AN ANALYSIS OF TENNENBAUM’S THEOREM IN CONSTRUCTIVE TYPE THEORY

. Tennenbaum’s theorem states that the only countable model of Peano arithmetic (PA) with computable arithmetical operations is the standard model of natural numbers. In this paper, we use constructive type theory as a framework to revisit, analyze and generalize this result. The chosen framework allows for a synthetic approach to computability theory, exploiting that, externally, all functions definable in constructive type theory can be shown computable. We then build on this viewpoint, and furthermore internalize it by assuming a version of Church’s thesis, which expresses that any function on natural numbers is representable by a formula in PA. This assumption provides for a conveniently abstract setup to carry out rigorous computability arguments, even in the theorem’s mechanization. Concretely, we constructivize several classical proofs and present one inherently constructive rendering of Tennenbaum’s theorem, all following arguments from the literature. Concerning the classical proofs in particular, the constructive setting allows us to highlight differences in their assumptions and conclusions which are not visible classically. All versions are accompanied by a unified mechanization in the Coq proof assistant.


Introduction
There are well-known proofs in classical logic showing that the first-order theory of Peano arithmetic (PA) has non-standard models, meaning models which are not isomorphic to the standard model N.One way to do so (cf.[BBJ02]), starts by adding a new constant symbol c to the language of PA, together with the enumerable list of new axioms c ̸ = 0, c ̸ = 1, c ̸ = 2 etc.This theory has the property that every finite subset of its axioms is satisfied by the standard model N, since we can always give a large enough interpretation of the constant c in N. Hence, by the compactness theorem, the full theory has a model M, which must then be non-standard since the interpretation of c in M corresponds to an element which is larger than any number n in N.
The presence of non-standard elements like this has interesting consequences.PA can prove that for every bound n, sums of the form k≤n a k exist, so in particular for example the Gaussian sum k≤n k.The presence of the non-standard element c in M allows for the creation of infinite sums like k≤c k.Remarkably, while this means that it includes a summation over all natural numbers, the model specifies a single element as the result of this infinite sum.A general PA model M therefore exhibits behaviors which disagree with the common intuition that computations in PA are finitary, which are-in the end-largely based on the familiarity with the standard model N.
These intuitions are still not too far off the mark, as was demonstrated by Stanley Tennenbaum [Ten59] in a remarkable theorem.By being a little more restrictive on the models under consideration, N regains a unique position: Tennenbaum's Theorem: Apart from the standard model N, there is no countable computable model of first-order PA.
A model is considered computable if its elements can be coded by numbers in N, and the arithmetic operations on its elements can be realized by computable functions on these codes.Usually, Tennenbaum's theorem is formulated in a classical framework such as ZF set theory, and the precise meaning of computable is given by making reference to a concrete model of computation like Turing machines, µ-recursive functions, or the λcalculus [Kay11,Smi14].In a case like this, where computability theory is applied rather than developed, the computability of a function is rarely proven by exhibiting an explicit construction in the specific model, but rather by invoking the informal Church-Turing thesis, stating that every function intuitively computable is computable in the chosen model.Proving the computability of a function is then reduced to giving an intuitive justification.
The focus of this paper lies on revisiting Tennenbaum's theorem and several of its proofs in a constructive type theory (CTT).In contrast to classical treatments, the usage of a constructive meta-theory enables us to formally assume Church's thesis [Kre70,TvD88,For21a] in the form of an axiom, stating that every total function is computable.By its usage, the elegant and succinct paper-style computability proofs can be reproduced, but in a fully formal manner, also allowing for straightforward mechanized proofs.
In the constructive type theory that we will specify in Section 2, the addition of this axiom becomes possible since we can adapt the approach of synthetic computability [Ric83, Bau06, FKS19]: Any function term that is definable in CTT by the virtue of its syntactic rules, can externally be observed to be a computable function.Following through on this external observation, it can be taken as a justification to also internally treat functions as if they were computable.For example, we will make use of this perspective when defining a predicate on a type X to be decidable if there exists a function f : X → B computing booleans which reflect the truth values of p (Definition 2.4).
This approach leads to a simplification when it comes to the statement of Tennenbaum's theorem itself: By interpreting arithmetic operations as type-theoretic functions in CTT, all models are automatically computable in the synthetic sense.Consequently, "computable model" no longer needs to be part of the theorem statement.Moreover, the given synthetic proofs unveil the computational essence of Tennenbaum's theorem with neither the technical overhead of constructions in a formal model of computability nor the informal practice to simply disregard computability arguments.The paper therefore contributes to an active line of research on mechanized metamathematics [Kir22] with the two-fold goal to obtain a uniform and constructive development of the foundations of mathematics, complemented by a principled mechanization for guaranteed correctness and collaborative use.
In the above sketched framework, we follow the classical presentations of Tennenbaum's theorem [Kay11,Smi14] and develop constructive versions that only assume a type-theoretic version of Markov's principle [MC17].This is then complemented by the adaption of an inherently more constructive variant given by McCarty [McC87,McC88].
