Computational Higher-Dimensional

Carlo Angiuli Robert Harper Todd Wilson Carnegie Mellon University, USA Carnegie Mellon University, USA California State University, Fresno, USA [email protected] [email protected] [email protected]

Abstract The key is to recognize that there are two quite different no- Formal constructive type theory has proved to be an effective lan- tions of constructivity in type theory, corresponding to two differ- guage for mechanized proof. By avoiding non-constructive princi- ent conceptions of the subject. One sense, which is embodied in ples, such as the law of the excluded middle, type theory admits the formal type theories implemented in Coq [38] and Agda [31], sharper proofs and broader interpretations of results. From a com- to name two examples, is the principle of constructivity as affording puter science perspective, interest in type theory arises from its ap- axiomatic freedom. By avoiding commitments to non-constructive plications to programming languages. Standard constructive type principles, such as the unrestricted law of the excluded middle, the theories used in mechanization admit computational interpretations theory is compatible with many more interpretations than it would based on meta-mathematical normalization theorems. These proofs otherwise be, including interpretations in which proofs are mod- are notoriously brittle; any change to the theory potentially invali- eled as programs, but also other interpretations such as those de- dates its computational meaning. As a case in point, Voevodsky’s rived from [16]. Formal type theories are defined by a univalence raises questions about the computational mean- collection of inference rules defining a collection of types and their ing of proofs. inhabitants, and specifying when two such are to be considered def- We consider the question: Can higher-dimensional type theory initionally equal [27]—essentially, when they are equal by virtue of be construed as a ? We answer this question elementary simplifications. such as the excluded middle, or affirmatively by providing a direct, deterministic operational inter- other, more subtle principles that may be taken for granted (or even pretation for a representative higher-dimensional denied!) in classical settings may be added to express proofs that theory with higher inductive types and an instance of univalence. use methods outside of the constructive canon. This approach has Rather than being a formal type theory defined by rules, it is instead proved hugely successful for mechanizing a broad range of mathe- a computational type theory in the sense of Martin-Lof’s¨ meaning matics while avoiding obstructive foundational arguments. explanations and of the NuPRL semantics. The definition of the Axiomatic freedom is well and good, but the formal approach type theory starts with programs; types are specifications of pro- does not address the question of the applicability of type theory gram behavior. The main result is a canonicity theorem stating that to programming languages. Besides being the very motivation for closed programs of boolean type evaluate to true or false. constructivity in the first place, we, the authors, along with many computer scientists, are interested in the application of type theory Categories and Subject Descriptors D.3.1 [Programming Lan- to running code. Thus, the central question for us is what is the guages]: Formal Definitions and Theory; F.3.2 [Logics and Mean- computational meaning of a proof, or, in other words, in what sense ings of Programs]: Semantics of Programming Languages is type theory a programming language? From the axiomatic perspective there are two main ways of ad- Keywords Type Theory, Logical Relations dressing this question. One is indirect: by building models in other constructive theories. To the extent that the latter have computa- 1. Introduction tional content, it can be transferred to type theory itself by the Constructive type theory in the broadest sense is well-established interpretation. The other is direct, by defining a concept of sim- as a comprehensive framework for both the analysis and implemen- plification, or normalization, and showing, by a substantial meta- tation of programming languages, and as a comprehensive frame- that must necessarily go beyond the capabili- work for mechanizing mathematics. How is it that such apparently ties of the type theory itself, that every term has a unique simplest disparate objectives could be achieved by the same framework? form. The operational meaning of a term is then taken to be its From the perspective of an intuitionist, it is only to be expected— unique simplest form, obtained by any of a variety of means. The the whole point of intuitionism is to achieve a synthesis of proof same idea is often used to show the decidability of type checking and program, grounding the definition of truth itself in computa- for the theory, which is essential because the elements of types may tion. But few subscribe to such principles, and, practically speak- be considered to be formal proofs, rather than semantic construc- ing, constructive type theory has proved useful regardless of its ide- tions, and hence ought to admit decidable checking. ological origins. This account of the computational content of proofs leaves a little to be desired. For example, normalization theorems do not Permission to make digital or hard copies of all or part of this work for personal or afford a polynomially equivalent cost model [36]. For another, there classroom use is granted without fee provided that copies are not made or distributed are natural concepts of computation—such as partiality, general for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM recursive types, non-, and mutable state—that do not must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, appear to arise from simplification of proof terms in a logical to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. system. But perhaps these shortcomings may be remedied in the near or distant future. The more serious difficulty, in both theory POPL’17, January 15–21, 2017, Paris, France c 2017 ACM. 978-1-4503-4660-3/17/01...$15.00 and practice, is the problem of defining a type theory by rules http://dx.doi.org/10.1145/3009837.3009861 and eliciting its computational content by metamathematics. It is

680 never obvious how to choose the rules that define a formal type and classify identifications, or lines, between points. At dimension theory, particularly when one is concerned with its computational 2 are identifications between identifications, or , which interpretation. A seemingly minor alteration can disrupt or even form squares among types and among lines in types. destroy the computational meaning of the theory when obtained by The dimensions of the universe of types and of the types them- metamathematical analysis. Moreover, such results are notoriously selves are populated by a variety of comprehension principles such brittle; a seemingly small change to the rules can entirely invalidate as the aforementioned univalence axiom, and by instances of the the established metatheory. general concept of a higher , which is freely gen- Two cases in point illustrate the difficulties. The first is the erated by given cubes of arbitrary dimension. To ensure that the problem of function . Formal type theory includes cubical structure expresses a sensible concept of identification, the an identity type of proofs that two elements of a type are equal. type theory must satisfy a constructive form of the Kan condition In the case of function types there is no proof corresponding to similar to that of Bezem et al. [8], allowing elements to be coerced the principle that two functions are equal if they have the same between identified types, and that they are closed under a compo- graph. This is a serious obstacle to mechanization of mathematics, sition operation that ensures, among other important criteria, that which is invariably extensional in this respect. Were computational identifications are composable and reversible, and that composition considerations to be ignored, one could simply add an axiom of is associative up to higher identification. extensionality, and be done with it. But what is the computational We elicit the computational content of higher-dimensional de- content of such a proof? In a tour de force paper, Altenkirch et al. pendent type theory using Martin-Lof’s¨ meaning explanations, [3] showed how to elicit this content without severely disrupting the which are directly grounded in computation. Similar methods are theory, but the account is rather indirect and technically involved. used to define the NuPRL type theory [1, 39]; our work may also The second, more recently, is Voevodsky’s celebrated univalence be seen as an extension of the NuPRL type theory to account for axiom, which equates types that are, in a technically precise sense, higher dimensions. Rather than being defined by a collection of equivalent. From the outset [40] a central question has been: What inference rules to which a computational meaning is assigned after is the computational content of univalence? the fact, a meaning explanation starts with the notion of compu- Besides disrupting the standard computational interpretation of tation (given by a deterministic operational semantics for a col- formal type theory, the univalence axiom led to consideration of lection of programs), and then defines types as specifications of the more general question of proof-relevant notions of equality for their behavior. Thus, for example, a function from A to B is any which the interchangeability of the sides of an equation relies on program—perhaps a “foreign function” or “oracle”—that sends el- information encoded in the proof that they are equal. In the case of ements of A to elements of B. More precisely, types specify the univalence, types can be equivalent in disparate ways, so it is not exact equality of behaviors, so that, for example, functions with immediately obvious in what sense they may be considered equal, the same graph are exactly equal. In the higher-dimensional - even though doing so is standard practice in informal mathematics. ting this means that we sharply distinguish exact equality (in its Addressing this question raises the further question of when two ordinary mathematical sense) from identification (in its homotopy- such proofs are themselves equal. For example, one would expect theoretic sense), rather than conflate the two as is done in other the composition of equality proofs to be associative, which is to say treatments of higher-dimensional structure [8, 40]. The definitions that the two associations ought to be considered equal, which may of the types are given using only constructively valid, predicative in turn require further evidence. Such considerations are addressed principles that would in any case have to be accepted for the meta- by the homotopy-theoretic interpretation of constructive type the- mathematical analysis of a formal type theory. Indeed, because ory [40] in which the previously known identity type is general- all of the rules of higher-dimensional type theory are sound under ized to become an identification type whose elements are variously our definition of types, and our semantics may also be seen as an called paths, homotopies, or, as we shall call them here, identifi- abstract cubical realizability interpretation of formal cubical type cations. The resulting theory inclusive of identifications is called theory, providing insight into those formalisms as well. But to view higher-dimensional type theory. The question considered in this pa- our work only as such would be to sell it short. As with the NuPRL per is: Can higher-dimensional dependent type theory be regarded type theory [2, 14], we view proof theory as a window on the truth, as a programming language, while retaining its role as a logic for not as defining truth itself. mechanizing mathematics? The main result of this paper is to answer affirmatively (and con- We answer this question in the affirmative using a new notion structively!) the question of whether higher-dimensional type the- of cubical logical relations. The use of cubical methods is inspired ory can be construed as a programming language. More precisely, by the formal cubical type theories proposed by Cohen et al. [10] we formulate a computational higher-dimensional dependent type and Licata and Brunerie [25], which are themselves inspired by theory with instances of higher inductive types and of univalence, the model of homotopy type theory given by Bezem et al. [8] for which we can obtain the following canonicity theorem: using Kan cubical sets, a constructive variant of a concept from Theorem 1 (Canonicity). If M ∈ bool [·] then either M ⇓ true or classical . The model given by Bezem et al. [8] M ⇓ false. established the constructivity of the univalence axiom by giving an interpretation in a constructive , but it does not yield As emphasized by Martin-Lof¨ [28], the canonicity theorem con- in any straightforward way a direct computational interpretation of firms that the theory is consistent and has a direct computational higher-dimensional dependent type theory. meaning. The importance of cubical methods for type theory may be seen as an application of Martin-Lof’s¨ principles governing the judg- 2. Higher-Dimensional Programming mental structure of type theory [28, 30]. In contrast to homotopy type theory [40], cubical methods consider not only types and their Martin-Lof’s¨ meaning explanations of type theory are based on a elements, but also identifications among and within types, as a notion of computation. In order to extend meaning explanations primitive concept. Type theory is expanded to higher dimensions to higher dimension, we must first extend computation to higher according to the following pattern. At dimension 0 we have the dimension, by explaining how to evaluate not only ordinary terms usual types and their elements, which are points of those types. at dimension 0, but terms at dimension 1 and above. Types at dimension 1 form identifications between ordinary types, In homotopy type theory [40], paths are represented as terms P : IdA(M,N) of identity type; the type specifies the endpoints

