Interactive Realizability and the elimination of Skolem functions in Peano Arithmetic
We present a new syntactical proof that first-order Peano Arithmetic with Skolem axioms is conservative over Peano Arithmetic alone for arithmetical formulas. This result – which shows that the Excluded Middle principle can be used to eliminate Skolem functions – has been previously proved by other techniques, among them the epsilon substitution method and forcing. In our proof, we employ Interactive Realizability, a computational semantics for Peano Arithmetic which extends Kreisel’s modified realizability to the classical case.
For a long time it has been known that intuitionistic realizability can be used as a flexible tool for obtaining a wealth of unprovability, conservativity and proof-theoretic results [27, 29]. As title of example, with Kreisel’s modified realizability , one can show the unprovability of Markov Principle in Heyting Arithmetic in all finite types () and the conservativity of with the Axiom of Choice () over for negative formulas. In both cases, one starts by showing that any formula provable in one of those systems can be shown to be realizable in . In the first case, one proves that the realizability of Markov Principle implies the solvability of the Halting Problem, and concludes that Markov Principle is unprovable in . In the second, one exploits the fact that the assertion “ realizes ” is exactly the formula when is negative and concludes that proves .
The situation in classical logic has been very different: for a long time it did not exist any realizability notion suitable to interpret directly classical proofs, let alone proving independence or conservation results. However, recently several classical realizability interpretations have been put forward. Among them: Krivine’s classical realizability , which has been shown in  to yield striking unprovability results in Zermelo-Fraenkel set theory, and Interactive realizability [5, 8, 10, 11], which has been shown in [7, 10] to provide conservation results for -formulas.
Being a tool for extracting programs from proofs, it is however quite natural that Interactive realizability is capable of producing -conservativity results. The aim of this paper is to prove that Interactive realizability can as well be used to prove other conservativity results. In particular, let us consider first-order classical Peano Arithmetic , which is , where is the excluded middle over arithmetical formulas. Then we give a new syntactic proof that with the Skolem axiom scheme is conservative over for arithmetical formulas – a result first syntactically proven by Hilbert and Bernays  by means of the epsilon substitution method. The result is particularly interesting since it implies that classical choice principles can be eliminated by using the excluded middle alone. The structure of our proof resembles the pattern of the intuitionistic-realizability conservation proofs we have sketched above and allows to obtain a stronger result. Namely, we shall show that if an arithmetical formula is provable in , then the assertion “ realizes ” is provable in alone. Afterwards, we shall show the provability in of the assertion “( realizes ) implies ” and thus conclude that proves . Since this latter system is conservative over for arithmetical formulas, we obtain the result.
In our opinion, there are at least two reasons our proof technique is interesting. As remarked by Avigad, the methods based on the epsilon-method, Herbrand’s Theorem or cut-elimination lead to an exponential increase in the size of the proof, when passing from a proof in to a corresponding proof in ; instead, we conjecture that our transformation is polynomial. To the best of our knowledge, there is only another method that does equally well, which is Avigad’s . The technique of Avigad is related to ours since it uses the method of forcing, in which the conditions are finite approximations of the Skolem functions used in the proof. With forcing one avoids speaking about infinite non-computable objects (i.e. the Skolem functions) and can approximate the original proof. Avigad’s method is very simple and elegant when there is only one Skolem function to eliminate, but it becomes more complicated and difficult to handle when dealing with several Skolem functions. In fact, a nesting of the notion of forcing together with a technical result about elimination of definitions become necessary and the method loses some intuitive appeal. Instead, the use of Interactive realizability allows to deal with all the Skolem functions at the same time, and we conjecture that the resulting proofs are much shorter than the ones obtained by forcing. Moreover, the notion of forcing as an approximation of model-theoretic truth is harder to come up with, and it is much more natural to talk about states and approximations when dealing with programs.
Secondly, the theory of Interactive realizability offers a uniform explanation of a number of different phenomena. Rather than proving each particular meta-theoretic result about classical Arithmetic with an ad-hoc technique, one employs a single methodology. For example, one may prove conservativity of over for -formulas by a negative translation followed by Friedman’s translation ; one may extract from proofs terms of Gödel’s System by realizability or functional interpretations ; one may prove the result about the elimination of Skolem functions with forcing; one may extract from proofs strategies in backtracking Tarski games by analyzing sequent calculus proofs ; one may obtain a simple ordinal analysis of by using update procedures . Instead, with the theory of Interactive realizability one obtains all the results above as a consequence of a single concept (see [7, 9, 11]).
