Realizability, Set Theory and Term Extraction

0 downloads 0 Views 513KB Size Report
This gives rise to very special problems since a formal study of such an ontology and ... issues). Set theory was seen from its early days as a candidate for placing much of ...... [104] Scedrov, A. [1981], “Consistency and independence results in ...


Realizability, Set Theory and Term Extraction In Memoriam Stephen Kleene James Lipton Dept. of Mathematics † Wesleyan University Middeletown, CT 06459

Contents 1 Introduction

1

2 Axioms, and the “Na¨ıve” Theory 2.1 Justifications of some of the choices and omissions of ZF-axioms . . . . . . . . . 2.2 Powell Ordinals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7 8 9

3 Recursive Realizability Interpretations 3.1 Abstract Applicative Structure . . . . . 3.2 Realizability . . . . . . . . . . . . . . . . 3.3 Soundness for IZF . . . . . . . . . . . . 3.4 Term Extraction . . . . . . . . . . . . . 3.5 Strong Intuitionistic Counterexamples . 3.6 Some famous “nonstandard” consistency 4 Forcing in Constructive Set 4.1 Kripke models over V (K) 4.2 Soundness of IZF Axioms 4.3 Examples . . . . . . . . .

Theory . . . . . . . . . . . . . . .

. . . . . .

16 16 17 20 21 24 25

(Unramified) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26 26 27 29

. . . . . . . . . . . . . . . . . . . . results

5 Ω-sets, Categories and Toposes 5.1 From Kripke Models to cHa’s . . . . . . . . 5.2 Logic in a cHa, Ω-sets . . . . . . . . . . . . 5.3 Presheaves, Sheaves and Topoi . . . . . . . 5.4 Logic in a Topos: three views . . . . . . . . 5.4.1 The Mitchell-Benabou Language . . 5.4.2 Kripke-Beth-Joyal Semantics . . . . 5.4.3 The Fourman-Hayashi interpretation 5.5 PERs and the Effective Topos . . . . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . . . .

34 34 35 39 43 46 48 51 53

A A sketch of Kleene’s 1952 realizability interpretation A.1 Realizability for HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

58 58

B APP and the logic of partial terms

59

∗ To

. . . . . . . . . . . . . . . . . . . . . . . . of IZF . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

appear in The Curry-Howard Isomorphism: 8-`eme volume des cahiers du centre de logique de l’Universite Catholique de Louvain. † This work was partially supported by ONR grant 4331-001-srp-01

1

1

Introduction

For most of this century, set theory has enjoyed the reputation of a universal language for mathematics, a reputation perhaps increasingly shared with (and even ceded to) categorical foundations. Can we expect comparable utility for computer science? In computer science, constructive formal systems based on type theory, or on the Curry-Howard isomorphism have become increasingly widespread for program development and language design. These systems seem to be inherently more constructive than set theory, and more amenable to syntactic analysis. But a good look at many topics set theory reveals that there is nothing intrinsically nonconstructive about sets. Many operations with sets are natural from a computational point of view. Over the past thirty years the features of a truly constructive type-free set theory have begun to emerge, first in the pioneering work of Myhill and Friedman, and since then of many others: Scedrov, Aczel, Hyland, Feferman, Grayson, Powell, to name a few. An almost parallel endeavor in the study of category-theoretic generalizations of the universe of sets, known as Toposes, began in the 1960’s with the pioneering work of Lawvere, Tierney, Freyd and many others. These two lines have merged in the past ten to fifteen years, so that one can broadly speaking call them both approaches to a constructive set theory, although categorical studies are closer to the typetheoretic approaches in flavor. Both lines will be surveyed here, as approaches to constructive set theory in the broadest sense.

Is “∈” dead? How relevant is the study of set theory being considered here, that is to say the study of the family of ontologies in which the membership relation plays a basic role? It is the author’s belief that while “set-theory-as-foundations” no longer reigns today, sets continue to play an important role in computation and logic as a data type, and as a powerful semantical framework for analyzing calculi and constructive mathematics. Set-theoretic notions are very much alive, and their constructive formalizations deserve to be better understood, and by a wider community, than they are today. It is worth stressing that in “alternative foundations” such as type theory, there has been extensive study of sets as a data type (in, e.g. Martin-L¨ of type theory, Calculus of Constructions) and of the connections between various constructive set theories and type theories (see e.g. Aczel’s [1] and also [118, 8] for further discussion). Whereas classical set theory has been shown inadequate for providing standard1 interpretations of polymorphic type disciplines [95], constructive set theory does admit such an interpretation [94]. Also, vis-` a-vis the latest and most sweeping turn in foundations in Computer Science, namely the advent of Category theory, set theoretic concepts remain a significant subject of study. A great deal of work has been done done to capture a more abstract notion of set within category theory itself. As mentioned above, Topos theory, which has been a central field in category theory for close to 30 years, studies categories with enough structure to permit formalization of (local) set-theoretic notions such as membership and power-set. Certain toposes with stronger closure properties (Grothendieck toposes) have been shown to admit a global (uniform across all individuals) notion of membership, and provide categorical models of type-free constructive set theory. More general notions of membership and powerset underlie an important class of structures (hyperdoctrines) called triposes. We will touch upon many of these approaches, but we begin, however, with a thorough study of the conventional (constructive) theory of ∈ as formalized in intuitionistic Zermelo-Fraenkel set theory, or IZF. ZF and relatives As suggested by Beeson in [8] two possible approaches to formalizing a constructive set theory are to define an intuitionistic theory from the ground up, or to “correct” 1 i.e.

where inhabitation “ : ” is interpreted by “∈”.

2

existing classical ontologies until one is “safe in intuitionistic territory”. The latter approach, which aims to save some of the desirable features of the classical ontologies, is exemplified by such type-free theories as CZF and IZF, explored by Myhill and Friedman in the early 1970’s 2 and by many others since then. This derived character makes constructive ZF-like set theories an unusual subject, seemingly halfway between two worlds. They have some of the appearance of the powerful, descriptive foundation of classical mathematics found in ZF. Shorn of the excluded middle and a few other “dangerous axioms”, they turn out to be closer that one might first suspect to the typed, computational, guardedly constructive theories often studied for computer science applications, such as Martin L¨ of’s type theory, Coquand’s Theory of Constructions [21], etc. Metamathematical issues Before exploring the theory, a few general remarks are in order. We will not go into the general motivation for ZF set theory here3 although the axioms are briefly presented and discussed in the first section of the paper. We assume that the reader has seen the elements of some axiomatic presentation of set theory (if not, an excellent discussion can be found in Johnstone’s lecture notes [56]) Nonetheless, let us highlight a few, perhaps obvious points. First, the study of Set Theory, like that of a few very special theories (Constructions, MartinL¨ of Type theory, etc.) is special in one respect: it is an ontology, i.e. a proposed mathematical universe. This gives rise to very special problems since a formal study of such an ontology and its semantics is often done within the theory itself, or at least within a similar one: we do not wish to postulate a new notion of universe for the sole purpose of studying our picture of the world4 . Different foundations have special devices for doing this sort of self-study, e.g. universes in Martin-L¨ of’s Theory5 . Because of its type-free, impredicative nature, in developing set theory we must also take special care in defining the right notion of models and meta-mathematical machinery, to avoid paradoxes (see [67] for an excellent discussion of the metamathematical issues). Set theory was seen from its early days as a candidate for placing much of known mathematics within a single metamathematical framework. Despite the paradoxes and some of the problems one faces in defining and dealing with cardinality, choice, proper classes, etc., it must be remarked that the world that Cantor built, and which Zermelo and others formalized, has been remarkably successful. Many mathematicians still view set-theoretic language in practice as a kind of machine-code for mathematics, as well as a testing ground for the accuracy of one’s notions: “if you can’t define it in set theory, it isn’t a well-defined idea”. It is probably misguided to think of set theory as an absolute foundation for mathematics, and equally misguided to think that any one ontology can play such a role for Computer Science. D. Scott has remarked that it may be the business of logicians in computer science today to construct ontologies in the plural, depending on the application. But set theory remains one of the more powerful ontologies, and its sweeping expressive power makes the prospect of a truly computational set theory attractive for computer science. A type-free theory for higher-order term extraction. Set theory is a first-order theory: we never quantify over formulas. But it is capable of formalizing higher order theories in a natural way, since what we usually mean by quantifying over all functions, say, on the natural numbers ∀F : N → N (. . . ψ(F ) . . . ) 2 The

earliest papers on the subject known to the author were presented at the “Intuitionism and Proof Theory” Symposium, in Buffalo, 1970, and later at the 1971 Cambridge Summer School in Mathematical Logic [88, 89, 36] 3 See [118, 8] for a comparative discussion of different classical and intuitionistic set theories. 4 We may then have to postulate yet another one for validating the second one. This possibility of infinite proliferation of meta-worlds was –in essence– pointed out over two thousand years ago by Aristotle. 5 which have been exploited for reflection in the Nuprl system, see e.g. [19]

3

can be expressed in set theory as ∀x(f uncN (x) → . . . ψ(x) . . . ) where f uncN (x) is the statement that x is a function from N to N , i.e., a set of ordered pairs hn, mi ⊆ N × N with the usual properties. In this sense, studying set theory is studying one way of formalizing higher order reasoning. Thus, a suitably constructive development of the subject might provide us with an ontology which is computationally useful, and where we can place a discussion of numbers, reals, sets of reals, sets of sets of reals, functions, etc., on the same footing, via a universal data type of sets. But what do we mean by suitably constructive? This depends on the applications one has in mind. I am partly guided here by projects like Nuprl, PX, Coq, Alf, Ergo, etc. (see e.g. [20, 48]) that permit the automatic extraction of algorithms from proofs. One of the aims of such systems is to produce algorithms which are guaranteed to be correct 6 , i.e. to satisfy a given specification. A specification is a logical description of a property to be satisfied by the input-output values of the algorithm. For example, a function f that computes the greatest proper divisor of its inputs satisfies ∀xψ(x, f (x)) where ψ(x, y) is the formula div(y, x) ∧ (∀z)(div(z, x) → z ≤ y) We will consider a specification of this function to be the formula ψ(x, y) together with a proof of totality of the specification, meaning a proof of the formula ∀x ∈ N ∃y ∈ N ψ(x, y) in some formal system. Term extraction refers to an automated procedure for producing –given the specification– an algorithm that computes such a function in a given programming language. In a system based on automated term extraction one programs by building proofs in a certain formal system. This means that one substitutes the possibly painful task of proof construction within a (possibly quite rigid) formal system for that of writing code in one’s favorite programming language: not necessarily a pleasant discipline, but a price one pays for the guarantee of correctness. 7 Systems based on type theory have proven very useful for term extraction, but the rigidity of typing (which offers many benefits, to be sure) makes it difficult to pass between concepts at different type-levels. Considerable work must sometimes be done to get around this, and move freely between e.g. sets of individuals and individuals. Since type-free set theory makes no formal distinction between different levels, it is of interest to develop a term extraction system based on such a theory.

What does it mean to be constructive? We assume here that the reader has encountered at least an elementary exposition of constructive principles, and in particular some notion of constructive proof8 . We briefly recap some essential points, making no claim to be comprehensive. There are today many schools of thought that voice adherence to some notion of intuitionism (and our own presentation of set theory does not attempt to follow any specific tendency). Nonetheless, certain points of view are common to most. We can think of the conceptual origin of constructivism as a critique of certain kinds of arguments that began to appear in 19th and 20th century mathematics. Such arguments included proofs by contradiction of the existence of certain mathematical objects (e.g. numbers, roots of 6 up

to the point, of course, that the system implementation has been painstakingly proven correct! practice is quite another issue here: often one wants to incorporate “validated” code in the library into code extracted from proofs. Also one may wish to partially automate the most repetitive parts of proof construction, or write code to manage large libraries of theorems and lemmas, and make it possible to hide trivial fragments of proofs from the user.(see e.g. [19, 20]) Building a system that does this in an efficient and useful way is as much or more of an engineering challenge as devising the right formal system is a mathematical one. 8 If not, we recommend [23] for a quick introduction, [118, 25] for a more thorough one, and for further references, and [26] for a detailed discussion of the philosophy and metamathematics of intuitionism. 7 Engineering

4

equations, points in a space, functions). Inspection of these proofs showed that they supplied neither the objects whose existence they purportedly established nor the means for computing them. To cite one example: a certain fixpoint theorem states that a continuous function f from the unit disk {(x, y) : x2 + y 2 ≤ 1} in the real plane to itself must have a fixpoint, that is to say, there must be an x in its domain for which f (x) = x. Inspection of the customary proof of this theorem9 shows that it derives absurdity from the supposition that such a fixpoint does not exist. No means of computing such a fixpoint is to be found in the proof . The constructivist critique resulted in rejection of such an argument as a proof of an existential assertion. The use of such principles as ¬¬A → A or A ∨ ¬A was found to be responsible for the unwarranted conclusion. In fact, from this perspective, the true conclusion of the fixpoint theorem is ¬¬∃x f (x) = x, which is weaker. It would be inaccurate to say that constructivist critique can be reduced to a question of restricting the allowable means of inference, or even that it is an inherently logical critique. 10 Nonetheless, it ultimately led to a recasting of the proof theory and semantics of logic itself. Gentzen (see e.g. [99, 118, 25]) defined several formal systems for carrying out intuitionistic reasoning. Heyting and others came to spell out a constructivist restatement of the meaning of the logical connectives, which underlies both the Curry-Howard and the Realizability approaches, and which we briefly sketch here. It is known, in one form or another, as the Brouwer-HeytingKolmogoroff interpretation (see, e.g. [8, 118, 25]). We restate it here in terms of evidence, a formulation inspired by [18]. • Evidence for A ∧ B is given by supplying evidence for A and evidence for B. • Evidence for A ∨ B is given by supplying evidence for A or for B and some indication of which one is involved (and possibly an indication of the fact that it is to be regarded as evidence for A ∨ B). • Evidence for A → B is given by supplying a rule or procedure that constructs evidence for B from evidence for A. • Evidence for (∃x)A is given by supplying a “witness” c from the intended domain of the variable x and evidence that A(c) holds. • Evidence for (∀x)A is given by supplying a rule or procedure that constructs evidence for A(c) from each individual c in the domain of the variable x. The reader should think of this more as statement of principle than a definition. It leaves unspecified the meaning of the words “rules”, “procedures”, “constructs”, “domain” and it does not state what constitutes evidence for an atomic proposition! The reader may replace “evidence” by the word “proof”, and in the process make a step towards natural deduction, type theory and the Curry-Howard isomorphism. If the intended domain is the natural numbers, the language h+, ×i, and if rules or procedures are read as algorithms, evidence as some sort of finite code (e.g. a number) and e.g. any number is considered evidence for a true atomic proposition, one has virtually defined Kleene realizability, as described in the appendix. Note, however, that if one lets “rule” mean an arbitrary function and uses classical reasoning, the interpretation is sound for classical logic! In fact given a classical Tarski model M if we declare atomic formulas to be realized by all the natural numbers if true in M, and by nothing if false, then a proposition has evidence if and only if true in M (see [118], introduction). So these precepts do not pin down constructive reasoning, they merely provide a way of carrying one’s intuitively acceptable notion of rules and construction into an interpretation of logic. 9 due

to Brouwer himself, and ultimately rejected by him. the originator of intuitionism, certainly never felt that formal systems had much to do with intuitionistic mathematics. We urge the reader to consult the first chapter of [118] for an outline of the different schools and the sources mentioned for a further discussion. 10 Brouwer,

5

Realizability and ZF For readers familiar with constructive mathematics or with other intuitionistic formal systems, the idea of carrying such an eminently non-constructive theory as Zermelo-Fraenkel set theory over into a constructive, or even computational domain may seem misguided. Nonetheless, some features of IZF are not entirely unreasonable for such a domain. As stressed by many authors (see e.g. Shoenfield’s discussion in [107]), ZF can be thought of as a theory issuing from an iterative, stratifiable, and hence in a (very weak) sense, constructive picture of the mathematical universe. One can think of the world as being built in stages corresponding to ordinals. Every set has an ordinal rank which one can think of as a time stamp indicating when the object was created, and which objects had to already exist prior to its creation. The restriction of fragments of classical ZF to intuitionistic arguments retains many of these features, while removing some of the ones that prove incompatible with the constructive standpoint. But the fundamental interest in throwing out classical axioms is to obtain new consistent extensions. New, “highly non-classical” interpretations are now available. It is these interpretations that are of interest computationally, far more than the theory itself. One aim of our study is to show that inherently computational semantics of the entire ontological framework –the realizability interpretations– are now possible. In some of these interpretations, certain strongly non-classical principles are seen to hold: all total functions from N to N are recursive, all total, real-valued functions on the reals are continuous. Within certain limits, the body of results known as recursive mathematics, (that is to say the development of recursive versions of the main results in Algebra, Analysis, Topology, starting with Turing, the Russian Constructivist school, Nerode, Metakides, etc., see e.g. [8, 22]) can be understood to be what takes place within a realizability interpretation (see e.g. remarks in [52]), although efforts to exploit this in a systematic way have as yet been limited (see e.g. Scedrov’s article in [102]). To sum up, IZF and related constructive systems, viewed within the realizability interpretations, provide a powerful formalism for synthesizing correct algorithms from proofs of totality of recursive specifications that use the full, impredicative apparatus of IZF, and the same specification language found in ordinary mathematical practice. Realizability in IZF is an after-the-fact computational analysis of proofs and propositions, a bit like typing untyped expressions: it amounts to a systematic wringing out of recursive content.

