STUDIES IN PROOF THEORY

Advisory Editors
BIBLIOPOLIS
. PER MARTIN-LOF
Notes 'by Giovanni Sambin of- a series 0/ lectures
given in Padua, June i980
INTUITIONISTIC TYPE THEORY
P. MARTIN-LOF
G .E. MINC
W. POHLERS
D. SCOTT
W. SIEG
C. SMORYNSKI
R. STATMAN
S . TAKASU
G . TAKEUTI
D. PRAWITZ
H. SCHWICHTENBERG
C. CELLUCCI
J..Y. GIRARD
P. AczEL
C. BOHM .
W. BUCHHOLZ
E. ENGELER
S . FEFERMAN
CH. GoAD
W. HOWARD
G.HUET
D. LEIVANT
Managing Editors
STUDIES IN PROOF THEORY
LECTURE NOTES
u .
I .
CONTENTS
Natural numbers . . .. ... .. ... .. . .. . ..... .. .. . . . ... .. . . ... . .. . . 71
Pr-opos Ltional equali ty ... ... ... . ...... . . : . .. . . .... . . . .. .. . .. . .
Lists ; . . . . . . . . . . . . . . . . . . . . . . . 77
Wellorderings ........ . ..... . .. .. . .. . . ......... ... . . .. .... . . 79
Uni verses .... ... . . ' . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . 87
, , '
.. ~ " ..
Finite se ts
Consistency
Di sjoint union of" two sets .. .... . .... . . .. ..... . . .. .. . . . . . . .. '. .. 55
59
65
69
Introductory remarks .
Proposi tions and judgements " 3
Explanations of the forms of judgement ' 7
Prop ositions 11
Rules o f e qua l i ty , . . . . . . . . . . . . . . .. . . . . . . . . . .. . . .. . . .. .. . . . . 14
Hypothetical judgements and s ubs t i t u t i on rul e s 16
Judgements wi t h more than one assumption and contexts 19
Sets and ca tegor i e s _ 2 1
General remarks on the rules 24
Cartesian product of a family of s e t s 26
Definitional equality : 31
AppLf cat Lcns of the cartesian product ; ' ,' 32
Disj oint uni on of a family of sets ... . . .... ..... . . .. . . .. . . . . .. . 39
Appli cations of the ' disjoint uni on 42
The axiom of' choice ...... .. ..... .. ... .. . ..... ... . . . . .. . ... . 50
The notion of such that ... . . . . . . ... . . . . .. . . . .... .. ....... . .. .. 53
I
\
1
l
I
I
i
t
I
I
I
1984 by Bibliopolis, edizioni di f i l ~ s o l 1 i i \ scienze
Napoli, via Arangio Ruiz 83 , ';.. :,', " " , ,
All rights reserved, No part of'ihis>-,1;;qp!i:,:ti,ay ' be reproduced , in any
form or by any means without permission' -inwriting from. the publisher
Printed in I taly by Grafitalia
Via Censi dell'Arco, 25 Cercola (Napoli)
)
ISBN 88-7088-105-9
I
t
1
,
I
I

Preface
These lectures were given in Padova at tha Laboratorio per
Ricerche 'di Dinamica dei Sistemi e di Elettronica Biomedica the
, Cons i gl i o Nazionale delle Ricerche during the month of June 1980.
I am indebted to Dr'. , Enrico Pagello of that laboratory for the op-
portunity of so doing . The audience was made up by philosophers,
mathematicians and computer scientists. Accordingly, I tried to say
something which might be of to each of these three cat-
egories. Essentially the same lectures, albeit in a somewhat im-
proved and more advanced form, were given later in the same year
as part of the meeting on Konstruktive Mengenlehre und Typentheorie
which was organized in Munich by Prof. Dr. Helmut Schwichtenberg,
te whom I am indebted for the invitation, during the week 29 Sep-
- 3 October 1980.
The main improvement of the Munich .l ec t ur es , as compared wi t h
those given in Padova, was toe adoption of a systematic higher level
(Ger. Stufe) notation which allows me to write simply
Fl (A,B), L(A,B), W(A,B) , ),(b),
E(c,d), D(c,d,e), R(c ,d,e), T(c;d)
instead of
(Tl x EO A)B(x), (L x e A)B(x) , (Wx e iI)B(x) , (AX)b(x),
E(c,(x,y)d(x,y, D(c,(x)d(x),(y)e(y; R(c,d,(x,y)e(x,y ,
T(c,(x,y,z)d(x,y,z,
respectively. Moreover, the use, of higher level variables arid con-
stants makes it possible to formulate the elimination and equality
rules for the cartesian product in such a way that they follOw the
'. ,.
IT-elimination
cEI:(A,B)
c = (p(c) ,q(c) E E (A,B)
c (Ax)Ap(c,x) E n(A,BJ
C E n (A,B)
F(c ,d) -= d( (x)Ap(c ,x.
stockholm, January 1984,
Moreover, the second of these, that is, the rule
can be derived by means of the in the same way as the rule
is.derived byway of example on p . 62 of the main text . Conversely ,
the new elimination and equality rules can be derived from the old
ones by making the definition
So, actually, they are equivalent.
It only remains for me to thank Giovanni Sambin for having
undertaken, at his own suggestion, the considerable work of writing
and typing these notes, therebf making the lectures accessible to a
wider aUdience.
l
!
1
I
dey) 6 C(A(y
d(yl ' 6 cO.(y ,
(y Lx ) E. B(x) (x oS A
(y(x) E. B(x) (x E. A
F ( c " d) 6 C( c )
F(A,(b) ,d)
. (x E A)
b Cx ) 6 B(x)
C E. n (A ,B)
r-espect.t vely. Here y is a bound function variable, F is a new non-
(eliminatory) operator by means of which the binary ap-
plication operation can be defined, putting
same ,pa t t e r n as the elimination and equality rules for all the other
type forming operations. In their new formulation, these rules read
Ap(c,a) == F(c, (y)y(a,
Pel' Martin-Lof
and y(x) E. B(x) (x E. A) is an assumption, itself hypothetical, which
has been put within parentheses to indicate that it is being dis-
charged. A program of the new form F(c,d) has provided c has
value A(b) and deb) has value e. This rule for evaluating F(c,d)
reduces to the lazy evaluation rule for Ap(c,a) when the above defi-
nition is being made. Choosing C(z) to be B(a), thus independent of
z, and d(y) to be y(a), the new eiimination rule reduces tp the old
one and the new equality rule to the first of the two old equality
1
j
I
1
- 1 -
I'
,I
I:
:1
!I
I
Introductory remarks
,Ma t hema t i ca l logic and relation between logic and mathematics
have been interpreted in at three different ways:
(1) mathematical logic, as symbolic logic, or logic using mathe-
matical .ymbolism;
(2) mathematical logic 'as foundations tor philosophy) of mathe-
matics;
(3) mathematical logic as logic studied by mathematical methods,
as a branch of mathematics. '
We shall here mainly be interested in mathematical logic in the second
sense. What shall do is also mathematical logic in the first sense,
but certainly not in the third .
'The principal problem that remained afterP'rincipia Mathematica
was completed was, according to its authors, that of justifying the
axiom of reducibility (or, as we would now say, the impredicative com-
prehension axiom)'. The, ramified theory of types was predicative, but
it was not sufficient for deriving even elementary parts of analysis .
So axiom of reducibility was on the pragmatic ground that it
was needed, although no .atisfactory justification (explanation) of it
could be provided. The whole point of the ramification was , then lost ,
so that it might just as well be abolished. What then remained was
the simple theory of types. Its official justification (Wittgenstein ,
rests on the interpretation of propositions as truth values
and propositional functions (of one or several variables; as truth
functions. The laws of the classical propositional logic are then
clearly valid, and so are the quantifier laws , as long as quantifica-
tion is restricted to finite domains. However, it does not seem poss-
ible to make sense of quantification over infinite domains , like the
ment: '
separ-ate steps:
Here the , proposition (Ger. Satz) and asser-
tion or judgement '( Ge r . Urteil) is essential.
What we combine by means
of' the logical operations (.l::> & v V 3 ')
, , , , " and hold to be true are
propositions. When we hold
a proposition to be true , we make a
speak, they f'orm an open
concept, In standard textbook
presentations of first order logic, we d'
can three quite
The distinction between propositions and jUdgements was clear
from Frege to Principia. These notions have later be 1
en rep aced by the
formalistic notions of formula and theorem (in
a formal system) , re-
spectively. Contrary to formUlas, propositions are
not def'ined induc-
tively . So to
(2) specif'ication of aXioms and rules
of inference ,
Propositions and Judgements
(3) semantical interpretation.
proposition ,
In particular, ' t he premisses and conclusion of
a logical inference are
judgements.
(1) inductive definition of terms and
formulas ,
- 3 -
Formulas and ddt '
e uc are given meaning only through semantics
which is usually done follOWing Tarski and ' ,
assuming set theory .
What we do here is t t
, mean 0 be closer to ordinary mathematical
We will avoid keeping form and meaning (content) apart In-
stead we will at the same time display certain forms of and
inference that are used in mathematical d '
, " proofs an explain, them seman-
tically. Thus we make explicit h t
w a is usually implicitly taken f'or
- 2 -
l ' C. A. Hoare, An axiomatic basis of computer programming, Com-
munications of the ACM, Vol. 12,196'9, pp. 576-580 and 583.
2 E. W. Dijkstra, A discipline of Programming, Prentice Hall,
Englewood Cliffs, N.J ., 1976.
3 "
P. Martin-Lof, Constructive mathematics and computer program-
ming, Logic, Methodology and Philosophy of Science VI; Edited ,by
L. J. Cohen, J. Los, H. Pfeiffer and K.-P. Podewski, North-Holland,
Amsterdam, 1982, pp. 153-175. '
domain of natural numbers, on this interpretation of the notions of
proposition and propositional For this reason, afuong others,
what we develop here is an intuitionistic theory of types ; which is
also predicative (or 'ramified). It is free from the deficiency of
Russell's ramified theory of types, as regards the possibility of de-
veloping elementary parts of mathematics, like the theory of ' r e a l num-
bers, because of the presence of the operation which allows us to form
the cartesian product of ,a ny given family of sets, in particular, the
set of all functions from one set to another.
In two areas, at leasti our language to have advantages -
over traditional foundational languages. First, Zermelo-Fraenkel set
theory cannot adequately deal with the foundational problems of cat
egory theory, where the category of all sets, the category of all
groups, the , category of functors from one such category to another
etc. are considered. These problems coped with by means of the
distinction between sets and categories (in the logical or philosophi-
cal sense, not in the sense of category theory) which is made in intu-
itionistic type theory. Second, present logical symbolisms are inad-
equate as programming languages, which explains why computer scien-
tists have developed their own languages (FORTRAN, ALGOL, LISP,
PASCAL, ... ) and systems of proof rules (Hoare
1
, Dijkstra
2,
. ). We
have shown elsewhere
3
how the additional richness of ' t ype theory, as
compared with first order predicate logic, makes it usable as a pro-
gramming language.
A
A v B
4 -
A i s solvable
A is f ulfil l a bl e
. ( realizable)
a E A
a i s a method of solving the
probl em ( doing the task) A
a is a method of
(realizing) the intention
( expectation ) A
A is a set a is an 'eLement of the set . A A is nonempt y
A is a proposition a is a proof ( construction) of A is true
the proposition A
A set
- 5 -
( 2 ) A and B equal (A B),
(4) a and b are equal elements of the set A (a = b E A) .
( 3) a is .an element of the set A (a A) ,
. We us e f our f orms of
(1) A is a set (abbr . A
i n the ta.ble:
A is a problem
(task)
A is an i ntention
(expectation)
(If we read lit.rally a s , then we A E Set ,
A = BESet , a e El (!) , a = b E El(A) , respectively.) Of course , any
syntactic variables co uld be us ed , the f 11 use 0 sma l e t t e r s f or el-
ements and capi t a l letters f or ae't s i s onl y t o convenience . Not e t hat
in or di na r y set t heor y , a E b and a = b are propositi ons , whi l e they
a r e j udgements here. A jUdgement of the f orm A = B has no mean ing
less we already know A and B t o sets . Likewise , a jUdgement of t he
f orm a E A presupposes that A is a set , and a judgement of t he f orm
a = b E A presuppose.s, first, that A is t d a se , an , second, t ha t a and
b are elements of A .
Each f orm of judgement admits f 1 o severa different readings , as
ric '
I
A tr-ue B prop .
l-AyB
A v B true
A, B prop . .1- A
A prop.
or
where we use, like Frege, the symbol l- to the left of A to signify
that A is true . In our system of rules , . t hi s wi l l always be explicit .
A r ule of inference is j ustified by explaining the conclusion on
the assumpti on that the premisses are kno wn. H.ence, before a rule of
inference can be justified, it must be explained wha t it is that we
must know "in or de r to have the right to make a judgement of any one
of the various f orms that the premisses and cOnclusion can have.
takes f or granted that A and B are f ormulas, and onl y then does it say
that we can i nf e r Av B to be true when A is true . .If we are t o give a
f ormai rule, we have to make this expllcit, writing
granted. When one treats logi c as arty othe r br anc h of mathematics, as
i n the metamathematical traditi on originated by Hilbert , such judge-
ments and inferences are onl y partially and f ormal l y repr esented in
the s o-called obj ec t language, while they are implicitly used; as in
any other br anch of mathematics, in the s o-cal led metalanguage.
Our main aim is to build up a system of f orma l rules representing
in the bes t possible way informal (mathematical) reasoning. In the
usual natural deduction style , the rules given are not quite . f ormal .
For i ns t ance , the rule.
