**LICENCE:**
This tutorial contains adaptations of material from [Programming Language Foundations in Agda](https://plfa.github.io/) by Phil Wadler and Wen Kokke. It is licensed under Creative Commons Attribution 4.0 International.

**SYNTAX:**
You can enter `‚Üí` by writing `->` and pressing TAB; pressing TAB again goes back to `->`. Similar useful combinations are:

| base form | alternate form |
|:---------:|:--------------:|
| ->  | ‚Üí |
| \   | Œª |
| neg | ¬¨ |
| top | ‚ä§ |
| bot | ‚ä• |
| /\  | ‚àß |
| \\/ | ‚à® |
| iff | ‚ü∫ |
| <   | ‚ü® |
| >   | ‚ü© |
| =<> | ‚â°‚ü®‚ü© |
| qed | ‚àé |
| N   | ‚Ñï |
| Pi  | Œ† |
| Sigma | Œ£ |
| forall | ‚àÄ |
| exists | ‚àÉ |
| :: | ‚à∑ |
| e | Œµ | 
| in | ‚àà |

<!---

**PRO TRICKS:**
- You can ask Agda to provide the type of a closed expression. Just put the cursor nearby an expression and press SHIFT+TAB.
- You can ask Agda to compute the normal form of an expression enclosed in parantheses, such as `(Œª x ‚Üí x)` (already in normal form).

-->

Some auxiliary definitions which will be useful later:

````
module code.conn where

infixr 2 _‚àß_
data _‚àß_ (A : Set) (B : Set) : Set where
  ‚ü®_,_‚ü© : A ‚Üí B ‚Üí A ‚àß B
  
fst : {A B : Set} ‚Üí A ‚àß B ‚Üí A
fst ‚ü® a , _ ‚ü© = a

snd : {A B : Set} ‚Üí A ‚àß B ‚Üí B
snd ‚ü® _ , b ‚ü© = b

infixr 1 _‚à®_ 
data _‚à®_ (A : Set) (B : Set) : Set where
    left : A ‚Üí A ‚à® B
    right : B ‚Üí A ‚à® B

data ‚ä§ : Set where
  tt : ‚ä§
  
data ‚ä• : Set where

‚ä•-elim : {A : Set} ‚Üí ‚ä• ‚Üí A
‚ä•-elim ()

infix 3 ¬¨_ -- higher priority than ‚à® and ‚àß

¬¨_ : Set ‚Üí Set
¬¨ A = A ‚Üí ‚ä•

infixr 1 _‚ü∫_
_‚ü∫_ : (A : Set) (B : Set) ‚Üí Set
A ‚ü∫ B = (A ‚Üí B) ‚àß (B ‚Üí A)

-- (non-dependent) function composition
_‚àò_ : ‚àÄ {a b c} {A : Set a} {B : Set b} {C : Set c} ‚Üí (f : B ‚Üí C) ‚Üí (g : A ‚Üí B) ‚Üí A ‚Üí C
f ‚àò g = Œª x ‚Üí f (g x)

data ‚Ñï : Set where
  zero : ‚Ñï
  suc : ‚Ñï ‚Üí ‚Ñï

{-# BUILTIN NATURAL ‚Ñï #-}
````

# Lists

````
module code.list where
open import code.conn public
````

We define the type of lists of elements of type `A`,
denoted `A *` (note the space, which is mandatory):

````
infixr 5 _‚à∑_
data _* (A : Set) : Set where
  Œµ : A *
  _‚à∑_ : A ‚Üí A * ‚Üí A *
````

This is an example of *parametrised type*,
because its definition depends on the parameter `A : Set`.

## Equality on lists

We can inductively define a notion of equality on lists.

````
infix 4 _‚â°L_
data _‚â°L_ {A : Set} : A * ‚Üí A * ‚Üí Set where
  Œµ‚â°Œµ : Œµ ‚â°L Œµ
  ‚à∑‚â°‚à∑ : {a : A} {as bs : A *} ‚Üí as ‚â°L bs ‚Üí a ‚à∑ as ‚â°L a ‚à∑ bs
````
The two constructors above say that there are two ways of showing that two lists are equal:
either the two lists are empty (first constructor),
or the two lists are non-empty, they start with the same element,
and the tails are equal.

For example, we can prove

````
_ : 0 ‚à∑ 1 ‚à∑ Œµ ‚â°L 0 ‚à∑ 1 ‚à∑ Œµ
_ = ‚à∑‚â°‚à∑ (‚à∑‚â°‚à∑ Œµ‚â°Œµ)
````

We can easily prove some of useful properties of list equality.

### Reflexivity

The proof proceeds by induction on the list:

````
‚â°L-refl : {A : Set} {as : A *} ‚Üí as ‚â°L as
‚â°L-refl {A} {Œµ} = Œµ‚â°Œµ
‚â°L-refl {A} {a ‚à∑ as} = ‚à∑‚â°‚à∑ (‚â°L-refl {A} {as})
````

The base case is immediately proved by the constructor `Œµ‚â°Œµ : Œµ ‚â°L Œµ`.
In the inductive case, the inductive assumption `‚â°L-refl {A} {as}`
gives us a proof for `as ‚â°L as`,
to which we apply the constructor `‚à∑‚â°‚à∑`
and obtain a proof for `a ‚à∑ as ‚â°L a ‚à∑ as`.

