CS576 · Spring 2026 · UIUC

Formalizing Graph Burning
for Path Graphs in Isabelle/HOL

A machine-checked proof that b(Pn) ≤ ⌈√n⌉ for all path graphs
Nancy (Gehan) Jia  ·  Advised by Prof. Elsa Gunter
→ or Space = advance  ·  ← = back  ·  step dots: ●●○○ = revealed / remaining
Motivation2 / 15 · 2 min
Background
  • Graphs can be used to mimic the properties of a social network.
  • While the spread of misinformation or virtual memes in a social network can be depicted by the process of burning a graph.
  • Depending on timed rounds, fire can spread between vertices that are connected by an edge, just as how information can be shared between two individuals that has a direct social connection.
  • Central Question: How fast can misinformation spread in a network?
The Finalized Objective

Prove that the Burning Conjecture is true for Path Graphs.

The Burning Conjecture
b(G) ≤ ⌈√n⌉

for every connected graph G of order n
— Bonato, Janssen, Roshanbin (AAAI 2016)

Why Path Graphs First?
  • Tight bound: b(Pn) = ⌈√n⌉ exactly — conjecture is sharp
  • "Most spread-out" structure: maximum diameter for given vertex count
  • 2k−1 insight: one source with k rounds covers at most 2k−1 vertices = gap between consecutive perfect squares (k² − (k−1)² = 2k−1)
  • Foundation: proof strategy generalizes to other graph families
The Graph Burning Model3 / 15 · 2 min
Example: P9 burnt in k=3 rounds  |  source   spread   unburnt  ·  loops automatically
0 1 2 3 4 5 6 7 8 r.1 src r.2 src r.3 src
path_bs = [g(6), g(2), g(0)]  ·  radii at end: 2, 1, 0  ·  all 9 vertices covered ✓
Definition
Burning Sequence

An ordered list of vertices s₁,…,sk. At round i: si is set on fire (new source), and every already-burning vertex spreads to its neighbors. Graph is fully burnt when all vertices are burning.

Definition
Burning Number b(G)

The minimum length of a burning sequence for G. Equivalently: the minimum k such that k rounds suffice to burn all of G.

b(singleton) = 1  ·  b(P9) = 3

Conjecture
Burning Conjecture
b(G) ≤ ⌈√n⌉

For any connected G of order n. Proven for path graphs by Bonato et al. (2016). This project formalizes that proof.

Project Objective4 / 15 · 2 min
Final Objective
theorem path_burnable: "burnable"

For every path graph Pn in Isabelle/HOL: ∃ burning sequence of length ≤ ⌈√(card V)⌉

Proof Architecture
1
Construct explicit witness path_bs
2
Prove burns_with path_bs (main effort)
3
Bound: length path_bs ≤ ⌈√(card V)⌉
4
Combine to conclude burnable
Scope
  • Finite — avoids infinite enat distances
  • Non-empty — ensures path_k > 0
  • Connected simple — base locale requirement
Why Path Graphs Are the Hardest Case
2k−1

= gap between k² and (k−1)²

= max coverage per source on a path

= exactly the coverage needed

Path graphs are the "most spread-out" structure for given n. Tight bound: b(Pn) = ⌈√n⌉ exactly. Proving bound is tight is future work; this project proves ≤.

Theory File Map
Graph_Burning_Genericlocale + core defs Path_Graphspath structure + label maps Burning_Path_Defswitness + bridge lemmas Burning_Path_Perfect_Squarecase n=k² Burning_Path_Non_Perfect_Squarecase (k−1)²<n<k² Burning_Path★ final theorems
Formal Setup — Locales & Infrastructure5 / 15 · 2 min
Locale Hierarchy
fin_connected_sgraph
AFP: Chelsea Edmonds "Undirected Graph Theory"
↓ extends
burnable_graph
adds: closed_nbh, burns_with, burnable
↓ extends
path_graph
adds: f, g, path_adj, path_length
AFP Dependency

Chelsea Edmonds. Undirected Graph Theory, AFP 2022. 7 theory files included locally.

