The Strength of Some Martin–L¨ofType Theories

Michael Rathjen∗†

Abstract One objective of this paper is the determination of the proof–theoretic strength of Martin– L¨of’s type theory with a universe and the type of well–founded trees. It is shown that this type system comprehends the consistency of a rather strong classical subsystem of second order 1 arithmetic, namely the one with ∆2 comprehension and bar induction. As Martin-L¨ofintended to formulate a system of constructive (intuitionistic) mathematics that has a sound philosophical basis, this yields a constructive consistency proof of a strong classical theory. Also the proof- theoretic strength of other inductive types like Aczel’s type of iterative sets is investigated in various contexts. Further, we study metamathematical relations between type theories and other frameworks for formalizing constructive mathematics, e.g. Aczel’s set theories and theories of operations and classes as developed by Feferman. 0 Introduction

The intuitionistic theory of types as developed by Martin-L¨ofis intended to be a system for formalizing intuitionistic mathematics together with an informal semantics, called “meaning expla- nation”, which enables him to justify the rules of his type theory by showing their validity with respect to that semantics. Martin-L¨of’s theory gives rise to a full scale philosophy of constructivism. It is a typed theory of constructions containing types which themselves depend on the constructions contained in previously constructed types. These dependent types enable one to express the general Cartesian product of the resulting families of types, as well as the disjoint union of such a family. Using the Brouwer-Heyting semantics of the logical constants one sees how logical notions are obtained in this theory. This is done by interpreting propositions as types and proofs as constructions [ML 84]. In addition to ground types for the finite sets and the set of natural numbers the theory can be taken to contain types which play the role of successive universes or reflections over type construction rules previously introduced. This reflection process can be iterated into the transfinite in order to obtain successively more strongly closed universes known as Mahlo universes. Finally this theory can be taken to contain a type construction principle which, like the general Cartesian product and general disjoint union, is based on dependent families of types. It is the type of well-orderings or well-founded trees which can be constructed using a family of branching types indexed by a previously constructed type. A number of results were known on the proof theoretic strength of Martin–L¨oftype theories. Many of the earliest results are presented in Beeson [Be 85]. For example, using an embedding argument it is shown there that intuitionistic type theory without universes has the complexity of

∗Department of Mathematics, The Ohio State University, Columbus, Ohio 43210, USA †The author would like to thank the National Science Foundation of the USA for support by grant DMS–9203443.

1 true arithmetic. Aczel in [A 77] showed that intuitionistic type theory with one universe ML1, but without well-ordering types, has the same proof theoretic strength as the classical subsystem of anal- 1 ysis Σ1–AC. Palmgren later gave in [P 93] a lower bound for the system with well–ordering types 1 1 ML1W in terms of the fragment of second order arithmetic with ∆2 comprehension, ∆2– CA. It was known by work of Feferman, Buchholz, Pohlers and Sieg (cf. Feferman’s preface to [BFPS 81]) 1 i that ∆2– CA is finitistically reducible to ID<ε0 (O), the intuitionistic theory of Church–Kleene con- i structive tree classes iterated any number < ε0. Palmgren showed that ID<ε0 (O) is interpretable in ML1W. However, this result was not expected to be a sharp bound. Palmgren conjectured “that something similar to autonomous inductive definitions may be interpreted in ML1W”, [P 93], 1 1 p.92. In this paper we show that even the theory ∆2– CA plus bar induction (∆2– CA + BI for 1 1 short) is finitistically reducible to ML1W. ∆2– CA + BI is perceptibly stronger than ∆2– CA. 1 1 ∆2– CA + BI not only permits one to prove that Π1 inductive definitions can be iterated along 1 1 1 arbitrary well–orderings but (cf. [R 89]) also ∆2 comprehension and Σ2 dependent choices . Key roles in determining a lower bound for the strength of ML1W are played by Fefer- man’s theory T0 of explicit mathematics, which is known to be proof–theoretically equivalent 1 to ∆2– CA + BI (cf. [JP 82],[J 83]), and Aczel’s version of constructive set theory CZF plus the regular extension axiom REA which Aczel interpreted in ML1W(cf [A 86]).

The paper is organized as follows. For the readers convenience and to make the paper more widely accessible, we give detailed descriptions of the system T0 in Sect. 1 and of CZF in Sect.2. For later use we also gather and prove elementary facts about the latter systems. The fruits are reaped in Sect. 3 where T0 is interpreted in CZF + REA. Upper bounds for the proof–theoretic strengths of Martin–L¨oftype theories are obtained by using recursive realizability models following [Be 82]. Sect. 4 provides a modelling of the type theory ML1V, which Aczel used in [A 78] to interprete CZF, in Kripke–Platek set theory KP. As a result, KP, CZF and ML1V have the same strength. Aczel’s interpretation of CZF + REA in ML1W lends itself to a natural restriction of ML1W, called ML1WV, which has the type of iterated sets V but allows W–formation only for families in the universe U. The recursive realizability model for ML1W is extended in Sect. 5 so as to accomodate the type V and restricted W-formation. This time the modelling is carried out in the set theory KPi which is an extension of KP that axiomatizes a recursively inaccessible set 1 universe. At the end of this section we conclude that the systems ∆2– CA + BI, CZF+REA and ML1WV are of the same strength. In connection with the system ML1WV the question arises whether the type V really con- tributes to its strength. V appears to be crucial for the interpretation of CZF+REA in type theory. To pursue this question we introduce a system of second order IARI that has unrestricted Replacement but comprehension only for arithmetic properties. In Sect. 6 IARI is interpreted in ML1W, that is ML1WV without the type V. In addition, it is shown that IARI suffices for the well–ordering proof of an ordinal notation system that was used for the analysis of KPi, thereby 1 yielding that ML1W has the strength of ∆2– CA + BI too. Finally, in Sect. 7, we investigate the strength of the full system ML1W, where one also has to deal with W–types at large, i.e. those which do not belong to U. We show that ML1W can be modelled in a slight extension of KPi. However, we make no attempt to determine the exact bound2 as this theory seems to be of rather limited interest. More interesting are the theories

1 1 These principles do not exhaust the strength of ∆2– CA + BI by far (cf. [R 89]). 2 The exact strength of ML1W is investigated in [S 93].

2 MLnW with n universes. The methods of this paper can also be applied to those theories so as to yield their proof–theoretic strength. As a rule of thumb, the tower of n universes in MLnW corresponds to n recursively inaccessible universes in classical Kripke–Platek set theory.

1 Some Background on Feferman’s T0

1.1 Feferman’s T0

T0 is the formal system for constructive mathematics due to Feferman. In the literature it has already been shown that within T0 one can define notions like arithmetic truth, the ramified analytic hierarchy and the constructive tree classes. Since T0 is one of the tools we use to estimate the strength of intuitionistic type theory with universes closed under well-ordering types, we include a brief discussion and summary. The language of T0, L(T0), has two sorts of variables. The free and bound variables (a, b, c, . . . and x, y, z . . . ) are conceived to range over the whole constructive universe which comprises opera- tions and classifications among other kinds of entities; while upper-case versions of these A, B, C, ... and X,Y,Z, ... are used to represent free and bound classification variables. The intended objects of the constructive universe are in general infinite, seen classically. Since the underlying logic of T0 is intuitionistic the objects of this universe are presented in a finitary manner and, without loss of generality, by natural numbers. As far as algorithmic procedures on natural numbers are concerned there are a variety of mathematical formalizations each of which gives a way of presenting the derivations of algorithms using fixed rules for computing as finite objects. To be treated as objects these are then coded by natural numbers. Examples are G¨odel numbers of formulae defining these functions in a formal theory, of formal derivations using schemes and codes of Turing machines. Yet another alternative, and the one adopted here, is G¨odelnum- bers of application terms built up from variables and the two basic combinators k and s using a binary application operation to represent effectively computable number theoretic functions. This is the sense in which these objects are elements of the constructive universe. In a similar fashion one obtains natural numbers coding the formulae defining properties which give classifications as elements of the constructive universe. Which of these objects actually populate this universe will of course depend on the axioms of T0. To facilitate the formulation of these axioms, the language L(T0) is equipped with defined symbols for term application and strong or complete equality. N is a classification constant taken to define the class of natural numbers. 0 , sN and pN are operation constants whose intended interpretations are the natural number 0 and the successor and predecessor operations. Additional operation constants are k, s, d, p, p0 and p1 for the two basic combinators, definition by cases on N, pairing and the corresponding two projections. Additional classification constants are generated using the axioms and the constants j, i and cn(n < ω) for join, induction and comprehension. There is no arity associated with the various constants. The terms of T0 are just the variables and constants of the two sorts. The atomic formulae of T0 are built up using the terms and three primitive relation symbols =, App and ε as follows. If q, r, r1, r2 are terms, then q = r, App(q, r1, r2), and q ε r (where r has to be a classification variable or constant) are atomic formulae. 3 App(q, r1, r2) expresses that the operation q applied to r1 yields the value r2; q ε r asserts that q is in r or that q is classified under r.

3It should be pointed out that we use the symbol “ ε ” instead of “∈”, the latter being reserved for the set–theoretic elementhood relation.

3 We write t1t2 ' t3 for App(t1, t2, t3). The set of formulae are then obtained from these using the propositional connectives and the two quantifiers of each sort. In order to facilitate the formulation of the axioms, the language of T0 is expanded definitionally with the symbol ' and the auxilliary notion of an application term is introduced. The set of application terms is given by two clauses:

1. all terms of T0 are application terms; and 2. if s and t are application terms, then (st) is an application term. For s and t application terms, we have auxilliary, defined formulae of the form: s ' t := ∀y(s ' y ↔ t ' y) where the occurances of y are instances of a bound operation variable. We then define s ' a (for a a free variable) inductively by: ( s = a, if s is a variable or a constant, s ' a is ∃x, y[s1 ' x ∧ s2 ' y ∧ App(x, y, a] if s is an application term (s1s2)

Some abbreviations are t1 . . . tn for ((...(t1t2)...)tn); t ↓ for ∃y(t ' y) and φ(t) for ∃y(t ' y ∧ φ(y)). G¨odelnumbers for formulae play a key role in the axioms introducing the classification constants cn. A formula is said to be elementary if it contains only free occurences of classification variables A (i.e., only as parameters), and even those free occurrences of A are restricted: A must occur only to the right of ε in atomic formulas. The G¨odelnumber cn above is is the G¨odelnumber of an elementary formula. We assume that a standard G¨odelnumbering numbering has been chosen for L(T0); if φ is an elementary formula and a, b1, . . . , bm,A1,...,An is a list of variables which includes all parameters of φ, then {x : φ(x, b1, . . . , bn,A1,...,An)} stands for cn(b1,..., bn, A1,..., An); n is the code of the pair of G¨odelnumbers hdφe, d(a, b1, . . . , bm,A1,...,An)ei and is called the ‘index’ of φ and the list of variables. Some further conventions are useful. Systematic notation for n-tuples is introduced as follows: 0 (t) is t,(s, t) is pst, and (t1, . . . , tn) is defined by ((t1, . . . , tn − 1), tn). Finally, t is written for the 0 term sNt, and ⊥ is the atomic formula 0 ' 0 .

T0’s logic is intuitionistic two-sorted predicate logic with identity. Its non-logical axioms are:

I. Basic Axioms 1. ∀X∃x(X = x)

2. App(a, b, c1) ∧ App(a, b, c2) → c1 = c2

II. App Axioms 1. (kab) ↓ ∧ kab ' a, 2. (sab) ↓ ∧ sabc ' ac(bc),

3. (pa1a2) ↓ ∧ (p1a) ∧ (p2a) ↓ ∧ pi(pa1a2) ' ai for i = 0, 1,

4. (c1 = c2 ∨ c1 6= c2) ∧ (dabc1c2) ↓ ∧ (c1 = c2 → dabc1c2 ' a) ∧ (c1 6= c2 → dabc1c2 ' b), 0 0 0 0 0 5. a ε N ∧ b ε N → [a ↓ ∧ pN(a ) ' a ∧ ¬(a = 0) ∧ (a ' b → a ' b)].

4 III. Classification Axioms

Elementary Comprehension Axiom (ECA)

∃X[X '{x : ψ(x)} ∧ ∀x(x ε X ↔ ψ(x))]

for each elementary formula ψa, which may contain additional parameters.

Natural Numbers

(i) 0 ∈ N ∧ ∀x(x ε N → x0 ε N) 0 (ii) φ(0) ∧ ∀x(φ(x) → φ(x )) → (∀x ε N)φ(x) for each formula φ of L(T0). Join (J)

∀x∃Y fx ' Y → ∃X[X ' j(A, f) ∧ ∀z(z ε X ↔ ∃x ε A∃y(z ' (x, y) ∧ y ε fx))]

Inductive Generation (IG)

∃X[X ' i(A, B) ∧ ∀x ε A[∀y[(y, x) ε B → y ε X] → x ε X] ∧ ∀x ε A [∀y ((y, x) ε B → φ(y)) → φ(x)] → ∀x ε X φ(x)]]

where φ is an arbitrary formula of T0.

1.2 A Finite Axiomitization of ECA

Later on in section 3 we are going to interprete T0 in intuitionistic set theory. For technical reasons which will become apparent then, we show that ECA is already captured by finitely many of its instances.

Definition 1.1 For each elementary φ(x, y1, . . . , yn,A1,...,Am) write

{x : φ(x, y1, . . . , yn,A1,...,An)} for cφ(y1, . . . , yn,A1,...,Am).

