A MODULAR CONSTRUCTION OF TYPE THEORIES

. The λ Π-calculus modulo theory is a logical framework in which many type systems can be expressed as theories. We present such a theory, the theory U , where proofs of several logical systems can be expressed. Moreover, we identify a sub-theory of U corresponding to each of these systems, and prove that, when a proof in U uses only symbols of a sub-theory, then it is a proof in that sub-theory.


Introduction
The λΠ-calculus modulo theory (λΠ/≡) [CD07], that is the basis of the language Dedukti [ABC + 16, HB20], is a logical framework, that is, a framework to define theories.It generalizes some previously proposed frameworks: Predicate logic [HA28], λ-Prolog [NM88], Isabelle [Pau93], the Edinburgh logical framework [HHP93], also called the λΠ-calculus, Deduction modulo theory [DHK03,DW03], Pure type systems [Ber88,Ter89], and Ecumenical logic [Pra15,Dow15,PR17,Gri19].It is thus an extension of Predicate logic that provides the possibility for all symbols to bind variables, a syntax for proof-terms, a notion of computation, a notion of proof reduction for axiomatic theories, and the possibility to express both constructive and classical proofs.
λΠ/≡ enables to express all theories that can be expressed in Predicate logic, such as geometry, arithmetic, and set theory, but also Simple type theory [Chu40] and the Calculus of constructions [CH88], that are less easy to define in Predicate logic.
We present a theory in λΠ/≡, the theory U, where all proofs of Minimal, Constructive, and Ecumenical predicate logic; Minimal, Constructive, and Ecumenical simple type theory; Simple type theory with predicate subtyping, prenex predicative polymorphism, or both; the Calculus of constructions, and the Calculus of constructions with prenex predicative polymorphism can be expressed.This theory is therefore a candidate for a universal theory, where proofs developed in implementations of Classical predicate logic (such as automated theorem proving systems, SMT solvers, etc.), Classical simple type theory (such as HOL 4, Isabelle/HOL, HOL Light, etc.), the Calculus of constructions (such as Coq, Matita, Lean, Σ,R Γ well-formed Γ Σ,R TYPE : KIND (sort) Γ Σ,R t : Πx : Figure 1: Typing rules of λΠ/≡ with signature Σ and rewriting rules R x 1 : B 1 , . . ., x m : B m is in Λ(Σ) if B 1 , . . ., B m are.It is often convenient to group constant declarations and rules into small clusters, called "axioms".
A relation → preserves typing in (Σ, R) if, for all contexts Γ and terms t, u and A of Λ(Σ), if Γ Σ,R t : A and t → u, then Γ Σ,R u : A. The relation → β preserves typing as soon as → βR is confluent (see for instance [Bla01]) for, in this case, the product is injective modulo ≡ βR : Πx : A, B ≡ βR Πx : A , B if and only if A ≡ βR A and B ≡ βR B .The relation → R preserves typing if every rewriting rule → r preserves typing, that is: for all contexts Γ, substitutions θ and terms A of Λ(Σ), if Γ Σ,R θl : A then Γ Σ,R θr : A.
Although typing is defined with arbitrary signatures Σ and sets of rewriting rules R, we are only interested in sets R verifying some confluence and type-preservation properties.
Definition 2.1 (System, theory).A system is a pair (Σ, R) such that each rule of R is in Λ(Σ).It is a theory if → βR is confluent on Λ(Σ), and every rule of R preserves typing in (Σ, R).
Therefore, in a theory, → βR preserves typing since → β preserves typing (for → βR is confluent) and → R preserves typing (for every rule preserves typing).We recall two other basic properties of λΠ/≡ we will use in Theorem 4.5: Lemma 2.2.If Γ Σ,R t : A, then either A = KIND or Γ Σ,R A : s for some sort s.

The theory U
Let us now present the system U which is formed with axioms expressed in λΠ/≡.We will prove in Theorem 4.7 that this system is indeed a theory.
3.1.Object-terms.The notions of term, proposition, and proof are not primitive in λΠ/≡.The first axioms of the theory U introduce these notions.We first define a notion analogous to the Predicate logic notion of term, to express the objects the theory speaks about, such as the natural numbers.As all expressions in λΠ/≡ are called "terms", we shall call these expressions "object-terms", to distinguish them from the other terms.
To build the notion of object-term in λΠ/≡ we declare a constant I of type TYPE and constants of type I → ... → I → I for the function symbols, for instance a constant 0 of type I and a constant succ of type I → I.The object-terms, for instance (succ (succ 0)) and (succ x), are then just λΠ/≡ terms of type I and, in an object-term, the variables are λΠ/≡ variables of type I.If we wanted to have object-terms of several sorts, like in Many-sorted predicate logic, we could just declare several constants I 1 , I 2 , ..., I n of type TYPE.
3.2.Propositions.Just like λΠ/≡ does not contain a primitive notion of object-term, it does not contain a primitive notion of proposition, but tools to define this notion.To do so, in the theory U, we declare a constant Prop of type TYPE Prop : TYPE (Prop-decl) and predicate symbols, that is constants of type I → ... → I → Prop, for instance a constant positive of type I → Prop.Propositions are then λΠ/≡ terms, such as (positive (succ (succ 0))), of type Prop.
3.4.Proofs.Predicate logic defines a language for terms and propositions, but proofs have to be defined in a second step, for instance as derivations in natural deduction, sequent calculus, etc.These derivations, like object-terms and propositions, are trees.Therefore, they can be represented as λΠ/≡ terms.
Using the Brouwer-Heyting-Kolmogorov interpretation, a proof of the proposition A ⇒ B should be a λΠ/≡ term expressing a function mapping proofs of A to proofs of B. Then, using the Curry-de Bruijn-Howard correspondence, the type of this term should be the proposition A ⇒ B itself.But, this is not possible in the theory U yet, as the proposition A ⇒ B has the type Prop, and not the type TYPE.
A strict view on the Curry-de Bruijn-Howard correspondence leads to identify Prop and TYPE, yielding the conclusion that all types, including I, and Prop itself, are propositions.A more moderate view leads to the introduction of an embedding Prf of propositions into types, mapping each proposition A to the type Prf A of its proofs.This view is moderate in two respects.First, the propositions themselves are not the types of their proofs: if t is a proof of A, then it does not have the type A, but the type Prf A. Second, this embedding is not surjective.So not all types are types of proofs, in particular I and Prop are not.