681 of a path, in this case M,N : A. A homotopy is a term H : in the diagram above) whose left face is Nh0/xih0/yi and whose

IdIdA(M,N)(P,Q) of iterated identity type. Such an iterated identity right face is Nh1/xih1/yi. type is not well-formed unless the two endpoints P,Q are them- We call all combinations of faces, diagonals, and degeneracies selves both paths with identical boundary. As the dimension in- of a cube its aspects. Aspects are obtained by means of total creases, more and more boundary data is required to even state the dimension substitutions, written ψ :Ψ0 → Ψ, which take a Ψ-cube type of a higher cell. This data is required not only by the judg- M to a Ψ0-cube Mψ. If we think of Ψ as a context of dimension mental apparatus, because well-formedness of a type depends on names, then degeneracies correspond to weakenings, diagonals to the endpoints of a path, but for the operational semantics as well, contractions, and permutation of Ψ to exchange; these notions of because path operations can compute endpoints. aspects yield a cartesian notion of dimension, one quite analogous Bezem et al. [8] suggested organizing this data with cubical sets, to the behavior of variables in type theory. a storied mathematical idea due to Kan [24] and one of the earliest Note that terms are not to be understood solely in terms of combinatorial descriptions of topological spaces. Cubical methods their dimensionally-closed instances (namely, their 0-dimensional in type theory have since been used in applications ranging from aspects). Rather, a term’s dependence on dimension names is to synthetic homotopy theory to guarded recursion [9, 10, 25, 26]. be understood generically; geometrically, one might imagine addi- (A number of related structures all go by the name “cubi- tional unnamed points in the interior of the abstract interval. cal sets.” Experts will recognize our formulation as equivalent to presheaves on the free cartesian cube generated by an in- 2.2 Syntax terval object 1 → I ← 1, i.e., cubes with degeneracies, faces, and diagonals.) Terms M := (a:A) → B | (a:A) × B | Idx.A(M,N) 1 2.1 Cubical Programs | bool | notr | S | λa.M | app(M,N) | hM,Ni Concretely, our programming language has two sorts—ordinary λ- | fst(M) | snd(M) | hxiM | M@r | true | false calculus terms (written A, B, M, N, . . . with variables a, b, . . . ) 0 | ifa.A(M; N1,N2) | notelr(M) | base | loopr and dimension terms (r, r ), which are either 0 or 1 (ε), or a 0 1 r r dimension name (x, y, z, . . . ). These dimension names are familiar | S -elima.A(M; N1, x.N2) | coex.A (M) *− −−−* to programming language researchers as nominal constants [32, 33] ri 0 ε or symbols [20]. Dimension names represent formal elements of an | hcomA (r r ,M; y.Ni ) abstract interval whose end points are notated 0 and 1. Although dimension names look superficially like term vari- Figure 1. Term syntax. ables, they are quite different in a few regards—we can evaluate programs with free dimension names, but not free variables, and The syntax of our cubical programming language is described the operational semantics compares them for equality. Importantly, in Figure 1; it is largely familiar. We write x.− for dimension however, all our constructions respect permutation of names. binders and a.− for term binders. Additionally, in (a:A) → B and Dimension terms occur as arguments to certain term formers in (a:A)×B, a is bound in B. We now briefly describe the unfamiliar constructs. our programming language; for example, loopr is a program for any dimension term r (i.e., loop , loop , and loop are all valid hxiM is an abstraction of a dimension name x in M, and M@r 0 1 x 1 programs). We define a dimension substitution operation Mhr/xi is application to a dimension term. S is the higher inductive type which replaces free occurrences of x in M with r, alongside ordi- corresponding to the circle, which has a base point base and an x- nary term substitution written M[N/a]. line loopx. Just as if takes a motive type a.A, a boolean M, and We write FD(M) for the set of dimension names free in M two cases N1,N2 corresponding to true and false, the eliminator (called the support in nominal set literature), and say that M is a for the circle takes two cases N1 and x.N2 corresponding to its Ψ-cube if FD(M) ⊆ Ψ. We call ∅-cubes points, x-cubes lines, generating base point and line. notr is an instance of univalence (x, y)-cubes squares, and so forth. An x-cube M can be regarded corresponding to the negation equivalence between bool and itself; as an abstract line in the x direction, whose left endpoint, or face, is this in fact forms a type with elements notelr(M), as we explain in Mh0/xi, whose right face is Mh1/xi, and whose dependence on x Section 4.6. represents the parameter x tracing out the “interior” of the line. An This brings us to the last major constructs of cubical type the- (x, y)-cube N is an abstract square with four lines as its boundary, ory, namely the Kan conditions, coe and hcom. The first, called and four points as the boundary of those lines: coercion, takes an x-line A between types and an element M of Ahr/xi to an element of Ahr0/xi. This is a generalization of the x Nh0/yi transport operation described in the HoTT Book [40], and indeed Nh0/xih0/yi Nh1/xih0/yi y of the ordinary notion of coercion in programming: x.A is evidence identifying the types Ahr/xi and Ahr0/xi, and coe effects the con- tent of this identification on elements of the former type. Nh0/xi N Nh1/xi The second, called homogeneous Kan composition, states that open boxes in any type have lids. This operation endows types with Nh0/xih1/yi Nh1/xih1/yi a higher structure by ensuring that lines can be composed, Nh1/yi reversed, and so forth. Some simple instances of this principle are easy to visualize. The fact that dimension substitutions commute validates the geo- The simplest composition scenario states that a U-shaped con- metrical fact that the h0/xi face of Nh0/yi must agree with the figuration of lines always forms the boundary to a square. If M h0/yi face of Nh0/xi in the upper left. is an x-line in A, and y.N ε are y-lines in A, and their endpoints x 0 1 A Ψ-cube M can be regarded trivially as a degenerate, or reflex- agree as depicted below, then hcomA(0 1,M; y.N , y.N ) is ive, (Ψ, x)-cube whose x-faces are both M. Finally, we can substi- the composite, an x-line in A from N 0h1/yi to N 1h1/yi. More- tute one dimension name for another, which takes the diagonal of a over, there is an (x, y)-square with those four lines as its boundary, x 0 1 square. Nhx/yi is an x-line (the upper-left-to-lower-right diagonal namely hcomA(0 y, M; y.N , y.N ), which is called the filler

682 of this composition scenario. (The h1/yi face of the filler is clearly torization systems [18].) Second, we do not require that the ex- −* the composite. We will see later why the other faces agree.) tents ri coincide with the set of free dimension names in the term. We allow composition scenarios like the first we described, x 0 1 x M hcomA(0 1,M; y.N , y.N ), where the cap and tube faces de- · · pend on not only x but also z, forming a “trough” of the top, left, y and right faces of a cube, composing to the bottom face. In addition, the h0/zi face of that bottom face must be exactly 0 1 N N x 0 1 hcomAh0/zi(0 1,Mh0/zi; y.N h0/zi, y.N h0/zi) This is the uniformity of the uniform Kan condition, which is of N 0h1/yi N 1h1/yi hcomx (0 1,M; y.N 0, y.N 1) course very natural in syntax, because substitutions commute with A term formers. *− −−−* ri 0 ε We will carefully specify the behavior of coe and hcom in The general form of hcom is hcomA (r r ,M; y.Ni ). M is the cap of the composition; r specifies which “side” the cap is Section 3.3, including the adjacency conditions that certain faces on (above, the y = 0 side), and r0 the side the composite is on of the cap and tube faces must agree, as depicted above, and that (above, the y = 1 side). When r0 is a dimension name not occurring certain faces of composites and fillers must agree with (faces of) elsewhere in the composition problem, the hcom “traces out” the the cap and tube faces. interior of the composition problem, ranging from the cap to the −* 2.3 Operational Semantics composite, thus obtaining the filler. Finally, ri = r1, . . . , rn is a list of n ≥ 1 dimension terms called the extents of the composition We define the operational semantics of our cubical programming −−−*ε language using two judgments: problem, and y.Ni is a list of 2n tube faces, each with a bound dimension name. Each extent specifies the dimension across which 1. M val, stating that M is a value, or canonical form, and each pair of tube faces lies; for example, the first two tube faces are 2. M 7−→ M 0, stating that M takes one step of evaluation to M 0. on the r1 = 0 and r1 = 1 sides of the composition problem (above, x = 0 and x = 1). The bound dimension names in the tube faces These judgments apply to closed terms of any dimension, that is, are the dimension in which r, r0 lie; binding it ensures the cap and terms containing free dimension names but not free term variables. composite do not vary in that direction. If M val then M 67−→, but the converse need not be the case. As usual, we write M 7−→∗ M 0 to mean that M transitions to M 0 x in zero or more steps. We say M evaluates to V , written M ⇓ V , · · when M 7−→∗ V and V val. Transitions are deterministic, i.e., y z · · If M 7−→ M1 and M 7−→ M2, then M1 = M2. up to α-equivalence. This implies a term has at most one value. A representative sample of the operational semantics can be · · found in Figure 2. We have included all the rules pertaining to dependent functions and booleans, as well as the type-generic rules for the Kan conditions. (See the accompanying preprint [4] for the · · complete operational semantics.) Above is an example of a two-extent composition problem. If Most of the operational semantics rules are typical of weak head the top (x, z)-square is M, the left and right (y, z)-squares (across reduction: introduction forms are values, and elimination forms 0 1 only evaluate their principal arguments. hcom and coe evaluate the x direction) are N ,N , and the back and front (x, y)-squares x x their type argument first, and are implemented differently at every (across the z direction) are N 0,N 1, then the bottom face of the z z type. At higher type, like (a:A) → B, they are implemented using cube (in gray) is an (x, z)-square, the composite 1 hcom and coe at the constituent types. At bool and S , coe has no x,z 0 1 0 1 1 hcomA (0 1,M; y.Nx , y.Nx , y.Nz , y.Nz ) effect because the trivial coercion from bool to bool (resp., S ) has no effect, and hcom has the minimum implementation needed to while the interior (x, y, z)-cube filler is satisfy the Kan conditions described in Section 3.3. This is because hcomx,z(0 y, M; y.N 0, y.N 1, y.N 0, y.N 1) composition is primitive at base types, and higher inductive types A x x z z 1 such as bool and S are inductively generated by their constructors It is difficult to depict more complex composition scenarios. and Kan composition. (As we discuss in Section 4.1, we define The purpose of the Kan conditions is to provide closure prop- bool as a higher inductive type although it has no line constructors, erties for identifications, ensuring each type satisfies the laws of to demonstrate the robustness of our canonicity result.) higher . When we compare our theory to that of the HoTT if evaluates its principal argument. When true it returns the Book [40], the Kan conditions will implement the eliminator of the first branch and when false the second; when the argument is an identity type. As this is the essence of finding the computational hcom of booleans, it returns a composition, in the motive type A, content of higher-dimensional type theory, the Kan conditions ac- of ifs on the constituent booleans. The com term mentioned in this count for much of the complexity of the present work. operational semantics rule is an abbreviation: Our hcom operation is closely related to the uniform Kan con- *− −−−* dition [8, 17, 21] introduced by Bezem et al. [8], which differs comri (r r0,M; y.N ε) := from the ordinary Kan condition of cubical sets [24, 47] in two y.A i *− 0 −−−−−−−−−−0 * important ways. First, the classical definition simply states that hcomri (r r0, coer r (M); y.coey r (N ε)) fillers exist for all open boxes while hcom explicitly witnesses Ahr0/yi y.A y.A i this fact, providing a composition structure on each type rather com implements heterogeneous composition by combining the two than simply stating a property of types. (Such structures have been Kan operations, and is needed here because the motive A is depen- considered in the mathematical literature on algebraic weak fac- dent on bool, as we discuss in Section 4.1.

