**LICENCE:**
This tutorial contains adaptations of material from [Programming Language Foundations in Agda](https://plfa.github.io/) by Phil Wadler and Wen Kokke. It is licensed under Creative Commons Attribution 4.0 International.

**SYNTAX:**
You can enter `‚Üí` by writing `->` and pressing TAB; pressing TAB again goes back to `->`. Similar useful combinations are:

| base form | alternate form |
|:---------:|:--------------:|
| ->  | ‚Üí |
| \   | Œª |
| neg | ¬¨ |
| top | ‚ä§ |
| bot | ‚ä• |
| /\  | ‚àß |
| \\/ | ‚à® |
| <   | ‚ü® |
| >   | ‚ü© |
| forall | ‚àÄ |
| exists | ‚àÉ |
| Pi  | Œ† |
| Sigma | Œ£ |

<!---
| phi | |
| psi | |
-->

<!---

**PRO TRICKS:**
- You can ask Agda to provide the type of a closed expression. Just put the cursor nearby an expression and press SHIFT+TAB.
- You can ask Agda to compute the normal form of an expression enclosed in parantheses, such as `(Œª x ‚Üí x)` (already in normal form).

-->

<!--- Starred exercises "**Exercise***" should be skipped on a first reading and dealt with only after all the non-starred one are resolved. -->

# Curry-Howard isomorphism

| Logic    | Programming |     |
|----------|-------------|-----|
| theorems | types       | $A$ |
| proofs   | programs (terms) | $a$ |
| proof simplification | program execution | run $a$ |
| proof development | programming | write $a$ |
| proof checking | type checking | given $a, A$, does $a : A$ hold? |
| validity | type inhabitation | given $A$, find $a$ s.t. $a : A$ |
| ?        | type reconstruction | given $a$, find $A$ s.t. $a : A$ |

<!--- One important difference is that,
while in logic it is enough to have any proof $a$ of a theorem $A$
(in this sense all proofs of $A$ are the same),
in programming not all programs are the same.
For instance, to know that $\mathbb N \to \mathbb N$ is inhabited
it suffices to exhibit any computable total function on the natural numbers.
However, we might be interested in specific such functions, such as factora, Fibonacci, etc.
Moreover, in programming we even go one step further,
since two extensionally equivalent function may be intensionally different,
e.g., smaller/faster programs are preferred. -->

# Polymorphism and implicit arguments

````
module code.id where
````

The polymorphic identity function in Agda is written as follows:

```
id : (A : Set) ‚Üí A ‚Üí A
id A x = x
```

(Compare this with the equivalent Haskell definition:
```haskell
id :: A -> A
id x = x
```
Incidentally, note the crucial difference that the typing operator in Agda is `:` instead of `::`.)

Therefore, in Agda `id ‚Ñï` is the identity on the natural numbers,
`id (‚Ñï ‚Üí ‚Ñï)` is the identity on functions of natural numbers,
and so on.
It turns out that 1) specifying the argument `A` is boring
and 2) in most cases Agda can infer it from the context.
For these two reasons, Agda allows us to say that some argument is implicit `{A : Set}`, as we demonstrate below.

````
id : {A : Set} ‚Üí A ‚Üí A
id x = x
````

**UNDER THE HOOD:** A code cell must start with a line in the format

```agda
module A.B.C where
```

Upon evaluation, the file `A/B/C.agda` is created on disk from the cell's contents
and fed to the Agda interpreter.
For this reason, it is important to evaluate a cell to ensure that its changes are reflected on disk and can be used from other cells.

**SPACING:**
Agda allows us to be very flexible in the variable names,
which can be strings such as `x`, `idŒª`, `a‚Üíb`, `&&true`, or even arbitrary unicode symbols `üíî`, provided there is no space in-between.
As a consequence, spaces in Agda have a syntactic meaning as separators,
and we need to be very generous with them.

## Exercise

Write a polymorphic function `fst` that takes two arguments of types `A` and `B`,
resp., and returns the first argument.

In [None]:
module code.fst where

fst : {A B : Set} ‚Üí ?
fst = ?

# Intuitionistic propositional logic in Agda

## Implication

````
module code.impl where
````

Intuitionistic implication is implemented as *function space*
$$A \to B.$$
This concept has no counterpart in classical logic.
The function space operator `‚Üí` is an Agda primitive.
The idea is that a proof of $A \to B$
is a (terminating) *program* $t : A \to B$
that, given a proof $a : A$ of $A$,
always terminates and produces a proof $t\; a : B$ of $B$.
The $\to$-eliminaton rule is implemented by *function application*.

````
apply : {A B : Set} ‚Üí (A ‚Üí B) ‚Üí A ‚Üí B
apply a‚Üíb = Œª a ‚Üí a‚Üíb a
````

Equivalent spellings:
`apply a‚Üíb a = a‚Üíb a`,
` apply a‚Üíb = a‚Üíb`,
`apply = id` (why?).
The last case shows why do not need to explicity use `apply`.