We may then make the following abbreviations:

V for {x : x = x}; ∅ for {x : ⊥}; {a1, . . . , an} for {x : x = a1 ∨ · · · ∨ x = an}; A2B for {x : x ε A2x ε B}, (2 ∈ {∧, ∨, →}) AB for {f : x ε B → fx ε A}; B Diag=(A, B, s, t) for {f : f ε A ∧ fs ' ft ∧ s, t ε B} 0 B 0 0 DiagApp(A, B, s, t, t ) for {f : f ε A ∧ App(fs, ft, ft ) ∧ s, t, t ε B} Proj(A, B, C) for {f : f ε AB ∧ ∃g ε C ∀x ε B(gx ' fx)} Ext(A, B, C, s) for {f : f ε AB ∧ ∀z ∃g ε C[gs ' z ∧ ∀x ε B(gx ' fx)]}; f −1{a} for {x : fx ' a}.

In the next definition, to facilitate the writing, we will occasionally write u ∈ {x : φ(x)} instead of φ(u). Notice that we use the set–theoretic elementhood sign here.

5 Definition 1.2 For the finite axiomatization of ECA we use the universal closures of the following formulae:

(A1) ∃X [X ' (A2B) ∧ ∀u(u ε X ↔ u ε A2u ε A)] where 2 is one of the connectives ∧, ∨, → ∃X [X ' ∅ ∧ ∀u(u ε X ↔ u ∈ ∅)] (A2) ∃X [X ' f −1{a} ∧ ∀u(u ε X ↔ fu ' a)] (A3) ∃X [X '{a} ∧ ∀u(u ε X ↔ u = a)]

(A4) ∃X [X ' Diag=(A, B, a, b)) ∧ ∀u(u ε X ↔ u ∈ Diag=(A, B, a, b))] 0 0 (A5) ∃X [X ' DiagApp(A, B, a, b, b ) ∧ ∀u(u ε X ↔ u ∈ DiagApp(A, B, a, b, b ))] (A6) ∃X [X ' Proj(A, B, C) ∧ ∀u(u ε X ↔ u ∈ Proj(A, B, C))] (A7) ∃X [X ' Ext(A, B, C, a) ∧ ∀u(u ε X ↔ u ∈ Ext(A, B, C, a))] (A8) ∃X [X ' AB ∧ ∀u(u ε X ↔ u ∈ AB)] (A9) ∃X [X '{u : ∃f(f ε A ∧ f0 ' u} ∧ ∀u(u ε X ↔ ∃f(f ε A ∧ f0 ' u))]

f Let T0 arise from T0 by restricting the schema ECA to the finitely many instances from (A1),... ,(A9) and only retaining those constants cn that enter these axioms. f f If ψ(b) is an elementary formula of T0 and tψ is an application term of T0 such that f T0 ` ∃X[X ' t ∧ ∀u (u ε X ↔ ψ(u))] and the free variables of tψ are among the free variables of ψ(0) we will say that {u : ψ(u)} is a f classification (provably) in T0.

f Lemma 1.3 If φ(a0, . . . , an−1) is an elementary formula of T0 with free non–classification vari- ables among a0, . . . , an−1, then we can construct an application term tφ which witnesses that

{u : u ε A{0,... ,n−1} ∧ φ(u0, . . . , u(n − 1))]

f is a classification in T0. n {0,... ,n−1} n Proof : Write A for A and ~a for a0, . . . , an−1. Note that A is a classification in f {0,... ,n−1} T0 using (A3), (A1), and (A8). We shall denote the term sought after by {f ε A : n φ(f0, . . . , f(n − 1))}]. Set Hφ := {f ε A : φ(f0, . . . , f(n − 1))}. We want to prove the lemma by induction on the generation of elementary formulas.

1. If φ(~a) is ai = aj, then Hφ = Diag=(A, {0, . . . , n − 1}, i, j). Since {0, . . . , n − 1} is a classifi- cation using (A3) and (A1), so is Hφ by (A4).

2. φ(~a) is ai = c, where c is a constant. Let ψ(~a) be the formula ai = an. By (A3), (A2), and n+1 (A1), C := Hψ ∩ {f ε A : fn ' c} is a classification. Hence Hφ is a classification by (A6) and (1) as Hφ = Proj(A, {0, . . . , n − 1},C).

3. φ(~a) is c = d where c and d are both constants. Let ψ(~a) be an = an+1 and put n+1 n+2 C := Hψ ∩ {f ε A : fn ' c} ∩ {g ε A : g(n + 1) ' d}.

As C is a classification, so is Hφ = Proj(A, {0, . . . , n − 1},C).

6 4. If φ(~a) is App(ai, aj, ak), then Hφ = DiagApp(A, {0, . . . , n − 1}, i, j, k) is a classification by (A5).

5. Suppose φ(~a) is App(f, s, t) where some of the terms f, s, t are constants. Define ψ(a0 . . . , an+2) by App(an, an+1, an+2). Then Hψ is a classification by (4). If for instance φ(~a) is App(f, ai, aj) with f a constant, then Hφ = Proj(A, {0, . . . , n − 1},C) with C being

n+3 n+3 n+3 Hψ ∩ {g ε A : gn ' f} ∩ {g ε A : g(n + 1) ' ai} ∩ {g ε A : g(n + 2) ' aj}.

Similarly, Hφ can be shown to be a classification for the remaining possibilities.

6. If φ(~a) is of the form φ0(~a)2φ1(~a), where 2 is one of the connectives ∧, ∨, →, then the assertion follows inductively using (A1).

7. If φ(~a) is ∃z ψ(~a,z), then Hθ = Proj(A, {0, . . . , n − 1}, H) with θ(a0, . . . , an) being ψ(~a,an). So Hφ is a classification by (A6) and the inductive assumption.

8. If φ(~a) is ∀z ψ(~a,z), then Hφ = Ext(A, {0, . . . , n−1}, Hθ, n) with θ(a0, . . . , an) being ψ(~a,an). Thus Hφ is a classification using (A7) and the inductive assumption.

n n {i} n {i} 9. If φ(~a) is ai ε B, then Hφ = {f ε A : fi ε B} = {f ε A : f ε B } = A ∩ B . Thus Hφ is a classification employing (A3), (A8), and (A1).

10. If φ(~a) is c ε B where c is a constant, then Hφ = Proj(A, {0, . . . , n − 1},C) with C being n+1 Hψ ∩ {g ε A : gn ' c}, where ψ(a0, . . . an) is an ε B. 2

f f Proposition 1.4 T0`ECA, that is to say {u : ψ(u)} is a classification in T0 for every elementary f formula ψ of T0.

Proof : Let φ(a0, . . . , an−1) be elementary. Then

n C := {f ε A : φ(f0, . . . , f(n − 1)) ∧ f1 ' a1 ∧ · · · f(n − 1) ' an−1} is a classification using Lemma 1.3, (A1), (A2), (A3). Now

{x : φ(x, a1, . . . , an−1)} = {x : ∃f ε C(f0 ' x)}, and hence {x : φ(x, a1, . . . , an−1)} is a classification by (A9). 2

f To conclude from the previous result that T0 can be interpreted in T0, we need the following lemma.

f Lemma 1.5 (cf. [FS 81]) (Abstraction Lemma) For each application term t(c1,..., cn) of T0 there is a new application term t∗ such that the parameters of t∗ are among the parameters of t(c1,..., cn) minus c1,..., cn and such that

f ∗ ∗ T0 ` t ↓ ∧ t (c1,..., cn) ' t.

∗ λ(c1,..., cn).t is written for t .

7 Proof : To begin with, we show this for one parameter. Define λc.t(c) by the complexity of the term t as follows. λc.c is skk; λc.t is kt for t a constant or a variable other than c; λc.t0t1 is s(λc.t0)(λc.t1). For two parameters c1, c2, define λ(c1, c2).t(c1, c2) := λc.t(p0(c), p1(c)); etc. Notice that if the list c1,..., cn comprises all the parameters of t, then λ(c1,..., cn).t is a closed application term without any classification variables. 2

For later use we state a consequence of the Abstraction Lemma which can be derived in the same way as for the λ–calculus (cf. [F 75],[Be 85],VI2.7).

Corollary 1.6 (Recursion Theorem)

∀f∃g∀x1 ... ∀xn g(x1, . . . , xn) ' f(g, x1, . . . , xn).

f Corollary 1.7 T0 can be interpreted in T0.

Proof : The interpretation consists in successively replacing all those comprehension constants cφ f ¦ which do not belong to T0 with a suitable closed application term cφ which arises from abstracting an application term as provided by Proposition 1.4. ¦ The construction of cφ proceeds along the generation of cφ. So assume that cφ is the index of an elementary formula φ(b, a1, . . . , an,B1,...,Bm) and a list of variables b, a1, . . . , an,B1,...,Bm that includes all parameters of φ. Assume that we have already translated φ(b, a1, . . . , an,B1,...,Bm) into an elementary formula ¦ φ(b, a1, . . . , an,B1,...,Bm) f of T0. Then let t(a1, . . . , an,B1,...,Bm) be the term constructed in Proposition 1.4 which wit- ¦ f nesses that {u : φ(u, a1, . . . , an,B1,...,Bm) } is a classification in T0. ¦ Let cφ := λ(a1,..., an, B1,..., Bm).t(a1,..., an, B1,..., Bm). If we now replace cφ in an ¦ 4 elementary formula with cφ, then the result will also be an elementary formula. The faithfulness of this interpretation is immediate by 1.4 and 1.5 2

f In the sequel we shall identify T0 with T0.

2 Constructive set theories

2.1 The System CZF In this subsection we will summarize the language and axioms for Aczel’s constructive set theory or CZF. The language of CZF is the first order language of ZF whose only non-logical symbol is ∈. The logic of CZF is intuitionistic first order logic with equality. Its non-logical axioms are extensionality, pairing, union, and infinity in their usual forms. CZF has additionally axiom schemata which we will now proceed to summarize. Each is followed with some comments on the intuition involved and questions of constructivity.

4 More precisely, that which is obtained after rewriting the result as a formula of T0.

8 Set Induction ∀x[∀y ∈ xφ(y) → φ(x)] → ∀xφ(x) for all formulae φ. Set induction replaces primarily the foundation axiom and corresponds to the principle of ∈-induction which is a theorem of ZF. It should be compared, as far as constructivity goes, with the induction principle associated with any generalized inductive definition. Examples are the inductive definitions giving the higher number classes.

Bounded Separation ∀a∃b∀x[x ∈ b ↔ x ∈ a ∧ φ(x)] for all bounded formulae φ, where φ is said to be bounded if all quantifiers in φ are bounded, i.e., having constructed the set a as well as those giving explicit bounds on all of the quantifiers in φ, we can construct the set of all elements of a which have the property φ.

Strong Collection ∀a[∀x ∈ a∃yφ(x, y) → ∃bφ0(a, b)] for all formulae φ(x, y), where φ0(a, b) is the formula

∀x ∈ a ∃y ∈ b φ(x, y) ∧ ∀y ∈ b ∃x ∈ a φ(x, y)

This axiom allows one to construct a set corresponding exactly to the image of a previously defined relation between sets one has already constructed.

Subset Collection

∀a∀a0∃c∀u(∀x ∈ a ∃y ∈ a0φ(x, y) → ∃b ∈ c φ0(a, b)) for all formulae φ(x, y). Note that u may occur free in φ(x, y), i.e., this is subset collection with parameters.

Dependent Choices (DC)

∀x(θ(x) → ∃y(θ(y) ∧ φ(x, y))) → ∀x(θ(x) → ∃zψ(x, z)) for all formulae θ(x) and φ(x, y), where ψ(x, z) is the formula which asserts that z is a function with domain the natural numbers such that z(0) = x and for every natural number n, θ(z(n)) ∧ φ(z(n), z(n + 1)) holds.

The formula in the language of CZF defining the property of a set A that it is regular states that A is transitive, and for every a ∈ A and set R ⊆ a × A if ∀x ∈ a ∃y (hx, yi ∈ R), then there is a set b ∈ A such that ∀x ∈ a ∃y ∈ b (hx, yi ∈ R) ∧ ∀y ∈ b ∃x ∈ a (hx, yi ∈ R). In particular, if R : a → A is a function, then the image of R is an an element of A. Let Reg(A) denote this assertion. With this auxilliary definition we can state:

9 Regular Extension Axiom (REA)

∀x∃y[x ⊆ y ∧ Reg(y)]

Aczel in [A 86] interpreted CZF plus the regular extensions axiom in the intuitionistic theory of types due to Martin-L¨ofusing a single universe closed under the type of well-orderings. Alter- natively he showed that, by introducing rules in type theory for the collection of iterative sets (in anology with Russell’s ramified theory of types), one can model the sets and formulae of the language of CZF using the types in this extension of intuitionistic type theory.

2.2 Some Properties of CZF The mathematical power of CZF resides in the possibility of defining class functions by ∈–recursion and the fact that the scheme of Bounded Separation allows for an extension with provable class functions occurring in otherwise bounded formulae. We shall use the informal notion of class as in classical set theory.

Proposition 2.1 (Definition of Recursion in CZF) Let G be a total (n + 2)–ary class function of CZF, i.e. CZF ` ∀~xyz∃!u G(~x,y, z) = u. Then there is a total (n + 1)–ary class function F of CZF such that5 CZF ` ∀~xy[F (~x,y) = G(~x,y, (F (~x,z)|z ∈ y))]. Proof : Let Φ(f, ~x) be the formula

[f is a function] ∧ [dom(f) is transitive] ∧ [∀y ∈ dom(f)(f(y) = G(~x,y, f ¹ y))].

Set ψ(~x,y, f) := [Φ(f, ~x) ∧ y ∈ dom(f)]. 2

Claim CZF ` ∀~x,y∃!fψ(~x,y, f).

