diff --git a/Basics.lagda b/Basics.lagda
new file mode 100644
index 00000000..193ba6d1
--- /dev/null
+++ b/Basics.lagda
@@ -0,0 +1,145 @@
+---
+title         : "Basics: Functional Programming in Agda"
+layout        : default
+hide-implicit : false
+extra-script : [agda-extra-script.html]
+extra-style  : [agda-extra-style.html]
+---
+
+<div class="hidden">
+\begin{code}
+module Basics where
+
+  open import Relation.Binary.PropositionalEquality using (_≡_; refl)
+\end{code}
+</div>
+
+# Basics: Functional Programming in Agda
+
+The functional programming style brings programming closer to
+simple, everyday mathematics: If a procedure or method has no side
+effects, then (ignoring efficiency) all we need to understand
+about it is how it maps inputs to outputs -- that is, we can think
+of it as just a concrete method for computing a mathematical
+function.  This is one sense of the word "functional" in
+"functional programming."  The direct connection between programs
+and simple mathematical objects supports both formal correctness
+proofs and sound informal reasoning about program behavior.
+
+The other sense in which functional programming is "functional" is
+that it emphasizes the use of functions (or methods) as
+*first-class* values -- i.e., values that can be passed as
+arguments to other functions, returned as results, included in
+data structures, etc.  The recognition that functions can be
+treated as data in this way enables a host of useful and powerful
+idioms.
+
+Other common features of functional languages include *algebraic
+data types* and *pattern matching*, which make it easy to
+construct and manipulate rich data structures, and sophisticated
+*polymorphic type systems* supporting abstraction and code reuse.
+Agda shares all of these features.
+
+This chapter introduces the most essential elements of Agda.
+
+## Enumerated Types
+
+One unusual aspect of Agda is that its set of built-in
+features is *extremely* small. For example, instead of providing
+the usual palette of atomic data types (booleans, integers,
+strings, etc.), Agda offers a powerful mechanism for defining new
+data types from scratch, from which all these familiar types arise
+as instances.
+
+Naturally, the Agda distribution comes with an extensive standard
+library providing definitions of booleans, numbers, and many
+common data structures like lists and hash tables.  But there is
+nothing magic or primitive about these library definitions.  To
+illustrate this, we will explicitly recapitulate all the
+definitions we need in this course, rather than just getting them
+implicitly from the library.
+
+To see how this definition mechanism works, let's start with a
+very simple example.
+
+### Days of the Week
+
+The following declaration tells Agda that we are defining
+a new set of data values -- a *type*.
+
+\begin{code}
+  data Day : Set where
+    monday    : Day
+    tuesday   : Day
+    wednesday : Day
+    thursday  : Day
+    friday    : Day
+    saturday  : Day
+    sunday    : Day
+\end{code}
+
+The type is called `day`, and its members are `monday`,
+`tuesday`, etc.  The second and following lines of the definition
+can be read "`monday` is a `day`, `tuesday` is a `day`, etc."
+
+Having defined `day`, we can write functions that operate on
+days.
+
+\begin{code}
+  nextWeekday : Day -> Day
+  nextWeekday monday    = tuesday
+  nextWeekday tuesday   = wednesday
+  nextWeekday wednesday = thursday
+  nextWeekday thursday  = friday
+  nextWeekday friday    = monday
+  nextWeekday saturday  = monday
+  nextWeekday sunday    = monday
+\end{code}
+
+One thing to note is that the argument and return types of
+this function are explicitly declared.  Like most functional
+programming languages, Agda can often figure out these types for
+itself when they are not given explicitly -- i.e., it performs
+*type inference* -- but we'll include them to make reading
+easier.
+
+Having defined a function, we should check that it works on
+some examples. There are actually three different ways to do this
+in Agda.
+
+First, we can use the Emacs command `C-c C-n` to evaluate a
+compound expression involving `nextWeekday`. For instance, `nextWeekday
+friday` should evaluate to `monday`. If you have a computer handy, this
+would be an excellent moment to fire up Agda and try this for yourself.
+Load this file, `Basics.lagda`, load it using `C-c C-l`, submit the
+above example to Agda, and observe the result.
+
+Second, we can record what we *expect* the result to be in the
+form of an Agda type:
+
+\begin{code}
+  test_nextWeekday : nextWeekday (nextWeekday saturday) ≡ tuesday
+\end{code}
+
+This declaration does two things: it makes an assertion (that the second
+weekday after `saturday` is `tuesday`), and it gives the assertion a name
+that can be used to refer to it later.
+
+Having made the assertion, we must also verify it. We do this by giving
+a term of the above type:
+
+\begin{code}
+  test_nextWeekday = refl
+\end{code}
+
+There is no essential difference between the definition for
+`test_nextWeekday` here and the definition for `nextWeekday` above,
+except for the new symbol for equality `≡` and the constructor `refl`.
+The details of these are not important for now (we'll come back to them in
+a bit), but essentially `refl` can be read as "The assertion we've made
+can be proved by observing that both sides of the equality evaluate to the
+same thing, after some simplification."
+
+Third, we can ask Agda to *compile* some program involving our definition,
+This facility is very interesting, since it gives us a way to construct
+*fully certified* programs. We'll come back to this topic in later chapters.
diff --git a/Basics.md b/Basics.md
new file mode 100644
index 00000000..340a22da
--- /dev/null
+++ b/Basics.md
@@ -0,0 +1,457 @@
+---
+title         : "Basics: Functional Programming in Agda"
+layout        : default
+hide-implicit : false
+extra-script : [agda-extra-script.html]
+extra-style  : [agda-extra-style.html]
+---
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="226" class="Keyword"
+      >module</a
+      ><a name="232"
+      > </a
+      ><a name="233" href="Basics.html#1" class="Module"
+      >Basics</a
+      ><a name="239"
+      > </a
+      ><a name="240" class="Keyword"
+      >where</a
+      ><a name="245"
+      >
+
+  </a
+      ><a name="249" class="Keyword"
+      >open</a
+      ><a name="253"
+      > </a
+      ><a name="254" class="Keyword"
+      >import</a
+      ><a name="260"
+      > </a
+      ><a name="261" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.html#1" class="Module"
+      >Relation.Binary.PropositionalEquality</a
+      ><a name="298"
+      > </a
+      ><a name="299" class="Keyword"
+      >using</a
+      ><a name="304"
+      > </a
+      ><a name="305" class="Symbol"
+      >(</a
+      ><a name="306" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >_&#8801;_</a
+      ><a name="309" class="Symbol"
+      >;</a
+      ><a name="310"
+      > </a
+      ><a name="311" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="315" class="Symbol"
+      >)</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+# Basics: Functional Programming in Agda
+
+The functional programming style brings programming closer to
+simple, everyday mathematics: If a procedure or method has no side
+effects, then (ignoring efficiency) all we need to understand
+about it is how it maps inputs to outputs -- that is, we can think
+of it as just a concrete method for computing a mathematical
+function.  This is one sense of the word "functional" in
+"functional programming."  The direct connection between programs
+and simple mathematical objects supports both formal correctness
+proofs and sound informal reasoning about program behavior.
+
+The other sense in which functional programming is "functional" is
+that it emphasizes the use of functions (or methods) as
+*first-class* values -- i.e., values that can be passed as
+arguments to other functions, returned as results, included in
+data structures, etc.  The recognition that functions can be
+treated as data in this way enables a host of useful and powerful
+idioms.
+
+Other common features of functional languages include *algebraic
+data types* and *pattern matching*, which make it easy to
+construct and manipulate rich data structures, and sophisticated
+*polymorphic type systems* supporting abstraction and code reuse.
+Agda shares all of these features.
+
+This chapter introduces the most essential elements of Agda.
+
+## Enumerated Types
+
+One unusual aspect of Agda is that its set of built-in
+features is *extremely* small. For example, instead of providing
+the usual palette of atomic data types (booleans, integers,
+strings, etc.), Agda offers a powerful mechanism for defining new
+data types from scratch, from which all these familiar types arise
+as instances.
+
+Naturally, the Agda distribution comes with an extensive standard
+library providing definitions of booleans, numbers, and many
+common data structures like lists and hash tables.  But there is
+nothing magic or primitive about these library definitions.  To
+illustrate this, we will explicitly recapitulate all the
+definitions we need in this course, rather than just getting them
+implicitly from the library.
+
+To see how this definition mechanism works, let's start with a
+very simple example.
+
+### Days of the Week
+
+The following declaration tells Agda that we are defining
+a new set of data values -- a *type*.
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="2656" class="Keyword"
+      >data</a
+      ><a name="2660"
+      > </a
+      ><a name="2661" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      ><a name="2664"
+      > </a
+      ><a name="2665" class="Symbol"
+      >:</a
+      ><a name="2666"
+      > </a
+      ><a name="2667" class="PrimitiveType"
+      >Set</a
+      ><a name="2670"
+      > </a
+      ><a name="2671" class="Keyword"
+      >where</a
+      ><a name="2676"
+      >
+    </a
+      ><a name="2681" href="Basics.html#2681" class="InductiveConstructor"
+      >monday</a
+      ><a name="2687"
+      >    </a
+      ><a name="2691" class="Symbol"
+      >:</a
+      ><a name="2692"
+      > </a
+      ><a name="2693" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      ><a name="2696"
+      >
+    </a
+      ><a name="2701" href="Basics.html#2701" class="InductiveConstructor"
+      >tuesday</a
+      ><a name="2708"
+      >   </a
+      ><a name="2711" class="Symbol"
+      >:</a
+      ><a name="2712"
+      > </a
+      ><a name="2713" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      ><a name="2716"
+      >
+    </a
+      ><a name="2721" href="Basics.html#2721" class="InductiveConstructor"
+      >wednesday</a
+      ><a name="2730"
+      > </a
+      ><a name="2731" class="Symbol"
+      >:</a
+      ><a name="2732"
+      > </a
+      ><a name="2733" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      ><a name="2736"
+      >
+    </a
+      ><a name="2741" href="Basics.html#2741" class="InductiveConstructor"
+      >thursday</a
+      ><a name="2749"
+      >  </a
+      ><a name="2751" class="Symbol"
+      >:</a
+      ><a name="2752"
+      > </a
+      ><a name="2753" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      ><a name="2756"
+      >
+    </a
+      ><a name="2761" href="Basics.html#2761" class="InductiveConstructor"
+      >friday</a
+      ><a name="2767"
+      >    </a
+      ><a name="2771" class="Symbol"
+      >:</a
+      ><a name="2772"
+      > </a
+      ><a name="2773" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      ><a name="2776"
+      >
+    </a
+      ><a name="2781" href="Basics.html#2781" class="InductiveConstructor"
+      >saturday</a
+      ><a name="2789"
+      >  </a
+      ><a name="2791" class="Symbol"
+      >:</a
+      ><a name="2792"
+      > </a
+      ><a name="2793" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      ><a name="2796"
+      >
+    </a
+      ><a name="2801" href="Basics.html#2801" class="InductiveConstructor"
+      >sunday</a
+      ><a name="2807"
+      >    </a
+      ><a name="2811" class="Symbol"
+      >:</a
+      ><a name="2812"
+      > </a
+      ><a name="2813" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      >
+</pre><!--{% endraw %}-->
+
+The type is called `day`, and its members are `monday`,
+`tuesday`, etc.  The second and following lines of the definition
+can be read "`monday` is a `day`, `tuesday` is a `day`, etc."
+
+Having defined `day`, we can write functions that operate on
+days.
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="3097" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="3108"
+      > </a
+      ><a name="3109" class="Symbol"
+      >:</a
+      ><a name="3110"
+      > </a
+      ><a name="3111" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      ><a name="3114"
+      > </a
+      ><a name="3115" class="Symbol"
+      >-&gt;</a
+      ><a name="3117"
+      > </a
+      ><a name="3118" href="Basics.html#2661" class="Datatype"
+      >Day</a
+      ><a name="3121"
+      >
+  </a
+      ><a name="3124" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="3135"
+      > </a
+      ><a name="3136" href="Basics.html#2681" class="InductiveConstructor"
+      >monday</a
+      ><a name="3142"
+      >    </a
+      ><a name="3146" class="Symbol"
+      >=</a
+      ><a name="3147"
+      > </a
+      ><a name="3148" href="Basics.html#2701" class="InductiveConstructor"
+      >tuesday</a
+      ><a name="3155"
+      >
+  </a
+      ><a name="3158" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="3169"
+      > </a
+      ><a name="3170" href="Basics.html#2701" class="InductiveConstructor"
+      >tuesday</a
+      ><a name="3177"
+      >   </a
+      ><a name="3180" class="Symbol"
+      >=</a
+      ><a name="3181"
+      > </a
+      ><a name="3182" href="Basics.html#2721" class="InductiveConstructor"
+      >wednesday</a
+      ><a name="3191"
+      >
+  </a
+      ><a name="3194" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="3205"
+      > </a
+      ><a name="3206" href="Basics.html#2721" class="InductiveConstructor"
+      >wednesday</a
+      ><a name="3215"
+      > </a
+      ><a name="3216" class="Symbol"
+      >=</a
+      ><a name="3217"
+      > </a
+      ><a name="3218" href="Basics.html#2741" class="InductiveConstructor"
+      >thursday</a
+      ><a name="3226"
+      >
+  </a
+      ><a name="3229" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="3240"
+      > </a
+      ><a name="3241" href="Basics.html#2741" class="InductiveConstructor"
+      >thursday</a
+      ><a name="3249"
+      >  </a
+      ><a name="3251" class="Symbol"
+      >=</a
+      ><a name="3252"
+      > </a
+      ><a name="3253" href="Basics.html#2761" class="InductiveConstructor"
+      >friday</a
+      ><a name="3259"
+      >
+  </a
+      ><a name="3262" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="3273"
+      > </a
+      ><a name="3274" href="Basics.html#2761" class="InductiveConstructor"
+      >friday</a
+      ><a name="3280"
+      >    </a
+      ><a name="3284" class="Symbol"
+      >=</a
+      ><a name="3285"
+      > </a
+      ><a name="3286" href="Basics.html#2681" class="InductiveConstructor"
+      >monday</a
+      ><a name="3292"
+      >
+  </a
+      ><a name="3295" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="3306"
+      > </a
+      ><a name="3307" href="Basics.html#2781" class="InductiveConstructor"
+      >saturday</a
+      ><a name="3315"
+      >  </a
+      ><a name="3317" class="Symbol"
+      >=</a
+      ><a name="3318"
+      > </a
+      ><a name="3319" href="Basics.html#2681" class="InductiveConstructor"
+      >monday</a
+      ><a name="3325"
+      >
+  </a
+      ><a name="3328" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="3339"
+      > </a
+      ><a name="3340" href="Basics.html#2801" class="InductiveConstructor"
+      >sunday</a
+      ><a name="3346"
+      >    </a
+      ><a name="3350" class="Symbol"
+      >=</a
+      ><a name="3351"
+      > </a
+      ><a name="3352" href="Basics.html#2681" class="InductiveConstructor"
+      >monday</a
+      >
+</pre><!--{% endraw %}-->
+
+One thing to note is that the argument and return types of
+this function are explicitly declared.  Like most functional
+programming languages, Agda can often figure out these types for
+itself when they are not given explicitly -- i.e., it performs
+*type inference* -- but we'll include them to make reading
+easier.
+
+Having defined a function, we should check that it works on
+some examples. There are actually three different ways to do this
+in Agda.
+
+First, we can use the Emacs command `C-c C-n` to evaluate a
+compound expression involving `nextWeekday`. For instance, `nextWeekday
+friday` should evaluate to `monday`. If you have a computer handy, this
+would be an excellent moment to fire up Agda and try this for yourself.
+Load this file, `Basics.lagda`, load it using `C-c C-l`, submit the
+above example to Agda, and observe the result.
+
+Second, we can record what we *expect* the result to be in the
+form of an Agda type:
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="4316" href="Basics.html#4316" class="Function Operator"
+      >test_nextWeekday</a
+      ><a name="4332"
+      > </a
+      ><a name="4333" class="Symbol"
+      >:</a
+      ><a name="4334"
+      > </a
+      ><a name="4335" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="4346"
+      > </a
+      ><a name="4347" class="Symbol"
+      >(</a
+      ><a name="4348" href="Basics.html#3097" class="Function"
+      >nextWeekday</a
+      ><a name="4359"
+      > </a
+      ><a name="4360" href="Basics.html#2781" class="InductiveConstructor"
+      >saturday</a
+      ><a name="4368" class="Symbol"
+      >)</a
+      ><a name="4369"
+      > </a
+      ><a name="4370" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="4371"
+      > </a
+      ><a name="4372" href="Basics.html#2701" class="InductiveConstructor"
+      >tuesday</a
+      >
+</pre><!--{% endraw %}-->
+
+This declaration does two things: it makes an assertion (that the second
+weekday after `saturday` is `tuesday`), and it gives the assertion a name
+that can be used to refer to it later.
+
+Having made the assertion, we must also verify it. We do this by giving
+a term of the above type:
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="4693" href="Basics.html#4316" class="Function Operator"
+      >test_nextWeekday</a
+      ><a name="4709"
+      > </a
+      ><a name="4710" class="Symbol"
+      >=</a
+      ><a name="4711"
+      > </a
+      ><a name="4712" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+There is no essential difference between the definition for
+`test_nextWeekday` here and the definition for `nextWeekday` above,
+except for the new symbol for equality `≡` and the constructor `refl`.
+The details of these are not important for now (we'll come back to them in
+a bit), but essentially `refl` can be read as "The assertion we've made
+can be proved by observing that both sides of the equality evaluate to the
+same thing, after some simplification."
+
+Third, we can ask Agda to *compile* some program involving our definition,
+This facility is very interesting, since it gives us a way to construct
+*fully certified* programs. We'll come back to this topic in later chapters.
diff --git a/Maps.lagda b/Maps.lagda
new file mode 100644
index 00000000..36d306ce
--- /dev/null
+++ b/Maps.lagda
@@ -0,0 +1,345 @@
+---
+title         : "Maps: Total and Partial Maps"
+layout        : default
+hide-implicit : false
+extra-script : [agda-extra-script.html]
+extra-style  : [agda-extra-style.html]
+permalink     : "sf/Maps.html"
+---
+
+# Maps: Total and Partial Maps
+
+Maps (or dictionaries) are ubiquitous data structures, both in
+software construction generally and in the theory of programming
+languages in particular; we're going to need them in many places in
+the coming chapters.  They also make a nice case study using ideas
+we've seen in previous chapters, including building data structures
+out of higher-order functions (from [Basics](sf/Basics.html)
+and [Poly](sf/Poly.html) and the use of reflection to streamline
+proofs (from [IndProp](sf/IndProp.html).
+
+We'll define two flavors of maps: _total_ maps, which include a
+"default" element to be returned when a key being looked up
+doesn't exist, and _partial_ maps, which return an `Maybe` to
+indicate success or failure.  The latter is defined in terms of
+the former, using `nothing` as the default element.
+
+## The Agda Standard Library
+
+One small digression before we start.
+
+Unlike the chapters we have seen so far, this one does not
+import the chapter before it (and, transitively, all the
+earlier chapters).  Instead, in this chapter and from now, on
+we're going to import the definitions and theorems we need
+directly from Agda's standard library stuff.  You should not notice
+much difference, though, because we've been careful to name our
+own definitions and theorems the same as their counterparts in the
+standard library, wherever they overlap.
+
+\begin{code}
+open import Function         using (_∘_)
+open import Data.Bool        using (Bool; true; false)
+open import Data.Empty       using (⊥; ⊥-elim)
+open import Data.Maybe       using (Maybe; just; nothing)
+open import Data.Nat         using (ℕ)
+open import Relation.Nullary using (Dec; yes; no)
+open import Relation.Binary.PropositionalEquality
+\end{code}
+
+Documentation for the standard library can be found at
+<https://agda.github.io/agda-stdlib/>.
+
+## Identifiers
+
+First, we need a type for the keys that we use to index into our
+maps.  For this purpose, we again use the type Id` from the
+[Lists](sf/Lists.html) chapter.  To make this chapter self contained,
+we repeat its definition here, together with the equality comparison
+function for ids and its fundamental property.
+
+\begin{code}
+data Id : Set where
+  id : ℕ → Id
+\end{code}
+
+\begin{code}
+_≟_ : (x y : Id) → Dec (x ≡ y)
+id x ≟ id y with x Data.Nat.≟ y
+id x ≟ id y | yes x=y rewrite x=y = yes refl
+id x ≟ id y | no  x≠y = no (x≠y ∘ id-inj)
+  where
+    id-inj : ∀ {x y} → id x ≡ id y → x ≡ y
+    id-inj refl = refl
+\end{code}
+
+## Total Maps
+
+Our main job in this chapter will be to build a definition of
+partial maps that is similar in behavior to the one we saw in the
+[Lists](sf/Lists.html) chapter, plus accompanying lemmas about their
+behavior.
+
+This time around, though, we're going to use _functions_, rather
+than lists of key-value pairs, to build maps.  The advantage of
+this representation is that it offers a more _extensional_ view of
+maps, where two maps that respond to queries in the same way will
+be represented as literally the same thing (the same function),
+rather than just "equivalent" data structures.  This, in turn,
+simplifies proofs that use maps.
+
+We build partial maps in two steps.  First, we define a type of
+_total maps_ that return a default value when we look up a key
+that is not present in the map.
+
+\begin{code}
+TotalMap : Set → Set
+TotalMap A = Id → A
+\end{code}
+
+Intuitively, a total map over anfi element type $$A$$ _is_ just a
+function that can be used to look up ids, yielding $$A$$s.
+
+\begin{code}
+module TotalMap where
+\end{code}
+
+The function `empty` yields an empty total map, given a
+default element; this map always returns the default element when
+applied to any id.
+
+\begin{code}
+  empty : ∀ {A} → A → TotalMap A
+  empty x = λ _ → x
+\end{code}
+
+More interesting is the `update` function, which (as before) takes
+a map $$m$$, a key $$x$$, and a value $$v$$ and returns a new map that
+takes $$x$$ to $$v$$ and takes every other key to whatever $$m$$ does.
+
+\begin{code}
+  update : ∀ {A} → TotalMap A -> Id -> A -> TotalMap A
+  update m x v y with x ≟ y
+  ... | yes x=y = v
+  ... | no  x≠y = m y
+\end{code}
+
+This definition is a nice example of higher-order programming.
+The `update` function takes a _function_ $$m$$ and yields a new
+function $$\lambda x'.\vdots$$ that behaves like the desired map.
+
+For example, we can build a map taking ids to bools, where `id
+3` is mapped to `true` and every other key is mapped to `false`,
+like this:
+
+\begin{code}
+  examplemap : TotalMap Bool
+  examplemap = update (update (empty false) (id 1) false) (id 3) true
+\end{code}
+
+This completes the definition of total maps.  Note that we don't
+need to define a `find` operation because it is just function
+application!
+
+\begin{code}
+  test_examplemap0 : examplemap (id 0) ≡ false
+  test_examplemap0 = refl
+
+  test_examplemap1 : examplemap (id 1) ≡ false
+  test_examplemap1 = refl
+
+  test_examplemap2 : examplemap (id 2) ≡ false
+  test_examplemap2 = refl
+
+  test_examplemap3 : examplemap (id 3) ≡ true
+  test_examplemap3 = refl
+\end{code}
+
+To use maps in later chapters, we'll need several fundamental
+facts about how they behave.  Even if you don't work the following
+exercises, make sure you thoroughly understand the statements of
+the lemmas!  (Some of the proofs require the functional
+extensionality axiom, which is discussed in the [Logic]
+chapter and included in the Agda standard library.)
+
+#### Exercise: 1 star, optional (apply-empty)
+First, the empty map returns its default element for all keys:
+
+\begin{code}
+  postulate
+    apply-empty : ∀ {A x v} → empty {A} v x ≡ v
+\end{code}
+
+<div class="hidden">
+\begin{code}
+  apply-empty′ : ∀ {A x v} → empty {A} v x ≡ v
+  apply-empty′ = refl
+\end{code}
+</div>
+
+#### Exercise: 2 stars, optional (update-eq)
+Next, if we update a map $$m$$ at a key $$x$$ with a new value $$v$$
+and then look up $$x$$ in the map resulting from the `update`, we get
+back $$v$$:
+
+\begin{code}
+  postulate
+    update-eq : ∀ {A v} (m : TotalMap A) (x : Id)
+              → (update m x v) x ≡ v
+\end{code}
+
+<div class="hidden">
+\begin{code}
+  update-eq′ : ∀ {A v} (m : TotalMap A) (x : Id)
+             → (update m x v) x ≡ v
+  update-eq′ m x with x ≟ x
+  ... | yes x=x = refl
+  ... | no  x≠x = ⊥-elim (x≠x refl)
+\end{code}
+</div>
+
+#### Exercise: 2 stars, optional (update-neq)
+On the other hand, if we update a map $$m$$ at a key $$x$$ and
+then look up a _different_ key $$y$$ in the resulting map, we get
+the same result that $$m$$ would have given:
+
+\begin{code}
+  update-neq : ∀ {A v} (m : TotalMap A) (x y : Id)
+             → x ≢ y → (update m x v) y ≡ m y
+  update-neq m x y x≠y with x ≟ y
+  ... | yes x=y = ⊥-elim (x≠y x=y)
+  ... | no  _   = refl
+\end{code}
+
+#### Exercise: 2 stars, optional (update-shadow)
+If we update a map $$m$$ at a key $$x$$ with a value $$v_1$$ and then
+update again with the same key $$x$$ and another value $$v_2$$, the
+resulting map behaves the same (gives the same result when applied
+to any key) as the simpler map obtained by performing just
+the second `update` on $$m$$:
+
+\begin{code}
+  postulate
+    update-shadow : ∀ {A v1 v2} (m : TotalMap A) (x y : Id)
+                  → (update (update m x v1) x v2) y ≡ (update m x v2) y
+\end{code}
+
+<div class="hidden">
+\begin{code}
+  update-shadow′ : ∀ {A v1 v2} (m : TotalMap A) (x y : Id)
+                 → (update (update m x v1) x v2) y ≡ (update m x v2) y
+  update-shadow′ m x y
+      with x ≟ y
+  ... | yes x=y = refl
+  ... | no  x≠y = update-neq m x y x≠y
+\end{code}
+</div>
+
+#### Exercise: 2 stars (update-same)
+Prove the following theorem, which states that if we update a map to
+assign key $$x$$ the same value as it already has in $$m$$, then the
+result is equal to $$m$$:
+
+\begin{code}
+  postulate
+    update-same : ∀ {A} (m : TotalMap A) (x y : Id)
+                → (update m x (m x)) y ≡ m y
+\end{code}
+
+<div class="hidden">
+\begin{code}
+  update-same′ : ∀ {A} (m : TotalMap A) (x y : Id)
+               → (update m x (m x)) y ≡ m y
+  update-same′ m x y
+    with x ≟ y
+  ... | yes x=y rewrite x=y = refl
+  ... | no  x≠y = refl
+\end{code}
+</div>
+
+#### Exercise: 3 stars, recommended (update-permute)
+Prove one final property of the `update` function: If we update a map
+$$m$$ at two distinct keys, it doesn't matter in which order we do the
+updates.
+
+\begin{code}
+  postulate
+    update-permute : ∀ {A v1 v2} (m : TotalMap A) (x1 x2 y : Id)
+                   → x1 ≢ x2 → (update (update m x2 v2) x1 v1) y
+                             ≡ (update (update m x1 v1) x2 v2) y
+\end{code}
+
+<div class="hidden">
+\begin{code}
+  update-permute′ : ∀ {A v1 v2} (m : TotalMap A) (x1 x2 y : Id)
+                  → x1 ≢ x2 → (update (update m x2 v2) x1 v1) y
+                            ≡ (update (update m x1 v1) x2 v2) y
+  update-permute′ {A} {v1} {v2} m x1 x2 y x1≠x2
+    with x1 ≟ y | x2 ≟ y
+  ... | yes x1=y | yes x2=y = ⊥-elim (x1≠x2 (trans x1=y (sym x2=y)))
+  ... | no  x1≠y | yes x2=y rewrite x2=y = update-eq′ m y
+  ... | yes x1=y | no  x2≠y rewrite x1=y = sym (update-eq′ m y)
+  ... | no  x1≠y | no  x2≠y =
+    trans (update-neq m x2 y x2≠y) (sym (update-neq m x1 y x1≠y))
+\end{code}
+</div>
+
+## Partial maps
+
+Finally, we define _partial maps_ on top of total maps.  A partial
+map with elements of type `A` is simply a total map with elements
+of type `Maybe A` and default element `nothing`.
+
+\begin{code}
+PartialMap : Set → Set
+PartialMap A = TotalMap (Maybe A)
+\end{code}
+
+\begin{code}
+module PartialMap where
+\end{code}
+
+\begin{code}
+  empty : ∀ {A} → PartialMap A
+  empty = TotalMap.empty nothing
+\end{code}
+
+\begin{code}
+  update : ∀ {A} (m : PartialMap A) (x : Id) (v : A) → PartialMap A
+  update m x v = TotalMap.update m x (just v)
+\end{code}
+
+We can now lift all of the basic lemmas about total maps to
+partial maps.
+
+\begin{code}
+  update-eq : ∀ {A v} (m : PartialMap A) (x : Id)
+            → (update m x v) x ≡ just v
+  update-eq m x = TotalMap.update-eq m x
+\end{code}
+
+\begin{code}
+  update-neq : ∀ {A v} (m : PartialMap A) (x y : Id)
+             → x ≢ y → (update m x v) y ≡ m y
+  update-neq m x y x≠y = TotalMap.update-neq m x y x≠y
+\end{code}
+
+\begin{code}
+  update-shadow : ∀ {A v1 v2} (m : PartialMap A) (x y : Id)
+                → (update (update m x v1) x v2) y ≡ (update m x v2) y
+  update-shadow m x y = TotalMap.update-shadow m x y
+\end{code}
+
+\begin{code}
+  update-same : ∀ {A v} (m : PartialMap A) (x y : Id)
+              → m x ≡ just v
+              → (update m x v) y ≡ m y
+  update-same m x y mx=v rewrite sym mx=v = TotalMap.update-same m x y
+\end{code}
+
+\begin{code}
+  update-permute : ∀ {A v1 v2} (m : PartialMap A) (x1 x2 y : Id)
+                 → x1 ≢ x2 → (update (update m x2 v2) x1 v1) y
+                           ≡ (update (update m x1 v1) x2 v2) y
+  update-permute m x1 x2 y x1≠x2 = TotalMap.update-permute m x1 x2 y x1≠x2
+\end{code}
diff --git a/Maps.md b/Maps.md
new file mode 100644
index 00000000..8902d3aa
--- /dev/null
+++ b/Maps.md
@@ -0,0 +1,4467 @@
+---
+title         : "Maps: Total and Partial Maps"
+layout        : default
+hide-implicit : false
+extra-script : [agda-extra-script.html]
+extra-style  : [agda-extra-style.html]
+permalink     : "sf/Maps.html"
+---
+
+# Maps: Total and Partial Maps
+
+Maps (or dictionaries) are ubiquitous data structures, both in
+software construction generally and in the theory of programming
+languages in particular; we're going to need them in many places in
+the coming chapters.  They also make a nice case study using ideas
+we've seen in previous chapters, including building data structures
+out of higher-order functions (from [Basics](sf/Basics.html)
+and [Poly](sf/Poly.html) and the use of reflection to streamline
+proofs (from [IndProp](sf/IndProp.html).
+
+We'll define two flavors of maps: _total_ maps, which include a
+"default" element to be returned when a key being looked up
+doesn't exist, and _partial_ maps, which return an `Maybe` to
+indicate success or failure.  The latter is defined in terms of
+the former, using `nothing` as the default element.
+
+## The Agda Standard Library
+
+One small digression before we start.
+
+Unlike the chapters we have seen so far, this one does not
+import the chapter before it (and, transitively, all the
+earlier chapters).  Instead, in this chapter and from now, on
+we're going to import the definitions and theorems we need
+directly from Agda's standard library stuff.  You should not notice
+much difference, though, because we've been careful to name our
+own definitions and theorems the same as their counterparts in the
+standard library, wherever they overlap.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="1607" class="Keyword"
+      >open</a
+      ><a name="1611"
+      > </a
+      ><a name="1612" class="Keyword"
+      >import</a
+      ><a name="1618"
+      > </a
+      ><a name="1619" href="https://agda.github.io/agda-stdlib/Function.html#1" class="Module"
+      >Function</a
+      ><a name="1627"
+      >         </a
+      ><a name="1636" class="Keyword"
+      >using</a
+      ><a name="1641"
+      > </a
+      ><a name="1642" class="Symbol"
+      >(</a
+      ><a name="1643" href="https://agda.github.io/agda-stdlib/Function.html#713" class="Function Operator"
+      >_&#8728;_</a
+      ><a name="1646" class="Symbol"
+      >)</a
+      ><a name="1647"
+      >
+</a
+      ><a name="1648" class="Keyword"
+      >open</a
+      ><a name="1652"
+      > </a
+      ><a name="1653" class="Keyword"
+      >import</a
+      ><a name="1659"
+      > </a
+      ><a name="1660" href="https://agda.github.io/agda-stdlib/Data.Bool.html#1" class="Module"
+      >Data.Bool</a
+      ><a name="1669"
+      >        </a
+      ><a name="1677" class="Keyword"
+      >using</a
+      ><a name="1682"
+      > </a
+      ><a name="1683" class="Symbol"
+      >(</a
+      ><a name="1684" href="Agda.Builtin.Bool.html#39" class="Datatype"
+      >Bool</a
+      ><a name="1688" class="Symbol"
+      >;</a
+      ><a name="1689"
+      > </a
+      ><a name="1690" href="Agda.Builtin.Bool.html#64" class="InductiveConstructor"
+      >true</a
+      ><a name="1694" class="Symbol"
+      >;</a
+      ><a name="1695"
+      > </a
+      ><a name="1696" href="Agda.Builtin.Bool.html#58" class="InductiveConstructor"
+      >false</a
+      ><a name="1701" class="Symbol"
+      >)</a
+      ><a name="1702"
+      >
+</a
+      ><a name="1703" class="Keyword"
+      >open</a
+      ><a name="1707"
+      > </a
+      ><a name="1708" class="Keyword"
+      >import</a
+      ><a name="1714"
+      > </a
+      ><a name="1715" href="https://agda.github.io/agda-stdlib/Data.Empty.html#1" class="Module"
+      >Data.Empty</a
+      ><a name="1725"
+      >       </a
+      ><a name="1732" class="Keyword"
+      >using</a
+      ><a name="1737"
+      > </a
+      ><a name="1738" class="Symbol"
+      >(</a
+      ><a name="1739" href="https://agda.github.io/agda-stdlib/Data.Empty.html#243" class="Datatype"
+      >&#8869;</a
+      ><a name="1740" class="Symbol"
+      >;</a
+      ><a name="1741"
+      > </a
+      ><a name="1742" href="https://agda.github.io/agda-stdlib/Data.Empty.html#348" class="Function"
+      >&#8869;-elim</a
+      ><a name="1748" class="Symbol"
+      >)</a
+      ><a name="1749"
+      >
+</a
+      ><a name="1750" class="Keyword"
+      >open</a
+      ><a name="1754"
+      > </a
+      ><a name="1755" class="Keyword"
+      >import</a
+      ><a name="1761"
+      > </a
+      ><a name="1762" href="https://agda.github.io/agda-stdlib/Data.Maybe.html#1" class="Module"
+      >Data.Maybe</a
+      ><a name="1772"
+      >       </a
+      ><a name="1779" class="Keyword"
+      >using</a
+      ><a name="1784"
+      > </a
+      ><a name="1785" class="Symbol"
+      >(</a
+      ><a name="1786" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#335" class="Datatype"
+      >Maybe</a
+      ><a name="1791" class="Symbol"
+      >;</a
+      ><a name="1792"
+      > </a
+      ><a name="1793" href="https://agda.github.io/agda-stdlib/Data.Maybe.html#1527" class="InductiveConstructor"
+      >just</a
+      ><a name="1797" class="Symbol"
+      >;</a
+      ><a name="1798"
+      > </a
+      ><a name="1799" href="https://agda.github.io/agda-stdlib/Data.Maybe.html#1588" class="InductiveConstructor"
+      >nothing</a
+      ><a name="1806" class="Symbol"
+      >)</a
+      ><a name="1807"
+      >
+</a
+      ><a name="1808" class="Keyword"
+      >open</a
+      ><a name="1812"
+      > </a
+      ><a name="1813" class="Keyword"
+      >import</a
+      ><a name="1819"
+      > </a
+      ><a name="1820" href="https://agda.github.io/agda-stdlib/Data.Nat.html#1" class="Module"
+      >Data.Nat</a
+      ><a name="1828"
+      >         </a
+      ><a name="1837" class="Keyword"
+      >using</a
+      ><a name="1842"
+      > </a
+      ><a name="1843" class="Symbol"
+      >(</a
+      ><a name="1844" href="Agda.Builtin.Nat.html#69" class="Datatype"
+      >&#8469;</a
+      ><a name="1845" class="Symbol"
+      >)</a
+      ><a name="1846"
+      >
+</a
+      ><a name="1847" class="Keyword"
+      >open</a
+      ><a name="1851"
+      > </a
+      ><a name="1852" class="Keyword"
+      >import</a
+      ><a name="1858"
+      > </a
+      ><a name="1859" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#1" class="Module"
+      >Relation.Nullary</a
+      ><a name="1875"
+      > </a
+      ><a name="1876" class="Keyword"
+      >using</a
+      ><a name="1881"
+      > </a
+      ><a name="1882" class="Symbol"
+      >(</a
+      ><a name="1883" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#484" class="Datatype"
+      >Dec</a
+      ><a name="1886" class="Symbol"
+      >;</a
+      ><a name="1887"
+      > </a
+      ><a name="1888" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="1891" class="Symbol"
+      >;</a
+      ><a name="1892"
+      > </a
+      ><a name="1893" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="1895" class="Symbol"
+      >)</a
+      ><a name="1896"
+      >
+</a
+      ><a name="1897" class="Keyword"
+      >open</a
+      ><a name="1901"
+      > </a
+      ><a name="1902" class="Keyword"
+      >import</a
+      ><a name="1908"
+      > </a
+      ><a name="1909" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.html#1" class="Module"
+      >Relation.Binary.PropositionalEquality</a
+      >
+</pre><!--{% endraw %}-->
+
+Documentation for the standard library can be found at
+<https://agda.github.io/agda-stdlib/>.
+
+## Identifiers
+
+First, we need a type for the keys that we use to index into our
+maps.  For this purpose, we again use the type Id` from the
+[Lists](sf/Lists.html) chapter.  To make this chapter self contained,
+we repeat its definition here, together with the equality comparison
+function for ids and its fundamental property.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="2395" class="Keyword"
+      >data</a
+      ><a name="2399"
+      > </a
+      ><a name="2400" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="2402"
+      > </a
+      ><a name="2403" class="Symbol"
+      >:</a
+      ><a name="2404"
+      > </a
+      ><a name="2405" class="PrimitiveType"
+      >Set</a
+      ><a name="2408"
+      > </a
+      ><a name="2409" class="Keyword"
+      >where</a
+      ><a name="2414"
+      >
+  </a
+      ><a name="2417" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="2419"
+      > </a
+      ><a name="2420" class="Symbol"
+      >:</a
+      ><a name="2421"
+      > </a
+      ><a name="2422" href="Agda.Builtin.Nat.html#69" class="Datatype"
+      >&#8469;</a
+      ><a name="2423"
+      > </a
+      ><a name="2424" class="Symbol"
+      >&#8594;</a
+      ><a name="2425"
+      > </a
+      ><a name="2426" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+<a name="2454" href="Maps.html#2454" class="Function Operator"
+      >_&#8799;_</a
+      ><a name="2457"
+      > </a
+      ><a name="2458" class="Symbol"
+      >:</a
+      ><a name="2459"
+      > </a
+      ><a name="2460" class="Symbol"
+      >(</a
+      ><a name="2461" href="Maps.html#2461" class="Bound"
+      >x</a
+      ><a name="2462"
+      > </a
+      ><a name="2463" href="Maps.html#2463" class="Bound"
+      >y</a
+      ><a name="2464"
+      > </a
+      ><a name="2465" class="Symbol"
+      >:</a
+      ><a name="2466"
+      > </a
+      ><a name="2467" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="2469" class="Symbol"
+      >)</a
+      ><a name="2470"
+      > </a
+      ><a name="2471" class="Symbol"
+      >&#8594;</a
+      ><a name="2472"
+      > </a
+      ><a name="2473" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#484" class="Datatype"
+      >Dec</a
+      ><a name="2476"
+      > </a
+      ><a name="2477" class="Symbol"
+      >(</a
+      ><a name="2478" href="Maps.html#2461" class="Bound"
+      >x</a
+      ><a name="2479"
+      > </a
+      ><a name="2480" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="2481"
+      > </a
+      ><a name="2482" href="Maps.html#2463" class="Bound"
+      >y</a
+      ><a name="2483" class="Symbol"
+      >)</a
+      ><a name="2484"
+      >
+</a
+      ><a name="2485" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="2487"
+      > </a
+      ><a name="2488" href="Maps.html#2488" class="Bound"
+      >x</a
+      ><a name="2489"
+      > </a
+      ><a name="2490" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="2491"
+      > </a
+      ><a name="2492" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="2494"
+      > </a
+      ><a name="2495" href="Maps.html#2495" class="Bound"
+      >y</a
+      ><a name="2496"
+      > </a
+      ><a name="2497" class="Keyword"
+      >with</a
+      ><a name="2501"
+      > </a
+      ><a name="2502" href="Maps.html#2488" class="Bound"
+      >x</a
+      ><a name="2503"
+      > </a
+      ><a name="2504" href="https://agda.github.io/agda-stdlib/Data.Nat.Base.html#3199" class="Function Operator"
+      >Data.Nat.&#8799;</a
+      ><a name="2514"
+      > </a
+      ><a name="2515" href="Maps.html#2495" class="Bound"
+      >y</a
+      ><a name="2516"
+      >
+</a
+      ><a name="2517" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="2519"
+      > </a
+      ><a name="2520" href="Maps.html#2520" class="Bound"
+      >x</a
+      ><a name="2521"
+      > </a
+      ><a name="2522" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="2523"
+      > </a
+      ><a name="2524" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="2526"
+      > </a
+      ><a name="2527" href="Maps.html#2527" class="Bound"
+      >y</a
+      ><a name="2528"
+      > </a
+      ><a name="2529" class="Symbol"
+      >|</a
+      ><a name="2530"
+      > </a
+      ><a name="2531" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="2534"
+      > </a
+      ><a name="2535" href="Maps.html#2535" class="Bound"
+      >x=y</a
+      ><a name="2538"
+      > </a
+      ><a name="2539" class="Keyword"
+      >rewrite</a
+      ><a name="2546"
+      > </a
+      ><a name="2547" href="Maps.html#2535" class="Bound"
+      >x=y</a
+      ><a name="2550"
+      > </a
+      ><a name="2551" class="Symbol"
+      >=</a
+      ><a name="2552"
+      > </a
+      ><a name="2553" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="2556"
+      > </a
+      ><a name="2557" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="2561"
+      >
+</a
+      ><a name="2562" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="2564"
+      > </a
+      ><a name="2565" href="Maps.html#2565" class="Bound"
+      >x</a
+      ><a name="2566"
+      > </a
+      ><a name="2567" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="2568"
+      > </a
+      ><a name="2569" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="2571"
+      > </a
+      ><a name="2572" href="Maps.html#2572" class="Bound"
+      >y</a
+      ><a name="2573"
+      > </a
+      ><a name="2574" class="Symbol"
+      >|</a
+      ><a name="2575"
+      > </a
+      ><a name="2576" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="2578"
+      >  </a
+      ><a name="2580" href="Maps.html#2580" class="Bound"
+      >x&#8800;y</a
+      ><a name="2583"
+      > </a
+      ><a name="2584" class="Symbol"
+      >=</a
+      ><a name="2585"
+      > </a
+      ><a name="2586" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="2588"
+      > </a
+      ><a name="2589" class="Symbol"
+      >(</a
+      ><a name="2590" href="Maps.html#2580" class="Bound"
+      >x&#8800;y</a
+      ><a name="2593"
+      > </a
+      ><a name="2594" href="https://agda.github.io/agda-stdlib/Function.html#713" class="Function Operator"
+      >&#8728;</a
+      ><a name="2595"
+      > </a
+      ><a name="2596" href="Maps.html#2616" class="Function"
+      >id-inj</a
+      ><a name="2602" class="Symbol"
+      >)</a
+      ><a name="2603"
+      >
+  </a
+      ><a name="2606" class="Keyword"
+      >where</a
+      ><a name="2611"
+      >
+    </a
+      ><a name="2616" href="Maps.html#2616" class="Function"
+      >id-inj</a
+      ><a name="2622"
+      > </a
+      ><a name="2623" class="Symbol"
+      >:</a
+      ><a name="2624"
+      > </a
+      ><a name="2625" class="Symbol"
+      >&#8704;</a
+      ><a name="2626"
+      > </a
+      ><a name="2627" class="Symbol"
+      >{</a
+      ><a name="2628" href="Maps.html#2628" class="Bound"
+      >x</a
+      ><a name="2629"
+      > </a
+      ><a name="2630" href="Maps.html#2630" class="Bound"
+      >y</a
+      ><a name="2631" class="Symbol"
+      >}</a
+      ><a name="2632"
+      > </a
+      ><a name="2633" class="Symbol"
+      >&#8594;</a
+      ><a name="2634"
+      > </a
+      ><a name="2635" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="2637"
+      > </a
+      ><a name="2638" href="Maps.html#2628" class="Bound"
+      >x</a
+      ><a name="2639"
+      > </a
+      ><a name="2640" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="2641"
+      > </a
+      ><a name="2642" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="2644"
+      > </a
+      ><a name="2645" href="Maps.html#2630" class="Bound"
+      >y</a
+      ><a name="2646"
+      > </a
+      ><a name="2647" class="Symbol"
+      >&#8594;</a
+      ><a name="2648"
+      > </a
+      ><a name="2649" href="Maps.html#2628" class="Bound"
+      >x</a
+      ><a name="2650"
+      > </a
+      ><a name="2651" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="2652"
+      > </a
+      ><a name="2653" href="Maps.html#2630" class="Bound"
+      >y</a
+      ><a name="2654"
+      >
+    </a
+      ><a name="2659" href="Maps.html#2616" class="Function"
+      >id-inj</a
+      ><a name="2665"
+      > </a
+      ><a name="2666" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="2670"
+      > </a
+      ><a name="2671" class="Symbol"
+      >=</a
+      ><a name="2672"
+      > </a
+      ><a name="2673" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+## Total Maps
+
+Our main job in this chapter will be to build a definition of
+partial maps that is similar in behavior to the one we saw in the
+[Lists](sf/Lists.html) chapter, plus accompanying lemmas about their
+behavior.
+
+This time around, though, we're going to use _functions_, rather
+than lists of key-value pairs, to build maps.  The advantage of
+this representation is that it offers a more _extensional_ view of
+maps, where two maps that respond to queries in the same way will
+be represented as literally the same thing (the same function),
+rather than just "equivalent" data structures.  This, in turn,
+simplifies proofs that use maps.
+
+We build partial maps in two steps.  First, we define a type of
+_total maps_ that return a default value when we look up a key
+that is not present in the map.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="3509" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="3517"
+      > </a
+      ><a name="3518" class="Symbol"
+      >:</a
+      ><a name="3519"
+      > </a
+      ><a name="3520" class="PrimitiveType"
+      >Set</a
+      ><a name="3523"
+      > </a
+      ><a name="3524" class="Symbol"
+      >&#8594;</a
+      ><a name="3525"
+      > </a
+      ><a name="3526" class="PrimitiveType"
+      >Set</a
+      ><a name="3529"
+      >
+</a
+      ><a name="3530" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="3538"
+      > </a
+      ><a name="3539" href="Maps.html#3539" class="Bound"
+      >A</a
+      ><a name="3540"
+      > </a
+      ><a name="3541" class="Symbol"
+      >=</a
+      ><a name="3542"
+      > </a
+      ><a name="3543" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="3545"
+      > </a
+      ><a name="3546" class="Symbol"
+      >&#8594;</a
+      ><a name="3547"
+      > </a
+      ><a name="3548" href="Maps.html#3539" class="Bound"
+      >A</a
+      >
+</pre><!--{% endraw %}-->
+
+Intuitively, a total map over anfi element type $$A$$ _is_ just a
+function that can be used to look up ids, yielding $$A$$s.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="3700" class="Keyword"
+      >module</a
+      ><a name="3706"
+      > </a
+      ><a name="3707" href="Maps.html#3707" class="Module"
+      >TotalMap</a
+      ><a name="3715"
+      > </a
+      ><a name="3716" class="Keyword"
+      >where</a
+      >
+</pre><!--{% endraw %}-->
+
+The function `empty` yields an empty total map, given a
+default element; this map always returns the default element when
+applied to any id.
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="3891" href="Maps.html#3891" class="Function"
+      >empty</a
+      ><a name="3896"
+      > </a
+      ><a name="3897" class="Symbol"
+      >:</a
+      ><a name="3898"
+      > </a
+      ><a name="3899" class="Symbol"
+      >&#8704;</a
+      ><a name="3900"
+      > </a
+      ><a name="3901" class="Symbol"
+      >{</a
+      ><a name="3902" href="Maps.html#3902" class="Bound"
+      >A</a
+      ><a name="3903" class="Symbol"
+      >}</a
+      ><a name="3904"
+      > </a
+      ><a name="3905" class="Symbol"
+      >&#8594;</a
+      ><a name="3906"
+      > </a
+      ><a name="3907" href="Maps.html#3902" class="Bound"
+      >A</a
+      ><a name="3908"
+      > </a
+      ><a name="3909" class="Symbol"
+      >&#8594;</a
+      ><a name="3910"
+      > </a
+      ><a name="3911" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="3919"
+      > </a
+      ><a name="3920" href="Maps.html#3902" class="Bound"
+      >A</a
+      ><a name="3921"
+      >
+  </a
+      ><a name="3924" href="Maps.html#3891" class="Function"
+      >empty</a
+      ><a name="3929"
+      > </a
+      ><a name="3930" href="Maps.html#3930" class="Bound"
+      >x</a
+      ><a name="3931"
+      > </a
+      ><a name="3932" class="Symbol"
+      >=</a
+      ><a name="3933"
+      > </a
+      ><a name="3934" class="Symbol"
+      >&#955;</a
+      ><a name="3935"
+      > </a
+      ><a name="3936" href="Maps.html#3936" class="Bound"
+      >_</a
+      ><a name="3937"
+      > </a
+      ><a name="3938" class="Symbol"
+      >&#8594;</a
+      ><a name="3939"
+      > </a
+      ><a name="3940" href="Maps.html#3930" class="Bound"
+      >x</a
+      >
+</pre><!--{% endraw %}-->
+
+More interesting is the `update` function, which (as before) takes
+a map $$m$$, a key $$x$$, and a value $$v$$ and returns a new map that
+takes $$x$$ to $$v$$ and takes every other key to whatever $$m$$ does.
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="4179" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="4185"
+      > </a
+      ><a name="4186" class="Symbol"
+      >:</a
+      ><a name="4187"
+      > </a
+      ><a name="4188" class="Symbol"
+      >&#8704;</a
+      ><a name="4189"
+      > </a
+      ><a name="4190" class="Symbol"
+      >{</a
+      ><a name="4191" href="Maps.html#4191" class="Bound"
+      >A</a
+      ><a name="4192" class="Symbol"
+      >}</a
+      ><a name="4193"
+      > </a
+      ><a name="4194" class="Symbol"
+      >&#8594;</a
+      ><a name="4195"
+      > </a
+      ><a name="4196" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="4204"
+      > </a
+      ><a name="4205" href="Maps.html#4191" class="Bound"
+      >A</a
+      ><a name="4206"
+      > </a
+      ><a name="4207" class="Symbol"
+      >-&gt;</a
+      ><a name="4209"
+      > </a
+      ><a name="4210" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="4212"
+      > </a
+      ><a name="4213" class="Symbol"
+      >-&gt;</a
+      ><a name="4215"
+      > </a
+      ><a name="4216" href="Maps.html#4191" class="Bound"
+      >A</a
+      ><a name="4217"
+      > </a
+      ><a name="4218" class="Symbol"
+      >-&gt;</a
+      ><a name="4220"
+      > </a
+      ><a name="4221" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="4229"
+      > </a
+      ><a name="4230" href="Maps.html#4191" class="Bound"
+      >A</a
+      ><a name="4231"
+      >
+  </a
+      ><a name="4234" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="4240"
+      > </a
+      ><a name="4241" href="Maps.html#4241" class="Bound"
+      >m</a
+      ><a name="4242"
+      > </a
+      ><a name="4243" href="Maps.html#4243" class="Bound"
+      >x</a
+      ><a name="4244"
+      > </a
+      ><a name="4245" href="Maps.html#4245" class="Bound"
+      >v</a
+      ><a name="4246"
+      > </a
+      ><a name="4247" href="Maps.html#4247" class="Bound"
+      >y</a
+      ><a name="4248"
+      > </a
+      ><a name="4249" class="Keyword"
+      >with</a
+      ><a name="4253"
+      > </a
+      ><a name="4254" href="Maps.html#4243" class="Bound"
+      >x</a
+      ><a name="4255"
+      > </a
+      ><a name="4256" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="4257"
+      > </a
+      ><a name="4258" href="Maps.html#4247" class="Bound"
+      >y</a
+      ><a name="4259"
+      >
+  </a
+      ><a name="4262" class="Symbol"
+      >...</a
+      ><a name="4265"
+      > </a
+      ><a name="4266" class="Symbol"
+      >|</a
+      ><a name="4267"
+      > </a
+      ><a name="4268" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="4271"
+      > </a
+      ><a name="4272" href="Maps.html#4272" class="Bound"
+      >x=y</a
+      ><a name="4275"
+      > </a
+      ><a name="4276" class="Symbol"
+      >=</a
+      ><a name="4277"
+      > </a
+      ><a name="4278" href="Maps.html#4245" class="Bound"
+      >v</a
+      ><a name="4279"
+      >
+  </a
+      ><a name="4282" class="Symbol"
+      >...</a
+      ><a name="4285"
+      > </a
+      ><a name="4286" class="Symbol"
+      >|</a
+      ><a name="4287"
+      > </a
+      ><a name="4288" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="4290"
+      >  </a
+      ><a name="4292" href="Maps.html#4292" class="Bound"
+      >x&#8800;y</a
+      ><a name="4295"
+      > </a
+      ><a name="4296" class="Symbol"
+      >=</a
+      ><a name="4297"
+      > </a
+      ><a name="4298" href="Maps.html#4241" class="Bound"
+      >m</a
+      ><a name="4299"
+      > </a
+      ><a name="4300" href="Maps.html#4247" class="Bound"
+      >y</a
+      >
+</pre><!--{% endraw %}-->
+
+This definition is a nice example of higher-order programming.
+The `update` function takes a _function_ $$m$$ and yields a new
+function $$\lambda x'.\vdots$$ that behaves like the desired map.
+
+For example, we can build a map taking ids to bools, where `id
+3` is mapped to `true` and every other key is mapped to `false`,
+like this:
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="4663" href="Maps.html#4663" class="Function"
+      >examplemap</a
+      ><a name="4673"
+      > </a
+      ><a name="4674" class="Symbol"
+      >:</a
+      ><a name="4675"
+      > </a
+      ><a name="4676" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="4684"
+      > </a
+      ><a name="4685" href="Agda.Builtin.Bool.html#39" class="Datatype"
+      >Bool</a
+      ><a name="4689"
+      >
+  </a
+      ><a name="4692" href="Maps.html#4663" class="Function"
+      >examplemap</a
+      ><a name="4702"
+      > </a
+      ><a name="4703" class="Symbol"
+      >=</a
+      ><a name="4704"
+      > </a
+      ><a name="4705" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="4711"
+      > </a
+      ><a name="4712" class="Symbol"
+      >(</a
+      ><a name="4713" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="4719"
+      > </a
+      ><a name="4720" class="Symbol"
+      >(</a
+      ><a name="4721" href="Maps.html#3891" class="Function"
+      >empty</a
+      ><a name="4726"
+      > </a
+      ><a name="4727" href="Agda.Builtin.Bool.html#58" class="InductiveConstructor"
+      >false</a
+      ><a name="4732" class="Symbol"
+      >)</a
+      ><a name="4733"
+      > </a
+      ><a name="4734" class="Symbol"
+      >(</a
+      ><a name="4735" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="4737"
+      > </a
+      ><a name="4738" class="Number"
+      >1</a
+      ><a name="4739" class="Symbol"
+      >)</a
+      ><a name="4740"
+      > </a
+      ><a name="4741" href="Agda.Builtin.Bool.html#58" class="InductiveConstructor"
+      >false</a
+      ><a name="4746" class="Symbol"
+      >)</a
+      ><a name="4747"
+      > </a
+      ><a name="4748" class="Symbol"
+      >(</a
+      ><a name="4749" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="4751"
+      > </a
+      ><a name="4752" class="Number"
+      >3</a
+      ><a name="4753" class="Symbol"
+      >)</a
+      ><a name="4754"
+      > </a
+      ><a name="4755" href="Agda.Builtin.Bool.html#64" class="InductiveConstructor"
+      >true</a
+      >
+</pre><!--{% endraw %}-->
+
+This completes the definition of total maps.  Note that we don't
+need to define a `find` operation because it is just function
+application!
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="4928" href="Maps.html#4928" class="Function Operator"
+      >test_examplemap0</a
+      ><a name="4944"
+      > </a
+      ><a name="4945" class="Symbol"
+      >:</a
+      ><a name="4946"
+      > </a
+      ><a name="4947" href="Maps.html#4663" class="Function"
+      >examplemap</a
+      ><a name="4957"
+      > </a
+      ><a name="4958" class="Symbol"
+      >(</a
+      ><a name="4959" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="4961"
+      > </a
+      ><a name="4962" class="Number"
+      >0</a
+      ><a name="4963" class="Symbol"
+      >)</a
+      ><a name="4964"
+      > </a
+      ><a name="4965" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="4966"
+      > </a
+      ><a name="4967" href="Agda.Builtin.Bool.html#58" class="InductiveConstructor"
+      >false</a
+      ><a name="4972"
+      >
+  </a
+      ><a name="4975" href="Maps.html#4928" class="Function Operator"
+      >test_examplemap0</a
+      ><a name="4991"
+      > </a
+      ><a name="4992" class="Symbol"
+      >=</a
+      ><a name="4993"
+      > </a
+      ><a name="4994" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="4998"
+      >
+
+  </a
+      ><a name="5002" href="Maps.html#5002" class="Function Operator"
+      >test_examplemap1</a
+      ><a name="5018"
+      > </a
+      ><a name="5019" class="Symbol"
+      >:</a
+      ><a name="5020"
+      > </a
+      ><a name="5021" href="Maps.html#4663" class="Function"
+      >examplemap</a
+      ><a name="5031"
+      > </a
+      ><a name="5032" class="Symbol"
+      >(</a
+      ><a name="5033" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="5035"
+      > </a
+      ><a name="5036" class="Number"
+      >1</a
+      ><a name="5037" class="Symbol"
+      >)</a
+      ><a name="5038"
+      > </a
+      ><a name="5039" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="5040"
+      > </a
+      ><a name="5041" href="Agda.Builtin.Bool.html#58" class="InductiveConstructor"
+      >false</a
+      ><a name="5046"
+      >
+  </a
+      ><a name="5049" href="Maps.html#5002" class="Function Operator"
+      >test_examplemap1</a
+      ><a name="5065"
+      > </a
+      ><a name="5066" class="Symbol"
+      >=</a
+      ><a name="5067"
+      > </a
+      ><a name="5068" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="5072"
+      >
+
+  </a
+      ><a name="5076" href="Maps.html#5076" class="Function Operator"
+      >test_examplemap2</a
+      ><a name="5092"
+      > </a
+      ><a name="5093" class="Symbol"
+      >:</a
+      ><a name="5094"
+      > </a
+      ><a name="5095" href="Maps.html#4663" class="Function"
+      >examplemap</a
+      ><a name="5105"
+      > </a
+      ><a name="5106" class="Symbol"
+      >(</a
+      ><a name="5107" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="5109"
+      > </a
+      ><a name="5110" class="Number"
+      >2</a
+      ><a name="5111" class="Symbol"
+      >)</a
+      ><a name="5112"
+      > </a
+      ><a name="5113" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="5114"
+      > </a
+      ><a name="5115" href="Agda.Builtin.Bool.html#58" class="InductiveConstructor"
+      >false</a
+      ><a name="5120"
+      >
+  </a
+      ><a name="5123" href="Maps.html#5076" class="Function Operator"
+      >test_examplemap2</a
+      ><a name="5139"
+      > </a
+      ><a name="5140" class="Symbol"
+      >=</a
+      ><a name="5141"
+      > </a
+      ><a name="5142" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="5146"
+      >
+
+  </a
+      ><a name="5150" href="Maps.html#5150" class="Function Operator"
+      >test_examplemap3</a
+      ><a name="5166"
+      > </a
+      ><a name="5167" class="Symbol"
+      >:</a
+      ><a name="5168"
+      > </a
+      ><a name="5169" href="Maps.html#4663" class="Function"
+      >examplemap</a
+      ><a name="5179"
+      > </a
+      ><a name="5180" class="Symbol"
+      >(</a
+      ><a name="5181" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="5183"
+      > </a
+      ><a name="5184" class="Number"
+      >3</a
+      ><a name="5185" class="Symbol"
+      >)</a
+      ><a name="5186"
+      > </a
+      ><a name="5187" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="5188"
+      > </a
+      ><a name="5189" href="Agda.Builtin.Bool.html#64" class="InductiveConstructor"
+      >true</a
+      ><a name="5193"
+      >
+  </a
+      ><a name="5196" href="Maps.html#5150" class="Function Operator"
+      >test_examplemap3</a
+      ><a name="5212"
+      > </a
+      ><a name="5213" class="Symbol"
+      >=</a
+      ><a name="5214"
+      > </a
+      ><a name="5215" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+To use maps in later chapters, we'll need several fundamental
+facts about how they behave.  Even if you don't work the following
+exercises, make sure you thoroughly understand the statements of
+the lemmas!  (Some of the proofs require the functional
+extensionality axiom, which is discussed in the [Logic]
+chapter and included in the Agda standard library.)
