Abstract
Interaction trees (ITrees) are a general-purpose data structure for representing the behaviors of recursive programs that interact with their environments. A coinductive variant of “free monads,” ITrees are built out of uninterpreted events and their continuations. They support compositional construction of interpreters from event handlers, which give meaning to events by defining their semantics as monadic actions. ITrees are expressive enough to represent impure and potentially nonterminating, mutually recursive computations, while admitting a rich equational theory of equivalence up to weak bisimulation. In contrast to other approaches such as relationally specified operational semantics, ITrees are executable via code extraction, making them suitable for debugging, testing, and implementing software artifacts that are amenable to formal verification.
We have implemented ITrees and their associated theory as a Coq library, mechanizing classic domain- and category-theoretic results about program semantics, iteration, monadic structures, and equational reasoning. Although the internals of the library rely heavily on coinductive proofs, the interface hides these details so that clients can use and reason about ITrees without explicit use of Coq’s coinduction tactics.
To showcase the utility of our theory, we prove the termination-sensitive correctness of a compiler from a simple imperative source language to an assembly-like target whose meanings are given in an ITree-based denotational semantics. Unlike previous results using operational techniques, our bisimulation proof follows straightforwardly by structural induction and elementary rewriting via an equational theory of combinators for control-flow graphs.
Supplemental Material
- Andreas Abel, Stephan Adelsberger, and Anton Setzer. 2017. Interactive programming in Agda–Objects and graphical user interfaces. Journal of Functional Programming 27 (2017).Google Scholar
- Peter Aczel, Jirí Adámek, Stefan Milius, and Jiri Velebil. 2003. Infinite trees and completely iterative theories: a coalgebraic view. Theor. Comput. Sci. 300, 1-3 (2003), 1–45. Google Scholar
Digital Library
- Amal Jamil Ahmed. 2004. Semantics of Types for Mutable State. Ph.D. Dissertation. Princeton University. http://www.cs. indiana.edu/~amal/ahmedsthesis.pdfGoogle Scholar
Digital Library
- Thorsten Altenkirch, Nils Anders Danielsson, and Nicolai Kraus. 2017. Partiality, Revisited. In Foundations of Software Science and Computation Structures, Javier Esparza and Andrzej S. Murawski (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 534–549.Google Scholar
- Heinrich Apfelmus. 2010. The Operational Monad Tutorial. The Monad.Reader Issue 15 (2010).Google Scholar
- Andrew W. Appel. 2011. Verified Software Toolchain. In Proceedings of the 20th European Conference on Programming Languages and Systems: Part of the Joint European Conferences on Theory and Practice of Software (ESOP’11/ETAPS’11). Springer-Verlag, Berlin, Heidelberg, 1–17. http://dl.acm.org/citation.cfm?id=1987211.1987212Google Scholar
Digital Library
- Andrew W. Appel. 2014. Program Logics - for Certified Compilers. Cambridge University Press. http: //www.cambridge.org/de/academic/subjects/computer-science/programming-languages-and-applied-logic/programlogics-certified-compilers?format=HBGoogle Scholar
Digital Library
- Andrej Bauer and Matija Pretnar. 2015. Programming with algebraic effects and handlers. Journal of Logical and Algebraic Methods in Programming 84, 1 (Jan 2015), 108–123.Google Scholar
- Nick Benton, Lars Birkedal, Andrew Kennedy, and Carsten Varming. 2010. Formalizing Domains, Ultrametric Spaces and Semantics of Programming Languages. (July 2010). https://www.microsoft.com/en-us/research/publication/formalizingdomains-ultrametric-spaces-and-semantics-of-programming-languages/Google Scholar
