An interpretation of the Sigma-2 fragment of classical Analysis in System T
aa r X i v : . [ m a t h . L O ] J a n AN INTERPRETATION OF THE SIGMA-2 FRAGMENTOF CLASSICAL ANALYSIS IN SYSTEM T
DANKO ILIK
Abstract.
We show that it is possible to define a realizability interpretationfor the Σ -fragment of classical Analysis using G¨odel’s System T only. Thissupplements a previous result of Schwichtenberg regarding bar recursion attypes 0 and 1 by showing how to avoid using bar recursion altogether. Ourresult is proved via a conservative extension of System T with an operatorfor composable continuations from the theory of programming languages dueto Danvy and Filinski. The fragment of Analysis is therefore essentially con-structive, even in presence of the full Axiom of Choice schema: Weak Church’sRule holds of it in spite of the fact that it is strong enough to refute the formalarithmetical version of Church’s Thesis. Introduction
In the middle of the 20 th century, Kurt G¨odel showed how to give a computa-tional interpretation and a relative consistency proof of intuitionistic Arithmeticvia his System T of equations between functionals definable by primitive recursion(in higher types) [11, 10]. Thanks to the fact that the induction axiom intuition-istically proves its own double negation translation, the interpretation also appliesto classical Arithmetic. However, since the Axiom of Choice,(AC) ∀ x ∃ yA ( x, y ) → ∃ f ∀ xA ( x, f ( x )) , does not intuitionistically prove its double negation translation, the interpretationdoes not apply to classical Analysis. G¨odel was of course aware of this fact andsuggested [21, § ¬¬∀ x ( A ( x ) ∨ ¬ A ( x )) , known as Kuroda’s Conjecture [24], intuitionistically equivalent to the nowadaysbetter known schema of Double Negation Shift,(DNS) ∀ x ¬¬ B ( x ) → ¬¬∀ xB ( x ) . G¨odel must have also been aware of the difficulty involved in giving a computationalinterpretation to Kuroda’s Conjecture, for already his 1941 lecture at Yale [11]considers the special case when the formula A ( x ) is ∃ y T( x, x, y ) — where T isKleene’s predicate verifying that the Turing machine with code x , when run oninput x , terminates with code y — which directly proves (see [33]) the negation ofthe formal arithmetical version of Church’s Thesis,(CT ) ∀ x N ∃ y N A ( x, y ) → ∃ e N ∀ x N ∃ u N ( T ( e, x, u ) ∧ A ( x, U ( u ))) . In spite of that, Spector and Kreisel [31, 9] managed to give a computationalinterpretation of DNS by extending System T with bar recursion, the computationaladequacy of which was shown using a formal version of Brouwer’s principle of
Bar Induction [31, 14]. This approach to extracting computational content fromproofs in Analysis via an extension of the primitive recursive System T with a general recursive schema, has been much refined over the 50 years since it appeared[22, 32, 20, 2, 1, 3, 4, 29] and has been applied to obtain results in Analysis proper,notably in Kohlenbach’s Proof Mining programme [20].Nevertheless, as Schwichtenberg showed already in 1979 [27], higher type prim-itive recursion is closed over the schema of bar recursion at types 0 and 1, andsince a previous analysis of Kreisel [31, § ∃ α ∈ N → N ∀ x ∈ N A ( α, x ), A -quantifier-free, we in fact known that we shouldneed no more than the primitive recursive functionals themselves in order to givea realizability interpretation of the uniformly realizable part of Analysis. Yet, ithas remained unclear up to this day how to avoid using general recursive schemataaltogether.One alternative is offered by the use of so called computational side-effects (con-trol operators) from the theory of programming languages. Krivine [23] used arealizability interpretation based on a virtual machine which can execute lambdacalculus terms, extended with a control operator and a special machine instructioncalled “quote”. Herbelin [13] gave a more direct approach based on rewrite rules fora type theory extended with a control operator and a coinductive treatment of theexistential quantifier. Both approaches rely on a proper extension of System T thatcan give a computational interpretation to full classical logic. However, given thatthere are classically true arithmetic statements that do not have a recursive realizer,it is not clear what the meaning of control operators outside the Σ -fragment is.In this paper, we show that computational side-effects are not needed in thelanguage of realizers, that is, although they are conceptually essential, control op-erators can be seen as a meta-mathematical technique. Proofs of the Σ -fragment ofAnalysis, with the full Axiom of Choice, are essentially constructive and realizableby System T terms only. The soundness of the interpretation relies on a form ofMarkov’s Principle (the Shift rule), rather than full classical logic [32, 23, 13] orcontinuity principles [31, 14, 1, 3].2.
Conservative extension of System T with operators forcomposable continuations
The constructive interpretation of proofs of Section 3 is based on G¨odel’s SystemT in its lambda-calculus formulation [33, 28]. Nevertheless, we consider it a con-ceptual advantage to use an intermediate system, the System T + obtained whenSystem T is extended with a control operator for composable continuations, theso called call-by-name variant of the shift operator of Danvy and Filinski [7]. Thecontrol operator is a key conceptual ingredient that led us to the interpretation[12, 15, 16, 19].The goal of this technical section is to prove the following conservativity theorem,as well as prove that suitable equations important for Section 3 hold of System T (+) (Proposition 1). Normalization Theorem.
