The Scott model of PCF in univalent type theory

We develop the Scott model of the programming language PCF in univalent type theory. Moreover, we work constructively and predicatively. To account for the non-termination in PCF, we use the lifting monad (also known as the partial map classifier monad) from topos theory, which has been extended to univalent type theory by Escard\'o and Knapp. Our results show that lifting is a viable approach to partiality in univalent type theory. Moreover, we show that the Scott model can be constructed in a predicative and constructive setting. Other approaches to partiality either require some form of choice or quotient inductive-inductive types. We show that one can do without these extensions.


Introduction
We develop the Scott model of the programming language PCF in constructive predicative univalent mathematics. In 1969, Dana Scott [24] proposed a logic (LCF) for computing with functionals. In 1977, Gordon Plotkin [21] considered LCF as a programming language (PCF); introducing operational semantics based on Scott's logic and proving (and formulating) soundness and computational adequacy. Later, the techniques of Scott and Plotkin were extended to many other programming languages [22]. These developments all took place in (informal) set theory with classical logic.
Our aim is to test these techniques in Voevodsky's constructive univalent type theory [28]. Our development differs from the classical approach [25] in three key ways. First of all, we have situated our development in the framework of univalent mathematics. Secondly, our work takes place in a constructive meta-theory. Thirdly, we work predicatively (meaning we do not assume propositional resizing).
The essential difference (for our development) between univalent type theory on the one hand, and set theory or systems like Coq on the other, is the treatment of truth values (propositions). We will discuss manifestations of this difference in Section 1.1.3 and throughout the paper.

Technical preliminaries
In this section we briefly explain the syntax of PCF and its computational behaviour. Moreover, we recall the notion of denotational semantics and the Scott model of PCF (in a classical setting) in particular. We also mention two fundamental properties that a model of PCF should enjoy: soundness and computational adequacy. Finally, we recall the lifting monad in the context of univalent type theory and sketch the construction of the Scott model in constructive univalent type theory.

PCF
PCF [21] is a typed programming language. A detailed description of PCF is given in Section 5. We briefly discuss its most characteristic features here. PCF is a typed λ-calculus with additional constants. For example, we have numerals n of base type ι corresponding to natural numbers and basic operations on them, such as a predecessor term pred and a term ifz that allows us to perform case distinction on whether an input is zero or not. The most striking feature of PCF is its fixed point combinator fix σ for every PCF type σ. The idea is that for a term t of function type σ ⇒ σ, the term fix σ t of type σ is a fixed point of t. The use of fix is that it gives us general recursion.
The operational semantics of PCF is a reduction strategy that allows us to compute in PCF. We write s t for s reduces to t. We show a few examples below: pred 0 0; pred n + 1 n; ifz s t 0 s; ifz s t n + 1 t; fix f f (fix f ).
We see that pred indeed acts as a predecessor function and that ifz performs case distinction on whether its third argument is zero or not. The reduction rule for fix reflects that fix f is a fixed point f and may be seen as an unfolding (of a recursive definition).
As an example of the use of fix, consider a function g on the natural numbers given by the recursive definition: g(0) := s and g(n + 1) := t(g(n)). We can define g in PCF as fix G where G := λ(f : ι ⇒ ι).λ(x : ι). ifz s (t(pred x)) x. Having general recursion also introduces non-termination, as for example the successor function on naturals has no fixed point.
Instead of the formulation by Plotkin [21], which features variables and λ-abstraction, we revert in Section 5 to the original, combinatory, formulation of the terms of LCF by Scott [24] in order to simplify the technical development.

Models of PCF
We have seen that the operational semantics give meaning to the PCF terms by specifying computational behaviour. Another way to give meaning to the PCF terms is through denotational semantics, i.e. by giving a model of PCF. A model of PCF assigns to every PCF type σ some mathematical structure σ and to every PCF term t of type σ an element t of σ .
Soundness and computational adequacy. Soundness and computational adequacy are important properties that a model of PCF should have.
Soundness states that if a PCF term s computes to t (according to the operational semantics), then their interpretations are equal in the model (symbolically, s = t ).
Computational adequacy is completeness at the base type ι. It says that for every term t of type ι and every natural number n, if t = n , then t computes to n.
The Scott model, classically. To model PCF and its non-termination, Dana Scott [24] introduced the Scott model: a type is interpreted as a directed complete poset with a least element (or dcpo with ⊥, for short). Concretely, PCF types are interpreted as follows.
Interpreting the base type ι. One proves that adding a least element ⊥ N to the set N of natural numbers yields a dcpo with ⊥, known as the flat natural numbers. This is then the interpretation of the base type ι. This least element ⊥ N serves as the interpretation of a term of type ι that does not compute to a numeral, like fix succ where succ denotes the successor map on ι.
Interpreting function types. Function types are interpreted by considering continuous maps (i.e. monotone maps that preserve directed suprema) between two dcpos with ⊥. Such maps can be ordered pointwise to form another dcpo with ⊥.
A striking feature, and the crux of the Scott model, is that every continuous map has a (least) fixed point. Moreover, the assignment of a continuous map to its least fixed point is continuous. This allows us to soundly interpret the characteristic fix term of PCF.
The Scott model was proved sound and computationally adequate by Plotkin [21]. A modern presentation may be found in Streicher's [25].
Issues with constructivity. While the interpretation of function types goes through constructively, the above interpretation of the base type ι is problematic from a constructive viewpoint. Indeed, the proof that the flat natural numbers form a dcpo relies on classical reasoning in its analysis of the directed subsets: excluded middle allows us to prove that every directed subset of the flat natural numbers is exactly one of {⊥}, {⊥, n} or {n} for some natural number n. In fact, we can show that this reliance is in some sense essential: in Section 3 we prove that if the flat natural numbers form a dcpo, then the Limited Principle of Omniscience (LPO) holds. This principle asserts that every binary sequence is either 0 everywhere or it attains the value 1 at some point. LPO is not constructively acceptable [4, p. 9], it is even provably false in some varieties of constructive mathematics [5, pp. 3-4], and it is independent of Martin-Löf Type Theory [13].

Univalent type theory
As mentioned at the beginning of Section 1, an essential difference between univalent type theory on the one hand, and set theory or systems like Coq on the other, is the treatment of truth values (propositions). To illustrate this difference, consider the definition of a poset (cf. Definition 2). Example 1. In set theory, the mathematical structure is provided by a set X and a binary relation ≤ on X. Moreover, this relation is required to be reflexive, transitive and antisymmetric. Reflexivity, ∀ x∈X x ≤ x is a logical statement that is bivalent.
In type theory, if we define ≤ : X → X → Type, with Type some type universe, then the type encoding reflexivity, x:X x ≤ x, may have more than one element. This is a fundamental difference with set theory.
In Coq, we could instead define ≤ : X → X → Prop, where Prop is Coq's special sort of propositions. This sort is defined such that (for instance) reflexivity, ∀ x:X x ≤ x, is again in Prop.
The crucial difference between these approaches and the univalent approach, is that in univalent type theory, we prove that something is a proposition (truth value). Following Voevodsky, we define a type to be a proposition (truth value, subsingleton) if it has at most one element with respect to its identity type, i.e. up to propositional equality. To define posets, we then ask for a witness that the type x ≤ y is a proposition for every x, y : X. This allows us, in the presence of function extensionality (which is a consequence of the univalence axiom), to prove that reflexivity and transitivity are propositions. For example, for reflexivity, we wish to show that the type x:X x ≤ x is a proposition. So let f, g be two elements of this type. By function extensionality, it suffices to show that f (x) = g(x) for every x : X. But the type of f (x) and g(x) is x ≤ x, which is a proposition by requirement, so f (x) and g(x) must be (propositionally) equal, as desired. Finally, we require X to be a set: any two elements of X are equal in at most one way. This ensures, using function extensionality again, that antisymmetry is a proposition.
Sometimes, we will want to make a type into a proposition, by identifying its elements. This is achieved through the propositional truncation, a higher inductive type. For example, we will need it to define directed families (Definition 5), but also to define the reflexive transitive closure of a proposition-valued relation (Definition 35). We will further explain these examples in the main text. The universal property of the propositional truncation is described in Section 1.2. For more on propositions, sets and propositional truncation in univalent type theory, see [28,Chapter 3].