Concretely, our contributions can be summarized as follows: • We review several existing proofs of Tennenbaum's theorem drawn from the literature, and carry them out in a constructive meta-theory.We work out subtle differences in the strengths of their conclusions, which are left invisible in any classical treatment, but come to light once they are viewed through a constructive lens.• By considering models with a decidable divisibility relation (Theorem 7.10), we extend the theorem to models which do not have to be discrete or enumerable.• We provide a Coq mechanization covering all results presented in this paper. 1 The present paper is an extended version of [HK22] and adds the following contributions: • In [HK22], we only gave a reference to a possible proof strategy for showing the existence of HA-inseparable formulas (Definition 7.11).A comment in [Pet22] pointed to a more straightforward approach, which we were able to mechanize, and have added to Section 7.3.• We added a short discussion in Section 7.4, in which we aim to abstractly identify the main ingredients that are used in Section 7.3 to derive Tennenbaum's theorem.• Our Coq mechanization has been re-based and now relies on a collaborative Coq library for first-order logic [KHD + 22], to which we have contributed by integrating the mechanization developed for this publication.This integration not only enabled the utilization of preexisting definitions for ∆ 1 and Σ 1 -formulas but also provides additional validation for our application of Church's thesis for Robinson arithmetic (CT Q ), given the library includes its derivation from a more conventional formulation of Church's thesis [KP23].• The presentation of several proofs, definitions and theorem statements in Section 5 and Section 7 has been revised.Additionally, a mistake in [HK22] has been corrected; the original version of HA-coding (cf.[HK22] Hypothesis 2) was not constructively provable, the new one (Hypothesis 7.20) is.To conclude this introduction, we give a brief overview on the structure of the paper, in the order that we consider most suitable for a first reading: The main results of the analysis are summarized in Section 8, where we give a tabulated overview on the different variants of Tennenbaum's theorem that result from the various proofs.It clarifies which assumptions are made for each version, and we give a brief discussion of what to take from these differences.The complete proofs are covered in Section 7, ending with Section 7.4 in which we abstractly capture the essence of Tennenbaum's theorem.
In Section 6 we motivate and introduce our chosen formulation of Church's thesis which is utilized as an axiom.Basic results about PA's standard and non-standard models are shown in Section 4 and then used in Section 5 to establish results that allow the encoding of predicates on N, which are essential in the proof of Tennenbaum's theorem.
To make the paper self-contained, we also give an introduction to the essential features of constructive type theory, synthetic computability, and the type-theoretic specification of first-order logic in Section 2. This is continued in Section 3 by the presentation of the first-order axiomatization of PA as given in previous work [KH21,KH23].

Preliminaries
2.1.Constructive Type Theory.The chosen framework for this paper is a constructive type theory (CTT).More specifically, it will be the calculus of inductive constructions (CIC) [CH88,PM93] which is implemented in the Coq proof assistant [Coq23].It provides a predicative hierarchy of type universes above a single impredicative universe P of propositions and the capability of inductive type definitions.On the type level, we have the unit type 1 with a single element, the void type 0, function spaces X → Y , products X × Y , sums X + Y , dependent products 2 ∀(x : X).A x, and dependent sums Σ(x : X).A x. On the propositional level, analogous notions to the one listed for types in the above are present, but denoted by their usual logical notation (⊤, ⊥, →, ∧, ∨, ∀, ∃). 3 It is important to note that the so-called large eliminations from the impredicative P into higher types of the hierarchy are restricted.In particular, it is generally not possible to show (∃x.p x) → Σx. p x. 4 The restriction does however allow for large elimination of the equality predicate = of type ∀X.X → X → P, as well as function definitions by well-founded recursion.
We will also use the basic inductive types of Booleans (B := tt | ff), Peano natural numbers (n : N := 0 | n+1), the option type (O(X) := • x | ∅) and lists (l : List(X) := [ ] | x::l).Furthermore, by X n we denote the type of vectors ⃗ v of length n : N over X.
Given predicates P, Q : X → P on a type X, we will occasionally use the set notation P ⊆ Q for expressing ∀x : X. P x → Q x. 2.2.Synthetic Computability.As already expressed in Section 1, constructive type theory permits us to take a viewpoint that considers all functions to be computable functions, yielding simple definitions [FKS19] of many textbook notions of computability theory: Definition 2.3 (Enumerability).Let p : X → P be some predicate.We say that p is enumerable if there is an enumerator f : N → O(X) such that ∀x : X. p x ↔ ∃n.f n = • x.
Definition 2.4 (Decidability).Let p : X → P be some predicate.We call f : X → B a decider for p and write decider p f iff ∀x : X. p x ↔ f x = tt.We then define the following notions of decidability: • Dec p := ∃f : X → B. decider p f • dec(P : P) := P + ¬P .
In both cases we will often refer to the predicate or proposition simply as being decidable.
We also expand the synthetic vocabulary with notions for types.In the textbook setting, many of them can only be defined for sets which are in bijection with N, but synthetically they can be handled in a very uniform way.
Definition 2.5.We call a type X Fact 2.6.In CIC, the types N and N 2 are witnessing.

2.3.
