Representing Continuous Functions between Greatest Fixed Points of Indexed Containers

We describe a way to represent computable functions between coinductive types as particular transducers in type theory. This generalizes earlier work on functions between streams by P. Hancock to a much richer class of coinductive types. Those transducers can be defined in dependent type theory without any notion of equality but require inductive-recursive definitions. Most of the properties of these constructions only rely on a mild notion of equality (intensional equality) and can thus be formalized in the dependently typed language Agda.


Introduction
This paper gives a type theoretic representation theorem for continuous functions (Theorems 5.8 and 5.9) between a wide class of spaces of infinite values. By infinite, we understand a value having a coinductive type. Continuity means that finite information about a result of the function requires only finite information about its argument. Because of that, it is a necessary condition for computability.
The simplest coinductive space is the Cantor space of infinite boolean sequences. It corresponds to the coinductive type ν X (X + X) and its topology is well known. Programs that implement continuous functions from the Cantor space to a discrete space D can be represented by finite binary trees in which leaves are labelled by values in D. We extend this to a class of functors going beyond X → X + X on the category Set by considering so-called (finitary) polynomial functors on Set I for some index set I. The final coalgebra νP of such a functor P always exists and may be constructed as the inverse limit of: 1 ← P (1) ← P 2 (1) ← · · · . Those final coalgebras have a natural topology, and when the functor F is finitary (commutes with filtered colimits), the topology enjoys a close connection with the intuitive notion of "finite amount of information" about potentially infinite values.
Because s ∈ f −1 (V k,y ) is f (s) k = y, this is implied by condition ( * ).
For the converse, suppose f : stream(X) → stream(Y ) is continuous. We want to show that it satisfies condition ( * ). Let s ∈ stream(X) and k ≥ 0. The set {t | f (t) k = f (s) k } is open and because f is continuous, its inverse image also is open. By Lemma 1.2, we now that there is some n such that s n = t n ⇒ f (t) k = f (s) k . This finishes the proof.
Because of this, constructive functions between streams are usually held to be continuous. We expect them to arise as continuous functions with the additional properties that: • finding the finite prefix needed to compute a chosen element of f (s) is computable, and • finding the value of the element of f (s) from that finite prefix is computable.
Note that the discrete space X may be generalized to a family (X i ) i≥0 that need not be constant. More interestingly, we can allow the set X i (giving the set of possible values for the ith element of a stream) to depend on the ith prefix of the stream. We can in this way obtain the space of increasing streams of natural numbers: • the set X 0 does not depend on anything and is defined as N, • the set X 1 depends on the value of x 0 ∈ X 0 : X 1,x 0 = {k ∈ N, x 0 ≤ k}, • the set X 2 depends on x 1 ∈ X 1,x 0 , etc. The set of increasing streams is not naturally a product space but is a subspace of stream(N). Because of that, the topology is the expected one and continuous functions are still characterized by Lemma 1.1.
1.2. Infinite Trees, Natural Topology. The natural topology for sets of infinite trees is less well known than the Cantor and Baire topologies. The simplest kind of infinite tree, the infinite binary tree has a root, and two distinguished "branches" going from that root to two "nodes". Each of these two nodes also has two branches, etc. An infinite binary tree over X is a way to label each node of the infinite binary tree with an element of X. If we write B for the set {0, 1}, each node of the infinite binary tree can be identified by a list of elements of B: this list simply represents the branch leading to this node from the root. The set of infinite binary trees over X, written tree B (X), can thus be defined as where each term gives the ith "layer" of the tree as a function from finite branches of length i to X. We can rewrite this as By replacing the set B by some other set B, we obtain the ternary trees over X or countablybranching trees over X, etc. Streams themselves are recovered by taking B = { }. If both B and X are endowed with the discrete topology, we obtain a natural topology on tree B (X). Note that when B is infinite, the spaces B i → X are not discrete anymore. Nevertheless, we have: Lemma 1.3. Let A, B, X and Y be discrete spaces; a function f : tree A (X) → tree B (Y ) is continuous iff for every t ∈ tree A (X), the value at each node of f (t) only depends on a finite subtree 1 of t.
Proof. The proof of this lemma is exactly the same as the proof of Lemma 1.1, except that we replace the natural number n in t n (for some t ∈ tree B (Y )) by a finite subtree. The only remark is that basic open sets of tree B (Y ) are of the form i≥0 t∈B i X i,t where all sets X i,t are equal to X, except for finitely many that are singletons of the form {x i,t } for some x i,t ∈ X.
It is again possible to devise more general notions of trees by allowing the set X at a node in the tree to depend on the values of its location as a path from the root. The resulting space is endowed with the subspace topology and Lemma 1.3 still holds. We will later generalize this notion further by allowing the branching of a node (given by the set B) to depend itself on the value stored at the node. With this generalisation we can model very general objects, such as infinite automata that issue commands and change to a new state (choose a branch) based on the responses.
