Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks
Magnus Baunsgaard Kristensen, Rasmus Ejlers Møgelberg, Andrea Vezzosi
aa r X i v : . [ c s . L O ] F e b A model of Clocked Cubical Type Theory
Magnus Baunsgaard Kristensen
Department of Computer ScienceIT University of CopenhagenDenmarkEmail: [email protected]
Rasmus Ejlers Møgelberg
Department of Computer ScienceIT University of CopenhagenDenmarkEmail: [email protected]
Andrea Vezzosi
Department of Computer ScienceIT University of CopenhagenDenmarkEmail: [email protected]
Abstract —Guarded recursion is a powerful modal approachto recursion that can be seen as an abstract form of step-indexing. It is currently used extensively in separation logicto model programming languages with advanced features bysolving domain equations also with negative occurrences. In itsmulti-clocked version, guarded recursion can also be used toprogram with and reason about coinductive types, encoding theproductivity condition required for recursive definitions in types.This paper presents the first denotational model of a typetheory combining multi-clocked guarded recursion with thefeatures of Cubical Type Theory. Using the combination of HigherInductive Types (HITs) and guarded recursion allows for simpleprogramming and reasoning about coinductive types that aretraditionally hard to represent in type theory, such as the typeof finitely branching labelled transition systems. For example,our results imply that bisimilarity for these imply path equality,and so proofs can be transported along bisimilarity proofs.
I. I
NTRODUCTION
Homotopy type theory [1] is the extention of Martin-Löftype theory [2] with the univalence axiom and higher inductivetypes. It can be seen as a foundation for mathematics, allowingfor synthetic approaches to mathematics, as exemplified bysynthetic homotopy theory, as well as more direct formalisa-tions of mathematics, closer to the traditional set-theory baseddevelopments. Higher Inductive Types (HITs) play a key rolein both approaches: In synthetic homotopy theory these areused to described spaces such as the spheres and the torus, andin the more direct formalisations, HITs express free structuresand quotients, both of which have traditionally been hard torepresent and work with in type theory.The kind of mathematics that is particularly important tothe LICS community often involves reasoning about recursion,and in particular programming with and reasoning about coin-ductive types. Doing this in type theory has traditionally beendifficult for a number of reasons. One is that the definition ofthe functors of interest in coalgebra often involves contructionssuch as finite or countable powerset (for modelling non-determinism), or quotients that are hard to represent in typetheory. All of these are known to be representable as HITs[1], [3], [4]. Another reason is that programming and reason-ing about coinductive types involves productivity checking,which in most proof assistants is implemented as non-modularsyntactic checks that can lead to considerable overhead forprogrammers [5]. A third reason is that bisimilarity, whichis the natural notion of identity for coinductive types, rarely(at least provably) coincides with the build-in identity types of type theory, and thus proofs cannot be transported alongbisimilarity proofs.Atkey and McBride [6] suggested using guarded recursionwith multiple clocks as a way of encoding productivity in-formation in types, thus allowing for modular productivitychecks. Guarded recursion uses a modal operator ⊲ (pro-nounced ‘later’) to encode a notion of time-steps in types.In the multiclocked version ⊲ is indexed by a clock variable κ . Guarded recursive types such as Str κ ≃ N × ⊲ κ Str κ arerecursive types in which the recursion variable occurs onlyunder a ⊲ . In the case of Str κ the type equivalence abovestates that the head of a guarded stream is available now, butthe tail only after a time step on clock κ . Guarded streamscan be defined using a fixed point operator fix κ of type ( ⊲ κ A → A ) → A . In the case of Str κ the delay in the domainof the input precisely captures the productivity requirementfor programming with streams. Guarded recursive types canthemselves be encoded as fixed points on a universe type.Using universal quantification over clocks, the coinductivetype of streams can be encoded as Str def = ∀ κ. Str κ .Guarded recursion originates with Nakano [7] and has beenthe subject of much research lately, because it can be seenas an abstract approach to the step-indexing techniques [8],[9] often used to construct models for reasoning about ad-vanced programming language features. In particular, the typevariables in guarded recursive can also appear in negativepositions, and so be used to provide models of untyped lambdacalculus or solve the advanced type equations needed formodelling higher-order store [10]. For this reason, guardedrecursion also plays a key role in the Coq framework Iris forhigher-order concurrent separation logic [11].A type theory combining guarded recursion with homotopytype theory will therefore provide a powerful framework,not just for coinductive reasoning but also for reasoningabout recursion and advanced programming language featuresbeyond the reach of traditional domain theory. A. Contributions
This paper presents a first model of a dependent typetheory with all the features mentioned above: Univalence,higher inductive types, and multiclocked guarded recursion.Rather than using the original formulation of homotopy typetheory we build on Cubical Type Theory (CTT) [12], a variantof HoTT based on the cubical model of type theory, andmplemented in the Cubical Agda proof assistant [13]. Onereason for this choice is that the operational properties ofCTT as well as the concrete implementation give hope foran implementation of our type theory. In fact we have alreadyextended the implementation of Guarded Cubical Agda [14] tosupport multiple clocks. Another is that the use of path typesin CTT make for a simple implementation of the extensionalityprinciple for the ⊲ κ modality, an observation that goes backto Birkedal et al. [15].We introduce Clocked Cubical Type Theory, an extensionof CTT with the constructions of Clocked Type Theory(CloTT) [16], a type theory for multi-clocked guarded recur-sion. Mannaa et al [17] construct a model of CloTT in a cate-gory of presheaves over a category T of time objects. Buildingon this we construct a model of Clocked Cubical Type Theoryin the category of presheaves over C × T where C is thecategory of cubes used in the presheaf semantics of CTT. Thispresheaf category satisfies the Orton-Pitts axioms for modelsof CTT [18] in a canonical way, and so one can constructa model in it where types are interpreted as presheaves witha given composition structure. The main technical difficulty(not counting HITs) in extending this to Clocked CubicalType Theory is constructing a composition structure for theoperation modelling the ⊲ κ modality. In CloTT, this is a Fitch-style modal operator and so is modelled by a dependent rightadjoint [19], and we prove a general theorem (Theorem 3)giving sufficient conditions for a composition structure to existfor a dependent right adjoint.We extend Clocked Cubical Type Theory with HITs asencoded in a schema which is a restricted version of the onefound in Cavallo and Harper’s Cubical Computational TypeTheory [20], and model these using the tools developed byCoquand et al [21]. As our second main theorem we provethat in the model a large collection of HITs commute withclock quantification, a condition necessary for correctness ofthe encoding of coinductive types. For example, our theoremstates that N ≃ ∀ κ. N in the model, and using this one canprove the type equivalence ∀ κ. Str κ ≃ ( ∀ κ. N ) × ∀ κ. ( ⊲ κ Str κ ) ≃ N × ∀ κ. Str κ and moreover that ∀ κ. Str κ satisfies the coinduction principlefor streams. In the case of the finite powerset functor encodedas a HIT [3] our theorem states that ∀ κ. P f ( X ) ≃ P f ( ∀ κ.X ) (1)for all X . This implies correctness not just of an encodingthe final coalgebra for the functor P f ( A × ( − )) (for certain A ), giving a type of finitely branching A -labelled transitionsystems, but also of the type stating bisimilarity of two suchsystems. Moreover, we can prove that bisimilarity in thistype coincides with path equality. The latter builds on asimilar result for guarded recursive types proved by Møgelbergand Veltri [22]. Our model therefore appears to provide afoundation for a type theory solving all the aforementionedproblems for programming and reasoning with coinductivetypes. One remaining problem is how to represent equivalences like (1) in type theory while retaining canonicity. We suggesta way forward (Section VII), but otherwise leave this as anissue for future research. B. Related work
Guarded recursion has previously been combined with cu-bical type theory in Guarded Cubical Type Theory [15]. Thatwork considers the single clock case of guarded recursion,where ⊲ is not annotated with clock variables. While this caseis useful for many purposes, it can not be used to encodecoinductive types. Møgelberg and Veltri [22] extend GuardedCubical Type Theory with ticks as in CloTT. Ticks can be usedto reason about guarded recursive types, not just program withthem. They give a model of this calculus including HITs, andshow that bisimilarity coincides with path equality for a largeclass of guarded recursive types. This paper can be seen asan extension of that with multiple clocks, allowing for theseresults to be lifted from guarded recursive types to coinductivetypes. Note that modelling the multiclocked case is much morecomplex than the single clock case. In particular, equipping ⊲ with a composition structure is challenging. Our theoremthat HITs commute with universal quantification over clocks,giving correctness of the encoding of coinductive types is alsonew, but extends similar results by Atkey and McBride [6] forinductive types, and extended by Møgelberg [23] to W-typesin extensional type theory.The encoding of coinductive types using guarded recursionwas first described by Atkey and McBride [6] in the simplytyped setting. Since then a number of dependent type theorieshave been developed for programming and reasoning withthese [23], [24], of which CloTT is the most advanced. Bahret al [16] prove syntactic properties of CloTT including strongnormalisation and canonicity, but only for a pure calculus with-out identity or path types. The model of CloTT constructed byMannaa et al. [17] considers extensional identity types, but nocubical features. Unlike this work, Mannaa et al. take clockirrelevance ((9) below) as an axiom. This requires indexinguniverses by clock contexts, leading to a complicated universeconstruction. Adapting this to the current setting is left forfuture work. Coinductive types can also be encoded using acombination of guarded recursion and a (cid:3) -modality [25]. Thisapproach has not been studied in combination with CTT yet.Sized types [26] is another approach to encoding produc-tivity in types, by annotating (co)inductive types with sizesindicating a bound on the size of the allowed elements.Specifically, sized types reduce both termination and produc-tivity to (well-founded) induction on sizes. They have beenextensively studied from the syntactic perspective [27]–[29]but are not understood from the perspective of denotationalsemantics. Our view is that sized types are closer to workingin the models of type theory, like the one provided here, andguarded recursion is a more abstract, principled perspective.This is supported by the model of guarded recursion in sizedtypes constructed by Veltri and van der Weide [30]. To ourknowledge sized types have never been used to solve equationswith negative occurrences, which is an important applicationf guarded recursion. The coincidence of bisimilarity and pathequality for streams as coinductive records has been proved inCubical Agda [13]. It is likely that this can be extended to e.g.general M-types but results like the one we prove for labelledtransition systems have not been proved in this context yet. C. Overview of paper
The paper is organised as follows. Section II recalls CubicalType Theory, and Section III extends this to Clocked CubicalType Theory. Section IV recalls the encoding of coinductivetypes using guarded recursion and details the example oflabelled transition systems. Section V gives the denotationalsemantics of Clocked Cubical Type Theory. Section VI givesthe syntax and semantics for HITs in Clocked Cubical TypeTheory, and states the theorem that these commute with clockquantification in the model. We conclude and discuss futurework in Section VII. Finally, this submission ends with anappendix of omitted proofs for reviewers.II. C
UBICAL T YPE T HEORY
Cubical Type Theory (CTT) [12] is an extension of Martin-Löf type theory which gives a computational interpretation toextensionality principles like function extensionality and uni-valence. It does so by internalizing the notion from HomotopyType Theory that equalities are paths, by explicitly represent-ing them as maps from an interval object. The interval, I , is nota type but contexts can contain i : I assumptions and there is ajudgement, Γ ⊢ r : I which specifies that r is built accordingto this grammar r, s ::= 0 | | i | − r | r ∧ s | r ∨ s where i is taken from the assumptions in Γ . Equality of twointerval elements, Γ ⊢ r ≡ s : I corresponds to the laws ofDe Morgan algebras. A good intuition is to think of I as thereal interval [0 , with r ∧ s and r ∨ s given by minimum andmaximum operations.Given x, y : A , we write Path A ( x, y ) for the type of pathsbetween x and y , which correspond to maps from I into A which are equal to x or y when applied to the endpoints , of the interval I . Γ , i : I ⊢ t : A Γ ⊢ λi. t : Path A ( t [0 /i ] , t [1 /i ])Γ ⊢ p : Path A ( a , a ) Γ ⊢ r : I Γ ⊢ p r : A We sometimes write = A or simply = as infix notation forpath equality, and use ≡ for judgemental equality. Path typessupport the usual β and η equalities, but we also have thata path applied to or reduces according to the endpointsspecified in its type. ( λi. t ) r ≡ t [ r/i ] p ≡ ( λi. p i ) p ≡ a p ≡ a The path witnessing reflexivity is defined as refl x def = λi. x : Path A ( x, x ) , given any x : A . It is also straightforward toprovide a proof of function extensionality, as it is just a matterof reordering the arguments of the pointwise equality proof: Γ ⊢ p : Π( x : A ) . Path B ( f x, g x )Γ ⊢ λi. λx. p x i : Path Π( x : A ) .B ( f, g ) Other constructions like transitivity, or more generally trans-port along path, require a further primitive operation calledcomposition, which we now recall.Define first the face lattice F , as the free distributive latticewith generators ( i = 0) and ( i = 1) , and satisfying the equality ( i = 0) ∧ ( i = 1) = 0 F . Explicitly, elements Γ ⊢ ϕ : F are given by the following grammar, where i ranges over theinterval variables from Γ : ϕ, ψ ::= 0 F | F | ( i = 0) | ( i = 1) | ϕ ∧ ψ | ϕ ∨ ψ Given Γ ⊢ ϕ : F we can form the restricted context Γ , ϕ .Types and terms in context Γ , ϕ are called partial , matchingthe intuition that they are only defined for elements of Γ thatsatisfy the constraints specified by ϕ . For example while atype i : I ⊢ A type corresponds to a whole line, a type i : I , ( i = 0) ∨ ( i = 1) ⊢ B type is merely two disconnectedpoints. Given a partial element Γ , ϕ ⊢ u : A we write Γ ⊢ t : A [ ϕ u ] to mean the conjunction of Γ ⊢ t : A and Γ , ϕ ⊢ t ≡ u : A .The composition operation is given by the following typingrule: Γ ⊢ ϕ : F Γ , i : I ⊢ A typeΓ , ϕ, i : I ⊢ u : A Γ ⊢ u : A [0 /i ][ ϕ u [0 /i ]]Γ ⊢ comp iA [ ϕ u ] u : A [1 /i ][ ϕ u [1 /i ]] the inputs u and u represent the sides and the base of an openbox, while composition gives us the lid, i.e. the side oppositeto the base. The behaviour of composition is specified by u whenever ϕ is satified, and otherwise depends on the type A ,consequently when we introduce new type formers we willalso give a corresponding equation for comp . As an examplewe can prove transitivity for paths with the following term: Γ ⊢ p : Path A ( x, y ) Γ ⊢ q : Path A ( y, z )Γ ⊢ λi. comp j [ i = 0 x, i = 1 q j ] ( p i ) : Path A ( x, z ) The standalone syntax for partial elements is as a list of facesand terms [ ϕ u , . . . , ϕ n u n ] , but we will write [ ∨ i ϕ [ ϕ u , . . . , ϕ n u n ]] as [ ϕ u , . . . , ϕ n u n ] . We referto Cohen et al. [12] for more details on partial elements,composition, and the glueing construction . The latter is whatallows to derive the univalence principle as a theorem, byturning a partial equivalence into a total one. Writing A ≃ B for the type stating that A and B are equivalent [1], univalencestates that the canonical map of type A = U B → A ≃ B isitself an equivalence for any types A, B : U . We will useunivalence in the rest of the paper, but we will not need torefer to a specific implementation, so we omit the details inthis brief overview.rom Homotopy Type Theory [1] we also recall the notionof homotopy proposition which are types for which any twoelements are path equal, and homotopy set which are typeswhose path type is a proposition. This classification extendsto a hierarchy of truncation levels : We say A is a homotopy ( n + 1) -type when its path equality is an n -type, and A isa ( − -type when it is contractible , i.e. there is a c : A such that all other elements are equal to it. Given any type A its propositional truncation k A k is the least proposition thatadmits a map from A . It can be defined as an Higher InductiveType (HIT), which are inductive types defined by providinggenerators for both the type itself and its path equality. Anotherexample of a HIT is the finite powerset [3] of a type A ,which has generators for the empty set ∅ , singletons {−} ,union ∪ , and equations stating that properties like associativityand commutativity of ∪ , and finally constructors forcing thepowerset to be a (homotopy) set. We will discuss HITs in moredetail in Section VI.III. C LOCKED C UBICAL T YPE T HEORY
Clocked Cubical type theory extends Cubical Type Theorywith the constructions of Clocked Type Theory [16], [17],a type theory with Nakano style guarded recursion, multipleclocks and ticks. This means that the delay type operator isassociated with clocks: ⊲ κ A is the type of data of type A which is available in the next time step on clock κ . Thereare no operations on clocks, they can only be assumed byplacing assumptions such as κ : clock in the context, andabstracted to form elements of type ∀ κ.A . The status of clock is similar I in the sense that it is not a type, and so, e.g., clock → clock is not a wellformed type. In some examplesbelow it is convenient to assume a single clock constant κ ,and this can be achieved by a precompilation adding this tothe context. Similarly to function types, path equality in ∀ κ. A is equivalent to pointwise equality, and clock quantificationpreserves truncation levels.Ticks are evidence that time has passed on a given clock.Tick assumptions in a context separate a judgement such as Γ , α : κ, Γ ′ ⊢ t : A into a part ( Γ ) of assumptions arrivingbefore the time tick α on the clock κ and the rest of thejudgement that happens after. The introduction rule for ⊲ ( α : κ ) .A in Figure 1 can therefore be read as stating that if t hastype A one time step after the assumptions in Γ , then λ ( α : κ ) .t is delayed data of type A . Because terms can appear in types independent type theory, α can appear in A , and must thereforebe mentioned in the type of λ ( α : κ ) .t . In many practicalexamples, however, it does not, and we will then write simply ⊲ κ A for ⊲ ( α : κ ) .A .While the abstraction rule for ticks is similar to the in-troduction for Π -types, the application rule is not. This ruleuses the operation TimeLess (Γ ′ ) which returns all the timelessassumptions in Γ ′ , i.e., interval and clock assumptions ( i : I and κ : clock ) as well as all faces, deleting the rest. In thecase where Γ ′ is empty, the rule can be read as stating that if t has a delayed type now, then in the next time step (as given Context formation rules Γ ⊢ κ / ∈ ΓΓ , κ : clock ⊢ Γ ⊢ κ : clock α / ∈ ΓΓ , α : κ ⊢ Type formation rules Γ , α : κ ⊢ A typeΓ ⊢ ⊲ ( α : κ ) .A type Γ , κ : clock ⊢ A typeΓ ⊢ ∀ κ.A type Typing rules Γ , κ : clock ⊢ t : A Γ ⊢ Λ κ.t : ∀ κ.A Γ ⊢ t : ∀ κ.A Γ ⊢ κ ′ : clock Γ ⊢ t [ κ ′ ] : A [ κ ′ /κ ]Γ , α : κ ⊢ t : A Γ ⊢ λ ( α : κ ) .t : ⊲ ( α : κ ) .A Γ , TimeLess (Γ ′ ) ⊢ t : ⊲ ( α : κ ) .A Γ , α ′ : κ, Γ ′ ⊢ Γ , α ′ : κ, Γ ′ ⊢ t [ α ′ ] : A [ α ′ /α ]Γ , κ : clock ⊢ t : ⊲ ( α : κ ) .A Γ ⊢ κ ′ : clock Γ ⊢ ( t [ κ ′ /κ ]) [ ⋄ ] : A [ κ ′ /κ ] [ ⋄ /α ]Γ ⊢ t : ⊲ κ A → A Γ ⊢ dfix κ t : ⊲ κ A Γ , α : κ ⊢ A : U Γ ⊢ ⊲ ( α : κ ) .A : U Γ , κ : clock ⊢ A : U Γ ⊢ ∀ κ.A : U Γ ⊢ t : A Γ ⊢ A ≡ B Γ ⊢ t : Bκ : clock ∈ ΓΓ ⊢ κ : clock x : A ∈ ΓΓ ⊢ x : A Axioms Γ ⊢ t : ⊲ κ A → A Γ ⊢ pfix κ t : ⊲ ( α : κ ) . Path A (( dfix κ t ) [ α ] , t ( dfix κ t ))Γ ⊢ t : ⊲ κ A Γ ⊢ tirr κ t : ⊲ ( α : κ ) .⊲ ( α ′ : κ ) . Path A ( t [ α ] , t [ α ′ ]) Judgemental equality (Λ κ.t )[ κ ′ ] ≡ t [ κ ′ /κ ] Λ κ. ( t [ κ ]) ≡ t ( λ ( α : κ ) .t ) [ β ] ≡ t [ β/α ] λ ( α : κ ) . ( t [ α ]) ≡ t ( dfix κ t ) [ ⋄ ] ≡ t ( dfix κ t ) ( λ ( α : κ ) .t ) [ ⋄ ] ≡ t [ ⋄ /α ] El ( ⊲ ( α : κ ) .A ) ≡ ⊲ ( α : κ ) . El ( A ) El ( ∀ κ.A ) ≡ ∀ κ. El ( A ) Fig. 1. Selected typing and judgemental equality rules of Clocked CubicalType Theory. The two η rules are subject to the standard conditions of κ and α , respectively, not appearing in the term t . y α ′ ) it can be opened to produce data. The context Γ ′ in therule ensures closure of typing rules under weakening.As basic examples of programming with ticks we mentionthe dependently typed generalisation of applicative action [31]operator λf.λy.λ ( α : κ ) .f [ α ]( y [ α ]) of type ⊲ κ ( Q ( x : A ) .B ) → Q ( y : ⊲ κ A ) .⊲ ( α : κ ) .B [ y [ α ] /x ] and the unit λx.λ ( α : κ ) .x : A → ⊲ κ A (2)Note that this uses the rule for variables which allows theseto be introduced from anywhere in the context, also acrossticks. Some Fitch style modal type theories do not allow suchintroductions [19], [32]. The timelessness of the interval isneeded to type the extensionality principle for ⊲ ( α : κ ) . ( − ) Path ⊲ κ A ( x, y ) ≃ ⊲ ( α : κ ) . Path A ( x [ α ] , y [ α ]) where the left to right direction λp.λ ( α : κ ) .λi.p i [ α ] requires p i [ α ] to be welltyped in a context where i occurs after α .The tick constant ⋄ allows for ⊲ to be eliminated in acontrolled way. This can be used e.g. to type Atkey andMcBride’s [6] operator force def = λx. Λ κ.x [ κ ] [ ⋄ ] : ∀ κ. ⊲ κ A → ∀ κ.A (3)The requirement that κ be fresh for Γ in the hypothesis for t [ ⋄ ] ensures that terms such as λx.x [ ⋄ ] : ⊲ κ A → A are notwell typed. Such terms would, in combination with the fixedpoint operator dfix , make the type theory inconsistent. Thesubstitution of κ ′ for κ in t in the conclusion is required toensure that typing is closed under substitution. While this rulehas good operational properties, modelling it requires that thesubstitution of κ ′ for κ is replaced by an explicit substitutionbinding κ in t in the elaborated syntax, see [17] for details.Note that the rule Γ , κ : clock ⊢ t : ⊲ ( α : κ ) .A Γ , κ : clock ⊢ t [ ⋄ ] : A [ ⋄ /α ] (4)can be proved admissible using weakening.Finally, the operator dfix κ : ( ⊲ κ A → A ) → ⊲ κ A computesfixed points of productive functions. Using this, one canconstruct Nakano’s fixed point operator as fix κ def = λf.f ( dfix κ f ) : ( ⊲ κ A → A ) → A (5)Fixed points are unique, in fact the following strongerstatement is true. Lemma 1.
For every f : ⊲ κ A → A the type Σ( x : A ) . Path A ( x, f ( λ ( α : κ ) .x )) is contractible. A. Axioms The rules for judgemental equality (Figure 1) include stan-dard β and η -rules for functions, clock abstraction and tickabstraction. To ensure termination, fixed points do not unfoldjudgementally, only when applied to ⋄ . As in Guarded CubicalType Theory [15] we add a path pfix κ between a fixed pointand its unfolding. Note that the right hand endpoint of pfix κ t is fix κ t and so, writing = as infix notation for path equality,we get fix κ t ≡ t ( λ ( α : κ ) . dfix κ t [ α ]) = t ( λ ( α : κ ) . fix κ t ) (6)This can be used to encode guarded recursive types as fixedpoints on the universe. For example, assuming codes forproducts and natural numbers, we define Str κ ( N ) def = fix κ ( λX. N × ⊲ ( α : κ ) .X [ α ]) and then by (6) Str κ ( N ) = N × ⊲ ( α : κ ) . Str κ ( N ) (7)so, defining Str κ ( N ) def = El ( Str κ ( N )) gives the type equivalence Str κ ( N ) ≃ N × ⊲ κ Str κ ( N ) (8)by transport along the path equality (7).Since fixed points unfold when applied to ⋄ , the identityof ticks is crucial for the operational properties of ClockedType Theory, in particular for ensuring strong normalisation.However, on the extensional level the identity of ticks isirrelevant, as stated by the tick irrelevance axiom tirr κ . Oneconsequence of this is that force (3) is a type equivalence withinverse force − def = λx. Λ κ.λ ( α : κ ) .x [ κ ] : If x : ∀ κ. ⊲ κ A , thenthe composite map applied to x gives force ( force − x ) ≡ Λ κ.λ ( α : κ ) .x [ κ ] [ ⋄ ]= Λ κ.λ ( α : κ ) .x [ κ ] [ α ] ≡ x where the path equality is witnessed by λi. Λ κ.λ ( α : κ ) . tirr κ x [ ⋄ ] [ α ] i which is well typed by (4).Note that we do not assume the clock irrelevance axiom Γ ⊢ t : ∀ κ.A κ / ∈ fc ( A )Γ ⊢ cirr κ t : ∀ κ ′ . ∀ κ ′′ . Path A ( t [ κ ′ ] , t [ κ ′′ ]) (9)often assumed in type theories with multi-clock guarded recur-sion [16], [33]. Instead we will use the following definition. Definition 1.
A type A is clock-irrelevant if the canonical map A → ∀ κ.A (for κ fresh) is an equivalence. If A is clock-irrelevant it satisfies axiom (9), and assuminga clock constant the two statements are equivalent. Clockirrelevance is needed for the correctness of encodings ofcoinductive types. For example, using (8) one can prove ∀ κ. Str κ ( N ) ≃ ( ∀ κ. N ) × ∀ κ. ( ⊲ κ Str κ ( N )) ≃ N × ∀ κ. Str κ ( N ) ssuming N clock-irrelevant, and using that force is an equiv-alence. In this paper, rather than assuming all types clockirrelevant, we will prove clock-irrelevance for a large classof types and use this to construct final coalgebras for acorrespondingly large class of functors.IV. E NCODING COINDUCTIVE TYPES
In the previous section we saw that the type ∀ κ. Str κ ( N ) satisfies the type equivalence expected of a type of streams.In this section we prove that (assuming N clock-irrelevant)this type also satisfies the universal property characterisingstreams, as a special case of a more general property. InSection VI we will show that N is indeed clock-irrelevant asare a large collection of inductive and higher inductive types.Here we essentially adapt the final coalgebra constructionfrom [23]. We recall some notions. Given a type I considerthe category I → U of I -indexed types whose type of objectsis I → U and whose morphisms from X to Y is the type X → Y def = Π( i : I ) . El ( X i ) → El ( Y i ) An I -indexed endofunctor is an endofunctor on I → U .Let F be an I -indexed endofunctor, an F - coalgebra is apair ( X, f ) such that X : I → U and f : X → F X . We sayan F -coalgebra ( Y, g ) is final if for all coalgebras ( X, f ) thefollowing type is contractible Σ( h : X → Y ) . g ◦ h = F ( h ) ◦ f Using contractibility we address the fact that there can be morethan one proof of path equality, as is also done in [34].If X : ∀ κ. ( I → U ) write ∀ κ.X for λ ( i : I ) . ∀ κ. ( X [ κ ] i ) . Definition 2.
Say that an I -indexed endofunctor F commuteswith clock quantification if for all families X the canonicalmap can F : F ( ∀ κ.X [ κ ]) → ∀ κ. F ( X [ κ ]) is a pointwiseequivalence. For example, if A : U the constant functor to A commuteswith clock quantification if and only if A is clock-irrelevant. Lemma 2.
The collection of endofunctors commuting withclock quantification is closed under composition, pointwiseproduct, pointwise Π , pointwise Σ over clock irrelevant types,and pointwise universal quantification over clocks. If F com-mutes with clock quantification then the guarded recursive type X satisfying X ≃ F ( ⊲ κ X ) is clock irrelevant. Any path typeof a clock irrelevant type is clock irrelevant. The following theorem states that all such endofunctors havefinal coalgebras. The idea of this originates with Atkey andMcBride [6], and our proof is an adaptation of Møgelberg’sproof of a similar statement in extensional type theory [23]. Itrefers to the endofunctor ⊲ κ , defined as the pointwise extensionof the functor U → U mapping A to ⊲ ( α : κ ) .A for a fresh α . Here we mean the naive internal notion where the type of arrows is notnecessarily truncated, but we also do not require higher coherences. Same forfunctor below.
Theorem 1.
Let F be an I -indexed endofunctor whichcommutes with clock quantification, and let ν κ ( F ) be theguarded recursive type satisfying ν κ ( F ) ≃ F ( ⊲ κ ( ν κ ( F )) .Then ν ( F ) def = ∀ κ.ν κ ( F ) has a final F -coalgebra structure. Example 1.
In Section VI we will prove that our model verifiesthat N is clock-irrelevant, and hence the functor F ( X ) = N × X commutes with clock quantification. Theorem 1 thenstates correctness of the encoding of streams as ∀ κ. Str κ ( N ) . Example 2.
Consider the functor F ( X ) = P f ( A × X ) , where P f is the finite powerset functor defined as a higher-inductivetype [3], and A is assumed to be a clock-irrelevant set. InSection VI we will prove that P f commutes with clock quan-tification in our model, which implies that F does the same.Theorem 1 then gives an encoding of the final coalgebra for F . This type plays an important role in automata theory as itdescribes the finitely branching A -labelled transition systems.Let LTS κ denote fixed point for F ◦ ⊲ κ , let LTS def = ∀ κ. LTS κ be the coinductive type and let unfold : LTS → P f ( A × LTS ) be the final coalgebra structure.Suppose now x, y : LTS and R : LTS × LTS → U anddefine Bisim ∀ ( R )( x, y ) = Sim ∀ ( R )( x, y ) × Sim ∀ ( R )( y, x ) where Sim ∀ ( R )( x, y ) def = Π( x ′ : LTS , a : A ) . ( a, x ′ ) ∈ unfold ( x ) →∃ y ′ : LTS . (( a, y ′ ) ∈ unfold ( y )) × R ( x ′ , y ′ ) By Lemma 2,
LTS is clock irrelevant, and an easy inductionon X : P f ( A × LTS ) shows that the predicate ( a, x ′ ) ∈ X is clock irrelevant. In Section VI we will prove that propo-sitional truncation commutes with clock quantification in ourmodel, and since ∃ in homotopy type theory is defined as thecomposition of truncation and Σ [1], putting all this togethershows that Bisim ∀ ( − ) defines a clock invariant LTS × LTS -indexed endofunctor, and so Theorem 1 gives an encoding ofbisimilarity as a coinductive type.