683 hcom and coe A 7−→ A0 A 7−→ A0 0 0 *− −−−* *− −−−* r r r r ri 0 ε ri 0 ε coex.A (M) 7−→ coex.A0 (M) hcomA (r r ,M; y.Ni ) 7−→ hcomA0 (r r ,M; y.Ni ) Dependent functions

M 7−→ M 0 (a:A) → B val app(M,N) 7−→ app(M 0,N) app(λa.M, N) 7−→ M[N/a] λa.M val

*− −−−* *− −−−−−−−−* ri 0 ε ri 0 ε hcom(a:A)→B (r r ,M; y.Ni ) 7−→ λa.hcomB (r r , app(M, a); y.app(Ni , a))

0 0 0 r r r r r r coex.(a:A)→B (M) 7−→ λa.coe r0 x (app(M, coex.A (a))) x.B[coex.A (a)/a] Booleans −* ri = x1, . . . , xi−1, ε, ri+1, . . . , rn r = r0 *− −−−* −−−* ri 0 ε ε 0 x1,...,xn 0 ε bool val hcombool(r r ,M; y.Ni ) 7−→ Ni hr /yi hcombool (r r ,M; y.Ni ) 7−→ M true val false val

0 r 6= r M 7−→ M 0 −−−* x1,...,xn 0 ε 0 hcombool (r r ,M; y.Ni ) val ifa.A(M; T,F ) 7−→ ifa.A(M ; T,F ) ifa.A(true; T,F ) 7−→ T −−−* 0 x1,...,xn ε r 6= r H = hcombool (r z, M; y.Ni ) −−−* x1,...,xn 0 ε ifa.A(hcom (r r ,M; y.Ni ); T,F ) bool 0 if (false; T,F ) 7−→ F 7−→ coer r (M) 7−→ M a.A −−−−−−−−−−−−* x.bool x1,...,xn 0 ε comz.A[H/a](r r , ifa.A(M; T,F ); y.ifa.A(Ni ; T,F ))

Figure 2. Operational semantics, selected rules.

The primary sources of higher cubes in the syntax are the Kan and that two programs are equal at a type: conditions and the circle. The circle provides a good example of . the interplay between dimension substitution and evaluation: M = N ∈ A base val loop val loop 7−→ base . x ε The judgment A type is simply an abbreviation for A=A type, and . Thus for any Ψ, base is a Ψ-cube and loopx is a (Ψ, x)-cube. We M ∈ A for M = M ∈ A. To be a type is to evaluate to a canonical arrange that the hε/xi faces of loopx are base with the rule that type, that is, to prescribe what it means for a canonical form to be loopε 7−→ base. a canonical member (or element) of that type, and for two such Evaluating a Ψ-cube never increases its dimension, but a cube to be equal members of that type. To be equal types is to evaluate which depends on x may lose its dependency on x, thus revealing to canonical types equipped with identical notions of membership it to be degenerate. To be precise, and equal membership. To be a member (resp., equal members) of a If M 7−→ M 0, then FD(M 0) ⊆ FD(M). type A is to evaluate to a canonical member (resp., equal canonical members) of the canonical type given by the value of A. We say that . A type is a presupposition of the judgment M = N ∈ A because 3. Cubical Meaning Explanations we cannot make sense of this judgment until we know that A is The judgments of computational type theory are defined in terms of equipped with a notion of membership. a system of relations between programs. In this framework, types For example, we might say that bool is a canonical type whose are merely specifications of the computational behavior of these canonical members are true and false, such that true is equal only programs, and can be thought of as a system of type refinements to true, and false to false. Then bool type, because bool ⇓ bool . for an untyped language. In this section, we define what is a cubical which is a canonical type, and M = N ∈ bool means that either type system, and how it gives rise to the judgments of computational M ⇓ true and N ⇓ true, or M ⇓ false and N ⇓ false. higher-dimensional type theory. A type system over a programming language is a family of rela- tions specifying which values are (equal) canonical types, and for 3.1 Ordinary Meaning Explanations each canonical type, which values are (equal) canonical members We begin by briefly recalling the ordinary meaning explanations of that canonical type. To be precise, a type system is [1, 19, 28, 39] of Martin-Lof¨ [28], which also serve as the basis of the NuPRL type theory [1]. 1. A symmetric and transitive relation ≈ over values, and Computational type theory is built on two core judgments, 2. For each A ≈ A , a symmetric and transitive relation ≈ namely that two programs are equal types: 0 0 A0 over values, such that if A ≈ B , the relations ≈ and ≈ . 0 0 A0 B0 A = B type are equal.

684 These relations are symmetric and transitive to ensure the equality 3.2 Closed Cubical Judgments judgments are as well. They are not reflexive, as not all values are One can regard ordinary type theory as the fragment of cubical canonical types and canonical members of every canonical type, type theory in which no terms depend on dimension names. Since but for any A0 such that A0 ≈ B0, symmetry and transitivity cubical programs represent not only ∅-cubes but x-cubes, (x, y)- imply A0 ≈ A0. These partial equivalence relations are simply cubes, and higher, one can have canonical Ψ-cubes for any Ψ, and a technical device for simultaneously defining a predicate and an hence a cubical type system specifies when for any Ψ, a canonical equivalence relation on objects satisfying the predicate. A value Ψ-cube classifies other Ψ-cubes, and when two canonical Ψ-cubes may be a canonical member of multiple canonical types, and may are equal in such a Ψ-cube. be equal to another value at some types but not others. The meanings of the core judgments are fixed by any type Definition 2. A cubical type system consists of . system: A = B type when A ⇓ A , B ⇓ B , and A ≈ B ; and . 0 0 0 0 1. For every Ψ, a symmetric and transitive relation ≈Ψ over M = N ∈ A when M ⇓ M0, N ⇓ N0, A ⇓ A0, and M0 ≈A0 N0. values A0 such that FD(A0) ⊆ Ψ, and The open judgments Ψ Ψ 2. For every A0 ≈ B0, symmetric and transitive relations ≈A0 . Ψ a1 : A1, . . . , an : An  A = B type and ≈B0 over values M0 such that FD(M0) ⊆ Ψ, such that Ψ Ψ . M0 ≈A N0 if and only if M0 ≈B N0. a1 : A1, . . . , an : An  M = N ∈ A Ψ We will sometimes write A ∼ B when A ⇓ A0, B ⇓ B0, and Ψ Ψ express that a judgment is true for all members of the types A0 ≈ B0, and M ∼A N when M ⇓ M0, N ⇓ N0, A ⇓ A0, and Ψ A1,...,An, and moreover that it respects the equality of those M0 ≈ N0. . 0 A0 types. For example, a : A  M ∈ B when for all N = N ∈ A, The two most fundamental judgments of cubical type theory are . 0 M[N/a] = M[N /a] ∈ B[N/a]. (The full definition is slightly . . involved because context types Ai can depend on earlier aj .) A = B pretype [Ψ] and M = N ∈ A [Ψ] It is no mistake that we write M ∈ A rather than M : A, and Further judgments are defined in terms of these. As before, the Γ  M ∈ A rather than Γ ` M : A. The latter (perhaps more meanings of these judgments are fixed by any cubical type sys- familiar) judgments of formal type theory capture the idea that M tem, but their definitions are more involved than simply evaluating constitutes a of the proposition A. There, M proves A, B, M, N. a unique proposition A (up to definitional equality), and from M Complications arise because these judgments should be closed one can reconstruct not only A but a full derivation of M : A. In . under dimension substitution. The intuitive meaning of M ∈ A [Ψ] computational type theory, M = N ∈ A means that the programs is that M is a Ψ-cube of the pretype A, so it should certainly be M and N exhibit equal behaviors as specified by A. This difference the case that its aspects are also cubes of the same pretype, i.e., surfaces in many ways: Mψ ∈ Aψ [Ψ0] for all ψ :Ψ0 → Ψ. If we say M ∈ A [Ψ] means Ψ that A ⇓ A0, M ⇓ M0, and M0 ≈A0 M0, there is certainly • M ∈ bool requires only that M ⇓ true or M ⇓ false, 0 0 no reason why we should expect Aψ ⇓ A0, Mψ ⇓ M0, and and nothing whatsoever about the structure of M. In contrast, 0 Ψ0 0 M0 ≈ 0 M0, since ψ can change the evaluation behavior of M.A M : bool only when M is structurally well-typed. A0 x . concrete example is hcombool(0 0,M; y.N, y.N), which steps • m : N, n : N  m + n = n + m ∈ N is true (for suitable to M but whose h0/xi face steps to Nh0/yi. definitions of N and +) because for any natural numbers m, n, An obvious solution is to build this condition into the mean- m + n and n + m evaluate to the same natural number. Proving ing of the judgment, and say that M ∈ A [Ψ] when for any this fact requires an inductive argument, but it is true even if one 0 ψ :Ψ0 → Ψ, Mψ ∼Ψ Mψ. This guarantees the ψ aspect of cannot invent that argument. In contrast, there is no definitional Aψ any Ψ-cube of a pretype evaluates to a canonical Ψ0-cube of that equality m : N, n : N ` m + n ≡ n + m : N, because one cannot see they are equal merely by simplifying (e.g., β- pretype, but still says nothing about the relationship between differ- ent canonical aspects of the original Ψ-cube, or about the aspects of normalizing) both sides. That is, a proof about m + n is not 0 self-evidently a proof about n + m; one cannot expect to, in those canonical Ψ -cubes. We impose the following stronger con- general, systematically reconstruct a derivation of the latter dition (where Aψ1ψ2 means (Aψ1)ψ2): . given a derivation of the former, without an induction argument. Definition 3. We say A = B pretype [Ψ], presupposing that • In computational type theory, two functions A → B are equal FD(A, B) ⊆ Ψ, when for any ψ1 :Ψ1 → Ψ and ψ2 :Ψ2 → Ψ1, whenever they send equal elements of A to equal elements of B. 1. Aψ1 ⇓ A1, A1ψ2 ⇓ A2, Aψ1ψ2 ⇓ A12, Since we define types solely using the computational behavior 2. Bψ1 ⇓ B1, B1ψ2 ⇓ B2, Bψ1ψ2 ⇓ B12, and of programs, there is no other sensible definition in this setting. Ψ2 Ψ2 Ψ2 3. A2 ≈ A12 ≈ B2 ≈ B12. • For all these reasons, it is not decidable whether a program . . M has type A, nor should one expect it to be: M ∈ A is Definition 4. We say M = N ∈ A [Ψ], presupposing A = an assertion about the runtime behavior of a program, not the A pretype [Ψ] and FD(M,N) ⊆ Ψ, when for any ψ1 :Ψ1 → Ψ content of a formal proof. and ψ2 :Ψ2 → Ψ1,