Every term of System T + maps to a term in normalform of System T. NTERPRETATION OF SIGMA-2 ANALYSIS IN SYSTEM T 3
The types of System T (+) are N , functions N → N , functionals (ex. ( N → N ) → N ), and Cartesian products of these. Types will be denoted by σ, τ : T ∋ σ, τ ::= N | σ → τ | σ ∗ τ. Terms of System T + are constants associated with a sequent σ ; . . . ; σ n ⊢ τ (alsowritten γ ⊢ τ for γ a finite ordered list of types) which means that a term is oftype τ and the free variables that appear in the term are of types σ , . . . , σ n . Theterms, marked in sans-serif face, are defined inductively as follows. hyp ( σ ; γ ) ⊢ σ wkn γ ⊢ σ ( τ ; γ ) ⊢ σ lam ( σ ; γ ) ⊢ τγ ⊢ σ → τ app γ ⊢ σ → τ γ ⊢ σγ ⊢ τ pair γ ⊢ σ γ ⊢ τγ ⊢ σ ∗ τ fst γ ⊢ σ ∗ τγ ⊢ σ snd γ ⊢ σ ∗ τγ ⊢ τ zero γ ⊢ N succ γ ⊢ N γ ⊢ N rec γ ⊢ N γ ⊢ σ γ ⊢ N → σ → σγ ⊢ σ shift ( N → σ → N ; γ ) ⊢ N γ ⊢ σ For example, the Ackermann function of type N → N → N in lambda calculusnotation, A := λm. R m ( λn.n + 1)( λm ′ .λu.λn. R n ( u λn ′ .λw.uw )) , where R is a constant such that R 0 ab = a R( n + 1) ab = bn (R nab ) , is defined using the following term: lam ( rec hyp ( lam ( succ hyp ))( lam ( lam ( lam ( rec hyp ( app ( wkn hyp )( succ zero ))( lam ( lam ( app ( wkn ( wkn ( wkn hyp ))) hyp )))))))) . This style of presenting lambda calculus terms, known as deBruijn convention, keepsthe language of terms first-order, that is, it avoids problems related to handlingvariables as names that we have to keep track of externally to the system: hyp denotes the variable corresponding to the nearest preceding lambda abstraction lam or a shift , wkn hyp denotes the second most recent introduced variable, wkn wkn hyp the third one, and so on. Seen as natural numbers ( hyp is 0, wkn is successor),these are just so called deBruijn indices.The terms of System T have a great computational potential, they can computeany higher-type primitive recursive function. There is, however, a subclass of terms DANKO ILIK which denote computations that have finished, the so called terms in normal form .These will be sufficient for denoting programs and data extracted from proofs inclassical Analysis in Section 3. Technically, the normal forms are known as β -normal in reference to the associated β -reduction relation. Here we give a directinductive characterization of normal terms ( ⊢ r ), e γ ⊢ e σγ ⊢ r σ lam ( σ ; γ ) ⊢ r τγ ⊢ r σ → τ pair γ ⊢ r σ γ ⊢ r τγ ⊢ r σ ∗ τ zero γ ⊢ r N succ γ ⊢ r N γ ⊢ r N defined at the same time with the so called neutral terms ( ⊢ e ), hyp ( σ ; γ ) ⊢ e σ wkn γ ⊢ r σ ( τ ; γ ) ⊢ e σ app γ ⊢ e σ → τ γ ⊢ r σγ ⊢ e τ fst γ ⊢ e σ ∗ τγ ⊢ e σ snd γ ⊢ e σ ∗ τγ ⊢ e τ rec γ ⊢ e N γ ⊢ r σ γ ⊢ r N → σ → σγ ⊢ e σ . Neutral terms correspond to computation that are “blocked”: neutral terms arethose that contain open/free variables that block a β -reduction step from happen-ing.A property that will be later used (proof of Corollary 1) follows directly fromthe shape of normal forms: any closed normal term of type N , i.e. a term of type ∅ ⊢ r N , is actually a numeral, that is, built only from zero and succ -terms. Thisfollows because closed normal terms cannot be neutral: a neutral term necessarilyhas at least one free variable.We are now ready to state our first theorem precisely. Normalization Theorem.
There is a normalization procedure ↓ J − K such that,for every term p of System T + of type γ ⊢ τ , the term ↓ J p K is a term in normalform of System T of the same type ( γ ⊢ r τ ). This theorem is not a standard fact from the theory of lambda calculus withcontrol operators. As a matter of fact, we present the first proof that controloperators can be completely eliminated from System T.Specialists will recognize the proof method as a normalization-by-evaluation [5]or type-directed partial evaluation [6] argument. Nevertheless, the addition of con-trol operators requires us to perform the proof in so called continuation-passingstyle ; a similar technique has been used to provide a constructive completeness prooffor non-minimal intuitionistic logic when disjunction and the existential quantifierare present [15, 17].The proof is constructive and can be formalized in a suitable predicative meta-theory such as Martin-L¨of Type Theory (for a modern formulation see [34]). Ather convenience, the reader may find this full mechanization of the proof in Agdanotation in [18]; one can also use this machine-checked constructive proof directlyin order to compute, for example, that the term for the Ackermann function A(3,2)really evaluates to succ · · · succ | {z }
29 times zero . Proof of Normalization Theorem.