Møgelberg and Veltri [22] prove that path equality coincideswith bisimilarity for guarded recursive types. Using theirresults we can prove the following.
Theorem 2.
Two elements of the type
LTS from Example 2 arebisimilar if and only if they are path equal. Since both thesestatements are propositions, these are equivalent as types.
We leave it to future work to generalise these results to ageneral statement about bisimilarity for coinductive types.V. D
ENOTATIONAL SEMANTICS
The standard models of both Cubical Type Theory andClocked Type Theory are based on presheaf categories. Inthis section we recall these models and show how to model thecombined Clocked Cubical Type Theory in a presheaf categoryover the product of the categories used in the interpretationsof Cubical and Clocked Type Theory. One of the challenges inconstructing the model is to equip the types of Clocked Typeheory (such as ⊲ ( α : κ ) .A ) with composition structures asrequired to model types in Cubical Type Theory.In this paper, following the convention of [17] (but breakingwith the convention of [12]) we will work with covariant presheaves. Recall that a covariant presheaf over a category C is a family of sets X ( c ) indexed by objects of C togetherwith a map mapping f : c → c ′ in C and x ∈ X ( c ) to f · x ∈ X ( c ′ ) , respecting identities and composition: id c · x = x g · ( f · x ) = ( gf ) · x (10)We write PSh ( C ) for the category of covariant presheaves on C . We recall the notion of Category with Family (CwF) [35]a standard notion of model of dependent type theory. Definition 3.
A category with family comprises: A category C . We use Γ , ∆ to range over objects of C A functor
Fam : C op → Set . Elements A ∈ Fam (Γ) are referred to as families over Γ . If σ : ∆ → Γ and A ∈ Fam (Γ) we write A [ σ ] for Fam ( σ )( A ) A functor El associating to each Γ and each A ∈ Fam (Γ) a set El ( A ) of elements of A , and to each σ : ∆ → Γ a mapping ( − )[ σ ] : El ( A ) → El ( A [ σ ]) . An operation of comprehension mapping a family A over Γ to an object Γ .A such that maps ∆ → Γ .A correspond bijectively to pair of maps σ : ∆ → Γ andelements t ∈ A [ σ ] , naturally in ∆ . We often refer to a CwF simply by the name of theunderlying category C . A CwF gives rise to a model ofdependent type theory [36] in which contexts are modelled asobjects of C , types as families and terms as elements. Recallthat any presheaf category is the underlying category of aCwF where families over an object Γ are indexed familiesof sets X ( c, γ ) for γ ∈ Γ( c ) with maps f · ( − ) : X ( c, γ ) → X ( c ′ , f · γ ) satisfying the equations (10), and elements areassignments mapping each γ ∈ Γ( c ) to t ( γ ) ∈ X ( c, γ ) suchthat t ( f · γ ) = f · t ( γ ) .We recall also the category R Γ of elements for a covariantpresheaf Γ over a category C . This has as objects pairs ( c, γ ) where γ ∈ Γ( c ) and morphisms from ( c, γ ) to ( c ′ , γ ′ ) morphisms f : c → c ′ such that f · γ = γ ′ . Note that a familyover Γ is precisely the same as a presheaf over R Γ . We willalso use the equivalence PSh ( C ) / Γ ≃ PSh ( R Γ) (11)which states that a slice of a presheaf category is itself apresheaf category. A. Modelling Cubical Type Theory
The standard model of Cubical Type Theory [12] usespresheaves over the category of cubes . Here, since we usecovariant presheaves, we will write C for the opposite ofthe category used in [12]. So C has as objects finite sets I, J, K and as morphisms from I to J maps f : I → dM ( J ) where dM ( J ) is the free de Morgan algebra on the set J .Composition is the standard Kleisli composition, using the factthat dM ( − ) is a monad. From the model construction we recall in particular the interval object I ( I ) def = dM ( I ) , representing thesingleton set, and the face lattice F , which at stage I is the freedistributive lattice generated by elements ( i = 0) and ( i = 1) for each i ∈ I , and relations ( i = 0) ∧ ( i = 1) = ⊥ F .This model construction can be extended work for anycategory of the form PSh ( C × D ) . To do so we rely on theOrton and Pitts’ axiomatisation of models of CTT [18], [37]Rather than recalling these axioms, we recall the sufficientconditions summarised by Coquand et. al [38] for a presheaftopos to satisfy these axioms. These conditions are as follows. • The interval object I is connected, and a bounded dis-tributive algebra structure with distinct 0 and 1 elements.Exponentiation by I has a right adjoint. • The canonical map from F to the subobject classifier is amonomorphism, and the universal cofibration ⊤ : 1 → F is a levelwise decidable inclusion. Monomorphisms thatcan be described as pullbacks of the latter are referredto as cofibrations . The interval endpoint inclusions , → I must be cofibrations, and cofibrations must beclosed under finite union (finite disjunction), composi-tion (dependent conjunction), and universal quantificationover I .A cubical model is a presheaf category satisfying the axiomsabove. In PSh ( C × D ) , defining both objects as constant onthe D component, using the corresponding objects in PSh ( C ) I ( I, d ) def = I ( I ) F ( I, d ) def = F ( I ) make PSh ( C × D ) a cubical model, as also observed in [38].Given such a model, Orton and Pitts [18] express thestructure sufficient to model CTT using the internal languageof the presheaf topos as an extensional type theory. We recallhere some definitions that will be relevant later. We assumea ω + 1 long hierarchy of Grothendieck universes, leadingto a corresponding hierarchy of universes a la Russell U i in the internal language, each classifying presheaves of theappropriate size. Definition 4. A CCHM fibration ( A, α ) over a type Γ : U ω isa family A : Γ → U ω with a fibration structure α : isFib Γ A where isFib Γ A def = ( e : { , } )( p : I → Γ) → Comp e ( A ◦ p ) Comp e A def = ( ϕ : F )( u : [ ϕ ] → ( i : I ) → A i ) → { u : A e | ϕ ⇒ u e = u }→ { u : A e | ϕ ⇒ u e = u } where e sends I to and vice versa. Notice
Comp A closely matches the signature of thecomposition operation from CTT.We can then build the following Category with Families offibrant types, which we call Fib : • A context Γ is a global element of U ω . • A family over Γ is a global CCHM fibration over Γ . • An element t of a family ( A, α ) over Γ is a global elementof ( γ : Γ) → A γ .t then follows that
Fib models the type formers of CubicalType Theory.
Remark 1.
Cubical Type Theory as presented in [12] includesspecific judgemental equalities for the composition operator comp iA according to the shape of A , matching the behaviour ofthe given fibration structures in their model. The constructionsby Orton and Pitts [18] do not necessarily produce fibrationstructures that satisfy the same equalities. One way to dealwith this is to use alternative formulations of these rules [13],[39]. Since these equalities are mainly relevant for operationalproperties of CTT, we will ignore this issue in this paper.B. Modelling Clocked Cubical Type Theory In the previous section we saw how to model Cubical TypeTheory in any category of the form
PSh ( C × D ) . We nowdefine the category T of time objects and extend the modelto a model of Clocked Cubical Type Theory in PSh ( C × T ) .The objects of T are pairs ( E ; δ ) , where E is a finite set (tobe though of as a set of semantic clocks), and δ : E → N isa map associating to each clock a finite amount of time stepsthat are left on that clock. A morphism σ : ( E ; δ ) → ( E ′ ; δ ′ ) is a map σ : E → E ′ such that δ ′ σ ≤ δ in the pointwiseorder. This can be understood as a generalisation of thetopos of trees model PSh ( ω op ) of guarded recursion [10],where the indexing category is restricted to objects where thefirst component E is a singleton. The category PSh ( T ) haspreviously been used to model type theories with guardedrecursion and multiple clocks [17], [40], and (in a slightvariation) Guarded Computational Type Theory [41].The category PSh ( C × T ) has an object of clocks Clk defined as
Clk( I, ( E ; δ )) = E . The can be used to modelassumptions of the form κ : clock in contexts, and the types ∀ κ.A can be modelled as Π -types. To model ⊲ , recall that thisis a Fitch-style modal type operator which can be modelledusing dependent right adjoint types [19]. Definition 5.
Let C , D be a CwFs and let L : C → D be afunctor between the underlying categories. A dependent rightadjoint to L is a mapping associating to a family A over L Γ a family R A over Γ and a bijective correspondence betweenelements of A and elements of R A , both natural in Γ . The naturality requirement for R means that if γ : Γ ′ → Γ and A is a family over L Γ , then ( R A )[ σ ] = R ( A [ L σ ]) .Writing ( − ) for both directions of the bijective correspondenceon elements, the naturality condition for this means that if t is an element of A over L Γ , then t [ γ ] = t [ L γ ] , and similarlyfor the opposite direction.Dependent type theories with Fitch-style modal operatorscan be modelled using dependent right adjoints [19], modellingextensions of contexts with ticks using the left adjoint functor L and the modal operator using the dependent right adjoint R .In the case of Clocked Type Theory, the ticks, as well as themodal operators are indexed over an object Clk in the model:Semantically, the hypothesis Γ ⊢ κ : clock of the contextextension rule for Γ , α : κ ⊢ corresponds to an element of the slice category over Clk . By (11) the slice category over
Clk is itself a presheaf category and therefore carries a naturalCwF structure. In fact, if χ : Γ → Clk is an object in the slicecategory, then families over χ in the slice category correspondbijectively to families in PSh ( C × T ) over Γ . Exploiting this,Mannaa et al [17] describe how to model ticks on clocks usinga dependent right adjoint ◮ to an endofunctor ◭ on the slicecategory over Clk . In this model Γ , α : κ ⊢ is interpreted asthe domain of ◭ ( J Γ K , J κ K ) and ⊲ ( α : κ ) .A as the dependentright adjoint ◮ applied to J A K . The bijective correspondenceon elements then models the bijective correspondence betweenterms Γ , α : κ ⊢ t : A and terms Γ ⊢ u : ⊲ ( α : κ ) .A givenby tick abstraction and application. Tick weakening, whichsyntactically corresponds to context projections Γ , α : κ → Γ can be modelled using a natural transformation from ◭ to theidentity. C. Composition structure for dependent right adjoints
Before recalling the dependent right adjoint structure onthe slice category
PSh ( C × T ) / Clk we now give generalconditions ensuring that dependent right adjoint types carrycomposition structure. The conditions are all on the left adjointfunctor.
Definition 6.
Let C be a cubical model with interval object I and let L : C → C be a finite product preserving functor. We say L preserves the interval if there is an isomor-phism L ( I ) ∼ = I preserving endpoints, i.e., such that thefollowing commutes for e = 0 , . I L L I e ∼ = ∼ = L e We say L preserves cofibrations if L i : L A → L B is a cofibration whenever i : A → B is, and if thediagram on the right below is a pullback whenever i isa cofibration and the diagram on the left is a pullback C AD B aj ib L C L A L D L B L a L j L i L b The condition of preserving cofibrations corresponds togiving an operation mapping cofibrations Γ ⊢ ϕ : F on Γ tocofibrations L Γ ⊢ L F ( ϕ ) : F such that L Γ . [ L F ( ϕ )] ∼ = L (Γ . [ ϕ ]) as subobjects of L Γ and satisfying L F ( ϕ [ σ ]) = L F ( ϕ )[ L σ ] .Here [ ϕ ] is the family classified by ϕ . Theorem 3.
Let C be a cubical model, let L : C → C be a functor preserving finite products, the interval andcofibrations, and let R be a dependent right adjoint to L . If afamily A over L Γ carries a global composition structure, sodoes R A over Γ . Moreover, this assignment is natural in Γ . Note that this is a statement about global compositionstructures in the model. The theorem can not be proved in theinternal logic of the topos, but can be proved in an extensionf this using crisp type theory, similarly to the constructionof universes for cubical type theory in crisp type theory [37].The reason is that the proof uses the bijective correspondenceof Definition 5 which only applies to global terms.
D. The dependent right adjoint
We now recall the structure of the dependent right adjointin details. In [17] this structure is defined for
PSh ( T ) butthe constructions carry over directly to PSh ( C × T ) . Thestructure arises as an extension of an endo-adjunction on theslice category as in the following lemma slightly generalisedfrom [19], to which we refer for details. Lemma 3.
Let C and D be CwFs and let L : C → D be a functor between the underlying categories with a rightadjoint R . Suppose R extends to families and elements as inthe following data An operation mapping families A over Γ in D to families R Fam A over R Γ satisfying R Fam ( A [ γ ]) = ( R Fam A )[ Rγ ] An operation mapping elements t of A to elements R El t of R Fam A satisfying R El ( t [ γ ]) = ( R El t )[ Rγ ] .Then L has a dependent right adjoint mapping families A over L Γ to R A = ( R Fam A )[ η ] where η : Γ → RL Γ is the unit ofthe adjunction. The endoadjunction on the slice category is best describedby using the equivalent description of the slice category as
PSh ( R Clk) . The right adjoint is the simplest to describe andis similar to the functor ◮ on the topos-of-trees [10]: ◮ Γ( I, ( E ; δ ) , λ ) = ( Γ( I, ( E ; δ [ λ n ]) , λ ) if δ ( λ ) = n +11 if δ ( λ ) = 0 Here δ [ λ n ]( λ ) = n and δ [ λ n ]( λ ′ ) = δ ( λ ′ ) for λ ′ = λ and in the second clause is a singleton set. This lifts tofamilies and elements in the sense of Lemma 3, for example,if A is a family over Γ then ◮ Fam ( A )( I, ( E ; δ ) , λ )( γ ) = ( A ( γ ) if δ ( λ ) = n +11 if δ ( λ ) = 0 The left adjoint can be concretely described as ◭ Γ( I, ( E ; δ ) , λ ) having as elements pairs ( σ, x ) such that ( id I , σ ) : ( I, ( E ′ ; δ ′ ) , λ ′ ) → ( I, ( E ; δ ) , λ ) with δ ′ ( λ ′ ) > δ ( λ ) and x ∈ Γ( I, ( E ′ ; δ ′ ) , λ ′ ) considered up to the equivalencerelation ∼ generated by ( στ, x ) ∼ ( σ, ( id , τ ) · x ) . We referto [17] for the details of the adjunction structure as well asan abstract description of the left adjoint.There is a natural transformation p ◭ : ◭ → id defined as p ◭ ( σ, x ) = ( id , σ ) · x . This is used in our model to interprettick-weakening. Theorem 4.
Let Γ be an object of PSh ( C × T ) and κ :Γ → Clk . Suppose A is a family over the domain of ◭ (Γ , κ ) which carries a composition structure, then ◮ A carries acomposition structure as a family over Γ .Proof. Recall that families and terms in the CwF of theslice category
PSh ( R Clk) over an object corresponding to an element κ : Γ → Clk correspond bijectively to familiesand elements of the CwF of
PSh ( C × T ) over Γ . Since thiscorrespondence also respects the interpretation of the internaldependent type theory, it suffices to show that ◮ A carriesa composition structure as expressed on the slice category,when A does. By Theorem 3 this reduces to showing that ◭ preserves finite products, the interval and cofibrations. Weomit this routine verification for reasons of space.Theorem 4 gives a dependent right adjoint structure on theCwF Fib that we use for our model. The bijective correspon-dence between elements in Definition 5 then gives directlythe interpretation of tick-abstraction, the introduction formfor ⊲ ( α : κ ) .A . The interpretation of elimination requires abit more care, because of the timeless assumptions. Theseassumptions can be proved to commute with ticks in themodel, essentially since ◭ preserve them. We omit the detailsfor reasons of space, but refer the reader to Appendix C.VI. H IGHER I NDUCTIVE T YPES
We now extend Clocked Cubical Type Theory with higherinductive types and present our main theorem (Theorem 5)that HITs commute with universal quantification over clocks.This provides a rich supply of functors to which Theorem 1applies to give encodings of coinductive types, including finitepowersets and truncations as used in Example 2. For reasonsof space we omit the details of the semantics of HITs (whichfollows Coquand et al. [21]) as well as the proof of Theorem 5.
