**LICENCE:**
This tutorial contains adaptations of material from [Programming Language Foundations in Agda](https://plfa.github.io/) by Phil Wadler and Wen Kokke. It is licensed under Creative Commons Attribution 4.0 International.

# Curry-Howard isomorphism

\begin{align*}
    &\textrm{Logic} && &&\textrm{Computer science}\\
    \hline
    &\textrm{Theorems} &\leftrightarrow &&&
        \textrm{Types} && A \\
    &\textrm{Proofs} &\leftrightarrow &&&
        \textrm{Programs (terms)}
            && a \\
    &\textrm{Proof simplification} &\leftrightarrow &&&
        \textrm{Program execution}
            && \textrm{run } a \\
    \hline
    &\textrm{Proof development} &\leftrightarrow &&&
        \textrm{Programming}
            && \textrm{write } a \\
    &\textrm{Proof checking} &\leftrightarrow &&&
        \textrm{Type checking}
            && \textrm{given } a \textrm{ and } A, \textrm{ does } a : A?\\
    &\textrm{Validity (mathematics)} &\leftrightarrow &&&
        \textrm{Inhabitation problem}
            && \textrm{given } A, \textrm{ is there some $a : A$?}
\end{align*}

<!--- One important difference is that,
while in logic it is enough to have any proof $a$ of a theorem $A$
(in this sense all proofs of $A$ are the same),
in programming not all programs are the same.
For instance, to know that $\mathbb N \to \mathbb N$ is inhabited
it suffices to exhibit any computable total function on the natural numbers.
However, we might be interested in specific such functions, such as factora, Fibonacci, etc.
Moreover, in programming we even go one step further,
since two extensionally equivalent function may be intensionally different,
e.g., smaller/faster programs are preferred. -->

# Intuitionistic propositional logic in Agda
**SYNTAX:**
You can enter `→` by writing `->` and pressing TAB; pressing TAB again goes back to `->`. Similar useful combinations are:

| base form | alternate form |
|:---------:|:--------------:|
| ->  | → |
| \   | λ |
| neg | ¬ |
| top | ⊤ |
| bot | ⊥ |
| /\  | ∧ |
| \\/ | ∨ |
| <   | ⟨ |
| >   | ⟩ |

<!---
| forall | ∀ |
| exists | ∃ |
| phi | |
| psi | |
-->

<!---

**PRO TRICKS:**
- You can ask Agda to provide the type of a closed expression. Just put the cursor nearby an expression and press SHIFT+TAB.
- You can ask Agda to compute the normal form of an expression enclosed in parantheses, such as `(λ x → x)` (already in normal form).

-->

<!--- Starred exercises "**Exercise***" should be skipped on a first reading and dealt with only after all the non-starred one are resolved. -->

## Implication
Intuitionistic implication is implemented as *function space*
$$A \to B.$$
This concept has no counterpart in classical logic.
The function space operator `→` is an Agda primitive.
The idea is that a proof of $A \to B$
is a (terminating) *program* $t : A \to B$
that, given a proof $a : A$ of $A$,
always terminates and produces a proof $t\; a : B$ of $B$.
The $\to$-eliminaton rule is implemented by *function application*.
<!--- - The validity problem for implication intuitionistic propositional logic is PSPACE-complete. What is the complexity for the corresponding problem for classical logic? coNP-complete. -->

**Polymorphism:**
The polymorphic identity function in Agda is written as follows:

```agda
id : (A : Set) → A → A
id A x = x
```

(Compare this with the equivalent Haskell definition:
```haskell
id :: A -> A
id x = x
```
Incidentally, note the crucial difference that the typing operator in Agda is `:` instead of `::`.)

Therefore, in Agda `id ℕ` is the identity on the natural numbers,
`id (ℕ → ℕ)` is the identity on functions of natural numbers,
and so on.
It turns out that 1) specifying the argument `A` is boring
and 2) in most cases Agda can infer it from the context.
For these two reasons, Agda allows us to say that some argument is implicit `{A : Set}`, as we demonstrate below.
The cell can be evaluated with SHIFT+ENTER.