- Nick Benton, Andrew Kennedy, and Carsten Varming. 2009. Some Domain Theory and Denotational Semantics in Coq. In Theorem Proving in Higher Order Logics, Stefan Berghofer, Tobias Nipkow, Christian Urban, and Makarius Wenzel (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 115–130.Google Scholar
- Stephen L. Bloom and Zoltán Ésik. 1993. Iteration Theories - The Equational Logic of Iterative Processes. Springer. Google Scholar
Cross Ref
- Venanzio Capretta. 2005. General Recursion via Coinductive Types. Logical Methods in Computer Science 1, 2 (2005), 1–18. Google Scholar
- Robert Cartwright and Matthias Felleisen. 1994. Extensible Denotational Language Specifications. In Symposium on Theoretical Aspects of Computer Software, Vol. LNCS. Springer-Verlag, 244–272.Google Scholar
- Pietro Cenciarelli and Eugenio Moggi. 1993. A Syntactic Approach to Modularity in Denotational Semantics. Technical Report. In Proceedings of the Conference on Category Theory and Computer Science.Google Scholar
- James Chapman, Tarmo Uustalu, and Niccolò Veltri. 2015. Quotienting the Delay Monad by Weak Bisimilarity. In Theoretical Aspects of Computing - ICTAC 2015, Martin Leucker, Camilo Rueda, and Frank D. Valencia (Eds.). Springer International Publishing, Cham, 110–125.Google Scholar
Digital Library
- Arthur Charguéraud. 2013. Pretty-Big-Step Semantics. In Proceedings of the 22Nd European Conference on Programming Languages and Systems (ESOP’13). Springer-Verlag, Berlin, Heidelberg, 41–60. Google Scholar
Digital Library
- Adam Chlipala. 2007. A Certified Type-preserving Compiler from Lambda Calculus to Assembly Language. In Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’07). ACM, New York, NY, USA, 54–65. Google Scholar
Digital Library
- Adam Chlipala. 2010. A Verified Compiler for an Impure Functional Language. In Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’10). ACM, New York, NY, USA, 93–106. Google Scholar
Digital Library
- Adam Chlipala. 2017. Infinite Data and Proofs. In Certified Programming with Dependent Types. MIT Press. http: //adam.chlipala.net/cpdt/html/Cpdt.Coinductive.htmlGoogle Scholar
- Nils Anders Danielsson. 2012. Operational semantics using the partiality monad. In In: International Conference on Functional Programming 2012, ACM Press. Citeseer.Google Scholar
- Leonardo Mendonça de Moura, Soonho Kong, Jeremy Avigad, Floris van Doorn, and Jakob von Raumer. 2015. The Lean Theorem Prover (System Description).. In CADE (Lecture Notes in Computer Science), Amy P. Felty and Aart Middeldorp (Eds.), Vol. 9195. Springer, 378–388. http://dblp.uni-trier.de/db/conf/cade/cade2015.html#MouraKADR15Google Scholar
Cross Ref
- Benjamin Delaware, Bruno C. d. S. Oliveira, and Tom Schrijvers. 2013. Meta-theory à la carte. In The 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’13, Rome, Italy - January 23 - 25, 2013. 207–218. Google Scholar
Digital Library
- Carlos Eduardo Giménez. 1996. Un Calcul De Constructions Infinies Et Son Application A La Verification De Systemes Communicants. Ph.D. Dissertation. École Normale Supérieure de Lyon.Google Scholar
- Eduardo Giménez. 1995. Codifying guarded definitions with recursive schemes. In Types for Proofs and Programs, Peter Dybjer, Bengt Nordström, and Jan Smith (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 39–59.Google Scholar
- Sergey Goncharov and Lutz Schröder. 2011. A Coinductive Calculus for Asynchronous Side-effecting Processes. CoRR abs/1104.2936 (2011). arXiv: 1104.2936 http://arxiv.org/abs/1104.2936Google Scholar
- Sergey Goncharov, Lutz Schröder, Christoph Rauch, and Maciej Piróg. 2017. Unifying Guarded and Unguarded Iteration. In Foundations of Software Science and Computation Structures - 20th International Conference, FOSSACS 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings. 517–533. Google Scholar
Digital Library
- Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan (Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’15). ACM, New York, NY, USA, 595–608. Google Scholar
Digital Library
- Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan (Newman) Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016, Savannah, GA, USA, November 2-4, 2016. 653–669. https: //www.usenix.org/conference/osdi16/technical-sessions/presentation/guGoogle Scholar
Digital Library
- Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan (Newman) Wu, Jérémie Koenig, Vilhelm Sjöberg, Hao Chen, David Costanzo, and Tahina Ramananandro. 2018. Certified concurrent abstraction layers. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, Philadelphia, PA, USA, June 18-22, 2018. 646–661. Google Scholar
Digital Library
- Tatsuya Hagino. 1989. Codatatypes in ML. Journal of Symbolic Computation 8, 6 (1989), 629 – 650. Google Scholar
Digital Library
- Peter Hancock. 2000. Ordinals and interactive programs. Ph.D. Dissertation. University of Edinburgh, UK. http://hdl.handle. net/1842/376Google Scholar
- Peter Hancock and Anton Setzer. 2000. Interactive Programs in Dependent Type Theory. In Computer Science Logic, Peter G. Clote and Helmut Schwichtenberg (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 317–331.Google Scholar
Cross Ref
- Masahito Hasegawa. 1997. Recursion from cyclic sharing: Traced monoidal categories and models of cyclic lambda calculi. In Typed Lambda Calculi and Applications, Philippe de Groote and J. Roger Hindley (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 196–213.Google Scholar
- Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath T. V. Setty, and Brian Zill. 2015. IronFleet: proving practical distributed systems correct. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP 2015, Monterey, CA, USA, October 4-7, 2015. 1–17. Google Scholar
Digital Library
- Aquinas Hobor. 2008. Oracle Semantics. Ph.D. Dissertation. Princeton, NJ, USA. Advisor(s) Appel, Andrew W. AAI3333851.Google Scholar
- Chung-Kil Hur, Georg Neis, Derek Dreyer, and Viktor Vafeiadis. 2013. The Power of Parameterization in Coinductive Proof. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’13). ACM, New York, NY, USA, 193–206. Google Scholar
Digital Library
- Martin Hyland, Gordon Plotkin, and John Power. 2006. Combining effects: Sum and tensor. Theoretical Computer Science 357, 1 (2006), 70 – 99. Google Scholar
Digital Library
- P. Johann, A. Simpson, and J. Voigtländer. 2010. A Generic Operational Metatheory for Algebraic Effects. In 2010 25th Annual IEEE Symposium on Logic in Computer Science. 209–218. Google Scholar
Digital Library
- André Joyal, Ross Street, and Dominic Verity. 1996. Traced monoidal categories. Mathematical Proceedings of the Cambridge Philosophical Society 119, 3 (1996), 447–468. Google Scholar
Cross Ref
- Oleg Kiselyov and Hiromi Ishii. 2015. Freer monads, more extensible effects. In Proceedings of the 8th ACM SIGPLAN Symposium on Haskell, Haskell 2015, Vancouver, BC, Canada, September 3-4, 2015. 94–105. Google Scholar
Digital Library
- Oleg Kiselyov, Amr Sabry, and Cameron Swords. 2013. Extensible effects: an alternative to monad transformers. In ACM SIGPLAN Notices, Vol. 48. ACM, 59–70.Google Scholar
Digital Library
- Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal Verification of an OS Kernel. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles (SOSP ’09). ACM, New York, NY, USA, 207–220. Google Scholar
Digital Library
- Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia, Lennart Beringer, Wolf Honoré, William Mansky, Benjamin C. Pierce, and Steve Zdancewic. 2019. From C to Interaction Trees: Specifying, Verifying, and Testing a Networked Server. In Proceedings of the 8th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP 2019). ACM, New York, NY, USA, 234–248. Google Scholar
Digital Library
- Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: a verified implementation of ML. In The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’14, San Diego, CA, USA, January 20-21, 2014. 179–192. Google Scholar
Digital Library