Overview of results
We work in intensional Martin-Löf Type Theory with inductive types (including the empty 0, unit 1, natural numbers N, and identity types), +-, Σ-and Π-types. As usual, we simply write x = y for the identity type Id X (x, y), use ≡ for the judgemental equality and write for Voevodsky's notion of type equivalence.
We need (at least) two universes U 0 , U 1 closed under +-, Σ-and Π-types, such that U 0 contains 0, 1 and N, while U 1 contains U 0 . We work predicatively, i.e. we do not assume propositional resizing, so the type of propositions in U 0 , denoted by Ω, lives in the universe U 1 .
We also assume two extensionality axioms. The first is function extensionality, which asserts that pointwise equal functions are equal. Given two (dependent) functions f, g : a:A B(a), we write f ∼ g for the type a:A f (a) = g(a), often called the type of homotopies between f and g. Function extensionality makes the type f ∼ g equivalent to the identity type f = g. The second is propositional extensionality, which says that logically equivalent propositions are equal, i.e. if P and Q are propositions, then P ↔ Q implies P = Q. In the presence of function extensionality this is equivalent to (P ↔ Q) (P = Q).
Although we do not need the univalence axiom at any point, we remark that both extensionality axioms above follow from it. Moreover, we emphasise the importance of the idea of truncation levels, which is fundamental to univalent type theory.
Finally, we assume the existence of a single higher inductive type, the propositional truncation: given a type X in a universe U, we assume that we have a proposition X in U with a map |−| : X → X such that if P is a proposition in any universe and f : X → P is a map, then f factors through |−|. Diagrammatically, Observe that the factorisation f is unique by function extensionality and the fact that P is a proposition. Our paper can be summarised as follows: We introduce the theory of dcpos with ⊥ (known as domain theory) in predicative constructive univalent type theory. We take the carriers of the dcpos to be sets (in the sense of univalent type theory) and the partial orders to be proposition-valued. Propositional truncation plays an import part in defining directedness.
Section 3. We elaborate on the issue with the classical construction of the Scott model in a constructive meta-theory (cf. the final paragraph of Section 1.1.2).

Section 4.
To remedy this issue, we work instead with the lifting monad (also known as the partial map classifier monad) from topos theory [19], which has been extended to constructive type theory by Reus and Streicher [23] and recently to univalent type theory by Escardó and Knapp [12,18]. The lifting L(X) of a type X is defined as L(X) : where Ω is the type of propositions in the first universe. We think of the elements (P, ϕ) of L(X) as partial elements of X: in case P holds, we get an element of X, but P may also fail to hold and then the partial element is thought of as undefined. In our constructive model, we interpret the base type of PCF as the lifting L(N) of the natural numbers.
Section 5. We define a combinatory version of PCF and its (small-step) operational semantics. We use the propositional truncation to obtain well-behaved relations in the small-step operational semantics.
Section 6. We define our constructive Scott model of PCF using the lifting monad.
Section 7. We show how the usual proofs of soundness and computational adequacy adapt to our constructive setting with propositional truncations.

Section 8.
Recall that in our model the PCF type ι for natural numbers is interpreted as L(N), where N is the natural numbers type. Thus, if t is a PCF term of type ι, then we get an element t : L(N). Hence, for every such term t we have a proposition pr 1 ( t ) : Ω. We show that such propositions are all semidecidable. This result should be contrasted with the fact that a restricted version of the lifting monad where we take a Σ-type over only semidecidable propositions is not adequate for our purposes, as we explain at the end of Section 8. In proving our results, we take the opportunity to record some more general properties of reflexive transitive closures (Section 8.1) and indexed W-types (Section 8.2). Section 9. We discuss the universe levels involved in our development. This is important, because we want our results to go through predicatively, i.e. without propositional resizing. Section 10. We summarise our main results and describe directions for future work.

Related work
Partiality in type theory has been the subject of recent study. We briefly discuss the different approaches.
Firstly, there are the delay monad by Capretta [6] and its quotient by weak bisimilarity, as studied by Chapman et al. [7]. They used countable choice to prove that the quotient is again a monad. Escardó and Knapp [12,18] showed that a weak form of countable choice is indeed necessary to prove this. However, Coquand, Mannaa, and Ruch [9, Corollary 2] have shown that countable choice cannot be proved in dependent type theory with one univalent universe and propositional truncation. Theorem 3.3 of Coquand's [8] extends this to dependent type theory with a hierarchy of univalent universes and (some) higher inductive types. Moreover, Andrew Swan [26,27] recently showed that even the weak form of choice required is not provable in univalent type theory.
Another approach is laid out by Altenkirch, Danielsson and Kraus. [2]. They postulated the existence of a particular quotient inductive-inductive type (QIIT) and showed that it satisfies the universal property of the free ω-cpo with a least element [2,Theorem 5]. Moreover, Altenkirch et al. showed that, assuming countable choice, their QITT coincides with the quotiented delay monad.
We stress that our approach does not need countable choice or quotient inductive-inductive types.
Finally, Benton, Kennedy and Varming [3] used Capretta's delay monad to give a constructive approach to domain theory. Their approach used setoids, so that every object comes with an equivalence relation that maps must preserve. One cannot quotient these objects, because quotienting Capretta's delay monad requires (a weak form of) countable choice, as explained above. In our development, we instead use Martin-Löf's identity types as our notion of equality. Moreover, we do not make use of Coq's impredicative Prop universe and our treatment incorporates directed complete posets (dcpos) and not just ω-cpos.

Formalisation
All our results up to and including the proof of computational adequacy (and except for Section 3 and Remark 29) have been formalised in the proof assistant Coq using the UniMath library [29] and Coq's Inductive types. The general results from Section 8 have also been formalised, but their direct applications to PCF, e.g. single-valuedness of the operational semantics and PCF as an indexed W-type, have not. The code may be found at https://github.com/tomdjong/ UniMath/tree/paper. Instructions for use can be found in the repository's README.md file. Browsable documentation for the formalisation may be found at https://tomdjong.github.io/ Scott-PCF-UniMath/toc.html. Definitions and proofs of lemmas, propositions and theorems are labelled with their corresponding identifiers in the Coq name, for example as pcf, which also functions as a hyperlink to the appropriate definition in the documentation.
At present, it is not possible to verify universe levels in UniMath. Therefore, to verify the correctness of our development and our claims in Section 9 about universe levels in particular, we reformalised part of our development in Agda using Martín Escardó library [14]. Our code is now part of the library. An HTML rendering may be found at: https://www.cs.bham.ac.uk/ mhe/agda-new/PCFModules.html.

Acknowledgements
Firstly, I would like to thank Martín Escardó for suggesting and supervising this project. Secondly, I am grateful to Benedikt Ahrens for his support, his help with UniMath, and in particular for his feedback on earlier versions of this paper. I should also like to thank Andrej Bauer and Bernhard Reus for their comments and questions. Finally, I am indebted to the anonymous referees for their thorough and valuable reports that helped to improve the paper.

Basic domain theory
We introduce basic domain theory in the setting of constructive predicative univalent mathematics. We adapt known definitions (cf. [1, Section 2.1] and [25,Chapter 4]) to constructive univalent type theory, paying special attention to how our definitions may involve propositional truncations.