Proof of Claim: By ∈–induction on y. Suppose ∀u ∈ y ∃g ψ(~x,u, g). By StrongS Collection we find a set A such that ∀u ∈ y ∃g ∈ A ψ(~x,u, g) and ∀g ∈ A∃u ∈ y ψ(~x,u, g). Let f0 = {g : g ∈ A}. By our general assumption there exists a u0 such that G(~x,y, (f0(u)|u ∈ y)) = u0. Set f = f0 ∪ {hy, u0i}. Since for all g ∈ A, dom(g) is transitive we have that dom(f0) is transitive. If u ∈ y, then u ∈ dom(f0). Thus dom(f) is transitive and y ∈ dom(f). We have to show that f is a function. But it is readily shown that if g0, g1 ∈ A, then ∀x ∈ dom(g0) ∩ dom(g1)[g0(x) = g1(x)]. Therefore f is a function. This also shows that ∀w ∈ dom(f)[f(w) = G(~x,w, f ¹ w)], confirming the claim (using ∈–induction). Now define F by F (~x,y) = w := ∃f[ψ(~x,y, f) ∧ f(y) = w]. 2

Corollary 2.2 There is a class function TC such that [ CZF ` ∀a[TC(a) = a ∪ {TC(x): x ∈ a}].

5(F (~x,z)|z ∈ y) := {hz, F (~x,z)i : z ∈ y}

10 Proposition 2.3 (Definition by TC–Recursion) Under the assumptions of Proposition 2.1 there is an (n + 1)–ary class function F of CZF such that CZF ` ∀~xy[F (~x,y) = G(~x,y, (F (~x,z)|z ∈ TC(y)))]. Proof : Let θ(f, ~x,y) be the formula [f is a function] ∧ [dom(f) = TC(y)] ∧ [∀u ∈ dom(f)[f(u) = G(~x,u, f ¹ TC(u))]]. Prove by ∈–induction that ∀y∃!f θ(f, ~x,y). Suppose ∀u ∈ y ∃!g θ(g, ~x,u). By Strong Collection we find a set A such that ∀u ∈ y ∃g ∈ A θ(g, ~x,u) and ∀g ∈ A ∃u ∈ y θ(g, ~x,u). By assumption, we also have ∀u ∈ y∃!z∃g∃a[θ(g, ~x,u) ∧ G(~x,u, g) = a ∧ z = hu, ai]. Again by Strong Collection there is a function h such that dom(h) = y and ∀u ∈ y ∃g [θ(g, ~x,u) ∧ G(~x,u, g) = h(u)] . S Now let f = ( {g : g ∈ A}) ∪ h. Then θ(f, ~x,y). 2

The next result was proved by Myhill (cf. [My 75]) for the theory CST.

Proposition 2.4 (Extension by Defined Function Symbols) Suppose CZF ` ∀~x ∃!y Φ(~x,y). Let 0 6 CZF be obtained by adjoining a function symbol FΦ to the language , extending the schemata to 0 the enriched language, and adding the axiom ∀~x Φ(~x,FΦ(~x )). Then CZF is conservative over CZF. Proof : We define the following translation ∗ for formulas of CZF0: ∗ φ ≡ φ if FΦ does not occur in φ ∗ (FΦ(~x ) = y) ≡ Φ(~x,y)

If φ is of the form t = x with t ≡ G(t1, . . . , tk) such that one of the terms t1, . . . , tk is not a variable, then let ∗ ∗ ∗ ∗ (t = x) ≡ ∃x1 ... ∃xk [(t1 = x1) ∧ · · · ∧ (tk = xk) ∧ (G(x1, . . . , xk) = x) ] . ∗ The latter provides a definition of (t = x) by induction on t. If either t or s contains FΦ, then let (t ∈ s)∗ ≡ ∃x∃y[(t = x)∗ ∧ (s = y)∗ ∧ x ∈ y], (t = s)∗ ≡ ∃x∃y[(t = x)∗ ∧ (s = y)∗ ∧ x = y], (¬φ)∗ ≡ ¬φ∗ ∗ ∗ ∗ (φ02φ1) ≡ φ02φ1, if 2 is ∧, ∨, or → (∃xφ)∗ ≡ ∃xφ∗ (∀xφ)∗ ≡ ∀φ∗. 0 Let CZF0 be the restriction of CZF , where FΦ is not allowed to occur in the Bounded Sep- ∗ aration Scheme. Then it is obvious that CZF0 ` φ implies CZF ` φ . So it remains to 0 show that CZF proves the same theorems as CZF0. In actuality, we have to prove CZF0 ` ∃x∀y [y ∈ x ↔ y ∈ a ∧ φ(a)] for any bounded formula φ of CZF0. We proceed by induction on φ.

6This changes the notion of bounded formula.

11 1. φ(y) ≡ t(y) ∈ s(y). Now

CZF0 ` ∀y ∈ a∃!z[(z = t(y)) ∧ ∀y ∈ a∃!u(u = s(y))].

Using Replacement we find functions f and g such that

dom(f) = dom(g) = a and ∀y ∈ a [f(y) = t(y) ∧ g(y) = s(y)] .

Therefore {y ∈ a : φ(y)} = {y ∈ a : f(y) ∈ g(y)} exists by Bounded Separation in CZF0. 2. φ(y) ≡ t(y) = s(y). Similar.

3. φ(y) ≡ φ0(y)2φ1(y), where 2 is any of ∧, ∨, →. This is immediate by induction hypothesis.

4. φ(y) ≡ ∀u ∈ t(y) φ0(u, y). We findS a function f such that dom(f) = a and ∀y ∈ a f(y) = t(y). Inductively, for all b ∈ a, {u ∈ ran(Sf): φ0(u, b)} is a set. Hence there is a function g with dom(g) = a and ∀b ∈ a g(b) = {u ∈ ran(f): φ0(u, b)}. Then {y ∈ a : φ(y)} = {y ∈ a : ∀u ∈ f(y)(u ∈ g(y))}.

5. φ(y) ≡ ∃u ∈ t(y) φ0(u, y). With f and g as above, {y ∈ a : φ(y)} = {y ∈ a : ∃u ∈ f(y)(u ∈ g(y))}. 2

Remark 2.5 The proof of Proposition 2.4 shows that the process of adding defined function symbols 0 0 to CZF can be iterated. So if e.g. CZF ` ∀~x∃y ψ(~x,y), then also CZF + {∀~x∃y ψ(~x,Fψ(~x))} will be conservative over CZF.

3 A Lower Bound for the Strength of ML1W

Employing an interpretation of intuitionistic theories of iterated strictly positive inductive defini- tions in Martin–L¨of’s type theory, Palmgren showed in [P 93] that ML1W has at least the strength 1 1 of ∆2– CA. In this section we will establish that ML1W is much stronger than ∆2– CA in that we interpret Feferman’s theory T0 in ML1W. By [FS 81], [JP 82], and [J 83] it is known that T0 1 has the same strength as ∆2-comprehension plus bar induction. However, rather than modelling T0 directly in ML1W, our line of attack will be to model T0 in Aczel’s constructive set theory CZF + REA, for which Aczel in [A 86] provided an interpretation in ML1W. Roughly, our inter- pretation of T0 in CZF + REA proceeds by showing that Feferman’s set–theoretical interpretation of T0 (cf. [F 75]) can be carried out in CZF + REA.

3.1 The Interpretation of T0 in CZF + REA For later use we show that, provably in CZF + REA the well-founded part of a binary set relation is a set. For any class Φ the class X is said to be Φ–closed if A ⊆ X implies a ∈ X for every pair ha, Ai ∈ Φ.

Lemma 3.1 (CZF) (Aczel, cf. [A 82],4.2) For any class Φ there is a smallest Φ–closed class I(Φ).

12 Proof : Call a set relation G good if whenever hx, yi ∈ G there is a set A such that hy, Ai ∈ Φ and

∀u ∈ A ∃v ∈ x hv, ui ∈ G.

Call a set Φ–generated if it is in the range of some good relation. To see that the class of Φ–generated sets is Φ–closed, let A be a set of Φ–generated sets, where ha, Ai ∈ Φ. Then

∀y ∈ A ∃G [G is good ∧ ∃x (hx, yi ∈ G)].

By Strong Collection there is a set C of good sets such that

∀y ∈ A ∃G ∈ C ∃x (hx, yi ∈ G). S S Letting G0 = C ∪ {hb, ai}, where b = {u : ∃y hu, yi ∈ C}, G0 is good and hb, ai ∈ G0. Thus a is Φ–generated. Whence I(Φ) is Φ–closed. Now if X is another Φ–closed class and G is good, then by set induction on x it follows hx, yi ∈ G → y ∈ X, so that I(Φ) ⊆ X. 2

Lemma 3.2 (Aczel, [A 86], Corollary 5.3) For R a set let Ri = {j : hj, ii ∈ R}. Let WF(A, R) be the smallest class X such that for i ∈ A

Ri ⊆ X implies i ∈ X.

Then WF(A, R) = I(Φ) where Φ = {hi, Rii : i ∈ A}. CZF + REA proves that, for sets A and R, WF(A, R) is a set. Proof : We argue in CZF + REA. For each set x let

Γ(x) = {ı : i ∈ A ∧ Ri ⊆ x}. (1)

Note that Γ(x) is a set by Bounded Separation. Let X be the smallest class such that if

∀y ∈ a ∃z ∈ b hy, zi ∈ X ∧ ∀z ∈ b ∃y ∈ a hy, zi ∈ X then [ ha, Γ( b)i ∈ X. This definition can be couched in terms of an inductive definition falling under the scope of Lemma 3.1. Using ∈–induction it is easily verified that for each set a there is a unique set y such that ha, yi ∈ X, and if this unique y is written Γa then [ Γa = Γ( {Γy : y ∈ a}). (2)

Next we want to show [ I (Φ) = {Γu : u ∈ V}. (3) S First note that if Γy ⊆ I (Φ) for all y ∈ a, then {Γy : y ∈ a} ⊆ I (Φ), whence Γa ⊆ I (Φ) since I (Φ) a is Φ–closed. Thus by set induction,S Γ ⊆ I (Φ) for all sets a, confirming “⊆” ofS (3). For the converse inclusion it suffices to show that {Γu : u ∈ V} is Φ–closed. So suppose x ⊆ {Γu : u ∈ V}. Then

∀y ∈ x ∃a (y ∈ Γa).

13 Employing Strong Collection there is a set b such that

∀y ∈ x ∃a ∈ b (y ∈ Γa). S S Therefore x ⊆ {Γu : u ∈ b} and hence Γ(x) ⊆ Γb ⊆ {Γu : u ∈ V}. Finally we must show that I (Φ) is a set. By the Regular Extension Axiom we can pick a regular set B such that ∀i ∈ ARi ∈ B. Let [ I = {Γu : u ∈ B}.

Strong Collection and Union guarantee that I is a set. By (3) we have I ⊆ I (Φ). So it remains to show that I is Φ–closed, since then I (Φ) ⊆ I. So assume Ri ⊆ I for some i ∈ A. Then u u ∀j ∈ Ri ∃u ∈ B j ∈ Γ . By the regularity of B there is b ∈ B such that ∀j ∈ Ri ∃u ∈ b j ∈ Γ . It S u b follows that Ri ⊆ {Γ : u ∈ b}, yielding, by (2), that i ∈ Γ ⊆ I. 2

Corollary 3.3 CZF + REA minus Subset Collection proves that, for sets A and R, WF(A, R) is a set. Proof : This is because nowhere in the proofs of 3.1 and 3.2 we had to use Subset Collection. 2

Since I (Φ) is the smallest Φ–closed class we get the following induction principle for WF(A, R).

Corollary 3.4 (CZF + REA) For an arbitrary formula of set theory ψ(x) and sets A, R,

∀i ∈ A[∀j ∈ Ri ψ(j) → ψ(i)] → ∀i ∈ WF(A, R) ψ(i),

where Ri = {j ∈ A : hj, ii ∈ R}. 2

For the interpretation of T0 it is convenient to work in a definitional extension of CZF which we denote again by CZF. Drawing on Proposition 2.4, we may assume that CZF has a constant ω for the unique set whose existence is asserted in the axiom of infinity7. By the same token we may assume that CZF has a function symbol S for the successor function given by S(x) = x ∪ {x}, and a constant 0 denoting the empty set. CZF proves ω–induction (cf. [TD 88], Ch. 11, 8.5)

φ(0) ∧ ∀x [φ(x) → φ(S(x))] → ∀x ∈ ω φ(x).

The Peano Axioms for zero and successor can be shown in CZF to hold for 0 and S on ω. Employing Proposition 2.1 and Proposition 2.4 we may assume that CZF has as many function symbols for primitive recursive functions as we like and their defining axioms being among the axioms of CZF. In particular we will assume that all those primitive recursive functions (and their defining axioms) required for introducing Kleene’s T –predicate and the pertinent evaluation function U are part of CZF. As usual we define

{x}(y) ' z := x, y, z ∈ ω ∧ ∃v ∈ ω[T (x, y, v) ∧ U(v) = z].

7Uniqueness is proved in [TD 88] Ch. 11, 8.3.

