Some properties of realizability models

Some properties

of realizability models

Jean-Louis Krivine

PPS Group, University Paris-Diderot, CNRS [email protected]

Chambéry, June 2012

Outline

We give some general properties of classical realizability and we look at some particular models :

• True arithmetical formulas, and even true _Π¹₁ formulas are realized ; thus, realizability models cannot give indecidability results in arithmetic.

• A model is given by forcing iff its Boolean algebra ג² is trivial.

• We build models in which ג² is non trivial and finite.

• Following T. Ehrhard and T. Streicher, the usual models of lambda-calculus have, in fact, a structure of realizability algebra.

Therefore, they give rise to realizability models of ZF.

We study a simple case, in which ג² is non trivial and integers are preserved.

A game on first order formulas

We consider first order formulas written with :

→, _∀, _>, _⊥, ₆₌, predicate constants, function symbols for recursive functions.

A 1st order formula has the form _∀~x[Φ1, . . . ,Φn → A] where _Φ1, . . . ,Φn

are 1st order formulas and A is atomic (i.e. R t₁. . .t_k or t₀ 6= t₁ or _> or _⊥).

In the following, we only consider closed 1st order formulas.

The atomic closed formula t₀ 6= t₁ is interpreted as _> (resp. _⊥) if it is true (resp. false) in _N.

We define a game with two players : _∃ (the client) and _∀ (the server).

At each step, the position is a sequent _{U `A} with closed 1st order formulas ; the formulas of _A are atomic and _{⊥ ∈A} ; _U and _A increase at each step.

The game starts with a sequent _{U0 `A0}.

A move in this game is as follows :

Player _∃ chooses _Ψ∈U, _{Ψ= ∀~}y[Φ1(~y), . . . ,Φn(~y)→B(~y)]

and ^~j ∈N^l such that B(~j)∈A (if this is impossible, then _∃ has lost).

Player _∀ chooses a formula _{Φ∈V =}{Φ1(~j), . . . ,Φn(~j)}, Φ≡ ∀~x[Ψ1(~x), . . . ,Ψm(~x)→ A(~x)] ; _∀ chooses also^~i ∈ N^k.

The atomic formula A(~i) must not be _> (otherwise, _∀ has lost).

Then _Ψ1(~i), . . . ,Ψm(~i) are added to _U and A(~i) is added to _A.

∃ wins iff _∀ cannot play at some step

(every formula of _V ends with _>, in particular if _{V = ;}).

In fact, player _∀ tries to build a model over _N in which

the formula _{V0 =}^V_{U0 →} ^W_A0 is false, and _∃ tries to avoid this :

Theorem. i) Any model _M over _N s.t. _{M 6|=V0} gives a winning strategy for _∀. ii) There exists a “trivial” strategy for the player _∃ such that

each play _∃ loses using it, gives a model _M over _N, _{M 6|=V0}. i) We define a strategy for _∀ such that, at each step :

every formula of _U (resp. _A) is true (resp. false) in _M. This is true at the beginning of the game.

Then _∃ chooses _{Ψ∈ U}, _{Ψ= ∀~}y[Φ1(~y), . . . ,Φn(~y)→ B(~y)] and ^~j ∈N^l such that B(~j)∈ A. Therefore, _{M |= ¬}B(~j) and _{M |=Ψ}.

Thus, _∀ can choose _{Φ∈V =}{Φ1(~j), . . . ,Φn(~j)} s.t. _{M |= ¬Φ}. Let _{Φ= ∀~}x[Ψ1(~x), . . . ,Ψm(~x)→ A(~x)].

Then _∀ can choose^~i ∈N^k s.t. _{M |=Ψ1}(~i), . . . ,Ψm(~i) and _¬A(~i). Finally _Ψ1(~i), . . . ,Ψm(~i) are added to _U and A(~i) to _A.

ii) Here is the “trivial” strategy for _∃ :

fix an enumeration of all ordered pairs _<Ψ,~j> (_Ψ is a closed formula, ^~j ∈ N^l).