In [32]:
module code.lab01.id where

-- We start by proving A → A;
-- this is done with the identity function
-- in dependent types, the identity function is parameterised by a set A.

id : {A : Set} → A → A
id a = a

-- apply corresponds to →-elimination (i.e., modus ponens)
-- below, "a→b" is the name of a variable, like "a"
-- (there is nothing special about that "→")
apply : {A B : Set} → (A → B) → A → B
apply a→b = λ a → a→b a

-- we use here lambda-notation;
-- equivalent spellings:
-- apply a→b a = a→b a
-- apply a→b = a→b
-- apply = id (why?)

-- the last example shows why we will not explicitly use "apply" below.

*Type-checking* 
*Type-checking* Checking code.lab01.id (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/id.agda).

*All Done* 

**UNDER THE HOOD:** A code cell must start with a line in the format
```agda
module A.B.C where
```
Upon evaluation, the file `A/B/C.agda` is created on disk from the cell's contents
and fed to the Agda interpreter.
For this reason, it is important to evaluate a cell to ensure that its changes are reflected on disk and can be used from other cells.

**SPACING:**
Agda allows us to be very flexible in the variable names,
which can be strings such as `x`, `idλ`, `a→b`, `&&true`, or even arbitrary unicode symbols `💔`, provided there is no space in-between.
As a consequence, spaces in Agda have a syntactic meaning as separators,
and we need to be very generous with them.

**Exercise 1.** Prove in Agda following tautologies of intuitionistic propositional logic:
1. Argument commutativity: $(A \to B \to C) \to B \to A \to C$.
2. Distributivity: $(A \to B \to C) \to (A \to B) \to A \to C$.
3. Diamond $(A \to B) \to (A \to C) \to (B \to C \to D) \to A \to D$.
4. Projection: $A \to A \to A$. How many proof of this fact are there?

Note that the operator "$\to$" is right-associative:
For example, the last expression above is parenthesized as
$$ A \to (A \to A).$$
We will only write parentheses when they are needed.

Also note that, since intuitionistic implication in general behaves differently from classical implication,
the intuitionistic tautologies above hold for reasons which are different from why the same formulas are also classical tautologies (and thus must be reproven in the inuitionistic setting).

In [33]:
module code.lab01.ex01 where

→-comm : {A B C : Set} → (A → B → C) → B → A → C
→-comm f b a = ?

→-distr : {A B C : Set} → (A → B → C) → (A → B) → A → C
→-distr f g x = ?

→-diamond : {A B C D : Set} → (A → B) → (A → C) → (B → C → D) → A → D
→-diamond f g h x = ?

→-proj : {A : Set} → A → A → A
→-proj = ?

*Type-checking* 
*Type-checking* Checking code.lab01.ex01 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex01.agda).

*All Goals* ?0 : C
?1 : C
?2 : D
?3 : A → A → A


## Conjunction

In intuitionistic logic, a proof of $A \wedge B$ is a pair $\langle a, b \rangle$,
where $a$ is a proof of $A$ and $b$ is a proof of $B$.
(From this point of view, intuitionistic conjunction behaves similarly to classical conjunction,
because also in classical logic both conjuncts must be provable for their conjunction to be provable.)
This intuition translates immediately into the following *product* datatype:

```agda
data _∧_ (A : Set) (B : Set) : Set where
  ⟨_,_⟩ : A → B → A ∧ B
```
The datatype `_∧_` is parametrised by two types, `A` and `B`,
and it is written `A ∧ B` or, using prefix notation, `_∧_ A B`.
It has only one constructor `⟨_,_⟩`, corresponding to the ∧-introduction rule:
Given elements `a : A` and `b : B`,  `⟨ a , b ⟩` has type `A ∧ B` (notice the mandatory spaces!).
The term above can also be written in prefix notation as `⟨_,_⟩ A B`.
We can then define the two projection functions, which correspond to the two ∧-elimination rules:

```agda
fst : {A B : Set} → A ∧ B → A
fst ⟨ a , _ ⟩ = a

snd : {A B : Set} → A ∧ B → B
snd ⟨ _ , b ⟩ = b
```

Once again, `_∧_ ` is not an Agda primitive, but it can be defined with Agda's datatype creation facility.