So, in the theory U, we declare a constant Prf Prf : Prop → TYPE (Prf-decl) When assigning the type Prop → TYPE to the constant Prf, we use the fact that λΠ/≡ supports dependent types, that is the possibility to build a family of types Prf x parameterized with a variable x of type Prop, where Prop is itself of type TYPE.
According to the Brouwer-Heyting-Kolmogorov interpretation, a proof of A ⇒ A is a λΠ/ ≡ term expressing a function mapping proofs of A to proofs of A, so that it can be both built and used as a function.In particular, the identity function λx : Prf A, x mapping each proof of A to itself is a proof of A ⇒ A. According to the Curry-de Bruijn-Howard correspondence, this term should have the type Prf (A⇒A), but it has the type Prf A → Prf A. So, the types Prf (A ⇒ A) and Prf A → Prf A must be identified.To do so, we use the fact that λΠ/≡ allows the declaration of rewriting rules, so that Prf (A ⇒ A) rewrites to Prf A → Prf A.
This rule expresses the meaning of the constant ⇒.It is, in λΠ/≡, the expression of the Brouwer-Heyting-Kolmogorov interpretation of proofs for implication: a proof of x ⇒ y is a function mapping proofs of x to proofs of y.So, in the theory U, the Brouwer-Heyting-Kolmogorov interpretation of proofs for implication is made explicit: it is the rule (⇒-red).
3.5.Universal quantification.Unlike implication, the universal quantifier binds a variable.Thus, we express the proposition ∀z A as the proposition ∀ (λz : I, A) [Chu40, NM88, Pau93, HHP93], yielding the type I → Prop for the argument of ∀, hence the type (I → Prop) → Prop for the constant ∀ itself.
But, in the theory U, we allow quantification, not only over the variables of type I, but over variables of any type of object-terms.We could introduce a different quantifier for each type of object-terms, for instance two quantifiers of type (I 1 → Prop) → Prop and (I 2 → Prop) → Prop if we had two types I 1 and I 2 of object-terms.But, as in some cases, we will have an infinite number of types of object-terms, this would require the introduction of an infinite number of constants.
Thus, we rather want to have a single generic quantifier.But we cannot give the type ΠX : TYPE, (X → Prop) → Prop to this quantifier, first because in λΠ/≡ there is no way to quantifiy over a variable of type TYPE, but also because this would introduce the possibility to quantify over Prop and all the types of the form Prf A, while we do not always want to consider these types as types of object-terms.
Therefore, in the theory U, we declare a constant Set of type TYPE for the types of object-terms and a rule that reduces the term El ι to I The types of object-terms then have the form El A and are distinguished among the other terms of type TYPE.
We can now give the type Πx : Set, (El x → Prop) → Prop to the generic universal quantifier and write ∀ ι (λz : I, A) for the proposition ∀z A.
Just like for the implication, we declare a rewriting rule expressing that the type of the proofs of the proposition ∀ x p is the type of functions mapping each z of type El x to a proof of p z Again, the Brouwer-Heyting-Kolmogorov interpretation of proofs for the universal quantifier is made explicit: it is this rule (∀-red).
3.6.Other constructive connectives and quantifiers.The other connectives and quantifiers are defined à la Russell.For the conjunction, for example, Prf (x ∧ y) is defined as Πz : Prop, (Prf x → Prf y → Prf z) → Prf z.This definition does not use the quantifier ∀ of the theory U (so far, in the theory U, we can quantify over the type I, but not over the type Prop), but the quantifier Π of the logical framework λΠ/≡ itself.
Remark that, per se, the quantification on the variable z of type Prop is predicative, as the term Πz : Prop, (Prf x → Prf y → Prf z) → Prf z has type TYPE and not Prop.But, the rule rewriting Prf (x ∧ y) to Πz : Prop, (Prf x → Prf y → Prf z) → Prf z introduces some impredicativity, as the term x ∧ y of type Prop is "defined" as the inverse image, for the embedding Prf, of the type Πz : Prop, (Prf x → Prf y → Prf z) → Prf z, that contains a quantification on a variable of type Prop (∃-red) 12:7 3.7.Infinity.Now that we have the symbols and ⊥, we can express that the type I is infinite, that is, that there exists a non-surjective injection from this type to itself.We call this non-surjective injection succ.To express its injectivity, we introduce its left inverse pred.
To express its non-surjectivity, we introduce an element 0, that is not in its image positive [DW05].This choice of notation enables the definition of natural numbers as some elements of type I 3.8.Classical connectives and quantifiers.The disjunction in constructive logic and in classical logic are governed by different deduction rules.As the deduction rules express the meaning of the connectives and quantifiers, we can conclude that the disjunction in constructive logic and in classical logic have different meanings.If these disjunctions have different meanings, they should be expressed with different symbols, for instance ∨ for the constructive disjunction and ∨ c for the classical one, just like, in classical logic, we use two different symbols for the inclusive disjunction and the exclusive one.
The constructive and the classical disjunction need not belong to different languages, but they can coexist in the same.Ecumenical logics [Pra15, Dow15, PR17, Gri19] are logics where the constructive and classical connectives and quantifiers coexist.A proposition whose connectors and quantifiers are all constructive, is said to be "purely constructive", and one whose connectors and quantifiers are all classical, is said to be "purely classical".The others are said to be "mixed propositions".Any deductive system, where a purely constructive proposition is provable if and only if it is provable in Constructive predicate logic, and where a purely classical proposition is provable if and only if it is provable in Classical predicate logic, is Ecumenical.Ecumenical logics may of course differ on mixed propositions.
Many Ecumenical logics consider the constructive connectives and quantifiers as primitive and attempt to define the classical ones from them, using the negative translation as a definition.There are several options: the classical disjunction, for instance, can be defined in any of the following ways: (1) and similarly for the other connectives and quantifiers.