4 A. Heyting, Die intuitionistische Grundlegung der Ma t hema t ik ,
Erkenntnis, Vol. 2, 1931 , pp. 106-115 . .
5 A. N. Kolmogorov , Zur Deutung der intuitionistischen Logik,
Zeitschrift , Vol. 35 . 1932, pp .
6 H. B. Curry and R. Feys, Combinatory Logic, Vol. 1, North-
-Holland ; Amsterdam , 1958 , pp , 312-315.
7 w'., A. Howard , The formulae-as-types not ion of construction, To
H. B. Curry : Essays on Combinatory Logic, Lambda Calculus arid Formal-
ism , Academic Press, London , 1980 , pp. 419-490.
The second, logical interpretation is discussed toghether with rules
below. The third was suggested by Heyting
4
a nd t he fourth by Kol mo-
gOrov
5
. The last i s very close to programming. "a is a method . . . " can '
be read as "a is a program . .. ". Since programming languages have a
formal notation for the program a, but not for A, we complete the sen-
tence with " ... which meets the s pe c i f i ca tion A". In .Kolmogorov 's in-
t e r pr e t a t i on , the word problem refers to something to be done and the
wor d program to how to do it . The analogy between t he first and the
second interpretation is. implicit in the Brouwer-Heyting interpret-
ation logical It was made more explicit bY ,Curry,and
Feys6 , but only for the impl icational fragment , and i t wa s extended t o
, . 7
intuitionistic first order arithmetic by Howard _ It is the only known
way of logic so that axiom of 6hoice
becomes , valid .
To distingui sh between proofs. of judgements (usually in tree-like
form) and proofs of propositions (here identified with elements , thus
to the left of E . ) we reserve the word construction for the latter and
use it when confusion might occur.
- 7
Explanations of the forms of judgement
by which its elements are constructed. However" the we aknes s of thi s
definition is clear: 10
10
, for instance, though not obtainable wi th
thegi ven rules, is clearly an element of N, sinc,e we kno w t hat we '
can bring it to the form a' for some a e ' N. We thus ha ve. to distin -
the elements which have a form by which we can di rectly see
that they are the result of one of the rules , and 'ca ll them canoni -
cal , from all other e lements, whi ch we wi l l call noncanonical .
a'E N
o E N
a N
The first ,is the ontological (ancient Greek) , t he second the epis-
(Descartes, Kant, . ) and the third the semant ical (mod-
ern) way of posing essentially the same question . At first sight , we
could assume that a set is defined by prescribing how i t s elements
are formed. This we do when we say that the set of natural numbers
N is defined by giving the rules :
What does a judgement of the form " A is a set" mean?
What is it that we must know in order to have the right to judge
something to be a set?
Wha t is a set?
tions:
For each one of the. four forms of judgement, we. now explain wha t
a judgement of that form means . We can explain what a judgement , s a y
of the first form, means by answering one of the following three ques -
\
- 6 -
- 8 -
b Eo B a
- 9 -
(2) two sets A and Bare equal if
a A a E A a . B
---
(that is, and --)
a B a B a 6. A
(4) two arbitrary elements a, b of a set A are equal if , when
executed, a and b yield equal canonical elements of A as resul1
This is the meaning of a judgement of the form a . A. Note that here
we assume the notion of method as primitive. The rules of computatic
of the present language will be such that the computatic
of an element a of a set A terminates with a .va l ue b as soon as the
outermost form of b tells t hat, it. is a canonical element of A (norm"
order or lazy evaluation) . For instance, the computation of 2 + 2
gives the value (2 + 1)', which is a canonical element of N since
2 + 1 E N.
Finally:
and
for arbitrary canonical elements a, b.
abE A
(3) an element a of a set A is a method (or program) which, whe
executed, yields a canonical element of A as result .
This is the meaning of a judgement of the form A= B.
When we explain what an element of a set A is, we must
we know that A is a set, that is, in particular, how its canonical
. elements are formed. Then:
b' . N a'
b = d . B
b B
and
a <= A
a = c A
(a ,b) = (c,d) A x B
a b <= N
(a,b)AxB.
(1) a set A is defined by prescribing how a canonical element
of A is formed as well as how two equal canonical elements of
A are formed.
by means of which equal canonical elements are formed. There is no
limitation on the prescription defining a set, except that equality
between canonical elements must always be defined in such a way as
to be reflexive, symmetric and transitive.
Now suppose we know A and B to be sets, that is, we know how
canonical elements and equal canonical elements of A and B are formed .
Then we stipulate:
which prescribes how canonical elements are formed, and the rule
To take example, A x B is defined by the rule
But then, to be able t o. define when two noncanonical elements are
equal, we must also prescribe how two equal canonical elements are
formed. So:
This is the explanatipn of the meaning of a judgement of the form
A i s a set. For example, to the rUI'es for N above, we must add
- 10 -
This is the meaning of a judgement of the form a = b A. This defi-
nition makes good sense since it is' part of the definition ' of a set
what it means for two canonical ,elements of the set to be equal.
Example. If e, f A x B, then e and f are methods which yield
canonical elements (a,b), (c,d) E A x B, respectively, as results,
and e f E A x B if (a,b) (c,d) E A x B, which in turn if
- 11 -
Propositions
8 D. Prawitz, Intuitionlst1c logic: a philosophical challenge ,
Logic and Philosophy, Edited by G. H. von Mar tinus Ni j hof f ,
The Hague , pp . 1-10.
a proposition is defined by laying down what counts ' a s ' a proof
of the proposition,
a proposition is true if it has a proof, that is , if a proof of
8
it can be given
and that
Classically, a proposition is nothing but a truth va l ue, that
an element of the set of truth values, whose two elements are
true and the false. Because of the difficulties of justifying
the rules for forming propositions by'means of quantification over
infinite domains , when a proposition is understood, as a truth value ,
this explanation is rejected by the intuitionists and replaced by
saying that
Thus , intuitionistically, truth is identified with provability , though
of course'not (because of incompleteness theorem) wi t h deriva-
bility within any particular formal system.
The explanations of the meanings of the logical operations, which
fit together with the intuitionistic conception of wha t a proposit ion
is, are given by the standard table:
d B; a = c E A and b
' t he first line ' of which should be interpreted as saying that there
is nothing that counts as a proof ~ .
The above table can be made more explicit by saying:
I '
I I
I
t
\
II
,I
a proof of the proposition
.L
A & B
AV B
A :> B
( Vx)B(x) ,
(3 x)B(x)
a proof of the proposition
.i,
A & B
A v B
A :> B
('o'x)B(x)
(3 x)B(x)
- 12 -
consists of
a proof of A and a proof of B
a proof of A or a proof of B
a method which takes any proof
of A into a proof of B
a method which takes an arbitrary
individual a into a proof of B(a)
an individual, a and a proof of
B(a)
has the form
(a,b), where a is a proof of A
and b is a proof of B
i(a) ; where a is a proof of A,
or j{b), where b is a proof of B
(Ax)b(x), where b(a) is a proof
of, B provided a i ~ a proof of A
(Ax)b(x), where b(a) is a proof
of B(a) prOVided a is an individual
(a,b), where a is an individual
and b is a proof of B(a)
- 13 -
As it stands, this table is not strictly cor-r-ect., since it, shows
proofs of canonical form only. ' An arbitary proof, in anal;ogy with an
arbitrary element of a set, is a method of producing a proof of ca-
nonical form.
If we take seriously , the idea that a p r o ~ o s i t i o n is defined by
laying down how its canonical proofs are f'or-me d (as in the second
table above) and accept that a set is defined by prescribing how its
canonical elements are formed, then it is clear that it would only
lead to unnecessary duplication to keep the notions of proposition
and set (and the associated notions of proof, of a proposition ' and el-
ement of a set) apart. Instead, we simply identify them, that i s,
treat them as one and the same notion. This is the formulae-as-types
(propositions-as-sets) interpretation on Which intuitionistic type
theory is based.
We no w begin to build up a system of rules. First , we gi ve the
fo llowing rules of equality , which are ea s i l y e xplained using the
fac t t h a t t h e y hol d , by definition, for canonica l eleme nts :
For instance, a de t a i l e d explanati on of transitivity is : a = b E A
means that a and b yield canonical elements d and e , respectively , and
that d = e A. Similarly , if c yields f , e = f EA. Sinc e we assume
transitivity for canoni cal element s , we obtain d = f E A, which means
t ha t a = c A.
C, we "
B A
a = b E B
b e A a
b .. A
a E A
a <; C
a
a=be.B
- 15 -
B
a _= b e A
abE C
A
a e B
a e A
Equality of sets
and
for a , b canonical elements of A and" B. From the same f or B
also obtain
and
for a , b canonical elements, which is the meaning of A =" C.
In the same evident way, the meaning of A = B justi fies the
rules:
-.
c B
c A
B A
A s et
A = B
B = A
A = A
c EO A
a E B
a 6, A
b
B i s t hat
C A
b E A
a 6 A
a
b e A
a e A
a = a e A
a
The me a ni ng of A
b
a
Trans itivity
- 14 -
Rules of equal ity
Symmetry
Reflexi vity
- 16
(1) B( x) set (x e 'A)
D(x)
(x E A)
(x E A)
D(c)
B(x)
B(x) = D(x)
Beal
c E. A
a E A
a
(2) B(x) = DUe) (x e. 'A)
- 17 -
. Sub s ti tut Lon
is correct. We can now derive the rule
B(a) = D(a)
which says that B(x) 'and D(x) are equal families of sets over the
set A; is that B(a) and D(a) are equal sets for any element a of A
(so, in particular , B(x) and D(x) must be famiiies of sets over
Therefore the rule
B(x) is a set under- the assumption x e .A, which does not mean ' .t ha t
,we must have a derivation within any particular formal system (like
the one that we, are in the process of building up). When an assumption
X E A is discharged by application of a rUle, we wr i t e it inside
brackets.
The meaning of a ' hypot he t i ca l Judgement of the form
from the above rules. In fact, c ,E A and B( x) set (x E A) ,
' we obtain B(a) '= B(c) by the second substitution r ul e , and f rom c E A,
which is implicit in a c E: A, B(c) = D(c) by the third substitution
rule. So B(a) = D(c) by ,transitivity.
(x E A)
B(x) se t
B(c) B(a)
C E A
X E: A
a
B(x) s et
( x E A)
B(x) set
B(a) set
a E A
Substitution
The notation
Hypothetical Judgements and substitution rules
only recalls that we make (have a proof of) the judgement that
which says that B(x) is a set under the assumption x E A, or, better,
that B(x) is a family of set s over A. A more traditional notation
is {B 1 or {B : X E A} The meaning of a judgement of the form
x
J
x E A x .
(1) is that B(a) is a set whenever a is an element of A, and also
that B(a) and B(c) are equal sets whenever a and c are equal elements
of A. By virtue of this meaning , we LmmedLat.e Ly see that the follow-
ing s ubs t i t ut i on rules are correct:
The four basic forms of judgement are generalized in . order t o
expresi also hypothetical judgements , i .e. judgements which are made
under assumptions . In this section, we treat the case of one such
assumption . So assume that A is a set . The form of judgement
is generalized to the hypotheti cal form
means that b(a) and d(a) are equal elements of the set B(a) for any
e lement a of the set A. We then have
- '9 -
A
2(X,)
is a family of sets ov er A"
(1) A(X" .. . x
n)
s e t (x, E A,. x
2
e A
2(x,),
... .
Xn E An ( x " ... ,x
n
_,
A, is a set .
A
3(X"x2)
is a family of s e t s with two indices x, A, and
x
2
A
2
( X, ) ,
Judgements with more than one assumption and contexts
An(x, ..,oo., x
n_,'
is a family of sets with n- ' indices x, . A"
X
2E
A
2
(x,), .. . , x
n_,
E A
n_,(x,
' ...x
n_ 2)
.
means that A(a" ... ,an) is a set whenever a, . A" a
2
E A
2(a,)
, ., . ,
anE . ... an_') and that A(a" . .. ,a
n)
= A(b " .... , b
n
'
whenever a, = b, e A" .. . , an = b
n
An(a" ... ,a
n
_,) . We say that
A(x" .. ,x
n)
is a family of sets with n indices. The rt assumptions in
a judgement of the form (,) constitute what we call the context . whi ch
plays a role analogous to the sets of f or mul a e r . (extra formulae)
appearing in Gentzen sequents . Note also that any initial segment of a
context always a context. Because of the meaning of a hypothetical
Then a judgement of the form
We may now further generalize judgements to include hypotheti cal
judgements with an arbitrary number n of assumptions. We explain their
meaning by induction. that is, assuming we understand the meaning of
judgements with n-' assumptions. So assume we know that
. I
(x E A)
b(x) E. B(x)
b(a) = b(c) . B{a)
c A a
(x . A)
b(x) = d(x) e B(x)
(x A)
b Cx) . iHx)
a . A
b(a) E. B(a)
Finally, a judgement of the form
b(a) = d(a) . B(a)
Substitution
- '8 -
a A
(4) b(x) = d(x) . B(x) (x . A)
Substitution
A hypothetical of the form
(3) b(x) E B(x) (x A)
wQi ch i s the last substitution rule .
means that we know b(a) to be an element of the set B(a) assuming we
know a to be an element of the set A, and that b(a) = bI c ) E. B(a)
wheneve r a and c are equal elementa of A. In other wor ds , b(x) is
an extensional function with domain A and .r ange B(x) depending on
the argument x . Then the following rules are justified:
t he category of families of sets B(x) (x E A)' ove r a given set A.
the category of elements of a given set (or proofs of a proposi-
tion) .
the category of sets (or propositions).
etc .
sets, .
the category of functions c(x.y) E C(x.y) (x E A, y E B(x . where
A is a set. ~ ( x ) (x E A) and C(x.y) . (x "- A. y EB(x families of
- 2' -
the category of families of sets C(x .y) (x EA. Y E B(x , where
A set. B(x) set (x E A).
