Formal Logic is, no doubt, safest with symbols; should, perhaps, content itself with A and B; or, at least, hardly venture beyond Y and Z. —fromLogic, Deductive and Inductive, by Carveth Read (1848–1931), Grote Professor of the Philosophy of Mind and Logic, University College London.

List of papers

This thesis is based on the following papers, which are referred to in the text by their Roman numerals.

I Wilander, K.O. and universes, Mathematical Structures in Com- puter Science 20 (2010), 563–576. II Wilander, K.O. An E-bicategory of E-categories: exemplifying a type- theoretic approach to bicategories, U.U.D.M. Report 2005:48. III Wilander, K.O. Constructing a small category of setoids, Mathematical Structures in Computer Science, in press. ω IV Wilander, K.O. PERs in HA I: basic constructions and choice princi- ples, U.U.D.M. Report 2011:17. V Wilander, K.O. Some proof-theoretic properties of PHL and related sys- tems, U.U.D.M. Report 2010:18.

Reprints were made with permission from the publishers.

In addition to these papers, the author has also published Wilander, K.O. Soundness in verification of algebraic specifications with OBJ, Journal of Logic and Algebraic Programming 74 (2007-2008), 112–114.

Contents

1 Introduction ...... 9 1.1 Justifications and the BHK-interpretation ...... 9 1.2 ...... 11 1.3 Setoids and E-categories ...... 13

2 Summaries of the papers ...... 15 2.1 Paper I: Setoids and universes ...... 15 2.2 Paper II: An E-bicategory of E-categories ...... 17 2.3 Paper III: Constructing a small category of setoids ...... 18 ω 2.4 Paper IV: PERs in HA I: basic constructions and choice principles ...... 22 2.5 Paper V: Some proof-theoretic properties of PHL and related systems ...... 24

3 Sammanfattning på svenska ...... 28

Acknowledgements ...... 31

References ...... 32

1. Introduction

When I make a claim, such as

There are two irrational numbers α and β such that αβ is rational. there are several questions that can be asked. You first question may well be ‘Is this claim true?’ – and I will answer that it is true. If you are not fully satisfied by this answer, you might then ask me to justify my claim. I will then tell you to consider the two numbers α = e and β = ln2. The first thing we notice is that αβ = 2 is rational. We are both well aware that e is a transcendental irrational number – it is not the solution of any polynomial equation with rational coefficients. So all I must convince you of is that ln2 is p not rational. So suppose ln2 were rational, in fact, suppose ln2 = /q. Then we would have ep/q = 2, and consequently, ep = 2q. But this would mean that e were a solution to the polynomial equation xp = 2q (which has rational coefficients), contradicting the fact that e is transcendental. Thus, we conclude that ln2 is not rational. In this way, I have justified my original claim – and consequently, you are now (hopefully) convinced that it is true. Constructive , the subject of this thesis, seeks direct justifica- tions for mathematical statements. Having a direct justification of a statement should convince us that this statement is true – but being convinced that a certain statement is true does not necessarily mean that we can produce a jus- tification for it (not even if we are right). This idea of giving justifications for statements has been given several dif- ferent forms. I will give a brief introduction to one of them, namely Martin- Löf type theory (sometimes known as intuitionistic type theory). This will be followed by short explanations of the main objects of interest in the included papers, before the papers are summarised in the next chapter.

1.1 Justifications and the BHK-interpretation The most basic description of justifications is the so-called Brouwer-Heyting- Kolmogorov–interpretation of predicate logic (usually shortened to the BHK- interpretation). It explains what the canonical justifications are for statements on all logical forms. The discussion here is brief; for more background, see for example [24].

9 First some notation and terminology: that p is a justification for the state- ment φ is written p:φ, and we call p a proof object for φ (often shortened simply to a proof of φ). We can now give the BHK-interpretation of the logi- cal connectives. • A proof object for a conjunction φ ∧ψ is a pair p,q, where p is a proof object for φ and q is a proof object for ψ. • A proof object for a disjunction φ ∨ ψ can be of two forms: it is either inl p for a proof object p:φ,oritisinrq for a proof object q:ψ (we can think of this as giving a proof object and pointing out which one of the disjuncts it is a proof object for). • A proof object for an implication φ → ψ is an algorithm (or method of computation) which from a hypothetical proof object for φ constructs a proof object for ψ. • A proof object for the contradiction ⊥ does not exist. • A proof object for an existential statement (∃x:A)φ(x) is a pair a, p, where a is an element of the A, and p is a proof object for the state- ment φ(a). • A proof object for a universal statement (∀x:A)φ(x) is an algorithm which from a hypothetical element x of the set A computes a proof object for the statement φ(x). To this we must add a description of what the proof objects for our basic (atomic) propositions are. As an example, the canonical way of justifying an s = t between two terms is to compute the value of both terms separately, and certify that the results agree. This justification has an important property: if I tell you that two terms compute to the same value, you can easily check this, simply by carrying out the computation yourself. In other words, you can check that the justification I gave you is correct. The negation is not in the list above, since we define ¬φ to be the impli- cation φ →⊥. This means that to justify a negated statement ¬φ, we must provide an algorithm which, given a proof of φ, produces a proof of ⊥. This requires more than there being no proof objects for φ: it amounts to a proof that there can not be any proof object for φ – and absence of proof is not proof of absence. As an important example, consider what a proof object for a doubly negated statement ¬¬φ would be: it would be an algorithm that arrives at a contradic- tion from a hypothetical proof of ¬φ. This is not the same thing as a proof object for φ, and there is no obvious way to use a proof object for ¬¬φ to compute one for φ – in fact, there is no general justification for the implica- tion ¬¬φ → φ. Compare this to the situation in classical logic, where each statement is assigned one of two truth values – true or false. It is easily checked that ¬¬φ and φ must always be assigned the same truth value, and then they are even equivalent. This shows that in classical logic, there are true statements for which we can not give a direct justification.

10 In classical logic, the statements φ and ¬φ will always be assigned different truth values, so φ ∨¬φ is valid for all φ – the law of excluded middle holds. The intuitionistic logic we get from considering proof objects does not include the law of excluded middle. But a constructive mathematician does not deny the law of excluded middle, she merely notes that it can not be justified. In fact, a constructive mathematician can not deny the law of excluded middle, since its double negation ¬¬(φ ∨¬φ) can be justified.