1.3. Infinite Trees, Wild Topology. The topology we naturally get in this paper corresponds to a different topology on trees. When looking at we can endow the inner product space with the "box" topology, where basic opens are given by arbitrary products of open sets. Because B and X are discrete sets, this amounts to giving the discrete topology to each layers B i → X. Instead of being generated by "finite subtrees", open sets are generated by "subtrees with finite depth". Lemma 1.4. Let A, B, X and Y be discrete spaces; a function f : tree A (X) → tree B (Y ) is continuous for the wild topology iff for every t ∈ tree A (X), and k ∈ N, there is an n ∈ N such that the nodes of f (t) at depth less than k depend only on the nodes of t at depth less than n.
Formally, this looks very similar to condition ( * ) on page 2: where t k is the complete subtree of t up-to depth k. Intuitively, this topology considers infinite trees as streams of their layers, where layers are discrete.
When A and B are finite, the two notions of continuity (Lemma 1.3 and 1.4) coincide. When this is not the case, we cannot compare continuous functions for the two topologies.
• Consider f : stream(N) → tree N (N) sending the stream s to the tree f (s) where the node indexed by (i 0 , . . . , i n ) is s i 0 + s i 1 + ... + s in . This is certainly continuous for the natural topology. However, because the first layer of the output is infinite, we cannot bound the number of layers (elements) of the input stream s that are needed to construct it: this function is not continuous for the wild topology.
1 A subtree is a set of nodes that contains the root of the tree and is closed by the ancestor relation. • Consider g : tree N (B) → stream(B) where the ith element of g(t) is the maximum of the complete ith layer of t (B being the complete lattice with two elements). This function is continuous in the wild sense, but because we need to know the whole ith layer of the input to get the ith value of the output, this function is not continuous for the natural topology (and certainly not computable).
2. Preliminaries II. Martin Löf Type Theory 2.1. Basic Features. We work in a meta theory that is in essence Martin-Löf's dependent type theory [ML01] with two additional features: • coinductive types, • inductive-recursive definitions.
All the constructions described in the paper have been defined using the dependently typed functional programming language Agda [tea19].
A Note about Equality. This paper is concerned with constructions in "pure" type theory, i.e. dependent type theory without identity. Those constructions enjoy many interesting properties, but proving them requires some notion of equality. Equality in Martin-Löf type theory is a complex subject about which whole books have been written [Uni13]. We try to be mostly agnostic about the flavor of equality we are using and only rely on the "simplest" one: intentional equality, written a ≡ T b, or simply a ≡ b. This makes it possible to use vanilla Agda for checking proofs. 2 We annotate the proofs in the paper with • [Agda] : for those that have been formalized using Agda, • [Agda] : for those which have only partly been formalized, typically because the proof is too complex to write in Agda, or because it requires a much stronger version of equality than we have at our disposal. Because we want to explain Agda code only slightly less than you want to read Agda code, the formalized proofs are either omitted from the paper, or explained informally.
We sometimes need to assume equality for functions is extensional, i.e. that f ≡ g iff f a ≡ B g a for all a : A. Those proofs are clearly identified.
Notation. The notation for dependent types is standard. Here is a summary: • We write Γ B to mean that B is a well-formed type in context Γ. We write A = B to express that A and B are the same by definition. • We write Γ b : B to mean that b is an element of type B in context Γ. The context is often left implicit and we usually write b : B. We write a = b : B to express that a and b are definitionally equal in type B. When the type B can easily be deduced from the context, we will usually write just a = b. • If B is a type and C is a type depending on x : B, i.e. , x : B C, we write 2 All the Agda code was checked using Agda 2.6.1.1 with the flag --without-K. The Agda code is available at http://www.lama.univ-smb.fr/~hyvernat/Files/Infinite/agda.tgz, with the file PAPER.agda referencing all the formalized results from the paper. For those without a working Agda installation, the code is also browsable directly from http://www.lama.univ-smb.fr/~hyvernat/Files/Infinite/browse/PAPER.html.
-Σ x : B C for the dependent sum. Its canonical elements are pairs b, c with b : B and c : C[x/b], -Π x : B C for the dependent product. Its canonical elements are functions (λ x : B) u where x : B u : C. When the type C is constant, we abbreviate those by B × C and B → C.
• The usual amenities are present: the natural numbers, W-types and so on. We use a universe Set of "small types" containing 0 (with no element), 1 (with a single element ) and 2 (with two elements 0 and 1). Moreover, the dependent sums and products are reflected in this universe, and we use the same notation Σ b : B C and Π b : B C whenever B : Set and b : B C : Set. We assume that this universe is closed under many inductive-recursive and coinductive definitions which will be treated below.
We are not always consistent with notation for application of functions and usually write • f x when the result is an element of a small type (an element of Set), • A(i) when the result is itself a small type (and thus, not an element of Set).
Predicates and Families. The Curry-Howard isomorphism makes the type Set into a universe of propositions.