+
+#### Exercise: 1 star, optional (apply-empty)
+First, the empty map returns its default element for all keys:
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="5716" class="Keyword"
+      >postulate</a
+      ><a name="5725"
+      >
+    </a
+      ><a name="5730" href="Maps.html#5730" class="Postulate"
+      >apply-empty</a
+      ><a name="5741"
+      > </a
+      ><a name="5742" class="Symbol"
+      >:</a
+      ><a name="5743"
+      > </a
+      ><a name="5744" class="Symbol"
+      >&#8704;</a
+      ><a name="5745"
+      > </a
+      ><a name="5746" class="Symbol"
+      >{</a
+      ><a name="5747" href="Maps.html#5747" class="Bound"
+      >A</a
+      ><a name="5748"
+      > </a
+      ><a name="5749" href="Maps.html#5749" class="Bound"
+      >x</a
+      ><a name="5750"
+      > </a
+      ><a name="5751" href="Maps.html#5751" class="Bound"
+      >v</a
+      ><a name="5752" class="Symbol"
+      >}</a
+      ><a name="5753"
+      > </a
+      ><a name="5754" class="Symbol"
+      >&#8594;</a
+      ><a name="5755"
+      > </a
+      ><a name="5756" href="Maps.html#3891" class="Function"
+      >empty</a
+      ><a name="5761"
+      > </a
+      ><a name="5762" class="Symbol"
+      >{</a
+      ><a name="5763" href="Maps.html#5747" class="Bound"
+      >A</a
+      ><a name="5764" class="Symbol"
+      >}</a
+      ><a name="5765"
+      > </a
+      ><a name="5766" href="Maps.html#5751" class="Bound"
+      >v</a
+      ><a name="5767"
+      > </a
+      ><a name="5768" href="Maps.html#5749" class="Bound"
+      >x</a
+      ><a name="5769"
+      > </a
+      ><a name="5770" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="5771"
+      > </a
+      ><a name="5772" href="Maps.html#5751" class="Bound"
+      >v</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+  <a name="5822" href="Maps.html#5822" class="Function"
+      >apply-empty&#8242;</a
+      ><a name="5834"
+      > </a
+      ><a name="5835" class="Symbol"
+      >:</a
+      ><a name="5836"
+      > </a
+      ><a name="5837" class="Symbol"
+      >&#8704;</a
+      ><a name="5838"
+      > </a
+      ><a name="5839" class="Symbol"
+      >{</a
+      ><a name="5840" href="Maps.html#5840" class="Bound"
+      >A</a
+      ><a name="5841"
+      > </a
+      ><a name="5842" href="Maps.html#5842" class="Bound"
+      >x</a
+      ><a name="5843"
+      > </a
+      ><a name="5844" href="Maps.html#5844" class="Bound"
+      >v</a
+      ><a name="5845" class="Symbol"
+      >}</a
+      ><a name="5846"
+      > </a
+      ><a name="5847" class="Symbol"
+      >&#8594;</a
+      ><a name="5848"
+      > </a
+      ><a name="5849" href="Maps.html#3891" class="Function"
+      >empty</a
+      ><a name="5854"
+      > </a
+      ><a name="5855" class="Symbol"
+      >{</a
+      ><a name="5856" href="Maps.html#5840" class="Bound"
+      >A</a
+      ><a name="5857" class="Symbol"
+      >}</a
+      ><a name="5858"
+      > </a
+      ><a name="5859" href="Maps.html#5844" class="Bound"
+      >v</a
+      ><a name="5860"
+      > </a
+      ><a name="5861" href="Maps.html#5842" class="Bound"
+      >x</a
+      ><a name="5862"
+      > </a
+      ><a name="5863" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="5864"
+      > </a
+      ><a name="5865" href="Maps.html#5844" class="Bound"
+      >v</a
+      ><a name="5866"
+      >
+  </a
+      ><a name="5869" href="Maps.html#5822" class="Function"
+      >apply-empty&#8242;</a
+      ><a name="5881"
+      > </a
+      ><a name="5882" class="Symbol"
+      >=</a
+      ><a name="5883"
+      > </a
+      ><a name="5884" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+#### Exercise: 2 stars, optional (update-eq)
+Next, if we update a map $$m$$ at a key $$x$$ with a new value $$v$$
+and then look up $$x$$ in the map resulting from the `update`, we get
+back $$v$$:
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="6120" class="Keyword"
+      >postulate</a
+      ><a name="6129"
+      >
+    </a
+      ><a name="6134" href="Maps.html#6134" class="Postulate"
+      >update-eq</a
+      ><a name="6143"
+      > </a
+      ><a name="6144" class="Symbol"
+      >:</a
+      ><a name="6145"
+      > </a
+      ><a name="6146" class="Symbol"
+      >&#8704;</a
+      ><a name="6147"
+      > </a
+      ><a name="6148" class="Symbol"
+      >{</a
+      ><a name="6149" href="Maps.html#6149" class="Bound"
+      >A</a
+      ><a name="6150"
+      > </a
+      ><a name="6151" href="Maps.html#6151" class="Bound"
+      >v</a
+      ><a name="6152" class="Symbol"
+      >}</a
+      ><a name="6153"
+      > </a
+      ><a name="6154" class="Symbol"
+      >(</a
+      ><a name="6155" href="Maps.html#6155" class="Bound"
+      >m</a
+      ><a name="6156"
+      > </a
+      ><a name="6157" class="Symbol"
+      >:</a
+      ><a name="6158"
+      > </a
+      ><a name="6159" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="6167"
+      > </a
+      ><a name="6168" href="Maps.html#6149" class="Bound"
+      >A</a
+      ><a name="6169" class="Symbol"
+      >)</a
+      ><a name="6170"
+      > </a
+      ><a name="6171" class="Symbol"
+      >(</a
+      ><a name="6172" href="Maps.html#6172" class="Bound"
+      >x</a
+      ><a name="6173"
+      > </a
+      ><a name="6174" class="Symbol"
+      >:</a
+      ><a name="6175"
+      > </a
+      ><a name="6176" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="6178" class="Symbol"
+      >)</a
+      ><a name="6179"
+      >
+              </a
+      ><a name="6194" class="Symbol"
+      >&#8594;</a
+      ><a name="6195"
+      > </a
+      ><a name="6196" class="Symbol"
+      >(</a
+      ><a name="6197" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="6203"
+      > </a
+      ><a name="6204" href="Maps.html#6155" class="Bound"
+      >m</a
+      ><a name="6205"
+      > </a
+      ><a name="6206" href="Maps.html#6172" class="Bound"
+      >x</a
+      ><a name="6207"
+      > </a
+      ><a name="6208" href="Maps.html#6151" class="Bound"
+      >v</a
+      ><a name="6209" class="Symbol"
+      >)</a
+      ><a name="6210"
+      > </a
+      ><a name="6211" href="Maps.html#6172" class="Bound"
+      >x</a
+      ><a name="6212"
+      > </a
+      ><a name="6213" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="6214"
+      > </a
+      ><a name="6215" href="Maps.html#6151" class="Bound"
+      >v</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+  <a name="6265" href="Maps.html#6265" class="Function"
+      >update-eq&#8242;</a
+      ><a name="6275"
+      > </a
+      ><a name="6276" class="Symbol"
+      >:</a
+      ><a name="6277"
+      > </a
+      ><a name="6278" class="Symbol"
+      >&#8704;</a
+      ><a name="6279"
+      > </a
+      ><a name="6280" class="Symbol"
+      >{</a
+      ><a name="6281" href="Maps.html#6281" class="Bound"
+      >A</a
+      ><a name="6282"
+      > </a
+      ><a name="6283" href="Maps.html#6283" class="Bound"
+      >v</a
+      ><a name="6284" class="Symbol"
+      >}</a
+      ><a name="6285"
+      > </a
+      ><a name="6286" class="Symbol"
+      >(</a
+      ><a name="6287" href="Maps.html#6287" class="Bound"
+      >m</a
+      ><a name="6288"
+      > </a
+      ><a name="6289" class="Symbol"
+      >:</a
+      ><a name="6290"
+      > </a
+      ><a name="6291" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="6299"
+      > </a
+      ><a name="6300" href="Maps.html#6281" class="Bound"
+      >A</a
+      ><a name="6301" class="Symbol"
+      >)</a
+      ><a name="6302"
+      > </a
+      ><a name="6303" class="Symbol"
+      >(</a
+      ><a name="6304" href="Maps.html#6304" class="Bound"
+      >x</a
+      ><a name="6305"
+      > </a
+      ><a name="6306" class="Symbol"
+      >:</a
+      ><a name="6307"
+      > </a
+      ><a name="6308" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="6310" class="Symbol"
+      >)</a
+      ><a name="6311"
+      >
+             </a
+      ><a name="6325" class="Symbol"
+      >&#8594;</a
+      ><a name="6326"
+      > </a
+      ><a name="6327" class="Symbol"
+      >(</a
+      ><a name="6328" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="6334"
+      > </a
+      ><a name="6335" href="Maps.html#6287" class="Bound"
+      >m</a
+      ><a name="6336"
+      > </a
+      ><a name="6337" href="Maps.html#6304" class="Bound"
+      >x</a
+      ><a name="6338"
+      > </a
+      ><a name="6339" href="Maps.html#6283" class="Bound"
+      >v</a
+      ><a name="6340" class="Symbol"
+      >)</a
+      ><a name="6341"
+      > </a
+      ><a name="6342" href="Maps.html#6304" class="Bound"
+      >x</a
+      ><a name="6343"
+      > </a
+      ><a name="6344" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="6345"
+      > </a
+      ><a name="6346" href="Maps.html#6283" class="Bound"
+      >v</a
+      ><a name="6347"
+      >
+  </a
+      ><a name="6350" href="Maps.html#6265" class="Function"
+      >update-eq&#8242;</a
+      ><a name="6360"
+      > </a
+      ><a name="6361" href="Maps.html#6361" class="Bound"
+      >m</a
+      ><a name="6362"
+      > </a
+      ><a name="6363" href="Maps.html#6363" class="Bound"
+      >x</a
+      ><a name="6364"
+      > </a
+      ><a name="6365" class="Keyword"
+      >with</a
+      ><a name="6369"
+      > </a
+      ><a name="6370" href="Maps.html#6363" class="Bound"
+      >x</a
+      ><a name="6371"
+      > </a
+      ><a name="6372" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="6373"
+      > </a
+      ><a name="6374" href="Maps.html#6363" class="Bound"
+      >x</a
+      ><a name="6375"
+      >
+  </a
+      ><a name="6378" class="Symbol"
+      >...</a
+      ><a name="6381"
+      > </a
+      ><a name="6382" class="Symbol"
+      >|</a
+      ><a name="6383"
+      > </a
+      ><a name="6384" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="6387"
+      > </a
+      ><a name="6388" href="Maps.html#6388" class="Bound"
+      >x=x</a
+      ><a name="6391"
+      > </a
+      ><a name="6392" class="Symbol"
+      >=</a
+      ><a name="6393"
+      > </a
+      ><a name="6394" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="6398"
+      >
+  </a
+      ><a name="6401" class="Symbol"
+      >...</a
+      ><a name="6404"
+      > </a
+      ><a name="6405" class="Symbol"
+      >|</a
+      ><a name="6406"
+      > </a
+      ><a name="6407" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="6409"
+      >  </a
+      ><a name="6411" href="Maps.html#6411" class="Bound"
+      >x&#8800;x</a
+      ><a name="6414"
+      > </a
+      ><a name="6415" class="Symbol"
+      >=</a
+      ><a name="6416"
+      > </a
+      ><a name="6417" href="https://agda.github.io/agda-stdlib/Data.Empty.html#348" class="Function"
+      >&#8869;-elim</a
+      ><a name="6423"
+      > </a
+      ><a name="6424" class="Symbol"
+      >(</a
+      ><a name="6425" href="Maps.html#6411" class="Bound"
+      >x&#8800;x</a
+      ><a name="6428"
+      > </a
+      ><a name="6429" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="6433" class="Symbol"
+      >)</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+#### Exercise: 2 stars, optional (update-neq)
+On the other hand, if we update a map $$m$$ at a key $$x$$ and
+then look up a _different_ key $$y$$ in the resulting map, we get
+the same result that $$m$$ would have given:
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="6690" href="Maps.html#6690" class="Function"
+      >update-neq</a
+      ><a name="6700"
+      > </a
+      ><a name="6701" class="Symbol"
+      >:</a
+      ><a name="6702"
+      > </a
+      ><a name="6703" class="Symbol"
+      >&#8704;</a
+      ><a name="6704"
+      > </a
+      ><a name="6705" class="Symbol"
+      >{</a
+      ><a name="6706" href="Maps.html#6706" class="Bound"
+      >A</a
+      ><a name="6707"
+      > </a
+      ><a name="6708" href="Maps.html#6708" class="Bound"
+      >v</a
+      ><a name="6709" class="Symbol"
+      >}</a
+      ><a name="6710"
+      > </a
+      ><a name="6711" class="Symbol"
+      >(</a
+      ><a name="6712" href="Maps.html#6712" class="Bound"
+      >m</a
+      ><a name="6713"
+      > </a
+      ><a name="6714" class="Symbol"
+      >:</a
+      ><a name="6715"
+      > </a
+      ><a name="6716" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="6724"
+      > </a
+      ><a name="6725" href="Maps.html#6706" class="Bound"
+      >A</a
+      ><a name="6726" class="Symbol"
+      >)</a
+      ><a name="6727"
+      > </a
+      ><a name="6728" class="Symbol"
+      >(</a
+      ><a name="6729" href="Maps.html#6729" class="Bound"
+      >x</a
+      ><a name="6730"
+      > </a
+      ><a name="6731" href="Maps.html#6731" class="Bound"
+      >y</a
+      ><a name="6732"
+      > </a
+      ><a name="6733" class="Symbol"
+      >:</a
+      ><a name="6734"
+      > </a
+      ><a name="6735" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="6737" class="Symbol"
+      >)</a
+      ><a name="6738"
+      >
+             </a
+      ><a name="6752" class="Symbol"
+      >&#8594;</a
+      ><a name="6753"
+      > </a
+      ><a name="6754" href="Maps.html#6729" class="Bound"
+      >x</a
+      ><a name="6755"
+      > </a
+      ><a name="6756" href="https://agda.github.io/agda-stdlib/Relation.Binary.Core.html#4493" class="Function Operator"
+      >&#8802;</a
+      ><a name="6757"
+      > </a
+      ><a name="6758" href="Maps.html#6731" class="Bound"
+      >y</a
+      ><a name="6759"
+      > </a
+      ><a name="6760" class="Symbol"
+      >&#8594;</a
+      ><a name="6761"
+      > </a
+      ><a name="6762" class="Symbol"
+      >(</a
+      ><a name="6763" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="6769"
+      > </a
+      ><a name="6770" href="Maps.html#6712" class="Bound"
+      >m</a
+      ><a name="6771"
+      > </a
+      ><a name="6772" href="Maps.html#6729" class="Bound"
+      >x</a
+      ><a name="6773"
+      > </a
+      ><a name="6774" href="Maps.html#6708" class="Bound"
+      >v</a
+      ><a name="6775" class="Symbol"
+      >)</a
+      ><a name="6776"
+      > </a
+      ><a name="6777" href="Maps.html#6731" class="Bound"
+      >y</a
+      ><a name="6778"
+      > </a
+      ><a name="6779" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="6780"
+      > </a
+      ><a name="6781" href="Maps.html#6712" class="Bound"
+      >m</a
+      ><a name="6782"
+      > </a
+      ><a name="6783" href="Maps.html#6731" class="Bound"
+      >y</a
+      ><a name="6784"
+      >
+  </a
+      ><a name="6787" href="Maps.html#6690" class="Function"
+      >update-neq</a
+      ><a name="6797"
+      > </a
+      ><a name="6798" href="Maps.html#6798" class="Bound"
+      >m</a
+      ><a name="6799"
+      > </a
+      ><a name="6800" href="Maps.html#6800" class="Bound"
+      >x</a
+      ><a name="6801"
+      > </a
+      ><a name="6802" href="Maps.html#6802" class="Bound"
+      >y</a
+      ><a name="6803"
+      > </a
+      ><a name="6804" href="Maps.html#6804" class="Bound"
+      >x&#8800;y</a
+      ><a name="6807"
+      > </a
+      ><a name="6808" class="Keyword"
+      >with</a
+      ><a name="6812"
+      > </a
+      ><a name="6813" href="Maps.html#6800" class="Bound"
+      >x</a
+      ><a name="6814"
+      > </a
+      ><a name="6815" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="6816"
+      > </a
+      ><a name="6817" href="Maps.html#6802" class="Bound"
+      >y</a
+      ><a name="6818"
+      >
+  </a
+      ><a name="6821" class="Symbol"
+      >...</a
+      ><a name="6824"
+      > </a
+      ><a name="6825" class="Symbol"
+      >|</a
+      ><a name="6826"
+      > </a
+      ><a name="6827" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="6830"
+      > </a
+      ><a name="6831" href="Maps.html#6831" class="Bound"
+      >x=y</a
+      ><a name="6834"
+      > </a
+      ><a name="6835" class="Symbol"
+      >=</a
+      ><a name="6836"
+      > </a
+      ><a name="6837" href="https://agda.github.io/agda-stdlib/Data.Empty.html#348" class="Function"
+      >&#8869;-elim</a
+      ><a name="6843"
+      > </a
+      ><a name="6844" class="Symbol"
+      >(</a
+      ><a name="6845" href="Maps.html#6804" class="Bound"
+      >x&#8800;y</a
+      ><a name="6848"
+      > </a
+      ><a name="6849" href="Maps.html#6831" class="Bound"
+      >x=y</a
+      ><a name="6852" class="Symbol"
+      >)</a
+      ><a name="6853"
+      >
+  </a
+      ><a name="6856" class="Symbol"
+      >...</a
+      ><a name="6859"
+      > </a
+      ><a name="6860" class="Symbol"
+      >|</a
+      ><a name="6861"
+      > </a
+      ><a name="6862" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="6864"
+      >  </a
+      ><a name="6866" class="Symbol"
+      >_</a
+      ><a name="6867"
+      >   </a
+      ><a name="6870" class="Symbol"
+      >=</a
+      ><a name="6871"
+      > </a
+      ><a name="6872" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+#### Exercise: 2 stars, optional (update-shadow)
+If we update a map $$m$$ at a key $$x$$ with a value $$v_1$$ and then
+update again with the same key $$x$$ and another value $$v_2$$, the
+resulting map behaves the same (gives the same result when applied
+to any key) as the simpler map obtained by performing just
+the second `update` on $$m$$:
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="7248" class="Keyword"
+      >postulate</a
+      ><a name="7257"
+      >
+    </a
+      ><a name="7262" href="Maps.html#7262" class="Postulate"
+      >update-shadow</a
+      ><a name="7275"
+      > </a
+      ><a name="7276" class="Symbol"
+      >:</a
+      ><a name="7277"
+      > </a
+      ><a name="7278" class="Symbol"
+      >&#8704;</a
+      ><a name="7279"
+      > </a
+      ><a name="7280" class="Symbol"
+      >{</a
+      ><a name="7281" href="Maps.html#7281" class="Bound"
+      >A</a
+      ><a name="7282"
+      > </a
+      ><a name="7283" href="Maps.html#7283" class="Bound"
+      >v1</a
+      ><a name="7285"
+      > </a
+      ><a name="7286" href="Maps.html#7286" class="Bound"
+      >v2</a
+      ><a name="7288" class="Symbol"
+      >}</a
+      ><a name="7289"
+      > </a
+      ><a name="7290" class="Symbol"
+      >(</a
+      ><a name="7291" href="Maps.html#7291" class="Bound"
+      >m</a
+      ><a name="7292"
+      > </a
+      ><a name="7293" class="Symbol"
+      >:</a
+      ><a name="7294"
+      > </a
+      ><a name="7295" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="7303"
+      > </a
+      ><a name="7304" href="Maps.html#7281" class="Bound"
+      >A</a
+      ><a name="7305" class="Symbol"
+      >)</a
+      ><a name="7306"
+      > </a
+      ><a name="7307" class="Symbol"
+      >(</a
+      ><a name="7308" href="Maps.html#7308" class="Bound"
+      >x</a
+      ><a name="7309"
+      > </a
+      ><a name="7310" href="Maps.html#7310" class="Bound"
+      >y</a
+      ><a name="7311"
+      > </a
+      ><a name="7312" class="Symbol"
+      >:</a
+      ><a name="7313"
+      > </a
+      ><a name="7314" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="7316" class="Symbol"
+      >)</a
+      ><a name="7317"
+      >
+                  </a
+      ><a name="7336" class="Symbol"
+      >&#8594;</a
+      ><a name="7337"
+      > </a
+      ><a name="7338" class="Symbol"
+      >(</a
+      ><a name="7339" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="7345"
+      > </a
+      ><a name="7346" class="Symbol"
+      >(</a
+      ><a name="7347" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="7353"
+      > </a
+      ><a name="7354" href="Maps.html#7291" class="Bound"
+      >m</a
+      ><a name="7355"
+      > </a
+      ><a name="7356" href="Maps.html#7308" class="Bound"
+      >x</a
+      ><a name="7357"
+      > </a
+      ><a name="7358" href="Maps.html#7283" class="Bound"
+      >v1</a
+      ><a name="7360" class="Symbol"
+      >)</a
+      ><a name="7361"
+      > </a
+      ><a name="7362" href="Maps.html#7308" class="Bound"
+      >x</a
+      ><a name="7363"
+      > </a
+      ><a name="7364" href="Maps.html#7286" class="Bound"
+      >v2</a
+      ><a name="7366" class="Symbol"
+      >)</a
+      ><a name="7367"
+      > </a
+      ><a name="7368" href="Maps.html#7310" class="Bound"
+      >y</a
+      ><a name="7369"
+      > </a
+      ><a name="7370" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="7371"
+      > </a
+      ><a name="7372" class="Symbol"
+      >(</a
+      ><a name="7373" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="7379"
+      > </a
+      ><a name="7380" href="Maps.html#7291" class="Bound"
+      >m</a
+      ><a name="7381"
+      > </a
+      ><a name="7382" href="Maps.html#7308" class="Bound"
+      >x</a
+      ><a name="7383"
+      > </a
+      ><a name="7384" href="Maps.html#7286" class="Bound"
+      >v2</a
+      ><a name="7386" class="Symbol"
+      >)</a
+      ><a name="7387"
+      > </a
+      ><a name="7388" href="Maps.html#7310" class="Bound"
+      >y</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+  <a name="7438" href="Maps.html#7438" class="Function"
+      >update-shadow&#8242;</a
+      ><a name="7452"
+      > </a
+      ><a name="7453" class="Symbol"
+      >:</a
+      ><a name="7454"
+      > </a
+      ><a name="7455" class="Symbol"
+      >&#8704;</a
+      ><a name="7456"
+      > </a
+      ><a name="7457" class="Symbol"
+      >{</a
+      ><a name="7458" href="Maps.html#7458" class="Bound"
+      >A</a
+      ><a name="7459"
+      > </a
+      ><a name="7460" href="Maps.html#7460" class="Bound"
+      >v1</a
+      ><a name="7462"
+      > </a
+      ><a name="7463" href="Maps.html#7463" class="Bound"
+      >v2</a
+      ><a name="7465" class="Symbol"
+      >}</a
+      ><a name="7466"
+      > </a
+      ><a name="7467" class="Symbol"
+      >(</a
+      ><a name="7468" href="Maps.html#7468" class="Bound"
+      >m</a
+      ><a name="7469"
+      > </a
+      ><a name="7470" class="Symbol"
+      >:</a
+      ><a name="7471"
+      > </a
+      ><a name="7472" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="7480"
+      > </a
+      ><a name="7481" href="Maps.html#7458" class="Bound"
+      >A</a
+      ><a name="7482" class="Symbol"
+      >)</a
+      ><a name="7483"
+      > </a
+      ><a name="7484" class="Symbol"
+      >(</a
+      ><a name="7485" href="Maps.html#7485" class="Bound"
+      >x</a
+      ><a name="7486"
+      > </a
+      ><a name="7487" href="Maps.html#7487" class="Bound"
+      >y</a
+      ><a name="7488"
+      > </a
+      ><a name="7489" class="Symbol"
+      >:</a
+      ><a name="7490"
+      > </a
+      ><a name="7491" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="7493" class="Symbol"
+      >)</a
+      ><a name="7494"
+      >
+                 </a
+      ><a name="7512" class="Symbol"
+      >&#8594;</a
+      ><a name="7513"
+      > </a
+      ><a name="7514" class="Symbol"
+      >(</a
+      ><a name="7515" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="7521"
+      > </a
+      ><a name="7522" class="Symbol"
+      >(</a
+      ><a name="7523" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="7529"
+      > </a
+      ><a name="7530" href="Maps.html#7468" class="Bound"
+      >m</a
+      ><a name="7531"
+      > </a
+      ><a name="7532" href="Maps.html#7485" class="Bound"
+      >x</a
+      ><a name="7533"
+      > </a
+      ><a name="7534" href="Maps.html#7460" class="Bound"
+      >v1</a
+      ><a name="7536" class="Symbol"
+      >)</a
+      ><a name="7537"
+      > </a
+      ><a name="7538" href="Maps.html#7485" class="Bound"
+      >x</a
+      ><a name="7539"
+      > </a
+      ><a name="7540" href="Maps.html#7463" class="Bound"
+      >v2</a
+      ><a name="7542" class="Symbol"
+      >)</a
+      ><a name="7543"
+      > </a
+      ><a name="7544" href="Maps.html#7487" class="Bound"
+      >y</a
+      ><a name="7545"
+      > </a
+      ><a name="7546" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="7547"
+      > </a
+      ><a name="7548" class="Symbol"
+      >(</a
+      ><a name="7549" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="7555"
+      > </a
+      ><a name="7556" href="Maps.html#7468" class="Bound"
+      >m</a
+      ><a name="7557"
+      > </a
+      ><a name="7558" href="Maps.html#7485" class="Bound"
+      >x</a
+      ><a name="7559"
+      > </a
+      ><a name="7560" href="Maps.html#7463" class="Bound"
+      >v2</a
+      ><a name="7562" class="Symbol"
+      >)</a
+      ><a name="7563"
+      > </a
+      ><a name="7564" href="Maps.html#7487" class="Bound"
+      >y</a
+      ><a name="7565"
+      >
+  </a
+      ><a name="7568" href="Maps.html#7438" class="Function"
+      >update-shadow&#8242;</a
+      ><a name="7582"
+      > </a
+      ><a name="7583" href="Maps.html#7583" class="Bound"
+      >m</a
+      ><a name="7584"
+      > </a
+      ><a name="7585" href="Maps.html#7585" class="Bound"
+      >x</a
+      ><a name="7586"
+      > </a
+      ><a name="7587" href="Maps.html#7587" class="Bound"
+      >y</a
+      ><a name="7588"
+      >
+      </a
+      ><a name="7595" class="Keyword"
+      >with</a
+      ><a name="7599"
+      > </a
+      ><a name="7600" href="Maps.html#7585" class="Bound"
+      >x</a
+      ><a name="7601"
+      > </a
+      ><a name="7602" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="7603"
+      > </a
+      ><a name="7604" href="Maps.html#7587" class="Bound"
+      >y</a
+      ><a name="7605"
+      >
+  </a
+      ><a name="7608" class="Symbol"
+      >...</a
+      ><a name="7611"
+      > </a
+      ><a name="7612" class="Symbol"
+      >|</a
+      ><a name="7613"
+      > </a
+      ><a name="7614" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="7617"
+      > </a
+      ><a name="7618" href="Maps.html#7618" class="Bound"
+      >x=y</a
+      ><a name="7621"
+      > </a
+      ><a name="7622" class="Symbol"
+      >=</a
+      ><a name="7623"
+      > </a
+      ><a name="7624" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="7628"
+      >
+  </a
+      ><a name="7631" class="Symbol"
+      >...</a
+      ><a name="7634"
+      > </a
+      ><a name="7635" class="Symbol"
+      >|</a
+      ><a name="7636"
+      > </a
+      ><a name="7637" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="7639"
+      >  </a
+      ><a name="7641" href="Maps.html#7641" class="Bound"
+      >x&#8800;y</a
+      ><a name="7644"
+      > </a
+      ><a name="7645" class="Symbol"
+      >=</a
+      ><a name="7646"
+      > </a
+      ><a name="7647" href="Maps.html#6690" class="Function"
+      >update-neq</a
+      ><a name="7657"
+      > </a
+      ><a name="7658" href="Maps.html#7583" class="Bound"
+      >m</a
+      ><a name="7659"
+      > </a
+      ><a name="7660" href="Maps.html#7585" class="Bound"
+      >x</a
+      ><a name="7661"
+      > </a
+      ><a name="7662" href="Maps.html#7587" class="Bound"
+      >y</a
+      ><a name="7663"
+      > </a
+      ><a name="7664" href="Maps.html#7641" class="Bound"
+      >x&#8800;y</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+#### Exercise: 2 stars (update-same)
+Prove the following theorem, which states that if we update a map to
+assign key $$x$$ the same value as it already has in $$m$$, then the
+result is equal to $$m$$:
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="7904" class="Keyword"
+      >postulate</a
+      ><a name="7913"
+      >
+    </a
+      ><a name="7918" href="Maps.html#7918" class="Postulate"
+      >update-same</a
+      ><a name="7929"
+      > </a
+      ><a name="7930" class="Symbol"
+      >:</a
+      ><a name="7931"
+      > </a
+      ><a name="7932" class="Symbol"
+      >&#8704;</a
+      ><a name="7933"
+      > </a
+      ><a name="7934" class="Symbol"
+      >{</a
+      ><a name="7935" href="Maps.html#7935" class="Bound"
+      >A</a
+      ><a name="7936" class="Symbol"
+      >}</a
+      ><a name="7937"
+      > </a
+      ><a name="7938" class="Symbol"
+      >(</a
+      ><a name="7939" href="Maps.html#7939" class="Bound"
+      >m</a
+      ><a name="7940"
+      > </a
+      ><a name="7941" class="Symbol"
+      >:</a
+      ><a name="7942"
+      > </a
+      ><a name="7943" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="7951"
+      > </a
+      ><a name="7952" href="Maps.html#7935" class="Bound"
+      >A</a
+      ><a name="7953" class="Symbol"
+      >)</a
+      ><a name="7954"
+      > </a
+      ><a name="7955" class="Symbol"
+      >(</a
+      ><a name="7956" href="Maps.html#7956" class="Bound"
+      >x</a
+      ><a name="7957"
+      > </a
+      ><a name="7958" href="Maps.html#7958" class="Bound"
+      >y</a
+      ><a name="7959"
+      > </a
+      ><a name="7960" class="Symbol"
+      >:</a
+      ><a name="7961"
+      > </a
+      ><a name="7962" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="7964" class="Symbol"
+      >)</a
+      ><a name="7965"
+      >
+                </a
+      ><a name="7982" class="Symbol"
+      >&#8594;</a
+      ><a name="7983"
+      > </a
+      ><a name="7984" class="Symbol"
+      >(</a
+      ><a name="7985" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="7991"
+      > </a
+      ><a name="7992" href="Maps.html#7939" class="Bound"
+      >m</a
+      ><a name="7993"
+      > </a
+      ><a name="7994" href="Maps.html#7956" class="Bound"
+      >x</a
+      ><a name="7995"
+      > </a
+      ><a name="7996" class="Symbol"
+      >(</a
+      ><a name="7997" href="Maps.html#7939" class="Bound"
+      >m</a
+      ><a name="7998"
+      > </a
+      ><a name="7999" href="Maps.html#7956" class="Bound"
+      >x</a
+      ><a name="8000" class="Symbol"
+      >))</a
+      ><a name="8002"
+      > </a
+      ><a name="8003" href="Maps.html#7958" class="Bound"
+      >y</a
+      ><a name="8004"
+      > </a
+      ><a name="8005" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="8006"
+      > </a
+      ><a name="8007" href="Maps.html#7939" class="Bound"
+      >m</a
+      ><a name="8008"
+      > </a
+      ><a name="8009" href="Maps.html#7958" class="Bound"
+      >y</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+  <a name="8059" href="Maps.html#8059" class="Function"
+      >update-same&#8242;</a
+      ><a name="8071"
+      > </a
+      ><a name="8072" class="Symbol"
+      >:</a
+      ><a name="8073"
+      > </a
+      ><a name="8074" class="Symbol"
+      >&#8704;</a
+      ><a name="8075"
+      > </a
+      ><a name="8076" class="Symbol"
+      >{</a
+      ><a name="8077" href="Maps.html#8077" class="Bound"
+      >A</a
+      ><a name="8078" class="Symbol"
+      >}</a
+      ><a name="8079"
+      > </a
+      ><a name="8080" class="Symbol"
+      >(</a
+      ><a name="8081" href="Maps.html#8081" class="Bound"
+      >m</a
+      ><a name="8082"
+      > </a
+      ><a name="8083" class="Symbol"
+      >:</a
+      ><a name="8084"
+      > </a
+      ><a name="8085" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="8093"
+      > </a
+      ><a name="8094" href="Maps.html#8077" class="Bound"
+      >A</a
+      ><a name="8095" class="Symbol"
+      >)</a
+      ><a name="8096"
+      > </a
+      ><a name="8097" class="Symbol"
+      >(</a
+      ><a name="8098" href="Maps.html#8098" class="Bound"
+      >x</a
+      ><a name="8099"
+      > </a
+      ><a name="8100" href="Maps.html#8100" class="Bound"
+      >y</a
+      ><a name="8101"
+      > </a
+      ><a name="8102" class="Symbol"
+      >:</a
+      ><a name="8103"
+      > </a
+      ><a name="8104" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="8106" class="Symbol"
+      >)</a
+      ><a name="8107"
+      >
+               </a
+      ><a name="8123" class="Symbol"
+      >&#8594;</a
+      ><a name="8124"
+      > </a
+      ><a name="8125" class="Symbol"
+      >(</a
+      ><a name="8126" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="8132"
+      > </a
+      ><a name="8133" href="Maps.html#8081" class="Bound"
+      >m</a
+      ><a name="8134"
+      > </a
+      ><a name="8135" href="Maps.html#8098" class="Bound"
+      >x</a
+      ><a name="8136"
+      > </a
+      ><a name="8137" class="Symbol"
+      >(</a
+      ><a name="8138" href="Maps.html#8081" class="Bound"
+      >m</a
+      ><a name="8139"
+      > </a
+      ><a name="8140" href="Maps.html#8098" class="Bound"
+      >x</a
+      ><a name="8141" class="Symbol"
+      >))</a
+      ><a name="8143"
+      > </a
+      ><a name="8144" href="Maps.html#8100" class="Bound"
+      >y</a
+      ><a name="8145"
+      > </a
+      ><a name="8146" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="8147"
+      > </a
+      ><a name="8148" href="Maps.html#8081" class="Bound"
+      >m</a
+      ><a name="8149"
+      > </a
+      ><a name="8150" href="Maps.html#8100" class="Bound"
+      >y</a
+      ><a name="8151"
+      >
+  </a
+      ><a name="8154" href="Maps.html#8059" class="Function"
+      >update-same&#8242;</a
+      ><a name="8166"
+      > </a
+      ><a name="8167" href="Maps.html#8167" class="Bound"
+      >m</a
+      ><a name="8168"
+      > </a
+      ><a name="8169" href="Maps.html#8169" class="Bound"
+      >x</a
+      ><a name="8170"
+      > </a
+      ><a name="8171" href="Maps.html#8171" class="Bound"
+      >y</a
+      ><a name="8172"
+      >
+    </a
+      ><a name="8177" class="Keyword"
+      >with</a
+      ><a name="8181"
+      > </a
+      ><a name="8182" href="Maps.html#8169" class="Bound"
+      >x</a
+      ><a name="8183"
+      > </a
+      ><a name="8184" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="8185"
+      > </a
+      ><a name="8186" href="Maps.html#8171" class="Bound"
+      >y</a
+      ><a name="8187"
+      >
+  </a
+      ><a name="8190" class="Symbol"
+      >...</a
+      ><a name="8193"
+      > </a
+      ><a name="8194" class="Symbol"
+      >|</a
+      ><a name="8195"
+      > </a
+      ><a name="8196" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="8199"
+      > </a
+      ><a name="8200" href="Maps.html#8200" class="Bound"
+      >x=y</a
+      ><a name="8203"
+      > </a
+      ><a name="8204" class="Keyword"
+      >rewrite</a
+      ><a name="8211"
+      > </a
+      ><a name="8212" href="Maps.html#8200" class="Bound"
+      >x=y</a
+      ><a name="8215"
+      > </a
+      ><a name="8216" class="Symbol"
+      >=</a
+      ><a name="8217"
+      > </a
+      ><a name="8218" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="8222"
+      >
+  </a
+      ><a name="8225" class="Symbol"
+      >...</a
+      ><a name="8228"
+      > </a
+      ><a name="8229" class="Symbol"
+      >|</a
+      ><a name="8230"
+      > </a
+      ><a name="8231" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="8233"
+      >  </a
+      ><a name="8235" href="Maps.html#8235" class="Bound"
+      >x&#8800;y</a
+      ><a name="8238"
+      > </a
+      ><a name="8239" class="Symbol"
+      >=</a
+      ><a name="8240"
+      > </a
+      ><a name="8241" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+#### Exercise: 3 stars, recommended (update-permute)
+Prove one final property of the `update` function: If we update a map
+$$m$$ at two distinct keys, it doesn't matter in which order we do the
+updates.
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="8484" class="Keyword"
+      >postulate</a
+      ><a name="8493"
+      >
+    </a
+      ><a name="8498" href="Maps.html#8498" class="Postulate"
+      >update-permute</a
+      ><a name="8512"
+      > </a
+      ><a name="8513" class="Symbol"
+      >:</a
+      ><a name="8514"
+      > </a
+      ><a name="8515" class="Symbol"
+      >&#8704;</a
+      ><a name="8516"
+      > </a
+      ><a name="8517" class="Symbol"
+      >{</a
+      ><a name="8518" href="Maps.html#8518" class="Bound"
+      >A</a
+      ><a name="8519"
+      > </a
+      ><a name="8520" href="Maps.html#8520" class="Bound"
+      >v1</a
+      ><a name="8522"
+      > </a
+      ><a name="8523" href="Maps.html#8523" class="Bound"
+      >v2</a
+      ><a name="8525" class="Symbol"
+      >}</a
+      ><a name="8526"
+      > </a
+      ><a name="8527" class="Symbol"
+      >(</a
+      ><a name="8528" href="Maps.html#8528" class="Bound"
+      >m</a
+      ><a name="8529"
+      > </a
+      ><a name="8530" class="Symbol"
+      >:</a
+      ><a name="8531"
+      > </a
+      ><a name="8532" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="8540"
+      > </a
+      ><a name="8541" href="Maps.html#8518" class="Bound"
+      >A</a
+      ><a name="8542" class="Symbol"
+      >)</a
+      ><a name="8543"
+      > </a
+      ><a name="8544" class="Symbol"
+      >(</a
+      ><a name="8545" href="Maps.html#8545" class="Bound"
+      >x1</a
+      ><a name="8547"
+      > </a
+      ><a name="8548" href="Maps.html#8548" class="Bound"
+      >x2</a
+      ><a name="8550"
+      > </a
+      ><a name="8551" href="Maps.html#8551" class="Bound"
+      >y</a
+      ><a name="8552"
+      > </a
+      ><a name="8553" class="Symbol"
+      >:</a
+      ><a name="8554"
+      > </a
+      ><a name="8555" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="8557" class="Symbol"
+      >)</a
+      ><a name="8558"
+      >
+                   </a
+      ><a name="8578" class="Symbol"
+      >&#8594;</a
+      ><a name="8579"
+      > </a
+      ><a name="8580" href="Maps.html#8545" class="Bound"
+      >x1</a
+      ><a name="8582"
+      > </a
+      ><a name="8583" href="https://agda.github.io/agda-stdlib/Relation.Binary.Core.html#4493" class="Function Operator"
+      >&#8802;</a
+      ><a name="8584"
+      > </a
+      ><a name="8585" href="Maps.html#8548" class="Bound"
+      >x2</a
+      ><a name="8587"
+      > </a
+      ><a name="8588" class="Symbol"
+      >&#8594;</a
+      ><a name="8589"
+      > </a
+      ><a name="8590" class="Symbol"
+      >(</a
+      ><a name="8591" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="8597"
+      > </a
+      ><a name="8598" class="Symbol"
+      >(</a
+      ><a name="8599" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="8605"
+      > </a
+      ><a name="8606" href="Maps.html#8528" class="Bound"
+      >m</a
+      ><a name="8607"
+      > </a
+      ><a name="8608" href="Maps.html#8548" class="Bound"
+      >x2</a
+      ><a name="8610"
+      > </a
+      ><a name="8611" href="Maps.html#8523" class="Bound"
+      >v2</a
+      ><a name="8613" class="Symbol"
+      >)</a
+      ><a name="8614"
+      > </a
+      ><a name="8615" href="Maps.html#8545" class="Bound"
+      >x1</a
+      ><a name="8617"
+      > </a
+      ><a name="8618" href="Maps.html#8520" class="Bound"
+      >v1</a
+      ><a name="8620" class="Symbol"
+      >)</a
+      ><a name="8621"
+      > </a
+      ><a name="8622" href="Maps.html#8551" class="Bound"
+      >y</a
+      ><a name="8623"
+      >
+                             </a
+      ><a name="8653" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="8654"
+      > </a
+      ><a name="8655" class="Symbol"
+      >(</a
+      ><a name="8656" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="8662"
+      > </a
+      ><a name="8663" class="Symbol"
+      >(</a
+      ><a name="8664" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="8670"
+      > </a
+      ><a name="8671" href="Maps.html#8528" class="Bound"
+      >m</a
+      ><a name="8672"
+      > </a
+      ><a name="8673" href="Maps.html#8545" class="Bound"
+      >x1</a
+      ><a name="8675"
+      > </a
+      ><a name="8676" href="Maps.html#8520" class="Bound"
+      >v1</a
+      ><a name="8678" class="Symbol"
+      >)</a
+      ><a name="8679"
+      > </a
+      ><a name="8680" href="Maps.html#8548" class="Bound"
+      >x2</a
+      ><a name="8682"
+      > </a
+      ><a name="8683" href="Maps.html#8523" class="Bound"
+      >v2</a
+      ><a name="8685" class="Symbol"
+      >)</a
+      ><a name="8686"
+      > </a
+      ><a name="8687" href="Maps.html#8551" class="Bound"
+      >y</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+  <a name="8737" href="Maps.html#8737" class="Function"
+      >update-permute&#8242;</a
+      ><a name="8752"
+      > </a
+      ><a name="8753" class="Symbol"
+      >:</a
+      ><a name="8754"
+      > </a
+      ><a name="8755" class="Symbol"
+      >&#8704;</a
+      ><a name="8756"
+      > </a
+      ><a name="8757" class="Symbol"
+      >{</a
+      ><a name="8758" href="Maps.html#8758" class="Bound"
+      >A</a
+      ><a name="8759"
+      > </a
+      ><a name="8760" href="Maps.html#8760" class="Bound"
+      >v1</a
+      ><a name="8762"
+      > </a
+      ><a name="8763" href="Maps.html#8763" class="Bound"
+      >v2</a
+      ><a name="8765" class="Symbol"
+      >}</a
+      ><a name="8766"
+      > </a
+      ><a name="8767" class="Symbol"
+      >(</a
+      ><a name="8768" href="Maps.html#8768" class="Bound"
+      >m</a
+      ><a name="8769"
+      > </a
+      ><a name="8770" class="Symbol"
+      >:</a
+      ><a name="8771"
+      > </a
+      ><a name="8772" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="8780"
+      > </a
+      ><a name="8781" href="Maps.html#8758" class="Bound"
+      >A</a
+      ><a name="8782" class="Symbol"
+      >)</a
+      ><a name="8783"
+      > </a
+      ><a name="8784" class="Symbol"
+      >(</a
+      ><a name="8785" href="Maps.html#8785" class="Bound"
+      >x1</a
+      ><a name="8787"
+      > </a
+      ><a name="8788" href="Maps.html#8788" class="Bound"
+      >x2</a
+      ><a name="8790"
+      > </a
+      ><a name="8791" href="Maps.html#8791" class="Bound"
+      >y</a
+      ><a name="8792"
+      > </a
+      ><a name="8793" class="Symbol"
+      >:</a
+      ><a name="8794"
+      > </a
+      ><a name="8795" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="8797" class="Symbol"
+      >)</a
+      ><a name="8798"
+      >
+                  </a
+      ><a name="8817" class="Symbol"
+      >&#8594;</a
+      ><a name="8818"
+      > </a
+      ><a name="8819" href="Maps.html#8785" class="Bound"
+      >x1</a
+      ><a name="8821"
+      > </a
+      ><a name="8822" href="https://agda.github.io/agda-stdlib/Relation.Binary.Core.html#4493" class="Function Operator"
+      >&#8802;</a
+      ><a name="8823"
+      > </a
+      ><a name="8824" href="Maps.html#8788" class="Bound"
+      >x2</a
+      ><a name="8826"
+      > </a
+      ><a name="8827" class="Symbol"
+      >&#8594;</a
+      ><a name="8828"
+      > </a
+      ><a name="8829" class="Symbol"
+      >(</a
+      ><a name="8830" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="8836"
+      > </a
+      ><a name="8837" class="Symbol"
+      >(</a
+      ><a name="8838" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="8844"
+      > </a
+      ><a name="8845" href="Maps.html#8768" class="Bound"
+      >m</a
+      ><a name="8846"
+      > </a
+      ><a name="8847" href="Maps.html#8788" class="Bound"
+      >x2</a
+      ><a name="8849"
+      > </a
+      ><a name="8850" href="Maps.html#8763" class="Bound"
+      >v2</a
+      ><a name="8852" class="Symbol"
+      >)</a
+      ><a name="8853"
+      > </a
+      ><a name="8854" href="Maps.html#8785" class="Bound"
+      >x1</a
+      ><a name="8856"
+      > </a
+      ><a name="8857" href="Maps.html#8760" class="Bound"
+      >v1</a
+      ><a name="8859" class="Symbol"
+      >)</a
+      ><a name="8860"
+      > </a
+      ><a name="8861" href="Maps.html#8791" class="Bound"
+      >y</a
+      ><a name="8862"
+      >
+                            </a
+      ><a name="8891" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="8892"
+      > </a
+      ><a name="8893" class="Symbol"
+      >(</a
+      ><a name="8894" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="8900"
+      > </a
+      ><a name="8901" class="Symbol"
+      >(</a
+      ><a name="8902" href="Maps.html#4179" class="Function"
+      >update</a
+      ><a name="8908"
+      > </a
+      ><a name="8909" href="Maps.html#8768" class="Bound"
+      >m</a
+      ><a name="8910"
+      > </a
+      ><a name="8911" href="Maps.html#8785" class="Bound"
+      >x1</a
+      ><a name="8913"
+      > </a
+      ><a name="8914" href="Maps.html#8760" class="Bound"
+      >v1</a
+      ><a name="8916" class="Symbol"
+      >)</a
+      ><a name="8917"
+      > </a
+      ><a name="8918" href="Maps.html#8788" class="Bound"
+      >x2</a
+      ><a name="8920"
+      > </a
+      ><a name="8921" href="Maps.html#8763" class="Bound"
+      >v2</a
+      ><a name="8923" class="Symbol"
+      >)</a
+      ><a name="8924"
+      > </a
+      ><a name="8925" href="Maps.html#8791" class="Bound"
+      >y</a
+      ><a name="8926"
+      >
+  </a
+      ><a name="8929" href="Maps.html#8737" class="Function"
+      >update-permute&#8242;</a
+      ><a name="8944"
+      > </a
+      ><a name="8945" class="Symbol"
+      >{</a
+      ><a name="8946" href="Maps.html#8946" class="Bound"
+      >A</a
+      ><a name="8947" class="Symbol"
+      >}</a
+      ><a name="8948"
+      > </a
+      ><a name="8949" class="Symbol"
+      >{</a
+      ><a name="8950" href="Maps.html#8950" class="Bound"
+      >v1</a
+      ><a name="8952" class="Symbol"
+      >}</a
+      ><a name="8953"
+      > </a
+      ><a name="8954" class="Symbol"
+      >{</a
+      ><a name="8955" href="Maps.html#8955" class="Bound"
+      >v2</a
+      ><a name="8957" class="Symbol"
+      >}</a
+      ><a name="8958"
+      > </a
+      ><a name="8959" href="Maps.html#8959" class="Bound"
+      >m</a
+      ><a name="8960"
+      > </a
+      ><a name="8961" href="Maps.html#8961" class="Bound"
+      >x1</a
+      ><a name="8963"
+      > </a
+      ><a name="8964" href="Maps.html#8964" class="Bound"
+      >x2</a
+      ><a name="8966"
+      > </a
+      ><a name="8967" href="Maps.html#8967" class="Bound"
+      >y</a
+      ><a name="8968"
+      > </a
+      ><a name="8969" href="Maps.html#8969" class="Bound"
+      >x1&#8800;x2</a
+      ><a name="8974"
+      >
+    </a
+      ><a name="8979" class="Keyword"
+      >with</a
+      ><a name="8983"
+      > </a
+      ><a name="8984" href="Maps.html#8961" class="Bound"
+      >x1</a
+      ><a name="8986"
+      > </a
+      ><a name="8987" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="8988"
+      > </a
+      ><a name="8989" href="Maps.html#8967" class="Bound"
+      >y</a
+      ><a name="8990"
+      > </a
+      ><a name="8991" class="Symbol"
+      >|</a
+      ><a name="8992"
+      > </a
+      ><a name="8993" href="Maps.html#8964" class="Bound"
+      >x2</a
+      ><a name="8995"
+      > </a
+      ><a name="8996" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="8997"
+      > </a
+      ><a name="8998" href="Maps.html#8967" class="Bound"
+      >y</a
+      ><a name="8999"
+      >
+  </a
+      ><a name="9002" class="Symbol"
+      >...</a
+      ><a name="9005"
+      > </a
+      ><a name="9006" class="Symbol"
+      >|</a
+      ><a name="9007"
+      > </a
+      ><a name="9008" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="9011"
+      > </a
+      ><a name="9012" href="Maps.html#9012" class="Bound"
+      >x1=y</a
+      ><a name="9016"
+      > </a
+      ><a name="9017" class="Symbol"
+      >|</a
+      ><a name="9018"
+      > </a
+      ><a name="9019" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="9022"
+      > </a
+      ><a name="9023" href="Maps.html#9023" class="Bound"
+      >x2=y</a
+      ><a name="9027"
+      > </a
+      ><a name="9028" class="Symbol"
+      >=</a
+      ><a name="9029"
+      > </a
+      ><a name="9030" href="https://agda.github.io/agda-stdlib/Data.Empty.html#348" class="Function"
+      >&#8869;-elim</a
+      ><a name="9036"
+      > </a
+      ><a name="9037" class="Symbol"
+      >(</a
+      ><a name="9038" href="Maps.html#8969" class="Bound"
+      >x1&#8800;x2</a
+      ><a name="9043"
+      > </a
+      ><a name="9044" class="Symbol"
+      >(</a
+      ><a name="9045" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.Core.html#632" class="Function"
+      >trans</a
+      ><a name="9050"
+      > </a
+      ><a name="9051" href="Maps.html#9012" class="Bound"
+      >x1=y</a
+      ><a name="9055"
+      > </a
+      ><a name="9056" class="Symbol"
+      >(</a
+      ><a name="9057" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.Core.html#565" class="Function"
+      >sym</a
+      ><a name="9060"
+      > </a
+      ><a name="9061" href="Maps.html#9023" class="Bound"
+      >x2=y</a
+      ><a name="9065" class="Symbol"
+      >)))</a
+      ><a name="9068"
+      >
+  </a
+      ><a name="9071" class="Symbol"
+      >...</a
+      ><a name="9074"
+      > </a
+      ><a name="9075" class="Symbol"
+      >|</a
+      ><a name="9076"
+      > </a
+      ><a name="9077" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="9079"
+      >  </a
+      ><a name="9081" href="Maps.html#9081" class="Bound"
+      >x1&#8800;y</a
+      ><a name="9085"
+      > </a
+      ><a name="9086" class="Symbol"
+      >|</a
+      ><a name="9087"
+      > </a
+      ><a name="9088" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="9091"
+      > </a
+      ><a name="9092" href="Maps.html#9092" class="Bound"
+      >x2=y</a
+      ><a name="9096"
+      > </a
+      ><a name="9097" class="Keyword"
+      >rewrite</a
+      ><a name="9104"
+      > </a
+      ><a name="9105" href="Maps.html#9092" class="Bound"
+      >x2=y</a
+      ><a name="9109"
+      > </a
+      ><a name="9110" class="Symbol"
+      >=</a
+      ><a name="9111"
+      > </a
+      ><a name="9112" href="Maps.html#6265" class="Function"
+      >update-eq&#8242;</a
+      ><a name="9122"
+      > </a
+      ><a name="9123" href="Maps.html#8959" class="Bound"
+      >m</a
+      ><a name="9124"
+      > </a
+      ><a name="9125" href="Maps.html#8967" class="Bound"
+      >y</a
+      ><a name="9126"
+      >
+  </a
+      ><a name="9129" class="Symbol"
+      >...</a
+      ><a name="9132"
+      > </a
+      ><a name="9133" class="Symbol"
+      >|</a
+      ><a name="9134"
+      > </a
+      ><a name="9135" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="9138"
+      > </a
+      ><a name="9139" href="Maps.html#9139" class="Bound"
+      >x1=y</a
+      ><a name="9143"
+      > </a
+      ><a name="9144" class="Symbol"
+      >|</a
+      ><a name="9145"
+      > </a
+      ><a name="9146" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="9148"
+      >  </a
+      ><a name="9150" href="Maps.html#9150" class="Bound"
+      >x2&#8800;y</a
+      ><a name="9154"
+      > </a
+      ><a name="9155" class="Keyword"
+      >rewrite</a
+      ><a name="9162"
+      > </a
+      ><a name="9163" href="Maps.html#9139" class="Bound"
+      >x1=y</a
+      ><a name="9167"
+      > </a
+      ><a name="9168" class="Symbol"
+      >=</a
+      ><a name="9169"
+      > </a
+      ><a name="9170" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.Core.html#565" class="Function"
+      >sym</a
+      ><a name="9173"
+      > </a
+      ><a name="9174" class="Symbol"
+      >(</a
+      ><a name="9175" href="Maps.html#6265" class="Function"
+      >update-eq&#8242;</a
+      ><a name="9185"
+      > </a
+      ><a name="9186" href="Maps.html#8959" class="Bound"
+      >m</a
+      ><a name="9187"
+      > </a
+      ><a name="9188" href="Maps.html#8967" class="Bound"
+      >y</a
+      ><a name="9189" class="Symbol"
+      >)</a
+      ><a name="9190"
+      >
+  </a
+      ><a name="9193" class="Symbol"
+      >...</a
+      ><a name="9196"
+      > </a
+      ><a name="9197" class="Symbol"
+      >|</a
+      ><a name="9198"
+      > </a
+      ><a name="9199" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="9201"
+      >  </a
+      ><a name="9203" href="Maps.html#9203" class="Bound"
+      >x1&#8800;y</a
+      ><a name="9207"
+      > </a
+      ><a name="9208" class="Symbol"
+      >|</a
+      ><a name="9209"
+      > </a
+      ><a name="9210" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="9212"
+      >  </a
+      ><a name="9214" href="Maps.html#9214" class="Bound"
+      >x2&#8800;y</a
+      ><a name="9218"
+      > </a
+      ><a name="9219" class="Symbol"
+      >=</a
+      ><a name="9220"
+      >
+    </a
+      ><a name="9225" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.Core.html#632" class="Function"
+      >trans</a
+      ><a name="9230"
+      > </a
+      ><a name="9231" class="Symbol"
+      >(</a
+      ><a name="9232" href="Maps.html#6690" class="Function"
+      >update-neq</a
+      ><a name="9242"
+      > </a
+      ><a name="9243" href="Maps.html#8959" class="Bound"
+      >m</a
+      ><a name="9244"
+      > </a
+      ><a name="9245" href="Maps.html#8964" class="Bound"
+      >x2</a
+      ><a name="9247"
+      > </a
+      ><a name="9248" href="Maps.html#8967" class="Bound"
+      >y</a
+      ><a name="9249"
+      > </a
+      ><a name="9250" href="Maps.html#9214" class="Bound"
+      >x2&#8800;y</a
+      ><a name="9254" class="Symbol"
+      >)</a
+      ><a name="9255"
+      > </a
+      ><a name="9256" class="Symbol"
+      >(</a
+      ><a name="9257" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.Core.html#565" class="Function"
+      >sym</a
+      ><a name="9260"
+      > </a
+      ><a name="9261" class="Symbol"
+      >(</a
+      ><a name="9262" href="Maps.html#6690" class="Function"
+      >update-neq</a
+      ><a name="9272"
+      > </a
+      ><a name="9273" href="Maps.html#8959" class="Bound"
+      >m</a
+      ><a name="9274"
+      > </a
+      ><a name="9275" href="Maps.html#8961" class="Bound"
+      >x1</a
+      ><a name="9277"
+      > </a
+      ><a name="9278" href="Maps.html#8967" class="Bound"
+      >y</a
+      ><a name="9279"
+      > </a
+      ><a name="9280" href="Maps.html#9203" class="Bound"
+      >x1&#8800;y</a
+      ><a name="9284" class="Symbol"
+      >))</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+## Partial maps
+
+Finally, we define _partial maps_ on top of total maps.  A partial
+map with elements of type `A` is simply a total map with elements
+of type `Maybe A` and default element `nothing`.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="9519" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="9529"
+      > </a
+      ><a name="9530" class="Symbol"
+      >:</a
+      ><a name="9531"
+      > </a
+      ><a name="9532" class="PrimitiveType"
+      >Set</a
+      ><a name="9535"
+      > </a
+      ><a name="9536" class="Symbol"
+      >&#8594;</a
+      ><a name="9537"
+      > </a
+      ><a name="9538" class="PrimitiveType"
+      >Set</a
+      ><a name="9541"
+      >
+</a
+      ><a name="9542" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="9552"
+      > </a
+      ><a name="9553" href="Maps.html#9553" class="Bound"
+      >A</a
+      ><a name="9554"
+      > </a
+      ><a name="9555" class="Symbol"
+      >=</a
+      ><a name="9556"
+      > </a
+      ><a name="9557" href="Maps.html#3509" class="Function"
+      >TotalMap</a
+      ><a name="9565"
+      > </a
+      ><a name="9566" class="Symbol"
+      >(</a
+      ><a name="9567" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#335" class="Datatype"
+      >Maybe</a
+      ><a name="9572"
+      > </a
+      ><a name="9573" href="Maps.html#9553" class="Bound"
+      >A</a
+      ><a name="9574" class="Symbol"
+      >)</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+<a name="9601" class="Keyword"
+      >module</a
+      ><a name="9607"
+      > </a
+      ><a name="9608" href="Maps.html#9608" class="Module"
+      >PartialMap</a
+      ><a name="9618"
+      > </a
+      ><a name="9619" class="Keyword"
+      >where</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="9652" href="Maps.html#9652" class="Function"
+      >empty</a
+      ><a name="9657"
+      > </a
+      ><a name="9658" class="Symbol"
+      >:</a
+      ><a name="9659"
+      > </a
+      ><a name="9660" class="Symbol"
+      >&#8704;</a
+      ><a name="9661"
+      > </a
+      ><a name="9662" class="Symbol"
+      >{</a
+      ><a name="9663" href="Maps.html#9663" class="Bound"
+      >A</a
+      ><a name="9664" class="Symbol"
+      >}</a
+      ><a name="9665"
+      > </a
+      ><a name="9666" class="Symbol"
+      >&#8594;</a
+      ><a name="9667"
+      > </a
+      ><a name="9668" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="9678"
+      > </a
+      ><a name="9679" href="Maps.html#9663" class="Bound"
+      >A</a
+      ><a name="9680"
+      >
+  </a
+      ><a name="9683" href="Maps.html#9652" class="Function"
+      >empty</a
+      ><a name="9688"
+      > </a
+      ><a name="9689" class="Symbol"
+      >=</a
+      ><a name="9690"
+      > </a
+      ><a name="9691" href="Maps.html#3891" class="Function"
+      >TotalMap.empty</a
+      ><a name="9705"
+      > </a
+      ><a name="9706" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#403" class="InductiveConstructor"
+      >nothing</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="9741" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="9747"
+      > </a
+      ><a name="9748" class="Symbol"
+      >:</a
+      ><a name="9749"
+      > </a
+      ><a name="9750" class="Symbol"
+      >&#8704;</a
+      ><a name="9751"
+      > </a
+      ><a name="9752" class="Symbol"
+      >{</a
+      ><a name="9753" href="Maps.html#9753" class="Bound"
+      >A</a
+      ><a name="9754" class="Symbol"
+      >}</a
+      ><a name="9755"
+      > </a
+      ><a name="9756" class="Symbol"
+      >(</a
+      ><a name="9757" href="Maps.html#9757" class="Bound"
+      >m</a
+      ><a name="9758"
+      > </a
+      ><a name="9759" class="Symbol"
+      >:</a
+      ><a name="9760"
+      > </a
+      ><a name="9761" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="9771"
+      > </a
+      ><a name="9772" href="Maps.html#9753" class="Bound"
+      >A</a
+      ><a name="9773" class="Symbol"
+      >)</a
+      ><a name="9774"
+      > </a
+      ><a name="9775" class="Symbol"
+      >(</a
+      ><a name="9776" href="Maps.html#9776" class="Bound"
+      >x</a
+      ><a name="9777"
+      > </a
+      ><a name="9778" class="Symbol"
+      >:</a
+      ><a name="9779"
+      > </a
+      ><a name="9780" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="9782" class="Symbol"
+      >)</a
+      ><a name="9783"
+      > </a
+      ><a name="9784" class="Symbol"
+      >(</a
+      ><a name="9785" href="Maps.html#9785" class="Bound"
+      >v</a
+      ><a name="9786"
+      > </a
+      ><a name="9787" class="Symbol"
+      >:</a
+      ><a name="9788"
+      > </a
+      ><a name="9789" href="Maps.html#9753" class="Bound"
+      >A</a
+      ><a name="9790" class="Symbol"
+      >)</a
+      ><a name="9791"
+      > </a
+      ><a name="9792" class="Symbol"
+      >&#8594;</a
+      ><a name="9793"
+      > </a
+      ><a name="9794" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="9804"
+      > </a
+      ><a name="9805" href="Maps.html#9753" class="Bound"
+      >A</a
+      ><a name="9806"
+      >
+  </a
+      ><a name="9809" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="9815"
+      > </a
+      ><a name="9816" href="Maps.html#9816" class="Bound"
+      >m</a
+      ><a name="9817"
+      > </a
+      ><a name="9818" href="Maps.html#9818" class="Bound"
+      >x</a
+      ><a name="9819"
+      > </a
+      ><a name="9820" href="Maps.html#9820" class="Bound"
+      >v</a
+      ><a name="9821"
+      > </a
+      ><a name="9822" class="Symbol"
+      >=</a
+      ><a name="9823"
+      > </a
+      ><a name="9824" href="Maps.html#4179" class="Function"
+      >TotalMap.update</a
+      ><a name="9839"
+      > </a
+      ><a name="9840" href="Maps.html#9816" class="Bound"
+      >m</a
+      ><a name="9841"
+      > </a
+      ><a name="9842" href="Maps.html#9818" class="Bound"
+      >x</a
+      ><a name="9843"
+      > </a
+      ><a name="9844" class="Symbol"
+      >(</a
+      ><a name="9845" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#373" class="InductiveConstructor"
+      >just</a
+      ><a name="9849"
+      > </a
+      ><a name="9850" href="Maps.html#9820" class="Bound"
+      >v</a
+      ><a name="9851" class="Symbol"
+      >)</a
+      >
+</pre><!--{% endraw %}-->
+
+We can now lift all of the basic lemmas about total maps to
+partial maps.
