Higher-Order Logic

Stefan Hetzl
[email protected]

Vienna University of Technology

January 25, 2019

ii
Contents

1 First-Order Logic 3

2 Second-Order Logic 7
2.1 Syntax and Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Definability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3 Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.4 Second-Order Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.5 Inductive Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3 Higher-Order Logic 25
3.1 The Untyped Lambda Calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.2 Simple Type Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.3 Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.4 Subsystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.5 Henkin-Completeness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.6 Type Theory at Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
iv
Overview

First-Order Logic
An example for a formula in first-order logic is

@x pDy Rpx, yq Ñ Rpx, f pxqqq.

This formula contains variables x and y which denote individual objects of the domain, it
contains a function symbol f which denotes a (unary) function from the domain to the domain
and it contains a predicate symbol R which denotes a (binary) relation of objects of the domain.
The quantifiers @x, Dy range over individual objects. First-order logic is restricted to this form
of quantification.

What is Second-Order Logic?

Second-order logic is obtained from allowing – in addition – to quantify over relations and
functions of individual objects. This allows to write down sentences such as

@XDu@x pDy Xpx, yq Ñ Xpx, upxqqq.

Why Second-Order Logic?

Second-order logic is more expressive than first-order logic. For example, there is no first-order
sentence that defines the finite structures. On the other hand – as we will see – this is easy
to do in second-order logic. This is a general pattern that applies to many situations, another
example being the connectedness of a graph.
Another important example is the ability of second-order logic to uniquely define the natu-
ral numbers (“categoricity of second-order arithmetic”). Generalizations of this result include
mechanisms for inductive definitions, in particular for inductive data types like e.g. lists, trees,
etc. which are of importance in computer science.
This added expressivity however comes at a price: many results about the logic do no longer hold,
in particular the completeness theorem, the compactness theorem, and the Löwenheim-Skolem
theorem.
In addition to being more expressive than first-order logic, second-order logic is also a quite
natural formalism: one can easily observe that in mathematical practice quantification over
sets is often used. One reaction to this observation is to work in set theory, a first-order theory
where all individual objects are sets. Another reaction is to move from first- to second-order
logic, a formal system which distinguishes quantification over individuals from quantification
over sets (and predicates and functions) of such individuals.

What is Higher-Order Logic?

Second-order logic is a formal system that distinguishes quantification over different types of

1
objects. We can systematically assign types to the objects about which we speak in the following
way: let ι denote the type of individuals (the range of first-order quantifiers) and let o denote
the type of formulas (a boolean value which is true or false). We can then write the type of a
set of individuals as ι Ñ o, to each individual we map a boolean value according to whether it
is or is not in the set. Similarly we can write the type of a unary function as ι Ñ ι, a mapping
of individuals to individuals.
Higher-order logic, or simple type theory as it is often called, is then obtained from turning the
above into an inductive definition allowing the formation of more complicated types such as for
example pι Ñ ιq Ñ pι Ñ oq and considering quantifiers for all such types.
A good basis for higher-order logic is the typed lambda calculus which also forms a useful
background theory for studying properties of programming languages.
The quantification over such higher types appears frequently in mathematics. For example,
the most basic notion in topology, that of an open set has the type pι Ñ oq Ñ o because it
is a property of sets of individuals. In functional analysis operators which map functions to
functions play an important role. An object which maps a function to a function has the type
pι Ñ ιq Ñ pι Ñ ιq.
Type theories find practical applications in proof assistants such as Isabelle, Coq, etc. These
are software systems that allow a user to formalize a proof in an electronic format.
Helpful additional literature for this couse include [4, 6, 5, 1, 3, 2].

2
Chapter 1

First-Order Logic

This chapter is a brief repetition of the central definitions and results concerning first-order
logic.
Syntax: A language contains constant symbols, function symbols and predicate symbols. Each
symbol has an arity, the number of arguments it takes (written f {n for the symbol f with arity
n P N). In addition, we assume a countably infinite supply of variable names at our disposal. The
terms over a language L (the L-terms) are defined inductively from constant symbols, variables
and function symbols. L-formulas are defined inductively from atoms (including equations s “ t
for L-terms s, t as well as falsity K, pronounced “bottom”), the propositional connectives ^,
_, , Ñ and the quantifiers @x, Dx.
Example 1.1. L “ tc{0, f {2, g{1, P {1, R{2u is a language, f pgpxq, cq is an L-term, f pcq is not an
L-term, @x pP pxq Ñ x “ gpxqq is an L-formula, Rpc, cq P pcq is not an L-formula.
To simplify the notation we assume that ^ and _ bind stronger than Ñ, so pA ^ Bq Ñ pC _ Dq
can be written as A^B Ñ C _D. Furthermore, implication is right-associative, so A Ñ B Ñ C
means A Ñ pB Ñ Cq. And we define A Ø B as abbreviation for pA Ñ Bq ^ pB Ñ Aq.
Semantics: An L-structure is a pair S “ pD, Iq where D is a set, the domain of S and I
maps all constant symbols, function symbols and predicate symbols of L to elements, functions
and relations respectively of D and some variables to elements of D. The interpretation I is
extended to cover all terms by defining

Ipf pt1 , . . . , tn qq “ Ipf qpIpt1 q, . . . , Iptn qq.

A formula may have free and bound variables, a formula without free variables is called sentence.
The truth of a formula F in a structure S “ pD, Iq is written as S ( F , pronounced as “F is
true in S” or “S satisfies F ” or “S is a model of F ”, and defined inductively on the structure
of F under the assumption that all free variables of F are interpreted by I For example,

S ( A _ B if S ( A or S ( B,
pD, Iq ( Dx A if there is an m P D s.t. pD, I Y tx ÞÑ muq ( A,

and so on. A sentence which is true in all structures is called valid. A sentence is called
satisfiable if there is a structure in which it is true. A set of sentences Γ is called satisfiable if
there is a structure in which all F P Γ are true.
Proofs: There are several different proof systems for classical first-order logic, most notably
(the numerous variants of) sequent calculus, natural deduction and Hilbert-type systems. All
of these are equivalent w.r.t. provability.

3
Definition 1.1. A proof in natural deduction for classical logic NK is a tree of formulas. A
leaf of this tree is called axiom if it is of the form A _ A for some formula A or t “ t for some
term t. Otherwise a leaf is an assumption. Each assumption is either open or discharged. An
open assumption is just a formula A, it can be discharged by a rule below it and is then written
as rAsi where i is the number of the rule which has discharged it.
A proof of a formula A possibly containing axioms as well as open or discharged assumptions
is written using dots as
..
..
A
Sometimes it is convenient to give a name to a proof; this is written as
..
.. π
A

To emphasize the presence of certain open or discharged assumptions they are mentioned ex-
plicitly as in
B. rBsi Γ.
.. .. ..
. .. .
A or A as well as A
for a set Γ of open assumptions.
The set of NK-proofs is defined inductively allowing the formation of new proofs by applying
any of the following rules:

rAsi rAsi
.. .. .. .. .. .. ..
.. .. .. .. .. .. ..
A A Ñ B ÑE B ÑiI A A E
K i K efq
B AÑB K A I A

.. .. .. ..
.. .. .. ..
A B ^ A ^ B ^E A ^ B ^E
I 1 2
A^B A B

rAsi rBsi
.. .. .. .. ..
.. .. .. .. ..
A _I B _I A_B C C _i
1 2 E
A_B A_B C

.. ..
.. ..
@x A @ Arxzts
E D
Arxzts Dx A I
provided t does not contain a variable that is bound in A

..
.. π
Arxzαs
@I
@x A

4
provided α does not occur in A nor in the open assumptions of π

rBrxzαssi
.. ..
.. .. π
Dx B A Di
A E

provided α does not occur in A nor in B nor in the open assumptions of π. In the cases @I and
DE , α is called eigenvariable and the side condition is called eigenvariable condition.
.. .. .. ..
.. .. .. ..
s “ t Arxzss s “ t Arxzts
“ “
Arxzts Arxzss

provided s and t do not contain variables that are bound in A.

Example 1.2.
r As3 rAs2
E
K efq
r A _ Bs1 B rBs3 3
_E
B Ñ2I
AÑB Ñ1I
p A _ Bq Ñ A Ñ B
Make sure you understand how this proof is constructed step by step successively discharging
assumptions.
For a set of sentences Γ and a sentence A we write Γ $ A if A is provable using assumptions
from Γ. A set of sentences Γ is called deductively closed if Γ $ A implies A P Γ; a deductively
closed set of sentences is – more briefly – called theory. A set of sentences Γ is called consistent
if Γ & K.
The central properties of first-order logic are given by the following theorems:

Theorem 1.1 (Soundness). Every provable formula is valid.

While soundness is usually straightforward to prove, the following results require more work.

Theorem 1.2 (Completeness). Every valid formula is provable.

Theorem 1.3 (Compactness). If Γ is a set of sentences s.t. every finite Γ0 Ď Γ is satisfiable,

then Γ is satisfiable.

Theorem 1.4 (Löwenheim-Skolem). If Γ has a model, then Γ has a countable model.

The strongest version of these results from which Completeness, Compactness and the Löwenheim-
Skolem theorem can be derived as simple corollaries is the following

Lemma 1.1. Every consistent set of sentences has a countable model.

The following exercises are helpful for refreshing your knowledge about first-order logic.

Exercise 1.1. Let A be a formula. Show that Dx A is unsatisfiable iff @x A is valid.

Exercise 1.2. Show that @x pP pxq Ñ Qpxqq Ñ p@x P pxq Ñ @x Qpxqq is valid but p@x P pxq Ñ
@x Qpxqq Ñ @x pP pxq Ñ Qpxqq is not.

5
Exercise 1.3. Find a formula in the empty language which is true in a structure S iff the
domain of S has exactly 3 elements.
Exercise 1.4. Find a formula which has an infinite but no finite models.
Exercise 1.5. Of the following three statements one is wrong, one is trivial and one is a
formulation of the compactness theorem. Which is which?

1. If there is a finite Γ0 Ď Γ which is satisfiable, then Γ is satisfiable.

2. If Γ is unsatisfiable then there is a finite Γ0 Ď Γ which is unsatisfiable.

3. If Γ is satisfiable then there is a finite Γ0 Ď Γ which is satisfiable.

Justify your answers!

Exercise 1.6. Prove the following three results
Completeness Theorem. Every valid formula is provable.
Compactness Theorem. If Γ is a set of sentences s.t. every finite Γ0 Ď Γ is satisfiable, then Γ is
satisfiable.
Löwenheim-Skolem Theorem. If Γ has a model, then Γ has a countable model.
from the following
Main Lemma. Every consistent set of sentences has a countable model.
Exercise 1.7. Two structures pD1 , I1 q and pD2 , I2 q in the same language L are called isomor-
phic, often written as pD1 , I1 q » pD2 , I2 q, if there is a bijection ψ : D1 Ñ D2 s.t.