1.2 Type theory The BHK-interpretation is informal, and particularly it leaves the notion of an algorithm undefined. Type theory can be seen as one way of specifying this notion. Type theory rests on the idea of propositions as types (which can be seen as a further development of the Curry-Howard isomorphism [13]). We simply identify a proposition with the set of its proof objects (where the word ‘set’ should be understood not in the sense of , but rather as a synonym for ‘data type’). This then identifies the logical connectives with particular type-forming operations. • The contradiction ⊥ is identified with the empty set. • The conjunction φ ∧ ψ is identified with the cartesian product φ × ψ. • The disjunction φ ∨ ψ is identified with the sum type φ + ψ (a disjoint union). • The implication φ → ψ is identified with the function type ψφ . • The existentially quantified statement (∃x:A)φ(x) is identified with the sigma type (or dependent sum) (Σx:A)φ(x). • The universally quantified statement (∀x:A)φ(x) is identified with the pi type (or dependent product) (Πx:A)φ(x). Of these, the first four are familiar, but the last two should be explained. In the quantified formulas, consider the subformula φ(x), with the variable x free. It is not in itself a proposition, but rather a propositional function – it assigns a proposition φ(a) to each a:A. But since we have identified propositions with sets, this is the same as saying that φ(x) is a family of sets, indexed by A. Such families of sets are key to understanding the dependent types. To understand the dependent sum and product, we must understand what it is to be an element of these sets. The elements of the sigma type (Σx:A)φ(x) are dependent pairs a, p where a:A and p:φ(a); similarly the elements of the pi type (Πx:A)φ(x) are dependent functions f , which for each a:A compute a value f (a):φ(a). The word ‘dependent’ refers to the fact that the types of the values p and f (a) depend, not on the type A, but on the actual value a:A. Type theory can now be seen as a strongly typed functional programming language with a type system including all the types above, as well as a number

11 of standard data types, such as natural numbers, list types, and so on. It also includes recursion operators for each type – see [17, 18] for more details. We use this view of type theory as a programming language to specify the notion of algorithm for the BHK-interpretation: we take it to mean a program in this programming language. This extends our identification – not only do we have the propositions-as-types identification, but we also get a proofs as programs identification (in fact, we could equally well think of this as a proofs as data identification, since programs are just another kind of data in a func- tional language). Under this identification of proofs with programs, the correctness of a proof corresponds precisely to this proof being well typed when viewed as a pro- gram. In particular, this means that being able to decide whether proofs are correct corresponds to decidable type checking for our programming lan- guage. This is the reason why it was important to be able to check that a justification was correct: as long as this is a simple check, it can be carried out by a computer, and that means that it is possible to write a proof-checking computer program. Much of the work presented in this thesis has been carried out using such proof-checking software. As an example of type-theoretic reasoning, let us consider the . It is the proposition

(∀x:A)(∃y:B)P(x,y) → (∃ f :A → B)(∀x:A)P(x, f (x)).

This is actually provable in type theory! But rather than writing a proof, we can write a program of the corresponding type

(Πx:A)(Σy:B)P(x,y) → (Σ f :A → B)(Πx:A)P(x, f (x)).

We will need just one more small piece of notation to understand the pro- gram: recall that an element of the sigma type (Σx:A)φ(x) is a pair a, p.It is of course possible to define projection functions π1 and π2 that compute the components a and p, respectively. Their types are π1:(Σx:A)φ(x) → A and π2:(Πp:(Σx:A)φ(x))φ(π1(p)) – note that we really do need the dependent function type here, since the type of the second component depends on what pair it comes from (particularly, on what the first component of that pair is). Using these projection functions for sigma types, we write the program

λF:(Πx:A)(Σy:B)P(x,y).λx:A.π1(F(x)),λx:A.π2(F(x)).

To check that this has the right type, we proceed as follows: if

F:(Πx:A)(Σy:B)P(x,y) and x:A, then we can compute F(x):(Σy:B)P(x,y). Taking the first projection π1(F(x)) gives an element of B, so if we define a function of x by this expression, we

12 get

f := λx:A.π1(F(x)):A → B, and this is the choice function f that we seek. We must now check that the other component λx:A.π2(F(x)) is an element of the set (Πx:A)P(x, f (x)). But we note that if we substitute the definition of f back into this expression, we obtain (Πx:A)P(x,π1(F(x))). We further note that for any x:A, the second projection π2 applied to F(x) gives π2(F(x)):P(x,π1(F(x))), and so the pair

λx:A.π1(F(x)),λx:A.π2(F(x)) is of the type

(Σ f :A → B)(Πx:A)P(x, f (x)), which is precisely what is required for the program above to have the correct type.

1.3 Setoids and E-categories When formalising mathematics in type theory, the obvious thing to do is to use data types wherever a set is required. Unfortunately, this soon becomes a prob- lem, since type theory does not include quotients (adding quotients conflicts with the decidability of type checking). For this reason, another counterpart for sets is required. The most commonly used construction is called a , and can be seen as a type-theoretic formalisation of Bishop’s notion of a set as given by ways of constructing elements together with a notion of equality [3, 4]. To give a setoid A is to give all of the following: • an underlying set (data type) A; • an equality relation =A , which to all x,y:A assigns a set x =A y; • proof objects for the reflexivity, symmetry, and transitivity of the equal- ity relation =A . A map f :A → B of setoids consists of • a function f :A → B between the underlying sets; • a proof that f is extensional:

(∀x,y:A)(x =A y → f (x)=B f (y)),

in other words, that f respects the given setoid equalities. We consider two setoid maps f ,g:A → B to be equal if

(∀x:A)( f (x)=B g(x))

(this is called an extensional equality – it compares the functions pointwise).

13 All the basic constructions on sets can be carried out for setoids as well (for example, the equality of setoid maps gives a function space), and large parts of mathematics can be given a type-theoretic formulation using setoids. But there are some concepts which we still do not have access to: one of them is a counterpart for the (proper) class of all sets (usually called V in set theory). The collection of all setoids includes the collection of all data types, so it can not in itself be a data type. (And we get the same kind of problem if we want to consider for example all groups, as is frequently needed in algebra). To resolve this problem, the idea of a type-theoretic universe was intro- duced. There are two kinds of universes, known as universes à la Russell and universes à la Tarski, both explained in the last chapter of [16]. A universe is a set U containing (names for) types. We usually say that a type is small if it is inside the universe U. In the formulation à la Tarski, U is equipped with a decoding family T – for any X:U, this family gives the actual set T(X) which X is a name for (in the formulation à la Russell, the decoding is invisible, and no real distinction is made between the name for a set and the set itself). Most commonly, we assume that the universe U is closed under all the standard set formers (that is, if we start with sets and families of sets inside the universe, they produce sets that are still inside the universe). Universes play a central rôle in Papers I and III, and are also used in Paper II. With universes, we now have a way of talking about the collection of all sets, or at least all small sets. The working mathematician will now wonder how to organise this collection into a category [15]. The most common type-theoretic formulation of a category is known as an E-category [1]. It corresponds closely to a locally small category: an E- category consists of a type of objects, together with an assignment of a setoid hom(x,y) of arrows to each pair of objects x,y, an identity arrow at each object, and a family of composition functions hom(y,z) × hom(x,y) → hom(x,z).It also includes proof objects for the standard axioms of a category. The setoids form an E-category, with hom(A ,B) given by the setoid maps A → B, just as expected [1, 9]. Three of the included papers (Papers I, III, and IV) are concerned with this E-category of setoids, or some variant of it, and Paper II considers the collection of all E-categories. One particular feature of an E-category is that is does not assume that the type of objects is equipped with any (propositional) equality. This means that we do not need to reason about certain kinds of questions, as, for example, whether two arrows are composable or not. Instead we can rely on type check- ing to decide this for us – thus, even when we are writing proofs, type correct- ness can simplify our work.