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="9955" href="Maps.html#9955" class="Function"
+      >update-eq</a
+      ><a name="9964"
+      > </a
+      ><a name="9965" class="Symbol"
+      >:</a
+      ><a name="9966"
+      > </a
+      ><a name="9967" class="Symbol"
+      >&#8704;</a
+      ><a name="9968"
+      > </a
+      ><a name="9969" class="Symbol"
+      >{</a
+      ><a name="9970" href="Maps.html#9970" class="Bound"
+      >A</a
+      ><a name="9971"
+      > </a
+      ><a name="9972" href="Maps.html#9972" class="Bound"
+      >v</a
+      ><a name="9973" class="Symbol"
+      >}</a
+      ><a name="9974"
+      > </a
+      ><a name="9975" class="Symbol"
+      >(</a
+      ><a name="9976" href="Maps.html#9976" class="Bound"
+      >m</a
+      ><a name="9977"
+      > </a
+      ><a name="9978" class="Symbol"
+      >:</a
+      ><a name="9979"
+      > </a
+      ><a name="9980" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="9990"
+      > </a
+      ><a name="9991" href="Maps.html#9970" class="Bound"
+      >A</a
+      ><a name="9992" class="Symbol"
+      >)</a
+      ><a name="9993"
+      > </a
+      ><a name="9994" class="Symbol"
+      >(</a
+      ><a name="9995" href="Maps.html#9995" class="Bound"
+      >x</a
+      ><a name="9996"
+      > </a
+      ><a name="9997" class="Symbol"
+      >:</a
+      ><a name="9998"
+      > </a
+      ><a name="9999" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="10001" class="Symbol"
+      >)</a
+      ><a name="10002"
+      >
+            </a
+      ><a name="10015" class="Symbol"
+      >&#8594;</a
+      ><a name="10016"
+      > </a
+      ><a name="10017" class="Symbol"
+      >(</a
+      ><a name="10018" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10024"
+      > </a
+      ><a name="10025" href="Maps.html#9976" class="Bound"
+      >m</a
+      ><a name="10026"
+      > </a
+      ><a name="10027" href="Maps.html#9995" class="Bound"
+      >x</a
+      ><a name="10028"
+      > </a
+      ><a name="10029" href="Maps.html#9972" class="Bound"
+      >v</a
+      ><a name="10030" class="Symbol"
+      >)</a
+      ><a name="10031"
+      > </a
+      ><a name="10032" href="Maps.html#9995" class="Bound"
+      >x</a
+      ><a name="10033"
+      > </a
+      ><a name="10034" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="10035"
+      > </a
+      ><a name="10036" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#373" class="InductiveConstructor"
+      >just</a
+      ><a name="10040"
+      > </a
+      ><a name="10041" href="Maps.html#9972" class="Bound"
+      >v</a
+      ><a name="10042"
+      >
+  </a
+      ><a name="10045" href="Maps.html#9955" class="Function"
+      >update-eq</a
+      ><a name="10054"
+      > </a
+      ><a name="10055" href="Maps.html#10055" class="Bound"
+      >m</a
+      ><a name="10056"
+      > </a
+      ><a name="10057" href="Maps.html#10057" class="Bound"
+      >x</a
+      ><a name="10058"
+      > </a
+      ><a name="10059" class="Symbol"
+      >=</a
+      ><a name="10060"
+      > </a
+      ><a name="10061" href="Maps.html#6134" class="Postulate"
+      >TotalMap.update-eq</a
+      ><a name="10079"
+      > </a
+      ><a name="10080" href="Maps.html#10055" class="Bound"
+      >m</a
+      ><a name="10081"
+      > </a
+      ><a name="10082" href="Maps.html#10057" class="Bound"
+      >x</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="10111" href="Maps.html#10111" class="Function"
+      >update-neq</a
+      ><a name="10121"
+      > </a
+      ><a name="10122" class="Symbol"
+      >:</a
+      ><a name="10123"
+      > </a
+      ><a name="10124" class="Symbol"
+      >&#8704;</a
+      ><a name="10125"
+      > </a
+      ><a name="10126" class="Symbol"
+      >{</a
+      ><a name="10127" href="Maps.html#10127" class="Bound"
+      >A</a
+      ><a name="10128"
+      > </a
+      ><a name="10129" href="Maps.html#10129" class="Bound"
+      >v</a
+      ><a name="10130" class="Symbol"
+      >}</a
+      ><a name="10131"
+      > </a
+      ><a name="10132" class="Symbol"
+      >(</a
+      ><a name="10133" href="Maps.html#10133" class="Bound"
+      >m</a
+      ><a name="10134"
+      > </a
+      ><a name="10135" class="Symbol"
+      >:</a
+      ><a name="10136"
+      > </a
+      ><a name="10137" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="10147"
+      > </a
+      ><a name="10148" href="Maps.html#10127" class="Bound"
+      >A</a
+      ><a name="10149" class="Symbol"
+      >)</a
+      ><a name="10150"
+      > </a
+      ><a name="10151" class="Symbol"
+      >(</a
+      ><a name="10152" href="Maps.html#10152" class="Bound"
+      >x</a
+      ><a name="10153"
+      > </a
+      ><a name="10154" href="Maps.html#10154" class="Bound"
+      >y</a
+      ><a name="10155"
+      > </a
+      ><a name="10156" class="Symbol"
+      >:</a
+      ><a name="10157"
+      > </a
+      ><a name="10158" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="10160" class="Symbol"
+      >)</a
+      ><a name="10161"
+      >
+             </a
+      ><a name="10175" class="Symbol"
+      >&#8594;</a
+      ><a name="10176"
+      > </a
+      ><a name="10177" href="Maps.html#10152" class="Bound"
+      >x</a
+      ><a name="10178"
+      > </a
+      ><a name="10179" href="https://agda.github.io/agda-stdlib/Relation.Binary.Core.html#4493" class="Function Operator"
+      >&#8802;</a
+      ><a name="10180"
+      > </a
+      ><a name="10181" href="Maps.html#10154" class="Bound"
+      >y</a
+      ><a name="10182"
+      > </a
+      ><a name="10183" class="Symbol"
+      >&#8594;</a
+      ><a name="10184"
+      > </a
+      ><a name="10185" class="Symbol"
+      >(</a
+      ><a name="10186" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10192"
+      > </a
+      ><a name="10193" href="Maps.html#10133" class="Bound"
+      >m</a
+      ><a name="10194"
+      > </a
+      ><a name="10195" href="Maps.html#10152" class="Bound"
+      >x</a
+      ><a name="10196"
+      > </a
+      ><a name="10197" href="Maps.html#10129" class="Bound"
+      >v</a
+      ><a name="10198" class="Symbol"
+      >)</a
+      ><a name="10199"
+      > </a
+      ><a name="10200" href="Maps.html#10154" class="Bound"
+      >y</a
+      ><a name="10201"
+      > </a
+      ><a name="10202" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="10203"
+      > </a
+      ><a name="10204" href="Maps.html#10133" class="Bound"
+      >m</a
+      ><a name="10205"
+      > </a
+      ><a name="10206" href="Maps.html#10154" class="Bound"
+      >y</a
+      ><a name="10207"
+      >
+  </a
+      ><a name="10210" href="Maps.html#10111" class="Function"
+      >update-neq</a
+      ><a name="10220"
+      > </a
+      ><a name="10221" href="Maps.html#10221" class="Bound"
+      >m</a
+      ><a name="10222"
+      > </a
+      ><a name="10223" href="Maps.html#10223" class="Bound"
+      >x</a
+      ><a name="10224"
+      > </a
+      ><a name="10225" href="Maps.html#10225" class="Bound"
+      >y</a
+      ><a name="10226"
+      > </a
+      ><a name="10227" href="Maps.html#10227" class="Bound"
+      >x&#8800;y</a
+      ><a name="10230"
+      > </a
+      ><a name="10231" class="Symbol"
+      >=</a
+      ><a name="10232"
+      > </a
+      ><a name="10233" href="Maps.html#6690" class="Function"
+      >TotalMap.update-neq</a
+      ><a name="10252"
+      > </a
+      ><a name="10253" href="Maps.html#10221" class="Bound"
+      >m</a
+      ><a name="10254"
+      > </a
+      ><a name="10255" href="Maps.html#10223" class="Bound"
+      >x</a
+      ><a name="10256"
+      > </a
+      ><a name="10257" href="Maps.html#10225" class="Bound"
+      >y</a
+      ><a name="10258"
+      > </a
+      ><a name="10259" href="Maps.html#10227" class="Bound"
+      >x&#8800;y</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="10290" href="Maps.html#10290" class="Function"
+      >update-shadow</a
+      ><a name="10303"
+      > </a
+      ><a name="10304" class="Symbol"
+      >:</a
+      ><a name="10305"
+      > </a
+      ><a name="10306" class="Symbol"
+      >&#8704;</a
+      ><a name="10307"
+      > </a
+      ><a name="10308" class="Symbol"
+      >{</a
+      ><a name="10309" href="Maps.html#10309" class="Bound"
+      >A</a
+      ><a name="10310"
+      > </a
+      ><a name="10311" href="Maps.html#10311" class="Bound"
+      >v1</a
+      ><a name="10313"
+      > </a
+      ><a name="10314" href="Maps.html#10314" class="Bound"
+      >v2</a
+      ><a name="10316" class="Symbol"
+      >}</a
+      ><a name="10317"
+      > </a
+      ><a name="10318" class="Symbol"
+      >(</a
+      ><a name="10319" href="Maps.html#10319" class="Bound"
+      >m</a
+      ><a name="10320"
+      > </a
+      ><a name="10321" class="Symbol"
+      >:</a
+      ><a name="10322"
+      > </a
+      ><a name="10323" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="10333"
+      > </a
+      ><a name="10334" href="Maps.html#10309" class="Bound"
+      >A</a
+      ><a name="10335" class="Symbol"
+      >)</a
+      ><a name="10336"
+      > </a
+      ><a name="10337" class="Symbol"
+      >(</a
+      ><a name="10338" href="Maps.html#10338" class="Bound"
+      >x</a
+      ><a name="10339"
+      > </a
+      ><a name="10340" href="Maps.html#10340" class="Bound"
+      >y</a
+      ><a name="10341"
+      > </a
+      ><a name="10342" class="Symbol"
+      >:</a
+      ><a name="10343"
+      > </a
+      ><a name="10344" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="10346" class="Symbol"
+      >)</a
+      ><a name="10347"
+      >
+                </a
+      ><a name="10364" class="Symbol"
+      >&#8594;</a
+      ><a name="10365"
+      > </a
+      ><a name="10366" class="Symbol"
+      >(</a
+      ><a name="10367" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10373"
+      > </a
+      ><a name="10374" class="Symbol"
+      >(</a
+      ><a name="10375" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10381"
+      > </a
+      ><a name="10382" href="Maps.html#10319" class="Bound"
+      >m</a
+      ><a name="10383"
+      > </a
+      ><a name="10384" href="Maps.html#10338" class="Bound"
+      >x</a
+      ><a name="10385"
+      > </a
+      ><a name="10386" href="Maps.html#10311" class="Bound"
+      >v1</a
+      ><a name="10388" class="Symbol"
+      >)</a
+      ><a name="10389"
+      > </a
+      ><a name="10390" href="Maps.html#10338" class="Bound"
+      >x</a
+      ><a name="10391"
+      > </a
+      ><a name="10392" href="Maps.html#10314" class="Bound"
+      >v2</a
+      ><a name="10394" class="Symbol"
+      >)</a
+      ><a name="10395"
+      > </a
+      ><a name="10396" href="Maps.html#10340" class="Bound"
+      >y</a
+      ><a name="10397"
+      > </a
+      ><a name="10398" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="10399"
+      > </a
+      ><a name="10400" class="Symbol"
+      >(</a
+      ><a name="10401" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10407"
+      > </a
+      ><a name="10408" href="Maps.html#10319" class="Bound"
+      >m</a
+      ><a name="10409"
+      > </a
+      ><a name="10410" href="Maps.html#10338" class="Bound"
+      >x</a
+      ><a name="10411"
+      > </a
+      ><a name="10412" href="Maps.html#10314" class="Bound"
+      >v2</a
+      ><a name="10414" class="Symbol"
+      >)</a
+      ><a name="10415"
+      > </a
+      ><a name="10416" href="Maps.html#10340" class="Bound"
+      >y</a
+      ><a name="10417"
+      >
+  </a
+      ><a name="10420" href="Maps.html#10290" class="Function"
+      >update-shadow</a
+      ><a name="10433"
+      > </a
+      ><a name="10434" href="Maps.html#10434" class="Bound"
+      >m</a
+      ><a name="10435"
+      > </a
+      ><a name="10436" href="Maps.html#10436" class="Bound"
+      >x</a
+      ><a name="10437"
+      > </a
+      ><a name="10438" href="Maps.html#10438" class="Bound"
+      >y</a
+      ><a name="10439"
+      > </a
+      ><a name="10440" class="Symbol"
+      >=</a
+      ><a name="10441"
+      > </a
+      ><a name="10442" href="Maps.html#7262" class="Postulate"
+      >TotalMap.update-shadow</a
+      ><a name="10464"
+      > </a
+      ><a name="10465" href="Maps.html#10434" class="Bound"
+      >m</a
+      ><a name="10466"
+      > </a
+      ><a name="10467" href="Maps.html#10436" class="Bound"
+      >x</a
+      ><a name="10468"
+      > </a
+      ><a name="10469" href="Maps.html#10438" class="Bound"
+      >y</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="10498" href="Maps.html#10498" class="Function"
+      >update-same</a
+      ><a name="10509"
+      > </a
+      ><a name="10510" class="Symbol"
+      >:</a
+      ><a name="10511"
+      > </a
+      ><a name="10512" class="Symbol"
+      >&#8704;</a
+      ><a name="10513"
+      > </a
+      ><a name="10514" class="Symbol"
+      >{</a
+      ><a name="10515" href="Maps.html#10515" class="Bound"
+      >A</a
+      ><a name="10516"
+      > </a
+      ><a name="10517" href="Maps.html#10517" class="Bound"
+      >v</a
+      ><a name="10518" class="Symbol"
+      >}</a
+      ><a name="10519"
+      > </a
+      ><a name="10520" class="Symbol"
+      >(</a
+      ><a name="10521" href="Maps.html#10521" class="Bound"
+      >m</a
+      ><a name="10522"
+      > </a
+      ><a name="10523" class="Symbol"
+      >:</a
+      ><a name="10524"
+      > </a
+      ><a name="10525" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="10535"
+      > </a
+      ><a name="10536" href="Maps.html#10515" class="Bound"
+      >A</a
+      ><a name="10537" class="Symbol"
+      >)</a
+      ><a name="10538"
+      > </a
+      ><a name="10539" class="Symbol"
+      >(</a
+      ><a name="10540" href="Maps.html#10540" class="Bound"
+      >x</a
+      ><a name="10541"
+      > </a
+      ><a name="10542" href="Maps.html#10542" class="Bound"
+      >y</a
+      ><a name="10543"
+      > </a
+      ><a name="10544" class="Symbol"
+      >:</a
+      ><a name="10545"
+      > </a
+      ><a name="10546" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="10548" class="Symbol"
+      >)</a
+      ><a name="10549"
+      >
+              </a
+      ><a name="10564" class="Symbol"
+      >&#8594;</a
+      ><a name="10565"
+      > </a
+      ><a name="10566" href="Maps.html#10521" class="Bound"
+      >m</a
+      ><a name="10567"
+      > </a
+      ><a name="10568" href="Maps.html#10540" class="Bound"
+      >x</a
+      ><a name="10569"
+      > </a
+      ><a name="10570" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="10571"
+      > </a
+      ><a name="10572" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#373" class="InductiveConstructor"
+      >just</a
+      ><a name="10576"
+      > </a
+      ><a name="10577" href="Maps.html#10517" class="Bound"
+      >v</a
+      ><a name="10578"
+      >
+              </a
+      ><a name="10593" class="Symbol"
+      >&#8594;</a
+      ><a name="10594"
+      > </a
+      ><a name="10595" class="Symbol"
+      >(</a
+      ><a name="10596" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10602"
+      > </a
+      ><a name="10603" href="Maps.html#10521" class="Bound"
+      >m</a
+      ><a name="10604"
+      > </a
+      ><a name="10605" href="Maps.html#10540" class="Bound"
+      >x</a
+      ><a name="10606"
+      > </a
+      ><a name="10607" href="Maps.html#10517" class="Bound"
+      >v</a
+      ><a name="10608" class="Symbol"
+      >)</a
+      ><a name="10609"
+      > </a
+      ><a name="10610" href="Maps.html#10542" class="Bound"
+      >y</a
+      ><a name="10611"
+      > </a
+      ><a name="10612" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="10613"
+      > </a
+      ><a name="10614" href="Maps.html#10521" class="Bound"
+      >m</a
+      ><a name="10615"
+      > </a
+      ><a name="10616" href="Maps.html#10542" class="Bound"
+      >y</a
+      ><a name="10617"
+      >
+  </a
+      ><a name="10620" href="Maps.html#10498" class="Function"
+      >update-same</a
+      ><a name="10631"
+      > </a
+      ><a name="10632" href="Maps.html#10632" class="Bound"
+      >m</a
+      ><a name="10633"
+      > </a
+      ><a name="10634" href="Maps.html#10634" class="Bound"
+      >x</a
+      ><a name="10635"
+      > </a
+      ><a name="10636" href="Maps.html#10636" class="Bound"
+      >y</a
+      ><a name="10637"
+      > </a
+      ><a name="10638" href="Maps.html#10638" class="Bound"
+      >mx=v</a
+      ><a name="10642"
+      > </a
+      ><a name="10643" class="Keyword"
+      >rewrite</a
+      ><a name="10650"
+      > </a
+      ><a name="10651" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.Core.html#565" class="Function"
+      >sym</a
+      ><a name="10654"
+      > </a
+      ><a name="10655" href="Maps.html#10638" class="Bound"
+      >mx=v</a
+      ><a name="10659"
+      > </a
+      ><a name="10660" class="Symbol"
+      >=</a
+      ><a name="10661"
+      > </a
+      ><a name="10662" href="Maps.html#7918" class="Postulate"
+      >TotalMap.update-same</a
+      ><a name="10682"
+      > </a
+      ><a name="10683" href="Maps.html#10632" class="Bound"
+      >m</a
+      ><a name="10684"
+      > </a
+      ><a name="10685" href="Maps.html#10634" class="Bound"
+      >x</a
+      ><a name="10686"
+      > </a
+      ><a name="10687" href="Maps.html#10636" class="Bound"
+      >y</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+  <a name="10716" href="Maps.html#10716" class="Function"
+      >update-permute</a
+      ><a name="10730"
+      > </a
+      ><a name="10731" class="Symbol"
+      >:</a
+      ><a name="10732"
+      > </a
+      ><a name="10733" class="Symbol"
+      >&#8704;</a
+      ><a name="10734"
+      > </a
+      ><a name="10735" class="Symbol"
+      >{</a
+      ><a name="10736" href="Maps.html#10736" class="Bound"
+      >A</a
+      ><a name="10737"
+      > </a
+      ><a name="10738" href="Maps.html#10738" class="Bound"
+      >v1</a
+      ><a name="10740"
+      > </a
+      ><a name="10741" href="Maps.html#10741" class="Bound"
+      >v2</a
+      ><a name="10743" class="Symbol"
+      >}</a
+      ><a name="10744"
+      > </a
+      ><a name="10745" class="Symbol"
+      >(</a
+      ><a name="10746" href="Maps.html#10746" class="Bound"
+      >m</a
+      ><a name="10747"
+      > </a
+      ><a name="10748" class="Symbol"
+      >:</a
+      ><a name="10749"
+      > </a
+      ><a name="10750" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="10760"
+      > </a
+      ><a name="10761" href="Maps.html#10736" class="Bound"
+      >A</a
+      ><a name="10762" class="Symbol"
+      >)</a
+      ><a name="10763"
+      > </a
+      ><a name="10764" class="Symbol"
+      >(</a
+      ><a name="10765" href="Maps.html#10765" class="Bound"
+      >x1</a
+      ><a name="10767"
+      > </a
+      ><a name="10768" href="Maps.html#10768" class="Bound"
+      >x2</a
+      ><a name="10770"
+      > </a
+      ><a name="10771" href="Maps.html#10771" class="Bound"
+      >y</a
+      ><a name="10772"
+      > </a
+      ><a name="10773" class="Symbol"
+      >:</a
+      ><a name="10774"
+      > </a
+      ><a name="10775" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="10777" class="Symbol"
+      >)</a
+      ><a name="10778"
+      >
+                 </a
+      ><a name="10796" class="Symbol"
+      >&#8594;</a
+      ><a name="10797"
+      > </a
+      ><a name="10798" href="Maps.html#10765" class="Bound"
+      >x1</a
+      ><a name="10800"
+      > </a
+      ><a name="10801" href="https://agda.github.io/agda-stdlib/Relation.Binary.Core.html#4493" class="Function Operator"
+      >&#8802;</a
+      ><a name="10802"
+      > </a
+      ><a name="10803" href="Maps.html#10768" class="Bound"
+      >x2</a
+      ><a name="10805"
+      > </a
+      ><a name="10806" class="Symbol"
+      >&#8594;</a
+      ><a name="10807"
+      > </a
+      ><a name="10808" class="Symbol"
+      >(</a
+      ><a name="10809" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10815"
+      > </a
+      ><a name="10816" class="Symbol"
+      >(</a
+      ><a name="10817" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10823"
+      > </a
+      ><a name="10824" href="Maps.html#10746" class="Bound"
+      >m</a
+      ><a name="10825"
+      > </a
+      ><a name="10826" href="Maps.html#10768" class="Bound"
+      >x2</a
+      ><a name="10828"
+      > </a
+      ><a name="10829" href="Maps.html#10741" class="Bound"
+      >v2</a
+      ><a name="10831" class="Symbol"
+      >)</a
+      ><a name="10832"
+      > </a
+      ><a name="10833" href="Maps.html#10765" class="Bound"
+      >x1</a
+      ><a name="10835"
+      > </a
+      ><a name="10836" href="Maps.html#10738" class="Bound"
+      >v1</a
+      ><a name="10838" class="Symbol"
+      >)</a
+      ><a name="10839"
+      > </a
+      ><a name="10840" href="Maps.html#10771" class="Bound"
+      >y</a
+      ><a name="10841"
+      >
+                           </a
+      ><a name="10869" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="10870"
+      > </a
+      ><a name="10871" class="Symbol"
+      >(</a
+      ><a name="10872" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10878"
+      > </a
+      ><a name="10879" class="Symbol"
+      >(</a
+      ><a name="10880" href="Maps.html#9741" class="Function"
+      >update</a
+      ><a name="10886"
+      > </a
+      ><a name="10887" href="Maps.html#10746" class="Bound"
+      >m</a
+      ><a name="10888"
+      > </a
+      ><a name="10889" href="Maps.html#10765" class="Bound"
+      >x1</a
+      ><a name="10891"
+      > </a
+      ><a name="10892" href="Maps.html#10738" class="Bound"
+      >v1</a
+      ><a name="10894" class="Symbol"
+      >)</a
+      ><a name="10895"
+      > </a
+      ><a name="10896" href="Maps.html#10768" class="Bound"
+      >x2</a
+      ><a name="10898"
+      > </a
+      ><a name="10899" href="Maps.html#10741" class="Bound"
+      >v2</a
+      ><a name="10901" class="Symbol"
+      >)</a
+      ><a name="10902"
+      > </a
+      ><a name="10903" href="Maps.html#10771" class="Bound"
+      >y</a
+      ><a name="10904"
+      >
+  </a
+      ><a name="10907" href="Maps.html#10716" class="Function"
+      >update-permute</a
+      ><a name="10921"
+      > </a
+      ><a name="10922" href="Maps.html#10922" class="Bound"
+      >m</a
+      ><a name="10923"
+      > </a
+      ><a name="10924" href="Maps.html#10924" class="Bound"
+      >x1</a
+      ><a name="10926"
+      > </a
+      ><a name="10927" href="Maps.html#10927" class="Bound"
+      >x2</a
+      ><a name="10929"
+      > </a
+      ><a name="10930" href="Maps.html#10930" class="Bound"
+      >y</a
+      ><a name="10931"
+      > </a
+      ><a name="10932" href="Maps.html#10932" class="Bound"
+      >x1&#8800;x2</a
+      ><a name="10937"
+      > </a
+      ><a name="10938" class="Symbol"
+      >=</a
+      ><a name="10939"
+      > </a
+      ><a name="10940" href="Maps.html#8498" class="Postulate"
+      >TotalMap.update-permute</a
+      ><a name="10963"
+      > </a
+      ><a name="10964" href="Maps.html#10922" class="Bound"
+      >m</a
+      ><a name="10965"
+      > </a
+      ><a name="10966" href="Maps.html#10924" class="Bound"
+      >x1</a
+      ><a name="10968"
+      > </a
+      ><a name="10969" href="Maps.html#10927" class="Bound"
+      >x2</a
+      ><a name="10971"
+      > </a
+      ><a name="10972" href="Maps.html#10930" class="Bound"
+      >y</a
+      ><a name="10973"
+      > </a
+      ><a name="10974" href="Maps.html#10932" class="Bound"
+      >x1&#8800;x2</a
+      >
+</pre><!--{% endraw %}-->
diff --git a/Stlc.lagda b/Stlc.lagda
new file mode 100644
index 00000000..10416197
--- /dev/null
+++ b/Stlc.lagda
@@ -0,0 +1,735 @@
+---
+title         : "Stlc: The Simply Typed Lambda-Calculus"
+layout        : default
+hide-implicit : false
+extra-script : [agda-extra-script.html]
+extra-style  : [agda-extra-style.html]
+permalink     : "sf/Stlc.html"
+---
+
+\begin{code}
+module Stlc where
+\end{code}
+
+<div class="hidden">
+\begin{code}
+open import Maps using (Id; id; _≟_; PartialMap; module PartialMap)
+open import Data.Empty using (⊥; ⊥-elim)
+open import Data.Maybe using (Maybe; just; nothing)
+open import Data.Nat using (ℕ; suc; zero; _+_)
+open import Data.Product using (∃; ∄; _,_)
+open import Function using (_∘_; _$_)
+open import Relation.Nullary using (Dec; yes; no)
+open import Relation.Binary.PropositionalEquality using (_≡_; _≢_; refl)
+\end{code}
+</div>
+
+# The Simply Typed Lambda-Calculus
+
+The simply typed lambda-calculus (STLC) is a tiny core
+calculus embodying the key concept of _functional abstraction_,
+which shows up in pretty much every real-world programming
+language in some form (functions, procedures, methods, etc.).
+
+We will follow exactly the same pattern as in the previous chapter
+when formalizing this calculus (syntax, small-step semantics,
+typing rules) and its main properties (progress and preservation).
+The new technical challenges arise from the mechanisms of
+_variable binding_ and _substitution_.  It which will take some
+work to deal with these.
+
+
+## Overview
+
+The STLC is built on some collection of _base types_:
+booleans, numbers, strings, etc.  The exact choice of base types
+doesn't matter much---the construction of the language and its
+theoretical properties work out the same no matter what we
+choose---so for the sake of brevity let's take just $$bool$$ for
+the moment.  At the end of the chapter we'll see how to add more
+base types, and in later chapters we'll enrich the pure STLC with
+other useful constructs like pairs, records, subtyping, and
+mutable state.
+
+Starting from boolean constants and conditionals, we add three
+things:
+
+  - variables
+  - function abstractions
+  - application
+
+This gives us the following collection of abstract syntax
+constructors (written out first in informal BNF notation---we'll
+formalize it below).
+
+$$
+  \begin{array}{rll}
+    \text{Terms}\;s,t,u
+    ::=  & x & \text{variable} \\
+    \mid & \lambda x : A . t & \text{abstraction} \\
+    \mid & s\;t & \text{application} \\
+    \mid & true & \text{constant true} \\
+    \mid & false & \text{constant false} \\
+    \mid & \text{if }s\text{ then }t\text{ else }u & \text{conditional}
+  \end{array}
+$$
+
+In a lambda abstraction $$\lambda x : A . t$$, the variable $$x$$ is called the
+_parameter_ to the function; the term $$t$$ is its _body_.  The annotation $$:A$$
+specifies the type of arguments that the function can be applied to.
+
+Some examples:
+
+  - The identity function for booleans:
+
+    $$\lambda x:bool. x$$.
+  - The identity function for booleans, applied to the boolean $$true$$:
+
+    $$(\lambda x:bool. x)\;true$$.
+  - The boolean "not" function:
+
+    $$\lambda x:bool. \text{if }x\text{ then }false\text{ else }true$$.
+  - The constant function that takes every (boolean) argument to $$true$$:
+
+    $$\lambda x:bool. true$$.
+  - A two-argument function that takes two booleans and returns the
+    first one:
+
+    $$\lambda x:bool. \lambda y:bool. x$$.
+
+    As in Agda, a two-argument function is really a
+    one-argument function whose body is also a one-argument function.
+  - A two-argument function that takes two booleans and returns the
+    first one, applied to the booleans $$false$$ and $$true$$:
+
+    $$(\lambda x:bool. \lambda y:bool. x)\;false\;true$$.
+
+    As in Agda, application associates to the left---i.e., this
+    expression is parsed as
+
+    $$((\lambda x:bool. \lambda y:bool. x)\;false)\;true$$.
+
+  - A higher-order function that takes a _function_ $$f$$ (from booleans
+    to booleans) as an argument, applies $$f$$ to $$true$$, and applies
+    $$f$$ again to the result:
+
+    $$\lambda f:bool\rightarrow bool. f\;(f\;true)$$.
+
+  - The same higher-order function, applied to the constantly $$false$$
+    function:
+
+    $$(\lambda f:bool\rightarrow bool. f\;(f\;true))\;(\lambda x:bool. false)$$.
+
+As the last several examples show, the STLC is a language of
+_higher-order_ functions: we can write down functions that take
+other functions as arguments and/or return other functions as
+results.
+
+The STLC doesn't provide any primitive syntax for defining _named_
+functions---all functions are "anonymous."  We'll see in chapter
+`MoreStlc` that it is easy to add named functions to what we've
+got---indeed, the fundamental naming and binding mechanisms are
+exactly the same.
+
+The _types_ of the STLC include $$bool$$, which classifies the
+boolean constants $$true$$ and $$false$$ as well as more complex
+computations that yield booleans, plus _arrow types_ that classify
+functions.
+
+$$
+    \text{Types}\;A,B ::= bool \mid A \rightarrow B
+$$
+
+For example:
+
+  - $$\lambda x:bool. false$$ has type $$bool\rightarrow bool$$;
+  - $$\lambda x:bool. x$$ has type $$bool\rightarrow bool$$;
+  - $$(\lambda x:bool. x)\;true$$ has type $$bool$$;
+  - $$\lambda x:bool. \lambda y:bool. x$$ has type
+    $$bool\rightarrow bool\rightarrow bool$$
+    (i.e., $$bool\rightarrow (bool\rightarrow bool)$$)
+  - $$(\lambda x:bool. \lambda y:bool. x)\;false$$ has type $$bool\rightarrow bool$$
+  - $$(\lambda x:bool. \lambda y:bool. x)\;false\;true$$ has type $$bool$$
+
+## Syntax
+
+We begin by formalizing the syntax of the STLC.
+Unfortunately, $$\rightarrow$$ is already used for Agda's function type,
+so we will STLC's function type as `_⇒_`.
+
+
+### Types
+
+\begin{code}
+data Type : Set where
+  bool : Type
+  _⇒_  : Type → Type → Type
+\end{code}
+
+<div class="hidden">
+\begin{code}
+infixr 5 _⇒_
+\end{code}
+</div>
+
+
+### Terms
+
+\begin{code}
+data Term : Set where
+  var   : Id → Term
+  app   : Term → Term → Term
+  abs   : Id → Type → Term → Term
+  true  : Term
+  false : Term
+  if_then_else_ : Term → Term → Term → Term
+\end{code}
+
+<div class="hidden">
+\begin{code}
+infixr 8 if_then_else_
+\end{code}
+</div>
+
+Note that an abstraction $$\lambda x:A.t$$ (formally, `abs x A t`) is
+always annotated with the type $$A$$ of its parameter, in contrast
+to Agda (and other functional languages like ML, Haskell, etc.),
+which use _type inference_ to fill in missing annotations.  We're
+not considering type inference here.
+
+Some examples...
+
+\begin{code}
+x = id 0
+y = id 1
+z = id 2
+\end{code}
+
+<div class="hidden">
+\begin{code}
+{-# DISPLAY zero = x #-}
+{-# DISPLAY suc zero = y #-}
+{-# DISPLAY suc (suc zero) = z #-}
+\end{code}
+</div>
+
+$$\text{idB} = \lambda x:bool. x$$.
+
+\begin{code}
+idB = (abs x bool (var x))
+\end{code}
+
+$$\text{idBB} = \lambda x:bool\rightarrow bool. x$$.
+
+\begin{code}
+idBB = (abs x (bool ⇒ bool) (var x))
+\end{code}
+
+$$\text{idBBBB} = \lambda x:(bool\rightarrow bool)\rightarrow (bool\rightarrow bool). x$$.
+
+\begin{code}
+idBBBB = (abs x ((bool ⇒ bool) ⇒ (bool ⇒ bool)) (var x))
+\end{code}
+
+$$\text{k} = \lambda x:bool. \lambda y:bool. x$$.
+
+\begin{code}
+k = (abs x bool (abs y bool (var x)))
+\end{code}
+
+$$\text{notB} = \lambda x:bool. \text{if }x\text{ then }false\text{ else }true$$.
+
+\begin{code}
+notB = (abs x bool (if (var x) then false else true))
+\end{code}
+
+<div class="hidden">
+\begin{code}
+{-# DISPLAY abs 0 bool (var 0) = idB #-}
+{-# DISPLAY abs 0 (bool ⇒ bool) (var 0) = idBB #-}
+{-# DISPLAY abs 0 ((bool ⇒ bool) ⇒ (bool ⇒ bool)) (var 0) = idBBBB #-}
+{-# DISPLAY abs 0 bool (abs y bool (var 0)) = k #-}
+{-# DISPLAY abs 0 bool (if (var 0) then false else true) = notB #-}
+\end{code}
+</div>
+
+## Operational Semantics
+
+To define the small-step semantics of STLC terms, we begin,
+as always, by defining the set of values.  Next, we define the
+critical notions of _free variables_ and _substitution_, which are
+used in the reduction rule for application expressions.  And
+finally we give the small-step relation itself.
+
+### Values
+
+To define the values of the STLC, we have a few cases to consider.
+
+First, for the boolean part of the language, the situation is
+clear: $$true$$ and $$false$$ are the only values.  An $$\text{if}$$
+expression is never a value.
+
+Second, an application is clearly not a value: It represents a
+function being invoked on some argument, which clearly still has
+work left to do.
+
+Third, for abstractions, we have a choice:
+
+  - We can say that $$\lambda x:A. t$$ is a value only when $$t$$ is a
+    value---i.e., only if the function's body has been
+    reduced (as much as it can be without knowing what argument it
+    is going to be applied to).
+
+  - Or we can say that $$\lambda x:A. t$$ is always a value, no matter
+    whether $$t$$ is one or not---in other words, we can say that
+    reduction stops at abstractions.
+
+Agda makes the first choice---for example,
+
+\begin{code}
+test_normalizeUnderLambda : (λ (x : ℕ) → 3 + 4) ≡ (λ (x : ℕ) → 7)
+test_normalizeUnderLambda = refl
+\end{code}
+
+Most real-world functional programming languages make the second
+choice---reduction of a function's body only begins when the
+function is actually applied to an argument.  We also make the
+second choice here.
+
+\begin{code}
+data Value : Term → Set where
+  abs   : ∀ {x A t}
+        → Value (abs x A t)
+  true  : Value true
+  false : Value false
+\end{code}
+
+Finally, we must consider what constitutes a _complete_ program.
+
+Intuitively, a "complete program" must not refer to any undefined
+variables.  We'll see shortly how to define the _free_ variables
+in a STLC term.  A complete program is _closed_---that is, it
+contains no free variables.
+
+Having made the choice not to reduce under abstractions, we don't
+need to worry about whether variables are values, since we'll
+always be reducing programs "from the outside in," and that means
+the small-step relation will always be working with closed terms.
+
+
+### Substitution
+
+Now we come to the heart of the STLC: the operation of
+substituting one term for a variable in another term.  This
+operation is used below to define the operational semantics of
+function application, where we will need to substitute the
+argument term for the function parameter in the function's body.
+For example, we reduce
+
+$$(\lambda x:bool. \text{if }x\text{ then }true\text{ else }x)\;false$$
+
+to
+
+$$\text{if }false\text{ then }true\text{ else }false$$
+
+by substituting $$false$$ for the parameter $$x$$ in the body of the
+function.
+
+In general, we need to be able to substitute some given term $$s$$
+for occurrences of some variable $$x$$ in another term $$t$$.  In
+informal discussions, this is usually written $$[x:=s]t$$ and
+pronounced "substitute $$x$$ with $$s$$ in $$t$$."
+
+Here are some examples:
+
+  - $$[x:=true](\text{if }x\text{ then }x\text{ else }false)$$
+     yields $$\text{if }true\text{ then }true\text{ else }false$$
+
+  - $$[x:=true]x$$
+    yields $$true$$
+
+  - $$[x:=true](\text{if }x\text{ then }x\text{ else }y)$$
+    yields $$\text{if }true\text{ then }true\text{ else }y$$
+
+  - $$[x:=true]y$$
+    yields $$y$$
+
+  - $$[x:=true]false$$
+    yields $$false$$ (vacuous substitution)
+
+  - $$[x:=true](\lambda y:bool. \text{if }y\text{ then }x\text{ else }false)$$
+    yields $$\lambda y:bool. \text{if }y\text{ then }true\text{ else }false$$
+
+  - $$[x:=true](\lambda y:bool. x)$$
+    yields $$\lambda y:bool. true$$
+
+  - $$[x:=true](\lambda y:bool. y)$$
+    yields $$\lambda y:bool. y$$
+
+  - $$[x:=true](\lambda x:bool. x)$$
+    yields $$\lambda x:bool. x$$
+
+The last example is very important: substituting $$x$$ with $$true$$ in
+$$\lambda x:bool. x$$ does _not_ yield $$\lambda x:bool. true$$!  The reason for
+this is that the $$x$$ in the body of $$\lambda x:bool. x$$ is _bound_ by the
+abstraction: it is a new, local name that just happens to be
+spelled the same as some global name $$x$$.
+
+Here is the definition, informally...
+
+$$
+  \begin{aligned}
+    &[x:=s]x                &&= s \\
+    &[x:=s]y                &&= y \;\{\text{if }x\neq y\} \\
+    &[x:=s](\lambda x:A. t) &&= \lambda x:A. t \\
+    &[x:=s](\lambda y:A. t) &&= \lambda y:A. [x:=s]t \;\{\text{if }x\neq y\} \\
+    &[x:=s](t1\;t2)         &&= ([x:=s]t1) ([x:=s]t2) \\
+    &[x:=s]true             &&= true \\
+    &[x:=s]false            &&= false \\
+    &[x:=s](\text{if }t1\text{ then }t2\text{ else }t3) &&=
+       \text{if }[x:=s]t1\text{ then }[x:=s]t2\text{ else }[x:=s]t3
+  \end{aligned}
+$$
+
+... and formally:
+
+\begin{code}
+[_:=_]_ : Id -> Term -> Term -> Term
+[ x := v ] (var y) with x ≟ y
+... | yes x=y = v
+... | no  x≠y = var y
+[ x := v ] (app s t) = app ([ x := v ] s) ([ x := v ] t)
+[ x := v ] (abs y A t) with x ≟ y
+... | yes x=y = abs y A t
+... | no  x≠y = abs y A ([ x := v ] t)
+[ x := v ] true  = true
+[ x := v ] false = false
+[ x := v ] (if s then t else u) =
+  if [ x := v ] s then [ x := v ] t else  [ x := v ] u
+\end{code}
+
+<div class="hidden">
+\begin{code}
+infix 9 [_:=_]_
+\end{code}
+</div>
+
+_Technical note_: Substitution becomes trickier to define if we
+consider the case where $$s$$, the term being substituted for a
+variable in some other term, may itself contain free variables.
+Since we are only interested here in defining the small-step relation
+on closed terms (i.e., terms like $$\lambda x:bool. x$$ that include
+binders for all of the variables they mention), we can avoid this
+extra complexity here, but it must be dealt with when formalizing
+richer languages.
+
+
+#### Exercise: 3 stars (subst-correct)
+The definition that we gave above defines substitution as a _function_.
+Suppose, instead, we wanted to define substitution as an inductive _relation_.
+We've begun the definition by providing the `data` header and
+one of the constructors; your job is to fill in the rest of the constructors
+and prove that the relation you've defined coincides with the function given
+above.
+\begin{code}
+data [_:=_]_==>_ (x : Id) (s : Term) : Term -> Term -> Set where
+  var1 : [ x := s ] (var x) ==> s
+  {- FILL IN HERE -}
+\end{code}
+
+\begin{code}
+postulate
+  subst-correct : ∀ s x t t'
+                → [ x := s ] t ≡ t'
+                → [ x := s ] t ==> t'
+\end{code}
+
+
+### Reduction
+
+The small-step reduction relation for STLC now follows the
+same pattern as the ones we have seen before.  Intuitively, to
+reduce a function application, we first reduce its left-hand
+side (the function) until it becomes an abstraction; then we
+reduce its right-hand side (the argument) until it is also a
+value; and finally we substitute the argument for the bound
+variable in the body of the abstraction.  This last rule, written
+informally as
+
+$$
+(\lambda x : A . t) v \Longrightarrow [x:=v]t
+$$
+
+is traditionally called "beta-reduction".
+
+$$
+\begin{array}{cl}
+  \frac{value(v)}{(\lambda x : A . t) v \Longrightarrow [x:=v]t}&(red)\\\\
+  \frac{s \Longrightarrow s'}{s\;t \Longrightarrow s'\;t}&(app1)\\\\
+  \frac{value(v)\quad t \Longrightarrow t'}{v\;t \Longrightarrow v\;t'}&(app2)
+\end{array}
+$$
+
+... plus the usual rules for booleans:
+
+$$
+\begin{array}{cl}
+  \frac{}{(\text{if }true\text{ then }t_1\text{ else }t_2) \Longrightarrow t_1}&(iftrue)\\\\
+  \frac{}{(\text{if }false\text{ then }t_1\text{ else }t_2) \Longrightarrow t_2}&(iffalse)\\\\
+  \frac{s \Longrightarrow s'}{\text{if }s\text{ then }t_1\text{ else }t_2
+    \Longrightarrow \text{if }s\text{ then }t_1\text{ else }t_2}&(if)
+\end{array}
+$$
+
+Formally:
+
+\begin{code}
+data _==>_ : Term → Term → Set where
+  red     : ∀ {x A s t}
+          → Value t
+          → app (abs x A s) t ==> [ x := t ] s
+  app1    : ∀ {s s' t}
+          → s ==> s'
+          → app s t ==> app s' t
+  app2    : ∀ {s t t'}
+          → Value s
+          → t ==> t'
+          → app s t ==> app s t'
+  if      : ∀ {s s' t u}
+          → s ==> s'
+          → if s then t else u ==> if s' then t else u
+  iftrue  : ∀ {s t}
+          → if true then s else t ==> s
+  iffalse : ∀ {s t}
+          → if false then s else t ==> t
+\end{code}
+
+<div class="hidden">
+\begin{code}
+infix 1 _==>_
+\end{code}
+</div>
+
+\begin{code}
+data Multi (R : Term → Term → Set) : Term → Term → Set where
+  refl : ∀ {x} -> Multi R x x
+  step : ∀ {x y z} -> R x y -> Multi R y z -> Multi R x z
+\end{code}
+
+\begin{code}
+_==>*_ : Term → Term → Set
+_==>*_ = Multi _==>_
+\end{code}
+
+<div class="hidden">
+\begin{code}
+{-# DISPLAY Multi _==>_ = _==>*_ #-}
+\end{code}
+</div>
+
+### Examples
+
+Example:
+
+$$((\lambda x:bool\rightarrow bool. x) (\lambda x:bool. x)) \Longrightarrow^* (\lambda x:bool. x)$$.
+
+\begin{code}
+step-example1 : (app idBB idB) ==>* idB
+step-example1 = step (red abs)
+              $ refl
+\end{code}
+
+Example:
+
+$$(\lambda x:bool\rightarrow bool. x) \;((\lambda x:bool\rightarrow bool. x)\;(\lambda x:bool. x))) \Longrightarrow^* (\lambda x:bool. x)$$.
+
+\begin{code}
+step-example2 : (app idBB (app idBB idB)) ==>* idB
+step-example2 = step (app2 abs (red abs))
+              $ step (red abs)
+              $ refl
+\end{code}
+
+Example:
+
+$$((\lambda x:bool\rightarrow bool. x)\;(\lambda x:bool. \text{if }x\text{ then }false\text{ else }true))\;true\Longrightarrow^* false$$.
+
+\begin{code}
+step-example3 : (app (app idBB notB) true) ==>* false
+step-example3 = step (app1 (red abs))
+              $ step (red true)
+              $ step iftrue
+              $ refl
+\end{code}
+
+Example:
+
+$$((\lambda x:bool\rightarrow bool. x)\;((\lambda x:bool. \text{if }x\text{ then }false\text{ else }true)\;true))\Longrightarrow^* false$$.
+
+\begin{code}
+step-example4 : (app idBB (app notB true)) ==>* false
+step-example4 = step (app2 abs (red true))
+              $ step (app2 abs iftrue)
+              $ step (red false)
+              $ refl
+\end{code}
+
+#### Exercise: 2 stars (step-example5)
+
+\begin{code}
+postulate
+  step-example5 : (app (app idBBBB idBB) idB) ==>* idB
+\end{code}
+
+## Typing
+
+Next we consider the typing relation of the STLC.
+
+### Contexts
+
+_Question_: What is the type of the term "$$x\;y$$"?
+
+_Answer_: It depends on the types of $$x$$ and $$y$$!
+
+I.e., in order to assign a type to a term, we need to know
+what assumptions we should make about the types of its free
+variables.
+
+This leads us to a three-place _typing judgment_, informally
+written $$\Gamma\vdash t : A$$, where $$\Gamma$$ is a
+"typing context"---a mapping from variables to their types.
+
+Informally, we'll write $$\Gamma , x:A$$ for "extend the partial function
+$$\Gamma$$ to also map $$x$$ to $$A$$."  Formally, we use the function `_,_∶_`
+(or "update") to add a binding to a context.
+
+\begin{code}
+Ctxt : Set
+Ctxt = PartialMap Type
+
+∅ : Ctxt
+∅ = PartialMap.empty
+
+_,_∶_ : Ctxt -> Id -> Type -> Ctxt
+_,_∶_ = PartialMap.update
+\end{code}
+
+<div class="hidden">
+\begin{code}
+infixl 3 _,_∶_
+\end{code}
+</div>
+
+
+### Typing Relation
+
+$$
+  \begin{array}{cl}
+  \frac{\Gamma\;x = A}{\Gamma\vdash{x:A}}&(var)\\\\
+  \frac{\Gamma,x:A\vdash t:B}{\Gamma\vdash (\lambda x:A.t) : A\rightarrow B}&(abs)\\\\
+  \frac{\Gamma\vdash s:A\rightarrow B\quad\Gamma\vdash t:A}{\Gamma\vdash (s\;t) : B}&(app)\\\\
+  \frac{}{\Gamma\vdash true : bool}&(true)\\\\
+  \frac{}{\Gamma\vdash false : bool}&(true)\\\\
+  \frac{\Gamma\vdash s:bool \quad \Gamma\vdash t1:A \quad \Gamma\vdash t2:A}{\Gamma\vdash\text{if }s\text{ then }t1\text{ else }t2 : A}&(if)
+  \end{array}
+$$
+
+We can read the three-place relation $$\Gamma\vdash (t : A)$$ as:
+"to the term $$t$$ we can assign the type $$A$$ using as types for
+the free variables of $$t$$ the ones specified in the context
+$$\Gamma$$."
+
+\begin{code}
+data _⊢_∶_ : Ctxt -> Term -> Type -> Set where
+  var           : ∀ {Γ} x {A}
+                → Γ x ≡ just A
+                → Γ ⊢ var x ∶ A
+  abs           : ∀ {Γ} {x} {A} {B} {s}
+                → Γ , x ∶ A ⊢ s ∶ B
+                → Γ ⊢ abs x A s ∶ A ⇒ B
+  app           : ∀ {Γ} {A} {B} {s} {t}
+                → Γ ⊢ s ∶ A ⇒ B
+                → Γ ⊢ t ∶ A
+                → Γ ⊢ app s t ∶ B
+  true          : ∀ {Γ}
+                → Γ ⊢ true  ∶ bool
+  false         : ∀ {Γ}
+                → Γ ⊢ false ∶ bool
+  if_then_else_ : ∀ {Γ} {s} {t} {u} {A}
+                → Γ ⊢ s ∶ bool
+                → Γ ⊢ t ∶ A
+                → Γ ⊢ u ∶ A
+                → Γ ⊢ if s then t else u ∶ A
+\end{code}
+
+<div class="hidden">
+\begin{code}
+infix 1 _⊢_∶_
+\end{code}
+</div>
+
+
+### Examples
+
+\begin{code}
+typing-example1 : ∅ ⊢ idB ∶ bool ⇒ bool
+typing-example1 = abs (var x refl)
+\end{code}
+
+Another example:
+
+$$\varnothing\vdash \lambda x:A. \lambda y:A\rightarrow A. y\;(y\;x) : A\rightarrow (A\rightarrow A)\rightarrow A$$.
+
+\begin{code}
+typing-example2 : ∅ ⊢
+  (abs x bool
+    (abs y (bool ⇒ bool)
+      (app (var y)
+        (app (var y) (var x)))))
+  ∶ (bool ⇒ (bool ⇒ bool) ⇒ bool)
+typing-example2 =
+  (abs
+    (abs
+      (app (var y refl)
+        (app (var y refl) (var x refl) ))))
+\end{code}
+
+#### Exercise: 2 stars (typing-example3)
+Formally prove the following typing derivation holds:
+
+$$\exists A, \varnothing\vdash \lambda x:bool\rightarrow B. \lambda y:bool\rightarrow bool. \lambda z:bool. y\;(x\;z) : A$$.
+
+\begin{code}
+postulate
+  typing-example3 : ∃ λ A → ∅ ⊢
+    (abs x (bool ⇒ bool)
+      (abs y (bool ⇒ bool)
+        (abs z bool
+          (app (var y) (app (var x) (var z)))))) ∶ A
+\end{code}
+
+We can also show that terms are _not_ typable.  For example, let's
+formally check that there is no typing derivation assigning a type
+to the term $$\lambda x:bool. \lambda y:bool. x\;y$$---i.e.,
+
+
+$$\nexists A, \varnothing\vdash \lambda x:bool. \lambda y:bool. x\;y : A$$.
+
+\begin{code}
+postulate
+  typing-nonexample1 : ∄ λ A → ∅ ⊢
+    (abs x bool
+      (abs y bool
+        (app (var x) (var y)))) ∶ A
+\end{code}
+
+#### Exercise: 3 stars, optional (typing-nonexample2)
+Another nonexample:
+
+$$\nexists A, \exists B, \varnothing\vdash \lambda x:A. x\;x : B$$.
+
+\begin{code}
+postulate
+  typing-nonexample2 : ∄ λ A → ∃ λ B → ∅ ⊢
+    (abs x B (app (var x) (var x))) ∶ A
+\end{code}
diff --git a/Stlc.md b/Stlc.md
new file mode 100644
index 00000000..3610cb48
--- /dev/null
+++ b/Stlc.md
@@ -0,0 +1,5497 @@
+---
+title         : "Stlc: The Simply Typed Lambda-Calculus"
+layout        : default
+hide-implicit : false
+extra-script : [agda-extra-script.html]
+extra-style  : [agda-extra-style.html]
+permalink     : "sf/Stlc.html"
+---
+
+<!--{% raw %}--><pre class="Agda">
+<a name="236" class="Keyword"
+      >module</a
+      ><a name="242"
+      > </a
+      ><a name="243" href="Stlc.html#1" class="Module"
+      >Stlc</a
+      ><a name="247"
+      > </a
+      ><a name="248" class="Keyword"
+      >where</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="300" class="Keyword"
+      >open</a
+      ><a name="304"
+      > </a
+      ><a name="305" class="Keyword"
+      >import</a
+      ><a name="311"
+      > </a
+      ><a name="312" class="Module"
+      >Maps</a
+      ><a name="316"
+      > </a
+      ><a name="317" class="Keyword"
+      >using</a
+      ><a name="322"
+      > </a
+      ><a name="323" class="Symbol"
+      >(</a
+      ><a name="324" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="326" class="Symbol"
+      >;</a
+      ><a name="327"
+      > </a
+      ><a name="328" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="330" class="Symbol"
+      >;</a
+      ><a name="331"
+      > </a
+      ><a name="332" href="Maps.html#2454" class="Function Operator"
+      >_&#8799;_</a
+      ><a name="335" class="Symbol"
+      >;</a
+      ><a name="336"
+      > </a
+      ><a name="337" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="347" class="Symbol"
+      >;</a
+      ><a name="348"
+      > </a
+      ><a name="349" class="Keyword"
+      >module</a
+      ><a name="355"
+      > </a
+      ><a name="356" href="Maps.html#9608" class="Module"
+      >PartialMap</a
+      ><a name="366" class="Symbol"
+      >)</a
+      ><a name="367"
+      >
+</a
+      ><a name="368" class="Keyword"
+      >open</a
+      ><a name="372"
+      > </a
+      ><a name="373" class="Keyword"
+      >import</a
+      ><a name="379"
+      > </a
+      ><a name="380" href="https://agda.github.io/agda-stdlib/Data.Empty.html#1" class="Module"
+      >Data.Empty</a
+      ><a name="390"
+      > </a
+      ><a name="391" class="Keyword"
+      >using</a
+      ><a name="396"
+      > </a
+      ><a name="397" class="Symbol"
+      >(</a
+      ><a name="398" href="https://agda.github.io/agda-stdlib/Data.Empty.html#243" class="Datatype"
+      >&#8869;</a
+      ><a name="399" class="Symbol"
+      >;</a
+      ><a name="400"
+      > </a
+      ><a name="401" href="https://agda.github.io/agda-stdlib/Data.Empty.html#348" class="Function"
+      >&#8869;-elim</a
+      ><a name="407" class="Symbol"
+      >)</a
+      ><a name="408"
+      >
+</a
+      ><a name="409" class="Keyword"
+      >open</a
+      ><a name="413"
+      > </a
+      ><a name="414" class="Keyword"
+      >import</a
+      ><a name="420"
+      > </a
+      ><a name="421" href="https://agda.github.io/agda-stdlib/Data.Maybe.html#1" class="Module"
+      >Data.Maybe</a
+      ><a name="431"
+      > </a
+      ><a name="432" class="Keyword"
+      >using</a
+      ><a name="437"
+      > </a
+      ><a name="438" class="Symbol"
+      >(</a
+      ><a name="439" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#335" class="Datatype"
+      >Maybe</a
+      ><a name="444" class="Symbol"
+      >;</a
+      ><a name="445"
+      > </a
+      ><a name="446" href="https://agda.github.io/agda-stdlib/Data.Maybe.html#1527" class="InductiveConstructor"
+      >just</a
+      ><a name="450" class="Symbol"
+      >;</a
+      ><a name="451"
+      > </a
+      ><a name="452" href="https://agda.github.io/agda-stdlib/Data.Maybe.html#1588" class="InductiveConstructor"
+      >nothing</a
+      ><a name="459" class="Symbol"
+      >)</a
+      ><a name="460"
+      >
+</a
+      ><a name="461" class="Keyword"
+      >open</a
+      ><a name="465"
+      > </a
+      ><a name="466" class="Keyword"
+      >import</a
+      ><a name="472"
+      > </a
+      ><a name="473" href="https://agda.github.io/agda-stdlib/Data.Nat.html#1" class="Module"
+      >Data.Nat</a
+      ><a name="481"
+      > </a
+      ><a name="482" class="Keyword"
+      >using</a
+      ><a name="487"
+      > </a
+      ><a name="488" class="Symbol"
+      >(</a
+      ><a name="489" href="Agda.Builtin.Nat.html#69" class="Datatype"
+      >&#8469;</a
+      ><a name="490" class="Symbol"
+      >;</a
+      ><a name="491"
+      > </a
+      ><a name="492" href="Agda.Builtin.Nat.html#100" class="InductiveConstructor"
+      >suc</a
+      ><a name="495" class="Symbol"
+      >;</a
+      ><a name="496"
+      > </a
+      ><a name="497" href="Agda.Builtin.Nat.html#87" class="InductiveConstructor"
+      >zero</a
+      ><a name="501" class="Symbol"
+      >;</a
+      ><a name="502"
+      > </a
+      ><a name="503" href="Agda.Builtin.Nat.html#202" class="Primitive Operator"
+      >_+_</a
+      ><a name="506" class="Symbol"
+      >)</a
+      ><a name="507"
+      >
+</a
+      ><a name="508" class="Keyword"
+      >open</a
+      ><a name="512"
+      > </a
+      ><a name="513" class="Keyword"
+      >import</a
+      ><a name="519"
+      > </a
+      ><a name="520" href="https://agda.github.io/agda-stdlib/Data.Product.html#1" class="Module"
+      >Data.Product</a
+      ><a name="532"
+      > </a
+      ><a name="533" class="Keyword"
+      >using</a
+      ><a name="538"
+      > </a
+      ><a name="539" class="Symbol"
+      >(</a
+      ><a name="540" href="https://agda.github.io/agda-stdlib/Data.Product.html#823" class="Function"
+      >&#8707;</a
+      ><a name="541" class="Symbol"
+      >;</a
+      ><a name="542"
+      > </a
+      ><a name="543" href="https://agda.github.io/agda-stdlib/Data.Product.html#884" class="Function"
+      >&#8708;</a
+      ><a name="544" class="Symbol"
+      >;</a
+      ><a name="545"
+      > </a
+      ><a name="546" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >_,_</a
+      ><a name="549" class="Symbol"
+      >)</a
+      ><a name="550"
+      >
+</a
+      ><a name="551" class="Keyword"
+      >open</a
+      ><a name="555"
+      > </a
+      ><a name="556" class="Keyword"
+      >import</a
+      ><a name="562"
+      > </a
+      ><a name="563" href="https://agda.github.io/agda-stdlib/Function.html#1" class="Module"
+      >Function</a
+      ><a name="571"
+      > </a
+      ><a name="572" class="Keyword"
+      >using</a
+      ><a name="577"
+      > </a
+      ><a name="578" class="Symbol"
+      >(</a
+      ><a name="579" href="https://agda.github.io/agda-stdlib/Function.html#713" class="Function Operator"
+      >_&#8728;_</a
+      ><a name="582" class="Symbol"
+      >;</a
+      ><a name="583"
+      > </a
+      ><a name="584" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >_$_</a
+      ><a name="587" class="Symbol"
+      >)</a
+      ><a name="588"
+      >
+</a
+      ><a name="589" class="Keyword"
+      >open</a
+      ><a name="593"
+      > </a
+      ><a name="594" class="Keyword"
+      >import</a
+      ><a name="600"
+      > </a
+      ><a name="601" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#1" class="Module"
+      >Relation.Nullary</a
+      ><a name="617"
+      > </a
+      ><a name="618" class="Keyword"
+      >using</a
+      ><a name="623"
+      > </a
+      ><a name="624" class="Symbol"
+      >(</a
+      ><a name="625" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#484" class="Datatype"
+      >Dec</a
+      ><a name="628" class="Symbol"
+      >;</a
+      ><a name="629"
+      > </a
+      ><a name="630" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="633" class="Symbol"
+      >;</a
+      ><a name="634"
+      > </a
+      ><a name="635" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="637" class="Symbol"
+      >)</a
+      ><a name="638"
+      >
+</a
+      ><a name="639" class="Keyword"
+      >open</a
+      ><a name="643"
+      > </a
+      ><a name="644" class="Keyword"
+      >import</a
+      ><a name="650"
+      > </a
+      ><a name="651" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.html#1" class="Module"
+      >Relation.Binary.PropositionalEquality</a
+      ><a name="688"
+      > </a
+      ><a name="689" class="Keyword"
+      >using</a
+      ><a name="694"
+      > </a
+      ><a name="695" class="Symbol"
+      >(</a
+      ><a name="696" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >_&#8801;_</a
+      ><a name="699" class="Symbol"
+      >;</a
+      ><a name="700"
+      > </a
+      ><a name="701" href="https://agda.github.io/agda-stdlib/Relation.Binary.Core.html#4493" class="Function Operator"
+      >_&#8802;_</a
+      ><a name="704" class="Symbol"
+      >;</a
+      ><a name="705"
+      > </a
+      ><a name="706" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="710" class="Symbol"
+      >)</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+# The Simply Typed Lambda-Calculus
+
+The simply typed lambda-calculus (STLC) is a tiny core
+calculus embodying the key concept of _functional abstraction_,
+which shows up in pretty much every real-world programming
+language in some form (functions, procedures, methods, etc.).