First-Order Logic.In order to study Tennenbaum's theorem, we need to give a description of the first-order theory of PA and the associated intuitionistic theory of Heyting arithmetic (HA), which has the same axiomatization, but uses intuitionistic first-order logic.We follow prior work in [FKS19, FKW21, KH21] and describe first-order logic as embedded inside the constructive type theory, by inductively defining formulas, terms, and the deduction system.We then define a semantics for this logic, which uses Tarski models and interprets formulas over the respective domain of the model.The type of natural numbers N will then naturally be a model of HA.
Before specializing to one particular theory, we keep the definition of first-order logic general and fix some arbitrary signature Σ = (F; P) for function and predicate symbols.
Definition 2.7 (Terms and Formulas).We define terms t : tm and formulas φ : fm inductively: where |f | and |P | are the arities of the function symbol f and predicate symbol P , respectively.
We use de Bruijn indexing to formalize the binding of variables to quantifiers.This means that the variable x n at some position in a formula is bound to the n-th quantifier preceding this variable in the syntax tree of the formula.If there is no quantifier binding the variable, it is said to be free.Definition 2.8 (Substitution).Given a variable assignment σ : N → tm we recursively define substitution on terms by ), and extended to formulas by where □ is any logical connective and ∇ any quantifier.The variable assignment x; σ is defined by (x; σ) 0 := x as well as (x; σ)(n + 1) := σ n and simply appends x as the first element to σ : N → tm.By ↑ we designate the assignment λn.x n+1 shifting all variable indices by one.
Definition 2.9 (Natural Deduction).Natural deduction ⊢ : List(fm) → fm → P is characterized inductively by the usual rules (see Appendix A).We write ⊢ for intuitionistic natural deduction and ⊢ c for the classical variant, which extends ⊢ by adding every instance of Peirce's law Definition 2.10 (Tarski Semantics).A model M consists of a type D designating its domain together with functions f M : D |f | → D and P M : D |P | → P for all symbols f in F and P in P. We will also use M to refer to the domain.Functions ρ : N → M are called environments and are used as variable assignments to recursively give evaluations to terms: This interpretation is then extended to formulas via the satisfaction relation: We say that a formula φ holds in the model M and write M ⊨ φ if for every ρ we have M ⊨ ρ φ.We extend this notation to theories T : fm → P by writing M ⊨ T iff ∀φ.T φ → M ⊨ φ, and we write T ⊨ φ if M ⊨ φ for all models M with M ⊨ T .Given a e : M, we also use the notation M ⊨ φ(e) for all ρ we have M ⊨ e;ρ φ.
From the next section on, we will use conventional notation with named variables instead of explicitly writing formulas with de Bruijn indices.

Axiomatization of Peano Arithmetic and Heyting Arithmetic
We present PA following [KH21], as a first-order theory with a signature consisting of symbols for the constant zero, the successor function, addition, multiplication and equality: The finite core of PA axioms consists of statements characterizing the successor function, as well as addition and multiplication: 6 Another way to treat the distinction between classical and intuitionistic theories would be to add all instances of Peirce's law to the axioms of a theory, instead of building them into the deduction system.
We then get the full (and infinite) axiomatization of PA with the axiom scheme of induction for unary formulas.In our meta-theory the schema is a type-theoretic function on formulas: If instead of the induction scheme we add the axiom ∀ x. x = 0 ∨ ∃ y. x = Sy, we get the theory Q known as Robinson arithmetic.Both PA and Q also contain axioms for equality: Using classical derivability ⊢ c we get the classical first-order theory of Peano arithmetic PA ⊢ c .Its intuitionistic counterpart PA ⊢ uses intuitionistic derivability ⊢ and is called Heyting arithmetic.Given that the constructive type theory selected for this work only provides a model for the intuitionistic theory, we will restrict our focus on Heyting arithmetic.
To emphasize this, we will from now on write HA instead of PA.
For simplicity, we only consider models that interpret the equality symbol with the actual equality relation of its domain, so-called extensional models.In the Coq development we make the equality symbol a syntactic primitive, therefore enabling the convenient behavior that the interpreted equality reduces to actual equality.Definition 3.1.We recursively define a function • : N → tm by 0 := 0 and n + 1 := Sn, giving every natural number a representation as a term.Any term t which is of the form n will be called numeral.
We furthermore use notations for expressing less than x < y := ∃ k.S(x + k) = y, less than or equal x ≤ y := ∃ k. x + k = y and for divisibility x | y := ∃ k. x × k = y.
The formulas of HA can be classified in a hierarchy based on their computational properties.We will only consider two levels of this hierarchy: Given a Σ 1 -formula ∃x 1 . . .∃x n .φwhere φ is ∆ 1 , we can prove it equivalent to the formula ∃x ∃x 1 < x . . .∃x n < x. φ.Since ∆ 1 -formulas stay ∆ 1 if they are closed by a bounded quantifier, this shows that the initial Σ 1 -formula can be written as a ∆ 1 -formula, which is preceded by exactly one existential quantifier.We will occasionally make use of this fact and refer to it as Σ 1 -compression.A more syntactic definition of ∆ 1 would characterize them as the formulas which are equivalent to both a Π 1 and Σ 1 -formula.For our purposes the definition which only stipulates the necessary decidability properties is sufficient, as it implies the absoluteness and completeness properties we will need [KP23]: Fact 3.4 (∆ 1 -Absoluteness).Let M ⊨ HA and φ be any closed ∆ 1 -formula, then we have N ⊨ φ → M ⊨ φ.