Directed complete posets
Definition 2 (PartialOrder). A poset (X, ≤) is a set X together with a proposition-valued binary relation ≤: X → X → Ω satisfying: Remark 3. Notice that we require ≤ to take values in Ω, the type of propositions in U 0 , cf. Example 1. This allows us to prove (using function extensionality [28, Example 3.6.2]) that reflexivity and transitivity are propositions, i.e. there is at most one witness of reflexivity and transitivity. We also express this by saying that reflexivity and transitivity are properties, rather than structures. Moreover, we restrict to X being a set to ensure that antisymmetry is a property, rather than a structure.
Definition 4 (posetmorphism). Let X and Y be posets. A poset morphism from X to Y is a function between the underlying sets that preserves the order. We also say that the function is monotone.
Definition 5 (isdirected). Let (X, ≤) be a poset and I any type. Given a family u : I → X, we often write u i for u(i). Such a family is called directed if I is inhabited (i.e. I holds) and i,j:I k:I (u i ≤ u k ) × (u j ≤ u k ) . Remark 6. We use the propositional truncation in the definition above to ensure that being directed is a property, rather than a structure (isaprop_isdirected).
Firstly, we express that the type I is inhabited by requiring an element of I . This is different from requiring an element of I. It is akin to the difference (in set theory) between a set X such that ∃x ∈ X holds and a pair (X, x) of a set with a chosen element x ∈ X.
Secondly, if we had used an untruncated Σ in the second clause of the definition, then we would have asked our poset to be equipped with an operation mapping pairs (x, y) of elements to some specified element greater than both x and y. A poset X is called U-directed complete for a type universe U if every directed family in X indexed by a type in U has a least upper bound in X, which we denote by i:I u i . Symbolically, I:U u:I→X (u is directed → x:X x is a least upper bound of u). We call such a poset a U-dcpo. We shall often simply write dcpo, omitting reference to the type universe.
Remark 8. Contrary to Definition 5, directed completeness is not phrased with a truncated Σ. This justifies having the least upper bound operator . The reason for this definition of directed completeness is that least upper bounds are unique when they exist (lubsareunique). Moreover, the type expressing that an element is a least upper bound for a family can be shown to be a proposition using function extensionality (isaprop_islub). Hence, for any family u, the type of least upper bounds of u and its propositional truncation are equivalent. This observation also tells us, using function extensionality again, that the type expressing that a poset is directed complete is also a proposition (isaprop_isdirectedcomplete), i.e. it is a property of the poset.
Remark 9. In classical mathematics, a dcpo is usually defined as a poset such that every directed subset has a least upper bound. We have formulated our version using families, because in our type-theoretic framework functions are primitive, unlike in set theory where sets are primitive and functions are encoded as particular sets. Another reason for preferring families is that we work in the absence of propositional resizing, so that we must pay attention to size and therefore only ask for least upper bounds of small directed subsets. This point is explained and worked out in detail in [11,Section 5] to which we refer the interested reader. Here we limit ourselves to saying that working with families is more direct, and that for the Scott model we will only need to consider simple N-indexed directed families anyway.

Morphisms of dcpos
Thus, by definition, a dcpo morphism is required to be a poset morphism, i.e. it must be monotone. However, as is well-known in domain theory, requiring that the function is monotone is actually redundant, as the following lemma shows.
Lemma 11. Let D and E be dcpos. If f is a function (on the underlying types) from D to E preserving least upper bounds of directed families, then f is order preserving.
Proof (preservesdirectedlub_isdcpomorphism). Let f : D → E be a morphism of dcpos and suppose x, y : D with x ≤ y. Consider the family 1 + 1 → D defined as inl( ) → x and inr( ) → y. This family is easily seen to be directed and its least upper bound is y. Now f preserves this least upper bound, so f (x) ≤ f (y).

Lemma 12. Every morphism of dcpos preserves directed families. That is, if
Proof (dcpomorphism_preservesdirected). Using monotonicity of f . Theorem 13. Let D and E be dcpos. The morphisms from D to E form a dcpo with the pointwise order.
Proof (dcpoofdcpomorphisms). The least upper bound of a directed family of dcpo morphisms is also given pointwise. The proof only differs from the standard proof of [25,Theorem 4.2] in that it uses directed families, rather than subsets. One may consult the formalisation for the technical details.

Dcpos with ⊥
Definition 14 (dcpowithbottom). A dcpo with ⊥ is a dcpo D together with a least element in D.
Theorem 15. Let D be a dcpo and let E be a dcpo with ⊥. Ordered pointwise, the morphisms from D to E form a dcpo with ⊥, which we denote by E D .
Proof (dcpowithbottom_ofdcpomorphisms). Since the order is pointwise, the least morphism from D to E is simply given by mapping every element in D to the least element in E. The rest is as in Theorem 13.
Dcpos with bottom elements are interesting because they admit least fixed points. Moreover, these least fixed points are themselves given by a continuous function.
Theorem 16. Let D be a dcpo with ⊥. There is a continuous function µ : D D → D that sends each continuous function to its least fixed point. In fact, µ satisfies: 2. for every continuous f : D → D and each d : Proof. (leastfixedpoint_isfixedpoint, leastfixedpoint_isleast). We have formalised the proof of [1, Theorem 2.1.19]. We sketch the main construction here. For each natural number n, define iter(n) : By induction on n, one may show that every iter(n) is continuous. Then, the assignment n → iter(n) is a directed family in D (D D ) . Finally, one defines µ as the least upper bound of this directed family. Recall that least upper bounds in the exponential are given pointwise, so that µ(f ) = n:N f n (⊥).

Constructive issues with partiality
In classical mathematics, a partial map from N to N can simply be seen as a total map from N to N ∪ {⊥}, where ⊥ is some fresh element not in N. The flat dcpo N ⊥ is N ∪ {⊥} ordered as in the following Hasse diagram: Using excluded middle, a directed subset of N ⊥ is either {⊥}, {n} or {⊥, n} (with n a natural number). The least upper bounds of which are easily computed as ⊥, n and n, respectively. Thus, with excluded middle, N ⊥ is directed complete. One could hope that the above translates directly into constructive univalent mathematics, that is, that the poset N ⊥ :≡ (N + 1, ≤ ⊥ ) with ≤ ⊥ the flat order (i.e. inr( ) is the least element and all other elements are incomparable) is (U 0 -)directed complete (in the sense of Definition 7). However, we can prove that this implies Bishop's Limited Principle of Omniscience (LPO), a constructive taboo (recall the final paragraph of Section 1.1.2), as follows.
Write 2 for the type 1 + 1, and 0 and 1 for its inhabitants inl( ) and inr( ), respectively. In type theory, LPO may be formulated 1 as the following type: Then β is directed, so by assumption, it has a supremum s in N ⊥ . By the induction principle of sum-types, we can decide whether s = inl(k) for some k : N or s = inr( ). The former implies k:N α(k) = 1 and we claim that the latter implies n:N α(n) = 0. For suppose that s = inr( ) and let n : N. Since 2 has decidable equality, it suffices to show that α(n) = 1. Assume for a contradiction that α(n) = 1. Then β(n) = inl(k) for some natural number k ≤ n. Using that s is the supremum of β yields: inl(k) = β(n) ≤ ⊥ s = inr( ). By definition of the order we also have the reverse inequality inr( ) ≤ ⊥ inl(k). Hence, inr( ) = inl(k) by antisymmetry, which is a contradiction, so α(n) = 1 as desired.

Partiality, constructively
In this section we present the lifting monad as a solution to the problem described in the previous section. Using the lifting monad in univalent type theory to deal with partiality originates with the work of Escardó and Knapp [12,18] and aims to avoid countable choice.
We start by defining the lifting of a type and by characterising its identity type. In Section 4.1 we prove that the lifting carries a monad structure, while in Section 4.2 we show that the lifting of a set is a dcpo with ⊥. Most of the definitions and some of the results in this section can be found in [18] or in [12]. Exceptions are Lemma 22, Theorem 25 and Theorem 27. We note that our characterisation of equality of the lifting, Lemma 22, is implicit in the fact that the order of [12] is antisymmetric. The order on the lifting in this paper (see Theorem 26) is different from the order presented in [12,18]. The two orders are equivalent, however, as observed by in [14,LiftingUnivalentPrecategory]. We found the order in this paper to be more convenient.
Definition 18 (lift). Let X be any type. Define the lifting of X as Strictly speaking, we should have written pr 1 (P ) → X, because elements of Ω are pairs of types and witnesses that these types are subsingletons. We will almost always suppress reference to these witnesses in this paper.
Definition 19 (liftorder_least). For any type X, the type L(X) has a distinguished element where from-0 X is the unique function from 0 to X. Definition 20 (lift_embedding). There is a canonical map η X : X → L(X) defined by Assuming LEM (i.e. P :Ω (P + ¬P )), we can prove that the only propositions are 0 and 1, for if a proposition P holds, then it is equal (by propositional extensionality) to 1 and if it does not hold, then it is equal to 0. Hence, if we assume LEM then the two definitions above capture all of the lifting, since LEM implies: as (1 → X) X and there is a unique function from 0 to any type X. Constructively, things are more interesting, of course. We proceed by defining meaningful projections.
Since equality of Σ-types often requires transport, it will be convenient to characterise the equality of L(X).
Lemma 22. Let X be any type and let l, m : L(X). The following are logically equivalent 2 First of all, the characterisation of the identity type of Σ-types [28, Theorem 2.7.2] yields: Thus we only have to show that the right-hand side of ( †) is logically equivalent to (2) in the lemma. Suppose first that we have e : isdefined(l) = isdefined(m) and an equality p : transport(e , value(l)) = value(m). Then Using path induction on e , we can prove that value(l) • pr 2 (e) = transport(e , value(l)). Together with p, this equality implies value(l) • pr 2 (e) ∼ value(m), as desired. Conversely, suppose e : isdefined(l) ↔ isdefined(m) and v : value(l) • pr 2 (e) ∼ value(m). By propositional extensionality, we obtain e : isdefined(l) = isdefined(m) from e. From e we can get an equivalence idtoeqv(e ) : isdefined(l) isdefined(m). Furthermore, using path induction on e , one can prove that transport(e , value(l)) = value(l) • (idtoeqv(e )) −1 .
Hence, it suffices to show that the right-hand side of ( * ) is equal to value(m). The homotopy v yields value(l) • pr 2 (e) = value(m) by function extensionality, so it suffices to prove that (idtoeqv(e )) −1 = pr 2 (e). But these are both functions with codomain isdefined(l), which is a proposition, so they are equal by function extensionality.