<!--- - The validity problem for implication intuitionistic propositional logic is PSPACE-complete. What is the complexity for the corresponding problem for classical logic? coNP-complete. -->

### **Exercise**

Prove in Agda following tautologies of intuitionistic propositional logic:
1. Argument commutativity: $(A \to B \to C) \to B \to A \to C$.
2. Distributivity: $(A \to B \to C) \to (A \to B) \to A \to C$.
3. Diamond $(A \to B) \to (A \to C) \to (B \to C \to D) \to A \to D$.
4. Projection: $A \to A \to A$. How many proof of this fact are there?

Note that the operator "$\to$" is right-associative:
For example, the last expression above is parenthesized as
$$ A \to (A \to A).$$
We will only write parentheses when they are needed.

Also note that, since intuitionistic implication in general behaves differently from classical implication,
the intuitionistic tautologies above hold for reasons which are different from why the same formulas are also classical tautologies (and thus must be reproven in the inuitionistic setting).

In [None]:
module code.lab01.ex01 where

‚Üí-comm : {A B C : Set} ‚Üí (A ‚Üí B ‚Üí C) ‚Üí B ‚Üí A ‚Üí C
‚Üí-comm f b a = ?

‚Üí-distr : {A B C : Set} ‚Üí (A ‚Üí B ‚Üí C) ‚Üí (A ‚Üí B) ‚Üí A ‚Üí C
‚Üí-distr f g x = ?

‚Üí-diamond : {A B C D : Set} ‚Üí (A ‚Üí B) ‚Üí (A ‚Üí C) ‚Üí (B ‚Üí C ‚Üí D) ‚Üí A ‚Üí D
‚Üí-diamond f g h x = ?

‚Üí-proj : {A : Set} ‚Üí A ‚Üí A ‚Üí A
‚Üí-proj = ?

## Conjunction

````
module code.and where
````

In intuitionistic logic, a proof of $A \wedge B$ is a pair $\langle a, b \rangle$,
where $a$ is a proof of $A$ and $b$ is a proof of $B$.
(From this point of view, intuitionistic conjunction behaves similarly to classical conjunction,
because also in classical logic both conjuncts must be provable for their conjunction to be provable.)
This intuition translates immediately into the following *product* datatype:

````
data _‚àß_ (A : Set) (B : Set) : Set where
  ‚ü®_,_‚ü© : A ‚Üí B ‚Üí A ‚àß B
````

The datatype `_‚àß_` is parametrised by two types, `A` and `B`,
and it is written `A ‚àß B` or, using prefix notation, `_‚àß_ A B`.
It has only one constructor `‚ü®_,_‚ü©`, corresponding to the ‚àß-introduction rule:
Given elements `a : A` and `b : B`,  `‚ü® a , b ‚ü©` has type `A ‚àß B` (notice the mandatory spaces!).
The term above can also be written in prefix notation as `‚ü®_,_‚ü© A B`.
We can then define the two projection functions, which correspond to the two ‚àß-elimination rules:

````
fst : {A B : Set} ‚Üí A ‚àß B ‚Üí A
fst ‚ü® a , _ ‚ü© = a

snd : {A B : Set} ‚Üí A ‚àß B ‚Üí B
snd ‚ü® _ , b ‚ü© = b
````

It is sometimes convenient to write longer conjunctions such as `A ‚àß B ‚àß C`,
to which end we need to define that the operator `_‚àß_` is *right associative*.

````
infixr 2 _‚àß_
````

We will also give it a numerical priority, `2` in this case,
in order to avoid ambiguity later then introducing more operators.

Once again, `_‚àß_ ` is not an Agda primitive, but it can be defined with Agda's datatype creation facility.

### **Exercise**

Formalise and prove the following:
1. Curry/uncurry: $A ‚Üí B ‚Üí C$ is the same as $A \wedge B ‚Üí C$.
2. Conjunction is commutative: $A \wedge B$ is the same as $B \wedge A$.
3. Conjunction is associative: $A \wedge B \wedge C$ is the same as $(A \wedge B) \wedge C$.
4. Implication distributes over conjunction: $A \to B \wedge C$ is the same as $(A \to B) \wedge (A \to C)$.

Do the last three properties follow from curry/uncurry?

