury d'admissibilité de chargés de recherche, Inria Sophia Antipolis Méditerranée).

Doctorat: Enrico Tassi organized an advanced school on Coq and the Mathematical Components library, where Laurence Rideau, Cyril Cohen, Laurent Théry, and Yves Bertot gave lectures and supervised laboratory sessions. This school took place in December and had 12 attendants.

Doctorat: Enrico gave a course "Type Theory, The Coq proof assistant", at the University of Padova in June.

Master: Yves Bertot organized an introductory school on Coq. This school took place in January and had 12 attendants.

Licence: Sophie Bernard gave 54 hours of lectures on probabilities at University of Nice Sophia Antipolis.

Licence: Damien Rouhling taught about 60 hours at University Nice Sophia Antipolis: differential calculus, Fourier analysis, and C programming (First year students).

Licence: Boris Djalal taught 4 hours of computer science for first year students in a "classe préparatoire aux grandes écoles".

Licence: Cécile Baritel-Ruet taught 30 hours of computer science for first year students at Université de Nice, and 12 hours of lectures on computer science history.

Licence: Laurence Rideau taught 10 hours of computer science in a "classe préparatoire aux grandes écoles"

Licence: Cyril Cohen gives mathematics exercises in a "classe préparatoire aux grandes écoles".

Master: Laurent Théry taught 3 hours on "introduction to computer verified proof" at Ecole des Mines de Paris,

PhD in progress : Cécile Baritel-Ruet, "Formal verification of Security with EasyCrypt", started October 2016, supervised by Benjamin Grégoire and Yves Bertot,

PhD in progress : Sophie Bernard, "Formal proofs for transcendance", started October 2016, supervised by Yves Bertot and Laurence Rideau,

PhD in progress : Boris Djalal, "Formal verification of cylindrical algebraic decomposition", supervised by Cyril Cohen and Yves Bertot,

PhD in progress : Mohammad El Laz, "Formal study of Security", started December 2017, supervised by Benjamin Grégoire and Tamara Rezk (Indes Inria project team),

PhD in progress, : Damien Rouhling, "Formal proofs for control and robotics", started in October 2016, supervised by Yves Bertot and Cyril Cohen.

Laurent Théry attended the middle thesis review for David Braun, in Strasbourg,

Enrico Tassi was a member of the Jury for the defence of Roberto Blanco Martinez (Ecole Polytechnique),

Laurent Théry was a member of the Jury for the defence of Thomas Sibut-Pinote (Ecole Polytechnique).

Laurent Théry gave a talk in high-school (Centre International de Valbonne) in the context of the annual "Fête de la Science".

Damien Rouhling and Cécile Baritel-Ruet participated to the event "My thesis in 180 seconds" at the regional level.