A Model of Clocked Cubical Type Theory in Psh(C × T)

arXiv:2102.01969v2 [cs.LO] 6 Aug 2021 NRAVEZZOSI, ANDREA diinlKyWrsadPrss yeter,Coinduction theory, Type Phrases: and Words Key Additional HT)adgaddrcrinalw o ipeprogramming simple for allows recursion guarded and (HITs) https://doi.org/ $15.00 XXXX-XXXX/2021/8-ART1 2021. IT Science, Computer of Department Vezzosi, Co Andrea of [email protected]; Department Møgelberg, Ejlers Rasmus [email protected]; mark, of Department Kristensen, Baunsgaard Magnus addresses: Authors’ MØGELBERG, EJLERS RASMUS KRISTENSEN, BAUNSGAARD MAGNUS clocks under induction coinductive via in definitions types inductive Higher HITs: Greatest euso a lob sdt rga ihadrao bu co about types. reason in and definitions with recursive program for required to condition used occ be negative also with can also recursion equations domain solving lo by separation features in recursion extensively to used currently approach is modal It indexing. powerful a is recursion Guarded uia yeTer,a ela eoainlsmnis Us semantics. denotational a as well as Theory, Type Cubical ytm.Freape u eut ml htbsmlrt f proofs. bisimilarity bisimilarity t that along as imply transported such results theory, our type example, For in systems. represent to hard traditionally are 03.Aohrrao sta rgamn n esnn bu coi impleme is about assistants proof reasoning most 2018 in and which programming al. checking, ductivity et that Frumin is reason 2019; Another al. 2013]. et [Chapman HITs quotient as or representable non-determinism), invo modelling often coalgebra (for in powerset interest countable of functors difficul the been of historically definition has the theory type and in with this programming Doing particular types. in and recursion, about reasoning oho hc aetaiinlybe adt ersn n work and represent to expre hard HITs been formalisations, traditionally direct have more which the of both in de and to torus, used the are these and theory homotopy synthetic In Inductive approaches: Higher formalis developments. direct based more set-theory as traditional well as approach theory, synthetic homotopy synthetic for by allowing ind mathematics, higher for and axiom foundation univalence a the with th 1984] is [Martin-Löf 2013] theory Program Foundations [Univalent theory type Homotopy INTRODUCTION 1 Cat Presheaf Semantics, Denotational Theory, Type Cubical computatio general of formulation the for recur allows guarded principle multi-clocked with theories type hav previous requirements in equival commutativity to Such up types. HITs coinductive with of commute to clocks over quantification hspprpeet h rttp hoycmiigmulti-cl combining theory type first the presents paper This h ido ahmtc hti atclryipratt h P the to important particularly is that mathematics of kind The mn u ehia otiuin sanwpicpeof principle new a is contributions technical our Among TUiest fCpnae,Denmark Copenhagen, of University IT TUiest fCpnae,Denmark Copenhagen, of University IT TUiest fCpnae,Denmark Copenhagen, of University IT i omdlpormiglnugswt advanced with languages programming model to gic ptrSine TUiest fCpnae,Denmark, Copenhagen, of University IT Science, mputer rteeipypt qaiy n opof a be can proofs so and equality, path imply these or rules. n in u u rsn omlto sa induction an as formulation present our but sion, o.1 o ,Atce1 ulcto ae uut2021. August date: Publication 1. Article 1, No. 1, Vol. , egories axioms as types inductive for formulated been e etp ffiieybaciglble transition labelled branching finitely of type he optrSine TUiest fCpnae,Den- Copenhagen, of University IT Science, Computer n h obnto fHge nutv Types Inductive Higher of combination the ing recs nismlicokdvrin guarded version, multi-clocked its In urrences. nvriyo oehgn emr,[email protected]. Denmark, Copenhagen, of University ure euso,Hge nutv Types, Inductive Higher Recursion, Guarded , nuto ne clocks under induction ce ure euso ihtefaue of features the with recursion guarded ocked neo ye,adi rca o h encoding the for crucial is and types, of ence htcnb ena nasrc omo step- of form abstract an as seen be can that n esnn bu onutv ye that types coinductive about reasoning and nutv ye,ecdn h productivity the encoding types, inductive tda o-oua ytci checks syntactic non-modular as nted o ubro esn.Oei that is One reasons. of number a for t ye HT)pa e oei both in role key a play (HITs) Types toso ahmtc,coe othe to closer mathematics, of ations vscntutossc sfiieor finite as such constructions lves cie pcssc stespheres the as such spaces scribed st ahmtc,a exemplified as mathematics, to es nvln onain Program Foundations Univalent ; sfe tutrsadquotients, and structures free ss P omnt fe involves often community OPL .Alo hs r nw obe to known are these of All s. ihi yetheory. type in with xeto fMri-ö type Martin-Löf of extention e cietps tcnb enas seen be can It types. uctive esnn bu coinductive about reasoning dcietpsivle pro- involves types nductive hsalw universal allows This . 1 1:2 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi that can lead to considerable overhead for programmers [Danielsson 2010]. A third reason is that bisimilarity, which is the natural notion of identity for coinductive types, rarely (at least provably) coincides with the built-in identity types of type theory, and thus proofs cannot be transported along bisimilarity proofs. Atkey and McBride [2013] suggested using guarded recursion with multiple clocks as a way of encoding productivity information in types, thus allowing for modular productivity checks. Guarded recursion uses a modal operator ⊲ (pronounced ‘later’) to encode a notion of time-steps in types. In the multiclocked version ⊲ is indexed by a clock variable ^. Guarded recursive types such as Str^ ≃ N×⊲^ Str^ are recursive types in which the recursion variable occurs only under a ⊲. In the case of Str^ the type equivalence above states that the head of a guarded stream is available now, but the tail only after a time step on clock ^. Guarded streams can be defined using a fixed point operator fix^ of type (⊲^ → ) → . In the case of Str^ the delay in the domain of the input precisely captures the productivity requirement for programming with streams. Guarded recursive types can themselves be encoded as fixed points on a universe type. Using universal def quantification over clocks, the coinductive type of streams can be encoded as Str = ∀^.Str^ . Guarded recursion originates with Nakano [2000] and has been the subject of much research lately,becauseit canbeseenasanabstractapproachtothestep-indexing techniques [Appel and McAllester 2001; Appel et al. 2007] often used to construct models for reasoning about advanced programming language features. In particular, the type variables in guarded recursive types can also appear in negative positions, and so can be used to provide models of untyped lambda calculus or solve the advanced type equations needed for modelling higher-order store [Birkedal et al. 2012]. For this reason, guarded recursion also plays a key role in the Coq framework Iris for higher-order concurrent separation logic [Jung et al. 2018]. A type theory combining guarded recursion with homotopy type theory will therefore provide a powerful framework, not just for coinductive reasoning but also for reasoning about recursion and advanced programming language features beyond the reach of traditional domain theory.

1.1 Clocked Cubical Type Theory This paper presents Clocked Cubical Type Theory, the first type theory to combine all the above mentioned features: Multi-clocked guarded recursion, HITs and univalence. Rather than basing this ontheoriginal formulationof homotopytypetheorywebuildonCubicalTypeTheory(CTT)[Cohen et al. 2018], a variant of HoTT based on the cubical model of type theory, and implemented in the Cubical Agda proof assistant [Vezzosi et al. 2019]. One reason for this choice is that the operational properties of CTT as well as the concrete implementation give hope for an implementation of our type theory. In fact we have already extended the implementation of Guarded Cubical Agda [Veltri and Vezzosi 2020] to support multiple clocks. Another is that the use of path types in CTT as the primitive notion of identity types, make for a simple implementation of the extensionality principle for the ⊲^ modality, an observation that goes back to Birkedal et al. [2019]. Clocked Cubical Type Theory extends CTT with the constructions of Clocked Type Theory (CloTT) [Bahr. et al. 2017], a type theory for multi-clocked guarded recursion. CloTT uses a Fitch- style approach to programming with the ⊲ modality. This means that elements of modal type are introduced by abstracting over tick variables U : ^ and eliminated by application to ticks. One benefit of this is that let-expressions are avoided, and these do not interact well with dependent types in general. For example, one can define a dependently typed generalisation of applicative action [McBride and Paterson 2008] operator of type

_5 ._~._(U :^).5 [U](~ [U]) : ⊲^ ( (G : ) .) → (~ : ⊲^) .⊲ (U :^).[~ [U]/G] (1)

Î Î , Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:3

In this term the tick variable U should be thought of as evidence that time has passed, which is used in subterms like ~ [U] to access the element of type delivered by ~ : ⊲^ in the next time step. CloTT has a single tick constant ⋄ that can be used for a controlled elimination of ⊲. Bahr. et al. [2017] define a strongly normalising operational semantics for CloTT, in which ⋄ unfolds fixed point operations. Since tick variables U can be substituted by ⋄, their identity is crucial for normalisation, but the tick irrelevance axiom states that all ticks are propositionally equal. When adding such axioms to a univalent type theory one should be careful, as a priori they introduce extra structure that one will eventually need to reason about. Ideally, an axiom like tick irrelevance should state that the type of ticks is propositional, i.e., that any two elements can be identified, any two paths between elements can be identified, and so on for higher dimensions. The standard way of ensuring this is that an axiom states that a certain map is an equivalence of types, or that a certain type is contractible. In Clocked Cubical Type Theory, there appears to be no such way of formulating the axiom, because ticks do not form a type. Instead we obtain tick irrelevance by enriching the language of ticks with paths tirrD E between any pair of tics D, E. This has the additional benefit that it allows for computational rules.

1.2 Induction under clocks We include HITs in Clocked Cubical Type Theory via a restricted version of the schema used by Cavallo and Harper [2019] in Cubical Computational Type Theory. This allows types to be defined inductively by giving constructors for elements and paths. For example, the finite powerset Pf can be defined as a HIT given by constructors for singletons, union, equalities stating associativity, commutativity and idempotency of union as well as an axiom forcing Pf (-) to bea hset [Frumin et al. 2018]. In Clocked Cubical Type Theory HITs can be used in coinductive definitions. For example, the coinductive solution to LTS ≃ Pf ( × LTS) can be understood as the type def of -labelled finitely branching transition systems and can be encoded as LTS = ∀^.LTS^ where ^ ^ ^ LTS ≃ Pf ( × ⊲ LTS ) is a guarded recursive type. The crucial ingredient ensuring correctness of this encoding is a type equivalence

∀^.Pf (-) ≃ Pf (∀^.-) (2) Such type equivalences have been stated as axioms for ordinary inductive types in previous type theories with multi-clocked guarded recursion. In this paper we show how to extend this to HITs and, moreover, provide computational content to such axioms, by introducing a notion of induction under clocks. In the case of Pf, this principle states that to inhabit a family over an element of type ∀^.Pf (-) it suﬃces to inductively describe the cases for elements of the form _^.con8 (?) for each constructor con8 for Pf , i.e., for _^.{0}, _^.G [^] ∪ ~ [^] and for equality constructors such as _^.idem(G [^],A), where idem implements idempotency of union. In these cases, G,~ are assumed to be of type ∀^.Pf (-). When verifying the type equivalence (2) the principle of induction under clocks is used both to constructthemapfromlefttoright,and toprove thatthecomposition on the left is the identiy. This principle implies correctness not just of the above encoding of LTS as a coinductive type, but also for the type stating bisimilarity of two elements of LTS. Moreover, we can prove that bisimilarity in this type coincides with path equality. The latter builds on a similar result for guarded recursive types proved by Møgelberg and Veltri [2019]. The results for LTS mentioned above hold for all types of labels that are clock-irrelevant, meaning that the map →∀^. is an equivalence for ^ fresh. In previous type theories for multi- clocked guarded recursion clock-irrelevance of all types has been taken as an axiom. Most types are clock-irrelevant, but ensuring this for universes require special care both syntactically and

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:4 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi semantically [Bizjak and Møgelberg2020]. In this paper we opt for a simpler solution, taking clock- irrelevance to be a side condition to the correctness of the encoding of coinductive types. Using the principle of induction under clocks we show that HITs constructed using clock-irrelevant types are themselves clock-irrelevant if they are sets.

1.3 Denotational semantics Mannaa et al. [2020] construct a model of CloTT in a category of presheaves over a category T of time objects.Building onthis we constructa modelofClockedCubical TypeTheoryin the category of presheaves over C × T where C is the category of cubes used in the presheaf semantics of CTT. This presheaf category satisfies the axioms described by Orton and Pitts [2018] for models of CTT in a canonical way, and so one can construct a model in it where types are interpreted as presheaves with a given composition structure. The main technical difficulty (not counting HITs) in extending this to Clocked Cubical Type Theory is constructing a composition structure for the operation modelling the ⊲^ modality. In CloTT, this is a Fitch-style modal operator and so is modelled by a dependent right adjoint [Clouston et al. 2020], and we prove a general theorem (Theorem 4) giving sufficient conditions for a composition structure to exist for a dependent right adjoint. We extend this model to the extended language of ticks used for the tick irrelevance axiom, and we verify the principle of induction under clocks in the model.

1.4 Overview of paper The paper is organised as follows. We start by recalling Cubical Type Theory in section 2, and section 3 extends this to Clocked Cubical Type Theory. The encoding of coinductive types using guarded recursion is recalled in section 4 which also details the example of labelled transition systems. The syntax and semantics for HITs in ClockedCubical Type Theory is presented in section 5, which also states principle of induction under clocks. The denotational semantics of Clocked Cu- bical Type Theory is given in section 6. Finally, we discuss related work in section 7, and conclude and discuss future work in section 8. This submission is accompanied by an appendix of omitted proofs for reviewers.

2 CUBICAL TYPE THEORY Cubical Type Theory (CTT)[Cohen et al. 2018] is an extension of Martin-Löf type theory which gives a computational interpretation to extensionality principles like function extensionality and univalence. It does so by internalizing the notion from Homotopy Type Theory that equalities are paths, by explicitly representing them as maps from an interval object. The interval, I,isnotatype but contexts can contain 8 : I assumptions and there is a judgement, Γ ⊢ A : I which speciﬁes that A is built according to this grammar

A,B ::= 0 | 1 | 8 | 1 − A | A ∧ B | A ∨ B where 8 is taken from the assumptions in Γ. Equality of two interval elements, Γ ⊢ A ≡ B : I corresponds to the laws of De Morgan algebras. A good intuition is to think of I as the real interval [0, 1] with A ∧ B and A ∨ B given by minimum and maximum operations. Given G,~ : , we write Path (G,~) for the type of paths between G and ~, which correspond to maps from I into which are equal to G or ~ when applied to the endpoints 0, 1 of the interval I.

Γ,8 : I ⊢ C : Γ ⊢ ? : Path (00,01) Γ ⊢ A : I

Γ ⊢ _8. C : Path (C [0/8],C [1/8]) Γ ⊢ ?A :

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:5

We sometimes write = or simply = as inﬁx notation for path equality, and use ≡ for judgemental equality. Path types support the usual V and [ equalities, but we also have that a path applied to 0 or 1 reduces according to the endpoints speciﬁed in its type.

(_8. C) A ≡ C [A/8] ? ≡ (_8.?8) ? 0 ≡ 00 ? 1 ≡ 01 def The path witnessing reﬂexivity is deﬁned as refl G = _8. G : Path (G, G), given any G : . It is also straightforward to provide a proof of function extensionality, as it is just a matter of reordering the arguments of the pointwise equality proof:

Γ ⊢ ? : Π(G : ). Path (5 G,6G)

Γ ⊢ _8._G.?G8 : PathΠ(G:). (5 ,6) Other constructions like transitivity, or more generally transport along path, require a further primitive operation called composition, which we now recall. Deﬁne ﬁrst the face lattice F, as the free distributive lattice with generators (8 = 0) and (8 = 1), and satisfying the equality (8 = 0)∧(8 = 1) = 0F. Explicitly, elements Γ ⊢ i : F are given by the following grammar, where 8 ranges over the interval variables from Γ:

i,k ::= 0F | 1F | (8 = 0)|(8 = 1) | i ∧ k | i ∨ k Given Γ ⊢ i : F we can form the restricted context Γ,i. Types and terms in context Γ,i are called partial, matching the intuition that they are only deﬁned for elements of Γ that satisfy the constraints speciﬁed by i. For example while a type 8 : I ⊢ type corresponds to a whole line, a type 8 : I, (8 = 0)∨(8 = 1) ⊢ type is merely two disconnected points. Given a partial element Γ,i ⊢ D : we write Γ ⊢ C : [i 7→ D] to mean the conjunction of Γ ⊢ C : and Γ,i ⊢ C ≡ D : . The composition operation is given by the following typing rule:

Γ ⊢ i : F Γ,8 : I ⊢ type Γ,i,8 : I ⊢ D : Γ ⊢ D0 : [0/8][i 7→ D[0/8]] Γ 8 ⊢ comp [i 7→ D] D0 : [1/8][i 7→ D[1/8]] the inputs D and D0 represent the sides and the base of an open box, while composition gives us the lid, i.e. the side opposite to the base. The behaviour of composition is speciﬁed by D whenever i is satiﬁed, and otherwise depends on the type , consequently when we introduce new type formers we will also give a corresponding equation for comp. As an example we can prove transitivity for paths with the following term:

Γ ⊢ ? : Path (G,~) Γ ⊢ @ : Path (~, I) 9 Γ ⊢ _8. comp [8 = 0 7→ G,8 = 1 7→ @9](?8) : Path (G,I)

The standalone syntax for partial elements is as a list of faces and terms [i1 D1,...,i= D=], but we will write [∨8i1 7→ [i1 D1,...,i= D=]] as [i1 7→ D1,...,i= 7→ D=]. We refer to Cohen et al. [2018] for more details on partial elements, composition, and the glueing construction. The latter is what allows to derive the univalence principle as a theorem, by turning a partial equivalence into a total one. Writing ≃ for the type stating that and are equivalent [Univalent Foundations Program 2013], univalence states that the canonical map of type =U → ≃ is itself an equivalence for any types , : U. We will use univalence in the rest of the paper, but we will not need to refer to a speciﬁc implementation, so we omit the details in this brief overview. From Homotopy Type Theory [Univalent Foundations Program 2013] we also recall the notion of homotopy proposition which are types for which any two elements are path equal, and homotopy set which are types whose path type is a proposition. This classiﬁcation extends to a hierarchy of truncation levels: We say is a homotopy (= + 1)-type when its path equality is an =-type, and is a (−2)-type when it is contractible, i.e. there is a 2 : such that all other elements are equal to

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:6 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi it. Given any type its propositional truncation kk0 is the least proposition that admits a map from . It can be defined as an Higher Inductive Type (HIT), which are inductive types defined by providing generators for both the type itself and its path equality. Another example of a HIT is the finite powerset [Frumin et al. 2018] of a type , which has generators for the empty set ∅, singletons {−}, union ∪, and equations stating that properties like associativity and commutativity of ∪, and finally constructors forcing the powerset to be a (homotopy) set. We will discuss HITs in more detail in section 5.