Sets and categories
the category of functions b(x) E a(x) (x E A). where A set .
B(x) set (x E A) ,
In addition to these , there are higher categories . like the category
of binary functions which take two sets into another set . The function
x . which takes two sets A and B into their cartesian product A x B.
A category. is defined by explaining what an object of the cat-
egory is and when two such objects are equal . A category need not be
a set, since we can grasp what it means to be an object of a given
category even without exhaustive rules for forming its objects . For
instance. we now grasp what a set is and when two sets are equal , so
we have defined the category of sets (and. by the same token . the
category of propositions), but it is not a set. So far . we have de-
fined several categories:
- 20 -
(4) a(x, . x
n)
= b(X, . ,x
n)
E A(x, . x
n)
(x EA. X E A (x, . .... x ,
" n n n-
(equal functions with n arguments).
{3) a(x" ... , x
n
) E A(x, , x
n
) (x, e A, ... ..
x
n
E An(x, . x
n
_,
(function with n arguments),
(equal families of sets with n indices),
and we assume the corresponding substitution rules to be given.
judgement of the f o ~ m ('), we see that the first two rules of substi-
tut ion may be extended to the case of n assumptions ,and we understand
these extensions t o be given .
It is by now clear how to explain the meaning of the remaining
forms of hypothetical judgement :
- 22 -
is an example of an object of that c a tego r y .
We will say obj ect of a category but e lemen t of a set, wh i c h r e-
flects the difference between categories and sets . To cat-
egory it is not necessary to prescribe how its objects are
but Just to grasp what (arbitrary) object of the category is. Each
set determines a category, namely the category of elements of the set,
but not conversely: for instance, the c a t ego r y of sets and the cat-
egory of propositions are not sets, since we cannot describe how all
their elements are formed. We ca n now s a y that a judgement i s a state-
ment to the e f f e c t that s ome t h i ng is an object of a c a t egor y (a 6 A,
A set , . .. ) or that two objects of a c a tegor y are equal (a = b E A,
A B, ) .
What about t h e word type in the logical s e ns e . given to it by
Russell with his ramifi ed (resp. simple) theory o f types ? Is type syn-
onymous with category or with s e t ? In some cases with the one , it
s e e ms , and in other cases with the other. And it is this confusion of
two different concepts which has l ed to the impredicati vity of the
simple theory of types . When a type i s defined a s the range of signi-
ficance of a propositional function, so that types are wha t the
quantifiers range over, then it seems that a type is the same thing
a s a set. On the other hand , when one speaks about the simple types
of propositions, properties of indiViduals , relations between individ-
uals etc., it seems as if types and categories are the same . The im-
portant difference between the ramified types of propositions, prop-
erties, relations etc . of some finite order and the simple types of
all propositions , properties, relations etc. is precisely that the
ramified types are (or can be understood as) s ets, so that i t makes
sense to quantify over them, whereas the simple types are mere cat-
egories .
For example, B
A
is a s e t , the set of functions from the set A to
23 -
t h e set B (B
A
will be introduced as an abbreviation for (n x E
when B(x) is constantly equal to B). In parti cular , {O, ll Ais a se t ,
but it is not the s ame thing as which is only a c a t e gor y. The
reason that B
A
can be construed t i .
as a ses that we take the notion
of function as primitive , instead of defining a function as a se t of
ordered pairs or a binary relation satisfying the usual existence and
uniqueness conditions , which would make it a category (like d?(A))
instead of a . set .
When one speaks about data types in computer science , one mi ght
just as well say data s e ts . So here type is always synonymous wi t h
set and not with category .
- 24 -
General remarks 'on the rules
We now start to gi ve the rules for the different symbols we use.
We will follow a common pattern in giving them. For each operation
we have four rules :
set formation,
introduction,
elimination,
equality .
The formation rule says that we can form a certain (proposition)
from certain other sets (propositions) or families of sets (proposi-
tional functions). The introduction say what a re the canonical
elements (and equal canonical elements) of the set, , t hus giving its
meaning. The elimination rule shows how we may define functions on the
set defined by the introduct ion ' r u l e s . The equality rules relate the
introduction and elimination rules by showing how a function defined
by 'means of the elimination rule operates on the canonical elements
of the set which are generated by the introduction rules.
In the interpretation of sets as propositions, the formation
rules are used to form propositions, introduction and elimination
rules are like those of Gentzen
9
, and the equality rules correspond
to the reduction rules of Prawitz
10.
9 G. Gentzen, Untersuchungen uber das logische Schliessen,
Mathematische Zeitschrift , Vol . 39, 1934, pp .176-210 and 405-431.
10 D. Prawitz, Natural Deduction, A Proof-Theoretical Study,
Almqvist & Wiksell, Stockholm, 1965.
' 1
I
' .. .;. .' ,
- 25 -
We remark here also that to each rule. of set formation, intro-
duction and elimination, there corresponds an equality rule, which
allows to equals for equals.
The rules should be rules of immediate inference; we cannot
further analyse them, but only explain them. However , in t h e end , no
explanation can substitute each individual 's understanding .
..1
-- - --- - - ----_:=-----_.
(x E , A)
A = C
C = A
D( x)
x e. A
B(x)
(x E C)
- ' 27 -
b(x} e D(x)
A = C
C = A
x E A
b Lx) e. B(x)
(x E C)
rection is similar.
(AX)b(x) E (DXE C)D(x)
name of the former. Since, in general, there are no exhaustive rules
for generating all functions from one set to another , it follows that
we cannot generate inductively all the elements of a. set of the form
(nx IS, A)B(x} (or, in particular, of the
1
,form 'B
A,
like NN).
We can now justify the second rule of set formation. So let
(AX}b(x) be a canonical element of (TIx E A)B(x}. Then b( x} E B(x}
(x E A). Therefore, assuming x E C we get x E A by symmetry and equal-
ity of sets from the premiss A C, and hence b(x} E B(x}. Now, from
the premiss B(x} = D(x} (x E A), again by equality of sets (which is
assumed to hold also for families of sets) , we obtain b(x} E D(x) ,
and hence (Ax}b(x) e: ([1 x e C)D(x} by n-introduction. The other di-
' ~ o t e that these rules introduce canonical elements and equal canoni-
elements, even if b(a} is not a canonical element of B(a) for
A. Also, we assume that the usual variable restriction is met,
i.e . that x does not appear free in any assumption except (those of
E A. Note that it is neccessary to understand that
hex) e B(x} (x E A) ' i s a function to be able to form the canonical
element (AX}b(x) E (fix e, A)B(x); we could say that the latter is a
D(x)
(x c;; A)
B(x) C A
(Tl x E A)B(x) = (Tix E C)D(x}
(x e A)
BOc} set A set
(fix E A)B(x} set
(AX}b(x) = (Ax;}d(x) e (fix ' e A)B(x}
b(x) = d(x} e B(x)
(x e A)
(AX)b(x) e (T] x E A)B(x)
b(x} E. B(x}
- 26 -
Cartesian product of a family of sets
n -introduction
D-formation
Given a set A and a ,f ami l y of setsB(x} over the set A, we can
The second rule says that from equal arguments we get equal values.
The same holds for all other set forming operations, and we will never
i Th conclus
' on of the first rule is that something
spell it out aga n. e
is a set. To understand which set it is, we must know how its canoni-
cal elements and its equal canonical elements are formed. This is ex-
plained by the introduction rules:
form the product:
(x E A)
b(x) E B(:c)
C E (TIx E A)B(x)
a E A
(Ax)Ap(c,x) E (nx E A)B(x) c
ApAX)b(x) ,a) = bra) E B(a)
n-equality
We have to explain the meaning of the new constant Ap (Ap for
Application) ; Ap(c,a) is a method of obtaining a canonical element of
B(a) , and we now explain how to execute it. We know that
c (Tl x E A)B(x) , that is, that c is a method which yields a canoni-
cal element (AX)b(x) of (TIx e A)B(x) as result . Now take a E A and
it for x inb(x). Then .b( a ) E B(a). Calculating b(a), we
obtain as result a canonical element of B(a), as required . Of course,
in this explanation ; no concrete computation is carried out; it has
the character of a thought experiment (Ger. Gedankenexperiment) , We
use Ap(c,a) instead of the more common bra) to distinguish the result
of applying the binary application function Ap to the two arguments c
and a from the result of applying b to a. Ap(c,a) corresponds to the
application operation (ca) in combinatory logic. But recall that in
logic there are no type restrictions , since one can al-
ways form (ca), for any c and a.
- 29 -
. .. . .
the pr-ogr-am the. first rule say.s that . applying the name of
a program to argument yields the same as executing the pro-
gram with that ,rgument aj Similarly, . the second r ul e is needed
The first equality rule shows how .the new function Ap operates' on the
canonical elements of (Fl x E A)B(x): Think of (AX)b(x) as a name of
A) ,
a = b E A
a E A
X . A
B[x) = D(x)
(x 6 C)
(Ax)d(x) '" (Dx '" C)D(X)
= (Ax)d(X) E (TIx E A)B(x)
=
C = A
A = C
X E A
c e; (nx . A)B(x)
Ap(c,a) . B(a)
c = d E (nx . A)B(x)
(Ax)b(x)
Ap(c,a) = AP(d,b) E B(a)
(Ax)b(x) = O.x)d(x) . (TIx E C)D(x)
b(X) = d(X) . D(X)
A = C
(x . C)
(Ax)b(x) and (Ax)d(x) be equal
same assumptions. So let
Then b(X) = d(x) E B(x) (x E
elements of. (nx 6 A)B.,(x) .
n _elimination
1
canonical elements of
and (Ax)d(X) are equa
shows that (Ax)b(x)
(f\x e; C)D(x).
and therefore the derivation
28 -
corresponds directly to the
We also have to prove that
under the
. canonical
. d . s a formal
derivation cannot be considere a
We remark that the above 0
in type theory itself S1nce
. of the second T1_formation rule
proof 0 l oty between two sets which
formal rule of prov1ng an equa 1
there is no explanation of what such an equality means.
- 30 -
B true A true
A & B true
- 31 -
Definitional . equality is intensional equality, or equality of
meaning (synonymy). We use the symbol:: or =def. (which was first
introduced by Definitional equality :: is a relation
between linguis.tic expr-esa t ons ; it should not be confused with equal-
ity between objects (sets, elements .of a set etc.) which we denote
by =. Definitional equality is the equivalence relation generated by
abbreviatory definitions, changes of bound variables and the pr inciple
of sUbstituting equals for equals. Therefore it is decidable, but not
in the sense that a == b V .., (a == b) holds, simply because a == b is
not a proposition in the sense of the present theory. Definitional
equality can be used to rewrite expressions, in which case its decid-
ability is essential in checking the formal correctness of a proof.
In fact, to check the correctness of an inference like
Definitional equality
for instance, we must in particular make sure that the occurrences of
the expressions A and B above the line and the occur-
rences below are the same, that is, that they are definitionally
equal. Note that the rewriting of an expression is not counted as a
formal inference.
rules for B
A,
which is the
B
A
. to
(AX)AP(c .x) B(x) (x E A)
provided a
Ap(c,a) yields the
equal elements, we need
rule
er n _introduction for ) . B( )
By the (a ) Ap(c,a E a
) This means b a =
b(X)
-_ Ap(c .x) E B(x) . (x EA . (' )b(X) and hence
. ce c yi e l ds AX .
EA. But this is true,
same value as b(a).
d cts contain the
The rules for pro u t B In fact , we take
the set A to the se .
set of functions from Here the concept of
B does not depend onx.
be (ll.x E A)B, where
nitional equality is useful .
f which we know only
( ) for a program 0
to obtain a notation, Ap c ,x, . f llows . .Recall that
l
e can be as 0
c The second ru ts as re-
the name y'eld equal canonical elemen
, . 1 if they )
two elements are equa It (Ax)b(x) , where oCx) E B(X
i Ids the resu
S
u l t s . eye t to prove is
is canonical, what we wan
(x A). Since (Ax)Ap<c,X)
- 32 -
- 33 -
I I
,1
1
\ .