Using these definitions, the proposition (P ∧ c Q) ⇒ c P is then: (1) ¬¬((¬¬(P ∧ Q)) ⇒ P ) (2) (¬¬((¬¬P ) ∧ (¬¬Q))) ⇒ (¬¬P ) (3) ¬¬((¬¬¬¬((¬¬P ) ∧ (¬¬Q))) ⇒ (¬¬P )) None of them is exactly the negative translation of (P ∧ Q) ⇒ P that is With Definition (1), the double negations on atomic propositions are missing.This can be repaired in two ways.Predicate symbols of the language can be duplicated [Pra15] into a constructive and a classical counterpart, the latter being the the double negation of the former.Or the syntax of predicate logic can be modified [Gil18].First, terms are defined.Then, atoms are defined as terms of the form P (t 1 , . . ., t n ) where P is a predicate symbol and t 1 , . . ., t n are terms.Finally, propositions are defined as either explicitly embedded atoms, conjunctions of two propositions, etc. Atoms can be constructively embedded into propositions with the symbol £ or classically with a double-negation version of £.This way, the proposition above is now written With Definition (2) [AH14], the double negation at the root of the proposition is missing.This again can be repaired [Gri19] by modifying the syntax of Predicate logic, defining first terms, then pre-propositions, that are defined like the propositions in Predicate logic and then propositions, a proposition being obtained by applying a symbol • c to a preproposition.Again, this symbol has also a classical version defined as the double negation of the constructive one.This way, the proposition above is written • c ((P ∧ c Q) ⇒ c P ) and this proposition is, by definition, equal to ¬¬((¬¬((¬¬P ) ∧ (¬¬Q))) ⇒ (¬¬P )).
Definition (3) [Dow15] is closer to the negative translation except that, in some places, the two negations are replaced with four.But, as ¬¬¬A is equivalent to ¬A, these extra negations can be removed.Yet, a classical atomic proposition P is the same as its constructive version, while its negative translation is ¬¬P , and in (1) P c or £ c P is equal to ¬¬P , as well as • c P in (2).As atomic propositions are not provable anyway, this does not affect provability.But it affects hypothetical provability, leading to duplicate the notion of entailment.
In the theory U, we use Definition (2).Indeed, as we already have a distinction between the proposition A and the type Prf A of its proofs, we can just include the symbol We can then define the classical connectives and quantifiers as follows Note that c and ⊥ c are and ⊥, by definition.Note also that ¬¬¬A is equivalent to ¬A, so we do not need to duplicate negation either.12:9 3.9.Propositions as objects.So far, we have mainly reconstructed the Predicate logic notions of object-term, proposition, and proof.We can now turn to two notions coming from Simple type theory: propositions as objects and functionality.
Simple type theory is often presented as an independent system, but it can be expressed in several logical frameworks, such as Predicate logic, Isabelle, Deduction modulo theory, Pure type systems, and also λΠ/≡.Yet, the relation between Predicate logic and Simple type theory is complex because • Simple type theory can be expressed in Predicate logic • and Predicate logic is a restriction of Simple type theory, allowing quantification on variables of type ι only.
So, in Predicate logic, we can express Simple type theory, that contains, as a restriction, Predicate logic, in which we can express Simple type theory, that contains, as a restriction, Predicate logic, in which we can express Simple type theory, that contains, etc. Stacking encodings in this way leads to nonsensical expressions of Simple type theory.But this remark shows that, after having reconstructed Predicate logic in λΠ/≡, we have a choice: we can either express Simple type theory in Predicate logic, that is itself expressed in λΠ/≡, or express Simple type theory directly in λΠ/≡, letting Predicate logic be, a posteriori, a restriction of it, that is, build Simple type theory, not in Predicate logic, but as an extension of Predicate logic.
In the theory U, we choose the second option that leads to a simpler expression of Simple type theory, avoiding the stacking of two encodings.Simple type theory is thus expressed by adding two axioms on top of Predicate logic: one for propositions as objects and one for functionality.
Let us start with propositions as objects.So far, the term ι is the only closed term of type Set.So, we can only quantify over the variables of type El ι, that is I.In particular, we cannot quantify over propositions.To do so, we just need to declare a constant o of type Set Note that just like there are no terms of type ι, but terms, such as 0, which have type El ι, that is I, there are no terms of type o, but terms, such as , which have type El o, that is Prop.
Applying the constant ∀ to the constant o, we obtain a term of type (El o → Prop) → Prop, that is (Prop → Prop) → Prop, and we can express the proposition ∀p (p ⇒ p) as ∀ o (λp : Prop, p ⇒ p).The type Prf (∀ o (λp : Prop, p ⇒ p)) of the proofs of this proposition rewrites to Πp : Prop, Prf p → Prf p. So, the term λp : Prop, λx : Prf p, x is a proof of this proposition.
3.10.Functionality.Besides ι and o, we introduce more types in the theory, for functions and sets.To do so, we declare a constant and a rewriting rule For instance, these rules enable the construction of the λΠ/≡ term ι Y ι of type Set that expresses the simple type ι → ι.The λΠ/≡ term El (ι Y ι) of type TYPE rewrites to I → I.The simply typed term λx : ι, x of type ι → ι is then expressed as the term λx : I, x of type I → I that is, El (ι Y ι).

Dependent arrow.
The axiom (Y) enables us to give simple types to the objectterms expressing functions.We can also give them dependent types, with the dependent versions of this axiom Note that, if we apply the constant Y d to a term t and a term λz : El t, u, where the variable z does not occur in u, then El (t Y d λz : El t, u) rewrites to El t → El u, just like El (t Y u).Thus, the constant Y d is useful only if we can build a term λz : El t, u where the variable z occurs in u.With the symbols we have introduced so far, this is not possible.The only constants that can be used to build a term of type Set are ι, o, Y, and Y d , and the variable z cannot occur free in a term built from these four constants and a variable z of type El t.
Just like we have a constant ι of type Set, we could add a constant array of type I → Set such that array n is the type of arrays of length n.We could then construct the term (ι Y d λn : I, array n) of type Set.Then, the type El (ι Y d λn : I, array n) that rewrites to Πn : I, El (array n), would be the type of functions mapping a natural number n to an array of length n.
So, this symbol Y d becomes useful, only if we add such a constant array, object-level dependent types, or the symbols π or psub below.
