Content uploaded by Christoph Benzmüller
Author content
All content in this area was uploaded by Christoph Benzmüller
Content may be subject to copyright.
The Journal of Symbolic Logic
Volume 69, Number 4, Dec. 2004
HIGHER-ORDER SEMANTICS AND EXTENSIONALITY
CHRISTOPH BENZM ¨
ULLER, CHAD E. BROWN, AND MICHAEL KOHLHASE
Abstract. In this paper we re-examine the semantics of classical higher-order logic with the purpose
of clarifying the role of extensionality. To reach this goal, we distinguish nine classes of higher-order
models with respect to various combinations of Boolean extensionality and three forms of functional
extensionality. Furthermore, we develop a methodology of abstract consistency methods (by providing the
necessary model existence theorems) needed to analyze completeness of (machine-oriented) higher-order
calculi with respect to these model classes.
§1. Motivation. In classical first-order predicate logic, it is rather simple to assess
the deductive power of a calculus: first-order logic has a well-established and
intuitive set-theoretic semantics, relative to which completeness can easily be verified
using, for instance, the abstract consistency method (cf. the introductory textbooks
[6, 22]). This well understood meta-theory has supported the development of calculi
adapted to special applications—such as automated theorem proving (cf. [16, 47]
for an overview).
In higher-order logics, the situation is rather different: the intuitive set-theoretic
standard semantics cannot give a sensible notion of completeness, since it does
not admit complete (recursively axiomatizable) calculi [24, 6]. There is a more
general notion of semantics [26], the so-called Henkin models, that allows complete
(recursively axiomatizable) calculi and therefore sets the standard for deductive
power of calculi.
Peter Andrews’ Unifying Principle for Type Theory [1] provides a method of
higher-order abstract consistency that has become the standard tool for complete-
ness proofs in higher-order logic, even though it can only be used to show complete-
ness relative to a certain Hilbert style calculus Tâ. A calculus Cis called complete
relative to a calculus Tâiff (if and only if) Cproves all theorems of Tâ. Since Tâis
not complete with respect to Henkin models, the notion of completeness that can
be established by this method is a strictly weaker notion than Henkin completeness.
The differences between these notions of completeness can largely be analyzed in
terms of availability of various extensionality principles, which can be expressed
axiomatically in higher-order logic.
As a consequence of the limitations of Andrew’s Unifying Principle, calculi for
higher-order automated theorem proving [1, 32, 33, 34, 42, 36, 37] and the cor-
responding theorem proving systems such as Tps [7, 8], or earlier versions of the
Leo [14] system are not complete with respect to Henkin models. Moreover, they
Received February 23, 1998; final version March 29, 2004.
c
2004, Association for Symbolic Logic
0022-4812/04/6904-0004/$7.20
1027
1028 CHRISTOPH BENZM ¨
ULLER, CHAD E. BROWN, AND MICHAEL KOHLHASE
are not even sound with respect to Tâ, since they (for the most part) employ
ç-conversion, which is not admissible in Tâ. In other words, their deductive power
lies somewhere between Tâand Henkin models. Characterizing exactly where re-
veals important theoretical properties of these calculi that have direct consequences
for the adequacy in various application domains (see the discussion in section 8.1).
Unlike calculi without computational concerns, calculi for mechanized reasoning
systems cannot be made complete by simply adding extensionality axioms, since
the search spaces induced by their introduction grow prohibitively. Being able to
compare and characterize the methods and computational devices used instead is a
prerequisite for further development in this area.
In this situation, the aim of this article is to provide a semantical meta theory
that will support the development of higher-order calculi for automated theorem
proving just as the corresponding methodology does in first-order logic. To reach
this goal, we need to establish:
(1) classes of models that adequately characterize the deductive power of existing
theorem-proving calculi (providing semantics with respect to which they are
sound and complete), and
(2) a methodology of abstract consistency methods (by providing for these model
classes the necessary model existence theorems, which extend Andrews’ Uni-
fying Principle), so that the completeness analysis for higher-order calculi
will become almost as simple as in first-order logic.
We fully achieve the first goal in this article, and take a large step towards the
second. In the model existence theorems presented in this article, we have to
assume a new condition called saturation, which limits their utility in completeness
proofs for machine-oriented calculi. Fortunately, the saturation condition can be
lifted by extensions of the methods presented in this article (see the discussion in
the conclusion 8.2 and [12]).