Organization of these notes We start with an exposition of the basic theory: the axioms, and the way semantics (of different kinds) are formalized within the theory. We supply most of the details in proofs at the beginning, to make the early exposition as close as possible to being “self-contained”. We also feel that the reader benefits more from a close look at one or two developments than a catalogue of the many systems that now bear the name “constructive set theory” and which can be found in the references. The final section is devoted to a sketch of several ways of interpreting (typed and untyped) constructive set-theory categorically. It is intended more as a guide to the ideas and the literature than an exposition, which would require a book length treatment, and for which some excellent references exist (see e.g. [77, 33, 68, 58, 92]). There is more emphasis here on the tools, which have become central to the field and to theoretical computer science, and the approach is primarily semantical. We conclude our discussion with an outline of the effective topos and related models.

6

2

Axioms, and the “Na¨ıve” Theory

We will now give the formal axiomatization of Intuitionistic Zermelo-Fraenkel Set Theory, IZF, and several related theories, here denoted IZF0 and CZF. Except where the demands of intuitionism require modification, the axioms are identical to those of older classical theories: IZF and variants of KP set theory (in fact they are all classically equivalent to their parent theories). It is in the restriction of the logic that this theory becomes constructive. The excluded middle (LEM) may not be used. Let us underscore the fact that the theories considered here are all extensional : two sets are equal precisely when they have the same elements. Intensional theories are also of computational interest and are studied in e.g. [8], where a coding, due to Friedman, of extensional set theory into intensional is also discussed. A more detailed discussion of these axioms can be found in [83], op.cit. and [8] and [89] .

Axioms of IZF, IZF0 and CZF (1) Extensionality ∀x, y∀z(z ∈ x ⇐⇒ z ∈ y) → x = y Two sets are equal iff they have the same elements.

(2) Pairing ∀x, y∃z∀w(w ∈ z ⇐⇒ w = x ∨ w = y) If x and y are sets then there is a set {x, y} consisting of precisely the members x and y.

(3) Union ∀x∃z∀w(w ∈ z ⇐⇒ ∃y ∈ x · w ∈ y) S x exists.

(4) Power ∀x∃z∀w(w ∈ z ⇐⇒ ∀y ∈ w · y ∈ x) The power set of x, P(x) ≡ {y : y ⊆ x} exists.

(5) Infinity ∃x(∃y(y ∈ x) ∧ (∀y)(∃z)(y ∈ x → z ∈ x ∧ y ∈ z)) There is an infinite set: i.e. an inhabited set x whose every member y is a member of another member of x.

(6) Separationϕ ∀x∃z∀w(w ∈ z ⇐⇒ w ∈ x ∧ ϕ)

z not free in ϕ

The collection of members of a given set having a certain (first-order) property is a set: If ϕ is a formula, and x is a set, then there is a set consisting of all members of x for which ϕ holds, usually denoted {w ∈ x : ϕ}.

(60 ) Bounded Separationϕ ∀x∃z∀w(w ∈ z ⇐⇒ w ∈ x ∧ ϕ) The same, but only for properties definable by bounded quantification: ϕ must be a ∆01 formula.

(7) Collectionϕ ∀x[(∀y ∈ x∃zϕ) → ∃W ∀y ∈ x∃z ∈ W ϕ]

W not free in ϕ

If every member of a given set x has a first-order definable collection of associated elements, then there is a set W containing at least one of these associates for each member of x.

(70 ) Replacementϕ ∀x∀y ∈ x∃!zϕ → ∃W ∀y ∈ x∃z ∈ W ϕ A functional image of a set is a set.

(8) ∈-Induction ∀x[(∀y ∈ x ϕ(y)) → ϕ(x)] → ∀xϕ(x) Analog to induction on numbers: If a property holds for any set whenever it holds for its members then it must hold for every set.

IZF is the unprimed set of axioms (1) through (8), IZF0 is (1) - (6), (70 ) and (8), CZF is (1) (5), (60 ) (70 ) and (8). The theory we shall be most concerned with here is IZF. However, in certain regards, IZF 0 , CZF are the more constructive theories: they have the existence property EP and the disjunction

7

property DP11 while IZF does not. EP for CZF was shown by Myhill in 1975. The failure of EP in IZF was established by Friedman and Scedrov in [38]. Our decision to take IZF as the first ontology to study is based on the following property: IZF is strong enough to formalize and establish soundness of (the standard) semantics for set theory, i.e., it is self-validating: 1. IZF ` “cHa semantics are sound for IZF”

(see Grayson 1977 paper [44]).

2. IZF ` “forcing and sheaf semantics are sound for IZF” Fourman, 1980 [31]), and section 4, below. 3. IZF ` “realizability is sound for IZF”

(see e.g., Grayson, op.cit.,

(McCarty, 1984 Ph.D. Thesis [83]).

(2) and (3) will be shown in some detail below. IZF0 is not known to have the corresponding self-validation property.

2.1

Justifications of some of the choices and omissions of ZF-axioms

Why is the foundation axiom stated in terms of -induction, rather than in the traditional way: “every set has minimal members”? Because this statement of foundation would give us back all of classical set theory! Lemma 2.1 (Myhill) “Classical Foundation” (≡ Every inhabited set has an ∈-minimal element) ⇒ LEM (the law of the excluded middle), i.e., CF

(∀z)[∃x(x ∈ z) → (∃w)(w ∈ z) ∧ ∀t(t ∈ w → t ∈ / z)]

gives us back every instance ϕ ∨ ¬ϕ of the excluded middle. proof: Assume “classical foundation” (CF), and let S = {x|(x = 0 ∧ ϕ) ∨ x = 1} where 0 = {}; 1 = {0}. This set is often written {0dϕ, 1}, the set of “0 when ϕ, 1”. We will use such sets often. The reader accustomed to classical set theory may want to think of S as a nonstandard subset of {0, 1}, which classically must be either {1} or {0, 1}, but intuitionistically must be thought of as neither (in general). Since 1 ∈ S we have some so ∈ S which is minimal, i.e., ∀t(t ∈ so → (t ∈ S →⊥)). Now so ∈ S → (so = 0 ∧ ϕ) ∨ so = 1. Suppose so = 0 ∧ ϕ. Then ϕ, hence ϕ ∨ ¬ϕ. Suppose, on the other hand so = 1, then ∀t(t ∈ 1 → (t ∈ S →⊥)) and, in particular, 0 ∈ 1 and 0 ∈ 1 → (0 ∈ S →⊥), so 0 ∈ S →⊥, i.e., (0 = 0 ∧ ϕ) →⊥, forcing ϕ →⊥ i.e., ¬ϕ hence ϕ ∨ ¬ϕ. So, for any sentence ϕ, IZF ` CF → ϕ ∨ ¬ϕ. Notice that only the axioms of Separation, Union, Extensionality and Pairing were used in the proof. Why the absence of Choice? Definition 2.2 Define AC to be the axiom ∀S(∃x ∈ S → (∃f : S →

[

S)(∀x ∈ S)(f (x) ∈ x))

11 the Existence and Disjunction properties for a theory T over a language with closed terms state: T ` ∃xϕ(x) ⇒ T ` ϕ(a) for some closed term a, and T ` A ∨ B ⇒ T ` A or T ` B. They have long been regarded as fundamental criteria of constructivity of a theory. (See [118]). In the absence of closed terms, as in IZF, the existence property must be stated in terms of a formula D(x) whose extension is precisely a singleton set {a} i.e T ` ∃xϕ(x) ⇒ there is a formula D(x) such that T ` ∃xD(x) and T ` ∀x D(x) → ϕ(x) ∧ ∀x, y(D(x) ∧ D(y) → x = y).

8

Lemma 2.3 (Diaconescu, 1975) IZF ` AC → LEM. i.e. Choice gives us back all instances ϕ ∨ ¬ϕ of the Law of the Excluded Middle. In fact, inspection of the proof shows Separation + Union + Extension + Pairing + AC ` LEM Proof: Let S = {{0dϕ, 1}, {1dϕ, 0}} i.e., S = {a, b} where: a = {x|x = 0 ∧ ϕ or x = 1}

b = {x|x = 1 ∧ ϕ or x = 0}

S and assume there is a choice function f : S → S such that (∀x ∈ S)f (x) ∈ x. Then, it is easy to see that (f (b) = 1) ∨ (f (a) = 0) ∨ (f (b) = 0 ∧ f (a) = 1). We consider each case. case 1: f (b) = 1. Then 1 ∈ b, so (1 = 1) ∧ ϕ or 1 = 0 (1 = 1) ∧ ϕ → ϕ (1 = 0) → ϕ (by ⊥→ ϕ) so we get ϕ. case 2: f (a) = 0. Then ϕ. case 3: f (b) = 0 ∧ f (a) = 1. In this case, we obviously have f (a) 6= f (b), so, in particular, a 6= b since by hypothesis f is a function 12 . But a 6= b → ¬ϕ, since ϕ → (0 = 0 ∧ ϕ) ∧ (1 = 1 ∧ ϕ), which implies that a and b are both the set {0, 1}, hence a = b, and therefore, in all cases ϕ ∨ ¬ϕ. So we can’t allow choice in without getting back classical logic. Remark: The countable axiom of choice (for ω, the natural numbers) does not give us so much trouble: ACω,ω (∀x ∈ ω)(∃y ∈ ω)ϕ(x, y) → (∃f ∈ ω ω )(∀x ∈ ω)ϕ(x, f (x)) holds in many non-classical models of IZF13 including the realizability model, as we shall see below, but it is not a theorem. (See Fourman’s [31].) The technique shown above to “refute” AC and CF is known as the method of weak counterexamples, i.e., a proof that IZF ` ϕ → LEM is called a weak counterexample to ϕ. We still need to show IZF 6` LEM (e.g., using cHa models, non-Boolean toposes, or Realizability interpretations) to establish that ϕ is not a theorem of IZF. But first: a few more topics in “naive IZF”

2.2

Powell Ordinals

Definition 2.4 An ordinal is a transitive set of transitive sets, i.e., def

ON (α) ≡ (∀x ∈ α)(T rans(x)) ∧ T rans(α) where T rans(x) ≡ ∀z∀w(z ∈ w ∧ w ∈ x → z ∈ x). 12 i.e.,

to be precise: f unc(f, D, E) ≡ ∀x∃y(x ∈ D → y ∈ E ∧ hx, yi ∈ f ) ∧ ∀x∀y∀z(hx, yi ∈ f ∧ hx, zi ∈ f → y = z) so: f (a) 6= f (b) means we must have ∃z∃wha, zi ∈ f ∧ hb, wi ∈ f ∧ z 6= w and also a = b → ∀z∀wha, zi ∈ f ∧ hb, wi ∈ f → z = w, hence f (a) 6= f (b) ∧ f unc(f ) ` a = b →⊥ 13 so we don’t have AC ω,ω ⇒ LEM.

9

Observe that: ON (α) ∧ z ∈ α → ON (z). The following “positive” and “negative” results may help elucidate the preceding definition, apparently first put forth as a candidate for ordinals in constructive set theory in Powell’s ([97]).

“Negative” Results Definition 2.5 An ordinal α is decidable if ∈ is decidable in α, i.e., ∀β, γ ∈ α(β ∈ γ ∨ β ∈ / γ). α is trichotomous if ∀β, γ ∈ α(β ∈ γ ∨ γ ∈ β ∨ γ = β) The reader can establish by ∈-induction that the two properties are equivalent. Lemma 2.6 All ordinals decidable ⇒ LEM. Proof: Consider α = {0, {0dϕ}}, where ϕ is an arbitrary sentence. α is an ordinal since x ∈ y ∈ α ⇒ x ∈ 0 ∨ x = 0 ∧ ϕ ⇒ x = 0 ⇒ x ∈ α. Suppose y ∈ α. Then y = 0 ∨ y = {0dϕ} • if y = 0 then y transitive (vacuously). • if y = {0dϕ} and w ∈ x ∈ y then x = 0 and w ∈ 0 so w ∈ y, so y transitive. Now suppose α were decidable: γ, β ∈ α → γ ∈ β ∨ γ ∈ / β. Then 0 ∈ {0dϕ} ∨ 0 ∈ / {0dϕ} Hence ϕ ∨ ¬ϕ. Definition 2.7 For α an ordinal, the successor of α, called α+1

( or α+ )

is defined to be the set α ∪ {α}. An ordinal α is a weak limit if ∀β ∈ α∃γ ∈ α(β ∈ γ)) Note that α+ is an ordinal: x ∈ y ∈ α+ ⇒ x ∈ y ∈ α ∨ x ∈ y = α hence x ∈ α so x ∈ α+ . Therefore α+ is transitive. Its members are α or members of α, hence they are also transitive. Lemma 2.8 The following imply the excluded middle: 1. α ⊆ β → α ∈ β ∨ α = β 2. α ∈ β → α+ ∈ β ∨ α+ = β

( take α = {0dϕ}, β = {0}) (try α = 0, α+ = {0}, β = {0, {0dϕ}})

3. Every ordinal is 0 or a successor or a weak limit. proof: Let α = {0,S{0dϕ}} (shown an ordinal in the proof of lemma (2.6)). Then α 6= 0. α a successor ⇒ α = β {β} ⇒ β ∈ α, so β = 0 ∨ β = {0dϕ} − β=0⇒β

S

{β} = {0} ⇒ α = {0} ⇒ ¬ϕ

− β = {0dϕ} ⇒ β

S

{β} = {0dϕ, {0dϕ}} ⇒ ϕ

α a weak limit ⇒ 0 ∈ {0dϕ}, hence ϕ. Thus, in all cases, we have ϕ ∨ ¬ϕ.