1. ψpI1 pcqq “ I2 pcq,

2. ψpI1 pf qpm1 , . . . , mn qq “ I2 pf qpψpm1 q, . . . , ψpmn qq for all m1 , . . . , mn P D1 , and

3. pm1 , . . . , mn q P I1 pP q iff pψpm1 q, . . . , ψpmn qq P I2 pP q for all m1 , . . . , mn P D1 .

The theory of a structure S is defined as ThpSq “ tA sentence | S ( Au. S1 and S2 are called
elementarily equivalent if ThpS1 q “ ThpS2 q.
(a) Show that two isomorphic structures are elementarily equivalent.
Hint: first show ψpI1 ptqq “ I2 ptq by induction on the term structure of t and then (a) by
induction on formula structure.
The language of arithmetic is LN “ t0{0, s{1, `{2, ¨{2, ă{2u. The standard model of arithmetic
is the LN -structure N “ pN, Iq where I is the obvious standard-interpretation of the symbols in
LN .
(b) Show that there is a structure which is elementary equivalent but not isomorphic to N .
Hint: Add a new constant symbol c to LN , successively force c to be larger than each natural
number and apply the compactness theorem.
A structure as in (b) is called non-standard model of arithmetic.
Exercise 1.8. A theory T is called countably categorical if, whenever S1 and S2 are countably
infinite models of T , then S1 and S2 are isomorphic.
A theory T is called complete if, for every sentence A either T $ A or T $ A.
Show that a countably categorical theory without finite models is complete.

6
Chapter 2

Second-Order Logic

2.1 Syntax and Semantics

The syntax of second-order logic is obtained from that of first-order logic by adding predicate
variables and function variables as well as quantification over these newly introduced variables.
As a notational convention we use letters X, Y, . . . for predicate variables and u, v, . . . for function
variables. Often the arity of these variables will be clear from the context or irrelevant. If, not
it is indicated as u{r, X{r. As in first-order logic we use x, y, . . . for individual variables.
When moving from first- to second-order logic the definition of a language and of a structure
is not changed. Only the notion of terms, formulas and accordingly the truth definition is
extended.

Definition 2.1. For a language L, the set of L-terms is as follows:

1. Individual variables are L-terms

2. Constant symbols in L are L-terms

3. If t1 , . . . , tn are L-terms and f is an n-ary function symbol of L, then f pt1 , . . . , tn q is an

L-term.

4. If t1 , . . . , tn are L-terms and u is a function variable of arity n, then upt1 , . . . , tn q is an

L-terms.

Definition 2.2. For a language L, the set of L-formulas is defined as follows:

1. If t1 , . . . , tn are L-terms and P is an n-ary predicate symbol of L, then P pt1 , . . . , tn q is an

L-formula.

2. If t1 , . . . , tn are L-terms and X is an n-ary relation variable, then Xpt1 , . . . , tn q is an

L-formula.

3. If t1 and t2 are L-terms, then t1 “ t2 is an L-formula.

4. K is an L-formula.

5. If A is an L-formula, then A, @x A, Dx A, @X A, DX A, @u A, and Du A are L-formulas.

6. If A and B are L-formulas, then pA ^ Bq, pA _ Bq, and pA Ñ Bq are L-formulas.

7
The free variables and bound variables of a formula are defined to include predicate and function
variables in the obvious way. As in first-order logic, a sentence is a formula without free variables.

Definition 2.3. We say that a structure S “ pD, Iq interprets a formula A if every constant
symbol, function symbol, predicate symbol and free variable of A is in the domain of I.

Definition 2.4. Let A be a formula and S “ pD, Iq be a structure that interprets A. Then the
truth of A in S is defined by induction on A:

1. S ( P pt1 , . . . , tn q if pIpt1 q, . . . , Iptn qq P IpP q.

2. S ( Xpt1 , . . . , tn q if pIpt1 q, . . . , Iptn qq P IpXq.

3. S ( t1 “ t2 if Ipt1 q “ Ipt2 q.

4. S * K

5. S ( A ^ B if S ( A and S ( B.

6. S ( A if S * A.

7. S ( @x A if for all m P D: pD, I Y tx ÞÑ muq ( A.

8. S ( @X A if for all R Ď DaritypXq : pD, I Y tX ÞÑ Ruq ( A.

9. S ( @u A if for all ϕ : Daritypuq Ñ D: pD, I Y tu ÞÑ ϕuq ( A.

and analogously for the disjunction _ and the existential quantifiers Dx, DX and Du.

As the above definitions show, the move from first- to second-order logic does not require
substantially new ideas on the level of the basic syntax and semantics. We only generalize
quantifiers in a straightforward way to speak also about functions and relations. However, this
generalization considerably increases the expressive power of the logic (as we will see in the next
sections).
Example 2.1. An example for a second-order formula with one free function variable u{1 is

Invpuq ” Dv @x @y pupxq “ y Ø vpyq “ xq

which asserts the existence of an inverse function for u. Let us now consider the structure pR, Iq
where Ipuqpxq “ 2x. We want to show that pR, Iq ( Invpuq.

pR, Iq ( Invpuq
iff pR, Iq ( Dv @x @y pupxq “ y Ø vpyq “ xq
iff there is ϕ : R Ñ R s.t. pR, I Y tv ÞÑ ϕuq ( @x @y pupxq “ y Ø vpyq “ xq
iff there is ϕ : R Ñ R s.t. for all λ, µ P R :
I Y tv ÞÑ ϕ, x ÞÑ λ, y ÞÑ µuq ( upxq “ y Ø vpyq “ x
pR, loooooooooooooooomoooooooooooooooon

I˚
iff there is ϕ : R Ñ R s.t. for all λ, µ P R :
I ˚ puqpI ˚ pxqq “ I ˚ pyq iff I ˚ pvqpI ˚ pyqq “ I ˚ pxq in R, i.e.
2λ “ µ iff ϕpµq “ λ in R
x
and there is such ϕ, namely x ÞÑ 2 hence pR, Iq ( Invpuq.

8
2.2 Definability
We first develop some syntactic sugar to speak about sets in second-order logic. First of all,
note that a set is just a unary predicate. In this special case of unary predicates we use the
notation x P Y for Y pxq. But be careful, the symbol P in this expression is not a predicate itself,
it is only part of a notational convention. Another useful notational convention are bounded
quantifiers:

@x P X A ” @x px P X Ñ Aq
Dx P X A ” Dx px P X ^ Aq

Let X{2, Y {1 and define

TranspXq ” @x @y @z pXpx, yq Ñ Xpy, zq Ñ Xpx, zqq,

SucpX, Y q ” @x P Y Dy P Y Xpx, yq,
FixpX, Y q ” Dx P Y Xpx, xq, and
FinpY q ” @X pTranspXq Ñ SucpX, Y q Ñ FixpX, Y qq _ @x x R Y.

Proposition 2.1. Let pD, Iq be a structure that interprets Y {1, then

IpY q is finite iff pD, Iq ( FinpY q

Proof. For the left-to-right direction assume that IpY q is finite. If IpY q “ H, then pD, Iq (
@x x R Y and we are done, so assume IpY q ‰ H. Let R be a binary relation which is transitive
and has successors on IpY q, then we will show that R has a fixed point. To that aim, pick
m1 P IpY q ‰ H. As R has successors on IpY q there is m2 P IpY q s.t. pm1 , m2 q P R, etc.
Continuing this process we obtain a sequence m1 , m2 , m3 , . . . in IpY q with pmi , mi`1 q P R. But
by transitivity of R and finiteness of IpY q there is i s.t. pmi , mi q P R and we are done.
For the right-to-left direction suppose that IpY q is infinite. Then it is non-empty hence pD, Iq *
@x x R Y . Furthermore, we can choose a set M “ tm1 , m2 , m3 , . . .u Ď IpY q s.t. the mi are
pairwise different. We define a binary relation R on D as the transitive closure of

R “ tpk, m1 q | k R M u Y tpmi , mi`1 q | i ě 1u

Then R is transitive, has successors on IpY q but no fixed points and hence pD, Iq * FinpY q.

A very useful notation in second- and even more so in higher-order logic is provided by the
lambda calculus. To explain it, consider the syntactic expression x2 ` 5. This can be read as a
term in a first-order language containing the binary function symbols ` and “to the power of”
as well as the constant symbols 2 and 5 and the variable x. Often when writing such expressions
we want to consider the function that maps the value x2 ` 5 to x. In ordinary mathematical
notation, this function is often written as x ÞÑ x2 ` 5. In the lambda calculus this function is
denoted as λx.x2 ` 5. This notation has the advantage that nested expressions are easier to
read which is helpful in higher-order logic. The step from the term x2 ` 5 to the function which
associates the value x2 ` 5 to x is called abstraction. This notation is also used for expressions
which contain more variables, so for example λxλy.x3 ` x ¨ y ´ 5 ¨ z is a function with the two
arguments x and y and the parameter z.
The application of a function f to an argument x is denoted as f x in the lambda calculus. So
for example pλx.x2 ` 5q3 denotes the application of the above function to 3. An abstraction

9
followed by an application can then be reduced by replacing the variable of the abstraction by
the argument:
pλx.x2 ` 5q3 Ñ 32 ` 5.
We will use the λ-notation and this kind of reduction (called β-reduction) at various occasions
in an informal ways until we study the lambda calculus more thoroughly in the context of
higher-order logic.
Using the notation of the lambda calculus, we can for example define new predicates from
existing ones, e.g. given P {1 and Q{1 the predicate R{1 which is true if both P and Q are true
can be written as:
R ” λx.P pxq ^ Qpxq
Similarly, we can define the empty set explicitely as
H ” λx.K
and the universe as
U ” λx.J.
The sentence FinpUq is hence true in a structure S iff S is finite.
Definition 2.5. A class of structures C is called first-order definable (second-order definable)
if there is a set of first-order (second-order) sentences Γ s.t. the models of Γ are exactly the
elements of C.
Ź
If a class C is definable byŹa finite set of sentences Γ, then it is definable by the sentence APΓ A
because M ( Γ iff M ( APΓ A. In this case we say that C is definable by a sentence (of first-
or second- order logic respectively).
Proposition 2.2.

1. For each n P N the class of structures of cardinality n is definable by a first-order sentence.

2. The class of finite structures . . .
(a) . . . is not first-order definable.
(b) . . . is definable by a second-order sentence.
3. The class of infinite structures . . .
(a) . . . is not definable by a first-order sentence.
(b) . . . is first-order definable.
(c) . . . is definable by a second-order sentence.

Proof. Let Ln ” Dx1 . . . Dxn ni“1 nj“i`1 xi ‰ xj , then S ( Ln iff |S| ě n. Furthermore,
Ź Ź
define En ” Ln ^ Ln`1 then S ( En iff |S| “ n.

