Discrete Jordan Curve Theorem: A proof formalized in Coq with hypermaps

Symposium on Theoretical Aspects of Computer Science 2008 (Bordeaux), pp. 253-264 www .stacs-conf .org DISCRETE JORD AN CUR VE THEO REM: A PR OOF FORMALIZED IN COQ WITH HYPERMAPS JEAN-FRANC ¸ OIS DUFOURD 1 1 Universit ´ e Louis-P asteur de Strasb ourg, UFR de Math ´ ematique et d’In formatique, Lab o. des Sciences de l’Image, de l’Informatique et de la T ´ el´ ed ´ etection ( UMR CNR S-ULP 7005), Pˆ ole API, Boulev ard S´ eb astien Brant, 67400 I llkirc h, F rance E-mail addr ess : dufourd@dpt - info.u-strasbg.fr Abstra ct. T his pap er presents a forma lized pro of of a discrete form of the Jordan Curve Theorem. It is based on a hypermap mo del of planar sub divisions, formal sp ecifications and pro ofs assisted by the Co q system. F undamental prop erties are p ro ven by structu ral or noetherian induction: Genus Theorem, Euler’s F orm u la, constructive p lanarit y criteria. A notion of ring of faces is indu ctively defi ned and a Jordan Curve Theorem is stated and prov en for any planar hypermap. In tro duction This pap er pr esen ts a form al s tatemen t and an assisted pro of of a Jordan Curve The- orem (JCT ) discrete v ersion. In its common form, th e theorem s a ys that the complemen t of a cont inuous s im p le closed curve (a Jordan curve) C in an affine r eal plane is made of t wo connected comp onen ts whose b order is C , one b eing b ounded and the other not. The discrete form of JCT we deal with states that in a fin ite sub division of the plane, b reaking a ring R of faces increases b y 1 the conn ectivit y of the sub d ivision. It is a w eak ened v ersion of the original theorem where the question of b ound is m issing. Ho wev er, it is w id ely u s ed in computational geometry an d discrete geometry f or imaging, where connection is the es- sen tial information (14; 9 ). In fact, w e only are in a combinato ric framew ork, w here any em b ed ding is excluded, and where b ounding do es n ot mak e sense. In compu tational top ology , sub divisions are b est describ ed b y map m o dels, the most general b eing hyp ermaps (15 ; 4). W e prop ose a purely com binatorial pro of of J CT based on this structure. The h yp ermap framework is en tirely formalized and the p ro ofs are de- v elop ed inte ractiv ely and verified by the Co q pro of assistan t (3). Using an original wa y to mo del, build and destru ct h yp ermaps, the present work br ings new simple constru ctiv e planarit y and connectivit y criteria. It prop oses a new direct expression of J CT and a simple constructiv e pro of with algorithmic extensions. It is also a large b enc hm ark for th e s oftw are 1998 ACM Subje ct Classific ation: I.3.5, E1, D.2.4. Key wor ds and phr ases: F ormal sp ecifications - Computational top ology - Comput er- aided proofs - Co q - Planar sub divisions - H yp ermaps - Jordan Curve Theorem. Ackno wledgements: This researc h is sup p orted b y the ”white” pro ject GALAP AGOS, F rench ANR, 2007. c  J.-F . Dufourd CC  Creative Commons Attribution- NoDeriv s License 254 J.-F. DUF OURD sp ecification f ramew ork we ha v e b een d ev eloping in the last fifteen y ears for map mo d els used in geometric m o deling and computer imagery (2; 7; 8 ). The usefu l Co q features are reminded and the wh ole pro cess is d escrib ed, b u t th e full details of the pro ofs are omitted. Section 1 summarizes related work. S ection 2 recalls some mathematical materials. Section 3 prop oses basic hyperm ap sp ecifications. S ection 4 pro ves constructiv e criteria of hyp ermap planarit y and connectivit y . Section 5 inductive ly sp ecifies the r ings and their pr op erties. Section 6 p ro ve s the d iscrete JCT. Section 7 concludes. 