Standard and Non-standard Models of HA
From now on M will always designate a HA model.Any model like this has an interpretation 0 M of the zero symbol, as well as an interpretation S M : M → M of the symbol for the successor.By repeated application of S M we can therefore get the sequence of elements 0 M , S M 0 M , S M S M 0 M , . .., essentially giving us a copy of the standard numbers inside M. We will now put this intuition more formally.
Fact 4.1.We recursively define a function ν : N → M by ν 0:=0 M and ν (n + 1):=S M (ν n).Furthermore, we define the predicate std := λe.∃n.ν n = e and refer to e as a standard number if std e and non-standard if ¬ std e.We then have (1) ρ n = ν n for any n : N and environment ρ : N → M.
(2) ν is an injective homomorphism and therefore an embedding of N into M.Both facts are taken as justification to abuse notation and also write n for ν n.
Usually we would have to write 0 M , S M , + M , × M , = M for the interpretations of the respective symbols in a model M. For better readability we will however take the freedom to overload the symbols 0, S, +, •, = to also refer to these interpretations.Definition 4.2.M is called a standard model if there is a bijective homomorphism φ : N → M. We will accordingly write M ∼ = N if this is the case.
We can show that ν is essentially the only homomorphism from N to M we need to worry about, since it is unique up to extensional equality of functions: Lemma 4.3.Let φ : N → M be a homomorphism, then ∀x : N. φ x = ν x.
Proof.By induction on x and using the fact that both are homomorphisms.
We now have two equivalent ways to express standardness of a model.Proof.Given M ∼ = N, there is an isomorphism φ : N → M. Since φ is surjective, Lemma 4.3 implies that ν must also be surjective.For the converse: if ν is surjective, it is an isomorphism since it is injective by Fact 4.1.
Having seen that every model contains a unique embedding of N, one may wonder whether there is a formula φ which could define and pick out precisely the standard numbers in M. Lemma 4.5 gives a negative answer to this question: Lemma 4.5.There is a unary formula φ(x) with ∀e : M. std e ↔ M ⊨ φ(e) if and only if M ∼ = N.
Proof.Given a formula φ with the stated property, we certainly have M ⊨ φ(0) since 0 is a standard number, and clearly M ⊨ φ(x) =⇒ std x =⇒ std (Sx) =⇒ M ⊨ φ(Sx).Thus, by induction in the model, we have M ⊨ ∀x.φ(x), which is equivalent to ∀e : M. std e.The converse implication holds by choosing the formula x = x.
We now turn our attention to models which are not isomorphic to N. • not standard (written M ̸ ∼ = N) iff ¬M ∼ = N.
We will also write e : M > N to express that e is a non-standard element in M.
Of course, we have M > N → M ̸ ∼ = N, but the converse implication does not hold constructively in general, so the distinction of both notions becomes meaningful.Proof.
(1) Assuming ∀e : M. M ⊨ φ(e) → std e and combining it with our assumption that φ holds on all numerals, Lemma 4.5 implies M ∼ = N, giving us a contradiction.For (2) note that we constructively have that ¬∃e : M. ¬std e ∧ M ⊨ φ(e) implies ∀e : M. M ⊨ φ(e) → ¬¬ std e, and by using the stability of std we therefore get a contradiction in the same way as in (1).Statement (3) immediately follows from (2).
From Lemma 4.8 we learn that under certain conditions, whenever a formula is satisfied on all standard numbers n, this satisfaction "spills over" into the non-standard part of the model, meaning there is a non-standard element which also satisfies the formula.In the next section, we will encounter our first application of this principle.

Coding Finite and Infinite Predicates
There is a standard way in which finite sets of natural numbers can be encoded by a single natural number.Assuming we have some injective function π : N → N whose image consists only of prime numbers, and given a finite set of numbers like S := {4, 13, 21, 33}, we can encode this set by the single number c := π 4 • π 13 • π 21 • π 33 .It then satisfies n ∈ S ↔ π n | c, allowing us to reconstruct S by checking which primes divide c.
Instead of applying this to sets, we can also use it to encode bounded portions of predicates on N.
Lemma 5.1.Given n : N and any predicate p : N → P with ∀x < n. p x ∨ ¬ p x, we have The right part of the conjunction assures that no primes above π n end up in the code c.
Proof.We do a proof by induction on n.For n = 0 we can choose c:=1.In the induction step, the induction hypothesis gives us a code c : N which codes p up to n.Since by assumption, p is definite below Sn, we know that p n ∨ ¬p n, allowing us to consider two cases: If p n, we set the new code to be c ′ := c • π n , if ¬p n we simply set c ′ := c.In both cases one can now verify that c ′ will correctly code p up to Sn.