1. The class of structures of cardinality n is hence defined by En .

2a. Suppose there is a set of sentences Γ s.t. S ( Γ iff S is finite. Let Γ1 “ Γ Y tLi | i ě 1u
and observe that Γ1 is unsatisfiable: a model of Γ1 would need to be finite to satisfy Γ but
larger than any i P N.
Let Γ0 be an arbitrary finite subset of Γ1 , then there is an k P N s.t. Li P Γ0 implies that
i ă k. Now let S be any structure of size k, then S ( Γ and S ( Li for all Li P Γ0 hence
S ( Γ0 . So every finite Γ0 Ď Γ has a model.
Therefore, by the compactness theorem, Γ1 has a model. Contradiction.

10
 2b. The second-order sentence FinpUq defines the class of finite structures.

3a. Suppose there is an A s.t. S ( A iff S is infinite, then S ( A iff S is finite which
contradicts 2a.

3b. The class of infinite structures is defined by tLi | i ě 1u.

3c. The second-order sentence FinpUq defines the class of infinite structures.

This strategy for showing the undefinability of a property in first-order logic by using the
compactness theorem as in point 2a of the above theorem is important and will reappear at a
number of occasions during this course. Make sure you understand how it works.
Also note how subtle a line we were able to draw here: a particular class, that of infinite
structures, can be defined by an infinite set of formulas in first-order logic not however by a
finite set. A situation such as in Proposition 2.2 is quite typical for the definability of many
properties that are related to infinity.
Theorem 2.1. The compactness theorem fails in Second-Order Logic.

Proof. Using the notation of the proof of Proposition 2.2, let

∆ “ tFinpUqu Y tLi | i ě 1u

and observe that every finite ∆0 Ď ∆ is satisfiable but ∆ is not.

Compare this proof to that of Proposition 2.2/2a by letting Γ “ tFinpUqu. Both proofs rely
on the same argument which shows that one cannot have the compactness theorem in a setting
where the class of finite models is definable. We are in the situation of a drawback: we can only
have one but not both. In the case of first-order logic we know that the compactness theorem
holds hence the class of finite structures cannot be defined. In the case of second-order logic
we know that the class of finite structures can be defined and hence the compactness theorem
cannot hold.
We will now move on to see that also the Löwenheim-Skolem theorem fails in second-order logic.
We abbreviate

X Ď Y ” @x px P X Ñ x P Y q

and use bounded quantification also for this relation

@X Ď Y A ” @X pX Ď Y Ñ Aq.

Now we want to compare sets w.r.t. their size. For finite sets this is easy: just count the number
of elements, the set that has more elements is larger. For infinite sets the issue is a bit more
subtle. We can say that an infinite set S is larger than an infinite set R if there is a surjection
from S to R. Consequently, for X{1, Y {1 define

X ď Y ” Du @x P X Dy P Y upyq “ x

which expresses exactly that. Furthermore, define

X „Y ” X ďY ^Y ďX

11
which is equivalent to the existence of a bijection between the two sets. We can now finally
define

CountablepY q ” @X Ď Y pFinpXq _ X „ Y q

which expresses that Y countable: it is obviously true for finite Y and if Y is countably infinite
and we pick some subset X of Y one of two things happen: either Y is finite or it is of the same
cardinality as X. In other words: pD, Iq ( CountablepY q iff IpY q is countable.

Theorem 2.2. The class of countable structures is definable by a second-order formula.

Proof. Use CountablepUq.

Corollary 2.1. The class of uncountable structures is definable by a second-order formula.

Proof. Use CountablepUq.

Corollary 2.2. The Löwenheim-Skolem theorem fails in Second-Order Logic.

Proof. The formula CountablepUq is satisfiable but has no countable model.

Exercise 2.1. Show that a set S is finite iff every injective f : S Ñ S is surjective. Use this
property to give a second-order sentence that defines the class of finite structures.

Exercise 2.2. In this exercise we work in a language which contains a single binary predicate
symbol E and two constant symbols c and d. The structures of this language are (finite or
infinite) graphs with two designated vertices, a source c and a sink d. A path is a finite list of
vertices connected by edges. The length of a path is the number of edges it contains.
Show that:

1. For every k P N the graphs containing a path of length k from c to d are definable by a
first-order sentence.

2. The graphs which do contain a path from c to d . . .

(a) . . . are not first-order definable.

(b) . . . are definable by a second-order sentence.

3. The graphs which do not contain a path from c to d . . .

(a) . . . are not definable by a first-order sentence.

(b) . . . are first-order definable.
(c) . . . are definable by a second-order sentence.

Exercise 2.3. We work in the (first-order) language L “ t0{0, 1{0, `{2, ´{1, ¨{2, ´1 {1u of rings.

1. Show that the class of rings is definable by a first-order sentence.

Hint: consult your algebra textbook or wikipedia.

12
The characteristic of a ring is the smallest number n ą 0 s.t.
1 ` 1 ` ¨ ¨ ¨ ` 1 “ 0.
loooooooomoooooooon
n times
if such a number n exists. If no such n exists, the characteristic of the ring is 0. A characteristic
n ‰ 0 is also called finite characteristic. For example, the ring of integers modulo m has
characteristic m, the ring Z has characteristic 0.
Show that:

2. For every k ě 2, the class of rings of characteristic k is definable by a first-order sentence.

3. The class of rings of finite characteristic . . .
(a) . . . is not first-order definable.
(b) . . . is definable by a second-order sentence.
4. The class of rings of characteristic 0 . . .
(a) . . . is not definable by a first-order sentence.
(b) . . . is first-order definable.
(c) . . . is definable by a second-order sentence.

2.3 Proofs
A calculus for first-order logic can be extended to second-order logic in a natural way. For the
case of natural deduction, in order to obtain NK2 it suffices to add the following rules to NK:
.. ..
.. ..
@X A @E @u A @E
ArXzλx̄.Bs Aruzλx̄.ts
if the number of variables in x̄ is the arity of X (or of u respectively) and B (or t respectively)
does not contain a variable that is bound in A.
.. ..
.. π .. π
ArXzX0 s Aruzu0 s
@I @I
@X A @u A
if X0 (or u0 respectively) has the same arity as X (or u respectively) and X0 (or u0 respectively)
does not occur in A nor in the open assumptions of π. For the existential quantifier:
.. ..
.. ..
ArXzλx̄.Bs Aruzλx̄.ts
DI DI
DX A Du A
if the number of variables in x̄ is the arity of X (or of u respectively) and B (or t respectively)
does not contain a variable that is bound in A.
rBrXzX0 ssi rBruzu0 ssi
.. .. .. ..
.. .. π .. .. π
DX B A Di Du B A Di
A E A E

13
if X0 (or u0 respectively) has the same arity as X (or u respectively) and X0 (or u0 respectively)
does not occur in A nor in the open assumptions of the right-hand proof of A.
Observe that the extension to the second-order system is quite natural; it does not require
any new ideas, just the adaption of the first-order system to the case of the second-order
quantifiers, all side conditions are analogous. The extension of the semantics has been an
equally straightforward adaption of the first-order semantics. The question is hence natural
whether the relationship between syntax and semantics generalizes from first- to second-order
logic in the same straightforward way. While the soundness of the above inference rules is an
easy exercise we will see in the next section that the completeness theorem will fail in second-
order logic.
Example 2.2. The sentence

@u DX @y pXpyq Ø Dx upxq “ yq

states that every function has a range and is provable in NK2. A proof in NK2 is:
..
..
@y pDx u0 pxq “ y Ø Dx u0 pxq “ yq
@y ppλz.Dx u0 pxq “ zqy Ø Dx u0 pxq “ yq
DI
DX @y pXpyq Ø Dx u0 pxq “ yq
@I
@u DX @y pXpyq Ø Dx upxq “ yq

where the vertical dots represent a straightforward proof in first-order logic. Usually the line
containing the lambda-expression is not written down, it is done here for expository purposes
only.

Exercise 2.4. Show that @X @Y pX Ď Y Ñ X ď Y q is valid by giving a proof in NK2. Show

that @X @Y pX ď Y Ñ X Ď Y q is not valid by specifying a counterexample.

Exercise 2.5. There is a philosophical principle attributed to Leibniz which states that equality
of two objects means that they have all properties in common (“Leibniz equality”). Mathemati-
cally speaking, a property is just a set, so this can be formulated in second-order logic:
To do so, we define a translation L of second-order formulas containing equality into such that
do not by defining:

ps “ tqL ” @X pXpsq Ø Xptqq

AL ” A for all atoms which are not equations
p AqL ” AL
pA ^ BqL ” AL ^ B L
p@X AqL ” @X AL , p@u AqL ” @u AL , p@x AqL ” @x AL

In this exercise we assume that formulas only contain the connectives , ^, @ in order to avoid
repetition of analogous cases.

1. Show that A Ø AL is valid for any formula A.

2. Show that pt “ tqL is provable in NK2 for any term t.

3. Show that AL rxzts ” ArxztsL for any formula A and any term t.

14
 4. Show that: ArxztsL is provable in NK2 from the open assumptions ps “ tqL and ArxzssL .
Show that: ArxzssL is provable in NK2 from the open assumptions ps “ tqL and ArxztsL .

The points 2.-4. above show that a proof in NK2 of a sentence A can be transformed into a
proof of AL in which equality does no longer appear by replacing reflexivity axioms by the proof
constructed in 2. and instances of the equality rules by the proofs constructed in 4.

2.4 Second-Order Arithmetic

First some reminders: the language of arithmetic is LN “ t0{0, s{1, `{2, ¨{2, ă{2u. The standard
model is N “ pN, Is q where Is interprets the constant symbol 0 by the natural number 0, the
unary function symbol s by the successor function and so on. We have already seen in the
exercises that there are non-standard models of arithmetic, i.e. structures that satisfy the same
first-order sentences as N but which are not isomorphic to N . These models are rather strange
creatures which possess, in addition to the standard numbers also non-standard numbers which
start after (in the sense of the interpretation of ă) infinity. We will now see that second-order
logic allows to rule out these non-standard models and thus to uniquely define the natural
numbers.

Definition 2.6. The theory Q of minimal arithmetic is the deductive closure of the following
set of axioms:

@x x ` 0 “ x
@x 0 ‰ spxq
@x@y x ` spyq “ spx ` yq
@x@y pspxq “ spyq Ñ x “ yq
@x x ć 0
@x x ¨ 0 “ 0
@x@y px ă spyq Ø px ă y _ x “ yqq
@x@y x ¨ spyq “ px ¨ yq ` x
@x@y px ă y _ x “ y _ y ă xq

Theorem 2.3 (Σ1 -completeness of Q). If N ( Dx A where A is quantifier-free, then Q $ Dx A

Before we sketch the proof another reminder: a numeral is a term of the form sn p0q. It is the
canonical way to represent the number n P N in the language of arithmetic.