Due to the inherent complexity of higher-order semantics we first give an informal
exposition of the issues covered and the techniques applied. In Section 4, we will
investigatethe properties of the model classes introduced in Section 3 in more detail
and corroborate them with example models in Section 5. We prove model existence
theorems for the model classes in Section 6. Finally, in Section 7 we will apply
the model existence theorems from Section 6 to the task of proving completeness
of higher-order natural deduction calculi. Section 8 concludes the article with a
discussion of related work, possible applications, and the saturation assumption we
introduced for the model existence theorems.
The work reported in this article is based on [15] and significantly extends the
material presented there.
§2. Informal exposition. Before we turn to the exposition of the semantics in
Section 2.3, let us specify what we mean by “higher-order logic”: any simply typed
logical system that allows quantification over function and predicate variables.
Technically, we will follow tradition and employ a logical system HOL based on
the simply typed ë-calculus as introduced in [18]; this does not restrict the generality
of the methods reported in this article, since the ideas can be carried over. A related
logical system is discussed in detail in [6].
HIGHER-ORDER SEMANTICS AND EXTENSIONALITY 1029
2.1. Simply typed ë-calculus. To formulate higher-order logic we start with a
collection of types T. We assume there are some basic types in Tand that whenever
α, â ∈T, then the function type (α→â) is in T. Furthermore, we assume the
types are generated freely, so that (α1→â1)≡(α2→â2) implies α1≡α2and
â1≡â2.
HOL -formulae (or terms) are built up from a set Vof (typed) variables and
asignature Σ (a set of typed constants) as applications and ë-abstractions. We
assume the set Vαof variables of type αis countably infinite for each type α. The
set wffα(Σ) of well-formed formulae consists of those formulae which have type α.
The type of formula Aαwill be annotated as an index, if it is not clear from the
context. We will denote variables with upper-case letters (Xα, Y, Z, X 1
â, X 2
ã, . . . ),
constants with lower-case letters (cα, fα→â,...) and well-formed formulae with
upper-case bold letters (Aα,B,C1,...). Finally, we abbreviate multiple applications
and abstractions in a kind of vector notation, so that AU kdenotes k-fold application
(associating to the left), ëX kAdenotes k-fold ë-abstraction (associating to the
right) and we use the square dot ‘ ’ as an abbreviation for a pair of brackets, where
‘ ’ stands for the left one with its partner as far to the right as is consistent with the
bracketing already present in the formula. We may avoid full bracketing of formulas
in the remainder if the bracketing structure is clear from the context.
We will use the terms like free and bound variables or closed formulae in their
standard meaning and use free(A) for the set of free variables of a formula A. In
particular, alphabetic change of names of bound variables is built into HOL: we
consider alphabetic variants to be identical (viewing the actual representation as a
representative of an alphabetic equivalence class) and use a notion of substitution
that avoids variable capture by systematicallyrenaming bound variables.1We denote
a substitution that instantiates a free variable Xwith a formula Awith [A/X ] and
write ó, [A/X ] for the substitution that is identical with óbut instantiates Xwith
A. For any term Awe denote by A[B]pthe term resulting by replacing the subterm
at position pin Aby B.
A structural equality relation of HOL terms is induced by âç-reduction
(ëX A)B→â[B/X ]A(ëX CX)→çC
where Xis not free in C. It is well-known that the reduction relations â,ç, and
âç are terminating and confluent on wff(Σ), so that there are unique normal forms
(cf. [9] for an introduction). We will denote the â-normal form of a term Aby A
yâ,
and the âç-normal form of Aby A↓âç . If we allow both reduction and expansion
steps, we obtain notions of â-conversion,ç-conversion, and âç-conversion. We say
Aand Bare â-equal [ç-equal,âç-equal] (written A≡âB[A≡çB,A≡âç B]) when Ais
â-convertible [ç-convertible, âç-convertible] to B.
2.2. Higher-order logic (HOL ). In HOL , the set of base types is {o, é}for truth
values and individuals. We will call a formula of type oaproposition, and a sentence
if it is closed. We will assume that the signature Σ contains logical constants for
negation (¬o→o), disjunction (∨o→o→o), and universal quantification (Πα
(α→o)→o) for
each type α. Optionally, Σ may contain primitive equality (=α
α→α→o) for each type
1We could also have used de Bruijn’s indices [19] as a concrete implementation of this approach at
the syntax level.
1030 CHRISTOPH BENZM ¨
ULLER, CHAD E. BROWN, AND MICHAEL KOHLHASE
α. All other constants are called parameters, since the argumentation in this article
is parametric in their choice.