Corollary 5.2 (Finite Coding in N).Given any p : N → P and bound n : N, we have Note that if p is definite, we can drop the ¬¬.
Proof.If p is definite, we trivially have ∀x < n. p x ∨ ¬ p x, so Lemma 5.1 gives us the ¬¬-free existence as claimed.Without assuming definiteness, we can still constructively show ¬¬(∀x < n. p x ∨ ¬ p x) by induction on n, which combined with Lemma 5.1 gives us the existence, but behind a double negation.
With a proof of the encoding in N we can give a straightforward proof that this is possible in any model of HA.
Remark 5.3.To formulate the above result in a generic model M ⊨ HA, we require an object-level representation of the prime function π.For now, we will simply assume that we have such a binary formula Π(x, y) and defer the justification to Section 6.
The statement "π u divides c" can now be expressed by ∃ p. Π(u, p) ∧ p | c, for which we will abuse notation and simply write Π(u) | c.
Lemma 5.4 (Finite Coding in M).For any binary formula α(x, y) and n : N we have Proof.Let e : M, and define the predicate p := λu : N. M ⊨ α(u, e).Then Corollary 5.2 potentially gives us a code a : N for p up to the bound n.It now suffices to show that the actual existence of a : N already implies And indeed, we can verify that c = a shows the existential claim: given u : M with M ⊨ u < n we can conclude that u must be a standard number u.We then have the equivalences since a codes p and Π represents π.
Overspill now has interesting consequences when it comes to encoding, as for models that are not standard, it allows for the potential encoding of a complete predicate p : N → P, and therefore also of infinite subsets.Proof.Using Lemma 5.4 for the present case where α is unary, we get for every n : N, so by Lemma 4.8 (Overspill) we get where we used that since the equivalence holds for all u < e with e non-standard, it will in particular hold for all u : N.
Lemma 5.6.If std is stable and M ̸ ∼ = N, then for binary α(x, y) and e : M we have Proof.Analogous to the proof of Lemma 5.5.
These coding results allow us to connect a unary formula α to an element c : M of the model, in such a way that the decidability of the divisibility for c will entail the decidability of M ⊨ α( • ).

Church's Thesis for First-Order Arithmetic
Church's thesis (CT) is an axiom of constructive mathematics which states that every total function is computable.We will assume a version of it in this paper, since by its addition to the ambient type theory, we merely need to show that a function can be defined at all, to prove its computability.This makes it possible to stay completely formal, yet achieve a textbook-style conciseness for proofs involving computability, even in their mechanization.
This addition is not possible in every meta-theory.If we were to add it to ZF, it would immediately imply the computability of the function that solves the halting problem, leading to an inconsistent theory.In general however, theories that tend to the constructive side do allow for the consistent addition of this axiom.In the type theory we use in this paper, this is achieved by strictly distinguishing between functional relations and total functions.The aforementioned function that solves the halting problem in ZF can only be shown to be a functional relation, which means we can still safely assume total functions to be computable.Currently, there is no consistency proof for CT (cf.Section 7.1 in [For21b]) and the exact type theory we are using, but there are proofs showing that it can be consistently added to very similar systems [Yam20,SU19].
Since CT makes reference to computability, its exact form as an axiom does not only depend on the theory in which it is assumed, but also on the model of computation it makes reference to.Robinson's Q, a finitely axiomatized arithmetical system, is expressive enough to serve as a computational model, and is a particularly well-suited choice in our case, leading us to the following formulation of CT which we assume for the remainder of the paper: Axiom 6.1 (CT Q ).For every function f : N → N there exists a binary Σ 1 -formula φ f (x, y) such that for every n : N we have Q ⊢ ∀y.φ f (n, y) ↔ f n = y.
Note that CT Q can be derived from the more conventional version of Church's thesis for µ-recursive functions [KP23]. 7Using CT Q we can get an internal representation φ f of any computable function f , allowing us to reason about the function inside of first-order arithmetic.We also have an immediate use-case for CT Q , since applying it to the injective prime function π lets us settle the earlier Remark 5.3: Fact 6.2.There is a binary Σ 1 -formula representing the injective prime function π in Q.
In Section 2.1 we defined decidable and enumerable predicates in a synthetic way, but using CT Q we can now give characterizations and representations of such predicates by formulas in Q (cf.[Raa21]).Definition 6.3.We call p : N → P weakly representable if there is a Σ 1 -formula φ p (x) such that ∀n : N. p n ↔ Q ⊢ φ p (n), and strongly representable if instead, p n → Q ⊢ φ p (n) and ¬p n → Q ⊢ ¬φ p (n) hold for every n : N. Lemma 6.4 (Representability Theorem).Assume CT Q , and let p : N → P be given.
(1) If p is decidable, it is strongly representable.
(2) If p is enumerable, it is weakly representable.
7 In [KP23], the abbreviation CT Q was used to refer to a version of Church's thesis which applies to partial functions.From the partial version, the version for total functions can be derived, and in this paper we use CT Q to refer to the latter, total version.