### Symmetry

This time, the proof proceeds by induction on the evidence that `as ‚â°L bs` holds:

````
‚â°L-sym : {A : Set} {as bs : A *} ‚Üí as ‚â°L bs ‚Üí bs ‚â°L as
‚â°L-sym Œµ‚â°Œµ = Œµ‚â°Œµ
‚â°L-sym {A} (‚à∑‚â°‚à∑ {a} {as} {bs} as‚â°bs) = ‚à∑‚â°‚à∑ {A} {a} {bs} {as} (‚â°L-sym {A} {as} {bs} as‚â°bs)
````

The base case is trivial: if two lists are equal because of `Œµ‚â°Œµ`,
then they are both the empty list.
In the inductive case, we added all implicit parameters to clarify what is going on.
In fact, we could also have just written:

```agda
‚â°L-sym (‚à∑‚â°‚à∑ as‚â°bs) = ‚à∑‚â°‚à∑ (‚â°L-sym as‚â°bs)
```

Here, `as‚â°bs` is a proof that `as ‚â°L bs` holds,
by inductive assumption `‚â°L-sym as‚â°bs`
we obtain a proof that `bs ‚â°L as` holds (where the lists are swapped),
and thus `‚à∑‚â°‚à∑ (‚â°L-sym as‚â°bs)` is a proof that `a ‚à∑ bs ‚â°L a ‚à∑ as` holds, as required.

### Transitivity

**Exercise.** Prove that list equality is a transitive relation:

````
postulate ‚â°L-trans : {A : Set} {as bs cs : A *} ‚Üí as ‚â°L bs ‚Üí bs ‚â°L cs ‚Üí as ‚â°L cs
````

*Hint:* Do induction on the evidence that `as ‚â°L bs` and `bs ‚â°L cs` hold.
You will need only two cases, since Agda can correctly infer that if `as` is not the empty list, then the same holds for `bs` and `cs`.

In [None]:
module code.list.trans where
open import code.list hiding (‚â°L-trans)

‚â°L-trans : {A : Set} {as bs cs : A *} ‚Üí as ‚â°L bs ‚Üí bs ‚â°L cs ‚Üí as ‚â°L cs
‚â°L-trans = ?

````
module code.list-continue where
open import code.list public
````

<!--

### Congruence

List equality is a *congruence*, in the sense that applying a function to equal lists returns equal results.
A much more general notion of congruence for equality hold,
but this one is sufficient in our context:

We will not prove congruence, which in fact can be proved only in the more general context.

-->

### Equality chains

We define some notation that allows an intuitive equational reasoning.

````
infix 1 beginL_
infixr 2 _‚â°L‚ü®‚ü©_ _‚â°L‚ü®_‚ü©_
infix 3 _‚àéL

beginL_ : {A : Set} {x y : A *} ‚Üí x ‚â°L y ‚Üí x ‚â°L y
beginL x‚â°y = x‚â°y

_‚â°L‚ü®‚ü©_ : {A : Set} (x : A *) {y : A *} ‚Üí x ‚â°L y ‚Üí x ‚â°L y
x ‚â°L‚ü®‚ü© x‚â°y = x‚â°y

_‚â°L‚ü®_‚ü©_ : {A : Set} (x : A *) {y z : A *} ‚Üí x ‚â°L y ‚Üí y ‚â°L z ‚Üí x ‚â°L z
x ‚â°L‚ü® x‚â°y ‚ü© y‚â°z = ‚â°L-trans x‚â°y y‚â°z

_‚àéL : {A : Set} (x : A *) ‚Üí x ‚â°L x
x ‚àéL = ‚â°L-refl
````

We can define standard operations on lists,
such as concatenation, map, filter, etc.

## Concatenation

````
infixr 5 _++_
_++_ : {A : Set} ‚Üí A * ‚Üí A * ‚Üí A *
Œµ ++ ys = ys
(x ‚à∑ xs) ++ ys = x ‚à∑ (xs ++ ys)
````

An example of concatenation:

````
_ : 0 ‚à∑ Œµ ++ 1 ‚à∑ 2 ‚à∑ Œµ ‚â°L 0 ‚à∑ 1 ‚à∑ 2 ‚à∑ Œµ
_ = ‚â°L-refl
````

The definition of `_++_` says that Œµ is the left unit of `_++_`.
We show an example use of induction on lists and equational reasoning
by proving that `Œµ` is the right unit of `_++_`.

````
Œµ-++ : {A : Set} ‚Üí (xs : A *) ‚Üí xs ++ Œµ ‚â°L xs
Œµ-++ Œµ = ‚â°L-refl
Œµ-++ (x ‚à∑ xs) =
  beginL
    (x ‚à∑ xs) ++ Œµ
  ‚â°L‚ü®‚ü©
    x ‚à∑ (xs ++ Œµ)
  ‚â°L‚ü® ‚à∑‚â°‚à∑ (Œµ-++ xs) ‚ü©
    x ‚à∑ xs
  ‚àéL
````

In the base case, we have to prove `Œµ ++ Œµ ‚â°L Œµ`,
which follows from `‚â°L-refl` because the l.h.s. evaluates to `Œµ` by the definition of `_++_`.
In the inductive case, we have to prove `(x ‚à∑ xs) ++ Œµ ‚â°L x ‚à∑ xs`.
The first step is justified by the fact that `(x ‚à∑ xs) ++ Œµ` evaluates to `x ‚à∑ (xs ++ Œµ)`
by the definition of `_++_`.
By the inductive hypothesis `Œµ-++ xs` we have `xs ++ Œµ ‚â°L xs`,
and thus `‚à∑‚â°‚à∑` is a proof of `x ‚à∑ (xs ++ Œµ) ‚â°L x ‚à∑ xs`, as required
(note here that Agda figures out that `x` is the implicit parameter of `‚à∑‚â°‚à∑`).

