arXiv:2005.07059v2 [cs.LO] 6 Jan 2021 01Cprgthl yteonrato() ulcto rights Publication owner/author(s). the by held Copyright 2021 © edcmn u oko ovn hsdlma h for- The dilemma. this solving on work our document We C eeec Format: Reference ACM C SN978-1-4503-8299-1/21/01...$15.00 ISBN ACM h eeaiyadpraieeso aeoyter nmod- in theory of pervasiveness and generality The btatn ihcei spritd ocp tews,o republis or otherwise, copy To permitted. is credit with Abstracting hoyi ga In Agda. in Theory hr aebe ayfraiain fctgr hoy[ theory category of formalizations many been have There 16 ao .S uadJcusCrte 01 omlzn Catego Formalizing 2021. Carette. Jacques and Hu S. Z. Jason oACM. to Denmark Virtual, 2021, 18–19, January ’21, [email protected]. CPP from permissions specific Request prior fee. requires a lists, to and/or redistribute to or servers on post C Concepts: CCS type possible. supported as of Agda many in as theories with compatible being as library, well standard as own Agda’s with that well so integrates issues library engineering the to attention close oth- pay than also level” We polymorphic ers. “universe more different being some make with to assumptions, out stan- turn in more textbooks equivalent theory dard as type regarded Agda’s definitions “fit” Some can as smoothly. textbooks well standard as alter- in advantageous, or found be definitions those alternative from picked. proofs that we native find ones the we explain particular, choices, and In motivate design present, potential we of and number a revealed malization theory. not category does of 2020) formalization in working (i.e. standard, currently a Agda have reasons. for of formalize, variety to a challenging quite however for- is of target It useful malization. and frequent a it makes ern Abstract hps://doi.org/10.1145/3437992.3439922 hono be must author(s) the fo than Copyrights others page. by first owned the work on this citation of full ponents c the f that and work and notice advantage this this commercial cop or bear of that profit provided part for fee distributed or or without made all granted not of is use copies classroom hard or or personal digital make to Permission 21 Introduction 1 Keywords: ory ay1–9 01 ita,Denmark. ’21) Virtual, (CPP 2021, Proofs 18–19, and Programs uary Certified on Conference tional nmn ieetpofassat,oe oeta 25 than more over assistants, proof different many in ] pages. ; oi n verification and Logic hps://doi.org/10.1145/3437992.3439922 ga aeoyter,fra mathematics formal theory, category Agda, • rceig fte1t C IPA Interna- SIGPLAN ACM 10th the of Proceedings hoyo computation of Theory omlzn aeoyTer nAgda in Theory Category Formalizing [email protected] otél ubc Canada Québec, Montréal, cilUniversity McGill ao .S Hu S. Z. Jason . C,NwYr,N,USA, NY, York, New ACM, → yethe- Type permission licensed e are ies com- r Jan- , opies ,to h, red. ry or 7 , ga reyavailable freely Agda, eso ste atya“ot ftepeiu n ocur- to one previous the of “port” a partly then is version aiu te flvus fctgr hoyb supporting by theory category of “flavours” other various 1 h od aeoyter irr o ga[ Agda for library theory category “old” the necessary. becomes assistant proof favourite n tbefraiaini the in formalization stable a ing iei h s fctgr hoya oli optrsci- computer of in tool advent a the as with theory and category ence, of use [ the in results rise the us- of the effectiveness on and effects drastic ability have can that many decisions involve non-trivial to and formalization to amenable quite be both de- simply were decisions. were others sign some finally while decisions, stances, pragmatic philosophical were others system, host body [ years irre nohrsses ial,w ocuei Section in conclude we Finally, systems. other in libraries way. alternative an in concepts Section find In to us drives relevance as Section concepts In and types. laws record extra requiring (not) polymorphism, be- universe rationale hom-, the proof-relevance, discuss non-strictness, We hind choices. design global our cuss [ Agda as tunately, cec sus nSection In issues. ficiency oelrecagsi design. in changes including large refactored, heavily some also but new Agda, of This versions rent on. relies the- library the the revise which and variables foundation generalized oretical like 2.6+ introduced Agda features language in use also ef- while formalization possible, much as as fort preserve to docu- wanted will also we We which ment. — implementation earlier the of cisions order. in was version viable, longer new no a was library that that clear patch became to it continuing simply As working. stopped eventually simply and library well-supported, the longer no were library that ae ro-eeatctgr theory category proof-relevant based ieyrual n okn irr fctgr hoyin theory category of library working and for reusable decisions widely design a of engi- coherent main a Our is . contribution neering and definitions of number large a at u ore tre steatoswr rigt keep to trying were authors the as started journey Our aeoyter sotnpce sacalne si is it as challenge, a as picked often is theory Category u rnia hoeia otiuini oso that show to is contribution theoretical principal Our de- design various revisit to opportunity the us gave This hsppri tutrda olw.I Section In follows. as structured is paper This hps://github.com/agda/agda-categories choices 4 , 16 4 , edsusohrdsg eiin n oeef- some and decisions design other discuss we , 18 oewr ocdb h min oi fthe of logic ambient the by forced were some ; aitn nai,Canada Ontario, Hamilton, , 24 care[email protected] catrUniversity McMaster , aqe Carette Jacques 26 3 vle,sm ftefaue sdin used features the of some evolved, ] , 1 28 . – 3 egv xmlso o proof- how on examples give we , 30 5 , ecmaectgr theory category compare we , 32 applied , 35 tnadlibrary standard , 37 ok uta elas well as just works aeoyter,hav- theory, category t..Alo hmem- them of All etc.]. , 16 .Wt h rapid the With ]. 26 lv.Unfor- alive. ] 2 edis- we , fone’s of - 6 . CPP ’21, January 18–19, 2021, Virtual, Denmark Jason Z. S. Hu and Jacques Caree

For reasons of space, we have to make some assumptions 2.2 Which ? of our readership, namely that they are familiar with: Category theory is often presented as a single theory, but 1. category theory, there are in fact a wealth of flavours: set-theoretic, where 2. dependent , a category has a single hom-set equipped with source and 3. formalization, and target maps; ETCS-style [20], where there are no objects at 4. proof assistants (e.g. familiarity with Agda and a pass- all; dependently-typed, where hom-“sets” are parametrized ing knowledge of other systems). by two objects; proof-irrelevant, where the associativity and identity laws are considered to be unique [4, 16, 26, 35]; 2 Design Choices setoid-based, where each category relies on a local notion of equivalence of hom-sets rather than relying on a global Choices arise from both the system and its logic, as well as relation [26, 37]. There are also questions of being from the domain itself. strict or weak, whether to do 1-categories, =-categories or even ∞-categories. What to choose? 2.1 Fitting with Agda Standard textbooks often define a category as follows: The previous formalization [26] was done in a much older Agda, with a seriously under-developed standard library. To Definition 2.1. A category C consists of the following data:

better fit with modern Agda, we choose to: 1. a collection of objects, C0, 1. use dependent types, 2. a collection of , C1, between two objects. 2. be constructive, We use 5 :  ⇒  to denote the 5 ∈ C1 is 3. re-use as much of the standard library [12] as possible, between objects  and , 4. use the naming convention of its standard library when- 3. for each object , we have an identity morphism 1 : ever meaningful,  ⇒ , and 5. use the variable generalization feature for levels and 4. morphism composition ◦ composing two morphisms categories, 5 :  ⇒  and 6 :  ⇒  into another morphism 6. try to fit with as many modes of Agda as possible. 5 ◦ 6 :  ⇒ . The first two requirements are natural, as choosing oth- These must satisfy the following laws: erwise would create a clash of philosophy between the sys- 1. identity: for any morphism 5 :  ⇒ , we have 5 ◦ tem and one of its libraries. The next two are just good soft- 1 = 5 = 1 ◦ 5 , and ware engineering, while the fifth is mere convenience. Note 2. associativity: for any three morphisms 5 , 6 and ℎ, we that re-using the standard library pushes us towards setoids have (5 ◦ 6) ◦ ℎ = 5 ◦(6 ◦ ℎ). (more on that later) as its formalization of algebra uses them extensively. Embedded in the above definition are a variety of deci- The last requirement is more subtle: we want to allow sions, and we will use these as a running example to explain others to use alternative systems or make postulates if they ours. wish, and still be able to use our library. This means that we 2.2.1 Collections. The first item to notice is the use of need to avoid using features that are incompatible with sup- collection rather than set or type. Textbooks tend to do this ported systems in Agda. For example, when added to Martin- to side-step “size” issues, and then define various kinds of Löf Type Theory (MLTT) [23], axiom K [31], equivalent to categories depending on whether each of the collections (ob- Uniqueness of Identity Proofs (UIP), creates a propositionally jects, all morphisms, all morphisms given a pair of objects) extensional type theory incompatible with univalence [33]. is “small”, i.e. a set. This matters because a number of con- Thus Agda has options such as --without-K [10] to access structions in category theory produce large results. the intensional type theory MLTT, and conversely --with- We define collections of objects to be types, with no further K to turn on axiom K. Separately, there is cubical type the- assumptions or requirements. We do know that in MLTT ory(--cubical)[34] which implements a computational in- types are well modeled by ∞- [17, 36] — so wouldn’t terpretation of homotopy type theory (HoTT) [33] and sup- this higher structure be a problem? No! This is because we ports univalence. Intensional type theory is compatible with never look at it, i.e. we never look at the identity type (or both options of --with-K and --cubical, and thus if we their identity types) of objects. build our library using --without-K, it can be maximally The collection of morphisms is trickier, and splits into: re-used. This further implies that we have to avoid proposi- tional equality as much as possible, as pure MLTT gives us 1. Is there a single collection of morphisms? very few tools to work with it. We additionally turn on the 2. What about equality of morphisms? --safe option to avoid possible misuses of certain features The first item will be treated here, the second in subsec- which could lead to logical inconsistencies. tion 2.2.3. Formalizing Category Theory in Agda CPP ’21, January 18–19, 2021, Virtual, Denmark

