Realization of Constructive Set Theory into Explicit ... - CiteSeerX

Realization of Constructive Set Theory into Explicit Mathematics: a lower bound for impredicative Mahlo universe∗ Sergei Tupailo† Institut f¨ ur Informatik und angewandte Mathematik Universit¨at Bern, Switzerland [email protected] May 6, 2000

Abstract We define a realizability interpretation of Aczel’s Constructive Set Theory CZF into Explicit Mathematics. The final results are that CZF extended by Mahlo principles is realizable in corresponding extensions of T0 , thus providing relative lower bounds for the proof-theoretic strength of the latter.

Introduction Several different frameworks have been founded in the 70-es aiming to give a foundation for constructive mathematics. The most well-developed of them nowadays are Martin-L¨ of type theory, Aczel’s constructive set theory, and Feferman’s explicit mathematics. While constructive set theory was built to have an immediate type interpretation, no theory stronger than ∆12 −CA, which proof-theoretically is still far below the basic system T0 of Explicit Mathematics, have been shown up to now to be directly embeddable into explicit systems. It also yielded that the only method for establishing lower bounds for T0 and its extensions remained to be well-ordering proofs. This omission became apparent again, when J¨ager and Studer [JStu] introduced a theory T0 (M) extending T0 by a Mahlo axiom and built its model in Kripke-Platek Set Theory KPM, but the question of lower bound was left open. The situation is quite different in Martin-L¨ of type theory, where, in addition to well-ordering proofs (see [Se98]), we also have direct embeddings of Constructive Set Theory CZF, [Acz78], and its extensions, [Acz86, RaCZFM], or a subsystem of analysis IARI, [GR94]. These kinds of embeddings into ML type theory are often referred to as realizability interpretations. The name is justified in the sense that in the type theory logical operations are introduced as shortcuts for certain constructions, and in fact exactly those ones which are assigned to the operations by Kleene realizability, if one takes intuitionistic logic as primitive. This is exactly the way taken by Explicit Mathematics: logic comes first. Then it turns out that it doesn’t matter much which logic, intuitionistic or classical, to assume: Explicit Mathematics has proven to have a lot of classical applications, incompatible with intuitionistic point of view. For this reason, even intuitionistically, realizability and derivability are different phenomena in Explicit Mathematics: there are simple realizable, but not derivable, formulas. It’s important however that formal realizability can be elegantly expressed in Explicit Mathematics and is equivalent to derivability for a wide class of formulas, including those expressing proof-theoretic strength1 . In the present paper we develop a realizability interpretation of Constructive Set Theory CZF into Explicit Mathematics, with a specific purpose of giving lower bounds for Mahlo axioms in the context of the latter. However, our interpretation is applicable to both weaker and stronger variants of CZF, as well as in nonSet-Theory setting (see [Tura]). ∗ In

the Russian language the word “malo” means “a little”, “not enough” supported by the Swiss National Science Foundation 1 See [Tura], Sections 3 and 4, for more about this † Research

1

In classical set-theoretic terms, an admissible ordinal α is called recursively Mahlo, if for each α-recursive function f there exists an admissible ordinal β < α, which is closed under f . Recently Mahlo-style properties have been studied extensively in different theoretic frameworks. Starting with the works [Ra90, Ra91, Ra94a] by M. Rathjen, who pioneered in recognising importance of mahloness for proof theory, this kind of axioms was introduced into ML type theory, [SeM, Ra00], and Constructive Set Theory, [RaCZFM]. In the context of Explicit Mathematics, a very natural Mahlo axiom was proposed in [JStu]. It provides for a uniform operation m for passing from a pair (α, f ), in which α is a name and f takes names to names, to m(α, f ), which names a universe containing α and closed under f . The effect of this axiom in metapredicative setting, i.e. – in Explicit Mathematics – in theories deprived of inductive generation, has been studied in [JSumM, StrwmM]. We should also mention that many recent developments in higher ordinal analysis, starting with [Ra94b], use the idea of hyper-mahloness as one of the basic building blocks. We consider two versions of Mahlo axioms, both in Constructive Set Theory and in Explicit Mathematics: a weaker one saying that the whole world of objects is Mahlo, and a stronger one claiming existence of a Mahlo object (set in CZF and universe in EM). The first one corresponds in strength to the Set Theory KPM, constructive counterpart of which is a certain theory CZFM, Definition 4.6. In EM this idea is caught by Mahlo operation m introduced in [JStu]; in the present paper it’s described by axioms VII–VIII and the corresponding theory is called Tm . The second form of mahloness corresponds to a certain minor extension KPM+ of KPM, and, constructively, to a theory CZFM+ , Definition 4.9, based on [RaCZFM], and Setzer’s Mahlo universe [SeM] in Martin-L¨ of type theory. In Explicit Mathematics for this purpose we introduce a constant M for a name of Mahlo universe, adding which, together with axiom IX, results in a theory TM . Axiom VII alone, responsible for a theory Tu , is the limit axiom of [JStu]; its analogue in Constructive Set Theory is REA, and in Kripke-Platek Set Theory a familiar limit axiom in the classical set-theoretic context. Final results of the paper are the following: Theorem 4

CZFM is realizable in Tm

and Theorem 5

CZFM+ is realizable in TM .

Since we consider only intuitionistic versions of Explicit Mathematics, these theorems give us the following new knowledge: |CZFM| ≤ |Tm intuitionistic| ≤ |Tm classical| ≤ |KPM| and |CZFM+ | ≤ |TM intuitionistic| ≤ |TM classical| ≤ |KPM+ |, where | · | stands for proof-theoretic strength. Combining this with plausible assumptions |CZFM| = |KPM| and |CZFM+ | = |KPM+ |, would imply that all the above inequalities are in fact exact and Tm and TM inherit a special for this strength feature of Explicit Mathematics: proof-theoretically the law of excluded middle doesn’t matter there. Now we briefly describe contents of the paper. After introducing systems of Explicit Mathematics in Section 1 and preparatory work in the beginning of Section 2 we define a notion of (a name of) a set in Explicit Mathematics (Definition 2.3), as wellfounded tree consisting of arbitrary objects. Then four kinds of realizability interpretations rn , rnE , rn∀ and rn∃ from the language of Set Theory to the language of EM are introduced (Definitions 2.6, 2.10 and 2.12,1),2)). The main realizability is rn , and in principle it alone would suffice, but other three significantly simplified 2

some parts of the paper. rnE is good because it maps bounded formulas into elementary ones. All these realisabilities are not equivalent to each other, but they are operationally equivalent, i.e. can be mapped into each other by preset operations (Definitions 2.11 and 2.12,3),4)), which is a usual situation when several kinds of realizability are simultaneously considered. Set equality is realized as bisimulation between trees (Definition 2.5); this verifies all equality axioms as well as Extensionality (Theorem 1 and Lemma 3.1). The switch from higher properties in Set Theory, starting with regularity, to corresponding higher properties in Explicit Mathematics is achieved via key notions of a universe, Definition 1.2, and a universal set, Definition 4.1. If Reg, In and M are set-theoretic formulas expressing correspondingly regularity, inaccessibility and mahloness of sets (Definitions 4.2, 4.5 and 4.8), then we have the following central lemmas: Lemma 4.4 If υ names a universe then Reg[usυ] is realizable in T0, Lemma 4.6 If a universe ι is inaccessible then In[usι] is realizable in Tu, Lemma 4.7 Mahlo schema is realizable in Tm and Lemma 4.8 Mahlo axiom is realizable in TM. These lemmas lead us to Theorems 4 and 5. Our realizability interpretation also applies to theories with restricted induction principles, as shown in the paper: Constructive Set Theory with restricted foundation is realizable in systems of Explicit Mathematics where inductive generation and induction on natural numbers are restricted in a similar way. Set Theories where foundation is omitted altogether were not treated here, but the method should work for them equally well. Acknowledgements. I am grateful to Prof. Gerhard J¨ ager and members of Bern logic group who introduced me to the world of Explicit Mathematics. Special thanks are due to Dr. Thomas Strahm who has read many preliminary versions of various fragments of this paper and whose comments always were very useful for the author.

1

Explicit Mathematics. Theories T0 , Tu , Tm and TM

We follow essentially the original type-free two-sorted formulation of Explicit Mathematics from [Fef75]. Alternative formulations are given in [Be85] and [J¨a88]. Languages LT0 , LTu , LTm and LTM . All theories of Explicit Mathematics, considered in this paper, are formulated in a two-sorted language, containing variables for operations (individuals) and names, along with operation constants. Names are thought of as a special kind of operations, coding types (sets) of operations. We use variables a, b, c, . . . , a, b, c, . . . as ranging over operations, and α, β, γ, . . . as ranging over names. The constants of LT0 are the following: combinators k, s, pairing p and projections p0 , p1 , zero 0, successor sN and predecessor pN , distinction by cases on natural numbers dN , join j and inductive generation i. Additionally we have the following 8 constants called name generators: nat, id, inv, and, or, imp, all, ex. The languages LTu , LTm and LTM are obtained by adjoining to LT0 successively a universe constant u, a small Mahlo constant m and a big Mahlo constant M. Terms are built from variables and constants by the following application clause: if s and t are terms then s · t is a term, so that the application function symbol · accepts arguments of both sorts and returns an operation. Atomic formulas are s = t (s coincides with t) and s ε t (s belongs to the set named by t, s is classified under t), where s and t are terms. Formulas are built from atomic formulas by ∧, ∨, → and two kinds of quantifiers, over operations and over names, e.g. ∀a, ∃a, ∀α, ∃α. Finally, expression is a term or a formula. Syntactical conventions. 1. We use e[t] for an expression e, possibly containing occurrences of an expression t. In this context by e[s] we mean est , i. e. the result of substituting expression s for all occurrences of t in e. 2. Parentheses in terms are assumed to be associated to the left: e.g., s · t · u is read as (s · t) · u. 3. We adopt the following priority among propositional connectives and their abbreviations: ¬, ∧, ∨, →, ↔. For example, F1 ∨ ¬F2 ∧ F3 → F4 ↔ F5 has to be read as ((F1 ∨ ((¬F2 ) ∧ F3 )) → F4 ) ↔ F5 .