+
+We will follow exactly the same pattern as in the previous chapter
+when formalizing this calculus (syntax, small-step semantics,
+typing rules) and its main properties (progress and preservation).
+The new technical challenges arise from the mechanisms of
+_variable binding_ and _substitution_.  It which will take some
+work to deal with these.
+
+
+## Overview
+
+The STLC is built on some collection of _base types_:
+booleans, numbers, strings, etc.  The exact choice of base types
+doesn't matter much---the construction of the language and its
+theoretical properties work out the same no matter what we
+choose---so for the sake of brevity let's take just $$bool$$ for
+the moment.  At the end of the chapter we'll see how to add more
+base types, and in later chapters we'll enrich the pure STLC with
+other useful constructs like pairs, records, subtyping, and
+mutable state.
+
+Starting from boolean constants and conditionals, we add three
+things:
+
+  - variables
+  - function abstractions
+  - application
+
+This gives us the following collection of abstract syntax
+constructors (written out first in informal BNF notation---we'll
+formalize it below).
+
+$$
+  \begin{array}{rll}
+    \text{Terms}\;s,t,u
+    ::=  & x & \text{variable} \\
+    \mid & \lambda x : A . t & \text{abstraction} \\
+    \mid & s\;t & \text{application} \\
+    \mid & true & \text{constant true} \\
+    \mid & false & \text{constant false} \\
+    \mid & \text{if }s\text{ then }t\text{ else }u & \text{conditional}
+  \end{array}
+$$
+
+In a lambda abstraction $$\lambda x : A . t$$, the variable $$x$$ is called the
+_parameter_ to the function; the term $$t$$ is its _body_.  The annotation $$:A$$
+specifies the type of arguments that the function can be applied to.
+
+Some examples:
+
+  - The identity function for booleans:
+
+    $$\lambda x:bool. x$$.
+  - The identity function for booleans, applied to the boolean $$true$$:
+
+    $$(\lambda x:bool. x)\;true$$.
+  - The boolean "not" function:
+
+    $$\lambda x:bool. \text{if }x\text{ then }false\text{ else }true$$.
+  - The constant function that takes every (boolean) argument to $$true$$:
+
+    $$\lambda x:bool. true$$.
+  - A two-argument function that takes two booleans and returns the
+    first one:
+
+    $$\lambda x:bool. \lambda y:bool. x$$.
+
+    As in Agda, a two-argument function is really a
+    one-argument function whose body is also a one-argument function.
+  - A two-argument function that takes two booleans and returns the
+    first one, applied to the booleans $$false$$ and $$true$$:
+
+    $$(\lambda x:bool. \lambda y:bool. x)\;false\;true$$.
+
+    As in Agda, application associates to the left---i.e., this
+    expression is parsed as
+
+    $$((\lambda x:bool. \lambda y:bool. x)\;false)\;true$$.
+
+  - A higher-order function that takes a _function_ $$f$$ (from booleans
+    to booleans) as an argument, applies $$f$$ to $$true$$, and applies
+    $$f$$ again to the result:
+
+    $$\lambda f:bool\rightarrow bool. f\;(f\;true)$$.
+
+  - The same higher-order function, applied to the constantly $$false$$
+    function:
+
+    $$(\lambda f:bool\rightarrow bool. f\;(f\;true))\;(\lambda x:bool. false)$$.
+
+As the last several examples show, the STLC is a language of
+_higher-order_ functions: we can write down functions that take
+other functions as arguments and/or return other functions as
+results.
+
+The STLC doesn't provide any primitive syntax for defining _named_
+functions---all functions are "anonymous."  We'll see in chapter
+`MoreStlc` that it is easy to add named functions to what we've
+got---indeed, the fundamental naming and binding mechanisms are
+exactly the same.
+
+The _types_ of the STLC include $$bool$$, which classifies the
+boolean constants $$true$$ and $$false$$ as well as more complex
+computations that yield booleans, plus _arrow types_ that classify
+functions.
+
+$$
+    \text{Types}\;A,B ::= bool \mid A \rightarrow B
+$$
+
+For example:
+
+  - $$\lambda x:bool. false$$ has type $$bool\rightarrow bool$$;
+  - $$\lambda x:bool. x$$ has type $$bool\rightarrow bool$$;
+  - $$(\lambda x:bool. x)\;true$$ has type $$bool$$;
+  - $$\lambda x:bool. \lambda y:bool. x$$ has type
+    $$bool\rightarrow bool\rightarrow bool$$
+    (i.e., $$bool\rightarrow (bool\rightarrow bool)$$)
+  - $$(\lambda x:bool. \lambda y:bool. x)\;false$$ has type $$bool\rightarrow bool$$
+  - $$(\lambda x:bool. \lambda y:bool. x)\;false\;true$$ has type $$bool$$
+
+## Syntax
+
+We begin by formalizing the syntax of the STLC.
+Unfortunately, $$\rightarrow$$ is already used for Agda's function type,
+so we will STLC's function type as `_⇒_`.
+
+
+### Types
+
+<!--{% raw %}--><pre class="Agda">
+<a name="5583" class="Keyword"
+      >data</a
+      ><a name="5587"
+      > </a
+      ><a name="5588" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      ><a name="5592"
+      > </a
+      ><a name="5593" class="Symbol"
+      >:</a
+      ><a name="5594"
+      > </a
+      ><a name="5595" class="PrimitiveType"
+      >Set</a
+      ><a name="5598"
+      > </a
+      ><a name="5599" class="Keyword"
+      >where</a
+      ><a name="5604"
+      >
+  </a
+      ><a name="5607" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="5611"
+      > </a
+      ><a name="5612" class="Symbol"
+      >:</a
+      ><a name="5613"
+      > </a
+      ><a name="5614" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      ><a name="5618"
+      >
+  </a
+      ><a name="5621" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >_&#8658;_</a
+      ><a name="5624"
+      >  </a
+      ><a name="5626" class="Symbol"
+      >:</a
+      ><a name="5627"
+      > </a
+      ><a name="5628" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      ><a name="5632"
+      > </a
+      ><a name="5633" class="Symbol"
+      >&#8594;</a
+      ><a name="5634"
+      > </a
+      ><a name="5635" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      ><a name="5639"
+      > </a
+      ><a name="5640" class="Symbol"
+      >&#8594;</a
+      ><a name="5641"
+      > </a
+      ><a name="5642" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="5693" class="Keyword"
+      >infixr</a
+      ><a name="5699"
+      > </a
+      ><a name="5700" class="Number"
+      >5</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+
+### Terms
+
+<!--{% raw %}--><pre class="Agda">
+<a name="5750" class="Keyword"
+      >data</a
+      ><a name="5754"
+      > </a
+      ><a name="5755" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5759"
+      > </a
+      ><a name="5760" class="Symbol"
+      >:</a
+      ><a name="5761"
+      > </a
+      ><a name="5762" class="PrimitiveType"
+      >Set</a
+      ><a name="5765"
+      > </a
+      ><a name="5766" class="Keyword"
+      >where</a
+      ><a name="5771"
+      >
+  </a
+      ><a name="5774" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="5777"
+      >   </a
+      ><a name="5780" class="Symbol"
+      >:</a
+      ><a name="5781"
+      > </a
+      ><a name="5782" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="5784"
+      > </a
+      ><a name="5785" class="Symbol"
+      >&#8594;</a
+      ><a name="5786"
+      > </a
+      ><a name="5787" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5791"
+      >
+  </a
+      ><a name="5794" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="5797"
+      >   </a
+      ><a name="5800" class="Symbol"
+      >:</a
+      ><a name="5801"
+      > </a
+      ><a name="5802" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5806"
+      > </a
+      ><a name="5807" class="Symbol"
+      >&#8594;</a
+      ><a name="5808"
+      > </a
+      ><a name="5809" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5813"
+      > </a
+      ><a name="5814" class="Symbol"
+      >&#8594;</a
+      ><a name="5815"
+      > </a
+      ><a name="5816" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5820"
+      >
+  </a
+      ><a name="5823" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="5826"
+      >   </a
+      ><a name="5829" class="Symbol"
+      >:</a
+      ><a name="5830"
+      > </a
+      ><a name="5831" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="5833"
+      > </a
+      ><a name="5834" class="Symbol"
+      >&#8594;</a
+      ><a name="5835"
+      > </a
+      ><a name="5836" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      ><a name="5840"
+      > </a
+      ><a name="5841" class="Symbol"
+      >&#8594;</a
+      ><a name="5842"
+      > </a
+      ><a name="5843" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5847"
+      > </a
+      ><a name="5848" class="Symbol"
+      >&#8594;</a
+      ><a name="5849"
+      > </a
+      ><a name="5850" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5854"
+      >
+  </a
+      ><a name="5857" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="5861"
+      >  </a
+      ><a name="5863" class="Symbol"
+      >:</a
+      ><a name="5864"
+      > </a
+      ><a name="5865" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5869"
+      >
+  </a
+      ><a name="5872" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="5877"
+      > </a
+      ><a name="5878" class="Symbol"
+      >:</a
+      ><a name="5879"
+      > </a
+      ><a name="5880" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5884"
+      >
+  </a
+      ><a name="5887" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if_then_else_</a
+      ><a name="5900"
+      > </a
+      ><a name="5901" class="Symbol"
+      >:</a
+      ><a name="5902"
+      > </a
+      ><a name="5903" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5907"
+      > </a
+      ><a name="5908" class="Symbol"
+      >&#8594;</a
+      ><a name="5909"
+      > </a
+      ><a name="5910" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5914"
+      > </a
+      ><a name="5915" class="Symbol"
+      >&#8594;</a
+      ><a name="5916"
+      > </a
+      ><a name="5917" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="5921"
+      > </a
+      ><a name="5922" class="Symbol"
+      >&#8594;</a
+      ><a name="5923"
+      > </a
+      ><a name="5924" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="5975" class="Keyword"
+      >infixr</a
+      ><a name="5981"
+      > </a
+      ><a name="5982" class="Number"
+      >8</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+Note that an abstraction $$\lambda x:A.t$$ (formally, `abs x A t`) is
+always annotated with the type $$A$$ of its parameter, in contrast
+to Agda (and other functional languages like ML, Haskell, etc.),
+which use _type inference_ to fill in missing annotations.  We're
+not considering type inference here.
+
+Some examples...
+
+<!--{% raw %}--><pre class="Agda">
+<a name="6354" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="6355"
+      > </a
+      ><a name="6356" class="Symbol"
+      >=</a
+      ><a name="6357"
+      > </a
+      ><a name="6358" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="6360"
+      > </a
+      ><a name="6361" class="Number"
+      >0</a
+      ><a name="6362"
+      >
+</a
+      ><a name="6363" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="6364"
+      > </a
+      ><a name="6365" class="Symbol"
+      >=</a
+      ><a name="6366"
+      > </a
+      ><a name="6367" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="6369"
+      > </a
+      ><a name="6370" class="Number"
+      >1</a
+      ><a name="6371"
+      >
+</a
+      ><a name="6372" href="Stlc.html#6372" class="Function"
+      >z</a
+      ><a name="6373"
+      > </a
+      ><a name="6374" class="Symbol"
+      >=</a
+      ><a name="6375"
+      > </a
+      ><a name="6376" href="Maps.html#2417" class="InductiveConstructor"
+      >id</a
+      ><a name="6378"
+      > </a
+      ><a name="6379" class="Number"
+      >2</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="6427" class="Symbol"
+      >{-#</a
+      ><a name="6430"
+      > </a
+      ><a name="6431" class="Keyword"
+      >DISPLAY</a
+      ><a name="6438"
+      > </a
+      ><a name="6439" href="Agda.Builtin.Nat.html#87" class="InductiveConstructor"
+      >zero</a
+      ><a name="6443"
+      > = </a
+      ><a name="6446" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="6447"
+      > </a
+      ><a name="6448" class="Symbol"
+      >#-}</a
+      ><a name="6451"
+      >
+</a
+      ><a name="6452" class="Symbol"
+      >{-#</a
+      ><a name="6455"
+      > </a
+      ><a name="6456" class="Keyword"
+      >DISPLAY</a
+      ><a name="6463"
+      > </a
+      ><a name="6464" href="Agda.Builtin.Nat.html#100" class="InductiveConstructor"
+      >suc</a
+      ><a name="6467"
+      > </a
+      ><a name="6468" href="Agda.Builtin.Nat.html#87" class="InductiveConstructor"
+      >zero</a
+      ><a name="6472"
+      > = </a
+      ><a name="6475" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="6476"
+      > </a
+      ><a name="6477" class="Symbol"
+      >#-}</a
+      ><a name="6480"
+      >
+</a
+      ><a name="6481" class="Symbol"
+      >{-#</a
+      ><a name="6484"
+      > </a
+      ><a name="6485" class="Keyword"
+      >DISPLAY</a
+      ><a name="6492"
+      > </a
+      ><a name="6493" href="Agda.Builtin.Nat.html#100" class="InductiveConstructor"
+      >suc</a
+      ><a name="6496"
+      > (</a
+      ><a name="6498" href="Agda.Builtin.Nat.html#100" class="InductiveConstructor"
+      >suc</a
+      ><a name="6501"
+      > </a
+      ><a name="6502" href="Agda.Builtin.Nat.html#87" class="InductiveConstructor"
+      >zero</a
+      ><a name="6506"
+      >) = </a
+      ><a name="6510" href="Stlc.html#6372" class="Function"
+      >z</a
+      ><a name="6511"
+      > </a
+      ><a name="6512" class="Symbol"
+      >#-}</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+$$\text{idB} = \lambda x:bool. x$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="6585" href="Stlc.html#6585" class="Function"
+      >idB</a
+      ><a name="6588"
+      > </a
+      ><a name="6589" class="Symbol"
+      >=</a
+      ><a name="6590"
+      > </a
+      ><a name="6591" class="Symbol"
+      >(</a
+      ><a name="6592" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="6595"
+      > </a
+      ><a name="6596" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="6597"
+      > </a
+      ><a name="6598" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="6602"
+      > </a
+      ><a name="6603" class="Symbol"
+      >(</a
+      ><a name="6604" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="6607"
+      > </a
+      ><a name="6608" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="6609" class="Symbol"
+      >))</a
+      >
+</pre><!--{% endraw %}-->
+
+$$\text{idBB} = \lambda x:bool\rightarrow bool. x$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="6691" href="Stlc.html#6691" class="Function"
+      >idBB</a
+      ><a name="6695"
+      > </a
+      ><a name="6696" class="Symbol"
+      >=</a
+      ><a name="6697"
+      > </a
+      ><a name="6698" class="Symbol"
+      >(</a
+      ><a name="6699" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="6702"
+      > </a
+      ><a name="6703" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="6704"
+      > </a
+      ><a name="6705" class="Symbol"
+      >(</a
+      ><a name="6706" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="6710"
+      > </a
+      ><a name="6711" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="6712"
+      > </a
+      ><a name="6713" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="6717" class="Symbol"
+      >)</a
+      ><a name="6718"
+      > </a
+      ><a name="6719" class="Symbol"
+      >(</a
+      ><a name="6720" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="6723"
+      > </a
+      ><a name="6724" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="6725" class="Symbol"
+      >))</a
+      >
+</pre><!--{% endraw %}-->
+
+$$\text{idBBBB} = \lambda x:(bool\rightarrow bool)\rightarrow (bool\rightarrow bool). x$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="6845" href="Stlc.html#6845" class="Function"
+      >idBBBB</a
+      ><a name="6851"
+      > </a
+      ><a name="6852" class="Symbol"
+      >=</a
+      ><a name="6853"
+      > </a
+      ><a name="6854" class="Symbol"
+      >(</a
+      ><a name="6855" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="6858"
+      > </a
+      ><a name="6859" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="6860"
+      > </a
+      ><a name="6861" class="Symbol"
+      >((</a
+      ><a name="6863" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="6867"
+      > </a
+      ><a name="6868" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="6869"
+      > </a
+      ><a name="6870" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="6874" class="Symbol"
+      >)</a
+      ><a name="6875"
+      > </a
+      ><a name="6876" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="6877"
+      > </a
+      ><a name="6878" class="Symbol"
+      >(</a
+      ><a name="6879" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="6883"
+      > </a
+      ><a name="6884" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="6885"
+      > </a
+      ><a name="6886" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="6890" class="Symbol"
+      >))</a
+      ><a name="6892"
+      > </a
+      ><a name="6893" class="Symbol"
+      >(</a
+      ><a name="6894" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="6897"
+      > </a
+      ><a name="6898" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="6899" class="Symbol"
+      >))</a
+      >
+</pre><!--{% endraw %}-->
+
+$$\text{k} = \lambda x:bool. \lambda y:bool. x$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="6978" href="Stlc.html#6978" class="Function"
+      >k</a
+      ><a name="6979"
+      > </a
+      ><a name="6980" class="Symbol"
+      >=</a
+      ><a name="6981"
+      > </a
+      ><a name="6982" class="Symbol"
+      >(</a
+      ><a name="6983" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="6986"
+      > </a
+      ><a name="6987" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="6988"
+      > </a
+      ><a name="6989" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="6993"
+      > </a
+      ><a name="6994" class="Symbol"
+      >(</a
+      ><a name="6995" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="6998"
+      > </a
+      ><a name="6999" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="7000"
+      > </a
+      ><a name="7001" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7005"
+      > </a
+      ><a name="7006" class="Symbol"
+      >(</a
+      ><a name="7007" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="7010"
+      > </a
+      ><a name="7011" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="7012" class="Symbol"
+      >)))</a
+      >
+</pre><!--{% endraw %}-->
+
+$$\text{notB} = \lambda x:bool. \text{if }x\text{ then }false\text{ else }true$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="7124" href="Stlc.html#7124" class="Function"
+      >notB</a
+      ><a name="7128"
+      > </a
+      ><a name="7129" class="Symbol"
+      >=</a
+      ><a name="7130"
+      > </a
+      ><a name="7131" class="Symbol"
+      >(</a
+      ><a name="7132" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="7135"
+      > </a
+      ><a name="7136" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="7137"
+      > </a
+      ><a name="7138" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7142"
+      > </a
+      ><a name="7143" class="Symbol"
+      >(</a
+      ><a name="7144" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="7146"
+      > </a
+      ><a name="7147" class="Symbol"
+      >(</a
+      ><a name="7148" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="7151"
+      > </a
+      ><a name="7152" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="7153" class="Symbol"
+      >)</a
+      ><a name="7154"
+      > </a
+      ><a name="7155" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="7159"
+      > </a
+      ><a name="7160" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="7165"
+      > </a
+      ><a name="7166" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="7170"
+      > </a
+      ><a name="7171" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="7175" class="Symbol"
+      >))</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="7224" class="Symbol"
+      >{-#</a
+      ><a name="7227"
+      > </a
+      ><a name="7228" class="Keyword"
+      >DISPLAY</a
+      ><a name="7235"
+      > </a
+      ><a name="7236" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="7239"
+      > 0 </a
+      ><a name="7242" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7246"
+      > (</a
+      ><a name="7248" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="7251"
+      > 0) = </a
+      ><a name="7257" href="Stlc.html#6585" class="Function"
+      >idB</a
+      ><a name="7260"
+      > </a
+      ><a name="7261" class="Symbol"
+      >#-}</a
+      ><a name="7264"
+      >
+</a
+      ><a name="7265" class="Symbol"
+      >{-#</a
+      ><a name="7268"
+      > </a
+      ><a name="7269" class="Keyword"
+      >DISPLAY</a
+      ><a name="7276"
+      > </a
+      ><a name="7277" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="7280"
+      > 0 (</a
+      ><a name="7284" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7288"
+      > </a
+      ><a name="7289" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="7290"
+      > </a
+      ><a name="7291" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7295"
+      >) (</a
+      ><a name="7298" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="7301"
+      > 0) = </a
+      ><a name="7307" href="Stlc.html#6691" class="Function"
+      >idBB</a
+      ><a name="7311"
+      > </a
+      ><a name="7312" class="Symbol"
+      >#-}</a
+      ><a name="7315"
+      >
+</a
+      ><a name="7316" class="Symbol"
+      >{-#</a
+      ><a name="7319"
+      > </a
+      ><a name="7320" class="Keyword"
+      >DISPLAY</a
+      ><a name="7327"
+      > </a
+      ><a name="7328" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="7331"
+      > 0 ((</a
+      ><a name="7336" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7340"
+      > </a
+      ><a name="7341" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="7342"
+      > </a
+      ><a name="7343" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7347"
+      >) </a
+      ><a name="7349" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="7350"
+      > (</a
+      ><a name="7352" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7356"
+      > </a
+      ><a name="7357" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="7358"
+      > </a
+      ><a name="7359" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7363"
+      >)) (</a
+      ><a name="7367" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="7370"
+      > 0) = </a
+      ><a name="7376" href="Stlc.html#6845" class="Function"
+      >idBBBB</a
+      ><a name="7382"
+      > </a
+      ><a name="7383" class="Symbol"
+      >#-}</a
+      ><a name="7386"
+      >
+</a
+      ><a name="7387" class="Symbol"
+      >{-#</a
+      ><a name="7390"
+      > </a
+      ><a name="7391" class="Keyword"
+      >DISPLAY</a
+      ><a name="7398"
+      > </a
+      ><a name="7399" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="7402"
+      > 0 </a
+      ><a name="7405" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7409"
+      > (</a
+      ><a name="7411" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="7414"
+      > </a
+      ><a name="7415" href="Stlc.html#7415" class="Bound"
+      >y</a
+      ><a name="7416"
+      > </a
+      ><a name="7417" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7421"
+      > (</a
+      ><a name="7423" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="7426"
+      > 0)) = </a
+      ><a name="7433" href="Stlc.html#6978" class="Function"
+      >k</a
+      ><a name="7434"
+      > </a
+      ><a name="7435" class="Symbol"
+      >#-}</a
+      ><a name="7438"
+      >
+</a
+      ><a name="7439" class="Symbol"
+      >{-#</a
+      ><a name="7442"
+      > </a
+      ><a name="7443" class="Keyword"
+      >DISPLAY</a
+      ><a name="7450"
+      > </a
+      ><a name="7451" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="7454"
+      > 0 </a
+      ><a name="7457" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="7461"
+      > (</a
+      ><a name="7463" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="7465"
+      > (</a
+      ><a name="7467" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="7470"
+      > 0) </a
+      ><a name="7474" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="7478"
+      > </a
+      ><a name="7479" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="7484"
+      > </a
+      ><a name="7485" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="7489"
+      > </a
+      ><a name="7490" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="7494"
+      >) = </a
+      ><a name="7498" href="Stlc.html#7124" class="Function"
+      >notB</a
+      ><a name="7502"
+      > </a
+      ><a name="7503" class="Symbol"
+      >#-}</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+## Operational Semantics
+
+To define the small-step semantics of STLC terms, we begin,
+as always, by defining the set of values.  Next, we define the
+critical notions of _free variables_ and _substitution_, which are
+used in the reduction rule for application expressions.  And
+finally we give the small-step relation itself.
+
+### Values
+
+To define the values of the STLC, we have a few cases to consider.
+
+First, for the boolean part of the language, the situation is
+clear: $$true$$ and $$false$$ are the only values.  An $$\text{if}$$
+expression is never a value.
+
+Second, an application is clearly not a value: It represents a
+function being invoked on some argument, which clearly still has
+work left to do.
+
+Third, for abstractions, we have a choice:
+
+  - We can say that $$\lambda x:A. t$$ is a value only when $$t$$ is a
+    value---i.e., only if the function's body has been
+    reduced (as much as it can be without knowing what argument it
+    is going to be applied to).
+
+  - Or we can say that $$\lambda x:A. t$$ is always a value, no matter
+    whether $$t$$ is one or not---in other words, we can say that
+    reduction stops at abstractions.
+
+Agda makes the first choice---for example,
+
+<!--{% raw %}--><pre class="Agda">
+<a name="8741" href="Stlc.html#8741" class="Function Operator"
+      >test_normalizeUnderLambda</a
+      ><a name="8766"
+      > </a
+      ><a name="8767" class="Symbol"
+      >:</a
+      ><a name="8768"
+      > </a
+      ><a name="8769" class="Symbol"
+      >(&#955;</a
+      ><a name="8771"
+      > </a
+      ><a name="8772" class="Symbol"
+      >(</a
+      ><a name="8773" href="Stlc.html#8773" class="Bound"
+      >x</a
+      ><a name="8774"
+      > </a
+      ><a name="8775" class="Symbol"
+      >:</a
+      ><a name="8776"
+      > </a
+      ><a name="8777" href="Agda.Builtin.Nat.html#69" class="Datatype"
+      >&#8469;</a
+      ><a name="8778" class="Symbol"
+      >)</a
+      ><a name="8779"
+      > </a
+      ><a name="8780" class="Symbol"
+      >&#8594;</a
+      ><a name="8781"
+      > </a
+      ><a name="8782" class="Number"
+      >3</a
+      ><a name="8783"
+      > </a
+      ><a name="8784" href="Agda.Builtin.Nat.html#202" class="Primitive Operator"
+      >+</a
+      ><a name="8785"
+      > </a
+      ><a name="8786" class="Number"
+      >4</a
+      ><a name="8787" class="Symbol"
+      >)</a
+      ><a name="8788"
+      > </a
+      ><a name="8789" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="8790"
+      > </a
+      ><a name="8791" class="Symbol"
+      >(&#955;</a
+      ><a name="8793"
+      > </a
+      ><a name="8794" class="Symbol"
+      >(</a
+      ><a name="8795" href="Stlc.html#8795" class="Bound"
+      >x</a
+      ><a name="8796"
+      > </a
+      ><a name="8797" class="Symbol"
+      >:</a
+      ><a name="8798"
+      > </a
+      ><a name="8799" href="Agda.Builtin.Nat.html#69" class="Datatype"
+      >&#8469;</a
+      ><a name="8800" class="Symbol"
+      >)</a
+      ><a name="8801"
+      > </a
+      ><a name="8802" class="Symbol"
+      >&#8594;</a
+      ><a name="8803"
+      > </a
+      ><a name="8804" class="Number"
+      >7</a
+      ><a name="8805" class="Symbol"
+      >)</a
+      ><a name="8806"
+      >
+</a
+      ><a name="8807" href="Stlc.html#8741" class="Function Operator"
+      >test_normalizeUnderLambda</a
+      ><a name="8832"
+      > </a
+      ><a name="8833" class="Symbol"
+      >=</a
+      ><a name="8834"
+      > </a
+      ><a name="8835" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+Most real-world functional programming languages make the second
+choice---reduction of a function's body only begins when the
+function is actually applied to an argument.  We also make the
+second choice here.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="9075" class="Keyword"
+      >data</a
+      ><a name="9079"
+      > </a
+      ><a name="9080" href="Stlc.html#9080" class="Datatype"
+      >Value</a
+      ><a name="9085"
+      > </a
+      ><a name="9086" class="Symbol"
+      >:</a
+      ><a name="9087"
+      > </a
+      ><a name="9088" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="9092"
+      > </a
+      ><a name="9093" class="Symbol"
+      >&#8594;</a
+      ><a name="9094"
+      > </a
+      ><a name="9095" class="PrimitiveType"
+      >Set</a
+      ><a name="9098"
+      > </a
+      ><a name="9099" class="Keyword"
+      >where</a
+      ><a name="9104"
+      >
+  </a
+      ><a name="9107" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="9110"
+      >   </a
+      ><a name="9113" class="Symbol"
+      >:</a
+      ><a name="9114"
+      > </a
+      ><a name="9115" class="Symbol"
+      >&#8704;</a
+      ><a name="9116"
+      > </a
+      ><a name="9117" class="Symbol"
+      >{</a
+      ><a name="9118" href="Stlc.html#9118" class="Bound"
+      >x</a
+      ><a name="9119"
+      > </a
+      ><a name="9120" href="Stlc.html#9120" class="Bound"
+      >A</a
+      ><a name="9121"
+      > </a
+      ><a name="9122" href="Stlc.html#9122" class="Bound"
+      >t</a
+      ><a name="9123" class="Symbol"
+      >}</a
+      ><a name="9124"
+      >
+        </a
+      ><a name="9133" class="Symbol"
+      >&#8594;</a
+      ><a name="9134"
+      > </a
+      ><a name="9135" href="Stlc.html#9080" class="Datatype"
+      >Value</a
+      ><a name="9140"
+      > </a
+      ><a name="9141" class="Symbol"
+      >(</a
+      ><a name="9142" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="9145"
+      > </a
+      ><a name="9146" href="Stlc.html#9118" class="Bound"
+      >x</a
+      ><a name="9147"
+      > </a
+      ><a name="9148" href="Stlc.html#9120" class="Bound"
+      >A</a
+      ><a name="9149"
+      > </a
+      ><a name="9150" href="Stlc.html#9122" class="Bound"
+      >t</a
+      ><a name="9151" class="Symbol"
+      >)</a
+      ><a name="9152"
+      >
+  </a
+      ><a name="9155" href="Stlc.html#9155" class="InductiveConstructor"
+      >true</a
+      ><a name="9159"
+      >  </a
+      ><a name="9161" class="Symbol"
+      >:</a
+      ><a name="9162"
+      > </a
+      ><a name="9163" href="Stlc.html#9080" class="Datatype"
+      >Value</a
+      ><a name="9168"
+      > </a
+      ><a name="9169" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="9173"
+      >
+  </a
+      ><a name="9176" href="Stlc.html#9176" class="InductiveConstructor"
+      >false</a
+      ><a name="9181"
+      > </a
+      ><a name="9182" class="Symbol"
+      >:</a
+      ><a name="9183"
+      > </a
+      ><a name="9184" href="Stlc.html#9080" class="Datatype"
+      >Value</a
+      ><a name="9189"
+      > </a
+      ><a name="9190" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      >
+</pre><!--{% endraw %}-->
+
+Finally, we must consider what constitutes a _complete_ program.
+
+Intuitively, a "complete program" must not refer to any undefined
+variables.  We'll see shortly how to define the _free_ variables
+in a STLC term.  A complete program is _closed_---that is, it
+contains no free variables.
+
+Having made the choice not to reduce under abstractions, we don't
+need to worry about whether variables are values, since we'll
+always be reducing programs "from the outside in," and that means
+the small-step relation will always be working with closed terms.
+
+
+### Substitution
+
+Now we come to the heart of the STLC: the operation of
+substituting one term for a variable in another term.  This
+operation is used below to define the operational semantics of
+function application, where we will need to substitute the
+argument term for the function parameter in the function's body.
+For example, we reduce
+
+$$(\lambda x:bool. \text{if }x\text{ then }true\text{ else }x)\;false$$
+
+to
+
+$$\text{if }false\text{ then }true\text{ else }false$$
+
+by substituting $$false$$ for the parameter $$x$$ in the body of the
+function.
+
+In general, we need to be able to substitute some given term $$s$$
+for occurrences of some variable $$x$$ in another term $$t$$.  In
+informal discussions, this is usually written $$[x:=s]t$$ and
+pronounced "substitute $$x$$ with $$s$$ in $$t$$."
+
+Here are some examples:
+
+  - $$[x:=true](\text{if }x\text{ then }x\text{ else }false)$$
+     yields $$\text{if }true\text{ then }true\text{ else }false$$
+
+  - $$[x:=true]x$$
+    yields $$true$$
+
+  - $$[x:=true](\text{if }x\text{ then }x\text{ else }y)$$
+    yields $$\text{if }true\text{ then }true\text{ else }y$$
+
+  - $$[x:=true]y$$
+    yields $$y$$
+
+  - $$[x:=true]false$$
+    yields $$false$$ (vacuous substitution)
+
+  - $$[x:=true](\lambda y:bool. \text{if }y\text{ then }x\text{ else }false)$$
+    yields $$\lambda y:bool. \text{if }y\text{ then }true\text{ else }false$$
+
+  - $$[x:=true](\lambda y:bool. x)$$
+    yields $$\lambda y:bool. true$$
+
+  - $$[x:=true](\lambda y:bool. y)$$
+    yields $$\lambda y:bool. y$$
+
+  - $$[x:=true](\lambda x:bool. x)$$
+    yields $$\lambda x:bool. x$$
+
+The last example is very important: substituting $$x$$ with $$true$$ in
+$$\lambda x:bool. x$$ does _not_ yield $$\lambda x:bool. true$$!  The reason for
+this is that the $$x$$ in the body of $$\lambda x:bool. x$$ is _bound_ by the
+abstraction: it is a new, local name that just happens to be
+spelled the same as some global name $$x$$.
+
+Here is the definition, informally...
+
+$$
+  \begin{aligned}
+    &[x:=s]x                &&= s \\
+    &[x:=s]y                &&= y \;\{\text{if }x\neq y\} \\
+    &[x:=s](\lambda x:A. t) &&= \lambda x:A. t \\
+    &[x:=s](\lambda y:A. t) &&= \lambda y:A. [x:=s]t \;\{\text{if }x\neq y\} \\
+    &[x:=s](t1\;t2)         &&= ([x:=s]t1) ([x:=s]t2) \\
+    &[x:=s]true             &&= true \\
+    &[x:=s]false            &&= false \\
+    &[x:=s](\text{if }t1\text{ then }t2\text{ else }t3) &&=
+       \text{if }[x:=s]t1\text{ then }[x:=s]t2\text{ else }[x:=s]t3
+  \end{aligned}
+$$
+
+... and formally:
+
+<!--{% raw %}--><pre class="Agda">
+<a name="12300" href="Stlc.html#12300" class="Function Operator"
+      >[_:=_]_</a
+      ><a name="12307"
+      > </a
+      ><a name="12308" class="Symbol"
+      >:</a
+      ><a name="12309"
+      > </a
+      ><a name="12310" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="12312"
+      > </a
+      ><a name="12313" class="Symbol"
+      >-&gt;</a
+      ><a name="12315"
+      > </a
+      ><a name="12316" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="12320"
+      > </a
+      ><a name="12321" class="Symbol"
+      >-&gt;</a
+      ><a name="12323"
+      > </a
+      ><a name="12324" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="12328"
+      > </a
+      ><a name="12329" class="Symbol"
+      >-&gt;</a
+      ><a name="12331"
+      > </a
+      ><a name="12332" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="12336"
+      >
+</a
+      ><a name="12337" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12338"
+      > </a
+      ><a name="12339" href="Stlc.html#12339" class="Bound"
+      >x</a
+      ><a name="12340"
+      > </a
+      ><a name="12341" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12343"
+      > </a
+      ><a name="12344" href="Stlc.html#12344" class="Bound"
+      >v</a
+      ><a name="12345"
+      > </a
+      ><a name="12346" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12347"
+      > </a
+      ><a name="12348" class="Symbol"
+      >(</a
+      ><a name="12349" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="12352"
+      > </a
+      ><a name="12353" href="Stlc.html#12353" class="Bound"
+      >y</a
+      ><a name="12354" class="Symbol"
+      >)</a
+      ><a name="12355"
+      > </a
+      ><a name="12356" class="Keyword"
+      >with</a
+      ><a name="12360"
+      > </a
+      ><a name="12361" href="Stlc.html#12339" class="Bound"
+      >x</a
+      ><a name="12362"
+      > </a
+      ><a name="12363" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="12364"
+      > </a
+      ><a name="12365" href="Stlc.html#12353" class="Bound"
+      >y</a
+      ><a name="12366"
+      >
+</a
+      ><a name="12367" class="Symbol"
+      >...</a
+      ><a name="12370"
+      > </a
+      ><a name="12371" class="Symbol"
+      >|</a
+      ><a name="12372"
+      > </a
+      ><a name="12373" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="12376"
+      > </a
+      ><a name="12377" href="Stlc.html#12377" class="Bound"
+      >x=y</a
+      ><a name="12380"
+      > </a
+      ><a name="12381" class="Symbol"
+      >=</a
+      ><a name="12382"
+      > </a
+      ><a name="12383" href="Stlc.html#12344" class="Bound"
+      >v</a
+      ><a name="12384"
+      >
+</a
+      ><a name="12385" class="Symbol"
+      >...</a
+      ><a name="12388"
+      > </a
+      ><a name="12389" class="Symbol"
+      >|</a
+      ><a name="12390"
+      > </a
+      ><a name="12391" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="12393"
+      >  </a
+      ><a name="12395" href="Stlc.html#12395" class="Bound"
+      >x&#8800;y</a
+      ><a name="12398"
+      > </a
+      ><a name="12399" class="Symbol"
+      >=</a
+      ><a name="12400"
+      > </a
+      ><a name="12401" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="12404"
+      > </a
+      ><a name="12405" href="Stlc.html#12353" class="Bound"
+      >y</a
+      ><a name="12406"
+      >
+</a
+      ><a name="12407" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12408"
+      > </a
+      ><a name="12409" href="Stlc.html#12409" class="Bound"
+      >x</a
+      ><a name="12410"
+      > </a
+      ><a name="12411" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12413"
+      > </a
+      ><a name="12414" href="Stlc.html#12414" class="Bound"
+      >v</a
+      ><a name="12415"
+      > </a
+      ><a name="12416" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12417"
+      > </a
+      ><a name="12418" class="Symbol"
+      >(</a
+      ><a name="12419" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="12422"
+      > </a
+      ><a name="12423" href="Stlc.html#12423" class="Bound"
+      >s</a
+      ><a name="12424"
+      > </a
+      ><a name="12425" href="Stlc.html#12425" class="Bound"
+      >t</a
+      ><a name="12426" class="Symbol"
+      >)</a
+      ><a name="12427"
+      > </a
+      ><a name="12428" class="Symbol"
+      >=</a
+      ><a name="12429"
+      > </a
+      ><a name="12430" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="12433"
+      > </a
+      ><a name="12434" class="Symbol"
+      >(</a
+      ><a name="12435" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12436"
+      > </a
+      ><a name="12437" href="Stlc.html#12409" class="Bound"
+      >x</a
+      ><a name="12438"
+      > </a
+      ><a name="12439" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12441"
+      > </a
+      ><a name="12442" href="Stlc.html#12414" class="Bound"
+      >v</a
+      ><a name="12443"
+      > </a
+      ><a name="12444" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12445"
+      > </a
+      ><a name="12446" href="Stlc.html#12423" class="Bound"
+      >s</a
+      ><a name="12447" class="Symbol"
+      >)</a
+      ><a name="12448"
+      > </a
+      ><a name="12449" class="Symbol"
+      >(</a
+      ><a name="12450" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12451"
+      > </a
+      ><a name="12452" href="Stlc.html#12409" class="Bound"
+      >x</a
+      ><a name="12453"
+      > </a
+      ><a name="12454" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12456"
+      > </a
+      ><a name="12457" href="Stlc.html#12414" class="Bound"
+      >v</a
+      ><a name="12458"
+      > </a
+      ><a name="12459" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12460"
+      > </a
+      ><a name="12461" href="Stlc.html#12425" class="Bound"
+      >t</a
+      ><a name="12462" class="Symbol"
+      >)</a
+      ><a name="12463"
+      >
+</a
+      ><a name="12464" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12465"
+      > </a
+      ><a name="12466" href="Stlc.html#12466" class="Bound"
+      >x</a
+      ><a name="12467"
+      > </a
+      ><a name="12468" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12470"
+      > </a
+      ><a name="12471" href="Stlc.html#12471" class="Bound"
+      >v</a
+      ><a name="12472"
+      > </a
+      ><a name="12473" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12474"
+      > </a
+      ><a name="12475" class="Symbol"
+      >(</a
+      ><a name="12476" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="12479"
+      > </a
+      ><a name="12480" href="Stlc.html#12480" class="Bound"
+      >y</a
+      ><a name="12481"
+      > </a
+      ><a name="12482" href="Stlc.html#12482" class="Bound"
+      >A</a
+      ><a name="12483"
+      > </a
+      ><a name="12484" href="Stlc.html#12484" class="Bound"
+      >t</a
+      ><a name="12485" class="Symbol"
+      >)</a
+      ><a name="12486"
+      > </a
+      ><a name="12487" class="Keyword"
+      >with</a
+      ><a name="12491"
+      > </a
+      ><a name="12492" href="Stlc.html#12466" class="Bound"
+      >x</a
+      ><a name="12493"
+      > </a
+      ><a name="12494" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="12495"
+      > </a
+      ><a name="12496" href="Stlc.html#12480" class="Bound"
+      >y</a
+      ><a name="12497"
+      >
+</a
+      ><a name="12498" class="Symbol"
+      >...</a
+      ><a name="12501"
+      > </a
+      ><a name="12502" class="Symbol"
+      >|</a
+      ><a name="12503"
+      > </a
+      ><a name="12504" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="12507"
+      > </a
+      ><a name="12508" href="Stlc.html#12508" class="Bound"
+      >x=y</a
+      ><a name="12511"
+      > </a
+      ><a name="12512" class="Symbol"
+      >=</a
+      ><a name="12513"
+      > </a
+      ><a name="12514" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="12517"
+      > </a
+      ><a name="12518" href="Stlc.html#12480" class="Bound"
+      >y</a
+      ><a name="12519"
+      > </a
+      ><a name="12520" href="Stlc.html#12482" class="Bound"
+      >A</a
+      ><a name="12521"
+      > </a
+      ><a name="12522" href="Stlc.html#12484" class="Bound"
+      >t</a
+      ><a name="12523"
+      >
+</a
+      ><a name="12524" class="Symbol"
+      >...</a
+      ><a name="12527"
+      > </a
+      ><a name="12528" class="Symbol"
+      >|</a
+      ><a name="12529"
+      > </a
+      ><a name="12530" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="12532"
+      >  </a
+      ><a name="12534" href="Stlc.html#12534" class="Bound"
+      >x&#8800;y</a
+      ><a name="12537"
+      > </a
+      ><a name="12538" class="Symbol"
+      >=</a
+      ><a name="12539"
+      > </a
+      ><a name="12540" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="12543"
+      > </a
+      ><a name="12544" href="Stlc.html#12480" class="Bound"
+      >y</a
+      ><a name="12545"
+      > </a
+      ><a name="12546" href="Stlc.html#12482" class="Bound"
+      >A</a
+      ><a name="12547"
+      > </a
+      ><a name="12548" class="Symbol"
+      >(</a
+      ><a name="12549" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12550"
+      > </a
+      ><a name="12551" href="Stlc.html#12466" class="Bound"
+      >x</a
+      ><a name="12552"
+      > </a
+      ><a name="12553" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12555"
+      > </a
+      ><a name="12556" href="Stlc.html#12471" class="Bound"
+      >v</a
+      ><a name="12557"
+      > </a
+      ><a name="12558" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12559"
+      > </a
+      ><a name="12560" href="Stlc.html#12484" class="Bound"
+      >t</a
+      ><a name="12561" class="Symbol"
+      >)</a
+      ><a name="12562"
+      >
+</a
+      ><a name="12563" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12564"
+      > </a
+      ><a name="12565" href="Stlc.html#12565" class="Bound"
+      >x</a
+      ><a name="12566"
+      > </a
+      ><a name="12567" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12569"
+      > </a
+      ><a name="12570" href="Stlc.html#12570" class="Bound"
+      >v</a
+      ><a name="12571"
+      > </a
+      ><a name="12572" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12573"
+      > </a
+      ><a name="12574" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="12578"
+      >  </a
+      ><a name="12580" class="Symbol"
+      >=</a
+      ><a name="12581"
+      > </a
+      ><a name="12582" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="12586"
+      >
+</a
+      ><a name="12587" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12588"
+      > </a
+      ><a name="12589" href="Stlc.html#12589" class="Bound"
+      >x</a
+      ><a name="12590"
+      > </a
+      ><a name="12591" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12593"
+      > </a
+      ><a name="12594" href="Stlc.html#12594" class="Bound"
+      >v</a
+      ><a name="12595"
+      > </a
+      ><a name="12596" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12597"
+      > </a
+      ><a name="12598" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="12603"
+      > </a
+      ><a name="12604" class="Symbol"
+      >=</a
+      ><a name="12605"
+      > </a
+      ><a name="12606" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="12611"
+      >
+</a
+      ><a name="12612" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12613"
+      > </a
+      ><a name="12614" href="Stlc.html#12614" class="Bound"
+      >x</a
+      ><a name="12615"
+      > </a
+      ><a name="12616" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12618"
+      > </a
+      ><a name="12619" href="Stlc.html#12619" class="Bound"
+      >v</a
+      ><a name="12620"
+      > </a
+      ><a name="12621" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12622"
+      > </a
+      ><a name="12623" class="Symbol"
+      >(</a
+      ><a name="12624" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="12626"
+      > </a
+      ><a name="12627" href="Stlc.html#12627" class="Bound"
+      >s</a
+      ><a name="12628"
+      > </a
+      ><a name="12629" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="12633"
+      > </a
+      ><a name="12634" href="Stlc.html#12634" class="Bound"
+      >t</a
+      ><a name="12635"
+      > </a
+      ><a name="12636" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="12640"
+      > </a
+      ><a name="12641" href="Stlc.html#12641" class="Bound"
+      >u</a
+      ><a name="12642" class="Symbol"
+      >)</a
+      ><a name="12643"
+      > </a
+      ><a name="12644" class="Symbol"
+      >=</a
+      ><a name="12645"
+      >
+  </a
+      ><a name="12648" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="12650"
+      > </a
+      ><a name="12651" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12652"
+      > </a
+      ><a name="12653" href="Stlc.html#12614" class="Bound"
+      >x</a
+      ><a name="12654"
+      > </a
+      ><a name="12655" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12657"
+      > </a
+      ><a name="12658" href="Stlc.html#12619" class="Bound"
+      >v</a
+      ><a name="12659"
+      > </a
+      ><a name="12660" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12661"
+      > </a
+      ><a name="12662" href="Stlc.html#12627" class="Bound"
+      >s</a
+      ><a name="12663"
+      > </a
+      ><a name="12664" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="12668"
+      > </a
+      ><a name="12669" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12670"
+      > </a
+      ><a name="12671" href="Stlc.html#12614" class="Bound"
+      >x</a
+      ><a name="12672"
+      > </a
+      ><a name="12673" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12675"
+      > </a
+      ><a name="12676" href="Stlc.html#12619" class="Bound"
+      >v</a
+      ><a name="12677"
+      > </a
+      ><a name="12678" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12679"
+      > </a
+      ><a name="12680" href="Stlc.html#12634" class="Bound"
+      >t</a
+      ><a name="12681"
+      > </a
+      ><a name="12682" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="12686"
+      >  </a
+      ><a name="12688" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="12689"
+      > </a
+      ><a name="12690" href="Stlc.html#12614" class="Bound"
+      >x</a
+      ><a name="12691"
+      > </a
+      ><a name="12692" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="12694"
+      > </a
+      ><a name="12695" href="Stlc.html#12619" class="Bound"
+      >v</a
+      ><a name="12696"
+      > </a
+      ><a name="12697" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="12698"
+      > </a
+      ><a name="12699" href="Stlc.html#12641" class="Bound"
+      >u</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="12747" class="Keyword"
+      >infix</a
+      ><a name="12752"
+      > </a
+      ><a name="12753" class="Number"
+      >9</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+_Technical note_: Substitution becomes trickier to define if we
+consider the case where $$s$$, the term being substituted for a
+variable in some other term, may itself contain free variables.
+Since we are only interested here in defining the small-step relation
+on closed terms (i.e., terms like $$\lambda x:bool. x$$ that include
+binders for all of the variables they mention), we can avoid this
+extra complexity here, but it must be dealt with when formalizing
+richer languages.
+
+
+#### Exercise: 3 stars (subst-correct)
+The definition that we gave above defines substitution as a _function_.
+Suppose, instead, we wanted to define substitution as an inductive _relation_.
+We've begun the definition by providing the `data` header and
+one of the constructors; your job is to fill in the rest of the constructors
+and prove that the relation you've defined coincides with the function given
+above.
+<!--{% raw %}--><pre class="Agda">
+<a name="13691" class="Keyword"
+      >data</a
+      ><a name="13695"
+      > </a
+      ><a name="13696" href="Stlc.html#13696" class="Datatype Operator"
+      >[_:=_]_==&gt;_</a
+      ><a name="13707"
+      > </a
+      ><a name="13708" class="Symbol"
+      >(</a
+      ><a name="13709" href="Stlc.html#13709" class="Bound"
+      >x</a
+      ><a name="13710"
+      > </a
+      ><a name="13711" class="Symbol"
+      >:</a
+      ><a name="13712"
+      > </a
+      ><a name="13713" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="13715" class="Symbol"
+      >)</a
+      ><a name="13716"
+      > </a
+      ><a name="13717" class="Symbol"
+      >(</a
+      ><a name="13718" href="Stlc.html#13718" class="Bound"
+      >s</a
+      ><a name="13719"
+      > </a
+      ><a name="13720" class="Symbol"
+      >:</a
+      ><a name="13721"
+      > </a
+      ><a name="13722" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="13726" class="Symbol"
+      >)</a
+      ><a name="13727"
+      > </a
+      ><a name="13728" class="Symbol"
+      >:</a
+      ><a name="13729"
+      > </a
+      ><a name="13730" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="13734"
+      > </a
+      ><a name="13735" class="Symbol"
+      >-&gt;</a
+      ><a name="13737"
+      > </a
+      ><a name="13738" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="13742"
+      > </a
+      ><a name="13743" class="Symbol"
+      >-&gt;</a
+      ><a name="13745"
+      > </a
+      ><a name="13746" class="PrimitiveType"
+      >Set</a
+      ><a name="13749"
+      > </a
+      ><a name="13750" class="Keyword"
+      >where</a
+      ><a name="13755"
+      >
+  </a
+      ><a name="13758" href="Stlc.html#13758" class="InductiveConstructor"
+      >var1</a
+      ><a name="13762"
+      > </a
+      ><a name="13763" class="Symbol"
+      >:</a
+      ><a name="13764"
+      > </a
+      ><a name="13765" href="Stlc.html#13696" class="Datatype Operator"
+      >[</a
+      ><a name="13766"
+      > </a
+      ><a name="13767" href="Stlc.html#13709" class="Bound"
+      >x</a
+      ><a name="13768"
+      > </a
+      ><a name="13769" href="Stlc.html#13696" class="Datatype Operator"
+      >:=</a
+      ><a name="13771"
+      > </a
+      ><a name="13772" href="Stlc.html#13718" class="Bound"
+      >s</a
+      ><a name="13773"
+      > </a
+      ><a name="13774" href="Stlc.html#13696" class="Datatype Operator"
+      >]</a
+      ><a name="13775"
+      > </a
+      ><a name="13776" class="Symbol"
+      >(</a
+      ><a name="13777" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="13780"
+      > </a
+      ><a name="13781" href="Stlc.html#13709" class="Bound"
+      >x</a
+      ><a name="13782" class="Symbol"
+      >)</a
+      ><a name="13783"
+      > </a
+      ><a name="13784" href="Stlc.html#13696" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="13787"
+      > </a
+      ><a name="13788" href="Stlc.html#13718" class="Bound"
+      >s</a
+      ><a name="13789"
+      >
+  </a
+      ><a name="13792" class="Comment"
+      >{- FILL IN HERE -}</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+<a name="13836" class="Keyword"
+      >postulate</a
+      ><a name="13845"
+      >
+  </a
+      ><a name="13848" href="Stlc.html#13848" class="Postulate"
+      >subst-correct</a
+      ><a name="13861"
+      > </a
+      ><a name="13862" class="Symbol"
+      >:</a
+      ><a name="13863"
+      > </a
+      ><a name="13864" class="Symbol"
+      >&#8704;</a
+      ><a name="13865"
+      > </a
+      ><a name="13866" href="Stlc.html#13866" class="Bound"
+      >s</a
+      ><a name="13867"
+      > </a
+      ><a name="13868" href="Stlc.html#13868" class="Bound"
+      >x</a
+      ><a name="13869"
+      > </a
+      ><a name="13870" href="Stlc.html#13870" class="Bound"
+      >t</a
+      ><a name="13871"
+      > </a
+      ><a name="13872" href="Stlc.html#13872" class="Bound"
+      >t'</a
+      ><a name="13874"
+      >
+                </a
+      ><a name="13891" class="Symbol"
+      >&#8594;</a
+      ><a name="13892"
+      > </a
+      ><a name="13893" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="13894"
+      > </a
+      ><a name="13895" href="Stlc.html#13868" class="Bound"
+      >x</a
+      ><a name="13896"
+      > </a
+      ><a name="13897" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="13899"
+      > </a
+      ><a name="13900" href="Stlc.html#13866" class="Bound"
+      >s</a
+      ><a name="13901"
+      > </a
+      ><a name="13902" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="13903"
+      > </a
+      ><a name="13904" href="Stlc.html#13870" class="Bound"
+      >t</a
+      ><a name="13905"
+      > </a
+      ><a name="13906" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="13907"
+      > </a
+      ><a name="13908" href="Stlc.html#13872" class="Bound"
+      >t'</a
+      ><a name="13910"
+      >
+                </a
+      ><a name="13927" class="Symbol"
+      >&#8594;</a
+      ><a name="13928"
+      > </a
+      ><a name="13929" href="Stlc.html#13696" class="Datatype Operator"
+      >[</a
+      ><a name="13930"
+      > </a
+      ><a name="13931" href="Stlc.html#13868" class="Bound"
+      >x</a
+      ><a name="13932"
+      > </a
+      ><a name="13933" href="Stlc.html#13696" class="Datatype Operator"
+      >:=</a
+      ><a name="13935"
+      > </a
+      ><a name="13936" href="Stlc.html#13866" class="Bound"
+      >s</a
+      ><a name="13937"
+      > </a
+      ><a name="13938" href="Stlc.html#13696" class="Datatype Operator"
+      >]</a
+      ><a name="13939"
+      > </a
+      ><a name="13940" href="Stlc.html#13870" class="Bound"
+      >t</a
+      ><a name="13941"
+      > </a
+      ><a name="13942" href="Stlc.html#13696" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="13945"
+      > </a
+      ><a name="13946" href="Stlc.html#13872" class="Bound"
+      >t'</a
+      >
+</pre><!--{% endraw %}-->
+
+
+### Reduction
+
+The small-step reduction relation for STLC now follows the
+same pattern as the ones we have seen before.  Intuitively, to
+reduce a function application, we first reduce its left-hand
+side (the function) until it becomes an abstraction; then we
+reduce its right-hand side (the argument) until it is also a
+value; and finally we substitute the argument for the bound
+variable in the body of the abstraction.  This last rule, written
+informally as
+
+$$
+(\lambda x : A . t) v \Longrightarrow [x:=v]t
+$$
+
+is traditionally called "beta-reduction".