3 CLOCKED CUBICAL TYPE THEORY Clocked Cubical type theory extends Cubical Type Theory with the constructions of Clocked Type Theory [Bahr. et al. 2017; Mannaa et al. 2020], a type theory with Nakano style guarded recursion, multiple clocks and ticks. This means that the delay type operator is associated with clocks: ⊲^ is the type of data of type which is available in the next time step on clock ^. There are no operations on clocks, they can only be assumed by placing assumptions such as ^ : clock in the context, and abstracted to form elements of type ∀^.. The status of clock is similar to I in the sense that it is not a type, and so, e.g., clock → clock is not a wellformed type. In some examples below it is convenient to assume a single clock constant ^0, and this can be achieved by a precom- pilation adding this to the context. Similarly to function types, path equality in ∀^. is equivalent to pointwise equality, and clock quantiﬁcation preserves truncation levels. Ticks are evidence that time has passed on a given clock. Tick assumptions in a context separate a judgement such as Γ, U : ^, Γ′ ⊢ C : into a part (Γ) of assumptions arriving before the time tick U on the clock^ and the rest of the judgement that happens after. The introduction rule for ⊲ (U :^). in Figure 1 can therefore be read as stating that if C has type one time step after the assumptions in Γ, then _(U :^).C is delayed data of type . Because terms can appear in types in dependent type theory, U can appear in , and must therefore be mentioned in the type of _(U :^).C. In many cases, however, it does not, and we will then write simply ⊲^ for ⊲ (U :^).. Elimination for ⊲ (U : ^). is by application to ticks. There are two forms of ticks: simple ticks and forcing ticks. The judgement for simple ticks Γ ⊢ D : ^ { Γ′ states that D is a tick on the clock ^ in context Γ with residual context Γ′. The residual context consists of the assumptions that were available before the tick D. In the case of a tick variable U, these are the assumptions to the left of U as well as the timeless assumptions to the right of U. Timeless assumptions are interval and clock assumptions (8 : I and ^ : clock) as well as all faces, and the operation TL(Γ) computes the timeless assumptions of Γ. The assumption Γ′′ ⊑ Γ allows for further trimming of the residual context. The term C Γ′ [D] applies C to the simple tick D. The assumption that C is well-typed in the residual context Γ′ should be read as stating that it has the type ⊲ (U :^). before the tick D, and can therefore be opened after the tick D to produce something of type [D/U]. We will often omit ′ ′ the residual context Γ from the term, writing simply C [D] for C Γ′ [D]. Diﬀerent choices of Γ give the same term up to judgemental equality. As basic examples of programming with simple ticks we mention the dependently typed generalisation of applicative action (1) mentioned in the introduction, and the unit _G._(U :^).G : → ⊲^ (3) Note that this uses the rule for variables which allows these to be introduced from anywhere in the context, also across ticks. Some Fitch style modal type theories do not allow such introductions [Clouston 2018; Clouston et al. 2020]. The timelessness of the interval is needed to type the extensionality principle for ⊲ (U :^).(−)

Path⊲^ (G,~) ≃ ⊲ (U :^).Path (G [U],~ [U])

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:7

Context formation rules Γ ⊢ ^ ∉ Γ Γ ⊢ ^ : clock U ∉ Γ Γ,^ : clock ⊢ Γ, U : ^ ⊢ Type formation rules Γ, U : ^ ⊢ type Γ,^ : clock ⊢ type Γ ⊢ ⊲ (U :^). type Γ ⊢∀^. type Typing rules Γ,^ : clock ⊢ C : Γ ⊢ C : ∀^. Γ ⊢ ^ ′ : clock Γ, U : ^ ⊢ C : Γ ⊢ Λ^.C : ∀^. Γ ⊢ C [^ ′] : [^ ′/^] Γ ⊢ _(U :^).C : ⊲ (U :^).

Γ ⊢ D : ^ { Γ′ Γ′ ⊢ C : ⊲ (U :^). Γ ⊢ (^ ′,D) { Γ′ Γ′,^ : clock ⊢ C : ⊲(U : ^). ′ ′ Γ ⊢ C Γ′ [D] : [D/U] Γ ⊢ (^.C) Γ′ [(^ ,D)] : [(D :^ )/(U :^)]

Γ ⊢ C : ⊲^ → Γ ⊢ C : ⊲^ → Γ,U : ^ ⊢ : U ^ ^ ^ ^ ^ Γ ⊢ dfix C : ⊲ Γ ⊢ pfix C : ⊲ (U :^).Path ((dfix C)[U],C (dfix C)) Γ ⊢ ⊲ (U :^). : U

Γ,^ : clock ⊢ : U Γ ⊢ C : Γ ⊢ ≡ ^ : clock ∈ Γ G : ∈ Γ Γ ⊢ ∀^. : U Γ ⊢ C : Γ ⊢ ^ : clock Γ ⊢ G : Simple ticks Γ′′ ⊑ Γ Γ ⊢ D : ^ { Γ′ Γ ⊢ E : ^ { Γ′ Γ ⊢ A : I Γ,U : ^, Γ′ ⊢ U : ^ { Γ′′, TL(Γ′) Γ ⊢ tirr(D,E,A) : ^ { Γ′ Forcing ticks Γ′ ⊑ Γ Γ′ ⊢ ^ ′ : clock Γ′′ ⊑ Γ Γ ⊢ (^ ′, ⋄) { Γ′ Γ, U : ^ ′, Γ′ ⊢ (^ ′, U) { Γ′′, TL(Γ′)

Γ ⊢ (^ ′,D) { Γ′ Γ ⊢ (^ ′, E) { Γ′ Γ ⊢ A : I Γ ⊢ (^ ′, tirr(D,E,A)) { Γ′ Timeless assumptions TL(Γ, G : ) = TL(Γ) TL(Γ, U : ^) = TL(Γ) TL(Γ,8 : I) = TL(Γ),8 : I TL(Γ,^ : clock) = TL(Γ),^ : clock TL(Γ,i) = TL(Γ),i TL(·) = ·

Fig. 1. Selected typing rules for Clocked Cubical Type Theory. The rules for ticks use the relation ⊑ defined as Γ, TL(Γ′) ⊑ Γ, Γ′

where the left to right direction _?._(U :^)._8.? 8 [U] requires ?8 [U] to be welltyped in a context where 8 occurs after U. Atkey and McBride [2013] introduced the operator force : ∀^. ⊲^ → ∀^. as a controlled way of eliminating ⊲. In CloTT, force is implemented using a clock constant ⋄. Since CloTT has no

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:8 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Judgemental equalities on terms

C Γ [D] ≡ C Γ′ [D](^.C) Γ [(^,D)] ≡(^.C) Γ′ [(^,D)] (Λ^.C)[^ ′] ≡ C [^ ′/^] Λ^.(C [^]) ≡ C (_(U :^).C)[D] ≡ C [D/U] _(U :^).(C [U]) ≡ C (^._(U :^).C)[(^ ′,D)] ≡ C [(D :^ ′)/(U :^)](^.C)[(^ ′,D)] ≡(C [^ ′/^])[D] (^.dfix^ C)[(^ ′, ⋄)] ≡ C (dfix^ C)[^ ′/^] El (∀^.)≡∀^.El () (^.pfix^ C)[(^ ′, ⋄)] A ≡ C (dfix^ C)[^ ′/^] El (⊲ (U :^).) ≡ ⊲ (U :^).El () Judgemental equalities on ticks tirr(D,E, 0) ≡ D tirr(⋄, ⋄,A)≡⋄ tirr(D,E, 1) ≡ E

Fig. 2. Selected judgemental equality rules of Clocked Cubical Type Theory. The three [ rules are subject to the standard conditions of ^ and U, respectively, not appearing in the term C. As a consequence of the first two rules, the residual context is omied for tick application in the rules below. The 8th axiom listed assumes that ⋄ does not appear in D, so that D can be considered a simple tick. separate judgement for ticks, the rule for ⋄ is given by a rule for application of terms to ⋄: Γ,^ : clock ⊢ C : ⊲ (U :^). Γ ⊢ ^ ′ : clock Γ ⊢ (C [^ ′/^]) [⋄] : [^ ′/^] [⋄/U] (4) This rule can be understood as a closure of the rule Γ,^ : clock ⊢ C : ⊲ (U :^). Γ,^ : clock ⊢ C [⋄] : [⋄/U] (5) under substitution of ^ ′ for ^. Rule (5) can be proved admissible using (4) and is exactly what is required to type the force operator. The requirement that ^ be fresh for Γ in the hypothesis for C [⋄] ensures that terms such as _G.G [⋄] : ⊲^ → are not well typed. Such terms would, in combination with the ﬁxed point operator dfix, make the type theory inconsistent. Rule (4) has good operational properties [Bahr. et al. 2017] but the substitution of ^ ′ for ^ in C in the conclusion of the rule makes it hard to type check. The rule also does not faithfully represent the denotational semantics, and therefore Mannaa et al. [2020] interprets an elaborated syntax in which ^ is bound in C and the substitution of ^ ′ for ^ is replaced with an explicit substitution, leaving the information needed for reconstructing the typing tree in the term. We expect this new formulation preserves the operational properties proved for (4), but leave this for future work. In Clocked Cubical Type Theory force is implemented using forcing ticks: If ^ ′ is a clock in Γ ′ ′ then Γ ⊢ (^ , ⋄) { Γ is a forcing tick and so if Γ,^ : clock ⊢ C : ⊲(U : ^). then Γ ⊢ (^.C) Γ [(^ , ⋄)] : [(⋄ :^ ′)/(U :^)] is the application of C to ⋄. This construction binds ^ in C, and the substitution [(⋄ : ^ ′)/(U : ^)] is a special simultaneous substitution of the pair (⋄,^ ′) for the pair (U,^). In particular [(⋄ :^ ′)/(U :^)] commutes as expected with type and term formers, replacing each of U and ^ with ⋄ and ^ ′ as intended, but it will also have to turn a simple tick application like C [U] into a forcing tick application (^.C)[(^ ′, ⋄)] to preserve typing. This substitution operation was originally described in Mannaa et al. [2020], while a more detailed description of substitution for our theory can be found in the supplemental material.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:9

The construction tirr builds a path between any pair of ticks. This can be used to implement the tick irrelevance axiom discussed in subsection 3.2. Note that tick variables can also be forcing ticks. This allows for tirr to construct paths also between ⋄ and tick variables. The rules for judgemental equality (Figure 1) include standard V and [-rules for functions, clock abstraction and tick abstraction. Note that there are two V equalities for tick application, one for each kind of ticks. There is also a rule stating that if a forcing tick does not contain ⋄, application to it reduces to application to a simple tick. One consequence of this is that an [-rule for forcing tick application can be derived as follows

_(U :^ ′).((^.C)[(U,^ ′)]) ≡ _(U :^ ′).(C [^ ′/^][U]) ≡ C [^ ′/^]

Although we do not prove canonicity for our type theory, we set up equalities that we believe are necessary to compute canonical forms in contexts of free clock and interval variables, but not free tick variables. For example, tirr(⋄, ⋄,A) = ⋄ ensures that in a context with no tick variables all ticks are equal to ⋄.

3.1 Fixed points The operator dfix^ : (⊲^ → ) → ⊲^ computes ﬁxed points of productive functions. Using this, one can construct Nakano’s ﬁxed point operator as

def fix^ = _5.5 (dfix^ 5 ) : (⊲^ → ) → (6)

To ensure termination, fixed points do not unfold judgementally, except when applied to ⋄. As in Guarded Cubical Type Theory [Birkedal et al. 2019] we add a path pfix^ between a fixed point and its unfolding. Note that the right hand endpoint of pfix^C is fix^C and so, writing = as infix notation for path equality, we get

fix^C ≡ C (_(U :^).dfix^C [U]) = C (_(U :^).fix^C) (7) with this we can prove that ﬁxed points are unique, in fact the following stronger statement is true.

^ Lemma 1. For every 5 : ⊲ → the type Σ(G : ).Path (G, 5 (_(U :^).G)) is contractible. By lemma 1 the pair (dfix^C, pfix^C) is uniquely determined up to path, as it winesses that dfix^C is thefixed point of _G._(_:^).C G. Moreoever both dfix^ and pfix^ unfold when applied to ⋄, which means they will not be stuck terms in a context with no tick variables. The principles above can be used to encode guarded recursive types as fixed points on the universe. For example, assuming codes for products and natural numbers, we define

def Str^ (N) = fix^ (_- .N×⊲ (U :^).- [U]) and then by (7) Str^ (N) = N×⊲ (U :^).Str^ (N) (8)

def so, deﬁning Str^ (N) = El (Str^ (N)) gives the type equivalence

Str^ (N) ≃ N × ⊲^ Str^ (N) (9) by transport along the path equality (8).

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:10 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

3.2 Tick irrelevance and clock irrelevance Since ﬁxed points unfold when applied to ⋄, the identity of ticks is crucial for the operational properties of Clocked Type Theory, in particular for ensuring strong normalisation. However, on the extensional level the identity of ticks is irrelevant, and in CloTT this is stated as the tick irrelevance axiom which can be inhabited in Clocked Cubical Type theory using tirr:

^ def tirr (C) = _(U :^)._(V :^)._8.C [tirr(U,V,8)] : ⊲ (U :^).⊲ (V :^).Path (C [U], C [V]) (10) for C : ⊲^. Similar axioms can be constructed for forcing tick applications. One important application of tirr is in showing that def force = _G.Λ^.(^.G [^])[(^, ⋄)] : ∀^. ⊲^ →∀^. (11) def is a type equivalence with inverse force−1 = _G.Λ^._(U :^).G [^]: If G : ∀^. ⊲^ , then force−1 (force G) ≡ Λ^._(U :^).(^.G [^])[(^, ⋄)] = Λ^._(U :^).(^.G [^])[(^, U)] ≡ Λ^._(U :^).G [^][U] ≡ G where the path equality is witnessed by _8.Λ^._(U :^).(^.G [^])[(^, tirr(⋄,U,8))]. The ability of tirr to form a path between any two ticks allows us to prove coherency laws between different uses of tick irrelevance. For example we can construct fillers for boxes whose boundary is given by tick applications as in the lemma below. Lemma 2. Γ′ ⊲ Γ I { Γ′ Let ⊢ C : (U : ^). and ,80,...,8= : , i ⊢ D : ^ where i = :,1 (8: = 1) for : = 0,...,= and 1 = 0, 1. Then we have Γ,80,...,8= : I ⊢ [i 7→ [D/U]] type and a term Ô Γ,80,...,8= : I ⊢ filler(C,D) : [i 7→ C [D]]. For example, the lemma constructs a filler of the diagram below, thus constructing a path from the composition of tirr^ (C)[U][V] and tirr^ (C)[V][W] to tirr^ (C)[U][W], tirr^ (C) [V ] [W ] tirr^ (C) [U ] [V ] tirr^ (C) [U ] [W ] C [U ] Note that we do not assume the clock irrelevance axiom Γ ⊢ C : ∀^. ^ ∉ fc() ^ ′ ′′ ′ ′′ Γ ⊢ cirr C : ∀^ .∀^ .Path (C [^ ],C [^ ]) (12) often assumed in type theories with multi-clock guarded recursion [Bahr. et al. 2017; Bizjak et al. 2016]. Instead we will use the following definition. Definition 1. A type is clock-irrelevant if the canonical map → ∀^. (for ^ fresh) is an equivalence. If is clock-irrelevant it satisfies axiom (12), and assuming a clock constant the two statements are equivalent. Clock irrelevance is needed for the correctness of encodings of coinductive types. For example, using (9) one can prove ∀^.Str^ (N)≃ (∀^.N)×∀^.(⊲^ Str^ (N)) ≃ N ×∀^.Str^ (N) assuming N clock-irrelevant, and using that force is an equivalence. In this paper, rather than assuming all types clock irrelevant, we will prove clock-irrelevance for a large class of types and use this to construct final coalgebras for a correspondingly large class of functors.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:11

4 ENCODING COINDUCTIVE TYPES In the previous section we saw that the type ∀^.Str^ (N) satisfies the type equivalence expected of a type of streams. In this section we prove that (assuming N clock-irrelevant) this type also satisfies the universal property characterising streams, as a special case of a more general property. In Section 5 we will show that N is indeed clock-irrelevant (as a special case of Theorem 3) as are a large collection of inductive and higher inductive types. Here we essentially adapt the final coalgebra construction from Møgelberg [2014]. We recall some notions. Given a type consider the category1 → U of -indexed types whose type of objects is → U and whose morphisms from - to . is the type def - → . = Π(8 : ). El (-8) → El (.8) An -indexed endofunctor is an endofunctor on → U. Let be an -indexed endofunctor, an -coalgebra is a pair (-, 5 ) such that - : → U and 5 : - → -. We say an -coalgebra (.,6) is final if for all coalgebras (-, 5 ) the following type is contractible Σ(ℎ : - → . ).6 ◦ ℎ = (ℎ) ◦ 5 Using contractibility we address the fact that there can be more than one proof of path equality, as is also done by Ahrens et al. [2015]. If - : ∀^. ( → U) write ∀^.- for _(8 : ).∀^.(- [^] 8). Definition 2. Say that an -indexed endofunctor commutes with clock quantification if for all families - the canonical map can : (∀^.- [^]) →∀^. (- [^]) is a pointwise equivalence. For example, if : U the constant functor to commutes with clock quantification if and only if is clock-irrelevant. Lemma 3. The collection of endofunctors commuting with clock quantification is closed under composition, pointwise product, pointwise Π, pointwise Σ over clock irrelevant types, and pointwise universal quantification over clocks. If commutes with clock quantification then the guarded recursive type - satisfying - ≃ (⊲^-) is clock irrelevant. Any path type of a clock irrelevant type is clock irrelevant. The following theorem states that all such endofunctors have final coalgebras. The idea of this originates with Atkey and McBride [2013], and our proof is an adaptation the proof by Møgelberg [2014] of a similar statement in extensional type theory. It refers to the endofunctor ⊲^ , defined as the pointwise extension of the functor U → U mapping to ⊲ (U :^). for a fresh U. Theorem 1. Let be an -indexed endofunctor which commutes with clock quantification, and let def a^ () be the guarded recursive type satisfying a^ () ≃ (⊲^ (a^ ()). Then a () = ∀^.a^ () has a final -coalgebra structure. Example 1. In Section 5 we will prove that our model verifies that N is clock-irrelevant, and hence the functor (-) = N × - commutes with clock quantification. Theorem 1 then states correctness of the encoding of streams as ∀^.Str^ (N).

Example 2. Consider the functor (-) = Pf (×-), where Pf is the finite powerset functor defined as a higher-inductive type [Frumin et al. 2018], and is assumed to be a clock-irrelevant set. In Sec- tion 5 we will prove that Pf commutes with clock quantification, which implies that does the same.