The second case above could also be written in just one line as

```agda
Œµ-++ (x ‚à∑ xs) = ‚à∑‚â°‚à∑ (Œµ-++ xs)
```

### Associativity of concatenation

**Exercise.** Show that concatenation of lists is an associative operation.

*Hint:* Do induction on `xs`. In the inductive step, you will need `‚à∑‚â°‚à∑`.

In [None]:
module code.list.assoc where
open import code.list-continue public

++-assoc : {A : Set} ‚Üí (xs ys zs : A *) ‚Üí (xs ++ ys) ++ zs ‚â°L xs ++ (ys ++ zs)
++-assoc Œµ ys zs = {! ‚â°L-refl !}
++-assoc (x ‚à∑ xs) = {! ‚â°L-refl !}

## Map

````
module code.list.map where
open import code.list-continue public

map : {A B : Set} ‚Üí (A ‚Üí B) ‚Üí A * ‚Üí B *
map _ Œµ = Œµ
map f (a ‚à∑ as) = f a ‚à∑ map f as
````

### Map and concatenation

**Exercise.** Show that `map` commutes with `_++_`.

In [None]:
module code.list.map.comm where
open import code.list.map public

map-++ : {A B : Set} (f : A ‚Üí B) (xs ys : A *) ‚Üí map f (xs ++ ys) ‚â°L map f xs ++ map f ys
map-++ f Œµ = ?
map-++ f (x ‚à∑ xs) = ?

*Hint:* Do induction on `xs`. In the inductive step, you will need `‚à∑‚â°‚à∑`.

## Filter

````
module code.list.filter where
open import code.list.map public

data ùîπ : Set where
  true : ùîπ
  false : ùîπ
  
-- equality on booleans
data _‚â°ùîπ_ : ùîπ ‚Üí ùîπ ‚Üí Set where
  tt : true ‚â°ùîπ true
  ff : false ‚â°ùîπ false

filter : {A : Set} ‚Üí (A ‚Üí ùîπ) ‚Üí A * ‚Üí A *
filter _ Œµ = Œµ
filter p (a ‚à∑ as) with p a
... | true = a ‚à∑ filter p as
... | false = filter p as
````

This is an example of usage of the `with` construct,
which allows us to do further pattern matching on the result of evaluating `p a`.

### Filter and concatenation

**Exercise.** Show that filter and concatenation commute:

*Hint:* Do induction on `as`. In the inductive step,
use the `with` construct as in the definition of `filter` above.

In [None]:
module list.filter-concat where
open import code.list.filter public

filter-++ : {A : Set} ‚Üí (p : A ‚Üí ùîπ) ‚Üí (as bs : A *) ‚Üí filter p (as ++ bs) ‚â°L filter p as ++ filter p bs
filter-++ = ?

### Filter and map

**Exercise.** Show that filter and map commute:

*Hint:* In the inductive step,
do a case analysis on the value of `p (f a)`,
where `a` is the head of the list.

In [None]:
module code.list.filter-map where
open import code.list.filter public

filter-map : {A B : Set} (p : B ‚Üí ùîπ) (f : A ‚Üí B) (as : A *) ‚Üí filter p (map f as) ‚â°L map f (filter (p ‚àò f) as)
filter-map = ?

Is the following true for some choice of the predicate `q`?
Is there any assumption on `f` that makes is true?

```agda
postulate filter-map2 : {A B : Set} (p : A ‚Üí ùîπ) (f : A ‚Üí B) (as : A *) ‚Üí map f (filter p as) ‚â°L filter q (map f as)
```

## Membership

````
module code.list.member where
open import code.list.filter public
````

We define an inductive predicate on lists
representing the fact that an element appears in a list.

````
infix 4 _‚àà_
data _‚àà_ {A : Set} : A ‚Üí A * ‚Üí Set where
  stop : {a : A} {as : A *} ‚Üí a ‚àà a ‚à∑ as
  skip : {a b : A} {as : A *} ‚Üí a ‚àà as ‚Üí a ‚àà b ‚à∑ as
````

In the base case, `stop` provides evidence that `a` appears as the head of the list.
In the inductive case, `skip` takes as argument evidence `a‚ààas` that `a` appears in a list `as`, and returns evidence `skip a‚ààas` that `a` appears in `b ‚à∑ as`.

For instance, we can prove

````
_ : 2 ‚àà 0 ‚à∑ 1 ‚à∑ 2 ‚à∑ 3 ‚à∑ Œµ
_ = skip (skip stop)
````

<!-- need equality to do this one
### An alternative definition

We define the following *recursive* function mapping lists to types (!).
This is called *type-level programming*.

```agda
_inside_ : {A : Set} ‚Üí A ‚Üí A * ‚Üí Set
_ inside Œµ = ‚ä•
a inside (b ‚à∑ as) = a ‚â° b ‚à® a inside as
```agda
-->

### Membership and concatenation

**Exercise.** In this exectise we prove that `‚àà` distributes over `++`:

````
postulate ‚àà-++ : {A : Set} {a : A} (as : A *) {bs : A *} ‚Üí a ‚àà (as ++ bs) ‚ü∫ (a ‚àà as ‚à® a ‚àà bs)
````

We proceed in three steps, by first proving intermediate properties `‚àà-++1` and `‚àà-++2` below, and then putting them together.