3.12.Dependent implication.In the same way, we can add a dependent implication, where, in the proposition A ⇒ B, the proof of A may occur in B 3.13.Proofs in object-terms.To construct an object-term, we sometimes want to apply a function symbol to other object-terms and also to proofs.For instance, we may want to apply the Euclidean division div to two numbers t and u and to a proof that u is positive.We would like the type of div to be something like But the term (positive y Yι) is not well typed, as the constant Y expects, as a first argument, a term of type Set and not of type Prop, that is, a type of object-terms and not of proofs.Thus, we must declare another constant π : Prop → Set → Set and a rewriting rule El (π x y) → (Prf x) → (El y) 12:11 Just like for the constant Y and ⇒, we can also have a dependent version of this constant.In fact, in the theory U, we only have this dependent version This way, we can give, to the constant div , the type that is In the same way, if we add a symbol = of type Πx : Set, El x → El x → Prop, we can express the proposition positive y ⇒ d λp : Prf (positive y), (= ι (div x y p) (div x y p)) enlightening the meaning of the proposition usually written The proposition x/y = x/y is well-formed, but it contains, besides x and y, an implicit free variable p, for a proof of y > 0. This variable is bound by the implication, that needs therefore to be a dependent implication.Hence, the only free variables in y > 0 ⇒ x/y = x/y are x and y.
3.14.Proof irrelevance.If p and q are two non convertible proofs of the proposition positive 2, the terms div 7 2 p and div 7 2 q are not convertible.As a consequence, the proposition = ι (div 7 2 p) (div 7 2 q) would not be provable.
To make these terms convertible, we embed the theory into an extended one, that contains another constant and a rule div x y p → div † x y and we define convertibility in this extended theory.This way, the terms div 7 2 p and div 7 2 q are convertible, as they both reduce to div † 7 2.
Note that, in the extended theory, the constant div † enables the construction of the erroneous term div † 1 0. But the extended theory is only used to define the convertibility in the restricted one and this term is not a term of the restricted theory.It is not even the reduct of a term of the form div 1 0 r [FT19, BH21].
3.15.Dependent pairs and predicate subtyping.Instead of declaring a constant div that takes three arguments: a number t, a number u, and a proof p that u is positive, we can declare a constant that takes two arguments: a number t and a pair pair ι positive u p formed with a number u and a proof p that u is positive.
The type of the pair pair ι positive u p whose first element is a number and the second a proof that this number is positive is written psub ι positive, or informally {x : ι | positive x}.It can be called "the type of positive numbers", especially if the pair is proof-irrelevant in its second argument.It is a subtype of the type of natural numbers defined with the predicate positive.Therefore, the symbol psub introduces predicate subtyping.
We thus declare a constant psub and a constant pair This way, instead of giving the type El (ι Y ι Y d λy : Prf (positive y), ι) to the constant div, we can give it the type El (ι Y psub ι positive Y ι).
To avoid introducing a new positive number pair ι positive 3 p with each proof p that 3 is positive, we make this symbol pair proof irrelevant by introducing a symbol pair † and a rewriting rule that discards the proof This declaration and this rewriting rule are not part of the theory U but of the theory U † used to define the conversion on the terms of U.
Finally, we declare the projections fst and snd together with an associated rewriting rule fst : Πt : Set, Πp : El t → Prop, El (psub t p) → El t (fst-decl) fst t p (pair † t p m) → m (fst-red) snd : Πt : Set, Πp : El t → Prop, Πm : El (psub t p), Prf (p (fst t p m)) (snd-decl) Note that the left hand side of the rule (fst-red) is not well-typed, but it can match a well-typed term fst A B (pair † A B m). Yet, we prefer this rule to the non linear one fst t p (pair † t p m) → m that would make confluence proofs more difficult.
Note that there is no rewriting rule for the second projection as the second element of pairs is discarded during rewriting.To make this type an element of the image of an embedding we can introduce dependent types at the level of objects-terms.To do so, we introduce a constant Set1 of type TYPE and a constant set of type Set1 The type I → Set, is now equivalent to Ty (ι d (λn : I, set)) and is thus in the image of the embedding Ty.One could think in simply taking set : Set, saving constants Set1, Ty and d and their rewrite rules.However, such a declaration would encode the product ( , , ) of system λU − which is inconsistent [Coq86,Hur95].
3.17.Prenex predicative type quantification in types.Using the symbols of the theory U introduced so far, the symbol for equality = has the type Πx : Set, El x → El x → Prop which is not a type of object terms.This motivates the introduction of object-level polymorphism [Gir72,Rey74].However extending Simple type theory with object-level polymorphism makes it inconsistent [Hur95,Coq86], and similarly it makes the theory U inconsistent.So, object-level polymorphism in U is restricted to prenex polymorphism.
To do so, we introduce a new constant Scheme of type TYPE Scheme : TYPE (Scheme-decl) a constant Els to embed the terms of type Scheme into terms of type TYPE Els : Scheme → TYPE (Els-decl) a constant ↑ to embed the terms of type Set into terms of type Scheme and a rule connecting these embeddings We then introduce a quantifier for the variables of type Set in the terms of type Scheme and the associated rewriting rule This way, the type of the identity function is Els ( A (λx : Set, ↑ (x Y x))).It reduces to Πx : Set, El x → El x.Therefore, it is inhabited by the term λx : Set, λy : El x, y.In a similar way, the symbol = can then be given the type Els ( A (λx : 3.18.Prenex predicative type quantification in propositions.When we express the reflexivity of the polymorphic equality, we need also to quantify over a type variable, but now in a proposition.To be able to do so, we introduce another quantifier and its associated rewriting rule This way, the reflexivity of equality can be expressed as ( A (λs : Set, ∀ s (λx : El s, = s x x))).
3.19.The theory U: putting everything together.As mentioned in Section 2, we call "axiom" a constant declaration together with its rewrite rules if any.Hence, in the following, we denote by (ι) the axiom consisting of (ι-decl) and (ι-red), and similarly for all the other axioms.
Among these axioms, 14 only have a constant declaration, 27 have a constant declaration and one rewriting rule, and 2 have a constant declaration and two rewriting rules.So Σ U contains 43 declarations and R U 31 rules.
This large number of axioms is explained by the fact that λΠ/≡ is a weaker framework than Predicate logic.The 20 first axioms are needed just to construct notions that are primitive in Predicate logic: terms, propositions, with their 13 constructive and classical connectives and quantifiers, and proofs.So the theory U is just 23 axioms on top of the definition of Predicate logic.

