A Deductive Verification Framework for Circuit-building Quantum Programs
Christophe Chareton, Sébastien Bardin, François Bobot, Valentin Perrelle, Benoit Valiron
AA Deductive Verification Framework for Circuit-buildingQuantum Programs
CHRISTOPHE CHARETON,
LRI, Centrale Supélec, Université Paris-Saclay, France
SÉBASTIEN BARDIN,
CEA, LIST, Université Paris-Saclay, France
FRANÇOIS BOBOT,
CEA, LIST, Université Paris-Saclay, France
VALENTIN PERRELLE,
CEA, LIST, Université Paris-Saclay, France
BENOIT VALIRON,
LRI, Centrale Supélec, Université Paris-Saclay, FranceWhile recent progress in quantum hardware open the door for significant speedup in certain key areas,quantum algorithms are still hard to implement right, and the validation of such quantum programs is achallenge. Early attempts either suffer from the lack of automation or parametrized reasoning, or targethigh-level abstract algorithm description languages far from the current de facto consensus of circuit-buildingquantum programming languages . As a consequence, no significant quantum algorithm implementationhas been currently verified in a scale-invariant manner. We propose Qbricks, the first formal verificationenvironment for circuit-building quantum programs, featuring clear separation between code and proof,parametric specifications and proofs, high degree of proof automation and allowing to encode quantumprograms in a natural way, i.e. close to textbook style. Qbricks builds on best practice of formal verificationfor the classical case and tailor them to the quantum case: we bring a new domain-specific circuit-buildinglanguage for quantum programs, namely Qbricks-DSL, together with a new logical specification languageQbricks-Spec and a dedicated Hoare-style deductive verification rule named Hybrid Quantum Hoare Logic.Especially, we introduce and intensively build upon HOPS, a higher-order extension of the recent path-sumsymbolic representation , used for both specification (parametrized) and automation (closure properties).To illustrate the opportunity of Qbricks, we implement the first verified parametric implementations ofseveral famous and non-trivial quantum algorithms, including the quantum part of Shor integer factoring(Order Finding – Shor-OF), quantum phase estimation (QPE) – a basic building block of many quantumalgorithms, and Grover search. These breakthroughs were amply facilitated by the specification and automateddeduction principles introduced within Qbricks.CCS Concepts: •
Software and its engineering → Formal language definitions ; •
Theory of computa-tion → Semantics and reasoning ; •
Hardware → Quantum computation .Additional Key Words and Phrases: deductive verification, quantum programming, quantum circuits
Quantum computing is a young research field: its birth act is usu-ally dated in 1982, when Feynman [25] raised the idea of simulating the quantum mechan-ics phenomena by storing information in particles and controlling them according to quan-tum mechanics laws. This initial idea has become one over many application fields for quan-tum computing, along with cryptography [66], deep learning [9], optimization [23, 24], solv-ing linear systems [36], etc. In all these domains there are now quantum algorithms beatingthe best known classical algorithms by either quadratic or even exponential factors. In paral-lel to the rise of quantum algorithms, the design of quantum hardware has moved from lab-benches [15] to programmable, 50-qubits machines designed by industrial actors [4, 42] reach-ing the point where quantum computers would beat classical computers for specific tasks [4].
Authors’ addresses: Christophe Chareton, LRI, Centrale Supélec, Université Paris-Saclay, France, [email protected];Sébastien Bardin, CEA, LIST, Université Paris-Saclay, France, [email protected]; François Bobot, CEA, LIST, UniversitéParis-Saclay, France, [email protected]; Valentin Perrelle, CEA, LIST, Université Paris-Saclay, France, [email protected]; Benoit Valiron, LRI, Centrale Supélec, Université Paris-Saclay, France, [email protected]. a r X i v : . [ c s . P L ] J u l Christophe Chareton, Sébastien Bardin, François Bobot, Valentin Perrelle, and Benoit Valiron
Classicalcontroller Quantummemory
InstructionsFeedback
Fig. 1. Scheme of the hybrid model
This has stirred a shift from a theoretical standpoint onquantum algorithms to a more programming-orientedview with the question of their concrete coding and im-plementation [60, 70, 72].
In this context, a particularly important problem is theadequacy between the mathematical description of an al-gorithm and its concrete implementation as a program.
