The project-team investigates the design of logical frameworks, in order to ensure interoperability between proof systems, and to the development of system-independent proof libraries. To achieve these goals, we develop

a logical framework Dedukti, where several theories can be expressed,

tools to import proofs developed in external proof systems to Dedukti theories,

tools to translate proofs from one Dedukti theory to another,

tools to export proofs expressed in Dedukti theories to an external proof system,

tools to prove the confluence, the termination, and the consistency of theories expressed in Dedukti,

tools to develop proofs directly in Dedukti,

an encyclopedia Logipedia of proofs expressed in various Dedukti theories.

The idea that systems such as Euclidean geometry or set theory should be expressed, not as independent systems, but in a logical framework appeared with the design of the first logical framework: predicate logic, in 1928. Later, several more powerful logical frameworks have been designed:

The logical framework that we use is a simple

The first version of Dedukti was developed in 2011 by Mathieu Boespflug . From 2012 to 2015, new versions of Dedukti were developed and several theories were expressed in Dedukti, allowing to import proofs developed in Matita (with the tool Krajono), HOL Light (with the tool Holide), FoCaLiZe (with the tool Focalide), iProver, and Zenon, totalizing several hundred of megabytes of proofs.

From 2015 to 2018, we focused on the translation of proofs from one Dedukti theory to another and to the exporting of proofs to other proof systems. In particular the Matita arithmetic library has been translated to a much weaker theory: constructive simple type theory, allowing to export it to Coq, Lean, PVS, HOL Light, and Isabelle/HOL. This led us to develop, in 2018, an online proof encyclopedia Logipedia, allowing to share and browse this library. We also focused on the development of new theories in Dedukti, and on an interactive theorem prover on top of Dedukti.

A thesis, which is at the root of our research effort, is that
logical systems should be expressed as theories in a logical framework. As a consequence, proof-checking systems should not be focused on one theory, such as Simple type theory, Martin-Löf's type theory, or the Calculus of constructions, but should be theory independent.
On the more theoretical side, the proof search algorithms, or the algorithmic interpretation of proofs should not depend on the theory in which proofs are expressed, but this theory should just be a parameter. This is for instance expressed in the title of our
invited talk at ICALP 2012: *A theory independent Curry-De
Bruijn-Howard correspondence* .

Various limits of Predicate logic have led to the development of various families of logical frameworks:

The

Using a single prover to check proofs coming from different systems naturally leads to investigate how these proofs can be translated from one theory to another and used in a system different from the system in which they have been developed. This issue is of prime importance because developments in proof systems are getting bigger and, unlike other communities in computer science, the proof checking community has given little effort in the direction of standardization and interoperability.

For each proof, independently of the system in which it has been developed, we should be able to identify the systems in which it can be expressed. For instance, we have shown that many proofs developed in the Matita prover did not use the full strength of the logic of Matita and could be exported, for instance, to the systems of the HOL family, that are based on a weaker logic.

Rather than importing proofs from one system, transforming them, and exporting them to another system, we can use the same tools to develop system-independent proof encyclopedia. In such a library, each proof is labeled with the theories in which it can be expressed and so with the systems in which it can be used.

If our main goal with Dedukti is to import, transform, and export proofs developed in other systems, we also want to investigate how Dedukti can be used as the basis of an interactive theorem prover. This leads to two new scientific questions: first, how much can a tactic system be theory independent, and then how does rewriting extends the possibility to write tactics.

This has led to the development of a new version of Dedukti, which supports metavariables. Several tactics have been developed for this system, which are intended to help a human user to write proofs in our system instead of writing proof terms by hand. This work is a continuation of the previous work the team did on Demon, which was an extension of Dedukti, whereas the support for interactive theorem proving is now native in Dedukti.

Our main impact applications, for instance to proofs of programs, or to air traffic control, are through our cooperation with other teams.

As a matter of fact, we view our work on interoperability and on the design of a formal proof encyclopedia as a service to the formal proof community.

**Logipedia**

We have launched in September the first system independent encyclopedia of formal proofs: Logipedia.

**Awards**

Serge Abiteboul and Gilles Dowek have received the Award *La science se livre* in January.