If we try to put all the morphisms of certain categories (e.g. function ), while many categories have together in a single collection, size issues arise, but there is (structured) functions as morphisms. The third case is a plau- also another issue: if we consider composition as a function sible option, because UIP relieves us from reasoning about of pairs of morphisms, then this function is partial. Luck- equality between equalities due to UIP and reduces the issue ily, our dependent type theory allows one to side-step both to familiar set theory. Nonetheless, the --with-K mode and issues at the same time: rather than a single collection of the --cubical mode approach UIP in different ways and it morphisms, we have a (dependently-typed) family of mor- is not immediate to us how to organize the library so that phisms, one for each pair of objects. In category theory, one it is compatible with both. Thus this option, though very rarely considers the “complete collection” of all morphisms. interesting, seems to clash with our original motivation. This solves the composition problem too, as we can only For these reasons, we chose to work with setoids. Ear- compose morphisms that have the right type, leading to the lier formalizations of category theory in type theory already following (partial) definition: used setoids [2, 18, 26, 37], which associate an equivalence record Category : Set where relation to each type. This generalizes “hom-sets” to “hom- field setoids”, i.e. the definition of category is augmented as fol- Obj : Set lows: _⇒_ : (A B : Obj) → Set _≈_: ∀ {AB} → (f g : A ⇒ B) → Set _◦_: ∀ {ABC} → B ⇒ C → A ⇒ B → A ⇒ C equiv : ∀ {AB} → IsEquivalence (_≈_{A}{B}) In both types, A and B are objects in the current category. 2.2.2 Strictness. Traditional textbooks tend to implicitly IsEquivalence is a predicate provided by the standard li- assume that collections are somewhat still set-like, in that brary that expresses that _≈_ is an . Fur- equality is taken for granted, i.e. that it always makes sense thermore, composition must respect this equivalence rela- to ask whether two items from a collection are equal. Not tion, which we can express as3: just that it always makes sense, but that the underlying meta- theory will always answer such queries in finite time2. ◦-resp-≈ : f ≈ h → g ≈ i → f ◦ g ≈ h ◦ i The Principle of Isomorphism [22] already tells us that we Note that _≈_ can be specialized to _≡_ to work in other should not assume that we have any relation on objects settings such as cubical type theory. other than the one given by categorical principles (isomor- We explicitly do not assume that two witnesses of phism); a related Principle of Equivalence [5] can be stated _≈_ are equivalent, making our setoids proof relevant. Proof- formally in the context of homotopy type theory. That we relevance is a significant difference between this library and normally do not have, and should not assume, such a rela- the previous one [26], which relied heavily on irrelevant ar- tion have motivated some to create the concept of a strict guments [1]. In particular, all of the proof obligations (for category, where we have given ourselves the ability to com- example left and right identities, and associativity in the pare objects for equality. Classically, sets have equality de- case of a category) were marked irrelevant in [26], making fined as a total relation, so that this comes “for free”. In other these proofs “unique” by fiat. Thus two categories that dif- words, given two elements G,~ of a set (, in set theory it al- fered only in their proofs were automatically regarded as ways makes sense to “ask” the question G = ~, and this has (definitionally) equal. Ignoring the details of proofs is conve- a boolean answer. This is one reason why it took a while nient — but unfortunately irrelevant arguments are not part for the Principle of Equivalence to emerge as meaningful. of MLTT. Worse yet, they are not a stable, well-maintained As global extensionality is hard to mechanize in MLTT, it is feature in Agda, so we refrained from using this feature in simplest to forgo having an equality relation on objects at our library. all. We gain other improvements over the previous library by having hom-setoids proof-relevant. In [26], due to irrel- 2.2.3 Proof-relevant Setoids. In Definition 2.1, equality evance, the content of _≈_ is ignored. However, this is not of morphisms is also taken for granted. The laws use equal- necessarily coherent under all settings. For example, when ity, blithely assume that the meta-theory defines it. In MLTT, defining the (large) category of all categories, with proof rel- which equality we use matters. Usually, there are three op- evance, we can use natural isomorphisms as equivalence be- tions: local equality (setoids), propositional equality in in- tween . In other words, in our setting, the “natural” tensional type theory (_≡_), and propositional equality with definition of the (large) category of all categories is a cate- UIP. gory,wedo notneedtomove up to2−categories. The previ- Propositional equality does not work very well in MLTT ous library, contrarily, must use heterogeneous equality for without further properties or axioms to deal with functions equivalence between functors, which subsequently required