Plan of the paper
In Section §2 we review the term calculus in which Interactive realizers are written, namely an extension of Gödel’s system plus Skolem function symbols for a countable collection of Skolem functions. In Section §3 we recall Interactive realizability, as described in , a computational semantics for , an arithmetical system with functional variables which includes first-order classical Peano Arithmetic and Skolem axioms. In Section §4 we use Interactive realizability to prove the conservativity of over for arithmetical formulas. In Section §5 we explain in more detail how to formalize the proofs of Section 4 in and .
2 The Term Calculus
In this section we follow  and recall the typed lambda calculi and in which interactive realizers are written. is an extension of Gödel’s system (as presented in Girard ) with some syntactic sugar. The basic objects of are numerals, booleans, and its basic computational constructs are primitive recursion at all types, if-then-else, pairs, as in Gödel’s . also includes as basic objects finite partial functions over and simple primitive recursive operations over them. is obtained from by adding on top of it a collection of Skolem function symbols of type , one for each arithmetical formula. The symbols are inert from the computational point of view and realizers are always computed with respect to some approximation of the Skolem maps represented by .
In order to define , we start by introducing the concept of “update”, which is nothing but a finite partial function over . Realizers of atomic formulas will return these finite partial functions, or “updates”, as new pieces of information that they have learned about the Skolem function . Skolem functions, in turn, are used as “oracles” during computations in the system . Updates are new associations input-output that are intended to correct, and in this sense, to update, wrong oracle values used in a computation.
Definition 1 (Updates and Consistent Union)
An update set , shortly an update, is a finite set of triples of natural numbers representing a finite partial function from to .
Two triples and of numbers are consistent if and implies . Two updates are consistent if is an update.
is the set of all updates.
The consistent union of is minus all triples of which are inconsistent with some triple of .
The consistent union is an non-commutative operation: whenever a triple of and a triple of are inconsistent, we arbitrarily keep the triple of and we reject the triple of , therefore for some we have . represents a way of selecting a consistent subset of , such that .
2.2 The System
is formally described in figure 1. Terms of the form will be sometimes written in the more legible form . A numeral is a term of the form . For every update , there is in a constant , where is a new base type representing . We write for . In , there are four operations involving updates (see figure 1):
The first operation is denoted by the constant . takes as argument an update constant ; it returns the minimum numeral such that for some , if any exists; it returns otherwise.
The second operation is denoted by the constant . takes as arguments an update constant and three numerals ; it returns if for some (i.e. if belongs to the domain of the partial function ); it returns otherwise.
The third operation is denoted by the constant . takes as arguments three numerals and transforms them into (the constant coding in ) the update .
The forth operation is denoted by the constant . takes as arguments two update constants and returns the update constant denoting their consistent union.
We observe that the constants , and the type are just syntactic sugar and may be avoided by coding finite partial functions into natural numbers. System may thus be coded in Gödel’s .
- Typing Rules for Variables and Constants
- Typing Rules for Composed Terms
- Reduction Rules
All the usual reduction rules for simply typed lambda calculus (see Girard ) plus the rules for recursion, if-then-else and projections
plus the following ones, assuming be numerals:
Lemma 1 (Normal Form Property for )
Assume is either an atomic type or a product type. Then any closed normal term of type is: a numeral , or a boolean , or an update constant , or a constant of type , or a pair .
2.3 The System
We now define a classical extension of , that we call , with a Skolem function symbol for each arithmetical formula. The elements of will represent (non-computable) realizers.
Definition 2 (The System )
Define , where is a countable set of Skolem function constants, each one of type . We assume to have an enumeration of all the constants in (while generic elements of will be denoted with letters ).
Every represents a Skolem function for some arithmetical formula , taking as argument a number and returning some such that is true if any exists, and an arbitrary value otherwise. In general, there is no set of computable reduction rules for the constants in , and therefore no set of computable reduction rules for . Each (in general, non-computable) term is associated to a set of computable terms we call its “approximations”, one for each term of , which is thought as a sequence of computable approximations of the oracles (with we denote ).
Definition 3 (Approximation at State)
A state is a closed term of type of . If is a numeral, with we denote .
Assume and is a state. The “approximation of at a state ” is the term of obtained from by replacing each constant with .
3 Interactive Realizability for
In this section we introduce a notion of realizability based on interactive learning for , Heyting Arithmetic in all finite types (see e.g. Troelstra ) plus Excluded Middle and Skolem axiom schemes for all arithmetical formulas. Then we prove our main Theorem, the Adequacy Theorem: “if a closed formula is provable in , then it is realizable”.
We first define the formal system . We represent atomic predicates of with closed terms of of type . Terms of are elements of and thus may include the function symbols in . We assume having in Gödel’s some terms , implementing boolean connectives. As usual, we shall use infix notation: for example, we write in place of and similarly for the other connectives.
3.1 Language of
We now define the language of the arithmetical theory .
Definition 4 (Language of )
The language of is defined as follows.