A. Syntax and Typing
We adapt a schema for HITs declarations from Cavallo andHarper [20] to our version of CTT. For simplicity we excludeindexed families, but the schema is still general enough tocover examples like spheres, pushouts, W-suspensions [42],(higher) truncations, and finite and countable powersets.The judgements of Figure 3 are meant to capture declara-tions of the form data H ( δ : ∆) where ... ℓ i : ( γ : Γ) → ( x : Ξ → H δ ) → ( i : Ψ) → H δ [ ϕ e ] ...which list constructors and their types for a new datatype H , taking parameters in the telescope ∆ . On top of thedeclared constructors every HIT also has an introductionform corresponding to homogeneous composition , written hcomp i H δ [ ϕ u ] u , where δ is not allowed to depend on i , as well as a transport operation. Although giving suchstructure is equivalent to giving a composition structure as inSection II, following Coquand et al. [21] we include these inthe syntax to ensure a precise correspondence with the model.We refer to Appendix D for further details on these, but justrecall that from the homogeneous composition operator onecan derive a homogeneous filling operator hfill iA [ ϕ u ] u : Path A ( u , hcomp iA [ ϕ u ] u ) which provides a filler for thebox specified by u and u and closed by composition [39]. constructor for H is specified by a tuple ∆; K ⊢ (Γ , Ξ , Ψ , ϕ, e ) constr where K lists the previously declaredconstructors. The telescope Γ lists the non-recursive argu-ments, and each Ξ in Ξ is the arity for a recursive argument.Path constructors further take a non-empty telescope of inter-val variables Ψ and have a boundary e specified as a partialelement over the formula ϕ . The judgements for telescopes aregiven in Figure 2. Note that these imply that all of ∆ , Γ , and Ξ only contain variables of proper types, i.e., no interval, face,clock or tick assumptions. Only the boundary is allowed torefer to H and the previous constructors from K . We signifythis by adding those as subscripts to the typing judgementfor e . Cavallo and Harper require the components M of theboundary to conform to a dedicated typing judgement, whichrestricts their shape and makes it possible to correctly specifythe inputs to the dependent eliminator for H . For concisenesswe replicate those restrictions with a grammar, Bndr ( K , Θ) ,which specifies that a boundary term must be built either froman applied recursive argument x u , a previous constructor, ora use of hcomp . The side conditions u and t meanthat those subterms must not refer to the variables from Θ .We also assume we have a code H δ : U i whenever the typesin all of the Γ and Ξ telescopes in K have a code in U i aswell.We now give some concrete examples. For readability wewrite ( ℓ, (Γ; ( x : Ξ → H δ ); Ψ; [ ϕ M , . . . , ϕ n M n ])) in place of ( ℓ, (Γ , Ξ , Ψ , ∨ i ϕ i , [ ϕ M , . . . , ϕ n M n ])) .We also write ℓ rather than con ℓ . Example 3.
Pushout . The context ∆ contains the data of apushout, i.e., ∆ def = ( A B C : U )( f : El ( C → A ))( g : El ( C → B )) . The pushout has two point constructors, and a path, nonewith recursive arguments. • ( inl , (( a : El A ); · ; · ; [])) • ( inr , (( b : El B ) , · ; · ; [])) • (cid:18) push , (cid:18) ( c : El C ); · ; ( i : I ); (cid:20) i = 0 inl ( f c, · , · ) i = 1 inr ( g c, · , · ) (cid:21)(cid:19)(cid:19) Sphere . We can encode the circle and higher spheres, S n for n ≥ , as a point and an n -dimensional surface • ( base , ( · ; · ; · ; [])) • surface , · ; · ; i : I n ; i = 0 ∨ i = 1 base ( · ; · ; · ) . . .i n = 0 ∨ i n = 1 base ( · ; · ; · ) Propositional and Higher Truncation . Let ∆ def = ( A : U ) ,and write propositional truncation as k A k . • ( in , ( El A ; · ; · ; [])) • (cid:18) squash , (cid:18) · ; ( a , a : k A k ); ( i : I ); (cid:20) i = 0 a i = 1 a (cid:21)(cid:19)(cid:19) For higher truncations k A k n , where n ≥ , we use the hub andspoke construction [1, Sect. 7.3], as the schema does not allowquantifying over paths of the HIT itself. Instead of squash then we have the following two constructors: • ( hub , ( · ; ( f : S n +1 → k A k n ); · ; [])) We believe the semantics would support doing so, but it would complicatethe schema. ⊢ · (cid:3) ⊢ Ψ (cid:3) ⊢ Ψ , i : I (cid:3) Γ ⊢ Γ ⊢ · tel Γ ⊢ Γ tel Γ , Γ ⊢ A typeΓ ⊢ Γ , x : A tel Fig. 2. Telescope judgements. • ( spoke , (( x : S n +1 ); ( f : S n +1 → k A k n ); ( i : I ); e )) where e def = [ i = 0 f x, i = 1 hub ( · , λy. f y, · )] . Finite Powerset . The finite powerset P f ( A ) as recalled inSection II can also be constructed within this schema, usingconstructions similar to the ones above, including the hub and spoke constructors to ensure that P f ( A ) is set truncated.We spell out the declaration of the path constructor forcommutativity of ∪ as we will reference it later • (cid:18) comm , (cid:18) · , ( X, Y : P f ( A )) , ( i : I ) , (cid:20) i = 0 X ∪ Yi = 1 Y ∪ X (cid:21)(cid:19)(cid:19) Figure 4 presents the dependent elimination operator elim D ( E , h ) for the HIT H . The figure first defines the judge-ment Γ ⊢ E : K ⇀ δ D for an elimination list E , which willcontain the premises necessary to handle the constructors in K while eliminating into the type family Γ , h : H δ ⊢ D type .The case for K , ( ℓ, (Γ , Ξ , Ψ , ϕ, e )) requires an elimination listof the form E , u where E is an elimination list for K and u isan element of the type family D at an index built with con ℓ . Inparticular u is typed in a context extended with non-recursivearguments γ : Γ[ δ ] , recursive arguments x : Θ Ξ[ δ,γ ] , H δ , andinterval variables i : Ψ for the constructor con ℓ ( γ, x, i ) , andalso induction hypotheses y : Π( ξ : Ξ[ δ, γ ]) . D [ x ξ ] about thevariables x . The element u also needs to suitably matchthe boundary e whenever ϕ is satisfied. To express this wetransform e : H δ into L e M δ E ,y , the corresponding element ofthe family D , built using the elimination list E to handlethe previous constructors, and the induction hypotheses y tohandle the recursive arguments x . We have the followinglemma about typing of L e M δ E ,y Lemma 4. If e = [ ϕ M . . . ϕ m M m ] is the boundary for con ℓ then the following is well typed: Γ , γ : Γ[ δ ] , x : Θ Ξ[ δ,γ ] , H δ , y : Θ d (Ξ[ δ, γ ] , D ) , i : Ψ , ϕ ⊢ L e M δ E ,y : D [ con ℓ ( γ, x, i )] B. HITs commute with clock quantification
The precise statement of propositional truncation commut-ing with clock quantification is an isomorphism between k∀ κ.A [ κ ] k and ∀ κ. k A [ κ ] k in context A : ∀ κ. U . To gen-eralise this statement, we first define the action of quantifyinga fresh clock variable κ over a telescope ∀ κ. · = ·∀ κ. ( ~x : ~A, x : A ) = ~y : ∀ κ. ~A, y : ∀ κ.A [ ~y [ κ ] /~x ] onstructor declarations (presuppose · ⊢ ∆ tel ) K = ( ℓ , C ) . . . ( ℓ n , C n )( ∀ i ) ∆; ( ℓ , C ) . . . ( ℓ i − , C i − ) ⊢ C i constr∆ ⊢ K constrs∆ ⊢ Γ tel ( ∀ k ) ∆ , Γ ⊢ Ξ k tel ⊢ Ψ (cid:3) Ψ ⊢ ϕ : F δ : ∆ , Γ , Θ Ξ , H δ , Ψ , ϕ ⊢ K , H δ e : H δe = [ ϕ M . . . ϕ m M m ] ( ∀ k ) M k ∈ Bndr ( K ; Θ Ξ , H δ )∆; K ⊢ (Γ; Ξ; Ψ; ϕ ; e ) constr where Θ Ξ ,A = x : Ξ → A, . . . , x n : Ξ n → A Grammar for boundary terms
N, M ∈ Bndr ( K ; Θ) ::= x u ( x : A ) ∈ Θ u | con ℓ ( t, λξ. M , r ) ( ℓ, C ) ∈ K t | hcomp j H δ [ ϕ M ] M Formation Γ ⊢ δ : ∆Γ ⊢ H δ type Introductions ( ℓ, (Γ; Ξ; Ψ; ϕ ; e )) ∈ K Γ ⊢ δ : ∆Γ ⊢ t : Γ[ δ ] Γ ⊢ a : Θ Ξ[ δ,t ] , H δ Γ ⊢ r : ΨΓ ⊢ con ℓ ( t, a, r ) : H δ [ ϕ [ r ] e [ t, a, r ]]Γ ⊢ δ : ∆ Γ ⊢ ϕ : F Γ ⊢ u : H δ [ ϕ u [0 /i ]]Γ ⊢ hcomp i H δ [ ϕ u ] u : H δ [ ϕ u [1 /i ]]Γ ⊢ ϕ : F Γ , i : I ⊢ δ : ∆Γ , i : I , ϕ ⊢ δ ≡ δ [0] : ∆ Γ ⊢ u : H δ [0]Γ ⊢ trans i H δ ϕ u : H δ [1][ ϕ u ] Fig. 3. Schema for Higher Inductive Types, δ : ∆ ⊢ H δ type . In thetyping of the boundary e the subscript K , H δ indicates that this judgementcan refer to the labels from K and H δ itself. The side conditions u and t specify that those terms should not mention variables from Θ . Forfurther judgemental equalities for trans see Appendix D. Given a HIT δ : ∆ ⊢ H δ type , a map of telescopes ζ ∆ : ( ∀ κ. ∆) → ∆ and a δ : ∀ κ. ∆ , we now present a setof assumptions on the constructors of H which allow us toconstruct a comparison map α : H ( ζ ∆ ( δ )) → ∀ κ. H ( δ [ κ ]) . Inthe case of truncation, ζ ∆ will be λA. ∀ κ.A [ κ ] .Assume given H and ζ ∆ , and let K be the constructorsof H , denoting the i ’th constructor by ( ℓ i , (Γ i ; Ξ i ; Ψ i ; ϕ i ; e i )) .For each i and j we need two isomorphisms: δ : ∀ κ. ∆ ⊢ ζ Γ i : ( ∀ κ. Γ i [ δ [ κ ]]) ∼ = Γ i [ ζ ∆ ( δ )] δ : ∀ κ. ∆ , γ : ∀ κ. Γ i [ δ [ κ ]] , κ : clock ⊢ ζ Ξ i,j : Ξ i,j [ δ [ κ ] , γ [ κ ]] ∼ = Ξ i,j [ ζ ∆ ( δ ) , ζ Γ i ( γ )] Note that ζ Γ i has a type similar to the isomorphism we areaiming to construct, and can therefore be seen as a kind of Elimination lists Γ ⊢ δ : ∆ Γ , h : H δ ⊢ D typeΓ ⊢ · : · ⇀ δ D Γ ⊢ E : K ⇀ δ D Γ u = Γ , γ : Γ[ δ ] , x : Θ Ξ[ δ,γ ] , H δ , y : Θ d (Ξ[ δ, γ ] , D ) , i : ΨΓ u ⊢ u : D [ con ℓ ( γ, x, i )][ ϕ L e M δ E ,y ]Γ ⊢ E , u : K , ( ℓ, (Γ , Ξ , Ψ , ϕ, e )) ⇀ δ D where Θ d (Ξ , D ) = ( y : Π( ξ : Ξ) . D [ x ξ ]) Boundary interpretation L [ ϕ M , . . . , ϕ n M n ] M δ E ,y = [ ϕ L M M δ E ,y , . . . , ϕ n L M n M δ E ,y ] L x i u M δ E ,y = y i u L con ℓ ( t, λξ. M , r ) M δ E ,y = E ℓ [ t, λξ. M , R, r ] where R i = λξ. L M i M δ E ,y L hcomp j H δ [ ψ M ] M M δ E ,y = comp kD [ hfill j H δ [ ψ M ] M k ] [ ψ L M M δ E ,y [ k/j ]] L M M δ E ,y where E ℓ is the component of E for the label ℓ . Dependent elimination Γ ⊢ δ : ∆ Γ , x : H δ ⊢ D typeΓ ⊢ E : K ⇀ δ D Γ ⊢ u : H δ Γ ⊢ elim D ( E , u ) : D [ u ] judgemental equalities for elimination For each constructor we have the following equation: elim D ( E , con ℓ ( t, a, r )) ≡ E ℓ [ t, a, λξ. elim D ( E , a ξ ) , r ] and also one for homogenous composition: elim D ( E , hcomp j H δ [ ϕ u ] u ) ≡ comp kD [ v ( k )] [ ϕ elim D ( E , u )[ k/j ]] ( elim D ( E , u )) where v ( k ) def = hfill j H δ [ ϕ u ] u k . Fig. 4. Dependent elimination for δ : ∆ ⊢ H δ type into type family Γ , h : H δ ⊢ D type , at parameters Γ ⊢ δ : ∆ . induction hypothesis. The ζ Ξ i,j states that Ξ i,j does not dependon κ .From these ζ ’s we can start to define an elimination listtowards constructing α by applying the dependent elimi-nation principle of H ( ζ ∆ ( δ )) . Assume now that we have Γ ⊢ δ : ∀ κ. ∆ and an initial segment of an elimination list Γ ⊢ E
Assume that we are given a map ζ ∆ and isomor-phisms ζ Γ i , ζ Ξ i,j as above, satisfying the boundary conditions.Then the interpretation of the map α is an isomorphism. Example 4.
