**LICENCE:**
This tutorial contains adaptations of material from [Programming Language Foundations in Agda](https://plfa.github.io/) by Phil Wadler and Wen Kokke. It is licensed under Creative Commons Attribution 4.0 International.

# Curry-Howard isomorphism

\begin{align*}
    &\textrm{Logic} && &&\textrm{Computer science}\\
    \hline
    &\textrm{Theorems} &\leftrightarrow &&&
        \textrm{Types} && A \\
    &\textrm{Proofs} &\leftrightarrow &&&
        \textrm{Programs (terms)}
            && a \\
    &\textrm{Proof simplification} &\leftrightarrow &&&
        \textrm{Program execution}
            && \textrm{run } a \\
    \hline
    &\textrm{Proof development} &\leftrightarrow &&&
        \textrm{Programming}
            && \textrm{write } a \\
    &\textrm{Proof checking} &\leftrightarrow &&&
        \textrm{Type checking}
            && \textrm{given } a \textrm{ and } A, \textrm{ does } a : A?\\
    &\textrm{Validity (mathematics)} &\leftrightarrow &&&
        \textrm{Inhabitation problem}
            && \textrm{given } A, \textrm{ is there some $a : A$?}
\end{align*}

<!--- One important difference is that,
while in logic it is enough to have any proof $a$ of a theorem $A$
(in this sense all proofs of $A$ are the same),
in programming not all programs are the same.
For instance, to know that $\mathbb N \to \mathbb N$ is inhabited
it suffices to exhibit any computable total function on the natural numbers.
However, we might be interested in specific such functions, such as factora, Fibonacci, etc.
Moreover, in programming we even go one step further,
since two extensionally equivalent function may be intensionally different,
e.g., smaller/faster programs are preferred. -->

# Programming in Agda

**SYNTAX:**
You can enter `→` by writing `->` and pressing TAB; pressing TAB again goes back to `->`. Similar useful combinations are:

| base form | alternate form |
|:---------:|:--------------:|
| ->  | → |
| \   | λ |
| neg | ¬ |
| top | ⊤ |
| bot | ⊥ |
| /\  | ∧ |
| \/  |  |
| <   | ⟨ |
| >   | ⟩ |

<!---
| forall | ∀ |
| exists | ∃ |
| phi | |
| psi | |
-->

**PRO TRICKS:**
- You can ask Agda to provide the type of a closed expression. Just put the cursor nearby an expression and press SHIFT+TAB.
- You can ask Agda to compute the normal form of an expression enclosed in parantheses, such as `(λ x → x)` (already in normal form).

Starred exercises "**Exercise***" should be skipped on a first reading and dealt with only after all the non-starred one are resolved.

# Intuitionistic propositional logic
## Implication
Intuitionistic implication is implemented as *function space*
$$A \to B.$$
The idea is that a proof of $A \to B$
is a (terminating) *program* $t : A \to B$
that, given a proof $a : A$ of $A$,
always terminates and produces a proof $t\; a : B$ of $B$.
The $\to$-eliminaton rule is implemented by *function application*.
<!--- - The validity problem for implication intuitionistic propositional logic is PSPACE-complete. What is the complexity for the corresponding problem for classical logic? coNP-complete. -->

**Polymorphism:**
The polymorphic identity function in Agda is written as follows:

```agda
id : (A : Set) → A → A
id A x = x
```

(Compare this with the equivalent Haskell definition:
```haskell
id :: A -> A
id x = x
```
Incidentally, note the crucial difference that the typing operator in Agda is `:` instead of `::`.)

Therefore, in Agda `id ℕ` is the identity on the natural numbers,
`id (ℕ → ℕ)` is the identity on functions of natural numbers,
and so on.
It turns out that 1) specifying the argument `A` is boring
and 2) in most cases Agda can infer it from the context.
For these two reasons, Agda allows us to say that some argument is implicit `{A : Set}`, as we demonstrate below.
The cell can be evaluated with SHIFT+ENTER.

In [71]:
module lab01.00 where

-- We start by proving A → A;
-- this is done with the identity function
-- in dependent types, the identity function is parameterised by a set A.

id : {A : Set} → A → A
id a = a

-- apply corresponds to →-elimination (i.e., modus ponens)
-- below, "a→b" is the name of a variable, like "a"
-- (there is nothing special about that "→")
apply : {A B : Set} → (A → B) → A → B
apply a→b = λ a → a→b a

-- we use here lambda-notation;
-- equivalent spellings:
-- apply a→b a = a→b a
-- apply a→b = a→b
-- apply = id' (why?)