1. Related work The JCT is a result of classical plane top ology , fi rst stated by C. Jordan in 1887, but of whic h O. V e blen give s the first correct pro of in 1905. In 1979, W.T. T utte prop oses op erations and p rop erties of com binatorial maps, e .g. planarity and Eu ler’s F orm ula, defin es rings and p ro ve s a discrete JC T (15). Our theorem statement is comparable, but our framew ork is m o deled differently and all our p ro ofs are formalized and computer-assisted. In 2003, G. Bauer and T. Nipk o w sp ecify planar graph s and triangulations in Is - ab elle/Isar to carr y out interac tive p r o ofs of Eu ler’s F orm ula and of the Fiv e Colour Th e- orem (1). Ho w eve r , they do n ot appr oac h the JCT. In 2005, A. Kornilo wicz designs for the MIZAR pro ject a semi-automated classica l p ro of of a contin u ous form of JCT in an Euclidean space (13). In 2005 also, on his wa y to w ards the p ro of of the K epler conjecture in the Flysp ec k pro jet, T. Hales prov es the JCT f or p lanar r ectangular grids with the HOL Ligh t system, f ollo w in g the Kur ato w ski characte rization of planarity (12). In 2005 alwa ys, G. Gon thier et al. pro ve the F our Colour Theorem u sing C o q. Plane sub d ivisions are d escrib ed b y h yp ermaps, and Eu ler’s F ormula is used as a global planarity criterion (10). A lo cal criterion, called hyp ermap Jor dan pr op erty , is pro ven equiv alent . T he main part of th is w ork is the gigan tic pro of of the F our Colour Theorem with hyp ermaps and sophisticated pro of tec hniqu es. The hyp ermap form alizatio n is very differen t from our s and it seems that JCT is not explicitly pro ven there. Finally , since 1999, w e carry out exp eriments with Co q f or com bin atorial m ap mo d els of sp ace sub d ivisions (5; 7; 8). 2. Mathematical A sp ects Definition 2.1 (Hyp ermap) . A hyp ermap is an algebraic structur e M = ( D , α 0 , α 1 ), where D is a fin ite set whose element s are called darts , and α 0 , α 1 are p erm utations on D . If y = α k ( x ), y is the k - suc c essor of x , x is the k - pr e de c e ssor of y , and x and y are said to b e k - linke d . In Fig. 1, as fun ctions α 0 and α 1 on D = { 1 , . . . , 15 } are p ermutat ions, M = ( D , α 0 , α 1 ) is a hyp ermap. It is dra wn on the plane by asso ciating to eac h dart a curved arc orien ted from a bullet to a small strok e: 0-link ed (resp. 1-link ed) darts share th e same small strok e (resp. b ullet). By con v ention, in the drawings of hyp ermaps on su rfaces, k -su ccessors turn coun terclo c kwise around strokes and bu llets. Let M = ( D , α 0 , α 1 ) b e a h yp ermap. Definition 2.2. (Orbits and h yp ermap cells) (1) Let f 1 , . . . , f n b e n fun ctions in D . The orbit of x ∈ D for f 1 , . . . , f n is the subset of D denoted b y h f 1 , . . . , f n i ( x ), the elemen ts of which are accessible from x by any comp ositi on of f 1 , . . . , f n . JORDAN CUR VE THEOREM IN COQ WITH HYPERMAPS 255 8 9 10 11 12 1 3 4 5 6 7 2 1 2 15 3 4 5 7 9 10 11 12 13 14 α0 α1 6 2 5 4 3 4 6 12 9 10 5 11 8 10 11 12 14 13 13 15 15 14 2 8 7 8 6 1 7 1 9 3 D 13 14 15 Figure 1: An example of hyp ermap. (2) In M , h α 0 i ( x ) is the 0-orbit or e dge of dart x , h α 1 i ( x ) its 1-orbit or vertex , h φ i ( x ) its fac e for φ = α − 1 1 ◦ α − 1 0 , and h α 0 , α 1 i ( x ) its (c onne cte d) c omp onent . In Fig. 1 th e hyperm ap con tains 7 edges (strok es), 6 v ertices (bullets), 6 faces and 3 comp onent s. F or instance, h α 0 i (3) = { 3 , 5 , 4 } is the edge of dart 3, h α 1 i (3) = { 3 , 4 , 1 , 2 } its v ertex. F aces are defin ed, thr ough φ , for a dart tra versal in counte rclo ckwise order, when the h yp ermap is dr a wn on a surface. Then, ev ery face wh ic h encloses a b oun ded (resp. unboun ded) r egion on its left is called internal (resp . external ). In Fig. 1, the (in ternal) face of 8 is h φ i (8) = { 8 , 10 } and the (external) face of 13 is h φ i (13) = { 13 } . Let d, e, v , f and c b e the num b ers of darts, edges, ve r tices, faces and comp onen ts of M . Definition 2.3. (Euler charact eristic, gen us, planarit y) (1) The Euler char acteristic of M is χ = v + e + f − d . (2) The genus of M is g = c − χ/ 2. (3) When g = 0, M is said to b e planar . F or instance, in Fig. 1, χ = 6 + 6 + 7 − 15 = 4 and g = 3 − χ/ 2 = 1. Consequen tly , the h yp ermap is non p lanar. Th ese v alues satisfy the follo wing r esu lts: Theorem 2.4 (of the Gen us) . χ is an even i nte ger and g is a natur al numb e r. Corollary 2.5 (Euler F orm u la) . A non empty c onne cte d − i.e. with c = 1 − planar hyp ermap satisfies v + e + f − d = 2 . When D 6 = ∅ , the r epr esentation of M on an orientable close d surface is a mapping of edges and v ertices on to p oints, d arts on to op en orien ted Jordan arcs, and faces on to op en connected regions. It is an emb e dding when ev ery comp onent of M r ealizes a p artition of the surf ace. Then, the genus of M is th e minimum num b er of holes in an orient able closed surface wher e suc h an em b edding