Applications of the cartesian product
Fi rst , us.ing definitional equality, we can now defi ne B
A
by
putting
V -introduction
(x E A)
B(x) true
provided B does not depend on x , We next consider the n-rules in
the i nte r pre t a t i on of propositions as sets . If, i n the. f i r s t rUle ,
n - formation, we think of B(x) as a proposition instead of a set,
then , after the definition
(Vx 6 A)B(x) _ (Tl x G A)B(.x) ,
it becomes the rule
a(x
1
, ,x )
.0
E i\{x
1
, ,x ) (XE A
m 1 1' " ., X E A (x
x E A ( m m 1"" , X
m
_
1
) ,
m+l m+l x
1
, .. ,x
m)
, ... , x E A ( x
.0 .0 l' . . . , x
m

V -formation
('r;fx E A)B(x) prop .
t rue).
true (x E A
1 1 ' . ' X E A (x
A m m l' , x
m
1 )'
m+l(x
1
, ,x) true A ( -
m ' . .. , .0 x
1
' , x
m)
prop . (x E "i
1 1 , .. , X G A ( x
A m m l ""'x 1)'
m+l(x
1
, . . ,x) true A ( m-
m ' .. , .0 x
1
" " ' x
m)
t rue)
A(X
1
, , x j
. m
A(x
1
,. .. ,x )
m
Similarly, we write
that A(
a s , x
1'
.. .. , x ) i s a p
x . m roposi tion provided e A
m e Am (x 1" , x ) and ' A xl 1 " ,
m-l ' m+l(X
1"
" 'x) A (
m ' . . . , .0 x
1
"" ' x )
: m
. namely, ' suppose that A
. . . 1 up to A and A
Then ,. if we ' a .' m+ .0 depend only on x
re merely interested in the l' . , . x .
inesserit';a'l truth of A(x ) m
~ to writ .e explicit l " " 'x , i t is
symbols fo th m
A . s . r e elements of A
. n' 0 we abbreviate it with m.l ' .. . ,
(x 6 A)
B(x) prop
. A set
which says that un i versal quantification forms propos itions. A set
merely says that the domain over which the universal quantifier ranges
is a set and this is why we do not change it into A prop. Note that
the r ul e of V - f or ma t i on is just an instance of n-format ion. We
s imilarly have
are all true, as an abbreviation of
x E Am(X" . .. ,x
m_,), A(x x ) prop. (x, e A" ... , m
1 ' , m . x E A (x" .. , x
m
)
x EO A ,(x" ... , x
m
) , ... , n n
m+l m+
- 35 -
::> are :
::>
which i s a generalization of the usual rule of forming A::> B, since
we may also use the assumption A true to prove B.prop. This general-
i z a t i on is pe r h a ps " more evident in the Kolmogorov interpretation,
where we might be in the position to jUdge B to be a problem only un-
. de r the assumption that the problem A can be solved , whi ch is clearly
sufficient for the ,problem A::> B, that is, the problem of solving B
provided that A can be solved, t o make sense. The inference rules for
(Vx eA)B(x) true
a E A
V -elimination
the rule of n -elimination,
back t o the V -rules, from
Turning
we have in particular
B(a) true
(A true)
f of (Vx A)B(x),
we -se e that, if c is a proo
Restoring proofs , (V it E. A) B( x ) is
P
r oof of B(a); so a proof of
then Ap(c,a) is a A . t a proof of B(a),
"t y element of 0
a method which takes an rar " of the universal
intuitionistic
in agreement with the
quantifier .
If we now define
B true
A ::> B true
whi ch comes from the rule of O-introduction by suppressing proofs,
an d
::> -elimination
(nx E. A)B,
A :::> B prop .
::> -formation
we obtain from the I1-rules the . rules
where B does not depend on x , t
rule of n - f o r ma t i on , assuming. B does no
for implication . From the
depend on x , we obtain
which is obtained from the rule of n-elimination by the same process .
Example (the combinator I). Assume A set and x EA . Then , by
n-introduction, we (AX)x E. A --. A, and therefore, for any .prop-
osit ion A, A ::> A true. This expresses the fact that a proof of A ::> A
is the method: take the same proof (construction). We can define the
combinator I putting I =(AX)X. No t e the same I belongs to any
set of the form A -+ A, since we do not have different variables for
different types.
A true
B true
A ::> B true
Bprop.
(A true)
A prop.
i
of B.
- 37 -
S =: (Ag)(Af)(Ax)Ap(Ap(g,x) ,Ap(f,x
(Yx E A)(Vy E B(xC(x,y)
::>( Yf e (nx e A)B(x(Y x E A)C(x,Ap(f,x true
(A ::> (B ::> C ::> A::> B) ::> (A ::> 15 true .
(Vx E A)(B(x) ::> C(x ::> Yx E A)B(x) ::> (Yx E A).C(x true.
S E (Tl x E A)(S(x) -C(x - (f Tlx E A)B(x) _ (Tl x E A)C(x .
which is the usual combinator S, denoted by Agfx.gX(fx) iii combina-
tory logic. In this way, we have assigned a type (set) to the combi-
nator S. Now think of C(x,y) as a propositional function . Then we
have proved
(V
x
e A)(Vy e: B(xC(x,y)::> (Vf efT B )(Vx A)C(x,f(x.
xA 'x
If.we assume that C(x,y) does not depend on y , then
(ny e B(xC(x,y) =B(x) -C(x) and therefore
.whi ch is traditionally written
So , .i f we think of B(x) and C(X) as propositions, we have
Now assume that B(x) does not depend on x and that C(x;y) does not
depend on x and: y. Then we obtain
that is, in the logical interpretation,
This is just the secone axiom of the Hilbert style propositional cal-
cUlus. In this last ~ a s e , the proof above, when written in treeform,
So, again by
Assume A set, B(x) set (x E A),
let x E A, f E (Tl x E A)B(x) and
Then Ap(f,x) E B(x) and
We may now put
) E (Tl x E A)(ny E B(icC(x,y) (Ag) (.Ar) (Ax)Ap(Ap (g,x) , Ap (f ,x)
-(TIfE(nX EA)B(x(nx E A)C(x,Ap(f,x).
Since the set to the right does not depend on g, abstracting on g, we
obtain
(Af)(Ax)Ap(Ap(g,x),Ap(f,x
(nf E (nxeA)B(x(nx eA)C(x,Ap(f,x.
and, by A-abstraction on f,
(Ax)Ap(Ap(g,x) ,Ap(f .x) e (nx E A)C(x ,Ap(f ,x,
Now, by A-abstraction on x, we obtain
Ap(Ap(g,x),Ap(f,x E C(x,Ap(f,x.
n-elimination,
- 36 -
,
c.
Example (the combinator S).
C(x,y) set (x E A, y E B(x and
g e (Tl x E A)(ny e B(xC(x,y).
Ap(g,x) (ny B(xC(x,y) by n-elimination.
Example (the combinator K). Assume A set, B(x) set (x E A) and
A B(x) Then byA -abstraction on y, we obtain let x.. ,y . ' .
(Ay)X E B(x) - A, and, by A -abstraction on x,
d fi e the combinator K (AX)(AY)X E (n x E A)(B(x) -- A). We can e n
fAd B as propositions, where putting K == (Ax) (Ay)X. If we think 0 an
B does not depend on x, K appears as a proof of A ? (B? A); so
A=> (B? A) is true. K.expresses the me:hod: given any proof x of A,
take the function from B to A which is constantly x for any proof y
I.
(x E A)
b EO: B(a)
B(x) set
(x E A)
B(xi = D(x)
A set
a E A
(a ,b) E (Lx A)B(x)
A = C
(Lx E A)B(x) = (LX E C)D(x)
L - introduct ion
We "ca n now justify the equali ty rule associated with L -forma-
(Lx E A)B(x) set
L-formati on
- 39 -
D i ~ j o i n t union of a family of sets
The second group of rules is about the disjoint uni on of a
family of set's ,
A mo r e traditional notation for (E x E A)B(x)" wou l d be L B
xEA x
"( U B orU B ) . We now explain wha t set (Lx E A) B( x ) i s by
x"A x xe:A x
prescribing how i t s canonical elements are for med . This we do with
the rule:
tion:
In "f a c t , any canonical element of (Lx E A)B(x) i s of the f orm (a ,b)
" "" With a EO: A and b EO: B(a) by 2:;-introduction. Bub then we also have
( g E A -(B-C
Ap ( g , x ) E B -- C
(x E A)
Ap(Ap(g ,x),Ap(f ,x C
(f A-B)
"- EA-C
(AX)Ap(Ap(g ,x) , Ap ( f , x ,
Ap(f ,x) E B
- 38 -
\
\
( x A)
( E (A -+ B) - (A -- C)
O,f) (Ax ) Ap( Ap(g, X) , Ap f , x "
"" E A _(B _C _A -B)- ( A -C
(Ag) (Af} (Ax ) Ap(Ap (g , x ) , Ap ( f . x ) (
becomes:
- 40 -
41 -
a E C and b E D(a) by equality of sets and substitution. Hence
(a j b ) E: (Ex E C)D(x) by L-introduction. The other direction is
similar .
E -elimination
L-equality
a E; A
b e fiCa)
(x E A, yeB(x
d(x,y) E CUx,y
E(c,(x,y)d(x,y E C(C)
e; Ca ,b , and
E CUa ,b. The
d(a,b) E Ca,b
A second rule of L -equali ty, analogous to the second rule of
n-equality, is now derivable, as we shall see later .
is -correct.
(Here, as in L -elimination,. C( ). ( ...
z set z e (L.X E A)B(x is an im-
plicit premiss.) Assuming that we know the premisses, the conclusion
j us t i f i ed by imagining Ea,b),(x ,y)d(x,y to be
executed . In fact,
we first execute (a,b), which yields (a,b) itse If as.
result ; then we
substitute a, b for x, y in d(X,y) ,obtainingd(a,b)
execute d(a,b) until .we obtain a canonical element e
same canonical element is p.roduced by d(a,b),
and thus the conclusion
d(x,y) E C(x,y
(x A, y B(x
C E (L x E A)B(x)
where we presuppose the premiss C(z) set (z E (Lx E A)B(x, although
it is not written out explicitly. (To be precise, we should also
write out the premisses A set and B(x) set (x E A).) We explain the
. rule of L -elimination by showing how the new constant E operates
on its arguments. So. assume we know the premisses. Then we
E(c,(x,y)d(x ,y as follows. First execute c, which yields a canonical
element of the form (a,b) with a E A and b E B(a). Now. substitute a
and b for x and y, respectively, in the right premiss, obtaining
. d(a,b) e: Ca,b. Executing d(a,l we .obt a i n a canonical element e of
Ca,b. We now want to show that e is also a canonical element of
C(C) . It is a general fact that, if a E A ahd a has value b, then
a = b E A (note, however, that does not mean that a = b E A is
necessarily formally derivable by some particular set of formal rules).
In our case , c = (a,b) E (Lx E A)B(x) and hence, by substitution,
C(C) = Ca,b. Remembering what it means for two sets to be equal,
we conclude from the fact that e is a canonical element of Ca,b
that e is also a canonical element of C(c) .
Another notation for E(Ci(X,y)d(x,y could be (Ex,y)(c,d(x,y,
but we prefer the first since it shows more clearly that x and y be-
bound only in d(x,y).
III
t
- 112 -
C true
B prop.
(A true)
C true
A prop.
(:I x E A)B(x) t r-ue :
3-eiimination
This rule is an instance Of and a generalization of the
usual rule of forming propositions of the form A & B, since we may
know that B is a proposition only under the assumption that A is true .
A & . B vp r-op ,
&-forma tion
(x E B(x) true)
A & B = A x B == (L.X E A)B,
- 113 -
where B does not depend on x. We derive here only the rules of. con-
junction.
Here, as usual , no assumptions, except those explicitly written out ,
may depend on the variable x. The rule of I:-elimination is stronger
than the :3 -elimination rule, which is obtained from it by suppressing
proofs, since we take into consideration also proofs (constructions) ,
which is not possible within the language of first order predicate
1> logic. This additional strength will be visible when treating the left
and right projections below.
The rules of disjoint union deliver also the usual rules of con-
.j unc t i on and the usual properties of the cartesian product of two
sets if we define
(x E A)
B(a) true
B(x) prop .
( 3x E A)B(x) true
a : A
. A set
3-introduction
(3 x A)B(x) prop.
Applications of the disjoint union
3 -formation
(3X."E A)B(x) :: (Ex E A)B(x),
In accordance with the intuitionistic of the existen-
tial quantifier, the rule of 'L-introduction may be interpreted as
saying that a (canonical) proof of (3x E A)B(x) is a pair (a,b),
where b is a proof of the fact that a satisfies B. Suppressing
proofs, we obtain the rule of 3-introduction, in however,
the first premiss a E A is usually not made explicit.
then, from the E-rules, interpreting B(x) as a propositional ' func-
tion over A; we obtain as particular cases:
As we have already done with the cartesian product,_we shall
now see what are the logical interpretations of the dLs j oLnt una'on .
If we put
- 44 -
b E B(a)
pa,b = a E A
' a E A
p(c) e A
Left projection
C E (3x E A)B(x)
p f c ) e A
If we now turn to the logical interpretation, we see that
(3 x)B(x) true
(Ex)B(x) individual
- 45 -
a counterpart of which we have just proved, and a rule of the form
(3 x)B(x) true
Bex)B(x true
holds, which means that from a proof of . (:3 x . A)B(x) we can obtain an
element of A for which the property B holds. So we have no need of the
description operator (1x)B(x) (the x such that B(x) holds) or the
choice operator (Ex)B(x) (an x such that B(x) holds), since, from the
intuitionist!c ' poi nt of view, (3x E A)B(x) ' i s true when we have a
proof of it. The dif'ficulty witQ an epsilon term (Ex)B(x) is that it
is construed as a function of the property B(x) itself ,nd not of the
proof of (3 x)B(x). This is why Hilbert had to postulate both a rule
of the 'form
fore, taking C(z) to be A and d(x,y) to be x in the rules of E-elim-
Lnat Lon and r:-equali.ty, we obtain as derived rules:
C true
B true
C true
A & B true
A true
'A & B true
A & B true (A true) A & B true (B true)
A true
B true
Example (left projection). We define
p(c)
-
E(c, (x ;y)x)
&-introduction
(A true, B true)
&-elimination
and call it the left projection of c since it is a method of obtain-
ing the value of the first (left) coordinate of .the pair produced by
an arbitrary element c of (Ex E A)B(x). In fact, if we take the term
d(x,y) in the explanation of r:-elimination to be x, then we ,s ee that
obta1
"n the pair (a,b) with a E A and b E B(a)
to execute p(c) we first
which is the value of c, and tlien substitute. a, b for x, y in x, ob-
taining a, which is executed to yield a canonical element of A. There-
From this rule of &-elimination, we obtain the standard &-elimination
i C to be A and B themselves:
rules by choos ng
Restoring proofs, we see that a (canonical) proof of A & B is pair
b a.re given P
r oof s of Aand B respectively.
(a,b) , 'where a and
Ie
I ;
- 46 -
which has a counterpart in the first _of the rules of right projec tion
that we shall see in the next example .