Definition 2.1. If A : Set, the collection of predicates on A is defined as We introduce the following notations [SV93]: if X and Y are predicates on A, • "a X" is "X(a)", The intuition is that a predicate on A is just a subset of A in some constructive and predicative 3 set theory. It is then natural to call a predicate on some A × B a binary relation. We sometimes identify a relation R : Pow(A × B) with its curried version R : A → Pow(B). Finally, we define the following trivial operation We will also need a notion of family. 2.2. Inductive-recursive Definitions. Inductive definitions are a way to define (weak) initial algebras for endofunctors on Set. A typical example is defining list(X) as the least fixed point of Y → 1 + X × Y . In their simplest form, inductive-recursive definitions [Dyb00] give a way to define (weak) initial algebras for endofunctors on Fam(C). 4 It means we can define, at the same time: • a inductive set U , called the index set, • and a recursive function f : U → C.
Of course, the set U and the function f may be mutually dependent.
The type C may be large or small. Taking C = 1, we recover usual inductive types as the index part of such a definition, the recursive function f always being trivial. In non-degenerate cases, the inductive clauses defining U are expressed using the simultaneously defined function f . Here is a traditional example with C = Set: complete binary trees indexed by X, defined one layer at a time. Here is the definition, first using Agda syntax: give trees labeled by natural numbers: (putting the " False" branch on the left, and the " True" branch on the right) . The corresponding functor takes the family T : Set, b : T → Set to the family • index set: where is the only element of 1, b t, l = (b t) × 2. We will, in Section 5.1, encounter a similar situation in which the type C will be Fam(I), i.e. we will need to take the least fixed point of a functor from Fam Fam(I) to itself.
Another typical example involves defining a universe U of types closed under dependent function space: U needs to contains inductive elements of the form Π A : U (B : fam(A)), but fam(A) is defined as El(A) → U and makes use of the decoding function El : U → Set.

Pierre Hyvernat
Vol. 17:3 2.3. Greatest Fixed Points. In its simplest form a coinductive definition introduces some ν F : Set together with a weakly terminal coalgebra c : ν F → F (ν F ) for a sufficiently healthy 5 functor F : Set → Set. For example, given a set A, the functor F (X) = A × X is certainly healthy and the set ν F corresponds to the set of streams over A. The coalgebra c "decomposes" a stream [a 0 , a 1 , . . .] into the pair a 0 , [a 1 , a 2 , . . .] of its head and its tail. Because the coalgebra is weakly terminal, for any other such coalgebra x : X → F (X) there is a map X → ν F . The corresponding typing rules are given by and the computation rule is Such coinductive definitions can be extended to families of sets: given an index set I, we introduce weakly terminal coalgebras for a sufficiently healthy functor acting on Pow(I). The typing rules are extended as follows: together with the computation rule Note that it does not seem possible to guarantee the existence of strict terminal coalgebras [McB09] without extending considerably the type theory. 6 Bisimulations. Equality in type theory is a delicate subject, and it is even more so in the presence of coinductive types. The usual (extensional or intensional) equality is easily defined and shown to enjoy most of the expected properties. However, it is not powerful enough to deal with infinite objects. Two infinite objects are usually considered "equal" when they are bisimilar. Semantically, bisimilarity has a simple definition [AM89,Sta11,ACS15]. In the internal language, two coalgebras are bisimilar if their decompositions are equal, coinductively.
Definition 2.4. Given a locally cartesian closed category C with an endofunctor F and two coalgebra c i : , a bisimulation between T 1 and T 2 is given by a span T 1 ← R → T 2 with a coalgebra structure such that the following diagram commutes.
Fr 1 Fr 2 c 1 r c 2 5 for our purposes, "sufficiently healthy" amounts to "polynomial" 6 It is apparently possible to do so in univalent type theory [ACS15], where coinductive types can be defined from inductive ones, just like in plain old set theory! In particular, the identity span T ← T → T is always a bisimulation and the converse of a bisimulation between T 1 and T 2 is a bisimulation between T 2 and T 1 .
Functions between coinductive types ought to be congruences for bisimilarity: we say that f 1 and f 2 are equal up to bisimulation, written f 1 ≈ f 2 , if for every bisimulation C 1 ← R → C 2 , there is a bisimulation D 1 ← S → D 2 and a morphism h : R → S making the following diagram commute.
Translated in the internal language, f 1 ≈ f 2 means that if x and y are bisimilar, then f 1 x and f 2 y are also bisimilar. It is not difficult to show that • ≈ is reflexive and symmetric, • ≈ is compositional: if f 1 ≈ f 2 and g 1 ≈ g 2 , then f 1 g 1 ≈ f 2 g 2 (if the composition makes sense). Without additional properties (which hold in our context), ≈ is however not transitive.
Coinductive types are interpreted by weakly terminal coalgebras. There can be, in principle, several non-isomorphic weakly terminal coalgebras. We however have the following.
Lemma 2.6. Let T 1 and T 2 be weakly terminal coalgebras for the endofunctor F , Proof. Consider the following diagram: The only thing needed to make it commutative is that the bottom right square is commutative. This follows from the fact that m is a mediating morphism between the weakly terminal coalgebras: The second point is a direct consequence of the first one.
Assumption 2.7. We assume our type theory is "compatible" with bisimilarity, in the sense that any definable function f satisfies f ≈ f .