In [None]:
module code.lab01.ex04 where
open import code.and

uncurry : {A B C : Set} ‚Üí (A ‚Üí B ‚Üí C) ‚Üí A ‚àß B ‚Üí C
uncurry = ?

curry : {A B C : Set} ‚Üí (A ‚àß B ‚Üí C) ‚Üí A ‚Üí B ‚Üí C
curry = ?

‚àß-comm : ?
‚àß-comm = ?

‚àß-assoc-1 : ?
‚àß-assoc-1 = ?

‚àß-assoc-2 : ?
‚àß-assoc-2 = ?

‚Üí‚àß-distr-1 : ?
‚Üí‚àß-distr-1 = ?

‚Üí‚àß-distr-2 : ?
‚Üí‚àß-distr-2 = ?

## Disjunction

````
module code.or where
````

In intuitionistic logic a proof of a disjunction is a proof of either the first disjunct or of the second.
More precisely, a proof of $A_1 \vee A_2$ is a pair $(k, t_k)$,
where $k \in \{1, 2\}$ specifies that we are proving $A_k$
and $t_k : A_k$ is a proof thereof.
The two options can be implemented with two different constructors,
called right and left *injection*.

````
data _‚à®_ (A : Set) (B : Set) : Set where
    left : A ‚Üí A ‚à® B
    right : B ‚Üí A ‚à® B
````

The two constructors `left` and `right` above
correspond to the two ‚à®-introduction rules.

Notice that this is very different from classical logic
(where it is "easier" to prove a disjunction),
because a classical proof does not need to prove any single disjunct.

We give disjunction lower priority than conjunction
so we can omit parenthesis from `(A ‚àß B) ‚à® C` and write `A ‚àß B ‚à® C` instead.

````
infixr 1 _‚à®_ 
````

The ‚à®-elimination rule is provided by case analysis,
which is implemented by performing pattern matching on the constructor.


````
case : {A B C : Set} ‚Üí (A ‚Üí C) ‚Üí (B ‚Üí C) ‚Üí A ‚à® B ‚Üí C
case f g (left x) = f x
case f g (right x) = g x
````

### **Exercise**

Formalise and prove the following:
1. Disjunction is commutative: $A \vee B$ is the same as $B \vee A$.
2. Disjunction is associative: $A \vee B \vee C$ is the same as $(A \vee B) \vee C$.
3. $A \vee B \to C$ is the same as $(A \to C) \wedge (B \to C)$.

In [None]:
module code.lab01.ex5 where
open import code.and
open import code.or

‚à®-comm : {A B : Set} ‚Üí ?
‚à®-comm = ?

‚à®-assoc : {A B C : Set} ‚Üí ?
‚à®-assoc = ?

‚à®‚àß‚Üí-1 : {A B C : Set} ‚Üí ?
‚à®‚àß‚Üí-1 = ?

‚à®‚àß‚Üí-2 : {A B C : Set} ‚Üí ?
‚à®‚àß‚Üí-2 = ?

In [None]:
module code.lab01.ex5 where
open import code.and
open import code.or

‚à®-comm : {A B : Set} ‚Üí A ‚à® B ‚Üí B ‚à® A
‚à®-comm (left a) = right a
‚à®-comm (right a) = left a

‚à®-assoc : {A B C : Set} ‚Üí A ‚à® B ‚à® C ‚Üí (A ‚à® B) ‚à® C
‚à®-assoc (left a) = left (left a)
‚à®-assoc (right (left b)) = left (right b)
‚à®-assoc (right (right c)) = right c

‚à®‚àß‚Üí-1 : {A B C : Set} ‚Üí (A ‚à® B ‚Üí C) ‚Üí (A ‚Üí C) ‚àß (B ‚Üí C)
‚à®‚àß‚Üí-1 a‚à®b‚Üíc = ‚ü® (Œª a ‚Üí a‚à®b‚Üíc (left a)) , (Œª b ‚Üí a‚à®b‚Üíc (right b)) ‚ü©

‚à®‚àß‚Üí-2 : {A B C : Set} ‚Üí (A ‚Üí C) ‚àß (B ‚Üí C) ‚Üí A ‚à® B ‚Üí C
‚à®‚àß‚Üí-2 ‚ü® a‚Üíc , _ ‚ü© (left a) = a‚Üíc a
‚à®‚àß‚Üí-2 ‚ü® _ , b‚Üíc ‚ü© (right b) = b‚Üíc b

### **Exercise** (`‚àß` and `‚à®`)

Prove the following tautologies:
1. $A \wedge (B \vee C) \leftrightarrow A \wedge B \vee A \wedge C$.
2. $A \vee B \wedge C \leftrightarrow (A \vee B) \wedge (A \vee C)$.