Our goal is to define an evaluation function, J ( − ) K : γ ⊢ σ ⇒ γ (cid:13) σ NTERPRETATION OF SIGMA-2 ANALYSIS IN SYSTEM T 5 that maps a term p of type γ ⊢ σ to a forcing set γ (cid:13) σ , together with a reification function, ↓ ( − ) : γ (cid:13) σ ⇒ γ ⊢ r σ, that extracts normal forms (without shift !) from the forcing set. Composing thetwo function, p
7→ ↓ J p K , gives a normalization procedure. (The notation a b c d will be a compact form of a b c d .)We first need a precise way to speak about extensions of type contexts γ (imposedby the fact that we want to normalize potentially open terms). This is formalizedby the initial segment, or prefix, preorder ≥ as follows. ≥ refl γ ≥ γ ≥ cons γ ≥ γ ( σ ; γ ) ≥ γ For example, the proof of τ ; τ ; γ ≥ γ will be denoted by ≥ cons ≥ cons ≥ refl . Thetransitivity of ≥ is proven as the (right-associative) operation ( − ) · ( − ), defined byrecursion on the construction of the proofs of γ ≥ γ and γ ≥ γ .( − ) · ( − ) : γ ≥ γ ⇒ γ ≥ γ ⇒ γ ≥ γ ≥ · ≥ refl = ≥ ≥ refl · ≥ = ≥ ( ≥ cons ≥ ) · ≥ = ≥ cons ( ≥ · ≥ )In this definition, and henceforth, the notation ≥ n will be used to denote a (hypo-thetical) proof of γ n ≥ γ k . For example, given a proof ≥ of γ ≥ σ ; γ , one canprove γ ≥ γ by the denotation ≥ · ≥ cons ≥ refl .We can now define precisely the forcing set γ (cid:13) σ . This is done simultane-ously with the strong forcing set γ (cid:13) s σ , itself defined inductively following theconstruction of the type σ . γ (cid:13) σ = ∀ γ ≥ γ ( ∀ γ ≥ γ ( γ (cid:13) s σ ⇒ γ ⊢ r N ) ⇒ γ ⊢ r N ) γ (cid:13) s N = γ ⊢ r N γ (cid:13) s ( σ → τ ) = ∀ γ ′ ≥ γ ( γ ′ (cid:13) σ ⇒ γ ′ (cid:13) τ ) γ (cid:13) s ( σ ∗ τ ) = γ (cid:13) σ × γ (cid:13) τ We will also need γ ′ (cid:14) γ , the component-wise extension of the forcing relationdefined as follows ([] denotes the empty context). γ ′ (cid:14) [] = ⊤ γ ′ (cid:14) ( σ ; γ ) = ( γ ′ (cid:13) σ ) × ( γ ′ (cid:14) γ )The first equation defines the forcing of the empty context to be the singleton set ⊤ , whose unique inhabitant is denoted tt. The symbol × constructs a Cartesianproduct i.e. pair type in the ambient type theory; the components of a Cartesianproduct can be accessed by the projection operations proj and proj . The terminology “forcing” comes from similarity of our construction with Kripke modelswhich does not intentionally refer to the forcing from Set Theory.
DANKO ILIK
The following operations (lemmas) show that ⊢ r , ⊢ e , (cid:13) , (cid:13) s , (cid:14) are all monotone withrespect to the prefix preorder. The last two operations are defined by induction ontypes and contexts, respectively. p ( − ) q ( − ) : γ ≥ γ ⇒ γ ⊢ r σ ⇒ γ ⊢ r σ p H q ≥ refl = H p H q ≥ cons ≥ = e ( wkn ( p H q ≥ )) x ( − ) y ( − ) : γ ≥ γ ⇒ γ ⊢ e σ ⇒ γ ⊢ e σ x H y ≥ refl = H x H y ≥ cons ≥ = wkn ( e ( x H y ≥ )) ⌈ ( − ) ⌉ ( − ) : γ ≥ γ ⇒ γ (cid:13) σ ⇒ γ (cid:13) σ ⌈ H ⌉ ≥ refl = H ⌈ H ⌉ ≥ cons ≥ = ≥ H ( ≥ · ≥ cons ≥ ) ⌊ ( − ) ⌋ σ ( − ) : γ ≥ γ ⇒ γ (cid:13) s σ ⇒ γ (cid:13) s σ ⌊ H ⌋ σ → τ ≥ = ≥ H ( ≥ · ≥ ) ⌊ ( H , H ) ⌋ σ ∗ τ ≥ = ⌈ H ⌉ ≥ , ⌈ H ⌉ ≥ ⌊ H ⌋ N ≥ = p H q ≥ ⌈⌈ ( − ) ⌉⌉ ( − ) γ : γ ≥ γ ⇒ γ (cid:14) γ ⇒ γ (cid:14) γ ⌈⌈ H ⌉⌉ ≥ [] = H ⌈⌈ H ⌉⌉ ≥ σ ; γ = ⌈ proj H ⌉ ≥ , ⌈⌈ proj H ⌉⌉ ≥ γ Finally, we also need lemmas relating the forcing sets and derivability, the return ( η ) and run ( µ ) operations. η ( − ) : γ (cid:13) s σ ⇒ γ (cid:13) σ µ ( − ) : γ (cid:13) N ⇒ γ (cid:13) s N ηH = ≥ κ κ ≥ refl ⌊ H ⌋ ≥ µH = H ≥ refl ( ≥ α α )Return shows that we can always lift a member of the strong forcing set to a memberof the forcing set. Run shows that, whenever we have a member of a set forcingtype N , we can actually obtain a term of System T in normal form from it; notethat by definition the sets γ (cid:13) s N and γ ⊢ r N are the same. NTERPRETATION OF SIGMA-2 ANALYSIS IN SYSTEM T 7
