Вы находитесь на странице: 1из 52




Managing Editors C.


Notes 'by Giovanni Sambin of- a series given in Padua, June i980



J..Y .


0/ lectures

Advisory Editors P. AczEL C. BOHM













I .


Introductory remarks Proposi tions and judgements " '

. 3 7 11 , . . . . . . . . . . . . . . .. . . . . . . . . . .. . . .. . . .. .. . . . . 14 16 19 21 24 26 : ' ,' 31 32


Explanations of the form s of judgement Pr op ositions Rule s o f e q ua l i ty

Hypothetical judgements and s u b s t i t u t i o n rul e s Judgements wi t h more than one as sumption and contexts Sets and c a tego r i e s General remarks on the rule s Carte sian product of a family of s e t s Definitional equality App Lf ca t Lcns of the cartesian product ; _

Disj oint uni on of a family of sets ... . . .... ..... . . .. . . .. . . . . .. . 39 Appli cations o f the ' disjoint uni on 42

The axiom of' choice ...... .. ..... .. ... .. . ..... ... . . . . .. . ... . 50 The notion of such that ... . . . . . . ... . . . . .. . . . .... .. ....... . .. .. 53

Di sjoint union of" two sets .. .... . .... . . .. ..... . . .. .. . . . . . . .. '. .. 55 Pr-opo s Ltional equali ty ... ... ... . ...... . . : . .. . . .... . . . .. .. . .. . . 59


88-7088-105-9 scienze " , ,

1984 by Bibliopolis, edizioni di Napoli, via Arangio Ruiz 83 , ';.. :,', "

All rights reserved, No part of'ihis>-,1;;qp!i:,:ti,ay ' be reproduced , in any form or by any means without permission' -inwriting from. the publisher Printed in I taly by Grafitalia Via Censi dell'Arco, 25 Cercola (Napoli)

I i

Finite se ts Consistency .
, ,


. 69

Natural numbers . . .. ... .. ... .. . .. . ..... .. .. . . . ... .. . . ... . .. . . 71 Lists ; . . . . . . . . . . . . . . . . . . . . . . . 77


Wellorderings ........ . ..... . .. .. . .. . . ......... ... . . .. .... . . 79 Uni verses .... ... . . ' . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . 8 7

Preface These lectures were given in Padova at tha Laboratorio per Ricerche 'di Dinamica dei Sistemi e di Elettronica Biomedica the , Cons i g l i o Nazionale delle Ricerche during the month of June 1980. I am indebted to Dr'. , Enrico Pagello of that laboratory for the opportunity of so doing . The audience was made up by philosophers, mathematicians and computer scientists. Accordingly, I tried to say

1 , I

something which might be of

to each of these three cat-

egories. Essentially the same lectures, albeit in a somewhat improved and more advanced form, were given later in the same year as part of the meeting on Konstruktive Mengenlehre und Typentheorie which was organized in Munich by Prof. Dr. Helmut Schwichtenberg, te whom I am indebted for the invitation, during the week 29 Sep- 3 October 1980. The main improvement of the Munich .l e c t u r e s , as compared wi t h those given in Padova, was toe adoption of a systematic higher level (Ger. Stufe) notation which allows me to write simply

instead of
(Tl x

Fl (A,B), L(A,B), W(A,B) , ),(b),

E(c,d), D(c,d,e), R(c ,d,e), T(c;d)

A)B(x), (L x e A)B(x) , (Wx e iI)B(x) , (AX)b(x),

E(c,(x,y)d(x,y, D(c,(x)d(x),(y)e(y; R(c,d,(x,y)e(x,y , T(c,(x,y,z)d(x,y,z, respectively. Moreover, the use, of higher level variables arid constants makes it possible to formulate the elimination and equality rules for the cartesian product in such a way that they follOw the

Moreover, the second of these, that is, the rule same ,pa t t e r n as the elimination and equality rules for all the other type forming operations. In their new formulation, these rules read c

n (A,B)
in the same way as the rule

(Ax)Ap(c,x) E n(A,BJ

IT -elimination
(y Lx ) E.
C E.

can be derived by means of the B(x) (x


n (A ,B)
F ( c " d)

cEI:(A,B) c = (p(c) ,q(c) E E (A,B) is.derived byway of example on p . 62 of the main text . Conversely ,

d(yl ' 6 cO.(y

C( c )

. (x E A) b



B(x) (x



the new elimination and equality rules can be derived from the old ones by making the definition F(c ,d)


d( (x)Ap(c ,x.

Cx )




So, actually, they are equivalent. It only remains for me to thank Giovanni Sambin for having undertaken, at his own suggestion, the considerable work of writing and typing these notes, therebf making the lectures accessible to a wider aUdience. stockholm, January 1984, Pel' Martin-Lof

F(A,(b) ,d) r-espe ct.t vely. Here y is a bound function variable, F is a new non(eliminatory) operator by means of which the binary application operation can be defined, putting Ap(c,a) and y(x)



F(c, (y)y(a,

B(x) (x


A) is an assumption, itself hypothetical, which provided c has

has been put within parentheses to indicate that it is being discharged. A program of the new form F(c,d) has value

A (b)

and deb) has value e. This rule for evaluating F(c,d)

reduces to the lazy evaluation rule for Ap(c,a) when the above definition is being made. Choosing C(z) to be B(a), thus independent of z, and d(y) to be y(a), the new eiimination rule reduces tp the old one and the new equality rule to the first of the two old equality

1 -

Introductory remarks ,M t hema t i c a l logic and a have been interpreted in at relation between logic and mathematics three different ways:

(1) mathematical logic, as symbolic logic, or logic using mathe matical .ymbolism; (2) mathematical logic 'as foundations tor philosophy) of mathematics;

(3) mathematical logic as logic studied by mathematical methods,

as a branch of mathematics. ' We shall here mainly be interested in mathematical logic in the second sense. What shall do is also mathematical logic in the first sense, but certainly not in the third . 'The principal problem that remained afterP'rincipia Mathematica was completed was, according to its authors, that of justifying the axiom of reducibility (or, as we would now say, the impredicative comprehension axiom)'. The, ramified theory of types was predicative, but it was not sufficient for deriving even elementary parts of analysis . So axiom of reducibility was on the pragmatic ground that it was needed, although no .atisfactory justification (explanation) of it could be provided. The whole point of the ramification wa s , then lost , so that it might just as well be abolished. What then remained was the simple theory of types. Its official justification (Wittgenstein , rests on the interpretation of propositions as truth values and propositional functions (of one or several variables; as truth functions. The laws of the classical propositional logic are then clearly valid, and so are the quantifier laws , as long as quantifica tion is restricted to finite domains. However, it does not seem possible to make sense of quantification over infinite domains , like the

- 2 -

- 3 domain of natural numbers, on this interpretation of the notions of proposition and propositional For this reason, afuong others, Here the , Propositions and Judgements

what we develop here is an intuitionistic theory of types ; which is also predicative (or 'ramified). It is free from the deficiency of Russell's ramified theory of types, as regards the possibility of developing elementary parts of mathematics, like the theory of ' r e a l numbers, because of the presence of the operation which allows us to form the cartesian product of ,a ny given family of sets, in particular, the set of all functions from one set to another. In two areas, at leasti our language to have advantages proposition In particular, ' t h e premisses and conclusion of judgements. , proposition (Ger. Satz) and assertion or judgement '( Ge r . Urteil) is essential.

What we combine by means of' the logical operations (.l::> & v V 3 ') , , , , " and hold to be true are propositions. When we hold a proposition to be true , we make a ment: '

over traditional foundational languages. First, Zermelo-Fraenkel set theory cannot adequately deal with the foundational problems of cat egory theory, where the category of all sets, the category of all groups, the , category of functors from one such category to another etc. are considered. These problems coped with by means of the a logical inference are

The distinction between propositions and jUdgements was clear from Frege to Principia. These notions have later be formalistic notions of formula and theorem (in 1 en rep aced by the

distinction between sets and categories (in the logical or philosophical sense, not in the sense of category theory) which is made in intuitionistic type theory. Second, present logical symbolisms are inadequate as programming languages, which explains why computer scientists have developed their own languages (FORTRAN, ALGOL, LISP, 1 2, PASCAL, ... ) and systems of proof rules (Hoare , Dijkstra . ). We 3 how the additional richness of ' t y p e theory, as have shown elsewhere compared with first order predicate logic, makes it usable as a programming language.
l ' C. A. Hoare, An axiomatic basis of computer programming, Communications of the ACM, Vol. 12,196'9, pp. 576-580 and 583.

a formal system) , respectively. Contrary to formUlas, propositions are not def'ined inductively . So to speak, they f'orm an open concept, In standard textbook presentations of first order logic, we d' can three quite separ-a te steps:
(1) inductive definition of terms and

formulas , of inference ,

(2) specif'ication of aXioms and rules

(3) semantical interpretation.

Formulas and d d t ' e uc are given meaning only through semantics which is usually done follOWing Tarski and ' , assuming set theory . What we do here is t t , mean 0 be closer to ordinary mathematical We will avoid keeping form and meaning (content) apart stead we will at the same time display certain forms of Inand

2 E. W. Dijkstra, A discipline of Programming, Prentice Hall, Englewood Cliffs, N.J ., 1976.

" P. Martin-Lof, Constructive mathematics and computer programming, Logic, Methodology and Philosophy of Science VI; Edited ,by L. J. Cohen, J. Los, H. Pfeiffer and K.-P. Podewski, North-Holland, Amsterdam, 1982, pp. 153-175. '

inference that are used in mathematical d ' proofs an explain, them seman, " tically. Thus we make explicit h t

granted. When one treats log i c as arty othe r br a nc h of mathematics, as i n the metamathematical traditi on originated by Hilbert , such judge ments and inferences are onl y partially and f ormal l y re pr ese nted in the s o-called obj e c t language, while they are implicitly used; as in any other br a nc h of mathematics, in the s o-cal led metalanguage. Our main aim is to build up a system of f orma l rules representing in the bes t possible way informal (mathematical) reasoning. In the usual natu ral deduction style , the rules given are not quite . f ormal . For i ns t a nce , the rule.

. We us e f our f orms of (1) A is a set (abbr . A

( 2 ) A and B




( 3) a is .an element of the set A (a

A) ,

(4) a and b are equal elements of the set

(If we read

(a = b

A) .

lit.rally a s

, then we

Set ,

A = BESet , a e El (!) , a = b E El(A ) , respectively .) Of cou rse , any syntactic variable s co u ld be us ed the use ,

f sma 11 l e t t e r s f or el -

A v B

ements and ca pi t a l letters f or ae't s i s onl y t o conve nience . No t e t ha in o r d i na r y set t heo r y , a E b and a = b are propos it i ons , whi l e they a r e j udgements here. A jUdgement of the f orm A = B has no mean ing less we already kn ow A and B t o sets . Likewise , a jUdgement of t he f orm a E A presupposes that A is a set , and a judgement of t he f orm b are elements of A . Each f orm of judgement admits o f severa 1 differe nt read ings , as i n the ta.ble:

takes f or granted that A and B are f ormulas, and onl y then does it say that we can i n f e r A v B to be true when A is true . .If we are t o give a f ormai rule, we have to make this expllcit, writing
A prop.

B prop .
A v

A tr-ue

a = b E A presupp ose.s, first, that A is a se t , an d , second, t ha t a an

B true

or A, B prop .

.1- A

A set A is a set A is a prop osition

A is nonempt y A is true

a is an 'e Lemen t of the set . A a is a proof ( con structi on) of the prop ositi on A

where we use, like Frege, the symbol l- to the left of A to signify that A is true . In our system of rules , . t hi s wi l l always be explicit . A r ule of inference is j ustified by explaining the conclusion on the assumption that the premisses are kno wn. H.ence, before a rule of inference can be justified, it must be explained wha t it is that we must know "in o r de r to have the right to make a judgement of any one of the various f orms that the premisses and cOnclusion can have.

A is an i ntention (expectation)

a is a method of (realizing) the intention ( expectati on ) A

A is f u lfi l l a bl . ( realizable)

A is a problem (task)

a i s a method of solving the prob l em ( doing the task) A

A i s solvable

The se cond, logical interpretation is discussed toghether with rules 4 below . The third was suggested by Heyting a nd t he fourth by Ko l mogOrov 5 . The last i s very close to programming. "a is a method . . . " can ' be read as "a is a program . .. ". Since programming languages have a formal notation for the program a, but not for A, we c omplete the sentence with " ... which meets the s pe c i f i c a ti on A". In .Kolmogorov 's in t e r p r e t a t i on , the word problem refers to something to be done and the wor d program to how to do it . The analogy between t he first and the second interpretation is . implicit in the Brouwer-Heyting interpretation logical It was made more explicit bY ,Curry ,and Feys6 , but only for the impl icational fragment , and i t wa s extended t o intuitionistic first order arithmetic by Howard _ It is the only known way of logic so that axiom o f 6hoic e becomes , valid . To distin gui sh between proofs. of judgements (usually in tree-like form) and proofs of proposit ions (here identified with elements , thus to the left of E . ) we reser ve the word construction for the latter and use it whe n confusion might occur.