Proof.If p is decidable, then there is a decider N → B which can be used to define a function f : N → N such that ∀x : N. p x ↔ f x = 0, and by CT Q there is a binary Σ 1 -formula φ f (x, y) representing f .We then define φ p (x) := φ f (x, 0) and deduce which shows that p is strongly representable.If p is enumerable, then there is an enumerator N → O(N) which can be used to define a function f : N → N such that ∀x : N. p x ↔ ∃n.f n = x + 1.By CT Q there is a binary Σ 1 -formula φ f (x, y) representing f .We then define φ p (x) := ∃ n. φ f (n, Sx) giving us which shows that p is weakly representable by a Σ 1 -formula.

Tennenbaum's Theorem
With our choice of CTT+CT Q for the meta-theory in place, we now begin with our analysis of Tennenbaum's theorem.We will present several proofs of the theorem from the literature.In a classical meta-theory all of these proofs would yield the same result, but in our constructive setting, they turn out to differ in the strength of their assumptions and conclusions.Almost all the proofs will make use of some coding results for non-standard models from Section 5, enabling us to use a single model element to fully encode the standard part of any predicate p : M → P.
For the proof in Section 7.1 we will assume enumerability of the model, enabling a very direct diagonal argument [BBJ02].In Section 7.2 we look at the proof approach that is most prominently found in the literature [Smi14,Kay11] and uses the existence of recursively inseparable sets.
Another refinement of this proof was proposed in a post by Makholm [Mak14] and comes with the advantage that it circumvents the usage of Overspill.Strikingly, it turns out that in the constructive setting, this eliminates the necessity for MP, which is required for the standard proof using inseparable sets.Additionally, we look at the consequences of Tennenbaum's theorem once the underlying semantics is made explicitly constructive.The latter two variations are discussed in Section 7.3.7.1.Via a Diagonal Argument.We start by noting that every HA model can prove the most basic fact about division and remainders.
Proof.For Euclid's lemma, there is a standard proof by induction on e.The uniqueness claim requires some basic results about the strict order.Proof.Let n : N and d : M be given.By Lemma 7.1 we have ∃q ′ , r ′ : M. d = q ′ • n + r ′ .This existence is propositional, so presently we cannot use it to give a decision for n | d.Since M is enumerable, there is a surjective function g : N → M and the above existence therefore shows ∃q, r : N. d = (g q) • n + (g r).Since equality is decidable in M and N 2 is witnessing, we get Σq, r : N. d = (g q) • n + (g r), giving us computational access to r, now allowing us to construct the decision.By the uniqueness part of Lemma 7.1 we have g r = 0 ↔ n | d, so the decidability of n | d is entailed by the decidability of g r = 0.
(1) is trivial by Lemma 4.4.(2) The implication ∀e.std e → ¬∃e.¬std e holds constructively, but the converse needs the stability of std.For (3), recall that std e stands for ∃n : N. n = e.Since n = e in M is decidable, stability follows from Fact 2.6.Lemma 7.4.If std is stable, M ̸ ∼ = N, and p : N → P decidable, then potentially there is a code c : M such that ∀n : Proof.By Lemma 6.4, there is a formula φ p strongly representing p.Under the given assumptions, we can use the coding Lemma 5.5, yielding a code c : M for the formula φ p , such that ∀u : N. M ⊨ φ p (u) ↔ Π(u) | c.Overall this shows: Since p is decidable, the latter implication entails M ⊨ Π(n) | c =⇒ p n, which overall shows the desired equivalence.This gives us the following version of Tennenbaum's theorem: Theorem 7.5.Assuming MP and discrete M, enumerability of M implies M ∼ = N.
Proof.By Lemma 7.3 it suffices to show ¬¬M ∼ = N.So assume M ̸ ∼ = N and try to derive ⊥.Given the enumerability, there is a surjective function g : N → M, allowing us to define the predicate p := λn : N. ¬ M ⊨ π n | g n, which is decidable by Lemma 7.2.By the coding result in Lemma 7.4 there is an e : M which codes p, and by the surjectivity of g, there is some c : N with g c = e.Combined, these facts give us leading to the desired contradiction.7.2.Via Inseparable Predicates.The most frequently reproduced proof of Tennenbaum's theorem [Kay11,Smi14] uses the existence of recursively inseparable sets and non-standard coding to establish the existence of a non-recursive set.
Definition 7.6.A pair A, B : N → P of predicates is called inseparable if they are disjoint and A ⊆ D, B ⊆ ¬D implies the undecidability of D.
Proof.We use an enumeration Φ n : fm of formulas to define predicates A:=λn : N. Q ⊢ ¬ Φ n (n) and B := λn : N. Q ⊢ Φ n (n), which are disjoint since Q ̸ ⊢ ⊥, and enumerable since proofs over Q can be enumerated.Given a predicate D with A ⊆ D, B ⊆ ¬D and assuming it were decidable, Lemma 6.4 gives us a formula strongly representing D, and by the enumeration there is d : N such that Φ d is said formula.Everything together gives us the following chain of implications: Since this shows D d ⇐⇒ ¬D d, we must conclude that D is undecidable.
