Formal Verification of a Topological Spatial Relations Model for Geographic Information Systems in Coq

Abstract

Geographic information systems have undergone rapid growth for decades. Topology has provided valuable modeling tools in the development of this field. Formal verification ofthe model of topological spatial relations can provide a reliable guarantee for the correctness of geographic information systems. We present a proof of the topological spatial relations model that has been formally verified in the Coq proof assistant. After an introduction to the formalization of the axiomatic set theory of Morse–Kelley, the formal description of the elementary concepts and properties of general topology is developed. The topological spatial relations between two sets are described by using the concept of the intersection value. Finally, we formally proved the topological spatial relations between two sets which are restricted to the regularly closed and the planar spatial regions. All the proof details are strictly completed in Coq, which shows that the correctness of the theoretical model for geographic information systems can be checked by a computer. This paper provides a novel method to verify the correctness of the topological spatial relations model. This work can also contribute to the creation and validation of various geological models and software.

1. Introduction

Formal verification is a computer program to prove the correctness of a mathematical model in the manner of the mathematical theorem, in which every logical reasoning has been checked back to the fundamental axioms of mathematics [1]. This method ensures that there are no steps that are omitted in the proving process of the theorem [2]. The reason why we introduce the formal verification is to improve the precision and reliability of mathematics. In addition, the formal proof of fundamental mathematics can also extend to the security verification of engineering and computer systems [3]. Therefore, the complete formal verification can make the theoretical model in the field of spatial information science towards greater clarity and precision.

The first step of formal verification is to choose a theorem prover. With the development of computer science and logical fundamentals, there are numerous theorem provers for formal verification. These tools are based on various logical fundamentals and enjoy their unique preferences. Especially with the emergence of Coq [4,5], Isabelle/HOL [6], HOL Light [7], and Mizar [8], formal verification has attracted the great attention of many mathematicians and computer scientists. People argue about the relative advantages of the different tools in the same way that people argue about the relative advantages of various operating systems [2]. In this paper, we choose Coq because of its simple design and the existing basis of our formalization work.

There are many outstanding achievements in the formalization of mathematics. The most notable example is the formal proof of the “Four-color Theorem”, which was accomplished by Gonthier et al. in 2005 [9]. In addition, furthermore, they presented the formalization of the “Odd Order Theorem” using a Coq proof assistant [10]. Hales et al. accomplished the machine-checked proof of the “Kepler Conjecture” in 2017 [11]. On the other hand, our research team has accomplished the formalization of Landau’s “Foundations of Analysis” [12]. Based on this formal system, the equivalence among completeness theorems of real numbers and the formalization of calculus without limit theory are realized [13,14]. In addition, many researchers and teams have completed or are ready to complete the formal proof of the famous “A list of 100 theorems”, including Gödel’s First Incompleteness Theorem, Jordan Curve Theorem, and Prime Number Theorem [15]. In particular, Wiedijk pointed out that the formal mathematics currently underway is called the third mathematical revolution in the history of mathematics [1]. These achievements make formal mathematics more and more popular in academia, and the research in formal verification is of great significance.

Similar progress can also be found in the realm of computer program verification [3]. Leroy, the winner of the ACM Software System Award, led a project to formally prove the correctness of a compiler for the C programming language [16]. A project was led by Kelin to verify the correctness of an OS kernel using the Isabelle/HOL theorem prover [17]. There are also several formalization works on security verification of blockchain smart contracts [18,19]. Choi et al. introduced a Coq library (Kami) for hardware designs, and users can design, verify, and synthesize hardware systems within Coq [20]. In addition, in some fields of the computer industry, especially in the realm of avionics, formal verification technology has become increasingly important [3].

Geographic information systems (GIS) theory is one of the important parts in the realm of spatial information science and engineering, which is a computer system capable of assembling, storing, manipulating, and displaying geographically referenced data [21,22]. In addition, these data can be applied to help governments better plan the layout of facilities and digital urban management [23,24]. The user can analyze the spatial information by submitting queries to GIS. The classic GIS query needs to be combined with spatial relations to describe constraints about spatial objects [25]. Therefore, the description of spatial relations is critical for the analysis and display of spatial objects in a GIS.

The variety spatial relations can be divided into three major categories: relations described by prepositions, relations described by distances and directions (metric relations), and relations described by topologies (topological relations) [26]. The great development of general topology provides valuable modeling tools for GIS. The basic concept of topology can be used to define and distinguish relationships between two spatial objects [25]. Therefore, the concept of topological spatial relations is widely used in GIS. It also can be extended to the fields of engineering that deal with spatial data, especially for applications in surveying engineering, CAD/CAM, and image display [24,26,27]. Traditionally, spatial relations models are used for engineering and computer systems using paper-and-pencil proofs and numerical methods. However, these methods cannot ascertain accuracy due to their inherent limitations, such as human-error proneness and numerical errors. Thus, an accurate model of topological spatial relations has become a dire need.