Example (right projection). We define
q Cc ) =-E(c,(x ,y)y).
Take d(x,y) to be y in -the r ule of L-el imi nation. Fr om x E A,
Y E B(x) we obtain px ,y = x E A by left projecti on, and there-
fore B(x) = B(px ,y) . So , by the rule equality of s ets ,
y E B(p( ( x ,y ). Now choose C(z) -set -( z E (L.x E A)B(x to be the
family B( p ( z set (z E (L.X E A)B(x . Then the rule of L. - e limi n-
ation gives q(c) E B( p( c . More f or mall y :
- 47 -
( 3 x E A)B(x), then q Cc) is a construction of B(p(c , where , by left
proj ection , p(c) E A. Thus , suppr es s i ng t he cons t r uc t i on i n the con-
c lus ion , B( p ( c ) is true. Note, however , t ha t , in ca s e B( x ) depends
on x, i t is impossi ble to suppress the con s truction in the premis s,
s i nce the conc l us i on depends on it .
Fi nally, when B(x) does no t depend on x, so t hat - we may write
i t s imply as B, and both A and -B are thought of as propositions, the
first rule _of ri ght projection reduces to
&-el i minat i on
A & B true
(x E A) (YEB(x
B true
So we have :
px,y = x E. A
qtc) == sre , (x ,y)y) E. B(p(c
('Ix E A)( B(x):::> (3 x E A)B(x true,
A ::> (B => ( A & B true .
by s up pressi ng t he co ns t r uc t i ons in both the premis s and t he conclu-
sion.
from which , in particular, when B does not depend on x ,
Example (axioms of con j unc t i on ) . We first derive
A (B (A & B true, which is the ax iom corresponding to the r ule
of &-introduction . i ssume A set ; B(x) set (x E A) and let x E A,
Y E B( x ) . The n (x,y) E (Lx E A)B(x) by L.-introduction , an d , by
Il - i nt r oduc t i on , O,y )( x ,y ) E B(x) (L x E A)B(x) (note that
(Lx E A)B(x) does not de pe nd on y ). and (Ax) O..y)(x,y)E
(T] x (Lx E. A)B(x.The l ogi ca l readi ng is then
We now use the l e f t and -right projections to de r ive A & B :::> A true
and A & B::> B t r ue . To obtai n t he first, ass ume z E. (Ex E. A)B(x) .
bE. B(a)
b E Bf a )
B(x) = B( p( l x , y )
a E A
- x = p x,y E A
qa,b
Y E _B(p( ( x, y )
(y E B(x
C E (Lx E. A)B(x )
q Co ) E. B'(p Lc)
Ri ght projection
C E_(LX E A)B(x)
The second of these r ules is derived by L -equality in much the same
way as the firs t was derived by- L -el i minat ion .
When B( x) i s thought -of a s -a prop os i tional f un ction , the firs t
rule of right projection s ays t ha t, i f c is a c onstruc tion of
I
- 48 -
Then V(z) A by left projectiori, and, by on z,
(Az)p(z) E: (L.X E A)B(x) - A,
In particular, when B(x) does not depend on x, we obtain
A & B :::> A true.
,
' To obtain the second, from 'z E. (I: x e. A)B(x), we have q (z ) E: B( p (z
by right projection , and, hence, by A-abstraction,
(Az)q(Z) E: (Tl e E. (L x E. A)B( xB(p(z
(note that B(p(z depends on z). In particular, when B(x) does not
depend on x , we obtain
A & B :::> B true.
Example (another application of the disjoint union). The rule of
L-eli;ination says that any function ,d(x,y) with arguments in A and
B(x) gives also a function (with the same values, by L -equality) with
a pair in (Lx E: A)B(x) as single argument. What we now prove is an
axiom corresponding to this rule. So, assume A set, B(x) set (x E A),
C(z) set (z E (Lx E. A)B(x and let f E: (TIx E A)(Dy E: B(xCqx,y.
We want to find an element of
(TIx E A)(TIy E. B(xCx,y - ( O z E (Lx e A)B(lCC(Z).
We define Ap(f ,x,y) = Ap(Ap(f,x),y) for convenience. Then Ap(f,x,y)
is a ternary functiori , and Ap(f,x,y) E Cx,y (x E A, y B(x . So,
assuming z E (Lx EO 'A) B( x ) , by L:-elimination, we obtain
E(z,(x,y)Ap(i,x,y C(z) (discharging x A and y e. B(x, and, by
A-abstraction on z , we obtain the function
....
- 49 -
(Az)E(z,(x,y)Ap(f,x,y EO (TIz E (Lx eA)B(xC(z)
with argument f. So we ,s t i l l have the assumption
f E (Dx e A)( Ilv e B(xC(x,y) ,
which we discharge by A-abstraction , obtaining
(Af) (Az)E(z ,(x,y)Ap(f ,x,y
(Ox e A)(Oy e B(xCx ,y -+ (TIz (Lx E A)B(xC(z) .
In the logical reading, we have
(Yx e A)(Vy B(xCx,y::> (Yz (Lx A)B(xC(z) true ,
which reduces to the common
(Y x e A)(B(x)::J C) ::J 3 x e: A)B(x) ::> C) true
when C does not depend on z, and to
(A:::> (B::>' C:::> A & B) '::> C) true
when, in addition, B Is independent of x.
- 50-
The axiom of choi ce
We now show that, with the rules introduced so far, we can give
a proof of the axiom of choice , which in our symboli sm reads:
(\Ix E A)(3 y E B(xC(x,y)
=:>(3f e ( n x e A)B(x)('Ix E A)C(x ,Ap(f ,x true .
The usual argument in ma t hema t i c s , based on the i n-
tuitionistic interpretation of the logical constants , is roughly as
follows : to prove ('II x ) (3 y)C(X,y) ::> ( 3 f) (v x)C(x,f(x, assume that
we have a .pr oo f of the antecedent. This means that we have a method
which, applied to an arbitrary x, yields a proof of (3 y)C(x ,y), that
is, a pair consisting of an element y and a proof of C(x,y). Let f
be the method wh i ch , to an arbitrarily g iven x, assigns the first
component of t hi s pair. Then C(x,f(x holds for an arbitrary x, and
hence so does the consequent . The s ame idea can be put into symbols,
getting a formal proof in intuitionistic type theory . Let A set ,
B(x) set (x e A) , C(x ;y) s e t (x E A, Y E B(x , and assume
ze (Tl x E, A)(Ly e B(xPC(x,y) . If x is an arbitrary element of
A, Le. x e A,then , by n-elimination , we obtain
Ap(z,x) : (E y e B(x))C(x,y).
We now apply left to obtain
p(Ap(z ,x E B(x)
and right p r oj e c tion to obtain
q(Ap(z,x e C(x,p(Ap(z,x).
By A-abstraction on x (or n .-introduction), discharging x E A, we
- 51 -
have
(Ax) p (Ap (z .x ) E (Il x E A) B(x ) ,
and, by TI-equality,
ApAx)p(Ap(z,x . x ) - p(Ap(z,x E Bf x ) ,
By sUbstitution, we g e t
C(x,ApAx)p(Ap(z,x .x ) = C( x ,p(Ap(z ,x)
and hence , by equality of sets,
q(Ap(z ,x}) e
where (Ax) P( Ap(z , x ) is independent of x .. By abstraction on x ,
(Ax)q(Ap(z ,x E (TIx EA)C(x,ApAx)p(Ap(z,x,x .
We now .use the rule of pairing (that to get
Ax)p(Ap(z,x,(Ax)q(Ap(z,x)
(L.f E. (TIx E A)B(x)(TIx e A)C(x,Ap(f,x
(note that, in the last step, the new variable f is introduced and
sUbstituted for (Ax)p(Ap(z,x in the right member) . Finally , by
abstraction on z, we
(Az)Ax)p(Ap (z,x,(AX)q(Ap(Z ,X)E (TI x E A)(Ey E. B(xC( x , y )
=:> (Ef E (TIx E A)B(x(nx e A) C(x , Ap ( f ,x.
In Zermelo-Fraenkel set theory , there is no proof of the axiom
of choice, so it must be taken as an axiom, for which , however, it
seems to be difficult to c l a i m self-evidence . Here a de tailed
is clear when developing intuitionistic
- 52 -
Cauchyf a ) _ (Ve E Q)(e > 0 :=> (3in E N)(Vn E N)(\am+n-aml e) ,
The notion of such that
R =: (LxEN-Q)Cauchy(x)
- 53 -
is the definition of reals as the set of sequences of r a t i ona l
numbers satisfying the Cauchy condition ,
11 S. Feferman, Constructive theories of functions and classes ,
Logic Colloquium .78 , Edited by M. Boffa, D. van Dalen and K. McAloon ,
North-Holland, Amsterdam , 1919, pp. 159-224 .
where a is the sequence a
O'
a
1
, In this way, a real number i s a
sequence of rational numbers with a proof that it satisfies
the Cauch1 condition. So, assuming c E R, e E Q and d 'E (e > 0) (in
In addition to disjoint union ; existential quant.Lf'Lca t.Lon ,
cartesian product A X B and. conjunction A & B, the operation L has
a fi.fth Lnt.er-pr-et a t.Lon : the set of all a EO A such that B(a ) holds.
Let A be a set and B{x) a proposition for x EO A. We want to define
ihe set of all a& i that B(a) holds (which is usuall y . wr i t t e n
[x E A: B(x.ll> . 'ha ve an ' element a EO A such that B(a) holds means
to have an element a EO A together with a proof of B(a), namely an
element b E B(a). So the elements of the set of all elements of A
satisfying B(x) are. pairs (a,b) .wi t h b E B(a) , Le. elements of
(Ex E A)B(x) . Then the L-rules play the role of the comprehension
axiom (or the separation principle in ZF). The information given by
b B(a) is called the witnessing information by Feferman
11
A typi-
cal application is the following.
, Bxampl e (the reals as Cauchy sequences).
of a sequence '
choice
for i ns t a nce, i n finding the limit
function.
the axiom of choice has been provided in the form
justification of
f In mani sorted languages, the axiom of ,choice is
of the , above pr
oo
" .
. t there is no mechanism to prove 1t. For instance, 1n
express ible bU
f finite type , it must be taken as .a n axiom. The
Heyting arithmet ic 0
'" i om of
need for the a
mathematiCs 'atdepth,
ti 1 inverse of a surjective
of reals or par a
II
Ii
I
;1
ii' I,
,I. ' \
\
'I \
II
\
- 55 -
b = dEB
b E B
j(b) = j(d) E A + B
j(b) E A + B
B set
A + B set
A set
a A
i(a) E A + B
i(a) = i(c) E A + B
+-formation
. +-introduction
where i and. j are two new primi ti ve constants; their use is to give
the information that an element of A + B comes from A or B, and which
of the two is the case. It goes without saying that we also have the
rules of +-introduction for equal elements:
Disjoint union of two seta
The canonical elements of A + B are formed using:
We now give the rules for the sum (disjoint union or coproduct)
of two sets.
Since an arbitrary element c of A + B yields a canonical element of
the form i(a) or j(b), knowing c e A + B means .t ha t we also can de-
t e r mi n e from which of the two sets A and Bthe element c comes.
Only by means of the proofq(c) do we know how far to go the
approximation desired.
Ap(p(c) ,p(Ap(Ap(q(c) ,e) ,d) E Q.
Ap(Ap(q(c),e),d) E (3m E N)(Vn E N)(lam+n-aml e).
- 54 -
N,
and we now obtain am by applying p(c) to it,
Applying left projection, we obtain the m we need , i.e.
and
. d d' proof of the proposi tion e > 0), then, by means
other wor s' . 1S a
of the projections, we obtain p Cc ) and q(c) E Cauchy(p(c.
Then
=
I
. \
I
I
I
f.
I
- 56 -
- 51 -
I',
+-elimination
C E A + B
(x E A)
d(x) C(i(x
(y e B)
e(y) E C(j(y
, ,be c ome ' e vi de nt .
of two propositions is now interpreted as' the
sum ,of two sets. We therefore put:
C true
(B true)
B true
A V B true
B, prop.
C true
(A true)
C true
A V B prop.
A prop.
A true
A V B true
A v B true
V -formation
V -introduction
v -elimination
A V B == A + B.
From the formation and introduction rules for +, we then obtain the
corresponding rules ' f or V :
Note that, if a is a proof of A, then i(a) is a (canonical) proof of
A v B, and similarly for B.
follows from the rule of +-elimination by choosing a family
C == C(Z) (z E A + B) which does not depend on z and
suppressing
proofs (constructions) both in the premisses, including the assump-
tions, and the conclusion.