+
+$$
+\begin{array}{cl}
+  \frac{value(v)}{(\lambda x : A . t) v \Longrightarrow [x:=v]t}&(red)\\\\
+  \frac{s \Longrightarrow s'}{s\;t \Longrightarrow s'\;t}&(app1)\\\\
+  \frac{value(v)\quad t \Longrightarrow t'}{v\;t \Longrightarrow v\;t'}&(app2)
+\end{array}
+$$
+
+... plus the usual rules for booleans:
+
+$$
+\begin{array}{cl}
+  \frac{}{(\text{if }true\text{ then }t_1\text{ else }t_2) \Longrightarrow t_1}&(iftrue)\\\\
+  \frac{}{(\text{if }false\text{ then }t_1\text{ else }t_2) \Longrightarrow t_2}&(iffalse)\\\\
+  \frac{s \Longrightarrow s'}{\text{if }s\text{ then }t_1\text{ else }t_2
+    \Longrightarrow \text{if }s\text{ then }t_1\text{ else }t_2}&(if)
+\end{array}
+$$
+
+Formally:
+
+<!--{% raw %}--><pre class="Agda">
+<a name="15212" class="Keyword"
+      >data</a
+      ><a name="15216"
+      > </a
+      ><a name="15217" href="Stlc.html#15217" class="Datatype Operator"
+      >_==&gt;_</a
+      ><a name="15222"
+      > </a
+      ><a name="15223" class="Symbol"
+      >:</a
+      ><a name="15224"
+      > </a
+      ><a name="15225" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="15229"
+      > </a
+      ><a name="15230" class="Symbol"
+      >&#8594;</a
+      ><a name="15231"
+      > </a
+      ><a name="15232" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="15236"
+      > </a
+      ><a name="15237" class="Symbol"
+      >&#8594;</a
+      ><a name="15238"
+      > </a
+      ><a name="15239" class="PrimitiveType"
+      >Set</a
+      ><a name="15242"
+      > </a
+      ><a name="15243" class="Keyword"
+      >where</a
+      ><a name="15248"
+      >
+  </a
+      ><a name="15251" href="Stlc.html#15251" class="InductiveConstructor"
+      >red</a
+      ><a name="15254"
+      >     </a
+      ><a name="15259" class="Symbol"
+      >:</a
+      ><a name="15260"
+      > </a
+      ><a name="15261" class="Symbol"
+      >&#8704;</a
+      ><a name="15262"
+      > </a
+      ><a name="15263" class="Symbol"
+      >{</a
+      ><a name="15264" href="Stlc.html#15264" class="Bound"
+      >x</a
+      ><a name="15265"
+      > </a
+      ><a name="15266" href="Stlc.html#15266" class="Bound"
+      >A</a
+      ><a name="15267"
+      > </a
+      ><a name="15268" href="Stlc.html#15268" class="Bound"
+      >s</a
+      ><a name="15269"
+      > </a
+      ><a name="15270" href="Stlc.html#15270" class="Bound"
+      >t</a
+      ><a name="15271" class="Symbol"
+      >}</a
+      ><a name="15272"
+      >
+          </a
+      ><a name="15283" class="Symbol"
+      >&#8594;</a
+      ><a name="15284"
+      > </a
+      ><a name="15285" href="Stlc.html#9080" class="Datatype"
+      >Value</a
+      ><a name="15290"
+      > </a
+      ><a name="15291" href="Stlc.html#15270" class="Bound"
+      >t</a
+      ><a name="15292"
+      >
+          </a
+      ><a name="15303" class="Symbol"
+      >&#8594;</a
+      ><a name="15304"
+      > </a
+      ><a name="15305" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="15308"
+      > </a
+      ><a name="15309" class="Symbol"
+      >(</a
+      ><a name="15310" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="15313"
+      > </a
+      ><a name="15314" href="Stlc.html#15264" class="Bound"
+      >x</a
+      ><a name="15315"
+      > </a
+      ><a name="15316" href="Stlc.html#15266" class="Bound"
+      >A</a
+      ><a name="15317"
+      > </a
+      ><a name="15318" href="Stlc.html#15268" class="Bound"
+      >s</a
+      ><a name="15319" class="Symbol"
+      >)</a
+      ><a name="15320"
+      > </a
+      ><a name="15321" href="Stlc.html#15270" class="Bound"
+      >t</a
+      ><a name="15322"
+      > </a
+      ><a name="15323" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="15326"
+      > </a
+      ><a name="15327" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="15328"
+      > </a
+      ><a name="15329" href="Stlc.html#15264" class="Bound"
+      >x</a
+      ><a name="15330"
+      > </a
+      ><a name="15331" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="15333"
+      > </a
+      ><a name="15334" href="Stlc.html#15270" class="Bound"
+      >t</a
+      ><a name="15335"
+      > </a
+      ><a name="15336" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="15337"
+      > </a
+      ><a name="15338" href="Stlc.html#15268" class="Bound"
+      >s</a
+      ><a name="15339"
+      >
+  </a
+      ><a name="15342" href="Stlc.html#15342" class="InductiveConstructor"
+      >app1</a
+      ><a name="15346"
+      >    </a
+      ><a name="15350" class="Symbol"
+      >:</a
+      ><a name="15351"
+      > </a
+      ><a name="15352" class="Symbol"
+      >&#8704;</a
+      ><a name="15353"
+      > </a
+      ><a name="15354" class="Symbol"
+      >{</a
+      ><a name="15355" href="Stlc.html#15355" class="Bound"
+      >s</a
+      ><a name="15356"
+      > </a
+      ><a name="15357" href="Stlc.html#15357" class="Bound"
+      >s'</a
+      ><a name="15359"
+      > </a
+      ><a name="15360" href="Stlc.html#15360" class="Bound"
+      >t</a
+      ><a name="15361" class="Symbol"
+      >}</a
+      ><a name="15362"
+      >
+          </a
+      ><a name="15373" class="Symbol"
+      >&#8594;</a
+      ><a name="15374"
+      > </a
+      ><a name="15375" href="Stlc.html#15355" class="Bound"
+      >s</a
+      ><a name="15376"
+      > </a
+      ><a name="15377" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="15380"
+      > </a
+      ><a name="15381" href="Stlc.html#15357" class="Bound"
+      >s'</a
+      ><a name="15383"
+      >
+          </a
+      ><a name="15394" class="Symbol"
+      >&#8594;</a
+      ><a name="15395"
+      > </a
+      ><a name="15396" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="15399"
+      > </a
+      ><a name="15400" href="Stlc.html#15355" class="Bound"
+      >s</a
+      ><a name="15401"
+      > </a
+      ><a name="15402" href="Stlc.html#15360" class="Bound"
+      >t</a
+      ><a name="15403"
+      > </a
+      ><a name="15404" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="15407"
+      > </a
+      ><a name="15408" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="15411"
+      > </a
+      ><a name="15412" href="Stlc.html#15357" class="Bound"
+      >s'</a
+      ><a name="15414"
+      > </a
+      ><a name="15415" href="Stlc.html#15360" class="Bound"
+      >t</a
+      ><a name="15416"
+      >
+  </a
+      ><a name="15419" href="Stlc.html#15419" class="InductiveConstructor"
+      >app2</a
+      ><a name="15423"
+      >    </a
+      ><a name="15427" class="Symbol"
+      >:</a
+      ><a name="15428"
+      > </a
+      ><a name="15429" class="Symbol"
+      >&#8704;</a
+      ><a name="15430"
+      > </a
+      ><a name="15431" class="Symbol"
+      >{</a
+      ><a name="15432" href="Stlc.html#15432" class="Bound"
+      >s</a
+      ><a name="15433"
+      > </a
+      ><a name="15434" href="Stlc.html#15434" class="Bound"
+      >t</a
+      ><a name="15435"
+      > </a
+      ><a name="15436" href="Stlc.html#15436" class="Bound"
+      >t'</a
+      ><a name="15438" class="Symbol"
+      >}</a
+      ><a name="15439"
+      >
+          </a
+      ><a name="15450" class="Symbol"
+      >&#8594;</a
+      ><a name="15451"
+      > </a
+      ><a name="15452" href="Stlc.html#9080" class="Datatype"
+      >Value</a
+      ><a name="15457"
+      > </a
+      ><a name="15458" href="Stlc.html#15432" class="Bound"
+      >s</a
+      ><a name="15459"
+      >
+          </a
+      ><a name="15470" class="Symbol"
+      >&#8594;</a
+      ><a name="15471"
+      > </a
+      ><a name="15472" href="Stlc.html#15434" class="Bound"
+      >t</a
+      ><a name="15473"
+      > </a
+      ><a name="15474" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="15477"
+      > </a
+      ><a name="15478" href="Stlc.html#15436" class="Bound"
+      >t'</a
+      ><a name="15480"
+      >
+          </a
+      ><a name="15491" class="Symbol"
+      >&#8594;</a
+      ><a name="15492"
+      > </a
+      ><a name="15493" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="15496"
+      > </a
+      ><a name="15497" href="Stlc.html#15432" class="Bound"
+      >s</a
+      ><a name="15498"
+      > </a
+      ><a name="15499" href="Stlc.html#15434" class="Bound"
+      >t</a
+      ><a name="15500"
+      > </a
+      ><a name="15501" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="15504"
+      > </a
+      ><a name="15505" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="15508"
+      > </a
+      ><a name="15509" href="Stlc.html#15432" class="Bound"
+      >s</a
+      ><a name="15510"
+      > </a
+      ><a name="15511" href="Stlc.html#15436" class="Bound"
+      >t'</a
+      ><a name="15513"
+      >
+  </a
+      ><a name="15516" href="Stlc.html#15516" class="InductiveConstructor"
+      >if</a
+      ><a name="15518"
+      >      </a
+      ><a name="15524" class="Symbol"
+      >:</a
+      ><a name="15525"
+      > </a
+      ><a name="15526" class="Symbol"
+      >&#8704;</a
+      ><a name="15527"
+      > </a
+      ><a name="15528" class="Symbol"
+      >{</a
+      ><a name="15529" href="Stlc.html#15529" class="Bound"
+      >s</a
+      ><a name="15530"
+      > </a
+      ><a name="15531" href="Stlc.html#15531" class="Bound"
+      >s'</a
+      ><a name="15533"
+      > </a
+      ><a name="15534" href="Stlc.html#15534" class="Bound"
+      >t</a
+      ><a name="15535"
+      > </a
+      ><a name="15536" href="Stlc.html#15536" class="Bound"
+      >u</a
+      ><a name="15537" class="Symbol"
+      >}</a
+      ><a name="15538"
+      >
+          </a
+      ><a name="15549" class="Symbol"
+      >&#8594;</a
+      ><a name="15550"
+      > </a
+      ><a name="15551" href="Stlc.html#15529" class="Bound"
+      >s</a
+      ><a name="15552"
+      > </a
+      ><a name="15553" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="15556"
+      > </a
+      ><a name="15557" href="Stlc.html#15531" class="Bound"
+      >s'</a
+      ><a name="15559"
+      >
+          </a
+      ><a name="15570" class="Symbol"
+      >&#8594;</a
+      ><a name="15571"
+      > </a
+      ><a name="15572" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="15574"
+      > </a
+      ><a name="15575" href="Stlc.html#15529" class="Bound"
+      >s</a
+      ><a name="15576"
+      > </a
+      ><a name="15577" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="15581"
+      > </a
+      ><a name="15582" href="Stlc.html#15534" class="Bound"
+      >t</a
+      ><a name="15583"
+      > </a
+      ><a name="15584" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="15588"
+      > </a
+      ><a name="15589" href="Stlc.html#15536" class="Bound"
+      >u</a
+      ><a name="15590"
+      > </a
+      ><a name="15591" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="15594"
+      > </a
+      ><a name="15595" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="15597"
+      > </a
+      ><a name="15598" href="Stlc.html#15531" class="Bound"
+      >s'</a
+      ><a name="15600"
+      > </a
+      ><a name="15601" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="15605"
+      > </a
+      ><a name="15606" href="Stlc.html#15534" class="Bound"
+      >t</a
+      ><a name="15607"
+      > </a
+      ><a name="15608" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="15612"
+      > </a
+      ><a name="15613" href="Stlc.html#15536" class="Bound"
+      >u</a
+      ><a name="15614"
+      >
+  </a
+      ><a name="15617" href="Stlc.html#15617" class="InductiveConstructor"
+      >iftrue</a
+      ><a name="15623"
+      >  </a
+      ><a name="15625" class="Symbol"
+      >:</a
+      ><a name="15626"
+      > </a
+      ><a name="15627" class="Symbol"
+      >&#8704;</a
+      ><a name="15628"
+      > </a
+      ><a name="15629" class="Symbol"
+      >{</a
+      ><a name="15630" href="Stlc.html#15630" class="Bound"
+      >s</a
+      ><a name="15631"
+      > </a
+      ><a name="15632" href="Stlc.html#15632" class="Bound"
+      >t</a
+      ><a name="15633" class="Symbol"
+      >}</a
+      ><a name="15634"
+      >
+          </a
+      ><a name="15645" class="Symbol"
+      >&#8594;</a
+      ><a name="15646"
+      > </a
+      ><a name="15647" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="15649"
+      > </a
+      ><a name="15650" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="15654"
+      > </a
+      ><a name="15655" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="15659"
+      > </a
+      ><a name="15660" href="Stlc.html#15630" class="Bound"
+      >s</a
+      ><a name="15661"
+      > </a
+      ><a name="15662" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="15666"
+      > </a
+      ><a name="15667" href="Stlc.html#15632" class="Bound"
+      >t</a
+      ><a name="15668"
+      > </a
+      ><a name="15669" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="15672"
+      > </a
+      ><a name="15673" href="Stlc.html#15630" class="Bound"
+      >s</a
+      ><a name="15674"
+      >
+  </a
+      ><a name="15677" href="Stlc.html#15677" class="InductiveConstructor"
+      >iffalse</a
+      ><a name="15684"
+      > </a
+      ><a name="15685" class="Symbol"
+      >:</a
+      ><a name="15686"
+      > </a
+      ><a name="15687" class="Symbol"
+      >&#8704;</a
+      ><a name="15688"
+      > </a
+      ><a name="15689" class="Symbol"
+      >{</a
+      ><a name="15690" href="Stlc.html#15690" class="Bound"
+      >s</a
+      ><a name="15691"
+      > </a
+      ><a name="15692" href="Stlc.html#15692" class="Bound"
+      >t</a
+      ><a name="15693" class="Symbol"
+      >}</a
+      ><a name="15694"
+      >
+          </a
+      ><a name="15705" class="Symbol"
+      >&#8594;</a
+      ><a name="15706"
+      > </a
+      ><a name="15707" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="15709"
+      > </a
+      ><a name="15710" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="15715"
+      > </a
+      ><a name="15716" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="15720"
+      > </a
+      ><a name="15721" href="Stlc.html#15690" class="Bound"
+      >s</a
+      ><a name="15722"
+      > </a
+      ><a name="15723" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="15727"
+      > </a
+      ><a name="15728" href="Stlc.html#15692" class="Bound"
+      >t</a
+      ><a name="15729"
+      > </a
+      ><a name="15730" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="15733"
+      > </a
+      ><a name="15734" href="Stlc.html#15692" class="Bound"
+      >t</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="15782" class="Keyword"
+      >infix</a
+      ><a name="15787"
+      > </a
+      ><a name="15788" class="Number"
+      >1</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+<!--{% raw %}--><pre class="Agda">
+<a name="15828" class="Keyword"
+      >data</a
+      ><a name="15832"
+      > </a
+      ><a name="15833" href="Stlc.html#15833" class="Datatype"
+      >Multi</a
+      ><a name="15838"
+      > </a
+      ><a name="15839" class="Symbol"
+      >(</a
+      ><a name="15840" href="Stlc.html#15840" class="Bound"
+      >R</a
+      ><a name="15841"
+      > </a
+      ><a name="15842" class="Symbol"
+      >:</a
+      ><a name="15843"
+      > </a
+      ><a name="15844" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="15848"
+      > </a
+      ><a name="15849" class="Symbol"
+      >&#8594;</a
+      ><a name="15850"
+      > </a
+      ><a name="15851" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="15855"
+      > </a
+      ><a name="15856" class="Symbol"
+      >&#8594;</a
+      ><a name="15857"
+      > </a
+      ><a name="15858" class="PrimitiveType"
+      >Set</a
+      ><a name="15861" class="Symbol"
+      >)</a
+      ><a name="15862"
+      > </a
+      ><a name="15863" class="Symbol"
+      >:</a
+      ><a name="15864"
+      > </a
+      ><a name="15865" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="15869"
+      > </a
+      ><a name="15870" class="Symbol"
+      >&#8594;</a
+      ><a name="15871"
+      > </a
+      ><a name="15872" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="15876"
+      > </a
+      ><a name="15877" class="Symbol"
+      >&#8594;</a
+      ><a name="15878"
+      > </a
+      ><a name="15879" class="PrimitiveType"
+      >Set</a
+      ><a name="15882"
+      > </a
+      ><a name="15883" class="Keyword"
+      >where</a
+      ><a name="15888"
+      >
+  </a
+      ><a name="15891" href="Stlc.html#15891" class="InductiveConstructor"
+      >refl</a
+      ><a name="15895"
+      > </a
+      ><a name="15896" class="Symbol"
+      >:</a
+      ><a name="15897"
+      > </a
+      ><a name="15898" class="Symbol"
+      >&#8704;</a
+      ><a name="15899"
+      > </a
+      ><a name="15900" class="Symbol"
+      >{</a
+      ><a name="15901" href="Stlc.html#15901" class="Bound"
+      >x</a
+      ><a name="15902" class="Symbol"
+      >}</a
+      ><a name="15903"
+      > </a
+      ><a name="15904" class="Symbol"
+      >-&gt;</a
+      ><a name="15906"
+      > </a
+      ><a name="15907" href="Stlc.html#15833" class="Datatype"
+      >Multi</a
+      ><a name="15912"
+      > </a
+      ><a name="15913" href="Stlc.html#15840" class="Bound"
+      >R</a
+      ><a name="15914"
+      > </a
+      ><a name="15915" href="Stlc.html#15901" class="Bound"
+      >x</a
+      ><a name="15916"
+      > </a
+      ><a name="15917" href="Stlc.html#15901" class="Bound"
+      >x</a
+      ><a name="15918"
+      >
+  </a
+      ><a name="15921" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="15925"
+      > </a
+      ><a name="15926" class="Symbol"
+      >:</a
+      ><a name="15927"
+      > </a
+      ><a name="15928" class="Symbol"
+      >&#8704;</a
+      ><a name="15929"
+      > </a
+      ><a name="15930" class="Symbol"
+      >{</a
+      ><a name="15931" href="Stlc.html#15931" class="Bound"
+      >x</a
+      ><a name="15932"
+      > </a
+      ><a name="15933" href="Stlc.html#15933" class="Bound"
+      >y</a
+      ><a name="15934"
+      > </a
+      ><a name="15935" href="Stlc.html#15935" class="Bound"
+      >z</a
+      ><a name="15936" class="Symbol"
+      >}</a
+      ><a name="15937"
+      > </a
+      ><a name="15938" class="Symbol"
+      >-&gt;</a
+      ><a name="15940"
+      > </a
+      ><a name="15941" href="Stlc.html#15840" class="Bound"
+      >R</a
+      ><a name="15942"
+      > </a
+      ><a name="15943" href="Stlc.html#15931" class="Bound"
+      >x</a
+      ><a name="15944"
+      > </a
+      ><a name="15945" href="Stlc.html#15933" class="Bound"
+      >y</a
+      ><a name="15946"
+      > </a
+      ><a name="15947" class="Symbol"
+      >-&gt;</a
+      ><a name="15949"
+      > </a
+      ><a name="15950" href="Stlc.html#15833" class="Datatype"
+      >Multi</a
+      ><a name="15955"
+      > </a
+      ><a name="15956" href="Stlc.html#15840" class="Bound"
+      >R</a
+      ><a name="15957"
+      > </a
+      ><a name="15958" href="Stlc.html#15933" class="Bound"
+      >y</a
+      ><a name="15959"
+      > </a
+      ><a name="15960" href="Stlc.html#15935" class="Bound"
+      >z</a
+      ><a name="15961"
+      > </a
+      ><a name="15962" class="Symbol"
+      >-&gt;</a
+      ><a name="15964"
+      > </a
+      ><a name="15965" href="Stlc.html#15833" class="Datatype"
+      >Multi</a
+      ><a name="15970"
+      > </a
+      ><a name="15971" href="Stlc.html#15840" class="Bound"
+      >R</a
+      ><a name="15972"
+      > </a
+      ><a name="15973" href="Stlc.html#15931" class="Bound"
+      >x</a
+      ><a name="15974"
+      > </a
+      ><a name="15975" href="Stlc.html#15935" class="Bound"
+      >z</a
+      >
+</pre><!--{% endraw %}-->
+
+<!--{% raw %}--><pre class="Agda">
+<a name="16002" href="Stlc.html#16002" class="Function Operator"
+      >_==&gt;*_</a
+      ><a name="16008"
+      > </a
+      ><a name="16009" class="Symbol"
+      >:</a
+      ><a name="16010"
+      > </a
+      ><a name="16011" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="16015"
+      > </a
+      ><a name="16016" class="Symbol"
+      >&#8594;</a
+      ><a name="16017"
+      > </a
+      ><a name="16018" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="16022"
+      > </a
+      ><a name="16023" class="Symbol"
+      >&#8594;</a
+      ><a name="16024"
+      > </a
+      ><a name="16025" class="PrimitiveType"
+      >Set</a
+      ><a name="16028"
+      >
+</a
+      ><a name="16029" href="Stlc.html#16002" class="Function Operator"
+      >_==&gt;*_</a
+      ><a name="16035"
+      > </a
+      ><a name="16036" class="Symbol"
+      >=</a
+      ><a name="16037"
+      > </a
+      ><a name="16038" href="Stlc.html#15833" class="Datatype"
+      >Multi</a
+      ><a name="16043"
+      > </a
+      ><a name="16044" href="Stlc.html#15217" class="Datatype Operator"
+      >_==&gt;_</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="16096" class="Symbol"
+      >{-#</a
+      ><a name="16099"
+      > </a
+      ><a name="16100" class="Keyword"
+      >DISPLAY</a
+      ><a name="16107"
+      > </a
+      ><a name="16108" href="Stlc.html#15833" class="Datatype"
+      >Multi</a
+      ><a name="16113"
+      > </a
+      ><a name="16114" href="Stlc.html#16114" class="Bound Operator"
+      >_==&gt;_</a
+      ><a name="16119"
+      > = </a
+      ><a name="16122" href="Stlc.html#16002" class="Function Operator"
+      >_==&gt;*_</a
+      ><a name="16128"
+      > </a
+      ><a name="16129" class="Symbol"
+      >#-}</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+### Examples
+
+Example:
+
+$$((\lambda x:bool\rightarrow bool. x) (\lambda x:bool. x)) \Longrightarrow^* (\lambda x:bool. x)$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="16291" href="Stlc.html#16291" class="Function"
+      >step-example1</a
+      ><a name="16304"
+      > </a
+      ><a name="16305" class="Symbol"
+      >:</a
+      ><a name="16306"
+      > </a
+      ><a name="16307" class="Symbol"
+      >(</a
+      ><a name="16308" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="16311"
+      > </a
+      ><a name="16312" href="Stlc.html#6691" class="Function"
+      >idBB</a
+      ><a name="16316"
+      > </a
+      ><a name="16317" href="Stlc.html#6585" class="Function"
+      >idB</a
+      ><a name="16320" class="Symbol"
+      >)</a
+      ><a name="16321"
+      > </a
+      ><a name="16322" href="Stlc.html#16002" class="Function Operator"
+      >==&gt;*</a
+      ><a name="16326"
+      > </a
+      ><a name="16327" href="Stlc.html#6585" class="Function"
+      >idB</a
+      ><a name="16330"
+      >
+</a
+      ><a name="16331" href="Stlc.html#16291" class="Function"
+      >step-example1</a
+      ><a name="16344"
+      > </a
+      ><a name="16345" class="Symbol"
+      >=</a
+      ><a name="16346"
+      > </a
+      ><a name="16347" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="16351"
+      > </a
+      ><a name="16352" class="Symbol"
+      >(</a
+      ><a name="16353" href="Stlc.html#15251" class="InductiveConstructor"
+      >red</a
+      ><a name="16356"
+      > </a
+      ><a name="16357" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="16360" class="Symbol"
+      >)</a
+      ><a name="16361"
+      >
+              </a
+      ><a name="16376" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >$</a
+      ><a name="16377"
+      > </a
+      ><a name="16378" href="Stlc.html#15891" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+Example:
+
+$$(\lambda x:bool\rightarrow bool. x) \;((\lambda x:bool\rightarrow bool. x)\;(\lambda x:bool. x))) \Longrightarrow^* (\lambda x:bool. x)$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="16560" href="Stlc.html#16560" class="Function"
+      >step-example2</a
+      ><a name="16573"
+      > </a
+      ><a name="16574" class="Symbol"
+      >:</a
+      ><a name="16575"
+      > </a
+      ><a name="16576" class="Symbol"
+      >(</a
+      ><a name="16577" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="16580"
+      > </a
+      ><a name="16581" href="Stlc.html#6691" class="Function"
+      >idBB</a
+      ><a name="16585"
+      > </a
+      ><a name="16586" class="Symbol"
+      >(</a
+      ><a name="16587" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="16590"
+      > </a
+      ><a name="16591" href="Stlc.html#6691" class="Function"
+      >idBB</a
+      ><a name="16595"
+      > </a
+      ><a name="16596" href="Stlc.html#6585" class="Function"
+      >idB</a
+      ><a name="16599" class="Symbol"
+      >))</a
+      ><a name="16601"
+      > </a
+      ><a name="16602" href="Stlc.html#16002" class="Function Operator"
+      >==&gt;*</a
+      ><a name="16606"
+      > </a
+      ><a name="16607" href="Stlc.html#6585" class="Function"
+      >idB</a
+      ><a name="16610"
+      >
+</a
+      ><a name="16611" href="Stlc.html#16560" class="Function"
+      >step-example2</a
+      ><a name="16624"
+      > </a
+      ><a name="16625" class="Symbol"
+      >=</a
+      ><a name="16626"
+      > </a
+      ><a name="16627" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="16631"
+      > </a
+      ><a name="16632" class="Symbol"
+      >(</a
+      ><a name="16633" href="Stlc.html#15419" class="InductiveConstructor"
+      >app2</a
+      ><a name="16637"
+      > </a
+      ><a name="16638" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="16641"
+      > </a
+      ><a name="16642" class="Symbol"
+      >(</a
+      ><a name="16643" href="Stlc.html#15251" class="InductiveConstructor"
+      >red</a
+      ><a name="16646"
+      > </a
+      ><a name="16647" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="16650" class="Symbol"
+      >))</a
+      ><a name="16652"
+      >
+              </a
+      ><a name="16667" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >$</a
+      ><a name="16668"
+      > </a
+      ><a name="16669" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="16673"
+      > </a
+      ><a name="16674" class="Symbol"
+      >(</a
+      ><a name="16675" href="Stlc.html#15251" class="InductiveConstructor"
+      >red</a
+      ><a name="16678"
+      > </a
+      ><a name="16679" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="16682" class="Symbol"
+      >)</a
+      ><a name="16683"
+      >
+              </a
+      ><a name="16698" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >$</a
+      ><a name="16699"
+      > </a
+      ><a name="16700" href="Stlc.html#15891" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+Example:
+
+$$((\lambda x:bool\rightarrow bool. x)\;(\lambda x:bool. \text{if }x\text{ then }false\text{ else }true))\;true\Longrightarrow^* false$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="16879" href="Stlc.html#16879" class="Function"
+      >step-example3</a
+      ><a name="16892"
+      > </a
+      ><a name="16893" class="Symbol"
+      >:</a
+      ><a name="16894"
+      > </a
+      ><a name="16895" class="Symbol"
+      >(</a
+      ><a name="16896" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="16899"
+      > </a
+      ><a name="16900" class="Symbol"
+      >(</a
+      ><a name="16901" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="16904"
+      > </a
+      ><a name="16905" href="Stlc.html#6691" class="Function"
+      >idBB</a
+      ><a name="16909"
+      > </a
+      ><a name="16910" href="Stlc.html#7124" class="Function"
+      >notB</a
+      ><a name="16914" class="Symbol"
+      >)</a
+      ><a name="16915"
+      > </a
+      ><a name="16916" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="16920" class="Symbol"
+      >)</a
+      ><a name="16921"
+      > </a
+      ><a name="16922" href="Stlc.html#16002" class="Function Operator"
+      >==&gt;*</a
+      ><a name="16926"
+      > </a
+      ><a name="16927" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="16932"
+      >
+</a
+      ><a name="16933" href="Stlc.html#16879" class="Function"
+      >step-example3</a
+      ><a name="16946"
+      > </a
+      ><a name="16947" class="Symbol"
+      >=</a
+      ><a name="16948"
+      > </a
+      ><a name="16949" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="16953"
+      > </a
+      ><a name="16954" class="Symbol"
+      >(</a
+      ><a name="16955" href="Stlc.html#15342" class="InductiveConstructor"
+      >app1</a
+      ><a name="16959"
+      > </a
+      ><a name="16960" class="Symbol"
+      >(</a
+      ><a name="16961" href="Stlc.html#15251" class="InductiveConstructor"
+      >red</a
+      ><a name="16964"
+      > </a
+      ><a name="16965" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="16968" class="Symbol"
+      >))</a
+      ><a name="16970"
+      >
+              </a
+      ><a name="16985" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >$</a
+      ><a name="16986"
+      > </a
+      ><a name="16987" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="16991"
+      > </a
+      ><a name="16992" class="Symbol"
+      >(</a
+      ><a name="16993" href="Stlc.html#15251" class="InductiveConstructor"
+      >red</a
+      ><a name="16996"
+      > </a
+      ><a name="16997" href="Stlc.html#9155" class="InductiveConstructor"
+      >true</a
+      ><a name="17001" class="Symbol"
+      >)</a
+      ><a name="17002"
+      >
+              </a
+      ><a name="17017" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >$</a
+      ><a name="17018"
+      > </a
+      ><a name="17019" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="17023"
+      > </a
+      ><a name="17024" href="Stlc.html#15617" class="InductiveConstructor"
+      >iftrue</a
+      ><a name="17030"
+      >
+              </a
+      ><a name="17045" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >$</a
+      ><a name="17046"
+      > </a
+      ><a name="17047" href="Stlc.html#15891" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+Example:
+
+$$((\lambda x:bool\rightarrow bool. x)\;((\lambda x:bool. \text{if }x\text{ then }false\text{ else }true)\;true))\Longrightarrow^* false$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="17228" href="Stlc.html#17228" class="Function"
+      >step-example4</a
+      ><a name="17241"
+      > </a
+      ><a name="17242" class="Symbol"
+      >:</a
+      ><a name="17243"
+      > </a
+      ><a name="17244" class="Symbol"
+      >(</a
+      ><a name="17245" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="17248"
+      > </a
+      ><a name="17249" href="Stlc.html#6691" class="Function"
+      >idBB</a
+      ><a name="17253"
+      > </a
+      ><a name="17254" class="Symbol"
+      >(</a
+      ><a name="17255" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="17258"
+      > </a
+      ><a name="17259" href="Stlc.html#7124" class="Function"
+      >notB</a
+      ><a name="17263"
+      > </a
+      ><a name="17264" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="17268" class="Symbol"
+      >))</a
+      ><a name="17270"
+      > </a
+      ><a name="17271" href="Stlc.html#16002" class="Function Operator"
+      >==&gt;*</a
+      ><a name="17275"
+      > </a
+      ><a name="17276" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="17281"
+      >
+</a
+      ><a name="17282" href="Stlc.html#17228" class="Function"
+      >step-example4</a
+      ><a name="17295"
+      > </a
+      ><a name="17296" class="Symbol"
+      >=</a
+      ><a name="17297"
+      > </a
+      ><a name="17298" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="17302"
+      > </a
+      ><a name="17303" class="Symbol"
+      >(</a
+      ><a name="17304" href="Stlc.html#15419" class="InductiveConstructor"
+      >app2</a
+      ><a name="17308"
+      > </a
+      ><a name="17309" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="17312"
+      > </a
+      ><a name="17313" class="Symbol"
+      >(</a
+      ><a name="17314" href="Stlc.html#15251" class="InductiveConstructor"
+      >red</a
+      ><a name="17317"
+      > </a
+      ><a name="17318" href="Stlc.html#9155" class="InductiveConstructor"
+      >true</a
+      ><a name="17322" class="Symbol"
+      >))</a
+      ><a name="17324"
+      >
+              </a
+      ><a name="17339" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >$</a
+      ><a name="17340"
+      > </a
+      ><a name="17341" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="17345"
+      > </a
+      ><a name="17346" class="Symbol"
+      >(</a
+      ><a name="17347" href="Stlc.html#15419" class="InductiveConstructor"
+      >app2</a
+      ><a name="17351"
+      > </a
+      ><a name="17352" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="17355"
+      > </a
+      ><a name="17356" href="Stlc.html#15617" class="InductiveConstructor"
+      >iftrue</a
+      ><a name="17362" class="Symbol"
+      >)</a
+      ><a name="17363"
+      >
+              </a
+      ><a name="17378" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >$</a
+      ><a name="17379"
+      > </a
+      ><a name="17380" href="Stlc.html#15921" class="InductiveConstructor"
+      >step</a
+      ><a name="17384"
+      > </a
+      ><a name="17385" class="Symbol"
+      >(</a
+      ><a name="17386" href="Stlc.html#15251" class="InductiveConstructor"
+      >red</a
+      ><a name="17389"
+      > </a
+      ><a name="17390" href="Stlc.html#9176" class="InductiveConstructor"
+      >false</a
+      ><a name="17395" class="Symbol"
+      >)</a
+      ><a name="17396"
+      >
+              </a
+      ><a name="17411" href="https://agda.github.io/agda-stdlib/Function.html#1835" class="Function Operator"
+      >$</a
+      ><a name="17412"
+      > </a
+      ><a name="17413" href="Stlc.html#15891" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+#### Exercise: 2 stars (step-example5)
+
+<!--{% raw %}--><pre class="Agda">
+<a name="17483" class="Keyword"
+      >postulate</a
+      ><a name="17492"
+      >
+  </a
+      ><a name="17495" href="Stlc.html#17495" class="Postulate"
+      >step-example5</a
+      ><a name="17508"
+      > </a
+      ><a name="17509" class="Symbol"
+      >:</a
+      ><a name="17510"
+      > </a
+      ><a name="17511" class="Symbol"
+      >(</a
+      ><a name="17512" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="17515"
+      > </a
+      ><a name="17516" class="Symbol"
+      >(</a
+      ><a name="17517" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="17520"
+      > </a
+      ><a name="17521" href="Stlc.html#6845" class="Function"
+      >idBBBB</a
+      ><a name="17527"
+      > </a
+      ><a name="17528" href="Stlc.html#6691" class="Function"
+      >idBB</a
+      ><a name="17532" class="Symbol"
+      >)</a
+      ><a name="17533"
+      > </a
+      ><a name="17534" href="Stlc.html#6585" class="Function"
+      >idB</a
+      ><a name="17537" class="Symbol"
+      >)</a
+      ><a name="17538"
+      > </a
+      ><a name="17539" href="Stlc.html#16002" class="Function Operator"
+      >==&gt;*</a
+      ><a name="17543"
+      > </a
+      ><a name="17544" href="Stlc.html#6585" class="Function"
+      >idB</a
+      >
+</pre><!--{% endraw %}-->
+
+## Typing
+
+Next we consider the typing relation of the STLC.
+
+### Contexts
+
+_Question_: What is the type of the term "$$x\;y$$"?
+
+_Answer_: It depends on the types of $$x$$ and $$y$$!
+
+I.e., in order to assign a type to a term, we need to know
+what assumptions we should make about the types of its free
+variables.
+
+This leads us to a three-place _typing judgment_, informally
+written $$\Gamma\vdash t : A$$, where $$\Gamma$$ is a
+"typing context"---a mapping from variables to their types.
+
+Informally, we'll write $$\Gamma , x:A$$ for "extend the partial function
+$$\Gamma$$ to also map $$x$$ to $$A$$."  Formally, we use the function `_,_∶_`
+(or "update") to add a binding to a context.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="18264" href="Stlc.html#18264" class="Function"
+      >Ctxt</a
+      ><a name="18268"
+      > </a
+      ><a name="18269" class="Symbol"
+      >:</a
+      ><a name="18270"
+      > </a
+      ><a name="18271" class="PrimitiveType"
+      >Set</a
+      ><a name="18274"
+      >
+</a
+      ><a name="18275" href="Stlc.html#18264" class="Function"
+      >Ctxt</a
+      ><a name="18279"
+      > </a
+      ><a name="18280" class="Symbol"
+      >=</a
+      ><a name="18281"
+      > </a
+      ><a name="18282" href="Maps.html#9519" class="Function"
+      >PartialMap</a
+      ><a name="18292"
+      > </a
+      ><a name="18293" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      ><a name="18297"
+      >
+
+</a
+      ><a name="18299" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="18300"
+      > </a
+      ><a name="18301" class="Symbol"
+      >:</a
+      ><a name="18302"
+      > </a
+      ><a name="18303" href="Stlc.html#18264" class="Function"
+      >Ctxt</a
+      ><a name="18307"
+      >
+</a
+      ><a name="18308" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="18309"
+      > </a
+      ><a name="18310" class="Symbol"
+      >=</a
+      ><a name="18311"
+      > </a
+      ><a name="18312" href="Maps.html#9652" class="Function"
+      >PartialMap.empty</a
+      ><a name="18328"
+      >
+
+</a
+      ><a name="18330" href="Stlc.html#18330" class="Function Operator"
+      >_,_&#8758;_</a
+      ><a name="18335"
+      > </a
+      ><a name="18336" class="Symbol"
+      >:</a
+      ><a name="18337"
+      > </a
+      ><a name="18338" href="Stlc.html#18264" class="Function"
+      >Ctxt</a
+      ><a name="18342"
+      > </a
+      ><a name="18343" class="Symbol"
+      >-&gt;</a
+      ><a name="18345"
+      > </a
+      ><a name="18346" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="18348"
+      > </a
+      ><a name="18349" class="Symbol"
+      >-&gt;</a
+      ><a name="18351"
+      > </a
+      ><a name="18352" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      ><a name="18356"
+      > </a
+      ><a name="18357" class="Symbol"
+      >-&gt;</a
+      ><a name="18359"
+      > </a
+      ><a name="18360" href="Stlc.html#18264" class="Function"
+      >Ctxt</a
+      ><a name="18364"
+      >
+</a
+      ><a name="18365" href="Stlc.html#18330" class="Function Operator"
+      >_,_&#8758;_</a
+      ><a name="18370"
+      > </a
+      ><a name="18371" class="Symbol"
+      >=</a
+      ><a name="18372"
+      > </a
+      ><a name="18373" href="Maps.html#9741" class="Function"
+      >PartialMap.update</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="18437" class="Keyword"
+      >infixl</a
+      ><a name="18443"
+      > </a
+      ><a name="18444" class="Number"
+      >3</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+
+### Typing Relation
+
+$$
+  \begin{array}{cl}
+  \frac{\Gamma\;x = A}{\Gamma\vdash{x:A}}&(var)\\\\
+  \frac{\Gamma,x:A\vdash t:B}{\Gamma\vdash (\lambda x:A.t) : A\rightarrow B}&(abs)\\\\
+  \frac{\Gamma\vdash s:A\rightarrow B\quad\Gamma\vdash t:A}{\Gamma\vdash (s\;t) : B}&(app)\\\\
+  \frac{}{\Gamma\vdash true : bool}&(true)\\\\
+  \frac{}{\Gamma\vdash false : bool}&(true)\\\\
+  \frac{\Gamma\vdash s:bool \quad \Gamma\vdash t1:A \quad \Gamma\vdash t2:A}{\Gamma\vdash\text{if }s\text{ then }t1\text{ else }t2 : A}&(if)
+  \end{array}
+$$
+
+We can read the three-place relation $$\Gamma\vdash (t : A)$$ as:
+"to the term $$t$$ we can assign the type $$A$$ using as types for
+the free variables of $$t$$ the ones specified in the context
+$$\Gamma$$."
+
+<!--{% raw %}--><pre class="Agda">
+<a name="19226" class="Keyword"
+      >data</a
+      ><a name="19230"
+      > </a
+      ><a name="19231" href="Stlc.html#19231" class="Datatype Operator"
+      >_&#8866;_&#8758;_</a
+      ><a name="19236"
+      > </a
+      ><a name="19237" class="Symbol"
+      >:</a
+      ><a name="19238"
+      > </a
+      ><a name="19239" href="Stlc.html#18264" class="Function"
+      >Ctxt</a
+      ><a name="19243"
+      > </a
+      ><a name="19244" class="Symbol"
+      >-&gt;</a
+      ><a name="19246"
+      > </a
+      ><a name="19247" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="19251"
+      > </a
+      ><a name="19252" class="Symbol"
+      >-&gt;</a
+      ><a name="19254"
+      > </a
+      ><a name="19255" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      ><a name="19259"
+      > </a
+      ><a name="19260" class="Symbol"
+      >-&gt;</a
+      ><a name="19262"
+      > </a
+      ><a name="19263" class="PrimitiveType"
+      >Set</a
+      ><a name="19266"
+      > </a
+      ><a name="19267" class="Keyword"
+      >where</a
+      ><a name="19272"
+      >
+  </a
+      ><a name="19275" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="19278"
+      >           </a
+      ><a name="19289" class="Symbol"
+      >:</a
+      ><a name="19290"
+      > </a
+      ><a name="19291" class="Symbol"
+      >&#8704;</a
+      ><a name="19292"
+      > </a
+      ><a name="19293" class="Symbol"
+      >{</a
+      ><a name="19294" href="Stlc.html#19294" class="Bound"
+      >&#915;</a
+      ><a name="19295" class="Symbol"
+      >}</a
+      ><a name="19296"
+      > </a
+      ><a name="19297" href="Stlc.html#19297" class="Bound"
+      >x</a
+      ><a name="19298"
+      > </a
+      ><a name="19299" class="Symbol"
+      >{</a
+      ><a name="19300" href="Stlc.html#19300" class="Bound"
+      >A</a
+      ><a name="19301" class="Symbol"
+      >}</a
+      ><a name="19302"
+      >
+                </a
+      ><a name="19319" class="Symbol"
+      >&#8594;</a
+      ><a name="19320"
+      > </a
+      ><a name="19321" href="Stlc.html#19294" class="Bound"
+      >&#915;</a
+      ><a name="19322"
+      > </a
+      ><a name="19323" href="Stlc.html#19297" class="Bound"
+      >x</a
+      ><a name="19324"
+      > </a
+      ><a name="19325" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="19326"
+      > </a
+      ><a name="19327" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#373" class="InductiveConstructor"
+      >just</a
+      ><a name="19331"
+      > </a
+      ><a name="19332" href="Stlc.html#19300" class="Bound"
+      >A</a
+      ><a name="19333"
+      >
+                </a
+      ><a name="19350" class="Symbol"
+      >&#8594;</a
+      ><a name="19351"
+      > </a
+      ><a name="19352" href="Stlc.html#19294" class="Bound"
+      >&#915;</a
+      ><a name="19353"
+      > </a
+      ><a name="19354" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19355"
+      > </a
+      ><a name="19356" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="19359"
+      > </a
+      ><a name="19360" href="Stlc.html#19297" class="Bound"
+      >x</a
+      ><a name="19361"
+      > </a
+      ><a name="19362" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19363"
+      > </a
+      ><a name="19364" href="Stlc.html#19300" class="Bound"
+      >A</a
+      ><a name="19365"
+      >
+  </a
+      ><a name="19368" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="19371"
+      >           </a
+      ><a name="19382" class="Symbol"
+      >:</a
+      ><a name="19383"
+      > </a
+      ><a name="19384" class="Symbol"
+      >&#8704;</a
+      ><a name="19385"
+      > </a
+      ><a name="19386" class="Symbol"
+      >{</a
+      ><a name="19387" href="Stlc.html#19387" class="Bound"
+      >&#915;</a
+      ><a name="19388" class="Symbol"
+      >}</a
+      ><a name="19389"
+      > </a
+      ><a name="19390" class="Symbol"
+      >{</a
+      ><a name="19391" href="Stlc.html#19391" class="Bound"
+      >x</a
+      ><a name="19392" class="Symbol"
+      >}</a
+      ><a name="19393"
+      > </a
+      ><a name="19394" class="Symbol"
+      >{</a
+      ><a name="19395" href="Stlc.html#19395" class="Bound"
+      >A</a
+      ><a name="19396" class="Symbol"
+      >}</a
+      ><a name="19397"
+      > </a
+      ><a name="19398" class="Symbol"
+      >{</a
+      ><a name="19399" href="Stlc.html#19399" class="Bound"
+      >B</a
+      ><a name="19400" class="Symbol"
+      >}</a
+      ><a name="19401"
+      > </a
+      ><a name="19402" class="Symbol"
+      >{</a
+      ><a name="19403" href="Stlc.html#19403" class="Bound"
+      >s</a
+      ><a name="19404" class="Symbol"
+      >}</a
+      ><a name="19405"
+      >
+                </a
+      ><a name="19422" class="Symbol"
+      >&#8594;</a
+      ><a name="19423"
+      > </a
+      ><a name="19424" href="Stlc.html#19387" class="Bound"
+      >&#915;</a
+      ><a name="19425"
+      > </a
+      ><a name="19426" href="Stlc.html#18330" class="Function Operator"
+      >,</a
+      ><a name="19427"
+      > </a
+      ><a name="19428" href="Stlc.html#19391" class="Bound"
+      >x</a
+      ><a name="19429"
+      > </a
+      ><a name="19430" href="Stlc.html#18330" class="Function Operator"
+      >&#8758;</a
+      ><a name="19431"
+      > </a
+      ><a name="19432" href="Stlc.html#19395" class="Bound"
+      >A</a
+      ><a name="19433"
+      > </a
+      ><a name="19434" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19435"
+      > </a
+      ><a name="19436" href="Stlc.html#19403" class="Bound"
+      >s</a
+      ><a name="19437"
+      > </a
+      ><a name="19438" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19439"
+      > </a
+      ><a name="19440" href="Stlc.html#19399" class="Bound"
+      >B</a
+      ><a name="19441"
+      >
+                </a
+      ><a name="19458" class="Symbol"
+      >&#8594;</a
+      ><a name="19459"
+      > </a
+      ><a name="19460" href="Stlc.html#19387" class="Bound"
+      >&#915;</a
+      ><a name="19461"
+      > </a
+      ><a name="19462" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19463"
+      > </a
+      ><a name="19464" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="19467"
+      > </a
+      ><a name="19468" href="Stlc.html#19391" class="Bound"
+      >x</a
+      ><a name="19469"
+      > </a
+      ><a name="19470" href="Stlc.html#19395" class="Bound"
+      >A</a
+      ><a name="19471"
+      > </a
+      ><a name="19472" href="Stlc.html#19403" class="Bound"
+      >s</a
+      ><a name="19473"
+      > </a
+      ><a name="19474" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19475"
+      > </a
+      ><a name="19476" href="Stlc.html#19395" class="Bound"
+      >A</a
+      ><a name="19477"
+      > </a
+      ><a name="19478" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="19479"
+      > </a
+      ><a name="19480" href="Stlc.html#19399" class="Bound"
+      >B</a
+      ><a name="19481"
+      >
+  </a
+      ><a name="19484" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="19487"
+      >           </a
+      ><a name="19498" class="Symbol"
+      >:</a
+      ><a name="19499"
+      > </a
+      ><a name="19500" class="Symbol"
+      >&#8704;</a
+      ><a name="19501"
+      > </a
+      ><a name="19502" class="Symbol"
+      >{</a
+      ><a name="19503" href="Stlc.html#19503" class="Bound"
+      >&#915;</a
+      ><a name="19504" class="Symbol"
+      >}</a
+      ><a name="19505"
+      > </a
+      ><a name="19506" class="Symbol"
+      >{</a
+      ><a name="19507" href="Stlc.html#19507" class="Bound"
+      >A</a
+      ><a name="19508" class="Symbol"
+      >}</a
+      ><a name="19509"
+      > </a
+      ><a name="19510" class="Symbol"
+      >{</a
+      ><a name="19511" href="Stlc.html#19511" class="Bound"
+      >B</a
+      ><a name="19512" class="Symbol"
+      >}</a
+      ><a name="19513"
+      > </a
+      ><a name="19514" class="Symbol"
+      >{</a
+      ><a name="19515" href="Stlc.html#19515" class="Bound"
+      >s</a
+      ><a name="19516" class="Symbol"
+      >}</a
+      ><a name="19517"
+      > </a
+      ><a name="19518" class="Symbol"
+      >{</a
+      ><a name="19519" href="Stlc.html#19519" class="Bound"
+      >t</a
+      ><a name="19520" class="Symbol"
+      >}</a
+      ><a name="19521"
+      >
+                </a
+      ><a name="19538" class="Symbol"
+      >&#8594;</a
+      ><a name="19539"
+      > </a
+      ><a name="19540" href="Stlc.html#19503" class="Bound"
+      >&#915;</a
+      ><a name="19541"
+      > </a
+      ><a name="19542" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19543"
+      > </a
+      ><a name="19544" href="Stlc.html#19515" class="Bound"
+      >s</a
+      ><a name="19545"
+      > </a
+      ><a name="19546" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19547"
+      > </a
+      ><a name="19548" href="Stlc.html#19507" class="Bound"
+      >A</a
+      ><a name="19549"
+      > </a
+      ><a name="19550" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="19551"
+      > </a
+      ><a name="19552" href="Stlc.html#19511" class="Bound"
+      >B</a
+      ><a name="19553"
+      >
+                </a
+      ><a name="19570" class="Symbol"
+      >&#8594;</a
+      ><a name="19571"
+      > </a
+      ><a name="19572" href="Stlc.html#19503" class="Bound"
+      >&#915;</a
+      ><a name="19573"
+      > </a
+      ><a name="19574" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19575"
+      > </a
+      ><a name="19576" href="Stlc.html#19519" class="Bound"
+      >t</a
+      ><a name="19577"
+      > </a
+      ><a name="19578" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19579"
+      > </a
+      ><a name="19580" href="Stlc.html#19507" class="Bound"
+      >A</a
+      ><a name="19581"
+      >
+                </a
+      ><a name="19598" class="Symbol"
+      >&#8594;</a
+      ><a name="19599"
+      > </a
+      ><a name="19600" href="Stlc.html#19503" class="Bound"
+      >&#915;</a
+      ><a name="19601"
+      > </a
+      ><a name="19602" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19603"
+      > </a
+      ><a name="19604" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="19607"
+      > </a
+      ><a name="19608" href="Stlc.html#19515" class="Bound"
+      >s</a
+      ><a name="19609"
+      > </a
+      ><a name="19610" href="Stlc.html#19519" class="Bound"
+      >t</a
+      ><a name="19611"
+      > </a
+      ><a name="19612" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19613"
+      > </a
+      ><a name="19614" href="Stlc.html#19511" class="Bound"
+      >B</a
+      ><a name="19615"
+      >
+  </a
+      ><a name="19618" href="Stlc.html#19618" class="InductiveConstructor"
+      >true</a
+      ><a name="19622"
+      >          </a
+      ><a name="19632" class="Symbol"
+      >:</a
+      ><a name="19633"
+      > </a
+      ><a name="19634" class="Symbol"
+      >&#8704;</a
+      ><a name="19635"
+      > </a
+      ><a name="19636" class="Symbol"
+      >{</a
+      ><a name="19637" href="Stlc.html#19637" class="Bound"
+      >&#915;</a
+      ><a name="19638" class="Symbol"
+      >}</a
+      ><a name="19639"
+      >
+                </a
+      ><a name="19656" class="Symbol"
+      >&#8594;</a
+      ><a name="19657"
+      > </a
+      ><a name="19658" href="Stlc.html#19637" class="Bound"
+      >&#915;</a
+      ><a name="19659"
+      > </a
+      ><a name="19660" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19661"
+      > </a
+      ><a name="19662" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="19666"
+      >  </a
+      ><a name="19668" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19669"
+      > </a
+      ><a name="19670" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="19674"
+      >
+  </a
+      ><a name="19677" href="Stlc.html#19677" class="InductiveConstructor"
+      >false</a
+      ><a name="19682"
+      >         </a
+      ><a name="19691" class="Symbol"
+      >:</a
+      ><a name="19692"
+      > </a
+      ><a name="19693" class="Symbol"
+      >&#8704;</a
+      ><a name="19694"
+      > </a
+      ><a name="19695" class="Symbol"
+      >{</a
+      ><a name="19696" href="Stlc.html#19696" class="Bound"
+      >&#915;</a
+      ><a name="19697" class="Symbol"
+      >}</a
+      ><a name="19698"
+      >
+                </a
+      ><a name="19715" class="Symbol"
+      >&#8594;</a
+      ><a name="19716"
+      > </a
+      ><a name="19717" href="Stlc.html#19696" class="Bound"
+      >&#915;</a
+      ><a name="19718"
+      > </a
+      ><a name="19719" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19720"
+      > </a
+      ><a name="19721" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="19726"
+      > </a
+      ><a name="19727" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19728"
+      > </a
+      ><a name="19729" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="19733"
+      >
+  </a
+      ><a name="19736" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if_then_else_</a
+      ><a name="19749"
+      > </a
+      ><a name="19750" class="Symbol"
+      >:</a
+      ><a name="19751"
+      > </a
+      ><a name="19752" class="Symbol"
+      >&#8704;</a
+      ><a name="19753"
+      > </a
+      ><a name="19754" class="Symbol"
+      >{</a
+      ><a name="19755" href="Stlc.html#19755" class="Bound"
+      >&#915;</a
+      ><a name="19756" class="Symbol"
+      >}</a
+      ><a name="19757"
+      > </a
+      ><a name="19758" class="Symbol"
+      >{</a
+      ><a name="19759" href="Stlc.html#19759" class="Bound"
+      >s</a
+      ><a name="19760" class="Symbol"
+      >}</a
+      ><a name="19761"
+      > </a
+      ><a name="19762" class="Symbol"
+      >{</a
+      ><a name="19763" href="Stlc.html#19763" class="Bound"
+      >t</a
+      ><a name="19764" class="Symbol"
+      >}</a
+      ><a name="19765"
+      > </a
+      ><a name="19766" class="Symbol"
+      >{</a
+      ><a name="19767" href="Stlc.html#19767" class="Bound"
+      >u</a
+      ><a name="19768" class="Symbol"
+      >}</a
+      ><a name="19769"
+      > </a
+      ><a name="19770" class="Symbol"
+      >{</a
+      ><a name="19771" href="Stlc.html#19771" class="Bound"
+      >A</a
+      ><a name="19772" class="Symbol"
+      >}</a
+      ><a name="19773"
+      >
+                </a
+      ><a name="19790" class="Symbol"
+      >&#8594;</a
+      ><a name="19791"
+      > </a
+      ><a name="19792" href="Stlc.html#19755" class="Bound"
+      >&#915;</a
+      ><a name="19793"
+      > </a
+      ><a name="19794" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19795"
+      > </a
+      ><a name="19796" href="Stlc.html#19759" class="Bound"
+      >s</a
+      ><a name="19797"
+      > </a
+      ><a name="19798" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19799"
+      > </a
+      ><a name="19800" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="19804"
+      >
+                </a
+      ><a name="19821" class="Symbol"
+      >&#8594;</a
+      ><a name="19822"
+      > </a
+      ><a name="19823" href="Stlc.html#19755" class="Bound"
+      >&#915;</a
+      ><a name="19824"
+      > </a
+      ><a name="19825" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19826"
+      > </a
+      ><a name="19827" href="Stlc.html#19763" class="Bound"
+      >t</a
+      ><a name="19828"
+      > </a
+      ><a name="19829" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19830"
+      > </a
+      ><a name="19831" href="Stlc.html#19771" class="Bound"
+      >A</a
+      ><a name="19832"
+      >
+                </a
+      ><a name="19849" class="Symbol"
+      >&#8594;</a
+      ><a name="19850"
+      > </a
+      ><a name="19851" href="Stlc.html#19755" class="Bound"
+      >&#915;</a
+      ><a name="19852"
+      > </a
+      ><a name="19853" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19854"
+      > </a
+      ><a name="19855" href="Stlc.html#19767" class="Bound"
+      >u</a
+      ><a name="19856"
+      > </a
+      ><a name="19857" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19858"
+      > </a
+      ><a name="19859" href="Stlc.html#19771" class="Bound"
+      >A</a
+      ><a name="19860"
+      >
+                </a
+      ><a name="19877" class="Symbol"
+      >&#8594;</a
+      ><a name="19878"
+      > </a
+      ><a name="19879" href="Stlc.html#19755" class="Bound"
+      >&#915;</a
+      ><a name="19880"
+      > </a
+      ><a name="19881" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="19882"
+      > </a
+      ><a name="19883" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="19885"
+      > </a
+      ><a name="19886" href="Stlc.html#19759" class="Bound"
+      >s</a
+      ><a name="19887"
+      > </a
+      ><a name="19888" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="19892"
+      > </a
+      ><a name="19893" href="Stlc.html#19763" class="Bound"
+      >t</a
+      ><a name="19894"
+      > </a
+      ><a name="19895" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="19899"
+      > </a
+      ><a name="19900" href="Stlc.html#19767" class="Bound"
+      >u</a
+      ><a name="19901"
+      > </a
+      ><a name="19902" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="19903"
+      > </a
+      ><a name="19904" href="Stlc.html#19771" class="Bound"
+      >A</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="19952" class="Keyword"
+      >infix</a
+      ><a name="19957"
+      > </a
+      ><a name="19958" class="Number"
+      >1</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+
+### Examples
+
+<!--{% raw %}--><pre class="Agda">
+<a name="20013" href="Stlc.html#20013" class="Function"
+      >typing-example1</a
+      ><a name="20028"
+      > </a
+      ><a name="20029" class="Symbol"
+      >:</a
+      ><a name="20030"
+      > </a
+      ><a name="20031" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="20032"
+      > </a
+      ><a name="20033" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="20034"
+      > </a
+      ><a name="20035" href="Stlc.html#6585" class="Function"
+      >idB</a
+      ><a name="20038"
+      > </a
+      ><a name="20039" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="20040"
+      > </a
+      ><a name="20041" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20045"
+      > </a
+      ><a name="20046" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="20047"
+      > </a
+      ><a name="20048" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20052"
+      >
+</a
+      ><a name="20053" href="Stlc.html#20013" class="Function"
+      >typing-example1</a
+      ><a name="20068"
+      > </a
+      ><a name="20069" class="Symbol"
+      >=</a
+      ><a name="20070"
+      > </a
+      ><a name="20071" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="20074"
+      > </a
+      ><a name="20075" class="Symbol"
+      >(</a
+      ><a name="20076" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="20079"
+      > </a
+      ><a name="20080" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="20081"
+      > </a
+      ><a name="20082" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="20086" class="Symbol"
+      >)</a
+      >
+</pre><!--{% endraw %}-->
+
+Another example:
+
+$$\varnothing\vdash \lambda x:A. \lambda y:A\rightarrow A. y\;(y\;x) : A\rightarrow (A\rightarrow A)\rightarrow A$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="20249" href="Stlc.html#20249" class="Function"
+      >typing-example2</a
+      ><a name="20264"
+      > </a
+      ><a name="20265" class="Symbol"
+      >:</a
+      ><a name="20266"
+      > </a
+      ><a name="20267" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="20268"
+      > </a
+      ><a name="20269" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="20270"
+      >
+  </a
+      ><a name="20273" class="Symbol"
+      >(</a
+      ><a name="20274" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="20277"
+      > </a
+      ><a name="20278" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="20279"
+      > </a
+      ><a name="20280" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20284"
+      >
+    </a
+      ><a name="20289" class="Symbol"
+      >(</a
+      ><a name="20290" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="20293"
+      > </a
+      ><a name="20294" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="20295"
+      > </a
+      ><a name="20296" class="Symbol"
+      >(</a
+      ><a name="20297" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20301"
+      > </a
+      ><a name="20302" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="20303"
+      > </a
+      ><a name="20304" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20308" class="Symbol"
+      >)</a
+      ><a name="20309"
+      >
+      </a
+      ><a name="20316" class="Symbol"
+      >(</a
+      ><a name="20317" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="20320"
+      > </a
+      ><a name="20321" class="Symbol"
+      >(</a
+      ><a name="20322" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="20325"
+      > </a
+      ><a name="20326" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="20327" class="Symbol"
+      >)</a
+      ><a name="20328"
+      >
+        </a
+      ><a name="20337" class="Symbol"
+      >(</a
+      ><a name="20338" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="20341"
+      > </a
+      ><a name="20342" class="Symbol"
+      >(</a
+      ><a name="20343" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="20346"
+      > </a
+      ><a name="20347" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="20348" class="Symbol"
+      >)</a
+      ><a name="20349"
+      > </a
+      ><a name="20350" class="Symbol"
+      >(</a
+      ><a name="20351" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="20354"
+      > </a
+      ><a name="20355" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="20356" class="Symbol"
+      >)))))</a
+      ><a name="20361"
+      >
+  </a
+      ><a name="20364" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="20365"
+      > </a
+      ><a name="20366" class="Symbol"
+      >(</a
+      ><a name="20367" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20371"
+      > </a
+      ><a name="20372" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="20373"
+      > </a
+      ><a name="20374" class="Symbol"
+      >(</a
+      ><a name="20375" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20379"
+      > </a
+      ><a name="20380" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="20381"
+      > </a
+      ><a name="20382" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20386" class="Symbol"
+      >)</a
+      ><a name="20387"
+      > </a
+      ><a name="20388" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="20389"
+      > </a
+      ><a name="20390" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20394" class="Symbol"
+      >)</a
+      ><a name="20395"
+      >
+</a
+      ><a name="20396" href="Stlc.html#20249" class="Function"
+      >typing-example2</a
+      ><a name="20411"
+      > </a
+      ><a name="20412" class="Symbol"
+      >=</a
+      ><a name="20413"
+      >
+  </a
+      ><a name="20416" class="Symbol"
+      >(</a
+      ><a name="20417" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="20420"
+      >
+    </a
+      ><a name="20425" class="Symbol"
+      >(</a
+      ><a name="20426" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="20429"
+      >
+      </a
+      ><a name="20436" class="Symbol"
+      >(</a
+      ><a name="20437" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="20440"
+      > </a
+      ><a name="20441" class="Symbol"
+      >(</a
+      ><a name="20442" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="20445"
+      > </a
+      ><a name="20446" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="20447"
+      > </a
+      ><a name="20448" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="20452" class="Symbol"
+      >)</a
+      ><a name="20453"
+      >
+        </a
+      ><a name="20462" class="Symbol"
+      >(</a
+      ><a name="20463" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="20466"
+      > </a
+      ><a name="20467" class="Symbol"
+      >(</a
+      ><a name="20468" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="20471"
+      > </a
+      ><a name="20472" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="20473"
+      > </a
+      ><a name="20474" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="20478" class="Symbol"
+      >)</a
+      ><a name="20479"
+      > </a
+      ><a name="20480" class="Symbol"
+      >(</a
+      ><a name="20481" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="20484"
+      > </a
+      ><a name="20485" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="20486"
+      > </a
+      ><a name="20487" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="20491" class="Symbol"
+      >)</a
+      ><a name="20492"
+      > </a
+      ><a name="20493" class="Symbol"
+      >))))</a
+      >
+</pre><!--{% endraw %}-->
+
+#### Exercise: 2 stars (typing-example3)
+Formally prove the following typing derivation holds:
+
+$$\exists A, \varnothing\vdash \lambda x:bool\rightarrow B. \lambda y:bool\rightarrow bool. \lambda z:bool. y\;(x\;z) : A$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="20745" class="Keyword"
+      >postulate</a
+      ><a name="20754"
+      >
+  </a
+      ><a name="20757" href="Stlc.html#20757" class="Postulate"
+      >typing-example3</a
+      ><a name="20772"
+      > </a
+      ><a name="20773" class="Symbol"
+      >:</a
+      ><a name="20774"
+      > </a
+      ><a name="20775" href="https://agda.github.io/agda-stdlib/Data.Product.html#823" class="Function"
+      >&#8707;</a
+      ><a name="20776"
+      > </a
+      ><a name="20777" class="Symbol"
+      >&#955;</a
+      ><a name="20778"
+      > </a
+      ><a name="20779" href="Stlc.html#20779" class="Bound"
+      >A</a
+      ><a name="20780"
+      > </a
+      ><a name="20781" class="Symbol"
+      >&#8594;</a
+      ><a name="20782"
+      > </a
+      ><a name="20783" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="20784"
+      > </a
+      ><a name="20785" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="20786"
+      >
+    </a
+      ><a name="20791" class="Symbol"
+      >(</a
+      ><a name="20792" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="20795"
+      > </a
+      ><a name="20796" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="20797"
+      > </a
+      ><a name="20798" class="Symbol"
+      >(</a
+      ><a name="20799" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20803"
+      > </a
+      ><a name="20804" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="20805"
+      > </a
+      ><a name="20806" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20810" class="Symbol"
+      >)</a
+      ><a name="20811"
+      >
+      </a
+      ><a name="20818" class="Symbol"
+      >(</a
+      ><a name="20819" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="20822"
+      > </a
+      ><a name="20823" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="20824"
+      > </a
+      ><a name="20825" class="Symbol"
+      >(</a
+      ><a name="20826" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20830"
+      > </a
+      ><a name="20831" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="20832"
+      > </a
+      ><a name="20833" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20837" class="Symbol"
+      >)</a
+      ><a name="20838"
+      >
+        </a
+      ><a name="20847" class="Symbol"
+      >(</a
+      ><a name="20848" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="20851"
+      > </a
+      ><a name="20852" href="Stlc.html#6372" class="Function"
+      >z</a
+      ><a name="20853"
+      > </a
+      ><a name="20854" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="20858"
+      >
+          </a
+      ><a name="20869" class="Symbol"
+      >(</a
+      ><a name="20870" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="20873"
+      > </a
+      ><a name="20874" class="Symbol"
+      >(</a
+      ><a name="20875" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="20878"
+      > </a
+      ><a name="20879" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="20880" class="Symbol"
+      >)</a
+      ><a name="20881"
+      > </a
+      ><a name="20882" class="Symbol"
+      >(</a
+      ><a name="20883" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="20886"
+      > </a
+      ><a name="20887" class="Symbol"
+      >(</a
+      ><a name="20888" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="20891"
+      > </a
+      ><a name="20892" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="20893" class="Symbol"
+      >)</a
+      ><a name="20894"
+      > </a
+      ><a name="20895" class="Symbol"
+      >(</a
+      ><a name="20896" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="20899"
+      > </a
+      ><a name="20900" href="Stlc.html#6372" class="Function"
+      >z</a
+      ><a name="20901" class="Symbol"
+      >))))))</a
+      ><a name="20907"
+      > </a
+      ><a name="20908" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="20909"
+      > </a
+      ><a name="20910" href="Stlc.html#20779" class="Bound"
+      >A</a
+      >
+</pre><!--{% endraw %}-->
+
+We can also show that terms are _not_ typable.  For example, let's
+formally check that there is no typing derivation assigning a type
+to the term $$\lambda x:bool. \lambda y:bool. x\;y$$---i.e.,
+
+
+$$\nexists A, \varnothing\vdash \lambda x:bool. \lambda y:bool. x\;y : A$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="21211" class="Keyword"
+      >postulate</a
+      ><a name="21220"
+      >
+  </a
+      ><a name="21223" href="Stlc.html#21223" class="Postulate"
+      >typing-nonexample1</a
+      ><a name="21241"
+      > </a
+      ><a name="21242" class="Symbol"
+      >:</a
+      ><a name="21243"
+      > </a
+      ><a name="21244" href="https://agda.github.io/agda-stdlib/Data.Product.html#884" class="Function"
+      >&#8708;</a
+      ><a name="21245"
+      > </a
+      ><a name="21246" class="Symbol"
+      >&#955;</a
+      ><a name="21247"
+      > </a
+      ><a name="21248" href="Stlc.html#21248" class="Bound"
+      >A</a
+      ><a name="21249"
+      > </a
+      ><a name="21250" class="Symbol"
+      >&#8594;</a
+      ><a name="21251"
+      > </a
+      ><a name="21252" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="21253"
+      > </a
+      ><a name="21254" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="21255"
+      >
+    </a
+      ><a name="21260" class="Symbol"
+      >(</a
+      ><a name="21261" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="21264"
+      > </a
+      ><a name="21265" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="21266"
+      > </a
+      ><a name="21267" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="21271"
+      >
+      </a
+      ><a name="21278" class="Symbol"
+      >(</a
+      ><a name="21279" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="21282"
+      > </a
+      ><a name="21283" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="21284"
+      > </a
+      ><a name="21285" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="21289"
+      >
+        </a
+      ><a name="21298" class="Symbol"
+      >(</a
+      ><a name="21299" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="21302"
+      > </a
+      ><a name="21303" class="Symbol"
+      >(</a
+      ><a name="21304" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="21307"
+      > </a
+      ><a name="21308" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="21309" class="Symbol"
+      >)</a
+      ><a name="21310"
+      > </a
+      ><a name="21311" class="Symbol"
+      >(</a
+      ><a name="21312" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="21315"
+      > </a
+      ><a name="21316" href="Stlc.html#6363" class="Function"
+      >y</a
+      ><a name="21317" class="Symbol"
+      >))))</a
+      ><a name="21321"
+      > </a
+      ><a name="21322" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="21323"
+      > </a
+      ><a name="21324" href="Stlc.html#21248" class="Bound"
+      >A</a
+      >
+</pre><!--{% endraw %}-->
+
+#### Exercise: 3 stars, optional (typing-nonexample2)
+Another nonexample:
+
+$$\nexists A, \exists B, \varnothing\vdash \lambda x:A. x\;x : B$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="21495" class="Keyword"
+      >postulate</a
+      ><a name="21504"
+      >
+  </a
+      ><a name="21507" href="Stlc.html#21507" class="Postulate"
+      >typing-nonexample2</a
+      ><a name="21525"
+      > </a
+      ><a name="21526" class="Symbol"
+      >:</a
+      ><a name="21527"
+      > </a
+      ><a name="21528" href="https://agda.github.io/agda-stdlib/Data.Product.html#884" class="Function"
+      >&#8708;</a
+      ><a name="21529"
+      > </a
+      ><a name="21530" class="Symbol"
+      >&#955;</a
+      ><a name="21531"
+      > </a
+      ><a name="21532" href="Stlc.html#21532" class="Bound"
+      >A</a
+      ><a name="21533"
+      > </a
+      ><a name="21534" class="Symbol"
+      >&#8594;</a
+      ><a name="21535"
+      > </a
+      ><a name="21536" href="https://agda.github.io/agda-stdlib/Data.Product.html#823" class="Function"
+      >&#8707;</a
+      ><a name="21537"
+      > </a
+      ><a name="21538" class="Symbol"
+      >&#955;</a
+      ><a name="21539"
+      > </a
+      ><a name="21540" href="Stlc.html#21540" class="Bound"
+      >B</a
+      ><a name="21541"
+      > </a
+      ><a name="21542" class="Symbol"
+      >&#8594;</a
+      ><a name="21543"
+      > </a
+      ><a name="21544" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="21545"
+      > </a
+      ><a name="21546" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="21547"
+      >
+    </a
+      ><a name="21552" class="Symbol"
+      >(</a
+      ><a name="21553" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="21556"
+      > </a
+      ><a name="21557" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="21558"
+      > </a
+      ><a name="21559" href="Stlc.html#21540" class="Bound"
+      >B</a
+      ><a name="21560"
+      > </a
+      ><a name="21561" class="Symbol"
+      >(</a
+      ><a name="21562" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="21565"
+      > </a
+      ><a name="21566" class="Symbol"
+      >(</a
+      ><a name="21567" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="21570"
+      > </a
+      ><a name="21571" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="21572" class="Symbol"
+      >)</a
+      ><a name="21573"
+      > </a
+      ><a name="21574" class="Symbol"
+      >(</a
+      ><a name="21575" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="21578"
+      > </a
+      ><a name="21579" href="Stlc.html#6354" class="Function"
+      >x</a
+      ><a name="21580" class="Symbol"
+      >)))</a
+      ><a name="21583"
+      > </a
+      ><a name="21584" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="21585"
+      > </a
+      ><a name="21586" href="Stlc.html#21532" class="Bound"
+      >A</a
+      >
+</pre><!--{% endraw %}-->
diff --git a/StlcProp.lagda b/StlcProp.lagda
new file mode 100644
index 00000000..74357a6a
--- /dev/null
+++ b/StlcProp.lagda
@@ -0,0 +1,777 @@
+---
+title         : "StlcProp: Properties of STLC"
+layout        : default
+hide-implicit : false
+extra-script : [agda-extra-script.html]
+extra-style  : [agda-extra-style.html]
+permalink     : "sf/StlcProp.html"
+---
+
+\begin{code}
+module StlcProp where
+\end{code}
+
+<div class="hidden">
+\begin{code}
+open import Function using (_∘_)
+open import Data.Empty using (⊥; ⊥-elim)
+open import Data.Maybe using (Maybe; just; nothing)
+open import Data.Product using (∃; ∃₂; _,_; ,_)
+open import Data.Sum using (_⊎_; inj₁; inj₂)
+open import Relation.Nullary using (¬_; Dec; yes; no)
+open import Relation.Binary.PropositionalEquality using (_≡_; _≢_; refl)
+open import Maps
+open import Stlc
+\end{code}
+</div>
+
+#  Properties of STLC
+
+In this chapter, we develop the fundamental theory of the Simply
+Typed Lambda Calculus -- in particular, the type safety
+theorem.