1Here we mean the naive internal notion where the type of arrows is not necessarily truncated, but we also do not require higher coherences. Same for functor below.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:12 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Theorem 1 then gives an encoding of the final coalgebra for . This type plays an important role in automata theory as it describes the finitely branching -labelled transition systems. Let LTS^ denote ^ def ^ fixed point for ◦ ⊲ , let LTS = ∀^.LTS be the coinductive type and let unfold : LTS → Pf ( × LTS) be the final coalgebra structure. Suppose now G,~ : LTS and ' : LTS × LTS → U and define

Bisim∀(')(G,~) = Sim∀(')(G,~)× Sim∀(')(~, G) where def ′ ′ ′ ′ ′ ′ Sim∀(')(G,~) = Π(G : LTS, 0 : ).(0, G ) ∈ unfold(G)→∃~ : LTS.((0,~ ) ∈ unfold(~)) × '(G ,~ )

By Lemma 3, LTS is clock irrelevant, and an easy induction on - : Pf (×LTS) shows that the predicate (0, G ′) ∈ - is clock irrelevant. In Section 5 we will prove that propositional truncation commutes with clock quantification, and since ∃ in homotopy type theory is defined as the composition of truncation and Σ [Univalent Foundations Program 2013], putting all this together shows that Bisim∀(−) defines a clock invariant LTS × LTS-indexed endofunctor, and so Theorem 1 gives an encoding of bisimilarity as a coinductive type. Møgelberg and Veltri [2019] prove that path equality coincides with bisimilarity for guarded recursive types. Using their results we can prove the following. Theorem 2. Two elements of the type LTS from Example 2 are bisimilar if and only if they are path equal. Since both these statements are propositions, these are equivalent as types. We leave it to future work to generalise these results to a general statement about bisimilarity for coinductive types.

5 HIGHER INDUCTIVE TYPES We now extend Clocked Cubical Type Theory with higher inductive types, adapting a schema for declaration of these from Cavallo and Harper [2019] to our version of CTT. For simplicity we exclude indexed families, but the schema is still general enough to cover examples like spheres, pushouts, W-suspensions [Sojakova 2015], (higher) truncations, as well as ﬁnite and countable powersets. We ﬁrst present the schema and the introduction rules for HITs, then (subsection 5.2) we present our principle of induction under clocks, which generalises the elimination rule for HITs.

5.1 Introduction and formation The judgements of Figure 4 capture declarations of the form data H (X : Δ) where . . ℓ8 : (W : Γ)→(G : Ξ → H X)→(8 : Ψ) → H X [i 7→ 4] . . which list constructors and their types for a new datatype H, taking parameters in the telescope Δ. On top of the declared constructors every HIT also has an introduction form corresponding to 8 homogeneous composition, written hcompH X [i 7→ D] D0, where X is not allowed to depend on 8, as well as a transport operation. Following Coquand et al. [2018], the composition structure for H is given by combining these two operations. We refer to appendix A.5 for further details, but just recall that from the homogeneous composition operator one can derive a homogeneous ﬁlling

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:13

8 8 operator hfill [i 7→ D] D0 : Path (D0, hcomp [i 7→ D] D0) which provides a filler for the box specified by D and D0 and closed by homogeneous composition Huber [2017]. A constructor for H is specified by a tuple Δ; K ⊢ (Γ, Ξ, Ψ,i,4) constr where K lists the previously declared constructors. The telescope Γ lists the non-recursive arguments, and each Ξ in Ξ is the arity for a recursive argument. Path constructors further take a non-empty telescope of interval variables Ψ and have a boundary 4 specified as a partial element over the formula i. The judgements for telescopes are given in Figure 3. Note that these imply that all of Δ, Γ, and Ξ only contain variables of proper types, i.e., no interval, face, clock or tick assumptions. Only the boundary is allowed to refer to H and the previous constructors from K. We signify this by adding those as subscripts to the typing judgement for 4. Cavallo and Harper require the components " of the boundary to conform to a dedicated typing judgement, which restricts their shape and makes it possible to correctly specify the inputs to the dependent eliminator for H. For conciseness we replicate those restrictions with a grammar, Bndr(K, Θ), which specifies that a boundary term must be built either from an applied recursive argument G D, a previous constructor, or a use of hcomp. The side conditions D # Θ and C # Θ mean that those subterms must not refer to the variables from Θ. We also assume we have a code H X : U8 whenever the types in all of the Γ and Ξ telescopes in K have a code in U8 as well. We now give some concrete examples. For readability we write (ℓ, (Γ; (G : Ξ → H X); Ψ; [i1 7→ "1,...,i= 7→ "=])) in place of (ℓ, (Γ, Ξ, Ψ, ∨8i8, [i1 7→ "1,...,i= 7→ "=])). We also write ℓ rather than conℓ . def Example 3. Pushout. The context Δ contains the data of a pushout, i.e., Δ = ( : U)(5 : El ( → ))(6 : El ( → )). The pushout has two point constructors, and a path, none with recursive arguments. •(inl, ((0 : El ); ·; ·; [])) •(inr, ((1 : El ), ·; ·; [])) 8 = 0 7→ inl(5 2, ·, ·) • push, (2 : El); ·; (8 : I); 8 = 1 7→ inr(6 2, ·, ·) Sphere. We can encode the circle and higher spheres, S= for = ≥ 1, as a point and an =-dimensional surface •(base, (·; ·; ·; [])) 81 = 0 ∨ 81 = 1 7→ base(·; ·; ·) • surface, ·; ·; 8 : I=; . . .  8 = 0 ∨ 8 = 1 7→ base(·; ·; ·)   = =  © ©  ªª  Δ def= ®® Propositional and Higher Truncation. Let ( : U ), and write propositional truncation as kk0. « «  ¬¬ •(in, (El ; ·; ·; [])) 8 = 0 7→ 0 • squash, ·; (0 ,0 : kk ); (8 : I); 0 0 1 0 8 = 1 7→ 0 1 For higher truncations kk=, where = ≥ 0, we use the hub and spoke construction [Univalent Foundations Program 2013, Sect. 7.3], as the schema does not allow quantifying over paths of the HIT itself.2 Instead of squash then we have the following two constructors: =+1 •(hub, (·; (5 : S → kk=); ·; [])) =+1 =+1 •(spoke, ((G : S ); (5 : S → kk=); (8 : I); 4))

2We believe the semantics would support doing so, but it would complicate the schema.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:14 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

⊢ Ψ Γ0 ⊢ Γ0 ⊢ Γ tel Γ0, Γ ⊢ type

⊢· ⊢ Ψ,8 : I Γ0 ⊢· tel Γ0 ⊢ Γ, G : tel

Fig. 3. Telescope judgements.

def where 4 = [8 = 0 7→ 5 G,8 = 1 7→ hub(·,_~.5 ~, ·)].

Finite Powerset. The ﬁnite powerset Pf () can also be constructed within this schema, using constructions similar to the ones above, including the hub and spoke constructors to ensure that Pf () is set truncated. We spell out the declaration of the path constructor for commutativity of ∪ as we will reference it later 8 = 0 7→ - ∪ . • comm, ·, (-,. : P ()), (8 : I), f 8 = 1 7→ . ∪ -

5.2 Induction under clocks We now present the principle of induction under clocks. This is an elimination principle defining elements of dependent families of the form Γ,ℎ : ∀^.H (X [^]) ⊢ type for a vector of clock variables ^ by defining its action on elements of the form ℎ = _^.conℓ (C, 0, A) in such a way that boundary conditions are respected. In the case of an empty list of clock variables, this principle specialises to the elimination principle for HITs of Cavallo and Harper [2019], which we refer to as the usual elimination principle for . Figure 5 presents the rule along with judgemental equalities. The figure first defines the judgement Γ ⊢ E : K ⇀X for an elimination list E, which contains the premises necessary to handle the constructors in K. The case for K, (ℓ, (Γ, Ξ, Ψ,i,4)) requires an elimination list of the form E,D where E is an elimination list for K and D is an element of the type family at an index built with conℓ . In particular D is typed in a context extended with non-recursive arguments W : ∀^.Γ[X [^]], recursive arguments G : ∀^.(Ξ[X [^],W [^]] → H (X [^]), and interval variables 8 : Ψ for the constructor conℓ (W, G, 8), and also induction hypotheses~ : Π(b : ∀^.Ξ[X [^],W [^]]). [G [^] b [^]] about the variables G. The element D also needs to suitably match the boundary 4 whenever i is X satisfied. To express this we transform 4 : H X into 4 E,~ , the corresponding element of the family , built using the elimination list E to handle the previous constructors, and the induction hypotheses ~ to handle the recursive arguments G. ThisL M transformation satisfies the following typing principle, as can be verified by induction on 4. Lemma 4. Γ Δ Let 4 = [i0 "0,...,i=8 "=8 ] be the boundary condition for con8. Assume ⊢ X : ∀^. ; then the following typing holds:

Γ,W : ∀^.Γ8 [X [^]], G : ∀^.Ξ8 [X [^],W [^]] → H (X [^]), Ξ Ψ X ~ : (b : ∀^. [X [^],W [^]] → [G [^](b [^])], 8 : 8 ⊢ 4 E,G 7→~ : [_^.con8 (W [^], G [^], 8)] In the following examples we will see how instantiating induction underclockswith 1or0clocks L M respectively induces equivalences which prove that many HITs commute with clock abstraction. In particular, these examples verify the results used in section 4.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:15

Constructor declarations (presuppose ·⊢ Δ tel )

K = (ℓ1,1) . . . (ℓ=,=) (∀8) Δ; (ℓ1,1) . . . (ℓ8−1,8−1) ⊢ 8 constr Δ ⊢ K constrs

Δ ⊢ Γ tel (∀:) Δ, Γ ⊢ Ξ: tel ⊢ Ψ Ψ ⊢ i : F X : Δ, Γ, Ξ → H X, Ψ, i ⊢K,H X 4 : H X 4 = [i1 "1 ...i< "<] (∀:) ": ∈ Bndr(K; Ξ → H X) Δ; K ⊢ (Γ; Ξ; Ψ; i; 4) constr Grammar for boundary terms #," ∈ Bndr(K; Θ) ::= G D (G : ) ∈ Θ D # Θ

| conℓ (C, _b.", A)(ℓ,) ∈ K C # Θ | 9 [ 7→ ] hcompH X i " "0 Formation Γ ⊢ X : Δ Γ ⊢ H X type Introductions

(ℓ, (Γ; Ξ; Ψ; i; 4)) ∈ K Γ0 ⊢ X : Δ Γ0 ⊢ C : Γ[X] Γ0 ⊢ 0 : Ξ[X, C] → H X Γ0 ⊢ A : Ψ

Γ0 ⊢ conℓ (C, 0, A) : H X [i [A ] 7→ 4 [C, 0, A]]

Γ ⊢ X : Δ Γ ⊢ i : F Γ ⊢ D0 : H X [i 7→ D[0/8]] Γ 8 ⊢ hcompH X [i 7→ D] D0 : H X [i 7→ D[1/8]]

Γ ⊢ i : F Γ,8 : I ⊢ X : Δ Γ,8 : I,i ⊢ X ≡ X [0] : Δ Γ ⊢ D0 : H X [0] Γ 8 ⊢ transH X i D0 : H X [1][i 7→ D0]

Fig. 4. Schema for Higher Inductive Types, X : Δ ⊢ H X type. In the typing of the boundary 4 the subscript K, H X indicates that this judgement can refer to the labels from K and HX itself. The side conditions D#Θ and C#Θ specify that those terms should not mention variables from Θ. For further judgemental equalities for trans see Appendix A.5.

Example 4. Sphere. For the higher inductive =-sphere S= we can unfold the clock abstracted elimination list to the following rule: = Γ, G : ∀^.S ⊢ type Γ ⊢ D1 : [_^.base] = = Γ,8 : I ⊢ DB : [_^.surface(8)][80 = 0 ∨ 80 = 1 ∨···∨ 8= = 0 ∨ 8= = 1 7→ D1 ] Γ ⊢ C : ∀^.S

Γ ⊢ elim (D1,DB, C) : [C] Using this principle, we can deﬁne a map ∀^.S= → S= as follows: _^.base 7→ base _^.surface(8) 7→ surface(8) Here there is a boundary condition to verify, namely that the right hand side of the second line equals right hand side of the ﬁrst when any component of 8 is either 0 or 1. This unfolds to surface(8) = base,

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:16 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Elimination lists Γ0 ⊢ X : ∀^.Δ Γ0,ℎ : ∀^.H (X [^]) ⊢ type X Γ0 ⊢· : · ⇀

X Γ0 ⊢ E : K ⇀ Γ0,W : ∀^.Γ8 [X [^]], G : (∀^.Ξ8 [X [^],W [^]] → H (X [^])),~ : Π(b : ∀^.Ξ8 [X [^],W [^]]). [_^.G [^]b [^]], Ψ X 8 : ⊢ D(W,G,~, 8) : [_^.conℓ (W [^], G [^], 8)][i 7→ 4 E,~ ] X Γ0 ⊢ E,D : K, (ℓ, (Γ, Ξ, Ψ,i,4)) ⇀ L M Boundary interpretation [ ] X = [ X X ] i0 "0,...,i= "= E,G 7→~ i0 "0 E,G 7→~,...,i= "= E,G 7→~ X = G8 D E,G7→~ ~8 _^.D L ( ) XM = E [ L ( M [ ]) ] L M conℓ Cℓ, _b.", Aℓ E,G7→~ ℓ _^. Cℓ ^ , (, ', Aℓ L M where (8 = _^._b8 ."(b8 ) = X ( ) L M and '8 _b8 . "8 E,G 7→~ b8 [ 7→ ] X = : [ 7→ X [ / ]] X hcomp k " "0 E,G 7→~ comp [E] k " E,G 7→~ : 9 "0 E,G7→~ = L 8M where E8 hfill∀^.H (X [^ ]) [i 7→ D] D0 8 L M Induction under clocksL M L M Γ ⊢ X : ∀^.Δ Γ,G : ∀^.H (X [^]) ⊢ type Γ ⊢ E : K ⇀X Γ ⊢ D : ∀^.H (X [^])

Γ ⊢ elim (E,D) : [D] Judgemental equalities

elim (E, _^.conℓ (C, 0, A)) ≡ Eℓ [_^.C, _^.0, _b. elim (E, _^.0(b [^])), A] E 8 E E elim ( , _^.hcomp[i 7→ D] D0) ≡ comp [E8 ] [i 7→ elim ( , _^.D)] elim ( , _^.D0) = 8 where E8 hfill∀^.H (X [^ ]) [i 7→ D] D0 8

Fig. 5. The principle of induction under clocks. In the definiton of the boundary interpretation the notation Eℓ refers to the component of E for the label ℓ.

which is the boundary condition built into S=. This map can be shown to be an equivalence by showing that it is quasi inverse to the canonical map S= →∀^.S= which sends base to _^.base and surface(8) to _^.surface(8). For the round trip on S= it suffices to show that base and surface are fixed up to a path by the induction principle for S= and for the round trip on ∀^.S= it suffices to check that _^.base and _^.surface(8) are fixed up to a path by induction under clock abstraction. In both cases the desired condition is trivially true. Propositional and Higher Truncation. Propositional truncation has the following induction principle under clock abstraction:

Γ, G : ∀^.kk ⊢ type Γ ⊢ C : ∀^.kk Γ,0 : ∀^. ⊢ Din : [_^.in(0 [^])] Γ,E,F : ∀^.kk, ~ : [E],I : [F],8 : I ⊢ Dsquash : [_^.squash(E [^],F [^],8)][(8 = 0) 7→ ~,8 = 1 7→ I]

Γ ⊢ elim (Din,DB, C) : [C]

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:17

To show that propositional truncation commutes with clock quantification, define the map U : ∀^.k [^]k →k∀^. [^]k in the same style as in the above example: _^.in(0 [^]) 7→ in(0) _^.squash(E [^],F [^],8) 7→ squash(U (E), U (F),8) The second line has a recursive call to U for the recursive squash constructor and incurs a boundary obligation we need to take care of. Here we have to show that squash(U (E), U (F),8) reduces to U (E) on 8 = 0 and U (F) on 8 = 1. This is true by virtue of the reduction structure of squash. We can again show that this map is quasi inverse to the canonical map with the same general method: Let V be the canonical map in the opposite direction to U. On ∀^.k [^]k it suffices by induction under clocks to check that V(U (_^.in(0 [^]))) = _^.in(0 [^]) and V(U (_^.squash(E [^],F [^],8))) = squash(E,F,8). In the first case we have V(U (_^.in(0 [^]))) = V(in(0)) = _^.in(0 [^]) and in the second V(U (_^.squash(E [^],F [^],8))) = V(squash(U (E), U (F),8)) = _^.squash(V(U (E))[^], V(U (F))[^],8) and here we get the desired path from recursion. A similar argument shows that the other composition is path equal to the identity via the usual induction principle for propositional truncation. Higher truncations have a similar flavor. Instead of the squash constructor we now have the hub and spoke constructors, so we replace the squash case above with the two clauses below: = = Γ, 5 : ∀^.(S → kk), 6 : Π(I : ∀^.S ). [5 [^](I [^])] ⊢ Dhub : [_^.hub(5 [^])] Γ,~ : ∀^.S=, 5 : (∀^.S= → kk),6 : Π(I : ∀^.S=). [5 [^](I [^])] ⊢

Dhub : [_^.spoke(~ [^], 5 [^],8)][8 = 0 7→ 6(~),8 = 1 7→ Dhub (5 )] The spoke constructor provides a path between maps from the sphere into the truncation to the constant map at the hub of the given one. Accordingly, Dspoke provides evidence that the assumed inhabitants of the type over the image of such a map can themselves be contracted to the inhabitant over the appropriate hub. The extended clock elimination list allows for deﬁning a map ∀^.k [^]k= → k∀^. [^]k= as above, which again can be shown to be an equivalence with the two available induction principles. Pushout. For the pushout, we can write out clock abstracted induction as the following rule:

Γ, G : ∀^.( ⊔ ) ⊢ type Γ ⊢ C : ∀^.( ⊔ ) Γ,~; : ∀^. ⊢ Dinl : [_^.inl(~; [^])] Γ,~A : ∀^. ⊢ Dinr : [_^.inr(~A [^])] Γ,~? : ∀^.,8 : I ⊢ Dpush : [_^.push(~? [^],8)][8 = 0 7→ Dinl (_^.5 (~? [^])),8 = 1 7→ Dinr(_^.6(~? [^]))]

Γ ⊢ elim (,C,Dinl,Dinr,Dpush) : [C] The pushout type has parameters which are not types, so commuting with clock quantification takes on a slightly more complicated meaning. It requires that ∀^. ⊔ is isomorphic to the pushout of ∀^. and ∀^. under the maps ∀^. →∀^. and ∀^. →∀^. given by the functorial action of ∀^ on maps 5 and 6. This is shown as in the other examples, using the above rule to define a map quasi inverse to the canonical map (∀^.) ⊔(∀^.) (∀^)→∀^.( ⊔ ). Finite Powerset. While the full rule for the finite powerset not enlightening, we will briefly remark upon how to make formal sense of the intuitive explanations given earlier. Induction under clocks

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:18 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi means that type families over ∀^.Pf (-) can be inhabited by inhabiting it at abstracted constructors of Pf. More concretely, the clock elimination list will in this case contain the terms seen before, i.e.,

Γ,G : ∀^. [^] ⊢ D {−} : [_^.{G [^]}] ′ ′ ′ ′ ′ ′ Γ,G,G : ∀^.Pf ( [^]),~ : (G),~ : (G ) ⊢ D∪ (G,G ,~,~ ) : (_^.G [^] ∪ G [^]) (8 = 0) 7→ D (G,G,~,~) Γ,G : ∀^.P ( [^]),~ : (G),8 : I ⊢ D (G,~,8) : (_^.idem(G [^],8)) ∪ f idem (8 = 1) 7→ ~ as well as such terms for the other constructors of the ﬁnite powerset. In particular, it will contain the hub and spoke constructors derived from S1, towards obtaining a set type. Finally, this principle shows that there is an equivalence Pf (∀^.)≃∀^.Pf () as required for the encoding of labelled transition systems. As a step towards reintroducing clock-irrelevance as an axiom, one would need to show that the collection of clock irrelevant types is closed under HIT formation. We prove this just in the case of sets, but conjecture that it holds for all HITs. As a special case N is clock-irrelevant as needed for the encoding of streams of N.