2That we should not ask whether two objects are equal is an is- 3We use variable generalization to leave implicit variables out and let Agda sue well described at the Principle of Equivalence page of the nLab. infer them, so we will omit unnecessary type ascriptions provided an un- hps://ncatlab.org/nlab/show/principle+of+equivalence ambiguous context.. CPP ’21, January 18–19, 2021, Virtual, Denmark Jason Z. S. Hu and Jacques Caree axiom K for elimination and restricted the possible choice of where one must then move to a larger universe. Set (suc foundations. In this case, making setoids proof-relevant ac- l ) is indeed sometimes called a Russell-style universe. tually allowed us to internalize more category theory into However, universes in Agda are non-cumulative by de- itself. fault. Combined with explicit Levels, this leads to other is- Libraries formalizing category theory based on HoTT [4, sues. With cumulative universes, a type in one universe au- 16] restricts hom-sets to be hSets by requiring an additional tomatically inhabits all larger universes. In Agda, one must law which states the contractibility of equality proofs be- explicitly terms to larger levels, which adds a certain tween equalities in hom-sets. Our library implements a set- amount of “noise” to some code. For example, consider two tings which allow richer structures in the hom-setoids. categories of Setoids, Setoids 0 1 and Setoids 1 1, dif- fering only in their first indices. With cumulative universes, 2.2.4 Explicit Universe Level. In Agda, users are exposed even though we still need to apply a lifting to em- to the explicit handling of universe levels (i.e. of type Level). bed Setoids 0 1 in Setoids 1 1, the functor is trivially Some find it cumbersome, but we have found it quite use- defined: ful. To help with reuse, we make our definitions universe- liftF = record -- we are defining a functor polymorphic by parameterizing them by Levels. For exam- {F0 = _ x → x ple, a Category is refined as follows: -- other fields are omitted record Category (o l e : Level) } : Set (suc (o ⊔ l ⊔ e)) where With cumulativity, the second x has a larger universe than field the first one. Without cumulativity, explicit calls to lift Obj : Set o must be inserted: l _⇒_ : (A B : Obj) → Set liftF = record -- we are defining a functor _≈_: ∀ {AB} → (f g : A ⇒ B) → Set e {F0 = _ x → lift x -- other fields omitted -- other fields are omitted Since the definition of Category contains three Sets rep- } resenting objects, morphisms and the equivalence relations We noticed that when handling some classical definitions or respectively, it can be indexed by three Levels and thus live results involving sets, like and the Yoneda at least one level above their supremum. lemma, we often need to postcompose with a lifting functor One significant advantage of a level-parametric definition in order to achieve the most general statements. For exam- is that it simplifies the formalization of concepts such as the ple, the Yoneda lemma involves the natural isomorphism in categoryof categories, or that of functors. We do not have to -: duplicate definitions, nor do we have to sprinkle various size #0C [~-,] ≃ - constraints about (such as a category being “locally small”) to avoid set-theoretic troubles. where  : C>? ⇒ (4C for some category C and - ∈ C is With explicit Levels, new phenomena become visible. In an object. In the actual formalization, assuming C has type set-based category theory, one might be tempted to talk about Category o l e and  maps to Setoids l e, then by the (large) category of all sets or all setoids. In Agda, we can some calculation, we see that #0C [~-,] actually maps to only talk about the category of all Setoids with particular Setoids (o ⊔ l ⊔ e) (o ⊔ l ⊔ e), because the Se- Levels: toids must be large enough to contain . Thus we cannot create this natural isomorphism without lifting the universe Setoids : ∀ c l → on the right hand side to the correct level. Explicit universe Category (suc (c ⊔ l )) (c ⊔ l ) (c ⊔ l ) lifting and lowering are then required in subsequent equa- Setoids c l = record tional reasoning, which quickly become rather annoying. {Obj =Setoidc l Since 2.6.1, Agda has an experimental feature of cumu- -- ... other fields omitted. lative universes. We hope that this feature may help us re- } move some clutter in our statements and proofs. However, Here c and l are the Levels of the carrier and the equiv- at present, cumulativity is not deemed --safe. Furthermore, alence of a Setoid c l , respectively. We can clearly see we encountered issues with the level constraint solver when the ensuing size issue. The definition must be indexed by we experimented with adapting our library to that environ- Levels, as there is no term in the type theory in which all ment. Setoids (for example) exist. The set of types Set l is some- what analogous to a Grothendieck universe which provides 2.3 a way to resolve Russell-style paradox in set theory, as it is In category theory, duality is omnipresent. However, in type closed under similar operations, but not unrestricted unions, theory and in formalized mathematics, subtleties arise. Some Formalizing Category Theory in Agda CPP ’21, January 18–19, 2021, Virtual, Denmark are due to proof relevance, while others are usability issues, 2. In the implementation, we sometimes rely on constant which we discuss here. functors, which ignore the domain categories and con- stantly return fixed objects in the codomain categories Additional Laws for Duality. In category theory, there and their identity morphisms. Since the domain cate- is a very precise sense in which, if a holds, then its gories are completely ignored, these functors are in- statement also holds. Thus, in theory, we obtain two tuitively “the same” as their duals. identity² allows theorems by proving one. This is the Principle of Duality [7], constant functors to be definitionally equal to their which we would like to exploit. duals even with proof-relevance. But first, we need to make sure that the most basic du- ality, that of forming the , should be in- Independent Definitions of Dual Concepts. In other volutive. We can easily prove that the double-opposite of a libraries [4, 16, 32, 35], it is typical to define one concept category is equivalent to . This equivalence is true defini- and use duality to obtain the opposite one. For example, we tionally with proof-irrelevant definitions in [26]. Can we re- could define the initial object of C, Initial C as usual, and cover this here as well? Yes – we can follow [16] and require then define the terminal object by taking the opposite as fol- two (symmetric) proofs of associativity of composition in lows: the definition of a Category: Terminal′ : ∀ {o l e} (C : Category o l e) → assoc :(h ◦ g) ◦ f ≈ h ◦ (g ◦ f) Set _ sym-assoc : h ◦ (g ◦ f) ≈ (h ◦ g) ◦ f Terminal′ C = Initial (Category.op C) Specifically, with sym-assoc, we can define its opposite cat- However, we do not take this approach. Instead, we de- egory as follows: fine concepts explicitly in terms of data and laws and define op : Category o l e conversions between duals in modules of the form *.Dual- op = record ity. This has the following advantages: { assoc = sym-assoc 1. when constructing or using the concepts, the names ; sym-assoc = assoc of the fields are more familiar; -- other fields omitted 2. theorems relating redundant definitions increase our } confidence that our definitions are correctly formu- Otherwise, without sym-assoc, we would have to use the lated; symmetry of _≈_: 3. the redundancy helps maintain the Principle of Dual- ity. assoc = sym assoc Expanding on this third point: like with sym-assoc, we sym (sym assoc) But now, applying duality twice gives for want duality to be a definitional involution for a number the associativity proof, which is not definitionally equal to of concepts. We were able to identify a number of concepts assoc . This makes the properties of an opposite category which require additional laws to achieve this goal, which we less useful than ones of the original one. For example, we detail next. might want to prove some properties about by proving the dual properties about products in the opposite Duality-Completeness of Laws. Ensuring the involution category. Without involution of op, we would have to argue of duality turns out to be a very general design principle. We the properties still hold if we swap to another associativity sometimes obtain it for free, e.g. Functor and Adjoint. In proof, which defeats the usefulness of the Principle of Dual- other cases, we need to supply a symmetric version of a law. ity. For example, Category, NaturalTransformation, Another convenient law to add is Dinatural (transformation) and all need some extra identity² : id ◦ id ≈ id laws. As a rule of thumb, if a conversion to the dual concept requires equational reasoning, even as simple as applying This law can be proved by taking f as id in either the left sym to assoc,then we needto add that equation as a law. In identity or right identity law: other words, our laws should either be self-dual, or come in identity; : id ◦ f ≈ f dual pairs (quite reminiscent of work on reversible compu- identityA : f ◦ id ≈ f tation [9] where the same property is desirable). We ensure this principle by proving theorems of the following form: We add this additional law for the following reasons: op-involutive : Category.op C.op ≡ C 1. When proving id ◦ id ≈ id, we need to choose op-involutive = ≡.refl between identity; and identityA, while there is no particular reason to prefer one to another. Adding this Here C is a Category. We also supply similar proofs for con- law neutralizes the need to make this choice. versions between dual concepts, e.g.: CPP ’21, January 18–19, 2021, Virtual, Denmark Jason Z. S. Hu and Jacques Caree op⊤⇔⊥ :(⊥ : Initial) → We often need to refer to components of the Functor F or op⊤⇒⊥ (⊥⇒op⊤ ⊥) ≡ ⊥ the NaturalTransformations [ or ` when working with a op⊤⇔⊥ _ = ≡.refl Monad. By adding the following module definitions to the ⊥⇒op⊤ converts an initial object to a terminal object in Monad record, we can use dot accessors to access deeper the opposite category and op⊤⇒⊥ does the inverse. We fields: put these theorems in private blocks so they are only type module F = Functor F checked. These theorems must be proved precisely by reflex- module [ = NaturalTransformation [ ivity. This ensures that our definitions are duality-friendly. module ` = NaturalTransformation ` Once we get the definition right, we also provide a helper For example, if we have two Monads M and N in scope, we constructor without the additional laws, so that defining can declare module M = Monad M and module N = Monad these self-dual versions are not more cumbersome than their N, and get the following convenient nested dot accessors: classical counterpart. Constructions defined through the helpers M.F.0 -- the mapping of objects of F of M still enjoy the principle of duality. Consider an application N.F.1 -- the mapping of morphisms of F of N of the helper for Category, which effectively proves sym- M.`.[ X assoc by applying symmetricity: -- the component of the NaturalTransformation Some-Cat = record { -- ` of M at object X -- other fields ignored N.[.commute f -- the naturality square of the assoc = some-proof ; sym-assoc = sym some-proof -- NaturalTransformation [ of N } -- at morphism f Notice that Category.op (Category.op Some-Cat) re- The original syntax is more verbose, so the module syntax mains definitionally equal to Some-Cat.In general, we found is significantly more convenient: that the addition of these extra laws were beneficial in the Functor.F0 (Monad.F M) setting of 1-category theory. The situation becomes more Functor.F1 (Monad.F N) complex when we move to the setting, as we NaturalTransformation.[ (Monad.` M)X must consider higher structures. Exactly how to modify the NaturalTransformation.commute (Monad.[ N) f definitions of higher structures to obtain similar good be- Another frequent style is to open a module with renaming: haviour with respect to definitional equalities is left as fu- open NaturalTransformation (Monad. M) ture work. ` renaming ([ to U) 2.4 Encodings as Records open NaturalTransformation (Monad.[ N) renaming ([ to V) Another important design decision is how to encode defini- tions. Generally, two different styles are used: records [16, Then we use U and V to refer to the component maps of the 37] or nested Σ types [4, 35]. In the latter style, developers corresponding natural transformations. Unfortunately such typically need to write a certain amount of boilerplate acces- setup code is ad-hoc and inconsistent across files. sor code. In Agda it is more natural to use record definitions: We use the accessor module style throughout the code base, as it feels more elegant and readable to us than other 1. It aligns very well with the design principle of the styles. standard library, 2. Records allow various syntactic sugar, as well as hav- 3 Formalization and Definitions ing good IDE (via Emacs) support, 3. Mostimportantly recordsalso behaveas modules.That While implementing the library, we noticed several times is, we can export symbols to the current context from that “standard” definitions needed to be adjusted, for techni- a record when it is unambiguous to do so. cal reasons. Certain direct translations of concepts from clas- sical category theory are not even well-typed! Proof-relevance The record module feature enables some structural ben- also forces us to pay close attention to the laws embedded in efits as well. Consider the following definition of a Monad each concept, to obtain more definitional equalities, rather over a category: than relying on extensional behavior for “sameness”. The re- record Monad {o l e} (C : Category o l e) sulting formalization is more robust, and it also eases type : Set (o ⊔ l ⊔ e) where checking. field Various categorical concepts are well-known to have mul- F : Endofunctor C tiple, equivalent definitions. We have found that, although [ : NaturalTransformation idF F classically equivalent, some turn out to be technically supe- ` : NaturalTransformation (F ◦FF)F rior for our formalization. We are sometimes even forced to -- ... laws are omitted introduce new ones. Here we discuss the choices we made Formalizing Category Theory in Agda CPP ’21, January 18–19, 2021, Virtual, Denmark when defining concepts related to closed monoidal categories Definition 3.3. A category C is monoidal with the follow- and finite categories in detail, focusing on the underlying ra- ing data: tionale. 1. a unit object D, 2. a bifunctor ⊗, 3.1 Adjoint Functors 3. for any object -, a natural isomorphism _ of D ⊗ - ≃ Adjoint functors are frequently regarded as one of the most -, fundamental concepts in category theory and play a critical 4. for any object -, a natural isomorphism d of - ⊗ D ≃ part in the definition of closed monoidal categories. The fol- -, and lowing two definitions of adjoint functors are equivalent in 5. for any objects -, . and /, a natural isomorphism U classical category theory. of (- ⊗ . )⊗ / ≃ - ⊗(. ⊗ /). Definition 3.1. Functors  : C ⇒ D and  : D⇒C are They satisfy the following diagrams for any objects -, . , / adjoint,  ⊣ , if there is a natural isomorphism ><(-,. ) ≃ and , : d ⊗1. ><(-,. ) in - and . . (- ⊗ D)⊗ . - ⊗ . Definition 3.2. Functors  : C ⇒ D and  : D ⇒C U 1- ⊗_ are adjoint,  ⊣ , if there exist two , - ⊗(D ⊗ . ) unit [ : 1C ⇒  and counit n :  ⇒ 1D, so that the triangle identities below hold: (- ⊗ . )⊗(/ ⊗ , ) U 1. n ◦ [ = 1 U 2. n ◦ [ = 1  ((- ⊗ . )⊗ /)⊗ , - ⊗(. ⊗(/ ⊗ , )) These two definitions are classically equivalent. Defini- U ⊗1, 1- ⊗U tion 3.1 is typically very easy to use in classical category U theory, as it it is about hom-sets, and so partly set-theoretic (- ⊗ (. ⊗ /)) ⊗ , - ⊗ ((. ⊗ /)⊗ , ) in its formulation. However, this definition is not natural The associativity of the natural isomorphism U is prob- in Agda, especially in the presence of non-cumulative uni- lematic as (- ⊗ . ) ⊗ / has type Functor ((C ×C)×C) verses and level-polymorphic morphisms (Section 2.2.4), so C, while - ⊗ (. ⊗ /) has type Functor (C × (C ×C)) that the morphisms of C and D do not always live in the C. As the domains are not definitionally equal, there cannot same universe level. Thus ><(-,. ) ≃ ><(-,. ) is be a natural isomorphism between them. For type correct- not well-typed as is. Instead, ><(-,. ) and ><(-,. ) ness, one possible solution is to precompose the first functor need to be precomposed by lifting functors, which lift both with an associator from (C×C)×C to C×(C×C). This is hom-setoids to the universe at their supremum level. One not mere pedantry: we know that “one level up”, this is an might think that this technicality is classically not present unavoidable issue. In other words, some issues that show up – but that is because many textbooks make the blanket as- as type-checking problems in 1-category theory are actually sumption that all their categories are locally small. It corre- previews of 2-categorical subtleties “peeking through”, that sponds to assuming that the morphisms of C and D live at can be ignored in paper-math. Our definition instead asks the same (lowest!) universe level. In that case, we indeed do for the following data: not need the lifting functors. This “technical noise” add by the lifts get rid of this problem, but set theory has no means 1. an isomorphism between (- ⊗. )⊗/ and - ⊗(. ⊗/), to express size polymorphism (as in set, proper class, super- for any objects -, . and /, and class, etc). However, such coercions are neither intuitive nor 2. two naturality squares to complement the missing laws easy to work with. so that the isomorphism above is natural. Definition 3.2, on the other hand, has no such problem. This leads to a definition that is easier to use, and the re- Both natural transformations and triangle identities involve quired natural isomorphism becomes a theorem. no explicit universe level management. For this reason, we choose Definition 3.2 as our primary definition of adjoint 3.3 Closed functors and have Definition 3.1 as a theorem. The added Intuitively, a closed monoidal category is a category possess- polymorphism of the unit-counit definition makes it more ing both a closed and a monoidal structure, in a compatible suitable when working in type theory. way. In the literature, we can find various definitions of a closed monoidal category: 3.2 Monoidal Category 1. (a monoidal category with an added closed structure): A monoidal category can be understood as a generalization given a monoidal category (with bifunctor ⊗), there is of a to the categorical setting. Classically, a monoidal also a family of functors [-, −] for each object -, such category has the following definition [19]: that − ⊗ - ⊣ [-, −]. The closed bifunctor (or inner CPP ’21, January 18–19, 2021, Virtual, Denmark Jason Z. S. Hu and Jacques Caree