In [None]:
module code.lab01.distr where
open import code.and
open import code.or

‚àß‚à®-distr-1 : {A B C : Set} ‚Üí A ‚àß (B ‚à® C) ‚Üí A ‚àß B ‚à® A ‚àß C
‚àß‚à®-distr-1 = ?

‚àß‚à®-distr-2 : {A B C : Set} ‚Üí A ‚àß B ‚à® A ‚àß C ‚Üí A ‚àß (B ‚à® C)
‚àß‚à®-distr-2 = ?

‚à®‚àß-distr-1 : {A B C : Set} ‚Üí A ‚à® B ‚àß C ‚Üí (A ‚à® B) ‚àß (A ‚à® C)
‚à®‚àß-distr-1 = ?

‚à®‚àß-distr-2 : {A B C : Set} ‚Üí (A ‚à® B) ‚àß (A ‚à® C) ‚Üí A ‚à® B ‚àß C
‚à®‚àß-distr-2 = ?

## Truth values

````
module code.true-false where
````

The two truth values `‚ä§` and `‚ä•` are implemented via Agda's data type mechanism.
Notice that neither `‚ä§` nor `‚ä•` are Agda primitives.
However, Agda's datatype creation facilities allow us to define those datatypes in such a way that they behave as we expect.

### True: `‚ä§`

The type `‚ä§` has precisely one inhabitant, called `tt` (its only constructor).

````
data ‚ä§ : Set where
  tt : ‚ä§
````

The ‚ä§-introduction rule says that we can prove that anything implies `‚ä§`.

````
A‚Üí‚ä§ : {A : Set} ‚Üí A ‚Üí ‚ä§
A‚Üí‚ä§ _ = tt
````

There is no ‚ä§-elimination rule.

### False: `‚ä•`

The type `‚ä•` has dual property to `‚ä§`.
The type `‚ä•` has no inhabitants at all, and thus we do not provide any constructor in its definition.

````
data ‚ä• : Set where
````

The ‚ä•-elimination rule says that anything can be proved from `‚ä•`.
The absurd pattern `()` below is how we tell Agda that there cannot be any argument to `‚ä•-elim`, and thus it says that no defining equation is needed.

````
‚ä•-elim : {A : Set} ‚Üí ‚ä• ‚Üí A
‚ä•-elim ()
````

There is no ‚ä•-introducion rule.
This makes the world a better place (why?).

## Negation

````
module code.neg where
open import code.true-false public
````

Negation is not a primitive in intuitionistic logic.
In intuitionistic logic $\neg A$ means that, if we had a proof of $A$, then we could derive a contradiction $\bot$:
$$ \neg A \;\equiv\; A \to \bot.$$
And this is how negation is defined in Agda.

````
¬¨_ : Set ‚Üí Set
¬¨ A = A ‚Üí ‚ä•
````

Thus, `¬¨ A` is a shorthand for (i.e., evaluates to) `A ‚Üí ‚ä•`.
Notice that for the first time we are defining a function that maps types to types, i.e., a so called *type-level function*.
This is made possible by the fact that in a dependently typed language
types are first-class citizens and can be manipulated as any other data.

We give negation higher priority than `‚àß` and `‚à®`,
so we can just write `¬¨ A ‚àß B` instead of `(¬¨ A) ‚àß B.

````
infix 3 ¬¨_ 
````

### **Exercise** (`¬¨¬¨`)

The logic of Agda is intuitionistic. In particular, in Agda the following double negation law does *not* hold:
$$ A \leftrightarrow \neg \neg A. $$
Which one of the two directions holds in intuitionistic logic?
- Formalise this and prove it in Agda.
- Does the proof (i.e., program) resemble something we have already seen?

*Hint:* The type $\neg \neg A$ expands to
$$(A \to \bot) \to \bot.$$

In [None]:
module code.lab01.ex02 where
open import code.neg

-- recall that ¬¨ ¬¨ A = (A ‚Üí ‚ä•) ‚Üí ‚ä•

¬¨¬¨-intro : {A : Set} ‚Üí A ‚Üí ¬¨ ¬¨ A
¬¨¬¨-intro x f = ?

-- the occurrence of "?" above is called a hole;
-- Agda will compile and remind us that there are open goals corresponding to holes to be solved

### **Exercise** (`¬¨ B ‚Üí ¬¨ A`)

The *contrapositive* of an implication $A \to B$ is $\neg B \to \neg A$.
In classical logic an implication and its contrapositive are logically equivalent, i.e., the following is a tautology:
$$(A \to B) \leftrightarrow (\neg B \to \neg A).$$
Use Agda to prove which, if any, of the two directions above holds in intuitionistic logic.

In [None]:
module code.lab01.ex03 where
open import code.neg

-- your solution here
contrapositive : ?
contrapositive = ?