-- the last example shows why we will not explicitly use "apply" below.

*Error*(/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/00.agda:1,17-17
/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/00.agda:1,17: in the name 00, the part 00 is not valid because it is a literal
where<ERROR>


-- We start by proving A → A...)


**UNDER THE HOOD:** A code cell must start with a line in the format
```agda
module A.B.C where
```
Upon evaluation, the file `A/B/C.agda` is created on disk from the cell's contents
and fed to the Agda interpreter.
For this reason, it is important to evaluate a cell to ensure that its changes are reflected on disk and can be used from other cells.

**SPACING:**
Agda allows us to be very flexible in the variable names,
which can be strings such as `x`, `idλ`, `a→b`, `&&true`, or even arbitrary unicode symbols `💔`, provided there is no space in-between.
As a consequence, spaces in Agda have a syntactic meaning as separators,
and we need to be very generous with them.

**Exercise 0.** Declare and define a function `twice` that applies a given function two times to its argument.
Use an implicit argument in the definition.
- What is the type of `(twice twice twice)`? Use SHIFT+TAB to verify your guess.
- What does the latter term evaluate to? Use TAB.

In [72]:
module lab01.twice where

-- when there are question marks "?" it means that it must be completed
twice : ?
twice = ?

-- (twice twice twice)

*Type-checking*
*Type-checking*(Checking lab01.twice (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/twice.agda).
)
*All Goals*(?0 : _0
?1 : ?0
Sort _0  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/twice.agda:4,9-10 ]
)


**Exercise 1.** Prove in Agda following theorems of intuitionistic propositional logic:
\begin{align}
(1) &&& (A \to B \to C) \to (A \to B) \to A \to C, \\
(2) &&& (A \to B) \to (A \to C) \to (B \to C \to D) \to A \to D, \\
(3) &&& A \to A \to A.
\end{align}
How many proofs does $(3)$ have?

In [74]:
module lab01.ex01 where

-- your code here

*Type-checking*
*Type-checking*(Checking lab01.ex01 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex01.agda).
)
*All Done*


## True and false

The two truth values $\top$ and $\bot$ are implemented via Agda's data type mechanism.
The intuition is that the type $\top$ has precisely one inhabitant (called `tt` below)
and that $\bot$ has no inhabitants at all.

In [76]:
module lab01.true-false where

-- There is only one way to construct an inhabitant of ⊤,
-- namely with the constructor tt;
-- there is no ⊤-elimination rule
data ⊤ : Set where
  tt : ⊤
  
-- There is no way to construct an inhabitant of ⊥ (the type is empty!)
data ⊥ : Set where

-- there is one ⊥-elimination rule that says that anything can be proved from ⊥
-- the absurd pattern "()" is how we tell Agda that there cannot be any argument to ⊥-elim
-- this allows to derive an inhabitant of A,  for any A!
⊥-elim : {A : Set} → ⊥ → A
⊥-elim ()

-- example use of ⊥-elim
-- Agda can derive that ⊥-elim is applied to type "{A → B}", but we write it for clarity here
p : (A B : Set) → ⊥ → (A → B)
p A B = ⊥-elim {A → B}
-- the same as
-- p A B = ⊥-elim

*Type-checking*
*All Done*


## Negation

Negation is not a primitive in intuitionistic logic.
In intuitionistic logic $\neg A$ means that, if we had a proof of $A$, then we could derive a contradiction $\bot$:
$$ \neg A \;\equiv\; A \to \bot.$$
And this is how negation is defined in Agda.

In [77]:
module lab01.neg where

-- we import the definition for the truth values true and false
open import lab01.true-false -- using (⊤; ⊥)

infix 3 ¬_

-- Note that we are defining a type now!
-- "¬ A" is a shorthand for (i.e., evaluates to) "A → ⊥"
¬_ : Set → Set
¬ A = A → ⊥

-- This also shows how operators ¬_ can be defined in Agda

*Type-checking*
*Type-checking*( Checking lab01.true-false (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/true-false.agda).
)
*All Done*


**Exercise 2**. The logic of Agda is intuitionistic. In particular, in Agda the following double negation law does *not* hold:
$$ A \leftrightarrow \neg \neg A. $$
Which one of the two directions holds in intuitionistic logic?
- Formalise this and prove it in Agda.
- Does the proof (i.e., program) resemble something we have already seen?