14 We shall assume that CZF has a constantn ¯ for each (meta) natural number n which names the nth numeral, i.e. the nth element of ω. We are going to translate App(x, y, z) as {x}(y) ' z. Particular ˆ ˆ numerals sˆN, pˆN, k, ˆs, d, pˆ0, pˆ1 can be determined to satisfy (provably in CZF) the translation of the applicative axioms pertaining to the constants sN, pN, k, s, d, p0, p1 of T0. N is translated as Nˆ := ω. Select cˆn,ˆj,ˆi in such a way so that h i CZF ` ∀x, y ∈ ω cˆn(x) ' (1¯, n,¯ x) ∧ {ˆj}(x, y) ' (2¯, x, y) ∧ {ˆi}(x, y) ' (3¯, x, y) , where (x, y) := {{pˆ}(x)} (y) and (x, y, z) := ((x, y), z). By Proposition 1.4, ECA can be finitely axiomatized, say via the instances £ ¤ ∀A, B, C ∀x, y, z ∃X cφi (x, y, z, A, B, C) ' X ∧ ∀u(u ε X ↔ φi(u, x, y, z, A, B, C)) , where 1 ≤ i ≤ M for some M. We are now in a position to define a class model for T0 in CZF + REA. Since in constructive set theory the ordinals are not at all as well behaved as they are classically, we cannot define this model by recursion along the ordinals as in [F 75], Theorem 1.1. Instead, we shall define it by recursion on the transitive closure along all sets, thereby employing Proposition 2.3.

Definition 3.5 For each set s, sets Es and CLs are defined by TC–recursion as follows: [ CL

CLs = CL

hu, ai ∈ Es iff either of the following holds:

1. hu, ai ∈ E

3. a '{cˆφi }(x, y, z, b, c, d) with b, c, d ∈ CL

4. a '{ˆj}(b, f) with b ∈ CL

15

Lemma 3.6 If a ∈ CLs ∩ CLt, then {u : uEsa} = {u : uEta}. The proof of 3.6 requires another lemma.

Lemma 3.7 Let e ∈ CLz. Then

1. e '{cˆφi }(x, y, z, a, b, c) → a, b, c ∈ CL

2. e '{ˆj}(a, f) → a ∈ CL

3. e '{ˆi}(a, b) → a, b, ∈ CL

Proof of 3.6: We use ∈-induction on s. Set Ez(a) = {u : uEza}. If a ∈ CL

Corollary 3.8 If a ∈ CLs, then {u : uEsa} = {u : uEa}. 2

In view of 3.8 and 3.5(3) it is clear that the interpretation renders the elementary comprehension axioms true. As to Join, suppose a ∈ CL and ∀x[xEa → {f}(x) ∈ CL]. Then there exists s so that a ∈ CLs and ∀x ∈ Es(a) ∃z [{f}(x) ∈ CLz]. Using Strong Collection we find a t such that 0 ∀x ∈ Es(a) ∃z ∈ t [{f}(x) ∈ CLz], and hence ∀x ∈ Es(a) {f}(x) ∈ CL

Employing 3.6, this yields h i ∀u uE{ˆj}(a, f) ⇐⇒ ∃u0∃u1(u ' (u0, u1) ∧ u1E{f}(u0)) , confirming the faithfulness of our translation with regard to Join. For Inductive Generation suppose

16 according to 3.5.5. Therefore, using 3.6 and 3.8, we have h i ∀u uE{ˆi}(a, b) ⇐⇒ u ∈ WF(aE, bE) , where aE = {x : xEa} and bE = {hx, yi :(x, y)Eb}. Consequently, by 3.4, we come to see that the interpretation also preserves the axiom of Inductive Generation.

Theorem 3.9 T0 can be interpreted in CZF + REA. 2

4 Interpretation of ML1V in KP

ML1V is the extension of ML1 with Aczel’s set of iterative sets V (cf. [A 78]). The rules pertaining to V are:8 (V–formation) V set A ∈ U f ∈ A → V (V–introduction) sup(A, f) ∈ V [A ∈ U, f ∈ A → V] [z ∈ (Πv ∈ A)C(f(v))] c ∈ V d(A, f, z) ∈ C(sup(A, f)) (V–elimination) TV(c, (A, f, z)d) ∈ C(c) [A ∈ U, f ∈ A → V] [z ∈ (Πv ∈ A)C(f(v))] B ∈ U g ∈ B → V d(A, f, z) ∈ C(sup(A, f)) (V–equality) . TV(sup(B, g), (A, f, z)d) = d(B, g, (λv)TV(g(v), (A, f, z)d)) ∈ C(sup(B, g)) KP stands for Kripke–Platek set theory which we shall assume to contain the axiom of infinity. As usual in set theory we identify the natural numbers with the finite ordinals, i.e. N := ω. To simplify the treatment we will assume that KP has names for all (meta) natural numbers. Let n¯ be the constant designating the nth natural number. We also assume that KP has function symbols for addition and multiplication on N as well as for a primitive recursive bijective pairing 2 function h, iN : N → N and its primitive recursive inverses ( )0, ()1, that satisfy (hn, miN)0 = n and (hn, miN)1 = m. KP should also have a symbol T for Kleene’s T -predicate and the result extracting function U. Let {e}(n) ' k be a shorthand for ∃m[T (e, n, m) ∧ U(m) = k]. Further, let hn, m, kiN := hhn, miN, kiN, hn, m, k, liN := hhn, m, kiN, liN, etc. We use e, d, f, n, m, l, k, s, t, j, i as metavariables for natural numbers. Occasionally, “ ⇒ ” is used for “then” and “ ⇔ ” for “iff”. Let π(n, m) = h0, hn, miNiN σ(n, m) = h1, hn, miNiN pl(n, m) = h2, hn, miNiN i(n, m, k) = h3, hn, m, kiNiN Nˆ = h4, 0iN Nˆk = h4, k + 1iN sup(n, m) = h5, hn, , iNmiN

8To increase readability and intelligibility, we will use the formulation ´ala Russel for type theories with universes (cf. [ML 84]).

17 Definition 4.1 By Σ recursion (cf. [Ba 75],I.6.4) along the ordinals we define simultaneously α α seven relations R1 ,...,R7 on N. To increase intelligibility, we shall write α Uα|=n set for R1 (n) α Uα|=n ∈ m for R2 (n, m) α Uα|=n = m ∈ k for R3 (n, m, k) α Uα|=n = m for R4 (n, m) α Uα|=“f is a family of types over k” for R5 (f, k) α Vα|=k set for R6 (k) α Vα|=n = m for R7 (n, m)

0 0 α S β If α = 0, then R1 = ··· = R7 = ∅. If α is a limit, then Ri = β<α Ri for i = 1,..., 7. The clauses in the definition for successors are as follows: (i) Uα+1 |= h4, ji set iff j ∈ N

Uα+1 |= m ∈ h4, ji iff j = 0 ∨ m + 1 < j

Uα+1 |= n = m ∈ h4, ji iff n = m ∧ Uα+1 |= n ∈ h4, ji.

(ii) If Uα |= k set, ∀j[ Uα |= j ∈ k ⇒ Uα |= {e}(j) set] and ∀j, i[ Uα |= i = j ∈ k ⇒ Uα |= {e}(i) = {e}(j)], then

Uα+1 |=“ e is a family of types over k”.

(iii) If Uα |= “ e is a family of types over k”, then Uα+1 |= π(k, e) set, Uα+1 |= σ(k, e) set and

Uα+1 |= n ∈ π(k, e) iff ∀i ( Uα |= i ∈ k ⇒ Uα |= {n}(i) ∈ {e}(i)) and

∀i, j [ Uα |= i = j ∈ k ⇒ Uα |= {n}(i) = {n}(j) ∈ {e}(i)]

Uα+1 |= n = m ∈ π(k, e) iff Uα+1 |= n ∈ π(k, e) and Uα+1 |= m ∈ π(k, e) and

∀j [ Uα |= j ∈ k ⇒ Uα |= {n}(j) = {m}(j) ∈ {e}(j)]

Uα+1 |= n ∈ σ(k, e) iff Uα |= (n)0 ∈ k and Uα |= (n)1 ∈ {e}((n)0)

Uα+1 |= n = m ∈ σ(k, e) iff Uα+1 |= n ∈ σ(k, e) and Uα+1 |= m ∈ σ(k, e) and

Uα |= (n)0 = (m)0 ∈ k and Uα |= (n)1 = (m)1 ∈ {e}((n)0).

(iv) If Uα |= n set and Uα |= m set, then Uα+1 |= pl(n, m) set and

Uα+1 |= i ∈ pl(n, m) iff [(i)0 = 0 and Uα |= (i)1 ∈ n] or

[(i)0 = 1 and Uα |= (i)1 ∈ m]

Uα+1 |= i = j ∈ pl(n, m) iff [(i)0 = (j)0 = 0 and Uα |= (i)1 = (j)1 ∈ n] or

[(i)0 = (j)0 = 1 and Uα |= (i)1 = (j)1 ∈ m].

(v) If Uα |= n set, then Uα+1 |= i(n, m, k) set and

Uα+1 |= s ∈ i(n, m, k) iff s = 0 and Uα |= m = k ∈ n, 0 0 Uα+1 |= s = s ∈ i(n, m, k) iff s = s = 0 and Uα |= m = k ∈ n.

18 (vi) Uα+1 |= e = f iff Uα |= e set, Uα |= f set, ∀s( Uα |= s ∈ e ⇔ Uα |= s ∈ f) and ∀s, t( Uα |= s = t ∈ e ⇔ Uα |= s = t ∈ f).

(vii) If Uα |= k set, ∀s[ Uα |= s ∈ k ⇒ Vα |= {f}(s) set] and ∀s, t [ Uα |= s = t ∈ k ⇒ Vα |= {f}(s) = {f}(t)] , then Vα+1 |= sup(k, f) set.

(viii) Vα+1 |= sup(k, f) = sup(n, e) iff Vα+1 |= sup(k, f) set, Vα+1 |= sup(n, e) set, Uα |= k = n and ∀s [ Uα |= s ∈ k → Vα |= {f}(s) = {e}(s)].

Lemma 4.2 If α ≤ β and Uα |= k set, then the following hold true:

1. Uβ |= k set;

2. ∀n( Uα |= n ∈ k ⇔ Uβ |= n ∈ k);

3. ∀n, m( Uα |= n = m ∈ k ⇔ Uβ |= n = m ∈ k);

4. If Uα |= n = m, then Uβ |= n = m;

5. If Uα |=“f is a family of types over n”, then Uβ |=“f is a family of types over n”;

6. If Vα |= n set, then Vβ |= n set;

7. If Vα |= n = m, then Vβ |= n = m. Proof : One must prove all the assertions simultaneously by induction on β. Trivial, but lengthy. 2

Definition 4.3 The previous lemma justifies the next definition.

U |= k set := ∃α Uα |= k set V |= k set := ∃α Vα |= k set U |= n = m := ∃α Uα |= n = m V |= n = m := ∃α Vα |= n = m U |= “f is a family of types over n” := ∃α Uα |= “f is a family of types over n”.

Proposition 4.4 The clauses (i)-(viii) of Definition 4.1 hold true with Uα and Uα+1 being replaced with U as well as Vα and Vα+1 being replaced with V. Proof : This is an outgrowth of 4.2. As an example we shall verify (ii). The proofs for the other clauses£ being similar. So suppose U |= k set, ∀¤j ∈ N[ U |= j ∈ k ⇒ U |= {e}(j) set], and ∀j, i ∈ N U |= i = j ∈ k ⇒ U |= {e}(i) = {e}(j) . We are to show U |=“f is a family of types over n”. Pick α such that Uα |= k set. By 4.2 we obtain ∀j ∈ N[ U |= j ∈ k ⇔ Uα |= j ∈ k] and ∀i, j ∈ N[ U |= i = j ∈ k ⇔ Uα |= i = j ∈ k]. Therefore

∀j ∈ N∃β[ Uα |= j ∈ k ⇒ Uβ |= {e}(j) set], ∀j, i ∈ N∃β[ Uα |= i = j ∈ k ⇒ Uβ |= {e}(i) = {e}(j)]. Thus, using Σ–Reflection (cf. [Ba 75],I.4.3), there exists a δ > α such that

∀j ∈ N∃β < δ[ Uα |= j ∈ k ⇒ Uβ |= {e}(j) set], ∀j, i ∈ N∃β < δ[ Uα |= i = j ∈ k ⇒ Uβ |= {e}(i) = {e}(j)].

19 Employing 4.2 it follows Uδ |= k set and

∀j ∈ N[ Uδ |= j ∈ k ⇒ Uδ |= {e}(j) set] and ∀j, i ∈ N[ Uδ |= i = j ∈ k ⇒ Uδ |= {e}(i) = {e}(j)].

Hence Uδ+1 |=“ e is a family of types over k” according to 4.1(ii). Thus U |=“e is a family of types over k.” 2

In order to define its interpretation in KP, we need a detailed account of the syntax of ML1V. Here we will follow [Be 85], Ch. XI; however, for the readers convenience, we shall recall most of the definitions. If B is any expression, and x1, . . . , xn are variables, we form the expression (x1, . . . , xn)B. The 4 symbol ≡ will be used for the relation on expressions satisfying

4 ((x1, . . . , xn)B)(x1, . . . , xn) ≡ B

4 and A ≡ C for expressions A and C which differ only in the renaming of bound variables (cf. [Be 85],XI6).

Definition 4.5 (cf. [Be 85],XI20.3) The constants of ML1V are: Π, Σ, I, +, N, 0, sN,r,λ, ap, E, i,j,D, J,R,TV,U,V and for each natural number m, Nm and Rm. The terms are generated by: 1. Every constant and variable is a term;

2. If t and s are terms, then t(s) and (t, s) are terms;

3. If t is a term, then (x1, . . . , xn)t is a term, where the xi are variables. Free and bound occurrences of variables in terms are defined as usual, letting abstraction, i.e. the formation of (x1, . . . , xn)t bind the variables x1, . . . , xn. We now would like to assign to every term t of ML1W a corresponding term tˆ of the theory KP by replacing the abstract application of ML1W with recursive application. However, the technicality here is that recursive application cannot be expressed on the level of terms within KP. Therefore, we first assign to every term t ∗ of ML1W an application term t of the theory EON of [Be 85],VI.2 or equivalently of the theory APP as described in [TD 88],Ch.9,Sect.3. It is then a straightforward matter to translate a formula of the form t∗ ∈ X into a legitimate formula of KP.