### **Exercise**  (De Morgan laws)

Are the following laws valid in intuitionistic logic?
If so, write a proof in Agda.
\begin{align}
 (1) \qquad \neg (A \vee B) \leftrightarrow \neg A \wedge \neg B. \\
 (2) \qquad \neg A \vee \neg B \to \neg (A \wedge B). \\
 (3) \qquad \neg (A \wedge B) \to \neg A \vee \neg B.
\end{align}

In [None]:
module code.lab01.ex07 where
open import code.and
open import code.or
open import code.neg

de_morgan1-1 : {A B : Set} ‚Üí ¬¨ (A ‚à® B) ‚Üí ¬¨ A ‚àß ¬¨ B
de_morgan1-1 = ?

de_morgan1-2 : {A B : Set} ‚Üí ¬¨ A ‚àß ¬¨ B ‚Üí ¬¨ (A ‚à® B)
de_morgan1-2 = ?

de_morgan2 : {A B : Set} ‚Üí ¬¨ A ‚à® ¬¨ B ‚Üí ¬¨ (A ‚àß B)
de_morgan2 = ?

de_morgan3 : {A B : Set} ‚Üí ¬¨ (A ‚àß B) ‚Üí ¬¨ A ‚à® ¬¨ B
de_morgan3 = ?

### **Exercise** (`¬¨ A ‚à® B`)

<!-- (Classical vs. intuitionistic implication) -->

In classical logic, $A \to B$ is defined to be $\neg A \vee B$.
Which of the following two directions hold in intuitionistic logic? Prove it in Agda.
$$(A \to B) \leftrightarrow (\neg A \vee B).$$

<!--- *Hint:* Classical implication intuitionistically implies intuitionistic implication. For this reason, classical logic can be seen as a conservative extension of intuitionistic logic. -->

In [None]:
module code.lab01.ex07 where
open import code.true-false
open import code.neg
open import code.or

-- your solution here

# Intuitionistic first-order  logic

We show how dependent types can be used to implement universal quantification (dependent function space)
and existential quantification (dependent product),
thus concluding our overview of intuitionistic logic.

````
module code.universal where
````

## The ‚àÄ quantifier
In intuitionistic logic a proof of $\forall (a : A) B$ is a function $f$ mapping a proof $a$ of $A$
into a proof $f\; a$ of $B\; a$, where we can see $B$ as a family of types indexed by proofs of $A$.
The universal quantifier is implemented via the *dependent function space*

````
Œ† : (A : Set) ‚Üí (B : A ‚Üí Set) ‚Üí Set
Œ† A B = (a : A) ‚Üí B a

-- compare with implication:
-- ((a : A) ‚Üí B a) versus A ‚Üí B
````

This generalises implication `A ‚Üí B`, which corresponds to non-dependent function space.
In this sense, in intuitionistic logic implication is a special case of universal quantification.

Universal quantification also generalises conjunction,
since the type $B_1 \wedge B_2$ is isomorphic to $\Pi\; A\; B$
where $A = \{1, 2\}$ and $B = \{ 1 \mapsto B_1, 2 \mapsto B_2 \}$.
For this reason, sometimes `Œ†` is called dependent product (hence the notation).

````
-- the type of the first argument of Œ† can be inferred from the second
forAll : {A : Set} ‚Üí (B : A ‚Üí Set) ‚Üí Set
forAll {A} B = Œ† A B

-- we introduce a convenient syntax reminiscent of universal quantification in logic
‚àÄ-syntax = forAll
infix 0 ‚àÄ-syntax
syntax ‚àÄ-syntax (Œª x ‚Üí B) = ‚àÄ[ x ] B

-- dependent apply; corresponds to ‚àÄ-elimination
apply : {A : Set} ‚Üí {B : A ‚Üí Set} ‚Üí Œ† A B ‚Üí (a : A) ‚Üí B a
apply f x = f x
````

### An example

````
open import code.nat.even-odd
open import code.or
````

We show an application of universal quantification
and prove that every natural number is either even or odd:

````
even‚à®odd : ‚àÄ[ n ] Even n ‚à® Odd n
````

We now explain how the syntax above works.
The latter expands to 

```agda
-- even‚à®odd : forAll (Œª n ‚Üí Even n ‚à® Odd n)
```

which in turn is the same as `Œ† A B`
with `A = ‚Ñï` and `B = Œª n ‚Üí Even n ‚à® Odd n`
(we can avoid typing `n` because its occurrence in `Even n` implies `n : ‚Ñï`), i.e.,

```agda
-- even‚à®odd : Œ† ‚Ñï (Œª n ‚Üí Even n ‚à® Odd n)
```