The lifting monad
In this section we prove that the lifting carries a monad structure. This monad structure is most easily described as a Kleisli triple. The unit is given by Definition 20.

The lifting as a dcpo with ⊥
The goal of this section is to endow L(X) with a partial order that makes it into a dcpo with ⊥, provided that X is a set. We also show that the Kleisli extension from the previous section is continuous when regarded as a morphism between dcpos with ⊥.
Theorem 25. If X is a set, then so is its lifting L(X).
Since X is a set, the type transport(e, value(l)) = value(m) is a proposition. So, if we can prove that isdefined(l) = isdefined(m) is a proposition, then the right hand side is a proposition indexed sum of propositions, which is again a proposition. So let us prove that if P and Q are propositions, then so is P = Q. At first glance, it might seem like one needs univalence (for propositions) to prove this, but in fact propositional extensionality suffices. By [20,Lemma 3.11] (applied to the type of propositions), it suffices to give for every proposition R, a (weakly) constant (i.e. any two of its values are equal) endomap on P = R. But the composition is weakly constant, because P ↔ R is a proposition, so this finishes the proof.
Theorem 26 (cf. Theorem 5.14 in [18] and Theorem 1 in [12]). If X is a set, then L(X) is a dcpo with ⊥ with the following order: Proof (liftdcpowithbottom). First of all, we should prove that L(X) is a poset with the specified order. In particular, should be proposition-valued. If X is a set, then isdefined(l) → l = m is a function type into a proposition and therefore a proposition itself.
Reflexivity and transitivity of are easily verified. Moreover, is seen to be antisymmetric using Lemma 22. The ⊥ element of L(X) is given by ⊥ X from Definition 19. The construction of the least upper bound of a directed family is the most challenging part of the proof. Let u : I → L(X) be a directed family in L(X). Consider the diagram (of solid arrows): We are going to construct the dashed map ψ that makes the diagram commute and define the least upper bound of u as: ( i:I isdefined(u i ) , ψ). Truncating the type is necessary, as i:I isdefined(u i ) may have more than one element if I is not a proposition. The difficulty lies in the fact that the universal property of the truncation only tells us how to define maps into propositions. But X is a set. We solve this problem using [20,Theorem 5.4], which says that every weakly constant function f : A → B to a set B factors through A . That f is weakly constant means that f (a) = f (a ) for every a, a : A. So, to construct ψ, we only need to prove that the top map ϕ in the diagram is weakly constant. Let (i, d i ), (j, d j ) be two elements of the domain of ϕ. We are to prove that value(u i )(d i ) = value(u j )(d j ). As X is a set, this is a proposition. Therefore, using that u is directed, we obtain k : I with u i , u j u k . But d i : isdefined(u i ) and d j : isdefined(u j ), so u i = u k = u j by definition of the order. Hence, . Proving that f # is monotone is quite easy. By monotonicity, f # (v) is an upper bound for the family f # • u. We are left to prove that it is the least. Suppose that l : L(Y ) is another upper bound for the family f # • u, i.e. l f # (u i ) for every i : I. We must show that f # (v) l. To this end, assume we have q : isdefined(f # (v)). We must prove that f # (v) = l.
From q, we obtain p : isdefined(v) by definition of f # . By our construction of suprema in L(X) and the fact that f # (v) = l is a proposition, we may in fact assume that we have an element i : I and d i : isdefined(u i ). But l f # (u i ), so using d i , we get the equality l = f # (u i ). Since v is an upper bound for u, the term d i also yields u i = v. In particular, l = f # (u i ) = f # (v), as desired. Remark 29. We remark that lifting may be regarded as a free construction, in more than one way in fact. This result should be compared to [2,Theorem 5], where Altenkirch et al. exhibit their QIIT as the free ω-cpo with a least element (cf. Section 1.3).
By [10,Theorems 21 and 23], the lifting of a set X can be regarded both as the free pointed dcpo on X and as the free subsingleton complete poset on X. In our predicative setting, some care should be taken in formulating these statements. We do not go into the details here and instead refer the interested reader to [10].

PCF and its operational semantics
This section formally defines the types and terms of PCF as well as the small-step operational semantics. It should be regarded as a formal counterpart to the informal introduction to PCF in Section 1.1.1.
To avoid dealing with free and bound variables (in the formalisation), we opt to work in the combinatory version of PCF, as originally presented by Scott [24]. We note that it is possible to represent every closed λ-term in terms of combinators by a well-known technique [15,Section 2C].
We inductively define combinatory PCF as follows.
Definition 30 (type). The PCF types are inductively defined as: 1. ι is a type, the base type; 2. for every two types σ and τ , there is a function type σ ⇒ τ .
Definition 31 (term). The PCF terms of PCF type σ are inductively generated by: We will often drop the parentheses in the final clause, as well as the PCF type subscripts in k σ,τ , s σ,τ,ρ and fix σ . Finally, we employ the convention that the parentheses associate to the left, i.e. we write rst for (rs)t.
To define the small-step operational semantics of PCF, we first define the following inductive type.
Definition 33 (smallstep', smallstep). Define the small-step pre-relation of type σ:PCF types PCF terms of type σ → PCF terms of type σ → U 0 as the inductive family generated by: s t succ s succ t s t pred s pred t r r ifz s t r ifz s t r We have been unable to prove that s t is a proposition for every suitable PCF terms s and t. The difficulty is that one cannot perform induction on both s and t. However, conceptually, s t should be a proposition, as (by inspection of the definition), there is at most one way by which we obtained s t. Moreover, for technical reasons that will become apparent later, we really want to be propostion-valued. We solve the problem by defining the small-step relation as the propositional truncation of , i.e. s t :≡ s t .
Remark 34. Benedikt Ahrens pointed out that in an impredicative framework, one could use propositional resizing and an impredicative encoding, i.e. by defining as a Π-type of all suitable proposition-valued relations. This is similar to the situation in set theory, where one would define as an intersection. Specifically, say that a relation So because of this increase, impred itself is not one of the suitable relations. Therefore impred does not satisfy the appropriate universal property in being the least relation closed under the clauses in Definition 33. With propositional resizing we could resize impred to a U 0 -valued relation satisfying the appropriate universal property. The advantage of using the propositional truncation above is that it does satisfy the right universal property even without propositional resizing.
Let R : X → X → Ω be a relation on a type X. We might try to define the reflexive transitive closure R * of R as an inductive type, generated by three constructors: extend : x,y:X xRy → xR * y; refl : x:X xR * x; trans : x,y,z:X xR * y → yR * z → xR * z.
But R * is not necessarily proposition-valued, even though R is. This is because we might add a pair (x, y) to R * in more than one way, for example, once by an instance of extend and once by an instance of trans. Thus, we are led to the following definition.
Definition 35 (refl_trans_clos, refl_trans_clos_hrel). Let R : X → X → Ω be a relation on a type X. We define the reflexive transitive closure R * of R by xR * y :≡ xR * y , where R * is as above.
It is not hard to show that R * is the least reflexive and transitive proposition-valued relation that extends R, so R * satisfies the appropriate universal property (refl_trans_clos_univprop).
Some properties of reflect onto * as the following lemma shows.
Lemma 36. Let r , r, s and t be PCF terms of type ι. If r * r, then 1. succ r * succ r; 2. pred r * pred r; 3. ifz s t r * ifz s t r.
Moreover, if f and g are PCF terms of type σ ⇒ τ and f * g, then f t * gt for any PCF term t of type σ.
Proof (succ_refltrans_smallstep, pred_refltrans_smallstep, ifz_refltrans_smallstep, app_refltrans_smallstep). We only prove (1) the rest is similar. Suppose r * r . Since succ r * succ r is a proposition, we may assume that we actually have a term p of type r * r . Now we can perform induction on p. The cases were p is formed using refl or trans are easy. If p is formed by extend, then we get a term of type r r ≡ r r . Again, as we are proving a proposition, we may suppose the existence of a term of type r r . By Definition 33, we then get succ r succ r. This in turn yields, succ r succ r and finally we use extend to get the desired succ r * succ r.

