Part I

Intuitionistic Logic

1
 This is a brief introduction to intuitionistic logic produced by Zesen
Qian and revised by RZ. It is not yet well integrated with the rest of the
text and needs examples and motivations.

2 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

Chapter 1

Introduction

1.1 Constructive Reasoning

In contrast to extensions of classical logic by modal operators or second-order
quantifiers, intuitionistic logic is “non-classical” in that it restricts classical
logic. Classical logic is non-constructive in various ways. Intuitionistic logic
is intended to capture a more “constructive” kind of reasoning characteristic
of a kind of constructive mathematics. The following examples may serve to
illustrate some of the underlying motivations.
Suppose someone claimed that they had determined a natural number n
with the property that if n is even, the Riemann hypothesis is true, and if n
is odd, the Riemann hypothesis is false. Great news! Whether the Riemann
hypothesis is true or not is one of the big open questions of mathematics, and
they seem to have reduced the problem to one of calculation, that is, to the
determination of whether a specific number is even or not.
What is the magic value of n? They describe it as follows: n is the natural
number that is equal to 2 if the Riemann hypothesis is true, and 3 otherwise.
Angrily, you demand your money back. From a classical point of view, the
description above does in fact determine a unique value of n; but what you
really want is a value of n that is given explicitly.
To take another, perhaps less contrived example, consider the following
question. We know that it is possible to raise an irrational number to a rational
√ 2
power, and get a rational result. For example, 2 = 2. What is less clear
is whether or not it is possible to raise an irrational number to an irrational
power, and get a rational result. The following theorem answers this in the
affirmative:
Theorem 1.1. There are irrational numbers a and b such that ab is rational.
√ √2 √
Proof. Consider 2 . If this is rational, we are done: we can let a = b = 2.
Otherwise, it is irrational. Then we have
√ √2 √ √ √2·√2 √ 2
( 2 ) 2= 2 = 2 = 2,

3
 √
√ 2 √
which is rational. So, in this case, let a be 2 , and let b be 2.

Does this constitute a valid proof? Most mathematicians feel that it does.
But again, there is something a little bit unsatisfying here: we have proved
the existence of a pair of real numbers with a certain property, without being
able to say which pair of numbers it is. It is possible to prove the same√result,
but in such a way that the pair a, b is given in the proof: take a = 3 and
b = log3 4. Then
√ log3 4
ab = 3 = 31/2·log3 4 = (3log3 4 )1/2 = 41/2 = 2,

since 3log3 x = x.
Intuitionistic logic is designed to capture a kind of reasoning where moves
like the one in the first proof are disallowed. Proving the existence of an x
satisfying ϕ(x) means that you have to give a specific x, and a proof that it
satisfies ϕ, like in the second proof. Proving that ϕ or ψ holds requires that
you can prove one or the other.
Formally speaking, intuitionistic logic is what you get if you restrict a proof
system for classical logic in a certain way. From the mathematical point of
view, these are just formal deductive systems, but, as already noted, they are
intended to capture a kind of mathematical reasoning. One can take this to
be the kind of reasoning that is justified on a certain philosophical view of
mathematics (such as Brouwer’s intuitionism); one can take it to be a kind
of mathematical reasoning which is more “concrete” and satisfying (along the
lines of Bishop’s constructivism); and one can argue about whether or not
the formal description captures the informal motivation. But whatever philo-
sophical positions we may hold, we can study intuitionistic logic as a formally
presented logic; and for whatever reasons, many mathematical logicians find it
interesting to do so.

1.2 Syntax of Intuitionistic Logic

The syntax of intuitionistic logic is the same as that for propositional logic. In int:int:syn:
sec
classical propositional logic it is possible to define connectives by others, e.g.,
one can define ϕ → ψ by ¬ϕ ∨ ψ, or ϕ ∨ ψ by ¬(¬ϕ ∧ ¬ψ). Thus, presentations
of classical logic often introduce some connectives as abbreviations for these
definitions. This is not so in intuitionistic logic, with two exceptions: ¬ϕ can
be—and often is—defined as an abbreviation for ϕ → ⊥. Then, of course, ⊥
must not itself be defined! Also, ϕ ↔ ψ can be defined, as in classical logic, as
(ϕ → ψ) ∧ (ψ → ϕ).
Formulas of propositional intuitionistic logic are built up from propositional
variables and the propositional constant ⊥ using logical connectives. We have:

1. A denumerable set At0 of propositional variables p0 , p1 , . . .

2. The propositional constant for falsity ⊥.

4 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 3. The logical connectives: ∧ (conjunction), ∨ (disjunction), → (condi-
tional)

4. Punctuation marks: (, ), and the comma.

int:int:syn: Definition 1.2 (Formula). The set Frm(L0 ) of formulas of propositional

defn:formulas
intuitionistic logic is defined inductively as follows:

1. ⊥ is an atomic formula.

2. Every propositional variable pi is an atomic formula.

3. If ϕ and ψ are formulas, then (ϕ ∧ ψ) is a formula.

4. If ϕ and ψ are formulas, then (ϕ ∨ ψ) is a formula.

5. If ϕ and ψ are formulas, then (ϕ → ψ) is a formula.

6. Nothing else is a formula.

In addition to the primitive connectives introduced above, we also use the

following defined symbols: ¬ (negation) and ↔ (biconditional). Formulas con-
structed using the defined operators are to be understood as follows:

1. ¬ϕ abbreviates ϕ → ⊥.

2. ϕ ↔ ψ abbreviates (ϕ → ψ) ∧ (ψ → ϕ).

Although ¬ is officially treated as an abbreviation, we will sometimes give

explicit rules and clauses in definitions for ¬ as if it were primitive. This is
mostly so we can state practice problems.

1.3 The Brouwer-Heyting-Kolmogorov Interpretation

int:int:bhk:
sec

Proofs of validity of intuitionistic propositions using the BHK interpre-

tation are confusing; they have to be explained better.

There is an informal constructive interpretation of the intuitionist connectives,

usually known as the Brouwer-Heyting-Kolmogorov interpretation. It uses the
notion of a “construction,” which you may think of as a constructive proof. (We
don’t use “proof” in the BHK interpretation so as not to get confused with the
notion of a derivation in a formal proof system.) Based on this intuitive notion,
the BHK interpretation explains the meanings of the intuitionistic connectives.

1. We assume that we know what constitutes a construction of an atomic

statement.

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 5

 2. A construction of ϕ1 ∧ ϕ2 is a pair hM1 , M2 i where M1 is a construction
of ϕ1 and M2 is a construction of A2 .

3. A construction of ϕ1 ∨ ϕ2 is a pair hs, M i where s is 1 and M is a

construction of ϕ1 , or s is 2 and M is a construction of ϕ2 .

4. A construction of ϕ → ψ is a function that converts a construction of ϕ

into a construction of ψ.

5. There is no construction for ⊥ (absurdity).

6. ¬ϕ is defined as synonym for ϕ → ⊥. That is, a construction of ¬ϕ is a

function converting a construction of ϕ into a construction of ⊥.

Example 1.3. Take ¬⊥ for example. A construction of it is a function which,

given any construction of ⊥ as input, provides a construction of ⊥ as output.
Obviously, the identity function Id is such a construction: given a construc-
tion M of ⊥, Id(M ) = M yields a construction of ⊥.

Generally speaking, ¬ϕ means “A construction of ϕ is impossible”.

Example 1.4. Let us prove ϕ→¬¬ϕ for any proposition ϕ, which is ϕ→((ϕ→
⊥)→⊥). The construction should be a function f that, given a construction M
of ϕ, returns a construction f (M ) of (ϕ→⊥)→⊥. Here is how f constructs the
construction of (ϕ → ⊥) → ⊥: We have to define a function g which, when given
a construction h of ϕ → ⊥ as input, outputs a construction of ⊥. We can define
g as follows: apply the input h to the construction M of ϕ (that we received
earlier). Since the output h(M ) of h is a construction of ⊥, f (M )(h) = h(M )
is a construction of ⊥ if M is a construction of ϕ.

Example 1.5. Let us give a construction for ¬(ϕ∧¬ϕ), i.e., (ϕ∧(ϕ→⊥))→⊥.

This is a function f which, given as input a construction M of ϕ ∧ (ϕ → ⊥),
yields a construction of ⊥. A construction of a conjunction ψ1 ∧ ψ2 is a pair
hN1 , N2 i where N1 is a construction of ψ1 and N2 is a construction of ψ2 . We
can define functions p1 and p2 which recover from a construction of ψ1 ∧ ψ2
the constructions of ψ1 and ψ2 , respectively:

p1 (hN1 , N2 i) = N1
p2 (hN1 , N2 i) = N2

Here is what f does: First it applies p1 to its input M . That yields a construc-
tion of ϕ. Then it applies p2 to M , yielding a construction of ϕ → ⊥. Such a
construction, in turn, is a function p2 (M ) which, if given as input a construction
of ϕ, yields a construction of ⊥. In other words, if we apply p2 (M ) to p1 (M ),
we get a construction of ⊥. Thus, we can define f (M ) = p2 (M )(p1 (M )).