Since it is possible to construct a dependent type theory where bisimilarity is intensional equality [ACS15,MV19], this assumption is reasonable. In our case, it allows to simplify some of the (pen and paper) proofs while not needing the extension of our type theory.
The only use of this assumption will be Lemma 3.12 on page 15, to reduce proofs of f ≈ g to proofs of "f x and g x are bisimilar for all x". 7

Indexed Containers
Indexed containers [AM09] were first considered (implicitly) in type theory 30 years ago by K. Petersson and D. Synek [PS89]. Depending on the context and the authors, they are also called interaction systems [HH06] or polynomial diagrams [GK13, Hyv14a] Each indexed container gives rise to a monotone operator on predicates over I: 7 instead of the much more tedious "f x1 and g x2 are bisimilar if x1 and x2 are" 8 An abstract, but equivalent, way of defining indexed containers over I is as functions I → Fam Fam(I) .

9
The name IS comes from "Interaction System", another name for indexed containers. Definition 3.2. If w = A, D, n is an indexed container over I : Set, the extension of w is the operator: w : Lemma 3.3. The operator w is monotonic, i.e., the following type is inhabited: for every predicates X and Y of the appropriate type. Proof.
[Agda] This is direct: given i : X ⊂ Y and a, f : w (X), we just need to "carry" i through w and return a, i • f .
Indexed containers form the objects of several categories of interest [HH06, GK13, AM09, Hyv14a], but that will only play a very minor role here.
Many indexed containers of interest have singleton actions or singleton reactions.
• lopsided if it is either angelic or demonic.
3.1. Composition. Extensions of indexed containers can be composed as functions. There is a corresponding operation on the indexed containers.
Definition 3.5. If w 1 = A 1 , D 1 , n 1 and w 2 = A 2 , D 2 , n 2 are two indexed containers on I, the composition of w 1 and w 2 is the indexed container w 2 • w 1 = A, D, n where Lemma 3.6. For every indexed containers w 1 and w 2 and predicate X, we have If function extensionality holds, the pair of functions are inverse to each other. Proof.
[Agda] The main point is that the intensional axiom of choice is provable in Martin-Löf type theory. We then have
Definition 3.7. If w = A, D, n is an indexed container over I, we write w ⊥ for the indexed Lemma 3.8. For every indexed container w = A, D, n , the following type is inhabited: With function extensionality, this is an isomorphism.
Sketch of proof.
[Agda] Just like Lemma 3.6, the proof relies on the intensional axiom of choice, which shows that It is interesting to note that lopsided containers are closed under duality, and that duality is involutive on them. For any family X indexed by I and t : Π i : I X(i) → I, the following containers are dual to each other: 3.3. Free Monad. If w = A, D, n is an indexed container on I, we can consider the free monad generated by w . N. Gambino and M. Hyland proved that the free monad F w generated by some w (a dependent polynomial functor) is of the form w * for some indexed container w * [GH03]. It is characterized by the fact that w * (X) is the least fixed point of Y → X ∪ w (Y ). In other words, we are looking for an indexed container w * satisfying . Expending the definition of w , this means that This pseudo formula depicts a well-founded tree (with branching on d i : D(_, _)) in which branches are finite: either they end at a Πd i because the corresponding domain D(_, _) is empty, or they end in a state i[a 1 /d 1 ][a 2 /d 2 ] . . . which belongs to X. The length of the sequence a 1 /d 1 , a 2 /d 2 , . . . is finite but may depend on what moves / counter-moves are chosen as the sequence grows longer. We can define w * inductively. .
Thus, an element of A * (i) is a well-founded tree where each internal node is labeled with an elements a : A(i) and the branching is given by the set D(i, a). • The components D * and n * are defined by recursion: in the case of a Leaf: in the case of a Node: The corresponding Agda definition is In the presence of extensional equality, this particular inductive definition can be encoded using standard W -types [GK13]. As it is given, it avoids using equality but needs either a universe, or degenerate 10 induction-recursion on Fam(I). This construction does indeed correspond to the free monad described by N. Gambino and M. Hyland: Lemma 3.10. If w is a container indexed on I : Set, we have 3.4. Greatest Fixed Points. Agda has some support for infinite values via the ∞_ type constructor making a type "lazy", i.e. stopping computation. Using this and the operators : A → ∞A (to freeze a value) and : ∞A → A (to unfreeze it), it is possible to define the type ν w (which we'll write ν w ) for any indexed container w. The termination checker used in Agda [AA01] also checks productivity of recursive definition, but since it is not clear that this is sound when inductive and coinductive types are mixed [AD12,Hyv20] we will only use the standard introduction and elimination rules in our developments: which are definable in Agda.
Elements of ν w are formed by coalgebras for w , and any element of i ν w can be "unfolded" into an element of i w (ν w ) i.e. into an element of We can repeat this unfolding and informally decompose an element of i ν w into an infinite "lazy" process of the form We therefore picture an element of i ν w as an infinite tree (which need not be well-founded). Each node of such a tree has an implicit state in I, and the root has state i. If the state of a node is j, then the node contains an element a of A(j), and the branching of that node is given by D(j, a). Note that some finite branches may be inextensible when they end at a node of state j with label a for which D(j, a) is empty.