hom) [−, −] is then induced uniquely up to natural A potential downside of this definition is that it depends isomorphism. on mates which are not present in previous definitions. Though 2. (a with an added monoidal structure): this seems to add complexity, we argue that the benefit is given a closed category with bifunctor [−, −], it is ad- worth the effort. We now discuss mates in order to justify ditionally equipped with a family of functors −⊗- for that this new definition is equivalent to the previous three. each object -, such that −⊗- ⊣ [-, −]. The monoidal bifunctor ⊗ is then induced uniquely up to natural iso- 3.4 Mate morphism. Mates express naturality between adjunctions. They are typ- 3. (via a natural isomorphism of hom-sets): given a cat- ically defined by two natural isomorphisms between hom- egory, foreach object -, there are two families of func- sets as follows: tors −⊗- and [-, −], such that the isomorphism ><(. ⊗ -,/) ≃ ><(., [-,/]) is natural in -, . and /. Both Definition 3.6. For functors , ′ : C ⇒ D and , ′ : ′ bifunctors ⊗ and [−, −] are then induced uniquely up D⇒C, two natural transformations U :  ⇒  and V : to natural isomorphism.  ′ ⇒  form a mate for two pairs of adjunctions  ⊣  and  ′ ⊣  ′, if the following diagram commutes: Note that the third definition above is not biased towards either the closed or monoidal structure. All three can be ><( ′-,. ) ≃ ><(-, ′. ) shown equivalent (classically). But in the proof-relevant set- ><(U- ,. ) ><(-,V. ) ting, problems arise. One problem that all three definitions ≃ share is that they all induce at least one bifunctor from a ><(-,. ) ><(-,. ) family of functors. For example, in the first definition, the closed bifunctor [−, −] is the result of a theorem; two dif- This definition is not very convenient because it is de- ferent instances of [−, −] (which might potentially differ in fined via hom-set(oid)s. The situation described in Sections 2.2.4 their proofs) can only be related by a natural isomorphism, and 3.1 recurs, and the two natural isomorphisms need to be which is often too weak. In other words, we want both bi- composed by lifting functors in order to be well-typed. As functors ⊗ and [−, −] to be part of the definition so that they before, there is another definition which does not depend can be constructed elsewhere and they are related by other on hom-sets. laws. None of the three definitions above satisy this require- Definition 3.7. For functors , ′ : C ⇒ D and , ′ : ment. We thus arrive at the following definition, which is D⇒C, two natural transformation U :  ⇒  ′ and V : the one we use:  ′ ⇒  form a mate for two pairs of adjunctions ([,n) : ′ ′ ′ ′ Definition 3.4. A closed monoidal category is a category  ⊣  and ([ ,n ) :  ⊣  , if the following two diagrams with two bifunctors ⊗ and [−, −], so that commute: [ ′ U′ ′ ′ 1. ⊗ satisfies the laws of a monoidal category, 1C     2. −⊗ - ⊣ [-, −] for each object -, and [′ U  V n′ 3. for a morphism 5 : - ⇒ . , the induced natural trans- ′ ′ ′ V ′ n formations U5 : −⊗ - ⇒−⊗ . and V5 : [., −] ⇒     1D [-, −] formamate(oraconjugateinthesenseof[21]) for the two adjunctions, −⊗ - ⊣ [-, −] and −⊗ . ⊣ Both definitions are equivalent [21], but Definition 3.7 is [., −], formed by previous constraint. simpler to work with in our setting. From here, it is straightforward to see that our definition This definition is better, in the sense that it is 1) unbiased, of closed monoidal category is equivalent to the previous 2) incremental (it simply adds more constraints on both bi- ones. We need to show Definition 3.4 is equivalent to re- functors). Further note that both bifunctors are given as part quiring ><(. ⊗ -,/) ≃ ><(., [-,/]) to be natural in of the data, rather than derived, which allows us to consis- -, . , and /. Since we require −⊗ - ⊣ [-, −] for any object tently refer to both uniquely. The following theorem strength- -, this requirement is equivalent to naturality of . and /. ens our confidence: Moreover, the naturality of - is ensured by the mate condi- tion, due to Definition 3.6. Theorem 3.5. A closed monoidal category according to Def- inition 3.4 is a closed category. 3.5 Morphism Equality over Natural Isomorphism In addition, the closed bifunctor [−, −] from the closed Our experience with monoidal and closed monoidal cate- category in this theorem is definitionally the same one given gories can be generalized into a guideline. We find that in in Definition 3.4. This allows closed monoidal categories to general, characterization in morphism equalities (such as tri- inherit all properties of closed categories as they are talking angle identities in Definition 3.2) is better than one in natu- about precisely the same [−, −]. ral isomorphisms (such as the natural isomorphism between Formalizing Category Theory in Agda CPP ’21, January 18–19, 2021, Virtual, Denmark hom-sets in Definition 3.1 and the associativity natural iso- 2. Fin |0,1| as morphisms for a, b : Fin n. morphism in Definition 3.3). The latter can be proved as a if the morphisms satisfy the categorical laws of composition theorem. with propositional equality. We observe that natural isomorphisms tend to be more | | difficult to type-check, for a variety of reasons. Similar phe- Intuitively, 0,1 defines an enumeration of the morphisms. nomena are also observed in concepts with higher struc- In this category, we make objects and morphisms discrete, tures, e.g. Bicategory, which we encoded directly using so that propositional equality can be properly used. morphism equality to ease the type checking process. For example, as adjoint equivalence respects equivalence, a contractible is always finite. Note that this method 3.6 Finite Categories could sometimes be challenging: coming up with such an Category theorists have developed terminology to talk about adjoint equivalence can be difficult and, in some cases, may require the . the cardinalities (sizes) of components of a category. In Sec- Nevertheless, the above definition lets use prove: tion 2.2.4, we use universe levels to make size issues explicit. For small categories, since we know both objects and mor- Theorem 3.11. A category with all finite products and equal- phisms “fit” in sets, we can use more set-theoretic language. izers has all finite limits. Among these, “finiteness” is of particular importance, espe- The proof is constructive, i.e. an algorithm that builds a cially in its guise as enabling enumeration and its relation finite from products and equalizers given any finite dia- with topoi. gram. In this theorem, finite limits are described by functors However when we attempt to define finite categories, a mapping out of special categories defined in Definition 3.10 problem arises: MLTT does not give us primitives to count instead of the more general Definition 3.9. This theorem at the elements of a type. For example both [32] and [38] im- least ensures the sufficiency of Definition 3.10. plement finiteness as a predicate requiring an isomorphism We can then move on to verifying that a finite category between a type and Fin N. We could also do this, but that as per Definition 3.9 can serve as an index category for a approach has the drawback of (implicitly) putting a canon- finite limit in the general case. This can be seen from the ical order on elements, which is undesirable4 It also forces following theorem: a notion of equivalence on objects, which does not always exist for any Set. We do not want finiteness to force us into Theorem 3.12. Limits respect adjoint equivalence, i.e. if J ′ ′ strictness. We instead base our definition on adjoint equiva- is adjoint equivalent to J with  : J → J, then for a functor ! : J→C, lim! = lim(! ◦ ). lence: ←−− ←−− Definition 3.8. Two categories C and D are adjoint equiv- Combining the two theorems above, we can conclude that alent if there are two functors  : C → D and  : D→C Definition 3.9 is an adequate definition of finite categories. so that they form a pair of adjoint functors  ⊣  and their That Definition 3.9 does not involve any explicit isomor- unit and counit natural transformations are isomorphisms. phism between objects and some finite natural numbers is a strength. How much the choice of adjoint equivalence re- Then a finite category can be defined as follows: veals about the inner structure of a category still remains to Definition 3.9. A category C is finite, if it is adjoint equiv- be investigated. alent to a finite diagram. 3.7 Local Cartesian Closure of Setoids We could potentially use other notions of equivalence be- Finally we discuss a complication in proving that the cate- tween categories, e.g. strong equivalence, but adjoint equiv- gory of Setoids is locally cartesian closed. This is an espe- alence is special in its smooth interaction with (co)limits, cially interesting theorem to us because base change func- as will be shown in Theorem 3.12. A strong equivalence tors in locally cartesian categories are left adjoint to the de- only achieves this via its induced adjoint equivalence, so we pendent product functors. That implies that Setoids are a chose to formulate it more directly. model for dependently typed language. This theorem shows N We define a finite diagram using a type family Fin : some typical extra considerations when proof-relevance and → Set representing the discrete finite set of natural num- setoids are involved, and how much implicit equational rea- bers [0,= − 1] defined in the standard library: soning we use in classical settings. N Definition 3.10. Given = : as the number of objects and Definition 3.13. Given a category C and its object -, a N a function |0,1| : for 0,1 : Fin x, a finite diagram is a slice category C/- has category with 1. (., 5 ) as objects for object . of C and morphism 5 : 1. Fin n as objects, and . ⇒ -, 4Propositional truncation could be used, if we had it, to get around this 2. as a morphism ℎ : . ⇒ / between (., 5 ) and (/,6), problem. so that 6 ◦ ℎ = 5 . CPP ’21, January 18–19, 2021, Virtual, Denmark Jason Z. S. Hu and Jacques Caree