The reify function ↓ ( − ) shows that we can actually run any forcing set, for anytype σ , and not just for σ = N . It is defined by induction on the type. γ ↓ σ ( − ) : γ (cid:13) σ ⇒ γ ⊢ r σ γ ↓ N H = µH γ ↓ σ → τ H = lam ( γ ↓ τ ( ≥ κ H ( ≥ · ≥ cons ≥ refl )( ≥ φ φ ≥ refl ( ⌈ σ ; γ ↑ σ hyp ⌉ ≥ ·≥ ) ≥ refl ( ≥ κ ( ≥ · ≥ ))))) γ ↓ σ ∗ τ H = pair α ↓ σ ( ≥ κ H ≥ ( ≥ α proj α ≥ refl ( ≥ κ ( ≥ · ≥ )))) α ↓ τ ( ≥ κ H ≥ ( ≥ α proj α ≥ refl ( ≥ κ ( ≥ · ≥ ))))The case of arrow type forces us to define, at the same time with the reify function,the reflect function ↑ ( − ): γ ↑ σ ( − ) : γ ⊢ e σ ⇒ γ (cid:13) σ γ ↑ N p = η ( e p ) γ ↑ σ → τ p = η ( ≥ α γ ↑ τ app ( x p y ≥ , γ ↓ σ α )) γ ↑ σ ∗ τ p = η ( γ ↑ σ fst p, γ ↑ τ snd p )Note that this function needs as domain only the neutral terms.Finally, we are ready to define the evaluation function J − K that constructs amember of the forcing set for any input term of System T + . The definition is by DANKO ILIK recursion on the construction of the term p . γ J ( − ) K σ ( − ) : γ ⊢ σ ⇒ ∀ γ ′ (cid:14) γ ( γ ′ (cid:13) σ ) J hyp K ρ = proj ρ J wkn p K ρ = J p K proj ρ J lam p K ρ = η ( ≥ α J p K ( α, ⌈⌈ ρ ⌉⌉ ≥ ) ) J app ( p, q ) K ρ = ≥ κ J p K ρ ≥ ( ≥ φ φ ≥ refl ( J q K ⌈⌈ ρ ⌉⌉ ≥ ·≥ ) ≥ refl ( ≥ κ ( ≥ · ≥ ))) J pair ( p, q ) K ρ = η ( J p K ρ , J q K ρ ) J fst p K ρ = ≥ κ J p K ρ ≥ ( ≥ α proj α ≥ refl ( ≥ κ ( ≥ · ≥ ))) J snd p K ρ = ≥ κ J p K ρ ≥ ( ≥ α proj α ≥ refl ( ≥ κ ( ≥ · ≥ ))) J shift p K ρ = ≥ κ µ J p K η ( ≥ ν η ( ≥ α η ( α ≥ refl ( ≥ κ ( ≥ ·≥ ·≥ ))))) , ⌈⌈ ρ ⌉⌉ ≥ J zero K ρ = η ( zero ) J succ p K ρ = η ( succ ( µ J p K ρ )) J rec ( n, a, f ) K ρ = ≥ κ J n K ρ ≥ ( ≥ ν
7→ { ν } ⌈⌈ ρ ⌉⌉ ≥ ·≥ ≥ refl ( ≥ κ ( ≥ · ≥ )))where { zero } ρ ′ = J a K ρ ′ { succ r } ρ ′ = ≥ κ J f K ⌈⌈ ρ ′ ⌉⌉ ≥ ≥ refl ( ≥ γ γ ≥ refl ( η p r q ≥ ·≥ ) ≥ refl ( ≥ δ
7→ { r } ρ ′ ( ≥ · ≥ · ≥ )( ≥ α δ ≥ ( ηα ) ≥ refl ( ≥ κ ( ≥ · ≥ · ≥ · ≥ ))))) { e e } ρ ′ = ↑ rec ( e, ↓ J a K ρ ′ , ↓ J f K ρ ′ )Note that the argument ρ is of type γ ′ (cid:14) γ .For γ ′ = γ , such a ρ can always be constructed by reflecting the term hyp : ⇑ γ : γ (cid:14) γ ⇑ [] = tt ⇑ σ ; γ = ( ↑ σ hyp ) , ⌈⌈⇑ γ ⌉⌉ ≥ cons ≥ refl We have therefore shown that, given p : γ ⊢ σ of System T + , there is a term innormal form ↓ J p K ρ : γ ⊢ r σ of System T, for every ρ , and in particular one suchterm is ↓ J p K ⇑ γ . (cid:3) The following proposition characterizes the equational theory generated by thenormalization procedure. It will be used in the proof of Soundness Theorem ofSection 3. This has also been machine checked and is available in Agda notationfrom [18].
NTERPRETATION OF SIGMA-2 ANALYSIS IN SYSTEM T 9
Proposition 1.
The following definitional equalities hold, ↓ J wkn p K α,ρ = ↓ J p K ρ for α ∈ τ ; γ (cid:13) τ (1) ↓ J hyp K α,ρ = ↓ α for α ∈ γ (cid:13) τ (2) ↓ J fst pair ( p, q ) K ρ = ↓ J p K ρ (3) ↓ J snd pair ( p, q ) K ρ = ↓ J q K ρ (4) ↓ J app ( lam p, q ) K ρ = ↓ J p K J q K ρ ,ρ (5) ↓ J rec ( zero , p, q ) K ρ = ↓ J p K ρ (6) ↓ J rec ( succ r, p, q ) K ρ = ↓ J app ( app ( q, r ) , rec ( r, p, q )) K ρ (7) ↓ N J shift p K ρ = ↓ N J p K φ,ρ (8) ↓ N J app ( app ( hyp , x ) , y ) K φ,ρ = ↓ N J y K φ,ρ (9) where for the last two equations, φ := η ( ≥ ν η ( ≥ α η ( µα ))) , and x, y : N → N → N ⊢ N .Proof. Equations (1)–(7) follow from the ones that hold already of the J − K ( − ) func-tion. This is because, as an argument to the ↓ ( − ) function, the evaluation functionis always applied to some ≥ and κ . J p K ρ ≥ κ = J q K ρ ≥ κ J wkn p K α,ρ ≥ κ = J p K ρ ≥ κ J hyp K α,ρ ≥ κ = α ≥ κ J fst pair ( p, q ) K ρ ≥ κ = J p K ρ ≥ κ J snd pair ( p, q ) K ρ ≥ κ = J q K ρ ≥ κ J app ( lam p, q ) K ρ ≥ κ = J p K J q K ρ ,ρ ≥ κ J rec ( zero , p, q ) K ρ ≥ κ = J p K ρ ≥ κ J rec ( succ r, p, q ) K ρ ≥ κ = J app ( app ( q, r ) , rec ( r, p, q )) K ρ ≥ κ These equations come out by unfolding the definition and occasionally using an η -equality step of the form ( α φα ) = φ .Equations (8)–(9) also follow by definition, this time reification being applied foronly one concrete type, N . (cid:3) A modified realizability interpretation of Analysis