Proof Sketch. If N ( Dx A then there is an n P N s.t. N ( Arxzs

ns. By a straightforward (but
long) argument one can show that every such Arxzs ns has a Q-proof1 . Hence Q $ Dx A by a
single application of DI .

Definition 2.7 (Second-Order Arithmetic). The induction axiom is

Ind ” @X p Xp0q Ñ @x pXpxq Ñ Xpspxqqq Ñ @x Xpxq q.

Denote with SOA the conjunction of Ind and all axioms of Q.

We will now see that there are no non-standard models of second-order arithmetic. The sentence
SOA uniquely defines the natural numbers in the sense that – up to isomorphism – the only
model of SOA is the standard model. More precisely what we will show is:

Theorem 2.4. S ( SOA iff S » N .

1
ns, e.g. for spsp0qq ` sp0q “ spspsp0qqq as an exercise.
Try it for a simple Arxzs

15
 N
s̈ / LN -terms

ψ
I

" 
D

Figure 2.1: The isomorphism in the proof of Theorem 2.4

This theorem is sometimes formulated as the statement “Second-order arithmetic is categorical”.

This refers to the terminology of calling a theory categorical if all its models are isomorphic. As
a reminder, the definition of isomorphism for structures is repeated below.

Definition 2.8. Two structures pD1 , I1 q and pD2 , I2 q in the same language L are called iso-
morphic, written as pD1 , I1 q » pD2 , I2 q, if there is a bijection ψ : D1 Ñ D2 s.t.

1. ψpI1 pcqq “ I2 pcq for all constant symbols c in L,

2. ψpI1 pf qpm1 , . . . , mn qq “ I2 pf qpψpm1 q, . . . , ψpmn qq for all function symbols f in L and all
m1 , . . . , mn P D1 , and

3. pm1 , . . . , mn q P I1 pP q iff pψpm1 q, . . . , ψpmn qq P I2 pP q for all predicate symbols P in L and

all m1 , . . . , mn P D1 .

As our aim is to define the natural numbers one could wonder whether the definition can be
made even more precise: Is there a sentence F s.t. M ( F iff M “ N ? In the exercises we
have shown that two isomorphic structures satisfy the same (first-order) sentences. This result
carries over to second-order logic.

Proposition 2.3. If M1 » M2 and A is a second-order sentence, then M1 ( A iff M2 ( A.

Proof. Analogous to first-order logic2 .

So when we try to define a particular structure by a set of sentences (be that in first- or in
second-order logic) we can never expect more than a definition up to isomorphism.

Proof of Theorem 2.4. First note that N ( SOA as both induction as well as the axioms of Q
are true in N . As M » N , the right-to-left direction is done by Proposition 2.3.
For the left-to-right direction, let pD, Iq ( SOA and define a function

ψ : N Ñ D, n ÞÑ Ips
nq

which we will show to be the required isomorphism. For understanding this proof, it is important
to be aware of the types of the objects involved as we are dealing with three different domains
here: the natural numbers, LN -terms and M , see Figure 2.1.
First, we have

pD, Iq ( @X p Xp0q Ñ @x pXpxq Ñ Xpspxqqq Ñ @x Xpxq q.

2
This is a good opportunity to review Exercise 1.7/a.

16
Define I 1 “ I Y tX ÞÑ imgpψqu, then we have

pD, I 1 q ( Xp0q Ñ @x pXpxq Ñ Xpspxqqq Ñ @x Xpxq.

For all numerals n̄ we have Ipn̄q “ I 1 pn̄q. We have Ip0q P imgpψq, so

pD, I 1 q ( Xp0q.

Now we want to show

pD, I 1 q ( @x pXpxq Ñ Xpspxqqq,
i.e. if m P imgpψq then Ipsqpmq P imgpψq. Now if m P imgpψq then there is m0 P N s.t.
ψpm0 q “ m. But then Ipsqpmq “ IpsqpIpm
Ď0 qq “ Ipm Ğ0 ` 1q “ ψpm0 ` 1q P imgpψq. Combining
the above we obtain
pD, I 1 q ( @x Xpxq
i.e. D “ imgpψq, in other words: ψ is surjective.
Moreover, let m, n P N with m ‰ n. Then by Σ1 -completeness of Q, we know that Q $ ms ‰ns
and as pD, Iq is a model of Q, it also satisfies m
s ‰ n
s, i.e. Ipmq
s ‰ Ips
nq and therefore ψ is
injective.
In remains to show that ψ is a homomorphism

• ψp0q “ Ips
0q.

• ψpn ` 1q “ IpnĘ
` 1q “ Ipsps
nqq “ IpsqpIps
nqq “ Ipsqpψpnqq.

• ψpm ` nq “ Ipm Ğ ` nq. As m Ğ `n “ m s `ns is true in N it is (by Σ1 -completeness)

provable in Q and as pD, Iq is a model of Q we have Ipm
Ğ ` nq “ Ipms `nsq. Furthermore
Ipm
s `nsq “ Ip`qpIpmq,
s Ips nqq “ Ip`qpψpmq, ψpnqq.

• ψpm ¨ nq “ Ip¨qpψpmq, ψpnqq is shown analogously to the case of addition (do it as an

exercise!).

• For less-than note that if m ă n, then Q $ ms ăn s by Σ1 -completeness hence pD, Iq (

ms ă n s. If, on the other hand, m ć n, then Q $ m s ă n s hence pD, Iq ( m s ă n s,
i.e. pD, Iq * ms ă ns. Therefore m ă n iff pD, Iq ( ms ă n s iff pIpmq,
s Ips
nqq P Ipăq iff
pψpmq, ψpnqq P Ipăq.

We want to use this result for showing that the completeness theorem fails in second-order
logic. There is a subtle issue here that is worth discussing: the completeness theorem can
be formulated in two different ways: one abstract and one concrete. You are probably most
familiar with the concrete version which, for a particular calculus, says that each valid formula
is provable in this calculus. For a setting where the completeness theorem fails, one could – in
principle – prove the negation of this statement, i.e. show for a particular calculus (like NK2)
that it does not prove all valid (second-order) formulas. While this result is true it is not very
meaningful: it does not rule out the possibility that a simple extension of the calculus by a few
more inference rules would result in a complete system.
It is this point where the abstract statement of the completeness theorem becomes important.
The abstract version states that the set of valid first-order formulas is recursively enumerable.
As a reminder, a set is called recursively enumerable if – informally – there is a program that

17
outputs exactly the elements of the set. A proof calculus can be used as basis for such a program
as follows: compute all possible proofs by starting with any axiom and applying iteratively all
inference rules to all already generated proofs and for each proof thus generated output the
formula it has proved. Therefore the abstract version of the completeness theorem follows from
its concrete version.
In our setting of second-order logic – where completeness fails – we will prove the negation of
the abstract version because it shows (by the above argument) that there is no calculus which
is sound and complete for second-order logic. This will be based on the following result.
Theorem 2.5. ThpN q “ tA first-order sentence | N ( Au is not recursively enumerable.

Proof Sketch. This follows from Tarski’s theorem of the arithmetical undefinability of arith-
metical truth or from Gödel’s first incompleteness theorem3 .
Theorem 2.6. The set of valid sentences in second-order logic is not recursively enumerable.

Proof. Let A be a first-order sentence, then we first claim that N ( A iff SOA Ñ A is valid. The
right-to-left direction follows directly from the observation that N ( SOA. For the left-to-right
direction suppose SOA Ñ A is not valid. Then there is a structure S with S ( SOA but S * A.
But the categoricity of SOA then entails S » N hence N * A which finishes the proof of the
claim.
For finishing the proof, suppose the set of valid second-order sentences would be recursively
enumerable. Take a program P which outputs exactly the valid second-order sentences and
apply the following new program to every sentence B output by P : if B is of the form SOA Ñ A
output A else output nothing. By the above claim this would be a recursive enumeration of
ThpN q which does not exist by Theorem 2.5. Contradiction.

So the completeness theorem (as the compactness- and the Löwenheim-Skolem-theorem) fails
in second-order logic. These failures of important results about the logic are the price we have
to pay for its high expressivity.

2.5 Inductive Definitions

In this section we will examine the proof of the categoricity of second-order arithmetic from
a more abstract point of view in order to better understand the aspect of second-order logic
that we have used for defining the natural numbers. What we will find is a very powerful
mechanism: inductive definitions. Once more the pattern repeats: the increase in expressive
power goes hand-in-hand with the loss of certain nice properties of the logic – now we are
trading completeness for closure under inductive definitions.
Fix a structure S “ pD, Iq and observe that
pD, Iq ( Ind
iff pD, Iq ( @X p Xp0q Ñ @x pXpxq Ñ Xpspxqqq Ñ @y Xpyq q
iff pD, Iq ( @y loooooooooooooooooooooooooooooomoooooooooooooooooooooooooooooon
@X p Xp0q Ñ @x pXpxq Ñ Xpspxqqq Ñ Xpyq q

Nat
iff pD, Iq ( @y Nat.
3
If you are interested in a detailed proof, consult the course notes for “Mathematical Logic 2” or any textboook
on mathematical logic.

18
So a structure where Ind is true is one that satisfies @y Nat. Nat is a formula with one free
variable y. Given a structure S “ pD, Iq, a formula F with one free variable y defines a subset
of D, the set of m P D s.t. pD, I Y ty ÞÑ muq ( F .
Example 2.3. The formula y ‰ 1 ^ @x pDz x ¨ z “ y Ñ x “ 1 _ x “ yq defines the set of prime
numbers in the standard model of arithmetic.
More generally, we can define an n-ary relation by a formula with n free variables as follows:
Definition 2.9. Let pD, Iq be a structure and F a formula whose free variable are y1 , . . . , yn ,
abbreviated as ȳ. Then the expression λȳ.F is called definition of the relation
Ipλȳ.F q “ tm̄ “ pm1 , . . . , mn q P Dn | pD, I Y tȳ ÞÑ m̄uq ( F u.