Provides: fin_connected_sgraph, shortest_path, connecting_walk, connecting_walk_split.

finite_enumeration — Self-Developed
definition finite_enumeration :: "('a ⇒ nat) ⇒ 'a set ⇒ bool"
  "finite_enumeration f D ≡
    (∀d1 d2. f d1 = f d2 → d1 = d2) ∧
    (∃m. (∀n<m. ∃d∈D. f d = n) ∧
         (∀d∈D. f d < m))"

No library function found. Developed from first principles (Prof. Gunter). The surjectivity clause forces image = {0,…,m−1} exactly — enumeration always starts at 0.

Used in path_graph to index vertices 0..n−1.

Maps f and g
f : V → {0..n-1}vertex → label g : {0..n-1} → Vlabel → vertex
g_f: g(f(v)) = v for v ∈ V
f_g: f(g(j)) = j for j < n
g_in_V: g(j) ∈ V for j < n
f_in_range: f(v) < card V for v ∈ V
Core Definitions — Graph_Burning_Generic.thy6 / 15 · 2 min
Definition
closed_nbh
closed_nbh k v ≡
  {u ∈ V |
   shortest_path v u ≤ enat k}

The closed k-ball around v. Source xs[i] ignited at step i has radius |xs|−i−1 remaining rounds.

Definition
burns_with
burns_with xs ≡
  xs ≠ [] ∧
  set xs ⊆ V ∧
  (∀u∈V. ∃i<|xs|.
    u ∈ closed_nbh
      (|xs|−Suc i) (xs!i))

xs is a valid burning sequence: non-empty, sources in V, every vertex covered within radius budget.

Definition
burnable
burnable ≡
  ∃ xs.
    burns_with xs ∧
    length xs ≤
    nat ⌈sqrt (real (card V))⌉

The conjecture for this graph. There exists a valid burning sequence respecting the ⌈√n⌉ bound.

Dependency Chain
closed_nbh → used by burns_with → existential in burnable

Strategy: construct explicit path_bs, prove burns_with path_bs directly, bound its length → burnable. No searching required.

Path Graph Structure — Path_Graphs.thy7 / 15 · 2 min
path_graph Locale
Definition
path_adj
{u, v} ∈ E ↔
  f v = Suc (f u) ∨
  f u = Suc (f v)

Vertices u and v are adjacent iff their labels differ by 1. This captures the linear chain structure: each vertex connects only to its immediate label neighbors.

Definition
path_length = card V

The size parameter used throughout all proofs. Avoids confusion with card V in locale context.

path_dist — Label Distance
path_dist i j ≡ |i − j|

Absolute difference of two labels, defined outside the locale. Key bound: for i ≤ j < path_length, the walk g(i)→…→g(j) has length exactly j−i, so shortest_path(g i, g j) ≤ path_dist i j.

Bijection Lemmas (from path_inv / path_inv2)
g_in_V: k < card V → g k ∈ V
f_g: k < card V → f(g k) = k
g_f: v ∈ V → g(f v) = v
f_in_range: v ∈ V → f v < card V

All four are one-line consequences of locale assumptions. Together they make f and g a verified bijection between V and {0..path_length−1}.

Key Design Choice
Why label-based adjacency?

Degree-based definitions are hard to use in distance proofs. Label-based path_adj directly gives path_dist as an upper bound on shortest-path distance — enabling all arithmetic coverage proofs to transfer to graph distances via label_to_closed_nbh.

The strategy

Prove coverage at the label level first (arithmetic on nats), then lift to graph distances using path_dist ≤ shortest_path.