In [None]:
module code.list.member-concat where
open import code.list.member public hiding (‚àà-++)

‚àà-++1 : {A : Set} {a : A} (as : A *) {bs : A *} ‚Üí a ‚àà (as ++ bs) ‚Üí a ‚àà as ‚à® a ‚àà bs
‚àà-++1 Œµ a‚ààbs = ?
‚àà-++1 (a ‚à∑ as) stop = ?
‚àà-++1 (b ‚à∑ as) (skip a‚ààas++bs) with ‚àà-++1 as a‚ààas++bs
... | left a‚ààas = ?
... | right a‚ààbs = ?

‚àà-++2 : {A : Set} {a : A} (as : A *) {bs : A *} ‚Üí a ‚àà as ‚à® a ‚àà bs ‚Üí a ‚àà (as ++ bs)
‚àà-++2 _ (left stop) = ?
‚àà-++2 (b ‚à∑ as) (left (skip a‚ààas)) = ?
‚àà-++2 Œµ (right a‚ààbs) = ?
‚àà-++2 (b ‚à∑ as) (right a‚ààbs) = ?

‚àà-++ : {A : Set} {a : A} (as : A *) {bs : A *} ‚Üí a ‚àà (as ++ bs) ‚ü∫ (a ‚àà as ‚à® a ‚àà bs)
‚àà-++ as = ?

# Intuitionistic first-order  logic

We show how dependent types can be used to implement universal quantification (dependent function space)
and existential quantification (dependent product),
thus concluding our overview of intuitionistic logic.

## The universal quantifier

````
module code.universal where
````

In intuitionistic logic a proof of $\forall (a : A) B$ is a function $f$ mapping a proof $a$ of $A$
into a proof $f\; a$ of $B\; a$, where we can see $B$ as a family of types indexed by proofs of $A$.
The universal quantifier is implemented via the *dependent function space*

````
Œ† : (A : Set) ‚Üí (B : A ‚Üí Set) ‚Üí Set
Œ† A B = (a : A) ‚Üí B a
````

This generalises implication `A ‚Üí B`, which corresponds to non-dependent function space.
In this sense, in intuitionistic logic implication is a special case of universal quantification.

Universal quantification also generalises conjunction,
since the type $B_1 \wedge B_2$ is isomorphic to $\Pi\; A\; B$
where $A = \{1, 2\}$ and $B = \{ 1 \mapsto B_1, 2 \mapsto B_2 \}$.
For this reason, sometimes `Œ†` is called dependent product (hence the notation).

The corresponding ‚àÄ-elimination rule is just (dependent) function application:

````
apply : {A : Set} ‚Üí {B : A ‚Üí Set} ‚Üí Œ† A B ‚Üí (a : A) ‚Üí B a
apply f x = f x
````

In order to improve the notation for universal quantification,
we introduce the following definitions.

````
infix 0 forAll
forAll : {A : Set} ‚Üí (B : A ‚Üí Set) ‚Üí Set
forAll {A} B = Œ† A B

syntax forAll (Œª x ‚Üí B) = ‚àÄ[ x ] B
````

The definition of `forAll` just makes the first argument `A` in `Œ† A B` implicit,
so we can just write `forAll B` whenever the argument `A` can be deduced from the context.

The second definition allows us to write `‚àÄ[ x ] B`
as a synonym for `forAll (Œª x ‚Üí B)`.
In this way, we get a suggestive notation reminiscent of logic.

### The universal quantifier, ‚àß, and ‚à®

**Exercise.**
Which of the following are intuitionistic tautologies?
Which are classic tautologies?
Which are none?
Prove the intuitionistic ones.

1. $\forall a B \wedge C \to (\forall a B) \wedge (\forall a C)$.
2. $(\forall a B) \wedge (\forall a C) \to \forall a B \wedge C$.
3. $\forall a B \vee C \to (\forall a B) \vee (\forall a C)$.
4. $ \forall a B \vee C \to (\forall a B) \vee C$, where $a$ does not occurr in $C$.
5. $(\forall a B) \vee (\forall a C) \to \forall a (B \vee C)$.

*Hint:* If you cannot easily program a solution, then most likely there is no solution.

In [None]:
module code.universal.ex1 where
open import code.universal
open import code.conn

-- 1.
‚àÄ‚àß-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí ‚àÄ[ a ] B a ‚àß C a ‚Üí (‚àÄ[ a ] B a) ‚àß (‚àÄ[ a ] C a)
‚àÄ‚àß-distr = ?

-- 2.
‚àß‚àÄ-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí (‚àÄ[ a ] B a) ‚àß (‚àÄ[ a ] C a) ‚Üí ‚àÄ[ a ] B a ‚àß C a
‚àß‚àÄ-distr = ?

-- 3.
‚àÄ‚à®-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí ‚àÄ[ a ] B a ‚à® C a ‚Üí (‚àÄ[ a ] B a) ‚à® (‚àÄ[ a ] C a)
‚àÄ‚à®-distr = ?

-- 4.
‚àÄ‚à®-distr' : {A C : Set} {B : A ‚Üí Set} ‚Üí ‚àÄ[ a ] B a ‚à® C ‚Üí (‚àÄ[ a ] B a) ‚à® C
‚àÄ‚à®-distr' = ?

-- 5.
‚à®‚àÄ-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí (‚àÄ[ a ] B a) ‚à® (‚àÄ[ a ] C a) ‚Üí ‚àÄ[ a ] B a ‚à® C a
‚à®‚àÄ-distr = ?