Explanations of the forms o f judgement

For each one of the. four forms of judgement, we. now explain wha t a judgement of that form means . tions: W t is a set? ha

We can explain what a judgement , s a y

of the first form, means by answering one of the following three ques

What is it that we must know in order to have the right to judge something to be a set? What does a judgement of the form " A is a set" mean? The first ,is the ontological (ancient Greek) , t he second the episern) way of posing essentially the same question . At first sight , we could assume that a set is defined by prescribing how i t s elements are formed. This we do when we say that the set of na tura l numbers N is defined by giving the rules :

(Descartes, Kant, . ) and the third the seman t ical (mod-

4 A. Heyting, Die intuitionistische Grundlegung der M t hema t ik , a Erkenntnis, Vol. 2, 1931 , pp. 106 -115 . . 5 A. N. Kolmogorov , Zur Deutung der intuitionistischen Logik, Zeitschrift , Vol. 35 . 1932, pp . 6 H. B. Curry and R. Feys, Combinatory Logic, Vol. 1, North-Holland ; Amsterdam , 1958 , pp , 312-315. 7 w A. Howard , The formulae-as-types not ion of construction, To '., H. B. Curry : Essays on Combinatory Logic, Lambda Calculus arid Formalism , Academic Press, London , 1980 , pp. 419-490.

a'E N by which its elements are constructed. However" the we a kn e s s of thi s 10 definition is clear: 10 , for instance, though not obtainable wi th thegi ven rules, is clearly an element of N, sinc,e we kno w t hat we ' can bring it to the form a' for some a e ' N. W thus ha ve . to distin e the elements which have a form by which we can di rect ly see that they are the result of one of the rules , and 'ca ll the m c anon i cal , from all othe r e lements, wh i ch we wi l l call no ncano nica l .

But then, to be able t o. define when two noncanonical elements are equal, we must also prescribe how two equal canonical elements are formed. So: (1) a set A is defined by prescribing how a canonical element of A is formed as well as how two equal canonical elements of A are formed. This is the explanatipn of the meaning of a judgement of the form A i s a set. For example, to the rUI'es for N above, we must add


two sets A and Bare equal if a ! A (that is, a



A and B

a a

! .



and abE A
b Eo B

for arbitrary canonical elements a, b.

and a' To take

b <= N
b' ! . N

This is the meaning of a judgement of the form A= B. When we explain what an element of a set A is, we must we know that A is a set, that is, in particular, how its canonical . elements are formed. Then:

example, A x B is defined by the rule

a <= A

(a,b)! AxB. which prescribes how canonical elements are formed, and the rule

(3) an element a of a set A is a method (or program) which, whe executed, yields a canonical element of A as result . This is the meaning of a judgement of the form a
! .

A. Note that here

a = c

b = d ! B .

we assume the notion of method as primitive. The rules of computatic of the present language will be such that the computatic of an element a of a set A terminates with a .va l ue b as soon as the outermost form of b tells t hat, it. is a canonical element of A (norm" order or lazy evaluation) . For instance, the computation of 2 + 2 gives the value (2 + 1)', which is a canonical element of N since 2

(a ,b) = (c,d) ! A x B by means of which equal canonical elements are formed. There is no limitation on the prescription defining a set, except that equality between canonical elements must always be defined in such a way as to be reflexive, symmetric and transitive. Now suppose we know A and B to be sets, that is, we know how canonical elements and equal canonical elements of A and B are formed . Then we stipulate:

1 E N. Finally: (4) two arbitrary elements a, b of a set A are equal if , when executed, a and b yield equal canonical elements of A as resul1

This is the meaning of a judgement of the form a = b

A. This defi-

Propositions Classically, a proposition is nothing but a truth va l u e, that an element of the set of truth values, whose two elements are true and the false. Because of the difficulties of justifying the rules for forming propositions by'means of quantification over infinite domains , when a proposition is understood, as a truth value , this explanation is rejected by the intuitionists and replaced by saying that a proposition is defined by laying down what counts 'a s ' a proof of the proposition, and that a proposition is true if it has a proof, that is , if a proof of it can be given

nition makes good sense since it is ' part of the definition ' of a set what it means for two canonical ,elements of the set to be equal. Example. If e, f and e

x B, then e and f are methods which yield


canonical elements (a,b), (c,d) f E A x B if (a,b) d

A x B, respectively, as results, if

(c,d) E A x B, which in turn

a = c E A and b


Thus , intuitionistically , truth is identified with provability , though of course 'not (because of bility within any particular formal system. fit together with the intuitionistic conception of wha t a proposit ion is, are given by the standard table:

incompleteness theorem) wi t h deriva -

The explanations of the meanings of the logical operations, which

8 D. Prawitz, Intuitionlst1c logic: a philosophical challenge , Logic and Philosophy, Edited by G. H. von M r ti nu s Ni j ho f f , a The Hague , pp . 1-10.

a proof of the proposition

consists of

As it stands, this table is not strictly cor-r-ect., since it, shows proofs of canonical form only. ' An arbitary proof, in anal;ogy with an arbitrary element of a set, is a method of producing a proof of canonical form. If we take seriously , the idea that a is defined by laying down how its canonical proofs are f'or-me d (as in the second table above) and accept that a set is defined by prescribing how its canonical elements are formed, then it is clear that it would only lead to unnecessary duplication to keep the notions of proposition and set (and the associated notions of proof, of a proposition ' and element of a set) apart. Instead, we simply identify them, that i s, treat them as one and the same notion. This is the formulae-as-types (propositions-as-sets) interpretation on Which intuitionistic type theory is based.

A &B

a proof of A and a proof of B a proof of A or a proof of B a method which takes any proof of A into a proof of B a method which takes an arbitrary individual a into a proof of B(a) an individual, a and a proof of

A :> B

( Vx)B(x) ,

(3 x)B(x)

' t he first line ' of which should be interpreted as saying that there is nothing that counts as a proof . The above table can be made more explicit by saying: a proof of the proposition

has the form

A & B

(a,b), where a is a proof of A and b is a proof of B i(a) ; where a is a proof of A, or j{b), where b is a proof of B (Ax)b(x), where b(a) is a proof of , B provided a a proof of A (Ax)b(x), where b(a) is a proof of B(a) prOVided a is an individual (a,b), where a is an individual and b is a proof of B(a)

A v B

A :> B

(3 x)B(x)

- 14 -

- 15 -

Rules of equal ity


We no w begin to build u p a system o f rules. First , we g i v e th e fo llowing rules of equality , which are e a s i l y e xplained using th e fac t t h a t t h e y hol d , by definition, for c an on ic a l ele me nts : Reflexi vit y
a e A

b .. A

a=be.B for a , b canonical elements of A and" B. From the same f or B also obta in
C, we "

A s et


a e A

A = A


Symmetr y



A = B B = A

_ b =

e A

abE C

Trans it iv it y

for a , b canonical elements, which is the meaning of A =" C.


b e A

c EO A

In the same evident way, the meaning of A = B just i fies the rules: Equality o f sets
a e A
a e B A

! A

For instance, a d e t a i l e d explanati on o f transitivity is : a = b E A means that a and b yiel d canonical elem ents d and e , respectively , and that d

b e A



! A. S imilar ly , if c yields f , e


EA. S in c e we assume

transitiv ity for canoni cal element s , we obtain d t h a t a = c ! A. The me a ni n g of A B i s t hat


E A, which mean s

a = b


a E B

- 17 -

Hypothetical Judgements and substitution rules The four basic forms of judgement are generalized in . order t o expresi also hypothetical judgements , i .e. judgements which are made under assumptions . In this section, we treat the case of one such assumption . So assume that A is a set . The is generalized to the hypotheti cal form form of judgement

B(x) is a set under- the assumption x e .A, which does not mean ' .t ha t ,we must have a derivation within any particular formal system (like the one that we, are in the process of building up). When an assumption
X E A is discharged by

application of a rUle, we wr i t e it inside

brackets. The meaning of a 'hypot he t i c a l Judgement of the fo rm


B(x) = DUe)


e. 'A )


B( x) set (x e 'A) which says that B(x) 'and D(x) are equal families of sets over the set A; is that B(a) and D(a) are equal sets for any element a of A (so, in particular , B(x) and D(x) must be famiiies of sets over Therefore the rule . Sub s ti tu t Lon
(x E A)

which says that B(x) is a set under the assumption x E A, or, better, that B(x) is a family of set s over A. A more traditional notation is or {B : X E A} The meaning of a judgement of the form xJ x E A x . (1) is that B(a) is a set whenever a is an element of A, and also {B

that B(a) and B(c) are equal sets whenever a and c are equal elements of A. By virtue of this meaning , we Lmmed Lat.e Ly see that the following s u bs t i t u t i on rules are correct:

a E A

B(x) = D(x)

B(a) = D(a)

(x E A)

is correct. We can now derive the rule

(x E A)


B(x) set B(a) set


B(x) se t B(c)
a c E. A


B(x) D(c)


The notation


from the above rules. In fact, which is implicit in a rule. So B(a) c

c ,E A and B( x) set (x E A) ,

B(x) s et only recalls that we make (have a proof of) the judgement that

' we obtain B(a) '= B(c) by the second substitution r ul e , and f rom c E A,

A, B(c) = D(c) by the third substitution

= D(c)

by ,transitivity .

A hypothetical

of the form A)

Jud gements with more than one assumption and contexts We may now further generalize judgements to include hypothe ti cal judgements with an arbitrary number n of assumptions. W explain their e meaning by induction. that is, assuming we understand th e meaning of judgements with n-' assumptions. So assume we kno w that A, is a set . A is a family of sets ov er A" 2(X,)

(3) b(x) E B(x) (x

means that we know b(a) to be an element of the set B(a) assuming we know a to be an element of the set A, and that b(a) = b I c ) E. B(a) whene ve r a and c are equal elementa of A. In other wo r ds , b(x) is an extensional function with domain A and .r a nge B(x) depending on the argument x . Then the following rules are justified: Substitution
(x ! A) (x E A)

is a family of s e t s with two indices x, A 3(X"x 2)


A, and

A ( X, ) , 2




! .


c ! A

! .



b(a) = b(c)

B{a) An(x, ..,oo., x n_,' is a family of sets with n- ' indices x, X2E A (x,), .. . , x n_, E An_,(x, ' ... x n_ 2) . 2 Then a judgement of the form
! .


Finally, a judgement of the form (4) b(x) = d(x)

! .

B(x) (x !. A)

means that b(a) and d(a) are equal elements of the set B(a) for any e lement a of the set A. We then have Substitution
(x ! A) .

A(X" .. . x n) s e t (x,

A,. x 2 e A2(x,), ... . Xn E An ( x " ... ,x n


means that A(a" ... ,an) is a set whenever a, !. A"

a ! A .

b(x) = d(x) e B(x)

! .

a 2 E A2(a,) , ., . , anE . ... an_') and that A(a" . .. ,a n) = A(b " .... , b n ' whenever a, = b, e A" .. . , an = b n ! An(a" ... ,a n _,) . W say that e A(x" .. ,x is a family of sets with n indices. The rt assumptions in n) a judgement of the form (,) constitute what we call the context . wh i c h plays a role analogous to the sets of f o r mul a e

b(a) = d(a)


r .