is p ossible, th us d ra wing a sub d ivision, or a p olyhedron, b y h yp ermap comp onen t (11). F or instance, all the comp onents of the h yp ermap in Fig. 1 can b e embed d ed on a torus (1 h ole) but not on a sphere or on a plane (0 hole). When a (planar) hypermap comp onen t is emb edded on a plane, th e corresp ondin g su b division has exactly one unb ou n ded (external) face. But a non planar hyperm ap can never b e em b edded on a plane: in a dra wing on a plane, s ome of its faces are neither in ternal nor external, e.g. h φ i (1) = { 1 , 5 , 2 , 11 , 12 , 7 , 6 , 4 , 9 } in Fig. 1. Con v ersely , an y sub division of an orientable close d s urface can b e mo deled b y a h yp ermap. In fact, the formal presentati on wh ic h follo w s is pur ely c ombinatorial , i.e w ithout an y top ological or geometrical consider ation. 2.1. Rings of faces a nd Jordan C urv e T heorem T o state the version of J CT we will prov e, w e n eed the concepts of double- link , adjac e nt fac es and ring of fac es in a hypermap M = ( D , α 0 , α 1 ). 256 J.-F. DUF OURD F 1 F 2 F 3 F 4 y’ 1 2 y y’ 2 y’ 4 1 y y 4 y’ 1 y’ 2 y’ 4 y 4 1 y 2 y y 3 y 3 y’ 3 y’ 3 M R M’ Figure 2: Break of M along a rin g R of length n = 4 giving M ′ . Definition 2.6. (Double-link and adjacen t faces) (1) A double-link is a pair of d arts ( y , y ′ ) wh ere y and y ′ b elong to the same edge. (2) The faces F and F ′ of M are said to b e adjac ent by the double-link ( y , y ′ ) if y is a dart of F and y ′ a dart of F ′ . W e c ho ose a face adjacency by an e dge r ather th an by a vertex as do es W.T. T utte (15). In fact, du e to the homogeneit y of dimensions 0 an d 1 in a hyp ermap, b oth are equiv alent. Definition 2.7. (Ring of faces) A ring of fac es R of length n in M is a non empt y sequence of double-links ( y i , y ′ i ), for i = 1 , . . . , n , with the f ollo w ing prop ertie s, where E i and F i are the edge and face of y i : (0) Unicity: E i and E j are distinct, for i, j = 1 , . . . , n and i 6 = j ; (1) Continuity: F i and F i +1 are adjacent by the doub le-link ( y i , y ′ i ), for i = 1 , . . . , n − 1; (2) Cir cu larity , or closur e: F n and F 1 are adjacent b y the d ouble-link ( y n , y ′ n ); (3) Simplicity: F i and F j are distinct, for i, j = 1 , . . . , n and i 6 = j . This notion simulate s a Jord an cur v e represen ted in dotted lines in Fig. 2 on the left for n = 4. Then, w e d efine the br e ak along a ring , illustrated in Fig. 2 on the r igh t. Definition 2.8. (Break along a rin g) Let R b e a r ing of faces of length n in M . Let M i = ( D , α 0 ,i , α 1 ), for i = 0 , . . . , n , b e a h yp ermap sequence, where the α 0 ,i are recur siv ely defined by: (1) i = 0: α 0 , 0 = α 0 ; (2) 1 ≤ i ≤ n : for eac h dart z of D : α 0 ,i ( z ) = if α 0 ,i − 1 ( z ) = y i then y ′ i else if α 0 ,i − 1 ( z ) = y ′ i then y i else α 0 ,i − 1 ( z ) . Then, M n = ( D , α 0 ,n , α 1 ) is said to b e obtained from M b y a br e ak along R . Finally , the theorem w e will pr o v e in Co q mimics the b ehaviour of a cut along a simple Jordan cur v e of the p lane (or of the sph ere) in to t wo comp onents: Theorem 2.9 (Discrete Jordan C u rv e Theorem) . L et M b e a planar hyp ermap with c c omp onents, R b e a ring of fac es in M , and M ′ b e the br e ak of M along R . The numb er c ′ of c omp onents of M ′ is such that c ′ = c + 1 . 3. Hyp ermap sp ecifications 3.1. Preliminary sp ecifications In Co q, w e first define an indu ctiv e typ e dim for the t wo dimensions at stak e: Inductiv e dim:Set:= zero: dim | one: dim. JORDAN CUR VE THEOREM IN COQ WITH HYPERMAPS 257 9 10 11 12 1 3 4 5 6 2 7 8 13 14 15 Figure 3: A hypermap w ith its incompletely link ed orb its. All ob ject s b eing t yp ed in Coq , di m has the t yp e Set of all concrete t yp es. I ts c onstructors are the constan ts z ero and one . In eac h indu ctiv e t yp e, the generic equalit y pr ed icate = is built-in but its decidabilit y is n ot, b eca use Co q’s logic is intuitionistic. F or dim , the latter can b e established as the lemma: Lemma eq_dim _dec: forall i j : dim, {i=j}+{~i=j}. Once it is made, its pro of is an ob ject of the sum type { i=j } + { ~i=j } , i.e. a function, named eq dim dec , that tests w henev er its t w o argument s are equal. The lemma is in teractiv ely pro ven with some tactics, the reasoning b eing merely a structural induction on b oth i and j , here a simple case analysis. Ind eed, from eac h indu ctiv e type definition, Co q generates an induction principle , us able either to pr o v e p rop ositions or to b uild total functions on th e t yp e. W e identify the t yp e dart an d its equalit y decidabilit y eq dart dec with the built-in nat and eq nat dec . Finally , to manage exceptions, a nil dart is a r en aming of 0 : Definiti on dart:= nat. Definiti on eq_dart_ dec:= eq_nat_dec. Definiti on nil:= 0. 