10

The preceding lemmas show that if we wish to retain the constructivity of our set theory, we cannot hope to preserve such familiar features as the linear ordering of ordinals, nor, more importantly, can we induct on the traditional ordinal cases of successor and limit. So what are ordinals good for in IZF? A lot. They supply us with a non-linear but useful ranking of the universe and with a case-less transfinite induction, We thus retain many of the hallmarks of classical ZF. The following results make this precise. “Positive” Results Perhaps the main justification of the Powell Ordinals and the formulation of foundation that IZF retains is that: ∈-induction ⇒ transfinite inductive definitions on ordinals that do not make case distinctions work in IZF. in a way made precise in the indictive definability theorem below. Note that in the statement of the theorem we use the informal term class function below to denote a formula which is functional for all arguments in its domain, but is not necessarily a set, for reasons we briefly discuss here. We remind the reader that certain “large collections” such as that of all sets (to be called “V” below), cannot be counted as sets, by an argument due to Russell (1906) and known as Russell’s paradox. This runs as follows. If {x : x = x} is a set, then by separation (and validity of x = x), so is {x : x ∈ / x}. But the reader can check that ({x : x ∈ / x} ∈ {x : x ∈ / x}) ⇐⇒ ¬({x : x ∈ / x} ∈ {x : x ∈ / x}) From A ⇐⇒ ¬A one easily derives falsity, for any A, just in intuitionistic propositional logic. As just mentioned, we use the letter V to denote the “standard model” of all sets, which is something of a fiction, but one we will have to live with until more semantic notions have been developed. V is officially a formula V (x) whose extension is “all sets”, for example V (x) ≡ x = x. Thus, officially, the statement “x ∈ V ” is a euphemism for V (x). Submodels M of V will be formulas that restrict the choice of x. Properties are then said to be “true in M” if they hold when their quantifiers ∀x, ∃x are relativized to M, that is to say, replaced by ∀x ∈ M , ∃x ∈ M . The reader may want to think of these classes informally as worlds, i.e. models according to the reader’s notion of model, perhaps a set or Kripke model interpreting  as a binary relation. 14 Since we have not yet developed the model theory we proceed formally in terms of formulas as models. The ranked universes we will define several times in this article (once we have established the validity of transfinite inductive definitions) are themselves formulas, however these actually denote sets, as can be readily seen applying power set, collection and -induction to the inductive definition of the hierarchy. Thus the reader may think of these semantics in terms of ranked set-theoretic approximations to the “totality” of the world of sets. We begin by giving an informal statement of the inductive definability theorem. The formal statement of the theorem follows immediately after. Theorem 2.9 (Inductive Definability) Let A be a set, ON the ordinals, G a “class function” V × A × V → V . Then there is a unique class function F : ON × A → V such that 14 The metamathematical issues here are delicate. We cannot prove that a set-model of IZF exists within IZF by G¨ odel’s second incompleteness theorem. We refer the reader to appendix 3, ch. 1 of [67] for an excellent, precise discussion of the issues in a classical context. A constructive outlook poses even greater challenges. A radical constructivist would challenge the existence of mathematical objects independent of their construction, and would not accept anything like a mathematical object containing “everything”. The reader must proceed according to his or her own intuitions!

11

(1)

(∀α ∈ ON )(∀x ∈ A)F (α, x) = G(α, x, (F  α, x))

where F  α, x = {hx, β, F (β, x)i : β ∈ α}. The formal statement of this is perhaps a bit less readable: assume ϕG is a formula such that ∀a ∈ A∀y∀z∃!wϕG (a, y, z, w)

(2)

Then we can construct a formula U such that the following holds (3)

(∀α ∈ ON )(∀x ∈ A)(∀z)[U (α, x, z) ⇐⇒ ϕG (α, x, {hx, β, wi|β ∈ α ∧ U (x, β, w)}, z)]

and ∀α∀x ∈ A∃!zU (α, x, z) and, if W (α, x, z) satisfies (3) when substituted for U then (∀α ∈ ON )∀x z W (α, x, z) ⇐⇒ U (α, x, z). Intuitively, f is built by taking ordinal-bounded approximations to the class function. We show existence and uniqueness by ∈-induction. The arguments are the same ones used in classical ZF but with some care taken not to invoke ordinal case distinctions in our induction. Definition 2.10 Let A and G be as in theorem (2.9) and δ an ordinal. We define a δ- approximation (to G on A) to be a function f with domain δ × A satisfying DAG (f, δ, A) , which is the formula (4)

(∀x ∈ A) (∀α ∈ δ) f (α, x) = G(α, x, (f  α, x)).

Lemma 2.11 If g is a δ-approximation and g 0 a δ 0 -approximation then (suppressing the second argument x ∈ A) g  δ ∩ δ0 = g0  δ ∩ δ0 . proof: The proof is by ∈-induction on the first ordinal δ. Fix δ 0 and a δ 0 approximation g 0 . Suppose, inductively, for every β ∈ δ and every β-approximation h we have h  β ∩ δ0 = g0  β ∩ δ0. Then suppose ξ ∈ δ ∩ δ 0 . Then α ∈ ξ → α ∈ δ ∩ δ 0 . Observe also that if g is a δ-approximation it is also a ξ-approximation. Thus, for every x ∈ A, by induction hypothesis g(ξ, x) = G(ξ, x, (g  ξ, x)) = G(ξ, x, (g 0  ξ, x)) = g 0 (ξ, x) Therefore, g(ξ, x) = g 0 (ξ, x) for every ξ ∈ δ ∩ δ 0 which is what we wanted to prove.

Lemma 2.12 Fix G and A as above. Then, for every ordinal δ there is a δ-approximation. proof: By induction: we assume ∃hDAG (h, β, A) for smaller ordinals β, that is to say, for every ordinal β in δ we have a function h with domain β × A satisfying for every ξ ∈ β and x ∈ A h(ξ, x) = G(ξ, x, (h  ξ, x)). Then define the ternary relation ϕ by (5)

def

ϕ(β, x, y) ≡ β ∈ δ ∧ (∀h)(DA(h, β, A) → G(β, x, (h  β, x)) = y). 12

It is easy to check that ϕ is functional (by the preceding lemma two different witnesses h and h 0 to the existential quantifier would agree on δ), and has domain δ. So let f (x) = y ⇐⇒ ϕ(β, x, y) It is easy to show by induction now that f agrees with every γ-approximation for γ ∈ β so f  β, x = h  β, x whence f (β, x) = G(β, x, (f  β, x)) and is therefore a δ approximation. Now let U (δ, x, y) be the result of ∀β quantification of the right hand side of (5). U is the formula whose existence is asserted in (3), which proves theorem (2.9). Of course our foundation axiom allows us to make inductive definitions directly on the structure of sets. Lemma 2.13 Let A and B be sets, g a function from A × (A × P (B)) to B. Then there is a unique function f : A → B satisfying ∀x ∈ A f (x) = g(x, f  x) The proof is a straightforward induction, and left to the reader. See remarks after def. (2.19) about induction on other kinds of relations. We will repeatedly make tacit use of the preceding results in our definitions. For example, we are now able to define, constructively, a unique rank function, as in classical set theory. def

Definition 2.14 For any set x we define rk(x) ≡ def

S

{rk(y) + 1 : y ∈ x}

Recall that x + 1 ≡ x ∪ {x}. This definition is justified by lemma (2.13) for x a member of any set A and, letting π1 denote right projection, [ g(x, z) = {π1 u ∪ {π1 u} : u ∈ z} One must then show that the value of rank(x) is independent of the choice of A. The details are left to the reader. Lemma 2.15 (∀x)rk(x) ∈ ON S Proof: Recall that α ∈ ON S → α + 1 ∈ ON . Also, if x is a set of ordinals ⇒ x is an ordinal. For, suppose w ∈ v ∈ r ∈ x. Then z. Therefore v must S w ∈ v ∈ r ∈ z ∈ x for some ordinal S be a member of z, and hence v ∈ x and w ∈ r. This shows that x transitive and that r is S transitive, but then x is an ordinal. S Now suppose (∀y ∈ x)rk(y) ∈ ON . Then rk(y) + 1 ∈ ON and {rk(y) + 1 : y ∈ x} ∈ ON so, ((∀y ∈ x)rk(y) ∈ ON → rk(x) ∈ ON ) and by ∈-induction, (∀x)rk(x) ∈ ON . Lemma 2.16 ∀α ∈ ON rk(α) = α. Proof: Suppose ∀β ∈ α rk(β) = β (Recall that β ∈ α ⇒ β ∈ ON ) Then, if β ∈ α we have β ∈ β + 1 so β ∈ rk(α). Suppose β ∈ rk(α). Then β ∈ γ + 1 for some γ ∈ α forcing β ∈ γ or β = γ. But then β ∈ α. Hence rk(α) = α. With the Powell ordinals we are also able to define a constructive analogue of the ranked “standard model” of set theory. Definition 2.17 (The Von Neumann Hierarchy) The formula V , the Von Neumann universe of sets, is defined in terms of the stratified or ranked levels V α in the same spirit as classical ZF: [ Vα = {P(Vβ ) : β ∈ α} [ V = {Vα : ON (α)} 13

Strictly speaking V is a unary formula satisfying V (x)

⇐⇒

∃αON (α) ∧ V (α, x)

where V (α, x) is a formula whose existence is guaranteed by the inductive definability theorem (2.9) with V (α, x) ⇐⇒ ϕG (α, x, {hβ, xi : β ∈ α ∧ V (β, x)}) S def and where ϕG (α, x, y) ≡ x ⊆ (ˆ π∗ (y)) ,with π ˆ∗ (y) = {π3 z : z ∈ y} and π3 (ha, b, ci) = c. There is a well-defined notion of rank associated with this hierarchy, namely the function rk(x) we just saw:

Lemma 2.18 (∀x)x ∈ Vrk(x)+1 S Proof: Say (∀y ∈ x)y ∈ V Srk(y)+1 i.e., y ∈ {P(Vβ ) : β ∈ rk(y) + 1}. Then y ∈ P(Vβ ) for some such β. But rk(y) + 1 ⊆ {rk(z) + 1 : z ∈ x} = rk(x) so β ∈ rk(x). Therefore [ y ∈ {P(Vβ ) : β ∈ rk(x)} = Vrk(x) . But then we have shown x ⊆ Vrk(x) , hence x ∈ P(Vrk(x) ) ⊆ Vrk(x)+1 . Thus in IZF we can prove ∀x∃α(ON (α) ∧ x ∈ Vα ), which is to say everything in the universe is ranked . A few more nice facts (left to the reader to prove): 1. Vα is transitive. 2. x ∈ Vα → rk(Vα ) ∈ Vα 3. α ⊆ Vα ∩ ON = rk(Vα ) but the containment is, in general, strict: IZF` (2 = V2 ∩ ON ) → LEM. (take {0dϕ} ⊆ {0} so {0dϕ} ∈ V2 ∩ ON but if {0dϕ} ∈ 2 then = 0 or 1 and we can decide ϕ!) This makes development of an analogue to G¨ odel’s L not so straightforward. This property (α = Vα ∩ ON ) is usually a key part of proving that the constructible sets L are a model of the Axiom of Constructibility (see e.g. Kunen’s [67], or Devlin’s [24]). However, recently, R. Lubarsky has shown that V = L in intuitionistic L [75]. T 4. rk(x) = {α : x ∈ Vα+1 } Exercise: IZF6` ∀α ∈ ON (0 ∈ α + 1) (trivial if you use counterexamples above, but where does the induction argument break down?) Definition 2.19 A well-founded relation on a set A is a binary relation that is inductive on A, i.e., ∀X ⊆ A[∀x ∈ A((∀y < x)y ∈ X → x ∈ X) → A ⊆ X] The following facts are easily established using arguments like those just given for ∈. • The existence of < -minimal elements for well-founded order relations < gives LEM. • A well-founded < -relation has no infinite descending chains. • There is a unique rank function ρ< , such that for each x in A [ ρ< (x) = {ρ< (y)+ |y < x} 14

def

The rank of any , ⊥i with finite meets, joins, top and bottom elements satisfying (33). The pre-order is sometimes denoted `. Another concept that will prove useful is that of a partial equivalence relation, (a PER), which has found extensive use in theoretical computer science, to interpret types in the polymorphic lambda calculus and in dependent type theories. Definition 5.2 Let X be a set. A partial equivalence relation (or PER) R on X is a symmetric, transitive relation, i.e., equivalence relation on a subset of X. The domain of R is the set {x ∈ X : xRx}. Definition 5.3 A cHa W or complete Heyting algebra Ω is a Heyting algebra with a join or supremum operation defined forWarbitrary subsets D of the carrier set. Equivalently, a cHa is a complete lattice satisfying the ∧ -distributive law _ _ a ∧ ( D) = {a ∧ d : d ∈ D}. with implication given by a→b=

_

{x : x ∧ a ≤ b}.

as the reader can check (or see e.g. [57] for a proof). Recall that in a Boolean algebra, i.e. a complemented distributive lattice, the complement a ¯ of an element a (the unique element x satisfying a ∨ x = > and a ∧ x = ⊥) is the largest member disjoint from a _ a ¯ = {x : x ∧ a ≤ ⊥} where ⊥ is the least member of the algebra. Thus a ¯ = a → ⊥. However, in a cHa, we no longer have a ∨ (a → ⊥) = >. Thus a → ⊥ is sometimes called a “pseudocomplement”, and a → b a relative pseudocomplement. Perhaps the most important example of a cHa is afforded by topological spaces hX, O(X)i consisting of a set X together with a collection O(X) of subsets of X satisfying • φ ∈ O(X) and X ∈ O(X). • O(X) is closed under finite intersections and arbitrary unions.

34

Members of O(X) are called open subsets of the topology. W S If X is a topological space then the collection O(X) of open subsets of X is a cHa with as , ∧ as ∩, the order given by inclusion, and U1 → U2 = Int(U1 ∪ U2 ). where for any subset A, Int(A), the interior of A, is defined by [ {U ∈ O(X) : U ⊆ A}. There are a number of categories associated with cHa’s, depending on the properties one wishes morphisms to preserve. The category of W frames has cHa’s as objects and, as morphisms, functions preserving the order relation, ∧ and . The category of locales is the opposite category: it has the same objects, but a frame morphism from A to B is regarded as a locale morphism from B to A. (In the case of topological cHa’s, the former category corresponds to open maps and the latter continuous maps). The cHa semantics developed in this section is fully constructive, and formalizable in IZF. We must take a little care, from a constructive point of view, to show that a given Heyting algebra is indeed complete. Even finite Boolean Algebras are not necessarily complete constructively. As some of the examples studied in the first section may suggest, one cannot prove in intuitionistic logic that the two element lattice {>, ⊥} is complete. (Its completeness implies the schema ¬P ∨ ¬¬P , but is not quite as strong an assertion as the full scheme of the excluded middle LEM. See e.g. [32] pp. 313-314).

5.2

Logic in a cHa, Ω-sets

Let K be a Kripke model over some language. A natural topology on K is given by taking all upwards closed sets O(K) = {S ⊆ K : ∀x ∈ S∀y ∈ K y ≥ x → y ∈ S}. The monotonicity property of Kripke models guarantees that for any sentence θ, the set [[θ ]] = {p ∈ K : p θ} is an open set in this topology. θ is true in K iff it is forced at all nodes, i.e. iff [[θ ]] = K. Sentences forced only at some nodes, will have [[θ ]] a proper subset of K. Thus the cHa O(K) is an object of truth values for the model, with the maximal set K playing the role of >. It is easily checked, for example, that [[A ∧ B ]] = [[A ∨ B ]] =

(34) (35)

[[A ]] ∩ [[B ]] [[A ]] ∪ [[B ]]

[[A → B ]] =

[[A ]] ⇒ [[B ]]. S If K has a growing domain, elements d ∈ D ≡ K D(p) will have a “degree of existence” or extent given by Ed = {p ∈ K : d ∈ D(p)}. The reader can think of this example as motivating the following definition.19

(36)

Ω-set Semantics Definition 5.4 Let Ω be a cHa. An Ω-set A = hA, Ω, [[· = · ]]i consists of a set A together with a cHa-valued partial equivalence relation [[ ]] : A × A → Ω (whose action is usually denoted [[x = y ]]) satisfying symmetry and transitivity: [[x = y ]] = [[y = x ]]

[[x = y ]] ∧ [[y = z ]] ≤ [[x = z ]].

and

19 This

definition, in the case of topological cHa’s, predates Kripke’s semantics by more than a decade. It was proposed by Tarski and McKinsey’s in the 1940’s [85, 23]

35

It will be convenient to define the extent of a member a of A to be [[a = a ]] and a singleton to be a map s : A → Ω satisfying s(a) ∧ [[a = b ]] ≤ s(b)

and

s(a) ∧ s(b) ≤ [[a = b ]].