(ex tra formulae)

wQi c h i s the last substitution rule .

appearing in Gentzen sequents . Note also that any initial segment o f a context always a context. Because of the meaning o f a hypothetical

judgement of the

('), we see that the first two rules of substi-

Sets and categories A category. is defined by explaining what an object of the category is and when two such objects are equal . A category need not be a set, since we can grasp what it means to be an object of a given category even without exhaustive rules for forming its objects . For instance. we now grasp what a set is and when two sets are equal , so we have defined the category of sets (and. by the same token . the

tut ion may be extended to the case of n assumptions ,and we understand these extensions t o be given . It is by now clear how to explain the meaning of the remaining forms of hypothetical judgement :

(equal families of sets with n indices),

{3) a(x" ... , x ) E A(x, , x ) (x, e A, . . . ..

category of propositions), but it is not a set. So fa r . we have defined several categories: the category of sets (or propositions). the category of elements of a given set (or proofs of a proposi-

x n E An(x, . x n _,

(function with n a rguments), (4) a(x, . x = b(X, . ,x n) E A(x, . x n) (x EA. X E A (x, . .... x " n n n(equal functions with n arguments). n) tion) .

t he category of families of sets B(x) (x E A)' ove r a given set A. the category of functions b(x) E a(x) B(x) set (x E A) , the category of families of sets C(x .y) (x EA . Y E B(x , where A set. B(x) set (x E A). the category of functions c(x.y) E C(x.y) (x E A, y E B(x . where A is a set. sets, . etc . In addition to these , there are higher categories . like the category of binary functions which take two sets into another set . The function x . which takes two sets A and B into their cartesian product A x B. (x E A) and C(x.y) . (x "- A. y EB(x families of

and we assume the corresponding substitution rules to be given.

(x E A).

where A set .

- 22 -

23 -

is an example of an object of that c a te g o r y . We will say obj ect of a category but e le men t of a set, wh i c h r eflects the difference between categories and sets . To egory it is not necessary to prescribe how its objects are but Just to grasp what (arbitrary) object of the category is. Each cat-

t h e set B (B

will be introduced as an abbreviation for (n x E

when B(x) is constantly equal to B). In parti cular ,

{O, ll A is

a se

but it is not the s a me thing as which is only a c a t e g o r y. Th A reason that B can be construed as a s e i t s that .we take the notion of function as primitive , instead of defining a fu nction as a se t o

set determines a category, namely the category of elements of the set, but not conversely: for instance, the c a t ego r y of sets and the category of propositions are not sets, since we cannot describe how all their elements are formed. We c a n now s a y that a judgement i s a statement to the e f f e c t that s ome t h i ng is an obje ct of a c a t e g o r y (a A set ,

orde red pairs or a binary relation satisfying the usual ex istence an uniqueness cond itions , which would make it a category (like d?(A)) instead of a . set .

When one speaks about data types in compute r science , one mi gh just as well say data s e ts . So here type is always synonymous wi t h set and not with category .


. .. ) o r that tw o objects of a c a teg o r y are equal (a = b E A,

B, ) .
What about t h e word type in the logical s e n s e . given to it by

Russell with his ramif i ed (resp. simple) the ory o f type s ? Is type synonymous with cate gory or with s e t ? In some cases with the one , it s e e ms , and in other cases with th e other. And it is this confusion of two different concepts which has l ed to the impredicati vity of the simple theory of types . When a type i s defined a s the range of significance of a propositional function, so that types are wh a t the quantifiers range over, then it seems that a type is the same thing a s a set. On the other hand , when one speaks about the simple types of propositions, properties of indiViduals , relations between individuals etc., it seems as if types and categories are the same . The important difference between the ramified types of propositions, properties, relations etc . of some finite order and the simple types of all propositions , properties, relations etc. is precisely that the ramified types are (or can be understood as) s ets, so that i t makes sense to quantify over them, whereas the simple types are mere categories . A For example, B is a s e t , the set of functions from the set A to

- 25 -

General remarks 'on the rules

We remark here also that to each rule. of set formation, intro duction and elimination, there corresponds an equality rule, which

W now start to gi ve the rules for the different symbols we use. e W will follo w a common pattern in giving them. For each operation e we have four rules : set formation, introduction, elimination, equality . The formation rule says that we can form a certain (proposition)



equals for equals.

The rules should be rules of immediate inference; we cannot further analy se them, but only explain them. However , in t h e end , no explanation can substitute each individual 's understanding .


from certain other sets (propositions) or families of sets (propositional functions). The introduction say what a re the canonical
' 1 I

elements (and equal canonical elements) of the set, , t h us giving its meaning. The elimination rule shows how we may define functions on the set defined by the introduct ion ' r u l e s . The equality rules relate the introduction and elimination rules by showing how a function defined by 'means of the elimination rule operates on the canonical elements of the set which are generated by the introduction rules. In the interpretation of sets as propositions, the formation rules are used to form propositions, introduction and elimination rules are like those of Gentzen 9 , and the equality rules correspond to the reduction rules of Prawitz 10.

9 G. Gentzen, Untersuchungen uber das logische Schliessen, Mathematische Zeitschrift , Vol . 39, 1934, pp .176-210 and 405-431. 10 D. Prawitz, Natural Deduction, A Proof-Theoretical Study, Almqvist & Wiksell, Stockholm, 1965.

- ' 27 -

Cartesian product of a family of sets

that these rules introduce canonical elements and equal canonielements, even if b(a} is not a canonical element of B(a) for

Given a set A and a ,f a mi l y of setsB(x} over the set A, we can form the product: D-formation
(x e A)
(x c;; A)

A. Also, we assume that the usual variable restriction is met, i.e . that x does not appear free in any assumption except (those of
E A.

Note that it is neccessary to understand that A) 'i s a function to be able to form the canonical

hex) e B(x} (x

element (AX}b(x)

(fix e , A)B(x); we could say that the latter is a

A set (fix

BOc} set A)B(x} set




name of the former. Since, in general, there are no exhaustive rules for generating all functions from one set to another , it follows that we cannot generate inductively all the elements of a. set of the form A, (nx IS, A)B(x} (or, in particular, of the 1,form 'B like NN). We can now justify the second rule of set formation. So let (AX}b(x) be a canonical element of (TIx E A)B(x}. Then b( x} E B(x}

(Tl x

A)B(x) = (Tix E C)D(x}

The second rule says that from equal arguments we get equal values. The same holds for all other set forming operations, and we will never ' spell it out aga i n. Th e conclus o n of the first rule is that something is a set. To understand which set it is, we must know how its canonical elements and its equal canonical elements are formed. This is explained by the introduction rules:

(x E A). Therefore, assuming x E C we get x E A by symmetry and equality of sets from the premiss A the premiss B(x} = D(x} (x

C, and hence b(x} E B(x}. Now , from

A), again by equality of sets (which is

assumed to hold also for families of sets) , we obtain b(x} E D(x) , and hence (Ax}b(x) e: ([1 x e C)D(x} by n-introdu ction. The other direction is similar.

n -introduction
(x E , A)

b(x} E. B(x} (AX)b(x) e (T] x E A)B(x)

(x e A)
(x E

(x E C)





x e. A
B(x) b(x} e D(x) D( x)

b Lx )

e. B(x)

b(x) = d(x} e B(x) (AX}b(x) = (Ax;}d(x) e (fix ' e A)B(x}

(AX)b(x) E (DXE C)D(x)

- 29 28 We have to explain the meaning of the new constant Ap (Ap for Application) ; Ap(c,a) is a method of obtaining a canonical element of B(a) , and we now explain how to execute it. We know that c
(Tl x

. d . s a formal derivation cannot be considere a We remark that the above in type theory itself S1nce . of the second T1_formation rule proof l oty between two sets which formal rule of prov1ng an equa 1 the re is no explanation of what such an equality means. corresponds directly to the

E A)B(x) , that is, that c is a method which yields a canoniE

cal element (AX)b(x) of (TIx e A)B(x) as result . Now take a

A and

We also have to prove that

it for x inb(x). Then .b ( a ) E B(a). Calculating b(a), we


= (Ax)d(X)



obtain as result a canonical element of B(a), as required . Of course, in this explanation ; no concrete computation is carried out; it has the character of a thought experiment (Ger. Gedankenexperiment) , We use Ap(c,a) instead of the more common bra) to distinguish the result
A) ,

(Ax)d(x) '" (Dx '" C)D(X) (Ax)b(x) and (Ax)d(x) be equal

under the same assumptions. So let Then b(X) = d(x) E B(x) (x E . canonical elements of. (nx 6 A)B.,(x) . and therefore the derivation
(x ! C) .

of applying the binary application function Ap to the two arguments c and a from the result of applying b to a. Ap(c,a) corresponds to the application operation (ca) in combinatory logic. But recall that in logic there are no type restrictions , since one can always form (ca), for any c and a.

= C = A
(x 6 C)

A = C

! .


(x E A)

B[x) = D(x) b(X) = d(X) (Ax)b(x) = O.x)d(x) shows that (Ax)b(x) (f\x
! . ! .

D(X) (TIx E C)D(x) canonical elements of

b(x) E


ApAX)b(x) ,a) = bra) E B(a)


and (Ax)d(X) are equa 1

E (TIx E A)B(x)


(Ax)Ap(c,x) E (nx


n _elimination

The first equality rule shows how .the new function Ap operates' on the (nx
! .

! .

a E A

canonical elements of (Fl x E A)B(x): Think of (AX)b(x) as a name of . .. . . the pr-ogr-am a program to the. first rule say.s that . applying the name of argument yields the same as executing the proSimilarly, . the second r ul e is needed

Ap(c,a) c = d E (nx
! .

B(a) a = b


gram with that ,rgument aj

Ap(c,a) = AP(d,b) E B(a)

- 31 - 30 Definitional equality

f which we know only ) for a program 0 to obtain a notation, Ap c ,x, . f llows . .Recall that e can be as 0 c The second ru l ts as rethe name y'eld equal canonical elemen , . 1 i f they ) two elements are equa It (Ax)b(x) , where o Cx) E B(X i Ids the resu eye t to prove is S u l t s . is canonical, what we wan (x A). Since (Ax)Ap<c,X) ( (AX)AP(c .x) B(x) (x E A)

Definitional . equality is intensional equality, or equality of meaning (synonymy). We use the symbol:: or =def. (which was first introduced by Definitional equality :: is a relation between linguis.tic expr-e sa t ons ; it should not be confused with equality between objects (sets, elements .o f a set etc.) which we denote by =. Definitional equality is the equivalence relation generated by abbreviatory definitions, changes of bound variables and the pr inciple of sUbstituting equals for equals. Therefore it is decidable, but not in the sense that a

equal elements, we need _introduction for ) . B( ) rule er (a ) Ap(c,a E a By the = ) This means b a (' )b(X) and hence b(X) -_ Ap(c .x ) E B(x) . (x EA . . ce c y i e l d s AX . EA. But this is true, provided a same value as b(a). A, Ap(c,a) yields the rules for B which is the d cts contain the A The rules for pro u t B In fact , we take B . to the set A to the se . set of functions from Here the concept of B does not depend onx. be (ll.x E A)B, where


b V .., (a


b) holds, simply because a


b is

not a proposition in the sense of the present theory. Definitional equality can be used to rewrite expressions, in which case its decid ability is essential in checking the formal correctness of a proof. In fact, to check the correctness of an inference like A true B true

nitional equality is useful .

A & B true for instance, we must in particular make sure that the occurrences of the expressions A and B above the line and the occur-

rences below are the same, that is, that they are definitionally equal. Note that the rewriting of an expression is not counted as a formal inference.

Applicat ions of the cartes ian product A Fi rst , us.ing definitional equality, we can now defi ne B by putti ng

V -introduction
(x E A)

B(x) true

prov ided B does not depend on x , We next consider the n-rules in the i nt e r pre t a t i on of propositions as sets . If, i n the. f i r s t rUle , n - fo rmation, we think of B(x) as a proposition instead of a set, then , after the definition (Vx 6 A)B(x) it becomes the rule _

(Tl x G A)B(.x) ,
a(x , ,x .0 )

i\{x 1 , ,x ) (XE A m 1 1' " ., X E A (x E A ( m m 1"" , Xm_ 1 ) , m+l m+ l x 1 , .. ,xm) , ... , x .0 E A.0 ( x l' . . . , x m

V -formation
(x 6 A)

. A set

B(x) prop

. namely, ' .suppose that A 1 up to A and A . . Then ,. if we ' a .' m+ .0 depend only on x re merely interested in the l' . , . x . inesserit';a'l truth of A(x ) m to writ .e explicit symbols fo th l " " 'xm , i t is A . s . r e elements o f A . n' 0 we abbreviat e it with m.l ' .. . , A(X , , x j true (x 1. m

('r;fx E A)B(x) prop . which says that un i versal quantification forms propos itions. A set mere ly says that the domain over which the universal quantifier ranges is a set and th is is why we do not change it into A prop. Note that the r ul e of V - f o r ma t i on is just an instance of n-format ion. We s im ilarly have

m+l(x 1 , ,x) true ' . .. , A.0 ( x ' -, x m 1 Sim ilarly, we write

1 ' . ' Xm E Am(x l' , x m 1 )'

m) t rue).

