A Simple Model Construction for the Calculus of Constructions

. We present a model construction for the Calculus of Con-structions(CC) where all dependenciesare carried out in a set-theoretical setting. The Soundness Theorem is proved and as a consequence of it Strong Normalization for CC is obtained. Some other applications of our model constructions are: showing that CC + Classical logic is consistent (by constructing a model for it) and showing that the Axiom of Choice is not derivable in CC (by constructing a model in which the type that represents the Axiom of Choice is empty)


Introduction
In the literature there are many investigations on the semantics of polymorphic -calculus with dependent types (see for example 12,11,10,1,5,13]).Most of the existing models present a semantics for systems in which the inhabitants of the impredicative universe (types) are \lifted" to inhabitants of the predicative universe (kinds) (see 16]).Such systems are convenient to be modeled by locally Cartesian-closed categories having small Cartesian-closed subcategories.A wellknown instance of these categorical models is the category of !-sets (or D-sets) and its subcategory of modest sets, which is isomorphic to the category of partial equivalence relations (PER).Then the types are interpreted as PERs and then \lifted" through an isomorphism to modest sets and hence to !-sets.
In practical applications, however, one prefers to use a di erent simple syntactical presentation of type systems -the so-called Pure Type Systems (PTSs).A semantics of such a system is usually obtained by implicitlyor explicitly encoding the system into the system with \lifted" types, so the types are interpreted in the same way.The resulting semantics, even the one presented by concrete models (see 12,13]) is still complicated as it gives an indirect meaning of PTSs.Moreover, most concrete models of such type systems are extensional in the sense that the interpretation of a type is a set with an equivalence relation on it with the equivalence relation on the function space de ned as the extensional equality of functions.As the syntax is not extensional, these models are less suitable for showing non-provability of various statements in PTSs.
This paper presents a new class of concrete models for the Calculus of Constructions (CC) presented as a PTS.The models are intensional -semantical objects are equal i they are equal in the underlying weakly-extensional combinatory algebra.(So, two functions of the same type that have the same graph are not necessarily equal).
Furthermore, a new direct meaning is assigned to the typable expressions of CC, without \lifting" the interpretations of types to interpretations in the predicative universe.There are three disjoint collections of semantical objects in each model: elements (of the underlying combinatory algebra) to interpret objects (inhabitants of types), poly-functionals to interpret constructors (inhabitants of kinds) and predicative sets to interpret kinds.A special case of poly-functionals are speci c sets, called polysets.Types are interpreted as polysets.This corresponds to the fact that types form a subclass of the collection of constructors.The poly-functionals are restricted set-theoretical functionals or sets, and the predicative sets are sets having poly-functionals as their elements.The restrictions on poly-functionals are a consequence from the fact that polymorphism is not set-theoretical in the classical sense (see 14]).However, two poly-functionals or two predicative sets are equal if they are set-theoretically equal.Two elements are equal if they are equal via the equality of the underlying weakly-extensional combinatory algebra.
The three collections of semantical objects are built simultaneously, by induction on the structure of typable terms.This is in line with the fact that objects and types cannot be de ned separately for systems with dependent types.In such a way a proper direct meaning is obtained for dependent types without disregarding any dependencies.
Impredicativity is modeled in a proper way as well, by using the notion of polystructure over the underlying combinatory algebra.Polystructures poses similar closure properties as PERs, namely closed under products de ned on them and intersections, but are simpler -they are just collections of subsets of the combinatory algebra.
An interesting aspect of the models that we obtain is that it is now relatively easy to nd counter-models (for proving properties about the syntax).In a separate section we give some applications of this.For example we show that the Axiom of Choice (AC) is not derivable in CC by constructing a model where the type representing AC is interpreted as the empty set.Furthermore, we show how the property of strong normalization can be derived directly from a particular model of CC.
2 Some Basic De nitions

Calculus of Constructions
In this section a precise de nition of the Calculus of Constructions (CC) is presented.We adopt the same syntax for CC as in 8, 3].To present the derivation rules for CC we rst x the set of pseudoterms from which the derivation rules select the (typable) terms.
De nition 2.1 The set of pseudoterms, T , is de ned by T ::= ?j 2 j Var j Var 2 j Var : T :T j Var : T :T j T T ; where Var and Var `M : T `U : s T = U `M : U s 2 f ; 2g For the informal explanation of these rules see, for example, 8, 3].The set of terms of CC is de ned by Term = fA j 9 ; B `A : B _ `B : A]g: It is convenient to divide the typable terms into subsets ( 3,8]) in the following way:

Combinatory Algebras
Combinatory algebras are used to model the set of pseudoterms of CC.Below we list the de nitions of some notions used in the present paper.Most of the de nitions in this section are taken from 2] and 6].
De nition 2.3 A combinatory algebra (ca) is an applicative structure A = h A ; : ; k ; s ; = A i with distinguished elements k and s satisfying (k:x):y = A x ; ((s:x):y):z = A (x:z):(y:z) The application (:) is usually not written.