At each step, _∃ chooses the first allowed pair _<Ψ,~j>, not chosen before.

Suppose _∃ loses some play with this strategy. Let _M be the model which satisfies exactly the closed atomic formulas never put in _A during this play.

A pair _<Ψ,~j> is called acceptable if _Ψ is put in _U and B(~j) in _A at some step (not necessarily the same) where B(~y) is the final atom of _Ψ.

Every acceptable pair is effectively played by _∃ at some step :

namely when every acceptable pair strictly less than it has been played.

We prove, by induction, that _M satisfies every formula _Ψ which is put in _U and the negation of every formula _Φ chosen by _∀ during the play.

Proof for _Ψ. The result is clear if _Ψ is atomic because, if _Ψ is both in _U and _A then _<Ψ,;> is acceptable and thus will be chosen by _∃ ; then _∃ wins.

Otherwise, let _{Ψ= ∀~}y[Φ1(~y), . . . ,Φn(~y)→B(~y)]. We must show that M |= Φ1(~j), . . . ,Φn(~j)→B(~j) for every ^~j ∈N^k.

This is clear if B(~j) is never put in _A, because _{M |=}B(~j).

Otherwise, _<Ψ,~j> is acceptable and is chosen by _∃ at some step.

Then _{V =}{Φ1(~j), . . . ,Φn(~j)} and _Φ1(~j), for instance, is chosen by _∀.

By induction hypothesis, we have _{M |= ¬Φ1}(~j), which gives the result.

Proof for _Φ. Let _{Φ= ∀~}x[Ψ1(~x), . . . ,Ψm(~x)→ A(~x)] ; _∀ chooses^~i

and puts A(~i) in _A and _Ψ1(~i), . . . ,Ψm(~i) in _U. By induction hypothesis, M |= Ψ1(~i), . . . ,Ψm(~i) ; and, by definition, _{M 6|=} A(~i). Thus _{M |= ¬Φ}.

It follows that _{M 6|= V0} since _{M |=U0} and _{M |= ¬}A for A ∈ A0. QED

Well founded recursive relations

Let f :N² →{0, 1} be arbitrary. The predicate f (x,y)=1 is well founded iff the formula _∀X∀z{∀x[∀y(f (x,y)=1→ X y)→ X x] → X z} is true in _N. We show that, in this case, this formula is even realized.

Theorem. If the predicate f (x,y)=1 is well founded, then Y _{∥− ∀}X∀z{∀x[∀y(f (x,y)=17→X y)→ X x]→ X z}.

Let t ∥− ∀x[∀y(f (x,y) = 1 7→ X y) → X x] and n ∈ N ; we show by induction on n, following the well founded predicate “ f (x,y)=1 ”, that Yt ∥−X n.

Since Yt ?π t ?Yt

.

_π, it suffices to show that Yt ∥− ∀y(f (n,y)=17→ X y) i.e. Yt ∥− f (n,p)=17→ X p. This is trivial if f (n,p)6=1

and this follows from the induction hypothesis if f (n,p)=1.

Thus, if _{π∈ k}X nk, we have t ?Yt

.

_{π∈ ⊥⊥} and therefore Y_?t

.

_{π∈ ⊥⊥}. QED This shows that a recursive well founded predicate on integers

is also well founded in every realisability model.

True _Π ¹ ₁ formulas

A _Π¹₁ formula is of the form F ≡ ∀X~Φ[~X] where _Φ is a 1st order formula written with the function symbols 0, 1,+,× and the predicate symbols ₆₌,~X. Theorem. If F is a true _Π¹₁ formula, then F^int is realized.

This shows, in particular, that the integers of any realizability model are elementary equivalent to the integers of the ground model.

It is not possible to show the independence of some arithmetical (and even _Π¹₁) formula by means of realizability models.

Open problems : What about _Σ¹₁ (or higher) formulas ?