We write disjunctions and equations, i.e., ter ms of the form ((∨A)B) or ((= A)B),
in infix notation as A∨Band A=B. As we only assume the logical constants ¬,
∨, and Πα(and possibly =α) as primitive, we will use formulae of the form A∧B,
A⇒B, and A⇔Bas shorthand for the formulae ¬((¬A)∨(¬B)), and (¬A)∨B,
and (A⇒B)∧(B⇒A), respectively. For each A∈wffo(Σ), the standard notations
∀XαAand ∃XαAfor quantification are regarded as shorthand for Πα(ëXαA) and
¬(Πα(ëXα¬A)). Finally, we extend the vector notation for ë-binders to k-fold
quantification: we will use ∀XkAand ∃XkAin the obvious way.
We often need to distinguish between atomic and non-atomic formulae in wff o(Σ).
A non-atomic formula is any formula whose â-normal form is either of the form
¬A,A∨B, or ΠαC(where A,B∈wffo(Σ) and C∈wff α→o(Σ)). An atomic formula
is any other formula in wffo(Σ)—including primitive equations A=αBin case of
the presence of primitive equality.
It is matter of folklore that equality can directly be expressed in HOL . A
prominent example is the Leibniz formula for equality
Qα:= (ëXαYα∀Pα→oPX ⇒PY ).
With this definition, the formula (QαAB) (expressing equality of two formulae A
and Bof type α)â-reduces to ∀Pα→o(PA)⇒(PB), which can be read as: formulae
Aand Bare not equal iff there exists a discerning property P.2In other words, Aand
Bare equal, if they are indiscernible. We will use the notation A.
=αBas shorthand
for the â-reduct ∀Pα→o(PA)⇒(PB) of (QαAB) (where P /∈free(A)∪free(B)).3
There are alternative ways to define equality in terms of the logical connectives
([6, p. 203]) and the techniques for equality introduced in this article carry over to
them (cf. Remark 4.4).
In this article we use several different notions of equality. In order to prevent
misunderstandings we explain these different notions together with their syntactical
representation here:
If we define a concept we use : = (e.g., let D: = {T,F}). ≡represents identity.
We refer to a representative of the identity relation on Dαas an object of the
semantical domain Dα→α→owith qα. Note that we possibly have one, several, or
no qαin Dα→α→ofor each domain Dα. The remaining two notions are related to
syntax. =αmay occur as a constant symbol of type α→α→oin a signature Σ.
Finally, .
=αand Qαare used for Leibniz equality as described above.
2.3. Notions of models for HOL .A model of HOL is a collection of non-empty
domains Dαfor all types αtogether with a way of interpreting formulae. The
model classes discussed in this article will vary in the domains and specifics of
the evaluation of formulae. The relationships between these classes of models are
depicted as a cube in Figure 1. We will discuss the model classes from bottom to
top, from the most specific notion of standard models (ST) to the most general
notion of õ-complexes, motivating the respective generalizations as we go along. In
Section 3, where we develop the theory formally based on the intuitions discussed
2Note that this is symmetric by considering complements and hence it is sufficient to use ⇒instead
of ⇔.
3Note that A.
=αBis â-normal iff Aand Bare â-normal. The same holds for âç-equality.
HIGHER-ORDER SEMANTICS AND EXTENSIONALITY 1031
ST
Mâfb 'H
Mâçb
Mâîb
Mâf
∇
f
Mâî
∇
îMâç ∇
çMâb∇
b
Mâ∇
c,∇
â,∇
¬,∇
∨,∇
∧,∇
∀,∇
∃,∇
sat
î
ç
ç
ç
î
f
î
f
b
b
b
b
î
ç
full
Figure 1. The landscape of higher-order semantics.
here, we will proceed the other way around, specializing the notion of a Σ-model
more and more.
The symbols in the boxes in Figure 1 denote model classes, the symbols labeling
the arrows indicate the properties inducing the corresponding specialization, and
the ∇-symbols next to the boxes indicate the clauses in the definition of abstract
consistency classes (cf. Definition 6.5) that are needed to establish a model existence
theorem for this particular class of models (cf. Theorem 6.34).
2.3.1. Standard and Henkin models [ST,H,Mâfb].Astandard model (ST, cf.
Definition 3.51) for HOL provides a fixed set Déof individuals and a set Do:= {T,F}
of truth values. All the domains for the function types are defined inductively: Dα→â
is the set of functions f:Dα−→ Dâ. The evaluation function Eϕwith respect to an
assignment ϕof variables is obtained by the standard homomorphic construction
that evaluates a ë-abstraction with a function.