There is a natural induced notion of weak equality, or equivalence [[a ≡ b ]] defined by (Ea ∧ Eb) ⇒ [[a = b ]]. We now show how to interpret first order logic in an Ω set. We consider models over arbitrary languages and then consider the case of IZF. First some preliminaries. Let V be a set of variables and A the set of atomic formulas over L . Definition 5.5 If D is a set, a function η : V → D is called a D-environment. The set of D-environments will be denoted ED . Let hA, h· h = ·i ii be an Ω-set. Then an n-ary Ω-relation R is a mapping R : D ×···×D → Ω satisfying ^ ha h i = biii ∧ R(a1 , . . . , an ) ≤ R(b1 , . . . , bn ) ^ R(a1 , . . . , an ) ≤ ha h i = aiii A n-ary Ω-function f : M → N from an Ω set M to another N is an n-ary function on the underlying sets satisfying, for every a in M hF h a = F ai i ∧ ha h = bi i ≤ hF h a = F bi i and hF h a = F ai i ≤ ha h = ai i An Ω function is total if the last inequality is replaced by equality. Now we define interpretations. Fix a language L , and once again, let hA, h· h = ·i ii be an Ω-set. Definition 5.6 An Ω-Interpretation D = hD, Ω, [[. ]], ηi for the language L consists of a set D, a D-environment η and a meaning function [[. ]]η which assigns an Ω-relation [[R ]] to each relation symbol R in L , and an (n-ary) Ω-function [[F ]] from D to D for each (n-ary) function symbol F in L (in particular it assigns values [[c ]] ∈ D to constant symbols c). An Ω-interpretation is called total if it assigns only total functions to function symbols in the language. An Ω-interpretation assigns values [[t ]]η in D for every open term t over the language L and truth values [[A ]]η ∈ Ω as follows: terms: def

• [[c ]]η ≡ [[c ]] for constants c def

• [[x ]]η ≡ η(x) for variables x def

• [[F (t1 , . . . , tn ) ]]η ≡ [[F ]]( [[t1 ]]η , . . . , [[tn ]]η ) formulas: For atomic formulas we have def

• [[R(t1 , . . . , tn ) ]]η ≡ [[R ]]( [[t1 ]]η , . . . , [[tn ]]η ) def

• [[t1 = t2 ]]η ≡ hh [[t1 ]]η = [[t2 ]]ηii

36

For nonatomic formulas: (37)

[[A ∧ B ]]η

=

[[A ]]η ∧ [[B ]]η

(38) (39)

[[A ∨ B ]]η [[A → B ]]η

= =

(40)

[[(∃x)A(x) ]]η

=

[[A ]]η ∨ [[B ]]η [[A ]]η ⇒ [[B ]]η _ [[A(x) ]]η[x/d]

d∈D

(41)

[[(∀x)A(x) ]]η

^

=

[[A(x) ]]η[x/d]

d∈D

where, if η is an environment, d ∈ D and x ∈ V , we define the environment η[x/d] by  η(y) if y 6≡ x η[x/d](y) = d if y ≡ x We say a sentence A is true in the Ω-interpretation D D |= A if [[A ]]η = >. A formula A is valid if for every Ω interpretation D we have D |= A. We write this |= A. If Γ is a set of sentences, we write Γ |= A if for every Ω-interpretation in which all sentences in Γ are true A is also true. Theorem 5.7 (Soundness and Completeness) Γ ` A

iff

Γ |= A.

The proof of soundness is is a straightforward induction. One can prove completeness (in a classical metatheory) by showing that each Kripke model gives rise to an elementarily equivalent O(K)-interpretation, where O(K) is the topology discussed at the beginning of section (5.2), and using the completeness of Kripke semantics. Completeness can also be established directly by building a Lindenbaum algebra for a given theory (which is a Heyting algebra with some infinite suprema and infima but not all), and then embedding it in a cHa in a way that preserves all meets and joins. We refer the reader to e.g. chapter 13 of [118] for details. Ω-set semantics for set theory As with models for classical set theory, we can extend the notion of Ω-interpretation to proper class domains (i.e. predicates) D ≡ V (Ω). As with the class-models V (ω) and V (P ) we defined for realizability and Kripke forcing, we will write d ∈ D to mean D(d) and think of the “extension” of D as a domain of interpretation. Definition 5.8 Let Ω be a cHa. We now define the Ω-hierarchy of ranked universes V (Ω) α and W (Ω)α for each ordinal α. (42)

W (Ω)α

def



[

V (Ω)β

β∈α

(43)

V (Ω)α

(44)

V (Ω)

def



def



{f : W (Ω)α → Ω} [ V (Ω)α α∈ON

Observe that the last line defines the formula V (Ω)(x) to be (∃y)(ON (y) ∧ V (Ω)y (x)) where V (Ω)α is defined by transfinite induction in IZF. 37

Truth in V (Ω) We now define by simultaneous induction an interpretation [[· ]] mapping atomic formulas to Ω. Let b, a ∈ V (Ω). (45) (46)

[[b ∈ a ]] [[b = a ]]

def



def



_

^

{ [[b = x ]] ∧ a(x) : x ∈ dom(a)} { [[x ∈ b ]] ↔ [[x ∈ a ]] : x ∈ dom(a) ∪ dom(b)}

Sentences are now interpreted as with ordinary Ω-interpretations (37-41). (47)

[[A ∧ B ]]

=

(48) (49)

[[A ∨ B ]] [[A → B ]]

= =

(50)

[[(∃x)A(x) ]]

(51)

[[(∀x)A(x) ]]

[[A ]]∧ [[B ]]

[[A ]]∨ [[B ]] [[A ]] ⇒ [[B ]] _ = { [[A(d) ]] : d ∈ V (Ω)} ^ = { [[A(d) ]] : d ∈ V (Ω)}

Note that this definition is formalizable in IZF: by the axiom of separation { [[A(d) ]] : d ∈ V (Ω)} i.e. {x ∈ Ω : ∃d V (Ω)(d) ∧ x = [[A(d) ]]} is a subset of Ω. Since Ω is a cHa, this subset has a supremum and an infimum in Ω. Definition 5.9 Given a cHa Ω, and a closed formula ϕ in the language of IZF, we say the formula is true in the Ω-set interpretation, and write V (Ω) |= ϕ iff >Ω ≤ [[ϕ ]]. We write |=Ω ϕ to mean ϕ is true in every Ω-set interpretation. The following theorem can be established within IZF as a metatheory, along the lines of the soundness proof in section (4). Theorem 5.10 Let ϕ be a closed formula in the language of IZF. Then IZF ` ϕ

⇒ |=Ω ϕ

Scott-presheaves Definition 5.11 Let Ω be a cHa. A Scott-Ω-presheaf A is a triple hA, E, i consisting of a set A, and maps of extent E : A → Ω (whose action on a member a of A is written Ea), and of restriction : A × Ω → A satisfying, for all a ∈ A and all p, q ∈ Ω. 1. a  Ea = a. 2. (a  p)  q = a  (p ∧ q) 3. E(a  p) = Ea ∧ p. We define equality on Scott-presheaves as follows: _ [[a = b ]] = {p : p ≤ Ea ∧ Eb & a  p = b  p} Lemma 5.12 Scott-presheaves (with the induced equality defined above) are Ω-sets, and are partially ordered by the relation def

a ≤ b ≡ a = b  Ea.

38

proof: Exercise (or see [32]). With the induced partial order just defined, we can speak of joins of subsets of a Scott presheaf. Definition 5.13 A Scott presheaf A is separated if whenever a subset B of A has a join it is unique. An Ω-set A is separated if for every a, b ∈ A [[a ≡ b ]] = >



a = b.

The reader can check that a presheaf is separated if and only of it is separated as an Ω-set.

5.3

Presheaves, Sheaves and Topoi

In the remainder of this article we assume some elementary familiarity with category theory, in particular, the definitions of functors, adjoints, (co-) products, pullbacks, (co-) equalizers, limits, natural transformations, equivalence of categories, along the lines of, e.g. the first 25 pages of [68], or chapter 1 of [77]. We use the notation Ar(A ) for the collection of arrows (or morphisms) of a category, | A | for its collection of objects. The opposite category of A is denoted A o . The - will be reserved for monic arrows and - for epics. We denote the Hom-set of notation arrows in a category C from A to B by C (A, B). We also use the terminology “x is a generalized element of A” if x is an arrow from some object C to A, and will sometimes write this x ∈C A. We will also call x “an element of A at stage C”. All categories are assumed locally small: the class of arrows from one object to another is a set. We begin with some definitions and facts that will prove useful. We refer the reader to the cited references for proofs. Definition 5.14 A category is said to be small if the class of arrows in the category is a set. If A and B are categories, the functor category A B has as objects the functors from A to B , and as morphisms natural transformations. If C is a category and A an object, then the slice category p - A in C targeted at A. A morphism between two objects C /A has as objects the arrows p q - A and - A is an arrow θ of C making the resulting diagram commute: θ @ @ @ p @ @ R

-



q

A f When C is the category Set , we can think of an object X - A in the slice category as an −1 A-indexed family {Xa : a ∈ A} where Xa = f (a). Morphisms are just maps which preserve A-indexing. Thus, up to isomorphism, objects in this category can be thought of as functors from A viewed as a category, the discrete category ( whose objects are members of A and whose - a) to Set . This observation can be made precise as morphisms are just the identities a follows. Lemma 5.15 There is an equivalence of categories Set A ∼ = Set /A. o

Set -valued functor categories Set A (and their duals Set A ) constitute an extremely important class of examples. In particular when A is a monoid (a category with only one object), a group (a monoid in which every arrow is an iso) or even an arbitrary small category, Set A is called the category of monoid actions, group-actions, or, respectively, of (right) A -sets (see [33]). These are sets X endowed with an index operator  : X →| A |, and a partial binary operation from X and Ar(A ) to X, indicated by juxtaposition xa, defined whenever the index x of x is equal to the source of a and satisfying (xa)b = x(ab). 39

Lemma 5.16 The category of left (resp. right) A -sets is equivalent to Set

Ao

(resp. Set

A

).

Given an object X in a category C , we recall that the operations A 7→ C (X, A)

A 7→ C (A, X)

and

define the covariant and contravariant Hom-functors from C to Set , whose actions on arrows are f - A0 ) in C , the morphism C (X, f ) : C (X, A) → C (X, A0 ) given by composition. Given (A ξ f ◦ξ 0 - A to X - A . C ( , X) acts contravariantly by right-composition. These takes X functors are called representable. The object X is called the representative of C ( , X) (and its dual). o

Lemma 5.17 (Yoneda) The embedding C → Set C induced by mapping an object X to the contravariant Hom-functor represented by X is a full and faithful functor (with action on arrows given by composition). If F is a contravariant functor from C to Set then there is a bijection N at(C ( , X), F ) ∼ = F (X) given by mapping α in N at(C ( , X), F ) to α(X)(IX ) which is natural in both F and X. When considering Kripke-Joyal semantics, below, we will use the fact that every natural transϕ - X and a = α(X)(IX ). formation α in N at(C ( , X), F ) acts by α(Y )(ϕ) = F (ϕ)(a) where Y We will sometimes refer to the natural transformation α by the name a ˆ. The proof is straightforward, one has to check that the given functor and bijection have the required properties. We refer the reader to [76, 33] for proofs, further discussion, and on how to make the naturality statement precise. We remark for the time being that representable functors play an important role in the categorical semantics for logic defined below, and that the preceding lemma also tells us that every category can be fully and faithfully embedded in a Set -valued functor category (hence, cf. definitions below, in a topos of presheaves). Definition 5.18 A presheaf F is a contravariant functor from a cHa Ω to Set . F is called a presheaf on X if Ω is the cHa O(X) associated with a topological space X. A morphism of presheaves λ : F → G is a natural transformation of the functors. For a given topological space X we write preSh (X) for the category of presheaves on X with presheaf morphisms. Every Scott presheaf is easily construed a presheaf and conversely. Suppose A = hA, E, i Ω is a Scott-presheaf. Define the contravariant functor FA : Ω → Set by def

FA (p) ≡ {x ∈ A : p ≤ Ex} on objects and let the action on morphisms FA (p ≤ q) = ιqp : FA (q) → FA (p) be given by ιqp (x) = x  p. The reader can check functoriality of FA . Conversely if F is a contravariant functor from a cHa Ω to Set then, letting G AF = F (p) Ehp, xi = p hp, xi  q = hp ∧ q, xi Ω

it is easily checked that hAF , E, i is a Scott-presheaf. Suppose F is a presheaf. A sheaf on X is a presheaf F : O(X)op → Set satisfying an additional glueing or compatibility property. Definition 5.19 Let F be a presheaf on X. Let U be an open subset of X, and suppose {V i : i ∈ I} is a family of open subsets of U such that [ U⊆ Vi 40

Such a family is called an open cover of U . Since F is a contravariant functor, we have, for each pair of open sets U ⊆ V a restriction map def

ιVU ≡ F (U ,→ V ) : F (V ) → F (U ) V V satisfying ιU W ◦ ιU = ιW . Now suppose that S = {si : i ∈ I} satisfies si ∈ F (Ui ) for all i. We call S a family of sections. We call S compatible if for every pair of members s i , sj in S we have U

j i ιU Ui ∩Uj (si ) = ιUi ∩Uj (sj ).