There is a topological spatial relations model applied to GIS which is systematically proposed by Egenhofer and Franzosa [27]. This model may not be the best one, but it provides a sound theoretical basis for the development of GIS. In addition, it has also become a GIS-industry standard for the description of spatial objects [25]. Our formalization has referred to this topological spatial relations model and presents a more complete and precise version. It is worth mentioning that some basic properties proposed in [27] are not essential in the subsequent theorem-proving process. To ensure the conciseness of our paper, we only formally describe the essential properties in the formal system. In addition, the theorem prover Coq can find the details such as errors, redundancy, and the missing part in the process of paper-and-pencil proofs. In addition, our work also needs to be based on the formal system of general topology developed by ourselves. This formal system starts from the axiomatic set theory [28] and provides the formal verification of the basic topological concepts. As an application of this formal system, we completed the formal verification of the C.T. Yang Theorem [29] and some other classical properties in general topology [30].

In this paper, we formally prove a topological spatial relations model applied to GIS using Coq proof assistant. Our formalization work starts with the axiomatic set theory of Morse–Kelley (MK), and then the formal definition of general topology and verification of its various classical properties are introduced. Next, the concept of the intersection value between two sets is proposed. Finally, we formally prove the topological spatial relations between two sets which are restricted to the regularly closed and the planar spatial regions. All the proof details are strictly verified in Coq proof assistant, and the process of formal verification is rigorous and reliable. The main contributions of this paper are as follows. This method offers novel views of the topological spatial relations theoretical model at different levels of detail to suit the different need of readers. In addition, it also contributes to verifying the correctness of various GIS models and software, as well as storing, querying, and manipulating geographically referenced data.

This paper is organized as follows. Section 2 overviews the related work of topological spatial relations. Section 3 gives a brief account of the Coq theorem prover and the axiomatic set theory of Morse–Kelley, which act as preliminaries for the presented formalization. Section 4 introduces the formalization of general topology, which includes the formal definition of general topology and verification of its various classical properties. In Section 5, we present the formalization of the topological spatial relations model applied to GIS. Finally, we conclude the paper in Section 6.

2. Related Work

Egenhofer and Franzosa systematically proposed a point-set topological spatial relations model in 1991, in which the relations are defined using the intersections of the boundaries and interiors of a pair set [27]. In particular, this model has been used widely in GIS when the sets are restricted to the planar spatial regions. Based on this, Ref. [31] proposed an improved topological relations model between moving object trajectories. There is an application in hydrocarbon exploration for risk analysis based on the topological spatial relations model [32]. In addition, Leng et al. presented a generalized 9-Intersection model that can be used for spatial regions with holes [33]. In recent years, there has been some research to extend the concept of topology. Al-shami et al. developed some extensions of topology like supra-topology and infra-topology; these works will make the topological spatial relations between a pair set to become more diverse and accurate [34,35]. These achievements enrich the theoretical model of topological spatial relations.

There are several studies on the formalization of the spatial relations model, but most works are at the semantic level. Xu presented a method of formalizing the natural-language spatial relations between two linear objects with topological and metric indices, and these formalized rules can be used in ArcGIS [36]. In 2012, Bernad et al. described a formalization of the notion of semantic location granule and semantic granule map [37]. In addition, there is a novel framework to formally represent the semantics of structural geological models [38]. However, these formalizations are based on paper-and-pencil proofs and numerical methods. These methods cannot ascertain accuracy due to their inherent limitations, like human-error proneness and numerical errors. To overcome this limitation, we extend the formalization of the topological spatial relations to the Coq theorem prover. The Coq system is relying on a small, trusted core to construct and verify a proof. When verifying a theorem interactively, it requires every step to be spelled out in complete detail. In addition, all the proof details can be checked in this system, which can provide a reliable guarantee for the security of GIS [39].

The formalization of general topology is essential for the machine-checked proof of the topological spatial relations model. Set theory is the foundation of modern mathematics. Our research team has completed the formalization of the axiomatic set theory of MK using the Coq theorem prover [28]. In addition, there is also a project in Coq led by Zhang to formally verify the set theory based on the Zermelo–Fraenkel (ZF) axiom system [40]. The above formalization works provided a solid foundation for our paper. In addition, the formalization of general topology also appears in academics with varying degrees. The most representative is a Coq contribution library led by Schepler, which provides basic concepts of general topology and realized the formal proof of the Tietze Extension Theorem [41]. Another formalization work is completed in Isabelle by Friedrich, where the basic notions of general topology are presented [42]. We also formally proved the C.T. Yang Theorem in Coq [29], which provided a basis for the formalization of general topology. Our present work is based on the above formalization works.