1. Mψ1 ⇓ M1, M1ψ2 ⇓ M2, Mψ1ψ2 ⇓ M12, These differences have led some to believe that computational type 2. Nψ1 ⇓ N1, N1ψ2 ⇓ N2, Nψ1ψ2 ⇓ N12, and theory is less useful than formal type theory. In fact, their judg- Ψ2 Ψ2 Ψ2 3. M2 ≈ M12 ≈ N2 ≈ N12, where Aψ1ψ2 ⇓ A12. ments are altogether different, and suitable for different purposes! A12 A12 A12 As a logic for reasoning about program behavior, the applicability That is, not only do all aspects of M evaluate to canonical cubes of computational type theory is indisputable. On the other hand, it of A, but its ψ1ψ2 aspect and the ψ2 aspect of its ψ1 aspect’s value is quite true that M ∈ A is not an appropriate notion of formal evaluate to equal canonical cubes of A. We say this ensures M has proof, because the structure of M may come far short of explain- coherent aspects. Note that this coherence is not guaranteed by the ing why A is true. (In proof theories for computational type theory, operational semantics; it is the role of the type system to carve out derivations often contain much more information than M.) the sensible programs.

685 . As before, we write A pretype [Ψ] when A = A pretype [Ψ], • J [Ψ | ·] iff J [Ψ]. By definition, since all ψ satisfy an empty . and M ∈ A [Ψ] when M = M ∈ A [Ψ]. (We will continue to set of equations, J [Ψ | ·] iff J ψ [Ψ0] for all ψ :Ψ0 → Ψ. But abbreviate judgments in this fashion without further comment.) The J ψ [Ψ0] for all ψ iff J [Ψ], because the judgments are closed . . judgments A = B pretype [Ψ] and M = N ∈ A [Ψ] are symmetric under dimension substitution. . and transitive, so if A = B pretype [Ψ] then A pretype [Ψ] and . • J [Ψ, x | x = 0, x = 1] always, because no ψ can satisfy B pretype [Ψ], and if M = N ∈ A [Ψ] then M ∈ A [Ψ] xψ = 0 and xψ = 1 simultaneously. and N ∈ A [Ψ]. Equal pretypes have equal elements, i.e., if . . . A = B pretype [Ψ] and M = N ∈ A [Ψ], then M = N ∈ B [Ψ]. • J [Ψ, x, y | x = 0, y = 1] iff J h0/xih1/yi [Ψ], because all The coherent aspect condition tells us that in a sense, any pair dimension substitutions satisfying xψ = 0 and yψ = 1 can be of dimension substitutions commute with evaluation. If a pretype written as a composition of h0/xih1/yi and another dimension is cubical, then the values of any of its cubes’ aspects again have substitution. . coherent aspects, and hence arbitrary interleavings of dimension Definition 8. We say A, B are equally Kan, presupposing A = substitutions and evaluation are coherent, i.e., the act of applying a B pretype [Ψ], if the following five conditions hold: dimension substitution and then evaluating is functorial. ψ :Ψ0 → Ψ 0 1. For any , if Definition 5. We say A pretype [Ψ] is cubical if for any ψ :Ψ → . 0 0 . (a) M = O ∈ Aψ [Ψ ], Ψ 0 0 Ψ and M ≈A N (where Aψ ⇓ A0), M = N ∈ Aψ [Ψ ]. ε . ε 0 0 0 (b) Ni =Nj ∈ Aψ [Ψ , y | ri = ε, rj = ε ] for any i ∈ [1, n], If we consider only terms M with no free dimension names, j ∈ [1, n], ε = 0, 1, and ε0 = 0, 1, ε . ε 0 then M = Mψ and the cubical meaning explanations essentially (c) Ni = Pi ∈ Aψ [Ψ , y | ri = ε] for any i ∈ [1, n] and . 0 coincide with the ordinary ones: A=B pretype [Ψ] when A ∼Ψ B ε = 0, 1, and 0 . Ψ0 0 ε . 0 for all Ψ , and M = N ∈ A [Ψ] when M ∼A N for all Ψ . (d) Ni hr/yi = M ∈ Aψ [Ψ | ri = ε] for any i ∈ [1, n] and ε = 0, 1, *− −−−* *− −−* 3.3 Context Restrictions and Kan Conditions ri 0 ε . ri 0 ε then hcomAψ(r r ,M; y.Ni )=hcomBψ(r r ,O; y.Pi ) ∈ So far, we have explained what a cubical pretype is. A type is a Aψ [Ψ0]. cubical pretype which is moreover Kan, meaning that it is closed 2. For any ψ :Ψ0 → Ψ, if under the hcom and coe operations in a certain sense. Specifying (a) M ∈ Aψ [Ψ0], the hcom operation in particular is quite challenging, because a . 0 N ε =N ε ∈ Aψ [Ψ0, y | r = ε, r = ε0] i ∈ [1, n] composition scenario is valid in a pretype not only when the cap (b) i j i j for any , j ∈ [1, n], ε = 0, 1, and ε0 = 0, 1, and and tube faces are elements of that pretype, but when certain faces ε . 0 of the cap and tube faces are equal elements. (c) Ni hr/yi = M ∈ Aψ [Ψ | ri = ε] for any i ∈ [1, n] and adjacency conditions ε = 0, 1, These equalities are called the , and are *− −−−* ri ε . 0 implicit in the diagrams in Section 2.2. For example, in the U- then hcomAψ(r r, M; y.Ni ) = M ∈ Aψ [Ψ ]. ε shaped configuration, Mhε/xi and N hε/yi must be equal points, 3. For any ψ :Ψ0 → Ψ, under the same conditions as above, if while in the box-shaped configuration, each tube face intersects ri = ε for some i then the cap in a line, and each pair of adjacent tube faces must also *− −−−* ri 0 ε . ε 0 0 intersect, for a total of eight equalities. hcomAψ(r r ,M; y.Ni ) = Ni hr /yi ∈ Aψ [Ψ ]. There are a few more subtleties to address. An extent r can . i 4. For any ψ : (Ψ0, x) → Ψ, if M = N ∈ Aψhr/xi [Ψ0], then be 0 or 1, in addition to being a dimension name. Indeed, if the 0 . 0 x 0 1 coer r (M) = coer r (N) ∈ Aψhr0/xi [Ψ0]. composite of the U, hcomA(0 1,M; y.N , y.N ), is meant to x.Aψ x.Bψ 0 0 be an x-line from N 0h1/yi to N 1h1/yi, then its h0/xi face, 5. For any ψ : (Ψ , x) → Ψ, if M ∈ Aψhr/xi [Ψ ], then r r . 0 0 0 1 coex.Aψ(M) = M ∈ Aψhr/xi [Ψ ]. hcomAh0/xi(0 1,Mh0/xi; y.N h0/xi, y.N h0/xi) . . Definition 9. We say A = B type [Ψ], presupposing that A = must be a ∅-cube member of Ah0/xi equal to N 0h1/yi. Next, B pretype [Ψ], when A and B are cubical and equally Kan. although we depicted N ε as y-lines and not (x, y)-squares, there is no reason why the extent x cannot occur in them. Rather than The first Kan condition states that hcom is an element of a type ε whenever (a) the cap M is an element, (b) the ε side of the ri tube prohibit this syntactically, we say that any x occurring in N should 0 0 is equal to the ε side of the rj tube for all i, j, ε, ε , and (d) the ε be interpreted as an ε instead. Lastly, two extents ri, rj can be equal dimension names, in which case two different pairs of tube faces side of the ri tube agrees on its hr/yi side with the ri = ε side are exactly superpositioned, and must be equal. of the cap; and moreover, hcom respects equality in all arguments These constraints are all handled elegantly by dimension context including the type subscript. If ri = x, then by (b) when i = j and ε = ε0, restrictions, which are sets of unoriented equations Ξ = (r1 = 0 0 0 ε . ε 0 r1, . . . , rn = rn) in Ψ. We say that ψ :Ψ → Ψ satisfies Ξ if Ni = Ni ∈ Aψ [Ψ , y | x = ε, x = ε] 0 0 ε for each i ∈ [1, n], either riψ = riψ = 0, riψ = riψ = 1, or which is to say that the entirety of the tube face Ni is an element, 0 riψ = riψ = x. Then: where any occurrences of x are replaced by ε. And when i = j but . ε and ε0 are opposite faces, Definition 6. We say A = B pretype [Ψ | Ξ], presupposing FD(A, B, Ξ) ⊆ Ψ, when for any ψ :Ψ0 → Ψ satisfying Ξ, 0 . 1 0 . Ni = Ni ∈ Aψ [Ψ , y | x = 0, x = 1] Aψ = Bψ pretype [Ψ0]. . which is to say there is no adjacency condition between a tube face Definition 7. We say M = N ∈ A [Ψ | Ξ], presupposing and its opposite tube face. If ri = 0, then we have FD(M, N, A, Ξ) ⊆ Ψ and A pretype [Ψ | Ξ], when for any . . N 0 = N 0 ∈ Aψ [Ψ0, y | 0 = 0, 0 = 0] ψ :Ψ0 → Ψ satisfying Ξ, Mψ = Nψ ∈ Aψ [Ψ0]. i i . N 1 = N 1 ∈ Aψ [Ψ0, y | 0 = 1, 0 = 1] The intuition is that Ξ restricts the ordinary judgment only i i to certain faces of the specified terms. Here are some examples, which is to say that the 0 side of the ri tube is an element, and there writing J for either judgment: are no conditions on the 1 side.