Keyword: Automated deduction

Scientific Description: Transformation of axiomatic theories into rewriting systems that can be used by iProverModulo.

Functional Description: Autotheo is a tool that transforms axiomatic theories into polarized rewriting systems, thus making them usable in iProverModulo. It supports several strategies to orient the axioms, some of them being proved to be complete, in the sense that ordered polarized resolution modulo the resulting systems is refutationally complete, some others being merely heuristics. In practice, Autotheo takes a TPTP input file and produces an input file for iProverModulo.

News Of The Year: Maintenance.

Participant: Guillaume Burel

Partner: ENSIIE

Contact: Guillaume Burel

Publication: Consistency Implies Cut Admissibility

URL: http://

*Coq Library on Rewriting and termination*

Keywords: Coq - Formalisation

Functional Description: CoLoR is a Coq library on rewriting theory and termination. It provides many definitions and theorems on various mathematical structures (quasi-ordered sets, relations, ordered semi-rings, etc.), data structures (lists, vectors, matrices, polynomials, finite graphs), term structures (strings, first-order terms, lambda-terms, etc.), transformation techniques (dependency pairs, semantic labeling, etc.) and (non-)termination criteria (polynomial and matrix interpretations, recursive path ordering, computability closure, etc.).

Authors: Frédéric Blanqui and Sébastien Hinderer

Contact: Frédéric Blanqui

Publications: CoLoR: a Coq library on well-founded rewrite relations and its application to the automated verification of termination certificates - Automated Verification of Termination Certificates - CoLoR: a Coq library on rewriting and termination

*Coq In dEdukti*

Keywords: Higher-order logic - Formal methods - Proof

Functional Description: CoqInE is a plugin for the Coq software translating Coq proofs into Dedukti terms. It provides a Dedukti signature file faithfully encoding the underlying theory of Coq (or a sufficiently large subset of it). Current development is mostly focused on implementing support for Coq universe polymorphism. The generated ouput is meant to be type-checkable using the latest version of Dedukti.

Contact: Guillaume Burel

URL: http://

Keyword: Logical Framework

Functional Description: Dedukti is a proof-checker for the LambdaPi-calculus modulo. As it can be parametrized by an arbitrary set of rewrite rules, defining an equivalence relation, this calculus can express many different theories. Dedukti has been created for this purpose: to allow the interoperability of different theories.

Dedukti's core is based on the standard algorithm for type-checking semi-full pure type systems and implements a state-of-the-art reduction machine inspired from Matita's and modified to deal with rewrite rules.

Dedukti's input language features term declarations and definitions (opaque or not) and rewrite rule definitions. A basic module system allows the user to organize his project in different files and compile them separately.

Dedukti features matching modulo beta for a large class of patterns called Miller's patterns, allowing for more rewriting rules to be implemented in Dedukti.

News Of The Year: There has been a new release 2.6 in 2018. This release provides a better control on module loading, and a better log of rewrite steps.

Participants: François Thiré, Gaspard Ferey, Guillaume Genestier and Rodolphe Lepigre

Contact: François Thiré

Publications: Dedukti:un vérificateur de preuves universel -
Rewriting Modulo

Keyword: Proof

Functional Description: Holide translates HOL proofs to Dedukti[OT] proofs, using the OpenTheory standard (common to HOL Light and HOL4). Dedukti[OT] being the encoding of OpenTheory in Dedukti.

Contact: Guillaume Burel

*Higher-Order Termination*

Functional Description: HOT is an automated termination prover for higher-order rewriting, based on the notion of computability closure.

Contact: Frédéric Blanqui

Keywords: Automated deduction - Automated theorem proving

Scientific Description: Integration of ordered polarized resolution modulo theory into the prover iProver.

Functional Description: iProver Modulo is an extension of the automated theorem prover iProver originally developed by Konstantin Korovin at the University of Manchester. It implements ordered polarized resolution modulo theory, a refinement of the resolution method based on deduction modulo theory. It takes as input a proposition in predicate logic and a clausal rewriting system defining the theory in which the formula has to be proved. Normalization with respect to the term rewriting rules is performed very efficiently through translation into OCaml code, compilation and dynamic linking. Experiments have shown that ordered polarized resolution modulo dramatically improves proof search compared to using raw axioms.