(52)

F is called a sheaf on X if given any open set U ⊆ X, any open cover of U and compatible family of sections S there is a unique section s in F (U ) of which each member in S is a restriction, that is to say, for each Ui in the cover and si in S si = ι U Ui s The sheaves on a space X form a category with natural transformations as morphisms, which we denote Sh (X). A slight generalization of the definition given above helps make the link with Kripke models precise. Definition 5.20 Let K be a partial order viewed as a category. Then a K-presheaf is a functor from K to Set , whose action on morphisms p ≤ q is is called restriction or transition ιqp : K(p) → K(q). It is straightforward to show that K-presheaves are Kripke models with transition maps ι qp : K(p) → K(q) from the domain at node p to that at node q (see e.g. [118] for a discussion of how they can be viewed as sheaves over an appropriate completion of K). Sheaves can be defined over an arbitrary category endowed with a Grothendieck topology, also called a site. This yields a generalization of Beth semantics, or of classical Cohen forcing, and plays an important role in the application of topos theory to independence results in intuitionistic and classical ZF. The details are beyond the scope of this treatment. We refer the reader to e.g. [115, 57, 33, 68] for further discussions of these notions. Definition 5.21 We say a category is finitely complete if it has finite products, a terminal object 1, (the limit of the empty diagram) and equalizers. It is finitely co-complete if the opposite category is complete, i.e. if it has an initial object, coproducts and coequalizers. A category C is said to have exponents if for each pair of objects A, B there is an object B A (also written [A ⇒ B]) and an arrow evA,B : B A × A → B which represents the Hom-set C (A, B) in the sense that, for any object C there is a unique arrow λA f , called the transpose of f making the following diagram commute. BA × A PP PP ev 6 PP Pq P λA f × I A  B 1    f  C ×A Equivalently, there is a bijection C (A × B, C) ≡ C (A, C B ) × B and B are adjoints. If f : A → B then the natural in A, B and C, that is to say, transpose of f π1 : 1 × A → B is often written d f e : 1 → B A and called the name of f . A category with finite products and exponents is called cartesian closed. 41

The definition of finitely complete is equivalent to the assertion that the category C has all finite limits. Definition 5.22 A topos is a finitely complete category with exponents and a subobject classifier, that is to say, an object Ω and a morphism >:1→Ω often called “true”, such that for every object A and subobject B χm making the following diagram a pullback

- A there is a morphism

m

m A

B

χm

!B ? 1

>

? - Ω

- A is χm is called the classifier or characteristic morphism of m. The subobject B said to be classified by χm , and is also referred to by some authors [68] as its kernel. m

Definition 5.23 (Power objects and epsilon) If A is an object in a topos E , then Ω A is called the the power object of A (and often written P A). We then define the ∈ A -relation to be the object classified by the evaluation map composed with the twist: A × ΩA

- ΩA × A

x

- A.

ev

The object classified by ev is called epsiloff (Freyd) and written 3 A . - B × C is called universal (for C) if every relation R r- A × C with f range C factors through a morphism A - B and UC , that is to say, for some morphism f the following is a pullback - UC R A relation UC

u

u

r ? A×C

? - B×C f × IC

Freyd and Scedrov give the following nice characterization of power objects and 3 “from basics” and use it as a starting point for defining topoi. Lemma 5.24 A cartesian category is a topos iff each object C has a universal relation UC

- B×C

u

in which case u is the 3C relation, and the domain B is the power object ΩC . We conclude our general discussion of topoi with a few more important results. f Lemma 5.25 In a topos every arrow A - B has an image Im(f ): a minimal subobject of B through which f factors, and a factorization e - Im(f ) A -

- B

m

with e epic and m monic (called an epi-mono factorization). The factorization is unique up to isomorphism. 42

Lemma 5.26 (Kock, Mikkelsen) Every topos is finitely co-complete. We refer the reader to [68] for a simple proof that makes use of the internal logic. Up to now, the only topos we have seen is Set . There are many others. Lemma 5.27 For any topological space X, preSh (X) and Sh (X), the categories of presheaves and sheaves on X, are topoi. A topos is said to be spatial if it is Sh (X) for some X. Not every topos is spatial (e.g. the effective topos, below). Lemma 5.28 In a topos, the set Sub(A) of subobjects of an object A, forms a cHa. The following result, due to Freyd, allows us to uniformly extend the notion of quantification, as understood in Set , to topoi, in a very general way. Lemma 5.29 (Fundamental lemma of topos theory) Every slice E /A of a topos is a topos, and the canonical functor ∆ : E → E /A preserves finite limits and power objects. Thus, in particular, the functor f # : E /B → E /A (induced by the arrow A

- B in E by pulling back) has a right adjoint.

f

The import of this lemma for interpreting quantification is discussed below.

5.4

Logic in a Topos: three views

With this machinery, we are able to interpret set-theoretic logic formalisms in a topos in several related ways that extend their conventional meaning in the category of sets, or in some of the categories we have seen, to arbitrary topoi. The first two interpret a typed language (with bounded quantification and sorts) which has been dubbed by some authors [13] local set theory. The third interprets type-free IZF, and is a straightforward generalization of the Ω set semantics of the preceding section. We briefly motivate the definitions with a look at how logic and the basic set-theoretic notions are captured in some familiar categories. Let us denote by Ωc the classical object of truth-values {⊥, >} that is to say the subobject classifier in Set . Then we recall that classical Boolean propositional operators ∗ : Ω c × Ωc → Ωc are given by: • ∧z = > ⇐⇒ z ∈ {h>, >i}. • ⇒ z = > ⇐⇒ z ∈ {h>, >i, h⊥, ⊥i, h⊥, >i}. If we think of logical predicates p, q as maps from some domain A to Ωc , and hp, qi : A → Ωc ×Ωc the canonical product map a 7−→ hp(a), q(a)i, then p ∧ q and p ⇒ q are equal as functions to ∧ ◦ hp, qi and ⇒ ◦ hp, qi. Also observe that the object classified by ⇒ (i.e. the subset it maps to >) is precisely the ≤ relation on Ωc × Ωc . We would like to define this relation in a way that does not make reference to elements of Ωc , so as to use it in an arbitrary topos. A simple characterization is suggested by the fact that ≤= {hx, yi ∈ Ωc × Ωc : x = x ∧ y} i.e. ≤ is the largest subset of Ωc × Ωc on which left projection and conjunction agree, hence the equalizer of the corresponding arrows. Observe that bounded universal quantification maps an open formula p defined on some domain B × A to a new formula ∀x∈A p : B → Ωc . Its action can be captured algebraically by defining ∀A : Ω c A → Ω c 43

to be the characteristic function of the singleton set {A} ∈ ℘(A), and observing that ∀A ◦ λ B p : B → Ω c is the characteristic function of {b ∈ B : {a ∈ A : p(b, a)} = A}, that is to say, it is precisely the predicate ∀x∈A p(x, y) (where y ranges over B). Logical Connectives as Adjoints There is another perspective on the interpretation of logic in a topos, due to Lawvere, which is of independent interest because it generalizes to categories with less than the full structure of a topos and has played a fundamental role in categorical formulation of type theory and of realizability-style semantics. We have already seen how ∧ and → can be viewed as adjoints in a cHa (this adjunction is expressed in (33)). We can do the same for universal and existential quantification in a topos. Let p be a predicate on B × A, i.e. a member of Ωc B×A . As we remarked before, quantification over A is a map from Ωc B×A → Ωc B . We can view it as an operation induced by the projection π : B × A → B, as follows. In the foregoing discussion in Set we identify the set of characteristic functions Ωc X with the power set ℘(X). Let ℘ be the contravariant power set functor from Set to itself mapping sets to their power sets, and functions f from X to Y to the map f ∗ : ℘(Y ) → ℘(X) given by Z - f −1 (Z). Then its action on π gives rise to a map π ∗ : ℘(B) → ℘(B × A) which is a covariant functor if we view power sets as categories (with objects the members of the power set and morphisms given by inclusions). The reader can easily check that ∀A : ℘(B ×A) → ℘(B) as defined above, or, equivalently, by ∀A (Z) = {b ∈ B : ∀a ∈ A hb, ai ∈ Z} is a right adjoint to π ∗ . A left adjoint also exists: ∃A : ℘(B × A) → B given by ∃A (Z) = {b ∈ B : ∃a ∈ A hb, ai ∈ Z}. The interest of this construction it that it can be generalized considerably. First, we can replace π by any function f : X → Y and define quantification along f by adjunction to the induced functor. f Theorem 5.30 If X - Y is an arrow in any topos E , the induced functor on power objects ∗ Y X f : Ω → Ω has left and right adjoints:

∃f a f ∗ a ∀ f . The construction mimics the definitions of quantification given above. The definition of the right adjoint is given below, in the discussion of the Mitchell-Benabou language. The construction of ∃f is also straightforward. See e.g. [77] for details. We will also make use of the following property which holds in any topos. Lemma 5.31 (Beck-Chevalley conditions) If q is a subobject of D in a topos E and the diagram on the left is a pullback then the one on the right commutes A

g

ΩB

f

g∗ - A Ω

∃p

p

m ? C

- B

? ΩD

? - D

as does the dual diagram for ∀f . 44

∃m

f∗

? - ΩC

The ∃-condition is sometimes called “Frobenius reciprocity”. Corollary 5.32 If B

- C is a subobject in a topos, then ΩB

m

- ΩC is monic.

∃m

proof: Apply the Beck-condition lemma to the pullback diagram

B ===== B w w w w m w ? - C B m and observe that m∗ ◦ ∃m = IΩB . Instead of carrying these constructions out with the power-set functor in a topos, we can take any category with pullbacks, and let f ∗ be the so-called change of base functor on the slice categories C /Y → C /X given by pulling back along any f : X → Y - A

f # (A) f # (α)

α

? X

f

? - Y

When they exist, the corresponding adjoints Σf a f # a Π f . constitute a pair of generalized quantifiers in the category. Σf will always exist if C has pullbacks. The existence of Πf is guaranteed if C is LCC, or locally cartesian closed: every slice is cartesian closed. By the fundamental lemma (5.29) every topos is LCC, and admits this interpretation of quantifiers. But so do other categories. This adjoint situation is the starting point for the so-called hyperdoctrine formulation of logic over an indexed category, used for interpreting dependent type theories, and further discussed below in section (5.5). Connectives in an arbitrary topos By analogy with the preceding discussion in Set , we can define the logical connectives ∧, →, ∀A as classifying arrows on suitable domains. Definition 5.33 Let E be a topos and Ω its subobject classifier. - Ω is the classifier of 1

h>,>i

- Ω is the classifier of
A e

Ω).



π0

- ΩA of the arrow >A ≡ A

- 1

!A

- Ω.

>

The reader should compare these definitions with the characterizations of logical connectives in Set , above. In particular, ∀A is defined in essentially the same way: it is the classifier of the arrow that “names” the subobject {A} of the power set ΩA . 45

5.4.1

The Mitchell-Benabou Language

Let E be a topos. We define the internal Mitchell-Benabou language of E to be given by the following types and terms: types There is type A for each object A of E (we identify the two classes notationally from here on). Thus, the class of types includes, amongst many others, 0 and 1 (initial and terminal object), Ω, and for each pair of types A and B, the types A × B, B A . terms • For each type A, variables of type A: x, y, z . . . We indicate type membership by writing x : A (and distinguish terms from morphisms by displaying source-target information with a labeled arrow for the latter). • ~ : 1 and > : Ω • if a : A and b : B then ha, bi : A × B. We can express this as the familiar rule a:A b:B ha, bi : A × B • t:A u : BA u(t) : B - B in E and each term t : A there is a term τ ◦ t : B. τ • For each arrow X×A - B in E and each variable x : A there is a term λx : A.τ : B A , in which x is a bound variable.

• For each arrow A

τ

In addition there are certain terms of type Ω called predicates or formulas. formulas • t:A t0 : A t = t0 : Ω • t:A u : ΩA t∈u:Ω • If p and q are formulas then so are p ∧ q, p ∨ q, p ⇒ q, ¬p. If p is a formula with the variable x free, and if A is a type, then ∀x∈A p, ∃x∈A p are formulas, with the variable x bound. We will also speak about the term {x : p(x)} : A for x a variable of type A and p a formula with x free in p.20 All terms t(x1 , . . . , xn ) : B with free variables among the x1 , . . . , xn of [[t ]] - B where types A1 , . . . , An , respectively, have an interpretation [[t ]] in E as arrows A A = A1 × · · · An , as follows: • If x is a variable of type A then [[x ]] is A

IA-

A.

20 Many authors (e.g. [58, 68]) call this a term of type Ω A . See the comments following the definition of its interpretation.

46

• If U • If A • If T

- A and V

[[b ]]

- B then [[ha, bi ]] is U × V

- B and B

τ

- A and U

[[u ]]

[[a ]] [[t ]] [[t ]]

- A × B.

[[a ]]× [[b ]]

- C then [[τ ◦ t ]] is just the composition A

- B

[[t ]]

- C.

τ

- B A then [[u(t) ]] is U ×T

- A × BA

[[t ]]× [[u ]]

- B

ev

• For (λx : A.τ ) : B A as above [[λx : A.τ ]] is the transpose (see def. 5.21) X

- BA.

λA τ

Atomic formulas (with the types and constituents given above) have the following interpretation, [[t ]] [[t0 ]] ]] - A and V [[uΩA : for U - A, V (53)

[[t = t0 ]]

is

U ×V

(54)

[[t ∈ u ]]

is

U ×V

- A×A

δ¯A

- A × ΩA

ev◦x

[[t ]]× [[t0 ]] [[t ]]× [[u ]]

- Ω - Ω

where x is the twist map hπ1 , π0 i : A × ΩA - ΩA × A, and where δ¯A classifies the diagonal δA [[p ]] [[q ]] A - A × A. If p and q have the interpretation A - Ω and B - Ω, compound formulas are interpreted as follows. [[p ∧ q ]] is A × B

(55)

[[p ⇒ q ]] is A × B

(56) If B × A

- Ω×Ω



- Ω×Ω



[[p ]]× [[q ]] [[p ]]× [[q ]]

- Ω

- Ω

- Ω then [[∀x∈A p ]] is

[[p ]]

B

- ΩA

[[p ]]

- Ω.

∀A

where, we recall that [[p ]] is the transpose (see 5.21) of [[p ]]. The remaining formulas can be viewed as derived expressions via the standard “second-order” coding (57)



(58)

¬p

(59)

p∨q

(60)

∃x∈A p(x)

def



def



def



def



∀t∈Ω t p⇒⊥ ∀t∈Ω (((p ⇒ t) ∧ (q ⇒ t)) ⇒ t) ∀t∈Ω (∀x∈A (p(x) ⇒ t) ⇒ t)

or via the corresponding compositions ¬◦ [[p ]], ∨◦( [[p ]]× [[q ]]), and ∃A ◦(λA p) along the lines just given using the corresponding HA-operations of the subobject lattice (see e.g. [58, 77, 68, 40, 84] for further discussion). If p(x) is a formula with a free variable of type A then [[{x : p(x)} ]]

is the subobject of A classified by p.

We warn the reader that many authors define {x : p(x)} in such a way that its meaning in a topos E is the name of the arrow [[{x : p(x)} ]] we have defined above, and hence a (unique) - ΩA . However, we prefer to follow the convention of e.g. [77] in keeping the member 1 meaning of {x : p} as close to its “familiar” set-theoretic meaning as a subobject of the domain of [[p ]]. But it is unique only up to isomorphism, and best thought of as an equivalence class of subobjects. In Set we are able to select a preferred representative of the class of subobjects of - A, namely the one that is mapped to A by inclusion. But a set A isomorphic to some B not all topoi admit a notion of canonical subobject making this possible (see [68, 33, 30] for a discussion of canonical objects in categories ). 47

Generalized elements and substitution In Set there is a one to one correspondence bea tween members of an object A and the set of arrows 1 - A, called the global elements of A. In a topos, it might seem that these arrows are reasonable candidates for capturing the notion of “element” categorically. We then think of a composition 1

- A

a

- B

f

as analogous to the set-theoretic “f of a”. But a weak point in the analogy is that the behavior of f on global elements does not determine f in an arbitrary topos: the following diagram may commute for every global element a 1

- A

a

B

f

g

without f = g. (A topos in which global elements suffice to determine equality of arrows is called a well-pointed ). It is therefore necessary to consider generalized elements C - A as well.

f - B can be thought of as defining a function with Following this analogy, any arrow A an indeterminate argument x of type A and the composition

C

- A

a

- B

f

as substitution f [a/x]. We will also call a formula p with interpretation A A. 21

- Ω a formula on

[[p ]]

Truth in a topos Now we can define what it means for a formula in the internal language of a topos E to be true in E (or true “in the internal logic of E ”). Definition 5.34 Let p be a formula, with interpretation A

- Ω

[[p ]]

- A. Then we say that p is true in E , and write E |= p if [[p ]] classifying the object P factors through “true”, i.e. if the following diagram commutes. A ========= A !A ? 1

[[p ]] > - ? Ω

- P Equivalently, [[p ]] = >◦!A . Notice that if this holds, there must be a unique map A through which IA factors, which asserts, in topos terms, that “the subobject of A on which p holds is A itself”. 5.4.2

Kripke-Beth-Joyal Semantics

A look at the diagram in def. (5.34) suggests that the definition of truth in E can be localized, much in the spirit of Kripke semantics, by replacing A in the upper left corner by one of its subobjects. 21 For a categorical treatment of variables in terms that captures more of their “true role” in logic, the reader should consult [68], who define polynomial categories C [x] in an indeterminate arrow, in an analogous manner to e.g. polynomial rings.