Sub-theories
Not all proofs require all these axioms.Many proofs can be expressed in sub-theories built by bringing together some of the axioms of U, but not all.
Given subsets Σ S of Σ U and R S of R U , we would like to be sure that a proof in U, using only constants in Σ S , is a proof in (Σ S , R S ).Such a result is trivial in Predicate logic: for instance, a proof in ZFC which does not use the axiom of choice is a proof in ZF, but it is less straightforward in λΠ/≡, because (Σ S , R S ) might not be a theory.So we should not consider any pair (Σ S , R S ).For instance, as Set occurs in the type of El, if we want El in Σ S , we must take Set as well.In the same way, as positive (succ x) rewrites to , if we want (positive) and (succ) in Σ S , we must include in Σ S and the rule rewriting positive (succ x) to in R S .This leads to a definition of a notion of sub-theory and to prove that, if (Σ 1 , R 1 ) is a sub-theory of a theory (Σ 0 , R 0 ), Γ, t and A are in Λ(Σ 1 ), and Γ Σ 0 ,R 0 t : A, then Γ Σ 1 ,R 1 t : A.
This property implies that, if π is a proof of A in U and both A and π are in Λ(Σ 1 ), then π is a proof of A in (Σ 1 , R 1 ), but it does not imply that if A is in Λ(Σ 1 ) and A has a proof in U, then it has a proof in (Σ 1 , R 1 ).

Fragments. Definition 4.1 (Fragment
A system (Σ 1 , R 1 ) is a fragment of a system (Σ 0 , R 0 ), if the following conditions are satisfied: We write i for Σ i ,R i , → i for → βR i , and and t → 0 u, then t → 1 u and u ∈ Λ(Σ 1 ).
Proof.By induction on the position where the rule is applied.We only detail the case of a top reduction, the other cases easily follow by induction hypothesis.
Lemma 4.3 (Preservation of confluence).Every fragment of a confluent system is confluent.
As we already know that R 1 is confluent, this amounts to say that each rule of R 1 preserves typing in (Σ 1 , R 1 ).

The fragment theorem.
Theorem 4.5.Let (Σ 0 , R 0 ) be a confluent system and (Σ 1 , R 1 ) be a sub-theory of (Σ 0 , R 0 ).• If the judgement Γ 0 t : D is derivable, Γ ∈ Λ(Σ 1 ) and t ∈ Λ(Σ 1 ), then there exists D ∈ Λ(Σ 1 ) such that D → * 0 D and the judgement Γ 1 t : D is derivable.• If the judgement 0 Γ well-formed is derivable and Γ ∈ Λ(Σ 1 ), then the judgement Proof.By mutual induction on the derivations, and by case analysis on the last typing rule.Before detailing each case, note that the most difficult cases are (abs), (app), and (conv), the other cases are a simple application of the induction hypothesis.
• If the last rule of the derivation is Γ 0 A : TYPE Γ, x : A 0 B : s Γ, x : as Γ, A, and t are in Λ(Σ 1 ), by induction hypothesis, there exists A in Λ(Σ 1 ) such that TYPE → * 0 A and Γ 1 A : A is derivable, and there exists B in Λ(Σ 1 ) such that B → * 0 B and Γ, x : A 1 t : B is derivable.As TYPE is a sort, A = TYPE.Therefore, Γ 1 A : TYPE is derivable.
As B is typable and every subterm of a typable term is typable, KIND does not occur in B. As B → * 0 B and no rule contains KIND, KIND does not occur in B as well.Hence, B = KIND.By Lemma 2.2, as Γ, x : A 1 t : B is derivable and B = KIND, there exists a sort s such that Γ, x : A 1 B : s is derivable.
as Γ and A are in Λ(Σ 1 ), by induction hypothesis, there exist A in Λ(Σ 1 ) such that s → * 0 A and Γ 1 A : A is derivable.As s is a sort, A = s.Therefore, Γ 1 A : s is derivable and, by the rule (decl), 1 Γ, x : A well-formed is derivable.
• If the last rule of the derivation is as Γ is in Λ(Σ 1 ), by induction hypothesis, 1 Γ well-formed is derivable.Thus, by the rule (sort), Γ 1 TYPE : KIND is derivable.So there exists D = KIND in Λ(Σ 1 ) such that KIND → * 0 D and Γ 1 TYPE : D .• If the last rule of the derivation is as Γ is in Λ(Σ 1 ), by induction hypothesis, 1 Γ well-formed is derivable.And as c is in Λ(Σ 1 ), it is in |Σ 1 |, thus c : A is in Σ 1 and, since (Σ 1 , R 1 ) is a fragment of (Σ 0 , R 0 ), A ∈ Λ(Σ 1 ).Thus, by induction hypothesis, there exists A such that 1 A : A is derivable and s → * 0 A .As s is a sort, A = s.So 1 A : s is derivable.Thus, by the rule (const), Γ 1 c : A is derivable.So, there exists D = A in Λ(Σ 1 ) such that A → * 0 D and Γ 1 c : D is derivable.
• If the last rule of the derivation is , by induction hypothesis, 1 Γ well-formed is derivable.Thus, by the rule (var), Γ 1 x : A is derivable.So there exists as Γ, A, and B are in Λ(Σ 1 ), by induction hypothesis, there exists A in Λ(Σ 1 ) such that TYPE → * 0 A and Γ 1 A : A is derivable and there exists B in Λ(Σ 1 ) such that s → * 0 B and Γ, x : A 1 B : B is derivable.As TYPE and s are sorts, A = TYPE and B = s.Therefore, Γ 1 A : TYPE and Γ, x : A 1 B : s are derivable.Thus, by the rule (prod), Γ 1 Πx : A, B : s is derivable.So there exists D = s in Λ(Σ 1 ) such that s → * 0 D and Γ 1 Πx : A, B : D is derivable.
Proof.The relation → βR U is confluent on Λ(Σ U ) since it is an orthogonal combinatory reduction system [KvOvR93].Hence, after the fragment theorem, it is sufficient to prove that every rule of R U preserves typing in any fragment (Σ 1 , R 1 ) containing the symbols of the rule.