News Of The Year: Maintenance of Dedukti output

Participant: Guillaume Burel

Partner: ENSIIE

Contact: Guillaume Burel

Publications: A Shallow Embedding of Resolution and Superposition Proofs into the ??-Calculus Modulo - Experimenting with deduction modulo

Keyword: Propositional logic

Functional Description: mSAT is a modular, proof-producing, SAT and SMT core based on Alt-Ergo Zero, written in OCaml. The solver accepts user-defined terms, formulas and theory, making it a good tool for experimenting. This tool produces resolution proofs as trees in which the leaves are user-defined proof of lemmas.

Contact: Guillaume Bury

Publication: mSAT:An OCaml SAT Solver

*Termination certificate verifier*

Keywords: Demonstration - Code generation - Verification

Functional Description: Rainbow is a set of tools for automatically verifying the correctness of termination certificates expressed in the CPF format used in the annual international competition of termination tools. It contains: a tool xsd2coq for generating Coq data types for representing XML files valid with respect to some XML Schema, a tool xsd2ml for generating OCaml data types and functions for parsing XML files valid with respect to some XML Schema, a tool for translating a CPF file into a Coq script, and a standalone Coq certified tool for verifying the correctness of a CPF file.

Author: Frédéric Blanqui

Contact: Frédéric Blanqui

Publications: Automated verification of termination certificates - Automated verification of termination certificates

Keyword: Proof

Functional Description: Krajono translates Matita proofs into Dedukti[CiC] (encoding of CiC in Dedukti) terms.

Contact: François Thiré

Keywords: Automated theorem proving - First-order logic - Propositional logic

Functional Description: Archsat is an automated theorem prover aimed at studying the integration of first-order theorem prover technologies, such as rewriting, into SMT solvers.

Contact: Guillaume Bury

Keywords: Automated theorem proving - Proof

Functional Description: Take as input a SAT proof trace in LRAT format, which can be obtained from the de facto standard format DRAT using drat-trim. Output a proof checkable by Dedukti, in a shallow encoding of propositional logic.

Participant: Guillaume Burel

Partner: ENSIIE

Contact: Guillaume Burel

Keywords: TPTP - TSTP - Proof assistant - Dedukti

Functional Description: Extracting TPTP problems from a TSTP trace. Proof reconstruction in Dedukti from TSTP trace.

Contact: Mohamed Yacine El Haddad

Keywords: Rewriting systems - Proof assistant - Termination

Functional Description: A termination-checker for higher-order rewriting with dependent types. Took part in the Termination Competition 2018 ( http://termination-portal.org/wiki/Termination_Competition_2018 ) in the "Higher-Order Rewriting (union Beta)" category.

Partner: Mines ParisTech

Contact: Guillaume Genestier

Gilles Dowek, Jean-Pierre Jouannaud and Jiaxiang Liu have started a program for developing new techniques for proving confluence of dependently typed theories, which do not rely on termination. These results have been presented at Types 2016, and will be submitted to a Journal early 2019.
Target applications for these techniques are encodings of the Calculus of inductive constructions with polymorphic universes in the

Frédéric Blanqui has published in the Journal of Functional Programming a long article synthesizing his work on the use of size annotations for proving termination . This paper provides a general and modular criterion for the termination of simply-typed

Size-change termination is a technique introduced for first-order functional programs.
In , Frédéric Blanqui and Guillaume Genestier show how it can be used to study the termination of higher-order rewriting in the

Dependency pairs are a key concept at the core of modern automated termination provers for first-order term rewrite systems. In , Frédéric Blanqui, Guillaume Genestier and Olivier Hermant introduced an extension of this technique for a large class of dependently-typed higher-order rewrite systems. This improves previous results by Wahlstedt on one hand and Frédéric Blanqui on the other hand to strong normalization and non-orthogonal rewrite systems. This new criterion has been implemented in the type-checker Dedukti.

Frédéric Blanqui and Guillaume Genestier have formally defined the operational semantics of Dedukti 2.5, showing some problems with non left-linear rewrite rules.