In [78]:
module lab01.ex02 where
open import lab01.neg

-- recall that ¬ ¬ A = (A → ⊥) → ⊥
-- your solution here
¬¬-intro : {A : Set} → A → ¬ ¬ A
¬¬-intro x f = ?

-- the occurrence of "?" above is called a hole;
-- Agda will compile and remind us that there are open goals corresponding to holes

*Type-checking*
*Type-checking*(Checking lab01.ex02 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex02.agda).
)
*Type-checking*( Checking lab01.neg (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/neg.agda).
)
*All Goals*(?0 : .lab01.true-false.⊥
)


**Exercise 3.** We have seen that $\neg \neg A \to A$ does not hold in intuitionistic logic.
Show that the following *triple negation* law holds
$$\neg \neg \neg A \to \neg A.$$

In [80]:
module lab01.ex03 where
open import lab01.neg

¬¬¬-rule : {A : Set} → ¬ ¬ ¬ A → ¬ A
¬¬¬-rule = ?

*Type-checking*
*Type-checking*(Checking lab01.ex03 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex03.agda).
)
*All Goals*(?0 : ¬ (¬ (¬ .A)) → ¬ .A
)


**Exercise 4.**
The *contrapositive* of an implication $A \to B$ is $\neg B \to \neg A$.
In classical logic an implication and its contrapositive are logically equivalent, i.e., the following is a tautology:
$$(A \to B) \leftrightarrow (\neg B \to \neg A).$$
Use Agda to prove which, if any, of the two directions above holds in intuitionistic logic.

In [82]:
module lab01.ex04 where
open import lab01.neg

-- your solution here
contrapositive : ?
contrapositive = ?

*Type-checking*
*Type-checking*(Checking lab01.ex04 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex04.agda).
)
*All Goals*(?0 : _0
?1 : ?0
Sort _0  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex04.agda:5,18-19 ]
)


## Conjunction and disjunction

### Conjunction

A proof of $A \wedge B$ is a pair $\langle a, b \rangle$,
where $a$ is a proof of $A$ and $b$ is a proof of $B$.
This intuition translates immediately into the following *product* datatype:

```agda
data _∧_ (A : Set) (B : Set) : Set where
  ⟨_,_⟩ : A → B → A ∧ B
```
The datatype `_∧_` is parametrised by two types, `A` and `B`,
and it is written `A ∧ B` or, using prefix notation, `_∧_ A B`.
It has only one constructor `⟨_,_⟩`, corresponding to the ∧-introduction rule:
Given elements `a : A` and `b : B`,  `⟨ a , b ⟩` has type `A ∧ B` (notice the mandatory spaces!).
The term above can also be written in prefix notation as `⟨_,_⟩ A B`.
We can then define the two projection functions, which correspond to the two ∧-elimination rules:

```agda
fst : {A B : Set} → A ∧ B → A
fst ⟨ a , _ ⟩ = a

snd : {A B : Set} → A ∧ B → B
snd ⟨ _ , b ⟩ = b
```

In [84]:
module lab01.and where

infixr 2 _∧_

-- The only way to build a product is from its two components
-- the constructor corresponds to the ∧-introduction rule
data _∧_ (A : Set) (B : Set) : Set where
  ⟨_,_⟩ : A → B → A ∧ B
  
-- the two projection functions correspond to the two ∧-elimination rules
fst : {A B : Set} → A ∧ B → A
fst ⟨ a , _ ⟩ = a

snd : {A B : Set} → A ∧ B → B
snd ⟨ _ , b ⟩ = b

*Type-checking*
*All Done*


**Exercise 5.** Formalise and prove the following:
1. Conjunction is commutative.
<!--- $ A \wedge B \;\leftrightarrow\; B \wedge A$. -->
2. Curry/uncurry: The formula $A → B → C$ is "the same" as $A \wedge B → C$.

In [85]:
module lab01.ex05 where
open import lab01.and

∧-commutative : ?
∧-commutative = ?

uncurry : {A B C : Set} → (A → B → C) → A ∧ B → C
uncurry = ?

curry : {A B C : Set} → (A ∧ B → C) → A → B → C
curry = ?