To this end, we will use the criterion described in [Bla20, Theorem 19] which consists in computing the equations that must be satisfied for a rule left-hand side to be typable, which are system-independent, and then check that the right-hand side has the same type modulo these equations in the desired system: for all rules l → r ∈ Λ(Σ 1 ), sets of equations E and terms T , if the inferred type of l is T , the typability constraints of l are E, and r has type type T in the system Λ(Σ 1 ) whose conversion relation ≡ βRE has been enriched with E, then l → r preserves typing in Λ(Σ 1 ).
This criterion can easily be checked for all the rules but (pred-red2) and (fst-red) because, except in those two cases, the left-hand side and the right-hand side have the same type.
In (pred-red2), pred (succ x) → x, the left-hand side has type I if the equation type(x) = I is satisfied.Modulo this equation, the right-hand side has type I in any fragment containing the symbols of the rule.
In (fst-red), fst t p (pair † t p m) → m, the left-hand side has type El t if type(t) = Set, type(p) = El t → P rop, El (psub t p ) = El (psub t p), type(t ) = Set, type(p ) = El t → P rop, and type(m) = El t .But, in U, there is no rule of the form El (psub t p) → r.Hence, by confluence, the equation El (psub t p ) = El (psub t p) is equivalent to the equations t = t and p = p.Therefore, the right-hand side is of type El t in every fragment of U containing the symbols of the rule.

Examples of sub-theories of the theory U
We finally identify 15 sub-theories of the theory U, that correspond to known theories.For each of these sub-theories (Σ S , R S ), according to the Corollary 4.6, if Γ, t, and A are in Λ(Σ S ), and Γ Σ U ,R U t : A, then Γ R S ,Σ S t : A. 12:19 We could save the declaration (I-decl) and the rule (ι-red) by using El ι instead of I.
This theory can be proven equivalent to more common formulations of Minimal predicate logic.To do so, consider a language L in predicate logic.We define a corresponding λΠ/≡ context Γ L containing for each constant f of L a constant f of type I → . . .→ I → I and for each predicate symbol P of L a constant P of type I → . . .→ I → Prop.A term (resp.a proposition) of minimal predicate logic t of L translates in the natural way to a λΠ/≡ term of type I (resp.Prop) in the theory (Σ M , R M ) and in the context Γ L , ∆, where ∆ contains, for each variable x free in t, a variable x of type I.We use the same notation for the term (resp.the proposition) and its translation.
Theorem 5.1.Let L be a language and A 1 , ..., A n B be a sequent of minimal predicate logic in L. Let Γ L containing for each constant f of L a constant f of type I → . . .→ I → I and for each predicate symbol P of L a constant P of type I → . . .→ I → Prop.Let ∆ be a context containing for each variable x free in A 1 , ..., A n B, a variable x of type I. Let ∆ be a context containing, for each hypothesis A i , a variable a i of type Prf A i .
Then, the sequent A 1 , ..., A n B has a proof in minimal logic, if and only if there exists a λΠ/≡ term π such that Proof.The left-to-right implication is a trivial induction on the structure of the proof.
For the converse, it is enough to consider an irreducible term π of type Prf B since one can prove that → βR M terminates, by applying [BGH19] for instance.We then prove, by induction on π, that the sequent A 1 , ..., A n B has a proof in minimal logic.As π has the type Prf B, it is neither a sort, nor a product, thus it is either an abstraction or a term of the form z ρ 1 ... ρ p .
• If π is an abstraction then Prf B is equivalent to a product.Hence, B either has the form C ⇒ D or ∀ ι λx : I, D. In the first case π = λx : Prf C, π and π is a term of type Prf D in Γ L , ∆, ∆ , x : Prf C. By induction hypothesis, the sequent A 1 , ..., A n , C D has a proof and so does the sequent A 1 , ..., A n C ⇒ D. In the second π = λx : I, π and π is a term of type Prf D in Γ L , ∆, x : I, ∆ .By induction hypothesis, the sequent A 1 , ..., A n D has a proof and so does the sequent A 1 , ..., A n ∀ ι λx : I, D. • If π has the form z ρ 1 ... ρ p , then as it has the type Prf B, z can neither be a constant of Σ M , nor a variable of Γ L , ∆.Hence, it is a variable of ∆ .Thus, it has the type Prf A i for some i.We prove, by induction on j that the term z ρ 1 ... ρ j has the type Prf C for some proposition C, such that the sequent A 1 , ..., A n C has a proof.For j = 0, the sequent A 1 , ..., A n A i has a proof.Assume the property holds for j.Then, as the term z ρ 1 ... ρ j ρ j+1 is well typed, the type Prf C is a product type and C either has the form D ⇒ E or ∀ ι λx : I, E. In the first case ρ j+1 is a term of type Prf D, by induction hypothesis, the sequent A 1 , ..., A n D has a proof, hence the term z ρ 1 ... ρ j ρ j+1 has the type Prf E and the sequent A 1 , ..., A n E has a proof.In the second case, ρ j+1 is an irreducible term of type I, thus it is an object-term, the term z ρ 1 ... ρ j ρ j+1 has the type Prf (ρ j+1 /x)E, and the sequent A 1 , ..., A n (ρ j+1 /x)E has a proof.
Note that classical predicate logic is not a sub-theory of the theory U, because the classical connectives and quantifiers depend on the constructive ones.Yet, it is known that if 12:21 a proposition contains only classical connectives and quantifiers, it is provable in Ecumenical predicate logic if and only if it is provable in classical predicate logic.5.4.Minimal simple type theory.Adding the two axioms (o) and (Y) to Predicate logic defines Simple type theory.Indeed, Simple type theory is the theory of propositional contents and functions.A simple type T is naturally translated to λΠ/≡ as a term T of type Set, using types ι and o and the arrow construction Y.The higher order terms are shallowly translated: λ-abstractions and applications are translated using respectively λΠ/≡'s λ-abstractions and applications.
Adding to the 10 axioms of Minimal simple type theory both the 5 axioms of predicate subtyping and the 5 axioms of prenex polymorphism yields a sub-theory with 20 axioms which is a subsystem of PVS [OS97] handling both predicate subtyping and prenex polymorphism.