Rodolphe Lepigre, Frédéric Blanqui and Franck Slama developed a new
version of Dedukti, available on
https://

Aristomenis-Dionysios Papadopoulos has added a rewrite tactic in the style of Ssreflect .

Emilio Gallego added an LSP server for communicating with editors.

Ismail Lachheb has developed a plugin for Dedukti based on the LSP protocol into the Atom editor .

Guillaume Burel added support for polarized Deduction modulo theory in Dedukti.

Quentin Ye has developed an algorithm to compare

Gaspard Férey and François Thiré defined a new encoding for Cumulative type systems (CTS) in the

François Thiré redesigned the tool Universo, so that it can be used for a larger class of CTS. The specification for Universo can be given by rewrite rules which makes Universo much easier to use. This tool is a first step to have an automatic chain of translations to translate proofs in the encoding of Matita to STT

François Thiré changed the encoding provided by Krajono to integrate some ideas of the encoding discussed above. This encoding is compatible with the tool Universo.

Gaspard Férey updated the CoqInE software to translate Coq's 8.8 version. In this version, the standard library relies on universe polymorphism so partial support for the translation of this feature was integrated. Since encodings of the many features of Coq (inductive constructions, floating universes, several kinds of universe polymorphisms, etc) are a current work in progress, the software was made parameterizable to allow experimentations of multiple encodings of these features.

Gaspard Férey showcased an encoding of the Calculus of Inductive Constructions (CiC) relying on associative-commutative (AC) rewriting on the arithmetic library translated from Matita. This practical experiment shows the limitations of AC-rewriting (as implemented in Dedukti) in terms of performance and the need for special care when defining encodings relying on this feature.

Guillaume Burel began to write a tool translating SAT proof traces in LRAT format into Dedukti proofs. The main issue was that steps in LRAT traces are not logical consequences of previous clauses but only preserve provability.

Mohamed Yacine El Haddad developed a tool to extract TPTP problems from a TSTP trace (generated by automated theorem provers) and reconstruct the proof of the trace in Dedukti format.

Bruno Barras has started to develop a model of Homotopy Type Theory (HoTT) in Dedukti. This is basically a presheaf model, where the choice of the base category leads either to the simplicial sets model or to the cubical model of HoTT. This construction generalizes the setoid model construction to an arbitrary dimension. Since this involves encoding notions of category theory, the rewriting feature of Dedukti is intensively used to represent, among others, the associativity of morphism composition, or the naturality conditions.

Guillaume Bury has proposed an automation-friendly set theory for the B method. This theory is expressed using first order logic extended to polymorphic types and rewriting. Rewriting is introduced along the lines of deduction modulo theory, where axioms are turned into rewrite rules over both propositions and terms. This work has been published in .

François Thiré has defined in Dedukti a constructive version of simple type theory with prenex polymorphism: STT

Then, Walid Moustaoui and François Thiré have built a website called Logipedia which allows the user to inspect this arithmetic library and the user can download the proof of this theorem to one of the systems mentioned above.

Shared and cyclic structures are very common in both programming and proving, which requires generalizing term rewriting techniques to graphs. Jean-Pierre Jouannaud and Nachum Dershowitz have introduced a very general class of multigraphs, called drags, equipped with a composition operator

Gilles Dowek, Liu Jian, and Ying Jiang have reworked the presentation of CTL in sequent calculus proposed by Gilles Dowek and Ying Jiang in 2012 and provided an implementation of it. This work has been published in .

The ANR PROGRAMme is an ANR for junior researcher Liesbeth Demol (CNRS, UMR 8163 STL, University Lille 3) to which G. Dowek participates. The subject is: “What is a program? Historical and Philosophical perspectives”. This project aims at developing the first coherent analysis and pluralistic understanding of “program” and its implications to theory and practice.

Brazil: STIC Amsud.

Argentina: Ecos

China: Inria-NSFC

Our main international partners are Alejandro Diáz-Caro (Buenos Aires), Bruno Lopes (Niteroi), Ying Jiang (Beijing), Florian Rabe (Bremen), Brigitte Pientka (McGill), César Muñoz (NASA), and Stéphane Graham-Lengrand (SRI).