Constructing the Witness — Burning_Path_Defs.thy8 / 15 · 1 min
The Three-Layer Construction
-- number of sources (recursive depth)
path_k ≡ nat ⌈sqrt (real path_length)⌉

-- label list, back-to-front, recursive
path_bs_labels (Suc k) =
  min (k * Suc k) (path_length - 1)
  # path_bs_labels k

-- vertex sequence (the witness)
path_bs ≡ map g (path_bs_labels path_k)
Label Formula

Key lemma path_bs_labels_nth_closed: the i-th label is

path_bs_labels k ! i = min((k−1−i)(k−i), n−1)

The min cap at n−1 only activates in the non-square case when i=0's ideal position overshoots the path.

Example: n=9, k=3
i=0: min(2·3, 8) = 6 → g(6)
i=1: min(1·2, 8) = 2 → g(2)
i=2: min(0·1, 8) = 0 → g(0)

path_bs = [g(6), g(2), g(0)] — sources placed back-to-front to cover intervals [(k-1-i)², (k-i)²).

Structural Lemmas (Burns_with conditions 1 & 2)
path_bs_ne: path_bs ≠ []
path_bs_in_V: set path_bs ⊆ V
path_bs_length: length path_bs = path_k
path_bs_labels_in_range: all labels < n
Remaining Challenge — Condition 3

Conditions 1 and 2 are structural. Condition 3 is the hard part: every vertex v ∈ V must be covered by some source within its radius budget. This requires connecting label arithmetic to graph distances.

The Label Bridge — Burning_Path_Defs.thy9 / 15 · 2 min
The Core Challenge

burns_with needs graph distances (shortest_path in enat). All our arithmetic works on labels (nat). We need a bridge lemma chain: label arithmetic → graph membership.

Step 1 — Build a Walk
forward_label_walk

i ≤ j < n → connecting_walk(g i)(g j)(map g [i..j])

Proof: induction on j−i
0
Base (j=i): connecting_walk_self
+1
IH gives walk g(i)→g(j−1); consecutive_labels_walk gives [g(j−1), g(j)]; connecting_walk_split joins them
Step 2 — Bound Shortest Path
shortest_path_le_label_dist

i,j < n → shortest_path(g i, g j) ≤ enat(|i−j|)

Extracts a path from the walk (AFP: connecting_walk_path), then bounds the shortest path via the path length = j−i.

Key Bridge
label_to_closed_nbh
lemma label_to_closed_nbh:
  assumes "v ∈ V"
  assumes "j < path_length"
  assumes "path_dist (f v) j ≤ r"
  shows "v ∈ closed_nbh r (g j)"
1
path_dist(f v)(j) ≤ r (from assumption)
2
shortest_path(g j, g(f v)) ≤ enat r (via shortest_path_le_label_dist)
3
g(f v) = v (by g_f)
4
Unfold closed_nbh: v ∈ V ∧ sp ≤ enat r → v ∈ closed_nbh r (g j) ✓
🌉
Bridge Established
label_to_closed_nbh is the last step in every coverage argument. All that remains: arithmetic coverage proofs per case.
Case 1: Perfect Square — Burning_Path_Perfect_Square.thy10 / 15 · 3 min
k=3, n=9: intervals [(k−1−i)², (k−i)²) partition [0, 9)  ·  source i at midpoint (k−1−i)(k−i)
i=2: [0,1) i=1: [1,4) i=0: [4,9) 0 1 4 9 src=2 src=0 src=6
source_interval_cover

(k−1−i)²≤p<(k−i)² → path_dist p (label i) ≤ k−Suc i

Case split: p ≤ source vs p > source
source−p ≤ k−1−i (from p ≥ (k−1−i)²)
>
p−source ≤ k−1−i (from p < (k−i)²)
square_interval_partition_upto

k²≤n, p<k² → ∃i<k. (k−1−i)²≤p<(k−i)²

Induction on k, arbitrary p; base k=0 trivial (vacuous)
p < k²: IH applies (k²≤n weakens to k²≤n). IH gives i<k with interval. Shift witness to i+1: (k−1−(i+1)) = (k−2−i) and (k−(i+1)) = (k−1−i), so bounds are unchanged in value
k² ≤ p < (k+1)²: witness i=0. Lower: (k+1−1−0)²=k²≤p. Upper: p<(k+1)²=(k+1−0)². Both hold directly
perfect_sq_label_cover — combining both lemmas

p < k² → ∃i<k. path_dist p (path_bs_labels k ! i) ≤ k−1−i

1
square_interval_partition_upto → finds interval i for p
2
source_interval_cover → label distance ≤ k−1−i within that interval