14 2. Summaries of the papers

2.1 Paper I: Setoids and universes Type theory without universes can define most mathematical objects. It is, however, rather weak when it comes to proving results about these objects. In [21], Smith shows that one of the most basic properties of the natural numbers, namely Peano’s fourth axiom

0 = 1 is not provable in type theory without universes (in the more cumbersome notation of identity types, 0 = 1 is the set ¬IdN(0,1)). The proof is by a model construction: Smith shows that there is an (essentially) one point model for type theory – or to be more precise, a model consisting of the empty set and a one element set – and notes that in this model, the identity set IdN(0,1) is inhabited. When type theory is expressed in the logical framework (as in [18]), the type Set looks a lot like a universe, in that it contains names for types. How- ever, a key difference lies in the formulation of the elimination rules for the inductively defined sets (and particularly for those sets that model logic). The crucial point is that the elimination rules only operate on families of sets, rather than families of types (if this restriction is lifted, and we allow so-called large eliminations, then Set effectively turns into a universe [22]). In fact, even in the logical framework, 0 = 1 is not provable without universes, as shown by Fridlender [10]. The proof is again by a model construction, though Fridlen- der’s model is much more complicated, being built from an extensional model of the untyped . On the other hand, adding even a minimal universe makes 0 = 1 prov- able. Such a minimal universe is a family x:N2 L(x):Set of sets such that L(tt)=N1 and L(ff)=/0(actually, it is enough that L(tt) is inhabited, but for definiteness, it is usually taken to be the standard one point set). In Paper I, I study the E-category of setoids in type theory, and look partic- ularly at two properties of this category. The first object of study is the notion of an epimorphism. An arrow e in a category is an epimorphism (or, shorter, an epi) if whenever there are two other arrows f ,g forming a diagram

f · e /· /· g

15 and f ◦e = g◦e, then also f = g (in more algebraic terms, an arrow e is an epi if it is right cancelable). In the (ordinary) category of sets, the epimorphisms are precisely the surjective functions. In the E-category of setoids, a map f :A → B of setoids is surjective if the type

(Πx:B)(Σy:A)( f (y)=B x) is inhabited (this type being the type of proof objects for the logical state- ment (∀x:B)(∃y:A)( f (y)=B x)). Proposition 1 of Paper I shows that, given a minimal universe, we can show that every epimorphism is surjective (by con- structing particular maps f and g fitting into a diagram as above). Since it is easy to prove that every surjective map is an epimorphism (the reasoning is the same as in set theory), it follows that the epimorphisms are precisely the surjective maps. However, Propositions 2 and 7 show that in type theory with- out universes, there may be an epimorphism of setoids which is not surjective (Proposition 7 is a slightly stronger version, which can not be formulated with- out the logical framework). The proofs rely on computing the interpretation of particular statements in the non-standard models provided by Smith and Fri- dlender, particularly checking that the (essentially unique) map /0 → N1 is an epimorphism of setoids in these models – but this map is not surjective. The second object of study is the categorical sum (coproduct), and we ask whether sums are disjoint. A sum diagram

ι ι A 1 /A + BBo 2 in the E-category of setoids gives a disjoint sum if the injection maps ι1 and ι2 are both monic and the pullback object P in the corresponding pullback diagram P / B

ι2

 ι  A 1 / A + B is an initial object. Since the initial object is precisely the empty setoid, this would correspond closely to the fact that the sums in the (ordinary) category of sets are disjoint unions. Sums can be constructed in several different ways – the paper presents a construction using the universe directly. It is straight- forward to show that the injection maps are monic (that is, injective). Propo- sition 4 then notes, essentially by inspecting the construction, that the pull- back object is empty. Propositions 5 and 8 show that sums are not disjoint in the models of Smith and Fridlender (and again, Proposition 8 is the slightly stronger result possible using the logical framework).

16 Finally, in Proposition 9, we see that assuming disjoint sums is in fact suf- ficient for recovering a minimal universe.

2.2 Paper II: An E-bicategory of E-categories In Paper II, the focus moves, and rather than considering the E-category of setoids, we look at the collection of all E-categories. In ordinary category theory, it is natural to think of the collection of all categories as forming the category Cat of all categories. But if we think about this a bit more carefully, we strongly suspect that no such thing exists (it would be an object of itself – and then a paradox is lurking just around the corner). Instead we introduce a notion of size, to be able to talk about the large category Cat of all small categories. This category has small categories as objects, and homCat(C,D) is the set of functors from C to D. Of course, this means that there is much more structure available to us: particularly, for all parallel functors F,G:C → D, there is a set of natural transformations from F to G.In fact, the natural transformations turn every homCat(C,D) into a category! So Cat has two layers of category structure: it is a category in itself, but moreover every homset is really a homcategory. This makes Cat a 2-category [14]. Returning to type theory, we want to work with the collection of all E- categories. For similar reasons as in ordinary category theory, it is clear that we need type-theoretic universes for this, and though this is never made fully explicit, both the paper and the accompanying formalisation use universes à la Russell. But there is a further restriction on E-categories: we have no (propo- sitional) equality on the objects, and consequently, we can not define a propo- sitional equality on functors (since a functor C → D has an action on objects, assigning an object of D to each object of C, and equality of functors would have to include equality of these assignments – and particularly, comparing constant functors would be tantamount to comparing objects directly). But this means that we do not have a setoid of functors C → D, and hence we do not have an E-category of all small E-categories. But all is not lost! We can still define the natural transformations between any two parallel functors F,G:C → D, and these naturals transformations do have a propositional equality. Using this equality, we define the setoid of natural transformations from F to G. This construction then gives us, not a setoid of functors, but at least an E-category of functors C → D. If we consider the collection of all E-categories, together with their functors and the natural transformations of those functors, we do not have a 2-category. But we do have objects and arrows, and homcategories. So there is very little missing: only the category axioms, and that only because we do not have an equality to express them with. In fact, we can replace each equality in these axioms by a natural isomorphism. Such a structure is a bicategory (once we add a few conditions on the chosen natural isomorphisms [2]). In Paper II, I give a type-

17 theoretic version of a bicategory, called an E-bicategory, and show that the small E-categories form an E-bicategory. This work was done by computer- checked proof, using the proof assistant Agda.