Circle . For the circle ∆ is the empty context, andhence we can choose the isomorphism ∼ = ∀ κ. for ζ ∆ . Sim-ilarly trivial isomorphisms are chosen for the ζ Γ ’s and ζ Ξ ’s.The resulting comparison map is given by base λκ. base and surface ( i ) λκ. surface ( i ) , and the boundary conditionreduces to λκ. surface ( e ) = λκ. base for each endpoint e : I ,which is true. Theorem 5 then states that the comparisonmap is interpreted as an isomorphism S ∼ = ∀ κ. S . A similarapproach applies to any closed HIT and any ordinary, closed,inductive type, in particular the higher spheres and N . Set truncation . Recall that in this example ∆ = A : U andset ζ ∆ to be λA. ∀ κA [ κ ] . Most of the required isomorphismsare simply identities in this example, except ζ Γ spoke , : ∀ κ. S ∼ = S for which we choose the isomorphism α − S constructed inthe previous example. Note that this requires a safe extensionof the language, since Theorem 5 only gives an inverse in themodel. The boundary conditions in this case are λκ. spoke ( α S ( s ) [ κ ] , ev κ ◦ f ′ ,
0) = λκ.f ′ s [ κ ] λκ. spoke ( α S ( s ) [ κ ] , ev κ ◦ f ′ ,
1) = λκ. hub ( λs . f ′ s [ κ ]) in context A : ∀ κ. U , s : S , f : S → k∀ κ.A [ κ ] k , f ′ : S →∀ κ. k A [ κ ] k , ( i : I ) , where ev κ = λx.x [ κ ] . For the first ofthese, the boundary condition for spoke states that the lefthand side equals ev κ ◦ f ′ ( α S ( s ) [ κ ]) . The required equalitythen follows from α S ( s ) [ κ ] = s which holds in the model.Since the second equality also holds, Theorem 5 provides anisomorphism k∀ κ.A [ κ ] k ∼ = ∀ κ. k A [ κ ] k in the model. Thisreadily generalizes to the other truncations. Pushout . For the pushout we take ζ ∆ to be the mapwhich assigns A, B, C : ∀ κ. U to ∀ κ.A [ κ ] , ∀ κ.B [ κ ] and ∀ κ.C [ κ ] , while mapping f and g to λc.λκ. ( f [ κ ])( c [ κ ]) and λc.λκ. ( g [ κ ])( c [ κ ]) respectively. All the required isomor-phisms can be taken as identities, e.g., ζ Γ inl is the identity on ( ∀ κ.A [ κ ]) . The only boundary condition is the one for push ,which states that λκ. push ( c [ κ ]; · ; 0) = λκ. inl (( f [ κ ])( c [ κ ]) , · , · ) and the corresponding one for and inr . Since these aresatisfied, Theorem 5 gives an isomorphism in the model ( ∀ κ.A [ κ ]) + ( ∀ κ.C [ κ ]) ( ∀ κ.B [ κ ]) ∼ = ∀ κ. (cid:0) A [ κ ] + C [ κ ] B [ κ ] (cid:1) which, for instance, maps inl a to λκ. inl ( a [ κ ]) . In particular,taking A to be λκ.A ′ for some clock irrelevant A ′ andsimilarly for B and C , this shows that pushouts of clockirrelevant types are clock irrelevant. Finite Powerset . As in Example 3, most of this followssimilar patterns to the previous examples, in particular thecase of set truncation. In the case of the constructor comm the required isomorphisms are all identities and the boundarycondition unfolds to λκ. comm ( X [ κ ] , Y [ κ ] ,
0) = λκ. ( X [ κ ]) ∪ ( Y [ κ ]) and the swapped case for . In this case the theoremsupplies an isomorphism α P : P f ( ∀ κ.A ) → ∀ κ. P f ( A ) . VII. C
ONCLUSION AND FUTURE WORK
We have constructed a model of the type theory ClockedCubical Type Theory, and shown that this contains a richsupply of functors for which coinductive types can be encodedusing guarded recursion. This allows for simple programmingwith a wide range of coinductive types encoding productivitychecking in types. We have seen by example how to provecoincidence of path equality with bisimilarity for these types.We believe this type theory is useful not just for coinductivereasoning, but also for reasoning about advanced programminglanguage features using a form of synthetic guarded domaintheory. We plan to explore this perspective further in futurework extending previous work in this direction [43], [44] withnon-determinism using the results proved here for the finitepowerset monad.Future work includes an implementation of Clocked CubicalType Theory in a proof assistant. We have already developed asimple prototype implementation of this type theory, extendingCubical Agda. This implementation takes force , rather thanthe tick constant ⋄ as primitive, but this is sufficient formany applications. For example, we have verified the proofof Theorem 1 in it.We also plan to explore how to make Theorem 5 availablein the syntax, in particular, how programmers can accessthe direction of the isomorphism from ∀ κ. H δ [ κ ] to H ζ ∆ ( δ ) without breaking canonicity. One option is to allow for aschema for elimination out of ∀ κ. H δ [ κ ] in which the userspecifies what to do on terms of the form λκ. con ℓ ( t, a, r ) .Usually, however, elimination rules for HITs have definitional β -rules, from which one can derive propositional η -rules, butnot definitional ones [1]. Having this in our new eliminationform would allow one to prove only that ∀ κ. H δ [ κ ] and H ζ ∆ ( δ ) are equivalent, not isomorphic. For example, ∀ κ. S would be equivalent to S , not isomorphic. As we saw inSection VI-B this isomorphism is used in the proof that set-truncation commutes with clock quantification, and so alsoin the case of the finite powerset functor. For the theoremto still apply in those cases would require Theorem 5 to bestrengthened to the case when the input isomorphisms aremerely equivalences. On top of that we plan to extend theschema and semantics for HITs to include indexed families asin [20] and extend Theorem 5 to those as well.Unlike this paper, other type theories for multi-clockedguarded recursion [17], [33] take clock irrelevance (9) asan axiom. This requires that universes be indexed by clockcontexts, and the ⊲ modality be restricted to ⊲ κ : U ∆ → U ∆ for κ ∈ ∆ , because an unrestricted ⊲ κ breaks clock irrele-vance [40]. Bizjak and Møgelberg [40] show how to carveut such universes as sub-universes of the standard universesin presheaf categories, in the setting of extensional type theory.Future work includes extending this construction to the presentsetting, while ensuring that these universes are closed underequivalence of types. We believe that this can be done byrelating clock irrelevance to the notion of discreteness fromReal-Cohesive Homotopy Type Theory [45].R EFERENCES[1] T. Univalent Foundations Program,
Homotopy Type Theory: Univa-lent Foundations of Mathematics . Institute for Advanced Study:https://homotopytypetheory.org/book, 2013.[2] P. Martin-Löf,
Intuitionistic Type Theory . Napoli: Bibliopolis, 1984.[3] D. Frumin, H. Geuvers, L. Gondelman, and N. van der Weide,“Finite sets in homotopy type theory,” in
Proceedings of the 7th ACMSIGPLAN International Conference on Certified Programs and Proofs,CPP 2018, Los Angeles, CA, USA, January 8-9, 2018 , J. Andronickand A. P. Felty, Eds. ACM, 2018, pp. 201–214. [Online]. Available:http://doi.acm.org/10.1145/3167085[4] J. Chapman, T. Uustalu, and N. Veltri, “Quotienting the delay monadby weak bisimilarity,”
Mathematical Structures in Computer Science ,vol. 29, no. 1, pp. 67–92, 2019.[5] N. A. Danielsson, “Beating the productivity checker using embeddedlanguages,” in
PAR , vol. 43, 2010, pp. 29–48.[6] R. Atkey and C. McBride, “Productive coprogramming with guardedrecursion,”
ACM SIGPLAN Notices , vol. 48, no. 9, pp. 197–208, 2013.[7] H. Nakano, “A modality for recursion,” in
Proceedings Fifteenth AnnualIEEE Symposium on Logic in Computer Science . IEEE, 2000, pp. 255–266.[8] A. W. Appel and D. McAllester, “An indexed model of recursive typesfor foundational proof-carrying code,”
ACM Trans. Program. Lang. Syst ,vol. 23, no. 5, pp. 657–683, 2001.[9] A. W. Appel, P. Melliès, C. D. Richards, and J. Vouillon, “A very modalmodel of a modern, major, general type system,” in
POPL , 2007, pp.109–122.[10] L. Birkedal, R. E. Møgelberg, J. Schwinghammer, and K. Støvring,“First steps in synthetic guarded domain theory: step-indexing in thetopos of trees,”
Logical Methods in Computer Science , vol. 8, no. 4,2012.[11] R. Jung, R. Krebbers, J.-H. Jourdan, A. Bizjak, L. Birkedal, andD. Dreyer, “Iris from the ground up: A modular foundation for higher-order concurrent separation logic,”
Journal of Functional Programming ,vol. 28, 2018.[12] C. Cohen, T. Coquand, S. Huber, and A. Mörtberg, “Cubical typetheory: A constructive interpretation of the univalence axiom,” in . Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2018.[13] A. Vezzosi, A. Mörtberg, and A. Abel, “Cubical agda: a dependentlytyped programming language with univalence and higher inductivetypes,”
Proceedings of the ACM on Programming Languages , vol. 3,no. ICFP, pp. 1–29, 2019.[14] N. Veltri and A. Vezzosi, “Formalizing π -calculus in guarded cubicalagda,” in Proceedings of the 9th ACM SIGPLAN InternationalConference on Certified Programs and Proofs , ser. CPP 2020. NewYork, NY, USA: Association for Computing Machinery, 2020, p.270–283. [Online]. Available: https://doi.org/10.1145/3372885.3373814[15] L. Birkedal, A. Bizjak, R. Clouston, H. B. Grathwohl, B. Spitters, andA. Vezzosi, “Guarded cubical type theory: Path equality for guardedrecursion,”
Journal of Automated Reasoning , vol. 63, no. 2, pp. 211–253, 2019.[16] P. Bahr., H. B. Grathwohl, and R. E. Møgelberg, “The clocks are ticking:No more delays!” in . IEEE, 2017, pp. 1–12.[17] B. Mannaa, R. E. Møgelberg, and N. Veltri, “Ticking clocks as de-pendent right adjoints: Denotational semantics for clocked type theory,”
Logical Methods in Computer Science , vol. 16, 2020.[18] I. Orton and A. Pitts, “Axioms for modelling cubical type theory in atopos,”
Logical Methods in Computer Science , vol. Volume 14, Issue 4,Dec 2018. [19] R. Clouston, B. Mannaa, R. E. Møgelberg, A. M. Pitts, and B. Spitters,“Modal dependent type theory and dependent right adjoints,”
Mathe-matical Structures in Computer Science , vol. 30, no. 2, pp. 118–138,2020.[20] E. Cavallo and R. Harper, “Higher inductive types in cubical com-putational type theory,”
Proceedings of the ACM on ProgrammingLanguages , vol. 3, no. POPL, pp. 1–27, 2019.[21] T. Coquand, S. Huber, and A. Mörtberg, “On higher inductive types incubical type theory,” in
Proceedings of the 33rd Annual ACM/IEEESymposium on Logic in Computer Science , ser. LICS ’18. New York,NY, USA: Association for Computing Machinery, 2018, p. 255–264.[Online]. Available: https://doi.org/10.1145/3209108.3209197[22] R. E. Møgelberg and N. Veltri, “Bisimulation as path type for guardedrecursive types,”
Proceedings of the ACM on Programming Languages ,vol. 3, no. POPL, pp. 1–29, 2019.[23] R. E. Møgelberg, “A type theory for productive coprogramming viaguarded recursion,” in
CSL-LICS , 2014, pp. 71:1–71:10.[24] R. Clouston, A. Bizjak, H. B. Grathwohl, and L. Birkedal, “Program-ming and reasoning with guarded recursion for coinductive types,” in
FoSSaCS , 2015.[25] ——, “Programming and reasoning with guarded recursion for coinduc-tive types,” in
Proceedings of FoSSaCS , 2015, pp. 407–421.[26] J. Hughes, L. Pareto, and A. Sabry, “Proving the correctness of reactivesystems using sized types,” in
Conference Record of POPL’96: The 23rdACM SIGPLAN-SIGACT Symposium on Principles of ProgrammingLanguages, Papers Presented at the Symposium, St. Petersburg Beach,Florida, USA, January 21-24, 1996 , 1996, pp. 410–423.[27] A. Abel and B. Pientka, “Wellfounded recursion with copatterns: Aunified approach to termination and productivity,” in
Proceedings ICFP2013 . ACM, 2013, pp. 185–196.[28] A. Abel, A. Vezzosi, and T. Winterhalter, “Normalization by evaluationfor sized dependent types,”
Proceedings of the ACM on ProgrammingLanguages , vol. 1, no. ICFP, pp. 1–30, 2017.[29] J. L. Sacchini, “Type-based productivity of stream definitions in thecalculus of constructions,” in , 2013, pp. 233–242.[30] N. Veltri and N. van der Weide, “Guarded recursion in agda viasized types,” in , 2019, pp. 32:1–32:19.[31] C. McBride and R. Paterson, “Applicative programming with effects,”
Journal of functional programming , vol. 18, no. 1, pp. 1–13, 2008.[32] R. Clouston, “Fitch-style modal lambda calculi,” in
International Con-ference on Foundations of Software Science and Computation Structures .Springer, 2018, pp. 258–275.[33] A. Bizjak, H. B. Grathwohl, R. Clouston, R. E. Møgelberg, andL. Birkedal, “Guarded dependent type theory with coinductive types,”in
International Conference on Foundations of Software Science andComputation Structures . Springer, 2016, pp. 20–35.[34] B. Ahrens, P. Capriotti, and R. Spadotti, “Non-Wellfounded Treesin Homotopy Type Theory,” in , ser. LeibnizInternational Proceedings in Informatics (LIPIcs), T. Altenkirch,Ed., vol. 38. Dagstuhl, Germany: Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, 2015, pp. 17–30. [Online]. Available:http://drops.dagstuhl.de/opus/volltexte/2015/5152[35] P. Dybjer, “Internal type theory,” in
International Workshop on Typesfor Proofs and Programs . Springer, 1995, pp. 120–134.[36] M. Hofmann, “Syntax and semantics of dependent types,” in
ExtensionalConstructs in Intensional Type Theory . Springer, 1997, pp. 13–54.[37] R. D. Licata, I. Orton, A. Pitts, and B. Spitters, “Internal universes inmodels of homotopy type theory,” in
Mathematical Structures in Computer Science ,vol. 30, no. 4, pp. 342–378, 2020.[41] J. Sterling and R. Harper, “Guarded computational type theory,” in
Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic inComputer Science , 2018, pp. 879–888.[42] K. Sojakova, “Higher inductive types as homotopy-initial algebras,”
SIGPLAN Not. , vol. 50, no. 1, p. 31–42, Jan. 2015. [Online]. Available:https://doi.org/10.1145/2775051.2676983[43] R. E. Møgelberg and M. Paviotti, “Denotational semantics of recursivetypes in synthetic guarded domain theory,” in
LICS , 2016.[44] M. Paviotti, R. E. Møgelberg, and L. Birkedal, “A model of pcf inguarded type theory,”
Electronic Notes in Theoretical Computer Science ,vol. 319, pp. 333–349, 2015.[45] M. Shulman, “Brouwer’s fixed-point theorem in real-cohesive homotopytype theory,”
Mathematical Structures in Computer Science , vol. 28,no. 6, p. 856–941, 2018. A PPENDIX
A. Omitted proofs Section IIIProof of Lemma 1.
Given f : ⊲ κ A → A , let p be thecorresponding proof of (6), then as mentioned the center ofcontraction for Σ( x : A ) . Path A ( x, f ( λ ( α : κ ) .x )) will be the pair ( fix κ f, p ) . Then for any other such pair ( h, p h ) we have to show ( fix κ f, p ) = ( h, p h ) , which is equivalent to Σ( q : fix κ f = h ) . q ∗ p = p h We define q by guarded recursion fix κ λ ( r : ⊲ κ ( fix κ f = h )) . ( p − , p − h ) ∗ ( ap f ( λi.λ ( α : κ ) .r [ α ] i )) We then proceed to prove q ∗ p = p h by first observing that itis equivalent to ( p, p h ) ∗ q = ap f ( λi.λ ( α : κ ) .q [ α ] i ) so that by expanding q by (6) on the left hand side andcanceling the transports we obtain the right hand side andthe proof is concluded. B. Omitted proofs Section IVProof of Lemma 2.