A(x ,. .. ,x ) prop . (x E "i 1 1 1 , .. , X G A ( x m A m m l " " ' x 1 )' m+l(x 1 , . . ,x) true A ( mm ' .. , .0 x 1 " " ' x m) t rue) that a s , A( x .. . , x ) i s a p x m roposi tion p rovided e A 1' . ) and ' A xl 1" , m e Am (x 1" , x m-l ' m+l(X 1" " 'x) ' . . . , A.0 ( x "" ' x ) m 1

are all true, as an abbreviation of A(x x ) prop. (x, e

1 ' , m

wh ic h i s a generalization of the usual rule of forming A::> B, since



... , x m




,(x" ... , x m) , ... ,

Am(X" . .. ,x m_,),

we may als o use the assumption A true to prove B .prop. This generali z a t i o n is p e r h a ps " more evident in the Kolmogorov interpretation, where we might be in the position to jUdge B to be a problem only un.de r the assumption that the problem A can be solved , wh i c h is clearly sufficient for the ,problem A::> B, that is, the problem of solving B

A (x"

.. , x ) m

Turning back t o the V -rules, from the rule of we have in particular

n -elimination,

V -elimination
a E A
(Vx eA)B(x) true B(a) true

provided that A can be solved, t o make sense. The inference rules for ::> are :

(A true) Restoring proofs , we

-se e that, if c is a proo f of (Vx

then Ap(c,a) is a A . t a proof of B(a), "t y element of 0 a method which takes an rar " of the universal in agreement with the intuitionistic quantifier . If we now define

Pr o o f of B(a); so a proof of

A)B(x), (V it E. A) B( x ) is

B true A ::> B true whi ch comes from the rule of an d

::> -elimination

O-introduction by suppressing proofs,

(nx E. A)B, A ::> B true where B does not depend on x , we obtain from the I1-rules the . rules t rule of n - f o r ma t i o n , assuming. B does no for implication . From the depend on x , we obtain ::> -formation (A true) A prop. Bprop. B true which is obtained from the rule of A true

n -elimination

by the same process .

Example (the combinator I). Assume A set and x EA . Then , by n-introduction, we (AX)x E. A --. A, and therefore, for any .prop -

osit ion A, A ::> A true. This expresses the fact that a proof of A ::> A is the method: take the same proof (construction). We can define the combinator I putting I

A :::> B prop .

(AX)X. No t e

the same I belongs to any

set of the form A -+ A, since we do not have different variables for different types.

- 36 -

- 37 -

Example (the combinator K). Assume A set, B(x) set (x E A) and let x.. A,y ! B(x) . The n ' byA -abstraction on y, we obtain . (Ay)X

S =: (Ag)(Af)(Ax)Ap(Ap(g,x) ,Ap(f,x which is the usual combinator S, denoted by Agfx.gX(fx) iii combinatory logic. In this way, we have assigned a type (set) to the combinator S. Now think of C(x,y) as a propositional function . Then we have proved (Yx

B(x) E

A, and, by A -abstraction on x,

(AX)(AY)X putting K

(n x

A)(B(x) -- A). We can d e fin e the combinator K



(Ay)X. I f we think

f A d B as propositions, where an

B does not depend on x, K appears as a proof of A

(B? A); so

A=> (B? A) is true. K.expresses the me:hod: given any proof x of A, take the function from B to A which is constantly x for any proof y of B. Example (the combinator S). Assume A set, B(x) set (x E A), C(x,y) set (x E A, y E B(x and let x g e (Tl x



::>( Yf e (nx e A)B(x(Y x


A)C(x,Ap(f,x true

A, f

(Tl x

A)B(x) and

.whi c h is traditionally written (V x e A)(Vy e: B(xC(x,y)::> (Vf efT B )(Vx ! A)C(x,f(x.

xA 'x

A)(ny e B(xC(x,y). Then Ap(f,x) E B(x) and

Ap(g,x)! (ny ! B(xC(x,y) by n-elimination. So, again by n-elimination, Ap(Ap(g,x),Ap(f,x E C(x,Ap(f,x.

If.we assume that C(x,y) does not depend on y , then (ny e B(xC(x,y) =B(x) -C(x) and therefore S

Now, by A -abstraction on x, we obtain (Ax)Ap(Ap(g,x) ,Ap(f .x) and, by A -abstraction on f, (Af)(Ax)Ap(Ap(g,x),Ap(f,x ! (nf E (nxeA)B(x(nx eA)C(x,Ap(f,x. Since the set to the right does not depend on g, abstracting on g, we obtain (Ag)

(Tl x E A)(S(x) -C(x -

(f Tlx

A)B(x) _ (Tl x

A)C(x .

So , .i f we think of B(x) and C(X) as propositions, we have e (nx


A)C(x ,Ap(f ,x, (Vx E A)(B(x) ::> C(x ::> Yx





A).C(x true.

Now assume that B(x) does not depend on x and that C(x;y) does no t depend on x and: y. Then we obtain

that is, in the logical interpretation, (Ax )Ap(Ap (g,x) , Ap (f ,x) ) E (Tl x







C ::> A::> B) ::> (A


15 true .

-(TIfE(nX EA)B(x(nx We may now put

A)C(x,Ap(f,x). This is just the secone axiom of the Hilbert style propositional calcUlus. In this last the proof above, when written in treeform ,

- 39 -

! A)

union of a fa mily of sets

(f ! A-B) (x E A)


A -(B-C

Ap(f ,x) E B Ap(Ap(g ,x),Ap(f ,x

Ap ( g , x )

B -- C

The second group of rules is abou t the disjoin t uni o n of a family o f se t's , L- formati o n

" (AX)Ap(Ap(g ,x) , Ap ( f , x ,E A - C


(Ax ) Ap( Ap (g, X) , Ap ( f , x




B) -

(A"-- C )
A set

(x E A)

"" (Ag ) (Af} (Ax ) Ap (Ap (g , x ) , Ap ( f . x )

( A _(B _C _A -B ) - ( A -C

B(x) set


A)B(x) set

A mo r e traditional notation for (E x E A)B(x)" wou l d be


"( x"A Bx U

orU B ) . W now explain wha t set (Lx e xe:A x

xEA x A) B( x ) i s by

prescribing how i t s canonical elements are fo r med . This we do with the rule:

L - introduct ion
a E A
b EO: B(a)

(a ,b) E (Lx ! A)B(x) W "c a n now justify the equali ty rule associated with e tion:


(x E A)

= C


= D(x)
E C)D(x)

(Lx E A)B(x)

= (LX

In "f a c t , any canonical element of (Lx E A)B(x) i s o f the f orm (a ,b)


" "" With a


A and b


B(a) by 2:;-introduction. Bu b then we also have

- 40 -

41 -

a E C and b E D(a) by equality of sets and substitution. Hence (a b )


L-equality (x E A, yeB(x



C)D(x) by L-introduction. The other direction is

similar .

E -elimination
(x ! A, y ! B(x C

b e fiCa)



d(a,b) E Ca,b (Here, as in L -elimination,. C( z ). set ( z e (L.X E A)B(x is an im... plicit premiss.) Assuming that we know the premisses, the conclusion j us t i f i e d by imagining Ea,b),(x ,y)d(x,y to be executed . In fact, we first execute (a,b), which yields (a,b) itse If as. result ; then we substitute a, b for x, y in d(X,y) ,obtainingd(a,b) execute d(a,b) until .we obtain a canonical element e

(L x


d(x,y) E C(x,y



where we presuppose the premiss C(z) set (z E (Lx E A)B(x, although it is not written out explicitly. (To be precise, we should also write out the premisses A set and B(x) set (x E A).) We explain the . rule of L -elimination by showing how the new constant E operates on its arguments. So. assume we know the premisses. Then we E(c,(x,y)d(x ,y as follows. First execute c, which yields a canonical

Ca ,b , and

E CUa ,b. The same canonical element is p .roduced by d(a,b), and thus the conclusion is -correct.

A second rule of L -equali ty, analogous to the second rule of

element of the form (a,b) with a

A and b E B(a). Now. substitute a we .obt a i n a canonical element e of

n-equality, is now derivable, as we shall see later .

and b for x and y, respectively, in the right premiss, obtaining . d(a,b) e: Ca,b. Executing d(a,l Ca,b. We now want to show that e is also a canonical element of C(C) . It is a general fact that, if a E A ahd a has value b, then a = b E A (note, however, that does not mean that a = b E A is necessarily formally derivable by some particular set of formal rules). In our case , c = (a,b) E (Lx E A)B(x) and hence, by substitution, C(C) = Ca,b. Remembering what it means for two sets to be equal, we conclude from the fact that e is a canonical element of Ca,b that e is also a canonical element of C(c) . Another notation for E(Ci(X,y)d(x,y bound only in d(x,y). could be (Ex,y)(c,d(x,y, but we prefer the first since it shows more clearly that x and y be-

Applications of the disjoint union As we have already done with the cartesian product,_we shall now see what are the logical interpretations of the d Ls j oLn t una'on . If we put
(3X."E A)B(x)

3-eiimination (x E B(x) true) C true

(:I x

A)B(x) t r-ue : C true

:: (Ex E A)B(x),

Here, as usual , no assumptions, except those explicitly written out , may depend on the variable x. The rule of I:-elimination is stronger than the

then, from the E-rules, interpreting B(x) as a propositional ' function over A; we obtain as particular cases: 3 -formation

:3 -elimina tion

rule, which is obtained from it by suppressing

proofs, since we take into consideration also proofs (constructions) , which is not possible within the language of first order predicate logic. This additional strength will be visible when treating the left and right projections below. The rules of disjoint union deliver also the usual rules of con.j unc t i on and the usual properties of the cartesian product of two sets if we define A & B

(x E A)

. A set

B(x) prop .

A)B(x) prop.


= Ax


(L.X E


! A :

B(a) true A)B(x) true of the existenA)B(x) is a pair (a,b),

where B does not depend on x. We derive here only the rules of. conjunction. &-forma tion (A true) A prop. B prop.

( 3x

In accordance with the intuitionistic saying that a (canonical) proof of (3x

tial quantifier, the rule of 'L-introduction may be interpreted as


where b is a proof of the fact that a satisfies B. Suppressing proofs, we obtain the rule of 3-introduction, in the first premiss a E A is usually not made explicit. however,

A & . B v r-o p , p

This rule is an instance Of

and a generalization of the

usual rule of forming propositions of the form A & B, since we may know that B is a proposition only under the assumption that A is true .

&-introduction A true

fore, taking C(z) to be A and d(x,y) to be x in the rules of E-elimLna t

Lon and

r: -equali.ty,

we obtain as derived rules:

B true
Left projection
' a E A b

A & B true Restoring proofs, we see that a (canonical) proof of A & B is pair (a,b) , 'where a and b a.re given P r oof s of A and B respectively. &-elimination (A true, B true)


p(c) e A


= a E A

If we now turn to the logical interpretation, we see that




'A & B true C true

C true

pfc ) e A

holds, which means that from a proof of . (:3 x From this rule of &-elimination, we obtain the standard &-elimination rules by choos i ng C to be A an d B themselves: A & B true A true Example (left projection). We define p(c) (A true) A & B true B true (B true)

! .

A)B(x) we can obtain an

element of A for which the property B holds. So we have no need of the description operator (1x)B(x) (the x such that B(x) holds) or the choice operator (Ex)B(x) (an x such that B(x) holds), since, from the intuitionist!c 'poi nt of view, (3x

A)B(x) ' i s true when we have a

proof of i t . The dif'ficulty witQ an epsilon term (Ex)B(x) is that it is construed as a function of the property B(x) itself ,nd not of the proof of (3 x)B(x). This is why Hilbert had to postulate both a rule of the 'form

E(c, (x ;y)x)

and call it the left projection of c since it is a method of obtaining the value of the first (left) coordinate of .the pair produced by an arbitrary element c of (Ex

(3 x)B(x) true
(Ex)B(x) individual a counterpart of which we have just proved, and a rule of the form

A)B(x). In fact, if we take the term

d(x,y) in the explanation of r:-elimination to be x, then we ,s e e that "n to execute p(c) we first obta1 the pair (a,b) with a E A and b E B(a) which is the value of c, and tlien substitute. a, b for x, y in x, obtaining a, which is executed to yield a canonical element of A. There-

(3 x)B(x) true
Bex)B(x true

which has a counterpart in the first _of the rules of right proje c tion that we shall see in the next example . Example (right projection). We define
qC ) c

( 3 x E A)B(x), then q Cc) is a construction of B(p(c , where , by left proj ection , p(c) E A. Thus , supp r e s s i ng t he c ons t r uc t i on i n th e c onc lus io n , B( p ( c ) is true. Note, however , t ha t , in ca s e B( x ) depends on x, i t is impossi ble to suppre ss th e c on s tru cti on in the premis s, s i nc e the co nc l us i on depends on it . Fi nally, when B(x) does no t depend on x, so t hat - we may write i t s imply as B, a nd both A and -B are thought of as propositions, the first rule _of ri ght proje ction reduces to &-el i minat i on A & B true


E(c,(x ,y)y).