One can reconstruct the key idea behind Henkin models (Hisomorphic to Mâfb ,
cf. Definitions 3.50, and Theorem 3.68)by the following observation. If the set Déis
infinite, the set Dé→oof sets of individuals must be uncountably infinite. On the other
hand, any reasonable semantics of a language with a countable signature that admits
1032 CHRISTOPH BENZM ¨
ULLER, CHAD E. BROWN, AND MICHAEL KOHLHASE
sound and complete calculi must have countable models. Leon Henkin generalized
the class of admissible domains for functional types [26]. Instead of requiring
Dα→â(and thus in particular, Dé→o) to be the full set of functions (predicates), it is
sufficient to require that Dα→âhas enough members that any well-formed formula
can be evaluated (in other words, the domains of function types are rich enough to
satisfy comprehension). Note that with this generalized notion of a model, there are
fewer formulae that are valid in all models (intuitively, for any given formula there
are more possibilities for counter-models). The generalization to Henkin models
restricts the set of valid formulae sufficiently so that all of them can be proven by a
Hilbert-style calculus [26].
Of course our picture in Figure 1 is not complete here; we can axiomatically
require the existence of particular (classes of ) functions, e.g., by assuming the de-
scription or choice operators. We will not pursue this here; for a detailed discussion
of the semantic issues raised by the presence of these logical constants see [3]. Note
that even though we can consider model classes with richer and richer function
spaces, we can never reach standard models where function spaces are full while
maintaining complete (recursively axiomatizable) calculi.
2.3.2. Models without boolean extensionality [Mâ,Mâî,Mâç,Mâf].The next gen-
eralization of model classes comes from the fact that we want to have logics where
the axiom of Boolean extensionality can fail. For instance, in the semantics of nat-
ural language we have so-called verbs and adjectives of “propositional attitude”like
believe or obvious. We may not want to commit ourselves to a logic where the sen-
tence “John believes that Phil is a woodchuck” automatically entails “John believes
that Phil is a groundhog” since John might not be aware that “woodchuck” is just
another word for “groundhog”. The axiom of Boolean extensionality does just that;
it states that whenever two propositions are equivalent, they must be equal, and can
be substituted for each other. Similarly, the formulae obvious(O) and obvious(F)
where O:= 2 + 2 = 4 and F:= ∀n > 2xn+yn=zn⇒x=y=z= 0 should
not be equivalent, even if their arguments are. (Both Oand Fare true over the nat-
ural numbers, but Fermat’s last theorem Fis non-obvious to most people). These
phenomena have been studied under the heading of “hyper-intensional semantics”
in theoretical semantics; see [39] for a survey.
To account for this behavior, we have to generalize the class of Henkin models
further so that there are counter-models to the examples above. Obviously, this
involves weakening the assumption that Do≡ {T,F}since this entails that the values
of Oand Fare identical. We call the assumption that Dohas two elements property
b. In our Σ-models without property b(Mâ,Mâî ,Mâç,Mâf, cf. Definitions 3.41
and 3.49) we only insist that there is a division of the truth values into “good” and
“bad” ones, which we express by insisting on the existence of a valuation õof Do,
i.e., a function õ:Do−→ {T,F}that is coordinated with the interpretations of the
logical constants ¬,∨, and Πα(for each type α). Thus we havea notion of validity:
we call a sentence Avalid in such a model if õ(a)≡T, where a∈Dois the value
of the sentence A. For example, there is a Σ-model (see Examples 5.4 and 5.5)
where woodchuck(phil), groundhog(phil) and believe(john,woodchuck(phil)) are
all valid, but believe(john,groundhog(phil)) is not. In this model, the value of
woodchuck(phil) is different from the value of groundhog(phil) in Do.
HIGHER-ORDER SEMANTICS AND EXTENSIONALITY 1033
2.3.3. Models without functional extensionality [Mâ,Mâç,Mâî,Mâb,Mâçb,
Mâîb].In mathematics (and as a consequence in most higher-order model the-
ories), we assume functional extensionality, which states that two functions are
equal, if they return identical values on all arguments. In many applications we
want to use a logic that allows a finer-grained modeling of properties of functions.