- Leonidas Lampropoulos and Benjamin C. Pierce. 2018. QuickChick: Property-Based Testing in Coq. Electronic textbook. https://softwarefoundations.cis.upenn.edu/qc-current/index.htmlGoogle Scholar
- Xavier Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM 52, 7 (2009), 107–115. Google Scholar
Digital Library
- Xavier Leroy and Hervé Grall. 2009. Coinductive big-step operational semantics. Information and Computation 207, 2 (2009), 284 – 304. Google Scholar
Digital Library
- Thomas Letan, Yann Régis-Gianas, Pierre Chifflier, and Guillaume Hiet. 2018. Modular Verification of Programs with Effects and Effect Handlers in Coq. In Formal Methods - 22nd International Symposium, FM 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 15-17, 2018, Proceedings. 338–354. Google Scholar
- Sheng Liang, Paul Hudak, and Mark Jones. 1995. Monad Transformers and Modular Interpreters. In Proceedings of the 22Nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’95). ACM, New York, NY, USA, 333–343. Google Scholar
Digital Library
- Gregory Malecha, Greg Morrisett, Avraham Shinnar, and Ryan Wisnesky. 2010. Toward a Verified Relational Database Management System. In Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’10). ACM, New York, NY, USA, 237–248. Google Scholar
Digital Library
- Coq development team. 2018. The Coq proof assistant reference manual. LogiCal Project. http://coq.inria.fr Version 8.8.1.Google Scholar
- Coq development team. 2019. The Coq proof assistant reference manual. The Gallina specification language. Co-inductive types, Caveat. LogiCal Project. https://coq.inria.fr/distrib/V8.9.0/refman/language/gallina-specification-language.html#caveat Version 8.9.0.Google Scholar
- Conor McBride. 2015. Turing-Completeness Totally Free. In Mathematics of Program Construction - 12th International Conference, MPC 2015, Königswinter, Germany, June 29 - July 1, 2015. Proceedings. 257–275. Google Scholar
Cross Ref
- Stefan Milius. 2005. Completely iterative algebras and completely iterative monads. Inf. Comput. 196, 1 (2005), 1–41. Google Scholar
Digital Library
- Robin Milner. 1975. Processes: A Mathematical Model of Computing Agents. In Logic Colloquium ’73, H.E. Rose and J.C. Shepherdson (Eds.). Studies in Logic and the Foundations of Mathematics, Vol. 80. Elsevier, 157 – 173. Google Scholar
- Eugenio Moggi. 1989. Computational lambda-calculus and monads. 14–23. Full version, titled Notions of Computation and Monads, in Information and Computation, 93(1), pp. 55–92, 1991.Google Scholar
Digital Library
- Eugenio Moggi. 1990. An Abstract View of Programming Languages. Technical Report ECS-LFCS-90-113. Laboratory for the Foundations of Computer Science, University of Edinburgh.Google Scholar
- Keiko Nakata and Tarmo Uustalu. 2010. Resumptions, Weak Bisimilarity and Big-Step Semantics for While with Interactive I/O: An Exercise in Mixed Induction-Coinduction. In Proceedings Seventh Workshop on Structural Operational Semantics, SOS 2010, Paris, France, 30 August 2010. 57–75. Google Scholar
Cross Ref
- Tobias Nipkow, Markus Wenzel, and Lawrence C. Paulson. 2002. Isabelle/HOL: A Proof Assistant for Higher-order Logic. Springer-Verlag, Berlin, Heidelberg.Google Scholar
Digital Library
- Ulf Norell. 2007. Towards a practical programming language based on dependent type theory.Google Scholar
- Scott Owens, Magnus O. Myreen, Ramana Kumar, and Yong Kiam Tan. 2016. Functional Big-Step Semantics. In Programming Languages and Systems, Peter Thiemann (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 589–615.Google Scholar
- Simon L Peyton Jones and Philip Wadler. 1993. Imperative Functional Programming. In Conference Record of the Twentieth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages: Papers Presented at the Symposium. ACM Press.Google Scholar
- Benjamin C. Pierce, Arthur Azevedo de Amorim, Chris Casinghino, Marco Gaboardi, Michael Greenberg, Cˇatˇalin Hriţcu, Vilhelm Sjöberg, and Brent Yorgey. 2018. Logical Foundations. Electronic textbook. Version 5.5. http://www.cis.upenn. edu/~bcpierce/sf .Google Scholar