Examples. We will be particularly interested in fixed points of the form ν w ⊥ . Because of Lemma 3.8, an element of i ν w ⊥ unfolds to a potentially infinite object of the form Π a 1 : A(i) Σ d 1 : D(i, a 1 ) Π a 2 : A(i[a 1 /d 1 ]) Σ d 2 : D(i[a 1 /d 1 ], a 2 ) · · · For such types, the branching comes from A(_) and the labels from D(_, _). Here are some example of the kind of objects we get.
(2) Increasing streams of natural numbers are isomorphic to "0 ν w ⊥ " where I = N and w = A, D, n with • n(i, , j, p ) = j. Bisimulations. The appropriate equivalence relation on coinductive types is bisimilarity.
Translating the categorical notion from page 8 for the type ν w , 11 we get that T 1 : i 0 ν w is bisimilar to T 2 : i 0 ν w if: (1) there is an I indexed family R i : (i ν w ) × (i ν w ) → Set (an "indexed relation") s.t. (2) • for every d 1 : D(i, a 1 ), the elements f 1 i[a 1 /d 1 ] and f 2 i[a 2 /d 2 ] are related by R, where a 1 , f 1 [resp. a 2 , f 2 ] comes from the coalgebra structure ν w ⊂ w ν w applied to T 1 [resp. T 2 ]. Expressing this formally is quite verbose as values need to be transported along equalities to have an appropriate type. For example, having a 1 ≡ a 2 ∈ A(i) only entails that D(i, a 1 ) and D(i, a 2 ) are isomorphic, and thus, d 1 : D(i, a 1 ) is not strictly speaking an element of D(i, a 2 )!
We noted on page 9 that categorically speaking, without hypotheses on the functor F , ≈ was not necessarily transitive. We have Lemma 3.11. If w is a container indexed on I, then ≈ is an equivalence relation on any i ν w : • for any T : i ν w , there is an element in T ≈ T , Proof.
[Agda] The result is intuitively obvious but while reflexivity is easy, proving transitivity (and to a lesser extent symmetry) in Agda is surprisingly tedious. Explaining the formal proof is probably pointless as it mostly consists of transporting elements along equalities back and forth.
We will keep some of the bisimilarity proofs in the meta theory in order to simplify the arguments. The only consequence of the assumption from page 10 that we'll need is the following.
Lemma 3.12. Suppose that f, g : i 1 ν w 1 → i 2 ν w 2 are definable in type theory, then, to prove that f ≈ g, 12 it is enough to show that f T ≈ g T for any T : i 1 ν w 1 .
Proof. If S ≈ T , we have f S ≈ f T ≈ g T where the first bisimulation comes from the assumption f ≈ f from page 10 and the second bisimulation comes from the hypothesis of the lemma.
This makes proving f ≈ g simpler as we can replace the hypothesis T 1 ≈ T 2 by the stronger T 1 ≡ T 2 .
Weakly Terminal Coalgebras. We will have to show that some sets are isomorphic "up to bisimilarity". To do that, we'll use Lemma 2.6 by showing that the two sets are weakly terminal coalgebras for the same functor w . (One of the sets will always be ν w , making half of this automatic.) 11 Note that we only define bisimilarity for elements of i νw, and not for arbitrary w -coalgebras. 12 i.e. S ≈ T → f S ≈ g T

Pierre Hyvernat
Vol. 17:3 To show that T : Pow(I) is a weakly terminal coalgebra for w , we have to define, mimicking the typing rules for coinductive types: -X : Pow(I), c : X ⊂ w (X), i : I and x : i X, w intro c : w (X) ⊂ w (T ) comes from Lemma 3.3. By Lemma 2.6, we have Corollary 3.13. If C is a weakly terminal coalgebra for w , then there are functions f : ν w ⊂ C and g : C ⊂ ν w such that Proof.
[Agda] This is the second point of Lemma 2.6, and it has been formalized in Agda.

Simulations and Evaluation
4.1. Functions on Streams. Continuous function from stream(A) to stream(B) can be described by infinite, A-branching "decision trees" with two kinds of nodes: input and output b with b ∈ B. The idea is that f (s) = [b 1 , b 2 , . . . ] if and only if the infinite branch corresponding to s contains, in order, the nodes output b 1 , output b 2 , . . . , interspersed with input nodes. For that to be well defined, we need to guarantee that all infinite branches in the tree contain infinitely many output node, or equivalently, that no branch contains infinitely many consecutive input nodes. The nested fixed points guarantee that along a branch, there can only be finitely many consecutive input nodes: of an output b node and an element of X, • νX. · · · the element in X at each leaf for the well-founded trees is another such well-founded tree, ad infinitum. We can evaluate each such tree into a continuous function, a process colloquially referred to as "stream eating": we consume the elements of the stream to follow a branch in the infinite tree, and output b (an element of the result) whenever we find an output b node. 13 Our aim is to extend Theorem 4.1 to coinductive types of the form i ν w ⊥ . The problem is doing so in a type-theoretic manner and even the case of dependent streams (where the type of an element may depend on the values of the previous elements) is not trivial. Retrospectively, the difficulty was that there are two generalizations of streams: • adding states: we consider dependent streams instead of streams; 13 The converse mechanism, of converting a function into process into a tree cannot be defined in type theory, see the discussion on page 27. • adding branching: we consider trees instead of streams. Both cases required the introduction of states and branching, making those seemingly simpler cases as hard as the general one.