For instance, if we want to model programs as (higher-order) functions, we might
be interested in intensional4properties like run-time complexity. Consider for in-
stance the two functions I:= ëX X and L:= ëX rev(rev(X)), where rev is the
self-inverse function that reverses the order of elements in a list. While the identity
function has constant complexity, the function rev is linear in the length of its ar-
gument. As a consequence, even though Lbehaves like Ion all inputs, they have
different time complexity. A logic with a functionally extensional model theory
(which is encoded as property f, cf. Definitions 3.5, 3.41 and 3.46) would conflate I
and Lsemantically and thus hide this difference rendering the logic unsuitable for
complexity analysis.
To arrive at a model theory which does not require functional extensionality
(which we will a call non-functional model theory in the remainder) we need to
generalize the notion of domains at function types and evaluation functions. This
is because the usual construction already uses sets of (extensional) functions for the
domains of function type and the property of functionality to construct values for
ë-terms.
We build on the notion of applicative structures (cf. Definition 3.1) to define Σ-
evaluations (cf. Definition 3.18), where the evaluation function is assumed to respect
application and â-conversion. In such models, a function is not uniquely deter-
mined by its behavior on all possible arguments. Such models can be constructed,
for example, by labeling for functions (e.g., a green and a red version of a func-
tion f) in order to differentiate between them, even though they are functionally
equivalent (cf. Example 5.6). Property bmay or may not hold for non-functional
Σ-Models.
We can factor functional extensionality (property f) into two independent prop-
erties, property çand property î. A model satisfies property çif it respects ç-
conversion. A model satisfies property îif we can conclude the values of ëX Mand
ëX Nare identical whenever the values of Mand Nare identical for any assignment
of the variable X. We will show that a model satisfies property fiff it satisfies both
property çand property î(cf. Lemma 3.24).
2.3.4. Andrews’ models and õ-complexes [Mâ,Mâç ].Peter Andrews has pio-
neered the construction of non-functional models with his õ-complexes in [1] based
on Kurt Sch¨
utte’s semi-valuation method [50]. These constructions, where both
functional and Boolean extensionality fail, are Σ-models as defined in Defini-
tion 3.41. (Typically they will not even satisfy the property that Leibniz equality
corresponds to identity in the model, but they will have a quotient by Theorem 3.62
which does satisfy this property.)
2.4. Characterizing the deductive power of calculi. These model classes discussed
in the previous section characterize the deductive power of many higher-order
4Just as in the linguistic application,the word “intensional” is used as a synonym for“non-extensional”
even though totally different properties are intended.
1034 CHRISTOPH BENZM ¨
ULLER, CHAD E. BROWN, AND MICHAEL KOHLHASE
theorem provers on a semantic level. For example, Tps [8] can be used in modes
in which the deductive power is characterized by Mâç (or even Mâif ç-conversion
is disallowed). Note that in particular Tps is not complete with respect to Henkin
models. It is not even complete for Mâçb, although it can be used in modes with
some ‘extensionality treatment’ built into the proof procedure.
The incompleteness of Tps for Henkin models5can be seen from the fact that
it fails to refute formulae such as cAo∧ ¬c(¬¬A), where cis a constant of type
o→o, or to prove formulae like p(ëXαBX∧AX)⇒p(ëXαAX∧BX), where
pis a constant of type (α→o)→o. The problem in the former example is that
the higher-order unification algorithm employed by Tps cannot determine that A
and ¬¬Adenote identical semantic objects (by Boolean extensionality as already
mentioned before), and thus returns failure instead of success. In the second
example both functional and Boolean extensionality are needed in order to prove
the theorem.
[21] discusses a presentation of higher-order logic in a first-order logic based on
an approach called theorem proving modulo. It is easy to check that this approach
is also incomplete for model classes with property b. For instance the approach
cannot prove the formula
∀Po→oXoYo(PX ∧PY )⇒P(X∧Y)
which is valid in Henkin models and which requires b. As a result, the theorem
proving modulo approach of representing higher-order logic in a first-order logic [21]
can only be used for logics without Boolean extensionality in its current form.
2.4.1. Model existence theorems. For all the notions of model classes (except,
of course, for standard models, where such a theorem cannot hold for recursively
axiomatizable logical systems) we present model existence theorems tying the differ-
entiating conditions of the models to suitable conditions in the abstract consistency
classes (cf. Section 6.3).
A model existence theorem for a logical system S(i.e., a logical language LS
together with a consequence relation |=S⊆LS×LS) is a theorem of the form:
If a set of sentences Φof Sis a member of an abstract consistency class
Γ, then there exists a S-model for Φ.