In [5]:
module code.and where

-- we define conjunction to be right associative
infixr 2 _∧_

-- The only way to build a product is from its two components
-- the constructor corresponds to the ∧-introduction rule
data _∧_ (A : Set) (B : Set) : Set where
  ⟨_,_⟩ : A → B → A ∧ B
  
-- the two projection functions correspond to the two ∧-elimination rules;
-- notice how we do pattern matching on the constructor "⟨_,_⟩ : A ∧ B"
fst : {A B : Set} → A ∧ B → A
fst ⟨ a , _ ⟩ = a

snd : {A B : Set} → A ∧ B → B
snd ⟨ _ , b ⟩ = b

*Type-checking* 
*Type-checking* Checking code.and (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/and.agda).

*All Done* 

**Exercise 4.** Formalise and prove the following:
1. Curry/uncurry: $A → B → C$ is the same as $A \wedge B → C$.
2. Conjunction is commutative: $A \wedge B$ is the same as $B \wedge A$.
3. Conjunction is associative: $A \wedge B \wedge C$ is the same as $(A \wedge B) \wedge C$.
4. Implication distributes over conjunction: $A \to B \wedge C$ is the same as $(A \to B) \wedge (A \to C)$.

Do the last three properties follow from curry/uncurry?

In [36]:
module code.lab01.ex04 where
open import code.lab01.and

uncurry : {A B C : Set} → (A → B → C) → A ∧ B → C
uncurry = ?

curry : {A B C : Set} → (A ∧ B → C) → A → B → C
curry = ?

∧-comm : ?
∧-comm = ?

∧-assoc-1 : ?
∧-assoc-1 = ?

∧-assoc-2 : ?
∧-assoc-2 = ?

→∧-distr-1 : ?
→∧-distr-1 = ?

→∧-distr-2 : ?
→∧-distr-2 = ?

*Type-checking* 
*Type-checking* Checking code.lab01.ex04 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex04.agda).

*Type-checking*  Checking code.lab01.and (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/and.agda).

*All Goals* ?0 : (A → B → C) → A ∧ B → C
?1 : (A ∧ B → C) → A → B → C
?2 : _12
?3 : ?2
?4 : _15
?5 : ?4
?6 : _18
?7 : ?6
?8 : _21
?9 : ?8
?10 : _24
?11 : ?10
Sort _12  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex04.agda:10,10-11 ]
Sort _15  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex04.agda:13,13-14 ]
Sort _18  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/

## Disjunction

In intuitionistic logic a proof of a disjunction is a proof of either the first disjunct or of the second.
More precisely, a proof of $A_1 \vee A_2$ is a pair $(k, t_k)$,
where $k \in \{1, 2\}$ specifies that we are proving $A_k$
and $t_k : A_k$ is a proof thereof.
The two options can be implemented with two different constructors (called right and left *injection*).
Notice that this is very different from classical logic (where it is "easier" to prove a disjunction),
because a classical proof does not need to prove any disjunct alone.

In [3]:
module code.or where

-- we give disjunction lower priority than conjunction
-- so we can omit parenthesis from (A ∧ B) ∨ C and write A ∧ B ∨ C instead.
infixr 1 _∨_ 

-- There are two ways to built a sum.
-- The two constructors correspond to the two ∨-introduction rules
data _∨_ (A : Set) (B : Set) : Set where
    left : A → A ∨ B
    right : B → A ∨ B
    
-- we can do case analysis by pattern matching on the constructor;
-- this corresponds to the ∨-elimination rule
case : {A B C : Set} → (A → C) → (B → C) → A ∨ B → C
case f g (left x) = f x
case f g (right x) = g x

*Type-checking* 
*Type-checking* Checking code.or (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/or.agda).