3. Preliminaries

In this section, we give a brief introduction to the Coq proof assistant and an overview of the set theory, which provides foundational support for the presented formalization.

3.1. Coq

The underlying theory of the Coq system is the Calculus of Inductive Constructions, which is a formalism that combines some of the advances in logic from the point of view of $\lambda$-calculus [4,5,43]. Coq is an interactive theorem proving environment where the user and machine work together interactively to complete the formal proof. The user is given the possibility to decompose a complex theorem into a collection of already verified theorems or axioms by an inference rule [4,5,43]. The Coq system provides a wide variety of available built-in Coq tactics, including tactics specialized in reasoning about the inductive type, the main automatic tactics, and the tactics for numerical proofs, which are extensively used in our formalization work [4]. In addition, there is Ltac language in Coq for proof automation. The expert users have the possibility to add their own tactics, which will make the formalization more concise and smart.

To make the formalization more readable, the Coq proof assistant provides a Notation command [4,5,43]. The formalization presented in this paper uses a plentiful notation to make the paper more readable for non-experts of Coq. We use the notation “∀” and “∃” to denote the quantifiers; the “$\lambda t,\cdots$” notation for anonymous function “fun $t,\cdots$”; the notation “∧” and “∨” to denote the logical connectives; the notation “→” and “↔” represent implication and equivalence; and not equal is written by “≠”. More notations and their formal description in our system can be seen in

Table 1. The notations in our formal system.

Notation	Coq Definition	Mathematical Meaning
$a\in A$	In a A	a is an element of A
$\left\{P\right\}$	Classifier P	The set satisfying property P
$⨀A$	NoEmpty A	The non-void class
⌀	Empty	The void class
$\left\{x\right\}$	Singleton x	Singleton x
$A\subset B$	Included A B	B contains A
$A⊊B$	ProperSub A B	B properly contains A
$\mathcal{P}\left(X\right)$	PowerSet X	The power class of X
$A\cup B$	Union A B	The union of A and B
$A\cap B$	Inter A B	The intersection of A and B
$A-B$	Setmin A B	The difference of A and B
$\bigcup x$	EleU x	The union of the members of x
$\bigcap x$	EleI x	The intersection of the members of x
$\left[x\right|y]$	Unorder x y	An unordered pair
$[x,y]$	Order x y	An ordered pair
$X\times Y$	Cartesian X Y	The Cartesian product
$ran\left(R\right)$	Range R	The range of a relation R
$dom\left(R\right)$	Domain R	The domain of a relation R
$F\left[x\right]$	Value F x	The value of F at x
$f|A$	Restriction f A	The restriction of f to A
$\tilde{X}$	neSub X	The family of nonempty subsets of X

.

The Coq system implements constructive or intuitionistic logic, in which the law of excluded middle and Axiom of Choice do not hold [5]. However, these laws are indispensable in our formalization. Various basic logics have been formalized and saved as Coq library. The law of the excluded middle can be imported in our system by the Classical library, which is expressed below:

Based on the law of the excluded middle, we can prove more classical tautologies such as $\sim \sim P\to P$ in our system. In addition, we will formally describe the Axiom of Choice based on the concept of function in Section 3.2. More details about the Coq system can obtain from the Coq reference manual [44].

3.2. Set Theory

The foundations of mathematics are crucial for the formalization of our paper. The naive set theory developed by Cantor is the profound embodiment of the strict mathematical foundation [45]. The first comprehensive formal system for logic and mathematics is introduced by Frege in 1879 [3]. However, the logic paradox in Frege’s system and Cantor’s naive set theory was later found [3,45]. In addition, this paradox triggered the third mathematical crisis in the history of mathematics [45].