686 The second Kan condition states that when r = r0 and hcom is any ψ :Ψ0 → Ψ and any an element, it is equal to its cap M. This condition ensures the . 0 0 N = N ∈ A ψ [Ψ ], filler of the U, hcomx (0 y, M; y.N 0, y.N 1), has M as its 1 1 1 A . 0 0 h0/yi face. The third condition states that when ri = ε and hcom N2 = N2 ∈ A2ψ[N1/a1] [Ψ ],... ε 0 . is an element, it is equal to Ni hr /yi. This condition ensures the 0 0 ε and Nn = Nn ∈ Anψ[N1,...,Nn−1/a1, . . . , an] [Ψ ], we have hε/xi faces of the filler of the U are N , and the hε/xi faces of the . 0 0 0 ε Mψ[N1,...,Nn/a1, . . . , an] = M ψ[N ,...,N /a1, . . . , an] composite are Ni h1/yi. 1 n 0 The fourth and fifth Kan conditions state that coe along x.A ∈ Bψ[N1,...,Nn/a1, . . . , an] [Ψ ]. Ahr/xi Ahr0/xi sends elements of to elements of , and that when . 0 . r = r0 it has no effect. All five conditions quantify over ψ to ensure We say Γ  B = B type [Ψ], presupposing Γ  B = B0 pretype [Ψ], when for any equal members of the context types, that being Kan, and hence being a type, is closed under dimension 0 substitution. Being equally Kan is symmetric and transitive, hence the corresponding instances of B,B are equal closed types. We define context-restricted open judgments Γ  J [Ψ | Ξ] to mean being a type is as well. 0 0 The Kan conditions utilize very specific context restrictions, that Γψ  J ψ [Ψ ] for any ψ :Ψ → Ψ satisfying Ξ. Open so the added machinery is not, strictly speaking, necessary. One analogues of the Kan conditions, and of Theorem 10, hold for equal could instead spell out what the context restrictions mean for every open types. 0 ri, rj , ε, ε , but such a definition would be difficult to state or use. Like the closed judgments, these judgments are all symmetric, The hcom operation performs homogeneous composition, in transitive, and closed under dimension substitution. The earlier hy- A y potheses in each definition ensure that later hypotheses are sensible; the sense that cannot depend on , the dimension in which 0 r, r0 coe for example, (a1 : A1, . . . , an : An) ctx [Ψ] and N1 ∈ A1ψ [Ψ ] lie and the tube faces are bound. By combining it with , 0 one can obtain a heterogeneous composition operation com, whose ensure that A2ψ[N1/a1] pretype [Ψ ]. definition was given in Section 2.3. The analogue of the first Kan Since types are programs, and open judgments are given mean- condition is given below; analogues of the second and third Kan ing by substitution, dependency is simply a consequence of allow- conditions hold as well. ing types to contain variables. It is natural that types can depend on dimension names, because if a : A  B type [·] and M is an . Theorem 10. If A = B type [Ψ], ψ : (Ψ0, y) → Ψ, x-line of A, then B[M/a] is a type varying in x, with endpoints B[Mhε/xi/a]. . 1. M = O ∈ Aψhr/yi [Ψ0], ε . ε0 0 0 0 2. Ni = Nj ∈ Aψ [Ψ , y | ri = ε, rj = ε ] for any i, j, ε, ε , 4. Types ε . ε 0 3. Ni = Pi ∈ Aψ [Ψ , y | ri = ε] for any i, ε, ε . 0 Now that we have defined the judgments of computational cubi- 4. Ni hr/yi = M ∈ Aψhr/yi [Ψ | ri = ε] for any i, ε, cal type theory, we can consider what it means for a cubical type *− −−−* *− −−* system to have a type of booleans, of dependent functions, and so ri 0 ε . ri 0 ε then comy.Aψ(r r ,M; y.Ni )=comy.Bψ(r r ,O; y.Pi ) ∈ forth. (In general, a cubical type system need not have any types, Aψhr0/yi [Ψ0]. which is not particularly interesting!) For each type former, we prove that any cubical type system closed under it satisfies typ- ing rules (formation, introduction, elimination, computation, etc.) 3.4 Open Cubical Judgments similar to those found in the formal cubical type theories of Cohen As before, the open judgments express the truth of a judgment uni- et al. [10] and Licata and Brunerie [25]. (All proofs mentioned in versally over members of A1,...,An. The Ψ specifies at which this section can be found the accompanying preprint [4].) dimension the context, pretype, and elements are initially consid- One can interpret this work as an extensional realizability model ered, but one must additionally require the quantification over the of a formal cubical type theory, by modeling the latter judgments context to hold at all aspects A1ψ, . . . , Anψ. The open judgments by our computational cubical judgments. However, we hope to are defined mutually, stratified by the length of the context. take full advantage of our computational judgments to consider higher-dimensional analogues of concepts like exact equality [1], Definition 11. We say (a1 : A1, . . . , an : An) ctx [Ψ] when partiality [13], and strict subsets [11] previously considered in NuPRL. A1 pretype [Ψ], A selection of rules validated in our model can be found in Fig- a1 : A1  A2 pretype [Ψ],... ures 3 and 4. Figure 3 contains rules valid in all cubical type sys- and a : A , . . . , a : A  A pretype [Ψ]. tems, including various structural rules, the Kan conditions, and 1 1 n−1 n−1 n “restriction rules” for deriving the hypotheses of the Kan condi- . 0 tions. Figure 4 contains rules valid in any cubical type system Definition 12. We say a1 : A1, . . . , an : An  B=B pretype [Ψ], closed under dependent functions, dependent pairs, identifications, presupposing (a1 : A1, . . . , an : An) ctx [Ψ], when for any ψ : Ψ0 → Ψ and any booleans, the circle, and notx. (Again, we emphasize that these rules do not define our theory, but are rather theorems about par- . 0 0 N1 = N1 ∈ A1ψ [Ψ ], ticular cubical type theories.) For the sake of concision and clar- . 0 0 ity, these rules are stated in local form, extending them to global N2 = N2 ∈ A2ψ[N1/a1] [Ψ ],... form by uniformity, also called naturality. (This format was sug- . 0 0 and Nn = Nn ∈ Anψ[N1,...,Nn−1/a1, . . . , an] [Ψ ], we have gested by Martin-Lof¨ [29], itself inspired by Gentzen’s original concept of .) In some rules for dependent func- tion and pair types we have suppressed the hypotheses A type [Ψ] Bψ[N1,...,Nn/a1, . . . , an] and a : A  B type [Ψ]; and for identification types, the hypothe- . 0 0 0 0 = B ψ[N1,...,Nn/a1, . . . , an] pretype [Ψ ]. sis A type [Ψ, x]. Once we have explained when a cubical type system is closed . 0 Definition 13. We say a1 : A1, . . . , an : An  M =M ∈ B [Ψ], under the type formers of interest, we still need to demonstrate presupposing a1 : A1, . . . , an : An  B pretype [Ψ], when for that such a cubical type system exists. We do so by explicitly

687 Structural rules . . . A type [Ψ] J [Ψ] A type [Ψ] J [Ψ] ψ :Ψ0 → Ψ A = A0 type [Ψ] A = A0 type [Ψ] A0 = A00 type [Ψ] . . a : A  a ∈ A [Ψ] a : A  J [Ψ] J ψ [Ψ0] A0 = A type [Ψ] A = A00 type [Ψ] . . . . . M 0 = M ∈ A [Ψ] M = M 0 ∈ A [Ψ] M 0 = M 00 ∈ A [Ψ] M = M 0 ∈ A [Ψ] A = A0 type [Ψ] . . . M = M 0 ∈ A [Ψ] M = M 00 ∈ A [Ψ] M = M 0 ∈ A0 [Ψ] . . . . a : A  B = B0 type [Ψ] N = N 0 ∈ A [Ψ] a : A  M = M 0 ∈ B [Ψ] N = N 0 ∈ A [Ψ] . . B[N/a] = B0[N 0/a] type [Ψ] M[N/a] = M 0[N 0/a] ∈ B[N/a] [Ψ] Context restrictions J [Ψ] J [Ψ | Ξ] J hε/xi [Ψ] J hε/xihε0/yi [Ψ] J [Ψ | ·] J [Ψ | Ξ, r = r] J [Ψ | Ξ, 0 = 1] J [Ψ, x | x = 0, x = 1] J [Ψ, x | x = ε] J [Ψ, x, y | x = ε, y = ε0] Kan operations . A = A0 type [Ψ] . M = O ∈ A [Ψ] A type [Ψ] ε . ε (∀i, ε) Ni = Pi ∈ A [Ψ, y | ri = ε] M ∈ A [Ψ] 0 ε . ε0 0 0 ε . ε0 0 (∀i, j, ε, ε ) Ni = Nj ∈ A [Ψ, y | ri = ε, rj = ε ] (∀i, j, ε, ε ) Ni = Nj ∈ A [Ψ, y | ri = ε, rj = ε ] ε . ε . (∀i, ε) Ni hr/yi = M ∈ A [Ψ | ri = ε] (∀i, ε) Ni hr/yi = M ∈ A [Ψ | ri = ε] *− −−−* *− −−* *− −−−* ri 0 ε . ri 0 ε ri ε . hcomA (r r ,M; y.Ni ) = hcomA0 (r r ,O; y.Pi ) ∈ A [Ψ] hcomA (r r, M; y.Ni ) = M ∈ A [Ψ]

A type [Ψ] M ∈ A [Ψ] 0 ε . ε0 0 (∀i, j, ε, ε ) Ni = Nj ∈ A [Ψ, y | ri = ε, rj = ε ] ε . (∀i, ε) Ni hr/yi = M ∈ A [Ψ | ri = ε]

r1,...,ri−1,ε,ri+1,...,rn 0 −−−*ε . ε 0 hcomA (r r ,M; y.Ni ) = Ni hr /yi ∈ A [Ψ]

. 0 . A = A type [Ψ, x] M = N ∈ Ahr/xi [Ψ] A type [Ψ, x] M ∈ Ahr/xi [Ψ] 0 0 r r . r r 0 r r . coex.A (M) = coex.A0 (N) ∈ Ahr /xi [Ψ] coex.A (M) = M ∈ Ahr/xi [Ψ]

Figure 3. Rules valid in all cubical type systems.