Definition 4.6 The theory EON consists of T0 without classification variables and without the constants cn, i, j. In particular, EON has no axioms ECA, (IG), (J). Note that t he Abstraction Lemma 1.5 and the Recursion Theorem 1.6 are also theorems of EON. Both devices will be used in the next definition.

∗ Definition 4.7 We now assign to each term t of ML1V an application term t of the theory EON. Occurrences of λ in the definition of t∗ denote the λ-operator introduced in 1.5. We shall write ∗ (x, y) for pxy and, inductively, x1, . . . , xk+1 for p(x1, . . . , xk)xk+1. For constants c we define c by:

20 0∗ is 0 Π∗ is λx.λy.(0, x, y) Σ∗ is λx.λy.(1, x, y) +∗ is λx.λy.(2, x, y) I∗ is λx.λy.(3, x, y, z) N∗ is (4, 0) ∗ Nk is (4, k + 1) U∗ is (6, 0) V∗ is (7, 0) ∗ sN is sN r∗ is 0 λ∗ is λx.x (i.e. skk) ap∗ is λx.λy.xy sup∗ is λx.λy.(5, x, y) ∗ E is λx.λy.y(p0x, p1x) i∗ is λx.(0, x) j∗ is λx.(1, x) ∗ D is λx.λy.λz(0, p0x, y(p0x), z(p1x)) J∗ is λx.λy.y ∗ Rk is λm.λx0 ··· λxk−1.ek(m, x0, . . . , xk − 1), where ek is chosen so that EON proves ½ x if m < k e (m, x , . . . , x − 1) ' m k 0 k Ω otherwise,

where Ω := λx.xx(λx.xx) (signifying undefinedness). R∗ is an application term of EON in- troduced by the Recursion Theorem (cf. 1.6) to satisfy (provably in EON) R∗(a, b, 0) = a and ∗ ∗ ∗ R (a, b, sNx) ' b(x, R (a, b, x)). TV is a term introduced by the recursion theorem of EON to satisfy

∗ ∗ ∗ ∗ TV(sup (a, b), λx.λy.λz.e(x, y, z)) ' e(a, b, (λx.x)(λv.TV(ap (b, v)), λx.λy.λz.e(x, y, z))).

For complex terms of ML1V we define:

∗ ∗ ((x1, . . . , xn)t) is λx1 ··· λxn.t ; (t(s))∗ is t∗s∗; (t, s)∗ is pt∗s∗.

Definition 4.8 Rather than translating application terms of EON into the set–theoretic language of KP, we define the translation of expressions of the form t ' u, where t is an application term of ¯ ¯ EON and u is a variable. First, we select indices k, ¯s, p¯, p¯0, p¯1, ¯sN, p¯N and d for partial recursive functions so that:

21 {{k¯}(n)}(m) ' n {{{¯s}(n)}(m)}(l) ' {{n}(l)}({m}(l)) n m {{p¯}(n)}(m) ' 2 · 3 = hn, miN {p¯0}(n) ' (n)0 {p¯1}(n) ' (n)1 {¯sN}(n) ' n + 1 {p¯N}(0) ' 0 {p¯N}(n + 1) ' n½ x if n = m {{{{d¯}(n)}(m)}(x)}(y) ' y if n 6= m The definition of (t ' u)∧ proceeds along the way that t was built up. (v ' u)∧ is v = u ∧ v ∈ ω if v is a variable; (0 ' u)∧ is 0 = u; ∧ (c ' u) is c¯ = u if c is one of the constants k, s, p, p0, p1, sN, pN, d. A complex application term of EON has the form ts.Let

(ts ' u)∧ := ∃x, y ∈ ω[(t ' x)∧ ∧ (s ' y)∧ ∧ {x}(y) ' u].

EON is interpreted in KP by setting

(App(s, t, r))¦ := ∃u ∈ ω [(st ' u)∧ ∧ (r ' u)∧] (s = t)¦ := ∃u ∈ ω [(s ' u)∧ ∧ (t ' u)∧] (s ∈ N)¦ := ∃u ∈ ω [(s ' u)∧] (φ2ψ)¦ := φ¦2ψ¦ (2 ∈ {∧, ∨, →}) (∀xφ(x))¦ := ∀x ∈ ω φ(x)¦.

Definition 4.9 The set terms of ML1V are defined inductively by

1. N and Nk are set terms (for each integer k); 2. If A and B are set terms, so is (A+B); 3. IF B(x) and A are set terms, and x is not free in A or in B, then Π(A, B) and Σ(A, B) are set terms;

4. If A is a set term and t, s are any terms of ML1V, then I(A, s, t) is a set term; 5. U and V are set terms;

4 6. If A is a set term and B ≡ A, then B is a set term.

Definition 4.10 (Interpretation of ML1V in KP) By induction on the complexity of the set term A we shall assign to each judgement Φ of ML1V of the form u ∈ A or u = v ∈ A (u, v variables) a formula (Φ)∧ of KP with the same free variables. (ux ∈ A)∧ and (ux = uy ∈ A)∧ will be used as shorthand for ∃z ∈ ω[{u}(x) ' z ∧ (z ∈ A)∧] and ∃z ∈ ω[{u}(x) ' z ∧ {u}(y) ' z ∧ (z ∈ A)∧], respectively. Likewise, (u ∈ A(vx))∧ abbreviates ∃z ∈ ω[{v}(x) ' z ∧ (u ∈ A(z))∧], etc. The clauses in the definition are as follows:

22 (u ∈ Π(A, B))∧ is ∀x ∈ ω[(x ∈ A)∧ → (ux ∈ B(x))∧] ∧ ∀x, y ∈ ω[(x = y ∈ A)∧ → (ux = uy ∈ B(x))∧] (u = v ∈ Π(A, B))∧ is ∀x ∈ ω[(x ∈ A)∧ → (ux = vx ∈ B(x))∧] ∧ (u ∈ Π(A, B))∧ ∧ (v ∈ Π(A, B))∧ ∧ ∧ ∧ (u ∈ Σ(A, B)) is (p¯0u ∈ A) ∧ (p¯1u ∈ B(p¯0u)) ∧ ∧ ∧ (u = v ∈ Σ(A, B)) is (p¯0u = p¯0v ∈ A) ∧ (p¯1u = p¯1v ∈ B(p¯0u)) ∧ ∧ ∧ (u ∈ (A+B)) is [p¯0u = 0 ∧ (p¯1u ∈ A) ] ∨ [p¯0u = 1 ∧ (p¯1u ∈ B) ] ∧ ∧ (u = v ∈ (A+B)) is [p¯0u = 0 ∧ p¯0v = 0 ∧ (p¯1u = p¯1v ∈ A) ] ∨ ∧ [p¯0u = 1 ∧ p¯0v = 1 ∧ (p¯1u = p¯1v ∈ B) ] (u ∈ I(A, b, c))∧ is u = 0 ∧ (b = c ∈ A)∧ (u = v ∈ I(A, b, c))∧ is u = 0 ∧ v = 0 ∧ (b = c ∈ A)∧ (u ∈ N)∧ is u ∈ ω (u = v ∈ N)∧ is u = v ∧ u ∈ ω ∧ ¯ (u ∈ Nk) is u ∈ ω ∧ u ∈ k ∧ ¯ (u = v ∈ Nk) is u ∈ ω ∧ u = v ∧ u ∈ k (u ∈ U)∧ is U |= u set (u = v ∈ U)∧ is U |= u = v (u ∈ V)∧ is V |= u set (u = v ∈ V)∧ is V |= u = v

If s and t are arbitrary terms of ML1V and A is a set term of ML1V, we set:

(t ∈ A)∧ is ∃u ∈ ω[(t∗ ' u)∧ ∧ (u ∈ A)∧], (s = t ∈ A)∧ is ∃u, v ∈ ω[(s∗ ' u)∧ ∧ (t∗ ' v)∧ ∧ (u = v ∈ A)∧].

For set terms A and B we define (A = B)∧ by

∀u ∈ ω[(u ∈ A)∧ ↔ (u ∈ B)∧] ∧ ∀u, v ∈ ω[(u = v ∈ A)∧ ↔ (u = v ∈ B)∧].

Theorem 4.11 (Soundness of the Interpretation of ML1V in KP.) If Φ is a judgement of ML1V not of the form “A set,” then KP ` (Φ)∧. Proof : First note that if an expression of the form A set, s ∈ A, s = t ∈ A, or A = B appears in a derivation of ML1V, then A is a set term in the sense of Definition 4.9, as is readily seen by 9 induction on derivations in ML1V. This ensures that any judgement of ML1V gets translated under ∧. Secondly, it should be clear that the above interpretation replaces the abstract application of ML1V by recursive application in a faithful way, i.e. the equations which the rules of ML1V prescribe for the constants of ML1V are satisfied by their translations. Since ML1V derivations may involve hypothetical judgements, 4.11 has to be stated in a more general form so as to be able to carry out the proof by induction on derivations in ML1V. For the details we refer to

9Incidentally, there are more set terms than those that appear in such derivations.

23 [Be 85],XI.20.3.1, where this is done for the interpretation of ML0 in EON. Proposition 4.4 yields that the particular rules for U are sound with respect to the interpretation ∧. The soundness of V–introduction is implied by 4.4(vii). Next we shall verify the soundness of V–elimination. To facilitate the writing we shall write ψ(t) in place of ∃u[(t ' u)∧ ∧ ψ(u)], when t is a term of EON and ψ(u) a set-theoretic formula. Suppose V |= c0 set and , for all a, f, g ∈ ω, if

U |= a set, (4) ∀n ∈ ω[ U |= n ∈ a → V |= {f}(n) set], ∀n, m ∈ ω[ U |= n = m ∈ a → V |= {f}(n) = {f}(m)], ∀n ∈ ω[ U |= n ∈ a → φ({g}(n), {f}(n))], then ¡ ¢ φ d∗(a, f, g), sup∗(a, f) ,

10 where d(x¡1, x2, x3) is a term of ML1V and ¢φ(u, v) an arbitrary set-theoretic formula. We want ∗ to show φ (TV(y, (x1, x2, x3)d(x1, x2, x3))) , y [c0/y], that is to say

¡ ∗ ∗ ∗ ¢ φ TV(c0, λx1.λx2.λx3.d (x1, x2, x3)) , c0 .

As Vα |= c0 set for some α, we may proceed by induction on α. Vα |= c0 set implies that there are β < α and a0, f0 such that

∗ c0 = sup(a0, f0) = sup (a0, f0), (5)

Uβ |= a0 set,

∀n ∈ ω[ U |= n ∈ a0 → Vβ |= {f0}(n) set],

∀n, m ∈ ω[ U |= n = m ∈ a0 → Vβ |= {f0}(n) = {f0}(m)].

The inductive assumption then yields

£ ∗ ∗ ¤ ∀n ∈ ω U |= n ∈ a0 → φ(TV({f0}(n), λx1.λx2.λx3.d (x1, x2, x3)), {f0}(n)) ; hence,

£ ∗ ∗ ∗ ¤ ∀n ∈ ω U |= n ∈ a0 → φ((λ λv.TV(v, λx1.λx2.λx3.d (x1, x2, x3)))(n), {f0}(n)) .

Employing this and (5), the general assumption (4) yields

∗ ∗ ∗ ∗ ∗ φ(d (a0, f0, λ (λv.TV(v, λx1.λx2.λx3.d (x1, x2, x3))), sup (a0, f0))),

∗ ∗ ∗ where g corresponds to λ (λv.TV(v, λx1.λx2.λx3.d (x1, x2, x3))). In view of the translation of ∗ TV under , the latter is equivalent to

∗ ∗ ∗ ∗ φ(TV(sup (a0, f0), λx1.λx2.λx3.d (x1, x2, x3)), sup (a0, f0)), and thus ∗ ∗ φ(TV(c0, λx1.λx2.λx3.d (x1, x2, x3)), c0)

10 ∗ ∗ To be precise, d (a, f, g) is short for (d(x1, x2, x3)) [a/x1, f/x2, g/x3].

24 ∗ since c0 = sup (a0, f0). 2

The preceding proof also yields the soundness of V–equality. Type theories with a universe U lend themselves to a natural strengthening by the principle of U–induction. U–induction was employed by Aczel ([A 82],[A 86]) for the interpretation of certain presentation axioms in type theory.

Definition 4.12 The rule of U–induction formalizes that the universe U is inductively defined. To put this rule on paper we resort to linear notation; the judgements to the right within brackets are discharged assumptions.