The vast majority of quantum algorithms are described within the quantum co-processor model [47], i.e. an hybrid model where a classical computer controls a quantum co-processor holding a quantum memory (cf. Figure 1). The co-processor is able to apply a fixed setof elementary operations (buffered as quantum circuits ) to update and query ( measure ) the quantummemory. Importantly, while measurement allows to retrieve classical (probabilistic) informationfrom the quantum memory, it also modifies it ( destructive effect ). The state of the quantum memoryis represented by a linear combination of possible concrete values — generalizing the classical notionof probabilities to the complex case, and the core of a quantum algorithm consists in successfullysetting the memory in a specific quantum state . Inputs: (1) A black-box U x , n which performs the transformation | j ⟩| k ⟩ → | j ⟩| x j k mod N ⟩ , for x co-prime to the L − bit number N ,(2) t = L + + (cid:6) log ( + ϵ ) (cid:7) qubits initialized to | ⟩ , and (3) L qubitsinitialized to the state | ⟩ . Outputs:
The least integer r > x r = N ). Runtime: O ( L ) operations. Succeeds with probability O ( ) . Procedure: . | ⟩| u ⟩ initial state2 . → √ t t − (cid:213) j = | j ⟩| ⟩ create superposition3 . → √ t t − (cid:213) j = | j ⟩| x j mod N ⟩ apply U x , N ≈ √ r t r − (cid:213) s = t − (cid:213) j = e πisj / r | j ⟩| u s ⟩ . → √ r r − (cid:213) s = (cid:157) | s / r ⟩| u s ⟩ apply inverse Fourier transformto the first register5 . → (cid:157) | s / r ⟩ measure first register6 . → r apply continued fractionsalgorithm Fig. 2. Bird eye view of Shor [66]’s factoring algorithm(as presented in [54, p. 232])
Major quantum programminglanguages such as Quipper [33],Liqui |⟩ [73], Q circuit-building quantum languages arethe current consensus for high-level executable quantum pro-gramming languages. The core of aquantum algorithm —the interaction with the quantum co-processor— is usually provided in theform of Figure 2. Starting from an initial state, the algorithm describes a series of high-level opera-tions which, once composed, realize the desired state. This state is then usually measured to retrievea classical information. Each high-level operation may itself be described in a similar way, until onereaches elementary operations. The benefit for using the quantum algorithm instead of a classicalcounterpart lies in the fact that the number of elementary operations is small. The description of
Deductive Verification Framework for Circuit-building Quantum Programs 3 the algorithm is therefore both the specification — the global memory-state transformation — andthe way to realize it — the list of elementary operations, or quantum circuit . A major issue is then to verify that the circuit generated by the code written as an implementationof a given algorithm is indeed a run of this algorithm, and that the circuit has indeed the specified size.
While testing and debugging are the commonverification practice in classical programming, they become extremely complicated in the quantumcase. Indeed, debugging and assertion checking are essentially impossible due to the destructiveaspect of quantum measurement. Moreover, the probabilistic nature of quantum algorithms seri-ously impedes system-level quantum testing. Finally, classical emulation of quantum algorithms is(strongly believed to be) intractable.On the other hand, nothing prevents a priori the formal verification of quantum programs.Formal methods and formal verification [16] design a wide range of techniques aiming at provingthe correctness of a system with absolute, mathematical guarantee — reasoning over all possibleinputs and paths of the system, with methods drawn from logic, automated reasoning and programanalysis. The last two decades have seen an extraordinary blooming of the field, with significantcase-studies ranging from pure mathematics [32] to complete software architectures [46, 49] andindustrial systems [7, 19]. In addition to offering an alternative to testing, formal verification has inprinciple the decisive additional advantages to both enable parametric proof certificates and offeronce-for-all absolute guarantees for the correctness of programs.We will focus on deductive verification [5, 26, 27, 39], that, we argue, is well suited for quantumformal verification (cf. Section 4).
Our goal is to provide a formal development framework for circuit-building quantum programs, including specification, programming and verification.
Such a frameworkshould satisfy the following principles.
Close to algorithmic description.
It should enable to specify and code algorithms in a way thatdirectly matches their usual description from the literature, in order both to lower implementation& certification time and to increase confidence in the specification.
Separation of concerns.
It should enable a clear distinction between code and specification, in orderto decouple implementation from certification — in particular, specification should be optional andit should be possible to add it to a program at a later stage.
Parametricity.
It should allow parametric (i.e. scale-invariant) specifications and proofs, so as toenable the generic specification and verification of parametrized algorithms. This is crucial asquantum algorithms always describe parametrized families of circuits.
Proof automation.