3

Abbreviations. We use the following abbreviations: ¬F :⇔ F → 0 = sN · 0; F0 ↔ F1 :⇔ (F0 → F1 ) ∧ (F1 → F0 ); t↓ :⇔ ∃x(t = x); N [t] :⇔ ∃α(t = α); F [t↓] :⇔ t↓ ∧ F [t]; . t = {s[x1 , . . . , xn ] | F [x1 , . . . , xn ]} :⇔ N [t] ∧ ∀x(x ε t ↔ ∃x1 . . . ∃xn (x = s[x1 , . . . , xn ] ∧ F [x1 , . . . , xn ])); s ' t :⇔ (s↓ ∨ t↓) → s = t; . ˙ t :⇔ ∀x ε s(x ε t); s = ˙ t∧t⊆ ˙ s; s⊆ t :⇔ s ⊆ m+1 r : s 7→ t for ∀x ε s(rx ε t); r : s 7→ t for ∀x ε s(rx : sm 7→ t); 0 0 0 t for sN · t; 1 for 0 ; 2 for 1 ; st for s · t; t(s1 , . . . , sn ) for (. . . (ts1 ) . . . sn ); hs, ti for pst; s 6= t for ¬s = t, etc. Logic. Intuitionistic 2-sorted logic of partial terms with equality. See, e.g., [Be85] or [Tr98]. Axioms. The axioms are divided in several groups, according to their nature. I. Applicative axioms. These axioms formalise that operations form a partial combinatory algebra, that we have pairing and projections, usual closure conditions on natural numbers, as well as definition by numerical cases: (1) kab = a; (2) sab↓ ∧ sabc ' ac(bc); (3) pab↓ ∧ p0 a↓ ∧ p1 a↓ ∧ p0 (pab) = a ∧ p1 (pab) = b; (4) 0 ε nat ∧ ∀x ε nat(sN x ε nat); (5) ∀x ε nat(sN x 6= 0 ∧ pN (sN x) = x); (6) ∀x ε nat(x 6= 0 → pN x ε nat ∧ sN (pN x) = x); (7) a ε nat ∧ b ε nat → (a = b → dN xyab = x) ∧ (a 6= b → dN xyab = y). II. Induction on nat. F [0] ∧ ∀x(F [x] → F [sN x]) → ∀x ε natF [x] for each formula F . We will also consider restricted form of induction, where F [x] must be of the form x ε γ. The following lemmas 1.1 and 1.2 are provable using only applicative axioms I; Lemma 1.3 in addition calls for restricted induction on natural numbers (see, for example, [Fef79], [Be85], or a review [JKS99]). Lemma 1.1 λ-abstraction For every term t[x] there exists a term λx.t[x] such that λx.t[x]↓ and for every term s s↓→ (λx.t[x])s ' t[s]). Abbreviation. We will use ID for hλx.x, λy.yi. Lemma 1.2 Recursion Theorem There exists a closed term rec such that recf↓ ∧ recf x ' f (recf )x. Lemma 1.3 Primitive recursion on natural numbers There exists a closed term prim such that f : nat 7→ nat ∧ g : nat3 7→ nat ∧ x ε nat ∧ y ε nat → primf g : nat2 7→ nat ∧ primf gx0 = f x ∧ primf gx(sN y) = gxy(primf gxy). III. Explicit representation. This axiom states that each name is an operation: ∃x(x = α). IV. Elementary comprehension (ECA). These axiomatise name generators: (1) N [nat]; (2) N [id] ∧ ∀x(x ε id ↔ x = hp0 x, p1 xi ∧ p0 x = p1 x); 4

(3) (4) (5) (6) (7) (8)

N [inv(f, α)] ∧ ∀x(x ε inv(f, α) ↔ f x ε α); N [and(α, β)] ∧ ∀x(x ε and(α, β) ↔ x ε α ∧ x ε β); N [or(α, β)] ∧ ∀x(x ε or(α, β) ↔ x ε α ∨ x ε β); N [imp(α, β)] ∧ ∀x(x ε imp(α, β) ↔ x ε α → x ε β); N [allα] ∧ ∀x(x ε allα ↔ ∀y(hx, yi ε α)); N [exα] ∧ ∀x(x ε exα ↔ ∃y(hx, yi ε α)).

Definition 1.1 Elementary formula A formula is elementary iff it’s constructed from s = t and t ε α by means of ∧, ∨, →, ∀x, ∃x only. (No occurrences of t ε s with s not a name variable and name quantifiers are allowed.) The following lemma is an intuitionistic analogue of reducing Elementary Comprehension as stated in [Fef75] to name generators nat, id, co, int, dom and inv, which holds in classical setting (see [FJ96]); its proof requires only axioms I, III and IV. For alternative intuitionistic reductions of Elementary Comprehension to a finite number of its instances see [GR94, Sect.1] and [Tat98, Sect.3]. Lemma 1.4 ECA If a formula F := F [x; a ¯; α ¯ ] is elementary then there exists a term txF such that FV(txF ) = FV(F ) \ {x} and N [txF ] ∧ ∀x(x ε txF ↔ F ). Proof. The term txF is built by recursion on F :  inv(λx.hs[x], t[x]i, id)    inv(λx.s[x], α)      inv(λx.hs[x], s[x]i, id)     and(txF [x] , txF [x] ) 0 1 txF := or(tx , tx )  F [x] F [x] 0 1   x x    imp(tF0 [x] , tF1 [x] )  z    alltG[p0 z,p1 z]   extz G[p0 z,p1 z]

if if if if if if if if

F F F F F F F F

is is is is is is is is

s[x] = t[x]; s[x] ε α; s[x]↓; F0 [x] ∧ F1 [x]; F0 [x] ∨ F1 [x]; F0 [x] → F1 [x]; ∀yG[x, y]; ∃yG[x, y].

Now the property of txF is proved by induction on F .

 A formula F is elementary in t¯ iff F is a substitution instance of a list t¯ of names for name variables into an elementary formula. Most often, when name parameters are clear, we will call an elementary in t¯ formula plainly elementary. V. Join (J). This axiom states that if f is an operation from a type named by α, each value of which is a name, then j(α, f ) names a disjoint union of all f x for x ε α:
∀x ε αN [f x] → N [j(α, f )] ∧ ∀z(z ε j(α, f ) ↔ z = hp0 z, p1 zi ∧ p0 z ε α ∧ y ε f x)) .

VI. Inductive Generation (IG). The first part of this axiom states that i(α, β) names a wellfounded part of a type named by α along an ordering named by β; the second part allows induction over that type for an arbitrary formula:
N [i(α, β)] ∧ ∀x ε α ∀y(hy, xi ε β → y ε i(α, β)) → x ε i(α, β))

∧ ∀x ε α ∀y(hy, xi ε β → F [y]) → F [x] → ∀x ε i(α, β)F [x] , where F is an arbitrary formula. By IG (IG restricted) we denote the schema IG with F only of the form x ε γ. The theory App is the one containing only applicative axioms I; EON has axioms I–II. The theory EONN has axioms of the groups I–III. EET is EONN + ECA, EETJ is EET + J and T0 is EETJ + IG. These theories are formulated in the language LT0 . The remaining theories Tu , Tm and TM are formulated in the languages LTu , LTm and LTM , respectively. By T we mean a version of a theory T ∈ LTM where both induction on natural numbers II and inductive generation VI, if applicable, are restricted. (EET + IG) is EET + IG. To state theories Tu , Tm and TM of Explicit Mathematics, we need a notion of a universe. 5

Definition 1.2 t names a universe, U[t] We denote by U[t] the following formula: N [t] ∧ ∀x ε tN [x] ∧ nat, id ε t ∧ (α, β ε t ∧ f : α 7→ t → invgα, andαβ, orαβ, impαβ, allα, exα, jαf ε t). According to this definition, universes are types, closed under name generators and join. VII. Universe operation (u). This axiom says that given a name α, uα names a universe containing α. The theory Tu has axioms I–VI plus the following axiom: U(uα) ∧ α ε uα. This theory has been proved in [JStu] (called T0 + (Lim) there) to have the same strength as T0 . VIII. Mahlo operation (m). This axiom states that given an operation f from names to names, mf names a universe closed under f . The theory Tm has axioms I–VII plus the following axiom: ∀βN [f β] → U(mf ) ∧ f : mf 7→ mf . Remark. We divided the Mahlo axiom as introduced in [JStu] into the limit axiom VII and properly Mahlo axiom VIII, which has to do with functions only. This is a minor modification, not playing any essential role. IX. Mahlo universe (M). This axiom asserts that a universe M is closed under Mahlo operation m. The theory TM has axioms I–VII plus the following axiom: U[M] ∧ u : M 7→ M ∧ i : M2 7→ M ∧ ∀f : M 7→ M (U[mf ] ∧ f : mf 7→ mf ∧ mf ε M).

2

Sets in Explicit Mathematics. Realization

The language L∈ of Set Theory is first-order with set variables A, B, C, I, R, S, T, U, V, W, X, Y, Z and two predicate constants = and ∈. For each set variable A ∈ L∈ we assume a name variable αA ∈ LT0 . As usual, ∀X ∈AF [X] and ∃X ∈AF [X] stand for ∀X(X ∈ A → F [X]) and ∃X(X ∈ A ∧ F [X]), respectively. By F A we denote the result of replacing each quantifier QX in F by QX ∈ A. Bounded formulas of L∈ are those built from atoms by means of ∧, ∨, →, ∀X ∈ A and ∃X ∈ A. We will use the same syntactical conventions as in Section 1. Sets are interpreted as (names of) wellfounded trees. To begin, we need to set the stage. We can define a name seq of the type of sequences so that . seq = {hx, yi | (x = 0 ∧ y = 0) ∨ (x = 1 ∧ y = hp0 y, p1 yi ∧ p0 y ε seq)}. (2.1) To do this, by ECA one defines a name seq0 s.t. and an operation seqS s.t.

. seq0 = {h0, 0i},

(2.2)

. seqS α = {h1, hy, zii | y ε α}.

(2.3)

Then by primitive recursion one defines anoperation sq s.t. sq0 = seq0 , sq(n0 ) = seqS (sqn).

(2.4)

Finally by ECA one sets . seq := {x | ∃n ε nat(x ε sqn)}.

(2.5)

nil := h0, 0i.