- is the base of C/-. Given an object (., 5 ) in the slice cat- 3.7.2 In Setoids. We cannot directly use this kind of rea- egory, we often simply refer to it as 5 as . can be inferred. soning in Setoids, as we handle setoid morphisms instead. Thus we need a notion of an inverse image setoid which Definition 3.14. A category C is cartesian closed when it respects setoid equivalence in the codomain. So for some is closed monoidal with cartesian products × as ⊗ and a ter- setoid morphism 5 with codomain , if we have 0 ≈ 0′ : , minal object as unit. The inner hom [-,. ] between objects then setoids 5 −1 (0) and 5 −1 (0′) should have the same ex- - - and . is the exponential, which is denoted as . . tensional behaviours. This observation is captured by the Definition 3.15. A locally cartesian closed category is a following theorem: category in which all its slice categories are cartesian closed. inverseImage-transport : ∀ {a a′} {f : X −→ A} → a A.≈ a′ → 3.7.1 Classical construction. Classically, products in the InverseImage a f → InverseImage a′ f slice category Set/ are pullbacks in Set. Exponentials can be observed from the following diagram: where f : X −→ A specifies that f is a setoid morphism from setoid X to setoid A. InverseImage a f formalizes  5 −1 (0) by requiring some element x of setoid X to satisfy U f x A.≈ a in setoid A. Moreover, to formalize 6−1 (0) → −1 c2 ℎ (0) in Setoids, it is not enough to just provide a function  ×   ℎ i : InverseImage a g → InverseImage a h, because c1 6 InverseImage contains a proof of f x A.≈ a for some x. 5   We need an extra coherence condition stating that this proof is irrelevant from i’s perspective. That is, given two Inver- where  ×  is an object in Set and is a pullback of 5 and  seImages with x and y as the underlying elements of X, if 6. From the pullback diagram we want to get an idea of the x ≈ y, then i x ≈ i y. These two pieces of information exponential of ℎ and 6, ℎ6. From the diagram and that U is a are bundled in InverseImageMap a g h, which we use to slice morphism, we know represent the map between inverse image setoids 6−1(0) → −1 ><( × , ) ={U :  ×  →  | ℎ (0). Finally we need the following theorem to ensure that a InverseImageMap respects ’s equivalence: ∀(1,2) ∈  × .ℎ(U (1, 2)) = 5 (1) = 6(2)} inverseImageMap-transport : ∀ {a a′} If Set/ is cartesian closed, then we can find the exponen- {g : C −→ A} {h : D −→ A} → a A.≈ a′ → tials via their right adjointness to pullbacks. Assuming the InverseImageMap a g h → 6 ℎ is a morphism from - to , adjoint- InverseImageMap a′ g h ness insures that the isomorphism ><(×, ) ≃ ><(, -) exists. If we were not working with a slice category, the left- These definitions and theorems fill in the elided coherence to-right effect is simple, namely just currying, conditions in the classical settings. We can proceed to define an exponential of h and g in Setoids / A as a Σ type: 1 :  7→ 2 :  7→ U (1,2) Σ (a : A) (InverseImageMap a g h) However, in the slice category, we must ensure that the co- This type does form a setoid with the corresponding setoid herence condition holds, i.e. ℎ(U (1,2)) = 5 (1) = 6(2) ∈ . equivalence between a and the underlying map of Inver- Thus the exponential in the slice category must carry 5 (1) seImageMap, which is the exponential of Setoids / A. By and a function, so we have letting the identity morphism as the terminal object and pullbacks as products, we can conclude that Setoids is lo- - = Σ (6−1 (0) → ℎ−1 (0)) 0: cally cartesian closed. That is, as a set, - is a (dependent) pair where the second component is a function from the inverse image of 6 of 0 to 4 Discussion one of ℎ of 0. ><(, -) is obtained from U ∈ ><( × The previous section detailed decisions that lie in the inter- , ) by: section of category theory and formalization in type theory, here we document software engineering decisions as well 1 :  7→ (5 (1) : ,2 : 6−1 (5 (1)) 7→ U (1,2)) as comment on efficiency issues. The presentation contains many hidden details: we can ap- ply U to 2 because 6−1 (5 (1)) is a subset of , and we know 4.1 Module Structure U (1,2) is in ℎ−1 (5 (1)) because ℎ(U (1,2)) = 5 (1). Coher- The previous library favoured a flat module structure, we ence conditions are elided as they can be recovered from use a deeper hierarchy, and thus fewer top-level modules. the structure of sets. We use the following principles as a guide: Formalizing Category Theory in Agda CPP ’21, January 18–19, 2021, Virtual, Denmark