Example 1.6. Let us give a construction of ((ϕ ∧ ψ) → χ) → (ϕ → (ψ → χ)),

i.e., a function f which turns a construction g of (ϕ∧ψ)→χ into a construction

6 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 of (ϕ → (ψ → χ)). The construction g is itself a function (from constructions
of ϕ ∧ ψ to constructions of C). And the output f (g) is a function hg from
constructions of ϕ to functions from constructions of ψ to constructions of χ.
Ok, this is confusing. We have to construct a certain function hg , which
will be the output of f for input g. The input of hg is a construction M
of ϕ. The output of hg (M ) should be a function kM from constructions N
of ψ to constructions of χ. Let kg,M (N ) = g(hM, N i). Remember that hM, N i
is a construction of ϕ ∧ ψ. So kg,M is a construction of ψ → χ: it maps
constructions N of ψ to constructions of χ. Now let hg (M ) = kg,M . That’s a
function that maps constructions M of ϕ to constructions kg,M of ψ → χ. Now
let f (g) = hg . That’s a function that maps constructions g of (ϕ ∧ ψ) → χ to
constructions of ϕ → (ψ → χ). Whew!
The statement ϕ ∨ ¬ϕ is called the Law of Excluded Middle. We can prove
it for some specific ϕ (e.g., ⊥ ∨ ¬⊥), but not in general. This is because the
intuitionistic disjunction requires a construction of one of the disjuncts, but
there are statements which currently can neither be proved nor refuted (say,
Goldbach’s conjecture). However, you can’t refute the law of excluded middle
either: that is, ¬¬(ϕ ∨ ¬ϕ) holds.
Example 1.7. To prove ¬¬(ϕ ∨ ¬ϕ), we need a function f that transforms a
construction of ¬(ϕ ∨ ¬ϕ), i.e., of (ϕ ∨ (ϕ → ⊥)) → ⊥, into a construction of ⊥.
In other words, we need a function f such that f (g) is a construction of ⊥ if g
is a construction of ¬(ϕ ∨ ¬ϕ).
Suppose g is a construction of ¬(ϕ ∨ ¬ϕ), i.e., a function that transforms a
construction of ϕ ∨ ¬ϕ into a construction of ⊥. A construction of ϕ ∨ ¬ϕ is a
pair hs, M i where either s = 1 and M is a construction of ϕ, or s = 2 and M is
a construction of ¬ϕ. Let h1 be the function mapping a construction M1 of ϕ
to a construction of ϕ ∨ ¬ϕ: it maps M1 to h1, M2 i. And let h2 be the function
mapping a construction M2 of ¬ϕ to a construction of ϕ ∨ ¬ϕ: it maps M2 to
h2, M2 i.
Let k be g ◦ h1 : it is a function which, if given a construction of ϕ, returns a
construction of ⊥, i.e., it is a construction of ϕ → ⊥ or ¬ϕ. Now let l be g ◦ h2 .
It is a function which, given a construction of ¬ϕ, provides a construction of ⊥.
Since k is a construction of ¬ϕ, l(k) is a construction of ⊥.
Together, what we’ve done is describe how we can turn a construction g of
¬(ϕ∨¬ϕ) into a construction of ⊥, i.e., the function f mapping a construction g
of ¬(ϕ ∨ ¬ϕ) to the construction l(k) of ⊥ is a construction of ¬¬(ϕ ∨ ¬ϕ).
As you can see, using the BHK interpretation to show the intuitionistic
validity of formulas quickly becomes cumbersome and confusing. Luckily, there
are better derivation systems for intuitionistic logic, and more precise semantic
interpretations.

1.4 Natural Deduction

int:int:ntd:
sec

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 7

Natural deduction without the ⊥C rules is a standard derivation system for
intuitionistic logic. We repeat the rules here and indicate the motivation using
the BHK interpretation. In each case, we can think of a rule which allows us
to conclude that if the premises have constructions, so does the conclusion.
Since natural deduction derivations have undischarged assumptions, we
should consider such a derivation, say, of ϕ from undischarged assumptions Γ ,
as a function that turns constructions of all ψ ∈ Γ into a construction of ϕ. If
there is a derivation of ϕ from no undischarged assumptions, then there is a
construction of ϕ in the sense of the BHK interpretation. For the purpose of
the discussion, however, we’ll suppress the Γ when not needed.
An assumption ϕ by itself is a derivation of ϕ from the undischarged as-
sumption ϕ. This agrees with the BHK-interpretation: the identity function
on constructions turns any construction of ϕ into a construction of ϕ.

Conjunction

ϕ∧ψ
ϕ ∧Elim
ϕ ψ
∧Intro
ϕ∧ψ ϕ∧ψ
∧Elim
ψ

Suppose we have constructions N1 , N2 of ϕ1 and ϕ2 , respectively. Then we

also have a construction ϕ1 ∧ ϕ2 , namely the pair hN1 , N2 i.
A construction of ϕ1 ∧ ϕ1 on the BHK interpretation is a pair hN1 , N2 i. So
assume we have such a pair. Then we also have a construction of each conjunct:
N1 is a construction of ϕ1 and N2 is a construction of ϕ2 .

Conditional

[ϕ]u

ϕ→ψ ϕ
→Elim
ψ
ψ
u →Intro
ϕ→ψ

If we have a derivation of ψ from undischarged assumption ϕ, then there is a

function f that turns constructions of ϕ into constructions of ψ. That same
function is a construction of ϕ→ψ. So, if the premise of →Intro has a construc-
tion conditional on a construction of ϕ, the conclusion ϕ→ψ has a construction.
On the other hand, suppose there are constructions N of ϕ and f of ϕ →
ψ. A construction of ϕ → ψ is a function that turns constructions of ϕ into

8 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

constructions of ψ. So, f (N ) is a construction of ψ, i.e., the conclusion of
→Elim has a construction.

Disjunction

ϕ [ϕ]n [ψ]n
∨Intro
ϕ∨ψ
ψ
∨Intro ϕ∨ψ χ χ
ϕ∨ψ n ∨Elim
χ

If we have a construction Ni of ϕi we can turn it into a construction hi, Ni i

of ϕ1 ∨ ϕ2 . On the other hand, suppose we have a construction of ϕ1 ∨ ϕ2 , i.e.,
a pair hi, Ni i where Ni is a construction of ϕi , and also functions f1 , f2 , which
turn constructions of ϕ1 , ϕ2 , respectively, into constructions of χ. Then fi (Ni )
is a construction of χ, the conclusion of ∨Elim.

Absurdity

⊥ ⊥
ϕ I

If we have a derivation of ⊥ from undischarged assumptions ψ1 , . . . , ψn , then

there is a function f (M1 , . . . , Mn ) that turns constructions of ψ1 , . . . , ψn into
a construction of ⊥. Since ⊥ has no construction, there cannot be any con-
structions of all of ψ1 , . . . , ψn either. Hence, f also has the property that if
M1 , . . . , Mn are constructions of ψ1 , . . . , ψn , respectively, then f (M1 , . . . , Mn )
is a construction of ϕ.

Rules for ¬
Since ¬ϕ is defined as ϕ → ⊥, we strictly speaking do not need rules for ¬. But
if we did, this is what they’d look like:

[ϕ]n
¬ϕ ϕ
¬Elim
⊥
⊥
n
¬ϕ ¬Intro

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 9

Examples of Derivations
1. ` ϕ → (¬ϕ → ⊥), i.e., ` ϕ → ((ϕ → ⊥) → ⊥)

[ϕ]2 [ϕ → ⊥]1
→Elim
⊥
1 →Intro
(ϕ → ⊥) → ⊥
2 →Intro
ϕ → (ϕ → ⊥) → ⊥

2. ` ((ϕ ∧ ψ) → χ) → (ϕ → (ψ → χ))

[ϕ]2 [ψ]1
∧Intro
[(ϕ ∧ ψ) → χ]3 ϕ∧ψ
χ →Elim
1 →Intro
ψ→χ
2 →Intro
ϕ → (ψ → χ)
3 →Intro
((ϕ ∧ ψ) → χ) → (ϕ → (ψ → χ))

3. ` ¬(ϕ ∧ ¬ϕ), i.e., ` (ϕ ∧ (ϕ → ⊥)) → ⊥

[ϕ ∧ (ϕ → ⊥)]1 [ϕ ∧ (ϕ → ⊥)]1
∧Elim ∧Elim
ϕ→⊥ ϕ
→Elim
⊥
1 →Intro
(ϕ ∧ (ϕ → ⊥)) → ⊥

4. ` ¬¬(ϕ ∨ ¬ϕ), i.e., ` ((ϕ ∨ (ϕ → ⊥)) → ⊥) → ⊥

[ϕ]1
∨Intro
[(ϕ ∨ (ϕ → ⊥)) → ⊥]2 ϕ ∨ (ϕ → ⊥)
→Elim
⊥
1 →Intro
ϕ→⊥
∨Intro
[(ϕ ∨ (ϕ → ⊥)) → ⊥]2 ϕ ∨ (ϕ → ⊥)
→Elim
⊥
2 →Intro
((ϕ ∨ (ϕ → ⊥)) → ⊥) → ⊥

Proposition 1.8. If Γ ` ϕ in intuitionistic logic, Γ ` ϕ in classical logic. In

particular, if ϕ is an intuitionistic theorem, it is also a classical theorem.

Proof. Every natural deduction rule is also a rule in classical natural deduction,
so every derivation in intuitionistic logic is also a derivation in classical logic.

Problem 1.1. Give derivations in intutionistic logic of the following.

1. (¬ϕ ∨ ψ) → (ϕ → ψ)
2. ¬¬¬ϕ → ¬ϕ

10 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 3. ¬¬(ϕ ∧ ψ) ↔ (¬¬ϕ ∧ ¬¬ψ)
4. ¬(ϕ ∨ ψ) ↔ (¬ϕ ∧ ψ)
5. (¬ϕ ∨ ¬ψ) → ¬(ϕ ∧ ψ)
6. ¬¬(ϕ ∧ ψ) → (¬¬ϕ ∨ ¬¬ψ)

1.5 Axiomatic Derivations

int:int:axd: Axiomatic derivations for intuitionistic propositional logic are the conceptu-
sec
ally simplest, and historically first, derivation systems. They work just as in
classical propositional logic.
Definition 1.9 (Derivability). If Γ is a set of formulas of L then a derivation
from Γ is a finite sequence ϕ1 , . . . , ϕn of formulas where for each i ≤ n one of
the following holds:
1. ϕi ∈ Γ ; or
2. ϕi is an axiom; or
3. ϕi follows from some ϕj and ϕk with j < i and k < i by modus ponens,
i.e., ϕk ≡ ϕj → ϕi .

Definition 1.10 (Axioms). The set of Ax0 of axioms for the intuitionistic
propositional logic are all formulas of the following forms:

int:int:axd: (ϕ ∧ ψ) → ϕ (1.1)
ax:land1
int:int:axd: (ϕ ∧ ψ) → ψ (1.2)
ax:land2
int:int:axd: ϕ → (ψ → (ϕ ∧ ψ)) (1.3)
ax:land3
int:int:axd: ϕ → (ϕ ∨ ψ) (1.4)
ax:lor1
int:int:axd: ϕ → (ψ ∨ ϕ) (1.5)
ax:lor2
int:int:axd: (ϕ → χ) → ((ψ → χ) → ((ϕ ∨ ψ) → χ)) (1.6)
ax:lor3
int:int:axd: ϕ → (ψ → ϕ) (1.7)
ax:lif1
int:int:axd: (ϕ → (ψ → χ)) → ((ϕ → ψ) → (ϕ → χ)) (1.8)
ax:lif2
int:int:axd: ⊥→ϕ (1.9)
ax:lfalse1

Definition 1.11 (Derivability). A formula ϕ is derivable from Γ , written

Γ ` ϕ, if there is a derivation from Γ ending in ϕ.