De nition 2.4 The set of terms over A (notation T (A)
) is de ned as follows.
T ::= Var j A j T T Every ca is combinatory complete, i.e., for every T 2 T (A) with FV(T) fxg, there exists an f 2 A such that f:a = A T a=x] 8a 2 A: Such an element f will be denoted by x:T in the sequel.For example, as explained in 2], one can de ne as the standard abstraction with the help of the combinators k and s.In the sequel we refer to as an arbitrary abstraction operation on A, which exists due to combinatory completeness.
The set of pure lambda terms is a combinatory algebra, viz., = h ; : ; xy:x ; xyz:xz(yz) ; = i: One can choose in this case to be just the abstraction operation on pure terms.
There is a natural mapping from to any other combinatory algebra A. Let : Var ! A. The interpretation ] of the lambda-terms into A is de ned as v:T ] = v: T] v:=v] : As was pointed out to us by Th.Altenkirch, it is not true in general that, if T 1 = T 2 , then T 1 ] = A T 2 ] .In 2] it is shown that this holds for a special case of combinatory algebras -the so called -models where is chosen to be and in which additional axioms hold (see 2], page 94-95).If one considers an arbitrary abstraction (as we do), then it is convenient to take weaklyextensional combinatory algebras to model .
Let be a binary relation on A. For T 1 ; T 2 2 we say that T 1 = T 2 is true in the ca A w.r.t.(notation A; j = T 1 = T 2 ), if for every valuation , . The above notion of satisfaction is easily extended to arbitrary rst-order equational formulas over .

De nition 2.5 The equivalence realtion is weakly-extensional over =
Now we can prove the following lemma.
Lemma 2.6 Let A be a ca and a weakly-extensional relation over = A .Then, for all , if T 1 ; T 2 2 and T 1 = T 2 ; then T 1 ] T 2 ] : Examples 2.7 { The relation = A A is weakly-extensional over = A , because it relates all elements of A; { Let be the abstraction de ned with the help of k and s (see 2], page 90).Any congruence relation which contains = A and satis es the equations A and Meyer-Scott axiom (see 2], page 94-95) is weakly-extensional over = A ; { In the combinatory algebra = h ; : ; xy:x ; xyz:xz(yz) ; = i, the -equality is weakly-extensional over itself (if is taken to be ).