3.2. F ree maps The hyp ermaps are no w app roac hed b y a general notion of fr e e map , th an k s to a free algebra of terms of inductiv e t yp e fmap with 3 constructors, V , I and L , resp ective ly for the empty (or void ) map, the insertion of a d art, and the linking of t wo darts: Inductiv e fmap:Set:= V : fmap | I : fmap->da rt->fmap | L : fm ap->dim-> dart->da rt->fmap. F or in stance, the hyp ermap in Fig. 1 can b e mo deled b y the f r ee map represented in Fig.3 where the 0- and 1-links by L are represented by arcs of circle, and where the orbits remain op en. Again, Co q generates an in duction pr inciple on free maps. Next, observers of free maps can b e defined. The p redicate ex d express that a dart exists in a h yp ermap. Its definition is recursive, whic h is indicated b y Fixpo int , thanks to a pattern matc hin g on m written m atch m with... . Th e attribute { stru ct m } allo ws Co q to v erify that the recursive calls are p erf ormed on smaller fmap terms, thus ensu ring termination. T h e result is False o r True , basic constan ts of Pr op , the bu ilt-in type of prop ositions. Note that terms are in pr efix notation and that is a place holder: Fixpoint exd(m: fmap)(z:d art){str uct m}:Prop:= match m with V => False | I m0 x => z=x \/ exd m0 z | L m0 _ _ _ => exd m0 z end. 258 J.-F. DUF OURD The decidabilit y exd dec of exd directly deriv es, thanks to a pro of by induction on m . Then, a version, den oted A , of op eration α k of Definition 2.1 completed with nil for conv enience is written as follo ws, th e inv er s e A 1 b eing similar: Fixpoint A(m:fm ap)(k:dim )(z:dart ){struct m} :dart:= match m with V => nil | I m0 x => A m0 k z | L m0 k0 x y => if eq_dim_de c k k0 then if eq_ dart_dec z x then y else A m0 k z else A m0 k z end. Predicates suc c and p red express that a dart has a k -su ccessor and a k -predecessor (not nil ), with the d ecidabilities succ dec and pre d d ec . In hyp ermap m of Fig. 3, A m z ero 4 = 3, A m zero 5 = nil, succ m zero 4 = True, succ m zero 5 = False, A 1 m one 2 = 1 . In fact, when a k -orbit remains op en, whic h will b e requ ired in the follo w ing, we can obtain its top and bot tom from one of its dart z . Then, we can do as if the k -orbit w ere closed, thanks to the op erations cA and cA 1 which close A and A 1 , in a wa y similar to op eration K of W.T. T u tte (15). F or instance, in Fig. 3, top m one 1 = 3, bott om m one 1 = 4, cA m one 3 = 4, cA 1 m on e 4 = 3 . Finally , destructors are also recursiv ely defined. First, D:fmap->dart-> fmap d eletes the latest insertion of a dart b y I . Second, B , B :fmap->d im->dart ->fmap br eak the latest k- link ins erted for a dart b y L , f orward and backw ard r esp ectiv ely . 3.3. Hyp ermaps Preconditions w ritten as predicates are introdu ced for I and L : Definiti on prec_I(m :fmap)(x :dart):= x <> nil /\ ~ exd m x. Definiti on prec_L(m :fmap)(k :dim)(x y:dart ):= exd m x /\ exd m y /\ ~ succ m k x /\ ~ pred m k y /\ cA m k x <> y. If I and L are used un d er these conditions, the free map b uilt necessarily h as op en orb its. In fact, thanks to the closures cA and cA 1 , it can alw ays b e considered as a true hyp er m ap exactly equipp ed with op erations α k of Definition 2.1. It satisfies the invariant : Fixpoint inv_hm ap(m:fmap ):Prop:= match m with V => True | I m0 x => inv_hmap m0 /\ prec_I m0 x | L m0 k0 x y => inv_hmap m0 /\ prec_L m0 k0 x y end. Suc h a hyp ermap w as already drawn in Fig. 3. F u n damen tal prov en prop erties are that, for any m and k , (A m k) and (A 1 m k) are inje ctions in v erse of eac h other, and (cA m k ) and (cA 1 m k) are p ermutations in v erse of eac h other, and are closures. Finally , tra v ersals of faces are based on fun ction F and its closure cF , w h ic h corresp ond to φ (Definition 2.2). So, in Fig. 3 , F m 1 = nil , cF m 1 = 5 . Pr op erties similar to the ones of A , cA are pro ven for F , cF and their inv ers es F 1 , cF 1 . 