48

a Definition 5.35 Suppose p(x) is a formula as above and C - A is a generalized element of A (i.e. an arrow with target A) in a topos E . Then we define the forcing relation in E by

(61)

C p[a/x]

[[p ]] ◦ a = >◦!C .

iff

Note that since {x ∈ A : p(x)} is the pullback of (> along) [[p ]], the above condition is equivalent a - A factors through {x ∈ A : p(x)}. It also follows immediately that a to saying that C formula (with interpretation given above) is true in E iff it is forced by every every generalized IA a element C - A iff it is forced by the “generic element” A ==== A. One can now show that the forcing relation behaves much like Beth or Kripke forcing. Lemma 5.36 Suppose p is a formula, with interpretation A in E and let C

- A be an arrow in E .

a

monotonicity: If D covering: If D

- Ω

[[p ]]

- C and C p[a/x] then D p[ac/x].

c

c - C is epic and D p[ac/x] then C p[a/x]. We also have:

C p[a/x] iff E |= ∀y∈C p[ay/x]. a Theorem 5.37 Suppose C - A is a generalized element of A and p and q are formulas (on A) with a free variable x. Then

∧: C p[a/x] ∧ q[a/x] iff C p[a/x] and C q[a/x] ∨: C p[a/x] ∨ q[a/x] iff there are arrows u : U → C and v : V → C such that U + V and C p[au/x] and C q[av/x].

- C whenever D p[ac/x] then D q[ac/x].

c

⇒ : C p[a/x] ⇒ q[a/x] iff for every D ¬: C ¬p[a/x] iff for every D

- C

[u,v]

- C whenever D p[ac/x] then D ∼ = 0.

c

Suppose p is a formula with free variables x of type A and y of type B, with interpretation [[p ]] A × B - Ω. Then ∃B : C ∃y∈B p[a/x] iff there is an epic D that D p[ac/x, d/y]. ∀B : C ∀y∈B p[a/x] iff for every D p[ac/x, d/y].

c - C and a generalized element D

- C and every generalized element D

c

- B such

d

- B, D

d

proof: (See e.g. [77, 68], whose development we follow for the remaining discussion of KripkeJoyal semantics). If instead of considering an arbitrary topos one considers a topos of presheaves or sheaves, the forcing clauses become quite a bit simpler. For example, consider the case E = Set C . Then objects (hence “nodes” forcing sentences) are functors F : C → Set . But it suffices to restrict attention, in Kripke-Joyal semantics, to a generating set of objects.

49

Definition 5.38 A class C of objects in a category E is said to generate E if every pair of arrows in E f

A

g

-B

x are equal if and only if for every C ∈ C and every C - A we have f x = gx. In other words, equality is determined by actions on generalized elements from C .

Thus, in a well-pointed Topos, {1} generates. It is easily shown that generalized elements from a generating class of objects determine truth in E . [[p ]] Lemma 5.39 Let p(x) be a formula with interpretation A - Ω, and suppose C generates E . a Then p is true in E iff for every C ∈ C and C - A we have C p[a/x]. a The proof is immediate: if p is forced on a generating set, then [[p ]] ◦ a = >◦!C for any C - A with C in C . But then for all such a, [[p ]] ◦ a = >◦!A ◦ a hence [[p ]] = >◦!A which is the definition of p true in E . In a presheaf topos, the representable functors E (C, ) form a generating set, for if two arrows λ, ν : F → G in E = Set C disagree then for some object A of C and some element a ∈ F (A) they must differ: λ(A)(a) 6= ν(A)(a). By the Yoneda lemma (5.17) there is a natural transformation a ˆ : C (A, ) → F such that a ˆ(A)(IA ) = F (IA )(a) = a, so λ(A)(a) = λ(A)(ˆ a(A)(IA )) = (λ ◦ a ˆ)(A)(IA ) so λ ◦ a ˆ and ν ◦ a ˆ disagree, with the source of a ˆ representable. We now apply Yoneda again to note that for each representable functor C (C, ) and each generalized element λ : C (C, ) → F in E , there is a unique representative a ∈ F (C) such that λ = a ˆ with a ˆ satisfying a ˆ(C)(IC ) as in the preceding paragraph. Thus we can think of the “nodes” of the associated Kripke-Joyal interpretation as objects C of C and generalized elements a ˆ as images C (C, ) - F of members a ∈ F (C). Thus, for objects C of C , we write C p to mean C (C, ) p. With this revised notation, some of the clauses become much simpler.

Lemma 5.40 Let E be the topos Set

C

, and the Kripke-Joyal forcing relation for E .

∧: C p[ˆ a/x] ∧ q[ˆ a/x] iff C p[ˆ a/x] and C q[ˆ a/x] ∨: C p[ˆ a/x] ∨ q[ˆ a/x] iff C p[ˆ a/x] or C q[ˆ a/x] - D whenever C p[ˆ ⇒ : C p[ˆ a/x] ⇒ q[ˆ a/x] iff for every C a[k]/x] then C q[ˆ a[k]/x], where [k] is the induced C (k, ) : C (D, ) → C (C, ). k

Suppose p is a formula with free variables x of type A and y of type B, with interpretation [[p ]] A × B - Ω. Then ∃B : C ∃y∈B p[ˆ a/x] iff there is a generalized element C (C, )

ˆ b

- G such that C p[ˆ a/x, ˆb/y].

The simplified existence and disjunction clauses follow from the fact that each representable functor in Set C is an indecomposable projective. An object C in a category is indecomposable if whenever it is the target of an epic arrow A+B

- C

[h,k]

with [h, k] the canonical co-product map induced by a pair of maps from A and B into C, one h e - C, B k- C is epic. It is projective if every epic D - C has a splitting, i.e. a of A f left inverse C - D with f ◦ e = ID . (A simple example of an indecomposable is the open set 50

p ↑≡ {q : q ≥ p} in the topology O(K) of upward closed subsets of a Kripke model. Such an open set is generated by a “point” p ∈ K and has the property p ↑⊂ O1 ∪ O2 ⇒ p ↑⊂ O1 or p ↑⊂ O2 , which is not satisfied by an arbitrary open U in place of p ↑. If the reader translates this o condition to the opposite category O(K) , it gives the indecomposability of p ↑). In case C is just a partial order viewed as a category, the Kripke-Joyal clauses reduce essentially to ordinary Kripke semantics (for local set theory) We refer the reader to [68] for details. 5.4.3

The Fourman-Hayashi interpretation of IZF

We now define a topos-theoretic semantics for IZF which extends the forcing and Ω-set semantics that were developed in earlier sections. We interpret the untyped, global, first order language of set theory, with unbounded quantification, by means of the same sort of ordinal induction over ranked universes we used before. This interpretation was developed by Fourman (who applied it to Fraenkel-Mostowski permutation models in [31]) and (in an essentially equivalent way) independently by Hayashi [47]. It was further developed by Scedrov in [103] to obtain a number of independence results. We sketch Fourman’s development of IZF (without urelements) in a complete and co-complete topos. Here complete means that all set-indexed diagrams have limits. The problem one must address in adapting earlier type-free set theoretic interpretations is the absence of any immediately obvious analogue in an arbitrary topos of the ordinal hierarchies we have used in Set . That is to say, we must construct a model “V (E )” of IZF in a topos, which consists of ranked objects ιβ V (E )α together with maps V (E )α α- V (E )β whenever α ⊆ β. Each such V (E )α is itself a co-limit of the preceding ones. This is why such strong completeness conditions are required. As it turns out, such topoi are not hard to find: every presheaf and sheaf topos is complete and co-complete and is also locally complete: for any object A each hom-set E (A, Ω) is a cHa. A proof of these facts (and a powerful converse: Giraud’s theorem) can be found in e.g. [58]. Definition 5.41 For each ordinal α define (62)

W (E )α

(63)

V (E )α

(64)

V (E )

def



def



def



lim V (E )β

β∈α

ΩW (E ) the full subcategory of E containing the objects W (E )α , V (E )α .

We henceforth refer to these objects as Wα , Vα . Note that in particular W0 is the co-limit of the empty diagram, which is 0. Strictly speaking, the colimit Wα defined above is of a diagram consisting of all lower Vβ together with the (monic) arrows (65)



ιγ δ

- Vδ .

for γ ≤ δ, satisfying (66)

ιγδ ◦ ιδρ = ιγρ .

We denote by eα the evaluation map Vα × W α

- Ω.

To show that our construction of the Vα is well-defined, we must show, by induction, that monics (65) satisfying (66) exist. So we assume that they do for all pairs of ordinals γ ≤ δ below α and show that they do for the pair β, α, where β ≤ α. Observe that there is a natural monic ν : Wα → Wβ for α ≤ β (since Wα is the colimit of the subdiagram of Vγ below α, we obtain the 51

0

embedding as a unique map commuting with all ιγγ between the Vγ , which in a topos must be ∃ν monic). ν induces the direct image embedding ΩWα - ΩWβ which is the internal left adjoint ∗ ν - ΩWα induced by the power-object functor. By corollary (5.32) if ν is monic, so is to ΩWβ ∃ν (in fact its right inverse is ν ∗ by the proof of the same corollary). This shows, by induction, that the ιβα exist for all comparable ordinals. The objects classified by the evaluation maps eα give the local ∈-structure on each Vα . We are now able to interpret ordinal-ranked formulas at each Vα as follows. We define limited formulas to be those formulas in the expanded language of set theory containing the constants V α , built up with the connectives ∧, ⇒ , ∨, ¬ and bounded quantification ∀x∈Vα , ∃x∈Vα . A ranking is a map # : V ars → ON . A ranking is admissible for a formula ϕ if for every free occurrence of x in ϕ in a subformula of the form x ∈ Vα we have #x ≥ α. We now define an interpretation of limited formulas [[ϕ ]]~x;~α where ~x = hx1 , . . . , xn i is the sequence of variables occurring free in ϕ and α ~ = hα1 , . . . , αn i the sequence of values of a ϕ-admissible ranking # of ~x. In all cases [[ϕ ]]~x,~α is an arrow Vαa × · · · × Vαn - Ω (67)

[[x = y ]]hx,yi;hα,αi

(68)

[[x = x ]]x;α

(69)

[[x ∈ y ]]hx,yi;hα,αi

(70)

[[x ∈ x ]]x;α

(71)

[[x ∈ Vα ]]x;β

- Ω

δ

= Vα × Vα = Vα

- Ω

>◦!Vα

= Vα × Vα = Vα = Vβ

- Ω



- Ω



- Ω

χι

where ι has the appropriate sub-and super-scripts. Logical connectives are interpreted exactly as with the Mitchell-Benabou language, as are the bounded quantifiers: (72) (73)

[[∀x∈Vα ϕ ]]~x [[∃x∈Vα ϕ ]]~x

= ∀π [[x ∈ Vα → ϕ ]]hx,~xi = ∃π [[x ∈ Vα ∧ ϕ ]]hx,~xi

where some fixed ranking # is assumed, and where ∀π , ∃π are the quantifications along the projection map corresponding to the variable bound by the quantification, e.g. Vα0 × Vα1 × π · · · Vαn - Vα1 ×· · · Vαn . As with the Ω-set semantics, we define the interpretation of arbitrary formulas (with unbounded quantification) by taking suprema and infima over the subobject lattices E (D, Ω) for suitable D. (74) (75)

[[∀xϕ ]] [[∃xϕ ]]

= =

^

_

[[∀x∈Vα ϕ ]] [[∃x∈Vα ϕ ]]

Soundness of the interpretation is established in [31]. Several other interesting approaches to categorical models of IZF have appeared. Hayashi’s model [47] is based on Johnstone’s formalization [58] of the collection of transitive objects E tr within a topos. Hayashi shows how to build a model of IZF by taking filtered colimits of local models in a Grothendieck Topos. In the case of ordinal-indexed Ω set models, Hayashi’s construction gives the Ω-set interpretation defined above. An interesting reformulation of this for A -sets (see discussion prior to lemma 5.16), A any category, is developed by Freyd and Scedrov [33]. A translation is provided (similar to one due to Friedman [36] also discussed in [8]) that reduces soundness for IZF to soundness for a related non-extensional theory with a much simpler semantics, which they then use to give (for the Boolean case) simple proofs of ZF-independence of Choice and the Continuum Hypothesis.

52

5.5

PERs and the Effective Topos

We now consider a category closely linked to the realizability interpretation, which will be used to construct the effective topos. The category of partial equivalence relations, known as PER for short has played an interesting role recently in computer science applications, since it provides a natural model for polymorphism. An extensional subcategory of PER (ExPER) first defined by Freyd, Mulry, Rosolini and Scott, makes precise the denotational semantics implicit in realizability. Definition 5.42 Let A be a partial combinatory algebra. The category of PERs over A , Per (A ) has as objects, all pairs hX, Ri such that R is a partial equivalence relation on A with domain X. A pre-morphism in Per (A ) is a term e in A satisfying, for every x, y ∈ X, xRy → exSey Morphisms [e] : hX, Ri → hY, Si in Per (A ) are equivalence classes of pre-morphisms of A under the equivalence def

e ∼ e0 ≡ ∀x ∈ X(exSe0 y). Definition 5.43 Let A be a PCA (cf. def. 3.1). Then we define PA , the A -realizability pre-algebra to be the Heyting pre-algebra PA with carrier set ℘(A) and structure given by (76)

U ∧V

= {hu, vi : u ∈ U

(77) (78)

U ∨V U ⇒V

= {h0, ui : u ∈ U } ∪ {h1, vi : v ∈ V } = {t : (∀u ∈ U ) tu ↓ & tu ∈ V }

&

v ∈V}

and partial order given by U ≤ V iff there is a t in U ⇒ V (a state of affairs we sometimes t

denote by U ≤ V ). Top and bottom elements are given by A and ∅ respectively. The reader should compare this with the definitions of the ×, +, ⇒ operations for Kleene realizability given in the appendix. It should be remarked that the above definition can take place in classical or constructive set theory. Classically, P (A) is equivalent to a two element pre-algebra since for any inhabited X and any u ∈ X we have λx.u

A ≤ X. Of course, in IZF, we cannot prove that every set is inhabited or not, so each model of IZF gives a different version of P (A). The reader may take the metatheory to be classical here if he or she so desires, however. A simple construction allows us to interpret predicate logic in a realizability pre-algebra in a straightforward manner that strengthens the standard realizability interpretation of quantifiers in the appendix, and is more like the McCarty realizability of quantifiers in IZF. Let X be a set, H a realizability pre-algebra. Then we define the X-indexed pre-algebra H X to consist of all functions from X to H with logical operations defined pointwise: (79) (80)

F ∧ G(x) F ∨ G(x)

(81)

F (x) → G(x)

= F (x) ∧ G(x) = F (x) ∨ G(x) = F (x) → G(x)

top and bottom elements given by λx.>H and λx.⊥H respectively, and with the preorder given by \ F ≤G iff F (x) → G(x) 6= ∅. x∈X

The reader should note that the pre-order on functions is not given pointwise: a single realizer must work for all x ∈ X. 53

Definition 5.44 A member F of an indexed realizability pre-algebra H X is said to be realized in H if it is uniformly realized by a term in H : \ F (x) 6= ∅. x∈X

this state of affairs is denoted by H |= F

or H |= F (x)

with the understanding that the displayed variable is uniformly quantified over (by intersection). The preceding construction will in fact give us a Set -indexed family of realizability prealgebras H X . This yields a non-topos-theoretic example of a Lawvere hyperdoctrine, which we now discuss. Definition 5.45 An indexed category C consists of • a base category C • a fibre category C A for each object A of C • For each arrow A satisfying

- B in C a functor [f ] : C B → C A (called the “substitution functor”)

f

1. [IA ] : C A → C A

' (is naturally isomorphic to) the identity functor.