There are two solutions to this paradox, axiomatic set theory and dependent type theory, to avoid such self-contradictory collections [3,46,47]. The dependent type theory introduces the concept of types to solving self-referentiality, which became very popular in the emerging field of computer science [46]. The axiomatic set theory is more friendly to mathematicians and did specify explicit axioms for set construction [45]. The most representative of axiomatic set theory is ZF set theory [2,48]. Zhang completed the formalization of set theory based on the ZF axiom system using the Coq theorem prover [40]. In addition, the MK set theory was originally published in an appendix format with Kelley’s textbook General topology [49]. Our research team presented the formalization of MK set theory using the Coq theorem prover in 2020 [28]. In addition, this theory system owns a wider range Class than Set, with an infinite axiomatic system [28,49]. Therefore, we select the method of axiomatic set theory to avoid Russell’s paradox. One of the primary reasons to choose the MK axiomatic set theory for the proposed formalization was the presence of extensive support of the MK set theory to general topology. On the other hand, we are familiar with the MK axiomatic set theory and have a relevant formal work foundation. Now, the goal of this section is to formally describe all axioms in our paper.

The type of sets and elements are both Class, and the type of Class is Type in our system. In addition, there are two undefined primitive constants in MK set theory, “∈” (is read belongs to) and “{$\cdots |\cdots$}” (is read the class of all ⋯ satisfy ⋯). The formal description of these constants in Coq is as follows:

Several concepts are essential for the MK axiomatic set theory, including empty class, singleton class, include, union, intersection, and the union of the members of the class. We formalize the above definitions in Coq as follows:

The concepts of relation and function also play an important role in the MK axiomatic set theory. In our formal system, the relations are defined by the concepts of ordered pairs. In addition, the body of all mathematical constructions and theorems can be constructed from the notions of relation and function. Our formalization of these notions is as follows:

Now, we can present the formalization of the eight axioms in the MK set theory. The formal description of these axioms can be seen in Figure 1.

Another important axiom is the Axiom of Choice, which has numerous equivalent formats [50,51]. The format in our system is: Let X be a set; then, there is a function $\epsilon$ (the choice function of X) such that the domain of $\epsilon$ is the family of nonempty subsets of X, and such that $\epsilon \left[A\right]\in A$ for every nonempty subset A of X. The formal description of the Axiom of Choice and its corollaries is as follows:

With the eight axioms of the MK system and the Axiom of Choice, we can build a library of set theory. The complete details of our formalization for set theory can be found in source file Ensemble.v library.

4. Formalization of General Topology

The notions of interior and boundary play an important role in the presented model of topological spatial relations [27]. In this section, we formally describe the basic definitions and properties of general topology, including topological spaces, subspace topology, and connectedness. All details of formal proof can be found in our source files, and the paper-and-pencil proof can be found in most basic topology textbooks [25,49,52].

4.1. Basic Concepts

4.1.1. Topological Spaces and Neighborhoods

Topological spaces constitute a basic notion in several mathematical fields such as general topology, algebraic topology, and differential topology [53]. In the early stage of the development of topology, topological spaces are constructed by neighborhood systems and closure operations [54,55]. Topological spaces have many equivalent definitions, and the most popular one is the concept of an open set.

Let X be a set. A topology$\mathcal{T}$ on X is a collection of subsets of X, such that (i) ⌀ and X are in $\mathcal{T}$; (ii) If $A,B$ are in $\mathcal{T}$, then $A\cap B$ is in $\mathcal{T}$; (iii) If ${\mathcal{T}}_1\subset \mathcal{T}$, then $\bigcup {\mathcal{T}}_1$ is in $\mathcal{T}$. The pair $(X,\mathcal{T})$ is called a topological space. When no confusion seems possible we may forget to mention the topology and write "X is a topological space." The sets in $\mathcal{T}$ are called open sets. In the remainder of this paper, we let X be a set with a topology $\mathcal{T}$. The concept of topological spaces in our formalization work is described below:

Let U be a subset of X, $x\in U$; if there is an open set V such that $x\in V\subset U$, then U is said to be a neighborhood of x. The family of all neighborhoods of x is said to be the neighborhood system of x. From these, we can obtain several basic properties of neighborhoods. A subset U of X is an open set if and only if U is the neighborhood of each point. Let ${\mathcal{U}}_x$ be a neighborhood system of a point x in X; then, (i) If $U,V$ in ${\mathcal{U}}_x$, then $U\cap V\in {\mathcal{U}}_x$; (ii) If U in ${\mathcal{U}}_x$ and $U\subset V$, then $V\in {\mathcal{U}}_x$; (iii) If U in ${\mathcal{U}}_x$, then there is a member V of ${\mathcal{U}}_x$ such that (i) $V\subset$ U and, (ii) if $y\in V$, then $V\in {\mathcal{U}}_y$. The corresponding definitions and properties of the neighborhoods are described in Coq as follows:

4.1.2. Derived Sets, Closed Sets, and Closure

Let $A\subset X$ and $x\in X$; if each neighborhood U of x has points in A other than x, then x is said to be an accumulation point of A. The set of all accumulation points of A is said to be the derived set of A, denoted by $d\left(A\right)$. Let $A\subset X$; then, (i) If $A\subset B$, then $d\left(A\right)\subset d\left(B\right)$; (ii) $d(A\cup B)=d\left(A\right)\cup d\left(B\right)$; (iii) $d\left(d\right(A\left)\right)\subset A\cup d\left(A\right)$. The above statements can be presented in our formalization as follows:

If $A\subset X$ and $d\left(A\right)\subset A$, then A is said to be a closed set of topological space X. It is obvious that A is a closed set if and only if the complement set $A^{\prime }$ of A is an open set.