5.10.The Calculus of constructions.Pure type systems [Ber88,Ter89,Bar92] are a family of typed λ-calculi.An example is the λΠ-calculus, the λ-calculus with dependent types, which is at the basis of λΠ/≡ itself.As we have seen, in λΠ/≡, we have two constants, TYPE and KIND, TYPE has type KIND, and we can build a product type Πx : A, B when both A and B have type TYPE, in which case the product type Πx : A, B itself has type TYPE or when A has type TYPE and B has type KIND, in which case the result has type KIND.A Pure type system, in general, is defined with a set of symbols, such as TYPE and KIND, called "sorts", a set of axioms of the form s 1 , s 2 , expressing that the sort s 1 has type s 2 , for example TYPE, KIND , and a set of rules of the form s 1 , s 2 , s 3 , expressing that we can build the product type Πx : A, B, when A has type s 1 and B has type s 2 , and that the product type itself has type s 3 , for example TYPE, TYPE, TYPE and TYPE, KIND, KIND .When the set of axioms is functional, each sort has at most one type and when the set of rules is functional, each product type has at most one type.In this case the Pure type system is said to be "functional".
To have more compact notation, we often write * for the sort TYPE and P for the sort KIND.So the λΠ-calculus is defined with the sorts * and P, the axiom * , P , and the rules * , * , * and * , P, P .Adding the rules P, * , * and P, P, P yields the Calculus of constructions [CH88].
All functional Pure type systems can be expressed in λΠ/≡ [CD07]: for each sorts s, we introduce two constants U s of type TYPE and ε s of type U s → TYPE, for each axiom s 1 , s 2 , a constant ṡ1 of type U s 2 , and a reduction rule and for each rule s 1 , s 2 , s 3 , a constant Π s 1 ,s 2 ,s 3 of type Πx : U s 1 , (ε s 1 x → U s 2 ) → U s 3 and a reduction rule We obtain this way a correct and conservative expression of the Pure type system [CD07 So if Γ is a context and A is a term in the Calculus of constructions then A is inhabited in Γ in the Calculus of constructions if and only if the translation A of A in λΠ/≡ is inhabited in the translation Γ of Γ in λΠ/≡ [CD07, ABC + 16].So, the formulation of the Calculus of constructions in λΠ/≡ is a conservative extension of the original formulation of the Calculus of constructions.In the context Γ , variables have a λΠ/≡ type of the form Prf u or El u, and none of them can have the type Set.However, in λΠ/≡, nothing prevents from declaring a variable of type Set.Hence, in λΠ/≡, the judgement x : Set x : Set can be derived, but it is not in the image of the encoding.5.11.The Calculus of constructions with variables of type P. To allow the declaration of variables of type P in the Calculus of constructions, a possibility is to add a sort and an axiom P : [Geu95], making the sort a singleton sort that contains only one closed irreducible term: P.
Expressing this Pure type system in λΠ/≡ introduces two declarations for the sort and one declaration and one rule for the axiom P : and the variables in a context Γ now have the type Prf u, El u, or ε u.Just like U * is written Prop in U, U is written Set1, ε is written Ty, and Ṗ is written set.
But this theory can be simplified.Indeed, just like P is the only closed irreducible term of type , set is the only closed irreducible term of type Set1 and thus for any closed term t of type Set1, the term Ty t reduces to Set.So, we can replace everywhere the terms of the form Ty t with Set and drop the symbols Ty and set and the rule Ty set → Set.Then, we can drop the symbol Set1 as well.
So the only difference with the Calculus of constructions without is that translations of contexts now contain variables of type Set, that translate the variables of type P. 5.12.The Calculus of constructions with a constant ι : P. Adding the axiom (ι) to the Calculus of constructions yields a sub-theory with the 10 axioms (Set), (El), (ι), (Prop), (Prf), (⇒ d ), (∀), (o), (Y d ), and (π).It corresponds to the Calculus of constructions with an extra constant ι of type P. Adding a constant of type Set in λΠ/≡, like adding variables of type Set does not require to introduce an extra sort .Some developments in the Calculus of constructions choose to declare the types of mathematical objects such as ι, nat, etc. in * , that would correspond to ι : Prop, fully identifying types and propositions.The drawback of this choice is that it gives the type * to the type ι of the constant 0, and the type P to the type ι → * of the constant positive, while, in Simple type theory, both ι and ι → o are simple types.This is the reason why, in the theory U, we give the type Set and not the type Prop to the constant ι.So, the expression of the simple type ι → o uses the constant Y d , that is, type constructors, as both ι and o have type Set, and not the constant π, dependent types, that would be used if ι had the type Prop and o the type Set.Dependent types, the constant π, are thus marginalized to type functions mapping proofs to terms.5.13.The Minimal sub-theory.Adding the axioms (⇒) and (Y) yields a sub-theory with the 12 axioms (Set), (El), (ι), (Prop), (Prf), (⇒), (∀), (o), (Y), (Y d ), (⇒ d ), and (π) called the "Minimal sub-theory" of the theory U.It contains both the 10 axioms of the Calculus of constructions and the 9 axioms of Minimal simple type theory.It is a formulation of the Calculus of constructions where dependent and non dependent arrows are distinguished.It is not a genuine extension of the Calculus of constructions as, each time we use a non dependent constant Y or ⇒, we can use the dependent ones instead: a term of the form t Y u can always been replaced with the term t Y d λx : El t, u, where the variable x does not occur in u, and similarly for the implication.Thus, any proof expressed in the Minimal sub-theory, in particular any proof expressed in Minimal simple type theory, can always be translated to the Calculus of constructions.
Conversely, a proof expressed in the Calculus of constructions can be expressed in this theory.In a proof, every symbol Y d or ⇒ d that uses a dummy dependency can be replaced with a symbol Y or ⇒.Every proof that does not use Y d , ⇒ d and π, can be expressed in Minimal simple type theory.5.14.The Calculus of constructions with dependent types at the object level.In the Calculus of constructions with a constant ι of type P, there are no dependent types at the object level.We have types ι → ι and ι → * , thanks to the rule P, P, P , but no type ι → P. We can introduce such dependent types by adding an extra sort , together with an axiom P : and a rule P, , .We obtain this way a Pure type system whose expression in λΠ/≡ [CD07] contains 13 declarations and 7 rules.