Table 1. Tools and key characteristics of various libraries

libraries proof assistants foundation hom-setoids proof-relevant LoC† Ours Agda 2.6.1 MLTT X X 23998 [26] Agda 2.5.2 MLTT + K + irrelevance X ✗ 11770 [32] Coq 8.11.1 CIC ✗ ✗ 14711 [37] Coq 8.10.2 CIC X X 23003 [18] Coq 8.12.0 CIC X X 7879 [4, 35] Coq 8.12.0 HoTT ✗ X 96366 [16] Hoq 8.12†† HoTT with HIT ✗ X 10604 [24] Lean CIC ✗ ✗ 14975 [28–30] Isabelle HOL ✗ ✗ 82782 † The lines of code are counted by cloc of Al Danial and code in Isabelle is counted by wc, because cloc does not recognize Isabelle. The lines of code might include documentation text. Only folders directly related to category theory are counted. †† Hoq is a a modified version of Coq which implements a part of HoTT.

1. Important concepts have their top level modules. For we do not wish to use type classes. One reason is perfor- example, Category, Object, Morphism, Diagram, mance: at this moment, type classes in Agda are fairly slow Functor, NaturalTransformation, Kan, Monad and (compared to, say, Coq), potentially penalizing downstream Adjoint belong to this category. librairies and users. Nevertheless, we still need to orga- 2. Different flavours of category theory are also on the nize our library so that concepts can be found. top level: Category, Enriched, Bicategory and At the lowest level, we rely on records and unification. Minus2-Category contain the definitions and prop- There are typically two choices to represent a concept: pred- erties of categories, enriched categories, icates or structures. A predicate has the data “unbundled”; it and -2-categories, respectively. Pseudofunctor con- expresses an “is-a” relation. A structure on the other hand is tains the instances of pseudofunctors. “bundled” and expresses a “has-a” relation. The previous li- Submodules also follow conventions so that definitions and brary, and many other implementations too, chose to either properties are easier to locate. bundle or unbundle. From a type-theoretic perspective, this choice is irrelevant, but is nevertheless quite important from 1. *.Instance contains instances of some concept. For a usability perspective. It is even possible to automatically example, the category of all setoids is defined in map from one style to another [6]; unfortunately, such map- Category.Instance. Generally, only instances that ping is meta-theoretical in current Agda. As such a choice are re-used in the library itself (making them “spe- is unforced, we decided to implement both. cial”) are defined. 2. *.Constructioncontains instances induced from some Wrapping Predicates. Structures are obtained by wrap- input. The difference with *.Instance is that ping predicates. Influenced by the previous library [26], many *.Constructiontakes parameters beyond just Levels. concepts related to Category are represented as predicates: For example, the of a monad is defined record Monoidal {o l e} (C : Category o l e) in Category.Construction. : Set (o ⊔ l ⊔ e) where 3. *.Properties contains properties of the correspond- ing concepts. It asserts that C is a monoidal category. At other times, e.g. 4. *.Duality contains conversions to dual concepts (see when working with two monoidal categories, we want to Section 2.3). represent monoidal categories as a structure. We provide definitions in both styles: This module structure was inspired by a recent restructur- ing of Agda’s standard library along similar lines, which we record MonoidalCategory o l e believe helps users find what they need faster. : Set (suc (o ⊔ l ⊔ e)) where field 4.2 Hierarchy of Concepts U :Categoryo l e monoidal : Monoidal U Similar to [14–16, 27], we need to decide how concepts are organized. Unlike Coq, which many cited works are based U stands for “underlying”. This allows us to define (lax) monoidal on, Agda does not have features like canonical structures functors, which are functors preserving the or hint based programming. But, like the standard library, monoidal structure: CPP ’21, January 18–19, 2021, Virtual, Denmark Jason Z. S. Hu and Jacques Caree

Table 2. Feature comparison (part 1)

Features Ours [26] [32] [37] [18] [4, 35] [16] [24] [28–30] basic structures: initial / terminal X X X X X X X X X product / X X X X X X X limit / colimit X X X X X X X X X end / coend X X X X exponential X X X X X

categorical structures:

– – –

product / coproduct† X X X X X – X X X X X X X X X X X X cartesian category X X X X X X closed category X CCC X X X X X X LCCC X X biCCC X X rig category X X X X X Grothendieck topos X Eilenberg Moore X X X Kleisli X X X X monoidal category X X X X X Kelly’s coherence [19] X X closed monoidal category X X closed monoidal categories are closed categories X braided monoidal category X X X X X symmetric monoidal category X X X X X X lax monoidal functor X X X X X strong monoidal functor X X X instances: Cats X X X X X X X X Set(oid)s X X X X X X X X X Setoids are complete / cocomplete X X X X Setoids are cartesian closed X X X X Setoids are locally cartesian closed X X X X functor X X X X X X X X X (co)limit functor X X X X X X X X X X X X X X Hom functors preserve limits X X X T-algebra X X X X X Lambek’s lemma X X X natural transformation X X X X X X X X X dinatural transformation X X X X X X X 2-category X X X X bicategory X X X X X pseudofunctor X X X X X Yoneda lemma X X X X X X X X X

† Xindicates– that these libraries only implement product categories. Formalizing Category Theory in Agda CPP ’21, January 18–19, 2021, Virtual, Denmark

Table 3. Feature comparison (part 2)

Features Ours [26] [32] [37] [18] [4, 35] [16] [24] [28–30]

Grothendieck construction X X X X††– presheaves X X X X X X are complete / cocomplete X X X are cartesian closed X X are topos X adjoint functors X X X X X X X X X adjoint composition X X X X X X X Right(left) adjoints preserve (co)limits X X X X X X

Adjoint functors induce monads X X X X –

(Co)limit functors are left(right) adjoint to diago- X X X – X X X nal functor† mate (conjugate) X X adjoint functor theorem X X X X X X X X X (Co)limit is kan X X X X Kan extensions are preserved by adjoint functors X Rezk completion X

† Xindicates– that these libraries only show a special case of the theorem.

