Abstract
The original proof of the four-color theorem by Appel and Haken sparked a controversy when Tymoczko used it to argue that the justification provided by unsurveyable proofs carried out by computers cannot be a priori. It also created a lingering impression to the effect that such proofs depend heavily for their soundness on large amounts of computation-intensive custom-built software. Contra Tymoczko, we argue that the justification provided by certain computerized mathematical proofs is not fundamentally different from that provided by surveyable proofs, and can be sensibly regarded as a priori. We also show that the aforementioned impression is mistaken because it fails to distinguish between proof search (the context of discovery) and proof checking (the context of justification). By using mechanized proof assistants capable of producing certificates that can be independently checked, it is possible to carry out complex proofs without the need to trust arbitrary custom-written code. We only need to trust one fixed, small, and simple piece of software: the proof checker. This is not only possible in principle, but is in fact becoming a viable methodology for performing complicated mathematical reasoning. This is evinced by a new proof of the four-color theorem that appeared in 2005, and which was developed and checked in its entirety by a mechanical proof system.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Strict finitists and adherents of other extreme forms of constructivism might take issue with that, but we will subscribe to what has been the received view ever since Cantor and endorse the existence of infinitely many mathematical objects of various types, including proofs. To the extent that it is possible, we will try not to let this prejudge any epistemological questions, particularly in connection with aprioricity.
Burge(1998) and others have expressed similar positions, and we owe a debt to them, but our analysis here will take a different route.
In “a mixture of penitence and intransigence,” Kitcher has more recently revised his earlier account (2000), but continues to maintain that mathematical knowledge cannot be a priori, and that any philosophically interesting account of aprioricity must entail infallibility and indefesability.
In the present paper, when we speak of the proposition established by a proof we will mean the conditional proposition to the effect that the premises entail the conclusion. Whether or not the premises are known a priori is another question. We believe that quite a few mathematical truths can be known a priori by direct rational insight instead of inference (Peano’s axioms, for example), even though some others (such as certain set-theoretic axioms) might not be so knowable.
We assume that proofs are expressed in a sufficiently expressive formal system, and that there is a simple proof-checking algorithm that can be used to verify such proofs. That is the case, e.g., for first-order logic and for several higher-order type theories.
We distinguish between formulas and propositions, the latter being what the former express, but nothing of what we say here hinges on the metaphysical status of propositions.
Some have expressed puzzlement as to how a proof can be unsound. In the words of Rota (1997, p. 183). “The expression ‘correct proof’ is redundant. Mathematical proof does not admit degrees. A sequence of steps in an argument is either a proof, or else it is gibberish.” However, the expression ‘correct proof’ is no more redundant than the expression ‘correct computer program’. Both proofs and programs have rich, recursive syntactic structure (a fact that is obscured in the preceding passage, which suggests that proofs are linear sequences of steps). Both can be given inputs and evaluated, and the evaluation can generate an error, or it can generate an output (in the case of proofs, the output is the conclusion). Correctness is always relative to specification. A proof can perfectly correctly derive a conclusion C 1, but we might still call it incorrect if we expected it to derive some other conclusion C 2 instead. Moreover, even if it does derive the desired conclusion, the question is what assumptions it requires in order to do so. A proof could correctly generate a conclusion with respect to one set of assumptions and fail with respect to others. Sets of assumptions are the primary “inputs” to proofs. This view of proofs as complex syntactic objects with formal evaluation semantics over assumption bases is developed at length by Arkoudas (2000). In this paper, by a “proof” D we will generally mean a syntactic object, essentially an abstract syntax tree (AST) in some appropriate abstract grammar (Reynolds 1998). We will be quite liberal on what counts as a token \({\widehat{D}}\) of such a proof D; it could be either (a token of) a linear string over some alphabet that can be parsed into an AST, or (a token of) a two-dimensional picture of an AST, and so on. If a token \({\widehat{D}}\) is incorrectly mutated, then the resulting physical object might fail to be a token of any proof, or it might become a token of some other proof. Precise identity criteria for proofs can be given but need not concern us here.
Such facts will include both specific observations and generalizations, e.g., an assertion to the effect that humans can reliably carry out algorithms.
These are, of course, very similar to the idealizations made by Turing in his analysis of computation. An important difference is that Turing did not require any understanding beyond the ability to follow rules.
There are some subtle issues here. If we require direct understanding of a proposition P in order for P to be known, then propositions expressed by very large formulas cannot be known at all—and a fortiori cannot be known a priori—by an ordinary person, even one who is equipped with unbounded time, paper, ink, and patience (although they could be known by persons with arbitrarily—but finitely—larger intellectual capacities than ours). Even instances of tautologies such as x = x would be unknowable for sufficiently large values of x, such as
$$ 3295787320212553400048257362 = 3295787320212553400048257362, $$(3)since we cannot directly comprehend the proposition expressed by such a formula. However, ordinary persons can know a proposition indirectly, by description, as in “the proposition expressed by (3)” or “the proposition established by the proof I just checked,” provided we know that such definite descriptions designate unique propositions, and in that sense arbitrarily large proofs can indeed provide knowledge.
Assuming that the usual axioms about the real numbers and some other equally evident truths are known a priori. In this paper we are not concerned with non-inferential a priori knowledge, so we will not try to establish that the premises of Gonthier’s proof of the four-color theorem are known a priori. We emphasize, nevertheless, that our position is not simple if-thenism. As mentioned earlier, we do believe that some mathematical truths can be known a priori without inference.