(y E B)
(y E B)
e I y ) E C(j (y
e(y) E ' C(j ( y
e I b ) E C(j(b
df a ) E C(i(a
(x E A)
d Ix ) E C(i(x
D(c,(x)d(x),(y)e(y E C(c)
D(j(b), (x)d(x) ,(y)e(y
b E B
i(a) , then c = ita) E A + B and hence
value j(b), then c = j(b) E A + Band
this explanation of the meaning of D,
+-equality
(x E A)
a E A d(x) E C(i(x
D(i(a) ,(x)d(x), (y)e(y
where the premisses A 's e t , B set and C(z) set (z E A + B) are pre-
supposed, although not explicitly written out. We must now explain
how to exeaute a program of the new form D(c,(x)d(x),(y)e(y. 'As -
sume we know c E A + B. Then c will yield a canonical element ita)
with a E A or j(b) with b E B. In the first case, substitute a for x
in d(x), obtaining d(a), and execute it. By the second premiss,
d(a) e C(i(a, so yields a canonical element of C(i(a. Simi-
larly, in the second case, e(y) instead of d(x) must be used to ob-
tain e(b), which produces a canonical element ofC(j(b. In either
case , we obtain a canonical element of C(C), since, if c has value
C(c) = C(i(a, and, if c has
hence C(C) = C(j(b. From
the equality rules:
,I
L
- 59 -
(4) I(A,a,b).
b e A,
B,
(3) a
(2) A
(1) == or =def. '
Propositional equality
We now turn to the axioms for equality. It is a tradition
(deri ving its origin from Principia' Mathematica) to call equality
in predicate logic identity. However, the word identity is more
properly used for definitional equality, =or =d f ' discussed
e. 2
above. In fact, an. equality statement, for instance, 2 = 2+2 in
arithmetic, does not mean that the two members are the same, but
merely that they have the same value. Equality in predicate logic,
however, is also different f r ~ m our equality a = b E A, because the
former is a proposition, while the latter is a judgement . A form of
propositional equality is nevertheless indispensable: we want an
equality I(A,a,b), which asserts that a and b are equal elements of
t he set A, .but on which we can operate with the logical operations
(recall that e.g. the negation or quantification of a judgement does
not make sense). In a certain sense, I(A,a,bf is an internal form
of =. We then have four kinds of equality:
Equality between objects is expressed in a judgement and must be de-
fined separately for each category, like the category sets, as in (2),
or the category of elements of a set, as in (3); (4) is a proposition,
whereas (1) is a mere stipulation, a relation between linguistic
expressions. Note however that I(A,a,b) true is a judgement, which
. wi l l turn out to be equivalent to a = b A (which is not to say
. i
(A ? C) ~ B :::> C) :::> (A Y B ::> C true.
If, moreover, C(z) does not depend on z and A, B are propositions as
well, we have
This, when C(z) is thought ~ f as a proposition, gives
(Ar) (Ag) (Az)D(z, (x)Ap(f,x), (y)Ap(g,y
E ( nx E A) C(i (x ) ) - ( ( ny B) C(j (y) ) - ( nz E A + B) C(z .
- 58 -
("Ix E A)C(iex::> "Iy B)C(j(y::> ('Vz A + B)C(z true.
Example (introductory axioms of disjunction). Assume A set,
B set and let x A. Then i(x) A + B by +-introduction, and hence
O.x)iex) e A -A + B by A-abstraction on x.lf A and B are proposi-
tions, we have A ::> A V B true. In the same way, (Ay) j (y) e B -- A + B,
and hence B ~ A V B true.
Example (eliminatory axiom of disjunction). Assume' A set, B set,
C(z) set (z Eo A + B) and let f (Tl x e A)C(iex, g (DyE B)C(j(y
and z e A + B. Then, by n-elimination, from x e A, we have
Ap(f,x) EC(iex, and, . from y e B, we have Ap(g,y) e C(j(y. So,
using z E A + B, we can apply +-elimination to obtain
D(z,(x)Ap(f,x),(y)Ap(g.y Eo C(z), thereby discharging .x e A and
y e B. By A-abstraction on z, g, f in that order, we get
- 60 -
- 61 _
a=be:A
(x A)
Finally,
.mi t 's the
c = r I(A,a,b)
C E I(A,a,b)
C I(A,a,b)
I-elimination
We would then d i
er ve the fOllowing r ul es whi h
as primitive : ' c we here take instead
I-equality
note that I-formation is
the only rUle
formation of families up to now whi c h per-
+, NNW of sets. If only th
n ' , were allowed e operations n , L:
, we would only .
Example (introductor get constant sets.
x Y aXiom of identity)
A. Then x = x A Assume A set and let
abstraction on x (A)' and, by I-introduction, r E l(A,x ,x) . By
, xr(\{XE.A)I(A
canonical proof of th 1 . ,x,x). Therefore (Ax)r is a
e aw of identity on A.
.v'
b e: A a E. A
I(A,a,b) set
A set
I-formation
I-introduction
r e: I(A,a,b)
We now have to explain how to form canonical elements of I(A,a,b).
The standard way to that I(A,a,b) is true is to have a =b E. A.
Thus the introduction rule is simply: if a = b e: A, then there is a
canonical proof r of I(A,a,b). Here r does not depend on a, b or A;
it does not matter what canonical element I(A,a,b} has when a = b E. A,
as long as it has one.
that it has the same sense). (1) is (sameness . of mean-
ing), while (2), (3) and (4) are extensional (equality between ob-
jects). As for Frege, elements a, b may have different meanings, or
be different methods, but have the same value. For instance, we
certainly have 22 = 2+2 N, but not 22 _ 2+2.
of equality
hOlds, namely
. (Ax) r E (Vx E A)I (A, x, x)
r E I(A,x,x)
Example (eliminator
y aXiom of identity)
property Sex) prop (x E A) Given a set A and a
. over A we cl .
correspOnding to L . that the law
elbniz's principle
that equ 1 I . of indiscernibility
a e ements satisfy th
e same properties,
We could now adopt elimination and equality rules for I in the same
style as for Tl , L. ., +, namely introducing a new eliminatory operator.
Also, note that the rule for introducing equal elements of I(A,a,b)
is the trivial one:
a = b E A
r = r E. I(A,a,b)
I.
- 62 -
(AZ)(AW)w E I(A,x,y) ? (B(x) ? B(y
( y e B(x (x e A)
qx,y = y E B(x)
(x ,y) (1: x E A)B(x)
(x,y) E (Ex e. A)B(x) .
(y e B(x
px,y = X" A
(px ,y,qx ,y)
(x e: A)
r E IL: x e. A)B(x),(px,y ,q x , y) ,(x,y
(p( (x ,y ,qx ,y)
- 63 -
(p(c) , q (c = c e (1: x e A)B(x)
E(c,(x,y)r) e IL: x E A)B(x) ,(p(c) , q ( c . c )
r- e ILX e A)B(x) ,(px ,y,qx,y),(x,y .
E(c , (x , y ) r) e I( ( L x E A)B( x) , ( p( c ) , q ( c ) ) , c )
This example is typical. The I-rules are used systematically to show
the uniqueness of a function , whos e existence is given by a n elimin-
ation rule , and whose properties are expressed by the associated
equali ty rules.
C E (L x. e A) B( x )
and hence, by I-elimination , (p(c),q(c = c e. (Lx E A)B(x) .
By I-introduction,
is derivable. I t is analogue of the second n-equalit y r ul e, whi c h
could also be derived, provided the TI-rules were formulated -f ol l owi ng
the same pattern as the other rules . Assume E: A, Y e B(x). By the
prOjection laws , px ,y =x 6 A and qx,y = y e B(i) . Then , by
E-introduction (equal elements form equal pairs),
Fow take the family in the rule of I:-ellmination t o be
1(0:' x E A)B(x), (p(z) ,q(\z ,z) . Then we obtain
Y EO A and
(x e. A)
B(x) set
B(y) B(x)
x = Y 6 A
(z e. I(A,x,y
w 6 'B(y)
EO B(x) ? B(y)
(w 6 B(x
( Vx E A)( v s e A)( I (A, x , y) .::> (B(x)::> B(y) true.
. " . .
propert ies is not possible , and hence the meaning of identi:ty. has: t.o
be de fined in another way , wi t hout invalidating Leibniz's
Example (proof of the converse of the projection l aws ) ". We can
now prove that the inference rule
C E: (Lx e A)B(x)
c = (p(c) ,q(c e (Ex e A)B(x) .
(a = b) == (V X)(X(a) ? X(b
from whi ch Leibniz 's principle is obvious, since it is taken to define
t he meaning of identity. In the present language , quantification over
The same problem (of justifying Leibniz's principle) was solved
in Principia by the use of impredicative second order quantification .
There one defines
(AX)(Ay)(Az)(AW)We. ("Ix E A)(Vy 6 A)(I(A,x ,y) ::> (B(x) ? B(y)
hence B(x) = B(y) by substitution. So, assuming w E B(x), by equalit y
of s e ts , we obtain w EO B(y) . Now, by abstraction on w, z , y , x in that
order, we obtain a proof of the cl a i m:
To prove i t, assume x E A, Y e. A and z 6 .I(A,x,y) . Then x
c(m
n)
and continue by
d e C(C) . since c bas
(m = 0,1 . . n-i.t )
set N
n
c
m
E C(m
n)
, (m =0, ' 1 .. n-1)
N -formation
n
. N -introduction
n
N -elimination
n
Finite sets
- 65
been. seen to be equal to m
n
and c
m
e C(mni 'is a R
n
is recur-
sion over the finite set N
n;
it is a kind of cases .
Here, as usual, the famfly of sets C(z) set (z eN) may be interpreted
n
know the premisses , R
n
is explained .
result is m for some m between 0
n '
and n-1. Select the cor-r-espondt ng element c of
. ' . . m
executing it. The result is a .ca nonLceL element
as a property over N : Assuming we
. n .
as follows: firSt execute c, whose
So we "have the sets' NO with no elements, N,. with the single canonical
element 0
1,
with canonical elements O
2,
'1
2
, etc .
Note tha.t, up to 'now, we have no operations to build up sets
from nothing, but only operations to obtain new sets from given ones
(and from families' of sets). We now introduce finite sets, whi ch are
given outright; hence their set formation rules will no premisses.
Actually, we have infinitely'many rules, one group of rules for each
n = O. 1,
the equivalence of these two
rules. we can prove
(2)
the corresponding prop-
indexed familY as in ,
(3 x E A)I(B,b(X) ,y) (y E B),
- 611 -
1
, f elements).
(properties and indexed 1es 0
of looking at subsets of a set B:
pLx) e B (x E (Ey E. B)C(y,

an indexed family of elements

(2) a subset of
b Lx ) E B (x e A).
ropositional (property)
(1) a subset of B is a P .
C(y) (y EO B);
ty as in (1) the corresponding
and, conversely, given a proper
indexed family is
Using the identity
concepts. Given an
erty is
Example
are two 'ways
.1. true '
(B true)
A true
A V B true
- 67 -
.1. -el1mina t .Lon
C true
.1. true
Then 0 , is a (canonical) proof of,lr , since 0, E N, by N, - i nt r oduc -
tion. So T' is true. We now want to prove that 0, is .in fact the only
element of N" that is, that the rule ,
is derivable . In fact" , from 0, 6 N" we get 0, : 0, 6 N" and hence
r I(N"O"O;>. Now applt 'N,-elimination with I(N"z ,O,) (z E N,)
for the family of sets C(z) (z E N, >. the assumption c e N"
we get R,(c,r) E I(N"c,O,), and hence c : 0, EN, .
When C(z) does not depend on z , it is possible to suppress the
proof (construction) not only in the conclusion but also in the
premiss. We then arrive at the logical inference rule
which is easily seen to be equivaient to the form above .
Example (about N,). We define
' t r a d i t i ona l l y called ex falso quodlibet. This rule is often used in
ordinary mathematics, but in the form
we have the
(m: 0, ', .. . , n-1)
by the above explanation,
N _introduction):
n
- 66 -
R (m ,co , ,c
n
_ , )
n n
N _equality
n
The rule becomes simply:
N _elimination

R (c ) E: ct c)

that
we 'u nde r s t and that we shall never
f the
rule is
Th
exp'lanation 0 ' t R (c)
e we shall never have to execu eO ,
element C6 NO' so that
get executing program of the form
Thus the set of instructions for b t
i ' imilar to the programmi'ng statement
R (c) is vacuous . It s s
, '2
introduced by Dijkstra
'2 See note 2 .
, in the conclu-
, i of m - " ..., n-
for each cho ce ' - ,
(one such rule Id b to postulate the rules for n
sion) . An alternative approach wou ' e == N + N etc., and ,
equal to and' oniy, ',de f i ne N
2
:: 'N, + N" N3 - , 2
then detive all other rules.
no introduction rule hence no
Example (about NO) NO has
natural to put
elements; it is thus
From the meaning of R
n
, given
n rules (note that m
n
6 N
n
by
all the usual rules of negation.
we can easily derive
- 69 -
Consistency
What can .we say about the consistency of our system of rules?
We can understand consistency i n two different ways :
(,) consistency. Then , to prove mathematically
the consistency of theory T, we consider another T', whi ch
contains codes for propositions of the original theory T and a predi-
cate Der such that Der('A') expresses the fact that the propos ition
A with code ' A' is derivable in T. Then we define Cons ==
-'Der( 'l.') =. Der( '.L')::>.l. and (try to) prove that 'Cons is true in
T' . This method is the only one applicable when, like Hilbert, we
give up thehope 'of a semantical of the axioms and rules
of inference; it could be followed , with success , also f or intuition-
istic type theory, but, since we have been as meticuious about its
semantics as about its syntax , we have no need of it. Instead, we
convince ourselves .di r ec t l y of its consistency in the following simple
minded way.
(2) Simple minded consistency . This means simply that JL cannot
be proved, or that we ahaLl, never have the right to judge .L true
(which, unlike the proposition Cons above , is not a mathematical
proposition). To convince ourselves of this, we argue as follows : if
c e 1- would hold for some element (construction) c , then c woul d
yi.eld a canonical element d e JL ; but this is impossible s ince JL has
no canonical element by definiton (recall that we defined JL == NO) '
Thus JL true cannot be proved by means of a system of correct rules.
So, in case we hit upon a proof of 1-. true, we would kno w that there
must be an error somewhere in the proof; and, if a f or ma l proof of
JL true is found, then at least one of the formal rules used i n it
is not correct. Reflecting on the meaning of each of the rules of
_ Co,.' the rule of
true
t f N
2
is either
prove that any elemen 0
in the propositional form
Boolean == N
2

Thus the operation R, can

of N,-equality trivializes.
with .
)
We make the definition
(about N
2
.
value as c,.