The Model Construction
The notion of CC-structure and the interpretations of the typable terms of CC are explained informally in the next paragraphs.For more details about the intuition see 15].
The typable terms of CC are mapped into a (set-theoretical) hierarchical structure (called CC-structure) according to their classi cation as objects, constructors or kinds.The predicative universe of CC is interpreted as a collection U 2 of sets (predicative structure) and every kind is mapped to a predicative set.
Predicative structures are closed under set-theoretical dependent products.The impredicative universe is interpreted as a collection U of subsets of the underlying ca.We call this collection polystructure and its elements polysets.U itself is an element of U 2 and is closed under non-empty intersections and dependent products (to be de ned).Constructors are interpreted as elements of X2U 2 X ( S U 2 in short).Their interpretations are called poly-functionals.In particular, types are mapped to polysets.
Due to the various dependencies in CC, kinds have two other interpretations, as polysets and as elements of the underlying ca, and constructors have a second interpretation as elements of the ca.Three interpretation functions are de ned by simultaneous induction on the structure of typable terms: ] ] 2 to map kinds to predicative sets, ] ] to map constructors and kinds to polyfunctionals, and (j j ) to map kinds, constructors and objects to elements of the ca.For these interpretations the following Soundness result is proved: Here, and are valuations: assigns a poly-functional to every constructor variable and assigns an element of A to every constructor variable and object variable.Now we are ready to give a formal de nition of a class of mathematical structures which constitute models of CC.Let A be a ca in the sequel.De nition 3.1 The operation of dependent product A on A takes as arguments a subset X of A and a function F : X !}(A) and is de ned as: Q A (X; F) := ff 2 A j 8n 2 X(f:n 2 F(n))g Note that X = ; implies Q A (X; F) = A , and if X 6 = ; and F(x) = ; for some x 2 X then Q A (X; F) = ; .For convenience Q A (X; F) will be denoted by Q A x 2 X:F (x).Like in CC, if F is a constant function on X, say F(x) = Y , then we denote Q A (X; F) as a function space X!Y , which is de ned as ff 2 A j 8n 2 X(f:n 2 Y )g.
The impredicative universe of CC is interpreted as a polystructure.The impredicativity (or polymorphism) is modeled by requiring polystructures to be closed under arbitrary intersections. (i) A 2 P; (ii) P is closed under dependent products, i.e. for every X 2 P and every function F : X !P, Q A x 2 X:F (x) 2 P. (iii) P is closed under non-empty intersections, i.e., if I is a nonempty set and X i 2 P for every i 2 I then T i2I X i 2 P; (iv) for all X 2 P, if t a] 2 X for some a 2 A, then ( x:t x])a 2 X; (v) for all X 2 P, if a 2 X and b 2 A, then kab 2 X.
The elements of a polystructure are called polysets.Remark 3.5 If ; 2 P, then A = A due to the requirements that P }(A) and that polystructures should be closed under dependent products, since ; !A = A. Examples 3.6 Let A be a ca.
1.A saturated set is a set X of strongly normalizing -terms such that y !P 2 X for every variable y and !P 2 SN and, if M Q=y] !P 2 X and Q 2 SN , then ( y:M)Q !P 2 X.The set of saturated sets is denoted by SAT .SAT is a polystructure over the ca h ; ; xy:x; xyz:xz(yz); = i, SN and x (for any variable x).
2. The set f;; Ag is a polystructure over A, A and ?, for any element ? 2 A.
3. The set P := fX A j X is closed under = A g is a polystructure over A, A and ?, for any element ? 2 A.
We shall often be concerned with `simple' kinds of polystructures, like the ones in the last two examples, where all the polysets are closed under = A and the su cient subset is just A itself.We therefore give the following de nition.De nition 3.7 Let A be a ca.A simple polystructure over A is a collection P }(A), such that the following conditions hold.
(i) A 2 P; (ii) P is closed under arbitrary nonempty intersections; (iii) P is closed under dependent products; (iv) Every element of P is closed under the equivalence relation = A .
If one just works with simple polystructures, the relation = A is not really necessary; instead one could just look at the quotient algebra A= = A .(We are also interested in the polystructure of saturated sets, which is not simple.)Note that simple polystructures are still intensional: if X and Y are polysets and f; g 2 X !Y , then 8x 2 X fx = A gx] does not necessarily imply f = A g.
The predicative universe 2 is interpreted as a predicative structure.The necessary properties of predicative structures are derived from the rules of CC.A predicative structure contains a polystructure as an element and is closed under a restricted set-theoretical product.
De nition 3.8 Let A be a ca and a binary relation on A. The operation e takes as arguments a subset X of A and a function F : X !SET, and is de ned by: e (X; F) := ff 2 x 2 X:F (x) j8x 1 ; x 2 2 X(x 1 x 2 =) f(x 1 ) = f(x 2 ))g Here, x 2 X:F(x) denotes the set of functions f such that for all x 2 X, f(x) 2 F(x) (the set-theoretical dependent product).
Note that, if X = ; then e (X; F) = f;g, where ; ambiguously denotes the empty function.Furthermore, if X 6 = ; and F(x) = ; for some x 2 X, then e (X; F) = ;.(The same holds if F(x 1 ) T F(x 2 ) = ; for some -related elements x 1 and x 2 .)For convenience, e (X; F) will be denoted by e x 2 X:F (x).De nition 3.9 A predicative structure over a polystructure P and a relation (on A) is a collection of sets N such that (i) P 2 N; (ii) N is closed under set-theoretical dependent product, , i.e. if B 2 N and F : B ! N, then b 2 B:F(b) 2 N (iii) N is closed under e for -preserving functions, i.e. if X A and F : X !N such that 8x 1 ; x 2 2 X:x 1 x 2 =) F(x 1 ) = F(x 2 ), then e x 2 X:F (x) 2 N: An example of a predicative structure is the collection SET of all sets.
For convenience we introduce some notations.Now we are ready to give the de nition of CC-structures and to de ne the interpretations of typable terms into such CC-structures.
De nition 3.10 A CC-structure is a tuple M = hA; A; ?; ; U ; U 2 i , where 1.A is a ca; 2. A is a su cient subset of A w.r.t.?; 3. ? is a xed element of A; 4. is a weakly-extensional equivalence relation over = A (see def.2.5);3 .
5. U is a polystructure over A, A and ?; 6. U 2 is a predicative structure over U and ; De nition 3.11An atom-valuation of constructor and object variables is any map : Var S Var 2 ! A. A constructor-valuation of constructor variables is a map : Var 2 !X2N X.
De nition 3.12 The atom-interpretations of the typable terms under an atomvaluation are de ned as follows (j j ) := ?
Remark 3.13 As usual (see 2]), (jTj ) v:=v] denotes the term over A obtained from T by applying the map (j j ) 0 to it, where 0 : Var !T (A) is de ned as 0 (u) = (u) if u 6 = v; Fact 3.14 Due to the fact that simulates the equality on a weakly extensional combinatory algebra, the following holds: 1.If m 1 ; m 2 2 A and m 1 m 2 , then (jTj De nition 3.15 Let be an atom-valuation and a constructor-valuation.The U -interpretation of kinds and constructors ] ] ; : f2g Kind Constr !U 2 and the U 2 -interpretation of kinds ] ] 2 ; : f2g Kind !U 2 are de ned simultaneously by induction on the structure of terms as follows.
For these interpretations the substitution property, which is stated in the next lemma, holds.The relation = is `Kleene-equality'.Lemma 3.17  ) if (i) for every constructor variable and kind A such that ( : A) 2 , ( ) 2 A] ] 2 ; and ( ) 2 A] ] ; : (ii) for every object variable x and type , such that (x : ) 2 , (x) 2 ] ] ; : De nition 3.19 We say that the CC-structure M models `M : T (notation j = M M : T) i for every ; , (i) If M 2 Kind , then M] ] 2 ; 2 U for applicable s 2 f ; 2g.
The next theorem says that every CC-structure is a model of CC, namely it models every legal judgment of CC.Theorem 3.22 (Soundness) Let M be a CC-structure and let be a context and M and T terms such that `M : T. Then the following holds.
Proof.The proof of (i)-(ii) is by simultaneous induction on derivations.The nontrivial cases are: the ( )-rule, where property (iii) of polystructures is applied (see def.3.4); the ( Q )-rules, where the closure of U under non-empty intersections and dependent products and the closure of U 2 under set-theoretical products and under e are used.Furthermore, in the conversion rule the following property is essential.Two typable terms are -equal (as pseudoterms) i they are equal via a reduction-expansion path through the set of well-typed terms.(This property follows from Church-Rosser for and Subject Reduction for .)In the end, note that to prove the condition (iii) of the Soundness Theorem, Subject Reduction for is necessary.