The case of composition is clear, andproducts follow from the fact that ∀ κ. ( A × B ) ≃ ( ∀ κ.A ) × ( ∀ κ.B ) . Likewise, the case of Π -types follows from the factthat ∀ κ. Π( a : A ) .B ≃ Π( a : A ) . ∀ κ.B which can be provedby commuting two arguments. In the case of Σ , since ∀ κ. ( − ) behaves as a function space from a type of clocks, one canprove ∀ κ. Σ( a : A ) .B ( a ) ≃ Σ( a : ∀ κ.A ) . ∀ κ.B ( a [ κ ]) ≃ Σ( a : A ) . ∀ κ.B ( a ) using the assumption that A is clock invariant in the lastequivalence. The case for universal quantification over clocksuses ∀ κ. ∀ κ ′ .A ≃ ∀ κ ′ . ∀ κ.A .In the case of guarded recursive types, first note that if F commutes with clock quantification, so does ⊲ κ F . This canbe proved using ∀ κ ′ . ⊲ κ A ≃ ⊲ κ ∀ κ ′ .A , the left to right map ofwhich maps a to λ ( α : κ ) . Λ κ ′ .a [ κ ′ ] [ α ] for α fresh. This map type checks because TimeLess ( κ ′ : clock ) = κ ′ : clock . Using this, we canprove by guarded recursion that X is clock irrelevant asfollows ∀ κ ′ .X ≃ ∀ κ ′ .F ( ⊲ κ X ) ≃ F ( ∀ κ ′ . ⊲ κ X ) ≃ F ( ⊲ κ ∀ κ ′ .X ) ≃ F ( ⊲ κ X ) using the guarded recursion assumption in the last line.In the case of path types, if x, y : A then ∀ κ. ( Path A ( x, y )) ≃ Path ∀ κ.A (Λ κ.x, Λ κ.y ) ≃ Path A ( x, y ) The first of these equivalences simply swaps the clock andinterval argument, the second uses the assumption that A isclock invariant, which means precisely that λa. Λ κ.a is anequivalence, and so preserves path types.Example 2 uses the following lemma. Lemma 5.
Let A be a clock irrelevant set and let X : P f ( A ) , a : A . Then a ∈ X is clock irrelevant.Proof. The proof is by induction on X , which is valid sincestatements of the form IsEquiv ( f ) are propositions. If X = { b } then a ∈ X is by definition Path A ( a, b ) , which is clockirrelevant by Lemma 2. If X = Y ∪ Z then a ∈ X is ( a ∈ Y ) × ( a ∈ Z ) which is clock-irrelevant by induction and Lemma 2.We now give a proof of Theorem 2. We will write unfold κ : LTS κ → P f ( A × ⊲ κ LTS κ ) for the equivalence associated with the guarded recursive type LTS κ . First note the following. Lemma 6.
The following diagram commutes up to pathequality.
LTS P f ( A × LTS ) LTS κ P f ( A × ⊲ κ LTS κ ) unfoldev κ P f ( A × f ) unfold κ where ev κ def = λx.x [ κ ] and f = λx.λ ( α : κ ) .x [ κ ] .Proof. The map unfold is defined to be the composition ofthe following maps ∀ κ. unfold κ : ∀ κ. LTS κ → ∀ κ. P f ( A × ⊲ κ LTS κ ) ϕ : ∀ κ. P f ( A × ⊲ κ LTS κ ) → P f ( A × ∀ κ. ⊲ κ LTS κ ) P f ( A × force ) : P f ( A × ∀ κ. ⊲ κ LTS κ ) → P f ( A × ∀ κ. LTS κ ) where ∀ κ. unfold κ ( x ) = Λ κ. unfold κ ( x [ κ ]) , ϕ is the witnessthat P f ( A × ( − )) commutes with clock quantification, and force : ∀ κ. ⊲ κ LTS κ → ∀ κ. LTS κ is the inverse to λx.λ ( α : ) .x up to path equality. By the latter, we get the followingsequence of path equalities P f ( A × f ) ◦ unfold = P f ( A × ev κ ) ◦ ϕ ◦ ∀ κ. unfold κ = ev κ ◦ ∀ κ. unfold κ = unfold κ ◦ ev κ as desired. Proof of Theorem 2.
Møgelberg and Veltri [22] prove thatpath equality coincides with bisimilarity for guarded recursivetypes. Using their results we can prove that, given x, y : LTSPath
LTS ( x, y ) ≃ ∀ κ. Path
LTS κ ( x [ κ ] , y [ κ ]) ≃ ∀ κ. Bisim κ ( x [ κ ] , y [ κ ]) (12)where the first equivalence uses functional extensionality foruniversal quantification over clocks and the second is [22,Corollary 5.4]. Here Bisim κ ( x, y ) = Sim κ ( x, y ) × Sim κ ( y, x ) where Sim κ ( x, y ) ≃ Π( x ′ : ⊲ κ LTS κ , a : A ) . ( a, x ′ ) ∈ unfold κ ( x ) →∃ y ′ : ⊲ κ LTS κ . ( a, y ′ ) ∈ unfold κ ( y ) × ⊲ ( α : κ ) . Sim κ ( x ′ [ α ] , y ′ [ α ]) We must compare this to bisimilarity of x and y which isdefined as ∀ κ. ( Sim κ ∀ ( x, y ) × Sim κ ∀ ( y, x )) where Sim κ ∀ ( x, y ) ≃ Π( x ′ : LTS , a : A ) . ( a, x ′ ) ∈ unfold ( x ) →∃ y ′ : LTS . ( a, y ′ ) ∈ unfold ( y ) × ⊲ ( α : κ ) . Sim κ ∀ ( x ′ , y ′ ) By an easy guarded recursive argument one can show that
Sim κ ∀ is a reflexive relation, and from this it follows that pathequality implies bisimilarity. To prove the other implication itsuffices to show that Π( x, y : LTS ) . Sim κ ∀ ( x, y ) → Sim κ ( x [ κ ] , y [ κ ]) and this statement is proved by guarded recursion. So sup-pose x, y : LTS and
Sim κ ∀ ( x, y ) . Suppose further that x ′ : ⊲ κ LTS κ , a : A and ( a, x ′ ) ∈ unfold κ ( x [ κ ]) . By Lemma 6this means that ( a, x ′ ) ∈ P f ( A × f )( unfold ( x )) where f = λx.λ ( α : κ ) .x [ κ ] . By [22, Lemma 4.1] there then (merely, i.e.in the sense of ∃ ) exists an x ′′ : LTS such that x ′ = f ( x ′′ ) ,i.e., x ′ = λ ( α : κ ) . ( x ′′ [ κ ]) (13)and ( a, x ′′ ) ∈ unfold ( x ) . By the assumption that Sim κ ∀ ( x, y ) there then merely exists a y ′′ : LTS such that ( a, y ′′ ) ∈ unfold ( y ) and ⊲ ( α : κ ) . Sim κ ∀ ( x ′′ , y ′′ ) . (14)Setting y ′ = f ( y ′′ ) then, again by [22, Lemma 4.1] ( a, y ′ ) ∈ P f ( A × f )( unfold ( y )) and so by Lemma 6, ( a, y ′ ) ∈ unfold κ ( y [ κ ]) . It remains to show that ⊲ ( α : κ ) . Sim κ ( x ′ [ α ] , y ′ [ α ]) which reduces to ⊲ ( α : κ ) . Sim κ ( x ′′ [ κ ] , y ′′ [ κ ]) using (13) and definition of y ′ . This follows by guardedrecursion from (14).We now give a proof of Theorem 1. It uses the followinglemma establishing the existence of a final F ◦ ⊲ κ -coalgebrafor any endofunctor F . Lemma 7.
Let F be an I -indexed endofunctor, then for all κ , the type ν κ ( F ) def = fix κ ( λX.F ( ⊲ κ X )) : I → U has a final F ◦ ⊲ κ -coalgebra structure, i.e., there is a map out κ : ν κ ( F ) → F ( ⊲ κ ν κ ( F )) , such that for all maps f : X → F ( ⊲ κ X ) thefollowing type is contractible Σ( h : X → ν κ ( F )) . out κ ◦ h = F ( ⊲ κ ( h )) ◦ f Proof.
The map out κ is given by the equivalence between afixpoint in the universe and its unfolding, so we also have aninverse ( out κ ) − . The functor ⊲ κ is locally contractible [10]in the sense that the action on morphisms factors as a com-position of two maps ( X → Y ) → ⊲ κ ( X → Y ) → ( ⊲ κ X → ⊲ κ Y ) and so also the mapping λh. ( out κ ) − ◦ F ( ⊲ κ ( h )) ◦ f factorsas a composition ( X → ν κ ( F )) → ⊲ κ ( X → ν κ ( F )) → ( X → ν κ ( F )) Then by uniqueness of fixpoints we get the contractibility of Σ( h : X → ν κ ( F )) . h = ( out κ ) − ◦ F ( ⊲ κ ( h )) ◦ f which in turn is equivalent to our goal by postcompositionwith out κ . Proof of Theorem 1.
We define the coalgebra out : ν ( F ) → F ν ( F ) as F ( force ) ◦ can − F ◦ ∀ κ ( out κ ) . Given any coalgebra f : X → F X , we can extend it to ˜ f κ : X → F ( ⊲ κ X ) forany κ . Then by lemma 7 we have that for any κ the type Σ( h : X → ν κ ( F )) . out κ ◦ h = F ( ⊲ κ ( h )) ◦ ˜ f κ is contractible. By clock quantification preserving contractibil-ity and commuting with Σ types we have that Σ( h : ∀ κ. X → ν κ ( F )) . ∀ κ. ( out κ ) ◦ h [ κ ] = F ( ⊲ κ ( h [ κ ])) ◦ ˜ f κ is also contractible. Then by ∀ κ. X → ν κ ( F ) ≃ X → ν ( F ) and that ( λκ. F ( ⊲ κ ( h [ κ ])) ◦ ˜ f κ ) = can F ◦ F ( force − ) ◦ F ( h ) we obtain the desired result. More details on the calculationscan be found in [23]. . Omitted proofs Section V To prove Theorem 3, we need the following lemma giv-ing an alternative description of the data of a compositionstructure. The lemma uses standard CwF notation writing p : ∆ .A → ∆ for the projection out of a comprehensionobject, and (less standard) notation σ.A : ∆ .A [ σ ] → Γ .A if σ : ∆ → Γ for the functoriality of comprehension in the firstcomponent defined in the language of CwFs as ( σ p , q ) . Lemma 8.
Let Γ be global element of U ω and let A : Γ → U ω .To give a composition structure on A corresponds to giving,for each global element ∆ of U ω and map σ : ∆ × I → Γ , anassignment expressed as the rule ∆ ⊢ ϕ : F ∆ . I . [ ϕ [ p ]] ⊢ u : A [ σ p ]∆ ⊢ u e : A [ σ ◦ ( id , e )] ∆ . [ ϕ ] ⊢ u e [ p ] = u [( id ∆ , e ) . [ ϕ ]]∆ ⊢ c σ ϕ u u e : A [ σ ◦ ( id , − e )] for each e ∈ { , } , natural in ∆ satisfying ∆ . [ ϕ ] ⊢ ( c σ ϕ u u e )[ p ] = u [( id , − e ) . [ ϕ ]] Proof.
Given e , to give the part of isFib corresponding to e corresponds to giving p : I → Γ ⊢ c : Comp e ( A ◦ p ) in the model. This in turn corresponds to an assignment ofmorphisms τ : ∆ → ( I → Γ) to terms δ : ∆ ⊢ c τ : Comp e ( A ◦ τ ( δ )) natural in ∆ . By uncurrying, the lattercorresponds to an assignment mapping σ : ∆ × I → Γ to δ : ∆ ⊢ c σ : Comp e ( A ◦ σ ( δ, − )) , also natural in ∆ . Byfurther uncurrying the arguments to the composition operatorand using similar naturality arguments in each case, we arriveat the description in the lemma. Proof of Theorem 3.
By Lemma 8 it suffices to give an as-signment mapping σ : ∆ × I → Γ to a rule ∆ ⊢ ϕ : F ∆ . I . [ ϕ [ p ]] ⊢ u : ( R A )[ σ p ]∆ ⊢ u e : ( R A )[ σ ◦ ( id , e )] ∆ . [ ϕ ] ⊢ u e [ p ] = u [( id ∆ , e ) . [ ϕ ]]∆ ⊢ c R Aσ ϕ u u e : ( R A )[ σ ◦ ( id , − e )] natural in ∆ and satisfying the equality of Lemma 8. Using ( R A )[ σ p ] = R ( A [ L ( σ p )]) the assumptions correspond to L (∆ . I . [ ϕ [ p ]]) ⊢ u : A [ L ( σ p )] L ∆ ⊢ u e : A [ L ( σ ◦ ( id , e ))] satisfying L (∆ . [ ϕ ]) ⊢ u e [ Lp ] = u [ L (( id ∆ , e ) . [ ϕ ])] (15)Since L preserves cofibrations, by the notation introduced afterDefinition 6, L (∆ . I . [ ϕ [ p ]] ∼ = L (∆ . I ) . [ L F ( ϕ [ p ])] as subobjectsof L (∆ . I ) . For simplicity we will leave this isomorphismimplicit. Moreover, since L preserves finite products and theinterval, there is an isomorphism ξ ∆ : L ∆ . I ∼ = L (∆ . I ) naturalin ∆ such that L ∆ L ∆ . I L (∆ . I ) ( id ,e ) L ( id ,e ) ξ ∆ (16) Then, since L ( σ p ) ◦ ξ ∆ . [ L F ( ϕ [ p ])] = L ( σ ) ◦ ξ ∆ ◦ pL (∆) . I . [ L F ( ϕ )[ p ]] ⊢ u [ ξ ∆ . [ L F ( ϕ [ p ])]] : A [ L ( σ ) ◦ ξ ∆ ][ p ] and by (16) L ∆ ⊢ u e : A [ L ( σ ) ◦ ξ ∆ ][( id , e )] We can therefore apply the composition structure for A asin Lemma 8 in the case of L ( σ ) ◦ ξ ∆ : L ∆ . I → L Γ , thecofibration L ∆ ⊢ L F ( ϕ ) : F , and the terms u [ ξ ∆ . [ L F ( ϕ [ p ])]] and u e , if only we can prove that L ∆ . [ L F ( ϕ )] ⊢ u e [ p ] = u [ ξ ∆ . [ L F ( ϕ [ p ])]][( id L ∆ , e ) . [ L F ( ϕ )]] Up to the isomorphism L ∆ . [ L F ( ϕ )] ∼ = L (∆ . [ ϕ ]) the contextprojection p equals Lp , and so in context L (∆ . [ ϕ ]) the lefthand side reduces to u e [ Lp ] . The right hand side reduces using(16) to u [ L ( id ∆ , e ) . L F ( ϕ )] which up to the isomorphism L ∆ . [ L F ( ϕ )] ∼ = L (∆ . [ ϕ ]) equals u [ L (( id ∆ , e ) . [ ϕ ])] , and so the required equality follows from(15). The composition structure for A therefore gives L ∆ ⊢ c AL ( σ ) ◦ ξ ∆ L F ( ϕ ) u [ . . . ] u e : A [ L ( σ ) ◦ ξ ∆ ◦ ( id , − e )] which, since A [ L ( σ ) ◦ ξ ∆ ◦ ( id , − e )] = A [ L ( σ ◦ ( id , − e ))] ,corresponds to a term ∆ ⊢ c R Aσ ϕ u u e : ( R A )[ σ ◦ ( id , − e )] To show the equality ∆ .ϕ ⊢ ( c R Aσ ϕ u u e )[ p ] = u [( id , − e ) . [ ϕ ]] is equivalent to showing L (∆ .ϕ ) ⊢ ( c R Aσ ϕ u u e )[ p ] = u [( id , − e ) . [ ϕ ]] which up to the isomorphism L (∆ .ϕ ) ∼ = L ∆ . [ L F ( ϕ )] corre-sponds to showing that the term L ∆ . L F ( ϕ ) ⊢ ( c AL ( σ ) ◦ ξ ∆ L F ( ϕ ) u [ ξ ∆ . [ L F ( ϕ [ p ])]] u e )[ p ] (17)equals L ∆ . L F ( ϕ ) ⊢ u [ L (( id , − e )) . [ L F ( ϕ )]] (18)By the equality rule for the composition structure on A , (17)equals u [ ξ ∆ . [ L F ( ϕ [ p ])]][( id , − e ) . [ L F ( ϕ )]] which equals (18) by (16). Lemma 9.