## The existential quantifier

````
module code.existential where
````

In intuitionistic logic,
a proof of $\exists (a : A) B$ is a pair $(a, b)$,
where $a$ is a proof of $A$
and $b$ is a proof of $B\; a$.
Like in universal quantification, we can see $B$ as a family of types indexed by proofs of $A$.
The existential quantifier is implemented with the *dependent product*:

````
data Œ£ (A : Set) (B : A ‚Üí Set) : Set where
    ‚ü®_,_‚ü© : (a : A) ‚Üí B a ‚Üí Œ£ A B
````
Compare this with conjunction, which corresponds to non-dependent product $A \wedge B$:

```agda
data _‚àß_ (A : Set) (B : Set) : Set where
  ‚ü®_,_‚ü© : A ‚Üí B ‚Üí A ‚àß B
```
In this sense, in intuitionistic logic existential quantification `Œ£` generalises conjunction,
which justifies the name dependent product.
(This can create confusion because `Œ†` is sometimes called dependent product too,
since also `Œ†` generalises conjunction.)

Existential quantification also generalises disjunction,
since the type $B_1 \vee B_2$ is isomorphic to $\Sigma\; A\; B$
with $A = \{1, 2\}$ and $B = \{ 1 \mapsto B_1, 2 \mapsto B_2 \}$.
For this reason, `Œ£` is sometimes called dependent sum.

The corresponding elimination rule is just uncurrying:

````
‚àÉ-elim : {A : Set} {B : A ‚Üí Set} {C : Set} ‚Üí ((a : A) ‚Üí B a ‚Üí C) ‚Üí Œ£ A B ‚Üí C
‚àÉ-elim a‚Üíb‚Üíc ‚ü® a , b ‚ü© = a‚Üíb‚Üíc a b
````

Similarly as with universal quantification,
we introduce some suggestive notation inspired from logic:

````
infix 0 thereExists
thereExists : ‚àÄ {A : Set} (B : A ‚Üí Set) ‚Üí Set
thereExists {A} B = Œ£ A B

syntax thereExists (Œª x ‚Üí B) = ‚àÉ[ x ] B
````

### The existential quantifier, ‚àß, and ‚à®

**Exercise.**
Establish whether the following are intuitionistic tautologies
and prove it in Agda for the positive cases:

1. $\exists a B \vee C \to (\exists a B) \vee (\exists a C)$.
2. $(\exists a B) \vee (\exists a C) \to \exists a B \vee C$.
3. $\exists a B \wedge C \to (\exists a B) \wedge (\exists a C)$.
4. $(\exists a B) \wedge (\exists a C) \to \exists a B \wedge C$.
5. $(\exists a B) \wedge C \to \exists a B \wedge C$, where $a$ does not occurr in $C$.

In [None]:
module code.existential.prop where
open import code.existential
open import code.conn

-- 1
‚àÉ‚à®-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí ‚àÉ[ a ] B a ‚à® C a ‚Üí (‚àÉ[ a ] B a) ‚à® (‚àÉ[ a ] C a)
‚àÉ‚à®-distr = ?

-- 2
‚à®‚àÉ-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí (‚àÉ[ a ] B a) ‚à® (‚àÉ[ a ] C a) ‚Üí ‚àÉ[ a ] B a ‚à® C a
‚à®‚àÉ-distr = ?

-- 3
‚àÉ‚àß-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí ‚àÉ[ a ] B a ‚àß C a ‚Üí (‚àÉ[ a ] B a) ‚àß (‚àÉ[ a ] C a)
‚àÉ‚àß-distr = ?

-- 4
‚àß‚àÉ-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí (‚àÉ[ a ] B a) ‚àß (‚àÉ[ a ] C a) ‚Üí ‚àÉ[ a ] B a ‚àß C a
‚àß‚àÉ-distr = ?

-- 5
‚àß‚àÉ-distr' : {A : Set} {B : A ‚Üí Set} {C : Set} ‚Üí (‚àÉ[ a ] B a) ‚àß C ‚Üí ‚àÉ[ a ] B a ‚àß C
‚àß‚àÉ-distr' = ?

### Universal quantification, existential quantification, and negation

**Exercise.** Which of the following hold in intuitionistic logic? Prove it.

1. $\exists a \forall b C \to \forall b \exists a C$, where $C$ depends on $a$ and $b$.
2. $\exists a \neg B \to \neg \forall a B$, where $B$ depends on $a$.
3. $\neg \forall a B \to \exists a \neg B$, where $B$ depends on $a$.


In [None]:
module code.universal-existential where
open import code.universal
open import code.existential
open import code.conn

-- 1
-- B cannot depend on (a : A) for the swap to be possible!
‚àÉ‚àÄ-distr : {A : Set} {B : Set} {C : A ‚Üí B ‚Üí Set} ‚Üí ‚àÉ[ a ] ‚àÄ[ b ] C a b ‚Üí ‚àÄ[ b ] ‚àÉ[ a ] C a b
‚àÉ‚àÄ-distr = ?

-- 2
¬¨‚àÉ‚Üí‚àÄ¬¨ : {A : Set} {B : A ‚Üí Set} ‚Üí ‚àÉ[ a ] ¬¨ B a ‚Üí ¬¨ (‚àÄ[ a ] B a)
¬¨‚àÉ‚Üí‚àÄ¬¨ = ?

