Verifying The F o u r Colour Theorem
description
Transcript of Verifying The F o u r Colour Theorem
![Page 1: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/1.jpg)
Verifying The Four Colour Theorem
Georges GonthierMicrosoft Research Cambridge
![Page 2: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/2.jpg)
150 years of history…
1852 Conjecture (Guthrie → DeMorgan) 1878 Publication (Cayley) 1879 First proof (Kempe) 1880 Second proof (Tait) 1890 Rebuttal (Heawood) 1891 Second rebuttal (Petersen) 1913 Reducibility, connexity (Birkhoff) 1922 Up to 25 regions (Franklin) 1969 Discharging (Heesch) 1976 Computer proof (Appel & Haken) 1995 Streamlining (Robertson & al.) 2004 Self checking proof (Gonthier)
![Page 3: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/3.jpg)
Outline
Computer proofs The theorem Proof outline New math Proof techniques Proof vs. test
![Page 4: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/4.jpg)
C program
From proof with programs…
proof textstatement
formula
C compilerMachine
code
C runtimelibrary
?
?
??
![Page 5: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/5.jpg)
… to computer proof
Coq tacticengine
Typed-calculus
Coq runtimekernel
?
Coqproof
scripts
statement statement
![Page 6: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/6.jpg)
The Theorem
Every simple planar map can be colored with only four colors
disjoint subsets of R x Ropen and connected
∃good covering map with at most four regions
adjacent regions covered with different colors
have a common border point that is not a corner
touches more than two regions
![Page 7: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/7.jpg)
Coq definitions
Definition covers [m, m' : map] : Prop := (z : point) (subregion (m z) (m' z)).
Definition size_at_most [n : nat; m : map] : Prop := (EXT f | (z : point) (inmap m z) -> (EX i | (lt i n) & (m (f i) z))).
Definition border [m : map; z1, z2 : point] : region := (intersect (closure (m z1)) (closure (m z2))).
Definition corner_map [m : map; z : point] : map := [z1, z2](and (m z1 z2) (closure (m z1) z)).
Definition not_corner [m : map] : region := [z](size_at_most (2) (corner_map m z)).
Definition adjacent [m : map; z1, z2 : point] : Prop := (meet (not_corner m) (border m z1 z2)).
Record simple_map [m : map] : Prop := SimpleMap { simple_map_proper :> (proper_map m); map_open : (z : point) (open (m z)); map_connected : (z : point) (connected (m z)) }.
Record coloring [m, k : map] : Prop := Coloring { coloring_proper :> (proper_map k); coloring_inmap : (subregion (inmap k) (inmap m)); coloring_covers : (covers m k); coloring_adj : (z1, z2 : point) (k z1 z2) -> (adjacent m z1 z2) -> (m z1 z2) }.
Definition map_colorable [nc : nat; m : map] : Prop := (EXT k | (coloring m k) & (size_at_most nc k)).
Theorem four_color : (m : map) (simple_map m) -> (map_colorable (4) m).
![Page 8: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/8.jpg)
The proof
Combinatorial maps The induction The enumeration
![Page 9: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/9.jpg)
Cubic maps
![Page 10: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/10.jpg)
Coloring by induction
![Page 11: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/11.jpg)
Configurations
A configuration is a connected map fragment
The partial faces of a configuration form a ring
A configuration is reducible if it allows coloring by induction
All nontrivial rings with fewer than six faces define reducible configurations
![Page 12: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/12.jpg)
double rings
By connectedness, all local submaps of radius 2 are double rings
![Page 13: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/13.jpg)
The Euler Formula
For any planar map, V + F – E = 2(Euler never found the proof by flooding !)