2.3 Paper III: Constructing a small category of setoids In Paper III, we leave the E-categories behind, and instead consider small cat- egories which do have a notion of equal objects. It is then natural to have a notion of equality of arrows, not only on each homset separately, but on the set of all arrows. To be more precise, such a small category, when formalised in type theory, should have a setoid of objects, and a setoid of arrows. Further, we must introduce a setoid of composable pairs, to serve as domain for the composition function (this is necessary, since composition is only a partial function – arrows without a common endpoint can not be composed). Thus, a small category of this kind consists of • three setoids, containing the objects, arrows, and composable pairs of arrows, respectively; • six setoid maps: id giving the identity arrow at an object, dom and cod giving the domain and codomain (objects) of an arrow, the composition function comp, and finally the two projection functions for composable pairs. In particular, we would like to define such a category with small setoids as objects - small here meaning that we are considering the setoids inside a type-theoretic universe U. For these small setoids to form a large setoid, we must decide what equality to use. There are several possibilities, but they all involve the identity type in some way. The identity type is the most basic propositional equality available in type theory. It is given by the following formation and introduction rules

A:Set x,y:A x:A Id-formation Id-introduction IdA(x,y):Set refl(x):IdA(x,x) .

The formation rule says that whenever A is a set, and x and y are elements of A, then there is a set IdA(x,y) (the set of proof objects for the equality x = y). The introduction rule says simply that for any element x of the set A, there is a proof refl(x) of the equality x = x. The corresponding elimination rule, Id-elimination, is rather more complicated:

C:(x,y:A,z:IdA(x,y))Set c:(x:A)C(x,x,refl(x)) a,b:Ap:IdA(a,b) JA(C,c,a,b, p):C(a,b, p) .

Using this elimination rule, we can show the remaining expected properties of an equality: symmetry and transitivity.

18 Another important property of equality is that we may perform substitution of equals for equals. Suppose we have a predicate P on the set A, that is, a dependent set P:(x:A)Set. Then from a proof α:IdA(a,b) we should also be able to conclude that P(a) implies P(b). This corresponds to a substitution function substα,P:P(a) → P(b), which transforms proofs of P(a) into proofs of P(b), doing this transformation along the equality proof α. This substitution function is easily definable using the Id-elimination rule and plays a central role in Paper III. From looking at the introduction rule for the identity type, one might be tempted to believe that identity types have at most one element, in the sense that the proposition

(∀ , Id ( , ))Id ( , ) p q: A a b IdA(a,b) p q should be provable (it says that any two proofs of the same equality are in fact equal - where the identity type again provides the appropriate notion of equality for proofs). It turns out that this is not the case, as shown by Hofmann and Streicher’s construction of the model of type theory [12]. They noted that we may think of the symmetry of equality as providing an inverse −1 p :IdA(y,x) for an equality proof p:IdA(x,y). Similarly, we may think of transitivity as providing a composition of equality proofs, which given equality proofs p:IdA(x,y) and q:IdA(y,z) yields an equality proof q ◦ p:IdA(x,z).If we follow this line of reasoning, we soon find that the identity proofs form a groupoid, that is, a category where every arrow is an isomorphism. What Hofmann and Streicher showed is that we can also move in the other direction, and organise the into a model of type theory, and that in this model, there are several different proofs of some equalities. Returning to our construction of a small category of small setoids, we must first decide on an equality of small setoids. In Paper III, I have used Id-equality of the underlying sets, together with equivalence of the equality relations (and not compared the proof objects for reflexivity, symmetry, and transitivity). The natural definition of an arrow is to say that it is a triple A ,B, f , with f a setoid map A → B. A proof that two such triples A ,B, f  and C ,D,g are equal would then consist of • two proofs α:A = C and β:D = B; • a proof that f = βˆ ◦ g ◦ αˆ as setoid maps A → B, where αˆ :A → C and βˆ:D → B are setoid maps computed from the equality proofs α and β (in fact, the proof α that A = C has, as one component, a proof

α :IdU (A,C) that the underlying sets A and C of these setoids are equal, and the setoid map αˆ is just the substitution function substα ,T ). Defining the domain and codomain functions, and the identities, is then easy. In the next step we need to define the setoid of composable pairs. The natural definition would be to say that its elements consist of a pair of arrows together with a proof that domain and codomain are equal (in other words,

19 a proof that the arrows are composable). The right equality making this a setoid of composable pairs is, of course, equality of both arrow components, ignoring the proof component. This is not actually the definition used in the paper, where instead we take a composable pair to be a diagram of the shape

A f /B g /C in the E-category of small setoids (that is, we say that a composable pair is a tuple A ,B,C , f ,g). Defining the projection functions, which yield the first and second arrows in the pair, is straightforward, and two such tuples are equal if their first and second projections both agree (as arrows). These two setoids of composable pairs are actually isomorphic, but the second one was preferable, since it involves less data (this is an advantage, particularly for a computer checked formalisation). The real difficulty arrives when we wish to define the composition func- tion comp. To explain the problem, let me stay for the moment with the first definition of composable pairs as triples. Writing out the components of such a composable pair, we have (recalling that arrows are also triples) A ,B, f ,C ,D,g,α, where α is a proof of the equality B = C . But then we must define the composite of this composable pair to be the arrow A ,D,g◦αˆ ◦ f , and it is clear that this may depend on what particular equal- ity proof α we have – another composable pair involving exactly the same arrows, but a different proof β (so that these two triples are equal elements of the setoid of composable pairs) will compose to the arrow A ,D,g ◦ βˆ ◦ f . Demanding that composition should be a setoid map (and satisfy the exten- sionality condition) says that these two composites must be equal arrows. For the definition of composable pairs I have actually used in Paper III, the definition of composition does not depend on any equality proof, but the condition for the composition still requires an equality of the same kind to hold. At the beginning of Section 9 of Paper III, it is shown that the equalities from the extensionality condition for comp may fail in the groupoid model, and hence that the composition of arrows is not extensional there. We note immediately that if identity types had at most one element, as described earlier, then the two maps αˆ and βˆ must arise from equal equality proofs – and then two composite maps indicated above really are equal. This means that if we add, as an extra axiom, the principle of unique identity proofs (UIP), then the composition function will be a setoid map. We can add UIP in several different ways: formally as an added axiom, by adding an extra recursion operator K (eliminating not general equality proofs, but specifically reflexivity proofs [23]), or by generally replacing the recursion operators by pattern matching [6]. In Paper III, I note that we do not actually need the equality proofs to be unique, but that it is enough for the substitution functions arising from them to

20 be (extensionally) unique. Hence, I suggest several versions of a principle of unique substitutions, which in its simplest form US(U) says

