1 / 31

Verifying the F o u r Colour Theorem

Verifying the F o u r Colour Theorem. Georges Gonthier Microsoft Research Cambridge. 150 years of history…. 1852 Conjecture ( Guthrie → DeMorgan ) 1878 Publication ( Cayley ) 1879 First proof ( Kempe ) 1880 Second proof ( Tait ) 1890 Rebuttal ( Heawood )

cameran-clark
Download Presentation

Verifying the F o u r Colour Theorem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verifying theFour Colour Theorem Georges Gonthier Microsoft Research Cambridge

  2. 150 years of history… • 1852 Conjecture (Guthrie → DeMorgan) • 1878 Publication (Cayley) • 1879 First proof (Kempe) • 1880 Second proof (Tait) • 1890 Rebuttal (Heawood) • 1891 Second rebuttal (Petersen) • 1913 Reducibility, connexity (Birkhoff) • 1922 Up to 25 regions (Franklin) • 1969 Discharging (Heesch) • 1976 Computer proof (Appel & Haken) • 1995 Streamlining (Robertson & al.) • 2004 Self checking proof (Gonthier)

  3. So what about it ? • It shows software can be as reliable as math. • It’s been done by applying computer science to mathematics. • The art of computer proving is maturing.

  4. Outline • The Four Colour Theorem • what it says • how it’s proved • Formal proofs • proving with programs • thinking with programs • Computer proofs • how it’s done

  5. The Theorem open and connected disjoint subsets of R x R Every simple planar map can be colored with only four colors ∃good covering map with at most four regions adjacent regions covered with different colors have a common border point that is not a corner touches more than two regions

  6. Recordsimple_map(m : map) : Prop := SimpleMap { simple_map_proper :> proper_map m; map_open : ∀z, open (m z); map_connected : ∀z, connected (m z) }. Recordcoloring(m, k : map) : Prop := Coloring { coloring_proper :> proper_map k; coloring_inmap : subregion (inmap k) (inmap m); coloring_covers : covers m k; coloring_adj : ∀z1 z2, k z1 z2→ adjacent m z1 z2→ m z1 z2 }. Definitionmap_colorablen m := ∃2 k, coloring m k & size_at_most n k. Theoremfour_color : ∀m, simple_map m → map_colorable 4 m. Definitioncovers(m, m' : map) := ∀z : point, subregion (m z) (m' z). Definitionsize_at_mostn m := ∃ f, ∀ z, inmap m z → ∃2 i, i < n & m (f i). Definitionborderm z1 z2 := intersect (closure (m z1)) (closure (m z2)). Definitioncorner_map(m : map) z : map := fun z1 z2⇒ m z1 z2∧ closure (m z1) z. Definitionnot_cornerm z := size_at_most 2 (corner_map m z). Definitionadjacentm z1 z2 := meet (not_corner m) (border m z1 z2). The formal theorem

  7. Outline • The Four Colour Theorem • what it says • how it’s proved • Formal proofs • proving with programs • thinking with programs • Computer proofs • how it’s done

  8. ring Colouring by induction Configuration reducible

  9. #sides Cubic maps Euler formula 2E/R = 6 - 12/R R + N – E = 2 the world’s a football

  10. Small rings • Any non-trivial ring < 6 defines reducible configurations (Birkhoff, 1913) • If there are no small rings, then all 2-neighborhoods are double rings look for configurations in 2-neighborhoods!

  11. The proof in a nutshell • Find a set of configurations such that: (A) reducibility: Each one can be coloured to match any planar ring colouring. (B) unavoidability: At least one appears in any planar map. • Verify that the combinatorics fit the topology (graph theory + analysis). 1,000,000,000 cases 10,000 cases

  12. 2005 MSR 1976 A & H 1995 RSST 35 lines of definitions 2 books 1000’s of figures 35-page paper Gallina reducibility unavoidability graph theory topology data structures … C program reducibility unavoidability IBM 370 reducibility Progress in verification ? ?