Definition 1.12 (Theorems). A formula ϕ is a theorem if there is a deriva-

tion of ϕ from the empty set. We write ` ϕ if ϕ is a theorem and 0 ϕ if it is
not.

Proposition 1.13. If Γ ` ϕ in intuitionistic logic, Γ ` ϕ in classical logic.

In particular, if ϕ is an intuitionistic theorem, it is also a classical theorem.

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 11

Proof. Every intuitionistic axiom is also a classical axiom, so every derivation
in intuitionistic logic is also a derivation in classical logic.

12 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 Chapter 2

Semantics

This chapter collects definitions for semantics for intuitionistic logic.

So far only Kripke and topological semantics are covered. There are no
examples yet, either of how models make formulas true or of proofs that
formulas are valid.

2.1 Introduction
int:sem:int: No logic is satisfactorily described without a semantics, and intuitionistic logic
sec
is no exception. Whereas for classical logic, the semantics based on valuations is
canonical, there are several competing semantics for intuitionistic logic. None of
them are completely satisfactory in the sense that they give an intuitionistically
acceptable account of the meanings of the connectives.
The semantics based on relational models, similar to the semantics for
modal logics, is perhaps the most popular one. In this semantics, proposi-
tional variables are assigned to worlds, and these worlds are related by an
accessibility relation. That relation is always a partial order, i.e., it is reflexive,
antisymmetric, and transitive.
Intuitively, you might think of these worlds as states of knowledge or “evi-
dentiary situations.” A state w0 is accessible from w iff, for all we know, w0 is
a possible (future) state of knowledge, i.e., one that is compatible with what’s
known at w. Once a proposition is known, it can’t become un-known, i.e.,
whenever ϕ is known at w and Rww0 , ϕ is known at w0 as well. So “knowl-
edge” is monotonic with respect to the accessibility relation.
If we define “ϕ is known” as in epistemic logic as “true in all epistemic
alternatives,” then ϕ ∧ ψ is known at w if in all epistemic alternatives, both ϕ
and ψ are known. But since knowledge is monotonic and R is reflexive, that
means that ϕ ∧ ψ is known at w iff ϕ and ψ are known at w. For the same
reason, ϕ ∨ ψ is known at w iff at least one of them is known. So for ∧ and ∨,
the truth conditions of the connectives coincide with those in classical logic.

13
 The truth conditions for the conditional, however, differ from classical logic.
ϕ → ψ is known at w iff at no w0 with Rww0 , ϕ is known without ψ also being
known. This is not the same as the condition that ϕ is unknown or ψ is known
at w. For if we know neither ϕ nor ψ at w, there might be a future epistemic
state w0 with Rww0 such that at w0 , ϕ is known without also coming to know ψ.
We know ¬ϕ only if there is no possible future epistemic state in which
we know ϕ. Here the idea is that if ϕ were knowable, then in some possible
future epistemic state ϕ becomes known. Since we can’t know ⊥, in that future
epistemic state, we would know ϕ but not know ⊥.
On this interpretation the principle of excluded middle fails. For there are
some ϕ which we don’t yet know, but which we might come to know. For such
an ϕ, both ϕ and ¬ϕ are unknown, so ϕ ∨ ¬ϕ is not known. But we do know,
e.g., that ¬(ϕ ∧ ¬ϕ). For no future state in which we know both ϕ and ¬ϕ is
possible, and we know this independently of whether or not we know ϕ or ¬ϕ.
Relational models are not the only available semantics for intuitionistic
logic. The topological semantics is another: here propositions are interpreted
as open sets in a topological space, and the connectives are interpreted as
operations on these sets (e.g., ∧ corresponds to intersection).

2.2 Relational models

In order to give a precise semantics for intuitionistic propositional logic, we int:sem:rel:
sec
have to give a definition of what counts as a model relative to which we can
evaluate formulas. On the basis of such a definition it is then also possible to
define semantics notions such as validity and entailment. One such semantics
is given by relational models.
Definition 2.1. A relational model for intuitionistic propositional logic is a
triple M = hW, R, V i, where
1. W is a non-empty set,
2. R is a partial order (i.e., a reflexive, antisymmetric, and transitive binary
relation) on W , and
3. V is a function assigning to each propositional variable p a subset of W ,
such that
4. V is monotone with respect to R, i.e., if w ∈ V (p) and Rww0 , then
w0 ∈ V (p).

Definition 2.2. We define the notion of ϕ being true at w in M, M, w ϕ, int:sem:rel:

defn:true-at-w
inductively as follows:
1. ϕ ≡ p: M, w ϕ iff w ∈ V (p).
2. ϕ ≡ ⊥: not M, w ϕ.
3. ϕ ≡ ¬ψ: M, w ϕ iff for no w0 such that Rww0 , M, w0 ψ.

14 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 4. ϕ ≡ ψ ∧ χ: M, w ϕ iff M, w ψ and M, w χ.
5. ϕ ≡ ψ ∨ χ: M, w ϕ iff M, w ψ or M, w χ (or both).
6. ϕ ≡ ψ → χ: M, w ϕ iff for every w0 such that Rww0 , not M, w0 ψ
or M, w0 χ (or both).
We write M, w 1 ϕ if not M, w ϕ. If Γ is a set of formulas, M, w Γ means
M, w ψ for all ψ ∈ Γ .

Problem 2.1. Show that according to Definition 2.2, M, w ¬ϕ iff M, w

ϕ → ⊥.

int:sem:rel: Proposition 2.3. Truth at worlds is monotonic with respect to R, i.e., if

prop:true-monotonic
M, w ϕ and Rww0 , then M, w0 ϕ.

Proof. Exercise.

Problem 2.2. Prove Proposition 2.3.

2.3 Semantic Notions

int:sem:sem:
sec
Definition 2.4. We say ϕ is true in the model M = hW, R, V i, M ϕ, iff
M, w ϕ for all w ∈ W . ϕ is valid,  ϕ, iff it is true in all models. We say
a set of formulas Γ entails ϕ, Γ  ϕ, iff for every model M and every w such
that M, w Γ , M, w ϕ.

int:sem:sem: Proposition 2.5.

prop:sat-entails
int:sem:sem: 1. If M, w Γ and Γ  ϕ, then M, w ϕ.
prop:sat-entails1
int:sem:sem: 2. If M Γ and Γ  ϕ, then M ϕ.
prop:sat-entails2

Proof. 1. Suppose M Γ . Since Γ  ϕ, we know that if M, w Γ , then

M, w ϕ. Since M, u Γ for all every u ∈ W , M, w Γ . Hence
M, w ϕ.
2. Follows immediately from (1).

int:sem:sem: Definition 2.6. Suppose M is a relational model and w ∈ W . The restriction

defn:restrict
Mw = hWw , Rw , Vw i of M to w is given by:

Ww = {u ∈ W : Rwu},
Rw = R ∩ (Ww )2 , and
Vw (p) = V (p) ∩ Ww .

int:sem:sem: Proposition 2.7. M, w ϕ iff Mw ϕ.

prop:restrict

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 15

Problem 2.3. Prove Proposition 2.7.

Proposition 2.8. Suppose for every model M such that M Γ , M ϕ.

Then Γ  ϕ.

Proof. Suppose that M, w Γ . By the Proposition 2.7 applied to every ψ ∈ Γ ,

we have Mw Γ . By the assumption, we have Mw ϕ. By Proposition 2.7
again, we get M, w ϕ.

2.4 Topological Semantics

Another way to provide a semantics for intuitionistic logic is using the mathe- int:sem:top:
sec
matical concept of a topology.

Definition 2.9. Let X be a set. A topology on X is a set O ⊆ ℘(X) that

satisfies the properties below. The elements of O are called the open sets of
the topology. The set X together with O is called a topological space.

1. The empty set and the entire space are open: ∅, X ∈ O.

2. Open sets are closed under finite intersections: if U , V ∈ O then U ∩ V ∈

O

Open sets are closed under arbitrary unions: if Ui ∈ O for all i ∈ I, then
3. S
{Ui : i ∈ I} ∈ O.

We may write X for a topology if the collection of open sets can be inferred
from the context; note that, still, only after X is endowed with open sets can
it be called a topology.

Definition 2.10. A topological model of intuitionistic propositional logic is a

triple X = hX, O, V i where O is a topology on X and V is a function assigning
an open set in O to each propositional variable.
Given a topological model X, we can define [ϕ]]X inductively as follows:

1. [⊥]]X = ∅

2. [p]]X = V (p)

3. [ϕ ∧ ψ]]X = [ϕ]]X ∩ [ψ]]X

4. [ϕ ∨ ψ]]X = [ϕ]]X ∪ [ψ]]X

5. [ϕ → ψ]]X = Int((X \ [ϕ]]X ) ∪ [ψ]]X )

Here, Int(V ) is the function that maps a set V ⊆ X to its interior, that is, the
union of all open sets it contains. In other words,
[
Int(V ) = {U : U ⊆ V and U ∈ O}.

16 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 Note that the interior of any set is always open, since it is a union of open
sets. Thus, [ϕ]]X is always an open set.
Although topological semantics is highly abstract, there are ways to think
about it that might motivate it. Suppose that the elements, or “points,” of X
are points at which statements can be evaluated. The set of all points where ϕ
is true is the proposition expressed by ϕ. Not every set of points is a potential
proposition; only the elements of O are. ϕ  ψ iff ψ is true at every point at
which ϕ is true, i.e., [ϕ]]X ⊆ [ψ]]X , for all X. The absurd statement ⊥ is never
true, so [⊥]]X = ∅. How must the propositions expressed by ψ ∧ χ, ψ ∨ χ, and
ψ → χ be related to those expressed by ψ and χ for the intuitionistically valid
laws to hold, i.e., so that ϕ ` ψ iff [ϕ]]X ⊂ [ψ]]X . ⊥ ` ϕ for any ϕ, and only
∅ ⊆ U for all U . Since ψ ∧ χ ` ψ, [ψ ∧ χ]]X ⊆ [ψ]]X , and similarly [ψ ∧ χ]]X ⊆ [χ]]X .
The largest set satisfying W ⊆ U and W ⊆ V is U ∩ V . Conversely, ψ ` ψ ∨ χ
and χ ` ψ ∨ χ, and so [ψ]]X ⊆ [ψ ∨ χ]]X and [χ]]X ⊆ [ψ ∨ χ]]X . The smallest
set W such that U ⊆ W and V ⊆ W is U ∪ V . The definition for → is tricky:
ϕ → ψ expresses the weakest proposition that, combined with ϕ, entails ψ.
That ϕ → ψ combined with ϕ entails ψ is clear from (ϕ → ψ) ∧ ϕ ` ψ. So
[ϕ → ψ]]X should be the greatest open set such that [ϕ → ψ]]X ∩ [ϕ]]X ⊂ [ψ]]X ,
leading to our definition.