−* −−−* −* −−* constructing the smallest cubical type system closed under the type xi 0 ε Ψ xi 0 ε 3. hcombool(r r ,M; y.Ni ) ≈bool hcombool(r r ,O; y.Pi ) formers, by means of a fixed point construction [1, 19] starting whenever r 6= r0, from an empty cubical type theory, and adjoining the base types . and all new dependent function, pair, and identification types at (a) M = O ∈ bool [Ψ], ε . ε0 0 0 each step. (We adjoin notx whenever the previous type system (b) Ni = Nj ∈ bool [Ψ, y | xi = ε, xj = ε ] for all i, j, ε, ε , has booleans.) Specifically, cubical type systems form a complete ε . ε partial order and adjoining these types is a monotone operation— (c) Ni = Pi ∈ bool [Ψ, y | xi = ε] for all i, ε, and ε . essentially, it leaves fixed the meanings of all prior types. It follows (d) Ni hr/yi = M ∈ bool [Ψ | xi = ε] for all i, ε. that this operation has a fixed point [15, Theorem 8.22], which by construction is a cubical type system closed under the type formers. Ψ Note that ≈bool is symmetric because in the third case, (a) and Note, however, that any cubical type system closed under the ε (c) imply that (b) and (d) also hold for Pi and O. This definition type formers is sufficient for our purposes; none of our theorems is mutual across all Ψ, which is visible after one expands the hold only in the least such. It is therefore possible to extend our definitions of the equality judgments. results with additional type formers (such as universes, full univa- The canonicity theorem (if M ∈ bool [·] then M ⇓ true or lence, or more higher inductive types) without affecting the present M ⇓ false) holds trivially by construction, since M ∈ bool [·] constructions. · implies M ⇓ M0 and M0 ≈bool M0, and the hcom case is impossible in an empty dimension context because it requires free . dimension names. Consistency (that true = false ∈ bool [Ψ] does 4.1 Booleans not hold) follows trivially as well. A cubical type system has booleans if bool ≈Ψ bool for all Ψ, and The first two cases ensure that true and false are ∅-cubes of ≈− is the least relation such that: bool, and in fact Ψ-cubes (degenerately) for all Ψ. The third case bool ensures that bool is Kan by freely adding certain Kan composites Ψ as higher cubes. The operational semantics for hcom in bool (Fig- 1. true ≈bool true, ure 2) state that any hcom with an ε extent evaluates to a face Ψ 2. false ≈bool false, and of the corresponding tube face (for the first such extent), and any

688 Dependent function types . . . . . A = A0 type [Ψ] a : A  B = B0 type [Ψ] a : A  M = M 0 ∈ B [Ψ] M = M 0 ∈ (a:A) → B [Ψ] N = N 0 ∈ A [Ψ] . . . (a:A) → B = (a:A0) → B0 type [Ψ] λa.M = λa.M 0 ∈ (a:A) → B [Ψ] app(M,N) = app(M 0,N 0) ∈ B[N/a] [Ψ]

a : A  M ∈ B [Ψ] N ∈ A [Ψ] M ∈ (a:A) → B [Ψ] . . app(λa.M, N) = M[N/a] ∈ B[N/a] [Ψ] M = λa.app(M, a) ∈ (a:A) → B [Ψ] Dependent pair types . . . . . A = A0 type [Ψ] a : A  B = B0 type [Ψ] M = M 0 ∈ A [Ψ] N = N 0 ∈ B[M/a] [Ψ] P = P 0 ∈ (a:A) × B [Ψ] . . . (a:A) × B = (a:A0) × B0 type [Ψ] hM,Ni = hM 0,N 0i ∈ (a:A) × B [Ψ] fst(P ) = fst(P 0) ∈ A [Ψ] . P = P 0 ∈ (a:A) × B [Ψ] M ∈ A [Ψ] N ∈ B[M/a] [Ψ] M ∈ A [Ψ] N ∈ B[M/a] [Ψ] . . . snd(P ) = snd(P 0) ∈ B[fst(P )/a] [Ψ] fst(hM,Ni) = M ∈ A [Ψ] snd(hM,Ni) = N ∈ B[M/a] [Ψ]

P ∈ (a:A) × B [Ψ] . P = hfst(P ), snd(P )i ∈ (a:A) × B [Ψ] Identification types

. 0 . 0 . 0 A = A type [Ψ, x] P0 = P0 ∈ Ah0/xi [Ψ] P1 = P1 ∈ Ah1/xi [Ψ] . 0 0 Idx.A(P0,P1) = Idx.A0 (P0,P1) type [Ψ]

. 0 . . . 0 M = M ∈ A [Ψ, x] Mh0/xi = P0 ∈ Ah0/xi [Ψ] Mh1/xi = P1 ∈ Ah1/xi [Ψ] M = M ∈ Idx.A(P0,P1) [Ψ] . 0 . 0 hxiM = hxiM ∈ Idx.A(P0,P1) [Ψ] M@r = M @r ∈ Ahr/xi [Ψ]

M ∈ Idx.A(P0,P1) [Ψ] M ∈ A [Ψ, x] M ∈ Idx.A(P0,P1) [Ψ] . . . M@ε = Pε ∈ Ahε/xi [Ψ] (hxiM)@r = Mhr/xi ∈ Ahr/xi [Ψ] M = hxi(M@x) ∈ Idx.A(P0,P1) [Ψ] Booleans

bool type [Ψ] true ∈ bool [Ψ] false ∈ bool [Ψ] . . . . a : bool  A = A0 type [Ψ] M = M 0 ∈ bool [Ψ] T = T 0 ∈ A[true/a] [Ψ] F = F 0 ∈ A[false/a] [Ψ] . 0 0 0 ifa.A(M; T,F ) = ifa.A0 (M ; T ,F ) ∈ A[M/a] [Ψ] a : bool  A type [Ψ] T ∈ A[true/a] [Ψ] F ∈ A[false/a] [Ψ] a : bool  A type [Ψ] T ∈ A[true/a] [Ψ] F ∈ A[false/a] [Ψ] . . ifa.A(true; T,F ) = T ∈ A[true/a] [Ψ] ifa.A(false; T,F ) = F ∈ A[false/a] [Ψ] Circle

1 1 1 . 1 S type [Ψ] base ∈ S [Ψ] loopr ∈ S [Ψ] loopε = base ∈ S [Ψ]

1 . 0 . 0 1 a : S  A = A type [Ψ] M = M ∈ S [Ψ] . 0 . 0 . P = P ∈ A[base/a] [Ψ] L = L ∈ A[loopx/a] [Ψ, x](∀ε) Lhε/xi = P ∈ A[base/a] [Ψ] 1 . 1 0 0 0 S -elima.A(M; P, x.L) = S -elima.A0 (M ; P , x.L ) ∈ A[M/a] [Ψ]

1 . a : S  A type [Ψ] L ∈ A[loopx/a] [Ψ, x](∀ε) Lhε/xi = P ∈ A[base/a] [Ψ] 1 . S -elima.A(base; P, x.L) = P ∈ A[base/a] [Ψ]

1 . a : S  A type [Ψ] L ∈ A[loopx/a] [Ψ, x](∀ε) Lhε/xi = P ∈ A[base/a] [Ψ] 1 . S -elima.A(loopr; P, x.L) = Lhr/xi ∈ A[loopr/a] [Ψ]

notx M ∈ bool [Ψ] M ∈ bool [Ψ]

. 0 1 . 1 0 . notr type [Ψ] notε = bool type [Ψ] coex.notx (M) = not(M) ∈ bool [Ψ] coex.notx (M) = not(M) ∈ bool [Ψ]

Figure 4. Rules valid in cubical type systems with the appropriate type formers.