The Scott model of PCF using the lifting monad
Next, we wish to give a denotational semantics for PCF, namely the Scott model, as explained in Definition 1.1.2. We recall that the idea is to assign some mathematical structure to each PCF type. The PCF terms are then interpreted as elements of the structure.
Definition 37 (denotational_semantics_type). Inductively assign to each PCF type σ a dcpo with ⊥ as follows: Recall that if D and E are dcpos with ⊥, then E D is the dcpo with ⊥ of dcpo morphisms from D to E, with pointwise ordering and pointwise least upper bounds.
Next, we interpret PCF terms as elements of these dcpos with ⊥, for which we will need that L is a monad (with unit η) and (in particular) a functor (recall Theorem 24 and Remark 28).
Definition 38 (denotational_semantics_terms). Define for each PCF term t of PCF type σ a term t of type σ , by the following inductive clauses: Remark 39. Of course, there are some things to be proved here. Namely, succ , pred , . . . , fix all need to be dcpo morphisms. In the case of succ and pred , we simply appeal to Theorem 27 and Remark 28. For fix , this is Theorem 16. The continuity of k , s and ifz can be verified directly, as done in the formalisation (k_dcpo, s_dcpo, lifted_ifz). It is however, unenlightning and tedious, so we omit the details here.
As a first result about our denotational semantics, we show that the PCF numerals have a canonical interpretation in the denotational semantics.
Proposition 40. For every natural number n, we have n = η(n).

Soundness and computational adequacy
In this section we show that the denotational semantics and the operational semantics defined above are "in sync", as expressed by soundness and computational adequacy (cf. Section 1.1.2).
Theorem 41 (Soundness). Let s and t be any PCF terms of PCF type σ. If s * t, then s = t .
Proof (soundness). Since the carriers of dcpos are defined to be sets, the type s = t is a proposition. Therefore, we can use induction on the derivation of s * t. We use the Kleisli monad laws in proving some of the cases. For example, one step is to prove that ifz s t n + 1 = t .
Ideally, we would like a converse to soundness. However, this is not possible, as for example, k zero = k(succ(pred zero)) , but neither k zero * k(succ(pred zero)) nor k(succ(pred zero)) * k zero holds. We do, however, have the following.
Theorem 42 (Computational adequacy). Let t be a PCF term of PCF type ι. Then, Equivalently, for every n : N, it holds that t = n implies t * n.
We do not prove computational adequacy directly, as, unlike soundness, it does not allow for a straightforward proof by induction. Instead, we use the standard technique of logical relations [25,Chapter 7] and obtain the result as a direct corollary of Lemma 49.
Definition 43 (adequacy_relation). For every PCF type σ, define a relation R σ : PCF terms of type σ → σ → Ω by induction on σ: We sometimes omit the type subscript σ in R σ .
Lemma 44. Let s and t be PCF terms of type σ and let d be an element of σ . If s * t and tR σ d, then sR σ d.
Proof (adequacy_step). By induction on σ, making use of the last part of Lemma 36.
Lemma 45. For t equal to zero, succ, pred, ifz, k or s, we have: tR t .
Next, we wish to extend the previous lemma the case where t ≡ fix σ for any PCF type σ. This is slightly more complicated and we need two intermediate lemmas. Only the second requires a non-trivial proof.
Lemma 46. Let σ be a PCF type and let ⊥ be the least element of σ . Then, tR σ ⊥ for any PCF term t of type σ.
Proof (adequacy_bottom). By induction on σ. For the base type, this holds vacuously. For function types, it follows by induction hypothesis and the pointwise ordering.
Lemma 47. The logical relation is closed under directed suprema. That is, for every PCF term t of type σ and every directed family d : I → σ , if tR σ d i for every i : I, then tR σ i:I d i .
Proof (adequacy_lubs). This proof is somewhat different from the classical proof, so we spell out the details. We prove the lemma by induction on σ.
The case when σ is a function type is easy, because least upper bounds are calculated pointwise and so it reduces to an application of the induction hypothesis. We concentrate on the case when σ ≡ ι instead.
Recall that i:I d i is given by ( . We are tasked with proving that t * ϕ(p) for every p : isdefined( i:I d i ). So assume that p : i:I isdefined(d i ) . Since we are trying to prove a proposition (as * is proposition-valued), we may actually assume that we have (j, p j ) : i:I isdefined(d i ). By definition of ϕ we have: ϕ(p) = value(d j )(p j ) and by assumption we know that t * value(d j )(p j ), so we are done.
Proof (adequacy_fixp). Let t be a PCF term of type σ ⇒ σ and let f : σ ⇒ σ such that tR σ⇒σ f . We are to prove that fix tR σ µ(f ).
By definition of µ and the previous lemma, it suffices to prove that fix tR σ f n (⊥) where ⊥ is the least element of σ for every natural number n. We do so by induction on n.
The base case is an application of Lemma 46. Now suppose that fix tR σ f m (⊥). Then, using tR σ⇒σ f , we find: t(fix t)R σ f (f m (⊥)). Hence, by Lemma 44, we obtain the desired fix tR σ f m+1 (⊥), completing our proof by induction.
Lemma 49 (Fundamental Theorem). For every PCF term t of type σ, we have tR σ t .
Proof (adequacy_allterms). The proof is by induction on t. The base cases are taken care of by Lemma 45 and the previous lemma. For the inductive step, suppose t is a PCF term of type σ ⇒ τ . By induction hypothesis, tsR τ ts for every PCF term s of type σ, but ts ≡ t s , so we are done.
Computational adequacy is now a direct corollary of Lemma 49.
Proof of computational adequacy (adequacy, adequacy_alt, alt_adequacy). Take σ to be the base type ι in Lemma 49.
Using computational adequacy to compute. An interesting use of computational adequacy is that it allows one to argue semantically to obtain results about termination (i.e. reduction to a numeral) in PCF. Classically, every PCF program of type ι either terminates or it does not. From a constructive point of view, we wait for a program to terminate, with no a priori knowledge of termination. The waiting could be indefinite. Less naively, we could limit the number of computation steps to avoid indefinite waiting, with an obvious shortcoming: how many steps are enough? Instead, one could use computational adequacy to compute as follows.
Let σ be a PCF type. A functional of type σ is an element of σ . By induction on PCF types, we define when a functional is said to be total : 1. a functional i of type ι is total if i = n for some natural number n; 2. a functional f of type σ ⇒ τ is total if it maps total functionals to total functionals, viz.
f (d) is a total functional of type τ for every total functional d of type σ. Now, let s be a PCF term of type σ 1 ⇒ σ 2 ⇒ · · · ⇒ σ n ⇒ ι. If we can prove that s is total, then computational adequacy lets us conclude that for all total inputs t 1 : σ 1 , . . . , t n : σ n , the term s(t 1 , . . . , t n ) reduces to the numeral representing s ( t 1 , . . . , t n ). Thus, the semantic proof of totality plays the role of "enough steps". Of course, this still requires us to prove that s is total, which may be challenging. But the point is that we can use domain-theoretic arguments to prove this about the denotation s , whereas in a direct proof of termination we would only have the operational semantics available for our argument.