Alejandro Díaz-Caro (Buenos Aires) has visited Deducteam for two weeks.

Ying Jiang (Beijing) has visited Deducteam for three weeks.

Aristomenis-Dionysios Papadopoulos (Imperial College, London) has visited Deducteam. He worked with Frédéric Blanqui on the development of a rewrite tactic in Dedukti .

Gilles Dowek has spent two weeks at the University of Buenos Aires.

Gilles Dowek has spent two weeks at the Institute of Aerospace (USA).

Guillaume Burel has been local organizer of the scientific days of the CNRS GDR GPL working groups LTP and MTV2.

Frédéric Blanqui has been PC chair of the 13th International Workshop on Logical Frameworks and Meta-Languages: Theory and Practice (LFMTP'18) with Giselle Reis.

Frédéric Blanqui is Workshop Chair of LICS and member of the Steering Committee of LICS.

Frédéric Blanqui is member of the Steering Committee of the International School on Rewriting (ISR) of the WG 1.6 of the International Federation for Information Processing.

Gilles Dowek has been a PC member of TYPES 2018.

Guillaume Burel has been PC member of the 30th Journées Francophones des Langages Applicatifs.

Guillaume Burel has reviewed a submission for the International Conference on Principles and Practice of Constraint Programming (CP). Guillaume Genestier reviewed submissions to the conferences Logic in Computer Science (LICS), Principles and Practice of Declarative Programming (PPDP) and European Symposium on Programming (ESOP).

Gilles Dowek is an editor of TCS-C.

Frédéric Blanqui has reviewed a paper for Mathematical Structures in Computer Science (MSCS). Guillaume Burel has reviewed papers for the Computer Journal and Logical Methods in Computer Science (LMCS). Rodolphe Lepigre has reviewed a paper for International Conference on Foundations of Software Science and Computation Structures (FoSSaCS). Rodolphe Lepigre has reviewed a paper for the journal ACM Transactions on Programming Languages and Systems (TOPLAS). Franck Slama has reviewed a paper for the Journal of Functional Programming.

Rodolphe Lepigre gave an invited talk entitled “The PML Language: Realizability at the Service of Program Proofs” at the Realizability Workshop (12-13 June 2018) in Luminy.

Rodolphe Lepigre gave an invited talk entitled “An Overview of the PML

Gilles Dowek has given an invited talk at NFM (Nasa Formal Methods).

Jean-Pierre Jouannaud has given an invited talk at the workshop "Rewriting Techniques for Program Transformation and Evaluation" at FLoC, on July 8, 2018.

Gilles Dowek has participated to the meeting "From Information to Cells" organized by Hélène Kirchner and Antoine Danchin. He has given a talk at the National Institute of Aerospace.

Gilles Dowek has co-organized a seminar on Logic and Philosophy at the CNFHPST.

Guillaume Burel has presented a talk entitled “Bridging holes on Dedukti proofs, an overview” at the scientific day of the Digicosme working group UPSCaLe.

Bruno Barras has given a talk entitled “An analysis of bindlib” at the UPSCaLe meeting (June'18) held in Palaiseau.

Mohamed Yacine EL HADDAD has presented his work at internal laboratory seminar of LSV (June'18) and SAMOVAR (November'18).

Gaspard Férey has presented his work at internal laboratory seminar of LSV (June'18).

Guillaume Genestier has presented his work at the internal laboratory seminar of Centre de Recherche en Informatique of Mines ParisTech (February'18) and LSV (June'18) and presented Dedukti at the doctoral seminar of La Société Informatique de France (June'18). He presented in the WorkShop on Termination (WST) at Oxford (July'18).

Rodolphe Lepigre has presented his work on "Termination checking using well-founded typing derivations" at a Deducteam seminar in September 2018.

Rodolphe Lepigre has given a talk entitled “The PML

Franck Slama has presented some previous work at an internal laboratory seminar of LSV in December 2017.

François Thiré has presented his work on interoperability at the UPSCaLe seminar on March 2018, then he presented his paper at the LFMT Workshop at Oxford (July'17).