689 . hcom with r = r0 evaluates to its cap. These ensure the second when a : Aψ  M = M 0 ∈ Bψ [Ψ0]. A cubical type system is and third Kan conditions, respectively. The remaining hcoms, those closed under dependent functions if it has all dependent function 0 with r 6= r and all extents xi, are irreducible and are canonical Ψ- types in this sense. cubes of bool to ensure the first Kan condition. Recalling the meaning of the open judgments, this essentially That the operational semantics examines the extents from left to states that a Ψ-cube (resp., equal Ψ-cubes) of (a:A) → B is right and before r and r0 is an arbitrary choice to ensure determi- a program that evaluates to a lambda whose body sends equal 0 . 0 0 nacy. If both ri = ε and r = r , for example, then the hcom steps elements N = N ∈ Aψ [Ψ ] to equal elements of Bψ[N/a]. ε 0 to Ni hr /yi but by the second Kan condition it must be equal to The Kan operations on (a:A) → B are implemented in the ε M. This holds because, by adjacency condition (d), Ni hr/yi and operational semantics (Figure 2) using the Kan operations of A M are themselves equal. and (instances of) B. For example, coercing a function from r to r0 Since bool has no path constructors, we could alternatively works by coercing its argument backwards from r0 to r, applying define it “strictly,” with canonical Ψ-cubes true and false only, and the function, and coercing the result forward from r to r0. . . composites of true evaluating to true, and so forth. Here we opt If a cubical type system has A = A0 type [Ψ], a : A  B = to make its composites canonical as in any higher inductive type, B0 type [Ψ], and their dependent function type, then the formation, to demonstrate the robustness of our canonicity theorem and our introduction, elimination, computation, and eta rules in Figure 4 treatment of notx. In practice, however, the strict booleans may hold. be more convenient to use; we define them in the accompanying preprint [4]. 4.4 Dependent Pairs We prove that closed versions of the formation, introduc- . . tion, elimination, and computation rules located in Figure 4 hold If a cubical type system has A = A0 type [Ψ] and a : A  B = in any cubical type system with booleans. The formation rule B0 type [Ψ], we say it also has their dependent pair type when 0 bool type [Ψ] requires bool to be a pretype, Kan, and cubical. for all ψ :Ψ0 → Ψ, (a:Aψ) × Bψ ≈Ψ (a:A0ψ) × B0ψ, and 0 The generalizations of these rules to open elements follows by the ≈Ψ is the least relation such that definition of the open judgments, the respect for equality built into (a:Aψ)×Bψ the introduction and elimination rules, and the fact that dimension Ψ0 0 0 and term substitutions commute with the term formers. hM,Ni ≈(a:Aψ)×Bψ hM ,N i When eliminating into a : bool  A type [Ψ] and the prin- . 0 0 . 0 0 −* −−−* when M = M ∈ Aψ [Ψ ] and N = N ∈ Bψ[M/a] [Ψ ].A xi 0 ε cipal argument evaluates to hcombool(r r ,M; y.Ni ), we cubical type system is closed under dependent pairs if it has all would like to step this to a composition of ifa.A(M; T,F ) and dependent pair types in this sense. ε . . ifa.A(Ni ; T,F ) in A, but these have different types A[M/a] and 0 ε If a cubical type system has A = A type [Ψ], a : A  B = A[Ni /a] respectively. The solution is to perform a heterogeneous B0 type [Ψ], and their dependent pair type, then the formation, composition in A[H/a], where H is the filler for the above hcom, ε introduction, elimination, computation, and eta rules in Figure 4 a type which has A[M/a] and A[Ni /a] as its faces. hold. 4.2 Circle 1 Ψ 1 4.5 Identification Types A cubical type system has the circle if S ≈ S for all Ψ, and − . 0 . 0 ≈ 1 is the least relation such that: If a cubical type system has A = A type [Ψ, x], P0 = P0 ∈ S . 0 Ah0/xi [Ψ], and P1 = P1 ∈ Ah1/xi [Ψ], we say it has their iden- Ψ 0 1. base ≈ 1 base, 0 Ψ S tification type when for all ψ :Ψ → Ψ, Idx.Aψ(P0ψ, P1ψ) ≈ Ψ 0 0 Ψ0 2. loopx ≈ 1 loopx, and Id 0 (P ψ, P ψ), and ≈ is the least relation S x.A ψ 0 1 Idx.Aψ (P0ψ,P1ψ) −* −−−* −* −−* xi 0 ε Ψ xi 0 ε such that 3. hcom 1 (r r ,M; y.Ni ) ≈ 1 hcom 1 (r r ,O; y.Pi ) S S S whenever r 6= r0, Ψ0 0 hxiM ≈Idx.Aψ (P0ψ,P1ψ) hxiM . 1 (a) M = O ∈ S [Ψ], . 0 0 . 0 when M =M ∈ Aψ [Ψ , x] and Mhε/xi=Pεψ ∈ Aψhε/xi [Ψ ] ε . ε0 1 0 0 (b) Ni = Nj ∈ S [Ψ, y | xi = ε, xj = ε ] for all i, j, ε, ε , for all ε. A cubical type system is closed under identifications if it ε . ε 1 has all identification types in this sense. (c) Ni = Pi ∈ S [Ψ, y | xi = ε] for all i, ε, and Ψ-cubes of Idx.A(P0,P1) are thus programs that evaluate to ε . 1 (d) Ni hr/yi = M ∈ S [Ψ | xi = ε] for all i, ε. abstracted (Ψ, x)-cubes of A whose hε/xi faces are Pε. Hence This is very similar to our definition of having booleans, except that the identification type simply captures the notion of a dimension Id (P ,P ) 1 has a path constructor loop . shift. Kan composition in x.A 0 1 performs composition in S x A P ,P If a cubical type system has the circle, then the formation, , adding 0 1 as an additional set of tube faces to constrain the faces of the composite. introduction, elimination, and computation rules in Figure 4 hold. . 0 . 0 1 If a cubical type system has A = A type [Ψ, x], P = P ∈ To eliminate into a :  A type [Ψ], one must provide a point . 0 0 S Ah0/xi [Ψ], P = P 0 ∈ Ah1/xi [Ψ], and their identification type, P ∈ A[base/a] [Ψ] and a loop L ∈ A[loop /a] [Ψ, x] with 1 1 x then the formation, introduction, elimination, computation, and eta endpoints P . rules in Figure 4 hold. 4.3 Dependent Functions This cubical formulation of identification types is a signifi- . 0 . cant departure from the identity type of the HoTT Book [40]. If a cubical type system has A = A type [Ψ] and a : A  B = These types can be related, however. For example, for any M ∈ B0 type [Ψ], we say it also has their dependent function type when 0 A [Ψ] we have a reflexive identification h iM ∈ Id .A(M,M) [Ψ]; for all ψ :Ψ0 → Ψ, (a:Aψ) → Bψ ≈Ψ (a:A0ψ) → B0ψ, and for any type family a : A  B type [Ψ], identification P ∈ Ψ0 ≈(a:Aψ)→Bψ is the least relation such that Id .A(P0,P1) [Ψ], and element M ∈ B[P0/a] [Ψ] of the type fam- transport 0 ily at the left endpoint we have a of that element to the Ψ 0 0 1 λa.M ≈(a:Aψ)→Bψ λa.M right endpoint: coex.B[P @x/a](M) ∈ B[P1/a] [Ψ].

690 4.6 Not only on structurally well-typed terms, whereas our operational se- mantics is untyped. It would be interesting to adapt our work as a If a cubical type system has booleans, we say it has the notx type Ψ,x computational semantics for their type theory. when not ≈Ψ,x not for all Ψ, and ≈ is the least relation x x notx This paper represents the first step in the development of com- such that: Ψ,x 0 putational higher-dimensional type theory; much remains to be notelx(M) ≈not notelx(M ) . x done. Just as logical relations enable reasoning about higher-order when M = M 0 ∈ bool [Ψ, x]. constructs in programming languages, our cubical logical rela- The univalence axiom postulates an equivalence between the tions are an important first step toward understanding the role of equivalences and identifications between types in a universe. The higher dimensions. While programming applications of higher- present theory lacks a universe and so cannot directly express this dimensional type theory remain largely unexplored, developing a principle. However, a salient consequence of univalence is that concrete operational semantics is essential for both future and pre- every equivalence between two types gives rise to a line between existing work in that area, such as the implementations of patch those types, that when coerced along, applies the equivalence. theories as higher inductive types given by Angiuli et al. [6]. notx is the instance of this principle arising from the equiva- One important direction for future work is to develop a com- lence not(−) := if .bool(−; false, true) between bool and itself: it putational account of the full univalence axiom. From our point of is an x-line between bool and itself, and when M ∈ bool [Ψ], view the univalence principle is not tied to a universe per se, but to 1 0 . the very concept of a type—we consider that universes are restric- coe (M) = not(M) ∈ bool [Ψ]. x.notx tions of the “multiverse” of all types to evade Girard’s paradox. Distinguish this from the degenerate line bool, for which Another important direction is to develop further typing con- . structs in the higher-dimensional setting, including the numerous coe1 0 (M) = M ∈ bool [Ψ]. x.bool ideas developed in NuPRL, including partial types [13], inductive In ordinary homotopy type theory, univalence has no elements; types [12], and subset types [11], and to consider programming 1 x notx has elements in cubical type theory because coex.notx (M) ∈ constructs such as general recursion [13], bar recursion [35], and notx [Ψ, x] is an x-line between not(Mh0/xi) and Mh1/xi. In exceptions [34]. Another direction is to develop a proof theory and fact, this line evaluates to notelx(M). implementation for the type theory considered here. Efforts to this If a cubical type system has booleans and notx, the rules in end are currently underway in the nascent RedPRL system [37]. Figure 4 hold. Finding useful proof theories for higher type theory poses some challenges. The formal cubical type theory proposed by Licata and 5. Related and Future Work Brunerie [25] is sound for the meaning explanations given here, and may be a good start. More ambitiously, it would be interesting Many authors contributed to the discovery of higher-dimensional to develop methods for handling both exact equality and identifica- structure in type theory and its relation to homotopy theory. The tion in the same setting, which requires a proof theory that can deal key contributors to these discoveries include Awodey and Warren with both pretypes and types. Voevodsky’s HTS type theory [44] [7], Hofmann and Streicher [22], van den Berg and Garner [41], provides some useful initial ideas. All of these extensions, espe- Voevodsky [42], Warren [46]. Many ideas were consolidated and cially the exact equality type, could prove helpful when mechaniz- advanced during a year-long program at the IAS in Princeton, much ing synthetic homotopy theory. of which is documented in the HoTT Book [40], and which is being As has historically been the case prior to the development of carried forward in the UniMath Project [43, 45]. higher type theory, there is ample room for exploration of the re- Apart from the over-arching influence of Martin-Lof¨ and Con- lationship between and the practical use of both the computational stable, the most direct influences on the present work are the cu- and formal approaches to type theory. bical model of homotopy type theory given by Bezem et al. [8], its relationship to nominal sets as described by Pitts [33], and the subsequent formal cubical type theories of Licata and Brunerie Acknowledgments [25] and Cohen et al. [10]. The cubical model of Bezem et al. [8] We are greatly indebted to Marc Bezem, Evan Cavallo, Kuen-Bang uses cubes equipped with only faces and degeneracies, while Co- Hou (Favonia), Simon Huber, Dan Licata, and Ed Morehouse for hen et al. [10] employs a de Morgan algebra structure on cubes, their contributions and advice. The authors gratefully acknowledge consisting of not only faces, degeneracies, and diagonals, but also the support of the Air Force Office of Scientific Research through reversals and connections. While the cubical structure of Cohen MURI grant FA9550-15-1-0053. Any opinions, findings and con- et al. [10] is more complex than ours, their notion of composi- clusions or recommendations expressed in this material are those of tion is in a sense simpler: composition is heterogeneous and always the authors and do not necessarily reflect the views of the AFOSR. 0 1, but tube faces attach along arbitrary aspects and need not The third author gratefully acknowledges California State Univer- be paired. More importantly, their theory includes universes and sity, Fresno for supporting his sabbatical semester, and Carnegie full univalence. The theory sketched by Licata and Brunerie [25] is Mellon University for making possible his visit. incomplete but most similar to ours. The relationship between these different notions of uniform Kan composition over different cube References categories is not presently well understood; Gambino and Sattler [1] S. F. Allen. A Non-Type-Theoretic Semantics for Type-Theoretic Lan- [17] have studied the relationship between uniform Kan composi- guage. PhD thesis, Cornell University, 1987. tion and algebraic weak factorization systems [18]. [2] S. F. Allen, M. Bickford, R. L. Constable, R. Eaton, C. Kreitz, The results described in this paper and its associated preprints L. Lorigo, and E. Moran. Innovations in computational type theory [4, 5] present the first canonicity result for a higher-dimensional using Nuprl. Journal of Applied Logic, 4(4):428–469, 2006. type theory. Huber [23] has since established a canonicity theorem [3] T. Altenkirch, C. McBride, and W. Swierstra. Observational equal- for the formal cubical type theory of Cohen et al. [10]; the tech- ity, now! In Proceedings of the 2007 Workshop on Programming nique used in that proof bears a resemblance to ours, including a Languages Meets Program Verification, PLPV ’07, pages 57–68, similar coherence condition about interleaving dimension substi- New York, NY, USA, 2007. ACM. ISBN 978-1-59593-677-6. doi: tutions and evaluation. A key difference (in addition to those de- 10.1145/1292597.1292608. URL http://doi.acm.org/10.1145/ scribed above) is that the reduction relation of Huber [23] is defined 1292597.1292608.

