Normalization of IZF with Replacement

# Normalization of IZF with Replacement

Wojciech Moczydłowski Department of Computer Science, Cornell University, Ithaca, NY 14853, USA
###### Abstract.

IZF is a well investigated impredicative constructive version of Zermelo-Fraenkel set theory. Using set terms, we axiomatize IZF with Replacement, which we call IZF, along with its intensional counterpart IZF. We define a typed lambda calculus corresponding to proofs in IZF according to the Curry-Howard isomorphism principle. Using realizability for IZF, we show weak normalization of . We use normalization to prove the disjunction, numerical existence and term existence properties. An inner extensional model is used to show these properties, along with the set existence property, for full, extensional IZF.

###### Key words and phrases:
Intuitionistic set theory, Curry-Howard isomorphism, normalization, realizability
Partly supported by NSF grants DUE-0333526 and 0430161.

\@sect

section1[Introduction]Introduction

Four salient properties of constructive set theories are:

1. Numerical Existence Property (NEP): From a proof of a statement “there exists a natural number such that …” a witness can be extracted.

2. Disjunction Property (DP): If is provable, then either or is provable.

3. Term Existence Property (TEP): If is provable, then is provable for some term .

4. Set Existence Property (SEP): If is provable, then there is a formula such that is provable, where both and are term-free.

How to prove these properties for a given theory? There is a variety of methods applicable to constructive theories. Cut-elimination, proof normalization, realizability, Kripke models…. Normalization proofs, based on the Curry-Howard isomorphism principle, have the advantage of providing an explicit method of witness and program extraction from proofs. They also provide information about the behaviour of the proof system.

We are interested in intuitionistic set theory IZF. It is essentially what remains of ZF set theory after excluded middle is carefully taken away. An important decision to make on the way is whether to use Replacement or Collection axiom schema. We will call the version with Collection IZF and the version with Replacement IZF. In the literature, IZF usually denotes IZF. Both theories extended with excluded middle are equivalent to ZF [friedmancons]. They are not equivalent [frsce3]. While the proof-theoretic power of IZF is equivalent to that of ZF, the exact power of IZF is unknown. Arguably IZF is less constructive, as Collection, similarly to Choice, asserts the existence of a set without defining it.

Both versions have been investigated thoroughly. Results up to 1985 are presented in [beesonbook, scedrov85]. Later research was concentrated on weaker subsystems [ar, ikp]. A predicative constructive set theory CZF has attracted particular interest. [ar] describes the set-theoretic apparatus available in CZF and provides further references.

We axiomatize IZF, along with its intensional version IZF, using set terms. We define a typed lambda calculus corresponding to proofs in IZF. We also define realizability for IZF, in the spirit of [mccarty], and use it to show that weakly normalizes. Strong normalization of does not hold; moreover, we show that in non-well-founded IZF even weak normalization fails.

With normalization in hand, the properties NEP, DP and TEP easily follow. To show these properties for full, extensional IZF, we define an inner model of IZF, consisting of what we call transitively L-stable sets. We show that a formula is true in IZF iff its relativization to is true in IZF. Therefore IZF is interpretable in IZF. This allows us to use the properties proven for IZF. In IZF, SEP easily follows from TEP.

The importance of these properties in the context of computer science stems from the fact that they make it possible to extract programs from constructive proofs. For example, suppose IZF . From this proof a program can be extracted — take a natural number , construct a proof IZF . Combine the proofs to get IZF  and apply NEP to get a number such that IZF . A detailed account of program extraction from IZF proofs can be found in [chol].

There are many provers with the program extraction capability. However, they are usually based on variants of type theory, which is a foundational basis very different from set theory. This makes the process of formalizing program specification more difficult, as an unfamiliar new language and logic have to be learned from scratch. [lamport99] strongly argues against using type theory for the specification purposes, instead promoting standard set theory.

IZF provides therefore the best of both worlds. It is a set theory, with familiar language and axioms. At the same time, programs can be extracted from proofs. Our calculus and the normalization theorem make the task of constructing the prover based on IZF not very difficult.