For the proof we can use the classical construction in all cases: abstract consistent
sets are extended to Hintikka sets (cf. Section 6.2), which induce a valuation on
a term structure (cf Definition 3.35). We then take a quotient by the congruence
induced by Leibniz equality in the term model.
2.4.2. Completeness of calculi. Given a model existence theorem as described
above we can show the completeness of a particular calculus C(i.e., the derivability
relation `S⊆LS×LS) by proving that the class Γ of sets of sentences Φ that are
C-consistent (i.e., cannot be refuted in C) is an abstract consistency class. Then the
model existence theorem tells us that C-consistent sets of sentences are satisfiable
in S. Now we assume that a sentence Ais valid in S, so ¬Adoes not have a
S-model and is therefore C-inconsistent. Hence, ¬Ais refutable in C. This shows
5In case the extensionality axioms are not available in the search space. Note that one can add
extensionality axioms to the calculus in order to achieve—at least in theory—Henkin completeness. But
this increases the search space drastically and is not feasible in practice.
HIGHER-ORDER SEMANTICS AND EXTENSIONALITY 1035
refutation completeness of C. For many calculi C, this also shows Ais provable,
thus establishing completeness of C.
Note that with this argumentation the completeness proof for Ccondenses to
verifying that Γ is an abstract consistency class, a task that does not refer to S-
models. Thus the usefulness of model existence theorems derives from the fact that
it replaces the model-theoretic analysis in completeness proofs with the verification
of some proof-theoretic conditions. In this respect a model existence theorem is
similar to a Herbrand Theorem, but it is easier to generalize to other logic systems
like higher-order logic. The technique was developed for first-order logic by Jaakko
Hintikka and Raymond Smullyan [29, 52, 53].
§3. Semantics for higher-order logic. In this section we will introduce the seman-
tical constructions and discuss their relationships. We will start out by defining
applicative structures and Σ-evaluations to give an algebraic semantics for the sim-
ply typed ë-calculus. To obtain a model for higher-order logic, we use a Σ-valuation
to determine whether propositions are true or false.
3.1. Applicative structures.
Definition 3.1 ((Typed) Applicative structure).A collection D:= DT: =
{Dα|α∈T}of non-empty sets Dα, indexed by the set Tof types, is called
atyped collection (of sets). Let DTand ETbe typed collections, then a col-
lection f:= {fα:Dα−→ Eα|α∈T}of functions is called a typed function
f:DT−→ ET. We will write F(A;B) for the set of functions from Ato Band
FT(DT;ET) for the set of typed functions. In the following we will also use the
notion of a typed function extended to the n-ary case in the obvious way.
We call the pair (D,@) a (typed) applicative structure if D≡DTis a typed
collection of sets and
@ : = {@αâ :Dα→â×Dα−→ Dâ|α, â ∈T}.
Each (non-empty) set Dαis called the domain of type αand the family of functions
@ is called the application operator. We write simply f@afor f@αâawhen f∈Dα→â
and a∈Dαare clear in context.
Remark 3.2.Often an applicative structure is defined to also include an inter-
pretation of the constants in a given signature (for example, in [44]). We prefer this
signature-independent definition (as in [30]) for our purposes.
Remark 3.3 (Currying).The application operator @ in an applicative structure
is an abstract version of function application. It is no restriction to exclusively use
a binary application operator, which corresponds to unary function application,
since we can define higher-arity application operators from the binary one by setting
f@(a1,...,an) : = (...(f@a1)...@an) (“Currying”).
Definition 3.4 (Frame).An applicative structure (D,@) is called a frame, if
Dα→â⊆F(Dα;Dâ) and @αâ is application for functions for all types αand â.
Definition 3.5 (Functional/full/standard applicative structures).Let A:=
(D,@) be an applicative structure. We say that Ais functional if for all types
αand âand objects f,g∈Dα→â, we have f≡gwhenever f@a≡g@afor every
1036 CHRISTOPH BENZM ¨
ULLER, CHAD E. BROWN, AND MICHAEL KOHLHASE
a∈Dα.6We say Ais full if for all types αand âand every function f:Dα−→ Dâ
there is an object f∈Dα→âsuch that f@a≡f(a) for every a∈Dα. Finally, we say
Ais standard if it is a frame and Dα→â≡F(Dα;Dâ) for all types αand â. Note
that these definitions impose restrictions on the domains for function types only.