The terms of are all .
The atomic formulas of are all such that .
The formulas of are built from atomic formulas of by the connectives as usual, with quantifiers possibly ranging over variables of arbitrary finite type of .
A formula of is said arithmetical if it does not contain constants in and all its quantifiers range over the type , i.e. it has one of the following forms: , with arithmetical and atomic formula of .
We denote with the atomic formula and with the formula . is the dual of implication as in bi-intuitionistic logic and means “ and the opposite of ”. If is a formula of in the free variables and are terms of , with we shall denote the formula . Sequences of variable will be written as . We denote with a term of in the free numeric variables representing a injection of into . Moreover, for every sequence of numerals , we define and assume that the function is a bijection.
The Excluded Middle axiom scheme is defined as the set of all formulas of the form:
where is an arithmetical formula.
The Skolem axiom scheme contains for each arithmetical formula an axiom:
with . We assume that for every there is in one and only one formula in which occurs. Such unique formula is said to be the formula associated to and will be sometimes written as . If is a state and , with we denote and with we denote . We claim that the result of this paper would even hold if the formula was not required to be arithmetical, i.e. it was allowed to contain other Skolem functions previously defined by other Skolem axioms, possibility which in Avigad’s case  complicates the elimination technique considerably.
For each formula of , its involutive negation is defined by induction on . First, we say that an atomic formula is positive if it is of the form , is not of the form , and the number of in front of is even. Then we define:
As usual, one has .
We now fix a special set of formulas .
Definition 5 (Set )
We fix an arbitrary finite set of arithmetical formulas of .
In the following, will serve as a parameter in order to relativize the definitions of the realizability relation and of the ordering of states provided in . The idea is that any given proof in the system uses only a finite number of instances of and . Thus, it is enough to specialize the atomic case of the definition of realizability in such a way it refers only to the formulas in . The restriction is necessary in order to avoid to speak about the truth of an infinite number of formulas, as done in . When we shall have to interpret a particular proof , we will choose as containing all the sub-formulas of the classical axioms appearing in .
3.2 Truth Value of a Formula in a State
The axioms of the system give a great computational power to the system : thanks to the use of Skolem functions as oracles, one can “compute” by a term of the truth value of any arithmetical formula . When one effectively evaluates in a particular state , we say that one computes the truth value of a formula in a state .
Definition 6 (Truth Value of a Formula in a State )
For every arithmetical formula of we define, by induction on , a term of system , with the same free variables of :
We define and call it the truth value of in the state .
Intuitively, if is a closed formula, our intended interpretation is:
is a term of denoting, in any standard model of , the truth value of .
is a term of computing what would be the truth value of in some standard model of under the (possible false) assumption that the interpretation mapping to satisfies the axioms of .
We remark that thus is only a conditional truth value: if is not the correct truth value of – it may well happen – then the interpretation mapping in does not satisfy the axioms of . This subtle point is what makes possible learning in Interactive realizability: whenever a contradiction follows, realizers are able to effectively find counterexamples to the assertion that the interpretation mapping in satisfies the axioms of . We also observe that this way of computing the truth of a formula comes from the epsilon substitution method (see Avigad , Mints et al. ).
Every state is considered as an approximation of the Skolem functions denoted by the constants of : for each formula , may be a correct approximation of on some arguments, but wrong on other ones. More precisely, we are going to consider the set of the pairs such that and is true as the real “domain” of , representing the set of arguments at which is surely a correct approximation of , in the sense that returns an appropriate witness if any exists. We point out that if and , then trivially . The choice is made just for technical convenience, since one is not interested in the behaviour of outside . We also define an ordering between states: we say that if, intuitively, is at least as good an approximation as . Thus, we ask that if is a correct approximation at argument also is and in particular .
Definition 7 (Domains, Ordering between States)
where and range over numerals and sequences of numerals.
Let and be two states. We define if and only if for all , implies .
We remark that by definition, implies and that thanks to the restriction to the relation is arithmetical, because the condition is non-trivial only for finitely many . From now onwards, for every pair of terms of system , we shall write if they are the same term modulo the equality rules corresponding to the reduction rules of system (equivalently, if they have the same normal form).
3.3 Interactive Realizability
For every formula of , we now define what type a realizer of must have.
Definition 8 (Types for realizers)
For each formula of we define a type of by induction on :
Let now , and be the three canonical projections from . We define the realizability relation , where , and .
Definition 9 (Interactive Realizability)
Assume is a state, is a closed term of , is a closed formula, and . We define first the relation by induction and by cases according to the form of :
for some atomic if and only if implies:
for every , for some , and and .
if and only if and
if and only if either and , or and
if and only if for all , if , then
if and only if and
if and only if for all closed terms of ,
if and only for some closed term of , and
We define if and only if for all states of , .