Note that Ipλȳ.F q Ď Dn . In this notation, the expression λy.Nat defines the set
Ipλy.Natq “ tm P D | pD, I Y ty ÞÑ muq ( @X pXp0q Ñ @x pXpxq Ñ Xpspxqqq Ñ Xpyqqu.
In other words, an element m P D is in Ipλy.Natq if it is in every set which contains Ip0q and
is closed under Ipsq, i.e. if it is in the smallest set which contains Ip0q and is closed under
Ipsq. How can we obtain this set? By a limit process which successively adds elements thus
converging towards Ipλy.Natq.
Consider the following rules:
mPS
Ip0q P S Ipsqpmq P S
The set Ipλy.Natq can be obtained as limit of the process which applies these rules to all
members of the set thus constructing a sequence S0 “ H, S1 , S2 , . . . where Si`1 is obtained
from Si by closing it under all rules.
S0 “ H
S1 “ tIp0qu
S2 “ tIp0q, IpsqpIp0qqu
..
.
More abstractly and in the case of an n-ary relation we are dealing with an operator ϕ :
PpDn q Ñ PpDn q with ϕpSi q “ Si`1 .
Definition 2.10. An operator ϕ : PpDn q Ñ PpDn q is called monotone if S1 Ď S2 implies
ϕpS1 q Ď ϕpS2 q.
Definition 2.11. Let ϕ : PpDn q Ñ PpDn q be an operator. A set S P PpDn q is called fixed
point of ϕ if ϕpSq “ S. A fixed point S of ϕ is called least fixed point of ϕ if every fixed point
S 1 of ϕ satisfies S Ď S 1 .

We will see that every monotone operator has a unique least fixed point. The natural numbers
can be defined as the least fixed point of the operator which adds 0 to a set and for every element
m of the set adds m ` 1 to it and many data structures of relevance to computer science have
similar inductive definitions.
The definitional principle that is behind the categoricity-theorem proved above then is that
second-order logic is closed under least fixed points of monotone operators, i.e. if a monotone
operator is second-order definable so is its least fixed point.
From this definition follows directly that if ϕ : PpDn q Ñ PpDn q has a least fixed point, then it
is unique: for assume ϕ has two least fixed points S1 and S2 , then S1 Ď S2 because S1 is least
fixed point and S2 Ď S1 because S2 is least fixed point and hence S1 “ S2 .

19
Theorem 2.7. Every monotone operator ϕ : PpDn q Ñ PpDn q has a least fixed point.
n n
Ş
Ş Let C “ tA Ď D | ϕpAq Ď Au. Since D P C, C is non-empty, so C is well-defined. Let
Proof.
R “ C. Let us first prove that R is a fixed point of ϕ. To that aim, let S P C, then ϕpSq Ď S.
Moreover, R Ď S and, by monotonicity of ϕ, ϕpRq Ď ϕpSq. Therefore ϕpRq Ď S and, since S
was arbitrary, ϕpRq Ď R. Moreover, again by monotonicity of ϕ, we have ϕ2 pRq Ď ϕpRq. So
ϕpRq P C and hence R Ď ϕpRq. Therefore, ϕpRq “ R, i.e., R is a fixed
Ş point of ϕ. Now,1 suppose
1 n 1
that R Ď D is a fixed point of ϕ. Then R P C and since R “ C we have R Ď R , so R is
the least fixed point of ϕ.

For a monotone operator ϕ : PpDn q Ñ PpDn q we write Ş lfppϕq for its least fixed point. Note
furthermore that for monotone ϕ we have lfppϕq “ ϕpRq“R R. The left-to-right direction
follows from lfppϕq being contained in all R s.t. ϕpRq “ R. The right-to-left inclusion follows
from lfppϕq being a fixed point and hence being in the intersection.
Example 2.4. Let D “ Z and let ϕ be the operator which to a given S Ď Z adds 0 and x ` 1
for all x P S, i.e.
ϕpSq “ S Y t0u Y tx ` 1 | x P Su.
Then ϕ is monotone and the fixed points of ϕ are the sets of the form r´k, 8r Ď Z for k P N
and Z itself. The least fixed point is lfppϕq “ N.
The above observations are of a purely algebraic nature. The fact that a monotone operator
has a unique least fixed point does not rely on logic. But we return to logic now by considering
definitions of operators in second-order logic.
Definition 2.12. Let pD, Iq be a structure and F be a formula whose free variables are X{n and
ȳ “ y1 , . . . , yn . Then the expression λXλȳ.F is called definition of the operator ϕ : PpDn q Ñ
PpDn q given by
ϕpRq “ pI Y tX ÞÑ Ruqpλȳ.F q.
We also write IpλXλȳ.F q for this operator ϕ.
Example 2.5. The operator ϕ of Example 2.4 can be defined by
λXλy. y P X _ y “ 0 _ Dz P X y “ spzq.

The main theorem of this section is the following:

Theorem 2.8. Let S “ pD, Iq be a structure and ϕ : PpDn q Ñ PpDn q be a monotone operator
which is second-order definable, then lfppϕq is second-order definable.

Before we prove it we need two auxiliary observations on set-definitions.

Lemma 2.1. Let S “ pD, Iq be a structure and A be a formula with X{n and z̄ “ z1 , . . . , zn
as only free variables, then
č
Ipλz̄.@X Aq “ pI Y tX ÞÑ Ruqpλz̄.Aq
RĎDn

Proof. We have
m̄ P Ipλz̄.@XAq iff pD, I Y tz̄ ÞÑ m̄uq ( @X A
iff for all R Ď Dn : pD, I Y tz̄ ÞÑ m̄, X ÞÑ Ruq ( A
iff for all R Ď Dn : m̄ P pI Y tX ÞÑ Ruqpλz̄.Aq
č
iff m̄ P pI Y tX ÞÑ Ruqpλz̄.Aq.
RĎDn

20
Lemma 2.2. Let S “ pD, Iq be a structure, C be a sentence and A be a formula with z̄ “
z1 , . . . , zn as only free variables, then
"
Ipλz̄.Aq if pD, Iq ( C
Ipλz̄.C Ñ Aq “
Dn otherwise

Proof. If pD, Iq ( C, then

m̄ P Ipλz̄.C Ñ Aq iff pD, I Y tz̄ ÞÑ m̄uq ( C Ñ A

iff pD, I Y tz̄ ÞÑ m̄uq ( A
iff m̄ P Ipλz̄.Aq.

If pD, Iq * C, then pD, I Y tz̄ ÞÑ m̄uq ( C Ñ A for all m̄ and hence Ipλz̄.C Ñ Aq “ Dn .

Proof of Theorem 2.8. Let λXλȳ.F be a definition of ϕ, then ȳ “ y1 , . . . , yn and we have

ϕpRq “ pI Y tX ÞÑ Ruqpλȳ.F q.

Define a formula
FP ” @ȳ pF Ø Xpȳqq
and observe that FP has X{n as its only free variable. Now

pD, I Y tX ÞÑ Ruq ( @ȳ pF Ø Xpȳqq

is equivalent4 to

m̄ P pI Y tX ÞÑ Ruqpλȳ.F q iff m̄ P pI Y tX ÞÑ Ruqpλȳ.Xpȳqq

which is in turn equivalent to

m̄ P ϕpRq iff m̄ P R
and hence we obtain:
pD, I Y tX ÞÑ Ruq ( FP iff ϕpRq “ R. (*)
Towards defining the least fixed point, let

LFP ” @X pFP Ñ Xpz̄qq

which has only z̄ as free variables. Then by Lemma 2.1

č
Ipλz̄.LFPq “ pI Y tX ÞÑ Ruqpλz̄.FP Ñ Xpz̄qq.
RĎDn

Now fixing an R Ď Dn we have

"
pI Y tX ÞÑ Ruqpλz̄.Xpz̄qq if pD, I Y tX ÞÑ Ruq ( FP
pI Y tX ÞÑ Ruqpλz̄.FP Ñ Xpz̄qq “
Dn otherwise

by Lemma 2.2 and

"
R if ϕpRq “ R
“ n .
D otherwise
4
Exercise: show this equivalence in detail.

21
by p˚q. Therefore č
Ipλz̄.LFPq “ R “ lfppϕq.
RĎDn
ϕpRq“R

For λXλȳ.F being the definition of a monotone operator ϕ, define the formula

µX.F ” @X p@ȳpF Ø Xpȳqq Ñ Xpz̄qq

which has z̄ as only free variables and satisfies Ipλz̄µX.F q “ lfppϕq as shown in the above
theorem. This is a common notation for the least fixed point in the literature.
Example 2.6. Continuing Examples 2.4 and 2.5 we have

Ipλz̄µX.F q “ Ipλz̄.@X p@yppy P X _ y “ 0 _ Dz P X y “ spzqq Ø y P Xq Ñ z P Xqq “ N

Let us now go back to the inductive definition of the set of natural numbers in order to make
a proof-theoretic observation.

Nat ” @X p 0 P X Ñ @x P X spxq P X Ñ y P X q

From the proof-theoretic point of view the above definition provides the ability to prove a
statement by induction in the following form:
..
.. rx0 P Nats1
.. @E
.. Ap0q Ap0q Ñ @x pApxq Ñ Apspxqqq Ñ Apx0 q
ÑE
@x pApxq Ñ Apspxqqq @x pApxq Ñ Apspxqqq Ñ Apx0 q
ÑE
Apx0 q 1
Ñ
x0 P Nat Ñ Apx0 q I
@I
@x P Nat Apxq

We can continue to define other data types like trees, etc. in a similar fashion. For defining
functions we now consider a mechanism that allows to introduce a new function symbol after
having specified a functional relationship. As a reminder, the graph of a function f : X n Ñ Y
is the set
tpx̄, yq P X n ˆ Y | f px̄q “ yu

Our logical setting allows inductive definitions of sets and in order to mimic a recursive definition
of a function one can proceed as follows:
Definition 2.13. Let T be a second-order theory5 in some language L. If T $ @x̄ D!y F px̄, yq
for a formula F whose free variables are among x̄, y then we define a functional extension by
adding a new function symbol f and defining T 1 as the deductive closure of

T Y t@x̄@y pF px̄, yq Ø f px̄q “ yqu.

This provides a mechanism for defining new functions. One way of defining a new function is
by recursion. For example, Q contains axioms that define addition in terms of the successor.
To mimic such a definition in our setting we proceed as follows
5
Reminder: a theory is a deductively closed set of sentences – in the case of second-order logic deductively
closed means that by NK2 no new consequences can be derived

22
 1. Give an inductive definition F px̄, yq of the graph of the function.

2. Give an NK2-proof of @x̄D!y F px̄, yq.

3. Obtain a new function symbol f by taking the functional extension T 1 of T by f .

An advantage of this procedure is the above definition of a functional extension is all we need
beyond plain NK2.
Remark 2.1. An alternative to the above notion of functional extension would be to enrich our
object-level language by a selection operator ι which is given a predicate as argument and will
return an object satisfying this predicate (if there is any such object – if not, it may return
anything). For example, the predecessor function p could be defined by

p ” λx.ιpλy.spyq “ xq

as the function which, given x as input will return a y for which the property spyq “ x holds
(if there is any such y).
However, we refrain from using selection operators right now as they require a tighter integration
with the lambda calculus.