3.4. Orbits T esting if there exists a path from a dart to another in an orbit for a hyp ermap p ermu- tation is of prime imp ortance, for instance to determine the n u m b er of orb its. The problem is exactly the same for α 0 , α 1 or φ (Definitions 2.1 and 2.2). That is why a signatur e Sigf with formal parameters f , f 1 and their pr op erties is first d efi ned. JORDAN CUR VE THEOREM IN COQ WITH HYPERMAPS 259 L m zero x y x y F’ F’’ y x_1 x m F F’ L m zero x y x y F’’ m F x y x_1 Planar 0−linking inside a face F giving 2 faces F’ and F’’. Non planar 0−linking between 2 faces F and F’ giving face F’’. Figure 4: Linking at dimen s ion 0. Next, a generic mo dule (or functor ) Mf(M:Sigf) , the formal parameter M b eing a mo dule of t yp e Sigf , is written in Co q to p ackage generic defi n itions and prov en prop erties ab out f and f 1 . Among them, w e ha ve that eac h f -orb it of m is p erio dic with a p ositiv e smallest uniform p erio d for an y dart z of the orbit. Th e predicate e xpo m z t asserts the existenc e of a p ath in an f -orb it of m from a dart z to another t , w hic h is p ro v en to b e a de cidable e quivalenc e . Note that m ost of the prop erties are obtained by no etherian induction on the length of iterated s equences of f -successors, b ounded b y the p eriod . Appropriate mo d ules, called MA0 , MA1 and MF , are written to instan tiate for (cA m zero) , (cA m one) and (cF m) defi n itions and prop erties of f . So, a generic d efinition or prop erty in Mf (M) h as to b e prefixed by the m o dule name to b e concretely applied. F or instance, MF.expo m z t is the existence of a p ath fr om z to t in a face. In th e follo wing, MF.expo is abb reviated int o expf . F or instance, in Fig. 3, e xpf m 1 5 = True, expf m 5 3 = False . Finally , a bin ary relation eqc stating that t wo darts b elong to the same comp onent is easily defined b y ind u ction. F or instance, in Fig. 3, we h av e e qc m 1 5 = True, eqc m 1 13 = False . W e quickly pro ve that (eq c m) is a de cidable e qui valenc e . 3.5. Characteristics, Gen us Theorem and Euler F orm ula W e n ow coun t cells and comp onents of a hyp ermap using the C o q library modu le ZArith con taining all the f eatures of Z , the in teger ring, including to ols to solve linear systems in Presburger’s arithmetics. Th e num b ers nd , ne , nv , n f and nc of darts, edges, v ertices, faces and comp onen ts are easily defined b y indu ction. Euler’s c haracteristic ec and ge nus derive. The Genus Theorem and the E u ler F ormula (for any num b er (nc m) of comp onen ts) are obtained as corollaries of the fact that ec is ev en and satisfies 2 * (nc m) >= (ec m) (8). Remark that -> den otes a functional t yp e in S et as well as an implication in Pro p : Definiti on ec(m:fma p): Z:= nv m + ne m + nf m - nd m. Definiti on genus(m: fmap): Z:= (nc m) - (ec m)/2. Definiti on planar(m :fmap): Prop:= genus m = 0. Theorem Genus_T heorem: forall m:fmap, inv_hma p m -> genus m >= 0. Theorem Euler_F ormula: forall m:fmap, inv_hma p m -> planar m -> ec m / 2 = nc m. 4. Planarit y and connectivit y criteria A consequence of the pr evious theorems is a completely constructiv e criterion of pla- narity , w h en one correctly links with L at dimen s ions 0 or 1, e.g. for 0: Theorem planari ty_crit_0 : forall (m:fmap) (x y:dart), inv_hmap m -> prec_L m zero x y -> (planar (L m zero x y) <-> (planar m /\ (~ eqc m x y \/ expf m (cA_1 m one x) y))). 260 J.-F. DUF OURD y F F’ x x F F’ x0 b. Double−link coded by (x, false) : face F contains x0. a. Double−link coded by (x, true) : face F contains y. Figure 5: Cod ing a double-link and ident ifyin g a face. So, the planarit y of m is preserved for (L m zero x y) iff one of the foll owing t wo co n ditions holds: (1) x and y are n ot in the same comp onen t of m ; (2) x 1 = (cA 1 m one x) and y are in the same face of m , i.e. the linking op erates inside the fac e cont aining y . Fig. 4 illustrates 0-linking inside a face, giving t wo n ew faces, and b et ween tw o (connected) faces, giving a new face, thus destro ying p lanarit y . Finally , after a long dev elopmen t, we pro ve the exp ected planar ity criterion , when breaking a link with B , at any d imension, e.g. for 0: Lemma planar ity_crit _B0: foral l (m:fmap)(x:dar t), inv_hm ap m -> succ m zero x -> let m0 := B