*All Done* 

**Exercise 5.** Formalise and prove the following:
1. Disjunction is commutative: $A \vee B$ is the same as $B \vee A$.
2. Disjunction is associative: $A \vee B \vee C$ is the same as $(A \vee B) \vee C$.
3. $A \vee B \to C$ is the same as $(A \to C) \wedge (B \to C)$.

In [39]:
module code.lab01.ex5 where
open import code.lab01.and
open import code.or

∨-comm : {A B : Set} → A ∨ B → B ∨ A
∨-comm (left a) = right a
∨-comm (right a) = left a

∨-assoc : {A B C : Set} → A ∨ B ∨ C → (A ∨ B) ∨ C
∨-assoc (left a) = left (left a)
∨-assoc (right (left b)) = left (right b)
∨-assoc (right (right c)) = right c

∨∧→-1 : {A B C : Set} → (A ∨ B → C) → (A → C) ∧ (B → C)
∨∧→-1 a∨b→c = ⟨ (λ a → a∨b→c (left a)) , (λ b → a∨b→c (right b)) ⟩

∨∧→-2 : {A B C : Set} → (A → C) ∧ (B → C) → A ∨ B → C
∨∧→-2 ⟨ a→c , _ ⟩ (left a) = a→c a
∨∧→-2 ⟨ _ , b→c ⟩ (right b) = b→c b

*Type-checking* 
*Type-checking* Checking code.lab01.ex5 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex5.agda).

*Type-checking*  Checking code.lab01.or (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/or.agda).

*All Done* 

**Exercise 6 (Distributivity laws).** Prove the following tautologies:
1. $A \wedge (B \vee C) \leftrightarrow A \wedge B \vee A \wedge C$.
2. $A \vee B \wedge C \leftrightarrow (A \vee B) \wedge (A \vee C)$.

In [40]:
module code.lab01.distr where
open import code.lab01.and
open import code.or

∧∨-distr-1 : {A B C : Set} → A ∧ (B ∨ C) → A ∧ B ∨ A ∧ C
∧∨-distr-1 = ?

∧∨-distr-2 : {A B C : Set} → A ∧ B ∨ A ∧ C → A ∧ (B ∨ C)
∧∨-distr-2 = ?

∨∧-distr-1 : {A B C : Set} → A ∨ B ∧ C → (A ∨ B) ∧ (A ∨ C)
∨∧-distr-1 = ?

∨∧-distr-2 : {A B C : Set} → (A ∨ B) ∧ (A ∨ C) → A ∨ B ∧ C
∨∧-distr-2 = ?

*Type-checking* 
*Type-checking* Checking code.lab01.distr (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/distr.agda).

*All Goals* ?0 : A ∧ (B ∨ C) → A ∧ B ∨ A ∧ C
?1 : A ∧ B ∨ A ∧ C → A ∧ (B ∨ C)
?2 : A ∨ B ∧ C → (A ∨ B) ∧ (A ∨ C)
?3 : (A ∨ B) ∧ (A ∨ C) → A ∨ B ∧ C


## True and false

The two truth values $\top$ and $\bot$ are implemented via Agda's data type mechanism.
The intuition is that the type $\top$ has precisely one inhabitant (called `tt` below)
and that $\bot$ has no inhabitants at all.

Notice that neither `⊤` nor `⊥` are Agda primitives.
However, Agda's datatype creation facilities allow us to define those datatypes in such a way that they behave as we expect.