By a logical theory sufficient to formalize proofs of Analysis we have in mindthe System HA ω + of Figure 1 together with the full axiom of choice schema AC = ∪ σ,τ ∈T AC στ ,(AC στ ) ∀ x σ ∃ τ yA ( x, y ) → ∃ σ → τ f ∀ x σ A ( x, f ( x )) . This formulation of the axiom is strictly stronger than the Axiom of DependentChoices which usually treated in the context of realizability interpretations forAnalysis. One can also consider the axioms of Figure 2 to be part of HA ω + . It isknown that due to their logical form, the proof interpretation that we are going to Ax A, Γ ⊢ A Γ ⊢ A Wkn B, Γ ⊢ AA, Γ ⊢ B → I Γ ⊢ A → B Γ ⊢ A → B Γ ⊢ A → E Γ ⊢ B Γ ⊢ A ∧ B ∧ E Γ ⊢ A Γ ⊢ A ∧ B ∧ E Γ ⊢ B Γ ⊢ A Γ ⊢ B ∧ I Γ ⊢ A ∧ B Γ ⊢ A ( r τ ) ∃ I Γ ⊢ ∃ x τ A ( x )Γ ⊢ ∃ x τ A ( x ) Γ ⊢ ∀ x τ ( A ( x ) → B ) x FV( B ) ∃ E Γ ⊢ B Γ ⊢ A ( x τ ) x FV(Γ) ∀ I Γ ⊢ ∀ x τ A ( x ) Γ ⊢ ∀ x τ A ( x ) ∀ E Γ ⊢ A ( r τ )Γ ⊢ A ( zero ) Γ ⊢ ∀ x N ( A ( x ) → A ( succ x )) Ind Γ ⊢ ∀ x N A ( x ) ∀ x N ( A ( x ) → S ( x )) , Γ ⊢ S ( r ) Shift Γ ⊢ A ( r ) ( A, S ∈ Σ ) Figure 1:
A natural deduction system for the theory HA ω + employ has no modifying effect on them. On the other hand, they can indicate inwhich sense the realizability model supports extensionality.HA ω + is a first-order, predicate logic which is multi-sorted, that is, has variablesand quantifiers that range over the types of System T. The system is “minimal” inthe sense of Schwichtenberg [28] – one wants to know that the method works evenif we do not have a special treatment of the absurdity symbol ⊥ ; one can work withany fixed formula N as if it were ⊥ .HA ω + has explicit rules for dealing with the existential quantifier (disjunctionhas not been included for the sake of simplicity). This, together with the special Shift rule, justifies the plus superscript + in the name. The rule Shift is a generalform of the more usual double-negation elimination rule, restricted to Σ -formulas,that is precisely suitable for a simple proof of the Soundness Theorem. It haspreviously been used by Nakata and the author in a semi-classical logic context[16, 19].The class of Σ -formulas consists of formulas S of the following form, S ::= N | ∃ x N N | N → S | N ∧ S | S ∧ N, where N stands for so called computationally irrelevant formulas [29], defined in-ductively by N ::= P | N ∧ N | ∀ x τ N | A → N, where P stands for prime formulas (predicates) and A has no restrictions on theform. NTERPRETATION OF SIGMA-2 ANALYSIS IN SYSTEM T 11 ↓ J r K ⇑ Γ = ↓ J s K ⇑ Γ Refl Γ ⊢ r τ . = s τ Γ ⊢ A ( r ) Γ ⊢ r . = s Comp Γ ⊢ A ( s )Γ ⊢ ( succ r ) . = zero Cont Γ ⊢ ⊥ Γ ⊢ ⊥ Efq Γ ⊢ A Figure 2:
Additional rules for equality (computationally irrelevant)As our interpretation we will use a version of Kreisel’s so called modified realiz-ability interpretation [33, 20], optimised similarly to the work of Berger, Buchholz,Schwichtenberg, and Seisenberger [2, 29]. However, the key addition is that therealizing terms will also be computed by normalized instances of the shift term.
Definition 1.
Given a context Γ and an interpretation of hypotheses ρ : | Γ | (cid:14) | Γ | ,the modified realizability interpretation “ p mr A ” of a formula A by a term p oftype | Γ | ⊢ r | A | of System T is defined by the following formula translation, p mr N := N (for any term p of type N ) p mr N ∧ B := N ∧ ( p mr B ) p mr A ∧ N := ( p mr A ) ∧ Np mr A ∧ B := ( ↓ J fst p K ρ mr A ) ∧ ( ↓ J snd p K ρ mr B ) p mr N → B := N → ( p mr B ) p mr A → B := ∀ x ([ ↓ J x K ρ mr A ] → [ ↓ J app ( p, x ) K ρ mr B ]) p mr ∀ x τ A ( x ) := ∀ x τ ( ↓ J app ( p, x ) K ρ mr A ( x )) p mr ∃ x τ N ( x ) := N ( p ) p mr ∃ x τ A ( x ) := ↓ J snd p K ρ mr A ( ↓ J fst p K ρ ) , in which N denotes a computationally irrelevant formula, and where the type | A | of the realizing term p is computed as follows: | N | := N | N ∧ B | := | B || A ∧ N | := | A || A ∧ B | := | A | ∗ | B || N → B | := | B || A → B | := | A | → | B ||∀ x τ A | := τ → | A ||∃ x τ N | := τ |∃ x τ A | := τ ∗ | A | The map | · | is extended to contexts Γ by | C , . . . , C n | := | C | ; · · · ; | C n | .Note that Σ -formulae are exactly those ones that are realized by a term of type N . Our main result is the following one.