*Type-checking*
*Type-checking*(Checking lab01.ex05 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex05.agda).
)
*Type-checking*( Checking lab01.and (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/and.agda).
)
*All Goals*(?0 : _0
?1 : ?0
?2 : (.A → .B → .C) → .A ∧ .B → .C
?3 : (.A ∧ .B → .C) → .A → .B → .C
Sort _0  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex05.agda:4,17-18 ]
)


### Disjunction

A proof of $A_1 \vee A_2$ is a pair $(k, t_k)$,
where $k \in \{1, 2\}$ specifies that we are proving $A_k$
and $t_k : A_k$ is a proof thereof.
Since the first component is finite, disjunction can be implemented with two constructors.

In [87]:
module lab01.or where

-- we give disjunction lower priority than conjunction
-- so we can omit parenthesis from (A ∧ B) ∨ C and write A ∧ B ∨ C instead.
infix 1 _∨_ 

-- There are two ways to built a sum.
-- The two constructors correspond to the two ∨-introduction rules
data _∨_ (A : Set) (B : Set) : Set where
    left : A → A ∨ B
    right : B → A ∨ B
    
-- we can do case analysis by pattern matching on the constructor;
-- this corresponds to the ∨-elimination rule
case : {A B C : Set} → (A → C) → (B → C) → A ∨ B → C
case f g (left x) = f x
case f g (right x) = g x

*Type-checking*
*All Done*


**Exercise 6.**
In classical logic we have the following *law of excluded middle*:
$$ A \vee \neg A. $$

1. Why there is no Agda program of the corresponding type `{A : Set} → A ∨ ¬ A`?
2. *Challenge*: Write an Agda program for the *irrefutability* of the law of excluded middle:
$$ \neg \neg (A \vee \neg A). $$
Hint: Expand the definition of $\neg$. You will need: `left`, `right`, and $\lambda$-abstraction.

In [88]:
module lab01.ex06 where
open import lab01.neg
open import lab01.or

-- ¬ ¬ (A ∨ ¬ A) = ((A ∨ A → ⊥) → ⊥) → ⊥ 

irrefutability : ?
irrefutability f = ?

*Type-checking*
*Type-checking*(Checking lab01.ex06 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex06.agda).
)
*Type-checking*( Checking lab01.or (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/or.agda).
)
*All Goals, Errors*(?0 : _0
Sort _0  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex06.agda:7,18-19 ]

———— Errors ————————————————————————————————————————————————
Failed to solve the following constraints:
  irrefutability : ?0
)


**Exercise 7 (De Morgan Laws).** Are the following laws valid in intuitionistic logic?
If so, write a proof in Agda.
\begin{align}
 (1) \qquad \neg (A \vee B) \leftrightarrow \neg A \wedge \neg B. \\
 (2) \qquad \neg A \vee \neg B \to \neg (A \wedge B). \\
 (3) \qquad \neg (A \wedge B) \to \neg A \vee \neg B.
\end{align}

In [90]:
module lab01.ex07 where
open import lab01.and
open import lab01.or
open import lab01.neg

de_morgan1-1 : {A B : Set} → ¬ (A ∨ B) → ¬ A ∧ ¬ B
de_morgan1-1 = ?

de_morgan1-2 : {A B : Set} → ¬ A ∧ ¬ B → ¬ (A ∨ B)
de_morgan1-2 = ?

de_morgan2 : {A B : Set} → ¬ A ∨ ¬ B → ¬ (A ∧ B)
de_morgan2 = ?

de_morgan3 : {A B : Set} → ¬ (A ∧ B) → ¬ A ∨ ¬ B
de_morgan3 = ?

*Type-checking*
*Type-checking*(Checking lab01.ex07 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex07.agda).
)
*All Goals*(?0 : ¬ (.A ∨ .B) → ¬ .A ∧ ¬ .B
?1 : ¬ .A ∧ ¬ .B → ¬ (.A ∨ .B)
?2 : ¬ .A ∨ ¬ .B → ¬ (.A ∧ .B)
?3 : ¬ (.A ∧ .B) → ¬ .A ∨ ¬ .B
)


**Exercise 8.** In classical logic, $A \to B$ is defined to be $\neg A \vee B$.
Which of the following two directions hold in intuitionistic logic? Prove it in Agda.
$$(A \to B) \leftrightarrow (\neg A \vee B).$$


In [92]:
module lab01.ex08 where
open import lab01.true-false
open import lab01.neg
open import lab01.or

-- your solution here

*Type-checking*
*Type-checking*(Checking lab01.ex08 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/lab01/ex08.agda).
)
*All Done*