Aristomenis Papadopoulos has presented the work he did during his summer internship at a Deducteam seminar in September 2018.

Gilles Dowek is president of the scientific board of the Socitété informatique de France.

He is a member of the Ethic council CERNA.

He is a member of the Comité National Français d’Histoire et de Philosophie des Sciences et des techniques.

He is a member of the scientific board of La Main à la pâte.

He is a member of the scientific board of the Institut Villebon Charpak.

He is a member of the scientific board of the Maison des sciences de Lorraine.

He is the president of the Board of teacher school (ESPE) of the University of Lorraine.

He is a member of the scientific board of SystemX.

He is a member of the scientific board of the team Humanités numériques at the Collège des Bernardins.

Gilles Dowek and Jean-Pierre Jouannaud are honorary members of IFIP-WG1.6.

Jean-Pierre Jouannaud is a permanent member of the visiting committee of Academia Sinica, Taiwan.

Frédéric Blanqui reviewed a project for the Netherlands Organization for Scientific Research (NWO).

Master: Bruno Barras, proof assistants, 12h, M2, MPRI

Master: Frédéric Blanqui, formal languages, 21h, M1, ENSIIE

Master: Frédéric Blanqui, rewriting theory, 14h, M1, ENS Paris-Saclay

Master: Frédéric Blanqui,

Master: Gilles Dowek has given a course at MPRI.

Master: Gilles Dowek is in charge of the second year of Masters at the École normale de Paris Saclay.

Master: Gilles Dowek has given a one week invited course at the University of Buenos Aires.

Licence: Guillaume Genestier, logic tutorials, 45h, L3, ENS Paris-Saclay

Licence: Guillaume Genestier, complexity remedial classes, 11h, L3, ENS Paris-Saclay

Licence: Gaspard Férey, language theory, 44h, L3, EISTI

Licence: François Thiré, (spring) logic project, 26h, L3 ENS Paris-Saclay

Licence: François Thiré, (spring) Programmation 2 tutorials, 26h, L3 ENS Paris-Saclay

Licence: François Thiré, (fall) Architectures and Systems tutorials, 36h, L3 ENS Paris-Saclay

Frédéric Blanqui is co-director of the pole 4 of the doctoral school STIC of the University Paris-Saclay.

Frédéric Blanqui is member of the committee of the doctoral school of the ENS Paris-Saclay.

Frédéric Blanqui is in charge of following PhD students at LSV.

PhD Defended: Frédéric Gilbert, Gilles Dowek and Florent Kirchner,

PhD in progress: Guillaume Bury, David Delahaye and Gilles Dowek,

PhD in progress: Guillaume Genestier, termination in

PhD in progress: Mohamed Yacine El Haddad, using automated provers in proof assistants, 05/01/18, Frédéric Blanqui and Guillaume Burel,

PhD in progress: Gaspard Férey, Associative-Commutative rewriting in the

PhD in progress: François Thiré, Design tools to make interoperability easier in Dedukti, 01/09/18, Gilles Dowek.

Gilles Dowek has been a member of the Jury of the PhD defence of Pierre Boutry. He has been an evaluator of the thesis of Thibault Gauthier. He has been a member of the Jury of the habilitation defence of Julien Signoles and of Alexei Grinbaum.

Gilles Dowek writes a monthly column in Pour la Science (12 issues) and has started a bi-monthly column in Le Monde (3 issues).

Gilles Dowek has given interviews to France Inter, Radio France Internationale, France Culture, Ouest France, Usbek et Rica, and Philosophie Magazine.

Gilles Dowek has participated to meetings on scientific education in Switzerland, Belgium, and Côte d'Ivoire.

He has been heard by a committee of the the Éducation Nationale on pedagogical data and privacy.

He has given a talk on job mutations to mathematics inspectors.

Gilles Dowek has given popular science talks in Toulouse, Antony, Issoudun, Rueil Malmaison, Saint Louis, Saint-Cloud, Rennes, Nancy, Paris, Nîmes, St Quentin en Yvelines, Montbéliard, Molaix, St Agrève, Rhodes, Marcoule, and Juvisy.