(2.6)

We abbreviate One defines a length operation ln by recursion theorem to satisfy the following equations:  lnnil ' 0, lnh1, ha, bii ' sN (lna). The following proposition is immediate from the Definitions: 6

(2.7)

Proposition 2.1 If a ε seq then lna ε nat. Given a ε seq, we have a = nil ↔ lna = 0. Concatenation operation conc is  defined by the following equations: conc(a, nil) ' a, conc(a, h1, hc, dii) ' h1, hconc(a, c), dii.

(2.8)

Again we have the following proposition: Proposition 2.2 If a ε seq, b ε seq and c ε seq then the following holds: a) conc(a, b) ε seq and ln(conc(a, b)) = lna + lnb; b) conc(a, nil) = conc(nil, a) = a; c) conc(a, conc(b, c)) = conc(conc(a, b), c). a∗b will be used for conc(a, b). We need to define head, tail andbody of a sequence: headh1, hnil, dii ' h1, hnil, dii, headh1, hc, dii ' headc if lnc 6= 0; tailh1, hc, dii ' h1, hnil, dii;

(2.9) (2.10)

  bodynil ' nil, bodyh1, hnil, dii ' nil,  bodyh1, hc, dii ' conc(bodyc, tailc)

(2.11) if lnc 6= 0.

From the definitions 2.9–2.11 we have the following proposition: Proposition 2.3 If a ε seq then the following holds: a) bodya ε seq ∧ (lna 6= 0 → heada, taila ε seq); b) lna = 1 → a = heada = taila; c) lna 6= 0, 1 → a = conc(heada, conc(bodya, taila)). We set hbodya := conc(heada, bodya);

bodyta := conc(bodya, taila).

(2.12)

We define operations fcut and cutb, which cut members from the beginning and the end of a sequence, by the following equations:   fcut(c, 0) ' c, cutb(c, 0) ' c, (2.13) fcut(c, sN n) ' bodyt(fcut(c, n)); cutb(c, sN n) ' hbody(cutb(c, n)). Again we have the following proposition: Proposition 2.4 If a ε seq and 0 ≤ n ≤ lna then fcut(a, n), cutb(a, n) ε seq and ln(fcut(a, n)) = ln(cutb(a, n)) = lna − n. n-th element of a sequence is defined as follows: el(c, n) := p1 (p1 (head(fcut(c, pN n))))

(2.14)

We have: Proposition 2.5 If a ε seq and 0 < n ≤ lna then el(a, n)↓. We define operations sg (singleton) and ct (content) by the following equations: sg := λx.h1, hnil, xii

(2.15)

ct := λx.el(x, 1).

(2.16)

and Finally, we need to define a “smash” operation sm and its inverses sm0 and sm1 : sm(x, y) tags y to every element of a sequence x. sm(h1, ha, bii, y) ' h1, hsm(a, y), hb, yiii, sm0 h1, ha, bii ' h1, hsm0 a, p0 bii, 7

sm1 h1, ha, bii ' p1 b.

(2.17) (2.18)

Proposition 2.6 If x ε seq and lnx 6= 0 then sm(x, y), sm0 x ε seq, ln(sm(x, y)) = ln(sm0 x) = lnx and sm1 x↓. Definition 2.1 A By ECA a name A is defined so that . A = {hx, yi | x ε seq ∧ y ε seq ∧ ∃z ε seq(lnz 6= 0 ∧ y∗z = x)}.

(2.19)

We will use x A y, x w y in place of hx, yiε A and (x ε seq ∧ x = y) ∨ x A y, resp. The following two propositions are immediate from 2.19. Proposition 2.7 If x A y then lnx > lny. Proposition 2.8 If x w y then x = y∗fcut(x, lny). Definition 2.2 ig ig is defined as λα.i(α, A). A set is a wellfounded tree, i.e. non-empty type of sequences, downwards closed and contained in its wellfounded part with respect to A-relation: Definition 2.3 t names a set, Set[t] Set[t] is defined as ˙ seq ∧ nil ε t ∧ ∀x ε t∀y(x A y → y ε t) ∧ t ⊆ ˙ igt. N [t] ∧ t ⊆

(2.20)

. Note 1. By IG we have Set[t] → t = igt. Note 2. We needed sets to be wellfounded trees consisting of any objects, not natural numbers or any other special kinds. The reason is interpreting Mahlo axioms. For weaker theories, some special kinds of trees could suffice. Definition 2.4 Subtree operation, str By ECA we define an operation str in such a way that N [str(α, z)] ∧ (x ε str(α, z) ↔ x ε seq ∧ z∗x ε α).

(2.21)

Lemma 2.1 In (EET + IG) we have Set[α] ∧ z ε α → Set[str(α, z)].

(2.22)

. Proof. Given Set[α], by induction on igα = α, we prove ˙ igstr(α, z)). ∀z ε α(str(α, z) ⊆ Non-emptiness and downwards closeness of str(α, z) follow vacuously from 2.21.  Definition 2.5 Bisimulation A formula BS [r, α, β] is defined as ∀x ε α p0 rx ε β ∧ ln(p0 rx) = ln(x) ∧
V ∀x0 ε α(x0 w x → p0 rx0 w p0 rx) ∧ ∀y ε β(y w p0 rx → p1 ry w x) ∀y ε β p1 ry ε α ∧ ln(p1 ry) = ln(y) ∧
∀y 0 ε β(y 0 w y → p1 ry 0 w p1 ry) ∧ ∀x ε α(x w p1 ry → p0 rx w y) .

(2.23)

An r such that BS [r, α, β] is called bisimulator for α and β and in this case α and β are called bisimulable by r. Lemma 2.2 Bisimulation is an equivalence relation a) BS [ID, α, α]; b) BS [r, α, β] → BS [hp1 r, p0 ri, β, α]; c) BS [r, α, β] ∧ BS [s, β, γ] → BS [hλx.p0 s(p0 rx), λz.p1 r(p1 sz)i, α, γ]. 8

Proof. Immediate from Definition 2.5.



Lemma 2.3 There exists an operation sbs such that sbs↓ and if Set[α] ∧ Set[β] ∧ BS [r, α, β] ∧ z ε α then sbsrz↓ and BS [sbsrz, str(α, z), str(β, p0 rz)]. Proof. 1). Assume x ε str(α, z). By 2.21 this means x0 [x, z] := z∗x ε α. We have x0 w z, so by 2.23 p0 rx0 ε β ∧ p0 rx0 w p0 rz. By Proposition 2.8 p0 rx0 = p0 rz∗fcut(p0 rx0 , ln(p0 rz)) ε β, i.e. fcut(p0 rx0 , ln(p0 rz)) ε str(β, p0 rz).

(2.24)

2). Symmetrically, assume y ε str(β, p0 rz). By 2.21 this means y 0 [r, y, z] := p0 rz∗y ε β. We have y 0 w p0 rz, so by 2.23 p1 ry 0 ε α ∧ p1 ry 0 w z. By Proposition 2.8 p1 ry 0 = z∗fcut(p1 ry 0 , lnz) ε α, i.e. fcut(p1 ry 0 , lnz) ε str(α, z).

(2.25)

From 2.24 and 2.25 for sbs0 [r, z] := hλx.fcut(p0 rx0 , ln(p0 rz)), λy.fcut(p1 ry 0 , lnz)i we have ∀x ε str(α, z)(p0 sbs0 x ε str(β, p0 rz)) ∧ ∀y ε str(β, p0 rz)(p1 sbs0 y ε str(α, z)). Other conditions 2.23 for BS [sbs0 , str(α, z), str(β, p0 rz)] follow from corresponding conditions for BS [r, α, β]. Finally we set sbs := λrλz.sbs0 [r, z].  Definition 2.6 r realizes F , r rn F For each formula F ∈ L∈ we define a formula (r rn F ) ∈ LT0 with a new free individual variable r. The definition is given by the table below: F ∈ L∈

(r rn F ) ∈ LT0

A=B

BS [r, αA , αB ]

A∈B

p0 r ε αB ∧ ln(p0 r) = 1 ∧ BS [p1 r, αA , str(αB , p0 r)]

F0 ∧ F1

p0 r rn F0 ∧ p1 r rn F1

F0 ∨ F1

p0 r ε nat ∧

F0 → F1

(p0 r = 0 → p1 r rn F0 ) ∧ (p0 r 6= 0 → p1 r rn F1 ) ∀x(x rn F0 → rx↓ ∧ rx rn F1 )

∀XG[X]

∀α(Set[α] → rα↓ ∧ rα rn G[α])

∃XG[X]

Set[p0 r] ∧ p1 r rn G[p0 r]

Remark. According to our notation for substitution, p. 3, in the previous definition p1 r rn G[p0 r], for 1 r,p0 r example, stands for (r rn G[X])pr,α X . 9

Definition 2.7 R-interpretation For each F ∈ L∈ we define R(F ) := ∃x(x rn F ). Definition 2.8

Realization, realizable

1. A term t ∈ LTm is called realization of a formula F ∈ L∈ in a theory T, iff FV(t) ⊆ {αA | A ∈ FV(F )} and T`

^

Set[αA ] → t rn F.