Semidecidable propositions and PCF terms of base type
In this section we characterise those propositions that arise from the PCF interpretation, in the following sense. Every PCF term t of base type ι gives rise to a proposition via the Scott model, namely isdefined( t ). We wish to show that such propositions are semidecidable, which we define now. For ease of notation, we write ∃ for the propositional truncation of Σ.
Definition 50. A proposition Q is semidecidable if it is equivalent to ∃ n1:N · · · ∃ n k :N P (n 1 , . . . , n k ) where k is some natural number and P : N k → Ω is a proposition-valued family such that P (m 1 , . . . , m k ) is decidable for every (m 1 , . . . , m k ) : N k .
We will prove our goal that isdefined( t ) is semidecidable by showing that it is logically equivalent to ∃ n:N ∃ k:N t k n and by proving that t k n is decidable. Here t k n says that t reduces to n in at most k steps. A first step towards this is the following, which is a consequence of soundness and computational adequacy.
Lemma 51. Let t be a PCF term of type ι. We have the following logical equivalences Proof (char_pcf_propositions). We start by proving the first logical equivalence. The second then follows from the fact that isdefined( t ) is a proposition. Suppose p is of type isdefined( t ). By computational adequacy, we find that t * value( t )(p), so we are done.
Conversely, suppose that we are given a natural number n such that t * n. Soundness and Proposition 40 then yield t = η(n). Now : isdefined(η(n)), so we may transport along the equality to get an element of isdefined( t ).
In order to characterise the propositions arising from PCF terms of base type as semidecidable, we wish to prove that t * n is semidecidable for every PCF term t of type ι and natural number n. We do so by proving some more general results, which we present in Section 8.1 and Section 8.2. Here, we outline our general strategy and highlight the main theorems and their applications to the problem at hand.
Given any (proposition-valued) relation R on a type X, we can define the k-step reflexive transitive closure R k of R and prove that xR * y if and only if ∃ k:N xR k y. Thus we obtain the following (intermediate) result.
Lemma 52. For every PCF term t of type ι, we have: Proof (char_pcf_propositions'). This follows from Lemma 51 and Lemma 57.
Thus, to prove that s * t is semidecidable, it suffices to show that s k t is decidable for every natural number k. To this end, we prove the following in Section 8.1.
Theorem (Theorem 61). Let R be relation on a type X. If 1. X has decidable equality; 2. R is single-valued;

3.
y:X xRy is decidable for every x : X; then, the k-step reflexive transitive closure R k of R is decidable for every natural number k.
Thus, s k t is decidable if it satisfies the assumptions (1)-(3). Assumptions (2) and (3) can be verified by inspection of the small-step operational semantics once (1) has been proved.
Hence, we are to prove that the type of PCF terms has decidable equality. This can be done fairly directly by induction (as pointed out by one of the anonymous referees). However, we take it as an opportunity to study (in Section 8.2) a more general and powerful result on indexed W-types (see Theorem 73), which is interesting in its own right. For now, we take it as proved that the PCF terms have decidable equality and continue our study of propositions coming from PCF terms at the base type.
Theorem 53. The propositions that arise from PCF terms t of type ι are all semidecidable, as witnessed by the following logical equivalence: isdefined( t ) ←→ ∃ n:N ∃ k:N t k n and the decidability of t k n.
Given this theorem, it is natural to ask whether we can construct the Scott model of PCF using a restricted version of the lifting monad. Write Ω sd for the type of propositions that are semidecidable. Theorem 53 says that the map PCF terms of type ι → Ω t → isdefined( t ) factors through Ω sd . Thus, could we also have constructed the Scott model of PCF using the restricted lifting L sd (X) :≡ P :Ω sd (P → X)?
Of course, L sd (X) is not a dcpo, because, recalling our construction of suprema in L(X), given a directed family u : I → L sd (X), the proposition i:I isdefined(u i ) need not be semidecidable. However, one might think that L sd (X) still has suprema of N-indexed directed families (which would suffice for the Scott model), but proving this requires an instance of the axiom of countable choice, cf. [18,Theorem 5.34] and [12,Theorem 5]. Moreover, L sd is a monad if and if only a particular choice principle (which is implied by countable choice) holds, see [12,Theorem 3] and [18,Section 5.8]. In fact, this choice principle is the one discussed in Section 1.3; [18,Theorem 5.28] proves that if X is a set then L sd (X) is equivalent to the quotiented delay monad.
Again, as pointed out in Section 1.3, the problem is that this choice principle cannot be proved in constructive univalent type theory.

Decidability of the k-step reflexive transitive closure of a relation
In this section we provide sufficient conditions on a relation for its k-step reflexive transitive closure to be decidable. The purpose of this section is to prove Theorem 61, whose use we have explained above.
Definition 54 (hrel). A relation on X is a term of type X → X → Ω.
Definition 55 (refltransclos_step, refltransclos_step_hrel). Let R be a relation on a type X. We wish to define the k-step reflexive transitive closure of R. As in Definition 35, we want this to be proposition-valued again. Therefore, we proceed as follows. For any natural number k, define xR k y by induction on k: 1. xR 0 y :≡ x = y; 2. xR k+1 z :≡ y:X xRy × yR k z.
The k-step reflexive transitive closure R k of R is now defined as the relation on X given by xR k y :≡ xR k y .
We wish to prove that xR * y if and only if k:N xR k y . The following lemma is the first step towards that.
Lemma 56. Let R be a relation on X. Recall the untruncated reflexive transitive closure R * from Definition 35. We have a logical equivalence for every x, y in X: Proof (stepleftequiv, left_regular_equiv). Define xR y inductively by: refl : x:X xR x; left : It is not hard to verify that R is reflexive, transitive and that it extends R. Using this, one shows that xR y and xR * y are logically equivalent for every x, y : X. Now one easily proves k:N (xR k y → xR y) by induction on k. This yields ( k:N xR k y) → xR y. The converse is also easily established. Thus, xR y and k:N xR k y are logically equivalent, finishing the proof.
The next lemma extends the previous one to the propositional truncations.
Lemma 57. Let R be a relation on X. For every x, y : X, we have a logical equivalence: Proof (stepleftequiv_hrel, left_regular_equiv). Let x and y be in X. By the previous lemma and functoriality of propositional truncation, we have xR * y ≡ xR * y ←→ k:N xR k y .
But the latter is equivalent to k:N xR k y ≡ k:N xR k y by [28,Theorem 7.3.9]. This may also be proved directly, as done in the formalisation.
Definition 58 (is_singlevalued). A relation R on X is said to be single-valued if for every x, y, z : X with xRy and xRz we have y = z.
Definition 59 (isdecidable_hrel). A relation R on X is said to be decidable if the type xRy is decidable for every x and y in X.
Lemma 60. Let X be a type. If X is decidable, then so is X .
Proof (decidable_ishinh). Suppose that X is decidable. Then there are two cases to consider. Either we have x : X or ¬X. If we have x : X, then obviously we have |x| : X .
So suppose that ¬X. We claim that ¬ X . Assuming X , we must find a term of type 0. But 0 is a proposition, so we may actually assume that we have x : X. Using ¬X, we then obtain 0, as desired.
Theorem 61. Let R be relation on a type X. If 1. X has decidable equality; 2. R is single-valued;

3.
y:X xRy is decidable for every x : X; then, the k-step reflexive transitive closure R k of R is decidable for every natural number k.
Proof (decidable_step). Suppose X and R satisfy conditions (1)-(3). By Lemma 60, it suffices to prove that the untruncated version of R k , that is R k , is decidable by induction on k.
For the base case, let x and y be elements of X. We need to decide xR 0 y. By definition this means deciding x = y, which we can, since X is assumed to have decidable equality.
Now suppose x and z are elements of X and that aR k b is decidable for every a, b : X. We need to show that xR k+1 z is decidable. By definition this means that we must prove y:X xRy × yR k z ( * ) to be decidable. By (3), we can decide y:X xRy. Obviously, if we have ¬ y:X xRy, then ¬( * ). So assume that we have y : X such that xRy. By induction hypothesis, yR k z is decidable. If we have yR k z, then we get ( * ). So suppose that ¬yR k z. We claim that ¬( * ). For suppose ( * ), then we obtain y : X with xRy and y R k z. But R is single-valued, so y = y and hence, yR k z, contradicting our assumption.