Are the constructible universes of the ground model and the realizability model elementarily equivalent ? This is (trivially) true in the case of forcing.

Proof. Fix a recursive enumeration of closed formulas and also of sequents _{U `A}. Let F ≡ ∀~X¬Φ[~X] be a true _Π¹₁ formula.

The meaning of F is that the 1st order formula _{Φ→ ⊥} has no model.

Thus, the “trivial” strategy for _∃ is winning

in the game which starts with the sequent _{Φ ` ⊥}.

Now, let f (x,y)=1 be the recursive predicate which says that

x,y are (numbers of) successive positions chosen by _∀ such that, between them,

∃ has applied (once) the trivial strategy.

This strategy is winning for _∃ iff each play is finite, i.e. iff the predicate f (x,y)=1 is well founded.

Now, by the above theorem, we obtain :

Y _{∥− ∀}X{∀x[∀y(f (x,y)=17→ X y)→ X x]→ ∀x X x}.

But we have just proved that : “f (x,y)=1 is well founded” _→ F.

Let _θ be a proof-like term associated with this proof. Then _θY _∥−F. QED

The case of arithmetical formulas

An arithmetical formula is of the form

∀x₁∃y₁. . .∀x_n∃y_n(f (x₁,y₁, . . . ,x_n,y_n)6=0) where f : N²ⁿ →{0, 1} is recursive.

Theorem. Let f :N²ⁿ →{0, 1} be an arbitrary function, such that

∀x₁∃y₁. . .∀x_n∃y_n(f (x₁,y₁, . . . ,x_n,y_n)6=0) is true in _N. Then

∀x₁∃y₁^int. . .∀x_n∃y_n^int(f (x₁,y₁, . . . ,x_n,y_n)6=0) is realized by a proof-like term that depends only on n.

This theorem shows once again that any true arithmetical formula is realized.

For n =1, the proof is very simple :

Theorem. Let _{θ ∈}QP be such that _θ?n

.

_ξ

.

_πÂξ?n

.

_θn⁺ξ

.

_π with n⁺ =(s)n. Then _θ0 ∥− ∀x³

∀y^int(f (x,y)6=0→ ⊥)→ ⊥

´

for every f : N² → 2 such that _{N|= ∀}x∃y(f (x,y)=1). We simply need to prove _θ0 ∥− ∀y^int(f (y)6=0→ ⊥)→ ⊥ for every f : N→ 2 such that _{N|= ∃}y(f (y)=1).

Lemma. Let _{ξ ∥− ∀}y^int(f (y)6=0→ ⊥) ; if _θnξ 6∥− ⊥, then f (n)=0 and _θn⁺ξ 6∥− ⊥. We have _θ?n

.

_ξ

.

_{π∉ ⊥⊥}, thus _ξ?n

.

_θn⁺ξ

.

_{π∉ ⊥⊥} ;

therefore _θn⁺ξ 6∥− f (n)6=0 hence the result. QED

Suppose _θ?0

.

_ξ

.

_{π∉ ⊥⊥} ; the lemma gives f (n)=0 for all n ∈N, a contradiction. QED

We consider now the case n =2, which is typical for the general case.

Theorem. Let _{θ =λ}xλtλσλmλn(xm)λy(Hσm yn)((t)(Σ)σm y)m⁰n⁰ where H,Σ are closed _λ-terms defined below ; _<m⁰,n⁰> is the successor of _<m,n> in _N². Then, for every f : N³ → {0, 1}, there exists _φ: N→ N such that :

λx((Y)(θ)x)000 ∥− ∀x^int∃y∀z^int(f [x,y,z]=1) → ∀x∀z(f [x,φx,z]6=0).

Definition of H,Σ. The variables m,n represent integers ; _η an arbitrary term ; the variable _σ represents a finite sequence of ordered pairs _<m,η>.

If no pair _<m,

.

_> is in _σ, set _Σσmη=σ^<m,η>, Hσmη=η.

Else, set _Σσmη=σ ; Hσmη=ζ for the first _<m,ζ> appearing in _σ.