,α Id ( , ), ( ) Id ( ,subst ( )), X:U : U X X x:T X T(X) x α x that is, that transforming any x:T(X) along any proof α of X = X gives us x back. Already this simplest form is sufficient for showing that composition is a setoid map – and with the setoid of composable pairs defined in Paper III, this turns out to be the only place where an additional principle is needed: by the end of Section 8, we have constructed the three setoids of objects, arrows, and composable pairs, and also the six required setoid maps between them, and shown that these are extensional. The only thing that remains to be verified is that these also model the axioms of a category. Those verifications are done in Section 10 – they are all straightforward, with the possible exception of the associativity axiom for composition, where the shorthand notation hides some surprising complexity. This leaves us with the question of how strong this axiom of unique sub- stitutions is, particularly compared to the axiom of unique identity proofs. Section 9 of Paper III is devoted to these questions. As we have already noted, at the beginning of Section 9 it is shown that extensionality of composition is not provable in type theory, since it fails in the groupoid model. It follows immediately that the uniqueness principles, for substitutions as well as for identity proofs, are not provable. In Propo- sition 1, I show that the more general forms of uniqueness of substitutions are in fact equivalent to corresponding forms of uniqueness of identity proofs. The following Proposition 2 shows that the simplest form of uniqueness of substitutions US(U), as shown above, is strictly weaker than all forms of UIP considered. In the proof of Proposition 2, I consider the groupoid interpretation of type theory, as in [12], but I must modify the interpretation of the universe U.For UIP to fail in such a model, it is enough that the groupoid interpreting U has parallel arrows which are not equal. The situation for uniqueness of substitu- tions is more complicated: the universe U would normally be interpreted by the groupoid Gpd(V) of V-small groupoids and their isomorphisms. The basic intuition would be that if we further restrict this, and only keep those automor- phisms of V-small groupoids which leave all connected components invariant, then this would loosely correspond to US(U). To make this more precise, I compute the interpretation of the axiom US(U) in the groupoid model. This interpretation gives a slightly more complicated condition which the groupoid interpreting the universe must satisfy for the resulting model to have unique- ness of substitutions. Strengthening this condition slightly I then find two variants of the groupoid model where US(U) holds, but UIP fails. Section 9 ends with two open questions about the axiom US(U). We have shown that US(U) is sufficient for showing that the composition function is

21 extensional. The first question asks whether it is also necessary? We also take a closer look at the two models of type theory that were constructed for the proof of Proposition 2, where US(U) holds, but UIP fails. The universe U in these models is closed under very few set formers (it is not even closed under Σ). Is it possible to construct a model of the same kind, but where the universe is closed under all the usual set formers?

ω 2.4 Paper IV: PERs in HA I: basic constructions and choice principles In Paper IV we leave the, by now, familiar type theory, and instead work in ω the system HA of intuitionistic arithmetic in all finite types. We may think of this as a very limited type theory, where the only types we have access to are those we can construct from the set of natural numbers by taking cartesian products and forming function spaces. In fact, most of the results in this paper can be transferred to type theory without difficulty. The objects I study in this paper are very closely related to the setoids of earlier papers, but instead of a type together with an , they consist of a type together with a partial equivalence relation (hence the abbre- viation PER). A partial equivalence relation is simply a symmetric and tran- sitive relation – dropping the reflexivity condition on an equivalence relation. This is equivalent to saying that a partial equivalence relation on a set X is the ω same thing as an equivalence relation on some subset of X. But since HA gives access to so very few sets, this second formulation is not very useful, other than as support for our intuitions. The reason for studying PERs is very similar to the reasons for studying setoids, too: just as we introduced setoids to model the quotients that type theory does not provide, we introduce PERs to have access to both quotients and subsets. Sections 3–5 of Paper IV contain the basic definitions of PERs, their maps, and subsets and quotients of PERs. The maps are defined as functions between the underlying types that satisfy an extensionality condition, just like setoid maps. When studying PERs in type theory, there are several possible notions of a map between PERs, but this is the only one that is readily available when ω working in HA . Otherwise, these definitions do not significantly differ from those in type theory. More interesting is the notion of equality of PERs: we say that two PERs are equal if they are given by equivalent (not necessarily the same) relations on the same type (and also introduce a notion of inclusion based on a simi- lar idea). Many constructions of PERs depend on data which come with an equality weaker than the standard equality – for example, we identify PER maps whenever they are pointwise equal. This equality of PERs is much finer than isomorphism, while still coarse enough to let such constructions respect

22 equality. Throughout the paper, we will always check that the constructions we make respect all relevant equalities, and this equality of PERs makes this possible. Having defined both PERs and maps of PERs, it is natural to consider a category of PERs. In Section 6, we see that the PERs form a P-category PER (a P-category is similar to an E-category, except that where a E-category uses setoids, the P-category instead uses PERs [7]). This P-category is shown to be both finitely complete and finitely cocomplete. In fact, I show slightly more, namely that the basic constructions are all given (that is, they respect all equalities). In contrast, the E-category of setoids (in type theory) does not have given pullbacks [11]: the underlying type of a pullback

P / B

g   A f / X would contain triples a,b, p where p is a proof of f (a)=X g(b). Thus, replacing the maps f and g by extensionally equal maps may change the un- derlying type of the pullback. With PERs however, the underlying type of the pullback is just the product of the underlying types of A and B; replac- ing the maps will only change the partial equivalence relation (but it remains equivalent to the original one). The final section of Paper IV, Section 7 is concerned with the extensional axiom of choice ACext for PERs. Ever since Diaconescu proved that every topos with the axiom of choice is boolean [8], we have been aware of the close connections between the axiom of choice and classical logic. But we know that there are many intuitionistic theories with choice – type theory is one of them. The crucial difference is that between intensional and extensional choice axioms – but this distinction disappears in a setting where quotient sets are available, as they are in set theory and inside a topos. The type-theoretic axiom of choice (which, as we have seen, is justified by direct manipulations of proof objects) is an intensional axiom of choice – there is no reason why the choice function we constructed at the end of Section 1.2 should respect any setoid equality. An extensional choice axiom claims that we can actually find an extensional choice function. Just as in a topos, the extensional axiom of choice for setoids implies the principle of excluded middle. But we can actually say more than this: Carlström [5] shows that having the extensional axiom of choice is equiv- alent to having the intensional axiom of choice, the principle of the excluded middle (classical logic), and a weak extensionality principle. In Section 7, I prove a similar result for PERs, following the same ideas as in [5]. Already in Definition 10, I introduce several classes of PER maps, each containing the next:

23 • surjective maps (which are also the epimorphisms); • strongly surjective maps; • pseudo-split maps (these are also the regular epimorphisms); • split epimorphisms – those PER maps which have a right inverse. It is a standard observation that ACext is equivalent to saying that all surjective maps are split (so all four classes above coincide). I consider each identifica- tion of classes separately, and prove the following statements. • That every surjective map is strongly surjective is equivalent to accepting the prenex schema σ τ σ τ (∀x )(P[x] → (∃y )Q[x,y]) → (∀x )(∃y )(P[x] → Q[x,y]), which expresses a form of proof irrelevance (Proposition 55). This schema is not constructively acceptable, so neither is the identification ω of these classes of maps. Adding classical logic to HA , makes this schema provable, but it can not be consistently added to type theory (de- spite the fact that type theory is compatible with classical logic!). • That every strongly surjective map is pseudo-split is equivalent to the intensional axiom of choice (Proposition 52). • That every pseudo-split map is a split epimorphism is equivalent to an extensionality principle saying that every quotient map σ¯ → σ¯ /∼ is split, where σ¯ is the PER given by the standard (total) equality on the type σ (Proposition 61). This is a stronger extensionality principle than that used in [5], and it actually implies classical logic, and hence also the prenex schema above. Combining these gives a direct characterisation of the extensional axiom of choice: having ACext is equivalent to having both the intensional axiom of choice and a right inverse for each quotient map σ¯ → σ¯ /∼. At the end of Section 7, I also consider a weaker form of choice, in a for- mulation from category theory. An object of a (regular) category is projective if every regular epimorphism into it is an isomorphism, and the category has enough projectives if for every object X there is a regular epimorphism P → X with P projective. In the category of PERs, the regular epimorphisms are essentially the quo- tient maps, so a PER is projective if it is not a quotient in any nontrivial way. But there is a better characterisation: a PER is projective if and only if it is (up to isomorphism) a subset of one of the standard PERs σ¯ . Using this character- isation, I conclude that PER has enough projectives.