By unrolling the definition of `Œ† A B = (a : A) ‚Üí B a`,
we finally get

```agda
-- even‚à®odd : (n : ‚Ñï) ‚Üí Even n ‚à® Odd n
```

This shows precisely how the universal quantifier is implemented by having `B a` to depend on `(a : A)`.
Thus, while `‚àÄ[ n ] Even n ‚à® Odd n` is just syntactic sugaring for the more familiar `(n : ‚Ñï) ‚Üí Even n ‚à® Odd n`,
we will use the former when we want to emphasise its logical content,
and the latter when we want to emphasise its computational content.
As a courtesy of the Curry-Howard isomorphism, they correspond to each other.

We now proceed to prove `even‚à®odd`,
which is another instance of external verification.
The proof is by induction on `n`.
In the base case `n = 0` and we can use the base constructor `zero : Even zero`
(notice how `zero` is overloaded):

````
even‚à®odd zero = left zero
````

In the inductive case, we proceed as follows:

````
even‚à®odd (suc n) with even‚à®odd n
... | left even = right (suc even)
... | right odd = left (suc odd)
````

### The `with` pattern matching construct

In order to decide whether `suc n` is even or odd,
we recursively call `even‚à®odd n` and inspect its result:
if it pattern matches with `left even` (where `even : Even n`)
then we return `right (suc even)` (where `suc even : Odd (suc n)`, again `suc` is overloaded),
and symmetrically in the other case.
This is the first time that we see the `with` construct,
which allows us to extend the set of arguments that we can pattern match on.

### **Exercise** (`‚àÄ`, `‚àß`, and `‚à®`)

Which of the following are intuitionistic tautologies?
Which are classic tautologies?
Which are none?
Prove the intuitionistic ones.

1. $\forall a B \wedge C \to (\forall a B) \wedge (\forall a C)$.
2. $(\forall a B) \wedge (\forall a C) \to \forall a B \wedge C$.
3. $\forall a B \vee C \to (\forall a B) \vee (\forall a C)$.
4. $ \forall a B \vee C \to (\forall a B) \vee C$, where $a$ does not occurr in $C$.
5. $(\forall a B) \vee (\forall a C) \to \forall a (B \vee C)$.

*Hint:* If you cannot easily program a solution, then most likely there is no solution.

In [None]:
module code.universal.ex1 where
open import code.universal
open import code.and
open import code.or

-- 1.
‚àÄ‚àß-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí ‚àÄ[ a ] B a ‚àß C a ‚Üí (‚àÄ[ a ] B a) ‚àß (‚àÄ[ a ] C a)
‚àÄ‚àß-distr = ?

-- 2.
‚àß‚àÄ-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí (‚àÄ[ a ] B a) ‚àß (‚àÄ[ a ] C a) ‚Üí ‚àÄ[ a ] B a ‚àß C a
‚àß‚àÄ-distr = ?

-- 3.
‚àÄ‚à®-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí ‚àÄ[ a ] B a ‚à® C a ‚Üí (‚àÄ[ a ] B a) ‚à® (‚àÄ[ a ] C a)
‚àÄ‚à®-distr = ?

-- 4.
‚àÄ‚à®-distr' : {A C : Set} {B : A ‚Üí Set} ‚Üí ‚àÄ[ a ] B a ‚à® C ‚Üí (‚àÄ[ a ] B a) ‚à® C
‚àÄ‚à®-distr' = ?

-- 5.
‚à®‚àÄ-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí (‚àÄ[ a ] B a) ‚à® (‚àÄ[ a ] C a) ‚Üí ‚àÄ[ a ] B a ‚à® C a
‚à®‚àÄ-distr = ?

## The existential quantifier

````
module code.existential where
open import code.universal
open import code.eq
````

In intuitionistic logic,
a proof of $\exists (a : A) B$ is a pair $(a, b)$,
where $a$ is a proof of $A$
and $b$ is a proof of $B\; a$.
Like in universal quantification, we can see $B$ as a family of types indexed by proofs of $A$.
The existential quantifier is implemented with the *dependent product*:

````
data Œ£ (A : Set) (B : A ‚Üí Set) : Set where
    ‚ü®_,_‚ü© : (a : A) ‚Üí B a ‚Üí Œ£ A B
````

Compare this with conjunction, which corresponds to non-dependent product $A \wedge B$:

```agda
-- data _‚àß_ (A : Set) (B : Set) : Set where
--  ‚ü®_,_‚ü© : A ‚Üí B ‚Üí A ‚àß B
```

In this sense, in intuitionistic logic existential quantification `Œ£` generalises conjunction,
which justifies the name dependent product.
(This can create confusion because `Œ†` is sometimes called dependent product too,
since also `Œ†` generalises conjunction.)