The ideas behind the definition of in the case of are those we already explained in . A realizer is a term of , possibly containing some non-computable Skolem function of ; if such a function was computable, would be an intuitionistic realizer. Since in general is not computable, we calculate its approximation at state . is an intelligent, self-correcting program, representing a proof/construction depending on the state . The realizer interacts with the environment, which may provide a counter-proof, a counterexample invalidating the current construction of the realizer. But the realizer is always able to turn such a negative outcome into a positive information, which consists in some new piece of knowledge learned about some Skolem function .
The next proposition tells that realizability at state respects the notion of equality of terms, when the latter is relativized to state . That is, if two terms are equal at the state , then they realize the same formulas in the state .
Proposition 1 (Saturation)
If and , then if and only if .
Proof. By straightforward induction on .
In the following, we use a standard natural deduction system for , together with a term assignment in the spirit of Curry-Howard correspondence for classical logic. We denote with the derivability relation in that system, where is a term of and is a formula of . All details can be found in , .
The main theorem about Interactive realizability is the Adequacy Theorem: if a closed formula is provable in , then it is realizable (see  for a proof).
Theorem 1 (Adequacy Theorem)
If is a closed formula such that and all the subformulas of the instances of and used in the derivation belong to , then .
4 Conservativity of over ()
The aim of this section is to use Interactive realizability in order to prove that for every arithmetical formula , if then (). Since we know by the Adequacy Theorem 1 that implies and proves , our goal is to show in that implies .
The intuitive reason this latter result is true is the following: one can always find an approximation of the Skolem functions of which is good enough to contain all the information needed by to compute the true witnesses for against any particular purported counterexample. The idea is that one has only to collect finitely many values of each Skolem function called during the execution of the program represented by . To this end, it suffices to invoke the excluded middle a number of times which, intuitively, can be expressed in a proof formalizable in . This is possible because is strong enough to prove the normalization of each term of with respect to any interpretation of its Skolem functions. Finally, if there existed a counterexample to , it would be possible to falsify the construction of the realizer in the state . Since is a self-correcting program, it would be able to correct one of the values of it has used in the computation of some witness for . But is constructed as to be correct on all the values used by , which entails a contradiction.
For example, let . Then one can find a state which contains all the values of the Skolem functions needed to compute . Suppose a counterexample to the formula existed. Then one can find a state which contains all the values of the Skolem functions needed to compute . Now, we would have that is false; thus, would be equal to some update containing some corrections to . We shall show that this will not be the case, and the intuitive reason is that can be chosen as to be correct everywhere it is needed.
We now elaborate our argument. We start with a definition axiomatizing the informal concept that a state contains all the information needed to compute the normal form of a term of ground type. Namely, if for every extending the evaluation of in the state gives the same result obtained evaluating in , then we may assume all the relevant information is already in .
Definition 10 (Definition of a term in a state )
For every state and term of of atomic type, we define (and we say “ is defined in ”) as the statement: for all states , .
Remark. There is another, perhaps more intuitive way to express the concept of “being defined in the state ”. For every state we may define a binary reduction relation as follows: if either in or is obtained from by replacing one of its subterms with a numeral such that . Then one could say that is defined in if where is either a numeral, a boolean or an update. Though this approach works well, it is unsuitable to be directly formalized in , because in that system one cannot express this syntactical reasoning on terms.
We now define for every type a set of “computable” terms of type by means of the usual Tait-style computability predicates . In our case, following the approach of the previous discussion, we consider a term of ground type to be computable if for every state , one can find a state such that is defined in . The notion is lifted to higher types as usual.
Definition 11 (Computable terms)
For every type of , we define a set of closed terms of of type as follows:
= for all states there is a state such that
= for all states there is a state such that
= for all states there is a state such that
In order to show that every term in is computable, as usual we need to prove that the set of computable terms is saturated with respect to some suitable relation. In our case, two terms are related if they are equal in all states greater than some state.
For every term of , if for every state there exists a state and such that for all state , , then .
Proof. By induction on the type .
. Let be a state. We have to show that there exists a state such that . By assumption on there exists a state and such that for all , . Since , there exists such that . Let ; we prove . Let . We have that , by , and , since . Hence, . We conclude and finally .
: as for the case .
. Let . We have to show that . Let be any state. By assumption on there exist a state and such that for all , . Therefore for all , and . Hence, by induction hypothesis, .
. Let , we have to show that . Let be any state. By assumption on there exist and such that for all , . Therefore for all , and . Hence, by induction hypothesis .
We are now ready to prove, by using the excluded middle alone, that every term of is computable.
Theorem 2 (Computability Theorem)
Let be a term of and suppose that all the free variables of are among . If , then