2. [g ◦ f ] ' [g] ◦ [f ] The two properties satisfied by [] are often called pseudofunctoriality. Definition 5.46 (Lawvere) A hyperdoctrine is an indexed category C in which • The base category is cartesian closed. • for each arrow f in the base category, the induced functor [f ] preserves cartesian structure, and has left and right adjoints ∃f a [f ] a ∀f • These functors satisfy “Frobenius reciprocity” and the “Beck condition”(see lemma (5.31)), that is to say, for each pullback A

g

q

p ? C

- B

f

? - D

there are natural isos ∃p ◦ [g] ' [f ] ◦ ∃q , and ∀p ◦ [g] ' [f ] ◦ ∀q . For a discussion of hyperdoctrines, reciprocity and Beck conditions we refer the reader to [109, 92, 77]. Suffice it to say here that the hyperdoctrine point of view defines (semantically) an abstract logic over a base category of types. One can think of each fibre category C X as the family of abstract predicates over the type or domain X (we will use this terminology below). The local cartesian structure on the fibres (which is often strengthened to include more logical operations) induces a propositional logic structure over each type. The global hyperdoctrine 54

provides an extension to an abstract predicate logic, with quantification defined by the adjoints to the “substitution operation” along each arrow in C . If the resulting abstract formulas are to behave like logical formulas, they must admit commutation of quantification with substitution and addition of dummy variables. These and other fundamental properties (depending on the hyperdoctrine in question) are guaranteed by the Beck conditions. p Y - X and X × Y f ×IX0 × Y For example, when applied to canonical projections X × Y in lieu of g, these conditions guarantee the following logical laws, for x not free in ϕ: ∃x(θ(x) ∧ ϕ) ⇐⇒ ∃xθ(x) ∧ ϕ and ∀x(θ(x) → ϕ) ⇐⇒ ∀xθ(x) → ϕ Observe that Freyd’s fundamental lemma (5.29) (with a proof of the corresponding Beck conditions) and lemmas(5.30) and (5.31) give us two examples of hyperdoctrines in a topos. We now consider a more general class of hyperdoctrines which can be used to build a topos out of any applicative structure. Definition 5.47 (Hyland, Johnstone, Pitts) A tripos is a hyperdoctrine C whose fibre categories C X are Heyting pre-algebras (CX `X ) (for each object X in the base category C ) satisfying the “power object condition”: for each object A of C there is an object P A and a membership predicate ∈A in C A×P A such that for any B in C and ϕ in C A×B there is a morphism f : B → P A in C satisfying [IA × f ] ∈A ∼ = ϕ. A reformulation of the definition of universal relation following def. (5.23) in terms of the pullback functor induced by 1C × f will help explain the “power object condition” above. We leave this as an exercise for the reader. Theorem 5.48 If H = {H X } is a Set -indexed family of realizability pre-algebras, then it is a f tripos, with the functor [f ] : H Y → H X corresponding to X - Y induced by composition. For each set A the power object will be H A , with the membership predicate just the evaluation map H A × A - H. Each H X is clearly cartesian closed as a category. For a detailed proof see [51]. Although there is a quite general theory of realizability-style topoi based on arbitrary triposes, we will confine our attention to those generated by the Set -based realizability pre-algebras described above. The aim of the rest of the section, then, is to sketch how a model of constructive set theory can be built out of the realizability structures we have defined, one that captures much of the behavior of the realizability interpretation we saw earlier. The reader should note the similarity between the way Eff H is built out of a realizability pre-algebra H and the way Ω-sets and Ω-interpretations are built out of a cHa (see section (5.2)). Definition 5.49 Let A be a PCA. The effective topos over A , or EffA , is the category whose objects are PA -valued PERs, that is to say, pairs hX, [[· ∼ =X · ]]i where X is a set and [[· ∼ =X · ]] PA satisfying a partial map X × X (82)

PA

|=

(83)

PA

|=

[[x ∼ = y ]] → [[y ∼ = x ]] ∼ ∼ [[x = y ]] ∧ [[y = z ]] → [[x ∼ = z ]]

In other words PA realizes the fact that [[· ∼ =X · ]] is symmetric and transitive. For x ∈ X we define Ex, the extent of x , to be [[x ∼ = x ]].

55

[F ] - hY, ∼ A morphism hX, ∼ =Y i in EffA is an equivalence class of PA -valued func=X i tional relations, that is to say a (Set ) function F : X × Y → PA such that

(84) (85)

F is relational F is strict

(86)

F is single − valued

(87)

F is total

PA |= F (x, y) ∧ [[x ∼ = u ]] ∧ [[y ∼ = v ]] → F (u, v) PA |= F (x, y) → Ex ∧ Ey ∼ z ]] PA |= F (x, y) ∧ F (x, z) → [[y = [ Ey ∧ F (x, y) PA |= Ex → y∈Y

where two functional relations F, G are equivalent if PA |= F (x, y) = G(x, y) One must now show that EffA is a category, i.e. that a composition operation can be defined which is independent of the choice of representative of morphisms. The definition of composition of functional relations F G hX, ∼ =Y i - hZ, ∼ =Z i =X i - hY, ∼ is given by (G ◦ F )(x, z) =

[

Ey ∧ F (x, y) ∧ G(y, z)

y∈Y

With this definition we obtain not only that EffA is a category, but much more. Theorem 5.50 (Hyland, Johnstone, Pitts) EffA is a topos. The terminal object of EffA is h{0}, ∼ =1 i where [[0 ∼ =1 0 ]] = |A |. Products hA, ∼ =A×B i where =B i are given by hA × B, ∼ =A i × hB, ∼ [[hx, yi ∼ =A×B hx0 , y 0 i ]] = [[x ∼ =A y ]] ∧ [[x0 ∼ =B y 0 ]] The subobject classifier is hPA , ∼ =Ω i with [[U ∼ =Ω V ]] = U → V ∧ V → U. We refer the reader to [51] for the details, and for a proof of a much stronger fact, namely that any category built from a tripos along the lines pursued above for realizability algebras is a topos. In said reference, and in [52, 92] it is shown that EffA , and in particular Eff ω , are topos-theoretic formulations of the realizability “universe”. Many principles we saw validated in the McCarty interpretation which make sense in local set theory, are true when suitably translated in the internal logic of EffA . For example the set of Kleene-realizable sentences (over the standard PCA ω) in the first-order language of HA (see appendix) are precisely those sentences true of the natural number object (hN, ∼ = m ]] = {x ∈ {n} : n = m}). Hyland shows in =N i where [[n ∼ [52] that analysis in Eff ω is essentially contsructive recursive analysis (see e.g. [8] for a discussion of this area). The real numbers in Eff ω are the recursive Cauchy sequences. Church’s thesis and Brouwer’s continuity principle for the reals are true in Eff ω . Hyland and others (Scedrov) have proposed EffA as the suitable framework for carrying out recursive mathematics in the spirit of the Russian constructivist school or of the effective algebra results of Nerode, Metakides and others. Furthermore EffA and its subcategories (e.g. Modest Sets, see [92]) has offered a framework for giving a natural constructive set-theoretic interpretation of polymorphism [94]. The constructions sketched out above are the starting point for a rich theory that has provided semantics for the ontologies of greatest interest in computer science, e.g. dependent type 56

theories, Constructions, linear and modal logics. Both the syntax and semantical analysis of new programming languages is being shaped by these semantic frameworks. The reader is urged to consult the work in e.g. [33, 101, 100, 4, 78, 54, 52, 51, 111, 112, 74, 86, 110, 91] and others cited in the appendix, for further details. The author would like to thank Anil Nerode for introducing him to the realizability interpretation of IZF, and encouraging further study of the field, and Peter Freyd for many insights about topoi and PERs. Many thanks also to Robert Lubarsky and George Odifreddi for countless helpful discussions, and to Paul Taylor for careful reading and helpful comments, as well as his diagram macros. Thanks also to Ramesh Subrahmanyam and Thomas Streicher for helpful suggestions.

57

A A.1

A sketch of Kleene’s 1952 realizability interpretation Realizability for HA

We define realizability formulas in one free variable |ϕ|(e) associated to each arithmetic sentence ϕ over the language L : |ϕ|(e) |¬ϕ|(e) |ϕ & ψ|(e) |ϕ ∨ ψ|(e) |ϕ → ψ|(e) |∃x ϕ(x)|(e) |∀x ϕ(x)|(e)

is is is is is is is

ϕ for atomic ϕ ∀f ¬|ϕ|(f ) |ϕ|(e0 ) & |ψ|(e1 ) [e0 = 0 & |ϕ|(e1 )] ∨ [e0 = 1 & |ψ|(e1 )] (∀f )[|ϕ|(f ) → ∃uvT (e, f, u) & U (u) = v & |ψ(v)|] |ϕ(e1 )|(e0 ) ∀n[∃uv(T (e, n, u) & U (u) = v & |ϕ(n)|(v)]

where e = he0 , e1 i via the standard primitive recursive pairing and unpairing. Formally, any assertion of the form e.g. A(e0 ) is given by (∃uv) (Pair(u, v, e) & A(u)), where Pair(u, v, e) is (u+v)(u+v +1) = 2(e−v), the standard diagonal coding predicate. Alternatively, we can (conservatively) make a definitional extension of HA, introducing the function symbols ( )0 , ( )1 and h, i for unpairing and pairing. We follow the latter convention informally and leave the formalization to the reader’s taste. We will adopt the following notation, for formulas A, B in one free variable : (A × B)(x) (A + B)(x) (A ⇒ B)(x)

≡ A(x0 ) & B(x1 ) ≡ (x0 = 0 & A(x1 )) ∨ (x0 = 1 & B(x1 )) ≡ ∀n[A(n) → ∃uv(T (x, n, u) & U (u) = v & B(v)]

For formulas S(x, y) in two free variables (over L) we define P ( S)(z) ≡ S(z1 , z0 ) Q ( S)(z) ≡ ∀x[∃uv(T (z, x, u) & U (u) = v & S(x, v)]

which formalizes “z is a choice function on x in the collection {S(x, y)}”. With this notation, we can abbreviate the definitions of realizability formulas: |ϕ & ψ| ≡ |ϕ| × |ψ| |ϕ ∨ ψ| ≡ |ϕ| + |ψ| |ϕ → ψ| ≡ |ϕ| ⇒ |ψ|

and if ϕ is a formula with one variable free and ϕ(x, ˆ y) is the formula in two free variables given by |ϕ(x)|(y) then P |∃xϕ| ≡ ( ϕ) ˆ Q |∀xϕ| ≡ ( ϕ) ˆ We can similarly define abstract realizability for Feferman’s theory APP (defined in appendix B). Definition A.1 Let A, B be sentences over the language of APP. Then we define inductively the realizability formulas |A| in one free variable as follows: If A is prime |A|(x) is A & x ↓ 58

def

|A & B|(x)

≡ (|A| × |B|)(x) ≡ |A|(π0 x) & |B|(π1 x)

|A ∨ B|(x)

≡ (|A| + |B|)(x) ≡ N (π0 x) & (π0 x = 0 → |A|(π1 x)) &

def

(π0 x 6= 0 → |B|(π1 x)) |A → B|(x) |∃yA(y)|(x) |∀yA(y)|(x)

def

≡ (|A| ⇒ |B|)(x) ≡ ∀y[|A|(y) → xy ↓ & |B|(xy)] P def ≡ ( |A|)(x) ≡ |A(π0 x)|(π1 x) Q def ≡ ( |A|)(x) ≡ ∀y[(xy) ↓ & |A(y)|(xy)]

|A|(x) is usually written x ∼r A. Note that if A is a formula in n variables over APP then the above clauses defined an associated realizability formula in n + 1 variables.

B

APP and the logic of partial terms

(There are many formulations, e.g., Troelstra–Van Dalen’s E + logic ([118]), Fourman and Scott’s treatment in [32] Feferman’s formalism, Beeson’s EON [8]). We follow the lines of Beeson’s EON. A detailed formulation of abstract applicative structures within IZF is carried out in McCarty’s [83]. We need: First order language • A partial binary function Ap( , )

22

• variables x1 , . . . y1 , . . . • equality = • distinguished constants s, k, π0 , π1 , p, d, 0 • unary relation symbol ↓ “convergence” • binary relation symbol ≈ (here, following Beeson and others,one may take it to be defined: t ≈ s ≡ t ↓ ∨s ↓→ t = s) • A unary predicate N (x) (standing for the natural number sort). Note: we need to agree on how to deal with partiality in our logic. Beeson, Troesltra-van Dalen, McCarty op.cit. take slightly different approaches, as does Scott in [106]. The most important point is that quantifier laws have to be modified to deal with partiality, e.g. we require axioms ∀xA & t ↓→ A[t/x]

A[t/x] & t ↓→ ∃xA

in lieu of the conventional laws, and strict atomic relations R(t1 , ..., tn ) → t1 ↓

&

· · · tn ↓

for atomic formulas R. The constants satisfy the axioms: 1. kxy = x

(kx ↓)

2. sxy ↓ & sxyz ≈ xz(yz) 3. k 6= s which suffice to give combinatory completeness:. 22 (Ap(f, x)

is usually written f x)

59

Theorem B.1 (Curry) For each term t and variable x, one can construct a term λx · t such that λx · t ↓ (λx · t)x ' t (λx · t)u ' t[u/x] u, t terms See e.g. Beeson or Troesltra and Van Dalen (op.cit.) for a proof. We also have the axioms: • pairing: pxy ↓

&

π0 (pxy) = x

π1 (pxy) = y

• conditional: N (a) & N (b) & a = b → dxyab = x N (a) & N (b) & a 6= b → dxyab = y • natural number sort ∀x(N (x) → N (sN (x)) & pN (sN (x)) = x & sN (x) 6= 0) and ∀x(N (x) & x 6= 0 → N (pN x) & sN (pN (x)) = x), as well as the induction schema for N ϕ(0) ∧ ∀x(N (x) ∧ ϕ(x) → ϕ(sN (x))) → ∀x(N (x) → ϕ(x)). The above system and most variants in the literature satisfy two important properties: Theorem B.2 Recursion Theorem ∃R AP P ` Rf ↓ &[g = Rf → ∀x(f x ' f gx)] i.e., (Rf )x ' (f (Rf )x) Term Existence (AP P ` ∃xA(x)) ⇒ There is a term t, such that (AP P ` A(t)&t ↓)

References [1] Aczel, P. [1977] The Strength of Martin-L¨ of’s Type Theory with One Universe, in: Mietissen, S. and V¨ aa ¨n¨ anen, J., (eds), The proceedings of the symposiums on Mathematical Logic Helsinki 1975 , University of Helsinki, 1977. [2] Allen, S. [1987], A Non-Type-Theoretic Semantics for Type-Theoretic languages Ph. D. Dissertation, Cornell University, Ithaca, N.Y. [3] Asperti, A. and Longo, G., [1991], Categories, Types and Structures, MIT. [4] Barr, M., and Wells, C.[1985], Toposes, Triples and Theories, Springer, New York. [5] Barwise, Jon, [1975], Admissible sets and structures : an approach to definability theory, Berlin ; New York : Springer-Verlag, 1975. [6] Barwise, J; Keisler, J. eds. [1977] Handbook of Mathematical Logic, Amsterdam ; New York : North-Holland Pub. Co., 1977. [7] Beeson, M. J. [1988], “Towards a computation system based on set theory”, Theoretical Computer Science 60, 1988, North-Holland.