Using the same notations as above, Prop for U * , Set for U 2 , Set1 for U , etc., we get exactly the 13 axioms (Prop), (Prf), (Set), (El), (Set1), (Ty), (o), (set), (⇒ d ), (π), (∀), (Y d ), and ( d ).The theory formed with these 13 axioms is thus equivalent to more common formulations of the Calculus of constructions with dependent types at that object level.5.15.The Calculus of constructions with prenex predicative polymorphism.In the Calculus of constructions with an extra sort , polymorphism at the object level can be added with the rule , P, P that allows to build terms of the form Πx : P, x → x : P at the expense of making the system inconsistent [Hur95,Coq86].Thus, just like in Simple type theory, we restrict to prenex predicative polymorphism: so, besides the sort , whose only closed irreducible element is P, we introduce a sort for schemes and two rules , P, to build schemes by quantifying over an element of , that is, over P, in a type and , , to build schemes by quantifying over P in another scheme.We also add a rule , * , * to quantify over P in a proposition.
Alternatively, the Calculus of constructions with prenex predicative polymorphism can be defined as a cumulative type system [Bar99], making P a subsort of and having just one rule , , to quantify over a variable of type P in a scheme and a rule , * , * to quantify over P in a proposition.As there is no function whose co-domain is P, this subtyping does not need to propagate to product types.
Expressing this Cumulative type system in λΠ/≡ introduces 8 declarations and 4 rules on top of the Calculus of constructions: 2 declarations for the sort • a constant U of type TYPE, • and a constant ε of type U → TYPE, 1 declaration and 1 rule for the axiom P : 12:25 • a constant Ṗ of type U , • and a rule ε Ṗ → Set (remember that Set is U 2 ), 2 declarations for the sort • a constant U , that we write Scheme, of type TYPE, • and a constant ε , that we write Els, of type Scheme → TYPE, 1 declaration and 1 rule to express that P is a subtype of • a constant ↑ of type Set → Scheme, • and a rule Els (↑ x) → El x (remember that El is ε 2 ), 1 declaration and 1 rule for the rule , , • a constant Π , , , that we write A , of type Πz : U , (ε z → Scheme) → Scheme, • and a rule Els But, again, this theory can be simplified.Indeed, just like P is the only closed irreducible term of type , Ṗ is the only closed irreducible term of type U and thus for any closed term t of type U , the term ε t reduces to Set.So in the type of the constants A and A : Πz : U , (ε z → Scheme) → Scheme and Πz : U , (ε z → Prop) → Prop, we can replace the expression ε z with Set.Then, as there is no point in building a function space whose domain is a singleton, we can simplify these type further to (Set → Scheme) → Scheme and (Set → Prop) → Prop.Accordingly, the associated reduction rules simplify to that is, the 5 axioms (Scheme), (Els), (↑), ( A ), and ( A ). Adding these 5 axioms to the 10 axioms defining the Calculus of constructions yields the 15 axioms (Set), (El), (ι), (Prop), (Prf), (⇒ d ), (∀), (o), (Y d ), (π), (Scheme), (Els), (↑), ( A ), and ( A ) defining the Calculus of constructions with prenex predicative polymorphism [Thi20].

Conclusion
The theory U is thus a candidate for a universal theory where proofs developed in various proof systems: HOL Light, Isabelle/HOL, HOL 4, Coq, Matita, Lean, PVS, etc. can be expressed.This theory can be complemented with other axioms to handle inductive types, recursive functions, universes, etc. [Ass15,Thi20,Gen20].Note however that the various axioms currently proposed for encoding recursive functions are based on rewriting and may be difficult to translate to systems requiring termination proofs.Using recursors should make this much easier.
Each proof expressed in the theory U can use a sub-theory of the theory U, as if the other axioms did not exist: the classical connectives do not impact the constructive ones, propositions as objects and functionality do not impact predicate logic, dependent types and predicate subtyping do not impact simple types, etc.
The proofs in the theory U can be classified according to the axioms they use, independently of the system they have been developed in.Finally, some proofs using classical connectives and quantifiers, propositions as objects, functionality, dependent types, or predicate subtyping may be translated into smaller fragments and used in systems different from the ones they have been developed in, making the theory U a tool to improve the interoperability between proof systems.
In some cases, a proof can be directly transferred from one system to the other if it does not use some axioms.For instance, [Wan16] showed that many proofs coming from HOL were in fact constructive.However, we usually need to apply some transformations on proofs to transfer them from one sub-theory to the other.For instance, by replacing a dependent arrow by a non-dependent one when the second argument is not actually dependent, by applying some morphism on type universes [Thi20], or by trying to eliminate some uses of the excluded middle [Cau16], which is part of the axioms of Isabelle/HOL [Pau21], Lean [Car19] and automated theorem provers.Some of the sub-theories of U are known to be consistent, but one may wonder whether the theory U itself is consistent.We conjecture that it is but leave this difficult problem for future work.A solution may be to extend the model developed by the second author in [Dow17] for proving the consistency of the encoding of HOL.
R A : s Σ,R Γ, x : A well-formed (decl) o : Set (o-decl) and a rule identifying El o and Prop El o → Prop (o-red)

3. 16 .
Dependent types.When we have the axioms (El), (ι), and (Y), the type I → I of the term succ is equivalent to the type El (ι Y ι).Hence, this type I → I is in the image of the embedding El.The symbol array introduced in Section 3.11 has the type I → Set and similarly if we have a predicate symbol ≤: El (ι Y ι Y o), the term λn : I, psub ι (λm : I, m ≤ n) also has the type I → Set.Unlike the type I → I the type I → Set is not in the image of any embedding.It is well-formed in the framework but not in the theory itself.
Set1 : TYPE (Set1-decl) set : Set1 (set-decl) 12:13 a new arrow d : Πx : Set, (El x → Set1) → Set1 ( d -decl) and an embedding of Set1 into TYPE, similar to the embeddings Prf and El Ty : Set1 → TYPE (Ty-decl) and we identify Ty set with Set-like El o is identified with Prop-and the dependent arrow d with a product type Ty set → Set (set-red) Ty (x d y) → Πz : El x, Ty (y z) ( d -red)

Figure 2 :
Figure 2: The wind rose.In black: Minimal, Constructive, and Ecumenical predicate logic.In orange: Minimal, Constructive, and Ecumenical simple type theory.In green: Simple type theory with prenex polymorphism.In blue: Simple type theory with predicate subtyping.In cyan: Simple type theory with predicate subtyping and prenex polymorphism.In pink: the Calculus of constructions with a constant ι, without and with prenex polymorphism.