Exercise 2.6. In this exercise we work in the language of rings L “ t0{0, 1{0, `{2, ´{1, ¨{2, ´1 {1u
and in the structure pR, Iq where I is the standard-interpretation of L with the convention that
Ip0´1 q “ Ip0q to ensure totality of the multiplicative inverse. Let ϕ : PpRq Ñ PpRq be the
mapping which adds to a given S Ď R the elements 0, 1, x ` y, x ¨ y, ´x, x´1 for all x, y P S.

1. Show that ϕ is a monotone operator.

2. Find a formula F which defines ϕ.

3. What is the least fixed point of ϕ?

4. Find a formula G which defines the least fixed point of ϕ.

5. Are there other fixed points? If yes, give at least one. If no, show why.

Exercise 2.7. Let S “ pD, Iq be a structure, let F1 , F2 be formulas whose only free variables
are ȳ “ y1 , . . . , yn . Show that

1. Ipλȳ.F1 ^ F2 q “ Ipλȳ.F1 q X Ipλȳ.F2 q

2. Ipλȳ.F1 _ F2 q “ Ipλȳ.F1 q Y Ipλȳ.F2 q

Let F be a formula whose only free variables are ȳ “ y1 , . . . , yn and x. Show that
Ş
3. Ipλȳ.@x F q “ mPD pI Y tx ÞÑ muqpλȳ.F q
Ť
4. Ipλȳ.Dx F q “ mPD pI Y tx ÞÑ muqpλȳ.F q

A formula is said to be in negation-normal form (NNF) if it does not contain implication and
negation appears only immediately above atoms. It is well known that every formula can be
transformed into a logically equivalent NNF.

23
 5. Let F be a formula in NNF without second-order quantifiers s.t. λXλȳ.F defines an op-
erator ϕ : PpDn q Ñ PpDn q and no occurrence of X in F appears below a negation. Show
that ϕ is monotone.
Hint: proceed by induction on F

Exercise 2.8. We work in the language L “ t0{0, s{1u and the theory T , defined as deductive
closure of the axioms

@y Nat @x 0 ‰ spxq @x@y pspxq “ spyq Ñ x “ yq

In this exercise we will do some programming based on this theory. The primitive recursive
definition of addition of natural numbers is

x ` 0 Ñ x, x ` spyq Ñ spx ` yq

Our aim for this exercise is to obtain a new theory T 1 where the addition-function is available
and then to prove properties of addition.
To that aim, first define the graph of the addition function:

Addpx, y, zq ” @X p@x1 Xpx1 , 0, x1 q Ñ @x1 y 1 z 1 pXpx1 , y 1 , z 1 q Ñ Xpx1 , spy 1 q, spz 1 qqq Ñ Xpx, y, zqq

Give formal proofs of

1. @x Addpx, 0, xq and

2. @x@y@z pAddpx, y, zq Ñ Addpx, spyq, spzqqq.

From now on we assume that also T $ @x@yD!z Addpx, y, zq (but showing this is not part of
this exercise). This allows to add a new binary function symbol `, written in infix notation, to
obtain the theory T 1 as deductive closure of T and t@x@y@z pAddpx, y, zq Ø x ` y “ zqu.
Give formal proofs in T 1 of

3. @x x ` 0 “ x and

4. @x@y x ` spyq “ spx ` yq.

Using this procedure we can extend our working theory by any function which has a primitive
recursive definition. Beyond NK2 this procedure only uses the functional extension of a theory
as described in the course notes. Once we have extended the theory by a newly defined function
(such as `) we can prove properties of this function.
Give a formal proof in T 1 of

5. @x1 @x2 x1 ` x2 “ x2 ` x1
Hint: Establish the symmetric versions of properties 3. and 4. above first by induction:
@x 0 ` x “ x and @x@y spxq ` y “ spx ` yq. Then do an induction on either x1 or x2 .

24
Chapter 3

Higher-Order Logic

3.1 The Untyped Lambda Calculus

The untyped lambda calculus is an abstract notation for functions and is based on two funda-
mental operations on functions and terms. The first of them is application: F A denotes the
application of the function F to the argument A. The second is abstraction: given a term A
(usually – but not necessarily – containing x) we can form the function which maps a given x
to A by writing λx.A.
For example, from the term x3 ` 1 we can build the function λx.x3 ` 1 which maps x to x3 ` 1.
Applying this function to 2 is written as the term pλx.x3 ` 1q2 which we will want to reduce to
23 ` 1 by inserting the argument 2 for the parameter x of the function.
Let us now make these ideas precise:

Definition 3.1 (Lambda Terms). The set of lambda terms, denoted Λ, is built up from a
countably infinite set of variables V by the following rules:

1. If x P V , then x P Λ.

2. If M, N P Λ, then M N P Λ.

3. If x P V and M P Λ, then λx.M P Λ.

Example 3.1. pλx.yxqz is a lambda term.

Parenthesis associate to the left, so M N O abbreviates pM N qO. The scope of a lambda-binding

extends as far to the right as possible, so λx.M N abbreviates λx.pM N q (but not pλx.M qN ).
We often abbreviate λx.λy.M by λxy.M . The notions of free and bound variables are defined
as usual (with λ being the only binder).

Definition 3.2 (β-Reduction). The rule of β-reduction is pλx.M qN ÞÑβ M rxzN s. We write
Ñβ for the reflexive and transitive closure of ÞÑβ .

A term of the form pλx.M qN is called a β-redex and a term which does not contain a redex is
called β-normal form. A normal form cannot be further reduced.

Definition 3.3 (α-Equivalence). Two lambda terms are called α-equivalent if they only differ
in naming of bound variables, this is written as M “α N .

25
For example λxy.yx and λxy 1 .y 1 x are α-equivalent. We will identify terms which are α-equivalent
and allow renaming of bound variables at any time. During β-reduction this may indeed some-
times become necessary as the following β-reduction sequence shows

pλx.xxqpλyz.yzq Ñβ pλyz.yzqpλyz.yzq Ñβ λz.pλyz.yzqz “α λz.pλyz 1 .yz 1 qz Ñβ λzz 1 .zz 1

The following theorem shows that the lambda calculus is confluent, this is also sometimes called
the Church-Rosser property.
Theorem 3.1. If M Ñβ M1 and M Ñβ M2 then there is an N s.t. M1 Ñβ N and M2 Ñβ N

Proof. Without proof (see a course on the lambda calculus).

There are terms whose reduction does not terminate:

pλx.xxqpλx.xxq Ñβ pλx.xxqpλx.xxq Ñβ ¨ ¨ ¨

A way to avoid this is to forbid self-application as in the term xx by introducing types, we will
see how to do this soon.
The lambda calculus is a very strong formalism. It allows to represent all computable functions.
To show this we need a representation of natural numbers in the lambda calculus, a good way
to do this are Church numerals. Define the n-fold application of a term F to a term M , written
as F n M by F 0 M ” M and F n`1 M ” F pF n M q. Then the lambda term representing n P N
s ” λf x.f n x.
is n
Example 3.2. s 3 “ λf x.f pf pf xqq
Theorem 3.2. If f : N ãÑ N is computable1 , then there is a lambda term T s.t. T n̄ Ñβ m̄ iff
f pnq “ m.

Proof. Without proof (see a course on the lambda calculus).

Exercise 3.1. Let A ” λmnf x.mf pnf xq and E ” λxy.yx.

1. Compute the β-normal form of As

1s
2.
2. Compute the β-normal form of As
3s
1.
3. Compute the β-normal form of Es 2s
3.
Hint: it may be helpful to split this reduction using several auxiliary calculations.
4. Show that Ams
s n Ñβ m
Ğ ` n for all m, n P N.

3.2 Simple Type Theory

The lambda calculus allows to apply terms to themselves, like in the case xx. In some situations
this is natural: for example a C-compiler which is written in C can take its own code as input.
In other situations it is not, for example the expression cospcosq (intended to denote application
of the cosine function to itself) does not make sense, but cospπq does. The reason for this is that
π P R and cos : R Ñ R, more verbosely: cos is a function taking a real number as argument
so cospπq is well-typed but cospcosq is not because cos is not a real number. This observation
builds the basis for the simply typed lambda calculus.
1
in other terminology: partial recursive

26
Definition 3.4 (simple types). The set of simple types T is defined inductively as follows:

1. ι P T (the type of individuals)

2. o P T (the type boolean)

3. If τ, σ P T, then τ Ñ σ P T (the type of functions from τ to σ)

Types – as implications – associate to the right, so τ Ñ σ Ñ ρ abbreviates τ Ñ pσ Ñ ρq.

Example 3.3. We can introduce “set” as abbreviation of ι Ñ o. An operator such as those
considered in the previous section is a function that maps sets to sets and hence of type set Ñ set,
i.e. pι Ñ oq Ñ pι Ñ oq.
Variables will directly be annotated with a type using the notation xτ for x P V and τ P T.
Consequently two variables of different type are always considered different and two variables of
the same type are the same iff they have the same underlying untyped variable. An expression
of the form M : τ is called type judgment and is read as “M is of type τ ”.

Definition 3.5. The logical constants are:

1. Ą : o Ñ o Ñ o

2. @τ : pτ Ñ oq Ñ o for each type τ P T.

Definition 3.6. A simply typed language L is a set of typed constants (different from the
logical constants).

Example 3.4. In our type-theoretic setting, the language of arithmetic is L “ t0 : ι, s : ι Ñ

ι, ` : ι Ñ ι Ñ ι, ¨ : ι Ñ ι Ñ ι, ă: ι Ñ ι Ñ ou.

Definition 3.7 (expressions of simple type theory). Let V be a countably infinite set of variables
and let L be a simply typed language. M is called L-expression of simple type theory if M : τ
is derivable by the following rules for some τ P T.

c : τ if c : τ P L or c : τ is a logical constant

xτ : τ for all x P V and τ P T

M :σÑτ N :σ M :τ
MN : τ λxσ .M : σ Ñ τ
Derivations in this calculus are called type derivations. A formula is an expression of type o.

Example 3.5. Let L “ tP : ι Ñ o, Q : ι Ñ o, f : ι Ñ ιu, the following is a type derivation.

P : ι Ñ o xι : ι f : ι Ñ ι xι : ι
Ą:oÑoÑo P xι : o Q:ιÑo f xι : ι
ι
Ą pP x q : o Ñ o ι
Qpf x q : o
ι ι
Ą pP x qQpf x q : o
@ι : ι λx . Ą pP xι qQpf xι q : ι Ñ o
ι

@ι λxι . Ą pP xι qQpf xι q : o

This type derivation shows that @ι λxι . Ą pP xι qQpf xι q is a formula. In the standard notation
of first-order logic this is written as: @x pP pxq Ñ Qpf pxqqq.