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 17

Chapter 3

Soundness and Completeness

This chapter collects soundness and completeness results for propo-

sitional intuitionistic logic. It needs an introduction. The completeness
proof makes use of facts about provability that should be stated and proved
explicitly somehwere.

3.1 Soundness of Axiomatic Derivations

int:sc:sax:
sec

The soundness proof relies on the fact that all axioms are intuitionisti-
cally valid; this still needs to be proved, e.g., in the Semantics chapter.

Theorem 3.1 (Soundness). If Γ ` ϕ, then Γ  ϕ. int:sc:sax:

thm:soundness

Proof. We prove that if Γ ` ϕ, then Γ  ϕ. The proof is by induction on

the number n of formulas in the derivation of ϕ from Γ . We show that if ϕ1 ,
. . . , ϕn = ϕ is a derivation from Γ , then Γ  ϕn . Note that if ϕ1 , . . . , ϕn is
a derivation, so is ϕ1 , . . . , ϕk for any k < n.
There are no derivations of length 0, so for n = 0 the claim holds vacuously.
So the claim holds for all derivations of length < n. We distinguish cases
according to the justification of ϕn .

1. ϕn is an axiom. All axioms are valid, so Γ  ϕn for any Γ .

2. ϕn ∈ Γ . Then for any M and w, if M, w Γ , obviously M Γ ϕn [w],
i.e., Γ  ϕ.
3. ϕn follows by mp from ϕi and ϕj ≡ ϕi → ϕn . ϕ1 , . . . , ϕi and ϕ1 ,
. . . , ϕj are derivations from Γ , so by inductive hypothesis, Γ  ϕi and
Γ  ϕi → ϕn .

18
 Suppose M, w Γ . Since M, w Γ and Γ  ϕi → ϕn , M, w ϕi → ϕn .
By definition, this means that for all w0 such that Rww0 , if M, w0 ϕi
then M, w0 ϕn . Since R is reflexive, w is among the w0 such that Rww0 ,
i.e., we have that if M, w ϕi then M, w ϕn . Since Γ  ϕi , M, w ϕi .
So, M, w ϕn , as we wanted to show.

3.2 Soundness of Natural Deduction

int:sc:snd: We will now prove soundness of natural deduction with regards to the rela-
sec
tional semantics, that is, showing that if a formula is derivable from a set of
assumptions then the set of assumptions entails the formula.
int:sc:snd: Theorem 3.2 (Soundness). If Γ ` ϕ, then Γ  ϕ.
thm:soundness

Proof. We prove that if Γ ` ϕ, then Γ  ϕ. The proof is by induction on the

derivation of ϕ from Γ .

1. If the derivation consists of just the assumption ϕ, we have ϕ ` ϕ, and

want to show that ϕ  ϕ. Suppose that M, w ϕ. Then trivially
M, w ϕ.
2. The derivation ends in ∧Intro: The derivations of the premises ψ from
undischarged assumptions Γ and of χ from undischarged assumptions ∆
show that Γ ` ψ and ∆ ` χ. By induction hypothesis we have that Γ  ψ
and ∆  χ. We have to show that Γ ∪ ∆  ϕ ∧ ψ, since the undischarged
assumptions of the entire derivation are Γ together with ∆. So suppose
M, w Γ ∪ ∆. Then also M, w Γ . Since Γ  ψ, M, w ψ. Similarly,
M, w χ. So M, w ψ ∧ χ.
3. The derivation ends in ∧Elim: The derivation of the premise ψ ∧ χ from
undischarged assumptions Γ shows that Γ ` ψ ∧ χ. By induction hy-
pothesis, Γ  ψ ∧ χ. We have to show that Γ  ψ. So suppose M, w Γ .
Since Γ  ψ ∧ χ, M, w ψ ∧ χ. Then also M, w ψ. Similarly if ∧Elim
ends in χ, then Γ  χ.
4. The derivation ends in ∨Intro: Suppose the premise is ψ, and the undis-
charged assumptions of the derivation ending in ψ are Γ . Then we have
Γ ` ψ and by inductive hypothesis, Γ  ψ. We have to show that
Γ  ψ ∨ χ. Suppose M, w Γ . Since Γ  ψ, M, w ψ. But then also
M, w ψ ∨ χ. Similarly, if the premise is χ, we have that Γ  χ.
5. The derivation ends in ∨Elim: The derivations ending in the premises
are of ψ ∨ χ from undischarged assumptions Γ , of θ from undischarged
assumptions ∆1 ∪{ψ}, and of θ from undischarged assumptions ∆2 ∪{χ}.
So we have Γ ` ψ ∨ χ, ∆1 ∪ {ψ} ` θ, and ∆2 ∪ {χ} ` θ. By induction
hypothesis, Γ  ψ ∨ χ, ∆1 ∪ {ψ}  θ, and ∆2 ∪ {χ}  θ. We have to prove
that Γ ∪ ∆1 ∪ ∆2  θ.

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 19

 Suppose M, w Γ ∪ ∆1 ∪ ∆2 . Then M, w Γ and since Γ  ψ ∨ χ,
M, w ψ ∨ χ. By definition of M , either M, w ψ or M, w χ.
So we distinguish cases: (a) M ψ[w]. Then M, w ∆1 ∪ {ψ}. Since
∆1 ∪ ψ  θ, we have M, w θ. (b) M, w χ. Then M, w ∆2 ∪ {χ}.
Since ∆2 ∪ χ  θ, we have M, w θ. So in either case, M, w θ, as we
wanted to show.
6. The derivation ends with →Intro concluding ψ → χ. Then the premise
is χ, and the derivation ending in the premise has undischarged assump-
tions Γ ∪ {ψ}. So we have that Γ ∪ {ψ} ` χ, and by induction hypothesis
that Γ ∪ {ψ}  χ. We have to show that Γ  ψ → χ.
Suppose M, w Γ . We want to show that for all w0 such that Rww0 , if
M, w0 ψ, then M, w0 χ. So assume that Rww0 and M, w0 ψ. By
Proposition 2.3, M, w0 Γ . Since Γ ∪ {ψ}  χ, M, w0 χ, which is what
we wanted to show.
7. The derivation ends in →Elim and conclusion χ. The premises are ψ → χ
and ψ, with derivations from undischarged assumptions Γ , ∆. So we
have Γ ` ψ → χ and ∆ ` ψ. By inductive hypothesis, Γ  ψ → χ and
∆  ψ. We have to show that Γ ∪ ∆  χ.
Suppose M, w Γ ∪ ∆. Since M, w Γ and Γ  ψ → χ, M, w ψ → χ.
By definition, this means that for all w0 such that Rww0 , if M, w0 ψ
then M, w0 χ. Since R is reflexive, w is among the w0 such that Rww0 ,
i.e., we have that if M, w ψ then M, w χ. Since M, w ∆ and
∆  ψ, M, w ψ. So, M, w χ, as we wanted to show.
8. The derivation ends in ⊥I , concluding ϕ. The premise is ⊥ and the
undischarged assumptions of the derivation of the premise are Γ . Then
Γ ` ⊥. By inductive hypothesis, Γ  ⊥. We have to show Γ  ϕ.
We proceed indirectly. If Γ 2 ϕ there is a model M and world w such
that M, w Γ and M, w 1 ϕ. Since Γ  ⊥, M, w ⊥. But that’s
impossible, since by definition, M, w 1 ⊥. So Γ  ϕ.
9. The derivation ends in ¬Intro: Exercise.
10. The derivation ends in ¬Elim: Exercise.

Problem 3.1. Complete the proof of Theorem 3.2. For the cases for ¬Intro
and ¬Elim, use the definition of M, w ¬ϕ in Definition 2.2, i.e., don’t treat
¬ϕ as defined by ϕ → ⊥.
Problem 3.2. Show that the following formulas are not derivable in intuition-
istic logic:
1. (ϕ → ψ) ∨ (ψ → ϕ)
2. (¬¬ϕ → ϕ) → (ϕ ∨ ¬ϕ)


3. (ϕ → ψ ∨ χ) → (ϕ → ψ) ∨ (ϕ → χ)

20 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 3.3 Lindenbaum’s Lemma
int:sc:lin: The completeness theorem for intuitionistic logic is proved by assuming Γ 0 ϕ
sec
and constructing a model M Γ and M 1 ϕ.
In classical logic the relation of derivability can be reduced to the notion
of consistency since a formula ϕ is derivable from a set of formulas iff the
set together with the negation of ϕ is inconsistent. This is not possible in
intuitionistic logic. In intuitionistic logic, if ¬ϕ is inconsistent, we only get
that ` ¬¬ϕ. Since ¬¬ϕ → ϕ does not hold intuitionistically in general, we
cannot conclude that ` ϕ.
Thus, when constructing the model M, we will need to keep track of the
non-derivability of the formula ϕ and thus we will not be able to use a complete
set Γ ∗ ⊇ Γ to build the model M, as in every complete set Γ ∗ , we have
Γ ∗ ` ϕ ∨ ¬ϕ.
Instead of using a complete set Γ ∗ , we will us the notion of a prime set of
formulas:
int:sc:lin: Definition 3.3. A set of formulas Γ is prime iff
defn:prime
int:sc:lin: 1. Γ is consistent, i.e., Γ 0 ⊥;
defn:prime1
int:sc:lin: 2. if Γ ` ϕ then ϕ ∈ Γ ; and
defn:prime2
int:sc:lin: 3. if ϕ ∨ ψ ∈ Γ then ϕ ∈ Γ or ψ ∈ Γ .
defn:prime3

int:sc:lin: Lemma 3.4 (Lindenbaum’s Lemma). If Γ 0 ϕ, there is a Γ ∗ ⊇ Γ such

lem:lindenbaum
that Γ ∗ is prime and Γ ∗ 0 ϕ.