It should, as far as possible, provide automatic proof means. Indeed, programverification should be as painless as possible to the programmer in order to be adopted.These requirements raise several challenges from the formal verification point of view. Indeed,while questions about semantics, properties, specification and efficient verification algorithms havebeen largely investigated in the standard case, everything remains to be done in the quantum case.For example:
Non-standard data:
Quantum algorithms rely heavily on amplitudes (generalization of probabili-ties to arbitrary complex numbers ), not studied at all in standard verification;
Second-order reasoning:
We are interested here in parametrized circuit-building programs , i.e.programs that describe families of circuits meeting some postcondition – this is somehowakin to addressing dynamic code (i.e., jit) in the classical case.The major scientific questions at stake here are: (1) How to specify quantum programs in a naturalway? (2) How to support efficient proof automation for quantum programs?
Christophe Chareton, Sébastien Bardin, François Bobot, Valentin Perrelle, and Benoit Valiron
1. 2. 3. 4. 5. Qbricks • Circuit-building language • Scale invariance (parametric) • Proof automation • Separate specification from code • Specifications fitting algorithm
Table 3. Formal verification of quantum programs
Size (number of qbits) Difficulty ∞ Superpositioncoin flipteleportation DeutschJozsa QFT Grover QPE Shor-OF × × × × × ×
5. This article ⊗ ⊗ ⊗ ⊗
Fig. 4. Certified quantum circuits from the literature
1. QHL [50] 2. QMC [29, 76]3. [12] 4. Qwire [37, 58, 63]5. Path-sums [1, 2] We omit [50] as their high-level formalism is not circuit-based
As a matter of fact, prior works on quantum formal verification do not fully reach these goals.
We summarize in Table 3 the state of the art against the requirements laidabove for proving properties of quantum programs, while Figure 4 plots the success of the existingmethods against scale-sensitivity and algorithm difficulty. Model-checking approaches [29, 76] arefully automatic but highly scale-sensitive. Other methods are based on interactive proofs throughproof assistants, for instance Coq. One can cite the approach of Boender et al. [12] or Qwire [58, 63].These however lack automation and deeply mix code and specification. Moreover, the underlyingmatrix semantics impedes scalability of the approach — so far it came only with small case-studies:coin_flip [61], teleportation [12], and (recently) Deutsch-Josza algorithm [37]. Recently, Amy [1, 2]developed a powerful framework for reasoning over quantum circuits, the path-sums symbolicrepresentation. Thanks to their good closure properties, reasoning with path-sums is well automatedand can scale up to large problem instances (up to 100 qubits). Yet, the method is not parametricand only addresses fixed-size circuits.Another explored direction tackles the formalization of quantum programs with classical control ,where the input/outputs from the quantum co-processor are taken as oracles. Initiated by [74], thisline of work does not consider circuit-building languages but rather high-level algorithmic modelswhere quantum circuits are directly given as partial density operators of arbitrary size rather thanbuilt from elementary components — somehow, this is akin to verifying an algorithm expressedover sets versus verifying an implementation of the said algorithm working over red-black trees. Ituses an extension of Hoare Logic, called Quantum Hoare Logic and designed for the specificationof quantum programs as mathematical objects. Recently, the authors focused on the definition,automatic generation [77] and proof support [51, 75] for loop invariants in quantum programsinvariants. In [50] the authors present a formalization of QHL in Isabelle/HOL and illustrate it on arestricted case of Grover algorithm. We propose Qbricks, the first formal verification environ-ment for circuit-building quantum programs, featuring clear separation between code and proof,parametric specification and proof, high degree of proof automation and allowing to encodequantum programs in a natural way, i.e. close to textbook style. Qbricks builds on best practicefrom formal verification for the classical case (separation of concerns, flexible logical specificationlanguage, proof automation, domain-based specialization) and tailors them to the quantum case.More precisely, while relying on the general framework of deductive verification, we tailor it tothe specific needs of quantum, bringing several key innovations along the road. Qbricks builds Deutsch-Josza consists in deciding, given an integer function that is known to be either constant or balanced, which case itis. It has no practical application and only serves as an easy-to-understand illustration for quantum speedup in introductorycourses. We see it as a toy example — especially compared to Grover, QPE or Shor-OF.
Deductive Verification Framework for Circuit-building Quantum Programs 5 upon the circuit-building, first-order functional language Qbricks-DSL together with the logicalspecification language Qbricks-Spec. While minimal, Qbricks-DSL can express implementationsof existing non-trivial quantum algorithms and Qbricks-Spec is expressive enough to offer higher-order specification (parametrized circuit production). The two key cornerstones behind Qbricksare: (1) a new Hoare-style proof system, called
Hybrid Quantum Hoare Logic (HQHL) dedicatedto circuit-building quantum languages, and (2) the new higher-order path-sums (HOPS) symbolicrepresentation of quantum states, extending path-sums Amy [1] to the parametric case whilekeeping good closure properties — HOPS prove extremely useful both as a specification mechanismand as an automation mechanism.In the end, we bring the following contributions.