Theorem 3. Let X : Δ ⊢ H X type be a higher inductive type. Assume that for each 8 and 9, Γ8 and Ξ8,9 are clock irrelevant. If H X is a set it is also clock irrelevant.

6 DENOTATIONAL SEMANTICS Thestandard models of both Cubical Type Theoryand ClockedType Theory are based on presheaf categories. In this section we recall these models and show how to model the combined Clocked Cubical Type Theory in a presheaf category over the product of the categories used in the interpretations of Cubical and Clocked Type Theory. One of the challenges in constructing the model is to equip the types of Clocked Type Theory (such as ⊲ (U :^).) with composition structures as required to model types in Cubical Type Theory. In this paper, following the convention of Mannaa et al. [2020] (but breaking with the convention of Cohen et al. [2018]) we will work with covariant presheaves. Recall that a covariant presheaf over a category C is a family of sets - (2) indexed by objects of C together with a map mapping 5 : 2 → 2 ′ in C and G ∈ - (2) to 5 · G ∈ - (2 ′), respecting identities and composition:

id2 · G = G 6 ·(5 · G) = (65 )· G (13) We write PSh(C) for the category of covariant presheaves on C. We recall the notion of Category with Family (CwF) [Dybjer 1995] a standard notion of model of dependent type theory. Definition 3. A category with family comprises: (1) A category C. We use Γ, Δ to range over objects of C (2) A functor Fam : Cop → Set. Elements ∈ Fam(Γ) are referred to as families over Γ. If f : Δ → Γ and ∈ Fam(Γ) we write [f] for Fam(f)() (3) A functor El associating to each Γ and each ∈ Fam(Γ) a set El() of elements of , and to each f : Δ → Γ a mapping (−)[f] : El() → El([f]). (4) A comprehension operation mapping a family over Γ to an object Γ. such that maps Δ → Γ. correspond bijectively to pair of maps f : Δ → Γ and elements C ∈ [f], naturally in Δ. We often refer to a CwF simply by the name of the underlying category C. A CwF gives rise to a model of dependent type theory [Hofmann 1997] in which contexts are modelled as objects of C, types as families and terms as elements. Recall that any presheaf category is the underlying category of a CwF where families over an object Γ are indexed families of sets - (2,W) for W ∈ Γ(2)

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:19 with maps 5 ·(−) : - (2,W) → - (2 ′, 5 ·W) satisfying the equations (13), and elements are assignments mapping each W ∈ Γ(2) to C (W) ∈ - (2,W) such that C (5 · W) = 5 · C (W). We recall also the category Γ of elements for a covariant presheaf Γ over a category C. Thishas as objects pairs (2,W) where W ∈ Γ(2) and morphisms from (2,W) to (2 ′,W ′) morphisms 5 : 2 → 2 ′ ∫ such that 5 ·W = W ′. Note that a family over Γ is precisely the same as a presheaf over Γ. We will also use the equivalence ∫ PSh(C)/Γ ≃ PSh( Γ) (14) which states that a slice of a presheaf category is itself a∫ presheaf category. 6.1 Modelling Cubical Type Theory The standard model of Cubical Type Theory [Cohen et al. 2018] uses presheaves over the category of cubes. Here, since we use covariant presheaves, we will write C for the opposite of the category used by Cohen et al. [2018]. So C has as objects finite sets , , and as morphisms from to maps 5 : → dM( ) where dM( ) is the free de Morgan algebra on the set . Composition is the standard Kleisli composition, using the fact that dM(−) is a monad. From the model construction def we recall in particular the interval object I() = dM(), representing the singleton set, and the face lattice F, which at stage is the free distributive lattice generated by elements (8 = 0) and (8 = 1) for each 8 ∈ , and relations (8 = 0)∧(8 = 1) = ⊥F. This model construction can be extended work for any category of the form PSh(C × D). To do so we rely on the Orton and Pitts’ axiomatisation of models of CTT [Licata et al. 2018; Orton and Pitts 2018]. Rather than recalling these axioms, we recall the sufficient conditions sum- marised by Coquand et al. [2020] for a presheaf topos to satisfy these axioms. These conditions are as follows. • The interval object I is connected, and a bounded distributive algebra structure with distinct 0 and 1 elements. Exponentiation by I has a right adjoint. • The canonical map from F to the subobject classifier is a monomorphism, and the universal cofibration ⊤ : 1 → F is a levelwise decidable inclusion. Monomorphisms that can be described as pullbacks of the latter are referred to as cofibrations. The interval endpoint in- clusions 0, 1:1 → I must be cofibrations, and cofibrations must be closed under finite union (finite disjunction), composition (dependent conjunction), and universal quantification over I. A cubical model is a presheaf category satisfying the axioms above. In PSh(C × D), defining both objects as constant on the D component, using the corresponding objects in PSh(C) def def I(,3) = I() F(,3) = F() make PSh(C × D) a cubical model, as also observed by Coquand et al. [2020]. Given such a model, Orton and Pitts [2018] express the structure sufficient to model CTT using the internal language of the presheaf topos as an extensional type theory. We recall here some definitions that will be relevant later. We assume a l +1 long hierarchy of Grothendieck universes, leading to a corresponding hierarchy of universes a la Russell U8 in the internal language, each classifying presheaves of the appropriate size.

Definition 4. A CCHM ﬁbration (, U) over a type Γ : Ul is a family : Γ → Ul with a ﬁbration structure U : isFib Γ where def isFib Γ = (4 : {0, 1})(? : I → Γ) → Comp 4 ( ◦ ?) def Comp 4 = (i : F)(D : [i]→(8 : I) → 8) → {D0 : 4 | i ⇒ D 4 = D0} → {D1 : 4 | i ⇒ D 4 = D1}

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:20 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi where 4 sends 0: I to 1 and vice versa. Notice Comp 0 closely matches the signature of the composition operation from CTT. We can then build the following Category with Families of ﬁbrant types, which we call Fib:

• A context Γ is a global element of Ul . • A family over Γ is a global CCHM fibration over Γ. • An element C of a family (, U) over Γ is a global element of (W : Γ) → W. it then follows that Fib models the type formers of Cubical Type Theory. Remark 1. Cubical Type Theory as presented by Cohen et al. [2018] includes specific judgemental 8 equalities for the composition operator comp according to the shape of , matching the behaviour of the given fibration structures in their model. The constructions by Orton and Pitts [2018] do not necessarily produce fibration structures that satisfy the same equalities. One way to deal with this is to use alternative formulations of these rules [Huber 2017; Vezzosi et al. 2019]. Since these equalities are mainly relevant for operational properties of CTT, we will ignore this issue in this paper.

6.2 Modelling Clocked Cubical Type Theory In the previous section we saw how to model Cubical Type Theory in any category of the form PSh(C × D). We now define the category T of time objects and extend the model to a model of Clocked Cubical Type Theory in PSh(C × T). The objects of T are pairs (E; X), where E is a finite set (to be though of as a set of semantic clocks), and X : E → N is a map associating to each clock a finite amount of time steps that are left on that clock. A morphism f : (E; X)→(E′; X ′) is a map f : E → E′ such that X ′f ≤ X in the pointwise order. This can be understood as a generalisation of the topos of trees model PSh(lop) of guarded recursion [Birkedal et al. 2012], where the indexing category is restricted to objects where the first component E is a singleton. The category PSh(T) has previously been used to model type theories with guarded recursion and multiple clocks [Bizjak and Møgelberg 2020; Mannaa et al. 2020], and (in a slight variation) Guarded Computational Type Theory [Sterling and Harper 2018]. The category PSh(C × T) has an object of clocks Clk defined as Clk(, (E; X)) = E. The can be used to model assumptions of the form ^ : clock in contexts, and the types ∀^. can be modelled as Π-types. To model ⊲, recall that this is a Fitch-style modal type operator and that these can be modelled using dependent right adjoint types [Clouston et al. 2020]. Definition 5. Let C, D be CwFs and let L : C → D be a functor between the underlying categories. A dependent right adjoint to L is a mapping associating to a family over LΓ a family R over Γ and a bijective correspondence between elements of and elements of R, both natural in Γ. The naturality requirement for R means that if W : Γ′ → Γ and is a family over LΓ, then (R)[f] = R([Lf]). Writing (−) for both directions of the bijective correspondence on elements, the naturality condition for this means that if C is an element of over LΓ, then C [W] = C [LW], and similarly for the opposite direction. Given an endofunctor L on a CwF C as well as a dependent right adjoint R to L, one can model a Fitch-style modal operator by modelling extensions of contexts with ticks by L and the modal operator by R. In the case of Clocked Type Theory, the ticks, as well as the modal operators are indexed over an object Clk in the model: Semantically, the hypothesis Γ ⊢ ^ : clock of the context extension rule for Γ,U : ^ ⊢ corresponds to an element of the slice category over Clk. By (14) the slice category over Clk is itself a presheaf category and therefore carries a natural CwF structure. In fact, if j : Γ → Clk is an object in the slice category, then families over j in the slice category correspond bijectively to families in PSh(C × T) over Γ. Exploiting this, Mannaa et al. [2020]

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:21 describe how to model ticks on clocks using a dependent right adjoint ◮ to an endofunctor ◭ on the slice category over Clk. In this model Γ, U : ^ ⊢ is interpreted as the domain of ◭( Γ , ^ ) and ⊲ (U : ^). as the dependent right adjoint ◮ applied to . The bijective correspondence on Γ elements then models the bijective correspondence between terms , U : ^ ⊢ C : andJ K termsJ K Γ ⊲ ⊢ D : (U :^). given by tick abstraction and application.J TickK weakening, which syntactically corresponds to context projections Γ,U : ^ → Γ can be modelled using a natural transformation from ◭ to the identity.

6.3 Composition structure for dependent right adjoints Before recalling the dependent right adjoint structure on the slice category PSh(C × T)/Clk we now give general conditions ensuring that dependent right adjoint types carry composition structure. The conditions are all on the left adjoint functor. Definition 6. Let C be a cubical model with interval object I and let L : C → C be a finite product preserving functor. (1) We say L preserves the interval if there is an isomorphism L(I) I preserving endpoints, i.e., such that the following commutes for 4 = 0, 1. 1 4 I L1 L4 LI (2) We say L preserves cofibrations if L8 : L → L is a cofibration whenever 8 : → is, and if the diagram on the right below is a pullback whenever 8 is a cofibration and the diagram on the left is a pullback

0 L L0 L 9 8 L9 L8 1 L L1 L The condition of preserving cofibrations corresponds to giving an operation mapping cofibrations Γ ⊢ i : F on Γ to cofibrations LΓ ⊢ LF (i) : F such that LΓ.[LF (i)] L(Γ.[i]) as subobjects of LΓ and satisfying LF (i [f]) = LF(i)[Lf]. Here [i] is the family classified by i. Theorem 4. Let C be a cubical model, let L : C → C be a functor preserving finite products, the interval and cofibrations, and let R be a dependent right adjoint to L. If a family over LΓ carries a global composition structure, so does R over Γ. Moreover, this assignment is natural in Γ. Note that this is a statement about global composition structures in the model. The theorem can not be proved in the internal logic of the topos, but can be proved in an extension of this using crisp type theory, similarly to the construction of universes for cubical type theory in crisp type theory [Licata et al. 2018]. The reason is that the proof uses the bijective correspondence of Definition 5 which only applies to global terms.

6.4 The dependent right adjoint We now recall the structure of the dependent right adjoint in details. Mannaa et al. [2020] deﬁne this structure for PSh(T) but the constructions carry over directly to PSh(C × T). The structure arises as an extension of an endo-adjunction on the slice category as in the following lemma slightly generalised from Clouston et al. [2020], to which we refer for details.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:22 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Lemma 5. Let C and D be CwFs and let L : C → D be a functor between the underlying categories with a right adjoint R. Suppose R extends to families and elements as in the following data

(1) An operation mapping families over Γ in D to families RFam() over RΓ satisfying RFam ([W]) = (RFam ())['W] (2) An operation mapping elements C of to elements REl (C) of RFam() satisfying REl (C [W]) = (REl (C))['W]. Then L has a dependent right adjoint mapping families over LΓ to R = (RFam)[[] where [ : Γ → RLΓ is the unit of the adjunction. The endoadjunction on the slice category is best described by using the equivalent description of the slice category as PSh( Clk). The right adjoint is the simplest to describe and is similar to the functor ◮ on the topos-of-trees [Birkedal et al. 2012]: ∫ Γ(, (E; X [_ 7→ =]), _) if X(_) = =+1 ◮ Γ(, (E; X), _) = (1 if X(_) = 0 Here X [_ 7→ =](_) = = and X [_ 7→ =](_′) = X(_′) for _′ ≠ _ and 1 in the second clause is a singleton set. This lifts to families and elements in the sense of Lemma 5, for example, if is a family over Γ then (W) if X(_) = =+1 ◮Fam()(, (E; X), _)(W) = (1 if X(_) = 0 Theleft adjoint can be concretely described as ◭ Γ(, (E; X), _) having as elements pairs (f, G) such ′ ′ ′ ′ ′ ′ ′ ′ that (id , f) : (, (E ; X ), _ )→(, (E; X), _) with X (_ ) > X(_) and G ∈ Γ(, (E ; X ), _ ) considered up to the equivalence relation ∼ generated by (fg,G)∼(f, (id,g)· G). We refer to Mannaa et al. [2020] for the details of the adjunction structure as well as an abstract description of the left adjoint. There is a natural transformation p◭ : ◭ → id defined as p◭ (f, G) = (id, f)· G. This is used in our model to interpret tick-weakening. Theorem 5. Let Γ be an object of PSh(C × T) and ^ : Γ → Clk. Suppose is a family over the domain of ◭(Γ,^) which carries a composition structure, then ◮ carries a composition structure as a family over Γ. Proof. Recall that families and terms in the CwF of the slice category PSh( Clk) over an object corresponding to an element ^ : Γ → Clk correspond bijectively to families and elements ∫ of the CwF of PSh(C × T) over Γ. Since this correspondence also respects the interpretation of the internal dependent type theory, it suffices to show that ◮ carries a composition structure as expressed on the slice category, when does. By Theorem 4 this reduces to showing that ◭ preserves finite products, the interval and cofibrations. We omit this routine verification for reasons of space.

6.5 Interpreting ticks and tick application A simple tick judgement Γ ⊢ ^ : D { Γ′ is interpreted as a map in PSh( Clk) from Γ to ◭ Γ′. Here, for simplicity, we keep the clock ^ implicit. An element C of the family ◮ over Γ′ corresponds ∫ bijectively to an element C of over ◭ Γ′, which can then be reindexed along the tick D to interpret tick application. A forcing tick judgement Γ ⊢ (^,D) { Γ′ is interpreted as a map from Γ to ◭(Γ′.Clk) in PSh( Clk), where the domain is considered an element of the slice category over Clk with map given by ^, and Γ′.Clk an object with map given by the second projection. The ∫ assumption of the rule for forcing tick application corresponds semantically to an element of a family ◮ over an object Γ′.Clk, which corresponds bijectively to an element of over ◭(Γ′.Clk).

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:23

Tick application is then interpreted by reindexing this element along the interpretation of the forcing tick. To deﬁne the interpretation of ticks, say that family over an object Γ is timeless if the map

(◭(p), q[p◭]) : ◭(Γ.)→(◭ Γ).[p◭] is an isomorphism. Lemma 6. The families I and Clk, as well as any coﬁbration, are timeless. As a consequence ◭( Γ, TL(Γ′) ) ◭( Γ ). TL(Γ′) in PSh( Clk). For Γ ⊢ ^ : D { Γ′, let∫= be the number of ticks on clock ^ in Γ \ Γ′. Then the interpretationJ of D K factorsJ K throughJ K◭= Γ′, and a tick assumption is interpreted as the appropriate projection ◭= → ◭. Likewise if Γ ⊢ (^,D) { Γ′ let = be the number of ticks on ^ in Γ \ Γ′, then the interpretation of D factors through ◭= (Γ′.Clk) with tick variables interpreted as projections. The construction tirr is interpreted using the following lemma. Lemma 7. For any = ≥ 1 there exists a unique natural transformation U : ◭= → ◭ such that = = p◭ ◦ U = p◭, and a unique V : ◭ (−.Clk) → ◭(−.Clk) commuting with the projection to −.Clk. In particular, this means that tirr is interpreted using constant paths in our model.