For a cubical map, #sides = 6 – 12/F A honeycomb on average, but not quite
(a football, really)
![Page 14: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/14.jpg)
Proof outline
Discretize to hypermaps (= 3 finite permutations) no Jordan Curve Theorem (planarity = Euler)
Configurations : data for 633 special hypermaps construction programs with multiple interpretations
Unavoidability : configurations occur in internally 5-connnected planar hypermaps branch & bound enumeration
Graph theory : counter-example is internally 5-connected combinatorial Jordan Curve Theorem
Reducibility : configurations allow coloring by recursion 3 and 4-way decision diagrams
![Page 15: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/15.jpg)
From maps to hypermaps
n
f
node
edge
e
dart
![Page 16: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/16.jpg)
Contractions and friends
n
fe
![Page 17: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/17.jpg)
Proof techniques
Computational reflection:reducing mathematics to program
verification That’s it!
![Page 18: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/18.jpg)
How to prove 2 + 2 = 4
If 2 1+ (1+ 0) and ≝ 4 1+ (1+ (1+ (1+ 0))) :≝ By deduction :
Invoke instances of associativity, neutrality, apply congruence then transitivity.
By equations : (1+ (1+ 0)) + 2) = (1 + 1) + 2 = (1 + (1 + 2)) ≝
4 By computation :
(2 + 2 = 4) (4 = 4) true by reflexivity !≝
![Page 19: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/19.jpg)
Reflecting reducibility
Computational reflection = replacing proof with computationVariable cf : config.Definition check_reducible : bool := …Definition cfreducible : Prop := …Lemma check_reducible_valid : check_reducible -> cfreducible.
UsageLemma cfred232 : (cfreducible (Config 11 33 37 H 2 H 13 Y 5 H 10
H 1 H 1 Y 3 H 11 Y 4 H 9 H 1 Y 3 H 9 Y 6 Y 1 Y 1 Y 3 Y 1 Y Y 1 Y)).
Proof. Apply check_reducible_valid; By Compute. Qed.
![Page 20: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/20.jpg)
Reflection at every level
Large scale reflection: reducibility → proof witnesses Medium-scale reflection:
unavoidability → incompleteness + debugging Small-scale reflection: graph theory → primary means of automation
![Page 21: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/21.jpg)
Inside a proof assistant
Lemma next_cycle : (p : (seq d); Hp : (cycle p)) (x : d) (p x) -> (e x (next p x)).Proof.Move=> [ | y0 p] //= Hp x.Elim: p {1 3 5}y0 Hp => [ | y' p Hrec] y /=; Rewrite: eqd_sym /setU1. Rewrite: andbT orbF. Move=> Hy Dy. By Rewrite: Dy -(eqP Dy).Case/andP => [Hy Hp].Case: (y =P x) => [[] | _] //.Apply: Hrec Hp.Qed.
1 subgoal d : dataSet x0 : d e : (rel d) y0 : d x : d y' : d p : (seq d) Hrec : (x0:d) (path x0 (add_last p y0)) ->(setU1 x0 p x) ->(e x (next_at x y0 x0 p)) y : d ============================ (andb (e y y') (path y' (add_last p y0))) ->(or3b y =d x y' =d x (p x)) ->(e x (if (y =d x) then y‘ else (next_at x y0 y' p)))
command script goalcontext
![Page 22: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/22.jpg)
Five proof commands
Step label: conjecture By …forward chaining
Apply: lemma… => [x y Hxy | n | …] …backward chaining
Move: x y Hxy … => z t Hzt …bookkeeping : context goal moves
Case: x Hxy … => [a | b c] …decomposition, induction (with Elim)
Rewrite: /= orbF -{x}addn0 …partial evaluation, simplification
![Page 23: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/23.jpg)
Proof vs. test
Lemma, Step Move Case Apply Rewrite
test purpose (formal) test setup (assumptions) test data (partial) use prior test (generic) step & run (use prior run)
![Page 24: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/24.jpg)
Command distribution
Move
Apply
Step
Case
Rewrite
![Page 25: Verifying The F o u r Colour Theorem](https://reader031.fdocuments.us/reader031/viewer/2022020423/568145b3550346895db2b937/html5/thumbnails/25.jpg)
Some conclusions
Proof assistants can give real proofs of real theorems
Machine formalization can lead to new mathematical insights
Formally proving programs is easier than formally proving theorems
Proving is stepwise testing!