m zero x in let y := A m zero x in (planar m <-> (planar m0 /\ (~ eqc m0 x y \/ expf m0 (cA_1 m0 one x) y))). Suc h a lemma is easy to write/understand as a mirr or form of the 0-linking criterion, bu t it is m uch more difficult to obtain. It wo u ld b e fruitfu l to relate these constructiv e/destructiv e criteria with the s tatic one of G. Gon thier (10). F in ally , some useful results quic kly c h ar- acterize the effect of a link b reak on the c onne ctivity of a p lanar hyp ermap. F or in stance, when 0-breaking x , a disconnection o ccurs iff expf m y x0 : Lemma discon nect_pla nar_crit erion_B0:forall (m: fmap)(x: dart), inv_hmap m -> planar m -> succ m zero x -> let y := A m zero x in let x0 := bottom m zero x in (expf m y x0 <-> ~eqc (B m zero x) x y). 5. Rings of faces 5.1. Co ding a double-links and identifying a face Since an edge is alwa ys op en in our sp ecification, when doing the b ac kw ard br eak of a unique 0-link from y or y’ , w e in fact r ealize a d ouble-link break, as in Defin ition 2.8. So, w e choose to identify a double-link by the u nique d art, w e called x , where the 0-link to b e brok en b egins. In fact, with resp ect to the face F on the left of the double-link in the ring, there are t w o cases, dep end ing on the p osition of x and its forwa rd 0-link, as sho wn in Fig. 5 (a) and (b). W e decided to distinguish them by a Bo olean b . Then, a double-link is cod ed b y a pair (x, b) . So, we implicitely identify eac h ring face F b y the double-link co ding on its right in the ring. In Fig. 5 (a), face F is identi fi ed by (x, tr ue) and contai n s y:= A m zero x , wh ereas in Fig. 5 (b), face F is identified b y (x, false ) and con tains x0:= bot tom m zero x . Th ese mo deling choice s considerably simplify the problems. In deed, in closed orbits, a true d ouble-link break w ould en tail 2 app lications of B follo wed by 2 applications of L , and would b e muc h m ore complicated to d eal with in pr o ofs. JORDAN CUR VE THEOREM IN COQ WITH HYPERMAPS 261 5.2. Modeling a ring of faces First, w e indu ctiv ely defin e linear lists of pairs of b o oleans and darts, with the tw o classical constr u ctors lam and co ns , and usual obser vers and d estructors, w hic h w e do not giv e, b ecause their effect is dir ectly comprehensib le: Inductiv e list:Set := lam: list | cons: dart* bool -> list -> list. Suc h a list is co mp osed of couples (x, b) , eac h iden tifying a face F : if b is true , F is represent ed b y y: = A m zero x , otherwise b y x0:= bottom m zero x (Fig. 5). In the follo w ing, Bl m l breaks all the 0-links starting from the d arts of list l in a h yp ermap m . Now, w e ha ve to mo del the conditions required for list l to b e a r ing of hyp ermap m . T ranslating Definition 2.7, w e ha ve f ou r conditions, called pre ringk m l , for k = 0 , . . . , 3, whic h w e explain in the follo w ing sections. Finall y , a pr edicate ring is defined b y: Definiti on ring(m:f map)(l:l ist):Prop := ~emptyl l /\ pre_ring 0 m l /\ pre_ri ng1 m l /\ pre_ring2 m l /\ pre_ring3 m l. 5.3. Ring Condition (0): unicit y The pr edicate distin ct edg e list m x l0 saying that the edges of l0 are distinct in m from a giv en edge of x , pre ring0 m l is defined recursively on l to imp ose that all edges in l are distinct: Condition (0) of Definition 2.7. It also imp oses that eac h d art in l has a 0-successor, in order to ha v e w ell defined links, whic h is implicit in the mathemati cal definition, bu t not in our sp ecification whith op en orbits. Fixpoint pre_ri ng0(m:fma p)(l:lis t){struct l }:Prop:= match l with lam => True | cons (x,_) l0 => pre_ring 0 m l0 /\ disti nct_edge _list m x l0 /\ succ m zero x end. 5.4. Ring Condition (1): con tinuit y Then, we define adjacency b et w een t wo faces iden tified b y xb = (x, b) and x b’ = (x’, b’) , along the link corresp onding to xb : Definiti on adjacent _faces(m :fmap)(xb xb’:dart *bool):= match xb with (x,b) => match xb’ with (x’,b’) => let y := A m zero x in let y’:= A m zero x’ in let x0 := bottom m zero x in let x’0:= bottom m zero x’ in if eq_bool_d ec b true then if eq_bool_dec b’ true then expf m x0 y’ else expf m x0 x’0 else if eq_bool_dec b’ true then expf m y y’ else expf m y x’0 end end. This definition is illustrated in Fig. 6 for the four p ossible cases of double-link codin gs. So, the predicate pre ring1 m l r ecursiv ely sp ec ifi es that t wo successiv e faces in l are adjacen t: Condition (1) in Definition 2.7: Fixpoint pre_ri ng1(m:fma p)(l:lis t){struct l }:Prop:= match l with lam => True | cons xb l0 => pre_ring1 m l0 /\ match l0 with lam => True | cons xb’ l’ => adjac ent_faces m xb xb’ end end. 262 J.