6.6 Interpreting HITs and induction under clock abstraction We give semantics to higher inductive types following the schema given in subsection 5.1 in the style of Coquand et al. [2018], i.e., by deﬁning a presheaf of formal constructor and hcomp elements. Concretely, we deﬁne H X (,G,3) to have the following two kinds of elements:

con8 (C,0,A) and hcomp[i 7→ "] "0 J K where the type of (C,0,A)," and "0 are given by the data needed for the 8’th constructor in the ﬁrst case, and the data of a homogeneous composition problem for the latter two. We highlight the deﬁnition of the presheaf action on constructor elements:

" (6 · C,6.0,6 · A) if i8 (6 · A) H X (6)(2>=8 (C, 0, A)) := (2>=8 (6 · C,6.0,6 · A) else J K Here " is the boundaryJ K term of con8. It can be shown that the presheaf such defined is initial algebra with respect to an algebra signature generated from the shape of the constructors and the data of homogeneous composition. Using this, it is standard to verify that the HITs support the expected dependent elimination principle. The principle of induction under clocks is verified in the model by the following theorem: Theorem 6. Consider a HIT Δ ⊢ H type, a type family Γ, ∀^.H (X [^]) ⊢ type and a term Γ ⊢ X : ∀^.Δ. Suppose that we semantically have an elimination list, i.e., for each 8 we have a term D8 : [_^.con8 (W [^], G [^],k)] over the context Γ,W : ∀^.Γ [X [^]], G : ∀^.Ξ [X [^],W [^]] → H (X [^]), 8 8 . J Ξ K Ψ t~ : (∀^. 8 [X [^],W [^]]) → [_^._b.G [^] b [^]],k : 8 ⊢ | Then we can construct a term of over Γ.∀^.H (X [^]) . We give here an informal argument for this in the case of a single clock ^. The semantics of clock quantification can be definedJ K as theJ limit K def ∀^. (, (E, X), d) = lim (, (E ∪ {_}, X [_ 7→ =]),] · d, _) =

J K J K , Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:24 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi indexed by the maps decreasing the available time on _ by 1 [Bizjak and Møgelberg 2020]. Inspect- ing the presheaf action in the denotation of a HIT, we see that the map decreasing time on a clock cannot possibly make i true, since it the identity on the cube component. This enables structural induction on 0’th component of elements in ∀^.H (X [^]) , which morally reduces the problem to N-indexed limits commuting with colimits, which is known to be true. The detailed proof of Theorem 6 can be found in the supplementaryJ material. K 7 RELATED WORK Guarded recursion has previously been combined with cubical type theory in Guarded Cubical Type Theory [Birkedal et al. 2019]. That work considers the single clock case of guarded recursion, where ⊲ is not annotated with clock variables. While this case is useful for many purposes, it can not be used to encode coinductive types. Møgelberg and Veltri [2019] extend Guarded Cu- bical Type Theory with ticks as in CloTT. They give a model of this calculus including HITs, and show that bisimilarity coincides with path equality for a large class of guarded recursive types. This paper can be seen as an extension of that with multiple clocks, allowing for these results to be lifted from guarded recursive types to coinductive types. Note that modelling the multi- clocked case is much more complex than the single clock case. In particular, equipping ⊲ with a composition structure is much more challenging. Our theorem that HITs commute with universal quantification over clocks, giving correctness of the encoding of coinductive types is also new, but extends similar results by Atkey and McBride [2013] for inductive types, and extended by Møgelberg [2014] to W-types in extensional type theory. Neither of these give computational meaning to these commutativity axioms, such as the one we give for our principle of induction under clocks. The encoding of coinductive types using guarded recursion was first described by Atkey and McBride [2013] in the simply typed setting. Since then a number of dependent type theories have been developed for programming and reasoning with these [Clouston et al. 2015a; Møgelberg 2014], of which CloTT is the most advanced. Bahr. et al. [2017] prove syntactic properties of CloTT including strong normalisation and canonicity, but only for a pure calculus without identity or path types. The model of CloTT constructed by Mannaa et al. [2020] considers extensional identity types, but no cubical features. Unlike this work, Mannaa et al. take clock irrelevance ((12) below) as an axiom. This requires indexing universes by clock contexts, leading to a complicated universe construction. Adapting this to the current setting is left for future work. Coinductive types can also be encoded using a combination of guarded recursion and a -modality [Clouston et al. 2015b]. This approach has not been studied in combination with CTT yet. This approach also appears to be less flexible, e.g., it does not seem possible to define nested coinductive types. Sized types [Hughes et al. 1996] is another approach to encoding productivity in types, by an- notating (co)inductive types with sizes indicating a bound on the size of the allowed elements. Specifically, sized types reduce both termination and productivity to (well-founded) induction on sizes. They have been extensively studied from the syntactic perspective [Abel and Pientka 2013; Abel et al. 2017; Sacchini 2013] but are not well understood from the perspective of denotational semantics. Our view is that sized types are closer to working in the models of type theory, like the one provided here, and guarded recursion is a more abstract, principled perspective. This is sup- ported by the model of guarded recursion in sized types constructed by Veltri and van der Weide [2019]. To our knowledge sized types have never been used to solve equations with negative oc- currences, which is an important application of guarded recursion. The coincidence of bisimilarity and path equality for streams as coinductive records has been proved in Cubical Agda [Vezzosi et al. 2019], and it is likely that the proof can be extended to general M-types. Veltri [2021] proves that bisimilarity implies path equality for the final coalgebra

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:25 for the Pf using sized types in Cubical Agda. This coincidence should therefore be seen as a feature of Cubical Type Theory, rather than guarded recursion. On the other hand, when proving such results guarded recursion is a powerful framework for ensuring productivity of definitions, as illustrated by the examples in this paper. Veltri [2021] compares different constructions of the final coalgebra for the finite powerset functor in Cubical Agda, including a construction of this as a sized type using Pf formulated as a HIT. He also proves that this can be constructed internally in type theoryasa limit of an l +l-indexed sequence of types using the lesser limited principle of omniscience, a weak choice principle. This latter construction is a type theoretic formulation of a set-theoretic construction due to Worrell [2005], and Worrell’s argument that this construction does not converge in l steps can also be internalised. From this perspective it is interesting to note that our model uses l-indexed step- indexing only, and therefore LTS as constructed in section 4 is realised in the model as an l-limit. In our setting this construction works because of the formulation of Pf as a HIT and because the l-chain is constructed externally, using judgemental equality. In particular, the counter example constructed in Proposition 5 of [Veltri 2021] uses an l-chain of elements whose projections are only equal up to path equality. Multimodal dependent type theory [Gratzer et al. 2020] is a general framework for dependent modal type theories parametrised over mode theories. By instantiating this appropriately, one can recover e.g., the basic modal framework needed for internalising parametricity in type theory [Bernardy et al.2015;Cavallo and Harper2020],orforthecombination of ⊲ and used for guarded recursion by Clouston et al. [2015b]. Generalising this to multiple clocks seems to require a notion of dependent mode theory, as for example, the modal operators ⊲ depend on Clk, which itself should be thought of as a modality in this framework.

8 CONCLUSION AND FUTURE WORK We have presented the type theory Clocked Cubical Type Theory, and shown that this contains a rich supply of functors for which coinductive types can be encoded using guarded recursion. This allows for simple programming with a wide range of coinductive types encoding productivity checking in types. We have seen by example how to prove coincidence of path equality with bisimilarity for these types. We believe this type theory is useful not just for coinductive reasoning, but also for reasoning about advanced programming language features using a form of synthetic guarded domain theory. We plan to explore this perspective further in future work extending previous work in this direction [Møgelberg and Paviotti 2016; Paviotti et al. 2015] with non-determinism using the results proved here for the finite powerset monad. Future work includes an implementation of Clocked Cubical Type Theory in a proof assistant. We have already developed a simple prototype implementation of this type theory, extending Cu- bical Agda. This implementation takes force, rather than the tick constant ⋄ as primitive, but this is sufficient for many applications. For example, we have verified the proof of Theorem 1 in it. We would also like to prove canonicity for Clocked Cubical Type Theory, building on similar results for Cubical Type Theory [Coquand et al. 2019; Huber 2019; Sterling and Angiuli 2021] and Clocked Type Theory [Bahr. et al. 2017]. For Cubical Type Theory canonicity is proved for terms in a context of only interval variables. For Clocked Cubical Type Theory, the context should be allowed to also contain free clock variables in order for terms of type ∀^. (X [^]) to reduce to a form in which the V-rule for induction under clocks can be applied. On the other hand, we believe that it should not be necessary to include free tick variables, and so the only tick that needs to be considered in reductions is ⋄. Our equational rules have been designed with this in mind.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:26 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Unlike this paper, other type theories for multi-clocked guarded recursion [Bizjak et al. 2016; Mannaa et al. 2020] takeclockirrelevance (12) as an axiom.This requires that universes be indexed by clock contexts, and the ⊲ modality be restricted to ⊲^ : UΔ → UΔ for ^ ∈ Δ, because an un- restricted ⊲^ breaks clock irrelevance [Bizjak and Møgelberg 2020]. Bizjak and Møgelberg [2020] show how to carve out such universes as sub-universes of the standard universes in presheaf categories, in the setting of extensional type theory. This construction however, constructs universes of types that are clock-irrelevant in the sense of the map →∀^. being an isomorphism, rather than an equivalence as required here. Future work includes constructing larger universes of types clock-irrelevant in the sense used in this paper. We believe that this can be done by relating clock irrelevance to the notion of discreteness from Real-Cohesive Homotopy Type Theory [Shulman 2018].

REFERENCES Andreas Abel and Brigitte Pientka. 2013. Wellfounded Recursion with Copatterns: A Uniﬁed Approach to Termination and Productivity. In Proceedings ICFP 2013. ACM, 185–196. Andreas Abel, Andrea Vezzosi, and Theo Winterhalter. 2017. Normalization by evaluation for sized dependent types. Proceedings of the ACM on Programming Languages 1, ICFP (2017), 1–30. Benedikt Ahrens, Paolo Capriotti, and Régis Spadotti. 2015. Non-Wellfounded Trees in Homotopy Type Theory. In 13th International Conference on Typed Lambda Calculi and Applications (TLCA 2015) (Leibniz International Proceedings in Informatics (LIPIcs), Vol. 38), Thorsten Altenkirch (Ed.). Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 17–30. https://doi.org/10.4230/LIPIcs.TLCA.2015.17 Andrew W. Appel and David McAllester. 2001. An indexed model of recursive types for foundational proof-carrying code. ACM Trans. Program. Lang. Syst 23, 5 (2001), 657–683. Andrew W. Appel, Paul-André Melliès, Christopher D. Richards, and Jérôme Vouillon. 2007. A very modal model of a modern, major, general type system. In POPL. 109–122. Robert Atkey and Conor McBride. 2013. Productive coprogramming with guarded recursion. ACM SIGPLAN Notices 48, 9 (2013), 197–208. Patrick Bahr., Hans Bugge Grathwohl, and Rasmus Ejlers Møgelberg. 2017. The clocks are ticking: No more delays!. In 2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS). IEEE, 1–12. Jean-Philippe Bernardy, Thierry Coquand, and Guilhem Moulin. 2015. A presheaf model of parametric type theory. Elec- tronic Notes in Theoretical Computer Science 319 (2015), 67–82. Lars Birkedal, Aleš Bizjak, Ranald Clouston, Hans Bugge Grathwohl, Bas Spitters, and Andrea Vezzosi. 2019. Guarded Cubical Type Theory: Path Equality for Guarded Recursion. Journal of Automated Reasoning 63, 2 (2019), 211–253. Lars Birkedal, Rasmus Ejlers Møgelberg, Jan Schwinghammer, and Kristian Støvring. 2012. First steps in synthetic guarded domain theory: step-indexing in the topos of trees. Logical Methods in Computer Science 8, 4 (2012). Aleš Bizjak, Hans Bugge Grathwohl, Ranald Clouston, Rasmus E Møgelberg, and Lars Birkedal. 2016. Guarded dependent type theory with coinductive types. In International Conference on Foundations of Software Science and Computation Structures. Springer, 20–35. Aleš Bizjak and Rasmus Ejlers Møgelberg. 2020. Denotational semantics for guarded dependent type theory. Mathematical Structures in Computer Science 30, 4 (2020), 342–378. Evan Cavallo and Robert Harper. 2019. Higher inductive types in cubical computational type theory. Proceedings of the ACM on Programming Languages 3, POPL (2019), 1–27. Evan Cavallo and Robert Harper. 2020. Internal Parametricity for Cubical Type Theory. In 28th EACSL Annual Conference on Computer Science Logic (CSL 2020). Schloss Dagstuhl-Leibniz-Zentrum für Informatik. James Chapman, Tarmo Uustalu, and Niccolò Veltri. 2019. Quotienting the delay monad by weak bisimilarity. Mathematical Structures in Computer Science 29, 1 (2019), 67–92. Ranald Clouston. 2018. Fitch-style modal lambda calculi. In International Conference on Foundations of Software Science and Computation Structures. Springer, 258–275. Ranald Clouston, Aleš Bizjak, Hans Bugge Grathwohl, and Lars Birkedal. 2015a. Programming and Reasoning with Guarded Recursion for Coinductive Types. In FoSSaCS. Ranald Clouston, Aleš Bizjak, Hans Bugge Grathwohl, and Lars Birkedal. 2015b. Programming and Reasoning with Guarded Recursion for Coinductive Types. In Proceedings of FoSSaCS. 407–421. Ranald Clouston, Bassel Mannaa, Rasmus Ejlers Møgelberg, Andrew M. Pitts, and Bas Spitters. 2020. Modal Dependent Type Theory and Dependent Right Adjoints. Mathematical Structures in Computer Science 30, 2 (2020), 118–138.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:27

Cyril Cohen, Thierry Coquand, Simon Huber, and Anders Mörtberg. 2018. Cubical Type Theory: A Constructive Interpre- tation of the Univalence Axiom. In 21st International Conference on Types for Proofs and Programs (TYPES 2015). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik. Thierry Coquand, Simon Huber, and Anders Mörtberg. 2018. On Higher Inductive Types in Cubical Type Theory. In Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science (Oxford, United Kingdom) (LICS ’18). Association for Computing Machinery, New York, NY, USA, 255–264. https://doi.org/10.1145/3209108.3209197 Thierry Coquand, Simon Huber, and Christian Sattler. 2019. Homotopy Canonicity for Cubical Type Theory. In 4th Inter- national Conference on Formal Structures for Computation and Deduction (FSCD 2019) (Leibniz International Proceedings in Informatics (LIPIcs), Vol. 131), Herman Geuvers (Ed.). Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 11:1–11:23. https://doi.org/10.4230/LIPIcs.FSCD.2019.11 Thierry Coquand, Fabian Ruch, and Christian Sattler. 2020. Constructive sheaf models of type theory. arXiv:1912.10407 [math.LO] Nils Anders Danielsson. 2010. Beating the Productivity Checker Using Embedded Languages. In PAR, Vol. 43. 29–48. Peter Dybjer. 1995. Internal type theory. In International Workshop on Types for Proofs and Programs. Springer, 120–134. Dan Frumin, Herman Geuvers, Léon Gondelman, and Niels van der Weide. 2018. Finite sets in homotopy type theory. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2018, Los Angeles, CA, USA, January 8-9, 2018, June Andronick and Amy P. Felty (Eds.). ACM, 201–214. https://doi.org/10.1145/3167085 Daniel Gratzer, GA Kavvos, Andreas Nuyts, and Lars Birkedal. 2020. Multimodal dependent type theory. In Proceedings of the 35th Annual ACM/IEEE Symposium on Logic in Computer Science. 492–506. Martin Hofmann. 1997. Syntax and semantics of dependent types. In Extensional Constructs in Intensional Type Theory. Springer, 13–54. Simon Huber. 2017. A Cubical Type Theory for Higher Inductive Types. (2017). http://www.cse.chalmers.se/~simonhu/misc/hcomp.pdf Simon Huber. 2019. Canonicity for cubical type theory. Journal of Automated Reasoning 63, 2 (2019), 173–210. J. Hughes, L. Pareto, and A. Sabry. 1996. Proving the Correctness of Reactive Systems Using Sized Types. In Conference Record of POPL’96: The 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Papers Presented at the Symposium, St. Petersburg Beach, Florida, USA, January 21-24, 1996. 410–423. Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming 28 (2018). R. D. Licata, I. Orton, A.M. Pitts, and B. Spitters. 2018. Internal Universes in Models of Homotopy Type Theory. In 3rd Inter- national Conference on Formal Structures for Computation and Deduction (FSCD 2018) (Leibniz International Proceedings in Informatics (LIPIcs), Vol. 108), Hélène Kirchner (Ed.). Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 22:1–22:17. Bassel Mannaa, Rasmus Ejlers Møgelberg, and Niccolò Veltri. 2020. Ticking clocks as dependent right adjoints: Denotational semantics for clocked type theory. Logical Methods in Computer Science 16 (2020). Per Martin-Löf. 1984. Intuitionistic Type Theory. Bibliopolis, Napoli. Conor McBride and Ross Paterson. 2008. Applicative programming with effects. Journal of functional programming 18, 1 (2008), 1–13. Rasmus Ejlers Møgelberg. 2014. A type theory for productive coprogramming via guarded recursion. In CSL-LICS. 71:1– 71:10. Rasmus Ejlers Møgelberg and Marco Paviotti. 2016. Denotational semantics of recursive types in synthetic guarded domain theory. In LICS. Rasmus Ejlers Møgelberg and Niccolò Veltri. 2019. Bisimulation as path type for guarded recursive types. Proceedings of the ACM on Programming Languages 3, POPL (2019), 1–29. https://doi.org/10.1145/3290317 Hiroshi Nakano. 2000. A modality for recursion. In Proceedings Fifteenth Annual IEEE Symposium on Logic in Computer Science. IEEE, 255–266. I. Orton and A.M. Pitts. 2018. Axioms for Modelling Cubical Type Theory in a Topos. Logical Methods in Computer Science Volume 14, Issue 4 (Dec 2018). Marco Paviotti, Rasmus Ejlers Møgelberg, and Lars Birkedal. 2015. A model of PCF in guarded type theory. Electronic Notes in Theoretical Computer Science 319 (2015), 333–349. Jorge Luis Sacchini. 2013. Type-Based Productivity of Stream Definitions in the Calculus of Constructions. In 28th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2013, New Orleans, LA, USA, June 25-28, 2013. 233–242. Michael Shulman. 2018. Brouwer’s fixed-point theorem in real-cohesive homotopy type theory. Mathematical Structures in Computer Science 28, 6 (2018), 856–941. https://doi.org/10.1017/S0960129517000147 Kristina Sojakova. 2015. Higher Inductive Types as Homotopy-Initial Algebras. SIGPLAN Not. 50, 1 (Jan. 2015), 31–42. https://doi.org/10.1145/2775051.2676983

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:28 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Jonathan Sterling and Carlo Angiuli. 2021. Normalization for cubical type theory. In LICS. Jonathan Sterling and Robert Harper. 2018. Guarded Computational Type Theory. In Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science. 879–888. The Univalent Foundations Program. 2013. Homotopy Type Theory: Univalent Foundations of Mathematics. https://homotopytypetheory.org/book, Institute for Advanced Study. Niccolò Veltri. 2021. Type-theoretic constructions of the final coalgebra of the finite powerset functor. In FSCD. To appear. Niccolò Veltri and Niels van der Weide. 2019. Guarded Recursion in Agda via Sized Types. In 4th International Conference on Formal Structures for Computation and Deduction, FSCD 2019, June 24-30, 2019, Dortmund, Germany. 32:1–32:19. Niccolò Veltri and Andrea Vezzosi. 2020. Formalizing c-Calculus in Guarded Cubical Agda. In Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs (New Orleans, LA, USA) (CPP 2020). Association for Computing Machinery, New York, NY, USA, 270–283. https://doi.org/10.1145/3372885.3373814 Andrea Vezzosi, Anders Mörtberg, and Andreas Abel. 2019. Cubical Agda: a dependently typed programming language with univalence and higher inductive types. Proceedings of the ACM on Programming Languages 3, ICFP (2019), 1–29. James Worrell. 2005. On the final sequence of a finitary set functor. Theor. Comput. Sci. 338, 1-3 (2005), 184–199. https://doi.org/10.1016/j.tcs.2004.12.009

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:29

Substitutions Γ ⊢ Γ ⊢ f : Γ′ Γ ⊢ C : f Γ ⊢ f : Γ′ Γ ⊢ ^ ′ : clock Γ ⊢ [] : · Γ ⊢ (f,C) : Γ′, G : Γ ⊢ (f,^ ′) : Γ′,^ : clock

′ ′ ′ Γ ⊢ f : Γ Γ ⊢ A : I Γ ⊢ f : Γ Γ ⊢ i : F Γ ⊢ if = 1F : F Γ ⊢ (f,A) : Γ′,8 : I Γ ⊢ f : Γ′, i

′ ′ ′ Γ0 ⊢ f : Γ Γ ⊢ D : ^f { Γ0 Γ0 ⊢ f : Γ Γ ⊢ (^ , E) { Γ0 Γ ⊢ (f,D) : Γ′, U : ^ Γ ⊢ f, (^ ′, E) : Γ′,^ : clock, U : ^

Fig. 6. Formation rules for substitutions.