A∈FV(F )

2. If there exists such a term t then F is called realizable in T. We call a theory TS realizable in T iff every theorem of TS is realizable in T. TS is realizable iff it’s realizable in (EET + IG). Note 1. If F is closed and realizable in T then T ` R(F ). . Note 2. α = β ↔ ID rn (α = β). Theorem 1 Each theorem of intuitionistic first-order predicate calculus with equality is realizable in (EET + IG). The proof is standard except for the case of equality axioms. We need to build realizations for the following axioms: (Eq1) A = A; (Eq2) A = B → B = A; (Eq3) A = B ∧ B = C → A = C; (Eq4) A = B ∧ C ∈ A → C ∈ B; (Eq5) A = B ∧ A ∈ C → B ∈ C. Lemma 2.2 provides realizations for (Eq1)–(Eq3). For (Eq4) and (Eq5), assume commonly Set[α] ∧ Set[β] ∧ Set[γ] ∧ BS [r, α, β]. For (Eq4), assume p0 s ε α ∧ ln(p0 s) = 1 ∧ BS [p1 s, γ, str(α, p0 s)]. Then p0 r(p0 s) ε β ∧ ln(p0 r(p0 s)) = 1 and by Lemma 2.3 BS [sbs(r, p0 s), str(α, p0 s), str(β, p0 r(p0 s))]. By transitivity (Lemma 2.2c) BS [hλz.p0 sbs(r, p0 s)(p0 (p1 s)z), λy.p1 (p1 s)(p1 sbs(r, p0 s)y)i, γ, str(β, p0 r(p0 s))], which gives a realization of (Eq4). For (Eq5), assume p0 sεγ ∧ln(p0 s) = 1∧BS [p1 s, α, str(γ, p0 s)]. By symmetry and transitivity (Lemma 2.2b,c) we have BS [hλy.p0 (p1 s)(p1 ry), λz.p0 r(p1 (p1 s)z)i, β, str(γ, p0 s)], which gives a realization of (Eq5).  Note. According to Theorem 1, to prove realizability of a theory TS , it’s sufficient to construct realizing terms for non-logical axioms of TS . This is what we do in the following sections. Convention about (EET + IG) . (EET + IG)  will be our default theory for reasoning in Explicit Mathematics. Remark about non-wellfounded Set Theory. Since we are going to interpret Set Theory CZF with Foundation axiom, either full or restricted (cf. Sect. 3), we had to include inductive generator i into Definition 2.3. This is responsible for the fact that IG is used already for interpreting the logic, Theorem 1. 10

If one is interested in variants of CZF with non-wellfounded sets, then IG may be unnecessary, but we may need induction on natural numbers instead. The exact situation depends on how much ∈-induction one ˙ igt in the Definition 2.3 is superfluous, and claims in the Set Theory. In the weakest cases the clause t ⊆ both first-order logic (Th. 1) and Extensionality (Lemma 3.1 below) are realizable in EET alone. We will see below (Sect. 3) that every axiom of CZF, except Foundation and Strong Collection, is realizable in (EET + IG). For the same reason as above, in non-wellfounded setting EET alone could suffice. Full Foundation requires in addition full IG (Lemma 3.2), and Strong Collection requires J (Lemma 3.7). To conclude this introductory section, we introduce the following two useful notions. For a given set-theoretic formula F [C] Definition 2.9 provides an operation eqC F , which maps a bisimulator of trees α and β into a realizer of equivalence F [α] ↔ F [β] (Lemma 2.4). Then we define an elementary realizability rnE for bounded formulas (Definition 2.10), and provide operations p0 eqE and p1 eqE which map standard realizes as defined on page 9 into elementary realizers and vice versa (Definition 2.11 and Lemma 2.5). Definition 2.9 Equivalence operation, eqC F For each formula F ∈ L∈ and a free variable C ∈ L∈ by recursion on the built-up of F we define a term C eC way: F := eF [r] in the following  if F is C = C, C ∈ C,     or A = B, A ∈ B with hλx.x, λy.yi     both A, B not C;       hλx.hλx.p0 x(p1 rx), λy.p0 r(p1 xy)i,   if F is C = B and B is not C;  λy.hλx.p y(p rx), λy.p r(p yy)ii  0 0 1 1      hλx.hλx.p0 r(p0 xx), λy.p1 x(p1 ry)i,   if F is A = C and A is not C;   λy.hλx.p  1 r(p0 yx), λy.p1 y(p0 ry)ii     hλx.hp0 x,        hλx.p (p x)(p rx), λy.p r(p (p x)y)ii,  0 1 1 0 1 1  if F is C ∈ B and B is not C;   λy.hp0 y,        hλx.p0 (p1 y)(p0 rx), λy.p1 r(p1 (p1 y)y)iii      hλx.hp0 r(p0 x),    (2.26) eC := hλx.p r(p (p x)x), λy.p (p x)(p ry)ii, F 0 0 1 1 1 1  if F is A ∈ C and A is not C;   λy.hp r(p y),  1 0       hλx.p1 r(p0 (p1 y)x), λy.p1 (p1 y)(p0 ry)iii     C C    hλx.hp0 eCF0 (p0 x), p0 eCF1 (p1 x)i, if F is F0 ∧ F1 ;   λy.hp1 eF0 (p0 y), p1 eF1 (p1 y)ii     C   hλx.hp0 x, p0 dN (p0 x, 0, eC F0 , eF1 )(p1 x)i,   if F is F0 ∨ F1 ; C C   λy.hp0 y, p1 dN (p0 y, 0, eF0 , eF1 )(p1 y)ii     C  hλxλz.p0 eC  F1 (x(p1 eF0 z)),  if F is F0 → F1 ;  C C  λyλz.p1 eF (y(p0 eF z))i  1 0   C C  hλxλk.p0 eG[K] (xk), λyλk.p1 eG[K] (yk)i if F is ∀KG[K];    )   C  hλx.hp0 x, p0 eG[K] (p1 x)i,   if F is ∃KG[K].   λy.hp0 y, p1 eC (p1 y)ii G[K]

We then define

C eqC F := λr.eF [r].

(2.27)

From this definition we have the following lemma: Lemma 2.4 If F [C] ∈ L∈ then r rn (A = B) → eqC F r↓ rn (F [A] ↔ F [B]). Definition 2.10 r elementarily realizes F , r rnE F For each bounded formula F ∈ L∈ we define an elementary formula (r rnE F ) ∈ LT0 with a new free variable r. The definition is given by the table below: 11

F

r rnE F

A=B

BS [r, αA , αB ]

A∈B

p0 r ε αB ∧ ln(p0 r) = 1 ∧ BS [p1 r, αA , str(αB , p0 r)]

F0 ∧ F1

p0 r rnE F0 ∧ p1 r rnE F1

F0 ∨ F1

p0 r ε nat ∧

F0 → F1

(p0 r = 0 → p1 r rnE F0 ) ∧ (p0 r 6= 0 → p1 r rnE F1 ) E ∀x(x rn F0 → rx↓ ∧ rx rnE F1 )

∀X ∈AG[X]

∀x ε αA (lnx = 1 → rx↓ ∧ rx rnE G[str(αA , x)])

∃X ∈AG[X]

p0 r ε αA ∧ ln(p0 r) = 1 ∧ p1 r rnE G[str(αA , p0 r)]

Definition 2.11 Elementary equivalence operation, eqEF For each bounded formula F ∈ L∈ by recursion on F we define a term eqEF in the following way:  hλx.x, λy.yi if F is A = B;    if F is A ∈ B;  hλx.x, λy.yi      hλx.hp0 eqEF0 (p0 x), p0 eqEF1 (p1 x)i,  if F is F0 ∧ F1 ;    λy.hp1 eqEF0 (p0 y), p1 eqEF1 (p1 y)ii      hλx.hp0 x, p0 (dN (p0 x, 0, eqEF0 , eqEF1 ))(p1 x)i,   if F is F0 ∨ F1 ;  E E   λy.hp0 y, p1 (dN (p0 y, 0, eqF0, eqF1 ))(p1 y)ii eqEF := hλxλz.p0 eqEF1 (x(p1 eqEF0 z)), if F is F0 → F1 ;   λyλz.p1 eqEF1 (y(p0 eqEF0 z))i   )    hλxλx.p0 eqEG[str(αA ,x)] (xstr(αA , x)hx, IDi),    if F is ∀X ∈AG[X]; E   λyλαλa.p1 (eqX  G[X] (p1 a))(p1 eqG[str(αA ,p0 a)] (y(p0 a)))i  )     hλx.hp0 (p0 (p1 x)), p0 eqEG[str(αA ,p0 (p0 (p1 x)))] (p0 (eqX  G[X] (p1 (p0 (p1 x))))(p1 (p1 x)))i,  if F is ∃X ∈AG[X].  λy.hstr(α , p y), hhp y, IDi, p eqE (p y)iii A

0

0

1

G[str(αA ,p0 y)]

1

Lemma 2.5 ∆0 -lemma If F ∈ L∈ is bounded then FV(eqEF ) ⊆ {αA | A ∈ FV(F )}, eqEF = hp0 eqEF , p1 eqEF i and the following holds: x rn F → p0 eqEF x rnE F

(2.28)

y rnE F → p1 eqEF y rn F.

(2.29)

and

Proof. The condition on free variables and pairing follow directly from the definition. So do 2.28 and 2.29 as well; we show here only two interesting cases of bounded quantifiers. By Definitions 2.6 and 2.10 we have: x rn ∀X ∈AG[X] ≡ ∀α∀a(Set[α] ∧ a rn (α ∈ αA ) → xαa↓ rn G[α]), y rnE ∀X ∈AG[X] ≡ ∀x ε αA (lnx = 1 → yx↓ rnE G[str(αA , x)]); x rn ∃X ∈AG[X] ≡ Set[p0 x] ∧ p0 (p1 x) rn (p0 x ∈ αA ) ∧ p1 (p1 x) rn G[p0 x], y rnE ∃X ∈AG[X] ≡ p0 y ε αA ∧ ln(p0 y) = 1 ∧ p1 y rnE G[str(αA , p0 y)]. Equations 2.28 and 2.29 are verified using Lemmas 2.1, 2.4 and induction hypothesis.  E

∀

∃

∀

∃

In addition, we define “mixtures” of rn and rn : rn , rn , eq and eq . They simplify treatment of bounded quantifiers, even without the assumption that the rest of formula is bounded. 12

rn∀ , rn∃ , eq∀ , eq∃

Definition 2.12

1. r rn∀ ∀X ∈AG[X] is defined as ∀x ε αA (lnx = 1 → rx↓ ∧ rx rn G[str(αA , x)]). 2. r rn∃ ∃X ∈AG[X] is defined as p0 r ε αA ∧ ln(p0 r) = 1 ∧ p1 r rn G[str(αA , p0 r)].  hλxλx.xstr(αA , x)hx, IDi, 3. eq∀∀X∈AG[X] := . λyλαλa.p1 (eqX G[X] (p1 a))(y(p0 a))i 4.

eq∃∃X∈AG[X]

 hλx.hp0 (p0 (p1 x)), p0 (eqX G[X] (p1 (p0 (p1 x))))(p1 (p1 x))i, := . λy.hstr(αA , p0 y), hhp0 y, IDi, p1 yiii

This definition invokes an obvious lemma: Lemma 2.6

∀∃-lemma

1. If F ∈ L∈ is ∀X ∈AG[X] then FV(eq∀F ) = {αA }, eq∀F = hp0 eq∀F , p1 eq∀F i and the following holds: (x rn F → p0 eq∀F x rn∀ F ) ∧ (y rn∀ F → p1 eq∀F y rn F ).