Take d(x,y) to be y in -the r ule of L-e l im i nation. Fr om x

Y E B(x) we obtain px ,y


= x E A by left projecti on, and thereequality of s ets , to be the

fore B(x) = B(px ,y) . So , by the rule y


B(p( ( x ,y ). Now choose C(z) -set -( z E (L.x E A)B(x set (z


fa mily B( p ( z

(L.X E

A)B(x . Then the rule of

L. - e limi n-

ation gives q(c)

B( p( c . More f or mall y :
(x E A)


B true by s up pressi ng t he co ns t r uc t i ons in both the premis s and t he c onclusion. Example (axioms of c on j unc t i on ) . We first derive A

px,y = x - x (y E B(x

= p x,y


B(x) = B( p( l x , y )
Y E _B(p( ( x, y )


(A & B

true, whic h is the ax iom corre sponding to the r ule


E _ (LX

A)B(x) qtc)

of & -introd uction . i ssume A set ; B(x) set (x E A) and let x E A, B( x ) . The n (x,y)

== sr e , (x ,y)y)



A)B(x) by L.-introdu ction , an d , by B(x)

Il - i n t r oduc t i on , O,y )( x ,y )

(L x

A)B(x) (note that

So we have : Ri gh t projection

A)B(x) does not de pe nd on y ). and (Ax) O..y)(x,y)E



A)B(x.The l og i ca l readi ng is th en true,



A)B(x )

a E A

Bf a )

A)( B(x):::> (3 x E A)B(x

Co ) E. B'(p Lc)




from which , in particular, when B does not depend on x , A ::> (B => ( A & B true .

The second of these r ules is derived by L -eq uality in much the same way as the firs t was derived by - L -el i mina t ion . W hen B( x) i s th oug ht -o f a s -a prop os i ti ona l f un c ti on , th e firs t rule of right proje ction s ays t ha t, i f c is a c on struc tio n of

We now use the l e f t a nd -right projec ti ons to de r ive A & B :::> A true a nd A & B::> B t r ue . To obtai n t he first, ass ume z



A)B(x) .

Then V(z)

A by left projectiori, and, by (Az)p(z)

E: (L.X

on z, A,




(Lx eA)B(xC(z)

A)B(x) -

with argument f. So we ,s t i l l have the assumption f


In particular, when B(x) does not depend on x, we obtain A & B :::> A true. ' To obtain the second , from 'z

(Dx e A)(


e B(xC(x,y) ,

which we discharge by A-abstraction , obtaining

(I: x e. A)B(x), we have q (z )


B( p (z

(Af) (Az)E(z ,(x,y)Ap(f ,x,y


by right projection , and, hence, by A-abstraction, (Az)q(Z) (note that B(p(z


(Ox e A)(Oy e B(xCx ,y In the logical reading, we have


(Lx E A)B(xC(z) .

(Tl e


(L x


A)B( xB(p(z

depends on z). In particular, when B(x) does not

(Yx e A)(Vy ! B(xCx,y::> (Yz ! (Lx ! A)B(xC(z) true , which reduces to the common

depend on x , we obtain A

B :::> B true. (Y x e A)(B(x)::J C) ::J

3 x

e: A)B(x) ::> C) true

Example (another application of the disjoint union). The rule of L-eli;ination says that any function ,d(x,y) with arguments in A and B(x) gives also a fun ction (with the same values, by a pair in (Lx C(z) set (z

when C does not depend on z, and to (A :::> (B::>' C:::> A & B)


L -equality)


C) true

A)B(x) as single argument. What we now prove is an when, in addition, B Is independent of x.


axiom correspond ing to this rule. So, assume A set, B(x) set (x E A),


A)B(x and let f






We want to find an element of (TIx




B(xCx,y -

( Oz

(Lx e A)B(lCC(Z).

We define Ap(f ,x,y) assuming z



Ap(Ap(f,x),y) for convenience. Then Ap(f,x,y) (x E A, y


is a ternary functiori , and Ap(f,x,y) E Cx,y

B(x . So,



'A) B( x ) , by L:-elimination, we obtain C(z) (discharging x



A and y e. B(x, and, by

A-abstraction on z , we obtain the function

The axiom of choi ce

have (Ax) p (Ap (z .x ) and, by TI-equality, ApAx)p(Ap(z,x . x ) - p(Ap(z,x


W now show that, with the rules introduced so far, we can give e a proof of the axiom of choice , which in our symboli sm read s: (\Ix E A)(3 y E B(xC(x,y) =:>(3f e ( n x e A)B(x)('Ix The usual argument in A)C(x ,Ap(f ,x true .

(Il x

A) B(x ) ,

Bf x ) ,

By sUbstitution, we g e t ma t h e ma t i c s , based on the i n C(x,ApAx)p(Ap(z,x .x ) and hence , by equality of sets, q(Ap(z ,x}) e where (Ax) P( Ap(z , x ) (Ax)q(Ap(z ,x is independent of x .. By abstraction on x ,

tu itionistic interpretation of the logical constants , is roughly as follows : to prove

= C( x ,p(Ap(z ,x)

('II x ) (3 y)C(X,y)




(v x)C(x,f(x,

assume that

we have a .p r oo f of the antecedent. This means that we have a method which, applied to an arbitrary x, yields a proof of y)C(x ,y), that

is, a pair consisting of an element y and a proof of C(x,y). Let f be the method wh i c h , to an arbitrar ily g iven x, assigns the fir st component of t h i s pair. Then C(x,f(x holds for an arbitrary x, and (TIx EA)C(x,ApAx)p(Ap(z,x,x . to get

hence so does the consequent . The s a me idea can be put into symbols, getting a for mal proof in intuitionistic type theory . Let A set , B(x) set (x e A) , C(x ;y) s e t ze (x E A, Y E B(x , and assume

We now .use the rule of pairing (that Ax)p(Ap(z,x,(Ax)q(Ap(z,x)!


(Tl x


A)(Ly e B(xPC(x,y) . If x is an arbitrary elemen t of n-elimination , we obtain

! :

A, Le. x e A,then , by

(TIx E A)B(x)(TIx e A)C(x,Ap(f,x

Ap(z,x) We now apply left


y e B(x))C(x,y).

(note that, in the last step, the new variable f is introduced and sUbstituted for (Ax)p(Ap(z,x in the right member) . Finally , by abstraction on z, we (Az)Ax)p(Ap (z,x,(AX)q(Ap(Z ,X)E

to obtain p(Ap(z ,x E B(x)

(TI x

A)(E y


B(xC( x , y )

and right p r oj e c ti o n to obtain q(Ap(z,x e C(x,p(Ap(z,x).

=:> (Ef E (TIx E A)B(x(nx e A) C(x , Ap ( f ,x . In Zermelo-Fraenkel set theory , there is no proof of the axiom of choice, so it must be taken as an ax iom, for which , however, it

By A-abstraction on x (or n .-introduction), discharging x E A, we

seems to be difficult to c l a i m self-evidence . Here a de tailed

- 52 -

the axiom of choice has been provided in the form justification of f In mani sorted languages, the axiom of ,choice is of the ,above pr oo " . . t there is no mechanism to prove 1t. For instance, 1n express ible bU f finite type , it must be taken as .a n axiom . The Heyting arithmet ic 0 is clear when developing intuitionistic '" i om of choice need for the a for i ns t a nce, i n finding the limit of a sequence ' mathematiCs 'atdepth, ti 1 inverse of a surjective function. of reals or par a

The notion of such that In addition to disjoint union ; existential quan t.Lf'Lca t.Lon , cartesian product A X B and. conjunction A & B, the operation a fi.fth Lnt.er-pr-e t a t.Lon : the set of all a ihe set of all a& i [x


A such that B(a ) holds.


Let A be a set and B{x) a proposition for x A: B(x.ll> . 'ha ve an ' element a

A. We wa nt to define

that B(a) holds (which is usuall y . wr i t t e n


A such that B(a) holds means

to have an element a

A together with a proof of B(a), namely an B(a) , Le . elemen ts of

element b E B(a). So the elements of the set of all elements of A satisfying B(x) are. pairs (a,b) .wi t h b

(Ex E A)B(x) . Then the L-rules play the role of the comprehension axiom (or the separation principle in ZF). The information given by 11 B(a) is called the witnessing information by Feferman A typib cal application is the following. ,Bxa mpl e (the reals as Cauchy sequences). R =: (LxEN-Q)Cauchy(x) is the definition of reals as the set of sequences of r a t i ona l

numbers satisfying the Cauchy condition ,

Cauchyf a )

(Ve E Q)(e > 0

:=> (3in E



e) ,

where a is the sequence a

a , O' 1 sequence of rational numbers

In this way, a real nu mber i s a with a proof that it satisfies


the Cauch1 condition. So, assuming c E R, e

Q and d 'E (e > 0) (in

11 S . Feferman, Constructive theories of functions and classes , Logic Colloquium .78 , Edited by M. Boffa, D. van Dalen and K. McAloon , North-Holland, Amsterdam , 1919, pp. 159-224 .

- 54 -

- 55 -

. d d' proof of the proposi tion e > 0), then, by means other wor s' . 1S a of the projections, we obtain p Cc ) and q(c) E Cauchy(p(c. Then of two sets. +-formation and Ap(Ap(q(c),e),d)

Disjoint union of two seta

We now give the rules for the sum (disjoint union or coproduct)

A set (3m

B set B set





Applying left projection, we obtain the m we need , i.e.


The canonical elements of A + B are formed using: . +-introduction


and we now obtain am by applying p(c) to it, Ap(p(c) ,p(Ap(Ap(q(c) ,e) ,d)

Q. the

A + B


Only by means of the proofq(c) do we know how far to go approximation desired.

where i and. j are two new primi ti ve constants; their use is to give the information that an element of A + B comes from A or B, and which of the two is the case. It goes without saying that we also have the rules of +-introduction for equal elements:

= dEB


= i(c)

E A + B


= j(d)

A + B

Since an arbitrary element c of A + B yields a canonical element of the form i(a) or j(b), knowing c e A + B means .t h a t we also can de t e r mi n e from which of the two sets A and B the element c comes.

- 56 -

- 51 -

E A)

, ,be c ome ' e vi de n t .




of two propositions is now interpreted as ' the sum ,o f two sets. We therefore put:

C E A + B



e(y) C(c)




A + B.

where the premisses A 's e t , B set and C(z) set (z E A + B) are presupposed, although not explicitly written out. We must now explain how to exeaute a program of the new form D(c,(x)d(x),(y)e(y. 'As sume we know c E A + B. Then c will yield a canonical element ita) with a E A or j(b) with b E B. In the first case, substitute a for x in d(x), obtaining d(a), and execute it. By the second premiss, d(a) e C(i(a, so yields a canonical element of C(i(a. Similarly, in the second case, e(y) instead of d(x) must be used to obtain e(b), which produces a canonical element ofC(j(b. In either case , we obtain a canonical element of C(C), since, if c has value i(a) , then c

From the formation and introduction rules for +, corresponding rules ' f o r V : V -formation A prop. B, prop.


then obtain the

A V B prop. V -introduction A true A V B true B true A V B true

= ita)

E A + B and hence C(c) = C(i(a, and, if c has

value j(b), then c

= j(b)

A + Band hence C(C)

= C(j(b.


this explanation of the meaning of D, the equality rules: +-equality (x E A) a E A d(x) E C(i(x
(y E B)

Note that, if a is a proof of A, then i(a) is a (canonical) proof of A v B, and similarly for B.

v -elimina tion
(A true) e(y)

(B true) C true

' C(j ( y

A v B true

C true C true

D(i(a) ,(x)d(x), (y)e(y

(x E A)

d f a ) E C(i(a
(y E B)

follows from the rule of +-elimination by choosing a family

b E B

d Ix )


eIy) eIb)

C(j (y

D(j(b), (x)d(x) ,(y)e(y


C == C(Z) (z E A + B) which does not depend on z and suppressing proofs (constructions) both in the premisses, including the assumptions, and the conclusion.