Proof.Use weak representability (Lemma 6.4) on the predicates given by Lemma 7.7.
Contrary to the proof delineated in Section 7.1, the alternative proof via inseparable sets eliminates the need for enumerability of the model.Furthermore, we will now factor Tennenbaum's theorem into two parts, mirroring what Kaye does in [Kay11].He first shows that for any non-standard model M, a non-recursive coded set exists within M, and separately to this, he establishes that computability of the model would entail the recursiveness of all coded sets.Combining both of these results then yields Tennenbaum's theorem.In the following we will focus on the first part, and establish the existence of an undecidable predicate, which is coded by an element of M. Our coding here concretely uses prime numbers, but in Section 7.4, we will revisit a more abstract perspective on the coding.Proof.We will assume ¬∃d.¬Dec( • | d) and try to reach a contradiction.By Corollary 7.8 there is a pair α ′ , β ′ of inseparable unary Σ 1 -formulas.By Σ 1 -compression, they can be written in the form ∃w. α(w, x) and ∃w.β(w, x), where α, β are ∆ 1 .Since they are disjoint, we have: for every bound n : N. Due to its bounded quantification, the above formula is also ∆ 1 , allowing us to use ∆ 1 -absoluteness (Fact 3.4) to get According to McCarty [McC88], the existence of HA-inseparable formulas can be established by taking the construction of inseparable formulas as seen in Lemma 7.7, and internalizing the given proof within HA.However, as pointed out in [Pet22] (Fact 6.1), Rosser's trick [Ros36] can be used to construct the desired HA-inseparable formulas from the inseparable formulas given by Corollary 7.8.Definition 7.12 (Rosser Formula).Given any binary formulas α(t, x) and β(t, x) we define Intuitively, if we interpret ∃t.α(t, x) as "There is some time t at which α(t, x) can be verified ", then (α < β)(x) expresses that α( • , x) will be verified before β( • , x).Lemma 7.13 (Disjointness of Rosser Formulas).HA ⊢ ∀x.
Proof.Our goal is to prove (α < β)(x), (β < α)(x), HA ⊢ ⊥.From the formulas in the context of the derivation, we can conclude that there are terms t, t ′ such that From this we get t ′ < t ∧ t < t ′ and then clearly HA ⊢ t < t ′ → t ′ < t → ⊥. existence would yield a countable and computable non-standard model of PA, which at first glance seems to the statement of Tennenbaum's theorem.For any countable non-standard model of PA however, Theorem 7.21 and Lemma 7.2 entail that neither equality nor apartness can be decidable.This is similar in spirit to the results in [GH17], showing that even if the functions of the model are computable, non-computable behavior still emerges, but in relation to equality.8.2.Coq Mechanization.The Coq development is axiom-free and the usage of crucial but constructively justified assumptions CT Q , MP and AUC is localized in the relevant sections.Apart from these, there is Hypothesis 7.20 which is taken as an additional assumption in the relevant sections.We have given details as to how this hypothesis can be proven, but since we did not yet mechanize the proof, we wanted to make its assumption on the level of the mechanization very explicit, by labeling it as a hypothesis in the accompanying text.
The development depends on and contributes to a growing collaborative Coq library for first-order logic [KHD + 22].Restricting to the files for this project, the line count is roughly 3600 lines of code.From those, 1500 lines on basic results about N and PA models were reused from earlier work [KH21].Notably, the formalization of the various coding lemmas from Section 5 took 470 lines and all variants of Tennenbaum's theorem together amount to a total of only 800 lines.8.3.Related Work.Classical proofs of Tennenbaum's theorem can be found in [BBJ02,Smi14,Kay11].There are also refinements of the theorem which show that computability of either operation suffices [McA82] or which reduce the argument to a weaker induction scheme [Wil85,CMW82].Constructive accounts were given by McCarty [McC87,McC88] and Plisko [Pli90], and a relatively recent investigation into Tennenbaum phenomena was conducted by Godziszewski and Hamkins [GH17].
For an account of CT as an axiom in constructive mathematics we refer to Kreisel [Kre70] and Troelstra [Tro73].Investigations into CT and its connections to other axioms of synthetic computability based on constructive type theory were done by Forster [For21a,For22].While there is no proof for the consistency of CT in CIC, there are consistency proofs for very similar systems [Yam20,SU19,For22].
Compared to the previous conference paper [HK22], this extended journal version relies on the slightly different definition of Σ 1 and ∆ 1 -formulas used by Kirst and Peters [KP23].Moreover, they give a derivation of our formulation of CT Q from a more conventional formulation of Church's thesis, illustrating that CT Q is a convenient axiom for sidestepping much of the first-order encoding overhead, while the work needed to formally capture computation within Q is feasible in its mechanization.
Presentations of first-order logic in the context of proof-checking have already been discussed and used, among others, by Shankar [Sha86], Paulson [?], O'Connor [O'C05], as well as Han and van Doorn [HvD20].We make use of the Coq library for first-order logic [KHD + 22, HKK21], which has evolved from several previous projects [FKS19, FKW21, KLW20, KH21] and depends on the Coq library of undecidability proofs [FLWD + 20].