Proof by contradiction. Suppose _{ξ ∥− ∀}x^int¬∀y^גN¬∀z^int(f [x,y,z]=1) ; ((Y)(θ)ξ)000 6∥− ⊥ and f [x₀,φx₀,z₀]=0.

We show, by recurrence on _<m,n> ≤ <x₀,z₀>, that ((Y)(θ)ξ)σmnmn 6∥− ⊥,

with _σmn,ηmn,b_mn defined by recurrence ; it’s true for _{σ00 =}0. If it’s true for _<m,n>

ξ?m

.

_λy(Hσmnm yn)(((Y)(θ)ξ)(Σ)σmnm y)m⁰n⁰

.

_{π∉ ⊥⊥}. Thus, there exists b_mn s.t. : λy(Hσmnm yn)(((Y)(θ)ξ)(Σ)σmnm y)m⁰n⁰ 6∥− ¬∀z^int(f [m,b_mn,z]=1) and thus

there exists _{ηmn ∥− ∀}z^int(f (m,b_mn,z)=1) such that

(∗) Hσmnmηmn ?n

.

(((Y)(θ)ξ)(Σ)σmnmηmn)m⁰n⁰

.

_{π∉ ⊥⊥}.

Definition of _φm : i) if no pair _<m,

.

_> appears in _σmn then set _φ[m]=b_mn ; ii) else, let _<m,ηmq> be the first (indeed only) pair _<m,

.

_> appearing in _σmn ; then, set _φ[m] =b_mq. Now, Hσmnmηmn ∥− ∀z^int(f (m,φm,z)=1) because :

in case (i) Hσmnmηmn =ηmn and _φm =b_mn ; in case (ii), by induction on _<m,n>

since Hσmnmηmn =ηmq with _<m,q> strictly before _<m,n>. Thus Hσmnmηmnn ∥− f (m,φm,n)6=1→ ⊥.

Now, we set _σm0n⁰ =(Σ)σmnmηmn.

Thus, by (∗), we have ((Y)(θ)ξ)σ_m⁰_n⁰m⁰n⁰ 6∥− f (m,φm,n)6=1. therefore f [m,φm,n]=1 and ((Y)(θ)ξ)σ_m⁰_n⁰m⁰n⁰ 6∥− ⊥.

Since f [x₀,φx₀,z₀]=0, we have a contradiction if _<m,n> = <x₀,z₀>.

Else, we have done the recurrence step. QED

Consider now a function f :N⁴ →{0, 1} s.t. _{N|= ∀}u∃x∀y∃z(f (u,x,y,z)=0). This gives _∀u¡

∀x∃y∀z(f (u,x,y,z)6=0)→ ⊥¢ . Thus, for every u ∈N and _φ:N→ N we get :

k∀x∀z(f (u,x,φx,z)6=0)k = k⊥k =Π. It follows from the previous theorem that

λx((Y)(θ)x)000 ∥− ∀u¬∀x^int∃y∀z^int(f (u,x,y,z)=1) which is the case n =2 for arithmetical formulas.

ג ² trivial

Let _δ be a proof-like term s.t. _{δ ∥− ∀}x^ג2(x 6=0,x 6=1→ ⊥) (i.e. ג² is trivial).

We have _{δ∈ |>},⊥ → ⊥| ∩ |⊥,> → ⊥|. Let _δ⁰_=λxλycc_λk(δ)((k)x)(k)y ; then ξ?π∈ ⊥⊥ or _{η?π∈ ⊥⊥ ⇒ δ}⁰_?ξ

.

_η

.

_{π∈ ⊥⊥}

Thus, _δ⁰ _∥−X,Y → X and _δ⁰ _∥−X,Y → Y for every truth values X,Y . Theorem. (∃Φ∈QP)(∀θ ∈QP)(∀X ⊂Π)(θ ∥−X ⇒ Φ ∥−X).