Central arithmetic result that feeds directly into perfect_sq_path_burns.

perfect_sq_path_burns: is_perfect_square n → burns_with path_bs
1
Obtain k with k²=n; compute path_k=k
2
perfect_sq_label_cover → index i, label distance ≤ k−1−i for f(v)
3
label_to_closed_nbh → v ∈ closed_nbh; rewrite radius via path_bs_length
4
Discharge burns_with: path_bs_ne, path_bs_in_V, coverage ✓
Case 2: Non-Perfect Square — Burning_Path_Non_Perfect_Square.thy11 / 15 · 3 min
(k−1)² < n < k² — two-region split (example: k=3, n=7)
Prefix [0,(k−1)²) — sources 1..k−1 Tail [(k−1)²,n) — source 0 beyond n 0 (k−1)²=4 n=7 k²=9
nonsquare_path_k_bounds

¬sq → (k−1)² < n < k²

From ceiling: k−1 < √n ≤ k. Squaring: previous square = (k−1)², next = k².

path_dist_source_cover

r²≤p<(r+1)² → path_dist p (r(r+1)) ≤ r

Source r(r+1) sits at offset r from r²; both halves ≤ r. Case split p ≤ source vs p > source.

nonsq_tail_label_cover

f v ∈ [(k−1)², n) → label distance ≤ k−1

Two sub-cases:

(a) Uncapped (n > (k−1)k): source at (k−1)k, use path_dist_source_cover with r=k−1

(b) Capped (n ≤ (k−1)k): source at n−1, tail shorter → distance ≤ k−2

nonsq_prefix_label_cover

f v < (k−1)² → label distance ≤ k−Suc(Suc j)

Reuse square_interval_partition_upto for k−1 intervals covering [0,(k−1)²). Sources 1..k−1 are always uncapped (nonsquare_source_uncapped). Shift index by 1.

path_bs_covers_nonsq: coverage lemma
1
nonsquare_path_k_bounds: (k−1)²<n<k²
2
Case: f v ∈ tail → nonsq_tail_label_coverlabel_to_closed_nbh
3
Case: f v ∈ prefix → nonsq_prefix_label_coverlabel_to_closed_nbh
non_perfect_sq_path_burns: ¬sq → burns_with path_bs

Combines coverage (path_bs_covers_nonsq) with structural lemmas (path_bs_ne, path_bs_in_V) to discharge all three conditions of burns_with. Analogous structure to perfect_sq_path_burns.

Non-Square Case Complete
With non_perfect_sq_path_burns and perfect_sq_path_burns, all path graphs are covered. Exhaustive by case split on is_perfect_square path_length.
Main Theorems — Burning_Path.thy12 / 15 · 2 min
path_bs_covers — combines both cases

v∈V → ∃i<path_k. v ∈ closed_nbh(path_k−Suc i)(path_bs!i)

T
Perfect square: perfect_sq_path_burns → extract coverage from burns_with unfolding
F
Non-square: path_bs_covers_nonsq directly
theorem path_burns_with: "burns_with path_bs"
1
For u∈V: path_bs_covers → i<path_k, u∈closed_nbh(path_k−Suc i)(path_bs!i)
2
Rewrite via path_bs_length: path_k → length path_bs (crucial — bridges the mismatch)
3
Unfold burns_with; discharge: path_bs_ne, path_bs_in_V, hcover ✓
★ theorem path_burnable: "burnable"
length path_bs
= path_k             -- path_bs_length
= nat ⌈√path_length⌉ -- path_k_def
= nat ⌈√(card V)⌉   -- path_length_def
≤ nat ⌈√(card V)⌉   -- hbound