- 58 -

Example (introductory axioms of disjunction). Assume A set, B set and let x ! A. Then i(x) ! A + B by +-introduction, and hence O.x)iex) e A -A + B by A-abstraction on x . l f A and B are propositions, we have A and hence B

Propositional equality

We now turn to the axioms for equality. It is a tradition (deri ving its origin from Principia' Mathematica) to call equality in predicate logic identity. However, the word identity is more properly used for definitional equality, or =d f ' discussed e. 2 above. In fact, an . equality statement, for instance, 2 = 2+2 in arithmetic, does not mean that the two members are the same, but merely that they have the same value. Equality in predicate logic, however, is also different our equality a = b E A, because the

A V B true. In the same way, (Ay) j (y) e B -- A + B,

A V B true. (DyE B)C(j(y

Example (eliminatory axiom of disjunction). Assume' A set, B set, C(z) set (z Eo A + B) and let f ! (Tl x e A)C(iex, g and z e A + B. Then, by

n-elimination, from x e A, we have

Ap(f,x) EC(iex, and, . from y e B, we have Ap(g,y) e C(j(y. So, using z E A + B, we can apply +-elimination to obtain D(z,(x)Ap(f,x),(y)Ap(g.y
Eo C(z), thereby discharging .x e A and

former is a proposition, while the latter is a judgement . A form of propositional equality is nevertheless indispensable: we want an equality I(A,a,b), which asserts that a and b are equal elements of

y e B. By A-abstraction on z, g, f in that order, we get

(Ar) (Ag) (Az)D(z, (x)Ap(f,x), (y)Ap(g,y



E A) C(i (x ) ) -



B) C(j (y) ) -



he set A, .bu t on which we can operate with the logical operations

A + B) C(z .

(recall that e.g. the negation or quantification of a judgement does not make sense). In a certain sense, I(A,a,bf is an internal form of =. We then have four kinds of equality:

This, when C(z) is thought ("Ix E A)C(iex::>

as a proposition, gives
! B)C(j(y::> ('Vz ! A + B)C(z



== or =def. '
b e A,

If, moreover, C(z) does not depend on z and A, B are propositions as well, we have (A ? C) B :::> C) :::> (A Y B

(2) A (3) a


(4) I(A,a,b).

Equality between objects is expressed in a judgement and must be defined separately for each category, like the category sets, as in (2), or the category of elements of a set, as in (3); (4) is a proposition, whereas (1) is a mere stipulation, a relation between linguistic expressions. Note however that I(A,a,b) true is a judgement, which . wi l l turn out to be equivalent to a = b ! A (which is not to say

- 60 - 61 _

that it has the same sense). (1) is

(sameness . of mean-

ing), while (2), (3) and (4) are extensional (equality between objects). As for Frege, elements a, b may have different meanings, or be different methods, but have the same value. For instance, we certainly have 22 = 2+2 I-formation
A set

We would then d as primitive :

i er ve the fOllowing r ul e s


whi h c we here take instead


N, but not 22 _




b e: A


I(A,a,b) set We now have to explain how to form canonical elements of I(A,a,b). The standard way to that I(A,a,b) is true is to have a






I(A ,a,b)

Thus the introduction rule is simply: if a


e: A, then there is a

.mi t's the

canonical proof r of I(A,a,b). Here r does not depend on a, b or A; it does not matter what canonical element I(A,a,b} has when a = b as long as it has one. I-introduction a=be:A



the only rUle formation of families up to now wh i c h perNNW of sets. If only th n' , were allowed e operations L: , we would only . get constant sets. Example (introductor x ! Y aXiom of identity) A. Then x = x ! A Assume A set and let abstraction on x (A)' and, by I-introduction, r E l(A,x ,x) . By xr! (\{XE.A)I(A , canonical proof of th 1 . ,x,x). Therefore (Ax)r is a e aw of identity on A.

note that I-formation is


r e: I(A,a,b)
(x ! A)

Also, note that the rule for introducing equal elements of I(A,a,b) is the trivial one: r E I(A,x,x)

a = b


. (Ax) r E

(V x

E A)I (A, x, x)

r = r E. I(A,a,b) We could now adopt elimination and equality rules for I in the same style as for Tl ,

L. .,


namely introducing a new eliminatory operator.

y aXiom of identity) (x E A) Given a set A and a over A we cl . . correspOnding to L . that the law of equality elbniz's principle that equ 1 I . of indiscernibility a e ements satisfy th hOlds, namely e same properties, property Sex) prop

Example (eliminator

- 62 -

- 63 -

( V x E A)( v s e A)( I (A, x , y) .::> (B (x)::> B(y) true.

To prove i t, assume x E A, Y e. A and z 6 .I(A ,x,y) . Then x of s e ts , we obtain w

is derivable. I t is A and

analogue of the second n-equalit y r ul e, wh i c h


could also be derived, provided the TI-rules were formulated -f o l l owi ng the same pattern as the other rules . Assume prOjection laws , px ,y A, Y e B(x). By the
e B(i) . Then , by

hence B(x) = B(y) by substitution. So, assuming w E B(x), by equalit y B(y) . Now, by abstraction on w, z , y , x in that order, we obtain a proof of the c l a i m:


6 A and qx,y


E-introduction (equal elements form equal pairs), (p( (x ,y ,qx ,y) (x,y)

(Ex e. A)B(x) .

(z e. I(A,x,y
x = Y 6 A


e. A)

B(x) set B(y)

By I-introduction,
r- e ILX e A)B(x) ,(px ,y,qx,y),(x ,y .

(w 6 B(x


w 6 'B(y)

Fow take the family

in the rule of I:-ellmination t o be

B(x) ? B(y)

1(0:' x

A)B(x), (p(z) ,q(\z ,z) . Then we obtain

E (c , (x , y ) r) e





I( ( L x E A)B( x) , ( p ( c ) , q ( c ) ) , c )

(AX)(Ay)(Az)(AW)We. ("Ix E A)(Vy 6 A)(I(A,x ,y) ::> (B(x)


and hence, by I-elimination , (p(c),q(c = c e. (Lx


A)B(x) . ( y e B(x

The same problem (of justifying Leibniz's principle) was solved in Principia by the use of impredicative second order quantification . There one defines (a = b)



(y e B(x

(x e A)



qx,y (x ,y)

= y

B(x) A)B(x)

== (V X)(X(a)

(px ,y,qx ,y)



(L x. e

A) B ( x )

IL: x e. A)B(x),(px,y ,q x , y) ,(x,y


from whi c h Leibniz 's principle is obvious, since it is taken to define t he meaning of identity . In the present language , quantification over

E(c,(x,y)r) e IL: x

A)B(x) ,(p(c) , q ( c . c )


propert ies is not possible , and hence the meaning of identi:ty . has: t.o be de fined in anothe r wa y , wi t hout invalidating Leibniz's Example (proof of the converse of the projection l aws ) ". We can now prove that the inference rule
C E:

(p(c) , q (c = c e (1: x e A)B(x) This example is typical. The I-rules are used systematically to show the uniqueness of a function , whos e existence is given by a n elimination rule , and whose properties are expressed by the assoc iated equali ty rules.

(Lx e A)B(x)

c = (p(c) ,q(c e (Ex e A)B(x) .

- 611 -

- 65

1 1es 0 Example (properties and indexed of looking at subsets of a set B: are two 'wa ys

f elements).

Finite sets Note tha.t, up to 'now, we have no operations to build up sets

ropositional (1) a subset of B is a P . C(y)



from nothing, but only operations to obtain new sets from given ones (and from families ' of sets). We now introduce finite sets, whi c h are given outright; hence their set formation rules will no premisses. Actually, we have infinitely'many rules, one group of rules for each
n = O. 1,

EO B); an indexed family of elements

(2) a subset of
b Lx ) E B (x e A).

the equivalence of these two Using the identity rules. we can prove (2) , the corresponding propconcepts. Given an indexed familY as in erty is

N -formation


(3 x

A)I(B,b(X) ,y) (y

B), the corresponding

. N -introduction
n (m

and, conversely, given a proper indexed family is p Lx) e B (x

ty as in (1)

= 0,1 . .

n-i.t )

So we "ha ve the sets' NO with no elements, N,. with the single canonical




element 0


with canonical elements O '1 , etc . 2, 2

N -elimination c m
E C(m


(m =0, ' 1 .. n-1)

Here, as usual, the famfly of sets C(z) set (z eN) may be interpreted

as a property over N : Assuming we know the premisses , R is explained . n . n . as follows: firSt execute c, whose result is mn for some m between 0 ' and n-1. Select the cor-r-espond t ng element c of c(m and continue by n) . ' .. m executing it. The result is a .ca no n Lce L element d e C(C) . since c bas been . seen to be equal to m and c e C(mni 'is a n m sion over the finite set N it is a kind of n; R is recurn cases .

- 66 -

by the above explanation, From the meaning of Rn , given N _introduction): n rules (note that mn 6 Nn by n

we have the

When C(z) does not depend on z , i t is possible to suppress the proof (construction) not only in the conclusion but also in the premiss. We then arrive at the logical inference rule

.1. -el1mina t .Lon

N _equality
(m: 0,

' , .. . , n-1)



R (m ,co , ,c n _ , ) n n

C true

, in the conclunfor each , cho i ce of ' m , (one such rule Id b to postulate the rules for n sion) . An alternative approach wou ' e == N + N etc., and , equal to and' oniy, ',d e f i n e N2 :: 'N, + N" N3 , 2

" ...,

' t r a d i t i o na l l y called ex falso quodlibet. This rule is often used in ordinary mathematics, but in the form (B true) A V B true A true which is easily seen to be equivaient to the form above . Example (about N,). We define

then detive all other rules.

no introduction rule Example (about NO) NO has natural to put elements; it is thus

hence no

.1. true '


rule becomes simply : N _elimination

Then 0 , is a (canonical) proof of ,lr , since 0, E N, by N, - i n t r od uc tion. So T' is true. W now want to prove that 0, is .in fact the only e R (c ) E: ct c)

we 'u n d e r s t a n d that we shall never f the rule is that ' t R (c) Th e we shall never have to execu eO , element C6 NO' so that get executing program of the form Thus the set of instructions for b t i ' imilar to the programmi'ng statement R (c) is vacuous . It s s exp'lanation

element of N"

that is, that the rule ,

introduced by Dijkstra

is derivable . In fact" , from 0, r


we get 0, : 0, 6 N"

and henc e


I(N"O"O;>. Now applt 'N,-elimination with I(N"z ,O ,) (z E N,) the assumption c e N"

for the family of sets C(z) (z E N, >. '2 See note 2 .

we get R,(c,r) E I(N"c,O,), and hence c : 0, EN, .

- 68 -

h definition R,(C,c O) _ Conversely, by making t e N _elimination 'is derivable from the rule

Co ,.' the rule of

Consistency What can .we say about the consistency of our system of rules? We can understand consistency i n two different ways : (,) consistency. Then , to prove mathematically theory T, we consider another T', wh i c h

c = 0, e N,
Thus the operation R, can and the rule of N,-equality trivializes. be dispensed with . We make the definition Example (about N2 ) . Boolean

the consistency of

contains codes for propositions of the original theory T and a predicate Der such that Der('A') expresses the fact that the propos ition A with code ' A' is derivable in T. Then we define Cons -'Der( 'l.')

=. Der( '.L ')::>.l.


and (try to) prove that 'Cons is true in of the axioms and rules



T' . This method is the only one applicable when, like Hilbert, we give up thehope 'of a seman tical of inference; it could be followed , with success , also f or intuitionistic type theory, but, since we have been as meticuious about its semantics as about its syntax , we have no need of it. Instead, we convince ourselves .di r e c t l y of its consistency in the following simple minded way. (2) Simple minded consistency . This means simply that JL cannot be proved, or that we aha Ll, never have the right to judge .L true (which, unlike the proposition Cons above , is not a mathematical proposition). To convince ourselves of th is, we argue as follo ws : if c e

which consists ' of the two e used in programming Boolean is the typ f I -, false . So we could put true == O2 and a se 2' truth values true, R2 ( c ' c 0' c , ) because, if Then we can define if c Co O then R has the 2(C,C O'c,) which means that c yields 2, c is true , . d R (c c c) has the same 2 '0" . otherwise c yields '2 an same value as C0'


value as c,. prove that any elemen t 0 f N2 is either As for N, above, we can in the propositional form O or '2' but obviously only 2 true Example (negation) . If we put '" A:: -, A we can easily derive

1- would hold for some element (construction) c , then c woul d

yi.eld a canonical element d e JL ; but this is impossible s ince JL has no canonical element by definiton (recall that we defined JL Thus


NO) '


true cannot be proved by means of a system of correct rules.