-F. DUF OURD x’ y’ x0 x y F x’ x’0 x0 x y F x0 x y F x’ y’ x0 x y F x’ x’0 F’ a. Case b = true /\ b’= true. F’ b. Case b = true /\ b’= false. F’ c. Case b = false /\ b’= true. F’ d. Case b = false /\ b’= false. Figure 6: F our cases of face adjacency . 5.5. Ring Condition (2): circularit y , or closure The p r edicate pre ring2 m l sp ecifies that the last and fi rst faces in l are adj acen t: Condition (2) of circularity in Definition 2.7: Definiti on pre_ring 2(m:fmap )(l:list) :Prop:= match l with lam => True | cons xb l0 => match xb with (x,b) => let y := A m zero x in match l0 with lam => let x0 := bottom m zero x in expf m y x0 | cons _ l’ => let xb’:= last l0 in adjacent_ faces m xb’ xb end end end. 5.6. Ring Condition (3): simplicit y The pr ed icate sp eci fi ying that the faces of m iden tified b y xb and x b’ are distinct is easy to write by cases on the Bo oleans in xb and x b’ . T he pred icate disti nct face li st m xb l0 exp r essing th at the f ace id entified b y xb is distinct from all faces of list l0 en tails. Then, th e p r edicate pre ring 3 m l sa ys that all faces of l are d istinct: Condition (3) in Definition 2.7: Fixpoint pre_ri ng3(m:fma p)(l:lis t){struct l }:Prop:= match l with lam => True | cons xb l0 => pre_ring3 m l0 /\ distinct_f ace_list m xb l0 end. 6. Discrete Jordan Curv e T heorem The general principle of the JCT pro of for a hyp ermap m and a ring l is a s tr uctural induction on l . The case wh ere l is emp t y is immediatly excluded b ecause l is not a rin g b y defin ition. T h us the true fir st case is when l is r e duc e d to one element , i.e. is of th e form co ns (x, b) lam . T hen, we pro ve the follo wing lemma as a direct consequence of the planarit y criterion p lanarity crit B0 an d the criterion face cut jo in crite rion B 0 : Lemma Jordan 1:forall (m:fmap) (x:dart)(b:bool), i nv_hmap m -> planar m -> let l:= cons (x,b) lam in ring m l -> nc (Bl m l) = nc m + 1. When a ring l1 con tains at le ast two elements , we pro v e that the condition ~expf m y x0 must hold with th e fi r st elemen t (x, b) of l1 (in fact, conditions (1) and (3) are enough): JORDAN CUR VE THEOREM IN COQ WITH HYPERMAPS 263 Lemma ring1_ ring3_co nnect: forall(m :fmap)(x x’:dart)(b b’:bool)(l:lis t), inv_hm ap m -> let l1:= cons (x,b) (cons (x’,b’) l) in let y:=A m zero x in let x0:= bottom m zero x in planar m -> pre_ring1 m l1 -> pre_ring3 m l1 -> ~expf m y x0. In this case, thanks to discon nect planar crit erion B0 (Section 4 ), the lemma ent ails that the b reak of the first rin g link do es nev er disconnect the hyp ermap. T hen, after examining the b eha vior of pre ringk , for k = 0 , . . . , 3, w e are able to p ro ve the follo wing lemma wh ic h states that the four ring p rop erties are preserv ed after th e fir st break in l : Lemma pre_ri ng_B: forall(m:fmap )(l:list ), i nv_hmap m -> planar m -> let x := fst (first l) in let y := A m zero x in let x0 := bottom m zero x in let m1 := B m zero x in ~expf m y x0 -> ring m l -> (pre_ring 0 m 1 (tail l) /\ pre_ring1 m1 (tail l) /\ pre_r ing2 m1 (tail l) /\ pre_ri ng3 m1 (tail l)). The most difficult is to pro ve th e part of the result concerning p re ringk , for k = 0 , . . . , 3. The four pro ofs are led by induction on l in separate lemmas. F or pre ring0 , the p ro of is rather simple. But, for the other three, the core is a long reasoning where 2, 3 or 4 lin k s are in vo lved in inpu t. Since eac h link con tains a Bo olean, sometimes app earing also in outp u t, unt il 2 4 = 16 cases are to b e considered to com bine the Bo olean v alues. Finally , fr om Jordan1 and p re ring B ab ov e, w e hav e the exp ected result by a quic k reasoning by induction on l , where links are broken one by one fr om the first: Theorem Jordan: forall( l:list)( m:fmap), inv_hmap m -> planar m -> ring m l -> nc (Bl m l) = nc m + 1. It is clear that, provided a mathematical hyp ermap M and a mathemat ical ring R conform to Definitions 2.1 and 2.7, we ca n alwa ys describ e them as terms of our sp ecification framew ork in order to apply our JCT. Conv ersely , giv en a hyp ermap term, some mathematical rings cannot directly b e written as terms. T o d o it, our ring description and our JCT pro of ha v e to b e slightly extend ed. Ho w ev er, that is not necessary for the c ombinatorial maps (where α 0 is an inv olution) terms, for which our r ing sp ecification and our JCT formalization are c omplete . This is more than en ou gh to affir m the v alue of our results. 