Existential quantification also generalises disjunction,
since the type $B_1 \vee B_2$ is isomorphic to $\Sigma\; A\; B$
with $A = \{1, 2\}$ and $B = \{ 1 \mapsto B_1, 2 \mapsto B_2 \}$.
For this reason, `Œ£` is sometimes called dependent sum.

````
thereExists : ‚àÄ {A : Set} (B : A ‚Üí Set) ‚Üí Set
thereExists {A} B = Œ£ A B

‚àÉ-syntax = thereExists
infix 0 ‚àÉ-syntax
syntax ‚àÉ-syntax (Œª x ‚Üí B) = ‚àÉ[ x ] B

-- aka uncurry
‚àÉ-elim : {A : Set} {B : A ‚Üí Set} {C : Set} ‚Üí ((a : A) ‚Üí B a ‚Üí C) ‚Üí Œ£ A B ‚Üí C
‚àÉ-elim a‚Üíb‚Üíc ‚ü® a , b ‚ü© = a‚Üíb‚Üíc a b
````

### **Exercise** (`‚àÉ`, `‚àß`, and `‚à®`)

Establish whether the following are intuitionistic tautologies
and prove it in Agda for the positive cases:

1. $\exists a B \vee C \to (\exists a B) \vee (\exists a C)$.
2. $(\exists a B) \vee (\exists a C) \to \exists a B \vee C$.
3. $\exists a B \wedge C \to (\exists a B) \wedge (\exists a C)$.
4. $(\exists a B) \wedge (\exists a C) \to \exists a B \wedge C$.
5. $(\exists a B) \wedge C \to \exists a B \wedge C$, where $a$ does not occurr in $C$.

In [None]:
module code.existential.prop where
open import code.existential
open import code.and
open import code.or

-- 1
‚àÉ‚à®-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí ‚àÉ[ a ] B a ‚à® C a ‚Üí (‚àÉ[ a ] B a) ‚à® (‚àÉ[ a ] C a)
‚àÉ‚à®-distr = ?

-- 2
‚à®‚àÉ-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí (‚àÉ[ a ] B a) ‚à® (‚àÉ[ a ] C a) ‚Üí ‚àÉ[ a ] B a ‚à® C a
‚à®‚àÉ-distr = ?

-- 3
‚àÉ‚àß-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí ‚àÉ[ a ] B a ‚àß C a ‚Üí (‚àÉ[ a ] B a) ‚àß (‚àÉ[ a ] C a)
‚àÉ‚àß-distr = ?

-- 4
‚àß‚àÉ-distr : {A : Set} {B C : A ‚Üí Set} ‚Üí (‚àÉ[ a ] B a) ‚àß (‚àÉ[ a ] C a) ‚Üí ‚àÉ[ a ] B a ‚àß C a
‚àß‚àÉ-distr = ?

-- 5
‚àß‚àÉ-distr' : {A : Set} {B : A ‚Üí Set} {C : Set} ‚Üí (‚àÉ[ a ] B a) ‚àß C ‚Üí ‚àÉ[ a ] B a ‚àß C
‚àß‚àÉ-distr' = ?

### **Exercise** (`‚àÄ`, `‚àÉ`, and `¬¨`)

 Which of the following hold in intuitionistic logic? Prove it.

1. $\exists a \forall b C \to \forall b \exists a C$, where $C$ depends on $a$ and $b$.
2. $\exists a \neg B \to \neg \forall a B$, where $B$ depends on $a$.
3. $\neg \forall a B \to \exists a \neg B$, where $B$ depends on $a$.

In [None]:
module code.universal-existential where
open import code.universal
open import code.existential
open import code.neg

-- 1
-- B cannot depend on (a : A) for the swap to be possible!
‚àÉ‚àÄ-distr : {A : Set} {B : Set} {C : A ‚Üí B ‚Üí Set} ‚Üí ‚àÉ[ a ] ‚àÄ[ b ] C a b ‚Üí ‚àÄ[ b ] ‚àÉ[ a ] C a b
‚àÉ‚àÄ-distr = ?

-- 2
¬¨‚àÉ‚Üí‚àÄ¬¨ : {A : Set} {B : A ‚Üí Set} ‚Üí ‚àÉ[ a ] ¬¨ B a ‚Üí ¬¨ (‚àÄ[ a ] B a)
¬¨‚àÉ‚Üí‚àÄ¬¨ = ?

-- 3
¬¨‚àÄ‚Üí‚àÉ¬¨ : {A : Set} {B : A ‚Üí Set} ‚Üí ¬¨ (‚àÄ[ a ] B a) ‚Üí ‚àÉ[ a ] ¬¨ B a
¬¨‚àÄ‚Üí‚àÉ¬¨ = ?