Set C(z)[z ∈ U] a0 ∈ U

dN0 ∈ C(N0)

dN1 ∈ C(N1) dN ∈ C(N) dΠ(A, F, c, e) ∈ C(Π(A, F ))[A ∈ U,F ∈ A → U, c ∈ C(A), e ∈ Π(A, F )] dΣ(A, F, c, e) ∈ C(Σ(A, F ))[A ∈ U,F ∈ A → U, c ∈ C(A), e ∈ Σ(A, F )] d+(A, B, c, d) ∈ C(A + B)[A ∈ U,B ∈ U, c ∈ C(A), d ∈ C(B)] dI (A, c, a, b) ∈ C(I(A, a, b))[A ∈ U, c ∈ C(A), a ∈ A, b ∈ A]

TU(a0, dN0 , dN1 , dN , (A, F, c, e)dΠ, (A, F, c, e)dΣ, (A, B, c, d)d+, (A, B, a, b)dI ) ∈ C(a0)

If hU(a0) denotes the term to the left of C(a0), the equality rules are given by (where (λx)t := λ((x)t))

hU(Ni) = dNi hU(N) = dN hU(Π(A, F )) = dΠ(A, F, hU(A), (λx)hU(F (x))) hU(Σ(A, F )) = dΣ(A, F, hU(A), (λx)hU(F (x))) hU(A + B) = d+(A, B, hU(A), hU(B)) hU(I(A, a, b)) = dI (A, hU(A), a, b). The language of type theories with U–elimination needs a little adjustment in that we would rather ∗ consider N2, N3,... as defined by N2 := N1 + N1, N3 := N1 + N2, etc. The assignment of 4.7 ∧ and the interpretation of 4.10 can be extended so as to accommodate the constant TU. More ∗ precisely, there is a term TU of EON such that, using the abbreviations λ~x := λx1.λx2.λx3 and ∗ H(a) := TU(a, d0, d1, d2, λ~x.f, λ~x.g, λ~x.h, λ~x.l) we can prove in EON plus ∀x (x ε N) that   d0 if a = (4, 1)   d1 if a = (4, 2)   d2 if a = (4, 0)  f(a , a ,H(a ), (λx.x)(λu.H(a (u)))) if a = (0, (a , a )) H(a) ' 1 2 1 2 1 2  g(a , a ,H(a ), (λx.x)(λu.H(a (u)))) if a = (1, (a , a ))  1 2 1 2 1 2  h(a , a ,H(a ),H(a )) if a = (2, (a , a ))  1 2 1 2 1 2  l(a ,H(a ), a , a ) if a = (3, (a , a , a ))  1 1 2 3 1 2 3 Ω if else. ∗ The definition of TU uses the Recursion Theorem 1.6 and definition by cases, which is justified under the assumption ∀x(x ε N) (cf. [Be 85],XI.2). Note that (∀x(x ε N))¦ is derivable in KP and thus KP ` ψ¦ holds for any theorem ψ of EON + ∀x(x ε N).

25 ∧ Theorem 4.13 ML1V+U–induction is interpretable in KP via . Proof : The soundness of U–introduction under ∧ follows readily by induction on the stages of the relation U |= n set. 2

Theorem 4.14 The following theories have the same proof–theoretic strength:

i KP, ID, ML1V, ML1V , ML1W + U–induction, ML1V + U–induction, CZF, CZF minus Subset Collection, CZF + DC + ΠΣI − AC + ΠΣI − PA.

i Here ML1V denotes an intensional version of ML1V as described in [TD 88], Ch.11, Sect. 8. The choice principles DC (Dependent choices), ΠΣI − AC (ΠΣI− axiom of choice), and ΠΣI − PA (ΠΣI−presentation axiom) have been isolated in [A 82]. Proof : We use T,→ T 0 to mean that T is interpretable in T 0. T ≡ T 0 is used to signify proof– theoretic equivalence. Let IDi denote the intuitionistic theory of noninterated inductive definitions. It is an old result that IDi ≡ ID (cf. [BFPS 81]). Moreover, from [J 82] it follows that ID ≡ KP. Drawing on Lemma 3.1, which shows how to formalize inductive definitions in CZF, we can consider IDi as a subtheory of CZF, thus IDi ,→ CZF. On closer scrutiny we observe that Subset Collection was not used in the proof of Lemma 3.1. Whence IDi is already interpretable in CZF minus Subset Collection. i i By [TD 88], Ch. 11, Sect. 8 we get CZF ,→ ML1V . Furthermore, ML1V is a subtheory of ML1V, and [P 93] provides an interpretation of ML1V in ML1 + U–induction. From [A 82] we obtain an interpretation of CZF+DC+ΠΣI − AC+ΠΣI − PA in ML1V+U–induction. Finally, as ML1V+U–induction is interpretable in KP, by Theorem 4.13, the proof–theoretic equivalence of all the theories follows. 2

5 Interpretation of ML1WV in KPi

Before we determine an upper bound for the strength of ML1W, we shall investigate a weaker theory ML1WV that allows W–formation only for small types. We take interest in this theory since it 1 has the same strength (as we will show) as some well–known classical theories like ∆2– CA + BI and permits us to determine the exact strength of Aczel’s constructive set theory CZF + REA.

Definition 5.1 ML1WV results from ML1W by omitting the rule of W–formation and adding the rules pertaining to V, i.e. V–formation, V–introduction, V–elimination, and V–equality.

Remark 5.2 First, notice that ML1WV still allows one to derive restricted W–formation, i.e. [x ∈ A] A ∈ U F (x) ∈ U (res–W–formation) , W(A, F ) set as U–introduction provides [x ∈ A] A ∈ U F (x) ∈ U W(A, F ) ∈ U

26 and U–formation gives W(A, F ) ∈ U W(A, F ) set.

Secondly, observe that ML1WV can be viewed as a subtheory of ML1W by letting V := (WX ∈ U).X. Close inspection of the proofs in [A 86] reveals the following results.

Proposition 5.3

1. CZF+DC+REA+ΠΣI − AC is interpretable (via Aczel’s interpretation) in ML1WV.

11 2. If U–induction is added to ML1WV, then also the principle ΠΣI − PA is true under this interpretation. 2

1 Corollary 5.4 The proof-theoretic strength of ML1WV is at least that of ∆2– CA + BI.

Proof : This follows from Theorem 3.9 and Proposition 5.3 as T0 has the same strength as 1 ∆2– CA + BI, employing [JP 82] and [J 83]. 2

The remainder of this section is devoted to interpreting ML1WV in an extension of KP.

Definition 5.5 By KPi we denote the theory that entails KP and has an axiom INACCr signifying that for each set there is an admissible set that contains it.

1 Remark 5.6 According to [JP 82], KPi has the same proof–theoretic strength as ∆2– CA + BI. In actuality, both theories prove the same statements of second order arithmetic.

Lemma 5.7 (KPi) (∆0 positive inductive definitions) Let φ(u, x, a1, . . . , an) be a ∆0 formula with free variables among those shown such that each occurrence of x in φ is positive. Set Γφ,~a,b(x) = {u ∈ b : φ(u, x, a1, . . . , an)}. Let F be the function defined by ∆ recursion along the ordinals satisfying [ F (α,~a,b) = Γφ,~a,b( {F (β,~a,b): β < α}). S Finally, put Iφ,~a,b = {F (α,~a,b): α ∈ ON}. Then Iφ,~a,b is a set. We say that Iφ,~a,b is the set inductively defined by φ in the parameters ~a,b. Iφ,~a,b is closed under Iφ,~a,b, i.e. Γφ,~a,b(Iφ,~a,b) ⊆ Iφ,~a,b. Moreover, the assignment of Iφ,~a,b to each set ~a,b is ∆ definable. S Proof : Select an admissible set A such that ~a,b ∈ A . Let IA = {F (ξ,~a,b): ξ ∈ A }. Note that IA is Σ–definableS over A as A is admissible. We show F (α,~a,b) ⊆ IA by transfiniteS induction on α. Suppose {F (β,~a,b): β < α} ⊆ IA . Now if u ∈ F (α,~a,b), then u ∈ b and φ(u, {F (β,~a,b): β < α},~a). Thus φ(u, IA ,~a) as positivity entails monotonicity. This yields A |= φ(u, ∃β[· ∈ F (β)],~a),

11 Here U—induction has to be adapted to ML1WV in the obvious way: add

dW(A, F, c, e) ∈ C(W(A, F ))[A ∈ U,F ∈ A → U, c ∈ C(A), e ∈ W(A, F )] to the hypotheses of the rule in Definition 4.12 and augment the function TU by the argument (A, F, c, e)dW. As to equality, we have to add hU(W(A, F )) = dW(A, hU(A), (λx)hU(F (x))).

27 where the latter formula arises from φ(u, x,~a) by replacing each occurrence of v ∈ x in φ by ∃β[v ∈ F (β)]. Since the occurrences of x are all positive, φ(u, ∃β[· ∈ F (β)],~a) becomes a Σ formula. Hence, applying Σ reflection in A (cf. [Ba 75],I.4.3), there is a δ in A such that

A |= φ(u, ∃β < δ[· ∈ F (β)],~a), yielding u ∈ F (δ,~a,b) ⊆ IA . Thus we have shown IA = Iφ,~a,b, confirming that Iφ,~a,b is a set. The above proof also shows that Γφ,~a,b(IA ) ⊆ IA , so Iφ,~a,b is closed under Γφ,~a,b. Moreover we have [ y = Iφ,~a,b iff ∃A [“A is admissible” ∧ ~a,b ∈ A ∧ y = {F (ξ,~a,b): ξ ∈ A }], showing that the class function (~a,b 7→ Iφ,~a,b) is Σ and therefore also ∆ definable. 2

Definition 5.8 (KPi) Next we want to extend the inductive definition of U and V of Definition 4.1 so as to allow for an interpretation of res–W–formation. To distinguish the new relations, W,α W,α W W say R1 ,...,R7 , from those in 4.1, we shall write Uα |= and Vα |= in place of Uα |= and W Vα |=, respectively. Let w(m, n) = h8, hn, miNiN. We now define the relations Uα |= n = m ∈ k, W W W W Uα |= n = m, Uα |= “f is a family of types over k”, Vα |= k set, and Vα |= n = m by the old clauses of the corresponding relations in Definitions 4.1, together with the new clauses: W W If Uα |= a set, and Uα |= “ e is a family of types over a ”, then W 1. Uα+1 |= w(a, e) set, W 2. Uα+1 |= x ∈ w(a, e) iff xSx, W 3. Uα+1 |= x = y ∈ w(a, e) iff xSy, where S is inductively defined (on N) by the rule:

W £ W ¤ Uα |= x = y ∈ a ∧ ∀i, j Uα |= i = j ∈ {e}(x) ⇒ {u}(i)S{v}(j) ⇒ sup(x, u)S sup(y, v).(6) Finally, define UW |= k set, VW |= k set, UW |= k = n, and VW |= k = n analogously to Definition 4.3. We are to justify that the preceding definition falls under the scope of Σ recursion (on the basis of KPi). However, this follows from Lemma 5.7 as S is inductively defined by a ∆0 formula in the W,α W,α parameters N,R1 ,...,R7 . 2

The analogues of Lemma 4.2 and Proposition 4.4 hold for the new relations. We shall verify that W the new relation U |= w(a, e) set provides for an interpretation of the W –type of ML1WV.

Lemma 5.9 (KPi) Suppose UW |= “e is a family of types over a”. ¡ ¢ (i) If UW |= n ∈ a and UW |= b ∈ {e}(n) → w(a, e) , 12 then UW |= sup(n, b) ∈ w(a, e).

W (ii) (w–induction)¡ If φ(u) is a set–theoretic¢ formula such that, for all x, b, it holds that U |= x ∈ a, UW |= b ∈ {e}(x) → w(a, e) and ∀m[ UW |= m ∈ {e}(x) ⇒ φ(m)] imply φ(sup(x, b)), then ∀n[ UW |= n ∈ w(a, e) ⇒ φ(n)]. ¡ ¢ 12{e}(n) → w(a, e) denotes π {e}(n), λx.w(a, e) , where λx.w(a, e) stands for {k¯}(w(a, e)). Note that {{k¯}(w(a, e))}(x) ' w(a, e).

28 W W W Proof : (i): Choose α such that Uα |= “e is a family of types£ over a”, Uα |= n ∈ a and Uα+1 |= W W W b ∈ ({e}(n) → w(a, e)). Then¤ Uα+1 |= w(a, e) setand ∀i, j Uα |= i = j ∈ {e}(n) ⇒ Uα+1 |= W {b}(i) = {b}(j) ∈ w(a, e) . Letting S be defined as in (6), the latter reads ∀i, j[ Uα |= i = j ∈ W {e}(n) ⇒ {b}(i)S{b}(j)], thus, since also Uα |= n = n ∈ a, the inductive definition of S entails W W sup(n, b)S sup(n, b), which means Uα+1 |= sup(n, b) ∈ w(a, e), and therefore U |= sup(n, b) ∈ w(a, e). W W (ii): Pick α such that Uα |= “ e is a family of types over a ” . Then Uα+1 |= w(a, e) set. Since all elements of w(a, e) are added at the same time as w(a, e) is declared a set, it suffices to show

W ∀n[ Uα+1 |= n ∈ w(a, e) ⇒ φ(n)]. (7) Again, let S be the relation from 5.8. (7) then reads: ∀n[nSn → φ(n)]. (8) We show (8) by induction on the way S was built up, which comes down to transfinite induction W on the ordinals. Assume nSn. Then n = sup(x, u) for some x, u ∈ N, Uα |= x = x ∈ a, and ∀i, j[i = j ∈ {e}(x) ⇒ {u}(i)S{u}(j)]. (9) Thus, inductively we may assume

£ W ¤ ∀i Uα |= i ∈ {e}(x) ⇒ φ({u}(i)) . (10) Moreover, by (9), we also have UW |= u ∈ ({e}(x) → w(a, e)). (11) Employing (10) and (11), and the assumption on φ, we get φ(sup(x, u)), thus φ(n). 2

Definition 5.10 (Interpretation of ML1WV in KPi) By now it should be obvious how to extend ∧ to an interpretation of ML1WV in KPi. First, note that ML1WV has the new constants W ∗ ∗ and TW that need to be translated into terms of EON. Set W := λx.λy.(8, (x, y)) and let TW be determined by the recursion theorem of EON as to satisfy

∗ ∗ ∗ TW(sup (a, b), λ (λx1.λx2.λx3.d(x1, x2, x3))) ' ∗ ∗ ∗ ∗ d(a, b, λ (λv.TW(ap (b, v), λ (λx1.λx2.λx3.d(x1, x2, x3))))). To the definition of set terms in 4.9, the following clause has to be added: If B(x) and A are set terms, and x is not free in A or in B, then W(A, B), is a set term. The interpretation ∧ of 4.10 has to be complemented/changed as follows: (x ∈ W(A, B))∧ is ∃u[(W(A, B)∗ ' u)∧ ∧ UW |= x ∈ u] (x = y ∈ W(A, B))∧ is ∃u[(W(A, B)∗ ' u)∧ ∧ UW |= x = y ∈ u] (u ∈ U)∧ is UW |= u set (u = v ∈ U)∧ is UW |= u = v (u ∈ V)∧ is VW |= u set (u = v ∈ V)∧ is VW |= u = v

29 ∧ Theorem 5.11 If φ is a judgement of ML1WV not of the form “A set,” then KPi ` (Φ) . Proof : The soundness of the rules pertaining to W follows from Lemma 5.9 and the choice of ∗ TW, more precisely, U–introduction and U–elimination are taken care of by 5.9(i) and 5.9(ii), respectively. 2

In view of the inductive definition of UW |= n set, it is clear that the interpretation ∧ also validates U–induction in the form adapted to ML1WV.