+
+
+## Canonical Forms
+
+As we saw for the simple calculus in the [Stlc](Stlc.html) chapter, the
+first step in establishing basic properties of reduction and types
+is to identify the possible _canonical forms_ (i.e., well-typed
+closed values) belonging to each type.  For $$bool$$, these are the boolean
+values $$true$$ and $$false$$.  For arrow types, the canonical forms
+are lambda-abstractions.
+
+\begin{code}
+CanonicalForms : Term → Type → Set
+CanonicalForms t bool    = t ≡ true ⊎ t ≡ false
+CanonicalForms t (A ⇒ B) = ∃₂ λ x t′ → t ≡ abs x A t′
+
+canonicalForms : ∀ {t A} → ∅ ⊢ t ∶ A → Value t → CanonicalForms t A
+canonicalForms (abs t′) abs   = _ , _ , refl
+canonicalForms true     true  = inj₁ refl
+canonicalForms false    false = inj₂ refl
+\end{code}
+
+## Progress
+
+As before, the _progress_ theorem tells us that closed, well-typed
+terms are not stuck: either a well-typed term is a value, or it
+can take a reduction step.  The proof is a relatively
+straightforward extension of the progress proof we saw in the
+[Stlc](Stlc.html) chapter.  We'll give the proof in English first,
+then the formal version.
+
+\begin{code}
+progress : ∀ {t A} → ∅ ⊢ t ∶ A → Value t ⊎ ∃ λ t′ → t ==> t′
+\end{code}
+
+_Proof_: By induction on the derivation of $$\vdash t : A$$.
+
+  - The last rule of the derivation cannot be `var`,
+    since a variable is never well typed in an empty context.
+
+  - The `true`, `false`, and `abs` cases are trivial, since in
+    each of these cases we can see by inspecting the rule that $$t$$
+    is a value.
+
+  - If the last rule of the derivation is `app`, then $$t$$ has the
+    form $$t_1\;t_2$$ for som e$$t_1$$ and $$t_2$$, where we know that
+    $$t_1$$ and $$t_2$$ are also well typed in the empty context; in particular,
+    there exists a type $$B$$ such that $$\vdash t_1 : A\to T$$ and
+    $$\vdash t_2 : B$$.  By the induction hypothesis, either $$t_1$$ is a
+    value or it can take a reduction step.
+
+  - If $$t_1$$ is a value, then consider $$t_2$$, which by the other
+    induction hypothesis must also either be a value or take a step.
+
+    - Suppose $$t_2$$ is a value.  Since $$t_1$$ is a value with an
+      arrow type, it must be a lambda abstraction; hence $$t_1\;t_2$$
+      can take a step by `red`.
+
+    - Otherwise, $$t_2$$ can take a step, and hence so can $$t_1\;t_2$$
+      by `app2`.
+
+  - If $$t_1$$ can take a step, then so can $$t_1 t_2$$ by `app1`.
+
+  - If the last rule of the derivation is `if`, then $$t = \text{if }t_1
+    \text{ then }t_2\text{ else }t_3$$, where $$t_1$$ has type $$bool$$.  By
+    the IH, $$t_1$$ either is a value or takes a step.
+
+  - If $$t_1$$ is a value, then since it has type $$bool$$ it must be
+    either $$true$$ or $$false$$.  If it is $$true$$, then $$t$$ steps
+    to $$t_2$$; otherwise it steps to $$t_3$$.
+
+  - Otherwise, $$t_1$$ takes a step, and therefore so does $$t$$ (by `if`).
+
+\begin{code}
+progress (var x ())
+progress true      = inj₁ true
+progress false     = inj₁ false
+progress (abs t∶A) = inj₁ abs
+progress (app t₁∶A⇒B t₂∶B)
+    with progress t₁∶A⇒B
+... | inj₂ (_ , t₁⇒t₁′) = inj₂ (_ , app1 t₁⇒t₁′)
+... | inj₁ v₁
+    with progress t₂∶B
+... | inj₂ (_ , t₂⇒t₂′) = inj₂ (_ , app2 v₁ t₂⇒t₂′)
+... | inj₁ v₂
+    with canonicalForms t₁∶A⇒B v₁
+... | (_ , _ , refl) = inj₂ (_ , red v₂)
+progress (if t₁∶bool then t₂∶A else t₃∶A)
+    with progress t₁∶bool
+... | inj₂ (_ , t₁⇒t₁′) = inj₂ (_ , if t₁⇒t₁′)
+... | inj₁ v₁
+    with canonicalForms t₁∶bool v₁
+... | inj₁ refl = inj₂ (_ , iftrue)
+... | inj₂ refl = inj₂ (_ , iffalse)
+\end{code}
+
+#### Exercise: 3 stars, optional (progress_from_term_ind)
+Show that progress can also be proved by induction on terms
+instead of induction on typing derivations.
+
+\begin{code}
+postulate
+  progress′ : ∀ {t A} → ∅ ⊢ t ∶ A → Value t ⊎ ∃ λ t′ → t ==> t′
+\end{code}
+
+## Preservation
+
+The other half of the type soundness property is the preservation
+of types during reduction.  For this, we need to develop some
+technical machinery for reasoning about variables and
+substitution.  Working from top to bottom (from the high-level
+property we are actually interested in to the lowest-level
+technical lemmas that are needed by various cases of the more
+interesting proofs), the story goes like this:
+
+  - The _preservation theorem_ is proved by induction on a typing
+    derivation, pretty much as we did in the [Stlc](Stlc.html)
+    chapter.  The one case that is significantly different is the
+    one for the $$red$$ rule, whose definition uses the substitution
+    operation.  To see that this step preserves typing, we need to
+    know that the substitution itself does.  So we prove a...
+
+  - _substitution lemma_, stating that substituting a (closed)
+    term $$s$$ for a variable $$x$$ in a term $$t$$ preserves the type
+    of $$t$$.  The proof goes by induction on the form of $$t$$ and
+    requires looking at all the different cases in the definition
+    of substitition.  This time, the tricky cases are the ones for
+    variables and for function abstractions.  In both cases, we
+    discover that we need to take a term $$s$$ that has been shown
+    to be well-typed in some context $$\Gamma$$ and consider the same
+    term $$s$$ in a slightly different context $$\Gamma'$$.  For this
+    we prove a...
+
+  - _context invariance_ lemma, showing that typing is preserved
+    under "inessential changes" to the context $$\Gamma$$ -- in
+    particular, changes that do not affect any of the free
+    variables of the term.  And finally, for this, we need a
+    careful definition of...
+
+  - the _free variables_ of a term -- i.e., those variables
+    mentioned in a term and not in the scope of an enclosing
+    function abstraction binding a variable of the same name.
+
+To make Agda happy, we need to formalize the story in the opposite
+order...
+
+
+### Free Occurrences
+
+A variable $$x$$ _appears free in_ a term _t_ if $$t$$ contains some
+occurrence of $$x$$ that is not under an abstraction labeled $$x$$.
+For example:
+
+  - $$y$$ appears free, but $$x$$ does not, in $$\lambda x : A\to B. x\;y$$
+  - both $$x$$ and $$y$$ appear free in $$(\lambda x:A\to B. x\;y) x$$
+  - no variables appear free in $$\lambda x:A\to B. \lambda y:A. x\;y$$
+
+Formally:
+
+\begin{code}
+data _FreeIn_ (x : Id) : Term → Set where
+  var  : x FreeIn var x
+  abs  : ∀ {y A t} → y ≢ x → x FreeIn t → x FreeIn abs y A t
+  app1 : ∀ {t₁ t₂} → x FreeIn t₁ → x FreeIn app t₁ t₂
+  app2 : ∀ {t₁ t₂} → x FreeIn t₂ → x FreeIn app t₁ t₂
+  if1  : ∀ {t₁ t₂ t₃} → x FreeIn t₁ → x FreeIn (if t₁ then t₂ else t₃)
+  if2  : ∀ {t₁ t₂ t₃} → x FreeIn t₂ → x FreeIn (if t₁ then t₂ else t₃)
+  if3  : ∀ {t₁ t₂ t₃} → x FreeIn t₃ → x FreeIn (if t₁ then t₂ else t₃)
+\end{code}
+
+A term in which no variables appear free is said to be _closed_.
+
+\begin{code}
+Closed : Term → Set
+Closed t = ∀ {x} → ¬ (x FreeIn t)
+\end{code}
+
+#### Exercise: 1 star (free-in)
+If the definition of `_FreeIn_` is not crystal clear to
+you, it is a good idea to take a piece of paper and write out the
+rules in informal inference-rule notation.  (Although it is a
+rather low-level, technical definition, understanding it is
+crucial to understanding substitution and its properties, which
+are really the crux of the lambda-calculus.)
+
+### Substitution
+To prove that substitution preserves typing, we first need a
+technical lemma connecting free variables and typing contexts: If
+a variable $$x$$ appears free in a term $$t$$, and if we know $$t$$ is
+well typed in context $$\Gamma$$, then it must be the case that
+$$\Gamma$$ assigns a type to $$x$$.
+
+\begin{code}
+freeInCtxt : ∀ {x t A Γ} → x FreeIn t → Γ ⊢ t ∶ A → ∃ λ B → Γ x ≡ just B
+\end{code}
+
+_Proof_: We show, by induction on the proof that $$x$$ appears
+  free in $$t$$, that, for all contexts $$\Gamma$$, if $$t$$ is well
+  typed under $$\Gamma$$, then $$\Gamma$$ assigns some type to $$x$$.
+
+  - If the last rule used was `var`, then $$t = x$$, and from
+    the assumption that $$t$$ is well typed under $$\Gamma$$ we have
+    immediately that $$\Gamma$$ assigns a type to $$x$$.
+
+  - If the last rule used was `app1`, then $$t = t_1\;t_2$$ and $$x$$
+    appears free in $$t_1$$.  Since $$t$$ is well typed under $$\Gamma$$,
+    we can see from the typing rules that $$t_1$$ must also be, and
+    the IH then tells us that $$\Gamma$$ assigns $$x$$ a type.
+
+  - Almost all the other cases are similar: $$x$$ appears free in a
+    subterm of $$t$$, and since $$t$$ is well typed under $$\Gamma$$, we
+    know the subterm of $$t$$ in which $$x$$ appears is well typed
+    under $$\Gamma$$ as well, and the IH gives us exactly the
+    conclusion we want.
+
+  - The only remaining case is `abs`.  In this case $$t =
+    \lambda y:A.t'$$, and $$x$$ appears free in $$t'$$; we also know that
+    $$x$$ is different from $$y$$.  The difference from the previous
+    cases is that whereas $$t$$ is well typed under $$\Gamma$$, its
+    body $$t'$$ is well typed under $$(\Gamma, y:A)$$, so the IH
+    allows us to conclude that $$x$$ is assigned some type by the
+    extended context $$(\Gamma, y:A)$$.  To conclude that $$\Gamma$$
+    assigns a type to $$x$$, we appeal the decidable equality for names
+    `_≟_`, noting that $$x$$ and $$y$$ are different variables.
+
+\begin{code}
+freeInCtxt var (var _ x∶A) = (_ , x∶A)
+freeInCtxt (app1 x∈t₁) (app t₁∶A _   ) = freeInCtxt x∈t₁ t₁∶A
+freeInCtxt (app2 x∈t₂) (app _    t₂∶A) = freeInCtxt x∈t₂ t₂∶A
+freeInCtxt (if1  x∈t₁) (if t₁∶A then _    else _   ) = freeInCtxt x∈t₁ t₁∶A
+freeInCtxt (if2  x∈t₂) (if _    then t₂∶A else _   ) = freeInCtxt x∈t₂ t₂∶A
+freeInCtxt (if3  x∈t₃) (if _    then _    else t₃∶A) = freeInCtxt x∈t₃ t₃∶A
+freeInCtxt {x} (abs {y} y≠x x∈t) (abs t∶B)
+    with freeInCtxt x∈t t∶B
+... | x∶A
+    with y ≟ x
+... | yes y=x = ⊥-elim (y≠x y=x)
+... | no  _   = x∶A
+\end{code}
+
+Next, we'll need the fact that any term $$t$$ which is well typed in
+the empty context is closed (it has no free variables).
+
+#### Exercise: 2 stars, optional (∅⊢-closed)
+
+\begin{code}
+postulate
+  ∅⊢-closed : ∀ {t A} → ∅ ⊢ t ∶ A → Closed t
+\end{code}
+
+<div class="hidden">
+\begin{code}
+∅⊢-closed′ : ∀ {t A} → ∅ ⊢ t ∶ A → Closed t
+∅⊢-closed′ (var x ())
+∅⊢-closed′ (app t₁∶A⇒B t₂∶A) (app1 x∈t₁) = ∅⊢-closed′ t₁∶A⇒B x∈t₁
+∅⊢-closed′ (app t₁∶A⇒B t₂∶A) (app2 x∈t₂) = ∅⊢-closed′ t₂∶A x∈t₂
+∅⊢-closed′ true  ()
+∅⊢-closed′ false ()
+∅⊢-closed′ (if t₁∶bool then t₂∶A else t₃∶A) (if1 x∈t₁) = ∅⊢-closed′ t₁∶bool x∈t₁
+∅⊢-closed′ (if t₁∶bool then t₂∶A else t₃∶A) (if2 x∈t₂) = ∅⊢-closed′ t₂∶A x∈t₂
+∅⊢-closed′ (if t₁∶bool then t₂∶A else t₃∶A) (if3 x∈t₃) = ∅⊢-closed′ t₃∶A x∈t₃
+∅⊢-closed′ (abs {x = x} t′∶A) {y} (abs x≠y y∈t′) with freeInCtxt y∈t′ t′∶A
+∅⊢-closed′ (abs {x = x} t′∶A) {y} (abs x≠y y∈t′) | A , y∶A with x ≟ y
+∅⊢-closed′ (abs {x = x} t′∶A) {y} (abs x≠y y∈t′) | A , y∶A | yes x=y = x≠y x=y
+∅⊢-closed′ (abs {x = x} t′∶A) {y} (abs x≠y y∈t′) | A , ()  | no  _
+\end{code}
+</div>
+
+Sometimes, when we have a proof $$\Gamma\vdash t : A$$, we will need to
+replace $$\Gamma$$ by a different context $$\Gamma'$$.  When is it safe
+to do this?  Intuitively, it must at least be the case that
+$$\Gamma'$$ assigns the same types as $$\Gamma$$ to all the variables
+that appear free in $$t$$. In fact, this is the only condition that
+is needed.
+
+\begin{code}
+replaceCtxt : ∀ {Γ Γ′ t A}
+            → (∀ {x} → x FreeIn t → Γ x ≡ Γ′ x)
+            → Γ  ⊢ t ∶ A
+            → Γ′ ⊢ t ∶ A
+\end{code}
+
+_Proof_: By induction on the derivation of
+$$\Gamma \vdash t \in T$$.
+
+  - If the last rule in the derivation was `var`, then $$t = x$$
+    and $$\Gamma x = T$$.  By assumption, $$\Gamma' x = T$$ as well, and
+    hence $$\Gamma' \vdash t : T$$ by `var`.
+
+  - If the last rule was `abs`, then $$t = \lambda y:A. t'$$, with
+    $$T = A\to B$$ and $$\Gamma, y : A \vdash t' : B$$.  The
+    induction hypothesis is that, for any context $$\Gamma''$$, if
+    $$\Gamma, y:A$$ and $$\Gamma''$$ assign the same types to all the
+    free variables in $$t'$$, then $$t'$$ has type $$B$$ under
+    $$\Gamma''$$.  Let $$\Gamma'$$ be a context which agrees with
+    $$\Gamma$$ on the free variables in $$t$$; we must show
+    $$\Gamma' \vdash \lambda y:A. t' : A\to B$$.
+
+    By $$abs$$, it suffices to show that $$\Gamma', y:A \vdash t' : t'$$.
+    By the IH (setting $$\Gamma'' = \Gamma', y:A$$), it suffices to show
+    that $$\Gamma, y:A$$ and $$\Gamma', y:A$$ agree on all the variables
+    that appear free in $$t'$$.
+
+    Any variable occurring free in $$t'$$ must be either $$y$$ or
+    some other variable.  $$\Gamma, y:A$$ and $$\Gamma', y:A$$
+    clearly agree on $$y$$.  Otherwise, note that any variable other
+    than $$y$$ that occurs free in $$t'$$ also occurs free in
+    $$t = \lambda y:A. t'$$, and by assumption $$\Gamma$$ and
+    $$\Gamma'$$ agree on all such variables; hence so do $$\Gamma, y:A$$ and
+    $$\Gamma', y:A$$.
+
+  - If the last rule was `app`, then $$t = t_1\;t_2$$, with
+    $$\Gamma \vdash t_1 : A\to T$$ and $$\Gamma \vdash t_2 : A$$.
+    One induction hypothesis states that for all contexts $$\Gamma'$$,
+    if $$\Gamma'$$ agrees with $$\Gamma$$ on the free variables in $$t_1$$,
+    then $$t_1$$ has type $$A\to T$$ under $$\Gamma'$$; there is a similar IH
+    for $$t_2$$.  We must show that $$t_1\;t_2$$ also has type $$T$$ under
+    $$\Gamma'$$, given the assumption that $$\Gamma'$$ agrees with
+    $$\Gamma$$ on all the free variables in $$t_1\;t_2$$.  By `app`, it
+    suffices to show that $$t_1$$ and $$t_2$$ each have the same type
+    under $$\Gamma'$$ as under $$\Gamma$$.  But all free variables in
+    $$t_1$$ are also free in $$t_1\;t_2$$, and similarly for $$t_2$$;
+    hence the desired result follows from the induction hypotheses.
+
+\begin{code}
+replaceCtxt f (var x x∶A) rewrite f var = var x x∶A
+replaceCtxt f (app t₁∶A⇒B t₂∶A)
+  = app (replaceCtxt (f ∘ app1) t₁∶A⇒B) (replaceCtxt (f ∘ app2) t₂∶A)
+replaceCtxt {Γ} {Γ′} f (abs {.Γ} {x} {A} {B} {t′} t′∶B)
+  = abs (replaceCtxt f′ t′∶B)
+  where
+    f′ : ∀ {y} → y FreeIn t′ → (Γ , x ∶ A) y ≡ (Γ′ , x ∶ A) y
+    f′ {y} y∈t′ with x ≟ y
+    ... | yes _   = refl
+    ... | no  x≠y = f (abs x≠y y∈t′)
+replaceCtxt _ true  = true
+replaceCtxt _ false = false
+replaceCtxt f (if t₁∶bool then t₂∶A else t₃∶A)
+  = if   replaceCtxt (f ∘ if1) t₁∶bool
+    then replaceCtxt (f ∘ if2) t₂∶A
+    else replaceCtxt (f ∘ if3) t₃∶A
+\end{code}
+
+Now we come to the conceptual heart of the proof that reduction
+preserves types -- namely, the observation that _substitution_
+preserves types.
+
+Formally, the so-called _Substitution Lemma_ says this: Suppose we
+have a term $$t$$ with a free variable $$x$$, and suppose we've been
+able to assign a type $$T$$ to $$t$$ under the assumption that $$x$$ has
+some type $$U$$.  Also, suppose that we have some other term $$v$$ and
+that we've shown that $$v$$ has type $$U$$.  Then, since $$v$$ satisfies
+the assumption we made about $$x$$ when typing $$t$$, we should be
+able to substitute $$v$$ for each of the occurrences of $$x$$ in $$t$$
+and obtain a new term that still has type $$T$$.
+
+_Lemma_: If $$\Gamma,x:U \vdash t : T$$ and $$\vdash v : U$$, then
+$$\Gamma \vdash [x:=v]t : T$$.
+
+\begin{code}
+[:=]-preserves-⊢ : ∀ {Γ x A t v B}
+                 → ∅ ⊢ v ∶ A
+                 → Γ , x ∶ A ⊢ t ∶ B
+                 → Γ , x ∶ A ⊢ [ x := v ] t ∶ B
+\end{code}
+
+One technical subtlety in the statement of the lemma is that
+we assign $$v$$ the type $$U$$ in the _empty_ context -- in other
+words, we assume $$v$$ is closed.  This assumption considerably
+simplifies the $$abs$$ case of the proof (compared to assuming
+$$\Gamma \vdash v : U$$, which would be the other reasonable assumption
+at this point) because the context invariance lemma then tells us
+that $$v$$ has type $$U$$ in any context at all -- we don't have to
+worry about free variables in $$v$$ clashing with the variable being
+introduced into the context by $$abs$$.
+
+The substitution lemma can be viewed as a kind of "commutation"
+property.  Intuitively, it says that substitution and typing can
+be done in either order: we can either assign types to the terms
+$$t$$ and $$v$$ separately (under suitable contexts) and then combine
+them using substitution, or we can substitute first and then
+assign a type to $$ $$x:=v$$ t $$ -- the result is the same either
+way.
+
+_Proof_: We show, by induction on $$t$$, that for all $$T$$ and
+$$\Gamma$$, if $$\Gamma,x:U \vdash t : T$$ and $$\vdash v : U$$, then $$\Gamma
+\vdash $$x:=v$$t : T$$.
+
+  - If $$t$$ is a variable there are two cases to consider,
+    depending on whether $$t$$ is $$x$$ or some other variable.
+
+      - If $$t = x$$, then from the fact that $$\Gamma, x:U \vdash x :
+        T$$ we conclude that $$U = T$$.  We must show that $$$$x:=v$$x =
+        v$$ has type $$T$$ under $$\Gamma$$, given the assumption that
+        $$v$$ has type $$U = T$$ under the empty context.  This
+        follows from context invariance: if a closed term has type
+        $$T$$ in the empty context, it has that type in any context.
+
+      - If $$t$$ is some variable $$y$$ that is not equal to $$x$$, then
+        we need only note that $$y$$ has the same type under $$\Gamma,
+        x:U$$ as under $$\Gamma$$.
+
+  - If $$t$$ is an abstraction $$\lambda y:T_11. t_12$$, then the IH tells us,
+    for all $$\Gamma'$$ and $$T'$$, that if $$\Gamma',x:U \vdash t_12 : T'$$
+    and $$\vdash v : U$$, then $$\Gamma' \vdash $$x:=v$$t_12 : T'$$.
+
+    The substitution in the conclusion behaves differently
+    depending on whether $$x$$ and $$y$$ are the same variable.
+
+    First, suppose $$x = y$$.  Then, by the definition of
+    substitution, $$[x:=v]t = t$$, so we just need to show $$\Gamma \vdash
+    t : T$$.  But we know $$\Gamma,x:U \vdash t : T$$, and, since $$y$$
+    does not appear free in $$\lambda y:T_11. t_12$$, the context invariance
+    lemma yields $$\Gamma \vdash t : T$$.
+
+    Second, suppose $$x <> y$$.  We know $$\Gamma,x:U,y:T_11 \vdash t_12 :
+    T_12$$ by inversion of the typing relation, from which
+    $$\Gamma,y:T_11,x:U \vdash t_12 : T_12$$ follows by the context
+    invariance lemma, so the IH applies, giving us $$\Gamma,y:T_11 \vdash
+    $$x:=v$$t_12 : T_12$$.  By $$abs$$, $$\Gamma \vdash \lambda y:T_11. $$x:=v$$t_12
+    : T_11→T_12$$, and by the definition of substitution (noting
+    that $$x <> y$$), $$\Gamma \vdash \lambda y:T_11. $$x:=v$$t_12 : T_11→T_12$$ as
+    required.
+
+  - If $$t$$ is an application $$t_1 t_2$$, the result follows
+    straightforwardly from the definition of substitution and the
+    induction hypotheses.
+
+  - The remaining cases are similar to the application case.
+
+One more technical note: This proof is a rare case where an
+induction on terms, rather than typing derivations, yields a
+simpler argument.  The reason for this is that the assumption
+$$update Gamma x U \vdash t : T$$ is not completely generic, in the
+sense that one of the "slots" in the typing relation -- namely the
+context -- is not just a variable, and this means that Agda's
+native induction tactic does not give us the induction hypothesis
+that we want.  It is possible to work around this, but the needed
+generalization is a little tricky.  The term $$t$$, on the other
+hand, _is_ completely generic.
+
+\begin{code}
+[:=]-preserves-⊢ {Γ} {x} v∶A (var y y∈Γ) with x ≟ y
+... | yes x=y = {!!}
+... | no  x≠y = {!!}
+[:=]-preserves-⊢ v∶A (abs t′∶B) = {!!}
+[:=]-preserves-⊢ v∶A (app t₁∶A⇒B t₂∶A) =
+  app ([:=]-preserves-⊢ v∶A t₁∶A⇒B) ([:=]-preserves-⊢ v∶A t₂∶A)
+[:=]-preserves-⊢ v∶A true  = true
+[:=]-preserves-⊢ v∶A false = false
+[:=]-preserves-⊢ v∶A (if t₁∶bool then t₂∶B else t₃∶B) =
+  if   [:=]-preserves-⊢ v∶A t₁∶bool
+  then [:=]-preserves-⊢ v∶A t₂∶B
+  else [:=]-preserves-⊢ v∶A t₃∶B
+\end{code}
+
+
+### Main Theorem
+
+We now have the tools we need to prove preservation: if a closed
+term $$t$$ has type $$T$$ and takes a step to $$t'$$, then $$t'$$
+is also a closed term with type $$T$$.  In other words, the small-step
+reduction relation preserves types.
+
+Theorem preservation : forall t t' T,
+     empty \vdash t : T  →
+     t ==> t'  →
+     empty \vdash t' : T.
+
+_Proof_: By induction on the derivation of $$\vdash t : T$$.
+
+- We can immediately rule out $$var$$, $$abs$$, $$T_True$$, and
+  $$T_False$$ as the final rules in the derivation, since in each of
+  these cases $$t$$ cannot take a step.
+
+- If the last rule in the derivation was $$app$$, then $$t = t_1
+  t_2$$.  There are three cases to consider, one for each rule that
+  could have been used to show that $$t_1 t_2$$ takes a step to $$t'$$.
+
+    - If $$t_1 t_2$$ takes a step by $$Sapp1$$, with $$t_1$$ stepping to
+      $$t_1'$$, then by the IH $$t_1'$$ has the same type as $$t_1$$, and
+      hence $$t_1' t_2$$ has the same type as $$t_1 t_2$$.
+
+    - The $$Sapp2$$ case is similar.
+
+    - If $$t_1 t_2$$ takes a step by $$Sred$$, then $$t_1 =
+      \lambda x:T_11.t_12$$ and $$t_1 t_2$$ steps to $$$$x:=t_2$$t_12$$; the
+      desired result now follows from the fact that substitution
+      preserves types.
+
+    - If the last rule in the derivation was $$if$$, then $$t = if t_1
+      then t_2 else t_3$$, and there are again three cases depending on
+      how $$t$$ steps.
+
+    - If $$t$$ steps to $$t_2$$ or $$t_3$$, the result is immediate, since
+      $$t_2$$ and $$t_3$$ have the same type as $$t$$.
+
+    - Otherwise, $$t$$ steps by $$Sif$$, and the desired conclusion
+      follows directly from the induction hypothesis.
+
+Proof with eauto.
+  remember (@empty ty) as Gamma.
+  intros t t' T HT. generalize dependent t'.
+  induction HT;
+       intros t' HE; subst Gamma; subst;
+       try solve $$inversion HE; subst; auto$$.
+  - (* app
+    inversion HE; subst...
+    (* Most of the cases are immediate by induction,
+       and $$eauto$$ takes care of them
+    + (* Sred
+      apply substitution_preserves_typing with T_11...
+      inversion HT_1...
+Qed.
+
+#### Exercise: 2 stars, recommended (subject_expansion_stlc)
+An exercise in the $$Stlc$$$$sf/Stlc.html$$ chapter asked about the subject
+expansion property for the simple language of arithmetic and
+boolean expressions.  Does this property hold for STLC?  That is,
+is it always the case that, if $$t ==> t'$$ and $$has_type t' T$$,
+then $$empty \vdash t : T$$?  If so, prove it.  If not, give a
+counter-example not involving conditionals.
+
+(* FILL IN HERE
+
+## Type Soundness
+
+#### Exercise: 2 stars, optional (type_soundness)
+Put progress and preservation together and show that a well-typed
+term can _never_ reach a stuck state.
+
+Definition stuck (t:tm) : Prop :=
+  (normal_form step) t /\ ~ value t.
+
+Corollary soundness : forall t t' T,
+  empty \vdash t : T →
+  t ==>* t' →
+  ~(stuck t').
+Proof.
+  intros t t' T Hhas_type Hmulti. unfold stuck.
+  intros $$Hnf Hnot_val$$. unfold normal_form in Hnf.
+  induction Hmulti.
+  (* FILL IN HERE  Admitted.
+(** $$$$
+
+
+## Uniqueness of Types
+
+#### Exercise: 3 stars (types_unique)
+Another nice property of the STLC is that types are unique: a
+given term (in a given context) has at most one type.
+Formalize this statement and prove it.
+
+(* FILL IN HERE
+(** $$$$
+
+
+## Additional Exercises
+
+#### Exercise: 1 star (progress_preservation_statement)
+Without peeking at their statements above, write down the progress
+and preservation theorems for the simply typed lambda-calculus.
+$$$$
+
+#### Exercise: 2 stars (stlc_variation1)
+Suppose we add a new term $$zap$$ with the following reduction rule
+
+                     ---------                  (ST_Zap)
+                     t ==> zap
+
+and the following typing rule:
+
+                  ----------------               (T_Zap)
+                  Gamma \vdash zap : T
+
+Which of the following properties of the STLC remain true in
+the presence of these rules?  For each property, write either
+"remains true" or "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+#### Exercise: 2 stars (stlc_variation2)
+Suppose instead that we add a new term $$foo$$ with the following
+reduction rules:
+
+                   -----------------                (ST_Foo1)
+                   (\lambda x:A. x) ==> foo
+
+                     ------------                   (ST_Foo2)
+                     foo ==> true
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+#### Exercise: 2 stars (stlc_variation3)
+Suppose instead that we remove the rule $$Sapp1$$ from the $$step$$
+relation. Which of the following properties of the STLC remain
+true in the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+#### Exercise: 2 stars, optional (stlc_variation4)
+Suppose instead that we add the following new rule to the
+reduction relation:
+
+        ----------------------------------        (ST_FunnyIfTrue)
+        (if true then t_1 else t_2) ==> true
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+
+#### Exercise: 2 stars, optional (stlc_variation5)
+Suppose instead that we add the following new rule to the typing
+relation:
+
+             Gamma \vdash t_1 : bool→bool→bool
+                 Gamma \vdash t_2 : bool
+             ------------------------------          (T_FunnyApp)
+                Gamma \vdash t_1 t_2 : bool
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+
+#### Exercise: 2 stars, optional (stlc_variation6)
+Suppose instead that we add the following new rule to the typing
+relation:
+
+                 Gamma \vdash t_1 : bool
+                 Gamma \vdash t_2 : bool
+                ---------------------               (T_FunnyApp')
+                Gamma \vdash t_1 t_2 : bool
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+
+#### Exercise: 2 stars, optional (stlc_variation7)
+Suppose we add the following new rule to the typing relation
+of the STLC:
+
+                     ------------------- (T_FunnyAbs)
+                     \vdash \lambda x:bool.t : bool
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+### Exercise: STLC with Arithmetic
+
+To see how the STLC might function as the core of a real
+programming language, let's extend it with a concrete base
+type of numbers and some constants and primitive
+operators.
+
+To types, we add a base type of natural numbers (and remove
+booleans, for brevity).
+
+Inductive ty : Type :=
+  | TArrow : ty → ty → ty
+  | TNat   : ty.
+
+To terms, we add natural number constants, along with
+successor, predecessor, multiplication, and zero-testing.
+
+Inductive tm : Type :=
+  | tvar : id → tm
+  | tapp : tm → tm → tm
+  | tabs : id → ty → tm → tm
+  | tnat  : nat → tm
+  | tsucc : tm → tm
+  | tpred : tm → tm
+  | tmult : tm → tm → tm
+  | tif0  : tm → tm → tm → tm.
+
+#### Exercise: 4 stars (stlc_arith)
+Finish formalizing the definition and properties of the STLC extended
+with arithmetic.  Specifically:
+
+  - Copy the whole development of STLC that we went through above (from
+    the definition of values through the Type Soundness theorem), and
+    paste it into the file at this point.
+
+  - Extend the definitions of the $$subst$$ operation and the $$step$$
+     relation to include appropriate clauses for the arithmetic operators.
+
+  - Extend the proofs of all the properties (up to $$soundness$$) of
+    the original STLC to deal with the new syntactic forms.  Make
+    sure Agda accepts the whole file.
diff --git a/StlcProp.md b/StlcProp.md
new file mode 100644
index 00000000..9386c884
--- /dev/null
+++ b/StlcProp.md
@@ -0,0 +1,5279 @@
+---
+title         : "StlcProp: Properties of STLC"
+layout        : default
+hide-implicit : false
+extra-script : [agda-extra-script.html]
+extra-style  : [agda-extra-style.html]
+permalink     : "sf/StlcProp.html"
+---
+
+<!--{% raw %}--><pre class="Agda">
+<a name="230" class="Keyword"
+      >module</a
+      ><a name="236"
+      > </a
+      ><a name="237" href="StlcProp.html#1" class="Module"
+      >StlcProp</a
+      ><a name="245"
+      > </a
+      ><a name="246" class="Keyword"
+      >where</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="298" class="Keyword"
+      >open</a
+      ><a name="302"
+      > </a
+      ><a name="303" class="Keyword"
+      >import</a
+      ><a name="309"
+      > </a
+      ><a name="310" href="https://agda.github.io/agda-stdlib/Function.html#1" class="Module"
+      >Function</a
+      ><a name="318"
+      > </a
+      ><a name="319" class="Keyword"
+      >using</a
+      ><a name="324"
+      > </a
+      ><a name="325" class="Symbol"
+      >(</a
+      ><a name="326" href="https://agda.github.io/agda-stdlib/Function.html#713" class="Function Operator"
+      >_&#8728;_</a
+      ><a name="329" class="Symbol"
+      >)</a
+      ><a name="330"
+      >
+</a
+      ><a name="331" class="Keyword"
+      >open</a
+      ><a name="335"
+      > </a
+      ><a name="336" class="Keyword"
+      >import</a
+      ><a name="342"
+      > </a
+      ><a name="343" href="https://agda.github.io/agda-stdlib/Data.Empty.html#1" class="Module"
+      >Data.Empty</a
+      ><a name="353"
+      > </a
+      ><a name="354" class="Keyword"
+      >using</a
+      ><a name="359"
+      > </a
+      ><a name="360" class="Symbol"
+      >(</a
+      ><a name="361" href="https://agda.github.io/agda-stdlib/Data.Empty.html#243" class="Datatype"
+      >&#8869;</a
+      ><a name="362" class="Symbol"
+      >;</a
+      ><a name="363"
+      > </a
+      ><a name="364" href="https://agda.github.io/agda-stdlib/Data.Empty.html#348" class="Function"
+      >&#8869;-elim</a
+      ><a name="370" class="Symbol"
+      >)</a
+      ><a name="371"
+      >
+</a
+      ><a name="372" class="Keyword"
+      >open</a
+      ><a name="376"
+      > </a
+      ><a name="377" class="Keyword"
+      >import</a
+      ><a name="383"
+      > </a
+      ><a name="384" href="https://agda.github.io/agda-stdlib/Data.Maybe.html#1" class="Module"
+      >Data.Maybe</a
+      ><a name="394"
+      > </a
+      ><a name="395" class="Keyword"
+      >using</a
+      ><a name="400"
+      > </a
+      ><a name="401" class="Symbol"
+      >(</a
+      ><a name="402" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#335" class="Datatype"
+      >Maybe</a
+      ><a name="407" class="Symbol"
+      >;</a
+      ><a name="408"
+      > </a
+      ><a name="409" href="https://agda.github.io/agda-stdlib/Data.Maybe.html#1527" class="InductiveConstructor"
+      >just</a
+      ><a name="413" class="Symbol"
+      >;</a
+      ><a name="414"
+      > </a
+      ><a name="415" href="https://agda.github.io/agda-stdlib/Data.Maybe.html#1588" class="InductiveConstructor"
+      >nothing</a
+      ><a name="422" class="Symbol"
+      >)</a
+      ><a name="423"
+      >
+</a
+      ><a name="424" class="Keyword"
+      >open</a
+      ><a name="428"
+      > </a
+      ><a name="429" class="Keyword"
+      >import</a
+      ><a name="435"
+      > </a
+      ><a name="436" href="https://agda.github.io/agda-stdlib/Data.Product.html#1" class="Module"
+      >Data.Product</a
+      ><a name="448"
+      > </a
+      ><a name="449" class="Keyword"
+      >using</a
+      ><a name="454"
+      > </a
+      ><a name="455" class="Symbol"
+      >(</a
+      ><a name="456" href="https://agda.github.io/agda-stdlib/Data.Product.html#823" class="Function"
+      >&#8707;</a
+      ><a name="457" class="Symbol"
+      >;</a
+      ><a name="458"
+      > </a
+      ><a name="459" href="https://agda.github.io/agda-stdlib/Data.Product.html#949" class="Function"
+      >&#8707;&#8322;</a
+      ><a name="461" class="Symbol"
+      >;</a
+      ><a name="462"
+      > </a
+      ><a name="463" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >_,_</a
+      ><a name="466" class="Symbol"
+      >;</a
+      ><a name="467"
+      > </a
+      ><a name="468" href="https://agda.github.io/agda-stdlib/Data.Product.html#1621" class="Function Operator"
+      >,_</a
+      ><a name="470" class="Symbol"
+      >)</a
+      ><a name="471"
+      >
+</a
+      ><a name="472" class="Keyword"
+      >open</a
+      ><a name="476"
+      > </a
+      ><a name="477" class="Keyword"
+      >import</a
+      ><a name="483"
+      > </a
+      ><a name="484" href="https://agda.github.io/agda-stdlib/Data.Sum.html#1" class="Module"
+      >Data.Sum</a
+      ><a name="492"
+      > </a
+      ><a name="493" class="Keyword"
+      >using</a
+      ><a name="498"
+      > </a
+      ><a name="499" class="Symbol"
+      >(</a
+      ><a name="500" href="https://agda.github.io/agda-stdlib/Data.Sum.html#433" class="Datatype Operator"
+      >_&#8846;_</a
+      ><a name="503" class="Symbol"
+      >;</a
+      ><a name="504"
+      > </a
+      ><a name="505" href="https://agda.github.io/agda-stdlib/Data.Sum.html#489" class="InductiveConstructor"
+      >inj&#8321;</a
+      ><a name="509" class="Symbol"
+      >;</a
+      ><a name="510"
+      > </a
+      ><a name="511" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="515" class="Symbol"
+      >)</a
+      ><a name="516"
+      >
+</a
+      ><a name="517" class="Keyword"
+      >open</a
+      ><a name="521"
+      > </a
+      ><a name="522" class="Keyword"
+      >import</a
+      ><a name="528"
+      > </a
+      ><a name="529" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#1" class="Module"
+      >Relation.Nullary</a
+      ><a name="545"
+      > </a
+      ><a name="546" class="Keyword"
+      >using</a
+      ><a name="551"
+      > </a
+      ><a name="552" class="Symbol"
+      >(</a
+      ><a name="553" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#414" class="Function Operator"
+      >&#172;_</a
+      ><a name="555" class="Symbol"
+      >;</a
+      ><a name="556"
+      > </a
+      ><a name="557" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#484" class="Datatype"
+      >Dec</a
+      ><a name="560" class="Symbol"
+      >;</a
+      ><a name="561"
+      > </a
+      ><a name="562" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="565" class="Symbol"
+      >;</a
+      ><a name="566"
+      > </a
+      ><a name="567" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="569" class="Symbol"
+      >)</a
+      ><a name="570"
+      >
+</a
+      ><a name="571" class="Keyword"
+      >open</a
+      ><a name="575"
+      > </a
+      ><a name="576" class="Keyword"
+      >import</a
+      ><a name="582"
+      > </a
+      ><a name="583" href="https://agda.github.io/agda-stdlib/Relation.Binary.PropositionalEquality.html#1" class="Module"
+      >Relation.Binary.PropositionalEquality</a
+      ><a name="620"
+      > </a
+      ><a name="621" class="Keyword"
+      >using</a
+      ><a name="626"
+      > </a
+      ><a name="627" class="Symbol"
+      >(</a
+      ><a name="628" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >_&#8801;_</a
+      ><a name="631" class="Symbol"
+      >;</a
+      ><a name="632"
+      > </a
+      ><a name="633" href="https://agda.github.io/agda-stdlib/Relation.Binary.Core.html#4493" class="Function Operator"
+      >_&#8802;_</a
+      ><a name="636" class="Symbol"
+      >;</a
+      ><a name="637"
+      > </a
+      ><a name="638" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="642" class="Symbol"
+      >)</a
+      ><a name="643"
+      >
+</a
+      ><a name="644" class="Keyword"
+      >open</a
+      ><a name="648"
+      > </a
+      ><a name="649" class="Keyword"
+      >import</a
+      ><a name="655"
+      > </a
+      ><a name="656" class="Module"
+      >Maps</a
+      ><a name="660"
+      >
+</a
+      ><a name="661" class="Keyword"
+      >open</a
+      ><a name="665"
+      > </a
+      ><a name="666" class="Keyword"
+      >import</a
+      ><a name="672"
+      > </a
+      ><a name="673" href="Stlc.html#1" class="Module"
+      >Stlc</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+#  Properties of STLC
+
+In this chapter, we develop the fundamental theory of the Simply
+Typed Lambda Calculus -- in particular, the type safety
+theorem.
+
+
+## Canonical Forms
+
+As we saw for the simple calculus in the [Stlc](Stlc.html) chapter, the
+first step in establishing basic properties of reduction and types
+is to identify the possible _canonical forms_ (i.e., well-typed
+closed values) belonging to each type.  For $$bool$$, these are the boolean
+values $$true$$ and $$false$$.  For arrow types, the canonical forms
+are lambda-abstractions.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="1259" href="StlcProp.html#1259" class="Function"
+      >CanonicalForms</a
+      ><a name="1273"
+      > </a
+      ><a name="1274" class="Symbol"
+      >:</a
+      ><a name="1275"
+      > </a
+      ><a name="1276" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="1280"
+      > </a
+      ><a name="1281" class="Symbol"
+      >&#8594;</a
+      ><a name="1282"
+      > </a
+      ><a name="1283" href="Stlc.html#5588" class="Datatype"
+      >Type</a
+      ><a name="1287"
+      > </a
+      ><a name="1288" class="Symbol"
+      >&#8594;</a
+      ><a name="1289"
+      > </a
+      ><a name="1290" class="PrimitiveType"
+      >Set</a
+      ><a name="1293"
+      >
+</a
+      ><a name="1294" href="StlcProp.html#1259" class="Function"
+      >CanonicalForms</a
+      ><a name="1308"
+      > </a
+      ><a name="1309" href="StlcProp.html#1309" class="Bound"
+      >t</a
+      ><a name="1310"
+      > </a
+      ><a name="1311" href="Stlc.html#5607" class="InductiveConstructor"
+      >bool</a
+      ><a name="1315"
+      >    </a
+      ><a name="1319" class="Symbol"
+      >=</a
+      ><a name="1320"
+      > </a
+      ><a name="1321" href="StlcProp.html#1309" class="Bound"
+      >t</a
+      ><a name="1322"
+      > </a
+      ><a name="1323" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="1324"
+      > </a
+      ><a name="1325" href="Stlc.html#5857" class="InductiveConstructor"
+      >true</a
+      ><a name="1329"
+      > </a
+      ><a name="1330" href="https://agda.github.io/agda-stdlib/Data.Sum.html#433" class="Datatype Operator"
+      >&#8846;</a
+      ><a name="1331"
+      > </a
+      ><a name="1332" href="StlcProp.html#1309" class="Bound"
+      >t</a
+      ><a name="1333"
+      > </a
+      ><a name="1334" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="1335"
+      > </a
+      ><a name="1336" href="Stlc.html#5872" class="InductiveConstructor"
+      >false</a
+      ><a name="1341"
+      >
+</a
+      ><a name="1342" href="StlcProp.html#1259" class="Function"
+      >CanonicalForms</a
+      ><a name="1356"
+      > </a
+      ><a name="1357" href="StlcProp.html#1357" class="Bound"
+      >t</a
+      ><a name="1358"
+      > </a
+      ><a name="1359" class="Symbol"
+      >(</a
+      ><a name="1360" href="StlcProp.html#1360" class="Bound"
+      >A</a
+      ><a name="1361"
+      > </a
+      ><a name="1362" href="Stlc.html#5621" class="InductiveConstructor Operator"
+      >&#8658;</a
+      ><a name="1363"
+      > </a
+      ><a name="1364" href="StlcProp.html#1364" class="Bound"
+      >B</a
+      ><a name="1365" class="Symbol"
+      >)</a
+      ><a name="1366"
+      > </a
+      ><a name="1367" class="Symbol"
+      >=</a
+      ><a name="1368"
+      > </a
+      ><a name="1369" href="https://agda.github.io/agda-stdlib/Data.Product.html#949" class="Function"
+      >&#8707;&#8322;</a
+      ><a name="1371"
+      > </a
+      ><a name="1372" class="Symbol"
+      >&#955;</a
+      ><a name="1373"
+      > </a
+      ><a name="1374" href="StlcProp.html#1374" class="Bound"
+      >x</a
+      ><a name="1375"
+      > </a
+      ><a name="1376" href="StlcProp.html#1376" class="Bound"
+      >t&#8242;</a
+      ><a name="1378"
+      > </a
+      ><a name="1379" class="Symbol"
+      >&#8594;</a
+      ><a name="1380"
+      > </a
+      ><a name="1381" href="StlcProp.html#1357" class="Bound"
+      >t</a
+      ><a name="1382"
+      > </a
+      ><a name="1383" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="1384"
+      > </a
+      ><a name="1385" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="1388"
+      > </a
+      ><a name="1389" href="StlcProp.html#1374" class="Bound"
+      >x</a
+      ><a name="1390"
+      > </a
+      ><a name="1391" href="StlcProp.html#1360" class="Bound"
+      >A</a
+      ><a name="1392"
+      > </a
+      ><a name="1393" href="StlcProp.html#1376" class="Bound"
+      >t&#8242;</a
+      ><a name="1395"
+      >
+
+</a
+      ><a name="1397" href="StlcProp.html#1397" class="Function"
+      >canonicalForms</a
+      ><a name="1411"
+      > </a
+      ><a name="1412" class="Symbol"
+      >:</a
+      ><a name="1413"
+      > </a
+      ><a name="1414" class="Symbol"
+      >&#8704;</a
+      ><a name="1415"
+      > </a
+      ><a name="1416" class="Symbol"
+      >{</a
+      ><a name="1417" href="StlcProp.html#1417" class="Bound"
+      >t</a
+      ><a name="1418"
+      > </a
+      ><a name="1419" href="StlcProp.html#1419" class="Bound"
+      >A</a
+      ><a name="1420" class="Symbol"
+      >}</a
+      ><a name="1421"
+      > </a
+      ><a name="1422" class="Symbol"
+      >&#8594;</a
+      ><a name="1423"
+      > </a
+      ><a name="1424" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="1425"
+      > </a
+      ><a name="1426" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="1427"
+      > </a
+      ><a name="1428" href="StlcProp.html#1417" class="Bound"
+      >t</a
+      ><a name="1429"
+      > </a
+      ><a name="1430" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="1431"
+      > </a
+      ><a name="1432" href="StlcProp.html#1419" class="Bound"
+      >A</a
+      ><a name="1433"
+      > </a
+      ><a name="1434" class="Symbol"
+      >&#8594;</a
+      ><a name="1435"
+      > </a
+      ><a name="1436" href="Stlc.html#9080" class="Datatype"
+      >Value</a
+      ><a name="1441"
+      > </a
+      ><a name="1442" href="StlcProp.html#1417" class="Bound"
+      >t</a
+      ><a name="1443"
+      > </a
+      ><a name="1444" class="Symbol"
+      >&#8594;</a
+      ><a name="1445"
+      > </a
+      ><a name="1446" href="StlcProp.html#1259" class="Function"
+      >CanonicalForms</a
+      ><a name="1460"
+      > </a
+      ><a name="1461" href="StlcProp.html#1417" class="Bound"
+      >t</a
+      ><a name="1462"
+      > </a
+      ><a name="1463" href="StlcProp.html#1419" class="Bound"
+      >A</a
+      ><a name="1464"
+      >
+</a
+      ><a name="1465" href="StlcProp.html#1397" class="Function"
+      >canonicalForms</a
+      ><a name="1479"
+      > </a
+      ><a name="1480" class="Symbol"
+      >(</a
+      ><a name="1481" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="1484"
+      > </a
+      ><a name="1485" href="StlcProp.html#1485" class="Bound"
+      >t&#8242;</a
+      ><a name="1487" class="Symbol"
+      >)</a
+      ><a name="1488"
+      > </a
+      ><a name="1489" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="1492"
+      >   </a
+      ><a name="1495" class="Symbol"
+      >=</a
+      ><a name="1496"
+      > </a
+      ><a name="1497" class="Symbol"
+      >_</a
+      ><a name="1498"
+      > </a
+      ><a name="1499" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="1500"
+      > </a
+      ><a name="1501" class="Symbol"
+      >_</a
+      ><a name="1502"
+      > </a
+      ><a name="1503" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="1504"
+      > </a
+      ><a name="1505" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="1509"
+      >
+</a
+      ><a name="1510" href="StlcProp.html#1397" class="Function"
+      >canonicalForms</a
+      ><a name="1524"
+      > </a
+      ><a name="1525" href="Stlc.html#19618" class="InductiveConstructor"
+      >true</a
+      ><a name="1529"
+      >     </a
+      ><a name="1534" href="Stlc.html#9155" class="InductiveConstructor"
+      >true</a
+      ><a name="1538"
+      >  </a
+      ><a name="1540" class="Symbol"
+      >=</a
+      ><a name="1541"
+      > </a
+      ><a name="1542" href="https://agda.github.io/agda-stdlib/Data.Sum.html#489" class="InductiveConstructor"
+      >inj&#8321;</a
+      ><a name="1546"
+      > </a
+      ><a name="1547" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="1551"
+      >
+</a
+      ><a name="1552" href="StlcProp.html#1397" class="Function"
+      >canonicalForms</a
+      ><a name="1566"
+      > </a
+      ><a name="1567" href="Stlc.html#19677" class="InductiveConstructor"
+      >false</a
+      ><a name="1572"
+      >    </a
+      ><a name="1576" href="Stlc.html#9176" class="InductiveConstructor"
+      >false</a
+      ><a name="1581"
+      > </a
+      ><a name="1582" class="Symbol"
+      >=</a
+      ><a name="1583"
+      > </a
+      ><a name="1584" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="1588"
+      > </a
+      ><a name="1589" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      >
+</pre><!--{% endraw %}-->
+
+## Progress
+
+As before, the _progress_ theorem tells us that closed, well-typed
+terms are not stuck: either a well-typed term is a value, or it
+can take a reduction step.  The proof is a relatively
+straightforward extension of the progress proof we saw in the
+[Stlc](Stlc.html) chapter.  We'll give the proof in English first,
+then the formal version.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="1972" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="1980"
+      > </a
+      ><a name="1981" class="Symbol"
+      >:</a
+      ><a name="1982"
+      > </a
+      ><a name="1983" class="Symbol"
+      >&#8704;</a
+      ><a name="1984"
+      > </a
+      ><a name="1985" class="Symbol"
+      >{</a
+      ><a name="1986" href="StlcProp.html#1986" class="Bound"
+      >t</a
+      ><a name="1987"
+      > </a
+      ><a name="1988" href="StlcProp.html#1988" class="Bound"
+      >A</a
+      ><a name="1989" class="Symbol"
+      >}</a
+      ><a name="1990"
+      > </a
+      ><a name="1991" class="Symbol"
+      >&#8594;</a
+      ><a name="1992"
+      > </a
+      ><a name="1993" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="1994"
+      > </a
+      ><a name="1995" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="1996"
+      > </a
+      ><a name="1997" href="StlcProp.html#1986" class="Bound"
+      >t</a
+      ><a name="1998"
+      > </a
+      ><a name="1999" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="2000"
+      > </a
+      ><a name="2001" href="StlcProp.html#1988" class="Bound"
+      >A</a
+      ><a name="2002"
+      > </a
+      ><a name="2003" class="Symbol"
+      >&#8594;</a
+      ><a name="2004"
+      > </a
+      ><a name="2005" href="Stlc.html#9080" class="Datatype"
+      >Value</a
+      ><a name="2010"
+      > </a
+      ><a name="2011" href="StlcProp.html#1986" class="Bound"
+      >t</a
+      ><a name="2012"
+      > </a
+      ><a name="2013" href="https://agda.github.io/agda-stdlib/Data.Sum.html#433" class="Datatype Operator"
+      >&#8846;</a
+      ><a name="2014"
+      > </a
+      ><a name="2015" href="https://agda.github.io/agda-stdlib/Data.Product.html#823" class="Function"
+      >&#8707;</a
+      ><a name="2016"
+      > </a
+      ><a name="2017" class="Symbol"
+      >&#955;</a
+      ><a name="2018"
+      > </a
+      ><a name="2019" href="StlcProp.html#2019" class="Bound"
+      >t&#8242;</a
+      ><a name="2021"
+      > </a
+      ><a name="2022" class="Symbol"
+      >&#8594;</a
+      ><a name="2023"
+      > </a
+      ><a name="2024" href="StlcProp.html#1986" class="Bound"
+      >t</a
+      ><a name="2025"
+      > </a
+      ><a name="2026" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="2029"
+      > </a
+      ><a name="2030" href="StlcProp.html#2019" class="Bound"
+      >t&#8242;</a
+      >
+</pre><!--{% endraw %}-->
+
+_Proof_: By induction on the derivation of $$\vdash t : A$$.
+
+  - The last rule of the derivation cannot be `var`,
+    since a variable is never well typed in an empty context.
+
+  - The `true`, `false`, and `abs` cases are trivial, since in
+    each of these cases we can see by inspecting the rule that $$t$$
+    is a value.
+
+  - If the last rule of the derivation is `app`, then $$t$$ has the
+    form $$t_1\;t_2$$ for som e$$t_1$$ and $$t_2$$, where we know that
+    $$t_1$$ and $$t_2$$ are also well typed in the empty context; in particular,
+    there exists a type $$B$$ such that $$\vdash t_1 : A\to T$$ and
+    $$\vdash t_2 : B$$.  By the induction hypothesis, either $$t_1$$ is a
+    value or it can take a reduction step.
+
+  - If $$t_1$$ is a value, then consider $$t_2$$, which by the other
+    induction hypothesis must also either be a value or take a step.
+
+    - Suppose $$t_2$$ is a value.  Since $$t_1$$ is a value with an
+      arrow type, it must be a lambda abstraction; hence $$t_1\;t_2$$
+      can take a step by `red`.
+
+    - Otherwise, $$t_2$$ can take a step, and hence so can $$t_1\;t_2$$
+      by `app2`.
+
+  - If $$t_1$$ can take a step, then so can $$t_1 t_2$$ by `app1`.
+
+  - If the last rule of the derivation is `if`, then $$t = \text{if }t_1
+    \text{ then }t_2\text{ else }t_3$$, where $$t_1$$ has type $$bool$$.  By
+    the IH, $$t_1$$ either is a value or takes a step.
+
+  - If $$t_1$$ is a value, then since it has type $$bool$$ it must be
+    either $$true$$ or $$false$$.  If it is $$true$$, then $$t$$ steps
+    to $$t_2$$; otherwise it steps to $$t_3$$.
+
+  - Otherwise, $$t_1$$ takes a step, and therefore so does $$t$$ (by `if`).