7. Conclusion W e ha ve presented a new d iscrete statemen t of the JCT based on hyperm aps and rings, and a formalized pr o of assisted b y the Co q system. Our hyp ermap mo deling with op en orbits simplifies and precises most of kno wn facts. It also allo ws to obtain some new results, particularly about hypermap construction/destruction, connection/disconnection and planarit y . This w ork in volv es a substantia l framewo rk of hyperm ap sp ecificat ion, whic h is bu ilt fr om scr atch , i.e. exemp t from any prop er axiom. It is basically the same as the one we h a v e designed to dev elop geo metric mo d elers via algebraic sp ecifications (2). So, we kno w ho w to efficiently implement all the notions we formally d eal with. The Co q system tur ned out to b e a precious auxiliary to guide and c heck all th e pro cess of sp ecification and p ro of. The preexisten t framew ork of hyp ermap sp ecificati on r epresen ts ab out 15,000 lines of Co q, and the JCT dev elopmen t ab out 5,000 lines, includin g ab out 25 new definitions, and 400 lemmas and theorems. Note that all resu lts ab out the dimension 0 264 J.-F. DUF OURD w ere actually prov en, bu t some planarit y prop erties ab ou t dimension 1, whic h are p erfectl y symmetrical, ha v e just b een admitted. Ho wev er, the JCT formal p r o of is complete. So, we ha ve a solid foun d ation to tac kle any top ological prob lem inv olving orienta b le surface sub d ivisions. Extensions are in 2D or 3D compu tational geometry an d geometric mo deling by in tro d ucing emb eddings (6; 2), and compu ter imagery b y dealing with pixels (7) or v o xels. References [1] Bauer, G., Nipko w, T.: Th e 5 Colour Theorem in Isab elle/ Isar. In The or em Pr oving in HOL Conf. (2002). LNCS 2410 , Sprin ger-V erlag, 67–82. [2] Bertrand, Y., Dufourd, J.-F.: Algebraic sp ecificat ion of a 3D-modeler b ased on h yp er- maps. Gr aphic al Mo dels and Image Pr o c essing 56 : 1 (1994), 29–60. [3] The Co q T eam Dev elopmen t-LogiCal Pro ject: The Co q P ro of Assistant Reference Man ual - V ers ion 8.1, INRIA, F ran ce (2007). http: //coq.in ria.fr/do c/main.html . [4] Cori, R.: Un Co de p our les Graphes P lanaires et ses App lications. Ast´ erisque 27 (1970 ), So ci ´ et ´ e Math. de F r an ce. [5] Dehlinger, C ., Dufourd, J.-F.: F ormalizing the trading theorem in Co q. The or etic al Computer Scienc e 323 (2004), 399–442. [6] Dufourd, J.-F., Puitg, F.: F onctional sp ecification and protot ypin g with com binatorial orien ted maps. Comp. Ge ometry - Th. and A ppl. 16 (2000) , 129–15 6. [7] Dufourd, J.-F.: Design and certification of a new optimal segmen tation p rogram w ith h yp ermaps. Pattern R e c o gnition 40 (2007), 2974–2 993. [8] Dufourd, J.-F.: A h yp ermap fr amew ork for computer-aided pro ofs in sur face sub divi- sions: Genus theorem and Euler’s form u la. In: 22nd ACM SAC (2007 ), 757–7 61. [9] F ran¸ con, J.: Discrete C om binatorial Su rfaces. CVGIP : Graphical Mo dels and Image Pro cessing 57 :1, (1995), 20–26. [10] Go nthier, G.: A computer-chec ke d pro of of the F our Colour Th eorem. Microsoft Re- searc h, Cam br idge, http ://coq.i nria.fr/ doc/main.html (2005), 57 pages. [11] Griffiths, H.: Surfac es . Cam brid ge Univ ersit y Press (1981) . [12] Ha les, T .: A v erified pr o of of th e Jord an curve theorem. S eminar T alk. Dep. of Math., Univ ersity of T oron to (2005), http://ww w.math.p itt.edu/ ~ thales . [13] Kornilo wicz A.: Jordan Curve Theorem. In: F ormalize d Mathema tics 13 :4 (2005) , Univ. of Bialystock, 481–4 91. [14] Rosenfeld, A.: Picture Languages - F ormal Mod els f or Picture Recognitio n. In: Comp. Scienc e and Appl. Math. series . Academic Press, New-Y ork (1979). [15] T utte, W.T.: Combinato r ial orien ted maps. Can. J. M ath. , XXXI :5 (1979), 986–1004 . This work is lice nsed under the Cr eative Commons Attr ibution-NoDer ivs License. T o view a copy of this license, visit http: //creativ eco mmons.org/licenses/by- n d/3.0/ .