Define e (read eval) by the following program :

e0=B, e1=C, e2=E, e3=I, e4=K, e5=W, e6=cc, e7=δ ; en+8=((e)(p₀)n)(e)(p₁)n ;

where p₀,p₁ define a recursive bijection from _N onto _N². For every _{θ ∈}QP, there is an integer n s.t. en Âθ.

Now define _φ by : _φ?n

.

_πÂδ⁰_?en

.

(φ)(s)n

.

_π. Finally _Φ is _φ0. Let _{θ ∈}QP s.t. _{θ ∥−}X ; thus, we have _φn ∥−X for some n,

then _φn−1 ∥−X, . . . ; eventually _φ0 ∥−X. QED

ג ² trivial

Let _{B =P} (Π) be the Boolean algebra of truth values.

The order is defined by A ≤B ⇔ (∃θ ∈QP)(θ ∥−A →B). Thus, the order on _B is defined by A ≤B ⇔ Φ ∥−A →B. Theorem. _B is a complete Boolean algebra :

If B_i(i ∈ I) is a family of truth values, then inf_i∈I B_i =S

i∈I B_i. Let A ≤B_i for i ∈ I. Then _{Φ ∥−}A →B_i, thus _{Φ ∥−}A → S

i∈I B_i. Conversely I ∥− S

i∈I B_i →B_i0. QED

Thus, the realizability model is, in fact, a forcing model.

The converse is also true : in the case of forcing, the realizability algebra is a commutative idempotent monoid with a unity 1 ; then QP ₌{1}.

We have 1 ∥−X,Y → X and X,Y →Y ; thus ג² is trivial.

ג ² with 4 elements

Theorem. Let d be a term such that :

If two out of three processes _ξ?π,η?π,ζ?π are in _⊥⊥, then d_?ξ

.

_η

.

_ζ

.

_{π∈ ⊥⊥}. Then d _∥−”ג² has at most 4 elements”.

We have d_{∈ |>},⊥,⊥ → ⊥| ∩ |⊥,>,⊥ → ⊥| ∩ |⊥,⊥,> → ⊥|.

Thus d _{∥− ∀}x^ג2∀y^ג2(x 6=0,y 6=1,x 6= y → x y 6=x) QED We now build a model in which ג² has exactly 4 elements.

The only term constants are the elementary combinators, cc and a new constant d.

There are two stack constants _π⁰,π¹. Let _ω=(W I)(W)I =(λx xx)λx xx. For i ∈{0, 1}, let _Λⁱ (resp. _Πⁱ) be the set of terms (resp. stacks)

which contain the only stack constant _πⁱ.

ג ² with 4 elements

For i, j ∈{0, 1}, define _⊥⊥ⁱ_j as the least set P ⊂Λⁱ ? Πⁱ of processes such that : 1. _ω? j

.

_π∈P for every _π∈Πⁱ ;

2. _ξ?π∈Λⁱ _{? Π}ⁱ, _ξ?πÂξ⁰_?π⁰_∈ P ⇒ ξ?π∈P (P is saturated in _Λⁱ _{? Π}ⁱ) ; 3. if 2 out of 3 processes _ξ?π, η?π, ζ?π are in P, then d_?ξ

.

_η

.

_ζ

.

_π∈ P. We define _⊥⊥ by : _{Λ ? Π}\⊥⊥ = S

i∈{0,1}(Λⁱ ? Πⁱ \⊥⊥ⁱ_i) In other words, a process is in _⊥⊥ iff

either it is in _⊥⊥⁰_{0∪ ⊥⊥}¹₁ or it contains both stack constants _π⁰,π¹.

Lemma. If _{ξ?π∈ ⊥⊥}ⁱ_j and _ξ?πÂξ⁰_?π⁰ then _ξ⁰_?π⁰_{∈ ⊥⊥}ⁱ_j (closure by reduction).