Linear Simulations as Transducers.
We are going to define a notion of "transducer" that can explore some branch of its input and produce some output along the way. Such notions have already been considered as natural notions of morphisms between dependent containers: linear simulations [Hyv14a] and general simulations [HH06]. These notions generalize morphisms as representations of pointwise inclusions w 1 ⊂ w 2 (called cartesian strong natural transformations), which only make sense for containers with the same index set [GK13,GH03,AM09]. A transducer from type i 1 ν w ⊥ 1 to type i 2 ν w ⊥ 2 works as follows: given an argument (input) in i 1 ν w ⊥ 1 , morally of the form it must produce (output) an object of the form

In other words, the transducer
• consumes b (they are given by the environment when constructing the result) and d (they may be produced internally by the input), • produces e (as part of the output) and a (to be used internally by feeding them to the input).
Graphically, the transducer "plugs into" the input, producing the output: (1) when given some b 0 , (2) it produces an a 0 and feeds it to its argument, (3) it receives a d 0 from its argument, (4) and produces an e 0 for its result. Definition 4.2. Let w 1 = A 1 , D 1 , n 1 and w 2 = A 2 , D 2 , n 2 be indexed containers over I 1 and I 2 and let R : Pow(I 1 × I 2 ) be a relation between states. We say that R is a linear 13:18

Pierre Hyvernat
Vol. 17:3 simulation from w 1 to w 2 if it comes with a proof: We write (R, ρ) : w 1 w 2 , but usually leave the ρ implicit and write R : w 1 w 2 .
We will not need this fact in the present paper, but this notion of simulation enjoys a strong universal property. It arises as the adjoint of a very natural tensor product [Hyv14a] (see also the discussion on page 26).
To justify the fact that this can serve as a transducer, we need to "evaluate" a simulation on elements of i ν w ⊥ 1 . Lemma 4.3. Let w 1 = A 1 , D 1 , n 1 and w 2 = A 2 , D 2 , n 2 be indexed containers over I 1 and I 2 , and (R, ρ) : w 1 w 2 . We have a function Proof.
[Agda] This amounts to unfolding the simulation as a linear transducer. The main point in the Agda proof is to show that the predicate ν w ⊥ 1 R ∼ (i 2 ) is a coalgebra for w ⊥ 2 . The next lemma shows that this notion of simulation gives an appropriate notion of morphism between indexed containers.
Lemma 4.4. We have: • the identity type on I is a linear simulation from any w over I to itself, • if R is a linear simulation from w 1 to w 2 , and if S is a linear simulation from w 2 to w 3 , then S • R is a linear simulation from w 1 to w 3 , where S • R is the relational composition of R and S: Proof.
[Agda] That the identity type is a linear simulation is straightforward. Composing simulation amounts to extracting the functions a 1 → a 2 and d 2 → d 1 from the simulations, and composing them.
Note that composition of simulations is only associative up to associativity of relational composition (pullback of spans) so that a quotient is needed to turn indexed containers into a category [Hyv14a]. What is nice is that composition of simulations corresponds to composition of their evaluations, up to bisimilarity.
Lemma 4.5. If w 1 , w 2 and w 3 are containers indexed on I 1 , I 2 and I 3 , and if R : w 1 w 2 and S : w 2 w 3 , then we have where • i 1 : I 1 , i 2 : I 2 , i 3 : I 3 , • r : R(i 1 , i 2 ) and s : S(i 2 , i 3 ), • and thus, i 2 , r, s : (S • R)(i 1 , i 3 ). Recall that for functions, f ≈ g means that for every input T (here of type i 1 ν w ⊥ 1 ), we have "f T ≈ g T , i.e. f T is bisimilar to g T ". Proof.
[Agda] This is one instance where the direct, type theoretic proof of bisimilarity is possible, and not (too) tedious. With the transducer intuition in mind, this result is natural: starting from some a 3 : A 1 (i 3 ), we can either • transform it to a 2 : A 2 (i 2 ) (with the simulation from w 2 to w 3 ) and then to a 1 : A 1 (i 1 ) (with the simulation from w 1 to w 2 ), • or transform it directly to a 1 : A(i 1 ) (with the composition of the two simulations). Because composition is precisely defined by composing the functions making the simulations, the two transformations are obviously equal. (The Agda proof is messier than that but amounts to the same thing.) Note that because of Lemma 3.12, the Agda proof only needs to show that (eval S •eval R ) T is bisimilar to eval S•R T . We can generalize transducers by allowing them to work in the following manner.