# Challenges

In [None]:
module code.conn where
open import code.or public
open import code.neg public 
open import code.and public 
open import code.true-false public

## **Exercise** (Triple negation)

While $\neg \neg A \to A$ does not hold in intuitionistic logic, prove that the following *triple negation* law holds

$$\neg \neg \neg A \to \neg A.$$

*Hint:* Expand the definition of "$\neg$". You should get a function of two arguments and output $\bot$.

In [None]:
module code.lab01.ex03 where
open import code.conn

¬¨¬¨¬¨-rule : {A : Set} ‚Üí ¬¨ ¬¨ ¬¨ A ‚Üí ¬¨ A
¬¨¬¨¬¨-rule = ?

## **Exercise** (Irrefutability)

<!--- In classical logic we have the following *law of excluded middle*:
$$ A \vee \neg A. $$
Why there is no Agda program of the corresponding type `{A : Set} ‚Üí A ‚à® ¬¨ A`? -->

Show that the following classical tautologies $P$ are intuitionistically *irrefutable*, in the sense that $\neg \neg P$ is an intuitionistic tautology:

1. Law of excluded middle: $\neg \neg (A \vee \neg A)$.
   *Hint: Expand the definition of $\neg$. You will need: `left`, `right`, and $\lambda$-abstraction.*
2. Implication as disjunction: $\neg \neg ((A \to B) \to \neg A \vee B)$.
3. De Morgan: $\neg \neg (\neg (A \wedge B) \to \neg A \vee \neg B)$.

In [None]:
module code.lab01.irref where
open import code.conn

excluded-middle-irref : ?
excluded-middle-irref = ?

impl-irref : ?
impl-irref = ?

deMorgan-irref : ?
deMorgan-irref = ?

## **Exercise** (Weak Peirce's law)

Prove the following weakening of Peirce's law:
$$((((A \to B) \to A) \to A) \to B) \to B.$$

In [None]:
module code.lab01.weak-peirce where

wp : {A B : Set} ‚Üí ((((A ‚Üí B) ‚Üí A) ‚Üí A) ‚Üí B) ‚Üí B
wp = ?

## **Exercise**

In the previous exercises we have seen that the following principles are not intuitionistic tautologies:
1. Law of excluded middle: $A \vee \neg A$.
2. Elimination of double negation: $\neg \neg A \to A$.
3. Implication as disjunction: $(A \to B) \to \neg A \vee B$.
4. The Negated De Morgan's law: $\neg (\neg A \wedge \neg B) \to A \vee B$.
5. Peirce's Law: $((A \to B) \to A) \to A$.

Show that all principles above are logically equivalent in intuitionistic logic.
Each propositional variable $A, B$ is universally quantified in each principle.

*Hint:* Prove the following sequence of implications:
- $1 \to 2$.
- $2 \to 3$: Use irrefutability of $(A ‚Üí B) \to \neg A \vee B$, proved earlier:
$ \neg \neg ((A \to B) \to \neg A \vee B).$
- $3 \to 1$.
- $1 \to 4$: Use the excluded middle for $A$ and for $B$.
- $4 \to 1$: Use $\neg (\neg A \wedge \neg B) \to A \vee B$ with $B \equiv \neg A$.
- $1 \to 5$.
- $5 \to 1$: Use Peirce's law $((A' \to B') \to A') \to A'$ with
$A' \equiv A \vee \neg A$ and $B' \equiv \bot.$

In [None]:
module code.lab01.LEM-eq where
open import code.conn public
open import code.lab01.irref public

1‚Üí2 : ?
1‚Üí2 = ?

2‚Üí3 : ?
2‚Üí3 = ?

3‚Üí1 : ?
3‚Üí1 = ?

1‚Üí4 : ?
1‚Üí4 = ?

4‚Üí1 : ?
4‚Üí1 = ?

1‚Üí5 : ?
1‚Üí5 = ?

5‚Üí1 : ?
5‚Üí1 = ?

## **Exercise**

Show that the following two principles are intuitionistically equivalent:
1. De Morgan's Law: $\neg (A \wedge B) \to \neg A \vee \neg B$.
2. The *weak principle of excluded middle*: $\neg A \vee \neg \neg A$.
This is interesting, because the weak principle of excluded middle is strictly weaker than the principle of excluded middle, but it is still not an intuitonistic tautology.

In [None]:
module code.lab01.weak-LEM where

1‚Üí2 : ?
1‚Üí2 = ?

2‚Üí1 : ?
2‚Üí1 = ?