The category R Clk for
Clk considered an objectin
PSh ( T ) has coproducts.Proof. The coproduct of (( E ; δ ) , λ ) and (( E ′ ; δ ′ ) , λ ′ ) is theobject (( E ′′ ; δ ′′ ) , λ ′′ ) where λ ′′ is fresh, E ′′ is the disjointunion of E \ { λ } and E ′ \ { λ ′ } and { λ ′′ } and δ ′′ agrees with δ on E \ { λ } , with δ ′ on E ′ \ { λ ′ } and maps λ ′′ to the minimumof δ ( λ ) and δ ′ ( λ ′ ) . Proof of Theorem 4.
It remains to verify that ◭ preservesfinite products, the interval and cofibrations. Each component ◭ I, ( E ; δ ) , λ ) of ◭ is easily seen to be inhabited. If ( σ, ⋆ ) nd ( τ, ⋆ ) are two elements of ◭ I, ( E ; δ ) , λ ) , then both ofthese are related under the equivalence relation used in thedefinition of ◭ to ([ σ, τ ] , ⋆ ) , where [ σ, τ ] is the copairing of σ and τ out of the coproduct of their domains, which existsby Lemma 9. So ◭ preserves the terminal object.Writing [( σ, ( x, y ))] for the equivalence class representedby ( σ, ( x, y )) , the map ◭ ( A × B )( I, ( E ; δ ) , λ ) → ( ◭ A × ◭ B )( I, ( E ; δ ) , λ ) maps [( σ, ( x, y ))] to ([( σ, x )] , [( σ, y )]) . The inverse maps ([( σ, x )] , [( τ, y )]) to [([ σ, τ ] , ( inl ( x ) , inr ( y )))] .For the interval, the map p ◭ : ◭ I → I , which (as decribedin the main text) is defined as p ◭ ( σ, x ) = ( id , σ ) · x has aninverse which at ( I, ( E ; δ ) , λ ) maps x ∈ I ( I ) to ( σ, x ) where σ : ( E ; δ ′ ) → ( E ; δ ) is tracked by the identity and δ ′ agreeswith δ everywhere except at λ where it is one higher. Thisclearly preserves endpoints.For cofibrations, we first show that ◭ preserves pullbacksof cofibrations. Suppose that the diagram on the left below isa pullback with i and j cofibrations. C AD B aj ib ◭ C ◭ A ◭ D ◭ B ◭ a ◭ j ◭ i ◭ b We must show that also the diagram in the right is a pullback.Since F is constant in the time dimension, it follows, since i is a fibration that any naturality square of the form A ( I, ( E ; δ ) , λ ) A ( I, ( E ′ ; δ ′ ) , λ ′ ) B ( I, ( E ; δ ) , λ ) B ( I, ( E ′ ; δ ′ ) , λ ′ ) ( id ,σ ) · ( − ) i i ( id ,σ ) · ( − ) is a pullback. From this it follows that the square on the rightbelow is a pullback diagram. ◭ C ◭ A A ◭ D ◭ B B ◭ a ◭ j ◭ i p ◭ i ◭ b p ◭ By the pullback pasting diagram it therefore suffices to showthat the outer diagram is a pullback, which follows again bythe pullback pasting diagram applied to ◭ C C A ◭ D D B p ◭ ◭ j j a i p ◭ b and naturality of p ◭ .Suppose now that χ A : B → F classifies the cofibration i : A → B . A similar argument to the one above for I showsthat p ◭ : ◭ F → F is an isomorphism, which preserves truth.Then p ◭ ◦ ◭ ( χ A ) classifies ◭ i , so also ◭ i is a cofibration.As mentioned in the main paper, the timeless assumptionsin a context require a bit of care for the interpretation of the elimination rule for ⊲ ( α : κ ) .A . Recall that timelessassumptions are interval assumptions, clock assumptions andfaces. Because the timeless assumptions cannot depend onassumptions that are not timeless, there is a projection fromthe interpretation of Γ , α ′ : κ, Γ ′ ⊢ to the interpretationof Γ , α ′ : κ, TimeLess (Γ ′ ) ⊢ . The interpretation of thelatter can be proved isomorphic to the interpretation of Γ , TimeLess (Γ ′ ) , α ′ : κ ⊢ by the following lemma. Lemma 10.
Let Γ be an object of PSh ( R Clk) and let A bea family over Γ that is either a weakening of I or Clk or acofibration formed by induction using i = 0 , i = 1 for some i : Γ → I as well as disjunction and conjunction, true andfalse. Then ◭ (Γ .A ) ∼ = ( ◭ Γ) . ( A [ p ◭ ]) .Proof. In the case of A being I , we saw that I ∼ = ◭ I in theproof of Theorem 4, so ◭ (Γ . I ) = ◭ (Γ × I )= ◭ (Γ) × ◭ ( I )= ◭ (Γ) × I = ( ◭ Γ) . ( I [ p ◭ ]) using that ◭ preserves products. The case of A = Clk issimilar.In the case of A being a face defined as stated, we provethat the two presheaves are isomorphic as subobjects of ◭ Γ .In the case of A being i = e for e = 0 , , Γ .A is characterisedby a pullback diagram Γ .A I a ei Since ◭ preserves pullbacks of cofibrations, this implies thatthe outer square below is a pullback ◭ (Γ .A ) ◭ ◭ Γ ◭ I I a ◭ ( e ) e ◭ ( i ) p ◭ The lower composition equals i ◦ p ◭ by naturality of p ◭ ,and so we see that in this case ◭ (Γ .A ) satisfies the pullbacksquare satisfied by ( ◭ Γ) . ( A [ p ◭ ]) . For the case of disjunctionand conjunction it suffices to show that ◭ when applied tocofibrations preserve these. In the case of disjunction, thisfollows from ◭ being a left adjoint. In the case of conjunction,recall that conjunction of two subobject is defined by pullingback one along the other. Since ◭ preserves pullbacks ofcofibrations it therefore also preserves conjunction of these.The case of true is clear, and false follows by ◭ being a leftadjoint.We now sketch the interpretation of the elimination rule.The interpretation of the assumption Γ , TimeLess (Γ ′ ) ⊢ t : ⊲ ( α : κ ) .A corresponds bijectively to an element of J A K in con-text J Γ , TimeLess (Γ ′ ) , α : κ K by the bijective correspondenceof dependent right adjoints. By Lemma 10 this corresponds ton element of J A K in context J Γ , α : κ, TimeLess (Γ ′ ) K whichcan then be weakened to an element in context J Γ , α : κ, Γ ′ K . D. Composition Structure for Higher Inductive Types(Sect. VI-A)
Following [21], for any HIT δ : ∆ ⊢ H δ type we define itscomposition operation, comp , in terms of the trans and hcomp operations, resulting in the following judgemental equality rule comp i H δ [ ϕ u ] u ≡ hcomp i H δ [1 /i ] [ ϕ v ( i )] ( trans i H δ ϕ u ) where v ( i ) is trans j H δ [ i ∨ j/i ] ( ϕ ∨ i = 1) ( u i ) .Furthermore we include judgmental equalities for trans when applied to elements of the HIT built by homogeneouscomposition or by constructors. In Section . of [21], theauthors describe how trans computes when applied to con-structors specified by a signature of the form c : ( x : A ( δ ))( i : I ) → H δ [ ϕ e ] where A ( δ ) is a telescope including both non-recursive andrecursive arguments. They are able to treat both kinds ofarguments uniformly by working in a variation of cubical typetheory where trans and hcomp are the primitive operations forall types while comp is derived, so that they can use trans iA ( δ ) to transport all the arguments at once. We have kept comp as the primitive in our type theory, but we can reuse theirdescription as long as we show how to transport the argumentsfor the constructors in our schema, i.e., provide a replacementfor trans iA ( δ ) .Given a constructor declaration (Γ , Ξ , Ψ , ϕ, e ) and δ : I → ∆ we have to define trans i Γ[ δ i ] , Θ Ξ[ δ i ] , H ( δ i ) ψ ( t, a ) . The Γ[ δ i ] part of the telescope can be dealt with using comp , as shownin [21] by the definition of ctrans : a transport operationderived from composition. We are left with having to define trans i Θ Ξ[ δ i, ˜ t [ i ]] , H δ i ψ ( t, a ) where ˜ t connects t to the result oftransporting it. It is then sufficient to show how to transportelements of C ( i ) := Ξ k [ δ i, ˜ t [ i ]] → H δ i for each Ξ k in Ξ .Here we follow the recipe for transport in function types [39],like so trans iC ( i ) ψ a k = λξ. trans i H δ i ψ ( a k ( ctrans i Ξ k [ δ (1 − i ) , ˜ t [1 − i ]] ψ ξ )) where we make use of the fact that a k ( − ) is a subtreeof con ( t, a, i ) so it is well-founded to recursively transport.On top of the above, the transport operation commutes withhomogeneous composition, as described in Sect. 3.2 of [21]. E. Semantics for HIT’s
We provide semantics for any HIT definable in the schemawith a direct generalization of the method employed in [21]. Toeach HIT signature given we associate a notion of algebra. Aninitial such algebra is then constructed and shown to supportthe necessary structure to model the HIT. For this sectionwe denote objects of the time category by x, x ′ , . . . to avoidnotational clashes.Reflecting the syntax of higher inductive types, we willwork with homogeneous composition and transport separately. The semantic counterpoint to hcomp is the notion of a fibrancystructure. A fibrancy structure for a type global type A is anoperation taking a face ϕ : F , an element u : A and a path p : A I constant on ϕ and equal to u on I . It then producesan element h A ( ϕ, u , u ) : A which is equal to u (1) on extent ϕ .Consider a list of constructors ∆ ⊢ K constrs , consistingof constructors ( ℓ i , (Γ i ; Ξ i ; Ψ i ; ϕ i ; e i )) ∈ K for each ≤ i ≤ n , and let ∆ ′ ⊢ δ : J ∆ K . A K , δ -algebra is a presheaf A ∈ PSh ( C × T ) / ∆ ′ with a fibrancy structure h A , and foreach ( ℓ i , (Γ i ; Ξ i ; Ψ i ; ϕ i ; e i )) semantic constructors c Ai . A se-mantic constructor is a map c i : Π( γ : J Γ i K ( δ )) . ( J Ξ i K ( δ, γ ) → A ) → J Ψ K → A . Given such c Ai ’s, we can interpret the bound-ary conditions given by the constructors, and the semanticconstructors are subject to the boundary coherence conditionsgenerated by this interpretation.As in the syntax, we define the semantic boundary interpre-tation k−k by induction over the grammar for these terms. Wedenote the list of constructors in K before the i ’th constructorby K
The presheaf H is the initial K , δ -algebra foreach δ : ∆ . As a consequence, it has a unique map to anycubical type A with the structure of a K , δ -algebra.Proof. Let A be a K , δ -algebra with fibrancy structure h A and constructors semantic c i . We are tasked with producinga natural transformation e : H → A , and we define e ( u ) by induction on the structure of u : In the case where u = con i ( t, a, r ) , we define e ( u ) := c i ( t, e ( a ) , r ) , and in the case u = hcomp [ ϕ u ] u we define e ( u ) := h A ( ϕ, e ( u ) , e ( u )) .In both cases, e ( x ) is e applied levelwise to the family x .While making this definition, we have to verify naturality ateach stage, which follows in each case from the conditionson the c i ’s or the computational behaviour of the fibrancystructures. Lemma 12.
The presheaf H carries a composition structure. The proof of this lemma uses the fact that ∆ , Γ i and Ξ i,j allcarry transport structures. Given those we define a transportstructure on H by initiality, following the syntactic descriptionof the action of trans on constructors in Section D. Combiningthis with the homogeneous composition structure we concludethe proof by Lemma 5 of [21]. Proposition 1.
The presheaf H supports the dependent elim-ination principle of H . This follows from Lemma 11 as in [21].In addition to Lemma 12 and Proposition 1, we need toverify that H supports the formation and introduction rules,as well as the judgemental equalities These verifications areroutine. F. Proof of theorem 5
In the time category, we write λ k for the object ( { λ } , [ λ k ]) , i.e., for the single clock with k steps remaining. we write ι for the map ( I, x ) → ( I, x + λ k ) for the map given by the identity on the cube component and the inclusion on the timecomponent in C × T . Here + denotes the coproduct in thetime category, which is given by the coproduct of set maps.In the following we will work with introduction of severaldifferent fresh λ ’s, which we denote λ, λ ′ , . . . , and we denotethe corresponding inclusion maps by ι, ι ′ , . . . .The semantics of clock quantification of A is given by thesemantic Π over the clock object, ΠClk . J A K . It is shown in[40] this is equivalent at I, x, ρ to the limit lim n J A K ( I, x + λ n , ι · ρ ) with structure maps given by the map tick λ : ( I, x + λ n +1 , ι · ρ ) → ( I, x + λ n , ι · ρ ) . The map tick λ is given by the identitymaps, so it can be viewed as letting a single time step pass onthe clock λ . Nominally such a family depends on the choiceof fresh clock λ , but of course this dependence goes awaysince we have isomorphisms x + λ n ∼ = x + λ ′ n in the timecategory. Hence we will suppress the change of λ , as long asthese are fresh meaning that the environment variable is of theform ι · ρ .Given an element quantified over the clock object ( a n ) atstage ( I, x, ρ ) we can evaluate it at a clock in the context,say λ ∈ x . To do this we act on a n by the map [ λ ′ λ ] :( I, x + λ ′ n ) → ( I, x ) which is defined to be the identity on x and sends λ ′ to λ . This map exists when there is more than n ticks left on λ , or alternatively for large enough n . Notethat [ λ ′ λ ] factors as [ λ ′ λ ]( tick λ ) n − k where k is theamount of time left on λ . For element of ∀ κ.A this meansthat [ λ ′ λ ] · a n = [ λ ′ λ ]( tick λ ) n − k · a n = [ λ ′ λ ] · a k where the second equality uses the compatibility enforced bythe limit.We will now show a version of theorem 5, which assumesthat the input data is given semantically. Proposition 2.