Remark 3.6.It is easy to show that every frame is functional. Furthermore, an
applicative structure is standard iff it is a full frame.
Example 3.7 (Applicative singleton structure).We choose a single element aand
define Dα:= {a}for all types α. The pair (DT,@a), where a@aa=ais a (trivial)
example of a functional applicative structure. It is called the singleton applicative
structure.
Example 3.8 (Applicative term structures).If we define A@B: = (AB) for A∈
wffα→â(Σ) and B∈wffα(Σ), then @ : wffα→â(Σ) ×wffα(Σ) −→ wffâ(Σ) is a
total function. Thus (wff (Σ),@) is an applicative structure. The intuition behind
this example is that we can think of the formula A∈wff α→â(Σ) as a function
A: wffα(Σ) −→ wffâ(Σ) that maps Bto (AB).
Analogously, we can define the applicative structure (cwff(Σ),@) of closed for-
mulae (when we ensure Σ contains enough constants so that cwff α(Σ) is non-empty
for all types α).
Definition 3.9 (Homomorphism).Let A1:= (D1,@1) and A2: = (D2,@2)
be applicative structures. A homomorphism from A1to A2is a typed function
κ:D1−→ D2such that for all types α, â ∈T, all f∈D1
α→â, and a∈D1
αwe have
κ(f)@2κ(a)≡κ(f@1a). We write κ:A1−→ A2. The two applicative structures
A1and A2are called isomorphic if there are homomorphisms i:A1−→ A2and
j:A2−→ A1which are mutually inverse at each type.
The most important method for constructing structures (and models) with given
properties in this article is well-known for algebraic structures and consists of
building a suitable congruence and passing to the quotient structure. We will now
develop the formal basis for it.
Definition 3.10 (Applicative structure congruences).LetA: = (D,@) be an ap-
plicative structure. A typed equivalence relation ∼is called a congruence on Aiff
for all f,f0∈Dα→âand a,a0∈Dα(for any types αand â), f∼f0and a∼a0imply
f@a∼f0@a0.
The equivalence class [[a]]∼of a∈Dαmodulo ∼is the set of all a0∈Dα, such that
a∼a0. A congruence ∼is called functional iff for all types αand âand f,g∈Dα→â,
we have f∼gwhenever f@a∼g@afor every a∈Dα.
Lemma 3.11. The â-equality and âç-equality relations ≡âand ≡âç are congruences
on the applicative structures wff (Σ) and cwff .
Proof. The congruence properties are a direct consequence of the fact that âç-
reduction rules are defined to act on subterm positions. a
6This is called “extensional” in [44]. We use the term “functional” to distinguish it from other forms
of extensionality.
HIGHER-ORDER SEMANTICS AND EXTENSIONALITY 1037
Definition 3.12 (Quotient applicative structure).Let A:= (D,@) be an ap-
plicative structure, ∼a congruence on A, and D∼
α:= {[[a]]∼|a∈Dα}. Further-
more, let @∼be defined by [[f]]∼@∼[[a]]∼:= [[f@a]]∼. (To see that this definition
only depends on equivalence classes of ∼, consider f0∈[[f]]∼and a0∈[[a]]∼. Then
f∼f0and a∼a0imply f@a∼f0@a0. Thus, [[f@a]]∼≡[[f0@a0]]∼. So, @∼is
well-defined.) A/
∼:= (D∼,@∼) is also an applicative structure. We call A/
∼the
quotient structure of Afor the relation ∼and the typed function ð∼:A−→ A/
∼
that maps ato [[a]]∼its canonical projection.
Theorem 3.13. Let Abe an applicative structure and let ∼be a congruence on A,
then the canonical projection ð∼is a surjective homomorphism. Furthermore, A/
∼is
functional iff ∼is functional.
Proof. Let A:= (D,@) be an applicative structure. To convince ourselves
that ð∼is indeed a surjective homomorphism, we note that ð∼is surjective by the
definition of D∼. To see that ð∼is a homomorphism let f∈Dα→â, and a∈Dâ,
then ð∼(f)@∼ð∼(a)≡[[f]]∼@∼[[a]]∼≡[[f@a]]∼≡ð∼(f@a).
The quotient construction collapses ∼to identity, so functionality of ∼is equiv-
alent to functionality of A/
∼. Formally, suppose [[f]]∼and [[g]]∼are elements of
D∼
α→âsuch that [[f]]∼@∼[[a]]∼≡[[g]]∼@∼[[a]]∼for every [[a]]∼in D∼
α. This is equiv-
alent to [[f@a]]∼≡[[g@a]]∼for every a∈Dαand hence f@a∼g@afor all a∈Dα.