+
+<!--{% raw %}--><pre class="Agda">
+<a name="3731" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="3739"
+      > </a
+      ><a name="3740" class="Symbol"
+      >(</a
+      ><a name="3741" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="3744"
+      > </a
+      ><a name="3745" href="StlcProp.html#3745" class="Bound"
+      >x</a
+      ><a name="3746"
+      > </a
+      ><a name="3747" class="Symbol"
+      >())</a
+      ><a name="3750"
+      >
+</a
+      ><a name="3751" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="3759"
+      > </a
+      ><a name="3760" href="Stlc.html#19618" class="InductiveConstructor"
+      >true</a
+      ><a name="3764"
+      >      </a
+      ><a name="3770" class="Symbol"
+      >=</a
+      ><a name="3771"
+      > </a
+      ><a name="3772" href="https://agda.github.io/agda-stdlib/Data.Sum.html#489" class="InductiveConstructor"
+      >inj&#8321;</a
+      ><a name="3776"
+      > </a
+      ><a name="3777" href="Stlc.html#9155" class="InductiveConstructor"
+      >true</a
+      ><a name="3781"
+      >
+</a
+      ><a name="3782" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="3790"
+      > </a
+      ><a name="3791" href="Stlc.html#19677" class="InductiveConstructor"
+      >false</a
+      ><a name="3796"
+      >     </a
+      ><a name="3801" class="Symbol"
+      >=</a
+      ><a name="3802"
+      > </a
+      ><a name="3803" href="https://agda.github.io/agda-stdlib/Data.Sum.html#489" class="InductiveConstructor"
+      >inj&#8321;</a
+      ><a name="3807"
+      > </a
+      ><a name="3808" href="Stlc.html#9176" class="InductiveConstructor"
+      >false</a
+      ><a name="3813"
+      >
+</a
+      ><a name="3814" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="3822"
+      > </a
+      ><a name="3823" class="Symbol"
+      >(</a
+      ><a name="3824" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="3827"
+      > </a
+      ><a name="3828" href="StlcProp.html#3828" class="Bound"
+      >t&#8758;A</a
+      ><a name="3831" class="Symbol"
+      >)</a
+      ><a name="3832"
+      > </a
+      ><a name="3833" class="Symbol"
+      >=</a
+      ><a name="3834"
+      > </a
+      ><a name="3835" href="https://agda.github.io/agda-stdlib/Data.Sum.html#489" class="InductiveConstructor"
+      >inj&#8321;</a
+      ><a name="3839"
+      > </a
+      ><a name="3840" href="Stlc.html#9107" class="InductiveConstructor"
+      >abs</a
+      ><a name="3843"
+      >
+</a
+      ><a name="3844" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="3852"
+      > </a
+      ><a name="3853" class="Symbol"
+      >(</a
+      ><a name="3854" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="3857"
+      > </a
+      ><a name="3858" href="StlcProp.html#3858" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="3864"
+      > </a
+      ><a name="3865" href="StlcProp.html#3865" class="Bound"
+      >t&#8322;&#8758;B</a
+      ><a name="3869" class="Symbol"
+      >)</a
+      ><a name="3870"
+      >
+    </a
+      ><a name="3875" class="Keyword"
+      >with</a
+      ><a name="3879"
+      > </a
+      ><a name="3880" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="3888"
+      > </a
+      ><a name="3889" href="StlcProp.html#3858" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="3895"
+      >
+</a
+      ><a name="3896" class="Symbol"
+      >...</a
+      ><a name="3899"
+      > </a
+      ><a name="3900" class="Symbol"
+      >|</a
+      ><a name="3901"
+      > </a
+      ><a name="3902" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="3906"
+      > </a
+      ><a name="3907" class="Symbol"
+      >(_</a
+      ><a name="3909"
+      > </a
+      ><a name="3910" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="3911"
+      > </a
+      ><a name="3912" href="StlcProp.html#3912" class="Bound"
+      >t&#8321;&#8658;t&#8321;&#8242;</a
+      ><a name="3918" class="Symbol"
+      >)</a
+      ><a name="3919"
+      > </a
+      ><a name="3920" class="Symbol"
+      >=</a
+      ><a name="3921"
+      > </a
+      ><a name="3922" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="3926"
+      > </a
+      ><a name="3927" class="Symbol"
+      >(_</a
+      ><a name="3929"
+      > </a
+      ><a name="3930" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="3931"
+      > </a
+      ><a name="3932" href="Stlc.html#15342" class="InductiveConstructor"
+      >app1</a
+      ><a name="3936"
+      > </a
+      ><a name="3937" href="StlcProp.html#3912" class="Bound"
+      >t&#8321;&#8658;t&#8321;&#8242;</a
+      ><a name="3943" class="Symbol"
+      >)</a
+      ><a name="3944"
+      >
+</a
+      ><a name="3945" class="Symbol"
+      >...</a
+      ><a name="3948"
+      > </a
+      ><a name="3949" class="Symbol"
+      >|</a
+      ><a name="3950"
+      > </a
+      ><a name="3951" href="https://agda.github.io/agda-stdlib/Data.Sum.html#489" class="InductiveConstructor"
+      >inj&#8321;</a
+      ><a name="3955"
+      > </a
+      ><a name="3956" href="StlcProp.html#3956" class="Bound"
+      >v&#8321;</a
+      ><a name="3958"
+      >
+    </a
+      ><a name="3963" class="Keyword"
+      >with</a
+      ><a name="3967"
+      > </a
+      ><a name="3968" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="3976"
+      > </a
+      ><a name="3977" href="StlcProp.html#3865" class="Bound"
+      >t&#8322;&#8758;B</a
+      ><a name="3981"
+      >
+</a
+      ><a name="3982" class="Symbol"
+      >...</a
+      ><a name="3985"
+      > </a
+      ><a name="3986" class="Symbol"
+      >|</a
+      ><a name="3987"
+      > </a
+      ><a name="3988" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="3992"
+      > </a
+      ><a name="3993" class="Symbol"
+      >(_</a
+      ><a name="3995"
+      > </a
+      ><a name="3996" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="3997"
+      > </a
+      ><a name="3998" href="StlcProp.html#3998" class="Bound"
+      >t&#8322;&#8658;t&#8322;&#8242;</a
+      ><a name="4004" class="Symbol"
+      >)</a
+      ><a name="4005"
+      > </a
+      ><a name="4006" class="Symbol"
+      >=</a
+      ><a name="4007"
+      > </a
+      ><a name="4008" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="4012"
+      > </a
+      ><a name="4013" class="Symbol"
+      >(_</a
+      ><a name="4015"
+      > </a
+      ><a name="4016" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="4017"
+      > </a
+      ><a name="4018" href="Stlc.html#15419" class="InductiveConstructor"
+      >app2</a
+      ><a name="4022"
+      > </a
+      ><a name="4023" href="StlcProp.html#3956" class="Bound"
+      >v&#8321;</a
+      ><a name="4025"
+      > </a
+      ><a name="4026" href="StlcProp.html#3998" class="Bound"
+      >t&#8322;&#8658;t&#8322;&#8242;</a
+      ><a name="4032" class="Symbol"
+      >)</a
+      ><a name="4033"
+      >
+</a
+      ><a name="4034" class="Symbol"
+      >...</a
+      ><a name="4037"
+      > </a
+      ><a name="4038" class="Symbol"
+      >|</a
+      ><a name="4039"
+      > </a
+      ><a name="4040" href="https://agda.github.io/agda-stdlib/Data.Sum.html#489" class="InductiveConstructor"
+      >inj&#8321;</a
+      ><a name="4044"
+      > </a
+      ><a name="4045" href="StlcProp.html#4045" class="Bound"
+      >v&#8322;</a
+      ><a name="4047"
+      >
+    </a
+      ><a name="4052" class="Keyword"
+      >with</a
+      ><a name="4056"
+      > </a
+      ><a name="4057" href="StlcProp.html#1397" class="Function"
+      >canonicalForms</a
+      ><a name="4071"
+      > </a
+      ><a name="4072" href="StlcProp.html#3858" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="4078"
+      > </a
+      ><a name="4079" href="StlcProp.html#3956" class="Bound"
+      >v&#8321;</a
+      ><a name="4081"
+      >
+</a
+      ><a name="4082" class="Symbol"
+      >...</a
+      ><a name="4085"
+      > </a
+      ><a name="4086" class="Symbol"
+      >|</a
+      ><a name="4087"
+      > </a
+      ><a name="4088" class="Symbol"
+      >(_</a
+      ><a name="4090"
+      > </a
+      ><a name="4091" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="4092"
+      > </a
+      ><a name="4093" class="Symbol"
+      >_</a
+      ><a name="4094"
+      > </a
+      ><a name="4095" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="4096"
+      > </a
+      ><a name="4097" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="4101" class="Symbol"
+      >)</a
+      ><a name="4102"
+      > </a
+      ><a name="4103" class="Symbol"
+      >=</a
+      ><a name="4104"
+      > </a
+      ><a name="4105" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="4109"
+      > </a
+      ><a name="4110" class="Symbol"
+      >(_</a
+      ><a name="4112"
+      > </a
+      ><a name="4113" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="4114"
+      > </a
+      ><a name="4115" href="Stlc.html#15251" class="InductiveConstructor"
+      >red</a
+      ><a name="4118"
+      > </a
+      ><a name="4119" href="StlcProp.html#4045" class="Bound"
+      >v&#8322;</a
+      ><a name="4121" class="Symbol"
+      >)</a
+      ><a name="4122"
+      >
+</a
+      ><a name="4123" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="4131"
+      > </a
+      ><a name="4132" class="Symbol"
+      >(</a
+      ><a name="4133" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="4135"
+      > </a
+      ><a name="4136" href="StlcProp.html#4136" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="4143"
+      > </a
+      ><a name="4144" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="4148"
+      > </a
+      ><a name="4149" href="StlcProp.html#4149" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="4153"
+      > </a
+      ><a name="4154" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="4158"
+      > </a
+      ><a name="4159" href="StlcProp.html#4159" class="Bound"
+      >t&#8323;&#8758;A</a
+      ><a name="4163" class="Symbol"
+      >)</a
+      ><a name="4164"
+      >
+    </a
+      ><a name="4169" class="Keyword"
+      >with</a
+      ><a name="4173"
+      > </a
+      ><a name="4174" href="StlcProp.html#1972" class="Function"
+      >progress</a
+      ><a name="4182"
+      > </a
+      ><a name="4183" href="StlcProp.html#4136" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="4190"
+      >
+</a
+      ><a name="4191" class="Symbol"
+      >...</a
+      ><a name="4194"
+      > </a
+      ><a name="4195" class="Symbol"
+      >|</a
+      ><a name="4196"
+      > </a
+      ><a name="4197" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="4201"
+      > </a
+      ><a name="4202" class="Symbol"
+      >(_</a
+      ><a name="4204"
+      > </a
+      ><a name="4205" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="4206"
+      > </a
+      ><a name="4207" href="StlcProp.html#4207" class="Bound"
+      >t&#8321;&#8658;t&#8321;&#8242;</a
+      ><a name="4213" class="Symbol"
+      >)</a
+      ><a name="4214"
+      > </a
+      ><a name="4215" class="Symbol"
+      >=</a
+      ><a name="4216"
+      > </a
+      ><a name="4217" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="4221"
+      > </a
+      ><a name="4222" class="Symbol"
+      >(_</a
+      ><a name="4224"
+      > </a
+      ><a name="4225" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="4226"
+      > </a
+      ><a name="4227" href="Stlc.html#15516" class="InductiveConstructor"
+      >if</a
+      ><a name="4229"
+      > </a
+      ><a name="4230" href="StlcProp.html#4207" class="Bound"
+      >t&#8321;&#8658;t&#8321;&#8242;</a
+      ><a name="4236" class="Symbol"
+      >)</a
+      ><a name="4237"
+      >
+</a
+      ><a name="4238" class="Symbol"
+      >...</a
+      ><a name="4241"
+      > </a
+      ><a name="4242" class="Symbol"
+      >|</a
+      ><a name="4243"
+      > </a
+      ><a name="4244" href="https://agda.github.io/agda-stdlib/Data.Sum.html#489" class="InductiveConstructor"
+      >inj&#8321;</a
+      ><a name="4248"
+      > </a
+      ><a name="4249" href="StlcProp.html#4249" class="Bound"
+      >v&#8321;</a
+      ><a name="4251"
+      >
+    </a
+      ><a name="4256" class="Keyword"
+      >with</a
+      ><a name="4260"
+      > </a
+      ><a name="4261" href="StlcProp.html#1397" class="Function"
+      >canonicalForms</a
+      ><a name="4275"
+      > </a
+      ><a name="4276" href="StlcProp.html#4136" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="4283"
+      > </a
+      ><a name="4284" href="StlcProp.html#4249" class="Bound"
+      >v&#8321;</a
+      ><a name="4286"
+      >
+</a
+      ><a name="4287" class="Symbol"
+      >...</a
+      ><a name="4290"
+      > </a
+      ><a name="4291" class="Symbol"
+      >|</a
+      ><a name="4292"
+      > </a
+      ><a name="4293" href="https://agda.github.io/agda-stdlib/Data.Sum.html#489" class="InductiveConstructor"
+      >inj&#8321;</a
+      ><a name="4297"
+      > </a
+      ><a name="4298" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="4302"
+      > </a
+      ><a name="4303" class="Symbol"
+      >=</a
+      ><a name="4304"
+      > </a
+      ><a name="4305" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="4309"
+      > </a
+      ><a name="4310" class="Symbol"
+      >(_</a
+      ><a name="4312"
+      > </a
+      ><a name="4313" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="4314"
+      > </a
+      ><a name="4315" href="Stlc.html#15617" class="InductiveConstructor"
+      >iftrue</a
+      ><a name="4321" class="Symbol"
+      >)</a
+      ><a name="4322"
+      >
+</a
+      ><a name="4323" class="Symbol"
+      >...</a
+      ><a name="4326"
+      > </a
+      ><a name="4327" class="Symbol"
+      >|</a
+      ><a name="4328"
+      > </a
+      ><a name="4329" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="4333"
+      > </a
+      ><a name="4334" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="4338"
+      > </a
+      ><a name="4339" class="Symbol"
+      >=</a
+      ><a name="4340"
+      > </a
+      ><a name="4341" href="https://agda.github.io/agda-stdlib/Data.Sum.html#514" class="InductiveConstructor"
+      >inj&#8322;</a
+      ><a name="4345"
+      > </a
+      ><a name="4346" class="Symbol"
+      >(_</a
+      ><a name="4348"
+      > </a
+      ><a name="4349" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="4350"
+      > </a
+      ><a name="4351" href="Stlc.html#15677" class="InductiveConstructor"
+      >iffalse</a
+      ><a name="4358" class="Symbol"
+      >)</a
+      >
+</pre><!--{% endraw %}-->
+
+#### Exercise: 3 stars, optional (progress_from_term_ind)
+Show that progress can also be proved by induction on terms
+instead of induction on typing derivations.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="4548" class="Keyword"
+      >postulate</a
+      ><a name="4557"
+      >
+  </a
+      ><a name="4560" href="StlcProp.html#4560" class="Postulate"
+      >progress&#8242;</a
+      ><a name="4569"
+      > </a
+      ><a name="4570" class="Symbol"
+      >:</a
+      ><a name="4571"
+      > </a
+      ><a name="4572" class="Symbol"
+      >&#8704;</a
+      ><a name="4573"
+      > </a
+      ><a name="4574" class="Symbol"
+      >{</a
+      ><a name="4575" href="StlcProp.html#4575" class="Bound"
+      >t</a
+      ><a name="4576"
+      > </a
+      ><a name="4577" href="StlcProp.html#4577" class="Bound"
+      >A</a
+      ><a name="4578" class="Symbol"
+      >}</a
+      ><a name="4579"
+      > </a
+      ><a name="4580" class="Symbol"
+      >&#8594;</a
+      ><a name="4581"
+      > </a
+      ><a name="4582" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="4583"
+      > </a
+      ><a name="4584" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="4585"
+      > </a
+      ><a name="4586" href="StlcProp.html#4575" class="Bound"
+      >t</a
+      ><a name="4587"
+      > </a
+      ><a name="4588" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="4589"
+      > </a
+      ><a name="4590" href="StlcProp.html#4577" class="Bound"
+      >A</a
+      ><a name="4591"
+      > </a
+      ><a name="4592" class="Symbol"
+      >&#8594;</a
+      ><a name="4593"
+      > </a
+      ><a name="4594" href="Stlc.html#9080" class="Datatype"
+      >Value</a
+      ><a name="4599"
+      > </a
+      ><a name="4600" href="StlcProp.html#4575" class="Bound"
+      >t</a
+      ><a name="4601"
+      > </a
+      ><a name="4602" href="https://agda.github.io/agda-stdlib/Data.Sum.html#433" class="Datatype Operator"
+      >&#8846;</a
+      ><a name="4603"
+      > </a
+      ><a name="4604" href="https://agda.github.io/agda-stdlib/Data.Product.html#823" class="Function"
+      >&#8707;</a
+      ><a name="4605"
+      > </a
+      ><a name="4606" class="Symbol"
+      >&#955;</a
+      ><a name="4607"
+      > </a
+      ><a name="4608" href="StlcProp.html#4608" class="Bound"
+      >t&#8242;</a
+      ><a name="4610"
+      > </a
+      ><a name="4611" class="Symbol"
+      >&#8594;</a
+      ><a name="4612"
+      > </a
+      ><a name="4613" href="StlcProp.html#4575" class="Bound"
+      >t</a
+      ><a name="4614"
+      > </a
+      ><a name="4615" href="Stlc.html#15217" class="Datatype Operator"
+      >==&gt;</a
+      ><a name="4618"
+      > </a
+      ><a name="4619" href="StlcProp.html#4608" class="Bound"
+      >t&#8242;</a
+      >
+</pre><!--{% endraw %}-->
+
+## Preservation
+
+The other half of the type soundness property is the preservation
+of types during reduction.  For this, we need to develop some
+technical machinery for reasoning about variables and
+substitution.  Working from top to bottom (from the high-level
+property we are actually interested in to the lowest-level
+technical lemmas that are needed by various cases of the more
+interesting proofs), the story goes like this:
+
+  - The _preservation theorem_ is proved by induction on a typing
+    derivation, pretty much as we did in the [Stlc](Stlc.html)
+    chapter.  The one case that is significantly different is the
+    one for the $$red$$ rule, whose definition uses the substitution
+    operation.  To see that this step preserves typing, we need to
+    know that the substitution itself does.  So we prove a...
+
+  - _substitution lemma_, stating that substituting a (closed)
+    term $$s$$ for a variable $$x$$ in a term $$t$$ preserves the type
+    of $$t$$.  The proof goes by induction on the form of $$t$$ and
+    requires looking at all the different cases in the definition
+    of substitition.  This time, the tricky cases are the ones for
+    variables and for function abstractions.  In both cases, we
+    discover that we need to take a term $$s$$ that has been shown
+    to be well-typed in some context $$\Gamma$$ and consider the same
+    term $$s$$ in a slightly different context $$\Gamma'$$.  For this
+    we prove a...
+
+  - _context invariance_ lemma, showing that typing is preserved
+    under "inessential changes" to the context $$\Gamma$$ -- in
+    particular, changes that do not affect any of the free
+    variables of the term.  And finally, for this, we need a
+    careful definition of...
+
+  - the _free variables_ of a term -- i.e., those variables
+    mentioned in a term and not in the scope of an enclosing
+    function abstraction binding a variable of the same name.
+
+To make Agda happy, we need to formalize the story in the opposite
+order...
+
+
+### Free Occurrences
+
+A variable $$x$$ _appears free in_ a term _t_ if $$t$$ contains some
+occurrence of $$x$$ that is not under an abstraction labeled $$x$$.
+For example:
+
+  - $$y$$ appears free, but $$x$$ does not, in $$\lambda x : A\to B. x\;y$$
+  - both $$x$$ and $$y$$ appear free in $$(\lambda x:A\to B. x\;y) x$$
+  - no variables appear free in $$\lambda x:A\to B. \lambda y:A. x\;y$$
+
+Formally:
+
+<!--{% raw %}--><pre class="Agda">
+<a name="7042" class="Keyword"
+      >data</a
+      ><a name="7046"
+      > </a
+      ><a name="7047" href="StlcProp.html#7047" class="Datatype Operator"
+      >_FreeIn_</a
+      ><a name="7055"
+      > </a
+      ><a name="7056" class="Symbol"
+      >(</a
+      ><a name="7057" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7058"
+      > </a
+      ><a name="7059" class="Symbol"
+      >:</a
+      ><a name="7060"
+      > </a
+      ><a name="7061" href="Maps.html#2400" class="Datatype"
+      >Id</a
+      ><a name="7063" class="Symbol"
+      >)</a
+      ><a name="7064"
+      > </a
+      ><a name="7065" class="Symbol"
+      >:</a
+      ><a name="7066"
+      > </a
+      ><a name="7067" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="7071"
+      > </a
+      ><a name="7072" class="Symbol"
+      >&#8594;</a
+      ><a name="7073"
+      > </a
+      ><a name="7074" class="PrimitiveType"
+      >Set</a
+      ><a name="7077"
+      > </a
+      ><a name="7078" class="Keyword"
+      >where</a
+      ><a name="7083"
+      >
+  </a
+      ><a name="7086" href="StlcProp.html#7086" class="InductiveConstructor"
+      >var</a
+      ><a name="7089"
+      >  </a
+      ><a name="7091" class="Symbol"
+      >:</a
+      ><a name="7092"
+      > </a
+      ><a name="7093" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7094"
+      > </a
+      ><a name="7095" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7101"
+      > </a
+      ><a name="7102" href="Stlc.html#5774" class="InductiveConstructor"
+      >var</a
+      ><a name="7105"
+      > </a
+      ><a name="7106" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7107"
+      >
+  </a
+      ><a name="7110" href="StlcProp.html#7110" class="InductiveConstructor"
+      >abs</a
+      ><a name="7113"
+      >  </a
+      ><a name="7115" class="Symbol"
+      >:</a
+      ><a name="7116"
+      > </a
+      ><a name="7117" class="Symbol"
+      >&#8704;</a
+      ><a name="7118"
+      > </a
+      ><a name="7119" class="Symbol"
+      >{</a
+      ><a name="7120" href="StlcProp.html#7120" class="Bound"
+      >y</a
+      ><a name="7121"
+      > </a
+      ><a name="7122" href="StlcProp.html#7122" class="Bound"
+      >A</a
+      ><a name="7123"
+      > </a
+      ><a name="7124" href="StlcProp.html#7124" class="Bound"
+      >t</a
+      ><a name="7125" class="Symbol"
+      >}</a
+      ><a name="7126"
+      > </a
+      ><a name="7127" class="Symbol"
+      >&#8594;</a
+      ><a name="7128"
+      > </a
+      ><a name="7129" href="StlcProp.html#7120" class="Bound"
+      >y</a
+      ><a name="7130"
+      > </a
+      ><a name="7131" href="https://agda.github.io/agda-stdlib/Relation.Binary.Core.html#4493" class="Function Operator"
+      >&#8802;</a
+      ><a name="7132"
+      > </a
+      ><a name="7133" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7134"
+      > </a
+      ><a name="7135" class="Symbol"
+      >&#8594;</a
+      ><a name="7136"
+      > </a
+      ><a name="7137" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7138"
+      > </a
+      ><a name="7139" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7145"
+      > </a
+      ><a name="7146" href="StlcProp.html#7124" class="Bound"
+      >t</a
+      ><a name="7147"
+      > </a
+      ><a name="7148" class="Symbol"
+      >&#8594;</a
+      ><a name="7149"
+      > </a
+      ><a name="7150" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7151"
+      > </a
+      ><a name="7152" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7158"
+      > </a
+      ><a name="7159" href="Stlc.html#5823" class="InductiveConstructor"
+      >abs</a
+      ><a name="7162"
+      > </a
+      ><a name="7163" href="StlcProp.html#7120" class="Bound"
+      >y</a
+      ><a name="7164"
+      > </a
+      ><a name="7165" href="StlcProp.html#7122" class="Bound"
+      >A</a
+      ><a name="7166"
+      > </a
+      ><a name="7167" href="StlcProp.html#7124" class="Bound"
+      >t</a
+      ><a name="7168"
+      >
+  </a
+      ><a name="7171" href="StlcProp.html#7171" class="InductiveConstructor"
+      >app1</a
+      ><a name="7175"
+      > </a
+      ><a name="7176" class="Symbol"
+      >:</a
+      ><a name="7177"
+      > </a
+      ><a name="7178" class="Symbol"
+      >&#8704;</a
+      ><a name="7179"
+      > </a
+      ><a name="7180" class="Symbol"
+      >{</a
+      ><a name="7181" href="StlcProp.html#7181" class="Bound"
+      >t&#8321;</a
+      ><a name="7183"
+      > </a
+      ><a name="7184" href="StlcProp.html#7184" class="Bound"
+      >t&#8322;</a
+      ><a name="7186" class="Symbol"
+      >}</a
+      ><a name="7187"
+      > </a
+      ><a name="7188" class="Symbol"
+      >&#8594;</a
+      ><a name="7189"
+      > </a
+      ><a name="7190" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7191"
+      > </a
+      ><a name="7192" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7198"
+      > </a
+      ><a name="7199" href="StlcProp.html#7181" class="Bound"
+      >t&#8321;</a
+      ><a name="7201"
+      > </a
+      ><a name="7202" class="Symbol"
+      >&#8594;</a
+      ><a name="7203"
+      > </a
+      ><a name="7204" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7205"
+      > </a
+      ><a name="7206" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7212"
+      > </a
+      ><a name="7213" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="7216"
+      > </a
+      ><a name="7217" href="StlcProp.html#7181" class="Bound"
+      >t&#8321;</a
+      ><a name="7219"
+      > </a
+      ><a name="7220" href="StlcProp.html#7184" class="Bound"
+      >t&#8322;</a
+      ><a name="7222"
+      >
+  </a
+      ><a name="7225" href="StlcProp.html#7225" class="InductiveConstructor"
+      >app2</a
+      ><a name="7229"
+      > </a
+      ><a name="7230" class="Symbol"
+      >:</a
+      ><a name="7231"
+      > </a
+      ><a name="7232" class="Symbol"
+      >&#8704;</a
+      ><a name="7233"
+      > </a
+      ><a name="7234" class="Symbol"
+      >{</a
+      ><a name="7235" href="StlcProp.html#7235" class="Bound"
+      >t&#8321;</a
+      ><a name="7237"
+      > </a
+      ><a name="7238" href="StlcProp.html#7238" class="Bound"
+      >t&#8322;</a
+      ><a name="7240" class="Symbol"
+      >}</a
+      ><a name="7241"
+      > </a
+      ><a name="7242" class="Symbol"
+      >&#8594;</a
+      ><a name="7243"
+      > </a
+      ><a name="7244" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7245"
+      > </a
+      ><a name="7246" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7252"
+      > </a
+      ><a name="7253" href="StlcProp.html#7238" class="Bound"
+      >t&#8322;</a
+      ><a name="7255"
+      > </a
+      ><a name="7256" class="Symbol"
+      >&#8594;</a
+      ><a name="7257"
+      > </a
+      ><a name="7258" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7259"
+      > </a
+      ><a name="7260" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7266"
+      > </a
+      ><a name="7267" href="Stlc.html#5794" class="InductiveConstructor"
+      >app</a
+      ><a name="7270"
+      > </a
+      ><a name="7271" href="StlcProp.html#7235" class="Bound"
+      >t&#8321;</a
+      ><a name="7273"
+      > </a
+      ><a name="7274" href="StlcProp.html#7238" class="Bound"
+      >t&#8322;</a
+      ><a name="7276"
+      >
+  </a
+      ><a name="7279" href="StlcProp.html#7279" class="InductiveConstructor"
+      >if1</a
+      ><a name="7282"
+      >  </a
+      ><a name="7284" class="Symbol"
+      >:</a
+      ><a name="7285"
+      > </a
+      ><a name="7286" class="Symbol"
+      >&#8704;</a
+      ><a name="7287"
+      > </a
+      ><a name="7288" class="Symbol"
+      >{</a
+      ><a name="7289" href="StlcProp.html#7289" class="Bound"
+      >t&#8321;</a
+      ><a name="7291"
+      > </a
+      ><a name="7292" href="StlcProp.html#7292" class="Bound"
+      >t&#8322;</a
+      ><a name="7294"
+      > </a
+      ><a name="7295" href="StlcProp.html#7295" class="Bound"
+      >t&#8323;</a
+      ><a name="7297" class="Symbol"
+      >}</a
+      ><a name="7298"
+      > </a
+      ><a name="7299" class="Symbol"
+      >&#8594;</a
+      ><a name="7300"
+      > </a
+      ><a name="7301" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7302"
+      > </a
+      ><a name="7303" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7309"
+      > </a
+      ><a name="7310" href="StlcProp.html#7289" class="Bound"
+      >t&#8321;</a
+      ><a name="7312"
+      > </a
+      ><a name="7313" class="Symbol"
+      >&#8594;</a
+      ><a name="7314"
+      > </a
+      ><a name="7315" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7316"
+      > </a
+      ><a name="7317" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7323"
+      > </a
+      ><a name="7324" class="Symbol"
+      >(</a
+      ><a name="7325" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="7327"
+      > </a
+      ><a name="7328" href="StlcProp.html#7289" class="Bound"
+      >t&#8321;</a
+      ><a name="7330"
+      > </a
+      ><a name="7331" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="7335"
+      > </a
+      ><a name="7336" href="StlcProp.html#7292" class="Bound"
+      >t&#8322;</a
+      ><a name="7338"
+      > </a
+      ><a name="7339" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="7343"
+      > </a
+      ><a name="7344" href="StlcProp.html#7295" class="Bound"
+      >t&#8323;</a
+      ><a name="7346" class="Symbol"
+      >)</a
+      ><a name="7347"
+      >
+  </a
+      ><a name="7350" href="StlcProp.html#7350" class="InductiveConstructor"
+      >if2</a
+      ><a name="7353"
+      >  </a
+      ><a name="7355" class="Symbol"
+      >:</a
+      ><a name="7356"
+      > </a
+      ><a name="7357" class="Symbol"
+      >&#8704;</a
+      ><a name="7358"
+      > </a
+      ><a name="7359" class="Symbol"
+      >{</a
+      ><a name="7360" href="StlcProp.html#7360" class="Bound"
+      >t&#8321;</a
+      ><a name="7362"
+      > </a
+      ><a name="7363" href="StlcProp.html#7363" class="Bound"
+      >t&#8322;</a
+      ><a name="7365"
+      > </a
+      ><a name="7366" href="StlcProp.html#7366" class="Bound"
+      >t&#8323;</a
+      ><a name="7368" class="Symbol"
+      >}</a
+      ><a name="7369"
+      > </a
+      ><a name="7370" class="Symbol"
+      >&#8594;</a
+      ><a name="7371"
+      > </a
+      ><a name="7372" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7373"
+      > </a
+      ><a name="7374" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7380"
+      > </a
+      ><a name="7381" href="StlcProp.html#7363" class="Bound"
+      >t&#8322;</a
+      ><a name="7383"
+      > </a
+      ><a name="7384" class="Symbol"
+      >&#8594;</a
+      ><a name="7385"
+      > </a
+      ><a name="7386" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7387"
+      > </a
+      ><a name="7388" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7394"
+      > </a
+      ><a name="7395" class="Symbol"
+      >(</a
+      ><a name="7396" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="7398"
+      > </a
+      ><a name="7399" href="StlcProp.html#7360" class="Bound"
+      >t&#8321;</a
+      ><a name="7401"
+      > </a
+      ><a name="7402" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="7406"
+      > </a
+      ><a name="7407" href="StlcProp.html#7363" class="Bound"
+      >t&#8322;</a
+      ><a name="7409"
+      > </a
+      ><a name="7410" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="7414"
+      > </a
+      ><a name="7415" href="StlcProp.html#7366" class="Bound"
+      >t&#8323;</a
+      ><a name="7417" class="Symbol"
+      >)</a
+      ><a name="7418"
+      >
+  </a
+      ><a name="7421" href="StlcProp.html#7421" class="InductiveConstructor"
+      >if3</a
+      ><a name="7424"
+      >  </a
+      ><a name="7426" class="Symbol"
+      >:</a
+      ><a name="7427"
+      > </a
+      ><a name="7428" class="Symbol"
+      >&#8704;</a
+      ><a name="7429"
+      > </a
+      ><a name="7430" class="Symbol"
+      >{</a
+      ><a name="7431" href="StlcProp.html#7431" class="Bound"
+      >t&#8321;</a
+      ><a name="7433"
+      > </a
+      ><a name="7434" href="StlcProp.html#7434" class="Bound"
+      >t&#8322;</a
+      ><a name="7436"
+      > </a
+      ><a name="7437" href="StlcProp.html#7437" class="Bound"
+      >t&#8323;</a
+      ><a name="7439" class="Symbol"
+      >}</a
+      ><a name="7440"
+      > </a
+      ><a name="7441" class="Symbol"
+      >&#8594;</a
+      ><a name="7442"
+      > </a
+      ><a name="7443" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7444"
+      > </a
+      ><a name="7445" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7451"
+      > </a
+      ><a name="7452" href="StlcProp.html#7437" class="Bound"
+      >t&#8323;</a
+      ><a name="7454"
+      > </a
+      ><a name="7455" class="Symbol"
+      >&#8594;</a
+      ><a name="7456"
+      > </a
+      ><a name="7457" href="StlcProp.html#7057" class="Bound"
+      >x</a
+      ><a name="7458"
+      > </a
+      ><a name="7459" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7465"
+      > </a
+      ><a name="7466" class="Symbol"
+      >(</a
+      ><a name="7467" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="7469"
+      > </a
+      ><a name="7470" href="StlcProp.html#7431" class="Bound"
+      >t&#8321;</a
+      ><a name="7472"
+      > </a
+      ><a name="7473" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="7477"
+      > </a
+      ><a name="7478" href="StlcProp.html#7434" class="Bound"
+      >t&#8322;</a
+      ><a name="7480"
+      > </a
+      ><a name="7481" href="Stlc.html#5887" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="7485"
+      > </a
+      ><a name="7486" href="StlcProp.html#7437" class="Bound"
+      >t&#8323;</a
+      ><a name="7488" class="Symbol"
+      >)</a
+      >
+</pre><!--{% endraw %}-->
+
+A term in which no variables appear free is said to be _closed_.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="7581" href="StlcProp.html#7581" class="Function"
+      >Closed</a
+      ><a name="7587"
+      > </a
+      ><a name="7588" class="Symbol"
+      >:</a
+      ><a name="7589"
+      > </a
+      ><a name="7590" href="Stlc.html#5755" class="Datatype"
+      >Term</a
+      ><a name="7594"
+      > </a
+      ><a name="7595" class="Symbol"
+      >&#8594;</a
+      ><a name="7596"
+      > </a
+      ><a name="7597" class="PrimitiveType"
+      >Set</a
+      ><a name="7600"
+      >
+</a
+      ><a name="7601" href="StlcProp.html#7581" class="Function"
+      >Closed</a
+      ><a name="7607"
+      > </a
+      ><a name="7608" href="StlcProp.html#7608" class="Bound"
+      >t</a
+      ><a name="7609"
+      > </a
+      ><a name="7610" class="Symbol"
+      >=</a
+      ><a name="7611"
+      > </a
+      ><a name="7612" class="Symbol"
+      >&#8704;</a
+      ><a name="7613"
+      > </a
+      ><a name="7614" class="Symbol"
+      >{</a
+      ><a name="7615" href="StlcProp.html#7615" class="Bound"
+      >x</a
+      ><a name="7616" class="Symbol"
+      >}</a
+      ><a name="7617"
+      > </a
+      ><a name="7618" class="Symbol"
+      >&#8594;</a
+      ><a name="7619"
+      > </a
+      ><a name="7620" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#414" class="Function Operator"
+      >&#172;</a
+      ><a name="7621"
+      > </a
+      ><a name="7622" class="Symbol"
+      >(</a
+      ><a name="7623" href="StlcProp.html#7615" class="Bound"
+      >x</a
+      ><a name="7624"
+      > </a
+      ><a name="7625" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="7631"
+      > </a
+      ><a name="7632" href="StlcProp.html#7608" class="Bound"
+      >t</a
+      ><a name="7633" class="Symbol"
+      >)</a
+      >
+</pre><!--{% endraw %}-->
+
+#### Exercise: 1 star (free-in)
+If the definition of `_FreeIn_` is not crystal clear to
+you, it is a good idea to take a piece of paper and write out the
+rules in informal inference-rule notation.  (Although it is a
+rather low-level, technical definition, understanding it is
+crucial to understanding substitution and its properties, which
+are really the crux of the lambda-calculus.)
+
+### Substitution
+To prove that substitution preserves typing, we first need a
+technical lemma connecting free variables and typing contexts: If
+a variable $$x$$ appears free in a term $$t$$, and if we know $$t$$ is
+well typed in context $$\Gamma$$, then it must be the case that
+$$\Gamma$$ assigns a type to $$x$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="8362" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="8372"
+      > </a
+      ><a name="8373" class="Symbol"
+      >:</a
+      ><a name="8374"
+      > </a
+      ><a name="8375" class="Symbol"
+      >&#8704;</a
+      ><a name="8376"
+      > </a
+      ><a name="8377" class="Symbol"
+      >{</a
+      ><a name="8378" href="StlcProp.html#8378" class="Bound"
+      >x</a
+      ><a name="8379"
+      > </a
+      ><a name="8380" href="StlcProp.html#8380" class="Bound"
+      >t</a
+      ><a name="8381"
+      > </a
+      ><a name="8382" href="StlcProp.html#8382" class="Bound"
+      >A</a
+      ><a name="8383"
+      > </a
+      ><a name="8384" href="StlcProp.html#8384" class="Bound"
+      >&#915;</a
+      ><a name="8385" class="Symbol"
+      >}</a
+      ><a name="8386"
+      > </a
+      ><a name="8387" class="Symbol"
+      >&#8594;</a
+      ><a name="8388"
+      > </a
+      ><a name="8389" href="StlcProp.html#8378" class="Bound"
+      >x</a
+      ><a name="8390"
+      > </a
+      ><a name="8391" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="8397"
+      > </a
+      ><a name="8398" href="StlcProp.html#8380" class="Bound"
+      >t</a
+      ><a name="8399"
+      > </a
+      ><a name="8400" class="Symbol"
+      >&#8594;</a
+      ><a name="8401"
+      > </a
+      ><a name="8402" href="StlcProp.html#8384" class="Bound"
+      >&#915;</a
+      ><a name="8403"
+      > </a
+      ><a name="8404" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="8405"
+      > </a
+      ><a name="8406" href="StlcProp.html#8380" class="Bound"
+      >t</a
+      ><a name="8407"
+      > </a
+      ><a name="8408" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="8409"
+      > </a
+      ><a name="8410" href="StlcProp.html#8382" class="Bound"
+      >A</a
+      ><a name="8411"
+      > </a
+      ><a name="8412" class="Symbol"
+      >&#8594;</a
+      ><a name="8413"
+      > </a
+      ><a name="8414" href="https://agda.github.io/agda-stdlib/Data.Product.html#823" class="Function"
+      >&#8707;</a
+      ><a name="8415"
+      > </a
+      ><a name="8416" class="Symbol"
+      >&#955;</a
+      ><a name="8417"
+      > </a
+      ><a name="8418" href="StlcProp.html#8418" class="Bound"
+      >B</a
+      ><a name="8419"
+      > </a
+      ><a name="8420" class="Symbol"
+      >&#8594;</a
+      ><a name="8421"
+      > </a
+      ><a name="8422" href="StlcProp.html#8384" class="Bound"
+      >&#915;</a
+      ><a name="8423"
+      > </a
+      ><a name="8424" href="StlcProp.html#8378" class="Bound"
+      >x</a
+      ><a name="8425"
+      > </a
+      ><a name="8426" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="8427"
+      > </a
+      ><a name="8428" href="https://agda.github.io/agda-stdlib/Data.Maybe.Base.html#373" class="InductiveConstructor"
+      >just</a
+      ><a name="8432"
+      > </a
+      ><a name="8433" href="StlcProp.html#8418" class="Bound"
+      >B</a
+      >
+</pre><!--{% endraw %}-->
+
+_Proof_: We show, by induction on the proof that $$x$$ appears
+  free in $$t$$, that, for all contexts $$\Gamma$$, if $$t$$ is well
+  typed under $$\Gamma$$, then $$\Gamma$$ assigns some type to $$x$$.
+
+  - If the last rule used was `var`, then $$t = x$$, and from
+    the assumption that $$t$$ is well typed under $$\Gamma$$ we have
+    immediately that $$\Gamma$$ assigns a type to $$x$$.
+
+  - If the last rule used was `app1`, then $$t = t_1\;t_2$$ and $$x$$
+    appears free in $$t_1$$.  Since $$t$$ is well typed under $$\Gamma$$,
+    we can see from the typing rules that $$t_1$$ must also be, and
+    the IH then tells us that $$\Gamma$$ assigns $$x$$ a type.
+
+  - Almost all the other cases are similar: $$x$$ appears free in a
+    subterm of $$t$$, and since $$t$$ is well typed under $$\Gamma$$, we
+    know the subterm of $$t$$ in which $$x$$ appears is well typed
+    under $$\Gamma$$ as well, and the IH gives us exactly the
+    conclusion we want.
+
+  - The only remaining case is `abs`.  In this case $$t =
+    \lambda y:A.t'$$, and $$x$$ appears free in $$t'$$; we also know that
+    $$x$$ is different from $$y$$.  The difference from the previous
+    cases is that whereas $$t$$ is well typed under $$\Gamma$$, its
+    body $$t'$$ is well typed under $$(\Gamma, y:A)$$, so the IH
+    allows us to conclude that $$x$$ is assigned some type by the
+    extended context $$(\Gamma, y:A)$$.  To conclude that $$\Gamma$$
+    assigns a type to $$x$$, we appeal the decidable equality for names
+    `_≟_`, noting that $$x$$ and $$y$$ are different variables.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="10029" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10039"
+      > </a
+      ><a name="10040" href="StlcProp.html#7086" class="InductiveConstructor"
+      >var</a
+      ><a name="10043"
+      > </a
+      ><a name="10044" class="Symbol"
+      >(</a
+      ><a name="10045" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="10048"
+      > </a
+      ><a name="10049" class="Symbol"
+      >_</a
+      ><a name="10050"
+      > </a
+      ><a name="10051" href="StlcProp.html#10051" class="Bound"
+      >x&#8758;A</a
+      ><a name="10054" class="Symbol"
+      >)</a
+      ><a name="10055"
+      > </a
+      ><a name="10056" class="Symbol"
+      >=</a
+      ><a name="10057"
+      > </a
+      ><a name="10058" class="Symbol"
+      >(_</a
+      ><a name="10060"
+      > </a
+      ><a name="10061" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="10062"
+      > </a
+      ><a name="10063" href="StlcProp.html#10051" class="Bound"
+      >x&#8758;A</a
+      ><a name="10066" class="Symbol"
+      >)</a
+      ><a name="10067"
+      >
+</a
+      ><a name="10068" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10078"
+      > </a
+      ><a name="10079" class="Symbol"
+      >(</a
+      ><a name="10080" href="StlcProp.html#7171" class="InductiveConstructor"
+      >app1</a
+      ><a name="10084"
+      > </a
+      ><a name="10085" href="StlcProp.html#10085" class="Bound"
+      >x&#8712;t&#8321;</a
+      ><a name="10089" class="Symbol"
+      >)</a
+      ><a name="10090"
+      > </a
+      ><a name="10091" class="Symbol"
+      >(</a
+      ><a name="10092" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="10095"
+      > </a
+      ><a name="10096" href="StlcProp.html#10096" class="Bound"
+      >t&#8321;&#8758;A</a
+      ><a name="10100"
+      > </a
+      ><a name="10101" class="Symbol"
+      >_</a
+      ><a name="10102"
+      >   </a
+      ><a name="10105" class="Symbol"
+      >)</a
+      ><a name="10106"
+      > </a
+      ><a name="10107" class="Symbol"
+      >=</a
+      ><a name="10108"
+      > </a
+      ><a name="10109" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10119"
+      > </a
+      ><a name="10120" href="StlcProp.html#10085" class="Bound"
+      >x&#8712;t&#8321;</a
+      ><a name="10124"
+      > </a
+      ><a name="10125" href="StlcProp.html#10096" class="Bound"
+      >t&#8321;&#8758;A</a
+      ><a name="10129"
+      >
+</a
+      ><a name="10130" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10140"
+      > </a
+      ><a name="10141" class="Symbol"
+      >(</a
+      ><a name="10142" href="StlcProp.html#7225" class="InductiveConstructor"
+      >app2</a
+      ><a name="10146"
+      > </a
+      ><a name="10147" href="StlcProp.html#10147" class="Bound"
+      >x&#8712;t&#8322;</a
+      ><a name="10151" class="Symbol"
+      >)</a
+      ><a name="10152"
+      > </a
+      ><a name="10153" class="Symbol"
+      >(</a
+      ><a name="10154" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="10157"
+      > </a
+      ><a name="10158" class="Symbol"
+      >_</a
+      ><a name="10159"
+      >    </a
+      ><a name="10163" href="StlcProp.html#10163" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="10167" class="Symbol"
+      >)</a
+      ><a name="10168"
+      > </a
+      ><a name="10169" class="Symbol"
+      >=</a
+      ><a name="10170"
+      > </a
+      ><a name="10171" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10181"
+      > </a
+      ><a name="10182" href="StlcProp.html#10147" class="Bound"
+      >x&#8712;t&#8322;</a
+      ><a name="10186"
+      > </a
+      ><a name="10187" href="StlcProp.html#10163" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="10191"
+      >
+</a
+      ><a name="10192" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10202"
+      > </a
+      ><a name="10203" class="Symbol"
+      >(</a
+      ><a name="10204" href="StlcProp.html#7279" class="InductiveConstructor"
+      >if1</a
+      ><a name="10207"
+      >  </a
+      ><a name="10209" href="StlcProp.html#10209" class="Bound"
+      >x&#8712;t&#8321;</a
+      ><a name="10213" class="Symbol"
+      >)</a
+      ><a name="10214"
+      > </a
+      ><a name="10215" class="Symbol"
+      >(</a
+      ><a name="10216" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="10218"
+      > </a
+      ><a name="10219" href="StlcProp.html#10219" class="Bound"
+      >t&#8321;&#8758;A</a
+      ><a name="10223"
+      > </a
+      ><a name="10224" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="10228"
+      > </a
+      ><a name="10229" class="Symbol"
+      >_</a
+      ><a name="10230"
+      >    </a
+      ><a name="10234" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="10238"
+      > </a
+      ><a name="10239" class="Symbol"
+      >_</a
+      ><a name="10240"
+      >   </a
+      ><a name="10243" class="Symbol"
+      >)</a
+      ><a name="10244"
+      > </a
+      ><a name="10245" class="Symbol"
+      >=</a
+      ><a name="10246"
+      > </a
+      ><a name="10247" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10257"
+      > </a
+      ><a name="10258" href="StlcProp.html#10209" class="Bound"
+      >x&#8712;t&#8321;</a
+      ><a name="10262"
+      > </a
+      ><a name="10263" href="StlcProp.html#10219" class="Bound"
+      >t&#8321;&#8758;A</a
+      ><a name="10267"
+      >
+</a
+      ><a name="10268" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10278"
+      > </a
+      ><a name="10279" class="Symbol"
+      >(</a
+      ><a name="10280" href="StlcProp.html#7350" class="InductiveConstructor"
+      >if2</a
+      ><a name="10283"
+      >  </a
+      ><a name="10285" href="StlcProp.html#10285" class="Bound"
+      >x&#8712;t&#8322;</a
+      ><a name="10289" class="Symbol"
+      >)</a
+      ><a name="10290"
+      > </a
+      ><a name="10291" class="Symbol"
+      >(</a
+      ><a name="10292" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="10294"
+      > </a
+      ><a name="10295" class="Symbol"
+      >_</a
+      ><a name="10296"
+      >    </a
+      ><a name="10300" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="10304"
+      > </a
+      ><a name="10305" href="StlcProp.html#10305" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="10309"
+      > </a
+      ><a name="10310" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="10314"
+      > </a
+      ><a name="10315" class="Symbol"
+      >_</a
+      ><a name="10316"
+      >   </a
+      ><a name="10319" class="Symbol"
+      >)</a
+      ><a name="10320"
+      > </a
+      ><a name="10321" class="Symbol"
+      >=</a
+      ><a name="10322"
+      > </a
+      ><a name="10323" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10333"
+      > </a
+      ><a name="10334" href="StlcProp.html#10285" class="Bound"
+      >x&#8712;t&#8322;</a
+      ><a name="10338"
+      > </a
+      ><a name="10339" href="StlcProp.html#10305" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="10343"
+      >
+</a
+      ><a name="10344" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10354"
+      > </a
+      ><a name="10355" class="Symbol"
+      >(</a
+      ><a name="10356" href="StlcProp.html#7421" class="InductiveConstructor"
+      >if3</a
+      ><a name="10359"
+      >  </a
+      ><a name="10361" href="StlcProp.html#10361" class="Bound"
+      >x&#8712;t&#8323;</a
+      ><a name="10365" class="Symbol"
+      >)</a
+      ><a name="10366"
+      > </a
+      ><a name="10367" class="Symbol"
+      >(</a
+      ><a name="10368" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="10370"
+      > </a
+      ><a name="10371" class="Symbol"
+      >_</a
+      ><a name="10372"
+      >    </a
+      ><a name="10376" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="10380"
+      > </a
+      ><a name="10381" class="Symbol"
+      >_</a
+      ><a name="10382"
+      >    </a
+      ><a name="10386" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="10390"
+      > </a
+      ><a name="10391" href="StlcProp.html#10391" class="Bound"
+      >t&#8323;&#8758;A</a
+      ><a name="10395" class="Symbol"
+      >)</a
+      ><a name="10396"
+      > </a
+      ><a name="10397" class="Symbol"
+      >=</a
+      ><a name="10398"
+      > </a
+      ><a name="10399" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10409"
+      > </a
+      ><a name="10410" href="StlcProp.html#10361" class="Bound"
+      >x&#8712;t&#8323;</a
+      ><a name="10414"
+      > </a
+      ><a name="10415" href="StlcProp.html#10391" class="Bound"
+      >t&#8323;&#8758;A</a
+      ><a name="10419"
+      >
+</a
+      ><a name="10420" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10430"
+      > </a
+      ><a name="10431" class="Symbol"
+      >{</a
+      ><a name="10432" href="StlcProp.html#10432" class="Bound"
+      >x</a
+      ><a name="10433" class="Symbol"
+      >}</a
+      ><a name="10434"
+      > </a
+      ><a name="10435" class="Symbol"
+      >(</a
+      ><a name="10436" href="StlcProp.html#7110" class="InductiveConstructor"
+      >abs</a
+      ><a name="10439"
+      > </a
+      ><a name="10440" class="Symbol"
+      >{</a
+      ><a name="10441" href="StlcProp.html#10441" class="Bound"
+      >y</a
+      ><a name="10442" class="Symbol"
+      >}</a
+      ><a name="10443"
+      > </a
+      ><a name="10444" href="StlcProp.html#10444" class="Bound"
+      >y&#8800;x</a
+      ><a name="10447"
+      > </a
+      ><a name="10448" href="StlcProp.html#10448" class="Bound"
+      >x&#8712;t</a
+      ><a name="10451" class="Symbol"
+      >)</a
+      ><a name="10452"
+      > </a
+      ><a name="10453" class="Symbol"
+      >(</a
+      ><a name="10454" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="10457"
+      > </a
+      ><a name="10458" href="StlcProp.html#10458" class="Bound"
+      >t&#8758;B</a
+      ><a name="10461" class="Symbol"
+      >)</a
+      ><a name="10462"
+      >
+    </a
+      ><a name="10467" class="Keyword"
+      >with</a
+      ><a name="10471"
+      > </a
+      ><a name="10472" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="10482"
+      > </a
+      ><a name="10483" href="StlcProp.html#10448" class="Bound"
+      >x&#8712;t</a
+      ><a name="10486"
+      > </a
+      ><a name="10487" href="StlcProp.html#10458" class="Bound"
+      >t&#8758;B</a
+      ><a name="10490"
+      >
+</a
+      ><a name="10491" class="Symbol"
+      >...</a
+      ><a name="10494"
+      > </a
+      ><a name="10495" class="Symbol"
+      >|</a
+      ><a name="10496"
+      > </a
+      ><a name="10497" href="StlcProp.html#10497" class="Bound"
+      >x&#8758;A</a
+      ><a name="10500"
+      >
+    </a
+      ><a name="10505" class="Keyword"
+      >with</a
+      ><a name="10509"
+      > </a
+      ><a name="10510" href="StlcProp.html#10441" class="Bound"
+      >y</a
+      ><a name="10511"
+      > </a
+      ><a name="10512" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="10513"
+      > </a
+      ><a name="10514" href="StlcProp.html#10432" class="Bound"
+      >x</a
+      ><a name="10515"
+      >
+</a
+      ><a name="10516" class="Symbol"
+      >...</a
+      ><a name="10519"
+      > </a
+      ><a name="10520" class="Symbol"
+      >|</a
+      ><a name="10521"
+      > </a
+      ><a name="10522" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="10525"
+      > </a
+      ><a name="10526" href="StlcProp.html#10526" class="Bound"
+      >y=x</a
+      ><a name="10529"
+      > </a
+      ><a name="10530" class="Symbol"
+      >=</a
+      ><a name="10531"
+      > </a
+      ><a name="10532" href="https://agda.github.io/agda-stdlib/Data.Empty.html#348" class="Function"
+      >&#8869;-elim</a
+      ><a name="10538"
+      > </a
+      ><a name="10539" class="Symbol"
+      >(</a
+      ><a name="10540" href="StlcProp.html#10444" class="Bound"
+      >y&#8800;x</a
+      ><a name="10543"
+      > </a
+      ><a name="10544" href="StlcProp.html#10526" class="Bound"
+      >y=x</a
+      ><a name="10547" class="Symbol"
+      >)</a
+      ><a name="10548"
+      >
+</a
+      ><a name="10549" class="Symbol"
+      >...</a
+      ><a name="10552"
+      > </a
+      ><a name="10553" class="Symbol"
+      >|</a
+      ><a name="10554"
+      > </a
+      ><a name="10555" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="10557"
+      >  </a
+      ><a name="10559" class="Symbol"
+      >_</a
+      ><a name="10560"
+      >   </a
+      ><a name="10563" class="Symbol"
+      >=</a
+      ><a name="10564"
+      > </a
+      ><a name="10565" href="StlcProp.html#10497" class="Bound"
+      >x&#8758;A</a
+      >
+</pre><!--{% endraw %}-->
+
+Next, we'll need the fact that any term $$t$$ which is well typed in
+the empty context is closed (it has no free variables).