Soundness Theorem.
If HA ω + +AC proves C , C , . . . , C n ⊢ A, and A is compu-tationally relevant, then there exists a term p of System T + such that HA ω + aloneproves that, for every ρ : | C | , | C | , . . . , | C n | (cid:14) | C | , | C | , . . . , | C n | , ↓ J hyp K ρ mr C , ↓ J wkn hyp K ρ mr C , . . . , ↓ J wkn n hyp K ρ mr C n ⊢ ↓ J p K ρ mr A. Proof.
The proof is by induction on the derivation of C , C , . . . , C n ⊢ A and pro-vides the same realizing terms as Kreisel’s modified realizability interpretation ofHA ω +AC. The additional rule of Shift (treated in more detail below) is realizedvia the shift term of System T + , nevertheless normalized to System T using ↓ J · K .We will denote by p realizing terms provided by the induction hypothesis foreach proof rule. If there are two induction hypotheses, the term corresponding tothe second, right premise of the proof rule will be denoted by q .As a general guide, the elimination rules are enough to prove their own soundness,while the introduction rules and the rules AC, Wkn , Ind , and
Shift also need touse the definitional equalities of Proposition 1.In general, the axiom AC στ is realized by the term lam pair ( lam app ( fst wkn hyp , hyp ) , lam app ( snd wkn hyp , hyp )) . When the formula A ( x, y ) is computationally irrelevant, the realizer is the term lam hyp . The proof in both cases is a trivial intuitionistic implication and does notrequire AC στ itself. Equations (1)-(5) of Proposition 1 are nevertheless used. Ax is realized by hyp . Wkn is realized by wkn p and verified using equation (1) and (2).The general case of → I , when A from A → B is computationally relevant, isrealized by lam p and verified using equations (5), (2), and (1). The inductionhypothesis needs to be used with the context ρ := ( J x K ρ , ρ ), where x comes fromthe unfolding of the mr-definition for implication. The special case, when A iscomputationally irrelevant, is rather realized by the term p only.When A from A → B is computationally relevant, the case → E is realized by app ( p, q ). When A is irrelevant, the realizing term is just p . ∧ E is realized using fst p , in general, while in the case where one of the conjunctsof A ∧ B is irrelevant, the realizer is just p . ∧ E is realized using snd p , in general, while in the case where one of the conjunctsof A ∧ B is irrelevant, the realizer is just p .In general, ∧ I is realized using pair ( p, q ) and verified via equations (3) and (4).When A from A ∧ B is irrelevant, the realizer is q , while when B is irrelevant, therealizer is p .In general, ∃ I is realized by pair ( p, q ) and verified via equations (3) and (4).When A ( x ) from ∃ xA ( x ) is computationally irrelevant, then the realizer is r , thewitnessing term. ∃ E is realized by app ( app ( q, fst p ) , snd p ), in general. When A ( x ) from ∃ xA ( x ) iscomputationally irrelevant, then the realizer is app ( q, p ). ∀ I is realized by lam p . For verification, it is necessary to apply equation (5) andto use the induction hypothesis with context ρ := ( J x K ρ , ρ ). ∀ E is realized by app ( p, r ). Ind is realized by lam rec ( hyp , p, q ) and using equations (6) and (7). NTERPRETATION OF SIGMA-2 ANALYSIS IN SYSTEM T 13
Shift is realized by shift p (normalized to System T using ↓ J − K ). The goal isto prove ↓ J hyp K ρ mr C , . . . , ↓ J wkn n hyp K ρ mr C n ⊢ ↓ J shift p K ρ mr A ( r ) . Using equation (8), we obtain φ and the goal becomes ↓ J hyp K ρ mr C , . . . , ↓ J wkn n hyp K ρ mr C n ⊢ ↓ J p K φ,ρ mr A ( r ) . We can now use the induction hypothesis with ρ := ( φ, ρ ), ↓ J hyp K φ,ρ mr ∀ x N ( A ( x ) → S ( x )) , ↓ J wkn hyp K φ,ρ mr C , . . . , ↓ J wkn n +1 hyp K φ,ρ mr C n ⊢ ↓ J p K φ,ρ mr S ( r ) . Thanks to equation (1), the induction hypothesis becomes ↓ J hyp K φ,ρ mr ∀ x N ( A ( x ) → S ( x )) , ↓ J hyp K ρ mr C , . . . , ↓ J wkn n hyp K ρ mr C n ⊢ ↓ J p K φ,ρ mr S ( r ) . Finally, thanks to equation (9), we can finish the proof by applying the
Shift rulefor: S ′ ( x, y ) := ↓ J y K φ,ρ mr S ( x ) A ′ ( x, y ) := ↓ J y K φ,ρ mr A ( x ) . (cid:3) Remark . The
Shift case in the proof of the Soundness Theorem only uses thecase where shift is reified at type N . This use does not exhaust the possibilities ofthe realizability model. For example, one can prove the soundness of the Shift rule for A = A ∧ A or A = ∃ z N A ( z ), when A i ∈ Σ , by using the equations ↓ τ ∗ σ J p K ρ = pair ( ↓ τ J fst p K ρ , ↓ σ J snd p K ρ ) ↓ N ∗ σ J fst shift p K ρ = ↓ N J p K φ ,ρ ↓ τ ∗ N J snd shift p K ρ = ↓ N J p K φ ,ρ ↓ N J app ( app ( hyp , x ) , y ) K φ ,ρ = ↓ N J fst y K φ ,ρ ↓ N J app ( app ( hyp , x ) , y ) K φ ,ρ = ↓ N J snd y K φ ,ρ where x : N → N ∗ N → N ; γ ⊢ N y : N → N ∗ N → N ; γ ⊢ N ∗ N φ := η ( ≥ ν η ( ≥ α η ( α ≥ refl ( ≥ γ (proj γ ))))) φ := η ( ≥ ν η ( ≥ α η ( α ≥ refl ( ≥ γ (proj γ ))))) . The induction hypothesis needs to be used twice, once for φ and once for φ .Similar equations hold for function types: γ ↓ N J app ( shift p, z ) K ρ = N → ( N → N ) → N ; γ ↓ N J p K φ ,ρ φ := η ( ≥ ν η ( ≥ α η ( α ≥ refl ( ≥ γ µ ( γ ≥ refl J z K ⌈⌈ ρ ⌉⌉ ≥ ·≥ ·≥ )))))Nevertheless, it does not appear to be possible to prove the soundness of the Shift rule even for the case | A | = N → N in general, since it is well known that thereare already classically true Σ -formulas which do not have a recursive realizer. Still, it may be the case that the realizability model can be used to give a soundcomputational interpretation of particular Σ (or more complex) formulas. Corollary 1.