Of course one need not subscribe to functionalism (neither author does) in order to recognize the multiple realizability of algorithms.
However, see Rapaport (1999) for an alternative account of implementation.
That is, apart from error messages.
This simply means that there is an algorithm for listing all and only the theorems of the system. We do not wish to consider, for instance, systems with uncomputable inference rules, and the recursive enumerability proviso blocks such systems.
Some philosophers (Williams 1972) have denied that mathematical knowledge can ever result from testimony. Most hold that reliable testimony produces a posteriori knowledge. Burge (1993) has tendentiously argued that not only can one come to know a mathematical proposition via someone else’s testimony, but can come to do so a priori. Burge’s arguments are subtle and deserve careful attention, but his position is prima facie implausible.
Quoted by MacKenzie (1999, pp. 46–47), who provides an interesting sociological discussion of the four-color theorem.
Of course we also need to believe that the semantics are right, that the system is consistent, and so on. But the deeper we go the more conceptual the issues become, and the less they have to do with the role of computers.
Hardware verification can be challenging, so some have wondered whether we are substituting one difficult problem for another. But in the scenario we are envisaging we would not be concerned with the verification of arbitrary hardware. We would only be concerned with the verification of a specific, fixed hardware device, the one implementing the proof-checking algorithm. Moreover, since the specification of that device is so simple (assuming that it is mostly trust and simplicity that we are after, rather than efficiency), many of the complications that often arise in hardware verification—such as cache coherence protocol correctness—would not be an issue at all.
The ideas were already there, but implementations were not powerful enough.
Personal communication, January 22, 2006.
References
Appel, K., & Haken, W. (1977). Every planar map is 4-colorable. Illinois Journal of Mathamatics, 21, 429–567.
Arkoudas, K. (2000). Denotational proof languages, PhD thesis, MIT, Department of Computer Science, Cambridge, USA.
Arkoudas, K. (2005). Simplifying proofs in Fitch-style natural deduction systems. Journal of Automated Reasoning, 34(3), 239–294.
Arkoudas K: n.d., Athena. http://www.pac.csail.mit.edu/athena
Bonjour, L. (1998). In defense of pure reason, Cambridge University Press.
Burge, T. (1993). Content preservation. Philosophical Review, 102, 457–488.
Burge, T. (1998). Computer proof, apriori knowledge, and other minds. Noûs, 32, 1–37.
Chalmers, D. J. (1996). The conscious mind. Oxford University Press
Chisholm, R. (1989). Theory of knowledge (3rd Ed.). Prentice-Hall.
Cohen, D. I. A. (1991). The superfluous paradigm. In J. H. Johnson & M. J. Loomes (Eds.), The mathematical revolution inspired by computing (pp. 323–329). Oxford: Clarendon Press.
Coquand, T., & Huet, G. (1988). The calculus of constructions. Information and Computation, 76, 95–120.
Detlefsen, M., & Luker, M. (1980). The four-color theorem and mathematical proof. The Journal of Philosophy, 77(12), 803–820.
Gonthier, G. (2005). A computer-checked proof of the four colour theorem http://www.research.microsoft.com/∼gonthier/4colproof.pdf
Kitcher, P. (1983). The Nature of mathematical knowledge. Oxford University Press.
Kitcher, P. (2000). A priori knowledge revisited. In P. Boghossian & C. Peacocke (Eds.), New essays on the a priori. Oxford: Clarendon Press.
MacKenzie, D. (1999). Slaying the kraken: The sociohistory of a mathematical proof. Social Studies of Science, 29(1), 7–60.
Rapaport, W. J. (1999). Implementation is semantic interpretation. The Monist, 82, 109–130.
Reichenbach, H. (1938). Experience and prediction. University of Chicago Press.
Reynolds, J. C. (1998). Theories of programming languages. Cambridge University Press.
Rota, G. -C. (1997). The phenomenology of mathematical proof. Synthese, 111, 183–196
Slaney, J. (1994). The crisis in finite mathematics: Automated reasoning as cause and cure. In A. Bundy (Eds.), Automated Deduction-CADE-12 (pp. 1–13). Springer: Berlin, Heidelberg.
Teller, P. (1980). Computer proof. The Journal of Philosophy, 77(12), 797–803.
Tymoczko, T. (1979). The four color theorem and its philosophical significance. The Journal of Philosophy, 76(2), 57–83.
Voronkov, A. (1995). The anatomy of Vampire: Implementing bottom-up procedures with code trees. Journal of Automated Reasoning 15(2).
Weidenbach, C. (2001). Combining superposition, sorts, and splitting, In: A. Robinson & A. Voronkov (Eds.), Handbook of automated reasoning, (Vol. 2). North-Holland.
Weizenbaum, J. (1976). Computer power and human reason, Freeman and Company
Williams, B. A. O. (1972). Knowledge and reasons. In G. H. V. Wright (Ed.), Problems in the theory of knowledge (pp. 1–11). Springer.
Acknowledgments
We are grateful to Jim Fahey for insightful comments on an earlier draft of this paper. We also thank Amnon Eden and Ray Turner for organizing the PCS track of ECAP 2006 (at Norway’s NTNU), and for comments they made on this paper during the conference.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Arkoudas, K., Bringsjord, S. Computers, Justification, and Mathematical Knowledge. Minds & Machines 17, 185–202 (2007). https://doi.org/10.1007/s11023-007-9063-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11023-007-9063-5