A APPENDIX A.1 Omied proofs Section 3 Proof of Lemma 1. Given 5 : ⊲^ → , let ? be the corresponding proof of (7), then as mentioned the center of contraction for

Σ(G : ).Path (G, 5 (_(U :^).G)) ^ ^ will be the pair (fix 5,?). Then for any other such pair (ℎ,?ℎ) we have to show (fix 5,?) = (ℎ,?ℎ), which is equivalent to ^ Σ(@ : fix 5 = ℎ).@∗? = ?ℎ We deﬁne @ by guarded recursion ^ ⊲^ ^ = −1 −1 fix _(A : (fix 5 ℎ)).(? ,?ℎ )∗(ap5 (_8._(U :^).A [U] 8))

We then proceed to prove @∗? = ?ℎ by ﬁrst observing that it is equivalent to

(?,?ℎ)∗@ = ap5 (_8._(U :^).@ [U] 8) so that by expanding @ by (7) on the left hand side and canceling the transports we obtain the right hand side and the proof is concluded.

def ′ Proof of Lemma 2. We have Γ,80,...,8= : I ⊢ D0 = D[0/80] : ^ { Γ and Γ,80,...,8= : I,i, 9 : I ⊢ def ′ 9 ?(9) = tirr(D0,D, 9) : ^ { Γ . We define Γ,80,...,8= : I,9 : I ⊢ type by hfill [i 7→ [?(9)/U]] [D0/U] def= 9 and then take 1. Then we define filler(C,D) as hcomp [i 7→ C [?(9)]](C [D0]). A.2 Substitution for Tick Application In figure 6 we present the formation rules for substitutions, based on the ones from Mannaa et al. [2020], and extended to account for the new tick judgemnts and the contexts from cubical type theory. In what follows we explain how to apply a substitution to a tick application term. Operation 1. Given Δ ⊢ f : Γ and Γ ⊢ D : ^ { Γ′ we define an operation residual(f,D) returning tuples of one of two forms ′ ′ ′ ′ ′ ′ ′ ′ •(Δ , f ) such that Δ ⊢ Df : ^f { Δ and Δ ⊢ f : Γ , and Δ ⊢ f|Γ′ ≡ f : Γ . •(Δ′,^ ′′, f ′) such that Δ ⊢ (^f,Df) { Δ′ and Δ′,^ ′′ : clock ⊢ f ′ : Γ′, such that ^f ′ = ^ ′′ and ′ ′′ ′ such that Δ ⊢ f|Γ′ ≡ f [^f/^ ] : Γ .

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:30 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Construction. The tick D contains tick variables U0 : ^...U= : ^, here given in the order they ′ appear in Γ, so in particular we have Γ = Γ1, U0 : ^, Γ2 and Γ ⊑ Γ1, TL(Γ2). Then let us look at the restriction of f to Γ1, U0 : ^. We have two cases: ′ ′ (i) (f1, E) with Δ ⊢ f1 : Γ1 and Δ0 ⊢ E : ^f1 { Δ with Δ0 ⊑ Δ. ′ ′ ′ ′ (ii) (f0, (^ , E)) with Γ1 = Γ0,^ : clock, and Δ ⊢ f0 : Γ0, and Δ0 ⊢ (^ , E) { Δ , with Δ0 ⊑ Δ.

In either case the tick E lives in the context Δ0 ⊑ Δ because other components of the substitution f, e.g. for U1 ...U=, might have shrinked the context so. Δ′ ′ Γ Γ Δ In case (i) we extend f1 to ⊢ f1 : 1, TL( 2) because whenever we have one of ⊢ ^8 : clock, Δ I Δ F Δ′ Δ ′ ′ or ⊢ A : , or ⊢ i ≡ 1F : we also have the same in ⊑ . Finally we take f to be f1|Γ′ , ′ ′ which agrees with f|Γ′ by construction. The constructed tuple will be (Δ , f ). ′ ′′ ′′ ′ ′′ In case (ii) we extend f0 ﬁrst to Δ ,^ ⊢ (f0,^ ) : Γ0,^ : clock then to a subsitution Δ ,^ ⊢ ′ Γ Γ Γ ′ f0 : 1, TL( 2) as above, furthermore noting that TL( 2) does not depend on ^. Finally we take f ′ ′ ′ ′′ to be f0|Γ′ . The substitution f [^ /^ ] then agrees with f|Γ′ by construction, and we also have ^f ′ ≡ ^ ′′. The constructed tuple will be (Δ′,^ ′′, f ′). To show that we have the correct typing for Df we observe that Δ′ is smaller as a subcontext of Δ than the ones the ticks U1f...U=f target, so they can all be weakened to ﬁt the typing Δ ⊢ ′ U8f : ^f1 { Δ . In case (i) then we are done by extending this observation to E. In case (ii) we can ′ further derive Δ ⊢ (^f1, U8f) { Δ which gives us what we want.

For Δ ⊢ f : Γ, and Γ′ ⊢ C : ⊲ (U :^). , and Γ ⊢ D : ^ { Γ′, we have that substitution commutes with tick application in the following way: ′ ′ ′ Cf Δ′ [Df] if residual(f,D) = (Δ , f ) (C Γ′ [D])f = ′′ ′ ′ ′′ ′ (^ . Cf ) Δ′ [(^f,Df)] if residual(f,D) = (Δ ,^ , f ) We want to show that typing is preserved. For the first case, we can assume Δ′ ⊢ Cf ′ : ⊲ (U : ′ ′ ′ ′ ^f ).(f , U), so by the tick application rule we have Δ ⊢ Cf Δ′ [Df] : (f , U)[Df/U], where the latter type is equal to [D/U]f as expected. For the second case, we can assume Δ′,^ ′′ ⊢ Cf ′ : ′ ′ ′′ ′ ⊲ (U : ^f ).(f , U), so by the forcing tick application rule we have Δ ⊢ (^ . Cf ) Δ′ [(^f,Df)] : (f ′, U)[Df : ^f/U : ^ ′′], where the latter type is equal to [D/U]f as expected. Operation 2. Given Δ ⊢ f : Γ and Γ ⊢ (^,D) { Γ′ we define an operation bresidual(f, (^,D)) returning tuples of the form ′ ′ ′ ′ ′ ′ ′ ′ •(Δ , f ) such that Δ ⊢ (^f,Df) { Δ and Δ ⊢ f : Γ , and Δ ⊢ f|Γ′ ≡ f : Γ Construction. Here the tick D might not contain any tick variables, in which case we take Δ′ ′ to be Δ and f to be f|Γ′ . If D does contain tick variables then we have cases (i) and (ii) as in the construction of residual(−, −). We chose to use ^ in the assumption Γ ⊢ (^,D) { Γ′ so that the names in the cases would line up with the previous construction. In case (i) we construct the tuple (Δ′, f ′) as we did before, and the same reasoning extends to the well-typing of Δ ⊢ (^f,Df) { Δ′. ′ In case (ii) let us recall that here Γ is of the form Γ0,^ : clock, U0 : ^, Γ2, with Γ ⊑ Γ0,^ : ′ ′ clock, TL(Γ2). We also have Δ ⊢ (f0,^ ) : Γ0,^ : clock, which agrees with f restricted to the same ′ context. As before we can extend (f0,^ ) to a substitution for Γ0,^ : clock, TL(Γ2) by using the relevant components of f, and finally obtain the desired f ′ by restriction to Γ′.

For Δ ⊢ f : Γ, and Γ′,^ : clock ⊢ C : ⊲ (U :^)., and Γ ⊢ (^ ′,D) { Γ′, we have that substitution commutes with forcing tick application in the following way: ′ ′ ′ ′ ′ ′ ((^.C) Γ′ [(^ ,D)])f = (^. C (f ,^)) Δ′ [(^ f,Df)] where bresidual(f, (^ ,D)) = (Δ , f )

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:31

We want to show that typing is preserved. We can assume Δ′,^ : clock ⊢ C (f ′,^) : ⊲ (U : ′ ′ ′ ^). (f ,^,U), then by the forcing tick application rule we have Δ ⊢ (^. C (f ,^)) Δ′ [(^ f,Df)] : (f ′,^,U)[Df : ^ ′f/U : ^], where the latter type is equal to [D : ^ ′/U : ^]f as expected.

A.3 Omied proofs Section 4 Proof of Lemma 3. The case of composition is clear, and products follow from the fact that ∀^.( × ) ≃ (∀^.) ×(∀^.). Likewise, the case of Π-types follows from the fact that ∀^.Π(0 : ). ≃ Π(0 : ).∀^. which can be proved by commuting two arguments. In the case of Σ, since ∀^.(−) behaves as a function space from a type of clocks, one can prove ∀^.Σ(0 : ).(0) ≃ Σ(0 : ∀^.).∀^.(0[^]) ≃ Σ(0 : ).∀^.(0) using the assumption that is clock invariant in the last equivalence. The case for universal quantification over clocks uses ∀^.∀^ ′. ≃∀^ ′.∀^.. In the case of guarded recursive types, first note that if commutes with clock quantification, so does ⊲^ . This can be proved using ∀^ ′. ⊲^ ≃ ⊲^∀^ ′., the left to right map of which maps 0 to _(U :^).Λ^ ′.0[^ ′][U] for U fresh. This map type checks because TL(^ ′ : clock) = ^ ′ : clock. Using this, we can prove by guarded recursion that - is clock irrelevant as follows ∀^ ′.- ≃∀^ ′. (⊲^ -) ≃ (∀^ ′. ⊲^ -) ≃ (⊲^∀^ ′.-) ≃ (⊲^-) using the guarded recursion assumption in the last line. In the case of path types, if G,~ : then

∀^.(Path (G,~)) ≃ Path∀^. (Λ^.G, Λ^.~)

≃ Path (G,~) The ﬁrst of these equivalences simply swaps the clock and interval argument, the second uses the assumption that is clock invariant, which means precisely that _0.Λ^.0 is an equivalence, and so preserves path types.

Example 2 uses the following lemma.

Lemma 8. Let be a clock irrelevant set and let - : Pf (), 0 : . Then 0 ∈ - is clock irrelevant. Proof. The proof is by induction on -, which is valid since statements of the form IsEquiv(5 ) are propositions. If - = {1} then 0 ∈ - is by deﬁnition Path (0,1), which is clock irrelevant by Lemma 3. If - = . ∪ / then 0 ∈ - is (0 ∈ . )×(0 ∈ /) which is clock-irrelevant by induction and Lemma 3.

We now give a proof of Theorem 2. We will write ^ ^ ^ ^ unfold : LTS → Pf ( × ⊲ LTS ) for the equivalence associated with the guarded recursive type LTS^ . First note the following.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:32 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Lemma 9. The following diagram commutes up to path equality. unfold LTS Pf ( × LTS)

ev^ Pf (×5 ) ^ ^ unfold ^ ^ LTS Pf ( × ⊲ LTS )

def where ev^ = _G.G [^] and 5 = _G._(U :^).G [^]. Proof. The map unfold is deﬁned to be the composition of the following maps ^ ^ ^ ^ ∀^.unfold : ∀^.LTS →∀^.Pf ( × ⊲ LTS ) ^ ^ ^ ^ i : ∀^.Pf ( × ⊲ LTS ) → Pf ( ×∀^. ⊲ LTS ) ^ ^ ^ Pf ( × force) : Pf ( ×∀^. ⊲ LTS ) → Pf ( ×∀^.LTS ) ^ ^ where ∀^.unfold (G) = Λ^.unfold (G [^]), i is the witness that Pf ( × (−)) commutes with clock quantiﬁcation, and force : ∀^.⊲^ LTS^ →∀^.LTS^ is the inverse to _G._(U :^).G up to path equality. By the latter, we get the following sequence of path equalities ^ Pf ( × 5 ) ◦ unfold = Pf ( × ev^ ) ◦ i ◦∀^.unfold ^ = ev^ ◦∀^.unfold ^ = unfold ◦ ev^ as desired. Proof of Theorem 2. Møgelberg and Veltri [Møgelberg and Veltri 2019] prove that path equality coincides with bisimilarity for guarded recursive types. Using their results we can prove that, given G,~ : LTS

PathLTS (G,~)≃∀^.PathLTS^ (G [^],~[^]) ≃∀^.Bisim^ (G [^],~[^]) (15) where the first equivalence uses functional extensionality for universal quantification over clocks and the second is [Møgelberg and Veltri 2019, Corollary 5.4]. Here Bisim^ (G,~) = Sim^ (G,~) × Sim^ (~, G) where Sim^ (G,~) ≃ Π(G ′ : ⊲^ LTS^,0 : ).(0, G ′) ∈ unfold^ (G) → ∃~′ : ⊲^ LTS^ .(0, ~′) ∈ unfold^ (~)× ⊲ (U :^).Sim^ (G ′ [U],~′ [U]) We must compare this to bisimilarity of G and ~ which is defined as ^ ^ ∀^.(Sim∀(G,~)× Sim∀(~, G)) where ^ Π ′ ′ Sim∀(G,~) ≃ (G : LTS,0 : ).(0, G ) ∈ unfold(G) → ∃~′ : LTS.(0,~′) ∈ unfold(~)× ⊲ ^ ′ ′ (U :^).Sim∀(G ,~ ) ^ By an easy guarded recursive argument one can show that Sim∀ is a reflexive relation, and from this it follows that path equality implies bisimilarity. To prove the other implication it suffices to show that Π ^ ^ (G,~ : LTS).Sim∀(G,~) → Sim (G [^],~[^])

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:33

^ and this statement is proved by guarded recursion. So suppose G,~ : LTS and Sim∀(G,~). Suppose further that G ′ : ⊲^ LTS^, 0 : and (0, G ′) ∈ unfold^ (G [^]). By Lemma 9 this means that (0, G ′) ∈ Pf ( × 5 )(unfold(G)) where 5 = _G._(U : ^).G [^]. By [Møgelberg and Veltri 2019, Lemma 4.1] there then (merely, i.e. in the sense of ∃) exists an G ′′ : LTS such that G ′ = 5 (G ′′), i.e., G ′ = _(U :^).(G ′′ [^]) (16) ′′ ^ ′′ and (0, G ) ∈ unfold(G). By the assumption that Sim∀(G,~) there then merely exists a ~ : LTS such that (0,~′′) ∈ unfold(~) and ⊲ ^ ′′ ′′ (U :^).Sim∀(G ,~ ). (17) ′ ′′ ′ Setting ~ = 5 (~ ) then, again by [Møgelberg and Veltri 2019, Lemma 4.1] (0,~ ) ∈ Pf ( × 5 )(unfold(~)) and so by Lemma 9, (0,~′) ∈ unfold^ (~[^]). It remains to show that ⊲ (U :^).Sim^ (G ′ [U],~′ [U]) which reduces to ⊲ (U :^).Sim^ (G ′′ [^],~′′ [^]) using (16) and deﬁnition of ~′. This follows by guarded recursion from (17). We now give a proof of Theorem 1. It uses the following lemma establishing the existence of a ﬁnal ◦ ⊲^ -coalgebra for any endofunctor .

def Lemma 10. Let be an -indexed endofunctor, then for all ^, the type a^ () = fix^ (_-. (⊲^ -)) : → U has a final ◦ ⊲^ -coalgebra structure, i.e., there is a map out^ : a^ () → (⊲^ a^ ()), such that for all maps 5 : - → (⊲^ -) the following type is contractible Σ(ℎ : - → a^ ()). out^ ◦ ℎ = (⊲^ (ℎ)) ◦ 5 Proof. The map out^ is given by the equivalence between a fixpoint in the universe and its unfolding, so we also have an inverse (out^ )−1. The functor ⊲^ is locallycontractible [Birkedal et al. 2012] in the sense that the action on morphisms factors as a composition of two maps (- → . ) → ⊲^ (- → . )→(⊲^- → ⊲^. ) and so also the mapping _ℎ.(out^ )−1 ◦ (⊲^ (ℎ)) ◦ 5 factors as a composition (- → a^ ()) → ⊲^ (- → a^ ())→(- → a^ ()) Then by uniqueness of fixpoints we get the contractibility of Σ(ℎ : - → a^ ()).ℎ = (out^ )−1 ◦ (⊲^ (ℎ)) ◦ 5 which in turn is equivalent to our goal by postcomposition with out^ . Proof of Theorem 1. We define the coalgebra out : a () → a () as (force) ◦ can−1 ◦ ˜ ∀^(out^ ). Given any coalgebra 5 : - → -, we can extend it to 5 ^ : - → (⊲^-) for any ^. Then by lemma 10 we have that for any ^ the type ˜ Σ(ℎ : - → a^ ()). out^ ◦ ℎ = (⊲^ (ℎ)) ◦ 5 ^ is contractible. By clock quantification preserving contractibility and commuting with Σ types we have that ˜ Σ(ℎ : ∀^. - → a^ ()). ∀^. (out^ ) ◦ ℎ [^] = (⊲^ (ℎ [^])) ◦ 5 ^ ˜ is also contractible. Then by ∀^. - → a^ () ≃ - → a () and that (_^. (⊲^ (ℎ [^])) ◦ 5 ^ ) = −1 can ◦ (force ) ◦ (ℎ) we obtain the desired result. More details on the calculations can be found in [Møgelberg 2014].