In [42]:
module code.lab01.true-false where

-- There is only one way to construct an inhabitant of ⊤,
-- namely with the constructor tt;
-- there is no ⊤-elimination rule
data ⊤ : Set where
  tt : ⊤
  
-- we can prove that anything implies ⊤
A→⊤ : {A : Set} → A → ⊤
A→⊤ _ = tt
  
-- There is no way to construct an inhabitant of ⊥ (the type is empty!)
data ⊥ : Set where

-- there is one ⊥-elimination rule that says that anything can be proved from ⊥
-- the absurd pattern "()" is how we tell Agda that there cannot be any argument to ⊥-elim
-- this allows to derive an inhabitant of A,  for any A!
⊥-elim : {A : Set} → ⊥ → A
⊥-elim ()

-- example use of ⊥-elim
-- Agda can derive that ⊥-elim is applied to type "{⊤}", but we write it for clarity here
⊥→⊤ : ⊥ → ⊤
⊥→⊤ = ⊥-elim {⊤}
-- the same as: ⊥→⊤ = ⊥-elim

*Type-checking* 
*All Done* 

## Negation

Negation is not a primitive in intuitionistic logic.
In intuitionistic logic $\neg A$ means that, if we had a proof of $A$, then we could derive a contradiction $\bot$:
$$ \neg A \;\equiv\; A \to \bot.$$
And this is how negation is defined in Agda.
Once again, note that `¬_` is not a primitive of Agda, but rather a defined function mapping types to types (!).

In [15]:
module code.neg where

-- we import the definition for the truth values true and false
open import code.lab01.true-false

infix 3 ¬_ -- higher priority than ∨ and ∧

-- Note that we are defining a type now!
-- "¬ A" is a shorthand for (i.e., evaluates to) "A → ⊥"
¬_ : Set → Set
¬ A = A → ⊥

-- This also shows how operators ¬_ can be defined in Agda

*Type-checking* 
*Type-checking* Checking code.neg (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/neg.agda).

*All Done* 

**Exercise 2**. The logic of Agda is intuitionistic. In particular, in Agda the following double negation law does *not* hold:
$$ A \leftrightarrow \neg \neg A. $$
Which one of the two directions holds in intuitionistic logic?
- Formalise this and prove it in Agda.
- Does the proof (i.e., program) resemble something we have already seen?

*Hint:* The type $\neg \neg A$ expands to
$$(A \to \bot) \to \bot.$$

In [7]:
module code.lab01.ex02 where
open import code.neg

-- recall that ¬ ¬ A = (A → ⊥) → ⊥

¬¬-intro : {A : Set} → A → ¬ ¬ A
¬¬-intro x f = ?

-- the occurrence of "?" above is called a hole;
-- Agda will compile and remind us that there are open goals corresponding to holes to be solved

*Type-checking* 
*Type-checking* Checking code.lab01.ex02 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex02.agda).

*Type-checking*  Checking code.neg (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/neg.agda).

*All Goals* ?0 : code.lab01.true-false.⊥


**Exercise 3.**
The *contrapositive* of an implication $A \to B$ is $\neg B \to \neg A$.
In classical logic an implication and its contrapositive are logically equivalent, i.e., the following is a tautology:
$$(A \to B) \leftrightarrow (\neg B \to \neg A).$$
Use Agda to prove which, if any, of the two directions above holds in intuitionistic logic.

In [9]:
module code.lab01.ex03 where
open import code.neg

-- your solution here
contrapositive : ?
contrapositive = ?

*Type-checking* 
*Type-checking* Checking code.lab01.ex03 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex03.agda).

*All Goals* ?0 : _0
?1 : ?0
Sort _0  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex03.agda:5,18-19 ]


**Exercise 7 (De Morgan laws).** Are the following laws valid in intuitionistic logic?
If so, write a proof in Agda.
\begin{align}
 (1) \qquad \neg (A \vee B) \leftrightarrow \neg A \wedge \neg B. \\
 (2) \qquad \neg A \vee \neg B \to \neg (A \wedge B). \\
 (3) \qquad \neg (A \wedge B) \to \neg A \vee \neg B.
\end{align}

In [16]:
module code.lab01.ex07 where
open import code.and
open import code.or
open import code.neg

de_morgan1-1 : {A B : Set} → ¬ (A ∨ B) → ¬ A ∧ ¬ B
de_morgan1-1 = ?

de_morgan1-2 : {A B : Set} → ¬ A ∧ ¬ B → ¬ (A ∨ B)
de_morgan1-2 = ?

de_morgan2 : {A B : Set} → ¬ A ∨ ¬ B → ¬ (A ∧ B)
de_morgan2 = ?

de_morgan3 : {A B : Set} → ¬ (A ∧ B) → ¬ A ∨ ¬ B
de_morgan3 = ?