If $A\subset X$, then $A\cup d\left(A\right)$ is said to be the closure of A, denoted by $\overline{A}$ or $c\left(A\right)$. We obtain the classical properties for closure. The subset A of topological space X is a closed set if and only if $A=\overline{A}$. We can easily prove that: (i) $\overline{⌀}=⌀$; (ii) $\overline{\overline{A}}=\overline{A}$.

4.1.3. Interior and Boundary

The concepts of interior and boundary play an essential role in establishing the topological spatial relations model. Let $A\subset X$ and $x\in X$; if A is a neighborhood of x, then x is said to be an interior point of A. The set of all interior points of A is said to be the interior of A, denoted by $A^{\circ }$. In addition, there are several important relationships between internal and closure. If $A\subset X$, then (i) $A^{\circ }=A^{{}^{\prime }{-}^{\prime }}$; (ii) $\overline{A}=A^{{}^{\prime }{\circ }^{\prime }}$. In the properties of the interior, there are a set of properties that are completely dual to the properties of the closure. The subset A of topological space X is an open set if and only if $A=A^{\circ }$. If $A\subset X$, then (i) $A^{\circ \circ }=A^{\circ }$; (ii) $A^{\circ }$ is an open set. The corresponding definitions and properties of the interior are described in Coq as follows:

Let $A\subset X$ and $x\in X$; if every neighborhood U of x intersects both A and the complement of A, then x is said to be a boundary point of A. The set of all boundary points of A is said to be the boundary of A, denoted by $\partial A$. It is obvious that $A^{\circ }\cap \partial \left(A\right)=⌀$. The relationships among closure, interior, and boundary are crucial to the discussions of the topological spatial relations model. If A is a subset of topological space X, then (i) $\partial \left(A\right)=\overline{A}\cap \overline{A^{\prime }}={(A^{\circ }\cup A^{\prime \circ })}^{\prime }=\partial \left(A^{\prime }\right)$; (ii) $\overline{A}=A^{{}^{\prime }{\circ }^{\prime }}=A^{\circ }\cup \partial \left(A\right)$; (iii) $A^{\circ }=A^{{}^{\prime }{-}^{\prime }}=\overline{A}-\partial \left(A\right)$. In addition, several simple corollaries of the above theorems are frequently used in our formalization. If A is a subset of topological space X, then (i) $\overline{A}=A\cup \partial \left(A\right)$, $A^{\circ }=A-\partial \left(A\right)$; (ii) $\partial \left(A^{\circ }\right)\subset \partial \left(A\right),\partial \left(\overline{A}\right)\subset \partial \left(A\right)$. The formal description of definitions and classical properties for boundaries can be seen in Figure 2.

4.2. The Subspaces Topology

The concept of the subspace topology is essential for the rest of this paper. Let $(X,\mathcal{T})$ be a topological space and $Y\subset X$; then, Y inherits a topology from $\mathcal{T}$. Define ${\mathcal{A}|}_Y=\{A\cap Y|A\in \mathcal{A}\}$; then, ${\mathcal{T}|}_Y$ is called the subspace topology on Y, and $(Y,\mathcal{T}{|}_Y)$ is called a subspace of $(X,\mathcal{T})$. Now, we formally prove some classical results about the subspace topology. If $(X,\mathcal{T})$ is a topological space and $Y\subset X$, then we can prove that the family ${\mathcal{T}|}_Y$ is a topology on set Y by the Axiom of Choice. In addition, the property of a topological space that is preserved by its subspaces is called a hereditary property. Another frequently used theorem is: $Y^{\circ }\cup X-\overline{Y}=X-\partial \left(Y\right)$. If Y is a subspace of topological space $(X,\mathcal{T})$, $y\in Y$ and $A\subset Y$, then (i) Let ${\mathcal{U}}_y$ be a neighborhood system of a point y in X, and $\widetilde{{\mathcal{U}}_y}$ be a neighborhood system of a point y in Y; then, $\widetilde{{\mathcal{U}}_y}={\mathcal{U}}_y{|}_Y$; (ii) $d_Y\left(A\right)=d\left(A\right)\cap Y$; (iii) $c_Y\left(A\right)=\overline{A}\cap Y$. The above definitions and properties for the subspace topology are formally described in Coq as follows:

4.3. Connectedness

Another crucial topological concept which plays an important role in the study of GIS models is connectedness. Let A and B be the subset of topological space X; if $(A\cap \overline{B})\cup (B\cap \overline{A})=⌀$, then A and B is called a separation of X. The condition in the above definition is equivalent to $A\cap \overline{B}=⌀$ and $B\cap \overline{A}=⌀$. Let Y be a subspace of topological space X, A and B are the subset of Y, and then A and B are a separation of Y if and only if A and B are a separation of X. We formalize the definition and properties of separation in the Coq theorem prover as follows:

If there exists a pair $A,B$ of nonempty separation subsets of X such that $X=A\cup B$, then X is said to be disconnected; otherwise, X is said to be connected. Let X be a topological space; then, the following conditions are equivalent: (i) X is disconnected; (ii) There is a pair $A,B$ of nonempty closed subsets of X such that $A\cap B=⌀$ and $A\cup B=X$; (iii) There is a pair $A,B$ of nonempty open subsets of X such that $A\cap B=⌀$ and $A\cup B=X$; (iv) There is a nonempty proper subset of X that is both an open set and a closed set.

Let Y be a subset of topological space X; if subspace $(Y,\mathcal{T}{|}_Y)$ is connected, then Y is said to be the connected subset of X; otherwise, Y is said to be the disconnected subset of X. From this definition, we can obtain: if $Y\subset Z\subset X$, then Y is a connected subset of X if and only if Y is the connected subset of Z. Y is a disconnected subset of X if and only if there exists a pair of the nonempty set, A and B, which is a separation of X and $A\cup B=Y$. Let Y be a connected subset of topological space X; if $A,B$ form a separation of X and $Y\subset A\cup B$, then either $Y\subset A$ or $Y\subset B$. Another property is frequently used in the study of the topological spatial relations model. Let Y be a subspace of topological space X; if $Y^{\circ }\ne ⌀$ and $\overline{Y}\ne X$, then $Y^{\circ }$ and $X-\overline{Y}$ form a separation of $X-\partial Y$. The corresponding definitions and properties of the connected subset in Coq are as follows:

5. Formalization of the Topological Spatial Relations Model

In this section, we first introduce the topological spatial relations using the concept of intersection value and then formally prove the topological spatial relations between two sets which are restricted to the regularly closed and the planar spatial regions. For the remainder of this paper, let A and B be a pair of closed subsets of a topological space X, and our goal is to use topological concepts to examine the different ways in which A and B are related to each other in X. Due to space limitations, we mainly present the formal description of relevant definitions and properties. The details of formal proof can be found in the source file Framework.v library, and the informal proof process can be seen in [27].

5.1. Topological Spatial Relations from the Intersection Value

The model is to describe the topological spatial relations between a pair subset A and B in topological space X. In addition, we consider the four intersections $\partial A\cap \partial B$ (called the boundary–boundary intersection), $A^{\circ }\cap B^{\circ }$ (called the interior–interior intersection), $\partial A\cap B^{\circ }$ (called the boundary–interior intersection), and $A^{\circ }\cap \partial B$ (called the interior–boundary intersection), examining whether or not they are empty. For a set Y, if Y is an empty set, then denote $C_Y=0$; otherwise, $C_Y=1$. We formalize these definitions in the Coq theorem prover as follows:

Definition 1.

Let $A,B$ be a pair of closed sets in X, and define  the intersection value  for A and B by

$$I_{A,B}=(C_{\partial A\cap \partial B},C_{A^{\circ }\cap B^{\circ }},C_{\partial A\cap B^{\circ }},C_{A^{\circ }\cap \partial B}).$$

With the law of the excluded middle, a set is either empty or non-empty. Therefore, there are sixteen possibilities topological spatial relations between the closed sets A and B. The formal description of this definition can be seen in Figure 3.

On the other hand, these topological spatial relations provide complete coverage, that is, there is is always a topological relation between A and B. The sixteen possible topological spatial relations are described in

Table 2. The sixteen possible topological spatial relations between the closed sets A and B.