60

[8] Beeson, M. J. [1985a], Foundations of Constructive Mathematics, Springer-Verlag, Berlin. [9] Beeson, M. J. [1982], “Recursive models of constructive set theories”, Annals of Mathematical Logic 23, 127-178. [10] Beeson, M. J. [1978], “A type-free G¨ odel interpretation”, Journal of Symbolic Logic 43, 213-227. [11] Beeson, M. J. [1977], “Continuity and comprehension in intuitionistic formal systems”, Pacific Journal of Mathematics,.68, 29-30. [12] Bell, J. [1985], Boolean-Valued Models and Independence Proofs in Set Theory, Clarendon Press, Oxford. [13] Bell, J. [1989] Local Set Theory and Toposes, Cambridge University Press. [14] Bunge, M. [1974], “Topos Theory and Souslin’s Hypothesis”, in The Journal of Pure and Applied Algebra, North-Holland. [15] Chang, C.C., and Keisler, J. [1977], Model Theory, North Holland, Amsterdam. [16] Cohen, P. J. [1966], Set Theory and the Continuum Hypothesis, W. A. Benjamin Inc., New York. [17] Cohen, P. J. [1963], “The independence of continuum hypothesis”, Proceedings of the National Academy of Science, USA 50, 1143-1148. [18] Constable, R. [1985] The Semantics of Evidence, manuscript. [19] Constable, R. L. and Howe, D. J., [1990], “Implementing Metamathematics as an Approach to Automatic Theorem Proving”, in Formal Techniques in Artificial Intelligence, R. Banerji, ed., North-Holland. [20] Constable, R. L., et al [1986], Implementing Mathematics with the NUPRL Development System, Prentice-Hall, N.J. [21] Coquand, T. and G. Huet [1985a], “Constructions: A higher order proof system for mechanizing mathematics”, EUROCAL 85, Linz, Austria. [22] Crossley, J. (ed.) [1985], “Aspects of Recursive Algebra”, The Upside Down A, Melbourne. [23] Van Dalen, D. [1986] “Intuitionistic Logic”, in The Handbook of Philosophical Logic, vol.III , D. Reidel, Dordrecht. [24] Devlin, K. [1984] Constructibility, North-Holland, Amsterdam. [25] Dragalin, A. G. [1987], Mathematical Intuitionism: Introduction to Proof Theory, Translations of Mathematical Monographs 67, AMS, Providence, R. I. [26] Dummett, M. [1977],Elements of Intuitionism, Oxford University Press, Oxford. [27] Feferman, S. [1975] “A language and axioms for explicit mathematics”, in: Algebra and Logic, Lecture Notes in Mathematics No. 450, pp. 87-139, Springer, Berlin. [28] Feferman, S. [1977], “Theories of Finite Type”, in: Barwise, J. (ed.), Handbook of Mathematical Logic, pp. 913-972, North-Holland, Amsterdam. [29] Feferman, S. [1979], “Constructive theories of functions and classes”, in Boffa, M., D. van Dalen and K. McAloon (eds.), Logic Colloquium ’78: Proceedings of the Logic Colloquium at Mons, 1978, pp.159-224, North-Holland, Amsterdam. [30] Finkelstein, S. [1994], Ph. D. Dissertation, University of Pennsylvania, to appear. [31] Fourman, M.P. [1980], “Sheaf Models for Set Theory” in The Journal of Pure and Applied Algebra 19, North-Holland.

61

[32] Fourman, M. P. and D. S. Scott [1979], “Sheaves and logic”, in: Fourman, Mulvey and Scott, (eds.), Applications of Sheaves, Mathematical Lecture Notes 753, pp.302-401, Springer-Verlag, Berlin. [33] Freyd, P. and Scedrov, A. [1990], Categories, Allegories, North-Holland, Amsterdam. [34] Freyd, P., [1980], “The Axiom of Choice”, in The Journal of Pure and Applied Algebra, vol. 19, North-Holland, Amsterdam. [35] Freyd, P., Mulry, P., Rosolini, G., Scott, D. [1990], “Extensional PERs”, in LICS 1990, and in TCS 1993. [36] Friedman, H. [1973], “Some applications of Kleene’s methods for intuitionistic systems”, in: Mathias, A. and H. Rogers (eds.), Cambridge Summer School in Mathematical Logic, pp. 113-170, Lecture Notes in Mathematics No. 337, Springer, Berlin. [37] Friedman, H. [1978], “Classically and intuitionistically provably recursive functions”, in: M¨ uller, G.H. and D. S. Scott (eds.), Higher Set Theory, Proceedings, Oberwolfach, 1977, pp. 21-27, Lecture Notes in Mathematics No. 669, Springer, Berlin. [38] Friedman, H. and A. Scedrov [1985], ”The lack of definable witnesses and provably recursive functions intuitionistic set theories”, in Advances in Math 57. [39] Friedman, H. [1986?], Functional Realizability, Manuscript. [40] Goldblatt, R. [1984], Topoi, revised ed., North-Holland, Amsterdam. [41] Goodman, N. [1978], “Relativized realizability in intuitionistic arithmetic of all finite types”, Journal of Symbolic Logic 43, 23-44. [42] Grayson, R. J. [1983], “Forcing in intuitionistic systems without power set”, Journal of Symbolic Logic 48, 670-682. [43] Grayson, R. J. [1984], “Heyting-valued semantics”, in: F. Lolli, G. Longo and G. Marcja (eds.), Logic Colloquium ’82, North-Holland, Amsterdam. [44] Grayson, R. J. [1979], “Heyting-valued models for intuitionistic set theory”, in: M. P. Fourman, D.J. Mulvey and D. S. Scott (eds.), Application of Sheaves, Springer Verlag, Berlin. [45] Grayson, R. J. [1975], “A sheaf approach to models of set theory”, M.Sc. thesis, Oxford. [46] Hatcher, W. S. [1982] The Logical Foundations of Mathematics, Pergamon Press, Oxford. [47] Hayashi, S. [1980] “On set theories and toposes”, in the Proceedings of the Logic Conference, Hakone, Lecture Notes in Mathematics 891, Springer. [48] Hayashi, S.and H. Nakano [1989], PX: A Computational Logic, The MIT Press, Cambridge. [49] van Heijenoort, J. (ed.) [1967], From Frege to G¨ odel: A Source Book in Mathematical Logic, Harvard University Press. [50] Heyting, A. [1971] Intuitionism; an introduction, 3rd.ed., Amsterdam, North-Holland. [51] Hyland, J. M. E., P. T. Johnstone and A. M. Pitts [1980], “Tripos Theory”, Math. Proceedings of the Cambridge Phil. Society 88, 205-252. [52] Hyland, M. [1982], “The Effective Topos”, in The L.E.J. Brouwer Centenary Symposium, North Holland. [53] Hyland, M. and Pitts A., [1989], “The Theory of Constructions: Categorical Semantics and ToposTheoretic Models”, in Categories in computer science and logic, American Math Society, Providence. [54] Jacobs, B. [1991], Categorical Type Theory, Ph. D. dissertation, Nijmegen.

62

[55] Jech, T. [1978], Set Theory, Academic Press, San Diego. [56] Johnstone, P. T., [1987], Notes on logic and set theory, Cambridge; New York : Cambridge University Press. [57] Johnstone, P. T., [1982], Stone Spaces, Cambridge University Press. [58] Johnstone, P. T. [1977], Topos Theory, Academic Press, New York. [59] Kleene, S. C. [1945], “On the interpretation of intuitionistic number theory”, JSL 10, pp.109-124. [60] Kleene, S. C. [1952], “Recursive Functions and Intuitionistic Mathematics”, Proc. ICM, Cambridge, 1952. [61] Kleene, S. C. [1952], Introduction to Metamathematics, North-Holland (1971 edition), Amsterdam. [62] Kleene, S. C. [1957], “Realizability”, Summaries of talks at the Cornell University summer school. [63] Kleene, S. C. [1969], Formalized recursive functionals and formalized realizability, memoirs AMS, 89. [64] Kleene, S. C. [1973], “Realizability: a retrospective survey” in [81]. [65] Kreisel, G., Troelstra, A.S. [1970]“Formal systems for some branches of intuitionistic analysis”, Annals of Math Logic I,229-387. [66] Kripke, S. [1965], “Semantical analysis of intuitionistic logic I”, in: Crossley, J. N. and M. Dummett (eds.), Formal Systems and Recursive Functions, Proceedings of the Eighth Logic Colloquium, Oxford, 1963, North-Holland, Amsterdam, 92-130. [67] Kunen, K. [1983], Set Theory, North-Holland, Amsterdam. [68] Lambek, J. and P. J. Scott [1986], Introduction to higher order categorical logic, Cambridge Studies in Advanced Mathematics 7, Cambridge. [69] L¨ auchli, H. [1970], “An abstract notion of realizability for which predicate calculus is complete”, in: Myhill, J., A. Kino, and R. E. Vesley (eds.), Intuitionism and Proof Theory, North-Holland, Amsterdam, 227-234. [70] Lawvere, W. [1975], “Continuously Variable Sets; algebraic geometry = geometric logic”, in Logic Colloquium ’73 , Rose and Sheperdson, eds., North-Holland, Amsterdam. [71] Lawvere, W. [1969], “Adjointness in Foundations”, Dialectica,23. [72] Lawvere, W. [1964], “An elementary theory of the category of sets”, Proc.Nat.Acad.Sci.USA, 52. [73] Lipton, J., [1990], “Constructive Kripke Semantics and Realizability”, in the proceedings of the Logic for Computer Science conference held at the Math. Sci. Research Institute, Berkeley, Nov. 1989. [74] Longo, G. and E. Moggi [1988], “Constructive natural deduction and its modest interpretation”, CMU Report CS-88-131, Lecture delivered at the workshop on “The semantics of natural and programming languages”, Stanford, March 1987, M.I.T. Press. [75] Lubarsky, R., [1994], “V=L in Intuitionistic L”, Manuscript, (to appear). [76] Mac Lane, S. [1971], Categories for the working mathematician, Springer, Berlin. [77] Mac Lane, S. and Moerdijk, I., [1992], Sheaves in Geometry and Logic: A First Introduction to Topos Theory, Springer, Berlin. [78] Makkai, M. and G. Reyes [1977], “First order categorical logic”, Lecture Notes in Mathematics 611, Springer-Verlag, Berlin.

63

[79] Martin -L¨ of, P. [1982], “Constructive Mathematics and Computer Programming”, in Logic, Methodology and Philosophy of Science IV, North Holland, Amsterdam. [80] Martin-L¨ of, P. [1984], Intuitionistic Type Theory, Studies in Proof Theory Lecture Notes, BIBLIOPOLIS, Napoli, Italy. [81] Mathias, A. and Rogers, H., [1973], Proceedings of the Cambridge Summer School in Mathematical Logic, LNM 337, Springer-Verlag, Berlin. [82] McCarty, D. C. [1986], “Realizability and recursive set theory”, Annals of Pure and Applied Logic 32, 11-194. [83] McCarty, D. C. [1984], “Realizability and recursive mathematics”, Doctoral Dissertation, Computer Science Department, Carnegie-Mellon University. [84] McLarty, C. [1993] Elementary Categories, Elementary Toposes, Oxford University Press. [85] McKinsey and Tarski, [1948], “Some theorems on the sentential calculi of Lewis and Heyting”, JSL 13, 1-15. [86] Moggi, E., [1991] “Notions of Computation and Monads”, Information and Computation, 93(1). [87] Mulry, P. [1980], The Recursive Topos, Ph. D. Dissertation, SUNY Buffalo, Buffalo, NY. [88] Myhill, J. [1970], “Constructive set theory”, in Intuitionism and Proof Theory, Kino, Myhill, Vesley (eds.), North-Holland, Amsterdam. [89] Myhill, J. [1973], “Some properties of Intuitionistic Zermelo-Fraenkel set theory”, in: Mathias, A. and H. Rogers (eds.), Cambridge Summer School in Mathematical Logic, pp. 113-170, Lecture Notes in Mathematics No. 337, Springer, Berlin. [90] Odifreddi, P. [1989], Classical Recursion Theory, North-Holland, Amsterdam. [91] van Oosten, J. [1990], Exercises in Realizability, Ph.D. Dissertation, Amsterdam. [92] Phoa, W., [1990] An Introduction to fibration, topos theory, the effective topos, and modest sets, from theory.ic.ac.uk . [93] Pitts, A. M., [1981], The Theory of Triposes, Ph. D. Thesis, Cambridge. [94] Pitts, A. M., [1987], “Polymorphism is Set Theoretic, constructively”, in Category Theory and Computer Science, LNCS 283, Springer. [95] Plotkin, G. and Reynolds, J. [1987] “On functors expressible in the polymorphic lambda calculus”, in Logical Foundations of Functional Programming, 1990, Addison-Wesley, Reading, MA. [96] Powell, W. [1976], “A Completeness Theorem for Zermelo-Fraenkel Set Theory”, JSL 41. [97] Powell, W. [1975], “Extending G¨ odel’s Negative Interpretation to ZF”, JSL 40. [98] Powell, W. [1975], Unpublished manuscript. [99] Prawitz, D. [1965] Natural Deduction: A Proof-Theoretical Study, Almquist and Wiskell, Stockholm. [100] Rosolini, G. [1986] Continuity and Effectiveness in Topoi, Ph. D. Dissertation, Oxford. [101] Scedrov, A. and Mitchell, J., [1993] “Notes on Sconing and Relators”, CSL ’92, Springer. [102] Scedrov, A. [1985], “Intuitionistic Set Theory”, in Harvey Friedman’s Research on the Foundations of Mathematics, North-Holland, Amsterdam. [103] Scedrov, A. [1984], Forcing and Classifying Topoi, Memoirs of the American Mathematical Society 295, Providence , R.I.

64

[104] Scedrov, A. [1981], “Consistency and independence results in intuitionistic set theory”, in: F. Richman (ed.), Constructive Mathematics, Proceedings , New Mexico, 1980, pp. 54-86, Lecture Notes in Mathematics 873, Springer-Verlag, Berlin. [105] Scedrov, A. [1979], “’Every continuous function f : [0, 1] → R is uniformly continuous’ is Independent of intuitionistic ZF”, Preliminary Report, AMS Notices, October, 1979, A-525. [106] Scott, D. S. [1979], “Identity and existence in intuitionistic logic”, in: Fourman, M. P., Mulvey, C. J. and D. S. Scott (eds.), Applications of Sheaves, Lecture Notes in Mathematics 753, pp. 660-696, Springer, Berlin/Heidelberg/New York [107] Shoenfield, [1967], Mathematical Logic, Addison-Wesley. [108] Shoenfield, [1971], “Unramified Forcing” in Axiomatic Set Theory, V. 1, Proc.Sym. Pure Math., Vol. 13, AMS, Providence, R.I. [109] Seely, R. [1983], “Hyperdoctrines, Natural Deduction and the Beck Condition”, ZML 29. [110] Seely, R. [1984], “Locally Cartesian Closed Categories and Type Theory”, Math. Proc. Camb. Phil. Soc. 95. [111] Streicher, T. [1989], Correctness and Completeness of a Categorical Semantics of the Calculus of Constructions, Ph. D. dissertation,Univ. Passau. [112] Streicher, T. [1992], “Independence of the induction principle and the axiom of choice in the pure calculus of constructions”, TCS 103, pp. 395-408. [113] Takeuti, G. and Titani, G. [1980], “Heyting-valued universes of intuitionistic set theory” in Logic Symposia, Hakone, 79-80, Lecture Notes in Mathematics 891, Springer. [114] Tait, W. W. [1975], “A realizability interpretation of the theory of species”, Logic Colloquium (Boston, Mass., 1972/73), Lecture Notes in Mathematics, V. 453, Springer-Verlag, 240-251. [115] Tennison, B. R. [1975] Sheaf Theory, Cambridge University Press. [116] Tierney, M. [1972], “Sheaf Theory and Continuum hypothesis”, in: F. W. Lawvere (ed.), Toposes, Algebraic Geometry and Logic, Lecture Notes in Mathematics 274, pp. 13-42, Springer-Verlag, Berlin. [117] Troelstra, A. [1978], Choice Sequences, Oxford Logic Guides, Oxford University Press. [118] Troelstra, A. S. and D. van Dalen [1988], Constructivism in Mathematics: An Introduction, Vol. II, Studies in Logic and the Foundations of Mathematics, Vol. 123, North-Holland, Amsterdam.

65