2.5 Paper V: Some proof-theoretic properties of PHL and related systems The last paper in this thesis, Paper V, is rather different from the earlier pa- pers. It is concerned with the of Partial Horn Logic (PHL), a

24 formal calculus for reasoning with partial functions, introduced by Palmgren and Vickers [19]. Reasoning with partial functions offers some unfamiliar dif- ficulties, since there are terms that have no value, and it is hard to tell what meaning to assign to statements involving them. Perhaps the most famous ex- ample of this is Russell’s ‘The present King of France is bald.’ [20]. For a more mathematical example, we know that in any category, the equations

f = f ◦ idX and idX ◦ f = f hold, whenever the composites are defined. If we are not careful, we may mistakenly reason that id = id ◦ id X X Y by the left equation , = idY by the right equation and erroneously conclude that all identity arrows are equal. The system PHL is designed to make this kind of mistake impossible. The logic considered is a small fragment of first order logic with equality: there are no other connectives than the conjunction. To regain some expressive power, the calculus is a sequent calculus (with contexts, that is, the variables used are explicitly listed) – we write the sequents as φ ψ φ ψ, x0,x1,...,xk or, more compactly x¯ where all variables that occur in the formulas φ and ψ are listed in the context x0,x1,...,xk (but the context may also contain variables that do not occur in the formulas). It is helpful to think of the turnstile as a very restricted form of implication. The main goal of Paper V is actually a fairly simple one: the calculus PHL contains the cut rule

φ x¯ ψψ x¯ θ a2 φ x¯ θ , and the aim is to prove that this rule can be removed from the system, without making any provable formula turn unprovable. Removing the cut rule will of course disallow particular proofs: the claim is that if there is a proof using the cut rule, then we can also find a proof that does not use the cut rule. One reason for removing the cut rule is proof search. Suppose you have some sequent φ x¯ θ that you wish to prove. If we look at the rules for PHL in Figure 1 of Paper V, we see that the cut rule (a2) is the only rule that in- troduces a completely new formula when we move upwards one level in the proof search (some of the others will introduce completely new terms, but not completely new formulas). This makes searching for a proof difficult, since we could at any stage use the cut rule, with any formula ψ we could think of. Without the cut rule, we have a much smaller set of possibilities to try.

25 In fact, since the calculus PHL is intended to be used with a collection of nonlogical axioms – a theory T – we can not completely remove the cut rule. What we can show, as 3 of Paper V, is that if the sequent φ x¯ θ is derivable in PHL, then there is also a derivation where the right-hand premiss ψ x¯ θ in every remaining occurrence of the cut rule is either a nonlogical axiom (from the theory T), or an instance of the equality rule (b2), or a sub- stitution instance of one of these two (using the somewhat complicated substi- tution rule a3). The proof of this theorem is by completely syntactic methods, giving an explicit transformation of arbitrary derivations into derivations satis- fying this condition – so the proof actually implicitly contains a normalisation algorithm for PHL derivations. There is one more aspect of PHL that makes it complicated: the strange substitution rule

φ x¯ ψ a3 t¯↓∧φ(t¯/x¯) y¯ ψ(t¯/x¯) , which does not just replace the variables x0,x1,...,xn by the terms t0,t1,...,tn in the sequent φ x¯ ψ, but actually adds the extra condition t¯↓ (which is short for t0 = t0 ∧···∧tn = tn, and should be read as ‘all ti are defined’). This extra condition (together with the restriction of the rules b1 and b2 to apply only to variable symbols) is what allows us to safely reason about partial functions. In Figure 2 of Paper V, I introduce another deductive system (now writing sequents as φ ⇒x¯ ψ, to make this new system easily distinguishable from PHL). The main difference between the two systems is that this alternative calculus has a substitution rule which gives direct syntactical substitutions. The other differences are in the rules for equality: the reflexivity rule of PHL has been replaced by a symmetry rule, and these rules now apply to arbitrary terms, not just variable symbols. This alternative calculus also has the cut rule, but just as for PHL, we can reduce its use. In Theorem 6, I show that if the sequent φ ⇒x¯ θ is derivable in the alternative calculus, then there is also a derivation where the right-hand premiss ψ ⇒x¯ θ in every remaining cut is a substitution instance of a non- logical axiom (the apparent improvement over Theorem 3 comes from the change to the form of the equality rules). The proof is again by explicit proof transformations. The next, and final, aim of Paper V is to show that there is a translation between PHL and this alternative calculus. This is shown in Theorem 9, which says that a sequent φ x¯ ψ is derivable from the theory T in PHL if and only ifx ¯↓∧ψ ⇒x¯ ψ is derivable from the theory Tˆ using the alternative calculus (where Tˆ is obtained by translating every axiom θ y¯ ξ in T into an axiom y¯↓∧θ ⇒y¯ ξ suitable for the alternative calculus). While the alternative calculus seems much more convenient to work with, the translation of axioms seems to be cumbersome. But if our goal is to do proofs in the alternative calculus, and conclude that the result is derivable in

26 PHL, then Proposition 8 of Paper V suggests a slightly better method: it is enough to modify every axiom φ x¯ ψ so that every variable in the contextx ¯ actually occurs in φ. As an example, consider the quasiequational theory of a category, as given in [19]: There are two sorts, objects and arrows, and four function symbols, id, dom, cod, and composition, written as the usual operator ◦ (compare this to the formulation used in Paper III – note that composition is now a partial function, avoiding the need for an extra sort of composable arrows). For most of the axioms, the translation of Theorem 9 just adds a single formula to the antecedent. For example in the axioms for the identity ◦ id(dom )= ↓⇒ ◦ id(dom )= f f f f is translated into f f f f f , f id(cod f ) ◦ f = f is translated into f ↓⇒f id(cod f ) ◦ f = f and the translation suggested by Proposition 8 is identical to this one. For some of the axioms, however, the difference between these translations is significant. For example, the translations of the associativity axiom are

( f ◦ (g ◦ h))↓ f ,g,h f ◦ (g ◦ h)=(f ◦ g) ◦ h (original) ( f ↓∧g↓∧h↓) ∧ ( f ◦ (g ◦ h))↓⇒f ,g,h f ◦ (g ◦ h)=(f ◦ g) ◦ h (translation) ( f ◦ (g ◦ h))↓⇒f ,g,h f ◦ (g ◦ h)=(f ◦ g) ◦ h (improved) and the advantage of the improved translation is obvious, since it leaves the original axiom unchanged. While, as we have seen, this is not always the case, it is worth noting that it does apply to all partial equalities in the sense of [19, Section 6.1].