Number	$\mathit{\partial }\mathit{A}\cap \mathit{\partial }\mathit{B}$	${\mathit{A}}^{\circ }\cap {\mathit{B}}^{\circ }$	$\mathit{\partial }\mathit{A}\cap {\mathit{B}}^{\circ }$	${\mathit{A}}^{\circ }\cap \mathit{\partial }\mathit{B}$
$r_0$	0	0	0	0
$r_1$	1	0	0	0
$r_2$	0	1	0	0
$r_3$	1	1	0	0
$r_4$	0	0	1	0
$r_5$	1	0	1	0
$r_6$	0	1	1	0
$r_7$	1	1	1	0
$r_8$	0	0	0	1
$r_9$	1	0	0	1
$r_{10}$	0	1	0	1
$r_{11}$	1	1	0	1
$r_{12}$	0	0	1	1
$r_{13}$	1	0	1	1
$r_{14}$	0	1	1	1
$r_{15}$	1	1	1	1

.

The type of topological space X in which A and B lie is very important in the topological spatial relations between A and B. As shown in Figure 4, the same configuration for the set A and B has a different intersection value. On the left of Figure 4, the set A and B is embedded in a line. As the subsets of the line, the intersection value between A and B is $I_{A,B}=(0,1,1,1)$. On the right of Figure 4, the set A and B is embedded in a plane. At this time, $\partial A=A,\partial B=B,A^{\circ }=B^{\circ }=⌀$. Then, the intersection value between A and B is $I_{A,B}=(1,0,0,0)$.

In addition, if X is in the real number plane ${\mathbb{R}}^2$, then these sixteen topological spatial relations can be seen in Figure 5. As shown in Figure 5, the intersection values $r_0,r_1,r_3,r_6,r_7,r_{10},r_{11},$ and $r_{15}$ can be easily obtained by the definitions of boundaries and interiors. For the situation $r_2$, since $A=B={\mathbb{R}}^2$, then $\partial A=\partial B=⌀$ and $A^{\circ }=A,B^{\circ }=B$, and it follows that $\partial A\cap \partial B=⌀,A^{\circ }\cap B^{\circ }\ne ⌀,\partial A\cap B^{\circ }=⌀$, and $A^{\circ }\cap \partial B=⌀$. Therefore, the intersection value between A and B is $r_2=(0,1,0,0)$. In addition, the intersection values $r_4,r_5,r_8,r_9,r_{12}$, and $r_{13}$ belong to the same category. Take the situation $r_4$ as an example. From the example in Figure 4, we can known that: if the line set A embedded in a plane, then $\partial A=A$ and $A^{\circ }=⌀$; it follows that $\partial A\cap \partial B=⌀,A^{\circ }\cap B^{\circ }=⌀,\partial A\cap B^{\circ }\ne ⌀$, and $A^{\circ }\cap \partial B=⌀$. Therefore, the intersection value between A and B is $r_4=(0,0,1,0)$. For the situation $r_{14}$, A is a circular ring and B is a circular; then, $\partial A\cap \partial B=⌀,A^{\circ }\cap B^{\circ }\ne ⌀,\partial A\cap B^{\circ }\ne ⌀$, and $A^{\circ }\cap \partial B\ne ⌀$, and it follows that the intersection value between A and B is $r_{14}=(0,1,1,1)$.

5.2. Topological Spatial Relations between Regularly Closed

In the application of GIS, we need to restrict the types of sets under consideration. From the examples in Figure 5 we conclude that at least the relations $r_0,r_1,r_2,r_3,r_6,r_7,r_{10},r_{11},r_{14}$, and $r_{15}$ exist between two regularly closed sets. Thus, the subsets A and B are restricted to the regularly closed in this section, which are defined as follows:

Definition 2.

For a set A, if $A=\overline{A^{\circ }}$, then A is called regularly closed.

Regularly closed subsets of the plane have no whiskers attached, and all boundary points have interior points arbitrarily close by. This feature is crucial in modeling geographic areas. From the above definition, we obtain a fundamental property of regularly closed: Let A and B be regularly closed in X; if $\partial A\cap B^{\circ }\ne ⌀$, then $A^{\circ }\cap B^{\circ }\ne ⌀$. The above notions are described in Coq as follows:

The following theorem shows that, when the sets are restricted to regularly closed, some situations do not occur.

Theorem 1.

For a pair of regularly closed sets A and B, the intersection values $r_4,r_5,r_8,r_9,r_{12}$, and $r_{13}$ cannot occur.

The formal description of this theorem is shown in Figure 6.

5.3. Topological Spatial Relations between Planar Spatial Regions

In this section, the subsets A and B are restricted to the planar spatial region. This condition guarantees that the set does not have separate interior parts that are, for instance, only accessible from each other by going through the boundary.

Definition 3.

A  planar spatial regionin a connected topological space X is a nonempty proper subset A of X satisfying (i) A is regularly closed; (ii) $A^{\circ }$ is a connected subset of X.