Proof. Let ψ1 ∨ χ1 , ψ2 ∨ χ2 , . . . , be an enumeration of all formulas of the

form ψ ∨ χ. We’ll define an increasing sequence of sets of formulas Γn , where
each Γn+1 is defined as Γn together with one new formula. Γ ∗ will be the
union of all Γn . The new formulas are selected so as to ensure that Γ ∗ is
prime and still Γ ∗ 0 ϕ. This means that at each step we should find the first
disjunction ψi ∨ χi such that:
int:sc:lin: 1. Γn ` ψi ∨ χi
gamma-1
int:sc:lin: 2. ψi ∈
/ Γn and χi ∈
/ Γn
gamma-2
We add to Γn either ψi if Γn ∪ {ψi } 0 ϕ, or χi otherwise. We’ll have to show
that this works. For now, let’s define i(n) as the least i such that (1) and (2)
hold.
Define Γ0 = Γ and
(
Γn ∪ {ψi(n) } if Γn ∪ {ψi(n) } 0 ϕ
Γn+1 =
Γn ∪ {χi(n) } otherwise

If i(n) is undefined, i.e., whenever

S∞ Γn ` ψ ∨ χ, either ψ ∈ Γn or χ ∈ Γn , we let
Γn+1 = Γn . Now let Γ ∗ = n=0 Γn

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 21

 First we show that for all n, Γn 0 ϕ. We proceed by induction on n. For
n = 0 the claim holds by the hypothesis of the theorem, i.e., Γ 0 ϕ. If n > 0,
we have to show that if Γn 0 ϕ then Γn+1 0 ϕ. If i(n) is undefined, Γn+1 = Γn
and there is nothing to prove. So suppose i(n) is defined. For simplicity, let
i = i(n).
We’ll prove the contrapositive of the claim. Suppose Γn+1 ` ϕ. By con-
struction, Γn+1 = Γn ∪ {ψi } if Γn ∪ {ψi } 0 ϕ, or else Γn+1 = Γn ∪ {χi }. It
clearly can’t be the first, since then Γn+1 0 ϕ. Hence, Γn ∪ {ψi } ` ϕ and
Γn+1 = Γn ∪ {χi }. By definition of i(n), we have that Γn ` ψi ∨ χi . We have
Γn ∪ {ψi } ` ϕ. We also have Γn+1 = Γn ∪ {χi } ` ϕ. Hence, Γn ` ϕ, which is
what we wanted to show.
If Γ ∗ ` ϕ, there would be some finite subset Γ 0 ⊆ Γ ∗ such that Γ 0 ` ϕ.
Each θ ∈ Γ 0 must be in Γi for some i. Let n be the largest of these. Since
Γi ⊆ Γn if i ≤ n, Γ 0 ⊆ Γn . But then Γn ` ϕ, contrary to our proof above that
Γn 0 ϕ.
Lastly, we show that Γ ∗ is prime, i.e., satisfies conditions (1), (2), and (3)
of Definition 3.3.
First, Γ ∗ 0 ϕ, so Γ ∗ is consistent, so (1) holds.
We now show that if Γ ∗ ` ψ ∨ χ, then either ψ ∈ Γ ∗ or χ ∈ Γ ∗ . This
proves (3), since if ψ ∈ Γ ∗ then also Γ ∗ ` ψ, and similarly for χ. So assume
Γ ∗ ` ψ ∨ χ but ψ ∈ / Γ ∗ and χ ∈ / Γ ∗ . Since Γ ∗ ` ψ ∨ χ, Γn ` ψ ∨ χ for some n.
ψ ∨ χ appears on the enumeration of all disjunctions, say, as ψj ∨ χj . ψj ∨ χj
satisfies the properties in the definition of i(n), namely we have Γn ` ψj ∨ χj ,
while ψj ∈ / Γn and χj ∈/ Γn . At each stage, at least one fewer disjunction ψi ∨χi
satisfies the conditions (since at each stage we add either ψi or χi ), so at some
stage m we will have j = i(Γm ). But then either ψ ∈ Γm+1 or χ ∈ Γm+1 ,
contrary to the assumption that ψ ∈ / Γ ∗ and χ ∈/ Γ ∗.
∗ ∗
Now suppose Γ ` ψ. Then Γ ` ψ ∨ ψ. But we’ve just proved that if
Γ ∗ ` ψ ∨ ψ then ψ ∈ Γ ∗ . Hence, Γ ∗ satisfies (2) of Definition 3.3.
Problem 3.3. Show that if Γ 0 ⊥ then Γ is consistent in classical logic, i.e.,
there is a valuation making all formulas in Γ true.

3.4 The Canonical Model

The worlds in our model will be finite sequences σ of natural numbers, i.e., int:sc:mod:
sec
σ ∈ N∗ . Note that N∗ is inductively defined by:
1. Λ ∈ N∗ .
2. If σ ∈ N∗ and n ∈ N, then σ.n ∈ N∗ (where σ.n is σ _ hni and σ _ σ 0 is
the concatenation if σ and σ 0 ).
3. Nothing else is in N∗ .
So we can use N∗ to give inductive definitions.
Let hψ1 , χ1 i, hψ2 , χs i, . . . , be an enumeration of all pairs of formulas. Given
a set of formulas ∆, define ∆(σ) by induction as follows:

22 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 1. ∆(Λ) = ∆

2. ∆(σ.n) = (
(∆(σ) ∪ {ψn })∗ if ∆(σ) ∪ {ψn } 0 χn
∆(σ) otherwise

Here by (∆(σ) ∪ {ψn })∗ we mean the prime set of formulas which exists by
Lemma 3.4 applied to the set ∆(σ) ∪ {ψn } and the formula χn . Note that by
this definition, if ∆(σ) ∪ {ψn } 0 χn , then ∆(σ.n) ` ψn and ∆(σ.n) 0 χn . Note
also that ∆(σ) ⊆ ∆(σ.n) for any n. If ∆ is prime, then ∆(σ) is prime for all σ.

int:sc:mod: Definition 3.5. Suppose ∆ is prime. Then the canonical model M(∆) for ∆
defn:canonical-model
is defined by:

1. W = N∗ , the set of finite sequences of natural numbers.

2. R is the partial order according to which Rσσ 0 iff σ is an initial segment

of σ 0 (i.e., σ 0 = σ _ σ 00 for some sequence σ 00 ).

3. V (p) = {σ : p ∈ ∆(σ)}.

It is easy to verify that R is indeed a partial order. Also, the monotonic-

ity condition on V is satisfied. Since ∆(σ) ⊆ ∆(σ.n) we get ∆(σ) ⊆ ∆(σ 0 )
whenever Rσσ 0 by induction on σ.

3.5 The Truth Lemma

int:sc:tru:
sec
int:sc:tru: Lemma 3.6. If ∆ is prime, then M(∆), σ ϕ iff ∆(σ) ` ϕ.
lem:truth

Proof. By induction on ϕ.

1. ϕ ≡ ⊥: Since ∆(σ) is prime, it is consistent, so ∆(σ) 0 ϕ. By definition,

M(∆), σ 1 ϕ.

2. ϕ ≡ p: By definition of , M(∆), σ ϕ iff σ ∈ V (p), i.e., ∆(σ) ` ϕ.

3. ϕ ≡ ¬ψ: exercise.

4. ϕ ≡ ψ ∧ χ: M(∆), σ ϕ iff M(∆), σ ψ and M(∆), σ χ. By

induction hypothesis, M(∆), σ ψ iff ∆(σ) ` ψ, and similarly for χ.
But ∆(σ) ` ψ and ∆(σ) ` χ iff ∆(σ) ` ϕ.

5. ϕ ≡ ψ ∨ χ: M(∆), σ ϕ iff M(∆), σ ψ or M(∆), σ χ. By induction

hypothesis, this holds iff ∆(σ) ` ψ if ∆(σ) ` χ. We have to show that
this in turn holds iff ∆(σ) ` ϕ. The left-to-right direction is clear. The
right-to-left direction follows since ∆(σ) is prime.

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 23

 6. ϕ ≡ ψ→χ: First the contrapositive of the left-to-right direction: Assume
∆(σ) 0 ψ → χ. Then also ∆(σ) ∪ {ψ} 0 χ. Since hψ, χi is hψn , χn i for
some n, we have ∆(σ.n) = (∆(σ)∪{ψ})∗ , and ∆(σ.n) ` ψ but ∆(σ.n) 0 χ.
By inductive hypothesis, M(∆), σ.n ψ and M(∆), σ.n 1 χ. Since
Rσ(σ.n), this means that M(∆), σ 1 ϕ.
Now assume ∆(σ) ` ψ → χ, and let Rσσ 0 . Since ∆(σ) ⊆ ∆(σ 0 ), we
have: if ∆(σ 0 ) ` ψ, then ∆(σ 0 ) ` χ. In other words, for every σ 0 such
that Rσσ 0 , either ∆(σ 0 ) 0 ψ or ∆(σ 0 ) ` χ. By induction hypothesis, this
means that whenever Rσσ 0 , either M(∆), σ 0 1 ψ or M(∆), σ 0 χ, i.e.,
M(∆), σ ϕ.

3.6 The Completeness Theorem

int:sc:cpl:
sec
Theorem 3.7. If Γ  ϕ then Γ ` ϕ. int:sc:cpl:
thm:completeness

Proof. We prove the contrapositive: Suppose Γ 0 ϕ. Then by Lemma 3.4, there

is a prime set Γ ∗ ⊇ Γ such that Γ ∗ 0 ϕ. Consider the canonical model M(Γ ∗ )
for Γ ∗ as defined in Definition 3.5. For any ψ ∈ Γ , Γ ∗ ` ψ. Note that
Γ ∗ (Λ) = Γ ∗ . By the Truth Lemma (Lemma 3.6), we have M(Γ ∗ ), Λ ψ for
all ψ ∈ Γ and M(Γ ∗ ), Λ 1 ϕ. This shows that Γ 2 ϕ.

Problem 3.4. Show that if ϕ only contains propositional variables, ∨, and ∧,

then 2 ϕ. Use this to conclude that → is not definable in intuitionistic logic
from ∨ and ∧.

Problem 3.5. By using the completeness theorem prove that if ` ϕ ∨ ψ then

` ϕ or ` ψ. (Hint: Assume M1 1 ϕ and M2 1 ψ and contruct a new model
M such that M 1 ϕ ∨ ψ.)

Problem 3.6. Show that if M is a relational model using a linear order then
M (ϕ → ψ) ∨ (ψ → ϕ).