27 3. Sammanfattning på svenska

Om jag påstår något, som till exempel

Det finns två irrationella tal α och β sådana att αβ är ett rationellt tal. så kan du fråga om mitt påstående är sant – en fråga jag kommer att svara ja på. Men du kan också fråga mig på vilken grund jag påstår detta. Jag säger då att påståendet bevittnas av de två talen α = e och β = ln2, och förklarar vilken grund jag har för att påstå att dessa tal uppfyller villkoren i mitt påstående. De fem artiklarna i den här avhandlingen rör sig alla inom området kon- struktiv matematik. Konstruktiv matematik söker direkta grunder för påståen- den, något som är mer komplicerat än att avgöra om de är sanna eller falska. Att ha grund för ett påstående övertygar oss om att påståendet är sant. Men att vara övertygad om att ett påstående är sant ger oss inte nödvändigtvis grund för det (inte ens om vi har rätt). Denna idé om att ge grunder för sina påståenden har givits flera olika for- mer. Den mest grundläggande av dessa är Brouwer-Heyting-Kolmogorov– tolkningen av predikatlogiken [24]. Den förklarar vad som räknas som en grund för påståenden av alla logiska former. Jag har huvudsakligen arbe- tat i intuitionistisk typteori [16, 17, 18], som bygger på en identifikation av påståenden och datatyper. Vi identifierar helt enkelt varje påstående med mängden av dess grunder. Det identifierar då också varje logisk form med en typbildande operation. • Motsägelsen ⊥ identifieras med den tomma mängden. • Konjunktionen φ ∧ ψ identifieras med den kartesiska produkten φ × ψ. • Disjunktionen φ ∨ ψ identifieras med summan φ + ψ av typer (en dis- junkt union). • Implikationen φ → ψ identifieras med funktionstypen ψφ . • Varje existensiellt påstående (∃x:A)φ(x) identiferas med sigma-typen (den beroende summan) (Σx:A)φ(x). • Varje universellt påstående (∀x:A)φ(x) identifieras med pi-typen (den beroende produkten) (Πx:A)φ(x). De två sista förtjänar en närmare förklaring. Om vi först betraktar formeln φ(x), där variabeln x är fri, så inser vi att den inte i sig betecknar ett påstående, utan snarare en familj av påståenden (ett påstående φ(a) för varje värde a:A), vilket vi identifierat med en familj av datatyper. Vi kan då förklara hur vi bildar element i sigma- och pi-typerna: Ett element i sigmatypen (Σx:A)φ(x) är ett

28 beroende par a, p, där a:A och p:φ(a). Ett element i pi-typen (Πx:A)φ(x) är en beroende funktion f , som för varje a:A beräknar ett värde f (a):φ(a). Vi kan se typteori som ett starkt typat funktionellt programmeringsspråk, med ett typsystem som innehåller alla typerna i listan ovan, och givetvis även standardtyper som naturliga tal och listor. Identifikationen av påståenden med datatyper ger en ytterligare identifika- tion: vi kan nu likställa bevis med program. Detta gör att begreppen korrekt bevis och vältypat program sammanfaller. Att vi kan kontrollera om ett be- vis är riktigt är alltså samma sak som att typkontroll för program är avgörbar. Men en avgörbar typkontroll betyder då också att man kan skriva ett dator- program som kontrollerar om bevis är riktiga. Stora delar av arbetet i den här avhandligen har gjorts med hjälp av sådan beviskontrollerande mjukvara. Några strukturer återkommer gång på gång i mitt arbete. En av dessa struk- turer är mängdoiden. En mängdoid är en datatyp med en tillhörande ekvi- valensrelation. De används ofta istället för mängder när man formaliserar matematik i typteori, eftersom man inte kan bilda kvoter av datatyper. En annan återkommande struktur är E-kategorin. En E-kategori är en typ- teoretisk version av en lokalt liten kategori [15, 1]. Den har en typ av objekt och en mängdoid av pilar mellan varje par av objekt (istället för en mängd av pilar, som i en lokalt liten kategori). I övrigt uppfyller den samma villkor som en vanlig kategori. En skillnad är dock att en E-kategori inte har någon likhet för objekt, utöver vad typkontrollen garanterar, men detta är en mindre förlust än man kan tro, eftersom kategoriteori oftast undviker att tala om likheter mellan objekt. Precis som det finns en kategori av mängder, så bildar mängdoiderna en E-kategori [1, 9]. Jag undersöker den, eller en variant av den, i artiklarna I, III och IV. Ett typteoretiskt universum (se sista kapitlet i [16]) kan ses som en datatyp av datatyper. Ett välkänt resultat [21] är att det inte går att bevisa 0 = 1 i typ- teori utan universum. I artikel I visar jag att E-kategorin av mängdoider har egenskaper som inte heller går att bevisa i typteori utan universum, men också att redan ett minimalt universum räcker för att bevisa dem. Artikel II undersöker samlingen av alla E-kategorier. Funktorer mellan E- kategorier bildar inte en mängdoid, eftersom en likhet för funktorer kräver en likhet för objekt. Men de bildar E-kategorier, med naturliga transformationer som pilar, på samma sätt som funktorer mellan kategorier. Så samlingen av E- kategorier bildar inte en stor E-kategori, men den har mycket av den struktur som samlingen av alla kategorier har. Det som fattas är vissa likheter, som vi inte kan uttrycka. Men om vi ersätter dessa likheter med naturliga isomorfier, får vi en struktur som kallas en bikategori [2]. I Artikel II definierar jag en typteoretisk version av begreppet bikategori och visar att samlingen av alla E-kategorier bildar en sådan E-bikategori. Om vi betraktar mängdoider i ett typteoretiskt universum, så kan vi införa en likhet på dem, och vi förväntar oss att kunna bilda en kategori av mäng-