With this definition, we prove some basic results about the planar spatial region. For instance, the following statements state that: (i) The interior of each planar spatial region is nonempty; (ii) The closure of each planar spatial region is not equal to X; (iii) Each planar spatial region is a connected subset of X. The above definition and statements, formalized in our system, are:

The following theorem eliminates one more possible topological spatial relation, as long as we assume that X is a connected topological space.

Theorem 2.

Let X be a connected topological space; then, for two planar spatial regions A and B, the intersection value $r_2$ cannot occur.

There is a lemma that is essential for the proof of Theorem 2: the boundary of each planar spatial region is nonempty. These properties are described formally in the Coq theorem prover as follows:

Therefore, the only intersection values that are possible for two planar spatial regions are $r_0,r_1,r_3,r_6,r_7,r_{10},r_{11},r_{14}$, and $r_{15}$. The following theorem describes the corresponding relationship between nine possible intersection values and their topological spatial relation.

Theorem 3.

Let A and B be planar spatial regions of connected topological space X; then, the possible intersection values for A and B are listed in the left column of

Table 3. The nine relations between two planar spatial region A and B.

Intersection Value	Relationship
$r_0=(0,0,0,0)$	$A\cap B=⌀$
$r_1=(1,0,0,0)$	$A\cap B=\partial A\cap \partial B$
$r_{14}=(0,1,1,1)$	$A^{\circ }\cap B^{\circ }\ne ⌀$
$r_{15}=(1,1,1,1)$	$A^{\circ }\cap B^{\circ }\ne ⌀$
$r_3=(1,1,0,0)$	$A=B$
$r_6=(0,1,1,0)$	$A\subset B^{\circ }$
$r_7=(1,1,1,0)$	$A\subset B$
$r_{10}=(0,1,0,1)$	$B\subset A^{\circ }$
$r_{11}=(1,1,0,1)$	$B\subset A$

, and the topological spatial relations between A and B are depicted in the right column.

The first four rows of Table 3 can be easily proved in our system, and the formal description can be seen in Figure 7.

The remaining conclusions of Theorem 3 are based on the property of connectedness. There is a lemma that is indispensable for the proof of Theorem 3. Let A and B be planar spatial regions; if $A^{\circ }\cap B^{\circ }\ne ⌀$ and $A^{\circ }\cap \partial B=⌀$, then $A^{\circ }\subset B^{\circ }$ and $A\subset B$. Here is the formal statement we obtained in the Coq proof assistant corresponding to the above lemma.

As shown Figure 8, we completed the formal description of Theorem 3.

Since geographic areas are planar spatial regions, Theorem 3 can be used to describe the relationships between pairs of geographic areas. Furthermore, the descriptive expressions in Table 3 are mutually exclusive and cover all possibilities for the relationship between two geographic areas.

6. Conclusions

This paper presented a formalization of a topological spatial relations model applied to geographic information systems in the Coq theorem prover. The formalization proceeds from the Morse–Kelley set theory, and basic notions and results of general topology are further developed. The topological spatial relation is defined by using the concept of intersection value, and we studied the topological spatial relations between two sets which are restricted to the regularly closed and the planar spatial regions. Finally, we formally proved that there are only nine topological spatial relations between two sets when they are restricted to planar spatial regions. In addition, all the proof details of this model are verified in Coq 8.9.1. The complete Coq source files are available at https://github.com/BalanceYan/GIS_topology (accessed on 26 December 2022) for readers interested in viewing the Coq code.

The distinctive characteristics of our formalization work are: (i) It inherits the advantages of the MK axiomatic set theory, and the self-contradictory collections such as Russell’s paradox are excluded from our system; (ii) It profits from the Coq proof assistant and offers novel views of the topological spatial relations theoretical model at different levels of detail to suit the different need of readers; (iii) It also contributes to verifying the correctness of various GIS models and software, as well as storing, querying, and manipulating geographically referenced data.

In the future, we will formally verify more GIS models based on this paper. On the one hand, we can supplement the formalization of real theory, and then explore the topological spatial relations when the topological space X is n-dimensional Euclidean space. On the other hand, we will further improve the automation of formal proof by several automatic tactics and Ltac language. In addition, this will be an interesting attempt in the field of GIS. In addition, this model has an important effect on the design and implementation of geographic information systems. We can apply it for the formalization of topological spatial relations between spatial objects of different dimensions, such as a line and regions with holes. In particular, when the concept of topology is extended to supra-topology and infra-topology, the topological spatial relations between a pair set will become more diverse and accurate.