+
+#### Exercise: 2 stars, optional (∅⊢-closed)
+
+<!--{% raw %}--><pre class="Agda">
+<a name="10766" class="Keyword"
+      >postulate</a
+      ><a name="10775"
+      >
+  </a
+      ><a name="10778" href="StlcProp.html#10778" class="Postulate"
+      >&#8709;&#8866;-closed</a
+      ><a name="10787"
+      > </a
+      ><a name="10788" class="Symbol"
+      >:</a
+      ><a name="10789"
+      > </a
+      ><a name="10790" class="Symbol"
+      >&#8704;</a
+      ><a name="10791"
+      > </a
+      ><a name="10792" class="Symbol"
+      >{</a
+      ><a name="10793" href="StlcProp.html#10793" class="Bound"
+      >t</a
+      ><a name="10794"
+      > </a
+      ><a name="10795" href="StlcProp.html#10795" class="Bound"
+      >A</a
+      ><a name="10796" class="Symbol"
+      >}</a
+      ><a name="10797"
+      > </a
+      ><a name="10798" class="Symbol"
+      >&#8594;</a
+      ><a name="10799"
+      > </a
+      ><a name="10800" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="10801"
+      > </a
+      ><a name="10802" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="10803"
+      > </a
+      ><a name="10804" href="StlcProp.html#10793" class="Bound"
+      >t</a
+      ><a name="10805"
+      > </a
+      ><a name="10806" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="10807"
+      > </a
+      ><a name="10808" href="StlcProp.html#10795" class="Bound"
+      >A</a
+      ><a name="10809"
+      > </a
+      ><a name="10810" class="Symbol"
+      >&#8594;</a
+      ><a name="10811"
+      > </a
+      ><a name="10812" href="StlcProp.html#7581" class="Function"
+      >Closed</a
+      ><a name="10818"
+      > </a
+      ><a name="10819" href="StlcProp.html#10793" class="Bound"
+      >t</a
+      >
+</pre><!--{% endraw %}-->
+
+<div class="hidden">
+<!--{% raw %}--><pre class="Agda">
+<a name="10867" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="10877"
+      > </a
+      ><a name="10878" class="Symbol"
+      >:</a
+      ><a name="10879"
+      > </a
+      ><a name="10880" class="Symbol"
+      >&#8704;</a
+      ><a name="10881"
+      > </a
+      ><a name="10882" class="Symbol"
+      >{</a
+      ><a name="10883" href="StlcProp.html#10883" class="Bound"
+      >t</a
+      ><a name="10884"
+      > </a
+      ><a name="10885" href="StlcProp.html#10885" class="Bound"
+      >A</a
+      ><a name="10886" class="Symbol"
+      >}</a
+      ><a name="10887"
+      > </a
+      ><a name="10888" class="Symbol"
+      >&#8594;</a
+      ><a name="10889"
+      > </a
+      ><a name="10890" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="10891"
+      > </a
+      ><a name="10892" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="10893"
+      > </a
+      ><a name="10894" href="StlcProp.html#10883" class="Bound"
+      >t</a
+      ><a name="10895"
+      > </a
+      ><a name="10896" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="10897"
+      > </a
+      ><a name="10898" href="StlcProp.html#10885" class="Bound"
+      >A</a
+      ><a name="10899"
+      > </a
+      ><a name="10900" class="Symbol"
+      >&#8594;</a
+      ><a name="10901"
+      > </a
+      ><a name="10902" href="StlcProp.html#7581" class="Function"
+      >Closed</a
+      ><a name="10908"
+      > </a
+      ><a name="10909" href="StlcProp.html#10883" class="Bound"
+      >t</a
+      ><a name="10910"
+      >
+</a
+      ><a name="10911" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="10921"
+      > </a
+      ><a name="10922" class="Symbol"
+      >(</a
+      ><a name="10923" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="10926"
+      > </a
+      ><a name="10927" href="StlcProp.html#10927" class="Bound"
+      >x</a
+      ><a name="10928"
+      > </a
+      ><a name="10929" class="Symbol"
+      >())</a
+      ><a name="10932"
+      >
+</a
+      ><a name="10933" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="10943"
+      > </a
+      ><a name="10944" class="Symbol"
+      >(</a
+      ><a name="10945" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="10948"
+      > </a
+      ><a name="10949" href="StlcProp.html#10949" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="10955"
+      > </a
+      ><a name="10956" href="StlcProp.html#10956" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="10960" class="Symbol"
+      >)</a
+      ><a name="10961"
+      > </a
+      ><a name="10962" class="Symbol"
+      >(</a
+      ><a name="10963" href="StlcProp.html#7171" class="InductiveConstructor"
+      >app1</a
+      ><a name="10967"
+      > </a
+      ><a name="10968" href="StlcProp.html#10968" class="Bound"
+      >x&#8712;t&#8321;</a
+      ><a name="10972" class="Symbol"
+      >)</a
+      ><a name="10973"
+      > </a
+      ><a name="10974" class="Symbol"
+      >=</a
+      ><a name="10975"
+      > </a
+      ><a name="10976" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="10986"
+      > </a
+      ><a name="10987" href="StlcProp.html#10949" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="10993"
+      > </a
+      ><a name="10994" href="StlcProp.html#10968" class="Bound"
+      >x&#8712;t&#8321;</a
+      ><a name="10998"
+      >
+</a
+      ><a name="10999" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11009"
+      > </a
+      ><a name="11010" class="Symbol"
+      >(</a
+      ><a name="11011" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="11014"
+      > </a
+      ><a name="11015" href="StlcProp.html#11015" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="11021"
+      > </a
+      ><a name="11022" href="StlcProp.html#11022" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="11026" class="Symbol"
+      >)</a
+      ><a name="11027"
+      > </a
+      ><a name="11028" class="Symbol"
+      >(</a
+      ><a name="11029" href="StlcProp.html#7225" class="InductiveConstructor"
+      >app2</a
+      ><a name="11033"
+      > </a
+      ><a name="11034" href="StlcProp.html#11034" class="Bound"
+      >x&#8712;t&#8322;</a
+      ><a name="11038" class="Symbol"
+      >)</a
+      ><a name="11039"
+      > </a
+      ><a name="11040" class="Symbol"
+      >=</a
+      ><a name="11041"
+      > </a
+      ><a name="11042" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11052"
+      > </a
+      ><a name="11053" href="StlcProp.html#11022" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="11057"
+      > </a
+      ><a name="11058" href="StlcProp.html#11034" class="Bound"
+      >x&#8712;t&#8322;</a
+      ><a name="11062"
+      >
+</a
+      ><a name="11063" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11073"
+      > </a
+      ><a name="11074" href="Stlc.html#19618" class="InductiveConstructor"
+      >true</a
+      ><a name="11078"
+      >  </a
+      ><a name="11080" class="Symbol"
+      >()</a
+      ><a name="11082"
+      >
+</a
+      ><a name="11083" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11093"
+      > </a
+      ><a name="11094" href="Stlc.html#19677" class="InductiveConstructor"
+      >false</a
+      ><a name="11099"
+      > </a
+      ><a name="11100" class="Symbol"
+      >()</a
+      ><a name="11102"
+      >
+</a
+      ><a name="11103" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11113"
+      > </a
+      ><a name="11114" class="Symbol"
+      >(</a
+      ><a name="11115" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="11117"
+      > </a
+      ><a name="11118" href="StlcProp.html#11118" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="11125"
+      > </a
+      ><a name="11126" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="11130"
+      > </a
+      ><a name="11131" href="StlcProp.html#11131" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="11135"
+      > </a
+      ><a name="11136" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="11140"
+      > </a
+      ><a name="11141" href="StlcProp.html#11141" class="Bound"
+      >t&#8323;&#8758;A</a
+      ><a name="11145" class="Symbol"
+      >)</a
+      ><a name="11146"
+      > </a
+      ><a name="11147" class="Symbol"
+      >(</a
+      ><a name="11148" href="StlcProp.html#7279" class="InductiveConstructor"
+      >if1</a
+      ><a name="11151"
+      > </a
+      ><a name="11152" href="StlcProp.html#11152" class="Bound"
+      >x&#8712;t&#8321;</a
+      ><a name="11156" class="Symbol"
+      >)</a
+      ><a name="11157"
+      > </a
+      ><a name="11158" class="Symbol"
+      >=</a
+      ><a name="11159"
+      > </a
+      ><a name="11160" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11170"
+      > </a
+      ><a name="11171" href="StlcProp.html#11118" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="11178"
+      > </a
+      ><a name="11179" href="StlcProp.html#11152" class="Bound"
+      >x&#8712;t&#8321;</a
+      ><a name="11183"
+      >
+</a
+      ><a name="11184" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11194"
+      > </a
+      ><a name="11195" class="Symbol"
+      >(</a
+      ><a name="11196" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="11198"
+      > </a
+      ><a name="11199" href="StlcProp.html#11199" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="11206"
+      > </a
+      ><a name="11207" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="11211"
+      > </a
+      ><a name="11212" href="StlcProp.html#11212" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="11216"
+      > </a
+      ><a name="11217" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="11221"
+      > </a
+      ><a name="11222" href="StlcProp.html#11222" class="Bound"
+      >t&#8323;&#8758;A</a
+      ><a name="11226" class="Symbol"
+      >)</a
+      ><a name="11227"
+      > </a
+      ><a name="11228" class="Symbol"
+      >(</a
+      ><a name="11229" href="StlcProp.html#7350" class="InductiveConstructor"
+      >if2</a
+      ><a name="11232"
+      > </a
+      ><a name="11233" href="StlcProp.html#11233" class="Bound"
+      >x&#8712;t&#8322;</a
+      ><a name="11237" class="Symbol"
+      >)</a
+      ><a name="11238"
+      > </a
+      ><a name="11239" class="Symbol"
+      >=</a
+      ><a name="11240"
+      > </a
+      ><a name="11241" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11251"
+      > </a
+      ><a name="11252" href="StlcProp.html#11212" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="11256"
+      > </a
+      ><a name="11257" href="StlcProp.html#11233" class="Bound"
+      >x&#8712;t&#8322;</a
+      ><a name="11261"
+      >
+</a
+      ><a name="11262" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11272"
+      > </a
+      ><a name="11273" class="Symbol"
+      >(</a
+      ><a name="11274" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="11276"
+      > </a
+      ><a name="11277" href="StlcProp.html#11277" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="11284"
+      > </a
+      ><a name="11285" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="11289"
+      > </a
+      ><a name="11290" href="StlcProp.html#11290" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="11294"
+      > </a
+      ><a name="11295" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="11299"
+      > </a
+      ><a name="11300" href="StlcProp.html#11300" class="Bound"
+      >t&#8323;&#8758;A</a
+      ><a name="11304" class="Symbol"
+      >)</a
+      ><a name="11305"
+      > </a
+      ><a name="11306" class="Symbol"
+      >(</a
+      ><a name="11307" href="StlcProp.html#7421" class="InductiveConstructor"
+      >if3</a
+      ><a name="11310"
+      > </a
+      ><a name="11311" href="StlcProp.html#11311" class="Bound"
+      >x&#8712;t&#8323;</a
+      ><a name="11315" class="Symbol"
+      >)</a
+      ><a name="11316"
+      > </a
+      ><a name="11317" class="Symbol"
+      >=</a
+      ><a name="11318"
+      > </a
+      ><a name="11319" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11329"
+      > </a
+      ><a name="11330" href="StlcProp.html#11300" class="Bound"
+      >t&#8323;&#8758;A</a
+      ><a name="11334"
+      > </a
+      ><a name="11335" href="StlcProp.html#11311" class="Bound"
+      >x&#8712;t&#8323;</a
+      ><a name="11339"
+      >
+</a
+      ><a name="11340" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11350"
+      > </a
+      ><a name="11351" class="Symbol"
+      >(</a
+      ><a name="11352" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="11355"
+      > </a
+      ><a name="11356" class="Symbol"
+      >{</a
+      ><a name="11357" class="Argument"
+      >x</a
+      ><a name="11358"
+      > </a
+      ><a name="11359" class="Symbol"
+      >=</a
+      ><a name="11360"
+      > </a
+      ><a name="11361" href="StlcProp.html#11361" class="Bound"
+      >x</a
+      ><a name="11362" class="Symbol"
+      >}</a
+      ><a name="11363"
+      > </a
+      ><a name="11364" href="StlcProp.html#11364" class="Bound"
+      >t&#8242;&#8758;A</a
+      ><a name="11368" class="Symbol"
+      >)</a
+      ><a name="11369"
+      > </a
+      ><a name="11370" class="Symbol"
+      >{</a
+      ><a name="11371" href="StlcProp.html#11371" class="Bound"
+      >y</a
+      ><a name="11372" class="Symbol"
+      >}</a
+      ><a name="11373"
+      > </a
+      ><a name="11374" class="Symbol"
+      >(</a
+      ><a name="11375" href="StlcProp.html#7110" class="InductiveConstructor"
+      >abs</a
+      ><a name="11378"
+      > </a
+      ><a name="11379" href="StlcProp.html#11379" class="Bound"
+      >x&#8800;y</a
+      ><a name="11382"
+      > </a
+      ><a name="11383" href="StlcProp.html#11383" class="Bound"
+      >y&#8712;t&#8242;</a
+      ><a name="11387" class="Symbol"
+      >)</a
+      ><a name="11388"
+      > </a
+      ><a name="11389" class="Keyword"
+      >with</a
+      ><a name="11393"
+      > </a
+      ><a name="11394" href="StlcProp.html#8362" class="Function"
+      >freeInCtxt</a
+      ><a name="11404"
+      > </a
+      ><a name="11405" href="StlcProp.html#11383" class="Bound"
+      >y&#8712;t&#8242;</a
+      ><a name="11409"
+      > </a
+      ><a name="11410" href="StlcProp.html#11364" class="Bound"
+      >t&#8242;&#8758;A</a
+      ><a name="11414"
+      >
+</a
+      ><a name="11415" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11425"
+      > </a
+      ><a name="11426" class="Symbol"
+      >(</a
+      ><a name="11427" class="InductiveConstructor"
+      >abs</a
+      ><a name="11430"
+      > </a
+      ><a name="11431" class="Symbol"
+      >{</a
+      ><a name="11432" class="Argument"
+      >x</a
+      ><a name="11433"
+      > </a
+      ><a name="11434" class="Symbol"
+      >=</a
+      ><a name="11435"
+      > </a
+      ><a name="11436" href="StlcProp.html#11436" class="Bound"
+      >x</a
+      ><a name="11437" class="Symbol"
+      >}</a
+      ><a name="11438"
+      > </a
+      ><a name="11439" href="StlcProp.html#11439" class="Bound"
+      >t&#8242;&#8758;A</a
+      ><a name="11443" class="Symbol"
+      >)</a
+      ><a name="11444"
+      > </a
+      ><a name="11445" class="Symbol"
+      >{</a
+      ><a name="11446" href="StlcProp.html#11446" class="Bound"
+      >y</a
+      ><a name="11447" class="Symbol"
+      >}</a
+      ><a name="11448"
+      > </a
+      ><a name="11449" class="Symbol"
+      >(</a
+      ><a name="11450" class="InductiveConstructor"
+      >abs</a
+      ><a name="11453"
+      > </a
+      ><a name="11454" href="StlcProp.html#11454" class="Bound"
+      >x&#8800;y</a
+      ><a name="11457"
+      > </a
+      ><a name="11458" href="StlcProp.html#11458" class="Bound"
+      >y&#8712;t&#8242;</a
+      ><a name="11462" class="Symbol"
+      >)</a
+      ><a name="11463"
+      > </a
+      ><a name="11464" class="Symbol"
+      >|</a
+      ><a name="11465"
+      > </a
+      ><a name="11466" href="StlcProp.html#11466" class="Bound"
+      >A</a
+      ><a name="11467"
+      > </a
+      ><a name="11468" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="11469"
+      > </a
+      ><a name="11470" href="StlcProp.html#11470" class="Bound"
+      >y&#8758;A</a
+      ><a name="11473"
+      > </a
+      ><a name="11474" class="Keyword"
+      >with</a
+      ><a name="11478"
+      > </a
+      ><a name="11479" href="StlcProp.html#11436" class="Bound"
+      >x</a
+      ><a name="11480"
+      > </a
+      ><a name="11481" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="11482"
+      > </a
+      ><a name="11483" href="StlcProp.html#11446" class="Bound"
+      >y</a
+      ><a name="11484"
+      >
+</a
+      ><a name="11485" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11495"
+      > </a
+      ><a name="11496" class="Symbol"
+      >(</a
+      ><a name="11497" class="InductiveConstructor"
+      >abs</a
+      ><a name="11500"
+      > </a
+      ><a name="11501" class="Symbol"
+      >{</a
+      ><a name="11502" class="Argument"
+      >x</a
+      ><a name="11503"
+      > </a
+      ><a name="11504" class="Symbol"
+      >=</a
+      ><a name="11505"
+      > </a
+      ><a name="11506" href="StlcProp.html#11506" class="Bound"
+      >x</a
+      ><a name="11507" class="Symbol"
+      >}</a
+      ><a name="11508"
+      > </a
+      ><a name="11509" href="StlcProp.html#11509" class="Bound"
+      >t&#8242;&#8758;A</a
+      ><a name="11513" class="Symbol"
+      >)</a
+      ><a name="11514"
+      > </a
+      ><a name="11515" class="Symbol"
+      >{</a
+      ><a name="11516" href="StlcProp.html#11516" class="Bound"
+      >y</a
+      ><a name="11517" class="Symbol"
+      >}</a
+      ><a name="11518"
+      > </a
+      ><a name="11519" class="Symbol"
+      >(</a
+      ><a name="11520" class="InductiveConstructor"
+      >abs</a
+      ><a name="11523"
+      > </a
+      ><a name="11524" href="StlcProp.html#11524" class="Bound"
+      >x&#8800;y</a
+      ><a name="11527"
+      > </a
+      ><a name="11528" href="StlcProp.html#11528" class="Bound"
+      >y&#8712;t&#8242;</a
+      ><a name="11532" class="Symbol"
+      >)</a
+      ><a name="11533"
+      > </a
+      ><a name="11534" class="Symbol"
+      >|</a
+      ><a name="11535"
+      > </a
+      ><a name="11536" href="StlcProp.html#11536" class="Bound"
+      >A</a
+      ><a name="11537"
+      > </a
+      ><a name="11538" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="11539"
+      > </a
+      ><a name="11540" href="StlcProp.html#11540" class="Bound"
+      >y&#8758;A</a
+      ><a name="11543"
+      > </a
+      ><a name="11544" class="Symbol"
+      >|</a
+      ><a name="11545"
+      > </a
+      ><a name="11546" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="11549"
+      > </a
+      ><a name="11550" href="StlcProp.html#11550" class="Bound"
+      >x=y</a
+      ><a name="11553"
+      > </a
+      ><a name="11554" class="Symbol"
+      >=</a
+      ><a name="11555"
+      > </a
+      ><a name="11556" href="StlcProp.html#11524" class="Bound"
+      >x&#8800;y</a
+      ><a name="11559"
+      > </a
+      ><a name="11560" href="StlcProp.html#11550" class="Bound"
+      >x=y</a
+      ><a name="11563"
+      >
+</a
+      ><a name="11564" href="StlcProp.html#10867" class="Function"
+      >&#8709;&#8866;-closed&#8242;</a
+      ><a name="11574"
+      > </a
+      ><a name="11575" class="Symbol"
+      >(</a
+      ><a name="11576" class="InductiveConstructor"
+      >abs</a
+      ><a name="11579"
+      > </a
+      ><a name="11580" class="Symbol"
+      >{</a
+      ><a name="11581" class="Argument"
+      >x</a
+      ><a name="11582"
+      > </a
+      ><a name="11583" class="Symbol"
+      >=</a
+      ><a name="11584"
+      > </a
+      ><a name="11585" href="StlcProp.html#11585" class="Bound"
+      >x</a
+      ><a name="11586" class="Symbol"
+      >}</a
+      ><a name="11587"
+      > </a
+      ><a name="11588" href="StlcProp.html#11588" class="Bound"
+      >t&#8242;&#8758;A</a
+      ><a name="11592" class="Symbol"
+      >)</a
+      ><a name="11593"
+      > </a
+      ><a name="11594" class="Symbol"
+      >{</a
+      ><a name="11595" href="StlcProp.html#11595" class="Bound"
+      >y</a
+      ><a name="11596" class="Symbol"
+      >}</a
+      ><a name="11597"
+      > </a
+      ><a name="11598" class="Symbol"
+      >(</a
+      ><a name="11599" class="InductiveConstructor"
+      >abs</a
+      ><a name="11602"
+      > </a
+      ><a name="11603" href="StlcProp.html#11603" class="Bound"
+      >x&#8800;y</a
+      ><a name="11606"
+      > </a
+      ><a name="11607" href="StlcProp.html#11607" class="Bound"
+      >y&#8712;t&#8242;</a
+      ><a name="11611" class="Symbol"
+      >)</a
+      ><a name="11612"
+      > </a
+      ><a name="11613" class="Symbol"
+      >|</a
+      ><a name="11614"
+      > </a
+      ><a name="11615" href="StlcProp.html#11615" class="Bound"
+      >A</a
+      ><a name="11616"
+      > </a
+      ><a name="11617" href="https://agda.github.io/agda-stdlib/Data.Product.html#509" class="InductiveConstructor Operator"
+      >,</a
+      ><a name="11618"
+      > </a
+      ><a name="11619" class="Symbol"
+      >()</a
+      ><a name="11621"
+      >  </a
+      ><a name="11623" class="Symbol"
+      >|</a
+      ><a name="11624"
+      > </a
+      ><a name="11625" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="11627"
+      >  </a
+      ><a name="11629" class="Symbol"
+      >_</a
+      >
+</pre><!--{% endraw %}-->
+</div>
+
+Sometimes, when we have a proof $$\Gamma\vdash t : A$$, we will need to
+replace $$\Gamma$$ by a different context $$\Gamma'$$.  When is it safe
+to do this?  Intuitively, it must at least be the case that
+$$\Gamma'$$ assigns the same types as $$\Gamma$$ to all the variables
+that appear free in $$t$$. In fact, this is the only condition that
+is needed.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="12017" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="12028"
+      > </a
+      ><a name="12029" class="Symbol"
+      >:</a
+      ><a name="12030"
+      > </a
+      ><a name="12031" class="Symbol"
+      >&#8704;</a
+      ><a name="12032"
+      > </a
+      ><a name="12033" class="Symbol"
+      >{</a
+      ><a name="12034" href="StlcProp.html#12034" class="Bound"
+      >&#915;</a
+      ><a name="12035"
+      > </a
+      ><a name="12036" href="StlcProp.html#12036" class="Bound"
+      >&#915;&#8242;</a
+      ><a name="12038"
+      > </a
+      ><a name="12039" href="StlcProp.html#12039" class="Bound"
+      >t</a
+      ><a name="12040"
+      > </a
+      ><a name="12041" href="StlcProp.html#12041" class="Bound"
+      >A</a
+      ><a name="12042" class="Symbol"
+      >}</a
+      ><a name="12043"
+      >
+            </a
+      ><a name="12056" class="Symbol"
+      >&#8594;</a
+      ><a name="12057"
+      > </a
+      ><a name="12058" class="Symbol"
+      >(&#8704;</a
+      ><a name="12060"
+      > </a
+      ><a name="12061" class="Symbol"
+      >{</a
+      ><a name="12062" href="StlcProp.html#12062" class="Bound"
+      >x</a
+      ><a name="12063" class="Symbol"
+      >}</a
+      ><a name="12064"
+      > </a
+      ><a name="12065" class="Symbol"
+      >&#8594;</a
+      ><a name="12066"
+      > </a
+      ><a name="12067" href="StlcProp.html#12062" class="Bound"
+      >x</a
+      ><a name="12068"
+      > </a
+      ><a name="12069" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="12075"
+      > </a
+      ><a name="12076" href="StlcProp.html#12039" class="Bound"
+      >t</a
+      ><a name="12077"
+      > </a
+      ><a name="12078" class="Symbol"
+      >&#8594;</a
+      ><a name="12079"
+      > </a
+      ><a name="12080" href="StlcProp.html#12034" class="Bound"
+      >&#915;</a
+      ><a name="12081"
+      > </a
+      ><a name="12082" href="StlcProp.html#12062" class="Bound"
+      >x</a
+      ><a name="12083"
+      > </a
+      ><a name="12084" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="12085"
+      > </a
+      ><a name="12086" href="StlcProp.html#12036" class="Bound"
+      >&#915;&#8242;</a
+      ><a name="12088"
+      > </a
+      ><a name="12089" href="StlcProp.html#12062" class="Bound"
+      >x</a
+      ><a name="12090" class="Symbol"
+      >)</a
+      ><a name="12091"
+      >
+            </a
+      ><a name="12104" class="Symbol"
+      >&#8594;</a
+      ><a name="12105"
+      > </a
+      ><a name="12106" href="StlcProp.html#12034" class="Bound"
+      >&#915;</a
+      ><a name="12107"
+      >  </a
+      ><a name="12109" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="12110"
+      > </a
+      ><a name="12111" href="StlcProp.html#12039" class="Bound"
+      >t</a
+      ><a name="12112"
+      > </a
+      ><a name="12113" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="12114"
+      > </a
+      ><a name="12115" href="StlcProp.html#12041" class="Bound"
+      >A</a
+      ><a name="12116"
+      >
+            </a
+      ><a name="12129" class="Symbol"
+      >&#8594;</a
+      ><a name="12130"
+      > </a
+      ><a name="12131" href="StlcProp.html#12036" class="Bound"
+      >&#915;&#8242;</a
+      ><a name="12133"
+      > </a
+      ><a name="12134" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="12135"
+      > </a
+      ><a name="12136" href="StlcProp.html#12039" class="Bound"
+      >t</a
+      ><a name="12137"
+      > </a
+      ><a name="12138" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="12139"
+      > </a
+      ><a name="12140" href="StlcProp.html#12041" class="Bound"
+      >A</a
+      >
+</pre><!--{% endraw %}-->
+
+_Proof_: By induction on the derivation of
+$$\Gamma \vdash t \in T$$.
+
+  - If the last rule in the derivation was `var`, then $$t = x$$
+    and $$\Gamma x = T$$.  By assumption, $$\Gamma' x = T$$ as well, and
+    hence $$\Gamma' \vdash t : T$$ by `var`.
+
+  - If the last rule was `abs`, then $$t = \lambda y:A. t'$$, with
+    $$T = A\to B$$ and $$\Gamma, y : A \vdash t' : B$$.  The
+    induction hypothesis is that, for any context $$\Gamma''$$, if
+    $$\Gamma, y:A$$ and $$\Gamma''$$ assign the same types to all the
+    free variables in $$t'$$, then $$t'$$ has type $$B$$ under
+    $$\Gamma''$$.  Let $$\Gamma'$$ be a context which agrees with
+    $$\Gamma$$ on the free variables in $$t$$; we must show
+    $$\Gamma' \vdash \lambda y:A. t' : A\to B$$.
+
+    By $$abs$$, it suffices to show that $$\Gamma', y:A \vdash t' : t'$$.
+    By the IH (setting $$\Gamma'' = \Gamma', y:A$$), it suffices to show
+    that $$\Gamma, y:A$$ and $$\Gamma', y:A$$ agree on all the variables
+    that appear free in $$t'$$.
+
+    Any variable occurring free in $$t'$$ must be either $$y$$ or
+    some other variable.  $$\Gamma, y:A$$ and $$\Gamma', y:A$$
+    clearly agree on $$y$$.  Otherwise, note that any variable other
+    than $$y$$ that occurs free in $$t'$$ also occurs free in
+    $$t = \lambda y:A. t'$$, and by assumption $$\Gamma$$ and
+    $$\Gamma'$$ agree on all such variables; hence so do $$\Gamma, y:A$$ and
+    $$\Gamma', y:A$$.
+
+  - If the last rule was `app`, then $$t = t_1\;t_2$$, with
+    $$\Gamma \vdash t_1 : A\to T$$ and $$\Gamma \vdash t_2 : A$$.
+    One induction hypothesis states that for all contexts $$\Gamma'$$,
+    if $$\Gamma'$$ agrees with $$\Gamma$$ on the free variables in $$t_1$$,
+    then $$t_1$$ has type $$A\to T$$ under $$\Gamma'$$; there is a similar IH
+    for $$t_2$$.  We must show that $$t_1\;t_2$$ also has type $$T$$ under
+    $$\Gamma'$$, given the assumption that $$\Gamma'$$ agrees with
+    $$\Gamma$$ on all the free variables in $$t_1\;t_2$$.  By `app`, it
+    suffices to show that $$t_1$$ and $$t_2$$ each have the same type
+    under $$\Gamma'$$ as under $$\Gamma$$.  But all free variables in
+    $$t_1$$ are also free in $$t_1\;t_2$$, and similarly for $$t_2$$;
+    hence the desired result follows from the induction hypotheses.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="14445" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14456"
+      > </a
+      ><a name="14457" href="StlcProp.html#14457" class="Bound"
+      >f</a
+      ><a name="14458"
+      > </a
+      ><a name="14459" class="Symbol"
+      >(</a
+      ><a name="14460" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="14463"
+      > </a
+      ><a name="14464" href="StlcProp.html#14464" class="Bound"
+      >x</a
+      ><a name="14465"
+      > </a
+      ><a name="14466" href="StlcProp.html#14466" class="Bound"
+      >x&#8758;A</a
+      ><a name="14469" class="Symbol"
+      >)</a
+      ><a name="14470"
+      > </a
+      ><a name="14471" class="Keyword"
+      >rewrite</a
+      ><a name="14478"
+      > </a
+      ><a name="14479" href="StlcProp.html#14457" class="Bound"
+      >f</a
+      ><a name="14480"
+      > </a
+      ><a name="14481" href="StlcProp.html#7086" class="InductiveConstructor"
+      >var</a
+      ><a name="14484"
+      > </a
+      ><a name="14485" class="Symbol"
+      >=</a
+      ><a name="14486"
+      > </a
+      ><a name="14487" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="14490"
+      > </a
+      ><a name="14491" href="StlcProp.html#14464" class="Bound"
+      >x</a
+      ><a name="14492"
+      > </a
+      ><a name="14493" href="StlcProp.html#14466" class="Bound"
+      >x&#8758;A</a
+      ><a name="14496"
+      >
+</a
+      ><a name="14497" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14508"
+      > </a
+      ><a name="14509" href="StlcProp.html#14509" class="Bound"
+      >f</a
+      ><a name="14510"
+      > </a
+      ><a name="14511" class="Symbol"
+      >(</a
+      ><a name="14512" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="14515"
+      > </a
+      ><a name="14516" href="StlcProp.html#14516" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="14522"
+      > </a
+      ><a name="14523" href="StlcProp.html#14523" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="14527" class="Symbol"
+      >)</a
+      ><a name="14528"
+      >
+  </a
+      ><a name="14531" class="Symbol"
+      >=</a
+      ><a name="14532"
+      > </a
+      ><a name="14533" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="14536"
+      > </a
+      ><a name="14537" class="Symbol"
+      >(</a
+      ><a name="14538" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14549"
+      > </a
+      ><a name="14550" class="Symbol"
+      >(</a
+      ><a name="14551" href="StlcProp.html#14509" class="Bound"
+      >f</a
+      ><a name="14552"
+      > </a
+      ><a name="14553" href="https://agda.github.io/agda-stdlib/Function.html#713" class="Function Operator"
+      >&#8728;</a
+      ><a name="14554"
+      > </a
+      ><a name="14555" href="StlcProp.html#7171" class="InductiveConstructor"
+      >app1</a
+      ><a name="14559" class="Symbol"
+      >)</a
+      ><a name="14560"
+      > </a
+      ><a name="14561" href="StlcProp.html#14516" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="14567" class="Symbol"
+      >)</a
+      ><a name="14568"
+      > </a
+      ><a name="14569" class="Symbol"
+      >(</a
+      ><a name="14570" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14581"
+      > </a
+      ><a name="14582" class="Symbol"
+      >(</a
+      ><a name="14583" href="StlcProp.html#14509" class="Bound"
+      >f</a
+      ><a name="14584"
+      > </a
+      ><a name="14585" href="https://agda.github.io/agda-stdlib/Function.html#713" class="Function Operator"
+      >&#8728;</a
+      ><a name="14586"
+      > </a
+      ><a name="14587" href="StlcProp.html#7225" class="InductiveConstructor"
+      >app2</a
+      ><a name="14591" class="Symbol"
+      >)</a
+      ><a name="14592"
+      > </a
+      ><a name="14593" href="StlcProp.html#14523" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="14597" class="Symbol"
+      >)</a
+      ><a name="14598"
+      >
+</a
+      ><a name="14599" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14610"
+      > </a
+      ><a name="14611" class="Symbol"
+      >{</a
+      ><a name="14612" href="StlcProp.html#14612" class="Bound"
+      >&#915;</a
+      ><a name="14613" class="Symbol"
+      >}</a
+      ><a name="14614"
+      > </a
+      ><a name="14615" class="Symbol"
+      >{</a
+      ><a name="14616" href="StlcProp.html#14616" class="Bound"
+      >&#915;&#8242;</a
+      ><a name="14618" class="Symbol"
+      >}</a
+      ><a name="14619"
+      > </a
+      ><a name="14620" href="StlcProp.html#14620" class="Bound"
+      >f</a
+      ><a name="14621"
+      > </a
+      ><a name="14622" class="Symbol"
+      >(</a
+      ><a name="14623" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="14626"
+      > </a
+      ><a name="14627" class="Symbol"
+      >{</a
+      ><a name="14628" class="DottedPattern Symbol"
+      >.</a
+      ><a name="14629" href="StlcProp.html#14612" class="DottedPattern Bound"
+      >&#915;</a
+      ><a name="14630" class="Symbol"
+      >}</a
+      ><a name="14631"
+      > </a
+      ><a name="14632" class="Symbol"
+      >{</a
+      ><a name="14633" href="StlcProp.html#14633" class="Bound"
+      >x</a
+      ><a name="14634" class="Symbol"
+      >}</a
+      ><a name="14635"
+      > </a
+      ><a name="14636" class="Symbol"
+      >{</a
+      ><a name="14637" href="StlcProp.html#14637" class="Bound"
+      >A</a
+      ><a name="14638" class="Symbol"
+      >}</a
+      ><a name="14639"
+      > </a
+      ><a name="14640" class="Symbol"
+      >{</a
+      ><a name="14641" href="StlcProp.html#14641" class="Bound"
+      >B</a
+      ><a name="14642" class="Symbol"
+      >}</a
+      ><a name="14643"
+      > </a
+      ><a name="14644" class="Symbol"
+      >{</a
+      ><a name="14645" href="StlcProp.html#14645" class="Bound"
+      >t&#8242;</a
+      ><a name="14647" class="Symbol"
+      >}</a
+      ><a name="14648"
+      > </a
+      ><a name="14649" href="StlcProp.html#14649" class="Bound"
+      >t&#8242;&#8758;B</a
+      ><a name="14653" class="Symbol"
+      >)</a
+      ><a name="14654"
+      >
+  </a
+      ><a name="14657" class="Symbol"
+      >=</a
+      ><a name="14658"
+      > </a
+      ><a name="14659" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="14662"
+      > </a
+      ><a name="14663" class="Symbol"
+      >(</a
+      ><a name="14664" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14675"
+      > </a
+      ><a name="14676" href="StlcProp.html#14697" class="Function"
+      >f&#8242;</a
+      ><a name="14678"
+      > </a
+      ><a name="14679" href="StlcProp.html#14649" class="Bound"
+      >t&#8242;&#8758;B</a
+      ><a name="14683" class="Symbol"
+      >)</a
+      ><a name="14684"
+      >
+  </a
+      ><a name="14687" class="Keyword"
+      >where</a
+      ><a name="14692"
+      >
+    </a
+      ><a name="14697" href="StlcProp.html#14697" class="Function"
+      >f&#8242;</a
+      ><a name="14699"
+      > </a
+      ><a name="14700" class="Symbol"
+      >:</a
+      ><a name="14701"
+      > </a
+      ><a name="14702" class="Symbol"
+      >&#8704;</a
+      ><a name="14703"
+      > </a
+      ><a name="14704" class="Symbol"
+      >{</a
+      ><a name="14705" href="StlcProp.html#14705" class="Bound"
+      >y</a
+      ><a name="14706" class="Symbol"
+      >}</a
+      ><a name="14707"
+      > </a
+      ><a name="14708" class="Symbol"
+      >&#8594;</a
+      ><a name="14709"
+      > </a
+      ><a name="14710" href="StlcProp.html#14705" class="Bound"
+      >y</a
+      ><a name="14711"
+      > </a
+      ><a name="14712" href="StlcProp.html#7047" class="Datatype Operator"
+      >FreeIn</a
+      ><a name="14718"
+      > </a
+      ><a name="14719" href="StlcProp.html#14645" class="Bound"
+      >t&#8242;</a
+      ><a name="14721"
+      > </a
+      ><a name="14722" class="Symbol"
+      >&#8594;</a
+      ><a name="14723"
+      > </a
+      ><a name="14724" class="Symbol"
+      >(</a
+      ><a name="14725" href="StlcProp.html#14612" class="Bound"
+      >&#915;</a
+      ><a name="14726"
+      > </a
+      ><a name="14727" href="Stlc.html#18330" class="Function Operator"
+      >,</a
+      ><a name="14728"
+      > </a
+      ><a name="14729" href="StlcProp.html#14633" class="Bound"
+      >x</a
+      ><a name="14730"
+      > </a
+      ><a name="14731" href="Stlc.html#18330" class="Function Operator"
+      >&#8758;</a
+      ><a name="14732"
+      > </a
+      ><a name="14733" href="StlcProp.html#14637" class="Bound"
+      >A</a
+      ><a name="14734" class="Symbol"
+      >)</a
+      ><a name="14735"
+      > </a
+      ><a name="14736" href="StlcProp.html#14705" class="Bound"
+      >y</a
+      ><a name="14737"
+      > </a
+      ><a name="14738" href="Agda.Builtin.Equality.html#55" class="Datatype Operator"
+      >&#8801;</a
+      ><a name="14739"
+      > </a
+      ><a name="14740" class="Symbol"
+      >(</a
+      ><a name="14741" href="StlcProp.html#14616" class="Bound"
+      >&#915;&#8242;</a
+      ><a name="14743"
+      > </a
+      ><a name="14744" href="Stlc.html#18330" class="Function Operator"
+      >,</a
+      ><a name="14745"
+      > </a
+      ><a name="14746" href="StlcProp.html#14633" class="Bound"
+      >x</a
+      ><a name="14747"
+      > </a
+      ><a name="14748" href="Stlc.html#18330" class="Function Operator"
+      >&#8758;</a
+      ><a name="14749"
+      > </a
+      ><a name="14750" href="StlcProp.html#14637" class="Bound"
+      >A</a
+      ><a name="14751" class="Symbol"
+      >)</a
+      ><a name="14752"
+      > </a
+      ><a name="14753" href="StlcProp.html#14705" class="Bound"
+      >y</a
+      ><a name="14754"
+      >
+    </a
+      ><a name="14759" href="StlcProp.html#14697" class="Function"
+      >f&#8242;</a
+      ><a name="14761"
+      > </a
+      ><a name="14762" class="Symbol"
+      >{</a
+      ><a name="14763" href="StlcProp.html#14763" class="Bound"
+      >y</a
+      ><a name="14764" class="Symbol"
+      >}</a
+      ><a name="14765"
+      > </a
+      ><a name="14766" href="StlcProp.html#14766" class="Bound"
+      >y&#8712;t&#8242;</a
+      ><a name="14770"
+      > </a
+      ><a name="14771" class="Keyword"
+      >with</a
+      ><a name="14775"
+      > </a
+      ><a name="14776" href="StlcProp.html#14633" class="Bound"
+      >x</a
+      ><a name="14777"
+      > </a
+      ><a name="14778" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="14779"
+      > </a
+      ><a name="14780" href="StlcProp.html#14763" class="Bound"
+      >y</a
+      ><a name="14781"
+      >
+    </a
+      ><a name="14786" class="Symbol"
+      >...</a
+      ><a name="14789"
+      > </a
+      ><a name="14790" class="Symbol"
+      >|</a
+      ><a name="14791"
+      > </a
+      ><a name="14792" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="14795"
+      > </a
+      ><a name="14796" class="Symbol"
+      >_</a
+      ><a name="14797"
+      >   </a
+      ><a name="14800" class="Symbol"
+      >=</a
+      ><a name="14801"
+      > </a
+      ><a name="14802" href="Agda.Builtin.Equality.html#112" class="InductiveConstructor"
+      >refl</a
+      ><a name="14806"
+      >
+    </a
+      ><a name="14811" class="Symbol"
+      >...</a
+      ><a name="14814"
+      > </a
+      ><a name="14815" class="Symbol"
+      >|</a
+      ><a name="14816"
+      > </a
+      ><a name="14817" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="14819"
+      >  </a
+      ><a name="14821" href="StlcProp.html#14821" class="Bound"
+      >x&#8800;y</a
+      ><a name="14824"
+      > </a
+      ><a name="14825" class="Symbol"
+      >=</a
+      ><a name="14826"
+      > </a
+      ><a name="14827" href="StlcProp.html#14620" class="Bound"
+      >f</a
+      ><a name="14828"
+      > </a
+      ><a name="14829" class="Symbol"
+      >(</a
+      ><a name="14830" href="StlcProp.html#7110" class="InductiveConstructor"
+      >abs</a
+      ><a name="14833"
+      > </a
+      ><a name="14834" href="StlcProp.html#14821" class="Bound"
+      >x&#8800;y</a
+      ><a name="14837"
+      > </a
+      ><a name="14838" href="StlcProp.html#14766" class="Bound"
+      >y&#8712;t&#8242;</a
+      ><a name="14842" class="Symbol"
+      >)</a
+      ><a name="14843"
+      >
+</a
+      ><a name="14844" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14855"
+      > </a
+      ><a name="14856" class="Symbol"
+      >_</a
+      ><a name="14857"
+      > </a
+      ><a name="14858" href="Stlc.html#19618" class="InductiveConstructor"
+      >true</a
+      ><a name="14862"
+      >  </a
+      ><a name="14864" class="Symbol"
+      >=</a
+      ><a name="14865"
+      > </a
+      ><a name="14866" href="Stlc.html#19618" class="InductiveConstructor"
+      >true</a
+      ><a name="14870"
+      >
+</a
+      ><a name="14871" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14882"
+      > </a
+      ><a name="14883" class="Symbol"
+      >_</a
+      ><a name="14884"
+      > </a
+      ><a name="14885" href="Stlc.html#19677" class="InductiveConstructor"
+      >false</a
+      ><a name="14890"
+      > </a
+      ><a name="14891" class="Symbol"
+      >=</a
+      ><a name="14892"
+      > </a
+      ><a name="14893" href="Stlc.html#19677" class="InductiveConstructor"
+      >false</a
+      ><a name="14898"
+      >
+</a
+      ><a name="14899" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14910"
+      > </a
+      ><a name="14911" href="StlcProp.html#14911" class="Bound"
+      >f</a
+      ><a name="14912"
+      > </a
+      ><a name="14913" class="Symbol"
+      >(</a
+      ><a name="14914" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="14916"
+      > </a
+      ><a name="14917" href="StlcProp.html#14917" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="14924"
+      > </a
+      ><a name="14925" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="14929"
+      > </a
+      ><a name="14930" href="StlcProp.html#14930" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="14934"
+      > </a
+      ><a name="14935" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="14939"
+      > </a
+      ><a name="14940" href="StlcProp.html#14940" class="Bound"
+      >t&#8323;&#8758;A</a
+      ><a name="14944" class="Symbol"
+      >)</a
+      ><a name="14945"
+      >
+  </a
+      ><a name="14948" class="Symbol"
+      >=</a
+      ><a name="14949"
+      > </a
+      ><a name="14950" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="14952"
+      >   </a
+      ><a name="14955" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="14966"
+      > </a
+      ><a name="14967" class="Symbol"
+      >(</a
+      ><a name="14968" href="StlcProp.html#14911" class="Bound"
+      >f</a
+      ><a name="14969"
+      > </a
+      ><a name="14970" href="https://agda.github.io/agda-stdlib/Function.html#713" class="Function Operator"
+      >&#8728;</a
+      ><a name="14971"
+      > </a
+      ><a name="14972" href="StlcProp.html#7279" class="InductiveConstructor"
+      >if1</a
+      ><a name="14975" class="Symbol"
+      >)</a
+      ><a name="14976"
+      > </a
+      ><a name="14977" href="StlcProp.html#14917" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="14984"
+      >
+    </a
+      ><a name="14989" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="14993"
+      > </a
+      ><a name="14994" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="15005"
+      > </a
+      ><a name="15006" class="Symbol"
+      >(</a
+      ><a name="15007" href="StlcProp.html#14911" class="Bound"
+      >f</a
+      ><a name="15008"
+      > </a
+      ><a name="15009" href="https://agda.github.io/agda-stdlib/Function.html#713" class="Function Operator"
+      >&#8728;</a
+      ><a name="15010"
+      > </a
+      ><a name="15011" href="StlcProp.html#7350" class="InductiveConstructor"
+      >if2</a
+      ><a name="15014" class="Symbol"
+      >)</a
+      ><a name="15015"
+      > </a
+      ><a name="15016" href="StlcProp.html#14930" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="15020"
+      >
+    </a
+      ><a name="15025" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="15029"
+      > </a
+      ><a name="15030" href="StlcProp.html#12017" class="Function"
+      >replaceCtxt</a
+      ><a name="15041"
+      > </a
+      ><a name="15042" class="Symbol"
+      >(</a
+      ><a name="15043" href="StlcProp.html#14911" class="Bound"
+      >f</a
+      ><a name="15044"
+      > </a
+      ><a name="15045" href="https://agda.github.io/agda-stdlib/Function.html#713" class="Function Operator"
+      >&#8728;</a
+      ><a name="15046"
+      > </a
+      ><a name="15047" href="StlcProp.html#7421" class="InductiveConstructor"
+      >if3</a
+      ><a name="15050" class="Symbol"
+      >)</a
+      ><a name="15051"
+      > </a
+      ><a name="15052" href="StlcProp.html#14940" class="Bound"
+      >t&#8323;&#8758;A</a
+      >
+</pre><!--{% endraw %}-->
+
+Now we come to the conceptual heart of the proof that reduction
+preserves types -- namely, the observation that _substitution_
+preserves types.
+
+Formally, the so-called _Substitution Lemma_ says this: Suppose we
+have a term $$t$$ with a free variable $$x$$, and suppose we've been
+able to assign a type $$T$$ to $$t$$ under the assumption that $$x$$ has
+some type $$U$$.  Also, suppose that we have some other term $$v$$ and
+that we've shown that $$v$$ has type $$U$$.  Then, since $$v$$ satisfies
+the assumption we made about $$x$$ when typing $$t$$, we should be
+able to substitute $$v$$ for each of the occurrences of $$x$$ in $$t$$
+and obtain a new term that still has type $$T$$.
+
+_Lemma_: If $$\Gamma,x:U \vdash t : T$$ and $$\vdash v : U$$, then
+$$\Gamma \vdash [x:=v]t : T$$.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="15867" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="15883"
+      > </a
+      ><a name="15884" class="Symbol"
+      >:</a
+      ><a name="15885"
+      > </a
+      ><a name="15886" class="Symbol"
+      >&#8704;</a
+      ><a name="15887"
+      > </a
+      ><a name="15888" class="Symbol"
+      >{</a
+      ><a name="15889" href="StlcProp.html#15889" class="Bound"
+      >&#915;</a
+      ><a name="15890"
+      > </a
+      ><a name="15891" href="StlcProp.html#15891" class="Bound"
+      >x</a
+      ><a name="15892"
+      > </a
+      ><a name="15893" href="StlcProp.html#15893" class="Bound"
+      >A</a
+      ><a name="15894"
+      > </a
+      ><a name="15895" href="StlcProp.html#15895" class="Bound"
+      >t</a
+      ><a name="15896"
+      > </a
+      ><a name="15897" href="StlcProp.html#15897" class="Bound"
+      >v</a
+      ><a name="15898"
+      > </a
+      ><a name="15899" href="StlcProp.html#15899" class="Bound"
+      >B</a
+      ><a name="15900" class="Symbol"
+      >}</a
+      ><a name="15901"
+      >
+                 </a
+      ><a name="15919" class="Symbol"
+      >&#8594;</a
+      ><a name="15920"
+      > </a
+      ><a name="15921" href="Stlc.html#18299" class="Function"
+      >&#8709;</a
+      ><a name="15922"
+      > </a
+      ><a name="15923" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="15924"
+      > </a
+      ><a name="15925" href="StlcProp.html#15897" class="Bound"
+      >v</a
+      ><a name="15926"
+      > </a
+      ><a name="15927" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="15928"
+      > </a
+      ><a name="15929" href="StlcProp.html#15893" class="Bound"
+      >A</a
+      ><a name="15930"
+      >
+                 </a
+      ><a name="15948" class="Symbol"
+      >&#8594;</a
+      ><a name="15949"
+      > </a
+      ><a name="15950" href="StlcProp.html#15889" class="Bound"
+      >&#915;</a
+      ><a name="15951"
+      > </a
+      ><a name="15952" href="Stlc.html#18330" class="Function Operator"
+      >,</a
+      ><a name="15953"
+      > </a
+      ><a name="15954" href="StlcProp.html#15891" class="Bound"
+      >x</a
+      ><a name="15955"
+      > </a
+      ><a name="15956" href="Stlc.html#18330" class="Function Operator"
+      >&#8758;</a
+      ><a name="15957"
+      > </a
+      ><a name="15958" href="StlcProp.html#15893" class="Bound"
+      >A</a
+      ><a name="15959"
+      > </a
+      ><a name="15960" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="15961"
+      > </a
+      ><a name="15962" href="StlcProp.html#15895" class="Bound"
+      >t</a
+      ><a name="15963"
+      > </a
+      ><a name="15964" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="15965"
+      > </a
+      ><a name="15966" href="StlcProp.html#15899" class="Bound"
+      >B</a
+      ><a name="15967"
+      >
+                 </a
+      ><a name="15985" class="Symbol"
+      >&#8594;</a
+      ><a name="15986"
+      > </a
+      ><a name="15987" href="StlcProp.html#15889" class="Bound"
+      >&#915;</a
+      ><a name="15988"
+      > </a
+      ><a name="15989" href="Stlc.html#18330" class="Function Operator"
+      >,</a
+      ><a name="15990"
+      > </a
+      ><a name="15991" href="StlcProp.html#15891" class="Bound"
+      >x</a
+      ><a name="15992"
+      > </a
+      ><a name="15993" href="Stlc.html#18330" class="Function Operator"
+      >&#8758;</a
+      ><a name="15994"
+      > </a
+      ><a name="15995" href="StlcProp.html#15893" class="Bound"
+      >A</a
+      ><a name="15996"
+      > </a
+      ><a name="15997" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8866;</a
+      ><a name="15998"
+      > </a
+      ><a name="15999" href="Stlc.html#12300" class="Function Operator"
+      >[</a
+      ><a name="16000"
+      > </a
+      ><a name="16001" href="StlcProp.html#15891" class="Bound"
+      >x</a
+      ><a name="16002"
+      > </a
+      ><a name="16003" href="Stlc.html#12300" class="Function Operator"
+      >:=</a
+      ><a name="16005"
+      > </a
+      ><a name="16006" href="StlcProp.html#15897" class="Bound"
+      >v</a
+      ><a name="16007"
+      > </a
+      ><a name="16008" href="Stlc.html#12300" class="Function Operator"
+      >]</a
+      ><a name="16009"
+      > </a
+      ><a name="16010" href="StlcProp.html#15895" class="Bound"
+      >t</a
+      ><a name="16011"
+      > </a
+      ><a name="16012" href="Stlc.html#19231" class="Datatype Operator"
+      >&#8758;</a
+      ><a name="16013"
+      > </a
+      ><a name="16014" href="StlcProp.html#15899" class="Bound"
+      >B</a
+      >
+</pre><!--{% endraw %}-->
+
+One technical subtlety in the statement of the lemma is that
+we assign $$v$$ the type $$U$$ in the _empty_ context -- in other
+words, we assume $$v$$ is closed.  This assumption considerably
+simplifies the $$abs$$ case of the proof (compared to assuming
+$$\Gamma \vdash v : U$$, which would be the other reasonable assumption
+at this point) because the context invariance lemma then tells us
+that $$v$$ has type $$U$$ in any context at all -- we don't have to
+worry about free variables in $$v$$ clashing with the variable being
+introduced into the context by $$abs$$.
+
+The substitution lemma can be viewed as a kind of "commutation"
+property.  Intuitively, it says that substitution and typing can
+be done in either order: we can either assign types to the terms
+$$t$$ and $$v$$ separately (under suitable contexts) and then combine
+them using substitution, or we can substitute first and then
+assign a type to $$ $$x:=v$$ t $$ -- the result is the same either
+way.
+
+_Proof_: We show, by induction on $$t$$, that for all $$T$$ and
+$$\Gamma$$, if $$\Gamma,x:U \vdash t : T$$ and $$\vdash v : U$$, then $$\Gamma
+\vdash $$x:=v$$t : T$$.
+
+  - If $$t$$ is a variable there are two cases to consider,
+    depending on whether $$t$$ is $$x$$ or some other variable.
+
+      - If $$t = x$$, then from the fact that $$\Gamma, x:U \vdash x :
+        T$$ we conclude that $$U = T$$.  We must show that $$$$x:=v$$x =
+        v$$ has type $$T$$ under $$\Gamma$$, given the assumption that
+        $$v$$ has type $$U = T$$ under the empty context.  This
+        follows from context invariance: if a closed term has type
+        $$T$$ in the empty context, it has that type in any context.
+
+      - If $$t$$ is some variable $$y$$ that is not equal to $$x$$, then
+        we need only note that $$y$$ has the same type under $$\Gamma,
+        x:U$$ as under $$\Gamma$$.
+
+  - If $$t$$ is an abstraction $$\lambda y:T_11. t_12$$, then the IH tells us,
+    for all $$\Gamma'$$ and $$T'$$, that if $$\Gamma',x:U \vdash t_12 : T'$$
+    and $$\vdash v : U$$, then $$\Gamma' \vdash $$x:=v$$t_12 : T'$$.
+
+    The substitution in the conclusion behaves differently
+    depending on whether $$x$$ and $$y$$ are the same variable.
+
+    First, suppose $$x = y$$.  Then, by the definition of
+    substitution, $$[x:=v]t = t$$, so we just need to show $$\Gamma \vdash
+    t : T$$.  But we know $$\Gamma,x:U \vdash t : T$$, and, since $$y$$
+    does not appear free in $$\lambda y:T_11. t_12$$, the context invariance
+    lemma yields $$\Gamma \vdash t : T$$.
+
+    Second, suppose $$x <> y$$.  We know $$\Gamma,x:U,y:T_11 \vdash t_12 :
+    T_12$$ by inversion of the typing relation, from which
+    $$\Gamma,y:T_11,x:U \vdash t_12 : T_12$$ follows by the context
+    invariance lemma, so the IH applies, giving us $$\Gamma,y:T_11 \vdash
+    $$x:=v$$t_12 : T_12$$.  By $$abs$$, $$\Gamma \vdash \lambda y:T_11. $$x:=v$$t_12
+    : T_11→T_12$$, and by the definition of substitution (noting
+    that $$x <> y$$), $$\Gamma \vdash \lambda y:T_11. $$x:=v$$t_12 : T_11→T_12$$ as
+    required.
+
+  - If $$t$$ is an application $$t_1 t_2$$, the result follows
+    straightforwardly from the definition of substitution and the
+    induction hypotheses.
+
+  - The remaining cases are similar to the application case.
+
+One more technical note: This proof is a rare case where an
+induction on terms, rather than typing derivations, yields a
+simpler argument.  The reason for this is that the assumption
+$$update Gamma x U \vdash t : T$$ is not completely generic, in the
+sense that one of the "slots" in the typing relation -- namely the
+context -- is not just a variable, and this means that Agda's
+native induction tactic does not give us the induction hypothesis
+that we want.  It is possible to work around this, but the needed
+generalization is a little tricky.  The term $$t$$, on the other
+hand, _is_ completely generic.
+
+<!--{% raw %}--><pre class="Agda">
+<a name="19925" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="19941"
+      > </a
+      ><a name="19942" class="Symbol"
+      >{</a
+      ><a name="19943" href="StlcProp.html#19943" class="Bound"
+      >&#915;</a
+      ><a name="19944" class="Symbol"
+      >}</a
+      ><a name="19945"
+      > </a
+      ><a name="19946" class="Symbol"
+      >{</a
+      ><a name="19947" href="StlcProp.html#19947" class="Bound"
+      >x</a
+      ><a name="19948" class="Symbol"
+      >}</a
+      ><a name="19949"
+      > </a
+      ><a name="19950" href="StlcProp.html#19950" class="Bound"
+      >v&#8758;A</a
+      ><a name="19953"
+      > </a
+      ><a name="19954" class="Symbol"
+      >(</a
+      ><a name="19955" href="Stlc.html#19275" class="InductiveConstructor"
+      >var</a
+      ><a name="19958"
+      > </a
+      ><a name="19959" href="StlcProp.html#19959" class="Bound"
+      >y</a
+      ><a name="19960"
+      > </a
+      ><a name="19961" href="StlcProp.html#19961" class="Bound"
+      >y&#8712;&#915;</a
+      ><a name="19964" class="Symbol"
+      >)</a
+      ><a name="19965"
+      > </a
+      ><a name="19966" class="Keyword"
+      >with</a
+      ><a name="19970"
+      > </a
+      ><a name="19971" href="StlcProp.html#19947" class="Bound"
+      >x</a
+      ><a name="19972"
+      > </a
+      ><a name="19973" href="Maps.html#2454" class="Function Operator"
+      >&#8799;</a
+      ><a name="19974"
+      > </a
+      ><a name="19975" href="StlcProp.html#19959" class="Bound"
+      >y</a
+      ><a name="19976"
+      >
+</a
+      ><a name="19977" class="Symbol"
+      >...</a
+      ><a name="19980"
+      > </a
+      ><a name="19981" class="Symbol"
+      >|</a
+      ><a name="19982"
+      > </a
+      ><a name="19983" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#520" class="InductiveConstructor"
+      >yes</a
+      ><a name="19986"
+      > </a
+      ><a name="19987" href="StlcProp.html#19987" class="Bound"
+      >x=y</a
+      ><a name="19990"
+      > </a
+      ><a name="19991" class="Symbol"
+      >=</a
+      ><a name="19992"
+      > </a
+      ><a name="19993" class="Symbol"
+      >{!!}</a
+      ><a name="19997"
+      >
+</a
+      ><a name="19998" class="Symbol"
+      >...</a
+      ><a name="20001"
+      > </a
+      ><a name="20002" class="Symbol"
+      >|</a
+      ><a name="20003"
+      > </a
+      ><a name="20004" href="https://agda.github.io/agda-stdlib/Relation.Nullary.html#547" class="InductiveConstructor"
+      >no</a
+      ><a name="20006"
+      >  </a
+      ><a name="20008" href="StlcProp.html#20008" class="Bound"
+      >x&#8800;y</a
+      ><a name="20011"
+      > </a
+      ><a name="20012" class="Symbol"
+      >=</a
+      ><a name="20013"
+      > </a
+      ><a name="20014" class="Symbol"
+      >{!!}</a
+      ><a name="20018"
+      >
+</a
+      ><a name="20019" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20035"
+      > </a
+      ><a name="20036" href="StlcProp.html#20036" class="Bound"
+      >v&#8758;A</a
+      ><a name="20039"
+      > </a
+      ><a name="20040" class="Symbol"
+      >(</a
+      ><a name="20041" href="Stlc.html#19368" class="InductiveConstructor"
+      >abs</a
+      ><a name="20044"
+      > </a
+      ><a name="20045" href="StlcProp.html#20045" class="Bound"
+      >t&#8242;&#8758;B</a
+      ><a name="20049" class="Symbol"
+      >)</a
+      ><a name="20050"
+      > </a
+      ><a name="20051" class="Symbol"
+      >=</a
+      ><a name="20052"
+      > </a
+      ><a name="20053" class="Symbol"
+      >{!!}</a
+      ><a name="20057"
+      >
+</a
+      ><a name="20058" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20074"
+      > </a
+      ><a name="20075" href="StlcProp.html#20075" class="Bound"
+      >v&#8758;A</a
+      ><a name="20078"
+      > </a
+      ><a name="20079" class="Symbol"
+      >(</a
+      ><a name="20080" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="20083"
+      > </a
+      ><a name="20084" href="StlcProp.html#20084" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="20090"
+      > </a
+      ><a name="20091" href="StlcProp.html#20091" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="20095" class="Symbol"
+      >)</a
+      ><a name="20096"
+      > </a
+      ><a name="20097" class="Symbol"
+      >=</a
+      ><a name="20098"
+      >
+  </a
+      ><a name="20101" href="Stlc.html#19484" class="InductiveConstructor"
+      >app</a
+      ><a name="20104"
+      > </a
+      ><a name="20105" class="Symbol"
+      >(</a
+      ><a name="20106" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20122"
+      > </a
+      ><a name="20123" href="StlcProp.html#20075" class="Bound"
+      >v&#8758;A</a
+      ><a name="20126"
+      > </a
+      ><a name="20127" href="StlcProp.html#20084" class="Bound"
+      >t&#8321;&#8758;A&#8658;B</a
+      ><a name="20133" class="Symbol"
+      >)</a
+      ><a name="20134"
+      > </a
+      ><a name="20135" class="Symbol"
+      >(</a
+      ><a name="20136" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20152"
+      > </a
+      ><a name="20153" href="StlcProp.html#20075" class="Bound"
+      >v&#8758;A</a
+      ><a name="20156"
+      > </a
+      ><a name="20157" href="StlcProp.html#20091" class="Bound"
+      >t&#8322;&#8758;A</a
+      ><a name="20161" class="Symbol"
+      >)</a
+      ><a name="20162"
+      >
+</a
+      ><a name="20163" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20179"
+      > </a
+      ><a name="20180" href="StlcProp.html#20180" class="Bound"
+      >v&#8758;A</a
+      ><a name="20183"
+      > </a
+      ><a name="20184" href="Stlc.html#19618" class="InductiveConstructor"
+      >true</a
+      ><a name="20188"
+      >  </a
+      ><a name="20190" class="Symbol"
+      >=</a
+      ><a name="20191"
+      > </a
+      ><a name="20192" href="Stlc.html#19618" class="InductiveConstructor"
+      >true</a
+      ><a name="20196"
+      >
+</a
+      ><a name="20197" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20213"
+      > </a
+      ><a name="20214" href="StlcProp.html#20214" class="Bound"
+      >v&#8758;A</a
+      ><a name="20217"
+      > </a
+      ><a name="20218" href="Stlc.html#19677" class="InductiveConstructor"
+      >false</a
+      ><a name="20223"
+      > </a
+      ><a name="20224" class="Symbol"
+      >=</a
+      ><a name="20225"
+      > </a
+      ><a name="20226" href="Stlc.html#19677" class="InductiveConstructor"
+      >false</a
+      ><a name="20231"
+      >
+</a
+      ><a name="20232" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20248"
+      > </a
+      ><a name="20249" href="StlcProp.html#20249" class="Bound"
+      >v&#8758;A</a
+      ><a name="20252"
+      > </a
+      ><a name="20253" class="Symbol"
+      >(</a
+      ><a name="20254" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="20256"
+      > </a
+      ><a name="20257" href="StlcProp.html#20257" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="20264"
+      > </a
+      ><a name="20265" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="20269"
+      > </a
+      ><a name="20270" href="StlcProp.html#20270" class="Bound"
+      >t&#8322;&#8758;B</a
+      ><a name="20274"
+      > </a
+      ><a name="20275" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="20279"
+      > </a
+      ><a name="20280" href="StlcProp.html#20280" class="Bound"
+      >t&#8323;&#8758;B</a
+      ><a name="20284" class="Symbol"
+      >)</a
+      ><a name="20285"
+      > </a
+      ><a name="20286" class="Symbol"
+      >=</a
+      ><a name="20287"
+      >
+  </a
+      ><a name="20290" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >if</a
+      ><a name="20292"
+      >   </a
+      ><a name="20295" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20311"
+      > </a
+      ><a name="20312" href="StlcProp.html#20249" class="Bound"
+      >v&#8758;A</a
+      ><a name="20315"
+      > </a
+      ><a name="20316" href="StlcProp.html#20257" class="Bound"
+      >t&#8321;&#8758;bool</a
+      ><a name="20323"
+      >
+  </a
+      ><a name="20326" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >then</a
+      ><a name="20330"
+      > </a
+      ><a name="20331" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20347"
+      > </a
+      ><a name="20348" href="StlcProp.html#20249" class="Bound"
+      >v&#8758;A</a
+      ><a name="20351"
+      > </a
+      ><a name="20352" href="StlcProp.html#20270" class="Bound"
+      >t&#8322;&#8758;B</a
+      ><a name="20356"
+      >
+  </a
+      ><a name="20359" href="Stlc.html#19736" class="InductiveConstructor Operator"
+      >else</a
+      ><a name="20363"
+      > </a
+      ><a name="20364" href="StlcProp.html#15867" class="Function"
+      >[:=]-preserves-&#8866;</a
+      ><a name="20380"
+      > </a
+      ><a name="20381" href="StlcProp.html#20249" class="Bound"
+      >v&#8758;A</a
+      ><a name="20384"
+      > </a
+      ><a name="20385" href="StlcProp.html#20280" class="Bound"
+      >t&#8323;&#8758;B</a
+      >
+</pre><!--{% endraw %}-->
+
+
+### Main Theorem
+
+We now have the tools we need to prove preservation: if a closed
+term $$t$$ has type $$T$$ and takes a step to $$t'$$, then $$t'$$
+is also a closed term with type $$T$$.  In other words, the small-step
+reduction relation preserves types.
+
+Theorem preservation : forall t t' T,
+     empty \vdash t : T  →
+     t ==> t'  →
+     empty \vdash t' : T.
+
+_Proof_: By induction on the derivation of $$\vdash t : T$$.
+
+- We can immediately rule out $$var$$, $$abs$$, $$T_True$$, and
+  $$T_False$$ as the final rules in the derivation, since in each of
+  these cases $$t$$ cannot take a step.
+
+- If the last rule in the derivation was $$app$$, then $$t = t_1
+  t_2$$.  There are three cases to consider, one for each rule that
+  could have been used to show that $$t_1 t_2$$ takes a step to $$t'$$.
+
+    - If $$t_1 t_2$$ takes a step by $$Sapp1$$, with $$t_1$$ stepping to
+      $$t_1'$$, then by the IH $$t_1'$$ has the same type as $$t_1$$, and
+      hence $$t_1' t_2$$ has the same type as $$t_1 t_2$$.
+
+    - The $$Sapp2$$ case is similar.
+
+    - If $$t_1 t_2$$ takes a step by $$Sred$$, then $$t_1 =
+      \lambda x:T_11.t_12$$ and $$t_1 t_2$$ steps to $$$$x:=t_2$$t_12$$; the
+      desired result now follows from the fact that substitution
+      preserves types.
+
+    - If the last rule in the derivation was $$if$$, then $$t = if t_1
+      then t_2 else t_3$$, and there are again three cases depending on
+      how $$t$$ steps.
+
+    - If $$t$$ steps to $$t_2$$ or $$t_3$$, the result is immediate, since
+      $$t_2$$ and $$t_3$$ have the same type as $$t$$.
+
+    - Otherwise, $$t$$ steps by $$Sif$$, and the desired conclusion
+      follows directly from the induction hypothesis.
+
+Proof with eauto.
+  remember (@empty ty) as Gamma.
+  intros t t' T HT. generalize dependent t'.
+  induction HT;
+       intros t' HE; subst Gamma; subst;
+       try solve $$inversion HE; subst; auto$$.
+  - (* app
+    inversion HE; subst...
+    (* Most of the cases are immediate by induction,
+       and $$eauto$$ takes care of them
+    + (* Sred
+      apply substitution_preserves_typing with T_11...
+      inversion HT_1...
+Qed.
+
+#### Exercise: 2 stars, recommended (subject_expansion_stlc)
+An exercise in the $$Stlc$$$$sf/Stlc.html$$ chapter asked about the subject
+expansion property for the simple language of arithmetic and
+boolean expressions.  Does this property hold for STLC?  That is,
+is it always the case that, if $$t ==> t'$$ and $$has_type t' T$$,
+then $$empty \vdash t : T$$?  If so, prove it.  If not, give a
+counter-example not involving conditionals.
+
+(* FILL IN HERE
+
+## Type Soundness
+
+#### Exercise: 2 stars, optional (type_soundness)
+Put progress and preservation together and show that a well-typed
+term can _never_ reach a stuck state.
+
+Definition stuck (t:tm) : Prop :=
+  (normal_form step) t /\ ~ value t.
+
+Corollary soundness : forall t t' T,
+  empty \vdash t : T →
+  t ==>* t' →
+  ~(stuck t').
+Proof.
+  intros t t' T Hhas_type Hmulti. unfold stuck.
+  intros $$Hnf Hnot_val$$. unfold normal_form in Hnf.
+  induction Hmulti.
+  (* FILL IN HERE  Admitted.
+(** $$$$
+
+
+## Uniqueness of Types
+
+#### Exercise: 3 stars (types_unique)
+Another nice property of the STLC is that types are unique: a
+given term (in a given context) has at most one type.
+Formalize this statement and prove it.
+
+(* FILL IN HERE
+(** $$$$
+
+
+## Additional Exercises
+
+#### Exercise: 1 star (progress_preservation_statement)
+Without peeking at their statements above, write down the progress
+and preservation theorems for the simply typed lambda-calculus.
+$$$$
+
+#### Exercise: 2 stars (stlc_variation1)
+Suppose we add a new term $$zap$$ with the following reduction rule
+
+                     ---------                  (ST_Zap)
+                     t ==> zap
+
+and the following typing rule:
+
+                  ----------------               (T_Zap)
+                  Gamma \vdash zap : T
+
+Which of the following properties of the STLC remain true in
+the presence of these rules?  For each property, write either
+"remains true" or "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+#### Exercise: 2 stars (stlc_variation2)
+Suppose instead that we add a new term $$foo$$ with the following
+reduction rules:
+
+                   -----------------                (ST_Foo1)
+                   (\lambda x:A. x) ==> foo
+
+                     ------------                   (ST_Foo2)
+                     foo ==> true
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+#### Exercise: 2 stars (stlc_variation3)
+Suppose instead that we remove the rule $$Sapp1$$ from the $$step$$
+relation. Which of the following properties of the STLC remain
+true in the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+#### Exercise: 2 stars, optional (stlc_variation4)
+Suppose instead that we add the following new rule to the
+reduction relation:
+
+        ----------------------------------        (ST_FunnyIfTrue)
+        (if true then t_1 else t_2) ==> true
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+
+#### Exercise: 2 stars, optional (stlc_variation5)
+Suppose instead that we add the following new rule to the typing
+relation:
+
+             Gamma \vdash t_1 : bool→bool→bool
+                 Gamma \vdash t_2 : bool
+             ------------------------------          (T_FunnyApp)
+                Gamma \vdash t_1 t_2 : bool
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+
+#### Exercise: 2 stars, optional (stlc_variation6)
+Suppose instead that we add the following new rule to the typing
+relation:
+
+                 Gamma \vdash t_1 : bool
+                 Gamma \vdash t_2 : bool
+                ---------------------               (T_FunnyApp')
+                Gamma \vdash t_1 t_2 : bool
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+
+#### Exercise: 2 stars, optional (stlc_variation7)
+Suppose we add the following new rule to the typing relation
+of the STLC:
+
+                     ------------------- (T_FunnyAbs)
+                     \vdash \lambda x:bool.t : bool
+
+Which of the following properties of the STLC remain true in
+the presence of this rule?  For each one, write either
+"remains true" or else "becomes false." If a property becomes
+false, give a counterexample.
+
+  - Determinism of $$step$$
+
+  - Progress
+
+  - Preservation
+
+
+### Exercise: STLC with Arithmetic
+
+To see how the STLC might function as the core of a real
+programming language, let's extend it with a concrete base
+type of numbers and some constants and primitive
+operators.
+
+To types, we add a base type of natural numbers (and remove
+booleans, for brevity).
+
+Inductive ty : Type :=
+  | TArrow : ty → ty → ty
+  | TNat   : ty.
+
+To terms, we add natural number constants, along with
+successor, predecessor, multiplication, and zero-testing.
+
+Inductive tm : Type :=
+  | tvar : id → tm
+  | tapp : tm → tm → tm
+  | tabs : id → ty → tm → tm
+  | tnat  : nat → tm
+  | tsucc : tm → tm
+  | tpred : tm → tm
+  | tmult : tm → tm → tm
+  | tif0  : tm → tm → tm → tm.
+
+#### Exercise: 4 stars (stlc_arith)
+Finish formalizing the definition and properties of the STLC extended
+with arithmetic.  Specifically:
+
+  - Copy the whole development of STLC that we went through above (from
+    the definition of values through the Type Soundness theorem), and
+    paste it into the file at this point.
+
+  - Extend the definitions of the $$subst$$ operation and the $$step$$
+     relation to include appropriate clauses for the arithmetic operators.
+
+  - Extend the proofs of all the properties (up to $$soundness$$) of
+    the original STLC to deal with the new syntactic forms.  Make
+    sure Agda accepts the whole file.