(2.30)

2. If F ∈ L∈ is ∃X ∈AG[X] then FV(eq∀F ) = {αA }, eq∃F = hp0 eq∃F , p1 eq∃F i and the following holds: (x rn F → p0 eq∃F x rn∃ F ) ∧ (y rn∃ F → p1 eq∃F y rn F ).

(2.31)

Remark. We will often mix freely all four kinds of realizations introduced in this section: rn , rnE , rn∀ and rn∃ , having in mind that the realizers can be effectively mapped into each other.

3

Realizing CZF in T0

The language of CZF is L∈ . The logic is intuitionistic first-order with equality. In the remainder of this paper we will use the following abbreviations: W = {U, V } for U ∈ W ∧ V ∈ W ∧ ∀X ∈W (X = U ∨ X = V ), W = hU, V i -”- U ∈ W ∧ ∃X ∈W (X = {U, V }) ∧ ∀X ∈W (X = U ∨ X = {U, V }), hU, V i ∈ R -”- ∃W ∈R(W = hU, V i), R⊆A×B -”- ∀W ∈R∃U ∈A∃V ∈B(W = hU, V i), mv[R, A, B] -”- R ⊆ A × B ∧ ∀U ∈A∃V ∈B(hU, V i ∈ R), Full[C, A, B] -”- ∀W ∈Cmv[W, A, B] ∧ ∀R(mv[R, A, B] → ∃S ∈C∀W ∈S(W ∈ R)). Note that all these formulas, except Full[C, A, B], are bounded. CZF has the following non-logical axioms: Extensionality: Foundation: Pair:

∀X∀Y (∀Z ∈X(Z ∈ Y ) ∧ ∀Z ∈Y (Z ∈ X) → X = Y ) ∀X(∀Y ∈XG[Y ] → G[X]) → ∀XG[X] for all formulas G[X] ∀X∀Y ∃Z∀U (U ∈ Z ↔ U = X ∨ U = Y )

Union:

∀X∃Y ∀U (U ∈ Y ↔ ∃V ∈X(U ∈ V ))

Infinity:

∃X(∃Z(Z ∈ X) ∧ ∀Y ∈X∃Z ∈ X(Y ∈ Z))

Bounded Separation: Strong Collection: Fullness:

∀X∃Y ∀U (U ∈ Y ↔ U ∈ X ∧ F [U ]) for all bounded formulas F [U ] ∀X(∀U ∈X∃Y G[U, Y ] → ∃W (∀U ∈X∃Y ∈W G[U, Y ] ∧ ∀Y ∈W ∃U ∈XG[U, Y ])) for all formulas G[U, Y ] ∀X∀Y ∃ZFull[Z, X, Y ]

13

Alternatively, instead of Fullness, we could take the following schema: ∀X∀X 0 ∃Z(∀U ∈X∃Y ∈X 0 G[U, Y ] → ∃W ∈Z(∀U ∈X∃Y ∈W G[U, Y ] ∧ ∀Y ∈W ∃U ∈XG[U, Y ])) for all formulas G[U, Y ]

Subset Collection:

As shown in [RGP98] (Proposition 2.3(i)), Fullness ↔ Subset Collection on the basis of remaining axioms of CZF. Also, similarly to [Myh75], Appendix A, Bounded Separation schema can be replaced by a finite number of its special cases. We will also consider a theory CZF, which is CZF where the formula G[X] in the Foundation schema must be of the form X ∈ U . It’s convenient to separate axioms of CZF into two groups: axioms describing properties of sets, which are Extensionality and Foundation, and set-existence axioms, which are all the rest. Giving realizations for axioms of the first group boils down to verifying that Definition 2.6 indeed satisfies those properties. More specifically, we have to verify that the notion of bisimulation is extensional, and inductive generator i included into the Definition 2.3 provides for ∈-induction for every formula. Set-existence axioms call for an explicit construction of appropriate trees, e.g. to realize Pair we need to show how to construct Z from X and Y , and verify that our construction is correct, i.e. to exhibit a realizer of ∀U (U ∈ Z ↔ U = X ∨ U = Y ). Lemma 3.1 Extensionality Extensionality axiom is realizable. Proof. Given Set[α] ∧ Set[β] and r rnE (∀Z ∈X(Z ∈ Y ) ∧ ∀Z ∈Y (Z ∈ X)), we need to build a bisimulator s for α and β. Assume x ε α. If lnx = 0, we can set p0 sx := nil.

(3.1)

Assume lnx 6= 0. Then headx ε α and ln(headx) = 1. Then p0 r(headx)↓ rnE (str(α, headx) ∈ β),

(3.2)

p0 (p0 r(headx)) ε β ∧ ln(p0 (p0 r(headx))) = 1 ∧ BS [p1 (p0 r(headx)), str(α, headx), str(β, p0 (p0 r(headx)))].

(3.3)

which reads

We have bodytx ε str(α, headx), so by 3.3 p0 (p1 (p0 r(headx)))(bodytx) ε str(β, p0 (p0 r(headx))), ln(p0 (p1 (p0 r(headx)))(bodytx)) = ln(bodytx). Then we set

p0 sx := p0 (p0 r(headx))∗p0 (p1 (p0 r(headx)))(bodytx) ε β, ln(p0 sx) = lnx.

(3.4)

(3.5)

Therefore, from 3.1 and 3.5, the first component of s is set to be
p0 s := λx.dN lnx, 0, nil, p0 (p0 r(headx))∗p0 (p1 (p0 r(headx)))(bodytx) .

(3.6)

Symmetrically we construct
p1 s := λy.dN lny, 0, nil, p0 (p1 r(heady))∗p0 (p1 (p1 r(heady)))(bodyty) .

(3.7)

s := hp0 s, p1 si.

(3.8)

and then set According to this construction, BS [s, α, β] follows easily. 

14

Lemma 3.2 Foundation a) Every instance of Foundation is realizable in EET + IG; b) Restricted Foundation is realizable in (EET + IG). Proof. a) Assume r rn ∀X(∀Y ∈XG[Y ] → G[X]), which reads
∀α∀v Set[α] ∧ v rn (∀Y ∈αG[Y ]) → rαv↓ rn G[α] ≡
∀α∀v Set[α] ∧ ∀β∀y(Set[β] ∧ y rn (β ∈ α) → vβy↓ rn G[β]) → rαv↓ rn G[α] ≡ ∀α∀v Set[α] ∧ ∀β∀y(Set[β] ∧ p0 y ε α ∧ ln(p0 y) = 1 ∧ BS [p1 y, β, str(α, p0 y)] →
vβy↓ rn G[β]) → rαv↓ rn G[α] .

(3.9)

Assume also Set[γ]. Instantiating α := str(γ, z) into 3.9, we have ∀z ε γ∀v ∀β∀y(Set[β] ∧ p0 y ε str(γ, z) ∧ ln(p0 y) = 1 ∧ BS [p1 y, β, str(str(γ, z), p0 y)] →
vβy↓ rn G[β]) → rstr(γ, z)v↓ rn G[str(γ, z)] .

(3.10)

By recursion theorem for a function f := λcλz.rstr(γ, z)λβλy.p1 (eqC G[C] (p1 y))(R(z ∗p0 y)) there exists a term R := recf such that Rz ' rstr(γ, z)λβλy.p1 (eqC G[C] (p1 y))(R(z∗p0 y)).

(3.11)

We want to prove ProgA (γ, Rz↓ rn G[str(γ, z)]), i.e.
z ε γ → ∀u ε γ(u A z → Ru↓ rn G[str(γ, u)]) → Rz↓ rn G[str(γ, z)] .

(3.12)

Assume z ε γ ∧ ∀u ε γ(u A z → Ru↓ rn G[str(γ, u)]). If Set[β] ∧ y rn (β ∈ str(γ, z)), then z∗p0 y ε γ, z∗p0 y A z,

(3.13)

R(z∗p0 y)↓ rn G[str(γ, z∗p0 y)].

(3.14)

and by assumption From Definition 2.6 we also have in this case p1 y rn (β = str(str(γ, z), p0 y)), which together with ID rn (str(str(γ, z), p0 y) = str(γ, z∗p0 y))

(3.15)

by Lemma 2.2c gives p1 y rn (β = str(γ, z∗p0 y)) and by Lemma 2.4 p1 (eqC G[C] (p1 y))(R(z∗p0 y))↓ rn G[β].

(3.16)

Therefore for the operation v := v[z] := λβλy.p1 (eqC G[C] (p1 y))(R(z ∗ p0 y)) by 3.10 we have rstr(γ, z)v ↓ rn G[str(γ, z)], i.e. rstr(γ, z)λβλy.p1 (eqC (p y))(R(z∗p 0 y))↓ rn G[str(γ, z)]. From this fact and equation 3.11 G[C] 1 we obtain 3.12. By IG we obtain ∀z ε γ(Rz↓ rn G[str(γ, z)]).

(3.17)

Rnil↓ rn G[str(γ, nil)],

(3.18)

ID rn (γ = str(γ, nil)),

(3.19)

p1 (eqC G[C] ID)(Rnil)↓ rn G[γ].

(3.20)

Letting z := nil, we have which, together with the fact by Lemma 2.4 yields This shows that an operation λrλγ.p1 (eqC G[C] ID)(Rnil) is a realization of an instance of Foundation ∀X(∀Y ∈XG[Y ] → G[X]) → ∀XG[X]. b) If G[X] is X ∈ U , then it’s enough to observe that Rz↓ rn G[str(γ, z)] ≡ Rz↓ rn (str(γ, z) ∈ αU ) ≡ p0 (Rz) ε αU ∧ ln(p0 (Rz)) = 1 ∧ BS [p1 (Rz), str(γ, z), str(αU , p0 (Rz))] 15

(3.21)

is elementary in αU , γ, and therefore can be written as z ε t[αU , γ] for some name t.  Rest of the axioms of CZF are set-existence axioms. To realize those, one has to explicitly construct a wellfounded tree from a given data. Correctness will follow routinely from the construction, and mostly will be left to the reader. Definition 3.1

Pairings pt, opt and projections pt0 , pt1

1. By ECA we define a name p[α, β] so that c ε p[α, β] ↔ c ε seq ∧ P [α, β, c],

(3.22)

lnc = 0 ∨ (lnc 6= 0 ∧ ctc = 0 ∧ bodytc ε α) ∨ (lnc 6= 0 ∧ ctc = 1 ∧ bodytc ε β).