*Type-checking* 
*Type-checking* Checking code.lab01.ex07 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex07.agda).

*Type-checking*  Checking code.neg (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/neg.agda).

*All Goals* ?0 : ¬ (A ∨ B) → ¬ A ∧ ¬ B
?1 : ¬ A ∧ ¬ B → ¬ (A ∨ B)
?2 : ¬ A ∨ ¬ B → ¬ (A ∧ B)
?3 : ¬ (A ∧ B) → ¬ A ∨ ¬ B


**Exercise 7 (Classical vs. intuitionistic implication).**
In classical logic, $A \to B$ is defined to be $\neg A \vee B$.
Which of the following two directions hold in intuitionistic logic? Prove it in Agda.
$$(A \to B) \leftrightarrow (\neg A \vee B).$$

<!--- *Hint:* Classical implication intuitionistically implies intuitionistic implication. For this reason, classical logic can be seen as a conservative extension of intuitionistic logic. -->

In [50]:
module code.lab01.ex07 where
open import code.lab01.true-false
open import code.lab01.neg
open import code.or

-- your solution here

*Type-checking* 
*Type-checking* Checking code.lab01.ex07 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex07.agda).

*All Done* 

## Challenges



In [52]:
module code.lab01.logic where
open import code.or public
open import code.neg public 
open import code.and public 
open import code.true-false public

*Type-checking* 
*All Done* 

**Exercise.** While $\neg \neg A \to A$ does not hold in intuitionistic logic, prove that the following *triple negation* law holds

$$\neg \neg \neg A \to \neg A.$$

*Hint:* Expand the definition of "$\neg$". You should get a function of two arguments and output $\bot$.

In [53]:
module code.lab01.ex03 where
open import code.lab01.neg

¬¬¬-rule : {A : Set} → ¬ ¬ ¬ A → ¬ A
¬¬¬-rule = ?

*Type-checking* 
*Type-checking* Checking code.lab01.ex03 (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/ex03.agda).

*All Goals* ?0 : ¬ (¬ (¬ A)) → ¬ A


**Exercise (Irrefutability).**
<!--- In classical logic we have the following *law of excluded middle*:
$$ A \vee \neg A. $$
Why there is no Agda program of the corresponding type `{A : Set} → A ∨ ¬ A`? -->

Show that the following classical tautologies $P$ are intuitionistically *irrefutable*, in the sense that $\neg \neg P$ is an intuitionistic tautology:

1. Law of excluded middle: $\neg \neg (A \vee \neg A)$.
   *Hint: Expand the definition of $\neg$. You will need: `left`, `right`, and $\lambda$-abstraction.*
2. Implication as disjunction: $\neg \neg ((A \to B) \to \neg A \vee B)$.
3. De Morgan: $\neg \neg (\neg (A \wedge B) \to \neg A \vee \neg B)$.

In [55]:
module code.lab01.irref where
open import code.lab01.logic

excluded-middle-irref : ?
excluded-middle-irref = ?

impl-irref : ?
impl-irref = ?

deMorgan-irref : ?
deMorgan-irref = ?

*Type-checking* 
*Type-checking* Checking code.lab01.irref (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/irref.agda).

*Type-checking*  Checking code.lab01.logic (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/logic.agda).

*All Goals* ?0 : _0
?1 : ?0
?2 : _3
?3 : ?2
?4 : _6
?5 : ?4
Sort _0  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/irref.agda:4,25-26 ]
Sort _3  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/irref.agda:7,14-15 ]
Sort _6  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/irref.agda:10,18-19 ]


**Exercise (Weak Peirce's law).**
Prove the following weakening of Peirce's law:
$$((((A \to B) \to A) \to A) \to B) \to B.$$

In [57]:
module code.lab01.weak-peirce where

wp : {A B : Set} → ((((A → B) → A) → A) → B) → B
wp = ?