-- 3
¬¨‚àÄ‚Üí‚àÉ¬¨ : {A : Set} {B : A ‚Üí Set} ‚Üí ¬¨ (‚àÄ[ a ] B a) ‚Üí ‚àÉ[ a ] ¬¨ B a
¬¨‚àÄ‚Üí‚àÉ¬¨ = ?

````
module code.nat where
open import code.conn public

--data ‚Ñï : Set where
--  zero : ‚Ñï
--  suc : ‚Ñï ‚Üí ‚Ñï

-- {-# BUILTIN NATURAL ‚Ñï #-}

infixl 5 _+_
_+_ : ‚Ñï ‚Üí ‚Ñï ‚Üí ‚Ñï
zero + m = m
(suc n) + m = suc (n + m)

infix 4 _‚â°‚Ñï_
data _‚â°‚Ñï_ : ‚Ñï ‚Üí ‚Ñï ‚Üí Set where
  z‚â°z : 0 ‚â°‚Ñï 0
  s‚â°s : {m n : ‚Ñï} ‚Üí m ‚â°‚Ñï n ‚Üí suc m ‚â°‚Ñï suc n

postulate ‚â°‚Ñï-refl : {n : ‚Ñï} ‚Üí n ‚â°‚Ñï n
postulate ‚â°‚Ñï-trans : {m n p : ‚Ñï} ‚Üí m ‚â°‚Ñï n ‚Üí n ‚â°‚Ñï p ‚Üí m ‚â°‚Ñï p
postulate ‚â°‚Ñï-sym : {m n : ‚Ñï} ‚Üí m ‚â°‚Ñï n ‚Üí n ‚â°‚Ñï m
postulate ‚â°‚Ñï-cong : {m n : ‚Ñï} (f : ‚Ñï ‚Üí ‚Ñï) ‚Üí m ‚â°‚Ñï n ‚Üí f m ‚â°‚Ñï f n

infix  1 begin‚Ñï_
infixr 2 _‚â°‚Ñï‚ü®‚ü©_ _‚â°‚Ñï‚ü®_‚ü©_
infix  3 _‚àé‚Ñï

begin‚Ñï_ : {x y : ‚Ñï} ‚Üí x ‚â°‚Ñï y ‚Üí x ‚â°‚Ñï y
begin‚Ñï x‚â°y = x‚â°y

_‚â°‚Ñï‚ü®‚ü©_ : (x : ‚Ñï) {y : ‚Ñï} ‚Üí x ‚â°‚Ñï y ‚Üí x ‚â°‚Ñï y
x ‚â°‚Ñï‚ü®‚ü© x‚â°y = x‚â°y

_‚â°‚Ñï‚ü®_‚ü©_ : (x : ‚Ñï) {y z : ‚Ñï} ‚Üí x ‚â°‚Ñï y ‚Üí y ‚â°‚Ñï z ‚Üí x ‚â°‚Ñï z
x ‚â°‚Ñï‚ü® x‚â°y ‚ü© y‚â°z = ‚â°‚Ñï-trans x‚â°y y‚â°z

_‚àé‚Ñï : (x : ‚Ñï) ‚Üí x ‚â°‚Ñï x
x ‚àé‚Ñï = ‚â°‚Ñï-refl {x}

infix 4 _‚â§_
data _‚â§_ : ‚Ñï ‚Üí ‚Ñï ‚Üí Set where
  0‚â§n : {n : ‚Ñï} ‚Üí 0 ‚â§ n
  s‚â§s : {m n : ‚Ñï} ‚Üí m ‚â§ n ‚Üí suc m ‚â§ suc n
````

# More on lists

## Length

````
module code.list.len where
open import code.list-continue public
open import code.nat public

length : {A : Set} ‚Üí A * ‚Üí ‚Ñï
length Œµ = 0
length (_ ‚à∑ xs) = suc (length xs)
````

For example:

````
_ : length (0 ‚à∑ 1 ‚à∑ Œµ) ‚â°‚Ñï 2
_ = ‚â°‚Ñï-refl
````

### Length and concatenation

**Exercise.** Show that concatenation preserves the total length of the lists.

In [None]:
module code.list.len-app where
open import code.list.len

++-len : {A : Set} ‚Üí (as bs : A *) ‚Üí length (as ++ bs) ‚â°‚Ñï length as + length bs
++-len {A} as bs = ?

### Map and length

**Exercise.** Show that `map` preserves the length of the list.

In [None]:
module code.list.map-len where
open import code.list.map public
open import code.list.len public

map-len : {A B : Set} (f : A ‚Üí B) (as : A *) ‚Üí length as ‚â°‚Ñï length (map f as)
map-len = ?

## Filter

### Filter and length

**Exercise.** Show that filter cannot increase the length of the list.

In [None]:
module code.list.filter-len where
open import code.list.filter public
open import code.list.len public

filter-len : {A : Set} ‚Üí (p : A ‚Üí ùîπ) ‚Üí (as : A *) ‚Üí length (filter p as) ‚â§ length as
filter-len = ?

## Reverse

````
module code.list.rev where
open import code.list-continue public
````

Below is the standard definition of a function that reverses the contents of a list.

````
reverse : {A : Set} ‚Üí A * ‚Üí A *
reverse Œµ = Œµ
reverse (a ‚à∑ as) = reverse as ++ a ‚à∑ Œµ
````

### Reverse and concatenation

**Exercise.** Show the following relationship between inverse and concatenation.

```agda
rev-++ : {A : Set} (as bs : A *) ‚Üí reverse (as ++ bs) ‚â°L reverse bs ++ reverse as
```

*Hint*: Do induction on `as`. In the base case,
you will need the following fact proved earlier:

```agda
Œµ-++ : {A : Set} ‚Üí (xs : A *) ‚Üí xs ++ Œµ ‚â°L xs
```

In the inductive case, you will need associativity of list concatenation and congruence:

````
postulate ++-assoc : {A : Set} ‚Üí (xs ys zs : A *) ‚Üí (xs ++ ys) ++ zs ‚â°L xs ++ (ys ++ zs)
postulate ‚â°L-cong : {A B : Set} (f : A * ‚Üí B *) {as bs : A *} ‚Üí as ‚â°L bs ‚Üí f as ‚â°L f bs
````

In [None]:
module code.list.rev-concat where
open import code.list.rev public

rev-++ : {A : Set} (as bs : A *) ‚Üí reverse (as ++ bs) ‚â°L reverse bs ++ reverse as
rev-++ = ?