  13. Outline • The Four Colour Theorem • what it says • how it’s proved • Formal proofs • proving with programs • thinking with programs • Computer proofs • how it’s done

  14. The Poincaré principle ? 2 + 2 = 4 • How do you prove: • Given 2 ≝ 1+ (1+ 0) 4 ≝ 1+ (1+ (1+ (1+ 0))) n + m ≝ if n is 1+ n’ then 1+ (n’ + m) else m (a recursive program) a: 0 + 2 = 2 (neutral left) b: (1 + 0) + 2 = 1 + (0 + 2) (associativity) c: 2 + 2 = 1 + ((1 + 0) + 2) (def, associativity) d: 2 + 2 = 1 + (1 + (0 + 2)) (replace b in c) e: (replace a in d, def) a: (def, calculation)

  15. Reflecting reducibility • Setup Variablecf : config. Definitioncfreducible : Prop := … Definitioncheck_reducible : bool := … Lemmacheck_reducible_valid : check_reducible -> cfreducible. • Usage Lemmacfred232 : cfreducible (Config 11 33 37 H 2 H 13 Y 5 H 10 H 1 H 1 Y 3 H 11 Y 4 H 9 H 1 Y 3 H 9 Y 6 Y 1 Y 1 Y 3 Y 1 Y Y 1 Y). Proof. apply check_reducible_valid; bycompute. Qed. 20,000,000 cases

  16. Border colouring (Tait 1880)

  17. Chord flips (Kempe 1879) chromogram colouring • )0 ( • )1 ( •

  18. Ξ0 1 Λ0  Λi restrict Λ Ξi Λ Λi+1 Yes any ? Ξ, Λ No No No decrement Ξ Ξi+1 Ξ -1 kempe Model checking colourings

  19. Chromogram twiddling Fixpoint gram_neg_rec (n : nat) (w : chromogram) {struct w} : chromogram := match w, n with | Adds Gpush w', _ => Adds Gpush (gram_neg_rec (S n) w') | Adds Gskip w', _ => Adds Gskip (gram_neg_rec n w') | Adds s w', S n => Adds s (gram_neg_rec n w') | Adds Gpop0 w', O => Adds Gpop1 w' | Adds Gpop1 w', O => Adds Gpop0 w' | seq0, _ => w end. Definition gram_neg := gram_neg_rec 0.

  20. Correctness proof Lemma match_gram_neg : forall b0 et w, matchg (Seq b0) et (gram_neg w) = matchg (Seq (¬ b0)) et w. Proof. move => b0 et w; set sb : bitseq := seq0. have Esb: forall b : bool, Adds b sb = add_last sb b bydone. rewrite /gram_neg -[0]/(size sb) 2!{}Esb. elim: w et sb => [|s w IHw] et lb; firstbycase lb. case Ds: s; (case: et => [|e et]; firstbycase lb); first [ bycase: e (IHw et (Adds _ lb)) => /= | bycase: e; case: lb => [|b lb]; rewrite /= ?if_negb ?IHw ]. Qed.

  21. Outline • The Four Colour Theorem • what it says • how it’s proved • Formal proofs • proving with programs • thinking with programs • Computer proofs • how it’s done

  22. e n f dart node edge Formalizing maps

  23. Rings and disks disk rest

  24. contour cycle Pasting configurations paste full map disk rest

  25. Folkloric proofs? (3.3) Let K be a configuration appearing in a triangulation T, and let S be the free completion of K. Then there is a projection ɸ of S into T such that ɸ (x) = x for all x ∈ V(G(K)) ∪ E(G(K)) ∪ F(G(K)). This is a “folklore” theorem, and we omit its [lengthy] proof… Definitionphi x := if ac x then h x else if ac (edge x) then edge (h (edge x)) else if ac (node x) then face (edge (h (node x))) else edge (node (node (h (node (edge x))))).

