{"id":22202883,"url":"https://github.com/logsem/gitrees","last_synced_at":"2025-06-12T16:40:30.207Z","repository":{"id":182573914,"uuid":"633371233","full_name":"logsem/gitrees","owner":"logsem","description":"guarded interaction trees","archived":false,"fork":false,"pushed_at":"2025-05-30T07:12:34.000Z","size":1059,"stargazers_count":8,"open_issues_count":0,"forks_count":2,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-05-30T08:28:08.286Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Coq","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/logsem.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-04-27T11:02:07.000Z","updated_at":"2025-05-30T07:12:37.000Z","dependencies_parsed_at":"2023-11-29T13:28:19.803Z","dependency_job_id":"fb639802-7961-4df0-9ca8-e380013d6300","html_url":"https://github.com/logsem/gitrees","commit_stats":null,"previous_names":["logsem/gitrees"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/logsem/gitrees","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logsem%2Fgitrees","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logsem%2Fgitrees/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logsem%2Fgitrees/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logsem%2Fgitrees/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/logsem","download_url":"https://codeload.github.com/logsem/gitrees/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logsem%2Fgitrees/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259503415,"owners_count":22867992,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-02T16:38:40.562Z","updated_at":"2025-06-12T16:40:30.194Z","avatar_url":"https://github.com/logsem.png","language":"Coq","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Guarded Interaction Trees\n\nThis is the Coq formalization of guarded interaction trees augmented with context-dependent effects and preemptive concurrency, associated examples and case studies.\n\n## Installation instructions\n\nTo install the formalization you will need Iris and std++ libraries.\n\n- with [opam](https://opam.ocaml.org/doc/Install.html):\n  ```\n  opam repo add coq-released https://coq.inria.fr/opam/released\n  opam update\n  eval $(opam env)\n  opam install . --deps-only\n  ```\n- with [nix (flake enabled)](https://nixos.org/download.html):\n  ```\n  nix develop\n  ```\n\nThen the formalization can be compiled with `make` and installed with\n`make install`. You can pass the additional parameters to compile the\nformalization using multiple cores, e.g. `make -j 3` for compiling\nusing 3 threads.\n\n## Typechecking the development\n- ```make all``` --- typecheck the project.\n- ```./check_admits.sh``` --- count used admits.\n- ```./check_axioms.sh``` --- count declared axioms.\n\n## Intro\n\n[Intro notes](./INTRO.md)\n\n## Code Overview\n\nAll the code lives in the `theories` folder. Below is the quick guide\nto the code structure.\n\nFor the representation of binders we use a library implemented by\nFilip Sieczkowski and Piotr Polesiuk, located in the `vendor/Binding/`\nfolder.\n\n```\n.\n+-- vendor/Binding/ (substitution framework)\n+-- theories/\n|   +-- effects/ (concrete effects, their semantics, and program logic rules)\n|   |   +-- callcc.v (call/cc and throw)\n|   |   +-- delim.v (shift and reset)\n|   |   +-- store.v (alloc, dealloc, write, read, generic atomic read-modify, and concrete instances: CAS, XCHG, FAA)\n|   |   +-- io_tape.v\n|   |   +-- coroutines.v (asymmetric coroutines)\n|   |   +-- fork.v (preemptive concurrency)\n|   +-- hom.v (homomorphisms packaged as sigma-types)\n|   +-- examples/\n|   |   +-- delim_lang/ (formalization of the language with shift/reset and its soundness/adequacy wrt abstract machine semantics)\n|   |   |   +-- example.v (program logic reasoning example for denotations that contain shift/reset)\n|   |   |   +-- glue.v (formalization of the language with heap, type safety of the language interoperability)\n|   |   |   +-- hom.v (homomorphisms specific to delim lang)\n|   |   |   +-- interp.v (denotation semantics and soundness)\n|   |   |   +-- lang.v (calculus)\n|   |   |   +-- logpred.v (unary logical relation)\n|   |   |   +-- logrel.v (binary logical relation, adequacy)\n|   |   |   +-- typing.v (typing rules)\n|   |   +-- lang_callcc/ (formalization of the language with throw and call/cc, the soundness and adequacy)\n|   |   |   +-- hom.v (homomorphisms specific to lang callcc)\n|   |   |   +-- interp.v (denotation semantics and soundness)\n|   |   |   +-- lang.v (calculus)\n|   |   |   +-- logrel.v (binary logical relation, adequacy)\n|   |   +-- input_lang_callcc/ (formalization of the language with io, throw and call/cc, the soundness and adequacy)\n|   |   |   +-- hom.v (homomorphisms specific to input lang callcc)\n|   |   |   +-- interp.v (denotation semantics and soundness)\n|   |   |   +-- lang.v (calculus)\n|   |   |   +-- logrel.v (binary logical relation, adequacy)\n|   |   +-- input_lang/ (ported formalization of the language with io, the soundness and adequacy)\n|   |   |   +-- interp.v\n|   |   |   +-- lang.v\n|   |   |   +-- logpred.v\n|   |   |   +-- logrel.v\n|   |   +-- affine_lang/ (ported formalization of the affine language, type safety of the language interoperability)\n|   |   |   +-- lang.v\n|   |   |   +-- logrel1.v\n|   |   |   +-- logrel2.v\n|   +-- prelude.v (some stuff that is missing from Iris)\n|   +-- program_logic.v\n|   +-- lang_generic.v (generic facts about languages with binders and their interpretations)\n|   +-- lib/ (derived combinators for gitrees)\n|   |   +-- factorial.v\n|   |   +-- iter.v\n|   |   +-- pairs.v\n|   |   +-- sums.v\n|   |   +-- while.v\n|   |   +-- eq.v (equality for CAS)\n|   |   +-- generators.v (generators on top of coroutines)\n|   +-- gitree.v (reimport)\n|   +-- gitree/ (contains the core definitions related to guarded interaction trees)\n|   |   +-- core.v\n|   |   +-- greifiers.v (sum of reifiers, parameterized with context-dependency flag)\n|   |   +-- lambda.v\n|   |   +-- reductions.v (reductions, parameterized with context-dependency flag)\n|   |   +-- reify.v (reifiers, parameterized with context-dependency flag)\n|   |   +-- subofe.v\n|   |   +-- weakestpre.v (program logic, parameterized with context-dependency flag)\n|   +-- utils/\n|   |   +-- finite_sets.v (finite environment compatibility with the substitution framework)\n|   |   +-- clwp.v (context-local weakest precondition)\n|   |   +-- wbwp.v (well-bracketed weakest precondition)\n```\n\n## Papers glossary\n\n### Modular Denotational Semantics for Effects with Guarded Interaction Trees\n\nThe version of the formalization that corresponds to the paper can be found under the [tag `popl24`](https://github.com/logsem/gitrees/releases/tag/popl24).\nBelow we describe the correspondence per-section.\n\n- **Section 3**\n  + Definition of guarded interaction trees, constructors, the\n    recursion principle, and the destructors are in `gitree/core.v`\n  + Signtures for IO and higher-order store are in `examples/store.v`\n    and `input_lang/interp.v`\n  + The programming operations are in `gitree/lambda.v` and `lib/while.v`\n  + The factorial example is in `lib/factorial.v`, and\n    the pairs example is in `lib/pairs.v`\n- **Section 4**\n  + The definition of context-dependent versions of reifiers and the reify function are in `gitree/reify.v`\n  + The reduction relation is in `gitree/reductions.v`\n  + The specific reifiers for IO and state are in `examples/store.v`\n    and `input_lang/interp.v`\n- **Section 5**\n  + The syntax for λrec,io is in `input_lang/lang.v`\n  + The interpretation and the soundness proof are in `input_lang/interp.v`\n- **Section 6**\n  + The definition of the weakest precondition and the basic rules are\n    in `gitree/weakestpre.v`\n  + The additional weakest precondition rules are in `program_logic.v`\n    and `effects/store.v`\n  + The `iter` example is in `lib/iter.v`\n- **Section 7**\n  + The logical relation and the adequacy proof are in `input_lang/logrel.v`\n- **Section 8**\n  + The notion of a subeffect is in `gitree/core.v`\n  + The notion of a subreifier and the associated definitions are in\n    `gitree/greifiers.v`\n  + The `fact_io` example is in `examples/factorial.v`\n- **Section 