27
The extension of the semantics from first- to second-order logic was rather straightforward in
that we have taken set quantifiers to quantify over sets of the domain and function quantifiers
to quantify over functions. The extension to higher-order logic is as straightforward: having
quantification over any simple type we interpret a quantifier of type τ by an object of type
τ . For example a quantifier of type ι Ñ o will just be the set quantifier @X familiar from
second-order logic. A quantifier of type pι Ñ oq Ñ o quantifies over all sets of sets, etc.
Definition 3.8. Let D be a set. Define

1. Dι “ D,

2. Do “ ttrue, falseu where true and false are assumed to not occur in D, and

3. DρÑσ as the set of functions from Dρ to Dσ .

Definition 3.9. Let L be a simply typed language. An L-structure is a pair S “ pD, Iq where
D is a set and I maps each L-constant of type τ to an element of Dτ .
Definition 3.10. Let S “ pD, Iq be an L-structure. We extend the interpretation I from the
constants of the language to all expressions as follows:
The interpretation of the logical constants is:
"
true if b “ true or a “ false
IpĄqpa, bq “
false otherwise
"
true if F pmq “ true for all m P Dτ
Ip@τ qpF q “
false otherwise

The expressions are interpreted as:

IpM N q “ IpM qpIpN qq

Ipλx .M qpmq “ pI Y txτ ÞÑ muqpM q
τ

For M : o we write S ( M for IpM q “ true.

The above choice of logical constants suffices to define all others inside the system.
Example 3.6. Define

K ” @o λxo .xo , and

” λxo . Ą xo K.

Observe that K : o and : o Ñ o as the following type derivations show:

Ą: o Ñ o Ñ o xo : o
xo
:o Ą xo : o Ñ o K:o
@o : po Ñ oq Ñ o λxo .xo : o Ñ o Ą xo K : o
@o λxo .xo : o λxo . Ą xo K : o Ñ o

Also the semantics of these defined logical constants has the expected behavior. Let S “ pD, Iq
be a structure and observe that IpKq “ false and Ip q is negation:
"
o o o o true if ido pbq “ true for all b P Do
IpKq “ Ip@o λx .x q “ Ip@o qpIpλx .x qq “ Ip@o qpido q “
false otherwise
“ false

28
and
"
o o true if I 1 pKq “ true or I 1 pxo q “ false
Ip qpbq “ pI Y tx ÞÑ buqpĄ x Kq “
loooooooomoooooooon false otherwise
I1
"
true if b “ false
“
false if b “ true

To ease notation we will often omit type information on bound variables, so that e.g. λy ιÑι xι .y ιÑι xι
is more briefly written as λy ιÑι xι .yx. We also write binary logical operations in the usual infix
notation, e.g. A Ą B instead of Ą AB and quantifiers in the familiar way as @xτ A instead of
@τ λxτ .A.
Exercise 3.2. We have defined K and as simply typed expressions. Analogously to these,
define binary disjunction _, binary conjunction ^, logical equivalence Ø and the existential
quantifier Dτ as simply typed expression. Give type derivations and show that the semantics has
the expected behavior.

3.3 Proofs
Theorem 3.3 (Strong Normalization). If M is a simply typed expression, then every sequence
of β-reductions that starts with M eventually terminates.

Proof. Without proof (see a course on the lambda calculus).

This theorem states that all β-reduction sequences of a simply typed lambda term are finite.
There are reduction systems that only possess the weaker property that there is a finite reduction
sequence. This latter property is called weak normalization.
This theorem also shows that, in particular, the non-terminating lambda term pλx.xxqpλx.xxq
is not typable. Indeed, in a certain sense, the very point of types is that they guarantee
termination. By strong normalization and confluence every term has exactly one beta-normal
form. Hence inter-reducibility by beta-reduction and alpha-renaming is a decidable equivalence
relation and will be denoted by “αβ .
We are now in a position to define a proof system NKω for simple type theory. The rules are:
..
..
M “αβ
N
whenever M “αβ N . For the propositional symbols we have
rM si ..
.. .. .. ..
.. .. ..
M M ĄN Ą N p Mq
E Ąi dne
N M ĄN I M
where the double negation elimination is responsible for obtaining classical (and not intuition-
istic logic). For the quantifier we have the rules:
..
..
@xτ A @
E
Arxτ zM s

29
for an expression M of type τ and
..
.. π
Arx zxτ0 s
τ
@I
@xτ A

if xτ0 does not occur in A nor in the open assumptions of π. Equality reasoning in NKω is done
using Leibniz equality by defining:

“τ ” λxτ1 xτ2 .@Y τ Ño pY x1 Ø Y x2 q

and adding the exioms of propositional extensionality

@xo @y o ppx Ø yq Ø x “o yq

and functional extensionality

@f τ Ñσ @g τ Ñσ pp@xτ f x “σ gxq Ą f “τ Ñσ gq.

Exercise 3.3. Show that the usual rules for K, , _, ^, Ø and Dτ (as defined in Exercise 3.2)
are derivable in NKω.

Exercise 3.4. Show that the following formulas are provable in NKω for arbitrary types τ, σ:

reflexivity: @xτ x “τ x
symmetry: @xτ @y τ px “τ y Ą y “τ xq
transitivity: @xτ @y τ @z τ px “τ y Ą y “τ z Ą x “τ zq
compatibility: @f τ Ñσ @xτ @y τ px “τ y Ą f x “σ f yq

Exercise 3.5. Define set-complementation comp as a simply typed expression. Give a type
derivation and show that the semantics has the expected behavior. Define a simply typed formula
F that states: “for any set of individuals X: the complement of the complement of X is X”.
Give a type derivation for F . Prove F in NKω. You may assume at your disposal the usual
inference rules for ^, _, Ø, , Dτ in NKω (see Exercise 3.3).

3.4 Subsystems

We can now recover first- and second-order logic within simple type theory. A language in both
first- and second-order logic consisted of constant symbols, function symbols and predicate
symbols. Constant and function symbols have types from

TF “ tι, ι Ñ ι, ι Ñ ι Ñ ι, . . .u

while predicate symbols have types from

TP “ to, ι Ñ o, ι Ñ ι Ñ o, . . .u.

Definition 3.11. Let A be a simply typed formula s.t. every non-logical symbol occurring in A
is of a type in TF or in TP . Then A is said to be a formula of second-order logic. Furthermore,
if all @τ in A satisfy τ “ ι then A is said to be a formula of first-order logic.

30
From a purely formal point of view, simple type theory is one formal system, first-order logic
another and second-order logic yet another. The above definition could be made more precise
by first defining additional connectives like ^, _, Dτ in simple type theory, then defining (the
straightforward) translations from first- and second-order logic to simple type theory and finally
showing that these translations preserve truth (and hence validity). For time constraints we
refrain from carrying out this in detail here, partially this will be done in the exercises. In
the end the moral is that first- and second-order logic can be considered subsystems of simple
type theory and in particular: whenever something is first- or second-order definable it is also
definable in simple type theory. This leads to the following results:

Theorem 3.4. The compactness theorem fails in simple type theory.

Proof. Let Li be the first-order formula that defines the structures of size at least i and remember
that finiteness can be defined by a second-order formula Fin. Let Γ “ tFinu Y tLi | i ě 1u and
observe that every finite Γ0 Ď Γ is satisfiable but Γ is not.

Theorem 3.5. The Löwenheim-Skolem theorem fails in simple type theory.

Proof. Remember that there was a second-order formula CountablepUq which defines the count-
able structures. The second-order and hence higher-order formula CountablepUq is satisfiable
but has no countable model, hence the Löwenheim-Skolem theorem fails.

Theorem 3.6. The completeness theorem fails in simple type theory.

Proof. Note that there is a program P which when given a higher-order formula determines
whether it is a second-order formula or not (by checking the types of all quantifiers).
Suppose that the valid formulas of higher-order logic are recursively enumerable by some pro-
gram Q, then the valid formulas of second-order logic are recursively enumerable as well (by
using both P and Q). Contradiction.

3.5 Henkin-Completeness
So, as in second-order logic, the completeness theorem does not hold in simple type theory.
Nevertheless, there is a natural proof formalism – NKω – and the question of finding a semantic
characterization of the formulas provable in NKω is natural as well. In this section we will sketch
such a characterization.
The starting point are NKω-proofs and the observation that one can make explicit (in the form
of first-order axioms) the properties of types that are used in such proofs. Formally, this will
mean recovering simple type theory as a first-order theory, i.e. as a formal system obtained from
pure first-order logic by adding these axioms.
To that aim we will define a translation from simply typed formulas to formulas in this first-
order theory. The basic idea is to add, for each type τ P T a unary predicate symbol Tτ intended
to denote “is of type τ ”. This will allow to express quantification over higher-types as bounded
first-order quantification by translating

@xτ A to @x pTτ pxq Ñ Aq.

In order to carry out this translation we first introduce a version of simple type theory that is
based on relations only.

31
Definition 3.12. Relational type theory is defined as follows.

1. ι and o are relational types

2. if τ1 , . . . , τn are relational types, then τ1 Ñ ¨ ¨ ¨ Ñ τn Ñ o is a relational type.

A simply typed language L is called relational if all its elements have types in TF Y TR .
The relational formulas are defined as follows:

1. The terms of type ι are defined as in first-order logic.

2. The terms of a relational type σ ‰ ι are the variables of type σ.

3. Let t1 : τ1 , . . . , tn : τn and σ “ τ1 Ñ ¨ ¨ ¨ Ñ τn Ñ o.

(a) If R : σ P L then Rt1 ¨ ¨ ¨ tn is an atom.

(b) If X σ is a variable, then X σ t1 ¨ ¨ ¨ tn is an atom.

4. Formulas are obtained from atoms by closing under Ą and @σ for all relational σ.

Proposition 3.1. For every formula A there is a relational formula A1 s.t. NKω $ A Ø A1 .

Proof Sketch. The central idea of the proof is that a function f : τ Ñ σ can be represented by
a relation R : τ Ñ σ Ñ o by defining Rpx, yq iff f pxq “ y and hence quantification of arbitrary
types can be replaced by quantification over relational types.

Definition 3.13. Let L be a relational language. Define the following first-order language Ls :

1. If c : τ P L, then τ P TF Y TR and put c P Ls .

2. For each relational type σ add a unary predicate symbol Tσ (whose intended interpretation
is “is of type σ”) to Ls .

3. For each relational type σ “ τ1 Ñ ¨ ¨ ¨ Ñ τn Ñ o add an n ` 1-ary predicate symbol Eσ

(whose intended interpretation is “is element of”).

Definition 3.14. Define a translation of a relational formula A to a first-order Ls -formula As

recursively as follows:

pxσ t1 ¨ ¨ ¨ tn qs ” Eσ pt1 , . . . , tn , xq where σ “ τ1 Ñ ¨ ¨ ¨ Ñ τn Ñ o

As ” A for another atomic formula A
pA Ą Bqs ” As Ñ B s
p@xσ Aqs ” @x pTσ pxq Ñ As q

Definition 3.15. Let L be a relational language and define the first-order theory TT0 in Ls
by the following axioms:

1. Tτ pcq if c : τ P L.

2. disjointness: @x pTτ pxq Ñ Tσ pxqq if τ ‰ σ.