3.7 Decidability
Observe that the proof of the completeness theorem gives us for every Γ 0 ϕ a int:sc:dec:
sec
model with an infinite number of worlds witnessing the fact that Γ 2 ϕ. The
following proposition shows that to prove  ϕ it is enough to prove that M ϕ
for all finite models (i.e., models with a finite set of worlds).

Theorem 3.8. If 2 ϕ then there is a finite model M0 1 ϕ. int:sc:dec:

thm:decidability

Proof. Assume M = hW, R, V i is such that M 1 ϕ and P is the set of

propositional variables occurring in ϕ. Define M0 = hW 0 , R0 , V 0 i by letting
W 0 = {[w] : w ∈ W } where [w] = {p ∈ P : w ∈ V (p)}, R0 be the subset

24 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

relation, and V 0 (p) = {[w] : p ∈ [w]}. It should be clear that W 0 is a finite set
and that M0 is a relational model.
It can be shown, by induction on ϕ, that

M, w ϕ iff M0 , [w] ϕ

for all formulas ϕ with only propositional variables from P . This is left as an
exercise for the reader.

Problem 3.7. Finish the proof of Theorem 3.8 by showing that M, w ϕ iff
M0 , [w] ϕ for all formulas ϕ with only propositional variables from P .

From Theorem 3.8 it follows that there is an algorithm to decide whether 

ϕ.

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 25

Chapter 4

Propositions as Types

This is a very experimental draft of a chapter on the Curry-Howard

correspondence. It needs more explanation and motivation, and there
are probably errors and omissions. The proof of normalization should be
reviewed and expanded. There are no examples for the product type.
Permuation and simplification conversions are not covered. It will make a
lot more sense once there is also material on the (typed) lambda calculus
which is basically presupposed here. Use with extreme caution.

4.1 Introduction
Historically the lambda calculus and intuitionistic logic were developed sepa- int:pty:int:
sec
rately. Haskell Curry and William Howard independently discovered a close
similarity: types in a typed lambda calculus correspond to formulas in intu-
itionistic logic in such a way that a derivation of a formula corresponds directly
to a typed lambda term with that formula as its type. Moreover, beta reduc-
tion in the typed lambda calculus corresponds to certain transformations of
derivations.
For instance, a derivation of ϕ→ψ corresponds to a term λxϕ . N ψ , which has
the function type ϕ → ψ. The inference rules of natural deduction correspond
to typing rules in the typed lambda calculus, e.g.,
[ϕ]x

ψ x:ϕ ⇒ N :ψ
x →Intro λ
ϕ→ψ corresponds to ⇒ λxϕ . N ψ : ϕ → ψ
where the rule on the right means that if x is of type ϕ and N is of type ψ,
then λxϕ . N is of type ϕ → ψ.
The →Elim rule corresponds to the typing rule for composition terms, i.e.,

26
 ϕ→ψ ϕ
→Elim
ψ corresponds to
⇒ P :ϕ→ψ ⇒ Q:ϕ
app
⇒ P ϕ→ψ Qϕ : ψ
If a →Intro rule is followed immediately by a →Elim rule, the derivation
can be simplified:

[ϕ]x

ϕ
→
−
ψ
x →Intro
ϕ→ψ ϕ
→Elim
ψ ψ
which corresponds to the beta reduction of lambda terms

(λxϕ . P ψ )Q →
− P [Q/x].

Similar correspondences hold between the rules for ∧ and “product” types,
and between the rules for ∨ and “sum” types.
This correspondence between terms in the simply typed lambda calculus
and natural deduction derivations is called the “Curry-Howard”, or “proposi-
tions as types” correspondence. In addition to formulas (propositions) corre-
sponding to types, and proofs to terms, we can summarize the correspondences
as follows:
logic program
proposition type
proof term
assumption variable
discharged assumption bind variable
not discharged assumption free variable
implication function type
conjunction product type
disjunction sum type
absurdity bottom type

The Curry-Howard correspondence is one of the cornerstones of automated

proof assistants and type checkers for programs, since checking a proof witness-
ing a proposition (as we did above) amounts to checking if a program (term)
has the declared type.

4.2 Sequent Natural Deduction

int:pty:snd: Let us write Γ ⇒ ϕ if there is a natural deduction derivation with Γ as undis-
sec
charged assumptions and ϕ as conclusion; or ⇒ ϕ if Γ is empty.

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 27

 We write Γ, ϕ1 , . . . , ϕn for Γ ∪ {ϕ1 , . . . , ϕn }, and Γ, ∆ for Γ ∪ ∆.
Observe that when we have Γ ⇒ ϕ ∧ ϕ, meaning we have a derivation with
Γ as undischarged assumptions and ϕ ∧ ϕ as end-formula, then by applying
∧Elim at the bottom, we can get a derivation with the same undischarged
assumptions and ϕ as conclusion. In other words, if Γ ⇒ ϕ ∧ ψ, then Γ ⇒ ϕ.

Γ ⇒ ϕ∧ψ Γ ⇒ ϕ∧ψ
∧Elim ∧Elim
Γ ⇒ ϕ Γ ⇒ ψ

The label ∧Elim hints at the relation with the rule of the same name in natural
deduction.
Likewise, suppose we have Γ, ϕ ⇒ ψ, meaning we have a derivation with
undischarged assumptions Γ, ϕ and end-formula ψ. If we apply the →Intro
rule, we have a derivation with Γ as undischarged assumptions and ϕ → ψ as
the end-formula, i.e., Γ ⇒ ϕ → ψ. Note how this has made the discharge of
assumptions more explicit.

Γ, ϕ ⇒ ψ
→Intro
Γ ⇒ ϕ→ψ

We can draw conclusions from other rules in the same fashion, which is
spelled out as follows:

Γ ⇒ ϕ ∆ ⇒ ψ
∧Intro
Γ, ∆ ⇒ ϕ ∧ ψ
Γ ⇒ ϕ∧ψ Γ ⇒ ϕ∧ψ
∧Elim1 ∧Elim2
Γ ⇒ ϕ Γ ⇒ ψ
Γ ⇒ ϕ Γ ⇒ ψ
∨Intro1 ∨Intro2
Γ ⇒ ϕ∨ψ Γ ⇒ ϕ∨ψ
Γ ⇒ ϕ∨ψ ∆, ϕ ⇒ χ ∆0 , ψ ⇒ χ
0 ∨Elim
Γ, ∆, ∆ ⇒ χ
Γ, ϕ ⇒ ψ ∆ ⇒ ϕ→ψ Γ ⇒ ϕ
→Intro →Elim
Γ ⇒ ϕ→ψ Γ, ∆ ⇒ ψ
Γ ⇒ ⊥ ⊥
I
Γ ⇒ ϕ

Any assumption by itself is a derivation of ϕ from ϕ, i.e., we always have

ϕ ⇒ ϕ.

ϕ ⇒ ϕ

Together, these rules can be taken as a calculus about what natural de-
duction derivations exist. They can also be taken as a notational variant of
natural deduction, in which each step records not only the formula derived but
also the undischarged assumptions from which it was derived.

28 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 ϕ ⇒ ϕ
ϕ ⇒ ϕ ∨ (ϕ → ⊥) ψ ⇒ ψ
ϕ, ψ→ ⇒ ⊥
(ψ ⇒ ϕ → ⊥
(ψ ⇒ ϕ ∨ (ϕ → ⊥) (ψ ⇒ ψ
(ψ ⇒ ⊥
⇒ ψ→⊥

where ψ is short for (ϕ ∨ (ϕ → ⊥)) → ⊥.

4.3 Proof Terms

int:pty:ter: We give the definition of proof terms, and then establish its relation with
sec
natural deduction derivations.

Definition 4.1 (Proof terms). Proof terms are inductively generated by the
following rules:

1. A single variable x is a proof term.

2. If P and Q are proof terms, then P Q is also a proof term.

3. If x is a variable, ϕ is a formula, and N is a proof term, then λxϕ . N is

also a proof term.

4. If P and Q are proof terms, then hP, Qi is a proof term.

5. If M is a proof term, then pi (M ) is also a proof term, where i is 1 or 2.

6. If M is a proof term, and ϕ is a formula, then inϕ

i (M ) is a proof term,
where i is 1 or 2.

7. If M, N1 , N2 is proof terms, and x1 , x2 are variables, then case(M, x1 .N1 , x2 .N2 )

is a proof term.

8. If M is a proof term and ϕ is a formula, then contrϕ (M ) is proof term.

Each of the above rules corresponds to an inference rule in natural deduc-

tion. Thus we can inductively assign proof terms to the formulas in a deriva-
tion. To make this assignment unique, we must distinguish between the two
versions of ∧Elim and of ∨Intro. For instance, the proof terms assigned to the
conclusion of ∨Intro must carry the information whether ϕ ∨ ψ is inferred from
ϕ or from ψ. Suppose M is the term assigned to ϕfrom which ϕ ∨ ψ is inferred.
Then the proof term assigned to ϕ ∨ ψ is inϕ 1 (M ). If we instead infer ψ ∨ ϕ
then the proof term assigned is inϕ2 (M ).
The term λxϕ . N is assigned to the conclusion of →Intro. The ϕ represents
the assumption being discharged; only have we included it can we infer the
formula of λxϕ . N based on the formula of N .

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 29

Definition 4.2 (Typing context). A typing context is a mapping from vari-
ables to formulas. We will call it simply the “context” if there is no confusion.
We write a context Γ as a set of pairs hx, ϕi.

A pair Γ ⇒ M where M is a proof term represents a derivation of a formula

with context Γ .

Definition 4.3 (Typing pair). A typing pair is a pair hΓ, M i, where Γ is a

typing context and M is a proof term.

Since in general terms only make sense with specific contexts, we will speak
simply of “terms” from now on instead of “typing pair”; and it will be apparent
when we are talking about the literal term M .

4.4 Converting Derivations to Proof Terms

We will describe the process of converting natural deduction derivations to int:pty:pt:
sec
pairs. We will write a proof term to the left of each formula in the derivation,
resulting in expressions of the form M : ϕ. We’ll then say that, M witnesses ϕ.
Let’s call such an expression a judgment.
First let us assign to each assumption a variable, with the following con-
straints:

1. Assumptions discharged in the same step (that is, with the same number
on the square bracket) must be assigned the same variable.

2. For assumptions not discharged, assumptions of different formulas should

be assigned different variables.

Such an assignment translates all assumptions of the form

ϕ into x : ϕ.

With assumptions all associated with variables (which are terms), we can now
inductively translate the rest of the deduction tree. The modified natural
deduction rules taking into account context and proof terms are given below.
Given the proof terms for the premise(s), we obtain the corresponding proof
term for conclusion.