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:34 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

A.4 Omied proofs section 5 Proof of Lemma 4. Throughout we assume that Γ ⊢ X : ∀^.Δ. Towards an induction on the structure of the boundary terms, we prove the following more general typing:

Γ,W : ∀^.Γ8 [X [^]], G : ∀^.Ξ8 [X [^],W [^]] → H X [^], : : Ξ : Ψ Γ X : ~ (b ∀^. [X [^],W [^]] → [G [^](b [^])], A 8, 1 ⊢ 4 E,G 7→~ [_^.con8 (W [^], G [^], A)]

The desired typing is then the case where Γ1 above is empty, since we have that i: implies that L M _^.con8 reduces to ": . The Γ1 crops up because the interpretation of constructors adds a b : ∀^.Ξ[X [^],W [^]] to the context while the hcomp case adds an interval variable and a face restriction to the context for the recursive families. In the very ﬁrst step, unfolding the list of partial elements adds a face restriction as well. Concretely we proceed as follows in each case:

• Assume " = [i0 "0,...,i=8 "=8 ]. In this case we have the following typing by inductive hypothesis:

Γ,W : ∀^.Γ8 [X [^]], G : ∀^.Ξ8 [X [^],W [^]] → H X [^],

~ : (b : ∀^.Ξ[X [^],W [^]] → [G [^](b [^])], A : Ψ8, [i: ] ⊢ X : ": E,G 7→~ [_^.con8 (W [^], G [^], A)] Which means that indeed the list [i " X ] is a partial element of [_^.con (W [^], G [^], A)] : : E,G 7→L~ M 8 as desired. • Assume " = G 9 D. From the typing assumptionsL M on " we have that Γ′ ′ : Γ ′ ′ : Ξ ′ ′ ′ : Ψ Γ′ : Ξ ′ ′ ,W 8 [X ], G [X ,W ] → H X , 9 , 1 ⊢ D [X ,W ] Γ′ ′ : Δ Γ′ Γ = Here ⊢ X , and 1 is generated in a similar fashion to 1. This means that I _^.D(C [^], 0[^], A,W [^]) has type ∀^.Ξ8,9 [X [^],W [^]], which is exactly the input to ~9 . This means that ~9 I : [G [^](b [^])], and in this situation _^.con8 (W [^], G [^], A) reduces exactly to _^.G 9 [^]I[^]. • Assume " = con9 (C, _b.": , A). By inductive hypothesis we have that

Γ,W : ∀^.Γ8 [X [^]], G : ∀^.Ξ8 [X [^],W [^]] → H (X [^]),~ : (b : ∀^.Ξ[X [^],W [^]] → [G [^](b [^])], : Ψ Γ ′ : Ξ X : A 8, [i: ], 1, b ∀^ 8,9 [X [^],W [^]] ⊢ ": E,G 7→~ [_^.con8 (W [^], G [^], A)]

This gives us the input necessary to apply E9 . The C family has a similar typing structure ′ to D in the previous example so we get C = _^.C of typeL M∀^.Γ9 when giving C parameters as above. We obtain maps ′ ′ (: = _^._b.": [X [^], C [^], G, 8(A), b] : ∀^.Ξ9,: [X [^],W [^]] → H (X [^]) directly from the typing assumptions and by inductive hypothesis we obtain maps = X : : Ξ ′ ': _b. ": E,G 7→~ [C [^], 0[^], A,W [^], b] (b ∀^. 9,: [X [^],W [^]]) → [(: [^](b [^])]

This means we have the required data to apply E8 , and by the deﬁnition of clock abstracted L M ′ elimination lists we have that E8 [C , (, ', A] inhabits over _^.conℓ . = 9 ′ ′ • Assume " hcompH [k 7→ " ] "0. By inductive hypothesis and the typing assumptions for X the hcomp to be well formed we have that "0 E,G 7→~ inhabits over "0 without changing Γ X [ ] 1 and " E,G 7→~ inhabits over " in the context extended by i and an interval variable. This means that the composition in of theL aboveM data inhabits over the composition of L M , Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:35

" and "0 in H which by the reductions in HITs is simply given by the formal hcomp as desired.

Proof of Theorem 3. Let X : Δ. Note ﬁrst that clock irrelevance of Ξ means that for each W : ∀^.Γ[X] we have an equivalence ′ Z 9 : Ξ8,9 [X,W ]≃∀^.Ξ8,9 [X,W [^]] where W = _^.W ′. To show clock irrelevance, we inhabit the type def X : Δ, G : ∀^.H X ⊢ (G) = Σ(G ′ : H X).G = _^.G ′ type by induction under a single clock. Consider the following construction:

X : Δ,W : ∀^.Γ, G : ∀^.(Ξ8,9 [X,W [^]] → H X),~ : Π(b : ∀^.Ξ8,9 [X,W [^]]) → (G [^] b [^]), ′ ′ ′ 8 : Ψ ⊢ (con8 (W , _b.C, 8),?) : Σ(G : H X).G = _^.G ′ ′ Here W : Γ[X] is such that W = _^.W , C 9 = ~9 (Z 9 (b)).1 and the path ? is obtained by induction. More ′ concretely ? is a path between con8 (W , _b.C, 8) and con8 (W [^], G [^], 8) in the context of ^. There ′ is a path A0 : W [^] : W given by clock irrelevance of Γ8. For the second input we need for each b : Ξ8,9 [X,W [^]] a path A1 : ~9 (Z (_^.b)).1 = G 9 (b). The second component of ~9 gives us a path of exactly this type. At this point, note that for fixed G, the type Σ(G ′ : H X).G = _^.G ′ is propositional: Given two pairs (G0,?0) and (G1,?1) the first components are equal since G0 = G [^0] = G1, and this extends to a path in the Σ-type, since H X is assumed to be a set, and so also ∀^.H X is a set. Since the type motive is propositional, we can realign the construction above into an elimination list y forcing it to adhere def ′ to the boundary conditions: Define D8 = hcomp[i8 7→ "] "0 where "0 = (con8 (W , _b.C, 8),?) and the path " is a path between the restriction of "0 to i8 and the given boundary obtained from the fact that we are working with a propositional type.

A.5 Composition Structure for Higher Inductive Types (Sect. 5.1) Following [Coquand et al. 2018], for any HIT X : Δ ⊢ H X type we deﬁne its composition operation, comp, in terms of the trans and hcomp operations, resulting in the following judgemental equality rule 8 8 8 compH X [i 7→ D] D0 ≡ hcompH X [1/8 ] [i 7→ E (8)](transH X i D0) 9 = where E (8) is transH X [8∨9/8 ] (i ∨ 8 1)(D8). Furthermore we include judgmental equalities for trans when applied to elements of the HIT built by homogeneous composition or by constructors. In Section 3.4 of [Coquand et al. 2018], the authors describe how trans computes when applied to constructors speciﬁed by a signature of the form c : (G : (X))(8 : I) → H X [i 7→ 4] where (X) is a telescope including both non-recursive and recursive arguments. They are able to treat both kinds of arguments uniformly by working in a variation of cubical type theory where trans and hcomp are the primitive operations for all types while comp is derived, so that they can use trans8 to transport all the arguments at once. We have kept comp as the primitive in our (X) type theory, but we can reuse their description as long as we show how to transport the arguments for the constructors in our schema, i.e., provide a replacement for trans8 . (X)

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:36 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Γ Ξ Ψ Δ 8 Given a constructor declaration ( , , ,i,4) and X : I → we have to define transΓ Θ k (C, 0). [X8 ], Ξ[X 8 ],H (X 8) The Γ[X8] part of the telescope can be dealt with using comp, as shown in [Coquand et al. 2018] by the definition of ctrans: a transport operation derived from composition. We are left with hav- 8 ˜ ing to define transΘ k (C, 0) where C connects C to the result of transporting it. It is then Ξ[X8,C˜ [8 ]],H X 8 ˜ sufficient to show how to transport elements of (8) := Ξ: [X 8, C [8]] → H X8 for each Ξ: in Ξ. Here we follow the recipe for transport in function types [Huber 2017], like so 8 8 8 trans k 0 = _b.trans k (0 (ctrans ˜ k b)) (8) : H X8 : Ξ: [X (1−8),C [1−8 ]] where we make use of the fact that 0: (−) is a subtree of con(C, 0, 8) so it is well-founded to re- cursively transport. On top of the above, the transport operation commutes with homogeneous composition, as described in Sect. 3.2 of [Coquand et al. 2018].

A.6 Omied proofs Section 6 To prove Theorem 4, we need the following lemma giving an alternative description of the data of a composition structure. The lemma uses standard CwF notation writing p : Δ. → Δ for the projection out of a comprehension object, and (less standard) notation f. : Δ.[f] → Γ. if f : Δ → Γ for the functoriality of comprehension in the ﬁrst component deﬁned in the language of CwFs as (fp, q).

Lemma 11. Let Γ be global element of Ul and let : Γ → Ul . To give a composition structure on corresponds to giving, for each global element Δ of Ul and map f : Δ × I → Γ, an assignment expressed as the rule Δ ⊢ i : F Δ.I.[i [p]] ⊢ D : [fp] Δ ⊢ D4 : [f ◦(id,4)] Δ.[i] ⊢ D4 [p] = D[(idΔ, 4) .[i]]

Δ ⊢ 2f i D D4 : [f ◦(id, 1 − 4)] for each 4 ∈ {0, 1}, natural in Δ satisfying

Δ.[i]⊢(2f i D D4 )[p] = D[(id, 1 − 4) .[i]] Proof. Given 4, to give the part of isFib corresponding to 4 corresponds to giving ? : I → Γ ⊢ 2 : Comp 4 ( ◦ ?) in the model. This in turn corresponds to an assignment of morphisms g : Δ → (I → Γ) to terms X : Δ ⊢ 2g : Comp 4 ( ◦ g (X)) natural in Δ. By uncurrying, the latter corresponds to an assignment mapping f : Δ × I → Γ to X : Δ ⊢ 2f : Comp 4 ( ◦ f (X, −)), also natural in Δ. By further uncurrying the arguments to the composition operator and using similar naturality arguments in each case, we arrive at the description in the lemma. Proof of Theorem 4. By Lemma 11 it suﬃces to give an assignment mapping f : Δ × I → Γ to a rule Δ ⊢ i : F Δ.I.[i [p]] ⊢ D : (R)[fp] Δ ⊢ D4 : (R)[f ◦(id, 4)] Δ.[i] ⊢ D4 [p] = D[(idΔ,4) .[i]] Δ R : 1 ⊢ 2f i D D4 (R)[f ◦(id, − 4)] natural in Δ and satisfying the equality of Lemma 11. Using (R)[fp] = R([L(fp)]) the assumptions correspond to

L(Δ.I.[i [p]]) ⊢ D : [L(fp)] LΔ ⊢ D4 : [L(f ◦(id,4))] satisfying L(Δ.[i]) ⊢ D4 [Lp] = D[L((idΔ, 4) .[i])] (18)

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:37

Since L preserves cofibrations, by the notation introduced after Definition 6, L(Δ.I.[i [p]] L(Δ.I).[LF (i [p])] as subobjects of L(Δ.I). For simplicity we will leave this isomorphism implicit. Moreover, since L preserves finite products and the interval, there is an isomorphism bΔ : LΔ.I L(Δ.I) natural in Δ such that LΔ (id,4) L(id,4) (19) bΔ LΔ.I L(Δ.I)

Then, since L(fp) ◦ bΔ.[LF (i [p])] = L(f) ◦ bΔ ◦ p

L(Δ).I.[LF (i)[p]] ⊢ D [bΔ.[LF (i [p])]] : [L(f) ◦ bΔ][p] and by (19)

LΔ ⊢ D4 : [L(f) ◦ bΔ][(id,4)] We can therefore apply the composition structure for as in Lemma 11 in the case of !(f) ◦ bΔ : LΔ.I → LΓ, the coﬁbration LΔ ⊢ LF (i) : F, and the terms D[bΔ.[LF (i [p])]] and D4 , if only we can prove that LΔ.[LF (i)] ⊢ D4 [p] = D [bΔ.[LF (i [p])]][(idLΔ,4) .[LF (i)]] Up to the isomorphism LΔ.[LF (i)] L(Δ.[i]) the context projection p equals Lp, and so in context L(Δ.[i]) the left hand side reduces to D4 [Lp]. The right hand side reduces using (19) to D[L(idΔ,4) .LF (i)] which up to the isomorphism LΔ.[LF (i)] L(Δ.[i]) equals D[L((idΔ,4) .[i])], and so the required equality follows from (18). The composition structure for therefore gives Δ ⊢ F( ) [ ] : [ ( ) ◦ Δ ◦( 1 − )] L 2!(f)◦bΔ L i D . . . D4 ! f b id, 4 which, since [!(f) ◦ bΔ ◦(id, 1 − 4)] = [!(f ◦(id, 1 − 4))], corresponds to a term Δ R : 1 ⊢ 2f i D D4 (R)[f ◦(id, − 4)] To show the equality Δ R 1 .i ⊢ (2f i D D4 )[p] = D[(id, − 4) .[i]] is equivalent to showing

R L(Δ.i) ⊢ (2f i D D4 )[p] = D[(id, 1 − 4) .[i]] which up to the isomorphism L(Δ.i) LΔ.[LF (i)] corresponds to showing that the term Δ F F Δ F L .L (i)⊢(2!(f)◦bΔ L (i) D[b .[L (i [p])]] D4 )[p] (20) equals LΔ.LF (i) ⊢ D[L((id, 1 − 4)).[LF (i)]] (21) By the equality rule for the composition structure on , (20) equals

D[bΔ.[LF (i [p])]][(id, 1 − 4) .[LF (i)]] which equals (21) by (19). Lemma 12. The category Clk for Clk considered an object in PSh(T) has coproducts. Proof. The coproduct of∫ ((E; X), _) and ((E′; X ′), _′) is the object ((E′′; X ′′), _′′) where _′′ is fresh, E′′ is the disjoint union of E \ {_} and E′ \ {_′} and {_′′} and X ′′ agrees with X on E \ {_}, with X ′ on E′ \ {_′} and maps _′′ to the minimum of X(_) and X ′ (_′).

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:38 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

Proof of Theorem 5. It remains to verify that ◭ preserves finite products, the interval and cofibrations. Each component ◭ 1(, (E; X), _) of ◭ 1 is easily seen to be inhabited. If (f, ★) and (g, ★) are two elements of ◭ 1(, (E; X), _), then both of these are related under the equivalence relation used in the definition of ◭ to ([f,g], ★), where [f,g] is the copairing of f and g out of the coproduct of their domains, which exists by Lemma 12. So ◭ preserves the terminal object. Writing [(f, (G,~))] for the equivalence class represented by (f, (G,~)), the map ◭( × )(, (E; X), _)→(◭ × ◭ )(, (E; X), _) maps [(f, (G,~))] to ([(f, G)], [(f,~)]). The inverse maps ([(f, G)], [(g,~)]) to [([f,g], (inl(G), inr(~)))]. For the interval, the map p◭ : ◭ I → I, which (as decribed in the main text) is defined as p◭ (f, G) = (id, f) · G has an inverse which at (, (E; X), _) maps G ∈ I() to (f, G) where f : (E; X ′)→(E; X) is tracked by the identity and X ′ agrees with X everywhere except at _ where it is one higher. This clearly preserves endpoints. For cofibrations, we first show that ◭ preserves pullbacks of cofibrations. Suppose that the diagram on the left below is a pullback with 8 and 9 cofibrations.

◭ 0 0 ◭ ◭ 9 8 ◭ 9 ◭ 8 ◭ 1 ◭ 1 ◭ We must show that also the diagram in the right is a pullback. Since F is constant in the time dimension, it follows, since 8 is a ﬁbration that any naturality square of the form

(id,f)·(−) (, (E; X), _) (, (E′; X ′), _′)

8 8 (id,f)·(−) (, (E; X), _) (, (E′; X ′), _′) is a pullback. From this it follows that the square on the right below is a pullback diagram.

◭ p◭ ◭ 0 ◭ ◭ 9 ◭ 8 8 ◭ p◭ ◭ 1 ◭ By the pullback pasting diagram it therefore suﬃces to show that the outer diagram is a pullback, which follows again by the pullback pasting diagram applied to

p◭ ◭ 0 ◭ 9 9 8 p◭ ◭ 1 and naturality of p◭. Suppose now that j : → F classifies the cofibration 8 : → . A similar argument to the one above for I shows that p◭ : ◭ F → F is an isomorphism, which preserves truth. Then p◭ ◦ ◭(j) classifies ◭ 8, so also ◭8 is a cofibration.

A.6.1 Interpreting ticks and tick application.

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:39

Proof of Lemma 6. As noted in the proof of Theorem 5, cofibrations over Γ are constant in the time dimension in the sense that for any f : ((E; X), _)→((E′; X ′), _′) the map (id, f) · (−) : (W) → ((id, f)· W) is an isomorphism. This means that the inverse to the map of the lemma can be defined to map ′ ′ ((f,W) ,0) ∈ ((◭ Γ).[p◭])(, (E; X), _) to [(f, (W,0 ))] ∈ ◭(Γ.)(, (E; X), _) where 0 is the ′ unique element such that (id , f)· 0 = 0. A similar argument applies in the case of I. In the case of Clk, first note that ◭(Γ.Clk) = ◭(Γ × Clk) ◭ Γ × ◭ Clk since, as we saw in the proof of Theorem 5, ◭ preserves finite products. It thus suffices to show that Clk ◭ Clk. To prove this, we first prove that any element in ◭(Clk)(, (E; X), _) can be represented on the form (id,^), for id : ((E; X + 1), _) → ((E; X), _) and ^ ∈ E. Here X + 1 is the composition of X with the successor function. This is true, because an element represented by (f,^) where f : ((E′; X ′), _′) → ((E; X), _) and ^ ∈ E′ is equivalent to the element given by (f,^) where f now is considered a map from ((E′; X ′ + 1), _′) to ((E; X), _). This element is in turn equivalent to (id, f (^)) as required. As a consequence, we can define an inverse to p◭ to map ^ ∈ Clk((E; X), _) to [(id,^)]. The last statement of the lemma now follows by induction on Γ′. Before proving Lemma 7 we first give an alternative description of ◭= similar to the explicit description for ◭ itself. Lemma 13. Let = ≤ 0. Up to isomorphism, the functor ◭= maps Γ to the presheaf whose elements at ′ ′ ′ (, (E; X), _) are equivalence classes of pairs (f, G) such that (id , f) : (, (E ; X ), _ )→(, (E; X), _) with X ′ (_′) ≥ X(_)+= and G ∈ Γ(, (E′; X ′), _′) considered up to the equivalence relation ∼ generated =+1 = by (fg,G)∼(f, (id,g)· G). The projection p◭ : ◭ → ◭ maps [(f, G)] to [(f, G)]. We omit the routine proof of this, which is by induction on =.