By functionality of ∼, we have f∼g. That is, [[f]]∼≡[[g]]∼.a
Lemma 3.14. ≡âç is a functional congruence on wff (Σ). If Σαis infinite for all
types α∈T, then ≡âç is also functional on cwff .
Proof. By Lemma 3.11, ≡âç is a congruence relation. To show functionality let
A,B∈wffã→α(Σ) such that AC≡âç BC for all C∈wffã(Σ) be given. In particular,
for any variable X∈Vãthat is not free in Aor B, we have AX≡âç BXand
ëX AX≡âçëX BX. By definition we have A≡çëXãAX≡âçëXãBX≡çB.
To show functionality of âç-equality on closed formulae, suppose Aand Bare
closed. With the same variable Xas above, let Mand Nbe the âç-normal forms of
AXand BX, respectively. We cannot conclude that M≡Nsince Xis not a closed
term. Instead, choose a constant cã∈Σãthat does not occur in Aor B. (Such a
constant must exist, since we have assumed that Σãis infinite.) An easy induction
on the length of the âç-reduction sequence from AXto Mshows that cdoes not
occur in Mand Ac≡[c/X ](AX)âç-reduces to [c/X ]M. Similarly, cdoes not
occur in Nand Bc âç-reduces to [c/X ]N. Since cis a constant, substituting cfor
Xcannot introduce new redexes. So, simple inductions on the sizes of Mand N
show [c/X ]Mand [c/X ]Nare âç-normal. By assumption, we know Ac≡âçBc.
Since normal forms are unique, we must have [c/X ]M≡[c/X ]N. Using the fact
that cdoes not occur in either Mor N, an induction on the size of Mreadily shows
M≡N. So, we have A≡çëXãAX≡âçëXãM≡ëXãN≡âçëXãBX≡çBa
Remark 3.15.Suppose we have a signature Σ with a single constant cé. In this
case, cis the only closed âç-normal form of type é. Since ëX X 6≡âç ëX c even
though (ëX X )c≡âçc≡âç (ëX c)cwe have a counterexample to functionality of ≡âç
on cwff . The problem here is that we do not have another constant déto distinguish
the two functions. In wff (Σ) we could always use a variable.
1038 CHRISTOPH BENZM ¨
ULLER, CHAD E. BROWN, AND MICHAEL KOHLHASE
Remark 3.16 (Assumptions on Σ).From now on, we assume Σαto be infinite for
each type α. Furthermore, we assume there is a particular cardinal ℵssuch that Σα
has cardinality ℵsfor every type α. Since Vis countable, this implies wffα(Σ) and
cwffαhave cardinality ℵsfor each type α. Also, whether or not primitive equality
is included in the signature, there can only be finitely many logical constants in Σα
for each particular type α. Thus, the cardinality of the set of parameters in Σαis
also ℵs. In the countable case, ℵsis ℵ0.
3.2. Σ-evaluations. Σ-evaluations are applicative structures with a notion of eval-
uation for well-formed formulae in wff (Σ).
Definition 3.17 (Variable assignment).Let A:= (D,@) be an applicative
structure. A typed function ϕ:V−→ Dis called a variable assignment into A.
Given a variable assignment ϕ, variable Xα, and value a∈Dα, we use ϕ, [a/X ] to
denote the variable assignment with (ϕ, [a/X ])(X)≡aand (ϕ, [a/X ])(Y)≡ϕ(Y)
for variables Yother than X.
Definition 3.18 (Σ-evaluation).Let E:FT(V;D)−→ FT(wff (Σ),D) be a
total function, where FT(V;D) is the set of variable assignments and FT(wff (Σ),
D) is the set of typed functions mapping terms into objects in D. We will write the
argument of Eas a subscript. So, for each assignment ϕ, we have a typed function
Eϕ: wff(Σ) −→ D.Eis called an evaluation function for Aif for any assignments
ϕand øinto A, we have
(1) Eϕ
V≡ϕ.
(2) Eϕ(FA)≡Eϕ(F)@Eϕ(A) for any F∈wffα→â(Σ) and A∈wffα(Σ) and types
αand â.
(3) Eϕ(A)≡Eø(A) for any type αand A∈wffα(Σ), whenever ϕand øcoincide
on free(A).
(4) Eϕ(A)