(3.23)

where P [α, β, c] is a formula

pt is defined as λαλβ.p[α, β], opt is λαλβ.p[α, p[α, β]]. 2. Again by ECA we define names pi [α], i = 0, 1, so that c ε pi [α] ↔ c ε seq ∧ Pi [α, c],

(3.24)

sg0∗c ε α.

(3.25)

h1, hsg1, 1ii∗c ε α.

(3.26)

where P0 [α, c] is a formula

and P1 [α, c] is a formula

pt0 and pt1 are defined as λα.p0 [α] and λα.p1 [α], resp. These operations from w.-f. trees α and β give a pairing tree ptαβ and an ordered pairing tree optαβ, and pt0 and pt1 are projection-operations corresponding to opt. Immediately from the definitions we have the following facts. Proposition 3.1 a) Set[α] ∧ Set[β] → Set[ptαβ] ∧ Set[optαβ] ∧ Set[pt0 α] ∧ Set[pt1 α]; b) there are elementary realizers for formulas ptαβ = {α, β} and optαβ = hα, βi; c) ID rn (pt0 (optαβ) = α) ∧ ID rn (pt1 (optαβ) = β). Proof. a) follows from 3.22–3.26. b): By 3.23 t := hhhsg0, IDi, hsg1, IDii, λx.hctx, IDii is an elementary realizer of ptαβ = {α, β} and u := hhhsg0, IDi, hsg1, tii, λx.hctx, dN (ctx, 0, ID, t)ii is an elementary realizer of optαβ = hα, βi. . . c): This is just the statement that pt0 (optαβ) = α and pt1 (optαβ) = β, which again follows from 3.22–3.26.  Lemma 3.3 Pair Axiom Pair is realizable. Proof. pt operation gives a realization of Pair : ∀X∀Y ∃Z∀U (U ∈ Z ↔ U = X ∨ U = Y ) : given Set[α] ∧ Set[β], take Z to be ptαβ. realization of ∀U (U ∈ ptαβ ↔ U = α ∨ U = β) follows from the construction 3.22 of p[α, β]. 

16

Lemma 3.4 Union Axiom Union is realizable. Proof. Assume Set[α]. Consider the following formula U [α, c]: lnc = 0 ∨ lnc 6= 0 ∧ ctc = hp0 (ctc), p1 (ctc)i
∧ (sg(p0 (ctc))∗sg(p1 (ctc)))∗bodytc ε α .

(3.27)

By ECA we define a name u[α] so that c ε u[α] ↔ c ε seq ∧ U [α, c]

(3.28)

(u[α] “squeezes together” every first two members of α). Note that Set[u[α]]. This u[α] serves as a witness for Y in the axiom ∀X∃Y ∀U (U ∈ Y ↔ ∃V ∈X(U ∈ V )).  Lemma 3.5 Infinity Axiom Infinity is realizable. Proof. Infinite tree is constructed as follows. By primitive recursion a sequence sq0 n of 0’s of length n is defined by:  0 sq 0 = nil, (3.29) sq0 (n0 ) = h1, hsq0 n, 0ii. Now, we index each such sequence by its length: by ECA there is a name inf s.t. b ε inf ↔ b = nil ∨ (b ε seq ∧ lnb 6= 0 ∧ ctb ε nat ∧ bodytb = sq0 (ctb)).

(3.30) 

Lemma 3.6 Bounded Separation Every instance of Bounded Separation is realizable. Proof. Assume a formula F to be bounded. Assume Set[α]. Consider the following formula S[α, c]: W lnc = 0 (3.31) lnc 6= 0 ∧ c = sm(sm0 c, sm1 c) ∧ sm0 c ε α ∧ sm1 c rnE F [str(α, head(sm0 c))]. By ECA there exists a name s[α] such that c ε s[α] ↔ c ε seq ∧ S[α, c].

(3.32)

Obviously, Set[s[α]]. This s[α] is taken as a name for Y in the instance of Bounded Separation: ∀X∃Y ∀U (U ∈ Y ↔ U ∈ X ∧ F [U ]). Also, by 3.31, c ε s[α] ∧ lnc = 1 → sm0 c ε α ∧ ln(sm0 c) = 1 ∧ sm1 c rnE F [str(α, sm0 c)]

(3.33)

d ε α ∧ lnd = 1 ∧ r rnE F [str(α, d)] → sm(d, r) ε s[α] ∧ ln(sm(d, r)) = 1.

(3.34)

and This is sufficient to build a realizer of ∀U (U ∈ s[α] ↔ U ∈ α ∧ F [U ]).  Lemma 3.7 Strong Collection Every instance of the axiom Strong Collection is realizable.

17

Proof. Let a formula G[U, Y ] ∈ L∈ be given. Assume Set[α]. Assume also r rn ∀U ∈ α∃Y G[U, Y ], which reads ∀υ∀u(Set[υ] ∧ u rn (υ ∈ α) → Set[p0 (rυu)] ∧ p1 (rυu) rn G[υ, p0 (rυu)]).

(3.35)

In particular, taking υ := str(α, z), u := hz, IDi, for z ε α, lnz = 1, and denoting f := f[r, α, z] := rstr(α, z)u, we have ∀z ε α(lnz = 1 → Set[p0 f] ∧ p1 f rn G[str(α, z), p0 f]).

(3.36)

Now we index each of the trees p0 f[r, α, z] by z and, using J, collect them together into a single tree. Formally, consider the following formula SC [r, α, c]:
lnc = 0 ∨ lnc 6= 0 ∧ headc ε α ∧ bodytc ε p0 f[r, α, headc] . (3.37) Using 3.36, by J and ECA there exists a name sc[r, α] such that

c ε sc[r, α] ↔ c ε seq ∧ SC [r, α, c].

(3.38)

By construction 3.37, Set[sc[r, α]]. This sc[r, α] is a witness for W in the instance of Strong Collection ∀X(∀U ∈X∃Y G[U, Y ] → ∃W (∀U ∈X∃Y ∈W G[U, Y ] ∧ ∀Y ∈W ∃U ∈XG[U, Y ])). For realization of ∀U ∈ α∃Y ∈ sc[r, α]G[U, Y ] ∧ ∀Y ∈ sc[r, α]∃U ∈ αG[U, Y ], it’s convenient to use modified realisabilities rn∀ and rn∃ (Definition 2.12 and Lemma 2.6): then everything follows from the definition of sc.  Lemma 3.8 Fullness Fullness axiom is realizable. Proof. Assume Set[α] ∧ Set[β]. Consider the following formula Fn[α, β, f ]: ∀u ε α(lnu = 1 → f u ε β ∧ ln(f u) = 1).

(3.39)

By ECA there exists a name fn[α, β] s.t. f ε fn[α, β] ↔ Fn[α, β, f ]. Now consider a formula Fl [α, β, c]: W W lnc = 0 lnc = 1 ∧ ctc ε fn[α, β] lnc 6= 0 ∧ lnc 6= 1 ∧ ctc ε fn[α, β] ∧ head(bodytc) ε α ∧ fcut(c, 2) ε opt(str(α, head(bodytc)), str(β, ctc(head(bodytc)))).

(3.40)

(3.41)

By ECA there exists a name fl [α, β] s.t. c ε fl [α, β] ↔ c ε seq ∧ Fl [α, β, c].

(3.42)

This fl [α, β] is a witness for Z in the Fullness axiom ∀X∀Y ∃ZFull[Z, X, Y ]. Let’s check that we have a realization of Full[α, β, fl [α, β]] ≡ ∀W ∈fl [α, β]mv[W, A, B] ∧ ∀R(mv[R, A, B] → ∃S ∈fl [α, β]∀W ∈S(W ∈ R)). By Definition 2.10 r rnE mv[ρ, α, β] ≡ p0 r rnE ∀Q∈ρ∃U ∈α∃V ∈β(Q = hU, V i) ∧ p1 r rnE ∀U ∈α∃V ∈β(hU, V i ∈ ρ).

(3.43)

Given w ε fl [α, β], lnw = 1, namely w = sgf , f ε fn[α, β], we have an elementary realization of ∀Q ∈ str(fl [α, β], w)∃U ∈ α∃V ∈ β(Q = hU, V i): if we take u := q and v := f q, then we have to realize str(fl [α, β], w ∗ q) = hstr(α, q), str(β, f q)i, i.e. opt(str(α, q), str(β, f q)) = hstr(α, q), str(β, f q)i, which follows from Proposition 3.1b), and of ∀U ∈ α∃V ∈ β(hU, V i ∈ str(fl [α, β], w)): take v := f (u). Also, if Set[ρ] and rrnE mv[ρ, α, β], then p1 r provides us with a function f εfn[α, β] and a realization of hstr(α, u), str(β, f u)i ∈ ρ, and then we take s := sgf , and by construction 3.41 and Proposition 3.1b) realize ∀W ∈str(fl [α, β], sgf )(W ∈ ρ).  All the lemmas proved in this section, together with Theorem 1 in Section 2, give us 18

Theorem 2 a) CZF is realizable in T0 ; b) CZF is realizable in T0; c) CZF − Strong Collection is realizable in EET + IG; d) CZF − Strong Collection is realizable in (EET + IG).

4

Regularity, inaccessibility, mahloness

There is a perfect intuitive match between higher notions in Constructive Set Theory, starting with regularity, and higher universe properties in Explicit Mathematics. To explain this match formally, we need to be able to pass from a universe υ, having some higher property F, to a universal set usυ, having corresponding higher set-property F 0 . If υ names a universe, such a usυ is constructed by collecting all sets α, α ε υ, indexed by α, into a single tree. In the definition below we are using the fact that in υ, making use of Join over υ, the formula Set[x], Definition 2.3, can be replaced by an elementary formula. Definition 4.1 us – universal set Let υ name a universe. 1. We define names j[υ] := j(υ, λx.x), jig [υ] := j(υ, λx.igx).

(4.1)

2. An elementary formula Set−N [x; υ] is defined as ∀y(hx, yi ε j[υ] → y ε seq) ∧ hx, nili ε j[υ] ∧ ∀y∀z(hx, yi ε j[υ] ∧ y A z → hx, zi ε j[υ]) ∧ ∀y(hx, yi ε j[υ] → hx, yi ε jig [υ]).