So, in case we hit upon a proof of 1-. true, we would kno w that the re must be an error somewhere in the proof; and, if a f or ma l proof of

all the usual rules of negation.


true is found, then at least one of the formal rules used i n it

is not correct. Reflecting on the meaning of each of th e rules of

- 10 - 11 -

intuitionistic type theory, we eventually convince ourselves that they are correct; therefore we will never find a proof of JL true using them. Finally , note that , in case , we must rely on the simple minded consistency of at least the theory T' in which Cons is proved in order to obtain the simple minded consistency (which is the form of consistency we really ciare about) from themetamathematical consistency of the original theory T.In fact ; once c Cons for some c is proved, one must argue as follows: if T were not consistent, we would have a proof in T of 1.. true, 91' a ! NO for some a. By coding, this wou l d give 'a'

Natural numbers .so far , we have no means of constructing an infinite set. W e the simplest one, namely the set of natural numbers , by the rules : now N-formation N set N-introduction

Der( '.l') ; then we would obtain Ap(c,'a')! JL ,

i.e . that JL true is derivable in T'. At this point, to conclude that

JL true is not provabie in T, we must be convinced that JL true is

not provable in T'.

! N'

a '" N a'

Note that, as is the case with any other introduction rule a ' ! N is always canonical, whatever element a is Th ' us a E N means that a has value either 0 or a' wh . 1' . . ere a 1 has value eithe r 0 or a ' 2 ' etc . , until , eventually, we reach an element a which h 1 n as va ue o. N-elimina tion


e: N, y E C(x

c c: N

e C(O)

e(x,y) ! C(x') ! C(c)

R(c,d , (x,y)e(x,y

where C(z) set (z eN) . R(c,d,(x,y)e(x ,y i s explained as f ol l ows: first execute c, getting a canonical element of N, whi ch i s eithe r o or a ' for some a N. In the first case , continue by ex e c ut i ng d , which yields a canonical element f EC(O);but, since c = 0 E N i n this case , f is 1 a so a canonical element of C(C) = C(O) . In t he second case, ' sUbstitute a fOr x and R(a d ( ) ( '. ' . . " x, e x, y ( na me ly , the

- 73 -

preceding value) for y in e(x,y) so C(a ') (and hence i n C(c) since c R(a ,d,(x ,y)e(x,y


e(a,R(a,d,(x ,y)e(x,y).

out to be the same concept when propositions are interpreted as sets . Example (the predecessor function). We put
pdf a )

Executing it , we get a canonical f which, by the right premiss, is in a' EN) under the assumption e C(a) . If a has value 0, then R(a,d,(x,y)e(x,y

== R(a,O, (x,y)x) .

is in C(a) by the first case . Otherwise , continue as in the second case , until we eventually reach the value 0. This exp Lana tLon of the elimination rule also makes the equality rules N- e qua l i t y

This definition is justified by computing R(a,O,(x ,y) x) : if a yields 0, then pd(a) also yields 0, and, if a yields b ', then pd(a) yields the same value as R(b',O,(x,y)x), which , in turn, yields th e same ' va l ue as b. So we have pd(O) a, whi ch is the usual definition , but here these equalities .re not definit ional . Mo re precisely , we have


and pd(a')

EA, y EC(X

e C(O)

e(x,y) E C(x')

a E N
pd I a ) e N

R(O ,d ,(x,y)e(x,y

= d E C(O)
( x E N, Y E C(x

which is an instance of .N- e l i mi na t i on , and pd (0)

a e N

d eC(O)

e(x,y) E C(x')

R(a ' , d, ( x , y ) e ( x , y

= e(a,R(a,d,(x ,y)e(x ,y)

- t-


! N,

pd (a' ) = a E N, evident. Thinking of C(z) (z e N) as third premisses and in the we arrive at Mathematical induction (x EN, . C(x) true)

al function (prop.' which we obtain by N- equa l i t y . Using pd, we can derive the third Peano axiom

erty) and suppressing the proofs (constructions) in the second and of the rule of N- e l i mi na t i on ,


b' E N

beN to -

Indeed, from a' = b' gether with pd(a') (Vx,y)(x' = we s e e

N, we obtain pd(a') = pd(b ') E N e Nand pd(b')

C(O) true C(c) true

C(x') true


= beN,

yields a

= bE

N by

symmetry and transitivity. We can also obtain it in the usual form


=> x = y) , that is , in the present symbo.lism ;

::> I (N ,x, y

If we explicitly write out the proof (construction) of that it is obtained by recurs ion.

recursion and induction turn

.(V X ! N) ( V yEN) (I (N ,x' ,y')

true .

In fact , assume x E. N, YE N and z EI(N,x ,y) . By I-elim ination, x'


E N; hence x

= yEN,

from which r e I(N,x,y) by I-intro-

a such that Ap(f,b) = 02 e N 2, if such b exists , t h e least

duction . Then , by A-abstraction , we obtain that (AX)(Ay)(Az)r is a proo f (construction) of the claim . Example (addition) . W define e a + b

r(a ,f) =
{ a, o therwise.

Su c h a function will be obtained by. solving the recur sio n equat ions :


R(b,a ,(x,y)y ').

E N,

The meaning of a + b is to perform b times l h e successor operation on a . Then one easily der ives the rules: where

lj1(a ' , f)

f :;

C\ x)Ap(f,x') is f shifted one step to the le ft, L e .

a E N


a + bEN a E N a

.Ap (f , x) =.Ap(f ,x') E N (x EN) . In fact , in case the bound is ier o , 2 r (O ,f) = E N, irrespective o f wh a t function f i s . W en the boun d has h

suc:es sor form , r(a ',f) = f(a ,f) ' EN , provided that f ( O) = f a l s e == a e N
a + b'

bE N
(a + b)'

a E N

'2 E N ; otherwise , f(a ' ,f) = eN. Therefore to compute r(a ,f ) , we 2 c a n shift f until the bound is 0 , but checking each t ime if th e v alue at




02 or false


'2' Even if it admits o f a pr im itive sol ved t hrough h igh e r

from which we can also derive the corresponding axioms of first order arithmetic , l i k e in the preceding example . Note again that the equality here is not definitional. Example (multiplication). W define e

recursi ve solution , the problem is most

e t y p e s, as we shall n6 w see in detail . W wa n t to fi n d a f u n c t i o n r ex) E ( N-. N -+ N (xE N) such that 2)

(r(O) = (AOO E ( N
a b


N, N,


R(b ,O ,( x ,y)(y + a .

ljL(a ')



,0 ,AP(r(a), f)') e (N -+ N 2)

Usua l properties of the product a . b can then easily be derived . (the bounded W want to solve the problem: e

so that we can define the function f(a ,.f) we ar e l oo k i ng f or by putting r(a,f)

given a boolean function f on natural numbers, Le . fEN -.N

find 2, the least argument , unde r the bound a EN , for which the value of f is 2)

Ap(r(a) ,f). The requirements on rea) may be sat-

i sfied t h r o ug h an ordinary p rimitive r e c u r sio n , but on a h i gh e r t yp e ; th is task is fulfilled by the rul e of N- e li mi n a ti on. We obtain

tru.e . Th e solution wil l be a function f-( x,f) E N (x E N, f E N-N sat is f ying :

under the premis ses a

N a n d feN -

N and h e n c e 2,

Lists Written out in tree form the above proof of r(a,,c) follows: (fE N-N (y e (N -+ N - N) 2) 2) ,

N looks as

We can follow ,t he to introduce oiher " o f lists'. List-formation

pattern used

natural ,numbers

defined sets. We see here the example

fEN - N 2

Ap(y,f) EN Ap(f,0)EN o a

A set List(A) set where the intuitive explanation is: List(A) is the set of lists of



N (AnR

R EN 2(AP(f,0),0,AP(y,f)') 2(AP(f,0),0,AP(y,f)')

(AnO e (N-N2)-aoN


f E N-N

'e l eme n t s of the set A (finite sequences of elements of A) . 2 List-introduction

/4(a) = R(a,O.no,(X,y)(AnR/AP(f,O),O,AP(y,f)'

e (N-N


,..(a,n == Ap(p.(a),n e N Observe how the evaluation of ,..(a,f) == Ap(R(a, (Ano, (x,y) (AnR ,0),0 ,Ap(y,f)',n proceeds. First, a 2(Ap(f is evaluated. If the value of a is 0, the value of equals the of a is b !, the value ofr(a,f) equals the value of

nil "'List(A)

b e List(A)

(a.b) E List(A) where we may also use the notation () :: nil. List-elimination

value of ApAf)O,f), which is 0. If, on the other hand, the value

EA, Y eList(A) , z e C(y e(x,y,z)


which, in turn, equals the value of



d E: C(nil)



E C(c)

Next, Ap(f,O) is evaluated . If the value of Ap(f,O) is true Ap(f,O) is false of f(b,!)"
5 '2' then the value of r(a,f) equals

O 2, then the value of f(a,f) is O. If, on the other hand, the value of value

where C(z) (z E List(A

is a family of sets. The instructions to exe-

cute listrec are: first execute c, which yields ' either nil, in which case continue by executing d and obtainf e C(nil) = C(c), or (a .b) with a E A and b E List(A); in this case, execute e(a,b,listrec(b,d,(x,y,z)e(x,y,z) which yields a canonical element

- 78 -

f & Ca .b)) =,C(c) . if we put g(c) _ then f is the value of e(a ,b ,g(b ) .

listreb(c,d,(x ,y ,z)e(x,y , z)) ,



W l l or de r i ng s e The concept, of wello'rdering a nd the principle of tra ns f i ni te

Lis t-equali t y ( x e A, y & List (A), z E C(y d E C(nil) , e( x, y ,z) E Cx . y = d & C(nil) :

induction were first introduced by Cantor . Once the y had been f o rmulated in ZF , however , they lost their original compu ta tional c ontent . W can construct ordinals intuitionistically a s wel lfounde d e trees, which means that they are no longer totally orde red. W- f or ma t i on

tistrec(nil,d ,(x ,y,z)e(x , i , z

, ( x E A, Y E Li st(A), z E C(y
," A)

, a E. A

b ' E List{A)

d E C(nil)

e(x,y,z) 'E Cx .y A set (Wx


B(x) set A)B( x) set

= e(a ,b ,listrec(b ,d,( x , y ,z )e(x,r ,z) E Simila r rule s could be gi ve n for f i ni te trees and other inductively define d concepts .

W t does i t mean for c to be an element of ( Wx e A)B( x) ? It mea ns ha that, whe n calculated , c yields a value of the form sup( a ,b) f or some 'a and b , where a E A and b is a function such that , f or an y choice of an element v sup(a
l,b l ) , whe r e a l

B(a) , b applied to v yie l ds a val ue A and b


i s a function such t ha t , f or an y

choice of v

in B(a ) , b appl ied to v has a value sup( a ,b , et c ., l l l l 2 2) until in any case (i .e . ho wever the success ive choices a re made) we , where B( a n) n) i s empty , so t hat no choice of an e lem e nt in B(a ) i s poss ib le . The
n '

eventually r ea c h a bottom element of t he form sup(an ,b

following picture, in whi c h we loosely wr it e b( v) f or Ap(b ,v ) ; ca n help (look at it from bottom to top) :

then it holds for sup(a,b) itself), then C(c) holds for an arbitrary c E (Wx e (V x c E (Wx E A)B(x)

A bit more formally , A)(Yy e B(x) -- (Wx


A)B(x G(sup(x ,y) true


B(xG(Ap(y ,v

G(c) true Now we resolve t hi s , c sup(a,b) premisses is that G(sup(x,y the W-elimination rule . One of the is true , provided that x E A, is t rue . Letting in

By the preceding explanation, the following rule for introducing canonical elements is justified: W-introduction a E A b

Y E B(x)-(Wx E A)B(x) and (Yv EB(xG(Ap(y,v

d(x,y,z) be the function which gives the proof of G(sup(x,y terms of x E A, Y E B(x) _ (Wx

A )B(x) and the proof z of

(Vv eB(xC(Ap(y ,v, we arrive at the rule B(a) (Wx e A)B(x) .W e l i mi na t i on . (x e A, y e B(x) -+ (Wx e A)B(x), z
E. E.

sup(a ,b) e (Wx E A)B(x) Think of sup(a,b) as the supremum (least ordinal greate r than ail) of the ordinals b(v), where v ranges B(a). We migh t also have a bottom clause, 0 E (Wx E A)B( x) for instance, but we obtain 0 by taking one set in B(x) set (x EA) to be the empty set: i f a (y e: B(a ement . From the explanation of what an element of (Wx E A)B(x) is ,. we see the correctness of the elimination rule, which is at the same time transfinite induction and transfinite recursion . The appropriate principle of transfinite induction is: if the property G(w) (w
E A and B(a : . No ' then RO(y) E (Wx E A)B(x) o) O so that sup(aO ,(Ay)RO(y E. (Wx e A)B(x) is a . bo t t om el-

(TTv E B(xC(Ap(y ,v)

(WXE A)B(x)

d(x,y,z) e G(sup(x,y

T(c,(x,y,z)d(x ,y ,z E G(c) where T("c,(x,y,z)d(x,y,z is executed as follows . First execute c , which yields aup Ia j .b )

where a e A and b e B(a) _

(Wx E A)B(x) . Select

the components a and b and substitute them for x and y in d , obtaining . d(a,b,z). We must now substitute for z the whole sequence of previous function values . This sequence is (AV)T{Ap(b,v),(x,y,z)d(x,y,z , because Ap(b ,v) E (Wx E A)B(x) (VE B(a is the function which enumerates the subtrees (predecessors) of sup(a,b). Then d(a,b,(Av)T(Ap(b,v),(x ,y,z)d(x,y,z)}) yields a canonical element e E G(c) as value under the assumption that T(Ap(b,v),(x,y,z)d(x,y,z



is inductive (Le . i f i t holds f'or- ail preE

decessors Ap(b,v) e (Wx

A)B(x) (v


of' an element sup La b ) ,



(v e B(a .