**Exercise.** As an application of `rev-++`,
show that the reverse operation is *involutive*, in the following sense:

```agda
rev-inv : {A : Set} ‚Üí as ‚â°L reverse (reverse as)
```

*Hint:* In the inductive step, you need to apply `rev-++` before you can apply the inductive hypothesis.

In [None]:
module code.list.rev-inv where
open import code.list.rev public

postulate rev-++ : {A : Set} (as bs : A *) ‚Üí reverse (as ++ bs) ‚â°L reverse bs ++ reverse as

rev-inv : {A : Set} (as : A *) ‚Üí reverse (reverse as) ‚â°L as 
rev-inv = ?

### Reverse and length

**Exercise.** Show that `reverse` preserves the length of the list:

```agda
rev-len : {A : Set} (as : A *) ‚Üí length (reverse as) ‚â°‚Ñï length as
rev-len = ?
```

### Reverse and map

**Exercise.** Show that `reverse` and `map` commute:

```agda
rev-map : {A B : Set} (f : A ‚Üí B) (as : A *) ‚Üí reverse (map f as) ‚â°L map f (reverse as)
rev-map = ?
```

### Reverse and filter

**Exercise.** Show that `reverse` and `filter` commute:

```agda
rev-filter : {A : Set} (p : A ‚Üí ùîπ) (as : A *) ‚Üí reverse (filter p as) ‚â°L filter p (reverse as)
rev-filter = ?
```

## Fast reverse

````
module code.list.fastrev where
open import code.list.rev public
````

The function `reverse` presented above has quadratic time complexity.
A well-known more efficient way of reversing a list uses an extra parameter,
called *accumulator*:

````
reverseAcc : {A : Set} ‚Üí A * ‚Üí A * ‚Üí A *
reverseAcc as Œµ = as
reverseAcc as (x ‚à∑ xs) = reverseAcc (x ‚à∑ as) xs

fastReverse : {A : Set} ‚Üí A * ‚Üí A *
fastReverse = reverseAcc Œµ
````

**Exercise.** We want to prove that `reverse` and `fastReverse` are equivalent.

1. First establish a useful lemma about `reverse`:

```agda
reverse-lemma : {A : Set} ‚Üí (xs ys : A *) ‚Üí (x : A) ‚Üí reverse (x ‚à∑ xs) ++ ys ‚â°L reverse xs ++ x ‚à∑ ys
```

*Hint:* You don't need induction, but you will need `++-assoc`.

2. Then establish the following invariant satisfied by the helper function `reverseAcc`:

```agda
invariant : {A : Set} ‚Üí (xs : A *) ‚Üí (as : A *) ‚Üí reverse xs ++ as ‚â°L reverseAcc as xs
```

*Hint:* Do induction on `xs`. In the inductive case,
you will need `reverse-lemma` before you can apply the inductive hypothesis.

3. Finally, 

```agda
equivalence : {A : Set} (xs : A *) ‚Üí reverse xs ‚â°L fastReverse xs
```

*Hint:* You do not need induction, just `Œµ-++` and `invariant` established above.

In [None]:
module code.list.fastrev.correct where
open import code.list.fastrev public

reverse-lemma : {A : Set} ‚Üí (xs ys : A *) ‚Üí (x : A) ‚Üí reverse (x ‚à∑ xs) ++ ys ‚â°L reverse xs ++ x ‚à∑ ys
reverse-lemma = ?

invariant : {A : Set} ‚Üí (xs : A *) ‚Üí (as : A *) ‚Üí reverse xs ++ as ‚â°L reverseAcc as xs
invariant = ?

equivalence : {A : Set} (xs : A *) ‚Üí reverse xs ‚â°L fastReverse xs
equivalence xs = ?

## Membership revisited

````
module code.list.member2 where
open import code.list.member public
open import code.list.len public
open import code.nat public
open import code.existential public
open import code.list.rev public
````

### Membership and length

````
postulate ‚àà-len : {A : Set} {as : A *} ‚Üí 1 ‚â§ length as ‚ü∫ (‚àÉ[ a ] a ‚àà as)
````

### Membership and map

````
postulate ‚àà-map : {A B : Set} {as : A *} {a : A} (f : A ‚Üí B) ‚Üí a ‚àà as ‚Üí f a ‚àà map f as
````

When is the converse direction true?

### Membership and filter

````
postulate ‚àà-filter : {A : Set} {as : A *} {a : A} (p : A ‚Üí ùîπ) ‚Üí p a ‚â°ùîπ true ‚ü∫ a ‚àà filter p as
````

### Membership and reverse

````
postulate ‚àà-rev : {A : Set} {as : A *} {a : A} ‚Üí a ‚àà as ‚ü∫ a ‚àà reverse as
````

## All

````
module code.list.all where
open import code.list.member public
open import code.conn public
open import code.universal public
open import code.list.rev public
````

````
data All {A : Set} (P : A ‚Üí Set) : A * ‚Üí Set where
  all-Œµ : All P Œµ
  all-‚à∑ : {a : A} {as : A *} ‚Üí P a ‚Üí All P as ‚Üí All P (a ‚à∑ as)
````