- Maciej Piròg and Jeremy Gibbons. 2014. The Coinductive Resumption Monad. Electronic notes in theoretical computer science. 308 (2014), 273–288.Google Scholar
- Gordon Plotkin and John Power. 2001. Adequacy for Algebraic Effects. In Foundations of Software Science and Computation Structures, Furio Honsell and Marino Miculan (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1–24.Google Scholar
- Gordon Plotkin and John Power. 2002. Notions of Computation Determine Monads. In Foundations of Software Science and Computation Structures, Mogens Nielsen and Uffe Engberg (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 342–356.Google Scholar
- Gordon D Plotkin. 2004a. The origins of structural operational semantics. The Journal of Logic and Algebraic Programming 60-61 (2004), 3 – 15. Google Scholar
Cross Ref
- Gordon D. Plotkin. 2004b. A structural approach to operational semantics. J. Log. Algebr. Program. 60-61 (2004), 17–139.Google Scholar
- Gordon D. Plotkin and John Power. 2003. Algebraic Operations and Generic Effects. Applied Categorical Structures 11, 1 (2003), 69–94.Google Scholar
- Gordon D Plotkin and Matija Pretnar. 2013. Handling Algebraic Effects. Logical Methods in Computer Science 9, 4 (Dec. 2013). Google Scholar
Cross Ref
- Tom Schrijvers, Maciej Piróg, Nicolas Wu, and Mauro Jaskelioff. 2016. Monad Transformers and Algebraic Effects: What binds them together. Technical Report CW699. Department of Computer Science, KU Leuven.Google Scholar
- Anton Setzer. 2006. Object-oriented programming in dependent type theory. Trends in functional programming. 7 (2006).Google Scholar
- Guy L. Steele, Jr. 1994. Building Interpreters by Composing Monads. In Proceedings of the 21st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’94). ACM, New York, NY, USA, 472–492. Google Scholar
Digital Library
- Wouter Swierstra. 2008. Data Types à la Carte. Journal of Functional Programming 18, 4 (2008), 423–436.Google Scholar
Digital Library
- Tarmo Uustalu and Niccolò Veltri. 2017. The Delay Monad and Restriction Categories. In Theoretical Aspects of Computing – ICTAC 2017, Dang Van Hung and Deepak Kapur (Eds.). Springer International Publishing, Cham, 32–50.Google Scholar
Cross Ref
- Philip Wadler. 1992. Monads for functional programming. In Program Design Calculi, Proceedings of the NATO Advanced Study Institute on Program Design Calculi, Marktoberdorf, Germany, July 28 - August 9, 1992. 233–264. Google Scholar
Cross Ref
- James R. Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi Wang, Michael D. Ernst, and Thomas E. Anderson. 2015. Verdi: a framework for implementing and formally verifying distributed systems. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15-17, 2015. 357–368. Google Scholar
Digital Library
Index Terms
Interaction trees: representing recursive and impure programs in Coq
Recommendations
Coinductive big-step operational semantics
Using a call-by-value functional language as an example, this article illustrates the use of coinductive definitions and proofs in big-step operational semantics, enabling it to describe diverging evaluations in addition to terminating evaluations. We ...
Completeness and decidability of converse PDL in the constructive type theory of Coq
CPP 2018: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and ProofsThe completeness proofs for Propositional Dynamic Logic (PDL) in the literature are non-constructive and usually presented in an informal manner. We obtain a formal and constructive completeness proof for Converse PDL by recasting a completeness proof ...
Inductive and Coinductive Components of Corecursive Functions in Coq
In Constructive Type Theory, recursive and corecursive definitions are subject to syntactic restrictions which guarantee termination for recursive functions and productivity for corecursive functions. However, many terminating and productive functions ...






Comments