= = Proof of Lemma 7. Suppose U : ◭ → ◭ is such that p◭ ◦ U = p◭. We will show that U ([(f, G)]) = ([(f, G)]) for any [(f, G)] ∈(◭= Γ)(, (E; X), _). First consider the case of a representable object Γ = ~(, (E′; X ′), _′), and an elementof the form = ′ ′ ′ ′ ′ ′ ([(f, id)]) ∈ ◭ (~(, (E ; X ), _ ))(, (E; X), _). That is, (id , f) : (, (E ; X ), _ )→(, (E; X), _) and X ′ (_′) ≥ X(_)+= and id is the identity on (, (E′; X ′), _′) which is an element of~(, (E′; X ′), _′). = Then U ([(f, id)]) mustbeontheform ([(g, d)]), and since p◭ ([(g, d)]) = (id ,g)◦d and p◭ ([(f, id)]) = ′ (id , f), the assumption implies (id ,g)◦d = (id , f), and in particular that d isonthe form (id , d ). Therefore ′ ′ ′ U ([(f, id)]) = [(g, (id , d ))] = [(g, (id , d )· id)] = [(gd , id)] = [(f, id)] Now, consider a general [(f, G)] ∈ (◭= Γ)(, (E; X), _). That is, (id, f) : (, (E′; X ′), _′) → (, (E; X), _) and X ′ (_′) ≥ X(_) + = and G ∈ Γ(, (E′; X ′), _′). Let W : ~(, (E′; X ′), _′) → Γ be the element corresponding to G by the yoneda lemma, i.e., W (5 , f) = (5 , f)· G. Then U ([(f, G)]) = U ([(f,W (id))]) = U (◭= (W)[(f, id)]) = ◭(W)(U ([(f, id)])) = ◭(W)([(f, id)]) = [(f, G)]

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:40 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

For the second statement of the theorem, recall that [Mannaa et al. 2020, Proposition 7.1] states = = that p◭ : ◭(Γ.Clk) → Γ.Clk is an isomorphism. Therefore, also the projection p◭ : ◭ (Γ.Clk) → Γ.Clk is an isomorphism, from which the statement follows.

A.7 Semantics for HITs We provide semantics for any HIT definable in the schema with a direct generalization of the method employed in [Coquand et al. 2018]. To each HIT signature given we associate a notion of algebra. An initial such algebra is then constructed and shown to support the necessary structure to model the HIT. For this section we denote objects of the time category by G, G ′,... to avoid notational clashes. Reflecting the syntax of higher inductive types, we will work with homogeneous composition and transport separately. The semantic counterpoint to hcomp is the notion of a fibrancy structure. A fibrancy structure for a type global type is an operation taking a face i : F, an element D0 : I and a partial path ? : defined on the extent i and equal to D0 at the endpoint 0 : I. It then produces an element ℎ (i,D0,D) : which is equal to D(1) on extent i. Consider a list of constructors Δ ⊢ K constrs, consisting of constructors (ℓ8, (Γ8 ; Ξ8; Ψ8 ; i8; 48 )) ∈ K for each 1 ≤ 8 ≤ =, and let Δ′ ⊢ X : Δ .A K,X-algebra is a presheaf ∈ PSh(C × T)/Δ′ with Γ Ξ Ψ a fibrancy structure ℎ, and for each (ℓ8, ( 8; 8; 8 ; i8 ; 48)) semantic constructors 28 . A semantic Π Γ Ξ Ψ constructor is a map 28 : (W : 8 (XJ)).K( 8 (X,W) → ) → → . Given such 28 ’s, we can interpret the boundary conditions given by the constructors, and the semantic constructors are subject to the boundary coherenceJ K conditionsJ K generated by thisJ intK erpretation. As in the syntax, we define the semantic boundary interpretation k−k by induction over the grammar for these terms. We denote the list of constructors in K before the 8’th constructor by K<8 , and the list of semantic constructors for these by <8 . The boundary coherence condition = states that 28 (W,\, 8) k"8,9 k<8 (W,\, 8) when i8,9 (8), which is the direct interpretation of the partial element [i8,0 k"8,0 k,...,i8,= k"8,= k]. We define the boundary interpretation for the remaining grammar as follows: = kG8 (D(W,\,8))k<8 \8 id,JDK = kcon9 (C, _b.#, 8)k<8 2 9 ( C , _b.k# k<8 , 8 ) J K khcomp[i 7→ D] D0 k<8 = ℎ (i, kD0 k<8 , kDk<8 ) A morphism of K,X-algebras 5 : → is a natural transformationJ K J preservingK all K, X-algebra = structure up to equality. For constructors this means that 5 (28 (W,\,A)) 28 (W, 5 ◦ \,A). We will now define a presheaf ?A4, and carve out the initial K,X-algebra as a subpresheaf ⊂ ?A4 following the construction exemplified in [Coquand et al. 2018]. Let d ∈ Δ (, G). The presheaf ?A4 consists of formal constructor elements, and formal solutions to composition ?A4 problems. Concretely, (,G,d) will contain elements of two forms: Firstly formal constructorJ K s 2>=8 (W,\,A), where W ∈ Γ8 (,G,d), A ∈ Ψ (,G,d), i8 (,A) ≠ 1F, and \ is a family indexed by ′ ′ ?A4 ′ 5 : (, G)→( , G ) and an element b ∈ Ξ8,9 ( , G , 5 · d, 5 · W) of elements of ( , G , 5 · d, 5 ·W). F ?A4 Secondly hcomp elementsJ K of the form hcompJ K [k 7→ DJ] DK0 where k ≠ 1 ∈ (),D0 ∈ (,G,d) C I and D is a family indexed by pairs of aJ mapK 5 : → in , such that 5 · i = 1F, and A ∈ ( ) ?A4 ?A4 of elements D5 ,A ∈ ( ,G, (5 , id)· d). To define the action of on morphisms, we first need to give interpretations of boundary terms. While this is not formally the same case as for general algebras, the interpretation follows the same structure and so we leave out the definition here. We denote this boundary interpretation in ?A4 again by k−k, owing to the fact that when the definition is complete, the two will coincide. Let 6 : (, G)→( , G ′). We define the action on elements on ?A4 as follows:

, Vol. 1, No. 1, Article 1. Publication date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:41

?A4 (6)(2>=8 (C, 0, A)) :=

k"(6 · C,6.0,6 · A)k if i8 (6 · A) (2>=8 (6 · C,6.0,6 · A) else ?A4 (6)(hcomp[k 7→ D]D0) :=

D6,1 if k (6 · A) (hcomp[6 · k 7→ 6.D](6 · D0) else

Here 6.0 is given by (6.0)8,5 ,b = 08,5 6,b , 6.D is D similarly reindexed by the cubical component of 6 and is list of constructors 2>=8 on which the boundary interpretation is based. Now we carve out those elements where the families taken as input are natural. This means that we include elements 2>=8 (W,\,A) where each \ 5 ,b is in and \65 ,6·b = 6 ·\ 5 ,b . Additionally, we include those hcomp[k 7→ D] D0 elements where D0 and each D5 ,A is in , D65 ,(6,id) ·A = (6, id)· D5 ,A and (5 , id)· D0 = D5 ,0 for suitable maps 5 such that 5 · k = 1F. Lemma 14. The presheaf is the initial K,X-algebra for each X : Δ. As a consequence, it has a unique map to any cubical type with the structure of a K,X-algebra.

Proof. Let bea K, X-algebra with fibrancy structure ℎ and constructors semantic 28 . We are tasked with producing a natural transformation 4 : → , and we define 4(D) by induction on the structure of D: In the case where D = 2>=8 (C, 0, A), we define 4(D) := 28 (C, 4(0), A), and in the case D = hcomp[i 7→ D]D0 we define 4(D) := ℎ (i, 4(D), 4(D0)). In both cases, 4(G) is 4 applied levelwise to the family G. While making this definition, we have to verify naturality at each stage, which follows in each case from the conditions on the 28 ’s or the computational behaviour of the fibrancy structures. Lemma 15. The presheaf carries a composition structure.

The proof of this lemma uses the fact that Δ, Γ8 and Ξ8,9 all carry transport structures. Given those we deﬁne a transport structure on by initiality, following the syntactic description of the action of trans on constructors in Section A.5. Combining this with the homogeneous composition structure we conclude the proof by Lemma 5 of [Coquand et al. 2018]. Proposition 1. The presheaf supports the dependent elimination principle of H. This follows from Lemma 14 as in [Coquand et al. 2018]. In addition to Lemma 15 and Proposition 1, we need to verify that supports the formation and introduction rules, as well as the judgemental equalities These veriﬁcations are routine.

A.8 Verification of the principle of induction under clocks Proof of Theorem 6. The semantics of clock quantiﬁcation of is given by the semantic Π over the clock object, ΠClk. . It is shown in [Bizjak and Møgelberg 2020] this is equivalent at ,G,d to the limit lim (, G + _=, ] · d, _) J K = _ with structure maps given by the map tick : (, G + _=+1)→ (, G + _=). Here (E, 5 ) + _= = J K (E ∪ {_}, 5 [_ 7→ =]). The map tick_ is given by the identity maps, so it can be viewed as letting a single time step pass on the clock _. Nominally such a family depends on the choice of fresh clock ′ _, but of course this dependence goes away since we have isomorphisms G + _= G + _= in the

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:42 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi time category. Hence we will suppress the change of _, as long as these are fresh meaning that the environment variable is of the form ] · d. The action of morphisms on HIT’s in the model can only change the constructor type by acting on the cube component. As a consequence of this, the structure of elements in ∀^.H (X [^]) are determined at each level by their structure at 0. Δ Γ It is suﬃcient to work with 3 : ∀^. (, G), with the proof for general followingJ by pullingK back along the term Γ ⊢ 3 : ∀^.Δ. We start by making explicit the data of the assumed terms D8 . The input to a D8 is as follows: J K (a) We have a family C = (C=) ∈ ∀^.Γ8 [^] (,G,3). 9 (b) For each 9 we have a family 0 = (0=) ∈ ∀^.Ξ8,9 [X [^],W [^]] → H (X [^]) (,G,3,C). This ′ can be further unfolded as follows:J WeK have for each =, 5 : (, G + _=)→( , G ) and J ′ K I ∈ Ξ8,9 [X [^],W [^]] ( , G , 5 · 3=, 5 · C=, 5 (_)) 9 ′ an element 0 ∈ H (X [^]) ( , G , 5 · 3=, 5 (_)). =,5 ,I J K (c) The next family is indexed by 9 as above, a morphism 6 : (, G)→( , G ′) and a family ′ I := (I=) ∈ ∀^.Ξ8,9J [X [^],W K[^]] ( , G ,6 · 3,6 · C). Note here that this means we have a family ℎ := (ℎ ) ∈ ∀^.H (X [^]) ( , G ′,6 · 3) given by ℎ := 0 9 . We then have an = = =,6+_=,I= 9 ′ element 1=,I ∈J ( , G ,6 · 3,ℎ), andK we denote the family by 1. (d) An element A ∈ Ψ8 ()J. K When given this, weJ haveK an element

(con8 (C=,0=,A))= ∈ ∀^.H (X [^]) (,G,3) and we assume that we can inhabit over this element, i.e., that we have J K D8 (C,0,1,A) ∈ (,G,3, (con8 (C=,0=,A))=). We need to inhabit at an arbitrary element ℎ ∈ ∀^.H (X [^]) (,G,3). Observe that the structure of the family ℎ is completelyJ determinedK by the structure of ℎ0. This holds because the family is compatibleJ withK the tick maps, and these areJ trivial in theK cube component which means in particular that they cannot change the outer constructor of an element of the HIT. This means that we only have to inhabit it at families either of the form (con8 (C=, 0=,A)) or of the form = = (hcomp[i 7→ D ] D0 ). We can do this by induction on the structure, since it is the same for each component of the family, and can therefore assume that we can inhabit at structurally simpler families. Explicitly, the induction is done on the structure of the 0 componentin the family, so that ′ ′ the inductive hypothesis says that whenever we have a family (ℎ=) suchJ K that ℎ0 is structurally simpler than ℎ0, we can inhabit over this family. We denote the element over a family ℎ by U (ℎ). We consider ﬁrst the case whereJ K we are given a family

(con8 (C=,0=,A))= ∈ ∀^.H (X [^]) (,G,3).

Note that (C=) is forced to be compatible with tick maps and that A is constant. This means that we J K have (C=)= ∈ ∀^.Γ8 [X [^]] (,G,3) and A ∈ Ψ(), and we have the data of (a) and (d). The implied 9 ′ ′ typing of 0= is a family over 5 : (, G + _=)→( , G ) and I ∈ Ξ8,9 [X [^],W [^]] ( , G , 5 · 3=, 5 · 9 ′ C=, 5 (_)) of elementsJ 0=,5 ,IK ∈ H (X [^]) ( , G , 5 · 3=, 5 (_)). This is exactly the typing of (b), so we need only to construct the family in (c). We need this to beJ a family over 6 :K(, G)→( , G ′) ′ and I := (I=) ∈ ∀^.Ξ8,9 [X [^J],W [^]] (K , G ,6 · 3,6 · C). Given this, we again deﬁne the family ℎ := (ℎ ) ∈ ∀^.H (X [^]) ( , G ′,6 · 3) by ℎ := 0 9 . Note that this family is compatible with = = =,6+_=,I= J K , Vol. 1, No. 1, ArticleJ 1. PublicationK date: August 2021. Greatest HITs: Higher inductive types in coinductive definitions via induction under clocks 1:43

′ ticks, and hence we obtain U ((ℎ=)) 8= ( , G ,6 · 3,ℎ) by inductive hypothesis, since ℎ0 is given by a component of the structurally simpler 0. We deﬁne

U ((con8 (C=J,0K=,A))=) = D8 (C,0,U ((ℎ=)),A). Consider now the hcomp case. Since is a type, it carries a composition structure. The strat- egy for inhabiting will be to construct an appropriate composition problem and apply the in- = = ductive hypothesis. Consider a family ℎ =J (Khcomp[i 7→ D ] D0 ) ∈ ∀^.H (X [^]) (,G,3). Here the Ψ implicit typing is asJ follows:K For each =,we have foreach 5 : → such that 5 ·i = ⊤ and B ∈ ( ) = = an element D5 ,B ∈ H (X [^]) ( , G + _=, 5 · 3=, _) and an element DJ0 ∈ H (X [^])K ( , G + _=,3=, _). = The D0 family has the right shape for us to employ our induction hypothesis to inhabit over it. Because the shapeJ of 5 andK B does not depend on the time component,J we alsoK have for each 5 = a family in = given by (D5 ,B ). All these families have 0 component structurally simpler, heJ nceK we = = = can inhabit over each of them by U ((D0 )) and U ((D5 ,8 )). We will write U ((D )) for the fam- = = = = ily given at 5,8 by U ((D5 ,8 )). We can then define U (ℎ) comp [E] [i 7→ U ((D ))] U ((D0 )) where = = E = (hfillJH XJ[^ ]KK [i 7→ D ] D0 ). It must be verified that U is natural in morphisms of the category while defining it. Both because we need U to be natural for the desired conclusion and because the recursive calls used to define U require it. Let 5 : (, G)→( , G ′). Naturality means that 5 · U (ℎ) = U (5 · ℎ), which unfolds as follows:

• Consider a family ℎ = (con8 (C=,0=,A)). By deﬁnition U (ℎ) = D8 (C,0,1,A) where 16,I = U ((0 9 )). If 5 does not trigger a boundary condition for con we have =,6+_=,I= 8

5 · U (ℎ) = D8 (5 · C,5.0,5.1,5 · A) and

(5 · ℎ)= = con8 ((5 + _=)· C=, (5 + _=).0=, (5 + _=)· A).

Recall here that 6.0= is deﬁned to be the family 0= is given by composing the map index with ′ 6 and acting on the input index. Applying U to this yieldsD8 (((5 +_=)·C=), ((5 +_=).0=),1 , 5 ·A) ′ where 1 is deﬁned from ((5 + _=).0=) as above, i.e., ′ = 16,I U ((((5 + _=).0)=,6+_=,I= )).

By definition of the morphism action on a limit we have ((5 + _=) · C=) = 5 ·(C=) and ((5 +_=).0=) = 5 .(0=). The action of 5 and 5 +_= are the same on A, since they have the same cubical component. It remains to argue that 5 .1 coincides with the 1′ defined from the family 5 .0, which already a part of the naturality of the D8’s. We check this componentwise for the ′ family, so we have to show that (5 .1)6,I = 16,I. The left hand side is by definition equal to 1 = U ((0 9 )), while the right hand side is equal to U ((((5 + _ ).0) 9 )). 65,5 ·I =,65 +_=,(5 +_= ) ·I= = 6+_=,I= Unfolding the right hand side we get U (((0) 9 )), which is the same as the (6+_= ) (5 +_= ),(5 +_= ) ·I= left hand side since (6 + _=)(5 + _=) = 65 + _=. If 5 triggers a boundary condition of con8 we have by assumption that = = X 5 · U (ℎ) 5 · D8 (C,0,1,A) 4 E,G 7→~ (5 · C, 5 · 0, 5 · 1, 5 · A)

where 4 is the boundary term of con8 . On the other hand, the structure of H means that U (5 ·ℎ) = U ((k4k((5 +_=)·C=, (5 +_=).0=JL, (5M+_=)·KA)) where k4k is the boundary evaluation for H (X [^]). Equality of these two can be shown by induction on the structure of 4. = = = = • Consider a familyℎ = (hcomp[i 7→ D ] D0 ). By deﬁnition U (ℎ) = comp [E] [i 7→ U ((D ))] U ((D0 )). If 5 does not make i true we have to verify that = = 5 · comp [E] [i 7→ U ((D ))] U ((D0 )) = U (5 · ℎ).

, Vol. 1, No. 1, Article 1. Publication date: August 2021. 1:44 MagnusBaunsgaardKristensen,RasmusEjlersMøgelberg, and Andrea Vezzosi

We unfold the right hand side: = = U (5 · ℎ) = U ((hcomp[5 · i 7→ (5 + _=).D ](5 + _=)· D0 )) = = = comp [5 ·E] [5 · i 7→ U (((5 + _=).D ))] U (((5 + _=)· D0 )) = = = comp [5 ·E] [5 · i 7→ 5 .U ((D ))] 5 · U ((D0 )) = = = 5 · comp [E] [i 7→ U ((D ))] U ((D0 )) The second to last step above follows by the inductive hypothesis that U is natural on simpler families, and the last line is exactly the left hand side of the original equation. If 5 makes i true, both composition in and hcomp reduce to appropriate components of = = = = 1 the input, i.e., we have U (5 ·ℎ) U ((D (5 +_),1)) and 5 ·U (ℎ) U ((D ))5 , for the right and left = hand sides of the equality we are trying to show. These agree by deﬁnition of U ((D ))5 ,1. This means that U assembles into a term of over Γ.∀^.H (X [^]) as desired. It is moreover clear from the deﬁnition of U that it will validate the computation rules of the induction principle, since the value on constructor families was givenJ K directlyJ by the appropriateK D8 and the value on hcomp families was given by the appropriate composition in .

, Vol. 1, No. 1, Article 1. Publication date: August 2021.