Framework.
A programming and verification framework, that is: on one hand, a core domain-specific language (Qbricks-DSL, Section 5) for describing families of quantum circuits, with enoughexpressive power to describe parametric circuits from non-trivial quantum algorithm; on the otherhand, a logical, domain-specific, specification language (Qbricks-Spec, Section 6), tightly integratedwith Qbricks-DSL to specify properties of parametrized programs representing families of quantumcircuits.
Higher-Order Path-Sums.
A flexible symbolic representation for reasoning about quantum states,integrated withing Qbricks-Spec and building upon the recent path-sum symbolic representation [1,2]. Our representation, called higher-order path-sums (HOPS) , retains the compositional and closureproperties of regular path-sums while allowing genericity and parametricity of both specificationsand proofs: HOPS expressions not only contain regular path-sum constructs but also terms fromQbricks-DSL. Especially, HOPS provides a unified and powerful way to reason about many essentialquantum concepts (Section 6).
Dedicated Proof Engine.
We introduce the Hybrid Quantum Hoare Logic (HQHL) deductionsystem for deductive verification over circuit-building quantum programs – tightly coupled withHOPS and producing proof obligations in the Qbricks-Spec logic, together with deduction abilitiesdedicated to standard quantum structures (Section 7).
Implementation.
This framework is embedded in the Why3 deductive verification tool [11, 27] asa DSL, and provides proof automation mechanisms dedicated to the quantum case — this material isgrounded in standard mathematics theories —linear algebra, arithmetic, complex numbers, binaryoperations, etc .— with 450+ definitions and 1,000+ lemmas (Table 23). The Why3 embedding comeswith a series of semantic shortcuts designed to increase the overall level of proof automation, basedon high-level composition rules and circuit subclasses with simple HOPS semantics (Section 8).
Case studies.
We present in Section 9 verified parametric implementations of the quantum part of[66]’s factoring algorithm (Order Finding –Shor-OF), Quantum Phase Estimation (QPE) [17, 45] ,Grover algorithm [34] (search) and Quantum Fourier Transform (QFT) – all of them being muchmore complex than previous formally verified circuit-building implementations. Comparison withalternative approaches demonstrate a clear gain in proof effort (on Grover, factor 5 vs. the restrictedproof on a high-level algorithm model [50]), while our method achieves a high level of proofautomation (95% on Shor-OF). Moreover, we are also able for Shor-OF to prove the polynomialcomplexity of the circuits produced by our implementation. The scope of this paper is limited to proving properties of circuit-buildingquantum programs. We do not claim to support right now the interactions between classical dataand quantum data (referred to as “classical control” in the literature), nor the probabilistic side-effect QPE is a major quantum building block, at the heart of, e.g., HHL [36] logarithmic linear system solving algorithm orquantum simulation [30].
Christophe Chareton, Sébastien Bardin, François Bobot, Valentin Perrelle, and Benoit Valiron resulting from the measurement. Still, we are already able to target realistic implementations offamous quantum algorithms, and thanks to equational theories for complex and real number wecan reason on the probabilistic outcome of a measurement.Also, we do not claim any novelty in the proofs for Shor-OF, QPE or Grover by themselves, butrather the first parametric correctness proofs of the circuits produced by programs implementingShor-OF, QPE or Grover.That said, we present the first non trivial, automated, parametric proofs of significant circuit-buildingquantum programs, where prior works were limited to toy examples, establishing a new baseline forquantum verification of realistic programs.