The Σ -fragment of classical Analysis satisfies the Existence Prop-erty, Given a derivation of Γ ⊢ ∃ x τ A ( x ) , there exists a term p of type τ of System T such that Γ ⊢ A ( p ) .and, consequently, the Weak Church’s Rule,Given a (closed) derivation of ∅ ⊢ ∀ x N ∃ y N A ( x, y ) , there exists atotal recursive function f : N → N such that, for all n ∈ N , we havethat ∅ ⊢ A ( n , fn ) , where m denotes the term succ · · · succ | {z } m times zero .Proof. The proof method is not new (see Corollary 5.24 of [20] and paragraph 1.11.7of [33]). If the formula A is of the class Γ [33, 20],Γ ∋ G ::= N | G ∧ G | ∀ xG | ∃ xG | S → G, (where S is a Σ -formula and N is computationally irrelevant) then already intu-itionistic logic shows that ⊢ ( p mr A ) → A . If A is outside this class, one first needsto define the “with truth” variant of modified realizability in which one replacesthe clause for implication of mr-interpretation of Definition 1 by p mrt A → B := ∀ x ([ ↓ J x K ρ mrt A ] → [ ↓ J app ( p, x ) K ρ mrt B ]) ∧ ( A → B ) . The Soundness Theorem is provable for mrt with the same realizing terms, butnow we also have, for any formula A , ( p mrt A ) → A . This directly implies theExistence Property.For the special case when Γ = ∅ and τ = N , we get the Numerical ExistenceProperty:Given a (closed) derivation of ∅ ⊢ ∃ y N A ( y ), there exists n : N suchthat ∅ ⊢ A ( n ).This follows from the fact that a closed derivation has a realizer that is a closed term(does not have non-bound hyp subterms). Since the realizer is necessarily in normalform, and since it is not neutral (all neutral terms have at least one non-boundoccurrence of hyp ), then the realizer must be of the required form succ · · · succ | {z } n times zero .To show the Weak Church’s Rule, we use elementary Recursion Theory. Like alltheories over countable languages, HA ω + +AC is recursively axiomatizable, that is,there exists a recursive predicate Proof( k, l ) formalizing the fact that k ∈ N is acode for a derivation of the formula coded by l ∈ N .Let g ( n ) = min m Proof( j m, p A ( n, j m ) q ), where j and j are the projectionsof some surjective pairing function. As defined, g is a partial recursive function.Now, given ∅ ⊢ ∀ x N ∃ y N A ( x, y ) and n ∈ N , we obtain ∅ ⊢ ∃ y N A ( n, y ), and by theNumerical Existence Property we obtain m ∈ N such that ⊢ A ( n, m ). We provedthat, for every n , there exists m such that ∅ ⊢ A ( n, m ) which shows that thefunction g is total recursive. We may now take f ( n ) := j ( g ( n )) and by definitionwe have that, for any n , ∅ ⊢ A ( n, f ( n )). (cid:3) Note that the class Σ includes the following schemata,(MP) ¬ N ¬ N ∃ x N M ( x ) → ∃ x N M ( x ) , NTERPRETATION OF SIGMA-2 ANALYSIS IN SYSTEM T 15 (DNS) ∀ x N ¬ N ¬ N A ( x ) → ¬ N ¬ N ∀ x N A ( x ) , where M, N denote computationally irrelevant formulas and ¬ N A denotes negationin minimal logic, that is A → N for a fixed N .The Existence Property implies that principles like MP and DNS can justlybe considered as constructive even in presence of induction and the full Axiom ofChoice, partly extending previous works [33, 8, 30, 12, 16]. Similar conclusionsfollow from the work of Rand Moschovakis that uses a version of Kleene’s general-recursive realizability [26].Weak Church’s Rule seems to justify why, even constructively, CT deserves thename “the false Church’s Thesis” [25]. Acknowledgments
This work was funded by Kurt G¨odel Research Prize Fellowship 2011 and ERCAdvanced Grant ProofCert. I would also like to thank Mart´ın Escard´o, JaimeGaspar, Keiko Nakata, and Dirk Pattinson for comments on an earlier version ofthis paper, and Dale Miller for providing scientific liberty.
References [1] Ulrich Berger. A computational interpretation of open induction. In
Proceedings of the 19thAnnual IEEE Symposium on Logic in Computer Science (LICS’04) , pages 326–334. IEEEComputer Society, 2004.[2] Ulrich Berger, Wilfried Buchholz, and Helmut Schwichtenberg. Refined program extractionfrom classical proofs.
Annals of Pure and Applied Logic , 114:3–25, 2002.[3] Ulrich Berger and Paulo Oliva. Modified bar recursion and classical dependent choice.