691 [4] C. Angiuli and R. Harper. Computational higher type theory II: [22] M. Hofmann and T. Streicher. The groupoid interpretation of type Dependent cubical realizability. Preprint, June 2016. URL http: theory. In Twenty-five years of constructive type theory. Oxford Uni- //.org/abs/1606.09638. versity Press, 1998. [5] C. Angiuli, R. Harper, and T. Wilson. Computational higher type [23] S. Huber. Cubical Interpretations of Type Theory. PhD thesis, Univer- theory I: Abstract cubical realizability. Preprint, April 2016. URL sity of Gothenburg, Expected November 2016. http://arxiv.org/abs/1604.08873. [24] D. M. Kan. Abstract homotopy. I. Proceedings of the National [6] C. Angiuli, E. Morehouse, D. R. Licata, and R. Harper. Homo- Academy of Sciences of the United States of America, 41(12):1092– topical patch theory. Journal of Functional Programming, 26, Jan 1096, 1955. ISSN 00278424. URL http://www.jstor.org/ 2016. doi: 10.1017/S0956796816000198. URL https://www. stable/89108. cambridge.org/core/article/homotopical-patch-theory/ [25] D. R. Licata and G. Brunerie. A cubical type theory, Novem- 42AD8BB8A91688BCAC16FD4D6A2C3FE7. ber 2014. URL http://dlicata.web.wesleyan.edu/pubs/ [7] S. Awodey and M. A. Warren. Homotopy theoretic models of identity lb14cubical/lb14cubes-oxford.pdf. Talk at Oxford Homotopy types. Mathematical Proceedings of the Cambridge Philosophical Type Theory Workshop. Society, 146(1):45–55, Jan. 2009. ISSN 0305-0041. doi: 10.1017/ [26] D. R. Licata and G. Brunerie. A cubical approach to synthetic ho- S0305004108001783. motopy theory. In Proceedings of the 2015 30th Annual ACM/IEEE [8] M. Bezem, T. Coquand, and S. Huber. A model of type theory in Symposium on Logic in (LICS), LICS ’15, pages cubical sets. In 19th International Conference on Types for Proofs 92–103, Washington, DC, USA, 2015. IEEE Computer Society. ISBN and Programs (TYPES 2013), volume 26 of Leibniz International 978-1-4799-8875-4. doi: 10.1109/LICS.2015.19. URL http://dx. Proceedings in Informatics (LIPIcs), pages 107–128, Dagstuhl, Ger- doi.org/10.1109/LICS.2015.19. many, 2014. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik. doi: [27] P. Martin-Lof.¨ About models for intuitionistic type theories and http://dx.doi.org/10.4230/LIPIcs.TYPES.2013.107. URL http:// the notion of definitional equality. In S. Kanger, editor, Proceed- drops.dagstuhl.de/opus/volltexte/2014/4628. ings of the Third Scandinavian Logic Symposium, volume 82 of [9] L. Birkedal, A. Bizjak, R. Clouston, H. B. Grathwohl, B. Spitters, and Studies in Logic and the Foundations of Mathematics, pages 81– A. Vezzosi. Guarded cubical type theory: Path equality for guarded 109. Elsevier, 1975. doi: http://dx.doi.org/10.1016/S0049-237X(08) recursion. Preprint, June 2016. URL https://arxiv.org/abs/ 70727-4. URL http://www.sciencedirect.com/science/ 1606.05223. article/pii/S0049237X08707274. [10] C. Cohen, T. Coquand, S. Huber, and A. Mortberg.¨ Cubical type the- [28] P. Martin-Lof.¨ Constructive mathematics and computer programming. ory: a constructive interpretation of the univalence axiom. In 21st Philosophical Transactions of the Royal Society of London Series A, International Conference on Types for Proofs and Programs (TYPES 312:501–518, Oct. 1984. doi: 10.1098/rsta.1984.0073. 2015), Leibniz International Proceedings in Informatics (LIPIcs), [29] P. Martin-Lof.¨ Intuitionistic type theory, volume 1 of Studies in Proof Dagstuhl, Germany, 2016. Schloss Dagstuhl–Leibniz-Zentrum fuer Theory. Bibliopolis, 1984. ISBN 88-7088-105-9. Notes by Giovanni Informatik. To appear. Sambin of a series of lectures given in Padua, June 1980. [11] R. L. Constable. Constructive mathematics as a programming logic [30] P. Martin-Lof.¨ Verificationism then and now. In M. van der Schaar, ed- I: Some principles of theory. In Annals of Mathematics, volume 24, itor, Judgement and the Epistemic Foundation of Logic, volume 31 of pages 21–37. Elsevier Science Publishers, B.V. (North-Holland), Logic, Epistemology, and the Unity of Science, pages 3–14. Springer, 1985. Reprinted from Topics in the Theory of Computation, Selected 2013. ISBN 978-94-007-5136-1. doi: 10.1007/978-94-007-5137-8 1. Papers of the International Conference on Foundations of Computa- URL http://dx.doi.org/10.1007/978-94-007-5137-8_1. tion Theory, FCT ’83. [31] U. Norell. Towards a practical programming language based on de- [12] R. L. Constable and N. P. Mendler. Recursive definitions in type pendent type theory. PhD thesis, Chalmers University of Technology, theory. In Proceedings of the Logics of Programming Conference, 2007. pages 61–78, Jan. 1985. Cornell TR 85–659. [32] A. M. Pitts. Nominal Sets: Names and Symmetry in Computer Science, [13] R. L. Constable and S. F. Smith. Computational foundations of basic volume 57 of Cambridge Tracts in Theoretical Computer Science. recursive function theory. Theoretical Comput. Sci., 121(1&2):89– Cambridge University Press, 2013. ISBN 9781107017788. 112, Dec. 1993. [33] A. M. Pitts. Nominal Presentation of Cubical Sets Models of Type [14] R. L. Constable, et al. Implementing Mathematics with the Nuprl Proof Theory. In H. Herbelin, P. Letouzey, and M. Sozeau, editors, 20th Development Environment. Prentice-Hall, 1985. International Conference on Types for Proofs and Programs (TYPES [15] B. A. Davey and H. A. Priestley. Introduction to lattices and order. 2014), volume 39 of Leibniz International Proceedings in Infor- Cambridge University Press, Cambridge, UK, 2002. ISBN 0-521- matics (LIPIcs), pages 202–220, Dagstuhl, Germany, 2015. Schloss 78451-4. URL http://opac.inria.fr/record=b1077513. Dagstuhl–Leibniz-Zentrum fuer Informatik. ISBN 978-3-939897- 88-0. doi: http://dx.doi.org/10.4230/LIPIcs.TYPES.2014.202. URL [16] M. Escardo and T. Streicher. The intrinsic topology of Martin-Lof¨ http://drops.dagstuhl.de/opus/volltexte/2015/5498. universes. To appear, Annals of Pure and Applied Logic, Feb. 2016. [34] V. Rahli and M. Bickford. A nominal exploration of intuition- [17] N. Gambino and C. Sattler. Uniform fibrations and the Frobenius ism. In Proceedings of the 5th ACM SIGPLAN Conference on condition. Preprint, Oct 2015. URL http://arxiv.org/abs/ Certified Programs and Proofs, CPP 2016, pages 130–141, New 1510.00669. York, NY, USA, 2016. ACM. ISBN 978-1-4503-4127-1. doi: [18] M. Grandis and W. Tholen. Natural weak factorization systems. 10.1145/2854065.2854077. URL http://doi.acm.org/10.1145/ Archivum Mathematicum, 042(4):397–408, 2006. URL https:// 2854065.2854077. www.emis.de/journals/AM/06-4/tholen.pdf. [35] V. Rahli and M. Bickford. Coq as a Metatheory for Nuprl with Bar [19] R. Harper. Constructing type systems over an operational semantics. Induction. Presented at Continuity, Computability, Constructivity – J. Symb. Comput., 14(1):71–84, July 1992. ISSN 0747-7171. doi: From Logic to Algorithms (CCC 2015), Sept 14, 2015. 10.1016/0747-7171(92)90026-Z. URL http://dx.doi.org/10. [36] M. Sipser. Introduction to the Theory of Computation, volume 2. 1016/0747-7171(92)90026-Z. Thomson Course Technology Boston, 2006. [20] R. Harper. Practical Foundations for Programming Languages. Cam- [37] J. Sterling, D. Gratzer, V. Rahli, D. Morrison, E. Akentyev, and A. To- bridge University Press, second edition, 2016. sun. RedPRL – the People’s Refinement Logic. http://www. [21] R. Harper and K.-B. (Favonia) Hou. A note on the uniform Kan redprl.org/, 2016. condition in nominal cubical sets. Preprint, Jan 2015. URL http: [38] The Coq Project. The Coq , 2016. URL http: //arxiv.org/abs/1501.05691. //www.coq.inria.fr.

692 [39] The NuPRL Project. Prl project, 2016. URL http://nuprl.org. [44] V. Voevodsky. A simple type system with two identity types. Lecture [40] The Program. Homotopy Type Theory: Univa- notes, Feb. 2013. URL https://www.math.ias.edu/vladimir/ lent Foundations of Mathematics. http://homotopytypetheory. sites/math.ias.edu.vladimir/files/HTS.pdf. org/book, Institute for Advanced Study, 2013. [45] V. Voevodsky. The UniMath project, 2016. URL https://github. [41] B. van den Berg and R. Garner. Types are weak ω-groupoids. Pro- com/UniMath/. ceedings of the London Mathematical Society, 102(2):370–394, 2011. [46] M. A. Warren. Homotopy theoretic aspects of constructive type the- [42] V. Voevodsky. A very short note on homotopy λ-calculus, ory. PhD thesis, Carnegie Mellon University, 2008. URL http: 09 2006. URL http://www.math.ias.edu/vladimir/files/ //mawarren.net/papers/phd.pdf. 2006_09_Hlambda.pdf. [47] R. Williamson. Combinatorial homotopy theory. Lecture notes, [43] V. Voevodsky. Univalent foundations of mathematics. In Logic, Oct 2012. URL http://rwilliamson-mathematics.info/ Language, Information and Computation - 18th International Work- combinatorial_homotopy_theory.pdf. shop, WoLLIC 2011, Philadelphia, PA, USA, May 18-20, 2011. Pro- ceedings, page 4, 2011. doi: 10.1007/978-3-642-20920-8 4. URL http://dx.doi.org/10.1007/978-3-642-20920-8_4.

693