(1) When given some b 0 , (2) they produce an a 0 and feed it to their argument, (3) they receive a d 0 from their argument, (4) and either go back to step (2) or produce an e 0 (output) for their result, (5) start again at step (1)... In other words, steps (2) and (3) can occur several times in a row. We can even allow the transducer to go directly from step (1) to step (4), bypassing steps (2) and (3) entirely. Of course steps (3) and (4) should never happen infinitely many times consecutively.
[Agda] From an element of i ν w * ⊥ we can use the elimination rule and extract a member of Π α : A * (i) Σ δ : D * (i, α) i[α/δ]ν w * ⊥ . Given some a : A(i), we instantiate α to Node(a, (λ d : D(i, a)) Leaf) : A * (i) (a single a, followed by nothing), and its responses are just responses to a. This produces an element of Π a : i.e. an element of i w ⊥ (ν w * ⊥ ). We've just shown that ν w * ⊥ ⊂ w ⊥ ν w * ⊥ . We refer to the Agda code for the rest of the proof.
Corollary 4.8. ν w * ⊥ and ν w ⊥ are isomorphic up to bisimulation: Proof. This is a direct consequence of Lemma 2.6.
By composing the function ν w ⊥ ⊂ ν w * ⊥ with the evaluation of linear simulations (Lemma 4.3), we get an evaluation function for general simulations.
Sidenote on formal topology. When evaluating a general simulation R : w * 1 w 2 directly (i.e. not relying on Corollary 4.8), we need to compute an element of i 2 ν w ⊥ 2 from • a state i 1 : I 1 and a state i 2 : I 2 , • an element r : R(i 1 , i 2 ), • an element T 1 : i 1 ν w ⊥ 1 .
We then need to find, for each branch a 2 : A 2 (i 2 ), a corresponding d 2 : D 2 (i 2 , a 2 ) and a way to continue the computation. Given a 2 , by the general simulation property, we can compute an element of which can be rewritten as The crucial first step is matching the well-founded tree α 1 with the infinite tree T 1 . This can be done with Lemma 4.10. Let I : Set, and w an indexed container over I, and X a predicate over I. The type w * (X) ν w ⊥ → X ν w ⊥ is inhabited. Proof.
[Agda] By matching dual quantifiers coming from i w * (X) and i ν w ⊥ , we get an alternating sequence of moves a i and counter moves d i reaching a final state i f in X, together with a infinite tree in i f ν w ⊥ . More formally, suppose w * (X) ν w ⊥ is inhabited, i.e., that we have i : I, α, f : i w * (X) and a (non-well-founded) tree T in i ν w ⊥ . We examine α: • α = Leaf(i): we have f : i X, in which case X ν w ⊥ is inhabited.
• α = Node(a, k): where k : Π d i[a/d] w * (X). We can apply ν elim to T : i ν w ⊥ to obtain a function in Π a Σ d i[a/d] ν w ⊥ . Applying that function to a : A(i), we get d : This pair inhabits w * (X) ν w ⊥ , and by induction hypothesis, yields an inhabitant of X ν w ⊥ .
This formula is at the heart of formal topology, where it is called "monotonicity" [CSSV03]. There, i w * (U ) is read "the basic open i is covered by U " (written i U ), and i ν w ⊥ is read "the basic open i contains a point" and is written i Pos.
Applied to the present situation with X = (λ i : , we get an element of X ν w ⊥ 2 , which is precisely given by • a state i 1 : I 1 , • a pair d 2 , r with d 2 : D 2 (i 2 , a 2 ) and r : In other words, we get the sought after d 2 (giving the first element of the a 2 branch), together with enough data to continue the computation.
4.4. The Free Monad Construction as a Comonad. Composition of general simulations does not follow directly from composition of linear simulations because there is a mismatch on the middle container: composing R : w * 1 w 2 and S : w * 2 w 3 to get a simulation from w * 1 to w 3 is not obvious. Fortunately, the operation w → w * lifts to a comonad, and the composition corresponds to composition in its (co)Kleisli category.
Proposition 4.11. Let C be a locally cartesian closed category. The operation P → P * lifts to a monad on the category of polynomial functors over I with cartesian natural transformations between them. Proof.
[Agda] The operation P → P * goes from End(C/I), the category of polynomial endofunctors on C/I to Mnd(C/I), the category of (polynomial) monads over C/I [GH03,GK13]. We write Nat(F, G) for natural transformations from F to G, and Nat Mnd (F, G) for those transformations that respect the monad structures of F and G. Writing F −alg for the category of F -algebras, and F −Alg (when F is a monad) for the category of F -algebras that respect the monad operations, we have This shows that _ * is left adjoint to the forgetful functor U : Mnd(C/I) → End(C/I), and makes the composition U_ * a monad. It only remains to show that the monad operations are strong cartesian transformations. Since strong natural transformations from w 1 to w 2 correspond exactly to linear simulations (≡, ρ) : w 2 w 1 [GK13,Hyv14b], it is enough to define the monad operations as simulations: • (≡, ε w ) : w * w • and (≡, δ w ) : w * w * * Those constructions are relatively straightforward in Agda: the first operation corresponds to embedding a single action a : A(i) into A * (i) as Node(a, (λ d : D(i, a)) Leaf). A direct definition of δ w is done by induction and can be found in the Agda code. Semantically speaking, it can be derived from Lemma 3.10: What makes this lemma interesting is that the constructions themselves are easy to define in Agda without identity types. A purely type theoretic proof that the constructions satisfies the monad laws could not be completed in Agda, because the overhead of reasoning with equality on dependent structures is very tedious. The categorical proof guarantees that it holds in all models for extensional type theory which is good enough for us.