Theorem 5.12 If Φ is a judgement of ML1WV+U–induction not of the form “A set”, then KPi ` (Φ)∧.

1 Theorem 5.13 The following theories ML1WV, ML1WV+U–induction, T0, ∆2– CA + BI, KPi CZF + REA CZF + REA minus Subset Collection and CZF + REA + DC + ΠΣI − AC + ΠΣI − PA are of the same proof–theoretic strength. Proof : This follows from 4.3, 5.4, 5.6, 5.11, 3.3 and 5.12. 2

6 The system ML1W

The system ML1WV has an inductive type that does not belong to U, i.e. the type V. Here the question arises whether V really contributes to the proof–theoretic strength of ML1WV.

Definition 6.1 We denote by ML1W the theory resulting from ML1WV by depriving it of the type V.

Since ML1V is considerably stronger than ML1 by [A 77] and Theorem 4.14, one might gather that this also holds true of ML1WV and ML1W. However, this is not the case. In this paper we have so far avoided advanced techniques from ordinal–theoretic proof theory and rather combined “soft” proof–theoretic methods (like interpreting a theory in another theory) with results from the literature, however, some of them heavily rely on ordinal analyses of theories. Notwithstanding that it would be possible to carry out well–ordering proofs for ordinal notation 1 systems in ML1W that would show ML1W to be of the strength of ∆2– CA + BI, we shall continue in using interpretations for determining the strength of ML1W. Unfortunately, the type V is of central importance in Aczel’s interpretation of CZF + REA in ML1WV. Our approach will therefore be to design an intuitionistic theory of second order arithmetic that is sufficient for carrying out the well–ordering proofs in [J 83] and can be interpreted in ML1W.

Definition 6.2 (The theory IARI) IARI is a theory in the language of second order arithmetic with set variables. The constants and function symbols are 0 (zero), S (successor), + (plus), · (times), and h , i, ()0, ()1 for an injective pairing function and its inverses. The only predicate symbol is = for equality on the natural numbers. The logical rules of IARI are those of intuitionistic second order arithmetic. The arithmetic axioms are the usual defining axioms for 0, S, +, · and ∀n∀m[(hn, mi)0 = n ∧ (hn, mi)1 = m]. Equality for sets will be considered a defined notion, that is to say X = Y := ∀n[n ∈ X ↔ n ∈ Y ].

30 In addition to the usual axioms for intuitionistic second order logic, axioms are (the universal closures of): 1. Induction: φ(0) ∧ ∀n[φ(n) → φ(n + 1)] → ∀nφ(n) for all formulae φ.

2. Arithmetic Comprehension Schema:

∃X∀n[n ∈ X ↔ ψ(x)]

for ψ arithmetical (parameters allowed).

3. Replacement: ∀X[∀n ∈ X∃ !Y φ(n, Y ) → ∃Z∀n ∈ X φ(n, (Z)n)]

for all formulas φ. Here φ(n, (Z)n) arises from φ(n, Z) by replacing each occurrence t ∈ Z in the formula by hn, ti ∈ Z. 4. Inductive Generation: £ ¤ ∀U∀X∃Y WPU (X,Y ) ∧ (∀n[∀k(k

for all formulas φ, where k

ProgU (X,Y ) ∧ ∀Z[ProgU (X,Z) → Y ⊆ Z]

with ProgU (X,Y ) being ∀n ∈ U[∀k(k

0 0 Remark 6.3 (IARI) Note that WPU (X,Y ) and WPU (X,Y ) imply Y = Y , i.e. ∀n(n ∈ Y ↔ 0 n ∈ Y ). Therefore, if WPU (X,Y ), then

∀n ∈ U[∀k

The latter principle will be referred to as “ induction over the well–founded part of

Proposition 6.4 (IARI) If WPU (X,Y ) and ∀n ∈ Y ∀W ∃!V ψ(n, W, V ), then there exists Z such that [ ∀n ∈ Y ψ(n, {(Z)k : k

Next we go about interpreting IARI in ML1W.

31 Definition 6.5 (Interpretation of IARI in ML1W) Terms. Each function symbol for an n-place primitive recursive function is interpreted as a function f ¦ ∈ N →n N in type theory, where N →0 X := N and N →n+1 X := N → (N →n X). We define ¦ s := (λx)sN(x), n ¦ (Pk ) := (λx1) ··· (λxn)xk, n ¦ k 0 k+1 k (Ck ) := (λx1) ··· (λxn)sN(0), ( where sN := 0; sN := ap(sN, sN)) n ¦ ¦ ¦ ¦ ((Subm)) [g, h1, . . . , hn] := (λx1) ··· (λxn)ap(g , ap(h1, x1, . . . , xn),..., ap(hm, x1, . . . , xn)) ¦ ¦ ¦ ((Recn[g, h])) := (λx1) ··· (λxn+1)R(xn+1, ap(g , x1, . . . , xn), (x, y)ap(h , x1, . . . , xn, x, y)). ¦ ¦ For terms we let 0 := 0, x := x if x is a numerical variable, and if t has the form f(t1, . . . , tn) let

¦ ¦ ¦ ¦ ¦ ¦ ¦ t := f (t1, . . . , tn) := ap(... ap(f , t1), . . . , tn).

It is obvious that we should interpret the numerical variables of IARI in type theory as ranging over N. It might be less obvious how to model the set variables of IARI. This is done by defining the weak power set of N , P(N), as the set of of predicates on N with truth conditions in the universe U, i.e. P(N) := N → U. For n ∈ N and X ∈ P(N), membership of n in X is defined by

n ∈˙ X := ap(X, n).

With this notion of power set, comprehension with respect to a property φ(n) ∈ U (n ∈ N) is immediate, by letting

{n ∈ N : φ(n)} := (λx)φ(x) ∈ P(N). (12)

The subset relation ( ⊂˙ ) and extensional equality ( ˙=) on P(N) are defined in the obvious way as follows. X ⊂˙ Y := ∀n ∈ N(n ∈˙ X → n ∈˙ Y) and X ˙= Y := X ⊂˙ Y ∧ Y ⊂˙ X.

If Xi ∈ P(N)(i ∈ I) is a family of sets with I ∈ U, let [˙ {Xi : i ∈ I} := {n ∈ N : ∃i ∈ I(n ∈˙ Xi)}.

We shall write s =N t for I(N, s, t). Variables n, k, m are supposed to range over N, thus, e.g., ∀k abbreviates ∀k ∈ N. ∀n ∈˙ X(... ) is shorthand for ∀n ∈ N(n ∈˙ X → ... ). Formulas of second order arithmetic are now translated as type expressions as follows:

¦ ¦ ¦ [s = t] := s =N t , [s ∈ X]¦ := s¦ ∈˙ X, [φ ◦ ψ]¦ := φ¦ ◦ ψ¦ for ◦ ∈ {∧, ∨, →}, ¦ ⊥ := I(N, sN(0), 0), [Qy φ]¦ := (Qy ∈ N)φ¦ for Q ∈ {∀, ∃}, [QX φ]¦ := (QX ∈ P(N))φ¦ for Q ∈ {∀, ∃}.

32 Definition 6.6 If F is a family of propositions (i.e. types) over the type A we call F a species over A. In the following deductions in type theory are presented in an informal style. The following lemma deals with the interpretation of Replacement.

Lemma 6.7 Suppose A ∈ P(N). Let F be a species over N × P(N) such that

∀n ∈˙ A ∃X ∈ P(N) F(n, X) true, (13)

∀n ∈˙ A ∀X,Y ∈ P(N)[X= ˙ Y ∧ F(n, X) → F(n, Y)] true, (14)

∀n ∈˙ A ∀X,Y ∈ P(N)[F(n, X) ∧ F(n, Y) → X= ˙ Y] true. (15)

¦ Then there exists C ∈ P(N) such that, with g(n) := {m ∈ N : ∃k ∈˙ C(hn, mi =N k)}, ∀n ∈˙ AF (n, g(n)) true.

Proof : From (13) it follows ∀n[∃v ∈ A(n) → ∃X ∈ P(N) F(n, X)] true, thus ∀n∀v ∈ A(n) ∃X ∈ P(N) F(n, X) true, and hence13

∀z ∈ (Σv ∈ N A(v)) ∃X ∈ P(N) F(p0(z), X) true. As a result, the axiom of choice in type theory provides us with a function h ∈ (Σv ∈ N A(v)) → P(N) so that ∀z ∈ (Σv ∈ N A(v)) F (p0(z), h(z)) true. Now define g ∈ N → P(N) by [˙ g(n) := {h(z): z ∈ (Σv ∈ N A(v)) ∧ p0(z) =N n}.

As a consequence of (15) we have

0 0 0 ∀z, z ∈ (Σv ∈ N A(v)) [p0(z) =N p0(z ) → h(z) ˙= h(z )] true. (16)

Now if n ∈˙ A true we may pick z ∈ (Σv ∈ N A(v)) such that p0(z) =N n true. Then g(n) ˙= h(z) true by (16) and, as F (n, h(z)) true, we obtain F (n, g(n)) true using (14). Finally, set

¦ C := {z ∈ N : ∃v ∈ N ∃u ∈˙ g(v)(hv, ui =N z)} 2 The next lemma addresses Inductive Generation.

¦ Lemma 6.8 Let U, X ∈ P(N) and define n <˙ X m := hn, mi ∈˙ X. Then there exists Y ∈ P(N) such that

∀n ∈˙ U[∀k(k <˙ X n → k ∈˙ Y ) → n ∈˙ Y ] true (17) and for each species G on N,

∀n ∈˙ U[∀k(k <˙ X n → G(k)) → G(n)] → ∀n ∈˙ YG(n) true. (18)

13 p0, p1 are defined by p0(c) := E(c, (x, y).x) and p1(c) := E(c, (x, y).y), where E is the eliminatory constant related to Σ.

33 Proof : Let A = (Σn ∈ N)U(n). Let B be the species on A defined by B(v) := (Σk ∈ N)(k <˙ X p0(v)). Then B ∈ A → P(N). Set W := W(A, B). Define Γ : P(N) → P(N) by

Γ(Z) := {n ∈ N : n ∈˙ U ∧ ∀k(k <˙ X n → k ∈˙ Z)}. Define F : W → P(N) by transfinite recursion on W so that [˙ F (sup(a, f)) := Γ( {F (f(s)) : s ∈ B(a)}) for a ∈ A, f ∈ B(a) → W . Finally set [˙ Y := {F (s): s ∈ W }.

Then Y ∈ P(N). To verify (17), assume n ∈˙ U true and ∀k(k <˙ X n → n ∈˙ Y ) true. Pick x0 ∈ U(n) and let v0 := (n, x0). Then v0 ∈ A and ∀z ∈ B(v0) ∃s ∈ W [p0(z) ∈˙ F (s)] true. Employing the axiom of choice in type theory, there is an f ∈ B(v0) → W such that

∀z ∈ B(v0)[p0(z) ∈˙ F (f(z))] true. Therefore we get [˙ ∀k(k <˙ X n → k ∈˙ {F (f(z)) : z ∈ B(v0)}) true.

Thus n ∈˙ F (sup(v0, f)) true. As F (sup(v0, f)) ⊂˙ Y true, this implies n ∈˙ Y true. To verify (18) let G be a species over N such that

∀n ∈˙ U[∀k(k <˙ X n → G(k)) → G(n)] true. (19) We use transfinite induction over W to verify ∀s ∈ W [∀k ∈˙ F (s) G(k))] true which comprehends (18). So assume a ∈ A, f ∈ B(a) → W and ∀x ∈ B(a)∀k ∈˙ F (f(x)) G(k) true. We wish to show ∀n ∈˙ F (sup(f, a)) G(n) true. So assume n ∈˙ F (sup(f, a)) true. This means [˙ n ∈˙ Γ( {F (f(s)) : s ∈ B(a)}) true, thus n ∈˙ U true and ∀k(k <˙ X n → ∃x ∈ B(a)[k ∈˙ F (f(x))]) true. As ∀x ∈ B(a) ∀k ∈˙ F (f(x)) G(k) true, we obtain ∀k[k <˙ X n → G(k)] true. Therefore G(n) true using (19) and n ∈˙ U true. 2

14 i In actuality, the intensional version ML1W of ML1W suffices for the interpretation of IARI.

i Theorem 6.9 Any theorem of IARI is true on interpretation in ML1W, that is to say, for each ¦ i i ¦ theorem φ of IARI, φ is a proposition of ML1W and ML1W ` t ∈ φ , for a suitable closed term t. Proof : By induction on the length of deductions in IARI. A natural deduction formulation of IARI is most convenient. That ¦ validates intuitionistic arithmetic is, for example, proved in [Be 85],XI.17 and [TD 88],Ch. 11, Sect. 4. It is also routine to check that ¦ validates the (intuitionistic) laws for the second order quantifiers. As to equality, note that

∀u, v ∈ N ∀X,Y ∈ P(N)[u =N v → (u ∈˙ X ↔ v ∈˙ Y)]

14For a definition of the intensional versions of type theories see [TD 88],Ch.11,Sect.5.