### An alternative definition

We define the following recursive function mapping lists to types.
This technique is called *type-level programming*.

````
All-‚àß : {A : Set} ‚Üí (A ‚Üí Set) ‚Üí A * ‚Üí Set
All-‚àß _ Œµ = ‚ä§
All-‚àß P (a ‚à∑ as) = P a ‚àß All-‚àß P as

const : {A B : Set} ‚Üí B ‚Üí A ‚Üí B
const b _ = b

All‚â°All-‚àß : {A : Set} ‚Üí (P : A ‚Üí Set) ‚Üí (as : A *) ‚Üí All P as ‚ü∫ All-‚àß P as
All‚â°All-‚àß P Œµ = ‚ü® const tt , const all-Œµ ‚ü©
All‚â°All-‚àß P (a ‚à∑ as) = ‚ü® f , g ‚ü© where
  f : All P (a ‚à∑ as) ‚Üí All-‚àß P (a ‚à∑ as)
  f (all-‚à∑ Pa Pas) = ‚ü® Pa , fst (All‚â°All-‚àß P as) Pas ‚ü©
  g : All-‚àß P (a ‚à∑ as) ‚Üí All P (a ‚à∑ as)
  g ‚ü® Pa , Pas ‚ü© = all-‚à∑ Pa (snd (All‚â°All-‚àß P as) Pas)
````

### All and concatenation

````
postulate All-++ : {A : Set} (P : A ‚Üí Set) (as bs : A *) ‚Üí All P (as ++ bs) ‚ü∫ All P as ‚àß All P bs
````

### All and map

````
postulate All-map : {A B : Set} (P : B ‚Üí Set) (f : A ‚Üí B) (as : A *) ‚Üí All P (map f as) ‚ü∫ All (P ‚àò f) as
````

### All and filter

````
postulate All-filter1 : {A : Set} (P : A ‚Üí Set) (p : A ‚Üí ùîπ) (as : A *) ‚Üí All P as ‚Üí All P (filter p as)

postulate All-filter2 : {A : Set} (P : A ‚Üí Set) (p : A ‚Üí ùîπ) (as : A *) ‚Üí All P (filter p as) ‚Üí All (Œª a ‚Üí p a ‚â°ùîπ true ‚Üí P a) as
````

### All and reverse

````
postulate All-reverse : {A : Set} (P : A ‚Üí Set) (as : A *) ‚Üí All P (reverse as) ‚ü∫ All P as
````

### All and membership

````
postulate All-‚àà : {A : Set} {P : A ‚Üí Set} (as : A *) ‚Üí All P as ‚ü∫ (‚àÄ[ a ] (a ‚àà as ‚Üí P a))
````

## Some

````
module code.list.some where
open import code.list.member public
open import code.conn public
open import code.existential public
open import code.nat public
open import code.list.rev public
````

````
data Some {A : Set} (P : A ‚Üí Set) : A * ‚Üí Set where
  found : {a : A} {as : A *} ‚Üí P a ‚Üí Some P (a ‚à∑ as) 
  skip : {a : A} {as : A *} ‚Üí Some P as ‚Üí Some P (a ‚à∑ as)
  
Some-‚à® : {A : Set} ‚Üí (A ‚Üí Set) ‚Üí A * ‚Üí Set
Some-‚à® _ Œµ = ‚ä•
Some-‚à® P (a ‚à∑ as) = P a ‚à® Some-‚à® P as

const : {A B : Set} ‚Üí B ‚Üí A ‚Üí B
const b _ = b

Some‚â°Some-‚à® : {A : Set} ‚Üí (P : A ‚Üí Set) ‚Üí (as : A *) ‚Üí Some P as ‚ü∫ Some-‚à® P as
Some‚â°Some-‚à® P Œµ = ‚ü® f , (Œª x ‚Üí ‚ä•-elim x) ‚ü© where
  f : Some P Œµ ‚Üí Some-‚à® P Œµ
  f ()
Some‚â°Some-‚à® P (a ‚à∑ as) = ‚ü® f , g ‚ü© where
  f : Some P (a ‚à∑ as) ‚Üí Some-‚à® P (a ‚à∑ as)
  f (found Pa) = left Pa
  f (skip Pas) = right (fst (Some‚â°Some-‚à® P as) Pas)
  g : Some-‚à® P (a ‚à∑ as) ‚Üí Some P (a ‚à∑ as)
  g (left Pa) = found Pa
  g (right Pas) = skip (snd (Some‚â°Some-‚à® P as) Pas)
````

### Some and concatenation

````
postulate Some-++ : {A : Set} (P : A ‚Üí Set) (as bs : A *) ‚Üí Some P (as ++ bs) ‚ü∫ Some P as ‚à® Some P bs
````

### Some and map

````
postulate Some-map : {A B : Set} (P : B ‚Üí Set) (f : A ‚Üí B) (as : A *) ‚Üí Some P (map f as) ‚ü∫ Some (P ‚àò f) as
````

### Some and filter

````
postulate Some-filter : {A : Set} (P : A ‚Üí Set) (p : A ‚Üí ùîπ) (as : A *) ‚Üí Some P (filter p as) ‚ü∫ Some (Œª a ‚Üí P a ‚àß p a ‚â°ùîπ true) as
````

### Some and reverse

````
postulate Some-reverse : {A : Set} (P : A ‚Üí Set) (as : A *) ‚Üí Some P (reverse as) ‚ü∫ Some P as
````

### Some and membership

````
postulate Some-‚àà : {A : Set} {P : A ‚Üí Set} (as : A *) ‚Üí Some P as ‚ü∫ (‚àÉ[ a ] a ‚àà as ‚àß P a)
````