- 82 -

- 83 _-

If we wri t e


== T(c , (x,y,z)d(x,y,z , then, when c yields

We can giv e pictures :

(') i f

sup(a,b), f(c) yields the same value as d(a,b,(Av) f(Ap(b,v) . This explanation also shows that the rule W e qua l i ty (x

A, y - B(x) - (Wx "A)B(x) , z e (Ilv "



B(xC(Ap(y ,v) is

a e

b e B(a) --.. (Wx

A)B( x )

d(x ,y ,z) " C(sup(x,y

in C' ,

then we can buil d th e succ essor

oc ' :

= d(a,b ,(Av)T(Ap(b ,v),(x ,y ,z)d(x ,y ,z)

i s co rrect .


Example (the first number c lass) . Havt"ng access to the W ope r a tion and a family of sets B(x) (x e N such that B(02) = NO and 2) B('2) = N" we may define the first number class as ( Wx E N ) B( X) 2 instead of taking i t as primitive . Example (the second number class) . W give here the rules for a e simple set of ordinals , namel y the s e t general r ul es for we l l or de r i ngs. " - format ion " set Cantor gene rated the second number class from the initial ordinal 0 by applying t he f oll owi ng t wo principles : ( 1) given
01 E

,( 2 ) i f

() of all ordinals of the secis a sequence of ordinals in- 0


ond numbe r class , an d show how they a re obtained as i ns t a nce s of the

the-n we can build the sup rem um

0( '

wil l be inductively defined by the three rules :

Cl , fo rm the successor


CJ ;

( 2) g i ven a sequence of ordinals 0(0' 0(, ,0(2 ' ... i n

0 , form the

l east o rd inal i n Cl greater than each element of the sequence .


Transfinite induction over

(x E

is evident, and it is given by


, -=.
1. - ..

C , C(x) true)
C(x ') true C(c) true

E N-O, (Vn C(sup(z

N)C(Ap(z,n true


C(O) true

:whe r e B(x) (x E N3) is a family of sets such that B(03) = No , B(l;) = Nl a nd B(2 3) = N. Such a can be construc ted by means . of' t he universe rules. Example (initial elements of wellorderings). We want to show

where C(z) (z EO) is a property over 0 . Writing it with proofs, we obtain

that, if at l eas t one index set is empty, then the wellordering (Wx E A)B(x) is nonempty. Recall that we want to do it i nt ui t i onistically, and recall that A true is equivalent to A nonempty , so that -.A true is equivalent to A empty . So our claim ..is :

o -elimination
(x E 0, Y E C(x

(z E N--Cl, WE (Tln


(3 x


(Wx e A)B(x) true. -'B(x) and

d E C( 0)

e(x,y) E C(x')

f(z,w) E C(sup(z To see this, assume x e A, y E C(c) Ap(y,v)


T(c,d,(x,y)e(x,y),(z,w)f(z ,w



E B(x). Then

and hence RO(Ap(y,v (Wx


E (Wx E A)B(x), appiying

whe r e the transfinite recursion operator T is executed as follows . First , execute c. We distinguish the three possible cases: if we get 0 EO , the value of T(c,d,(x,y)e(x,y),(z,w)f(z,w is the value of d

the rule of NO-elimination. We now abstract on v to get (AV)RO(AP(y ,v E B(x) A)B(x) and, by A)B(x). Assuming z

sup(X,O,V)RO(Ap(y,v) E (Wx by t -elimination, we have


A) ...... B(x) ,

C(O); e (Wx EA)B(x) ,

if we get a', then the va l ue is the value of e(a,T(a,d,(x ,y)e(x ,y) ,(z,w)f(z ,w) ; if we get sup(b), we continue by executing f(b,(AX)T(Ap(b,x) ,d,(x,y)e(x,y),(z,w)f(z,w). In any case, we obtain a canon ; c a l e l eme nt of C(c) as result. It is now immediate to check that we can obtain all (including of the W-rules if we put Cl-rules Cl-equality, which has not been spelled out) as instances

from which , by A-abstraction on z, (AZ)E(z, (x,y)sup(x, ()W)RO(AP(y,v e 0:: x


A) ..... B(ic) __ (Wx

A)B(x) .

We now want to show a converse . However, note that we cannot have (Wx

A)B(x) -

(3 x

A) oBex) true, because of the intuition -

i s t i c meaning of the existential quantifier. But we do have : (Wx E A)B(x)_ ..... ( Vx Assume x e A,

A)B(x) true.

e B(x) -


A)B(x) and z E. B(x) -- NO' Note that

- 86 -

- 87 ...

B(x) _ NO _

(Tl v e B(xC(Ap(y,v

for C(w)


NO' so that we can


Universes So far, we only have a structure of finite types, because we 'c a n only iterate the given set forming operations starting from I(A,a,b), NO' N, i ... and N a finite number of are obtained by introducing 'To strengthen language, we can add transfinite types , which in our language Recall that there can be no

apply the rule of

Assuming f E (nx

A)B(x), we have

Ap(f,x) E B(x), and hence also Ap(z,Ap(f,x

E NO' Ap(z,Ap(f,x)

takes the role of d(x,y ,z) in the rule of W-elimination. So, if we assume w E (Wx E A)B(x), we obtain T(w,(x,y,z)Ap(z,Ap(f,x) E NO' Abstracting on f, we hage (\f)T(w,(x,y,z)Ap(z;Ap(f,x) and, abstracting on w, we have (\W){Af)T(w,(x,y,z)Ap(z,AP(f,x) e (Wx e A)B(x)- -.(Vx


set of all sets, because we are not able to exhibit once and for all all possible set forming operations. (The set of all sets would have to be defined by prescribing how to form its canonical elements, i.e . A)B(x). sets . But this is impossible, since we can always perfectly well de scribe new sets, for instance, the set of all ,s e t s itself.) However , we need sets of sets , for instance, in category theory. The idea 'is to define universe as the least set closed under certain specified set".f' o r-mf.n g operations . The operations we have been using so f'ar- are :
(x e.A) (x E A)

A'set (Tl x

B(x) set A)B(x) set

A set

B(x) set

A set A

B set B set

A)B(x) set

(x e A)

A 'set


c E A N,set . N set

A set

Bf x ) set

I(A,b,c) set

(Wx E A)B(x) set

There are two possible ways of building a universe, i .e . to obtain closure under possibly transfinite iterations of such operations . Formulation

la Russell. Consider n, I: , .. . both as, set

forming operations and as operations to form canonical e lements of

t he set U, the un i vers e . Thi s is Formulation

i n r amifie d t yp e t he ory .
a e U

la Tarski . So c a l l e d because of th e s i mi l a r i t y definition . t o buil d the

b e T(a)

. c e T(a)


b e T(a)


between the family T(x)(x e U) below and Tarski's We use new symb ols, mirroring (reflecting ) T1 , recursion theory) . So we will have the rules: U-formation

Ha,b,c) e U

L , .. . ,

T(i(a, b,c

= I(T(a),b,c)

o f U. Then U.consists of indices o f sets (like in T(n, )


U set




T(a) s et (xET( a U an d T(x)(x


U) a r e

by a simult an eous t r an sfini te i nduQtion,



wh i c h, as usual , .c a n be read off the f ollowing introduction ruies: U- i n t r oduc t io n

(x E

b( x )


b ( x)



T(w( a ,(x)b(x ) = (Wx




We co uld at .t hi S poi nt itera t e the process, ob t a i ni ng . a second univer.se U'wi th the two new intro.d :uction rules: u.e U' T' (u ) = U

a e U


.b (x ) e. U (nx

(a ,(x )b(x

e U

T( rr ( a, (x )b(x )

T( a) ) T( b( x




(x a e U T( a(a,bdb(x)


t ( a) e U ' then a th ird In U'; , .a n d




bC ) x

T' (t (a

T(a )

(a , (x Ib Ix )

(Lx e T(aT(b(x


on .

a la Rus sell , T disappears an d we on I y use capital l e tt e r s . So the above ru les are turned into:
. U-formati on '

a e U

b E U

a E U

b E U

+ b E U

T(a + b ) = T(a ) + T(b )

U s et

A e 'U
A set

(x e A)
(x Eo A)

but it is not small. Using U, we c a n form t ransfini te t ypes (using a recursion with value in U, for instance) . The set V

(Wx ! U)T(x) (or , in the formulation

la Russell ,

A e U

B(x) Eo U

A e U


simply (WX E U)X) has been used by Aczel'4 to give meaning to a con structive version of Zermelo-Fraenkel set theory via intuitionistic type theory . Example (fourth Peano axiom). W now want to . prove t he fourth e



(L x


A e U
A + B




c eA . U

Peano axiom, which is the only one not trivially derivable from our rules. So the claim i s:
(\Ix e N)

I(A ,b ,c)

tru e.

We use U-rules in the proof ; it is probably not possible to prove it otherwise . From N set,

N, x EN we have x ' e Nand I( N,O ,x ') set .

(x e A)

Now assume y

I(N,O,x') . Then, by I-elimination,

: x'

troduction , nO e U and n, eU. Then we define f(a)


B(x) e U

e N. By U-in -

R(a ,no ,(x ,y)n ,) ,

(Wx e A)B(x) e U However, U i tself is not an elemnt of U. In fact, the axiom U E U '3 leads to a contradiction (Girard's paradox ) . We say that a set A is small , or a U-set , if it has a code a E U,that is, 'if there is an element a E U such that T(a) generally, a family small A(x" . " , x ) (x, E A" . . , x n e An( x" .. . ,x n_, is said 'to n provided A(X, , '" , x ) : T(a(x, , " .,x n (x, E A" ... , . n x e A (x,, ,x for some indexing function a(x" ... ,x n) .. n n n. / E A x e A (x .. . x So the category of small sets ( x, -: , " .. , n n' , , n-' ' . i s closed under the oper.ations E ., n , etc. U is a perfectly good . set,

: x'

so that f(O) : nO e U and f(a') : n, e U provided that a e N. From e N, we get, by the equality part of the N-elimination rule ,

R(O,nO,(x,y)n,) : R(x',no,(x,y)n,) try and transitivity, nO : n,


U. But R(O ,nO ,(x ,y)n,) : nO e U

and R(x ',no,(x,y)n,) : n, e U by the rule of N-equality . So , by symmeU. By the (implicitly given) equality part of the U-formation rule , T(n : NO : T(n,) ' Hence ; from T(n o) O) and T(n,) : N,,' NO: N,. Since 0, eN" we also have O, .E .N ' So O (AY)O, e I(N,O,x') -NO and (AX)(AY)O, E (Yx EN) -'I(N ,O , x ') . We remark that, while it is obvious (by reflect ing on its meaning) that 0: a' EN is not provable , a proof of posi tional function which is '4 true seems to involve treating sets as elements ift order :to def ine a pro-






T on a ' .

'3 J . Y. Gir.ard, Interpretation fonctionnelle et .de s coupures de l 'arithmetique d'o rdre superieur, These, Universite .Pa r i s VII, ' 972.

. P. Aczel, The type theoretic interpretation of constructive ' s e t theory, Logic Colloquium 77, Edited by A. Macintyre , L. Pacholski and J . Paris, North-Holland, Amsterdam , '978, pp . 55-66 . '