M1 : ϕ1 M2 : ϕ2
∧Intro
hM1 , M2 i : ϕ1 ∧ ϕ2
M : ϕ1 ∧ ϕ2 M : ϕ1 ∧ ϕ2
∧Elim1 ∧Elim2
pi (M ) : ϕ1 pi (M ) : ϕ2

In ∧Intro we assume we have ϕ1 witnessed by term M1 and ϕ2 witnessed

by term M2 . We pack up the two terms into a pair hM1 , M2 i which witnesses
ϕ1 ∧ ϕ2 .

30 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 In ∧Elimi we assume that M witnesses ϕ1 ∧ ϕ2 . The term witnessing ϕi
is pi (M ). Note that M is not necessary of the form hM1 , M2 i, so we cannot
simply assign M1 to the conclusion ϕi .
Note how this coincides with the BHK interpretation. What the BHK
interpretation does not specify is how the function used as proof for ϕ → ψ is
supposed to be obtained. If we think of proof terms as proofs or functions of
proofs, we can be more explicit.

[x : ϕ]

P :ϕ→ψ Q:ϕ
→Elim
PQ : ψ
N :ψ
→Intro
λxϕ . N : ϕ → ψ

The λ notation should be understood as the same as in the lambda calculus,

and P Q means applying P to Q.

M1 : ϕ 1 M2 : ϕ2
∨Intro1 ∨Intro2
inϕ
1
1
(M 1 ) : ϕ1 ∨ ϕ2 in ϕ2
2 (M 2 ) : ϕ1 ∨ ϕ2
[x1 : ϕ1 ] [x2 : ϕ2 ]

M : A1 ∨ ϕ2 N1 : χ N2 : χ
∨Elim
case(M, x1 .N1 , x2 .N2 ) : χ

The proof term inϕ1 (M1 ) is a term witnessing ϕ1 ∨ ϕ2 , where M1 witnesses ϕ1 .

1

The term case(M, x1 .N1 , x2 .N2 ) mimics the case clause in programming
languages: we already have the derivation of ϕ∨ψ, a derivation of χ assuming ϕ,
and a derivation of χ assuming ψ. The case operator thus select the appropriate
proof depending on M ; either way it’s a proof of χ.

N :⊥ ⊥I
contrϕ (N ) : ϕ

contrϕ (N ) is a term witnessing ϕ, whenever N is a term witnessing ⊥.

Now we have a natural deduction derivation with all formulas associated
with a term. At each step, the relevant typing context Γ is given by the list of
assumptions remaining undischarged at that step. Note that Γ is well defined:
since we have forbidden assumptions of different undischarged assumptions to
be assigned the same variable, there won’t be any disagreement about the
formulas mapped to which a variable is mapped.
We now give some examples of such translations:
Consider the derivation of ¬¬(ϕ ∨ ¬ϕ), i.e., ((ϕ ∨ (ϕ → ⊥)) → ⊥) → ⊥. Its
translation is:

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 31

 [x : ϕ]1
[y : (ϕ ∨ (ϕ → ⊥)) → ⊥]2 inϕ→⊥
1 (x) : ϕ ∨ (ϕ → ⊥)
y(inϕ→⊥
1 (x)) : ⊥
1
λxϕ . y(inϕ→⊥
1 (x)) : ϕ → ⊥
[y : (ϕ ∨ (ϕ → ⊥)) → ⊥]2 inϕ ϕ ϕ→⊥
2 (λx . y(in1 (x))) : ϕ ∨ (ϕ → ⊥)
y(inϕ ϕ ϕ→⊥
2 (λx . yin1 (x))) : ⊥
2
λy (ϕ∨(ϕ→⊥))→⊥ . y(inϕ ϕ ϕ→⊥
2 (λx . yin1 (x))) : ((ϕ ∨ (ϕ → ⊥)) → ⊥) → ⊥
The tree has no assumptions, so the context is empty; we get:

` λy (ϕ∨(ϕ→⊥))→⊥ . y(inϕ ϕ ϕ→⊥

2 (λx . yin1 (x))) : ((ϕ ∨ (ϕ → ⊥)) → ⊥) → ⊥

If we leave out the last →Intro, the assumptions denoted by y would be in the
context and we would get:

y : ((ϕ ∨ (ϕ → ⊥)) → ⊥) ` y(inϕ ϕ ϕ→⊥

2 (λx . yin1 (x))) : ⊥

Another example: ` ϕ → (ϕ → ⊥) → ⊥

[x : ϕ]2 [y : ϕ → ⊥]1
yx : ⊥
1
λy ϕ→⊥ . yx : (ϕ → ⊥) → ⊥
2
λxϕ . λy ϕ→⊥ . yx : ϕ → (ϕ → ⊥) → ⊥
Again all assumptions are discharged and thus the context is empty, the re-
sulting term is

` λxϕ . λy ϕ→⊥ . yx : ϕ → (ϕ → ⊥) → ⊥

If we leave out the last two →Intro inferences, the assumptions denoted by
both x and y would be in context and we would get

x : ϕ, y : ϕ → ⊥ ` yx : ⊥

4.5 Recovering Derivations from Proof Terms

Now let us consider the other direction: translating terms back to natural int:pty:tp:
sec
deduction trees. We will use still use the double refutation of the excluded
middle as example, and let S denote this term, i.e.,

λy (ϕ∨(ϕ→⊥))→⊥ . y(inϕ ϕ ϕ→⊥

2 (λx . yin1 (x))) : ((ϕ ∨ (ϕ → ⊥)) → ⊥) → ⊥

For each natural deduction rule, the term in the conclusion is always formed
by wrapping some operator around the terms assigned to the premise(s). Rules

32 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

correspond uniquely to such operators. For example, from the structure of the
S we infer that the last rule applied must be →Intro, since it is of the form
λy ... . . . ., and the λ operator corresponds to →Intro. In general we can recover
the skeleton of the derivation solely by the structure of the term, e.g.,

[x]1
∨Intro1
[y :]2 inϕ→⊥
1 (x) :
→Elim
y(inϕ→⊥
1 (x)) :
1 →Intro
λxϕ . y(inϕ→⊥
1 (x)) :
∨Intro2
[y :]2 inϕ ϕ ϕ→⊥
2 (λx . yin1 (x)) :
→Elim
y(inϕ ϕ ϕ→⊥
2 (λx . yin1 (x))) :
2 →Intro
λy (ϕ∨(ϕ→⊥))→⊥ . y(inϕ ϕ ϕ→⊥
2 (λx . y(in1 (x)))) :
Our next step is to recover the formulas these terms witness. We define a
function F (Γ, M ) which denotes the formula witnessed by M in context Γ , by
induction on M as follows:

F (Γ, x) = Γ (x)
F (Γ, hN1 , N2 i = F (Γ, N1 ) ∧ F (Γ, N2 )
F (Γ, pi (N ) = ϕi if F (Γ, N ) = ϕ1 ∧ ϕ2
(
ϕ F (N ) ∨ ϕ if i = 1
F (Γ, ini (N ) =
ϕ ∨ F (N ) if i = 2
F (Γ, case(M, x1 .N1 , x2 .N2 )) = F (Γ ∪ {xi : F (Γ, M )}, Ni )
F (Γ, λxϕ . N ) = ϕ → F (Γ ∪ {x : ϕ}, N )
F (Γ, N M ) = ψ if F (Γ, N ) = ϕ → ψ

where Γ (x) means the formula mapped to by x in Γ and Γ ∪ {x : ϕ} is a

context exactly as Γ except mapping x to ϕ, whether or not x is already in Γ .
Note there are cases where F (Γ, M ) is not defined, for example:
1. In the first line, it is possible that x is not in Γ .
2. In recursive cases, the inner invocation may be undefined, making the
outer one undefined too.
3. In the third line, its only defined when F (Γ, M ) is of the form ϕ1 ∨ ϕ2 ,
and the right hand is independent on i.
As we recursively compute F (Γ, M ), we work our way up the natural deduc-
tion derivation. The every step in the computation of F (Γ, M ) corresponds to
a term in the derivation to which the derivation-to-term translation assigns M ,
and the formula computed is the end-formula of the derivation. However, the
result may not be defined for some choices of Γ . We say that such pairs hΓ, M i
are ill-typed, and otherwise well-typed. However, if the term M results from

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 33

translating a derivation, and the formulas in Γ correspond to the undischarged
assumptions of the derivation, the pair hΓ, M i will be well-typed.
Proposition 4.4. If D is a derivation with undischarged assumptions ϕ1 , . . . ,
ϕn , M is the proof term associated with D and Γ = {x1 : ϕ1 , . . . , xn : ϕn },
then the result of recovering derivation from M in context Γ is D.

In the other direction, if we first translate a typing pair to natural deduction

and then translate it back, we won’t get the same pair back since the choice of
variables for the undischarged assumptions is underdetermined. For example,
consider the pair h{x : ϕ, y : ϕ → ψ}, yxi. The corresponding derivation is
ϕ→ψ ϕ
→Elim
ψ
By assigning different variables to the undischarged assumptions, say, u to
ϕ → ψ and v to ϕ, we would get the term uv rather than yx. There is a
connection, though: the terms will be the same up to renaming of variables.
Now we have established the correspondence between typing pairs and nat-
ural deduction, we can prove theorems for typing pairs and transfer the result
to natural deduction derivations.
Similar to what we did in the natural deduction section, we can make some
observations here too. Let Γ ` M : ϕ denote that there is a pair (Γ, M )
witnessing the formula ϕ. Then always Γ ` x : ϕ if x : ϕ ∈ Γ , and the
following rules are valid:

Γ ` M1 : ϕ1 ∆ ` M2 : ϕ 2 Γ ` M : ϕ1 ∧ ϕ2
∧Intro ∧Elimi
Γ, ∆ ` hM1 , M2 i : ϕ1 ∧ ϕ2 Γ ` pi (M ) : ϕi
Γ ` M1 : ϕ 1 Γ ` M2 : ϕ2
∨Intro1 ∨Intro2
Γ ` inϕ1
2
(M ) : ϕ1 ∨ ϕ 2 Γ ` inϕ1
2 (M ) : ϕ1 ∨ ϕ2
Γ `M :ϕ∨ψ ∆1 , x1 : ϕ1 ` N1 : χ ∆2 , x2 : ϕ2 ` N2 : χ
∨Elim
Γ, ∆, ∆0 ` case(M, x1 .N1 , x2 .N2 ) : χ
Γ, x : ϕ ` N : ψ Γ `Q:ϕ ∆`P :ϕ→ψ
ϕ →Intro →Elim
Γ ` λx . N : ϕ → ψ Γ, ∆ ` P Q : ψ
Γ `M :⊥
⊥Elim
Γ ` contrϕ (M ) : ϕ
These are the typing rules of the simply typed lambda calculus extended
with product, sum and bottom.
In addition, the F (Γ, M ) is actually a type checking algorithm; it returns
the type of the term with respect to the context, or is undefined if the term is
ill-typed with respect to the context.