29 doider med likhet på objekt. Artikel III undersöker denna konstruktion. Det problem som uppstår rör sammansättningen av pilar: den är normalt en par- tiell funktion, så vi måste lägga till extra data till vår kategori för att hantera den, och problemet är att visa att sammansättningen av pilar är extensionell (likhetsrespekterande). Det visar sig att det behövs ett extra axiom, om enty- diga substitutioner, för att den här konstruktionen ska gå att genomföra. Ax- iomet om entydiga substitutioner handlar om identitetstyper, och det finns fler föreslagna extra axiom om dem, i synnerhet axiomet om entydiga likhetsbevis [12, 23]. Jag visar att axiomet om entydiga substitutioner följer av, men är strikt svagare än axiomet om entydiga likhetsbevis. I artikel IV studerar jag en variant av mängdoider. Vi betraktar datatyper med partiella ekvivalensrelationer, det vill säga relationer som är symmetriska och transitiva, men inte nödvändigtvis reflexiva. Partiella ekvivalensrelationer ger kvoter på samma sätt som mängdoider, och ger dessutom ett sätt att kon- struera delmängder. Jag studerar inte konstruktionen i typteori, utan i det ω formella systemet HA , ett system för aritmetik med intuitionistisk logik. De flesta av resultaten och konstruktionerna går dock lätt att översätta till typteori. Huvudresultatet i artikeln handlar om urvalsaxiomet. Det finns två varianter av urval: det extensionella urvalsaxiomet, som hävdar att det för varje total rela- tion på partiella ekvivalensrelationer finns en likhetsrespekterande urvalsfunk- tion, och det intensionella urvalsaxiomet, som hävdar att det finns en urvals- funktion, men som inte garanterar att den respekterar någon likhetsrelation. Det extensionella urvalsaxiomet för mängdoider motsvarar att lägga till klas- sisk logik, det intensionella urvalsaxiomet och en svag extensionalitetsprincip [5]. Jag analyserar beviset i [5] och anpassar det för att bevisa motsvarande resultat för partiella ekvivalensrelationer. Den sista artikeln i avhandlingen, artikel V, är olik de övriga. Den handlar om en formell kalkyl PHL [19], som är gjord för att hantera termer med par- tiella funktioner (detta är svårare än när alla funktioner är totala, eftersom det går att skriva ned termer som inte har något värde). Huvudresultatet är en sats om snittelimination för denna kalkyl, men dock ett begränsat sådant resultat, beroende på att vi alltid vill lägga till en samling icke-logiska axiom. Resul- tatet är intressant, för det tillåter en mer effektiv bevissökning i en kalkyl som är väl lämpad för att uttrycka till exempel kategoriteoretiska begrepp. Artikeln innehåller även en alternativ kalkyl, som kan ses som en förenkling av PHL, med motsvarande snitteliminationsresultat, samt översättningar mellan dessa två kalkyler.

30 Acknowledgements

First of all, I wish to thank my supervisor, professor Erik Palmgren, and my assistant supervisor, professor Viggo Stoltenberg-Hansen, for their support during my years as a doctoral student. I would also like to thank all speakers and participants in the Stockholm- Uppsala Logic Seminar. I am very grateful to the organisers of the seminar, and particularly professor Per Martin-Löf. Attending a research seminar with local and invited speakers at the highest level has been a very valuable part of my doctoral studies. The Swedish Graduate School in Mathematics and Computing (FMB) has funded my doctoral studies, and this support is gratefully acknowledged. Finally, I would like to thank my fellow logic students, particularly Johan Granström and Anton Hedin, for many interesting discussions about logic, computation, and constructive mathematics, particularly during our occasional ‘logic Fridays’.

31 References

[1] Peter Aczel. Galois: A theory development project. Available from http://www.cs.man.ac.uk/˜petera/papers.html, June 1995. [2] Jean Bénabou. Introduction to bicategories. In Reports of the Midwest Category Seminar, pages 1–77. Springer, Berlin, 1967. [3] . Foundations of constructive analysis. McGraw-Hill Book Co., New York, 1967. [4] Errett Bishop and Douglas Bridges. Constructive analysis, volume 279 of Grundlehren der Mathematischen Wissenschaften. Springer-Verlag, Berlin, 1985. [5] Jesper Carlström. EM + Ext− + ACint is equivalent to ACext. Mathematical Logic Quarterly, 50(3):236–240, 2004. [6] Thierry Coquand. Pattern matching with dependent types. In Proceedings of the 1992 workshop on types for proofs and programs, pages 66–79, Båstad, June 1992. [7] Djordje Cubriˇ c,´ Peter Dybjer, and Philip Scott. Normalization and the Yoneda embedding. Mathematical Structures in Computer Science, 8(2):153–192, 1998. [8] Radu Diaconescu. Axiom of choice and complementation. Proceedings of the American Mathematical Society, 51:176–178, 1975. [9] Peter Dybjer and Verónica Gaspes. Implementing a category of sets in ALF. Available from http://www.cse.chalmers.se/˜peterd/papers/categorytypetheory.html, September 1994. [10] Daniel Fridlender. A proof-irrelevant model of Martin-Löf’s logical framework. Mathematical Structures in Computer Science, 12(6):771–795, 2002. [11] Martin Hofmann. On the interpretation of type theory in locally Cartesian closed categories. In Computer science logic (Kazimierz, 1994), volume 933 of Lecture Notes in Computer Science, pages 427–441. Springer, Berlin, 1995. [12] Martin Hofmann and Thomas Streicher. The groupoid interpretation of type theory. In Twenty-five years of constructive type theory (Venice, 1995), volume 36 of Oxford Logic Guides, pages 83–111. Oxford Univ. Press, New York, 1998. [13] William A. Howard. The formulae-as-types notion of construction. In To H. B. Curry: essays on combinatory logic, lambda calculus and formalism, pages 480–490. Academic Press, London, 1980. [14] Peter T. Johnstone. Sketches of an elephant: a topos theory compendium. Vol. 1, volume 43 of Oxford Logic Guides. The Clarendon Press Oxford University Press, New York, 2002. [15] Saunders Mac Lane. Categories for the Working Mathematician, volume 5 of Graduate Texts in Mathematics. Springer-Verlag, New York, second edition, 1998.

32 [16] Per Martin-Löf. Intuitionistic type theory, volume 1 of Studies in Proof Theory. Lecture Notes. Bibliopolis, Naples, 1984. Notes by Giovanni Sambin. [17] Bengt Nordström, Kent Petersson, and Jan M. Smith. Programming in Martin-Löf’s type theory, volume 7 of International Series of Monographs on Computer Science. The Clarendon Press Oxford University Press, New York, 1990. [18] Bengt Nordström, Kent Petersson, and Jan M. Smith. Martin-Löf’s type theory. In Handbook of logic in computer science, Vol. 5, pages 1–37. Oxford Univ. Press, New York, 2000. [19] Erik Palmgren and Steven J. Vickers. Partial horn logic and Cartesian categories. Annals of Pure and Applied Logic, 145(3):314–353, 2007. [20] Bertrand Russell. On denoting. Mind, New Series, 14(56):479–493, October 1905. [21] Jan M. Smith. The independence of Peano’s fourth axiom from Martin-Löf’s type theory without universes. The Journal of Symbolic Logic, 53(3):840–845, 1988. [22] Jan M. Smith. Propositional functions and families of types. Notre Dame Journal of Formal Logic, 30(3):442–458, 1989. [23] Thomas Streicher. Semantical investigations into intensional type theory. Habilitationsschrift, LMU München, 1993. [24] Anne S. Troelstra and Dirk van Dalen. Constructivism in mathematics. Vol. I, volume 121 of Studies in Logic and the Foundations of Mathematics. North-Holland Publishing Co., Amsterdam, 1988. An introduction.

33