9**\n  + The syntax for λ⊸,ref is in `affine_lang/lang.v`\n  + The logical relations for the type safety of λ⊸,ref and λrec,io\n    are in `affine_lang/logrel1.v` and `input_lang/logpred.v`\n  + The logical relation for the combined language is in `affine_lang/logrel2.v`\n\n### Context-Dependent Effects in Guarded Interaction Trees\n| Paper entry | Coq qualified identifier |\n| ----------- | -------------- |\n| fig. 10 | ```gitree.reify.sReifier, gitree.reify.reify``` |\n| wp-reify-local-context-dependent | ```gitree.weakestpre.wp_subreify_ctx_dep'``` |\n| fig. 11 | ```examples.lang_callcc.interp_*``` |\n| lemma 3.1 | ```examples.lang_callcc.interp.interp_ectx_hom``` |\n| lemma 3.2 | ```examples.lang_callcc.interp.interp_comp``` |\n| lemma 3.3 | ```examples.lang_callcc.interp.interp_*_subst``` |\n| lemma 3.4 | ```examples.lang_callcc.interp.soundness``` |\n| wp-throw | ```effects.callcc.wp_throw'``` |\n| wp-callcc | ```effects.callcc.wp_callcc``` |\n| fig. 12 | ```examples.lang_callcc.logrel.logrel_valid``` |\n| lemma 3.5 | ```examples.lang_callcc.logrel.adequacy``` |\n| lemma 3.6 | ```examples.lang_callcc.logrel.obs_ref_bind``` |\n| lemma 3.7 | ```examples.lang_callcc.logrel.fundamental*``` |\n| reifier-coercion | ```gitree.reify.sReifier_NotCtxDep_min``` |\n| fig. 15 | ```examples.input_lang_callcc.logrel.logrel_valid``` |\n| wp-input-ctx-dep | ```examples.input_lang_callcc.interp.wp_input'``` |\n| wp-output-ctx-dep | ```examples.input_lang_callcc.interp.wp_output'``` |\n| fig. 17 | ```examples.delim_lang.lang.Cred``` |\n| fig. 18 | ```effects.delim``` |\n| fig. 19 | ```examples.delim_lang.interp.interp_*``` |\n| theorem 4.1 | ```examples.delim_lang.interp.soundness``` |\n| theorem 4.2 | ```examples.delim_lang.logrel.adequacy``` |\n| lemma 4.3 | ```examples.delim_lang.logrel.fundamental_*``` |\n| lemma 4.4 | ```examples.delim_lang.logrel.compat_HOM_id``` |\n| lemma 4.5 | used ad-hoc in ```examples.delim_lang.logrel``` |\n| unary logical relation for delim lang | ```examples.delim_lang.logpred``` |\n| denotational semantics of embed lang | ```examples.delim_lang.glue.interp_expr``` |\n| lemma 5.1 | ```examples.delim_lang.glue.fl``` |\n| lemma 5.2 | ```examples.delim_lang.glue.safety``` |\n\n## Notes\n\n### Disjunction property\nSome results in the formalization make use of the disjunction property\nof Iris: if (P ∨ Q) is provable, then either P or Q are provable on\ntheir own. This propery is used to show safety of the weakest\nprecondition, and it is related to the difference between internal and\nexternal reductions.\n\nThe internal reductions of GITrees is the relation `istep`, as defined\nin the paper, and it has type `iProp` as it is an internal relatin.\nThere is also a similar *external* reduction relation `sstep` which\nlives in Coq's `Prop`. We use the `istep` relation in our definitions\n(since it is an internal relation), but we want to state the safety\nresult w.r.t. the external relation `sstep`, which we take to be the\n'proper definition' of the reductions for GITrees.\n\nShowing that `internal_step`-safety implies `external_step`-safety\n(i.e. that if a GITree can do an `internal_step` then it can also do a\n`external_step`) requires the disjunction propety. The disjunction\nproperty for Iris can be shown assuming classical axioms (e.g. LEM) on\nthe `Prop`-level.\n\nIn order not to introduce classical axioms into the whole\nformalization, we added the disjunction propety as an assumption to\nthe safety theorems (`wp_progress_gen`, `wp_tp_progress_gen`) and all\nof its instances (e.g. in logical relations).\n\n### Ground type of errors\n\nOne other difference with the paper worth mentioning, is that in the\nformalization we \"hardcode\" the type `Err` of errors, whereas in the\npaper we leave it parameterized. That is why in the `affine_lang` case\nstudy we use `OtherError` to represent linearity violations, instead\nof `Err(Lin)`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flogsem%2Fgitrees","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flogsem%2Fgitrees","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flogsem%2Fgitrees/lists"}