How do I write proofs about private implementations?

Question

I want to write a proof about my function

export
foo : Nat -> Nat

but since it's only export not public export , how can I do that? Afaik public makes the implementation public.

Answer 1

You can sometimes export a proof that this function is extensionally equal to a function you do export publicly. Then you don't leak implementation details you don't want to.

Answer 2

The actual implementation of definitions that are not public export may still be needed for definitions in the same module (eg unfolding lemmas or proofs that the definition is extensionally equal to its specification as Ohad suggested) to typecheck.

Towards this end, Idris checks whether the current proof is in a subnamespace of the namespace the private definitions was introduced in to decide whether to reduce it or not.

Consequently, you can prove properties of opaque definitions in subnamespaces eg if reverse was defined in Data.List , you can define a module Data.List.Properties in which it will reduce even if it is only merely export ed.

This currently works across packages too. Use at your own risks though: it is morally a hack and

1. your proofs will bit rot if the upstream package decides to change the non-public definition (which they may consider is not breaking backwards compatibility)

2. future versions of the language may look into tightening this check to avoid being able to use this hack across packages.

Answer 3

Either write the proof in the same file as foo or make foo public export.