Synthetic computability theory was introduced by Richman and Bauer [Ric83, Bau06] and initially applied to constructive type theory by Forster, Kirst, and Smolka [FKS19].Their synthetic approach to undecidability results has been used in several other projects, all merged into the Coq library of undecidability proofs [FLWD + 20].8.4.Future Work.By relying on the synthetic approach, our treatment of Tennenbaum's theorem does not explicitly the computability of addition or multiplication of the model.To make these assumptions explicit again, and to also free our development from the necessity of adapting this viewpoint, we could assume an abstract version of CT which makes reference to a T predicate [Kle43,For21a] and is then used to axiomatize T -computable functions.Combining this with a version of CT that stipulates the computability of every T -computable function, would then allow us to specifically assume T -computability for either addition or multiplication, and to formalize the result that T -computability of either operation leads to the model being standard [McA82].
In this work, we have mechanized one of the two hypotheses that remained unmechanized in [HK22], leaving solely the object level coding lemma (Hypothesis 7.20) yet to be mechanized.Achieving this will necessitate the transformation of the proof provided for Corollary 5.2 into a derivation using the axioms of HA.This task will require the establishment of standard results about prime numbers, akin to what we established on the level of Coq's logic in one of the files.Similar to the mechanization of Lemma 7.14, these proofs will significantly benefit from the proof mode developed in [HKK21].However, even with the proof mode, the translation of these Coq proofs into derivations entails a substantial amount of engineering work.Our preliminary estimates suggest that this will be a relatively independent project on its own, hence we leave it for future exploration.
A more satisfying rendering of McCarty's result would be achieved by changing the semantics (Definition 2.10), and putting the interpretations of formulas on the (proof-relevant) type level instead of the propositional level, therefore removing the need to assume AUC to break the barrier from the propositional to the type level.
Following usual practice in textbooks, we consider the first-order equality symbol as a syntactic primitive and only regard models interpreting it as actual equality in Coq.When treated as axiomatized relation instead, we could consider the (slightly harder to work with) setoid models and obtain the more general result that no computable non-standard setoid model exists.
There are interesting parallels when comparing the proofs of Tennenbaum's theorem and proofs of the first incompleteness theorem.In particular, we saw that the usage of HA-inseparable sets, and therefore the usage of Rosser's trick, leads to an improvement of the constructive Tennenbaum result.Connections between the two theorems are wellknown [Kay91,Kay11], but it should be interesting to combine the presented work with work like [KP23], to study their connection in a constructive framework.We hope that this work has illustrated the value of such projects, as they can shed new light on old proofs, bringing forward their constructive content.
Since we are assuming M > N, we have M ̸ ∼ = N, which together with the stability of std allows us to use both Overspill (Lemma 4.8) and coding for predicates (Lemma 5.6).Overspill gives us the potential existence of an element e : M > N with M ⊨ ∀ x w v < e. α(w, x) → β(v, x) → ⊥ which shows the disjointness of α, β when everything is bounded by e.By the coding result, we can get a code c : M which satisfies∀u : N. M ⊨ (∃ w < e. α(w, u)) ↔ Π(u) | cGiven the above equivalence between D := λn : N. M ⊨ ∃ w < e. α(w, n) and Π( • ) | c, our initial assumption ¬∃d.¬Dec( • | d) entails that D cannot be undecidable.However, we will now see that D separates the given inseparable formulas:(1) Q ⊢ ∃ w. α(w, • ) ⊆ D (2) Q ⊢ ∃ w. β(w, • ) ⊆ ¬Dwhich will establish its undecidability.(1)If Q ⊢ ∃ w. α(w, n) there is w : N with N ⊨ α(w, n) and M ⊨ α(w, n) by Fact 3.4.Sincew < e we can therefore show D n.(2)If Q ⊢ ∃ w. β(w, n) there is w : N with N ⊨ β(w, n) and M ⊨ β(w, n) by Fact 3.4.Assume we had D n, then there is v < e with M ⊨ α(v, n), which leads to a contradiction since α, β were shown disjoint below e.
Definition 2.1.A proposition P : P is called definite if P ∨¬P holds and stable if ¬¬P → P .The same terminology is used for predicates p : X → P given they are pointwise definite or stable.We furthermore want to recall the following logical principles: ¬¬A 1 → . . .→ ¬¬A n → ¬¬C is equivalent to A 1 → . . .→ A n → ¬¬C and since C → ¬¬C holds, it furthermore suffices to show A 1 → . . .→ A n → C in this case.In the following, we will make use of these facts without further notice.
[McC87,McC88]with the contradiction that D is both potentially decidable and undecidable.7.3.Variants of the Theorem.We now investigate two further variants of the theorem, going back to McCarty[McC87,McC88]andMakholm [Mak14]respectively.They make use of a stronger notion of inseparable formulas, which requires the formulas to be provably disjoint on the object level.
Definition 7.11 (HA-inseparable).A pair of unary formulas α(x), β(x) is called HAinseparable if they are disjoint in the sense of HA ⊢ ¬∃ x. α(x) ∧ β(x) and if any D with Q