34 i holds true in ML1W by the very definitions of =N and ∈˙ . Therefore, if IA is obtained from IARI by retaining only the part without Arithmetic Comprehension, Replacement, and Inductive Generation, the theorem holds with IA in place of IARI. We thus only have to check those axioms. As to Arithmetic Comprehension, note that if φ(x, ~y, Z~) is an arithmetic formula then, for n, ~m ∈ N and X~ ∈ P(N), φ(n, ~m, X~ )¦ is a small type, that is to say φ(n, ~m, X~ )¦ ∈ U; and therefore the validity of Arithmetic Comprehension is confirmed by (12). Replacement is taken care of by Lemma 6.7 and Inductive Generation follows from Lemma 6.8. 2

To determine a lower bound for the strength of IARI we show that the well–ordering proof of [J 83] can be carried out in IARI, thereby confirming that IARI has the same proof–theoretic 1 strength as ∆2– CA + BI. In what follows we assume familiarity with [J 83]. We shall only dwell on those parts of the latter paper that require an alternative development in IARI. Just by glancing through [J 83] it becomes clear that everything up to Lemma 2.14 is provable in IARI, where of course classifications are conceived as sets of natural numbers and the role of T0’s Inductive Generation is now taken over by the Inductive Generation of IARI, that is to say i(X,R) must be replaced with WF(X,R). The first place that needs to undergo a major change is [J 83] Lemma 2.15 since it draws on the operation w which is defined there by invoking the recursion theorem of T0. Instead, we shall use transfinite recursion over distinguished sets in the form of Proposition 6.4.

Definition 6.10 (IARI) In keeping with [J 83], let (OT,

Mu = {x ∈ OT : Sx ≤OT u; ∀v ∈ Wu [Kv ⊂ Wu]}, ½ Q (Z )u∗ if u ∈ L0 Wu = S Q {(Z )u[x] : x ∈ Q; x

Remark 6.11 (IARI) For distinguished sets Q, P and x ∈ Q ∩ P , it follows from [J 83], Lemma 2.13 that (Q)x = (P )x. Thus we may define an operation C on the whole of [ W := {Q : Q is distinguished} by letting

Q C(x) = (Z )x for some Q with x ∈ Q.

Lemma 6.12 (IARI) For all a ∈ W, C(a) is a distinguished set.

35 Proof : Let Q be a distinguished set such that a ∈ Q. Use transfinite induction on Q to verify that Q C(a) is distinguished. Note that, for all a ∈ Q,(Z )a = C(a). The proof of the lemma is then the same as for the statement “a ∈ Q → ∃XC(X, a)” in [J 83] Theorem 2.4. 2

If one now replaces the assertion “ ∃XC(X, a)” with “ C(a) is distinguished” and “W” with “W” in the remainder of [J 83] (from Theorem 2.4 till the end), the same proofs will work. The upshot is 1 that IARI has at least the proof–theoretic strength of ∆2– CA + BI. Hence, in view of Theorem 5.13, we have ascertained the strength of ML1W.

Theorem 6.13 ML1W has the same proof–theoretic strength as the theories listed in Theorem 1 i 5.13, in particular the same strength as ∆2– CA + BI. The same holds for ML1W.

1 Remark 6.14 There is also a subsystem of ML1W that has exactly the strength of ∆2–CA. This theory arises from ML1W by further demanding that W–elimination has to be restricted to families in U.

7 The Strength of ML1W

For an interpretation of ML1W in set theory one also has to deal with the W–types “at large,” i.e. those which are not ranging over U.

Definition 7.1 Let KP1W be defined as follows. The language of KP1W is the language of set theory augmented by infinitely many constants A 0, A 1, A 2,... . The axioms of KP1W consist of the axioms of KP and the formulae:

1. “A i is a transitive non-empty set” (i ∈ N)

2. A i ∈ A j if i < j

3. φA 0 if φ is an axiom of KPi

4. ψA i+1 if ψ is an axiom of KP (i ∈ N)

∧ Definition 7.2 (Interpretation of ML1W in KP1W) This interpretation (we call it again) is defined in the same way as in 5.10 except for the W-type whose interpretation we take from 5.8.

(u ∈ W(A, B))∧ := uSu, (u = v ∈ W(A, B))∧ := uSv, where S is inductively defined (on N) by the rule: £ ¤ (*) If (x = y ∈ A)∧ and ∀x0, y0 ∈ N (x0 = y0 ∈ B(x))∧ → {u}(x0)S{v}(y0) , then sup(x, u)S sup(y, v).

∧ 0 Note that in order for S to be definable in KP1W, {hx, yi ∈ N×N :(x = y ∈ A) } and {hx, y , xi ∈ N3 :(x0 = y0 ∈ B(x))∧} have to be sets. Thus in order for this interpretation to make sense, we ∧ have to verify that each set term A of ML1W gets interpreted by a set, i.e. {x :(x ∈ A) } is a set using only means available in KP1W.

36 Lemma 7.3 For C a set term we denote by |C| the number of steps it takes to generate C (by the clauses of 4.9). If C is a set term of ML1W with free variables among ~z (= z1, . . . , zn), then KP1W proves n+1 ∧ {hu, ~zi ∈ N :(u ∈ C) } ∈ A |C| and n+2 ∧ {hu, v, ~zi ∈ N :(u = v ∈ C) } ∈ A |C|. Proof : We proceed by (meta) induction on the generation of C. The assertions are obvious when C is N or Nk. 1. If C is U, then (u ∈ C)∧ is UW |= u set. Now, {u : UW |= u set} is Σ definable in KPi and therefore this class has a definition wherein all quantifiers are restricted to A 0. Thus W 2 {u : U |= u set} is an element of A 1 by ∆0 separation in A 1. Similarly, {hu, vi ∈ N : W U |= u = v} ∈ A 1. 2. If C is Π(A, B), then {hu, ~zi ∈ Nn+1 :(u ∈ C)∧} is

{hu, ~zi ∈ Nn+1 : ∀x ∈ N[(x ∈ A)∧ → (ux ∈ B(x))∧] ∧ ∀x, y ∈ N[(x = y ∈ A)∧ → (ux = uy ∈ B(x))∧]}.

By induction hypothesis, we obtain

n+1 ∧ {hu, ~z, xi ∈ N :(x ∈ A) } ∈ A n, n+2 ∧ {hv, x, ~zi ∈ N :(v ∈ B(x)) } ∈ A n, n+2 ∧ {hx, y, ~zi ∈ N :(x = y =∈ A) } ∈ A n, n+3 ∧ {hv, w, x, ~zi ∈ N :(v = w ∈ B(x)) } ∈ A n,

15 n+1 ∧ where n = max(|A|, |B(x)|). As {hu, ~zi ∈ N :(u ∈ C) } is ∆0 definable, using the above sets as parameters, this is a set in A n and thus also in A n+1, which is A |C|. n+2 ∧ The argument for {hu, v, ~zi ∈ N :(u = v ∈ C) } ∈ A |C| proceeds along the same lines. The same arguments apply when C is a set term via one of the clauses (2)–(6) of 4.9

3. Suppose C is W(A, B). Inductively we get that

{hx, y, ~zi ∈ Nn+2 :(x = y ∈ A)∧} and {hx, y0, ~zi ∈ Nn+2 :(x0 = y0 ∈ B)∧}

are elements of A n with n = max(|A|, |B(x)|). Now let S~z be the relation inductively defined 0 0 0 0 in 7.2(*). The proof of Lemma 5.7 reveals that {hx , y , ~zi : x S~zy } is Σ1 definable over A n, 0 0 0 0 whence {hx , y , ~zi : x S~zy } ∈ A n+1. Consequently,

{hu, ~zi ∈ Nn+1 :(u ∈ W(A, B))∧}

and {hu, v, ~zi ∈ Nn+2 :(u = v ∈ W(A, B))∧}

are also elements of A n+1. 2

15This case shows the need for the extra parameters ~z in the formulation of the lemma

37 ∧ Theorem 7.4 If Φ is a judgement of ML1W not of the form “A set”, then KP1W ` Φ . Proof : By Lemma 7.3, ∧ really provides a syntactic translation of Φ into a formula of set theory. On the strength of its definition, it is clear that the rules for the W–types are sound under this interpretation. 2

By now we know that KP1W is an upper bound for the proof–theoretic strength of ML1W. Actually, this bound is sharp according to Setzer’s thesis [S 93]. As regards a proof, we would have to employ rather advanced techniques from Gentzen–style proof theory, including an ordinal analysis of KP1W. However, once these techniques are digested it is fairly easy to provide an ordinal analysis of KP1W that yields the right bound. Indeed, the paper [R 91] permits one to almost read off the ordinal of KP1W which is ψΩ1(I + ω), where I is a notation for the first inaccessible ordinal. The next step would then consist in showing that, for all (meta) n, ML1W proves the well–foundedness of the notation system up to αn, where αn = ψΩ1ΩI+n. This would show that ML1W has the proof–theoretic ordinal sup{αn : n < ω} = ψΩ1ΩI+ω.

8 Conclusions

Similar results can be established for the theories MLnW. As a rule of thumb, the tower of n universes in MLnW corresponds to n recursively inaccessible universes in classical Kripke–Platek set theory.

References

[A 77] P. Aczel: The Strength of Martin–L¨of’s Intuitionistic Type Theory with One Universe, in: S. Miettinen, S. Va¨an¨anen,eds. Proceedings of Symposia in Mathematical Logic, Oulu, 1974, and Helsinki, 1975. Report No. 2, University of Helsinki, Department of Philosophy, 1977, 1–32.

[A 78] P. Aczel: The Type Theoretic Interpretation of Constructive Set Theory, in: Mac- Intyre, A. Pacholski, L., and Paris, J. (eds.), Logic Colloquium ’77, North–Holland, Amsterdam 1978.

[A 82] P. Aczel: The Type Theoretic Interpretation of Constructive Set Theory: Choice Prinicples, in: Troelstra, A. S., van Dalen, D. (eds), The L.E.J. Brouwer Centenary Symposium, North–Holland, Amsterdam 1982.

[A 86] P. Aczel: The Type Theoretic Interpretation of Constructive Set Theory: Inductive Definitions, in: Marcus, R. B. et al. (eds), Logic, Methodology, and Philosopy of Science VII, North–Holland, Amsterdam 1986.

[Ba 75] J Barwise: Admissible Sets and Structures, Springer, Berlin 1975.

[Be 82] M. Beeson: Recursive Models for Constructive Set Theories, Annals of Math. Logic 23, 126–178 (1982).

[Be 85] M. Beeson: Foundations of Constructive Mathematics, Springer Verlag, Berlin 1985.

38 [BFPS 81] W. Buchholz, S. Feferman, W. Pohlers, W. Sieg: Iterated inductive definitions and subsystems of analysis, Lecture Notes in Math. 897, Springer Verlag, Berlin 1981.

[F 75] S. Feferman: A Language and Axioms for Explicit Mathematics, Lecture Notes in Math. 450, 87–139, Springer Verlag, Berlin 1975.

[F 79] S. Feferman: Constructive Theories of Functions and classes in: Boffa, M. van Dalen, D., McAloon, K. (eds.), Logic Colloquium ’78, 159–224, North-Holland, Amsterdam 1979.

[FS 81] S. Feferman and W. Sieg: Proof-theoretic Equivalences Between Classical and Con- structive Theories of Analysis, Lecture Notes in Math. 897, 78–142, Springer Verlag, Berlin 1981.

[J 82] G. J¨ager: Zur Beweistheorie der Kripke–Platek–Mengenlehre ¨uber den nat¨urlichen Zahlen, Arch. mathm. Logik 22, 121–139 (1982).

[J 83] G. J¨ager: A Well–Ordering Proof for Feferman’s Theory T0, Arch. math. Logik 23, 65–77 (1983).

1 [JP 82] G. J¨agerand W. Pohlers: Eine beweistheoretische Untersuchung von ∆2– CA + BI und verwandter Systeme, Sitzungsberichte der Bayerischen Akademie der Wis- senschaften, Mathematisch–Naturwissenschaftliche Klasse (1982).

[ML 84] P. Martin-L¨of: Intuitionistic Type Theory, Bibliopolis, Naples 1984.

[My 75] J. Myhill: Constructive Set Theory, JSL 40, 347–382 (1975).

[NPS 90] B. Nordstr¨om,K. Petersson and J.M. Smith: Programming in Martin–L¨of’s Type Theory, Clarendon Press, Oxford 1990.

[P 93] E. Palmgren: Type-Theoretic Interpretations of Iterated, Strictly Positive Inductive Definitions, Arch. Math. Logic 32, 75–99 (1993).

[R 89] M. Rathjen: Untersuchungen zu Teilsystemen der Zahlentheorie zweiter Stufe und der 1 1 Mengenlehre mit einer zwischen ∆2 − CA und ∆2 − CA + BI liegenden Beweisst¨arke, University of M¨unster,Institute for Mathematical Logic and Foundational Research, M¨unster1989.

[R 91] M. Rathjen: Proof-Theoretic Analysis of KPM, Arch. Math. Logic 30, 377–403 (1991).

[S 93] T. Setzer: Proof theoretical strength of Martin–L¨oftype theory with W–type and one universe, Thesis, University of Munich, 1993.

[TD 88] A. S. Troelstra and D. van Dalen: Constructivism in Mathematics: an Introduction, volume II, North–Holland, Amsterdam 1988.

39