As for N, above, we can
O
2
or '2' but obviously only
truth values true,
Then we can define if c Co
which
means that c yields
c is true ,
Example (negation) . If we put
'" A:: -, A == -A == A- NO
which consists ' of the two
the typ
e used in programming
Boolean is f I -,
false . So we could put true == O
2
and a se = 2'
R (
c c c ) because, if
c, 2 ' 0' ,
O
2,
then R
2(C,CO'c,)
has the
. d R (c c c) has the same
C
. otherwise c yields '2 an 2 '0"
same value as 0'
and the rule
be dispensed
Example
t
h definition R,(C,c
O)
Conversely, by making e
N _elimination 'is derivable from the rule
, .
c = 0, e N,
- 68 -
- 11 -
N set
a '" N
a ' E N
e(x,y) C(x')
(x e: N, y E C(x
o N'
d e C(O)
case with any other introduction rule a ' N
whatever element a is Th '
us a E N means that
or a' wh .
1' . . ere a
1
has value either 0 or a '
2 ' etc . ,
we reach an element a which h 1
n as va ue o.
R(c,d , (x,y)e(x,y C(c)
c c: N
N-introduction
.so far , we have no means of constructing an infinite set. We
the simplest one, namely the set
of natural numbers ,
now
by the rules :
N-formation
N-elimination
Natural numbers
Note that, as is the
is always canonical,
a has value either 0
until , eventually,
where C(z) set (z eN) . R(c,d,(x,y)e(x ,y
first execute c, getting a canonical
o or a ' for some
a N. In the first
which yields a canonical element
i s explained as f ol l ows:
element of N, whi ch i s either
case , continue by ex ec ut i ng d ,
f EC(O);but, since c = 0 E N i n
this case , f is 1
a so a canonical element of C(C) =C(O) . In t he
second case, ' sUbstitute a fOr x and R(a d ( ) (
'.' . . " x, e x, y ( na mely , the
- 10 -
intuitionistic type theory, we eventually convince ourselves that
they are correct; therefore we will never find a proof of JL true
using them.
Finally , note that , in case , we must rely on the simple
minded consistency of at least the theory T' in which Cons is proved
in order to obtain the simple minded consistency (which is the form
of consistency we really ciare about) from themetamathematical con-
sistency of the original theory T.In fact ; once c Cons for some c
is proved, one must argue as follows: if T were not consistent, we
would have a proof in T of 1.. true, 91' a NO for some a. By coding,
this woul d give 'a' G Der( '.l') ; then we would obtain Ap(c,'a') JL ,
i.e. that JL true is derivable in T'. At this point, to conclude that
JL true is not provabie in T, we must be convinced that JL true is
not provable in T'.
Mathematical induction
- 72 -
a, whi ch is the usual
o N,
= a E N,
b ' E N
beN a
a'
pd (0)
pd (a' )
. (V X N) ( V yEN) (I (N,x' ,y') ::> I (N,x, y true .
pdf a ) == R(a,O, (x,y)x) .
out to be the same concept when propositions are interpreted as sets .
Example (the predecessor function). We put
a E N
pd I a ) e N
- 73 -
This definition is justified by computing R(a,O,(x ,y) x) : if a yields
0, then pd(a) also yields 0, and, if a yields b ', then pd(a) yields
the same value as R(b',O,(x,y)x), which , in turn, yields the same
definition , but here these equalities .re not definitional . More
precisely , we have
which is an instance of .N- e l i mi na t i on , and
which we obtain by N- equa l i t y .
Using pd, we can derive the third Peano axiom
' va l ue as b. So we have pd(O) =0 and pd(a')
Indeed, from a' = b' N, we obtain pd(a') = pd(b ') E N to-
gether with pd(a') = a e Nand pd(b') = beN, yields a = bE N by
symmetry and transitivity. We can also obtain it in the usual form
(Vx,y)(x' = s ' => x = y) , that is , in the present symbo.lism ;
e(x,y) E C(x')
( x E N, Y E C(x
e(x,y) E C(x')
(x EA, y EC(X
C(c) true
(x EN, . C(x) true)
C(O) true C(x') true
d eC(O)
d e C(O)
C E N
a e N
until we eventually reach the value 0. This exp LanatLon of the
R(O,d ,(x,y)e(x,y = d E C(O)
N- e qua l i t y
If we explicitly write out the proof (construction) of we s ee
that it is obtained by recurs ion. recursion and induction turn
R(a ' , d, ( x , y ) e ( x , y = e(a,R(a,d,(x ,y)e(x ,y) E CIa')
) - t- al function (prop- .' evident. Thinking of C(z) (z e N as A
erty) and suppressing the proofs (constructions) in the second and
third premisses and in the of the rule of N- e l i mi na t i on ,
we arrive at
elimination rule also makes the equality rules
preceding value) for y in e(x,y) so to e(a,R(a,d,(x ,y)e(x,y).
Executing it , we get a canonical f which, by the right premiss, is in
C(a ') (and hence i n C(c) since c a' EN) under the assumption
R(a ,d,(x ,y)e(x,y e C(a) . If a has value 0, then R(a,d,(x,y)e(x,y
is in C(a) by the first case . Otherwise , continue as in the second
case ,
E N, (}dO,f)
lj1(a ' , f)
- 75 -
under the premisses a E N a nd feN - N
2,
and henc e
{
t he least a such that Ap(f,b) = 02 e N
2,
if such b exists ,
r(a ,f) =
a, otherwise.
(r(O) = (AOO E ( N -+ N,
ljL(a ') (),.f)R
2(Ap(f,O)
,0 ,AP(r(a), f)') e (N -+ N
2)
- N,
r ex) E ( N-. N
2)
-+ N (xE N) such that
so that we can define the function f(a ,.f) we are l ooki ng f or by
putting r(a,f) =Ap(r(a) ,f). The requirements on rea) may be sat-
i sfied t hr oug h an ordinary p rimitive r e c u r sion , but on a hi gh e r t yp e ;
this task is fulfilled by the rul e of N- e limi na tion. We obtain
Su c h a function will be obtained by. solving the recursion equat ions :
where f :; C\ x)Ap(f,x') is f shifted one step to the left, L e .
.Ap(f , x) =.Ap(f ,x') E N
2
(x EN) . In fact , in case the bound is iero ,
r (O ,f) = E N, irrespective o f wha t function f i s . When the bound has
suc:essor form , r(a ',f) = f(a ,f) ' EN , provided that f ( O) = f a l s e ==
'2 E N
2
; otherwise , f(a ' ,f) = eN. Therefore to compute r(a ,f ) , we
c a n shift f until the bound is 0 , but checking each t ime if the value
at is true == 02 or false == '2' Even if it admits o f a pr imitive
recursi ve solution , the problem is most solved t hrough highe r
t ype s, as we shall n6 w see in detail . We wa n t to fi nd a f unc t i on
bE N
(a + b)' e N
a e N
bEN
a + b '
bEN
a E N
a E N
a +
a E N
a +
Usua l properties of the product a . b can then easily be derived .
(the bounded We want to solve the problem:
given a boolean function f on natural numbers, Le . fEN -.N
2,
find
the least argument , unde r the bound a EN , for which the value of f is
tru.e . The solution wil l be a function f-( x,f) E N (x E N, f E N-N
2)
sat isf ying :
a + b == R(b,a ,(x,y)y ').
a b == R(b ,O ,( x ,y)(y + a .
.:. 74 -
from which we can also derive the corresponding axioms of first
order arithmetic , l i ke in the preceding example . Note again that the
equality here is not definitional.
Example (multiplication). We define
The meaning of a + b is to perform b times l he successor operation
on a . Then one easily der ives the rules:
In fact , assume x E. N, YE N and z EI(N,x ,y) . By I-elimination,
x ' = y ' E N; hence x = yEN, from which r e I(N,x,y) by I-intro-
duction . Then , by A-abstraction , we obtain that (AX)(Ay)(Az)r is a
proof (construction) of the claim.
Example (addition) . We define
b e List(A)
e(x,y,z) E: Cx.y
(a.b) E List(A)
(x EA, Y eList(A) , z e C(y
a A
d E: C(nil)
nil "'List(A)
C E List(A)
List-introduction
A set
Lists
listrec(c,d,(x,y,z)e(x,y,z E C(c)
List-elimination
where we may also use the notation () :: nil.
List(A) set
List-formation
- 77 -
where C(z) (z E List(A is a family of sets. The instructions to exe-
cute listrec are: first execute c, which yields ' either nil, in which
case continue by executing d and obtainf e C(nil) = C(c), or (a .b)
with a E A and b E List(A); in this case, execute
e(a,b,listrec(b,d,(x,y,z)e(x,y,z) which yields a canonical element
where the intuitive explanation is: List(A) is the set of lists of
'e l ement s of the set A (finite sequences of elements of A) .
We can follow ,t he pattern used natural ,numbers
to introduce oiher defined sets. We see here the example
" of lists'.
,'i>
(fE N-N
2)
,
(y e (N-+ N
2)
- N) fEN - N
2
Ap(y,f) EN
which, in turn, equals the value of
- 76 -
Next, Ap(f,O) is evaluated . If the value of Ap(f,O) is true =O
2,
then the value of f(a,f) is O. If, on the other hand, the value of
Ap(f,O) is false 5 '2' then the value of r(a,f) equals value
of f(b,!)"
Observe how the evaluation of ,..(a,f) ==
Ap(R(a, (Ano, (x,y) (AnR
2(Ap(f
,0),0 ,Ap(y,f)',n proceeds. First, a
is evaluated. If the value of a is 0, the value of equals the
value of ApAf)O,f), which is 0. If, on the other hand, the value
of a is b!, the value ofr(a,f) equals the value of
Ap(f,0)EN
2
oeN Ap(y,r)'eN
o N R
2(AP(f,0),0,AP(y,f)')
EN
a N (AnO e (N-N2)-aoN (AnR
2(AP(f,0),0,AP(y,f)')
E (N-N
2)-+N
/4(a) = R(a,O.no,(X,y)(AnR/AP(f,O),O,AP(y,f)' e (N-N
2)-N
f E N-N
2
,..(a,n == Ap(p.(a),n e N
Written out in tree form the above proof of r(a,,c) E N looks as
follows:
,
Lis t-equali t y
- 78 -
( x ," A)
B(x) set A set
(Wx E A)B( x) set
We l l or de r i ngs
- 79 -
W- f or ma t i on
Wha t does i t mean for c to be an element of ( Wx e A)B( x) ? It means
that, when calculated , c yields a value of the form sup( a ,b) f or
some 'a and b , where a E A and b is a function such that , f or an y
choice of an element v B(a) , b applied to v yiel ds a val ue
sup(a
l,bl
) , whe r e a
l
E A and b
l
i s a function such t ha t , f or an y
choice of v
l
in B(a
l
) , b
l
appl ied to v
l
has a value sup( a
2
,b
2)
, et c .,
until in any case (i .e . however the successive choices a re made) we
eventually r each a bottom element of t he form sup(an ,b
n)
, where B( a
n)
i s empty , so t hat no choice of an e lement in B(a ) i s poss ible . The
n '
following picture, in which we loosely wr ite b( v) f or Ap(b ,v ) ; can
help (look at it from bottom to top) :
The concept, of wello'rdering a nd the principle of tra ns f i ni te
induction were first introduced by Cantor . Once they had been f or-
mulated in ZF, however , they lost their original computational con-
tent . We can construct ordinals intuitionistically a s wel lfounded
trees, which means that they are no longer totally orde red.
[-
1
l
... ..
,
e(x,y,z) 'E Cx .y
, ( x E A, Y E Li st(A), z E C(y
e( x, y ,z) E Cx . y
d E C(nil)
( x e A, y & List (A), z E C(y
b ' E List{A)
d E C(nil) ,
tistrec(nil,d ,(x ,y,z)e(x , i , z = d & C(nil) :

= e(a ,b ,listrec(b ,d,( x , y ,z )e(x,r ,z) E
, a E. A
Similar rules could be gi ven for f i ni te trees and other induc-
tively defined concepts .
f & Ca .b)) =,C(c) . if we put g(c) _ listreb(c,d,(x ,y ,z)e(x,y , z)) ,
then f is the value of e(a ,b ,g(b ).

\
- 80 -
d(x,y,z) e G(sup(x,y
G(c) true
(V x E. A)(Yy e B(x) -- (Wx A)B(x
'Iv E B(xG(Ap(y ,v G(sup(x ,y) true
C E. (WXE A)B(x)
T(c,(x,y,z)d(x ,y ,z E G(c)
- 81 -
.W- el i mi na t i on
. (x e A, y e B(x) -+ (Wx e A)B(x), z E. (TTv E B(xC(Ap(y,v)
c E (Wx E A)B(x)
then it holds for sup(a,b) itself), then C(c) holds for an arbitrary
c E (Wx e A bit more formally ,
Now we resolve t hi s , the W-elimination rule . One of the
premisses is that G(sup(x,y is true , provided that x E A,
Y E B(x)-(Wx E A)B(x) and (Yv EB(xG(Ap(y,v is t rue . Letting
d(x,y,z) be the function which gives the proof of G(sup(x,y in
terms of x E A, Y E B(x) _ (Wx E A)B(x) and the proof z of
(Vv eB(xC(Ap(y ,v, we arrive at the rule
where T("c,(x,y,z)d(x,y,z is executed as follows . First execute c ,
which yields aup Ia j .b ) , where a e A and b e B(a) _ (Wx E A)B(x) . Select
the components a and b and substitute them for x and y in d , obtaining
. d(a,b,z). We must now substitute for z the whole sequence of previous
function values . This sequence is (AV)T{Ap(b,v),(x,y,z)d(x,y,z , be-
cause Ap(b ,v) E (Wx E A)B(x) (VE B(a is the function which enumer-
ates the subtrees (predecessors) of sup(a,b). Then
d(a,b,(Av)T(Ap(b,v),(x ,y,z)d(x,y,z)}) yields a canonical element
e E G(c) as value under the assumption that
T(Ap(b,v),(x,y,z)d(x,y,z E G(Ap(b,v (v e B(a .
c sup(a,b)
b B(a) - (Wx e A)B(x)
sup(a ,b) e (Wx E A)B(x)
a E A
W-introduction
From the explanation of what an element of (Wx E A)B(x) is ,. we
see the correctness of the elimination rule, which is at the same
time transfinite induction and transfinite recursion . The appropriate
principle of transfinite induction is: if the property
G(w) (w E (Wx E A)B(x is inductive (Le . if it holds f'or- ail pre-
decessors Ap(b,v) e (Wx E A)B(x) (v B(a of' an element sup Laj b ) ,
By the preceding explanation, the following rule for introducing ca-
nonical elements is justified:
Think of sup(a,b) as the supremum (least ordinal greater than ail) of
the ordinals b(v), where v ranges B(a).