This paper is mostly self-contained. We assume some familiarity with set theory, proof theory and programming languages terminology, found for example in [kunen, urzy, pierce]. The paper is organized as follows. We start by presenting in details intuitionistic first-order logic in section Normalization of IZF with Replacement. In section Normalization of IZF with Replacement we define IZF along with its intensional version IZF. In section LABEL:lz we define a lambda calculus corresponding to IZF proofs. Realizability for IZF is defined in section LABEL:izfreal. We use it to prove normalization of in section LABEL:sectionnorm, where we also show that non-well-founded IZF does not normalize. We prove the properties in section LABEL:secapp, and show how to derive them for full, extensional IZF in section LABEL:lei. Comparison with other results can be found in section LABEL:others.

\@sect

section1[Intuitionistic first-order logic]Intuitionistic first-order logic

Due to the syntactic character of our results, we present the intuitionistic first-order logic (IFOL) in details. We use a natural deduction style of proof rules. The terms will be denoted by letters . The variables will be denoted by letters . The notation stands for a finite sequence, treated as a set when convenient. The -th element of a sequence is denoted by . We consider -equivalent formulas equal. The capture-avoiding substitution is defined as usual; the result of substituting for in a term is denoted by . We write to denote the result of substituting simultaneously for . Contexts, denoted by , are sets of formulas. The set of free variables of a formula , denoted by , are defined as usual. The free variables of a context , denoted by , are the free variables of all formulas in . The notation means that all free variables of are among . The proof rules are as follows:

Negation in IFOL is an abbreviation: . So is the symbol : . Note that IFOL does not contain equality. The excluded middle rule added to IFOL makes it equivalent to the classical first-order logic without equality. We adopt the “dot”-convention — a formula should be parsed as . In other words111Borrowed from [urzy]., the dot represents a left parenthesis whose scope extends as far to the right as possible.

###### Lemma 0.1.

For any formula , , for .

###### Proof.

Straightforward structural induction on .

\@sect

section1[IZF]IZF

Intuitionistic set theory IZF is a first-order theory, equivalent to ZF when extended with excluded middle. It is a definitional extension of term-free versions presented in [myhill72, beesonbook, frsce3]. The signature consists of one binary relational symbol and function symbols used in the axioms below. The set of all IZF terms will be denoted by . The notation is an abbreviation for . Function symbols and are abbreviations for and . Bounded quantifiers and the quantifier (there exists exactly one ) are also abbreviations defined in the standard way. The axioms are as follows:

1. (EMPTY)

2. (PAIR)

3. (INF)

4. (SEP)

5. (UNION)

6. (POWER)

7. (REPL)

8. (IND)

9. (L)

Axioms SEP, REPL, IND and L are axiom schemas, and so are the corresponding function symbols — there is one function symbol for each formula . Formally, we define formulas and terms by mutual induction:

 ϕ::=t∈t | ϕ∧ϕ |…t::=a | {t,t} |  Sϕ(a,→f)(t,→t) | Rϕ(a,b,→f)(t,→t) |…

Our presentation is not minimal; for example, the empty set axiom can be derived as usual using Separation and Infinity. However, we aim for a natural axiomatization of IZF, not necessarily the most optimal one.

The Leibniz axiom schema L is usually not present among the axioms of set theories, as it is assumed that logic contains equality and the axiom is a proof rule. We include L among the axioms of IZF, because there is no obvious way to add it to intuitionistic logic in the Curry-Howard isomorphism context, as its computational content is unclear. Our axiom of Replacement is equivalent to the usual formulations, see [jatrinac2006] for details.

IZF will denote IZF without the Leibniz axiom schema L. IZF is an intensional version of IZF — even though extensional equality is used in the axioms, it does not behave as the “real” equality.

The terms and can be displayed as and .

The axioms (EMPTY), (PAIR), (INF), (SEP), (UNION), (POWER) and (REPL) all assert the existence of certain classes and have the same form: , where is a function symbol and a corresponding formula for the axiom A. For example, for (POWER), is and is . We reserve the notation and to denote the term and the corresponding formula for the axiom A.

###### Lemma 0.2.

Every term of IZF is definable. In other words, there is a term-free formula such that IZF.

You are adding the first comment!
How to quickly get a good reply:
• Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
• Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
• Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
The feedback must be of minimum 40 characters and the title a minimum of 5 characters