(4.2)

3. By ECA we define a name . u[υ] := {x | x ε υ ∧ Set−N [x; υ]}. 4. Finally by ECA and λ-abstraction we set . usυ := {x | x ε seq ∧ (lnx = 0 ∨ (lnx 6= 0 ∧ hct(headx), bodytxi ε j(u[υ], λx.x)))}.

(4.3)

(4.4)

Lemma 4.1 Set−N [x; v] ↔ Set[x] If υ names a universe, then Set−N [x; υ] ↔ Set[x] ∧ x ε υ.

(4.5)

Proof. ⇒. Assuming Set−N [x; υ], x ε υ follows from hx, nili ε j[υ]. Now by Join Set−N [x; υ] (4.2) and Set[x] (2.20) say the same thing, except for N [x], which is required by Set[x] and follows from x ε υ. ⇐. Set−N [x; υ] follows from Set[x] ∧ x ε υ by Join.  From the Definition 4.1 and the previous Lemma we obtain the following: Lemma 4.2 Universal set lemma If υ names a universe, then the following holds: a) Set[usυ]; b) α ε υ ∧ Set[α] → hsgα, IDi rn (α ∈ usυ); . c) x ε usυ ∧ lnx = 1 → ctx ε υ ∧ Set[ctx] ∧ str(usυ, x) = ctx. Importance of the notion of universal set is that, if υ names a universe, then every name construction which we carried out in Lemmas 3.3–3.8 is reflected by this set (= on first nodes of this tree). More exactly, we have the following lemma.

19

Lemma 4.3 U[υ] ∧ α, β ε υ ∧ Set[α] ∧ Set[β] → t[α, β] ε υ ∧ Set[t[α, β]] ∧ hsgt[α, β], IDi rn (t[α, β] ∈ usυ)

(4.6)

for t[α, β] ::= ptαβ, u[α], inf, s[α], sc[r, α], fl [α, β] as defined in the proofs of Lemmas 3.3–3.8. Proof. Set[t[α, β]] is established in Lemmas 3.3–3.8. (t[α, β]ευ)-part follows from the fact that t is built up by Elementary Comprehension and Join, and universes are closed under j and name generators (Definition 1.2). rn -part now follows from universal set Lemma 4.2b).  The first set-theoretic property, where the notion of universal set will come into use, is that of regularity. Definition 4.2 Regular set Reg[A] is the following formula of L∈ : Tran[A] ∧ ∀C ∈A∀R ⊆ C × A
∀X ∈C∃Y ∈A(hX, Y i ∈ R) → ∃B ∈A(∀X ∈C∃Y ∈B(hX, Y i ∈ R) ∧ ∀Y ∈B∃X ∈C(hX, Y i ∈ R)) , where Tran[A] stands for ∀X ∈A∀Y ∈X(Y ∈ A). In fact, the formula Reg[A] says that A is transitive and closed under an instance of Strong Collection for a specific formula G[X, Y ], namely G[X, Y ] ≡ hX, Y i ∈ R, for R ⊆ C × A, C ∈ A. Definition 4.3 REA REA is an axiom ∀X∃Y (X ⊆ Y ∧ Reg[Y ]). Lemma 4.4 Reg[usυ] If υ names a universe then Reg[usυ] is realizable in T0. Proof. We have to realize two formulas: ∀X ∈usυ∀Y ∈X(Y ∈ usυ)

(4.7)

∀C ∈usυ∀R ⊆ C × usυ ∀X ∈C∃Y ∈usυ(hX, Y i ∈ R) →
∃B ∈usυ(∀X ∈C∃Y ∈B(hX, Y i ∈ R) ∧ ∀Y ∈B∃X ∈C(hX, Y i ∈ R)) .

(4.8)

and

4.7: Assume x ε usυ ∧ lnx = 1 ∧ y ε str(usυ, x) ∧ lny = 1. By Lemma 4.2c) we have ctx ε υ ∧ Set[ctx] ∧ y ε ctx

(4.9)

. str(str(usυ, x), y) = str(ctx, y).

(4.10)

and str(ctx, y) ε υ, since ctx ε υ and υ is closed under str. Also, Set[str(ctx, y)], since y ε ctx. By Lemma 4.2b) hsg(str(ctx, y)), IDi rn (str(ctx, y) ∈ usυ),

(4.11)

hsg(str(ctx, y)), IDi rn (str(str(usυ, x), y) ∈ usυ).

(4.12)

which together with 4.10 yields 4.8: Assume c ε usυ, lnc = 1, Set[ρ] ∧ p rn (ρ ⊆ str(usυ, c) × usυ) and r rnE ∀X ∈str(usυ, c)∃Y ∈usυ(hX, Y i ∈ ρ),

(4.13)

which reads ∀x ε str(usυ, c)(lnx = 1 → rx↓ rnE ∃Y ∈usυ(hstr(str(usυ, c), x), Y i ∈ ρ)) ≡ ∀x ε str(usυ, c)(lnx = 1 → p0 (rx) ε usυ ∧ ln(p0 (rx)) = 1 ∧ p1 (rx) rn (hstr(str(usυ, c), x), str(usυ, p0 (rx))i ∈ ρ)). 20

(4.14)

By Lemma 4.2c) . ctc ε υ ∧ Set[ctc] ∧ str(usυ, c) = ctc,

(4.15)

i.e. we have ∀x ε ctc(lnx = 1 → (4.16) p0 (rx) ε usυ ∧ ln(p0 (rx)) = 1 ∧ p1 (rx) rn (hstr(str(usυ, c), x), str(usυ, p0 (rx))i ∈ ρ)). . Taking a name t[c] := {x | x ε ctc ∧ lnx = 1} and an operation f := λx.ct(p0 (rx)), we have t ε υ ∧ f : t 7→ υ, so that j(t, f ) ε υ ∧ ∀x ε tSet[f x]. Now the proof is completed in the same way as of Lemma 3.7: we take a name sc 0 [r, c] defined by ECA to satisfy y ε sc 0 [r, c] ↔ y ε seq ∧ (y = nil ∨ hheady, bodytyi ε j(t, f )),

(4.17)

as a witness for B. Note in addition that we have a realization of sc 0 ∈ usυ, since sc 0 ε υ, Set[sc 0 ], and therefore by Lemma 4.2b) the formula sc 0 ∈ usυ is realizable.  Theorem 3 a) CZF + REA is realizable in Tu ; b) CZF + REA is realizable in Tu. Proof. a) CZF is realizable in Tu since by Theorem 2a) it’s realizable in T0 and T0 is a subsystem of Tu . So we have to concentrate on REA. If α is a name for X, Set[α], we take us(uα) as a name for Y . Since U[uα] by VII, by the previous Lemma we have a realization of Reg[us(uα)], and it remains only to (elementarily) realize α ⊆ us(uα) ≡ ∀X ∈α(X ∈ us(uα)). str(α, x) ε uα, since α ε uα by VII and str is built by ECA. Since x ε α, by Lemma 2.1 Set[str(α, x)]. Then by Lemma 4.2b) hsg(str(α, x)), IDi rn (str(α, x) ∈ us(uα)). b) As a), using Theorem 2b) instead of 2a).  Corollary. a) |CZF + REA| ≤ |Tu | ≤ |KPi|; b) |CZF + REA| ≤ |Tu | ≤ |KPi|. Proof. This follows from the previous theorem and parts 3 and 2 of [JStu, Theorem 6] and [Jnm, Theorem 11].  For realizing Mahlo axioms in Constructive Set Theory, we need an operation set, building a set out of an arbitrary name “by brute force”. Definition 4.4 Set-forming operation set By ECA we define a name t[α] so that . t[α] = {x | ∃z ε α(z w x)}.

(4.18)

Then by ECA and λ-abstraction we define . setα := {x | x = nil ∨ x ε igt[α]}.

(4.19)

We have an obvious Lemma 4.5 For each name α we have . Set[setα] ∧ (Set[α] → setα = α). Definition 4.5 Inaccessible set, In[A] In[A] is a formula A Reg[A] ∧ REAA ∧ PairA ∧ UnionA ∧ InfinityA ∧ ∧i=1,N (Bounded Separation)A i ∧ Fullness ,

(4.20)

where (Bounded Separation)i is the i-th formula in the finite formalisation of Bounded Separation (see Section 3). 21

Definition 4.6 Mahlo schema, CZFM, CZFM M is the following schema: ∀X∃Y F [X, Y ] → ∃I(In[I] ∧ ∀X ∈I∃Y ∈IF [X, Y ]) for all formulas F [X, Y ]. By CZFM we denote a theory CZF + REA + M, CZFM := CZF + REA + M. Definition 4.7 Inaccessible universe A universe ι is {u0 , i0 }-inaccessible iff

. . u0 : ι 7→ ι ∧ i0 : ι2 7→ ι ∧ ∀α ε ι(u0 α = uα) ∧ ∀α ε ι∀β ε ι(i0 αβ = iαβ).

(4.21)

Lemma 4.6 In[usι] If a universe ι is {u0 , i0 }-inaccessible then the formula In[usι] is realizable in Tu. Proof. Assume a universe ι to be {u0 , i0 }-inaccessible. Since ι names a universe, all conjuncts in the formula In[usι] (see 4.20), except Reg[usι] and REAusι , are realizable by Lemma 4.3. Additionally, Reg[usι] is realizable by Lemma 4.4. It remains to elementarily realize REAusι ≡ ∀X ∈usι∃Y ∈usι(X ⊆ Y ∧ Reg[Y ]).

(4.22)

We start with x ε usι, lnx = 1. As before, by Lemma 4.2c), ctx ε ι ∧ Set[ctx], and, consequently, u0 (ctx) ε ι ∧ i0 (ctx, A) ε ι. By 4.21 . . u0 (ctx) = u(ctx) ∧ i0 (ctx, A) = ig(ctx), (4.23) so we also have U[u0 (ctx)]. We define an operation us0 in the same way as operation us in Definition 4.1, with the only difference that i is everywhere replaced by i0 . Since us0 (u0 (ctx)) is built from u0 (ctx) by Elementary Comprehension and Join, using closeness of ι under i0 , we have us0 (u0 (ctx)) ε ι and . . us0 (u0 (ctx)) = us(u0 (ctx)) = us(u(ctx)). (4.24) Elementary witness for Y is taken to be sg(us0 (u0 (ctx))). Rewriting 4.22 with this value of Y , we need to find a realization of str(usι, x) ⊆ str(usι, sg(us0 (u0 (ctx)))) ∧ Reg[str(usι, sg(us0 (u0 (ctx))))],

(4.25)

which by 4.24 and Lemmas 4.2c) and 2.4 reduces in turn to realizability of str(usι, x) ⊆ us(u(ctx)) ∧ Reg[us(u(ctx))],

(4.26)

ctx ⊆ us(u(ctx)) ∧ Reg[us(u(ctx))].