Springer-Verlag Lecture Notes in Logic , 20:89–107, 2005.[4] Ulrich Berger and Paulo Oliva. Modified bar recursion.
Mathematical Structures in ComputerScience , 16:163–183, 2006.[5] Ulrich Berger and Helmut Schwichtenberg. An inverse of the evaluation functional for typedlambda-calculus. In
LICS , pages 203–211. IEEE Computer Society, 1991.[6] Olivier Danvy. Type-directed partial evaluation. In
POPL , pages 242–257, 1996.[7] Olivier Danvy and Andrzej Filinski. Abstracting control. In
LISP and Functional Program-ming , pages 151–160, 1990.[8] Dov M. Gabbay. Applications of trees to intermediate logics.
The Journal of Symbolic Logic ,37:135–138, 1972.[9] Kurt G¨odel.
Collected works. Publications 1938–1974 , volume II, chapter Postscript to Spec-tor 1962, page 253. The Clarendon Press Oxford University Press, New York, 1962.[10] Kurt G¨odel.
Collected works. Publications 1938–1974 , volume II, chapter On a hitherto unuti-lized extension of the finitary standpoint, pages 241–251. The Clarendon Press Oxford Uni-versity Press, New York, 1990. (English translation of the original 1958 article).[11] Kurt G¨odel.
Collected works. Unpublished essays and lectures , volume III, chapter In whatsense is intuitionistic logic constructive, pages 189–200. The Clarendon Press Oxford Univer-sity Press, 1995. (early lecture on the Dialectica interpretation from 1941).[12] Hugo Herbelin. An intuitionistic logic that proves Markov’s principle. In
Proceedings of the25th Annual IEEE Symposium on Logic in Computer Science, LICS 2010, 11-14 July 2010,Edinburgh, United Kingdom , pages 50–56. IEEE Computer Society, 2010.[13] Hugo Herbelin. A constructive proof of dependent choice, compatible with classical logic.In
Proceedings of the 27th Annual ACM/IEEE Symposium on Logic in Computer Science,LICS 2012, 25-28 June 2012, Dubrovnik, Croatia , pages 365 – 374. IEEE Computer Society,2012.[14] William Alvin Howard. Functional interpretation of bar induction by bar recursion.
Compo-sition Mathematica , 20:107–124, 1968.[15] Danko Ilik.
Constructive Completeness Proofs and Delimited Control . PhD thesis, ´EcolePolytechnique, October 2010. [16] Danko Ilik. Delimited control operators prove double-negation shift.
Annals of Pure andApplied Logic , 163(11):1549 – 1559, 2012.[17] Danko Ilik. Continuation-passing style models complete for intuitionistic logic.
Annals ofPure and Applied Logic , 164(6):651 – 662, 2013.[18] Danko Ilik. Formal proof of normalization of System T+ in Agda. Available at , 2014.[19] Danko Ilik and Keiko Nakata. A direct version of Veldman’s proof of open induction on Can-tor space via delimited control operators.
Leibniz International Proceedings in Informatics(LIPIcs) , 26:188–201, 2014.[20] Ulrich Kohlenbach.
Applied Proof Theory: Proof Interpretations and Their Use in Mathe-matics . Springer Monographs in Mathematics. Springer-Verlag, Berlin, Heidelberg, 2008.[21] Georg Kreisel. Interpretation of analysis by means of constructive functionals of finite types.In Arend Heyting, editor,
Constructivity in Mathematics, Proceedings of the colloqium heldat Amsterdam, 1957 , Studies in Logic and The Foundations of Mathematics, pages 101–127.North-Holland Publishing Company Amsterdam, 1959.[22] Georg Kreisel. Review of the paper “The model G of the theory BR” by Ersov.
Zentralblattf¨ur Mathematik und ihre Grenzgebiete , 312, 1976.[23] Jean-Louis Krivine. Dependent choice, ‘quote’ and the clock.
Theoretical Computer Science ,308(1–3):259 – 276, 2003.[24] Sigekatu Kuroda. Intuitionistische untersuchungen der formalistischer logik.
Nagoya Mathe-matical Journal , 3:35–47, 1951.[25] Henri Lombardi and Claude Quitt´e.
Alg`ebre commutative – M´ethodes constructives . Calvage& Mounet, Paris, 2011.[26] Joan Rand Moschovakis. Analyzing realizability by Troelstra’s methods.
Annals of Pure andApplied Logic , 114:203–225, 2002.[27] Helmut Schwichtenberg. On bar recursion of types 0 and 1.
The Journal of Symbolic Logic ,44(3), 1979.[28] Helmut Schwichtenberg and Stanley S. Wainer.
Proofs and Computations . Perspectives inLogic. Cambridge University Press, 2012.[29] Monika Seisenberger. Program from proofs using classical dependent choice.
Annals of Pureand Applied Logic , 153:97–110, 2008.[30] Jonathan P. Seldin. On the proof theory of the intermediate logic MH.
The Journal of Sym-bolic Logic , 51(3):626–647, 1986.[31] Clifford Spector. Provably recursive functionals of analysis: a consistency proof of analysis byan extension of principles formulated in current intuitionistic mathematics. In
Proc. Sympos.Pure Math., Vol. V , pages 1–27. American Mathematical Society, Providence, R.I., 1962.[32] Marc Bezem Stefano Berardi and Thierry Coquand. On the computational content of theaxiom of choice.
The Journal of Symbolic Logic , 63(2):600–622, 1998.[33] Anne S. Troelstra, editor.
Metamathematical Investigations of Intuitionistic Arithmetic andAnalysis . Number 344 in Lecture Notes in Mathematics. Springer-Verlag, Berlin, Heidelberg,New York, 1973.[34] The Univalent Foundations Program.