Combine path_burns_with + hbound, unfold burnable → done ✓

🎓
Objective Achieved
Machine-checked: burnable holds for every path graph. b(Pn) ≤ ⌈√n⌉ formally verified in Isabelle/HOL. No sorry's. All Isar-style.
What This Formalizes

The constructive proof of Bonato et al. (AAAI 2016) — placing sources at (k−1−i)(k−i) to cover intervals [(k−1−i)², (k−i)²) — is now a machine-checked theorem in Isabelle/HOL.

Difficulties & How They Were Handled13 / 15 · 1 min
1
Defining path graphs in Isabelle
Tried the traditional vertex-degree definition first, but the AFP library has poor degree support and it gives no clear way to compute distances — critical for burning ranges. Resolution (Prof. Gunter): define path graphs via a bijection between vertex set and ℕ, letting natural numbers serve as labels. Distance calculations then reduce to label arithmetic.
2
Empty graph and nat starting at 0
Isabelle's nat includes 0, so direct induction risked conflicting with locale assumptions that exclude empty graphs. Considered several workarounds (include empty graphs, introduce auxiliary j = i+1). Resolution: keep empty graphs excluded from the locale, label vertices from 0, and verify that the base case causes no problem in practice once the proof structure is settled.
3
Tracking label vs. actual vertex throughout proofs
Labels and vertices are the same conceptually, but Isabelle's type checker treats them as distinct — by design. While working on the perfect/non-perfect-square cases it was easy to lose track of which level a goal lived at, requiring constant back-and-forth between files. At one point a separate "Pn" system was defined, only to realize it duplicated finite_enumeration exactly. Resolution: rely on the bijection lemmas (g_f, f_g) to move between levels explicitly.
Conclusion & References14 / 15 · 1 min
What Was Achieved
Formalized graph burning in Isabelle/HOL: closed_nbh, burns_with, burnable
Formalized path graph structure with explicit bijective labeling
Explicit witness path_bs; proved burns_with path_bs
Machine-checked: b(Pn) ≤ ⌈√n⌉ for every path graph Pn
All proofs Isar-style — no apply, no sorry
Future Work
  • Tight bound: prove b(Pn) = ⌈√n⌉ (lower bound missing)
  • Spider graphs: stars with path arms; requires path forests and relaxing connectivity to non-connected graphs
  • Trees: achievable once spider results are established
  • General conjecture: extend to all simple graphs via spanning trees
References
[1] How to Burn a Graph
Bonato, Janssen, Roshanbin · arXiv:1507.06524, 2015
Source of the burning conjecture and path graph proof strategy.
[2] Bounds on the Burning Numbers of Spiders and Path-Forests
Bonato, Lidbetter · arXiv:1707.09968, 2017
Direction for future work: burning numbers of spider graphs.
[3] Undirected Graph Theory
Chelsea Edmonds · Archive of Formal Proofs, 2022
AFP base library: fin_connected_sgraph, shortest_path, walks.
[4] Graph Theory and Its Applications · Path Graph (MathWorld)
Gross & Yellen (CRC Press, 2006) · Weisstein (Wolfram MathWorld)
Background definition of path graphs.
Acknowledgements

Prof. Elsa Gunter (UIUC) — guidance on Isabelle/HOL and formalization strategy throughout. Chelsea Edmonds — AFP Undirected Graph Theory library.

Slide visuals, layout, step animations, and the burning graph animation — designed with Claude (Anthropic).

CS576 · Spring 2026 · UIUC

Questions?

Formalizing Graph Burning for Path Graphs in Isabelle/HOL
theorem path_burnable: "burnable" — for every path graph Pn

6
theory files
9
definitions declared
38
lemmas & theorems
1,372
lines written
Nancy (Gehan) Jia  ·  nancygehanjia@gmail.com