(4.27)

and Realizability of the first conjunct of the latter formula follows as in the proof of Theorem 3, and of the second conjunct follows from Lemma 4.4.  Lemma 4.7 Mahlo schema is realizable in Tm. Proof. Assume r rn ∀X∃Y G[X, Y ].

(4.28)

Consider a function f := λα.p0 (r(setα)). Take ι := m(nat, λα.opt(f α, opt(uα, iα))) and u0 := λα.pt0 (pt1 (opt(f α, opt(uα, iα)))), i0 := λα.pt1 (pt1 (opt(f α, opt(uα, iα)))). By VIII and Proposition 3.1c) ι is {u0 , i0 }-inaccessible. We take usι as a name for I. In[usι] is realizable by Lemma 4.6. It remains to find a ∀∃-realizer of ∀X ∈usι∃Y ∈usιG[X, Y ]. 22

If we take f 0 := λα.pt0 (opt(f α, opt(uα, iα))), then

. f 0 : ι 7→ ι ∧ ∀α(f 0 α = f α). 0

(4.29) 0

0

Assuming x ε usι, lnx = 1, we have ctx ε ι ∧ Set[ctx], f (ctx) ε ι, and Set[f (ctx)], since Set[f (ctx)]. sg(f (ctx)) is taken as an ∃-witness for Y . By Lemma 4.2, sg(f 0 (ctx)) ε usι, ln(sg(f 0 (ctx))) = 1

(4.30)

. str(usι, x) = ctx ε ι, . str(usι, sg(f 0 (ctx))) = f 0 (ctx) ε ι.

(4.31)

p1 (r(set(ctx)))↓ rn G[set(ctx), p0 (r(set(ctx)))].

(4.32)

and

From 4.28 we have From the definitions of f 0 and f we have . f 0 (ctx) = f (ctx) = set(p0 (r(set(ctx)))). Since Set[p0 (r(set(ctx)))] by Definition 2.6 and Set[ctx], by Lemma 4.5 we have . set(ctx) = ctx, . set(p0 (r(set(ctx)))) = p0 (r(set(ctx))).

(4.33)

(4.34)

Now, combining 4.31–4.34 with Lemma 2.4, we obtain a realizer of G[str(usι, x), str(usι, sg(f 0 (ctx)))].  Theorem 4 a) CZFM is realizable in Tm ; b) CZFM is realizable in Tm. Proof. This follows from Theorem 3 and the previous lemma.



Corollary. a) |CZFM| ≤ |Tm | ≤ |KPM|; b) |CZFM| ≤ |Tm | ≤ |KPM|. Proof. This follows from the previous theorem and parts 3 and 2 of [JStu, Theorem 10] and [Jnm, Theorem 13].  A little stronger form of mahloness in Constructive Set Theory, considered in [RaCZFM], is existence of a Mahlo set. As before, Mahlo universe M takes care of such a set. Definition 4.8 Mahlo set, M[A] M[A] is defined as In[A] ∧ ∀R(mv[R, A, A] → ∃I ∈A(In[I] ∧ ∀X ∈I∃Y ∈I(hX, Y i ∈ I))).

(4.35)

Definition 4.9 Mahlo axiom, CZFM+ , CZFM+ + M is an axiom ∃ZM[Z]. CZFM+ is a theory CZF + REA + M+ , CZFM+ := CZF + REA + M+ . Realizability of the Mahlo axiom repeats realizability of the Mahlo schema in Lemma 4.7, just with a little extra considerations. Lemma 4.8 Mahlo axiom is realizable in TM.

23

Proof. First of all, by IX, u : M 7→ M ∧ i : M2 7→ M.

(4.36)

Therefore M is {u, i}-inaccessible and by Lemma 4.6 we have a realization of In[usM]. usM is taken as a witness for Z. Now assume Set[ρ] ∧ r rnE mv[ρ, usM, usM]. Take f := λα.ct(p1 r(sg(setα))), then f : M 7→ M.

(4.37)

Take ι := m(nat, λα.opt(f α, opt(uα, iα))) and u0 := λα.pt0 (pt1 (opt(f α, opt(uα, iα)))), 0 i := λα.pt1 (pt1 (opt(f α, opt(uα, iα)))). By IX and Proposition 3.1c) we obtain that ι ε M and ι is {u0 , i0 }inaccessible. We now take usι as a witness for I. In[usι] is realizable by Lemma 4.6. Since ι ε M, we also have usι ε M. Since Set[usι] by Lemma 4.2a), we have a realization of usι ∈ usM. Finally, we need to find an elementary realizer of ∀X ∈usι∃Y ∈usι(hX, Y i ∈ usι). If we take f 0 := λα.pt0 (opt(f α, opt(uα, iα))), then f 0 : ι 7→ ι.

(4.38)

0

We define an operation set in the same way as the operation set in Definition 4.4, with the only difference that i is everywhere replaced by i0 . Now assuming x ε usι, lnx = 1, by Lemmas 4.2 and 4.5 we have sg(set0 (f 0 (ctx))) ε usι, ln(sg(set0 (f 0 (ctx)))) = 1

(4.39)

. opt(str(usι, x), str(usι, sg(set0 (f 0 (ctx))))) = opt(ctx, set0 (f 0 (ctx))) ε ι,

(4.40)

and which by Proposition 3.1b) and Lemma 2.4 is sufficient for realizing hstr(usι, x), str(usι, sg(set0 (f 0 (ctx))))i ∈ usι.  Theorem 5 a) CZFM+ is realizable in TM ; b) CZFM+ is realizable in TM. Proof. This follows from Theorem 3 and Lemma 4.8.

24



References [Acz78] P. Aczel. The Type Theoretic Interpretation of Constructive Set Theory. In: A. MacIntyre, L. Pacholski, J. Paris (eds.), Logic Colloquium ’77 : 55–66, 1978 [Acz86] P. Aczel. The Type Theoretic Interpretation of Constructive Set Theory: inductive definitions. In: R.B. Marcus et al. (eds), Logic, Methodology and Philosophy of Science VII : Amsterdam, 1986 [Be85] M. Beeson. Foundations of Constructive Mathematics. Springer, 1985 [Fef75] S. Feferman. A language and axioms for explicit mathematics. In: Algebra and Logic, LNM 450: 87–139, 1975 [Fef79] S. Feferman. Constructive theories of functions and classes. In: Logic Colloquium ’78, 159–224, 1979 [FJ96] S. Feferman, G. J¨ ager. Systems of explicit mathematics with non-constructive µ-operator. Part II. APAL 79,1: 37–52, 1996 [GR94] E. Griffor, M. Rathjen. The strength of some Martin-L¨ of type theories. Arch. Math. Logic, 33:347–385, 1994 [J¨ a83] G. J¨ ager. A well-ordering proof for Feferman’s theory T0 . Arch. Math. Logic, 23:65–77, 1983 [J¨ a88] G. J¨ ager. Induction in elementary theory of types and names. Computer Science Logic ’87, LNCS 329:118–128, 1988 [Jnm] G. J¨ ager. First order theories for nonmonotone inductive definitions: recursively inaccessible and Mahlo. Journal of Symbolic Logic, to appear [JKS99] G. J¨ ager, R. Kahle, T. Strahm. On applicative theories. In: A. Cantini, E. Casari, P.L. Minari (eds.), Logic and Foundations of Mathematics, 83–92, 1999 [JP82] G. J¨ ager, W. Pohlers. Eine beweistheoretische Untersuchung von ∆12 − CA + BI und verwandter Systeme. Sitz. Beyer. Akad. der Wissen., Math.-Natur. Klasse: 1–28, 1982 [JSumM] G. J¨ ager, Th. Strahm. Upper bounds for metapredicative Mahlo in explicit mathematics and admissible set theory. Journal of Symbolic Logic, to appear [JStu] G. J¨ ager, T. Studer. Extending the system T0 of explicit mathematics: the limit and Mahlo case. Submitted [Myh75] J. Myhill. Constructive set theory. JSL 40 (1975), 347–382 [Ra90] M. Rathjen. Ordinal notations based on a weakly Mahlo cardinal. Arch. Math. Logic, 29:249–263, 1990 [Ra91] M. Rathjen. Proof theoretic analysis of KPM. Arch. Math. Logic, 30:377–403, 1991 [Ra94a] M. Rathjen. Collapsing functions based on recursively large ordinals: A well-ordering proof for KPM. Arch. Math. Logic, 33:35–55, 1994 [Ra94b] M. Rathjen. Proof theory of reflection. APAL, 68:181–224, 1994 [Ra00] M. Rathjen. The Superjump in Martin-L¨ of Type Theory. In: S. Buss, P. Hajek, P. Pudlak (eds.), Logic Colloquium 98, 363–386, 2000 [RaCZFM] M. Rathjen. Interpreting Mahlo set theory in Mahlo type theory. Preprint, 1999 [RGP98] M. Rathjen, E.R. Griffor, E. Palmgren. Inaccessibility in constructive set theory and type theory. APAL, 94:181–200, 1998 [Se98] A. Setzer. Well-ordering proof for Martin-L¨ of Type Theory with W-type and one Universe. APAL, 92:113–159, 1998 [SeM] A. Setzer. Extending Martin-L¨ of Type Theory with one Mahlo Universe. To appear in: Archive for Mathematical Logic [StrwmM] Th. Strahm. Wellordering proofs for metapredicative Mahlo. Preprint [Tat98] M. Tatsuta. Realizability for Constructive Theory of Functions and Classes and Its Application to Program Synthesis. Proceedings of Thirteenth Annual IEEE Symposium on Logic in Computer Science, 1998: 358–367 [Tr98] A. Troelstra. Realizability. In: S. Buss, ed., Handbook of Proof Theory. North Holland, 1998: 407–474 [Tura] S. Tupailo. Realization of analysis into Explicit Mathematics. Technical report IAM-00-003, Institute for Informatics, University of Bern, Switzerland. Submitted for publication

25