u t 4 Applications
In this section we treat some examples of models of CC that t in the framework described above.Our main goal hereby is to prove properties about the syntax by employing the models.Typical statements that we can prove in this way are e.g. that the Axiom of Choice is not derivable in CC and that Classical Logic is a consistent extension of CC.The rst is proved by constructing a model in which the type that represents the Axiom of Choice is empty and the second is proved by constructing a model in which the type representing the double negation law is inhabited and the interpretation of ? is empty.The examples conceptual.As has been mentioned before, realizability models are a convenient tool for describing semantics for impredicative systems in which the typedependency rule ( ; 2) of PTSs is \encoded" by explicit \lifting" of every type to a special small kind (see 16,1].Such models are usually extensional.A semantics of the PTS CC can be obtained from these models via a syntactic mapping from CC-PTS-style to CC-with-lifting.The model described here is intensional and presents a direct meaning of the Calculus of Construction as a PTS.
-Abstract non-categorical model-constructions.The only such modelconstruction we know is the one described in 1].It is a non-trivial presentation of categorical models without using categorical tools.A non-trivial instance of it is the class of standard realizability models.Note, that this abstract notion of model is also for a system with \lifted" types.
In fact the principle di erence between our notion of model and the above three classes of models is that we give a direct interpretation of the rules of Pure Type Systems.We present a new class of concrete models, which are intensional.This makes us believe that these models cannot be viewed as a particular instance of the abstract scheme, as for example presented in 1].In fact we have tried to organize these concrete models in a more general scheme to cover the PERs as well, but we have so far not succeeded.However one can use PERs instead of polystructures as interpretations of and `redo' the rest of the construction.
-Other (partial) models of the PTS CC (see 8,4]).In the literature there are models of CC employed for proving strong normalization, in which CC is interpreted via an explicit or implicit syntactical mapping into Girard's system F! (see 9,8]) .Furthermore, there are models in which type-dependencies are not fully disregarded as in 4] where dependencies are eliminated only in the interpretation of kinds.The interpretations in such models are not straightforwardly extendible to richer systems, for example with inductive types, and our notion of models is more exible in this sense.
De nition 3.2 Let A be a ca and ? 2 A. A su cient subset of A w.r.t.? is a set A, such that 1. ; ( A A; 2. If t a] 2 A for some a 2 A, then x:t x] 2 A; 3. If ! a 2 A, then ?! a 2 A; 4. If t a] 2 A ; a 2 A, then ( x:t x])a 2 A. Examples 3.3 The set A is a su cient subset of itself (taking for ?an arbitrary element of A).Furthermore, SN , the set of -strongly-normalizing pureterms, is a su cient subset of w.r.t.x, for any variable x.To show this, take the ca h ; ; xy:x; xyz:xz(yz); = i and to be .De nition 3.4 Let A be a ca, ? 2 A and A a su cient subset of A w.r.t.?.A polystructure over A, A and ? is a collection P }(A), such that the following conditions hold.