*Type-checking* 
*Type-checking* Checking code.lab01.weak-peirce (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/weak-peirce.agda).

*All Goals* ?0 : ((((A → B) → A) → A) → B) → B


**Exercise.** In the previous exercises we have seen that the following principles are not intuitionistic tautologies:
1. Law of excluded middle: $A \vee \neg A$.
2. Elimination of double negation: $\neg \neg A \to A$.
3. Implication as disjunction: $(A \to B) \to \neg A \vee B$.
4. The Negated De Morgan's law: $\neg (\neg A \wedge \neg B) \to A \vee B$.
5. Peirce's Law: $((A \to B) \to A) \to A$.

Show that all principles above are logically equivalent in intuitionistic logic.
Each propositional variable $A, B$ is universally quantified in each principle.

*Hint:* Prove the following sequence of implications:
- $1 \to 2$.
- $2 \to 3$: Use irrefutability of $(A → B) \to \neg A \vee B$, proved earlier:
$ \neg \neg ((A \to B) \to \neg A \vee B).$
- $3 \to 1$.
- $1 \to 4$: Use the excluded middle for $A$ and for $B$.
- $4 \to 1$: Use $\neg (\neg A \wedge \neg B) \to A \vee B$ with $B \equiv \neg A$.
- $1 \to 5$.
- $5 \to 1$: Use Peirce's law $((A' \to B') \to A') \to A'$ with
$A' \equiv A \vee \neg A$ and $B' \equiv \bot.$

In [59]:
module code.lab01.LEM-eq where
open import code.lab01.logic public
open import code.lab01.irref public

1→2 : ?
1→2 = ?

2→3 : ?
2→3 = ?

3→1 : ?
3→1 = ?

1→4 : ?
1→4 = ?

4→1 : ?
4→1 = ?

1→5 : ?
1→5 = ?

5→1 : ?
5→1 = ?

*Type-checking* 
*Type-checking* Checking code.lab01.LEM-eq (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/LEM-eq.agda).

*Type-checking*  Checking code.lab01.irref (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/irref.agda).

*All Goals* ?0 : _0
?1 : ?0
?2 : _3
?3 : ?2
?4 : _6
?5 : ?4
?6 : _9
?7 : ?6
?8 : _12
?9 : ?8
?10 : _15
?11 : ?10
?12 : _18
?13 : ?12
Sort _0  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/LEM-eq.agda:5,7-8 ]
Sort _3  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/LEM-eq.agda:8,7-8 ]
Sort _6  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/LEM-eq.agda

**Exercise:** Show that the following two principles are intuitionistically equivalent:
1. De Morgan's Law: $\neg (A \wedge B) \to \neg A \vee \neg B$.
2. The *weak principle of excluded middle*: $\neg A \vee \neg \neg A$.
This is interesting, because the weak principle of excluded middle is strictly weaker than the principle of excluded middle, but it is still not an intuitonistic tautology.

In [61]:
module code.lab01.weak-LEM where

1→2 : ?
1→2 = ?

2→1 : ?
2→1 = ?

*Type-checking* 
*Type-checking* Checking code.lab01.weak-LEM (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/weak-LEM.agda).

*All Goals* ?0 : _0
?1 : ?0
?2 : _3
?3 : ?2
Sort _0  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/weak-LEM.agda:3,7-8 ]
Sort _3  [ at /Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/weak-LEM.agda:6,7-8 ]


In [63]:
module code.lab01.all where
open import code.lab01.id public
open import code.lab01.and public
open import code.lab01.or public
open import code.lab01.neg public
open import code.lab01.true-false public

*Type-checking* 
*Type-checking* Checking code.lab01.all (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/all.agda).

*Type-checking*  Checking code.lab01.id (/Users/lorenzo/Dropbox/Workspace/teaching/Teaching/2018-2019/summer semester/LDI (logika dla informatyków)/lab/agda/code/lab01/id.agda).

*All Done* 