†† Xindicates– that [24] only implements the category of elements. record MonoidalFunctor The record contains projections, product morphisms, and (C : MonoidalCategory o l e) necessary laws for a product. This definition works very (D : MonoidalCategory o′ l ′ e′) well when we work on one category. However, when we : Set (o ⊔ l ⊔ e ⊔ o′ ⊔ l ′ ⊔ e′) where work with two categories, then we need a predicate version: The alternative formulation using the predicate representa- record IsProduct {A B P} tion is more verbose: (c1 :P ⇒ A)(c2 :P ⇒ B) : Set _ where record MonoidalFunctor′ In the arguments, P represents the product of A and B, and {C : Category o l e} {D : Category o′ l ′ e′} c1 and c2 are the projections. It is possible to have a slightly (MC : Monoidal C) (MD : Monoidal D) different predicate definition: : Set (o ⊔ l ⊔ e ⊔ o′ ⊔ l ′ ⊔ e′) where record IsProduct′ {ABP} When working with monoidal functors, we do not mean to (c1 :P ⇒ A)(c2 :P ⇒ B) assert that some category is monoidal but rather want to (h_,_i :C ⇒ A → C ⇒ B → C ⇒ P): refer to some structured category as a whole. Set _ where In general, definitions in the structure style are defined in where h f,g i denotes the product of morphism f and g. modules of the form *.Structure. As the previous library We did not choose this form because h f,g i is uniquely used the predicate style, we started our in that style as well determined by c1 and c2! That is, even if IsProduct allows and then provided wrapped structure versions. As a rule of a “different” h f,g i′, they are provably equivalent. In thumb, when working with one particular concept, we often general, when formulating concepts defined by universal use the predicate style so that the conclusions can be eas- properties, we can omit the universal part in the predicate ily accessed by both styles. For example, we formulate the- form due to uniqueness. orems about monoidal categories using the predicate style. The paper [6] further discusses (un)bundling of defini- 4.3 Efficiency tions, along with tools for moving between the two equiva- Basic category theory typechecks very quickly, both online lent styles. (via Emacs) and offline (via calling the agda compiler). But for “deeper” category theory, such as properties associated Choosing Predicates. Next we use cartesian products to to the Yoneda lemma and properties of Bicategories, type- illustrate how we design predicate formulations. We have checking gets noticeably slower and memory use goes up. the following structure-kind definition for products: One of the culprits is the module style as documented in record Product (A B : Obj) : Set _ where Section 2.4: such modules are copied and rechecked, which CPP ’21, January 18–19, 2021, Virtual, Denmark Jason Z. S. Hu and Jacques Caree is quite inefficient. This is why when we use local modules beyond the primitive type constructors like Σ and Π. By con- (either private or in where clauses) we qualify them with trast, [16] experiments with the use of various HoTT ideas, using to only copy the parts we need. and therefore is more permissive. It uses extended features Unfortunately that same trick does not work for global like records and higher inductive types (HITs). Working in open import (for sound reasons). Agda’s .agdai file for- HoTT has some advantages. First, if one understands hom- mat is very information-rich (i.e. the files are quite large), sets to be literally classical sets, rendered as hSets in HoTT, and full transitive dependencies must be read. Splitting de- this is straightforward. In HoTT this also implies that hSets velopments into smaller files to minimize the dependency have unique identity proofs, which make their equational tree has lead to substantial improvements in the compila- proofs proof-irrelevant, which is closer to the set-based un- tion time and memory use of the full library. The downside derstanding of classical category theory. Second, HoTT has is that some usability features have had to be sequestered a very natural way of expressing universal properties. Us- into sub-modules that are then imported on an as-needed ing Martin-Löf type theories, e.g. ours, [18, 26, 32, 37], uni- basis. versal properties are usually stated in two parts: a univer- sal part returning a morphism and a uniqueness part equat- ing morphisms from the universal part. In HoTT, this can be expressed compactly as constructing a contractible mor- 5 Related Work phism. Third, since HoTT supports the univalence, one can Table 1 gives a list of formalized libraries of category the- conflate isomorphisms and equalities. In both libraries, cat- ory. For each we specify the proof assistant, the foundation, egories are defined with an additional law stating that iso- lines of code and whether it uses hom-setoids and is proof- morphic objects are equal, which provides a way to handle relevant. In Tables 2 and 3, we compare a list of features equal objects in a category which ours does not have. implement by these libraries. The mathematical library of Lean [13], mathlib [24], also We have ported all definitions and theorems from [26], implements some category theory5. As Lean has except those requiring UIP or axiom K. We reuse [26] as proof-irrelevance built in and mathlib uses propositional equal- much as we can. We also extend it with many new defini- ity, its category theory library is very classical. tions and new theorems, as shown in Tables 2 and 3 (more Category theory has also been formalized in Nuprl [11], than twice as much material). Moreover, since we turn on Idris [8]andIsabelle[25]. Due to space limitation, we are not the --safe flag, we do not have postulates in our code able to fully survey all of them. We refer interested readers base. This helps us to avoid inheriting a postulated unsound to [16] and the Coq discourse forum6 for a more thorough axiom [1], which would, for example, let us incorrectly mix list of formalizations of category theory. relevance and irrelevance, including “recovering” a relevant value from an irrelevant one. 6 Conclusion and Future Work From Table 1, we can see that much effort has been spent We implemented proof-relevant category theory in Agda, in Coq (or its Hoq dialect) on category theory. The reason successfully. The concepts covered, and the theorems proved, for the multiple efforts can be seen when comparing the are quite broad. We did not find any real barrier to doing so versions, and foundations used. These libraries also vary — strictness and hom-sets are not necessary features of mod- in their design and organization. Some believe that Coq’s ern category theory. We did find that some definitions work tactics and hint databases provide a significant boost in the better than others, which we have explained in detail. Com- productivity of formalizations. We suspect that this may be paring with other libraries, we find that ours covers quite somewhat illusory, as the explicit equational proofs in =- similar grounds, and often more. category theory (which can be automated via tactics) tend to We are still actively developping this library — many the- turn up as data in = + 1-category theory, and then no longer orems of classical category theory remain; both bicategory avoidable. [37] stands out by its use of other Coq mecha- theoryand enrichedcategorytheoryarebeing builtup. Some Σ nisms, such as type classes, rather than record or types, work has been done on “negative thinking” (−2-categories, for structuring of the development. etc) and should be extended. Both double categories and Like us, [18, 37] use hom-setoids and proof-relevance. Un- higher categories are still awaiting, along with multicate- fortunately, [37] has not been described in a paper, so we do gories, PROPs, operads and polycategories. We also intend not know what lessons the authors learned from their ex- to move parts of this library to the standard library. perience. [18] was a smaller scale but pioneering effort that Performance needs another look. Even after some opti- taughtusthe basics of formalizingcategorytheory in MLTT, mizations were performed, it still takes more memory and but not the kinds of design decisions we faced here. Compared to other developments in Coq, [16, 35] are spe- 5This library is being actively developed. Our survey is valid as of mid- cial: they build category theory in HoTT. [35] focuses more September 2020 and does not consider the open PRs to the main library. on fundamental constructions. It does not use any feature 6hps://coq.discourse./t/survey-of-category-theory-in-coq/371/4. Formalizing Category Theory in Agda CPP ’21, January 18–19, 2021, Virtual, Denmark time to typecheck than we would prefer. Having said that, Evgeny Kotelnikov, James Chapman, Wen Kokke, Matthew Dag- development can easily be done on a normal laptop, so the gitt, Jason Hu, Sandro Stucki, Milo Turner, Zack Grannan, and problem is not severe, unlike with other libraries. Lex van der Stoep. 2019. agda-stdlib: The Agda standard library. hps://github.com/agda/agda-stdlib [13] Leonardo Mendonça de Moura, Soonho Kong, Jeremy Avigad, Floris Acknowledgments van Doorn, and Jakob von Raumer. 2015. The Lean Theorem Prover (System Description). In Automated Deduction - CADE-25 - We would like to thank Sandro Stucki, Reed Mullanix, Nathan 25th International Conference on Automated Deduction, Berlin, Ger- van Doorn, and many others for discussions and contribut- many, August 1-7, 2015, Proceedings (Lecture Notes in , ing to the library. We are also grateful to the anonymous Vol. 9195), Amy P. Felty and Aart Middeldorp(Eds.).Springer, 378–388. reviewers for their inspirational suggestions. hps://doi.org/10.1007/978-3-319-21401-6_26 This work was supported by the National Sciences and [14] François Garillot, Georges Gonthier, Assia Mahboubi, and Laurence Rideau. 2009. Packaging Mathematical Structures. In Theorem Prov- Engineering Research Council of Canada. ing in Higher Order Logics, 22nd International Conference, TPHOLs 2009, Munich, Germany, August 17-20, 2009. Proceedings. 327–342. References hps://doi.org/10.1007/978-3-642-03359-9_23 [15] Herman Geuvers, Randy Pollack, Freek Wiedijk, and Jan Zwanenburg. [1] Andreas Abel and Gabriel Scherer. 2012. On Irrelevance and Algorith- 2002. A Constructive Algebraic Hierarchy in Coq. J. Symb. Comput. mic Equality in Predicative Type Theory. Logical Methods in Computer 34, 4 (2002), 271–286. hps://doi.org/10.1006/jsco.2002.0552 Science 8, 1 (2012). hps://doi.org/10.2168/LMCS-8(1:29)2012 [16] Jason Gross, Adam Chlipala, and David I. Spivak. 2014. Experience [2] Peter Aczel. 1993. Galois: a theory development project. manuscript, Implementing a Performant Category-Theory Library in Coq. In In- University of Manchester (1993). teractive Theorem Proving - 5th International Conference, ITP 2014, [3] Agda Team. 2019. Agda 2.6.0.1. Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Aus- [4] Benedikt Ahrens, Krzysztof Kapulkin, and Michael Shulman. tria, July 14-17, 2014. Proceedings (Lecture Notes in Computer Science, 2015. Univalent categories and the Rezk completion. Mathe- Vol. 8558), Gerwin Klein and Ruben Gamboa (Eds.). Springer, 275–291. matical Structures in Computer Science 25, 5 (2015), 1010–1039. hps://doi.org/10.1007/978-3-319-08970-6_18 hps://doi.org/10.1017/S0960129514000486 [17] Martin Hofmann and Thomas Streicher. 1996. The Groupoid Inter- [5] Benedikt Ahrens and Paige Randall North. 2019. Univalent Founda- pretation of Type Theory. In In Venice Festschrift. Oxford University tions and the Equivalence Principle. Springer International Publishing, Press, 83–111. Cham, 137–150. hps://doi.org/10.1007/978-3-030-15655-8_6 [18] Gérard P. Huet and Amokrane Saïbi. 2000. Constructive category the- [6] Musa Al-hassy, Jacques Carette, and Wolfram Kahl. 2019. A language ory. In Proof, Language, and Interaction, Essays in Honour of Robin Mil- feature to unbundle data at will (short paper). In Proceedings of the ner, Gordon D. Plotkin, Colin Stirling, and Mads Tofte (Eds.). The MIT 18th ACM SIGPLAN International Conference on Generative Program- Press, 239–276. ming: Concepts and Experiences, GPCE 2019, Athens, Greece, October 21- [19] G.M Kelly. 1964. On MacLane’s conditions for coherence of natural 22, 2019, Ina Schaefer, Christoph Reichenbach, and Tijs van der Storm associativities, commutativities, etc. Journal of Algebra 1, 4 (1964),397 (Eds.). ACM, 14–19. hps://doi.org/10.1145/3357765.3359523 – 402. hps://doi.org/10.1016/0021-8693(64)90018-3 [7] Steve Awodey. 2010. Category Theory (2nd ed.). Oxford University [20] F. William Lawvere. 1964. An Elementary Theory of the Cat- Press, Inc., New York, NY, USA. egory of Sets. Proceedings of the National Academy of Sci- [8] Edwin Brady. 2013. Idris, a general-purpose dependently typed pro- ences of the United States of America 52, 6 (1964), 1506–1511. gramming language: Design and implementation. J. Funct. Program. hp://www.jstor.org/stable/72513 23, 5 (2013), 552–593. hps://doi.org/10.1017/S095679681300018X [21] Saunders MacLane. 1971. Categories for the Working Mathematician. [9] Jacques Carette and Amr Sabry. 2016. Computing with Semirings and Springer-Verlag, New York. ix+262 pages. Graduate Texts in Mathe- Weak Rig Groupoids. In Programming Languages and Systems - 25th matics, Vol. 5. European Symposium on Programming, ESOP 2016, Held as Part of the [22] M. Makkai. 2017. Towards a Categorical Foundation European Joint Conferences on Theory and Practice of Software, ETAPS of Mathematics. Cambridge University Press, 153–190. 2016, Eindhoven, The Netherlands, April 2-8, 2016, Proceedings (Lecture hps://doi.org/10.1017/9781316716830.014 Notes in Computer Science, Vol. 9632), Peter Thiemann (Ed.). Springer, [23] PerMartin-Löf.1984. Intuitionistic type theory. Studies in , 123–148. hps://doi.org/10.1007/978-3-662-49498-1_6 Vol. 1. Bibliopolis. [10] Jesper Cockx, Dominique Devriese, and Frank Piessens. 2014. Pat- [24] The mathlib Community. 2020. The lean mathematical library. In Pro- tern matching without K. In Proceedings of the 19th ACM SIGPLAN ceedings of the 9th ACM SIGPLAN International Conference on Certi- international conference on Functional programming, Gothenburg, Swe- fied Programs and Proofs, CPP 2020, New Orleans, LA, USA, January den, September 1-3, 2014, Johan Jeuring and Manuel M. T. Chakravarty 20-21, 2020, Jasmin Blanchette and Catalin Hritcu (Eds.). ACM, 367– (Eds.). ACM, 257–268. hps://doi.org/10.1145/2628136.2628139 381. hps://doi.org/10.1145/3372885.3373824 [11] Robert L. Constable, Stuart F. Allen, Mark Bromley, Rance Cleaveland, [25] Tobias Nipkow, Lawrence C. Paulson, and Markus Wenzel. J. F. Cremer, R. W. Harper, Douglas J. Howe, Todd B. Knoblock, N. P. 2002. Isabelle/HOL - A Proof Assistant for Higher-Order Logic. Mendler, Prakash Panangaden, James T. Sasaki, and Scott F. Smith. Lecture Notes in Computer Science, Vol. 2283. Springer. 1986. Implementing mathematics with the Nuprl proof development hps://doi.org/10.1007/3-540-45949-9 system. Prentice Hall. hp://dl.acm.org/citation.cfm?id=10510 [26] Daniel Peebles, James Deikun, Ulf Norell, Dan Doel, Dar- [12] Nils Anders Danielsson, Ulf Norell, Shin-Cheng Mu, Bradley Hardy, ius Jahandarie, and James Cook. 2018. categories: Cat- Samuel Bronson, Dan Doel, Patrik Jansson, Liang-Ting Chen, egories parametrized by morphism equality in Agda. Jean-Philippe Bernardy, Andrés Sicard-Ramírez, Nicolas Pouillard, hps://github.com/copumpkin/categories Darin Morrison, Peter Berry, Daniel Brown, Simon Foster, Do- [27] Bas Spitters and Eelis van der Weegen. 2011. Type classes for mathe- minique Devriese, Andreas Abel, Alcatel-Lucent, Eric Mertens, matics in type theory. Math. Struct. Comput. Sci. 21, 4 (2011), 795–825. Joachim Breitner, Liyang Hu, Noam Zeilberger, Érdi Gergő, Stevan hps://doi.org/10.1017/S0960129511000119 Andjelkovic, Helmut Grohne, Guilhem Moulin, Noriyuki Ohkawa, CPP ’21, January 18–19, 2021, Virtual, Denmark Jason Z. S. Hu and Jacques Caree