. . ., see Leivant-article for the full list.

32
Furthermore, define the comprehension axioms: let A be a higher-order formula of type o with
free variables x1 : τ1 , . . . , xn : τn . Let σ “ τ1 Ñ ¨ ¨ ¨ Ñ τn Ñ o. Then the comprehension axiom
for A is the sentence
DY σ @xτ11 ¨ ¨ ¨ @xτnn pY x1 ¨ ¨ ¨ xn Ø Aq

Let TT be the theory obtained by adding to TT0 all s-translations of all comprehension axioms.
Example 3.7. Comprehension axioms are essential for mathematics, they allow to define sets
such as for example the set of even numbers:

DY ιÑo @xι pY x Ø Dz ι 2 ¨ z “ xq

Lemma 3.1. Let A be a relational formula. Then A is provable in NKω iff TT $ As .

Without Proof.
The above result characterizes provability in NKω by provability in the first-order theory TT.
In first-order logic however we do have a completeness theorem which, when applied to the
above lemma, has the following immediate corollary:

TT $ As iff S ( As for all S with S ( TT.

This shows that there is a class of structures w.r.t. which NKω is complete, namely the struc-
tures S satisfying TT. Such a structure interprets the translation As of a simply typed formula
A. In the rest of this section we will primarily concern ourselves with how to transfer back the
satisfaction of TT to the level of semantics. This will give rise to the notion of Henkin-structure
and lead to the characterization of the formulas provable in NKω as those which are true in all
Henkin-structures.
The above Lemma 3.1 is an important result for the following reason: the completeness theorem
is a strong connection between the syntactic side of proofs and the semantic side of structures.
We have seen that the completeness theorem does not survive the transition from first- to
second- and higher-order logic – and this despite the fact that this transition is quite natural
on both, the syntactic and the semantic side. The above Lemma 3.1 helps to explain why this
connection breaks down: the generalization of proofs from first- to higher-order logic is, in fact,
quite weak: provability in NKω can be characterized by provability in a first-order theory. This
is in stark contrast to the semantic side where the interpretation of set-quantifiers as ranging
over all subsets gives definitional power that does not exist in first-order logic as we had the
chance to witness at several occasions in this course.
The central difference between interpreting A and As is that in the standard semantics of simply
typed L-formulas, the interpretation of a type τ is fixed to be Dτ . In contrast to that, when
interpreting an As in a structure S, the interpretation of the predicate Tτ is part of the structure
S.
This observation forms the starting point of the Henkin semantics of simple type theory. Instead
of fixing the interpretation of a type τ to be Dτ we will make the interpretation of τ part of the
structure.
Definition 3.16. Let L be a simply typed language. A Henkin-L-prestructure is a pair H “
pD, Iq s.t.

• Ipoq “ ttrue, falseu and Ipιq “ D.

• Ipτ q Ď Dτ for every τ P T.

33
 • Ipcq P Ipτ q for every c : τ P L.

Example 3.8. pR, Iq where Ipoq “ ttrue, falseu, Ipιq “ R, Ipι Ñ oq “ the measurable subsets of
R, etc.

Definition 3.17. Let S “ pD, Iq be a Henkin-L-prestructure. The interpretation I is extended

to all simply typed expressions as in the case of L-structures (see Definition 3.10) with the only
exception of the universal quantifier which is interpreted as:
"
true if F pmq “ true for all m P Ipτ q
Ip@τ qpF q “
false otherwise

As always, when L is irrelevant or clear from the context, we simply speak about a Henkin-
prestructure.

Definition 3.18. Let H “ pD, Iq be a Henkin-L-prestructure, we obtain a first-order Ls -

structure Hs “ pDs , I s q as follows:

1. Ds “
Ť
τ PT Ipτ q,

2. I s pcq “ Ipcq for c P L,

3. I s pTτ q “ Ipτ q, and

4. I s pEτ q “ P.

The above translation turns a Henkin-L-prestructure H into a first-order Ls -structure Hs and

it preserves truth in the following sense:

Lemma 3.2. Let H be a Henkin-L-prestructure and A be a simply typed L-formula. Then

H ( A iff Hs ( As .

Without Proof.
In the structure Hs , the predicates Tτ and Eτ behave like type membership and elementhood,
and it is not difficult to verify that Hs ( TT0 for all Henkin-prestructures H. On the other
hand, there are Henkin-prestructures which do not satisfy the comprehension axioms. This
motivates the following definition.

Definition 3.19. A Henkin-L-structure is a Henkin-L-prestructure pD, Iq that is closed under

definability, i.e. for every term M of type τ we have IpM q P Ipτ q.

We then obtain:

Lemma 3.3. Let S be a Ls -structure. Then S ( TT iff there is a Henkin-L-structure H s.t.

S “ Hs

Without Proof.

Definition 3.20. A simply typed formula is called Henkin-valid if it is true in all Henkin
structures.

Theorem 3.7. A relational formula is provable in NKω iff it is Henkin-valid.

34
Proof. NKω proves A iff TT $ As (by Lemma 3.1)
iff S ( As for all S with S ( TT (by first-order completeness)
iff Hs ( As for all Henkin-structures H (by Lemma 3.3)
iff H ( A for all Henkin-structures A (by Lemma 3.2)

The above theorem – the completeness of Henkin semantics – and its proof shows that Henkin-
validity is a semantical notion much closer to first-order validity than to higher-order validity.
The interest in Henkin-structures does therefore lie not so much in this completeness result
itself but rather in the technical usefulness of Henkin structures for various purposes. For
example, they allow to show of a valid formula that it is unprovable in NKω by giving a
Henkin-countermodel (see Theorem 5.5.3. in Leivant’s article cited on the website for a proof of
the unprovability of the (type-theoretic version of) the axiom of choice). As another application,
Henkin-structures allow semantic cut-elimination proofs by showing Henkin-soundness of cut
followed by Henkin-completeness of the cut-free calculus.

3.6 Type Theory at Work

Higher-order logic as we have seen it in the last few sections builds a popular logical basis
for many proof assistants because of its flexibility and powerful type checking mechanisms.
These proof assistants are interactive theorem proving environments that assist a user in fully
formalizing a proof. Many of these systems are quite flexible with applications ranging from
software verification to formalization of large mathematical proofs.
Among the most fully developed proof assistants are the systems

• Isabelle, http://www.cl.cam.ac.uk/research/hvg/isabelle/

• Coq, http://coq.inria.fr/

• Mizar, http://www.mizar.org/

The following is a proof script in Isabelle/HOL which is essentially a mechanization of higher-

order logic as we have used in this chapter (with tons of additional features and syntactic sugar).
For more information about Isabelle, consult the documentation that comes with the system.

theory demo

imports Main

begin

(*** propositional logic ***)

lemma lem1: "A \<and> B \<longrightarrow> A"

apply(rule impI)
apply(drule conjunct1)
apply(assumption)
done

35
lemma conj_comm: "A \<and> B \<Longrightarrow> B \<and> A"
apply(rule conjI)
apply(drule conjunct2)
apply(assumption)
apply(drule conjunct1)
apply(assumption)
done

lemma "A \<and> B \<longrightarrow> (B \<and> A) \<or> C"

apply(rule impI)
apply(rule disjI1)
apply(rule conj_comm)
apply(assumption)
done

(*** inductive data types ***)

datatype ’a mylist = nil | cons ’a "’a mylist"

primrec myapp :: "’a mylist \<Rightarrow> ’a mylist \<Rightarrow> ’a mylist" where

"myapp nil ys = ys" |
"myapp (cons x xs) ys = (cons x (myapp xs ys))"

value "nil"
value "(cons (3::nat) nil)"
value "(cons (2::nat) (cons (1::nat) nil))"
value "(myapp (cons (3::nat) nil) (cons (2::nat) (cons (1::nat) nil)))"

primrec mylen :: "’a mylist \<Rightarrow> nat" where

"mylen nil = 0" |
"mylen (cons x xs) = Suc (mylen xs)"

value "mylen nil"

value "mylen (cons (3::nat) nil)"
value "mylen (myapp (cons (3::nat) nil) (cons 17 (cons 1 nil)))"

lemma "mylen (myapp xs ys) = (mylen xs) + (mylen ys)"

apply(induct_tac xs)
apply(auto)
(* play with these commands
apply(simp del: myapp.simps)
apply(auto)
apply(simp_all)
apply(simp)
*)
done

lemma "(myapp xs (myapp ys zs)) = (myapp (myapp xs ys) zs)"

36
apply(induct_tac xs)
apply(auto)
done

(*** the Isar language: human-readable proof scripts,

closer to mathematical practice ***)

(* Cantor’s theorem: there is no surjective function from a set to its powerset *)

theorem "\<exists> S. S \<notin> range (f :: ’a \<Rightarrow> ’a set)"
proof
let ?S = "{x. x \<notin> f x}"
show "?S \<notin> range f"
proof
assume "?S \<in> range f"
then obtain y where "?S = f y" ..
show False
proof cases
assume "y \<in> ?S"
with ‘?S = f y‘ show False by auto
next
assume "y \<notin> ?S"
with ‘?S = f y‘ show False by auto
qed
qed
qed

end (* end of theory *)

Exercise 3.6. Use Isabelle/HOL to define the inductive datatype of trees (of some type ’a) as
we did for lists above. Define a function numleaves which computes the number of leaves of a
given tree. Define a function insert which takes two trees T and S and replaces every leaf of
T by the tree S. Prove that numleaves (insert T S) = (numleaves T) * (numleaves S).

37
38
Bibliography

[1] Peter B. Andrews. An Introduction to Mathematical Logic and Type Theory: To Truth
through Proof. Academic Press, 1986.

[2] Hendrik Pieter Barendregt. Lambda Calculi with Types, volume 2 of Handbook of Logic in
Computer Science, pages 117–309. Clarendon Press, 1992.

[3] Roger J. Hindley. Basic Simple Type Theory. Cambridge University Press, 1997.

[4] Daniel Leivant. Higher Order Logic. In Dov M. Gabbay, Christopher J. Hogger, J. A.
Robinson, and Jörg H. Siekmann, editors, Handbook of Logic in Artificial Intelligence and
Logic Programming (2), pages 229–322. Oxford University Press, 1994.

[5] Tobias Nipkow. Programming and Proving in Isabelle/HOL. available from http://www.
cl.cam.ac.uk/research/hvg/Isabelle/documentation.html.

[6] Johan van Benthem and Kees Doets. Higher-order logic. In Dov Gabbay and Franz Guen-
ther, editors, Handbook of Philosophical Logic, volume 1, pages 189–243. Kluwer, 2nd edition,
2001.

39