Consider a context J ∆ K with a map ζ ∆ : J ∀ κ. ∆ K → J ∆ K , and a higher inductive type H in the context ∆ . We denote the constructors of H by ( ℓ i , (Γ i , Ξ i , Ψ i , [ ϕ ji M ji ]) , and assume given for each i the following:For each δ ∈ J ∀ κ. ∆ K , a natural bijection between elements γ ∈ J Γ i K ( I, x, ζ ∆ ( δ )) and families ( γ n ) ∈ J Γ i K ( I, x + λ n , δ n ) compatible with tick λ . We denote this bijection by ζ Γ i .For each δ ∈ J ∀ κ. ∆ K , family ( γ n ) ∈ J Γ i K ( I, x + λ n , δ n ) compatible with tick λ , λ ′ in x and n , a natural bijection ζ Ξ i,j ,n : J Ξ i K ( I, x, [ λ λ ′ ] · δ n , [ λ λ ′ ] · γ n ) ∼ = J Ξ i K ( I, x, ζ ∆ ( δ ) , ζ Γ i ( γ )) for each n, i and j .This data determines a map α from H ( I, x, ζ ∆ ( δ )) tofamilies indexed by n over H ( I, x + λ n , δ n ) compatible withthe tick λ map, provided that at each stage boundary conditionsare respected. The map α is an isomorphism.Proof. We write out the map determined by the given isomor-phisms following the syntactic construction in Appendix E,inducting on the structure of the input at ( I, x ) , fixing apecific δ ∈ J ∀ κ. ∆ K ( I, x ) . In other words, we are writingout the K , δ -algebra structure for J ∀ κ.H [ κ ] K .First we consider formal composition solutions, i.e., ele-ments of the form hcomp [ ϕ u ] u where each componentof u and u are indexed by ω . Explicitly, we have u ∈ H ( I, x, ζ ∆ ( δ )) and u f,r ∈ H ( J, x, f · ζ ∆ ( δ )) for each f : ( I, x ) → ( J, x ) assumed to be the identity onthe time component such that f · ϕ = ⊤ and r ∈ I ( J ) . Eachcomponent of u is itself an element of H with a strictly simplerstructure, so we can assume that α is defined on both u andeach u f,r . Hence we have α ( u )) n ∈ H ( I, x + λ n , δ n ) and ( α ( u f,r )) n ∈ H ( J, x + λ n , ( f + λ ) · δ n ) , so that ( α ( u f,r )) is a family indexed by and natural in n, f and r . We define ( α ( hcomp [ ϕ u ] u )) n = ( hcomp [ ϕ ( α ( u )) n ] ( α ( u )) n ) where α ( u ) means applying α to each u f,r , recursivelyobtaining at each n a well formed composition problem.For elements of the form con i ( t, a, r ) , we transform eachinput to the constructor into families indexed by n in thefollowing way: The first input is t ∈ J Γ i K ( I, x, ζ ∆ ( δ )) , whichcorresponds to a family over n via the inverse of ζ Γ i . Since theinterval variables do not depend on the time category input,we can directly include them at each stage.The family a j is indexed by a map f : ( I, x ) → ( J, x ′ ) and an element ξ ∈ Ξ j ( J, x ′ , f · ζ ∆ ( δ ) , f · t ) with a jf,ξ ∈ H ( J, x ′ , f · ζ ∆ ( δ )) . We need to instead produce an element of H ( J, x ′ , g · δ n ) for each g : ( I, x + λ n ) → ( J, x ′ ) and ξ ′ ∈ Ξ i ( J, x ′ , g · δ n , g · ( ζ − i ( t )) n ) . We will denote the constructedelement by ( α • a ) j,ng,ξ ′ .For each such g we can compose with the inclusion ι :( I, x ) → ( I, x + λ n ) to get a map of type ( I, x ) → ( J, x ′ ) .Write g ( λ ) = λ ′ . The map g factors as gι + λ n : ( I, x + λ n ) → ( J, x ′ + λ n ) composed with [ λ → λ ′ ] . In particular, this meansthat g · δ n = [ λ λ ′ ] · (( gι + λ n ) · δ n )= [ λ λ ′ ] · ( gι · δ ) n and similarly g · ζ − i ( t ) = [ λ λ ′ ] · ( gι · ζ − i ( t )) n . This meansthat the given ξ ′ sits in Ξ i ( J, x ′ , [ λ λ ′ ] · ( gι · δ ) n , [ λ λ ′ ] · ( gι · ζ − i ( t )) n ) , which is the correct shape of input for us to apply an instanceof ζ Ξ i,j ,k , namely the one for k being the amount of time lefton λ ′ . Applying this isomorphism we obtain ζ Ξ i,j ,n ( ξ ′ ) ∈ Ξ i,j ( J, x ′ , ζ ∆ ( gι · δ ) , gι · t ) . This allows us to pick out a component of the given family a ; specifically we obtain a jgι,ζ Ξ i,j,n ( ξ ′ ) ∈ H ( J, x ′ , ζ ∆ ( gι · δ )) .Since each component of a is structurally simpler than con i ( t, a, r ) , we can apply α to a jgι,ζ Ξ j ( ξ ′ ) . In doing so, we obtain a family ( α ( a jgι,ζ Ξ j ( ξ ′ ) )) indexed by n in H ( J, x ′ + λ ′′ n , ( gι · δ ) n ) taking λ ′′ to be the fresh clock introducedby α . We can evaluate this family at the λ ′ component of x ′ . Note here that [ λ ′′ λ ′ ] ι ′′ = id , so that this yields [ λ ′′ λ ′ ] · α ( a jgι,ζ Ξ i,j,n ( ξ ′ ) ) k ∈ H ( J, x ′ , [ λ ′′ λ ′ ] · ( gι · δ ) n ) ,which was the intended component of H since again, we have [ λ ′′ λ ′ ] · ( gι · δ ) n = g · δ n up to the action of the isomorphismrenaming λ to λ ′′ . We define ( α • a ) j,ng,ξ ′ = [ λ ′′ λ ′ ] · (cid:16) α ( a jgι,ζ Ξ i,j,n ( ξ ′ ) ) (cid:17) k . Now that we can transform each of the inputs to con i , wecan write α ( con i ( t, a, r )) = ( con i (( ζ − i ( t )) n , ( α • a ) , r ) . With the map written out, we can interpret boundary terms,although we leave it out here. We need to assume furtherthat the map preserves boundary terms, mirroring the syntacticdefinition of the map. Verifying that the map is natural needsto be done for each of the cases at each stage and requires theboundary coherence condition. We leave out the verificationhere.We show that α is injective by induction on the input. For hcomp elements we simply note that alpha is applied to everyindex of the input u and u , and we can assume that α isinjective on these. For the constructors we have to verify thata change in t , a or r means a change in α ( con i ( t, a, r )) . Thisis clear for r , and for t it follows from the fact that ζ Γ i is abijection. Consider now two families a, b which could be thesecond input to some con i at ( I, x, ζ ∆ ( δ )) . We want to showthat if ( α • a ) = ( α • b ) then a = b . This means that for given j , f : ( I, x ) → ( J, x ′ ) and ξ ∈ Ξ i,j ( J, x ′ , f · ζ ∆ ( δ ) , f · t ) weneed to show that a jf,ξ = b jf,ξ . By inductive hypothesis, α isinjective on the indices of the families, and hence it sufficesto show that ( α ( a jf,ξ )) k = ( α ( b jf,ξ )) k for all k ∈ N .To show this, we consider the map f + { λ λ ′′ } : ( I, x + λ k ) → ( J, x ′ + λ ′′ k ) , which is given by f on ( I, x ) and maps λ to λ ′′ , and the element ξ ′ = ζ − i,j ,k ( ι ′′ · ξ ) . One importantthing to note about the map f + { λ λ ′′ } is that ( f + { λ λ ′′ } ) ι = ι ′′ f . We need to verify that we can apply ζ − i,j ,k to ι ′′ · ξ , so we note that ι ′′ · ξ ∈ Ξ i,j ( J, x ′ + λ ′′ k , ζ ∆ ( ι ′′ f · δ ) , ι ′′ f · t ) so that we can indeed apply ζ − i,j ,k to it and obtain ζ − i,j ,k ( ι ′′ · ξ ) ∈ Ξ i,j ( J, x ′ + λ ′′ k , [ λ λ ′′ ] · ( ι ′′ f · δ ) k , [ λ λ ′′ ] · ( ζ − i ( ι ′′ f · t ) k ) . We want now to consider the component ( α • a ) j,nf + { λ λ ′′ } ,ξ ′ ,which requires that ξ ′ ∈ Ξ i,j ( J, x ′ + λ ′′ k , ( f + { λ λ ′′ } ) · δ k , ( f + { λ λ ′′ } ) · (( ζ − i t ) k ) . o see that this is the case, we consider the δ input where wenote that [ λ λ ′′ ] · ( ι ′′ f · δ ) k = [ λ λ ′′ ]( ι ′′ f + λ ) · δ k = ( f + { λ λ ′′ } ) · δ k . The second equality here follows from [ λ λ ′′ ]( ι ′′ f + λ ) =( f + { λ λ ′′ } ) which can be verified directly.Now we have by assumption that ( α • a ) j,nf + { λ λ ′′ } ,ξ ′ =( α • b ) j,nf + { λ λ ′′ } ,ξ ′ . Unfolding the definition of the left side,and denoting the fresh clock variable which α adds by λ , weget ( α • a ) j,n ( f + { λ λ ′′ } ) ,ξ ′ = [ λ λ ′′ ] · (cid:16) α ( a j ( f + { λ λ ′′ } ) ι,ζ Ξ i,j,k ( ξ ′ ) ) (cid:17) k = [ λ λ ′′ ] · (cid:18) α ( a j ( f + { λ λ ′′ } ) ι,ζ Ξ i,j,k ( ζ − i,j,k ( ι ′′ · ξ )) ) (cid:19) k = [ λ λ ′′ ] · (cid:16) α ( a j ( f + { λ λ ′′ } ) ι,ι ′′ · ξ ) (cid:17) k = [ λ λ ′′ ] · (cid:16) α ( a jι ′′ f,ι ′′ · ξ ) (cid:17) k = [ λ λ ′′ ] · (cid:16) α ( ι ′′ · a jf,ξ ) (cid:17) k = [ λ λ ′′ ]( ι ′′ + λ ) · (cid:16) α ( a jf,ξ ) (cid:17) k This determines (cid:16) α ( a jf,ξ ) (cid:17) k since the map [ λ λ ′′ ]( ι ′′ + λ ) = id + { λ λ ′′ } : ( J, x ′ + λ k ) → ( J, x ′ + λ ′′ k ) is an isomorphism.If we do the same unfolding on the other side and cancelthis isomorphism, we see that (cid:16) α ( a jf,ξ ) (cid:17) k = (cid:16) α ( b jf,ξ ) (cid:17) k asdesired.The surjectivity argument proceeds by induction on thestructure of the families over n in H ( I, x + λ n , δ n ) . Thisinduction is meaningful since such the structure at each pointin such a family is determined by the structure at 0, i.e.,families are either all hcomp elements or con i elements forsome fixed i . To see why this is the case, note that the familieshave to be compatible with the tick λ maps, which by definitionof H cannot change the type of the outer constructor.Consider a family of the form ( hcomp [ ϕ u n ] u n ) . Eachfamily ( u f,rn ) and ( u n ) is compatible with tick λ . At each n ,the pair f, r will consist of the cubical component of a map f ′ : ( I, x + λ n ) → ( J, x + λ n ) and an r ∈ I ( J ) . In particular,the possible f, r are the same as at stage ( I, x ) and do notdepend on n . By induction hypothesis these families are in theimage of α , say α ( v f,r ) = ( u f,rn ) and α ( v ) = ( u n ) . Then α ( hcomp [ ϕ ( v f,r )] v ) = ( hcomp [ ϕ u n ] u n ) , and theelement is in the image of α as desired.Consider now a family ( con i ( t n , a n , r )) indexed by n . Wenote immediately that the family t n is in the image of ζ Γ i ,and that the interval input is necessarily constant.To produce an element which is mapped to this family, ittherefore remains to find a family b such that ( α • b ) = a n . Herewe can run the same construction we used for injectivity inreverse, defining the family at each index j, f and ξ . Here f :( I, x ) → ( J, x ′ ) and ξ ∈ Ξ i,j ( J, x ′ , f · ζ ∆ ( δ ) , f · ζ − i ( t n )) and we need to produce a b jf,ξ ∈ H ( J, x ′ , f · ζ ∆ ( δ )) . Since we canassume by induction that α is surjective on families consistingonly of elements in the a n ’s, it is sufficient to provide a familyover n which specifies the image of the potential b f,ξ under α . Consider again the map f + { λ λ ′′ } : ( I, x + λ k ) → ( J, x ′ + λ ′′ k ) and the element ζ − i,j ,k ( ι ′′ · ξ ) ∈ Ξ i,j ( J, x ′ + λ ′′ k , [ λ λ ′′ ] · ( ι ′′ f · δ ) k , [ λ λ ′′ ] · ( ζ − i ( ι ′′ f · t ) k ) . We define a family s as follows: s j,f,ξ,n =( a jn ) ( f + { λ λ ′′ } ) ,ζ − i,j,k ( ι ′′ · ξ ) ∈ H ( J, x ′ + λ ′′ n , [ λ λ ′′ ] · ( ι ′′ f · δ ) k , ) which is almost the same family we considered in the injec-tivity proof. Here too we have that s j,f,ξ,k is in H ( J, x ′ + λ ′′ k , [ λ λ ′′ ] · ( ι ′′ · ( f · δ )) k ) . Since [ λ λ ′′ ] · ( ι ′′ · ( f · δ )) k is simply ( f · δ ) k up to a renaming of the fresh variable, suchfamilies over n in these sets is exactly the output type for α . Bysurjectivity of α on structurally simpler elements, this meansthat there exists some α − ( s j,f,ξ ) = b jf,ξ ∈ H ( J, x ′ , ζ ∆ ( f · δ )) such that α ( b jf,ξ ) = ( s j,f,ξ,n ) n ∈ N . We consider this as a familyover j, f and ξ , and this is the candidate b . To check that wehave a viable candidate, we need to verify that ( α • b ) = a n .Concretely, this means that for each j, n, g : ( I, x + λ n ) → ( J, x ′ ) and ξ ′ ∈ Ξ i,j ( J, x ′ , g · δ n , g · ( ζ − i ( t )) n ) we need ( α • b ) j,ng,ξ ′ = a jn,g,ξ ′ . As usual, λ ′ = g ( λ ) , k is the amount oftime left on λ ′ and here λ is the fresh clock variable addedby the application of α in the first step. ( α • b ) j,ng,ξ ′ = [ λ ′′ λ ′ ] · (cid:16) α ( b jgι,ζ Ξ i,j,n ( ξ ′ ) ) (cid:17) k = [ λ ′′ λ ′ ] · (cid:16) α ( α − ( s j,gι,ζ Ξ i,j,n ( ξ ′ ) )) (cid:17) k = [ λ ′′ λ ′ ] · s j,gι,ζ Ξ i,j,n ( ξ ′ ) ,k = [ λ ′′ λ ′ ] · ( a jk ) ( gι + { λ λ ′′ } ) ,ζ − i,j,k ( ι ′′ · ζ Ξ i,j,n ( ξ ′ )) = [ λ ′′ λ ′ ] · ( a jk ) ( gι + { λ λ ′′ } ) ,ι ′′ · ξ ′ = ( a jk ) [ λ ′′ λ ′ ]( gι + { λ λ ′′ } ) , [ λ ′′ λ ′ ] ι ′′ · ξ ′ = a jn, [ λ ′′ λ ′ ]( gι + { λ λ ′′ } ) ,ξ ′ = a jn,g,ξ ′ The last two equations follow from the equalities [ λ ′′ λ ′ ] ι ′′ = id : ( J, x ′ ) → ( J, x ′ ) and [ λ ′′ λ ′ ]( gι ′′ + λ k ) = g : ( I, x + λ k ) → ( J, x ′ ) , which are directly verified bycalculation.Since each component of b has the correct type by con-struction, it remains to verify naturality of this family, i.e.,that h · b jf,ξ = b jhf,h · ξ . By naturality of α , and therefore thepartially defined α − , we have that h · b jf,ξ = α − ( h · s j,f,ξ ) ,and this action is given by the componentwise action of h + λ ′′ n .It suffices to show that s is natural then, in the sense that · s j,f,ξ = s j,hf,h · ξ as families over a natural number. Giventhat each family a jn is natural, we therefore have that h · s j,f,ξ = (( h + λ ′′ n ) · ( a jn ) ( f + { λ λ ′′ } ) ,ζ − i,j,k ( ι ′′ · ξ ) )= (( a jn ) ( h + λ ′′ )( f + { λ λ ′′ } ) ,ζ − i,j,k (( h + λ ′′ ) ι ′′ · ξ ) )= (( a jn ) ( hf + { λ λ ′′ } ) ,ζ − i,j,k ( ι ′′ · ( h · ξ )) )= s j,hf,h · ξ as desired, where the last equality follows from the fact that ( h + λ ′′ )( f + { λ λ ′′ } ) = ( hf + { λ λ ′′ } holds.The natural correspondence αα