[28] Eugene W. Stark. 2016. Category Theory with Adjunc- [36] Michael A Warren. 2008. Homotopy theoretic aspects of constructive tions and Limits. Archive of Formal Proofs (June 2016). type theory. Ph.D. Dissertation. Carnegie Mellon University. hp://isa-afp.org/entries/Category3.html, Formal proof develop- [37] John Wiegley. 2019. category-theory: Category Theory in Coq. ment. hps://github.com/jwiegley/category-theory [29] Eugene W. Stark. 2017. Monoidal Categories. Archive of Formal Proofs [38] Brent Yorgey. 2014. Combinatorial species and labelled structures. Ph.D. (May 2017). hp://isa-afp.org/entries/MonoidalCategory.html, For- Dissertation. University of Pennsylvania. mal proof development. [30] Eugene W. Stark. 2020. Bicategories. Archive of Formal Proofs (Jan. 2020). hp://isa-afp.org/entries/Bicategory.html, Formal proof de- velopment. [31] Thomas Streicher. 1993. Investigations into intensional type theory. Habilitiation Thesis, Ludwig Maximilian Universität (1993). [32] Amin Timany and Bart Jacobs. 2016. Category Theory in Coq 8.5. In 1st International Conference on Formal Structures for Com- putation and Deduction, FSCD 2016, June 22-26, 2016, Porto, Por- tugal (LIPIcs, Vol. 52), Delia Kesner and Brigitte Pientka (Eds.). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 30:1–30:18. hps://doi.org/10.4230/LIPIcs.FSCD.2016.30 [33] The Program. 2013. Homo- topy Type Theory: Univalent Foundations of Mathematics. hps://homotopytypetheory.org/book, Institute for Advanced Study. [34] Andrea Vezzosi, Anders Mörtberg, and Andreas Abel. 2019. Cubi- cal agda: a dependently typed programming language with univa- lence and higher inductive types. PACMPL 3, ICFP (2019), 87:1–87:29. hps://doi.org/10.1145/3341691 [35] Vladimir Voevodsky, Benedikt Ahrens, Daniel Grayson, et al. [n.d.]. UniMath — a computer-checked library of univalent mathematics. available at hps://github.com/UniMath/UniMath. hps://github.com/UniMath/UniMath