Decidable equality and indexed W-types
We wish to prove that a certain class of indexed W-types has decidable equality. Indexed Wtypes are a generalisation of W-types that allows for many-sorted terms. One may consult [28,Section 5.3] for an explanation of regular W-types. The PCF terms form a natural example of an indexed W-type, where the sorts will be the formal types of PCF terms. We apply the general result for indexed W-types to see that the PCF terms have decidable equality.

PCF terms as an indexed W-type
In this section we explain what indexed W-types are and how PCF terms can encoded as such an indexed W-type.
Definition 62 (indexedWtype). Let A and I be types and let B be a type family over A. Suppose we have t : A → I and s : ( a:A B(a)) → I. The indexed W-type W s,t specified by s and t is the inductive type family over I generated by the following constructor: indexedsup : Just as with regular W-types, we can think of indexed W-types as encoding a particular class of inductive types. In this interpretation, A encodes the constructors of the inductive type, whereas B encodes the arity of each constructor. However, each constructor has a "sort" given by t(a) : I. Given a constructor a : A and a label of an argument b : B(a), the sort of this argument is given by s(a, b).
Example 63. In this example, we show that a fragment of the PCF terms can be encoded as an indexed W-type. One could extend the encoding to capture all PCF terms, but we do not spell out the tedious details here, as a fragment suffices to get the idea across.
The type family T is inductively defined as: 1. zero is a term of type ι; 2. succ is a term of type ι ⇒ ι; 3. for every PCF type σ and τ , we have a term app σ,τ of type (σ ⇒ τ ) ⇒ σ ⇒ τ .
We can encode T as an indexed W-type. Let us write 2 for 1 + 1 and 0 2 and 1 2 for its elements. Take I to be the type of PCF types and put  on the other elements s is defined as the unique function from 0. One can check that given a PCF type σ : I, there is a type equivalence T (σ) W s,t (σ).

Indexed W-types with decidable equality
We wish to isolate some conditions on the parameters of an indexed W-type that are sufficient to conclude that an indexed W-type has decidable equality. We first need a few definitions before we can state the theorem.
Definition 64 (WeaklyCompactTypes in [14], picompact). A type X is called Π-compact when every type family Y over X satisfies: if Y (x) is decidable for every x : X, then so is the dependent product x:X Y (x).
Example 65 (picompact_empty, picompact_unit). The empty type 0 is vacuously Π-compact. The unit type 1 is also easily seen to be Π-compact. There are also interesting examples of infinite types that are Π-compact, such as N ∞ , the one-point compactification of the natural numbers [14,WeaklyCompactTypes].
We are now in position to state the general theorem about decidable equality on indexed W-types.
Theorem 66. Let A and I be types and B a type family over A. Suppose t : A → I and s : ( a:A B(a)) → I. If A has decidable equality, B(a) is Π-compact for every a : A and I is a set, then W s,t (i) has decidable equality for every i : I.
The proof of Theorem 66 is quite technical, so we postpone it until Section 8.2.4. Instead, we next describe how to apply the theorem to prove that the PCF terms have decidable equality.

PCF terms have decidable equality
In this section we show that the PCF terms have decidable equality by applying Theorem 66. Before we proceed, we record some useful lemmas.
Lemma 67. Let X and Y be logically equivalent types. The type X is decidable if and only if Y is decidable.
Definition 68. A type X is called a retract of a type Y if there are maps s : X → Y (the section) and r : Y → X (the retraction) such that x:X r(s(x)) = x.
Lemma 69. Let X be a retract of Y . If Y has decidable equality, then so does X.
Proof (isdeceq_retract). Let r : Y → X and s : X → Y be respectively the retraction and section establishing X as a retract of Y . Let a, b : X. Since Y has decidable equality, we can consider two cases: r(a) = r(b) and r(a) = r(b). In the first case, we find a = s(r(a)) = s(r(b)) = b. In the second case, we immediately see that a = b. This finishes the proof.
Lemma 70. The Π-compact types are closed under binary coproducts.
Proof (picompact_coprod). Let X and Y be Π-compact types. Suppose F is a type family over X + Y such that F (z) is decidable for every z : X + Y . We must show that z:X+Y F (z) is decidable.
Define F X : X → U by F X (x) :≡ F (inl(x)) and F Y : Y → U as F Y (y) :≡ F (inr(y)). By our assumption on F , the types F X (x) and F Y (y) are decidable for every x : X and y : Y . Hence, since X and Y are assumed to be Π-compact, the dependent products x:X F X (x) and y:Y F Y (y) are decidable.
Finally, z:X+Y F (z) is logically equivalent to x:X F X (x) × y:Y F Y (y). Since the product of two decidable types is again decidable, an application of Lemma 67 now finishes the proof.
Finally, let us see how to apply Theorem 66 to see that the PCF terms have decidable equality.
Theorem 71. The PCF terms have decidable equality.
Proof. As with Example 63, we only spell out the details for the fragment T. Recall that T may be encoded as a W-type, indexed by the PCF types. Using Example 65 and Lemma 70, we see that B(a) is Π-compact for every a : A. Note that A has decidable equality if I does. So it remains to prove that I, the type of PCF types, has decidable equality.
This will be another application of Theorem 66. Define A :≡ 2 and define B : A → U by B (inl( )) :≡ 0 and B (inr( )) :≡ 2. Let t and s be the unique functions to 1 from A and x:A B (x), respectively. One quickly verifies that the type of PCF types is a retract of W s ,t ( ). Observe that B (x) is Π-compact for every x : A because of Example 65 and Lemma 70. Finally, 1 and A ≡ 2 clearly have decidable equality, so by Theorem 66 the type W s ,t ( ) has decidable equality. Thus, by Lemma 69, so do the PCF types.