Because of the reversal (strong natural transformation from w 1 to w 2 are equivalent to identity linear simulations from w 2 to w 1 ), this translates to "w → w * lifts to a comonad in the category of indexed containers with linear simulations".
Corollary 4.12. The operation w → w * lifts to a comonad in the category of indexed containers over I and linear simulations.

Composition of General Simulations.
Recall that a comonad may be given in triple form with the following data: • a natural transformation ε w : w * w, • a "cobinding" operation taking R : w * 1 w 2 to R : w * 1 w * 2 (defined as R * • δ w 1 ), satisfying the following laws: w * 2 and S : w * 2 w * 3 . We can now define The comonad laws are then enough to prove that composition of general simulations corresponds to composition of their evaluations.
Proposition 4.14. Let w 1 , w 2 , w 3 be containers indexed on I 1 , I 2 and I 3 , with R : w * 1 w 2 and S : w * 2 w 3 , then we have Proof.
Expanding the definitions (and omitting all non-essential parameters, except for the first and last lines), we have: The only missing part ( * ) is showing that eval εw 2 ≈ g 2 where g 2 : i 2 ν w * ⊥ 2 → i 2 ν w ⊥ 2 is the mediating morphism coming from the w ⊥ 2 coalgebra structure of i 2 ν w * ⊥

2
. This was formally proved in Agda. (The reason is essentially that both morphisms are, up-to bisimilarity, the identity.) Note that this proof is hybrid with a formal part proved in Agda, and a pen and paper proof.

Layering and Infinite Trees
General simulations allow to represent all computable (continuous) functions on streams: for a given piece of the output, we only need to look at finitely many elements of the stream. A general simulation does that by asking as many elements as it needs. However, for branching structures, general simulations are not enough: general simulations explore their arguments along a single branch a 1 /d 1 , a 2 /d 2 , . . . . For example, the function summing each layer of a binary tree to form a stream is not representable by a general simulation: .
. . . . . We want a notion of "backtracking" transducer that can explore several branches. Describing such a transducer is difficult in type theory if we try to refrain from using equality.
5.1. Layering. To give a simulation access to several branches, we are going to replace a branching structure by the stream of its "layers". Then, a simulation will be able to access as many layers as it needs to get information about as many branches as it needs. This definition is a direct extension of the operation appearing in previous work about continuous functions and (unindexed) containers [GHP09a]. It generalizes the example of complete binary trees as an inductive recursive definition from page 7 to arbitrary dependent A-labelled and D-branching trees. Given such a tree α : A (i), D (i, α) indexes the set of its terminal leaves. A new layer assigns a new element a : A(. . . ) at each leaf, and α l is the new, increased tree.
Of particular interest is the indexed container w ⊥ . An element of A ⊥ (i) is a complete tree of finite depth where branching occurs at A(_) and labels are chosen in D(_, _). In particular, an element of D ⊥ (i, α) is a finite sequence of actions.
We can now construct a lopsided (angelic) indexed container from an arbitrary indexed container: Definition 5.2. Given w a container indexed on I and a fixed i : I, we define a new container w, i : • the next state after action l in state α (and response ) is α l.
States of this new container record a complete tree of finite depth. Moreover, since it has trivial responses, an element of Leaf ν w,i is not very different from a (dependent) stream of layers, and so, from an infinite tree in i ν w . This is generalized and formalized in the next lemmas.
[Agda] The proof corresponds to the above remark that an infinite tree is equivalently given by the infinite stream of its layers. It has been formalized in Agda. Proof. This is a direct consequence of Lemma 2.6.
As mentioned on page 12, lopsided containers are special because duality is essentially involutive, in the sense that w and w ⊥⊥ are isomorphic: • there are bijections f i between A(i) and A ⊥⊥ (i), • there is are bijections g i,a between D(i, a) and D ⊥⊥ (i, f i a), • the next state functions are compatible with them: n(i, a, d) ≡ n ⊥⊥ (i, f i a, g i,a d).
Rather than developing this notion, we will only state and prove the only consequence we'll need.
Lemma 5.5. Suppose w has trivial (singleton) reactions, then ν w is a weakly terminal coalgebra for w ⊥⊥ .
14 An element of Π β : D (i, α) (n i α β) νw is a way to extend the complete tree α of finite depth to a full infinite complete tree by appending an infinite tree at each leaf.