4.6 Reduction
int:pty:red:
sec

34 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

In natural deduction derivations, an introduction rule that is followed by an
elimination rule is redundant. For instance, the derivation
ϕ ϕ→ψ
→Elim
ψ [χ]
∧Intro
ψ∧χ
∧Elim
ψ
→Intro
χ→ψ
can be replaced with the simpler derivation:
ϕ ϕ→ψ
→Elim
ψ
→Intro
χ→ψ

As we see, an ∧Intro followed by ∧Elim “cancel out.” In general, we see that

the conclusion of ∧Elim is always the formula on one side of the conjunction,
and the premises of ∧Intro requires both sides of the conjunction, thus if we
need a derivation of either side, we can simply use that derivation without
introducing the conjunction followed by eliminating it.
Thus in general we have

D1 D2
ϕ1 ϕ2 Di
ϕ1 ∧ ϕ2 ∧Intro
ϕi ∧Elim i →
− ϕi

The →− symbol has a similar meaning as in the lambda calculus, i.e., a

single step of a reduction. In the proof term syntax for derivations, the above
reduction rule thus becomes:

(Γ, pi hM1ϕ1 , M2ϕ2 i) →

− (Γ, Mi )

In the typed lambda calculus, this is the beta reduction rule for the product
type.
Note the type annotation on M1 and M2 : while in the standard term syntax
only λxϕ . N has such notion, we reuse the notation here to remind us of the
formula the term is associated with in the corresponding natural deduction
derivation, to reveal the correspondence between the two kinds of syntax.
In natural deduction, a pair of inferences such as those on the left, i.e., a
pair that is subject to cancelling is called a cut. In the typed lambda calculus
the term on the left of →
− is called a redex, and the term to the right is called the
reductum. Unlike untyped lambda calculus, where only (λx. N )Q is considered
to be redex, in the typed lambda calculus the syntax is extended to terms
involving hN, M i, pi (N ), inϕ
i (N ), case(N, x1 .M1 , x2 .M2 ), and contrN (), with
corresponding redexes.

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 35

 Similarly we have reduction for disjunction:

D
[ϕ1 ]u [ϕ2 ]u
D ϕi
D1 D2
ϕi Di
ϕ1 ∨ ϕ2 ∨Intro χ χ
u
χ ∨Elim →
− χ

This corresponds to a reduction on proof terms:

(Γ, case(inϕi ϕi ϕ1 χ ϕ2 χ
− (Γ, Niχ [M ϕi /xϕ
i (M ), x1 .N1 , x2 .N2 )) →
i
i ])

This is the beta reduction rule of for sum types. Here, M [N/x] means replacing
all assumptions denoted by variable x in M with N ,
It would be nice if we pass the context Γ to the substitution function so
that it can check if the substitution makes sense. For example, xy[ab/y] does
not make sense under the context {x : ϕ → θ, y : ϕ, a : ψ → χ, b : ψ} since then
we would be substituting a derivation of χ where a derivation of ϕ is expected.
However, as long as our usage of substitution is careful enough to avoid such
errors, we won’t have to worry about such conflicts. Thus we can define it
recursively as we did for untyped lambda calculus as if we are dealing with
untyped terms.
Finally, the reduction of the function type corresponds to removal of a
detour of a →Intro followd by a →Elim.

[ϕ]u
D0
D ϕ
ψ D0
u →Intro D
ϕ→ψ ϕ
→Elim
ψ →
− ψ

For proof terms, this amounts to ordinary beta reduction:

(Γ, (λxϕ . N ψ )Qϕ ) →

− (Γ, N ψ [Qϕ /xϕ ])

Absurdity has only an elimination rule and no introduction rule, thus there
is no such reduction for it.
Note that the above notion of reduction concerns only deductions with a cut
at the end of a derivation. We would of course like to extend it to reduction
of cuts anywhere in a derivation, or reductions of subterms of proof terms
which constitute redexes. Note that, however, the conclusion of the reduction
does not change after reduction, thus we are free to continue applying rules to
both sides of →
− . The resulting pairs of trees constitutes an extended notion of
reduction; it is analogous to compatibility in the untyped lambda calculus.

36 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

 It’s easy to see that the context Γ does not change during the reduction
(both the original and the extended version), thus it’s unnecessary to mention
the context when we are discussing reductions. In what follows we will assume
that every term is accompanied by a context which does no change during
reduction. We then say “proof term” when we mean a proof term accompanied
by a context which makes it well-typed.
As in lambda calculus, the notion of normal-form term and normal deduc-
tion is given:
Definition 4.5. A proof term with no redex is said to be in normal form;
likewise, a derivation without cuts is a normal derivation. A proof term is in
normal form if and only if its counterpart derivation is normal.

4.7 Normalization
int:pty:nor: In this section we prove that, via some reduction order, any deduction can
sec
be reduced to a normal deduction, which is called the normalization property.
We will make use of the propositions-as-types correspondence: we show that
every proof term can be reduced to a normal form; normalization for natural
deduction derivations then follows.
Firstly we define some functions that measure the complexity of terms. The
length len(ϕ) of a formulas is defined by

len(p) = 0
len(ϕ ∧ ψ) = len(ϕ) + len(ψ) + 1
len(ϕ ∨ ψ) = len(ϕ) + len(ψ) + 1
len(ϕ → ψ) = len(ϕ) + len(ψ) + 1.

The complexity of a redex M is measured by its cut rank cr(M ):

cr((λxϕ . N ψ )Q) = len(ϕ) + len(ψ) + 1

cr(pi (hM ϕ , N ψ i)) = len(ϕ) + len(ψ) + 1
cr(case(ini (M ϕi ), xϕ
ϕi 1 χ ϕ2 χ
1 .N1 , x2 .N2 )) = len(ϕ) + len(ψ) + 1

The complexity of a proof term is measured by the most complex redex in it,
and 0 if it is normal:

mr(M ) = max{cr(N )|N is a sub term of M and is redex}

int:pty:nor: Lemma 4.6. If M [N ϕ /xϕ ] is a redex and M 6≡ x, then one of the following
lem:subst
cases holds:
1. M is itself a redex, or
2. M is of the form pi (x), and N is of the form hP1 , P2 i
3. M is of the form case(i, x1 .P1 , x2 .P2 ), and N is of the form ini (Q)

intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY 37

 4. M is of the form xQ, and N is of the form λx. P

In the first case, cr(M [N/x]) = cr(M ); in the other cases, cr(M [N/x]) =
len(ϕ)).

Proof. Proof by induction on M .

1. If M is a single variable y and y 6≡ x, then y[N/x] is y, hence not a redex.

2. If M is of the form hN1 , N2 i, or λx. N , or inϕ ϕ ϕ

i (N ), then M [N /x ] is also
of that form, and so is not a redex.

3. If M is of the form pi (P ), we consider two cases.

a) If P is of the form hP1 , P2 i, then M ≡ pi (hP1 , P2 i) is a redex, and

clearly
M [N/x] ≡ pi (hP1 [N/x], P2 [N/x]i)
is also a redex. The cut ranks are equal.
b) If P is a single variable, it must be x to make the substitution a
redex, and N must be of the form hP1 , P2 i. Now consider

M [N/x] ≡ pi (x)[hP1 , P2 i/x],

which is pi (hP1 , P2 i). Its cut rank is equal to cr(x), which is len(ϕ).

The cases of case(N, x1 .N1 , x2 .N2 ) and P Q are similar.

Lemma 4.7. If M contracts to M 0 , and cr(M ) > cr(N ) for all proper redex
sub-terms N of M , then cr(M ) > mr(M 0 ).

Proof. Proof by cases.

1. If M is of the form pi (hM1 , M2 i), then M 0 is Mi ; since any sub-term of

Mi is also proper sub-term of M , the claim holds.

2. If M is of the form (λxϕ . N )Qϕ , then M 0 is N [Qϕ /xϕ ]. Consider a redex

in M 0 . Either there is corresponding redex in N with equal cut rank,
which is less than cr(M ) by assumption, or the cut rank equals len(ϕ),
which by definition is less than cr((λxϕ . N )Q).

3. If M is of the form

case(ini (N ϕi ), xϕ1 χ ϕ2 χ
1 .N1 , x2 .N2 ),

then M 0 ≡ Ni [N/xϕ i 0
i ]. Consider a redex in M . Either there is corre-
sponding redex in Ni with equal cut rank, which is less than cr(M ) by
assumption; or the cut rank equals len(ϕi ), which by definition is less
than cr(case(ini (N ϕi ), xϕ1 χ ϕ2 χ
1 .N1 , x2 .N2 )).

38 intuitionistic-logic rev: b92204b (2021-04-17) by OLP / CC–BY

Theorem 4.8. All proof terms reduce to normal form; all derivations reduce
to normal derivations.

Proof. The second follows from the first. We prove the first by complete in-
duction on m = mr(M ), where M is a proof term.
1. If m = 0, M is already normal.
2. Otherwise, we proceed by induction on n, the number of redexes in M
with cut rank equal to m.
a) If n = 1, select any redex N such that m = cr(N ) > cr(P ) for any
proper sub-term P which is also a redex of course. Such a redex
must exist, since any term only has finitely many subterms.
Let N 0 denote the reductum of N . Now by the lemma mr(N 0 ) <
mr(N ), thus we can see that n, the number of redexes with cr(=)m
is decreased. So m is decreased (by 1 or more), and we can apply
the inductive hypothesis for m.
b) For the induction step, assume n > 1. the process is similar, except
that n is only decreased to a positive number and thus m does not
change. We simply apply the induction hypothesis for n.

The normalization of terms is actually not specific to the reduction order

we chose. In fact, one can prove that regardless of the order in which redexes
are reduced, the term always reduces to a normal form. This property is called
strong normalization.

Photo Credits

39
Bibliography

40