Proof of Theorem 66
In this section we prove Theorem 66 by deriving it as a corollary of another result, namely Theorem 73 below. This result seems to have been first established by Jasper Hugunin, who reported on it in a post on the Homotopy Type Theory mailing list [16]. Our proof of Theorem 73 is a simplified written-up account of Hugunin's Coq code [17,FiberProperties.v].
Definition 72 (Definition 2.4.2 in [28], hfiber). Let f : X → Y be a map. The fiber of f over a point y : Y is fib f (y) :≡ x:X (f (x) = y).
Theorem 73 (Jasper Hugunin). Let A and I be types and B a type family over A. Suppose t : A → I and s : ( a:A B(a)) → I. If B(a) is Π-compact for every a : A and the fiber of t over i has decidable equality for every i : I, then W s,t (i) also has decidable equality for every i : I.
Let us see how to obtain Theorem 66 from Theorem 73.
Proof of Theorem 66 (using Theorem 73) (indexedWtype_deceq'). Suppose that A has decidable equality and I is a set. We are to show that the fiber of t over i has decidable equality for every i : I. Let i : I be arbitrary. Suppose we have (a, p) and (a , p ) in the fiber of t over i. Since A has decidable equality, we can decide whether a and a are equal or not. If they are not, then certainly (a, p) = (a , p ). If they are, then we claim that the dependent pairs (a, p) and (a , p ) are also equal. If e : a = a is the supposed equality, then it suffices to show that transport λx:A.t(x)=i (e, p) = p , but both these terms are paths in I and I is a set, so they must be equal.
We now embark on a proof of Theorem 73. For the remainder of this section, let us fix types A and I, a type family B over A and maps t : A → I and s : ( a:A B(a)) → I.
We do not prove the theorem directly. The statement makes it impossible to assume two elements u, v : W s,t (i) and proceed by induction on both u and v. Instead, we will state and prove a more general result that is amenable to a proof by induction. But first, we need more general lemmas and some definitions.
Lemma 74. Let X be a type and let Y be a type family over it. If X is a set, then the right pair function is injective, in the following sense: if (x, y) = (x, y ) as terms of a:X Y (a), then y = y .
Proof (dec_depeq). Suppose X is a set, x : X and y, y : Y (x) with e : (x, y) = (x, y ). From e, we obtain e 1 : x = x and e 2 : transport Y (e 1 , y) = y . Since X is a set, we must have that e 1 = refl x , so that from e 2 we obtain a term of type y ≡ transport Y (refl x , y) = y , as desired. For notational convenience, we will omit the subscript of sub.
Lemma 76. Let a : A and f, g s(a, b)). If the fiber of t over i has decidable equality for every i : I, then indexedsup(a, f ) = indexedsup(a, g) implies f = g.
As fib t (i) is decidable, it is a set by Hedberg's Theorem [28,Theorem 7.2.5]. Therefore f = g by Lemma 74.
In future use, we omit the subscript of getfib.
Proof (getfib_transport). By path induction on p.
We are now in position to state and prove the lemma from which Theorem 73 follows.
Lemma 79. Suppose that B(a) is Π-compact for every a : A and that the fiber of t over each i : I has decidable equality. For any i : I, u : W s,t (i), j : I, path p : i = j and v : W s,t (j), the type transport Ws,t (p, u) = v is decidable.
Proof (indexedWtype_deceq_transport). Suppose i : I and u : W s,t (i). We proceed by induction on u and so we assume that u ≡ indexedsup(a, f ). The induction hypothesis reads: b:B(a) j :I p :s(a,b)=j v :Ws,t(j ) Suppose we have j : I with path p : t(a) = j and v : W s,t (j). By induction, we may assume that v ≡ indexedsup(a , f ). We are tasked to show that transport Ws,t (p, indexedsup(a, f )) = indexedsup(a , f ) ( †) is decidable, where p : t(a) = t(a ).
By assumption the fiber of t over t(a ) has decidable equality. Hence, we can decide if a , refl t(a ) and (a, p) are equal or not. Suppose first that the pairs are not equal. We claim that in this case ¬( †). For suppose we had e : ( †), then ap getfib (e) : getfib(transport Ws,t (p, indexedsup(a, f ))) = getfib(indexedsup(a , f )).
By definition, the right hand side is (a , refl t(a ) ). By Lemma 78, the left hand side is equal to (a, refl t(a) • p) which is in turn equal to (a, p), contradicting our assumption that a , refl t(a ) and (a, p) were not equal. Now suppose that a , refl t(a ) = (a, p). From this, we obtain paths e 1 : a = a and e 2 : transport λx:A.t(x)=t(a ) e 1 , refl t(a ) = p. By path induction, we may assume e 1 ≡ refl a , so that from e 2 we obtain a path ρ : refl t(a ) = p.
Using this path, we see that the left hand side of ( †) is equal to indexedsup(a , f ), so we are left to show that indexedsup(a , f ) = indexedsup(a , f ) is decidable. By induction hypothesis ( * ) and the fact that a ≡ a , the type Function extensionality then yields f = f , so that indexedsup(a , f ) = indexedsup(a , f ).
On the other hand, suppose ¬ b:B(a ) f (b) = f (b). We claim that then, indexedsup(a , f ) cannot be equal to indexedsup(a , f ). For suppose that indexedsup(a , f ) = indexedsup(a , f ). Then Lemma 76 yields f = f , contradicting our assumption that ¬ b:B(a) f (b) = f (b), and finishing the proof.
Proof of Theorem 73 (indexedWtype_deceq). Let i : I and u, v : W s,t (i). Taking j :≡ i and p :≡ refl i in Lemma 79, we see that u = v is decidable, as desired.

Size matters
In this penultimate section, we explain some of the subtleties regarding dcpos and universe levels. In particular, we revisit the dcpo of continuous functions while rigorously keeping track of universe levels. In the end, our analysis shows that, even in the absence of propositional resizing, the interpretation function − of the Scott model is well-defined (Theorem 80). (For more on predicative domain theory, the reader may wish to consult our recent work [10,11].) As mentioned in the introduction, our results are formalised in Agda [14,PCFModules].
To study universe levels, let us suppose that we have a tower of type universes U 0 : U 1 : . . . , indexed by meta natural numbers. (In the end, it will turn out that having just two universes U 0 : U 1 is sufficient for our purposes.) Let us fix some notation for (raising) universe levels. We write U + i for U i+1 and U i U j for U max(i,j) . The universes are assumed to be closed under +-, Σ-and Π-types and if X : U and Y : X → V, then x:X Y (x), x:X Y (x) : U V. Finally, since U : U + , we have X:U Y (X) : U + V if Y : U → V.

The lifting
In Section 1.2, we introduced Ω as the type of propositions in the universe U 0 . To see why we made this particular choice of type universe and to appreciate the considerations involved, it is helpful to consider a more general situation. Let us write Ω T for the propositions in some type universe T . Define the (generalised) lifting L T (X) of a type X is as L T (X) :≡ P :Ω T (P → X). Now observe that if X is a type in a universe U, then lifting (potentially) raises the universe level, as L T (X) is a type in universe T + U. However, if X happens to be a type in T + , then L T (X) also lives in T + . Moreover, repeated applications of L do not raise the universe level any further, because if X is in T + U, then L T (X) is as well. Despite the fact that lifting raises the universe level, one can write down the monad laws for L T and they typecheck.
Let X and I be types in universes U and V, respectively. Suppose that u : I → L T (X). Note that i:I isdefined(u i ) is in V T . When considering L T (X) as a dcpo (cf. Theorem 26), we want i:I isdefined(u i ) to be in T again. One way to ensure this, is to take V to be U 0 . This would make L T (X) a U 0 -dcpo. Indeed, this is what we prove in the Agda formalisation. In particular, this means that L T (X) has N-indexed directed suprema, which suffices for the Scott model of PCF.

The dcpo of continuous functions
In fact, we should be even more precise when it comes universe levels and dcpos than we have been so far. Write W-(DCPO ⊥ ) U ,V for the type of W-directed complete posets with a least element whose underlying type is in U and whose underlying order takes values in V.
Then L U0 (N) ≡ L(N) is of type U 0 -(DCPO ⊥ ) U1,U1 , for example. (One easily checks that the order from Theorem 26 has values in U 1 .) Recall that σ ⇒ τ ≡ τ σ , the dcpo with ⊥ of continuous functions from σ to τ , so let us investigate the universe levels surrounding the exponential. In general, we have: if D : W-(DCPO ⊥ ) U ,V and E : W-(DCPO ⊥ ) U ,V , then E D : W-(DCPO ⊥ ) W + V V U U , U V .
( †) We explain the universe levels involved as follows.
Let D be of type W-(DCPO ⊥ ) U ,V and write D and ≤ D for its underlying type and order, respectively. Further, let E be of type W-(DCPO ⊥ ) U ,V and write E and ≤ E for its underlying type and order, respectively.
The underlying type of the exponential E D is the type of functions from D to E that are continuous. The underlying order is the pointwise order: if f and g are continuous functions from D to E, then f ≤ E D g if x:D f (x) ≤ E g(x).
Because D is in U and ≤ E takes values in V , we see that ≤ E D takes values in U V . Furthermore, the type of functions from D to E is in U U . But the type of continuous functions also mentions ≤ D and ≤ E and all directed families indexed by a type in W. In particular, the latter means that the definition of the type of continuous functions contains I:W . Therefore the type of continuous functions is in W + V V U U . And indeed, this is the case.
Proof. If, in ( †), we take W to be U 0 and U, U , V, V all to be U 1 , then ( †) reads: as desired.

Conclusion and future work
Our development confirms that univalent type theory is well adapted to the constructive formalisation of domain-theoretic denotational semantics of programming languages like PCF, which was the original goal of this investigation. Moreover, our development is predicative. In particular, we have given a predicative version of directed complete posets. Our results show that partiality in univalent type theory via lifting works well. We rely crucially on Voevodsky's treatment of subsingletons as truth values. In particular, the propositional truncation plays a fundamental and interesting role in this work. Finally, we saw an interesting application of the abstract theory of indexed W-types in characterising the propositions that come from PCF terms of the base type. Regarding the Scott model of PCF, there are two questions for future research: 1. Is there a natural extension of the map ι pr1 − − → Ω to all PCF types? Can we characterise the propositions at types other than ι, e.g. the propositions at type ι ⇒ ι? Are they still semidecidable?
2. How can we better understand the fact that only semidecidable propositions occur for the Scott model, but that restricting to such propositions somehow needs a weak form of countable choice?
In [10] we develop domain theory further in predicative and constructive univalent type theory, including continuous and algebraic dcpos, ideal completions and Scott's famous D ∞ . Complementing this work, the paper [11] explores some aspects of domain theory that cannot be done predicatively.