Suppose _{ξ0?π0 Âξ}⁰_0?π⁰₀ ; _{ξ0?π0 ∈ ⊥⊥}ⁱ_j ; _ξ⁰_0?π⁰_{0 ∉ ⊥⊥}ⁱ_j ;

We may suppose that _{ξ0?π0 Âξ}⁰_0?π⁰₀ is exactly one step of execution.

Then ⁱ _{ξ ?π} has properties 1,2,3 defining ⁱ ; contradiction. QED

ג ² with 4 elements

Lemma. _⊥⊥ⁱ_{0∩ ⊥⊥}ⁱ_{1 = ;}.

We prove that _Λⁱ _{? Π}ⁱ \⊥⊥ⁱ₁ ⊃ ⊥⊥ⁱ₀ by showing properties 1, 2, 3.

1. _ω?0

.

_πⁱ _{∉ ⊥⊥}ⁱ₁ because _⊥⊥ⁱ₁\ {ω?0

.

_πⁱ} has properties 1, 2, 3 defining _⊥⊥ⁱ₁. 2. Follows from previous lemma.

3. Suppose _ξ?π, η?π∉ ⊥⊥ⁱ₁ ; then d_?ξ

.

_η

.

_ζ

.

_{π∉ ⊥⊥}ⁱ₁

because _⊥⊥ⁱ₁\ {d_?ξ

.

_η

.

_ζ

.

_π} has properties 1, 2, 3 defining _⊥⊥ⁱ₁. QED Theorem. This realizability model is coherent.

Let _{θ ∈}QP s.t. _θ?π⁰ _{∈ ⊥⊥}⁰₀ and _θ?π¹ _{∈ ⊥⊥}¹₁. Then _θ?π⁰ _{∈ ⊥⊥}⁰_{0∩ ⊥⊥}⁰₁. QED Remark. If _π∈Π\ (Π0∪Π1), then _{ξ?π∈ ⊥⊥} for every term _ξ.

Thus, we can remove these stacks and consider only _Π⁰_∪Π¹.

ג ² with 4 elements

We define two individuals in this realizability model : γ0 =({0}×Π⁰)∪({1}×Π¹) ; _{γ1 =}({1}×Π⁰)∪({0}×Π¹). Obviously, _γ0,γ1 ⊂ג²={0, 1}×Π. Now we have :

k∀x(x 6εγ0)k =Π⁰∪Π¹ = k⊥k ; _ω0 ∥−06εγ0 et _ω1 ∥−16εγ0.

It follows that _γ0 is not _ε-empty and that every _ε-element of _γ0 is ₆₌0, 1. Thus the Boolean algebra ג² is not trivial and has exactly 4 _ε-elements.

We have _{ξ ∥− ∀}x^ג2(xεγ0,xεγ1 → ⊥) for every term _ξ :

Indeed, _|i εγ0| = {k_π ; π∈Πⁱ} for i =0, 1 and _ξ?k_ρ0

.

k_ρ1

.

_{π∈ ⊥⊥} if _{ρi ∈Π}ⁱ. It follows that _γ0,γ1 are the singletons of the _ε-elements ₆₌0, 1 of ג². Remark. We can easily modify this construction in order to obtain

for ג² any finite Boolean algebra.

Denotational semantics

T. Ehrhard has found a method which converts usual models of _λ-calculus into realizability algebras, by defining stacks, cc and k_π in such models.

The construction of stacks was also given by T. Streicher.

We need to avoid parallel or, because we don’t want to get forcing models.

Thus, our example will be the simplest coherent model of _λ-calculus.

Let us recall (one of ) its construction.

Let o be a fixed set which is not an ordered pair.

The set V of formulas is the smallest set such that :

o _∈V ; if _α∈V , a ∈Pf (V ) and _<a,α> 6= <;,o_> then _<a,α> ∈V (_{P f} (V ) is the set of finite subsets of V ).

If a ∈P_f (V ) and _α∈V , we set a → α= <a,α> except that (; →o)=o.

Every element of V except o is an ordered pair.

If _α∈V , its rank r(α) is the total number of _→ in _α.