  26. spoke spoke hub u r u u u l u l h l u u r h u r hat h r u l spoke f0r spoke h r h l f2l h left step f1l f0r right step fan f1r fan f0l subpart f1l f2r unreachable dart fan Unavoidable pattern

  27. Topology Euler: (n + 1)2 + n2 + 1 – 2n(n+1) = 2

  28. Outline • The Four Colour Theorem • what it says • how it’s proved • Formal proofs • proving with programs • thinking with programs • Computer proofs • how it’s done

  29. Lemmanext_cycle : ∀p x, cycle p →p x → e x (next p x). Proof. move⇒ [ | y0 p] x //= Hp. elim: p {1 3 5}y0 Hp ⇒ [ | y' p IHp] y /=; rewrite eqdsym /setU1. - rewrite andbT orbF ⇒ Hy Dy. byrewrite Dy -(eqP Dy). move/andP⇒ [Hy Hp]. case: (y =P x) ⇒ [←| _] //. exact: IHp Hp. Qed. 1 subgoal d : dataSet e : rel d y0 : d x : d y’ : d p : seq d IHp : forallx0: d, path x0 (add_last p y0) -> setU1 x0 p x -> e x (next_at x y0 x0 p) y : d ============================ e y y’ && path y’ (add_last p y0) -> or3b (y =d x) (y’ =d x) (p x) -> e x (if y =d x then y’ else next_at x y0 y’ p) context recursion assumption e e e e e e Proof workbench 1 subgoal d : dataSet e : rel d y0 : d x : d y’ : d p : seq d IHp : forallx0: d, path x0 (add_last p y0) -> setU1 x0 p x -> e x (next_at x y0 x0 p) y : d Hy : e y y’ Hp : path y’ (add_last p y0) ============================ or3b (y =d x) (y’ =d x) (p x) -> e x (if y =d x then y’ else next_at x y0 y’ p) 1 subgoal d : dataSet e : rel d y0 : d x : d y’ : d p : seq d IHp : forallx0: d, path x0 (add_last p y0) -> setU1 x0 p x -> e x (next_at x y0 x0 p) y : d Hy : e y y’ Hp : path y’ (add_last p y0) ============================ or3b false (y’ =d x) (p x) -> e x (next_at x y0 y’ p) Subtree proved! 2 subgoals d : dataSet e : rel d y0 : d x : d y : d Hy : e y y0 Dy : y =d x ============================ e x (if y =d x then y0 else x) subgoal 2 is: e y y’ && path y’ (add_last p y0) -> or3b (y =d x) (y' =d x) (p x) -> e x (if y =d x then y’ else next_at x y0 y’ p) 1 subgoal d : dataSet e : rel d ============================ forall (p: seq d) (x : d), cycle p -> p x -> e x (next p x) 2 subgoals d : dataSet e : rel d y0 : d x : d y : d ============================ e y y0 && true -> (y =d x) || false -> e x (if y =d x then y0 else x) subgoal 2 is: e y y’ && path y’ (add_last p y0) -> or3b (y =d x) (y’ =d x) (p x) -> e x (if y =d x then y’ else next_at x y0 y’ p) 1 subgoal d : dataSet e : rel d y0 : d p : seq d x : d Hp : path y0 (add_last p y0) ============================ setU1 y0 p x -> e x (next_at x y0 y0 p) p cycle p x e goal next px proof script other goal

  30. Five tactic summary • move: x y Hxy … => z t Hzt … bookkeeping : context  goal moves • case: xHxy … => [a | b c] … decomposition, induction (with elim) • rewrite/= orbF –[x]addn0 … partial evaluation, simplification • apply: lemma… => [x y Hxy | n | …] … match goal (backward chaining) • havelabel: conjectureby … set goal (forward chaining)

  31. Some conclusions • Proof assistants can give real proofs of real theorems • Machine formalization can lead to new mathematical insights • Formally proving programs can be easier than formally proving theorems

More Related