We might also have a bottom clause, 0 E (Wx E A)B( x) for in-
stance, but we obtain 0 by taking one set in B(x) set (x EA) to be
the empty set: if a
O
E A and B(a
o)
: . No' then RO(y) E (Wx E A)B(x)
(y e: B(a
O
so that sup(aO ,(Ay)RO(y E. (Wx e A)B(x) is a. bot t om el-
ement .

is in C' , then we can buil d the successor oc ' :
(') if
- 83 _-
a ' E C;
is a sequence of ordinals in- 0 , the-n we can build the supremum
:
,( 2 ) if
We can give pictures :
So o will be inductively defined by the three rules :
d(x ,y ,z) " C(sup(x,y b e B(a) --.. (Wx E: A)B( x )
(x E A, y -" B(x) - (Wx "A)B(x) , z e (Ilv E: B(xC(Ap(y ,v)

= d(a,b ,(Av)T(Ap(b ,v),(x ,y ,z)d(x ,y ,z) E C(sup(a,b
a e A
W- equa l i ty
" set
Cantor generated the second number class from the initial ordinal 0
by applying t he f oll owi ng t wo principles :
" - format ion
( 1) given 01 E Cl , form the successor 0( ' e: CJ ;
( 2) gi ven a sequence of ordinals 0(0' 0(, ,0(2 ' ... i n 0 , form the
l east ordinal i n Cl greater than each element of the sequence .
- 82 -
i s co rrect .
Example (the first number class) . Havt"ng access to the W- ope r -
a tion and a family of sets B(x) (x e N
2)
such that B(02) = NO and
B('2) = N" we may define the first number class as ( Wx E N
2
) B( X)
instead of taking i t as primitive .
Example (the second number class) . We give here the rules for a
simple set of ordinals , namel y the s e t () of all ordinals of the sec-
ond numbe r class , and show how they a re obtained as i ns t ances of the
general r ul es for wel l or de r i ngs.
If we wri t e f(c) == T(c , (x,y,z)d(x,y,z , then, when c yields
sup(a,b), f(c) yields the same value as d(a,b,(Av) f(Ap(b,v) . This
explanation also shows that the rule
- 84 -
q
(Wx E A)B(x)_ ..... ( Vx E A)B(x) true.
(3 x E A) (Wx e A)B(x) true.
e (Wx EA)B(x) ,
- 85 -
To see this, assume x e A, y E -'B(x) and v E B(x). Then
Ap(y,v) NO =JL and hence RO(Ap(y,v E (Wx E A)B(x), appiying
the rule of NO-elimination. We now abstract on v to get
(AV)RO(AP(y ,v E B(x) (Wx A)B(x) and, by
sup(X,O,V)RO(Ap(y,v) E (Wx E A)B(x). Assuming z E (Ex E A) ...... B(x) ,
by t -elimination, we have
from which , by A-abstraction on z,
. .
:wher e B(x) (x E N
3)
is a family of sets such that B(03) = No ,
B(l;) = N
l
and B(2
3)
=N. Such a can be constructed by means
. of' t he universe rules.
Example (initial elements of wellorderings). We want to show
that, if at l eas t one index set is empty, then the wellordering
(Wx E A)B(x) is nonempty. Recall that we want to do it i nt ui t i on-
istically, and recall that A true is equivalent to A nonempty , so
that -.A true is equivalent to A empty . So our claim..is :
(AZ)E(z, (x,y)sup(x, ()W)RO(AP(y,v e 0:: x E A) ..... B(ic) __ (Wx E A)B(x) .
Assume x e A, y e B(x) - (Wx A)B(x) and z E. B(x) -- NO' Note that
We now want to show a converse . However, note that we cannot
have (Wx E A)B(x) - (3 x E A) oBex) true, because of the intuition-
i s t i c meaning of the existential quantifier. But we do have :
I
'
, -=..
1. - ..
C(sup(z true
(z E N--Cl, WE (Tln E N)C(Ap(z,n
f(z,w) E C(sup(z
(z E N-O, (Vn E N)C(Ap(z,n true)
C(c) true
C(x ') true
e(x,y) E C(x')
(x E 0, YE C(x
(x E C , C(x) true)
d E C( 0)
T(c,d,(x,y)e(x,y),(z,w)f(z ,w E C(c)
C(O) true
o-elimination
if we get a', then the va l ue is the value of
e(a,T(a,d,(x ,y)e(x ,y) ,(z,w)f(z ,w) ;
if we get sup(b), we continue by executing
f(b,(AX)T(Ap(b,x) ,d,(x,y)e(x,y),(z,w)f(z,w).
if we get 0 EO , the value of T(c,d,(x,y)e(x,y),(z,w)f(z,w
is the value of d E C(O);
whe r e the transfinite recursion operator T is executed as follows .
First , execute c. We distinguish the three possible cases:
canon; ca l e l ement of C(c) as result. In any case, we obtain a
It is now immediate to check that we can obtain all Cl -rules
(including Cl-equality, which has not been spelled out) as instances
of the W-rules if we put
C E C
where C(z) (z EO) is a property over 0 . Writing it with proofs,
we obtain
C E 0
Transfinite induction over 0 is evident, and it is given by
-_. .. - - _. .... -- .... - .. . .
- 86 -
- 87 ...
Universes
There are two possible ways of building a universe, i .e . to obtain
closure under possibly transfinite iterations of such operations .
Formulation a la Russell. Consider n, I: , .. . both as, set
forming operations and as operations to form canonical e lements of
So far, we only have a structure of finite types, because we
'ca n only iterate the given set forming operations starting from
I(A,a,b), NO' N, i ... and N a finite number of ' To strengthen
language, we can add transfinite types , which in our language
are obtained by introducing Recall that there can be no
set of all sets, because we are not able to exhibit once and for all
all possible set forming operations. (The set of all sets would have
to be defined by prescribing how to form its canonical elements, i.e.
sets . But this is impossible, since we can always perfectly well de -
scribe new sets, for instance, the set of all ,s e t s itself.) However ,
we need sets of sets , for instance, in category theory. The idea'is
to define universe as the least set closed under certain specified
set".f' or-mf.ng operations . The operations we have been using so f'ar- are :
(x e A)
Bf x ) set
A + B set
A set
A set B set
(Wx E A)B(x) set
(x E A)
B(x) set
N,set . N set
(L x E A)B(x) set
A set
(x e.A)
b, c E A
B(x) set
I(A,b,c) set
A'set
A'set
(Tl x E A)B(x) set
(\f)T(w,(x,y,z)Ap(z;Ap(f,x) E E A)B(x),
and, abstracting on w, we have
(\W){Af)T(w,(x,y,z)Ap(z,AP(f,x) e (Wx e A)B(x)- -.(Vx E A)B(x).
B(x) _ NO _ (Tl v e B(xC(Ap(y,v for C(w) == NO' so that we can
apply the rule of Assuming f E (nx ' E A)B(x), we have
Ap(f,x) E B(x), and hence also Ap(z,Ap(f,x E NO' Ap(z,Ap(f,x)
takes the role of d(x,y ,z) in the rule of W-elimination. So, if we
assume w E (Wx E A)B(x), we obtain T(w,(x,y,z)Ap(z,Ap(f,x) E NO'
Abstracting on f, we hage
l'
- 88 -
- 89 -
Ha,b,c) e U
T(i(a, b,c = I(T(a),b,c)
b e T(a)
C E T(a)
T(n, )
a E U
b e T(a) . c e T(a)
a e U
t he set U, the uni vers e . Thi s is i n r amified t ype t he ory .
Formulation a la Tarski . So ca l l ed because of the s i mi l a r i t y
between the family T(x)(x e U) below and Tarski's definition .
We use new symbols, mirroring (reflecting ) T1 , L , .. . , t o build the
of U. Then U.consists of indices of sets (like in
recursion theory) . So we will have the rules:
U-formation
a E U
b ( x) E U
(x EO T(a
a E U
T' ( u ) = U
T' (t (a T(a )
T(o) = N
a EO U
T(w( a ,(x)b(x) = (Wx E T(aT(b(x
.and so on .
u.e U'
a E U
a la Rus sell , T disappears an d I
we on y use
So the above rules are turned into:
t ( a) e U'
(xET( a
U s et
A e 'U
A set
n E: U
a E U b( x ) E U
w(a,(x)b(x E U
. U-formati on'
We co uld at .t hi S poi nt iterat e the process, ob t a i ni ng . a second uni-
ver.se U'wi th the two new intro.d:uction rules:
then a third U';
,
In
capital l e tte r s .
b E U a E U
T(a + b ) = T(a ) + T(b )
r--
b E U
a + b E U
a e U
(x E T(a (x E T(a
a e U b(x) E U a E U . b (x ) e. U
n (a ,(x )b(x e U T( rr ( a, (x )b(x ) (nx E T( a) ) T( b( x
( x E T(a (x E T(a
a E U b(x) E U a e U b Cx ) EO U
0" (a , (x Ib Ix ) E U T( a(a,bdb(x) (Lx e T(aT(b(x
U- i nt r oduc t ion
1- -
U an d T(x)(x E U) ar e by a simultan eous t r an sfini te i nduQtion,
whi ch, as usual , .c an be read off the f ollowing introduction ruies:
T(a) s et
U set
D .
'1
9
' \ .
- 90 -
(Wx e A)B(x) e U
- 9' -
(\Ix e N) true.
We use U-rules in the proof ; it is probably not possible to prove it
otherwise . From N set, e N, x EN we have x ' e Nand I( N,O,x ') set .
Now assume y I(N,O,x') . Then, by I-elimination, : x' e N. By U-in-
troduction , nO e U and n, eU. Then we define f(a) =R(a ,no ,(x ,y)n,) ,
so that f(O) : nO e U and f(a') : n, e U provided that a e N. From
: x' e N, we get, by the equality part of the N-elimination rule ,
R(O,nO,(x,y)n,) : R(x',no,(x,y)n,) U. But R(O,nO ,(x ,y)n,) : nO e U
and R(x ',no,(x,y)n,) : n, e U by the rule of N-equality . So , by symme-
try and transitivity, nO : n, E U. By the (implicitly given) equality
part of the U-formation rule , T(n
o)
: T(n,) ' Hence ; from T(n
O)
: NO
and T(n,) : N,,' NO: N,. Since 0, eN" we also have O, .E . N
O
' So
(AY)O, e I(N,O,x') -NO and (AX)(AY)O, E (Yx EN) -'I(N,O, x ') .
We remark that, while it is obvious (by reflect ing on its mean-
ing) that 0: a' EN is not provable , a proof of true
seems to involve treating sets as elements ift order :to def ine a pro-
posi tional function which is 1. on and T on a ' .
type theory .
Example (fourth Peano axiom). We now want to . prove t he fourth
Peano axiom, which is the only one not trivially derivable from our
rules. So the claim i s:
but it is not small. Using U, we ca n form t ransfini te t ypes (using a
recursion with value in U, for instance) .
The set V = (Wx U)T(x) (or , in the formulation a la Russell ,
simply (WX E U)X) has been used by Aczel'4 to give meaning to a con-
structive version of Zermelo-Fraenkel set theory via intuitionistic
'4 .
P. Aczel, The type theoretic interpretation of constructive
' s e t theory, Logic Colloquium 77, Edited by A. Macintyre , L. Pacholski
and J . Paris, North-Holland, Amsterdam , '978, pp . 55-66 . '
b, c eA .
(x Eo A)
B(x) E U
I(A ,b ,c) E U
A E U
N e U
(L x E A)B(x) U
A e U
(x e A)
B(x) e U
(x e A)
B E U
B(x) Eo U
A + B E U
A E U
A e U
A e U
(nx E A)B(x) E U
U-introduction
'3 J . Y. Gir.ard, Interpretation fonctionnelle et .des
coupures de l 'arithmetique d'ordre superieur, These, Universite .Pa r i s
VII, ' 972.
U i tself is not an elemnt of U. In fact, the axiom U E U
However, '3
leads to a contradiction (Girard's paradox ) . We say that a set A is
small , or a U-set , if it has a code a E U,that is, 'if there is an
element a E U such that T(a) A. generally, a family
(
is said'to small
A(x" . " , x
n
) (x, E A" . . , x
n
e An x" .. . ,x
n_,
provided A(X, , '" , x
n
) : T(a(x, , " .,x
n
(x, E A" ... , .
x e A (x,, ,x , for some indexing function a(x" ... ,x
n)
..e:y
n n n- . /
(
E A x e A (x .. . x . So the category of small sets
x, -: , " .. , n n' , , n-' ' .
i s closed under the oper.ations E., n , etc. U is a perfectly good . set,