While in classical computing, the state of a bit is either 0 or 1, in quantum computing [54] thestate of a quantum bit (or qubit ) is described by amplitudes over the two elementary values 0 and 1(denoted in the Dirac notation with | ⟩ and | ⟩ ), i.e. linear combinations α | ⟩ + α | ⟩ where α and α are any complex values satisfying | α | + | α | =
1. In a sense, amplitudes are generalizationof probabilities.More generally, the state of a qubit register of n qubits (“qubit-vector”) is any superposition of the2 n elementary bit-vectors (“basis element”, where a bit-vector k ∈ { .. n − } is denoted | k ⟩ n ), thatis any | u ⟩ n = (cid:205) n − k = α k | k ⟩ n such that (cid:205) n − k = | α k | =
1. For example, in the case of two qubits, thebasis is | ⟩ , | ⟩ , | ⟩ and | ⟩ (also abbreviated | ⟩ , | ⟩ , | ⟩ and | ⟩ ). Such a (quantum state)vector | k ⟩ n is called a ket of length n (and dimension 2 n ).Technically speaking, we say that the quantum state of a register of n qubits is represented by anormalized vector in a Hilbert space of finite dimension 2 n (a.k.a. finite-dimensional Hilbert space),whose basis is generated by the Kronecker product (a.k.a. tensor product, denoted ⊗ ) over theelementary bit-vectors. For instance, for n = | ⟩ ⊗ | ⟩ , | ⟩ ⊗ | ⟩ , | ⟩ ⊗ | ⟩ and | ⟩ ⊗ | ⟩ act asdefinitions for | ⟩ , | ⟩ , | ⟩ and | ⟩ . The core of a quantum algorithm consists in manipulatinga qubit register through two main classes of operations. (1)
Quantum gate.
Local operation on a fixednumber of qubits, whose action consists in the application of a unitary map to the correspondingquantum state vector i.e. a linear and bijective operation preserving norm and orthogonality. Thefact that unitary maps are bijective ensures that every unitary gate admits an inverse . Unitary mapsover n qubits are usually represented as 2 n × n matrices . (2) Measurement . The retrieval of classicalinformation out of the quantum memory. This operation is probabilistic and modifies the globalstate of the system: measuring the n -qubit system (cid:205) n − k = α k | k ⟩ n returns the bit-vector k of length n with probability | α k | .Quantum gates might be applied in sequence or in parallel : sequence application corresponds to map composition (or, equivalently, matrix multiplication), while parallel application corresponds tothe Kronecker product , or tensor product, of the original maps — or, equivalently, the Kroneckerproduct of their matrix representations. Given two matrices A and B with respectively r ( A ) and r ( B ) rows and c ( A ) and c ( B ) columns, their Kronecker product is thematrix A ⊗ B = (cid:169)(cid:173)(cid:173)(cid:171) a B . . . a c ( A ) B ... ... ... a r ( A ) B . . . a r ( A ) c ( A ) B (cid:170)(cid:174)(cid:174)(cid:172) . This operation is central in quantum information representation. It enjoysa number of useful algebraic properties such as associativity, bilinearity or the equality ( A ⊗ B ) · ( C ⊗ D ) = ( A · C ) ⊗ ( B · D ) for any matrices A , B , C , D of adequate sizes – where · denotes matrix multiplication. Deductive Verification Framework for Circuit-building Quantum Programs 7
In a way similar to classical Boolean functions, the application ofquantum gates can be written in a diagrammatic notation: quantum circuits . Qubits are representedwith horizontal wires and gates with boxes. Circuits are built compositionally , from a given set of atomic gates and by a small set of circuit combinators , including: parallel and sequential compositions,circuit inversing, controlling, iteration, etc. | ⟩ . . . H ...... . . . | ⟩ . . . H . . .. . .. . .. . .. . . U U U n − inverse ( QFT ( n ))• • •| v ⟩| ⟩ . . . H . . .. . .. . .. . .. . . U U U n − inverse ( QFT ( n ))• • •| v ⟩ Fig. 5. The circuit for QPE
As an example of a quantum circuit, weshow in Figure 5 the bird-eye view of thecircuit of QPE, the (quantum) phase esti-mation algorithm, a standard primitive inmany quantum algorithms. QPE is parame-trized by n (a number of wires) and U (aunitary — the oracle ) and is built as follows.First, a register of n qubits is initialized instate | ⟩ , while another one is initialized instate | v ⟩ n . Then comes the circuit itself: astructured sequence of quantum gates, us-ing the unary Hadamard gate H and thecircuits U i (realizing U to the power 2 i )and inverse ( QFT ( n )) – the reversed Quantum Fourier Transform. Both are defined as sub-circuitsin a similar way.For the purpose of the current discussion, one should simply note two things: (1) the circuit ismade of parallel compositions of Hadamard gates and of sequential compositions of controlled U i (the controlled operation is depicted with vertical lines and symbol • ); (2) the circuit is parametrized by n and by U . This is very common: in general, a quantum algorithm constructs a circuit whosesize and shape depend on the parameters of the problem. It describes a family of quantum circuits . Quantum algorithms intend to solve classical problems in a proba-bilistic way, but with better performance than with classical algorithms. They generally consist inthe generation of a quantum circuit based on the problem parameters (e.g. the size of the instance),usually followed by iterating the following three steps: (1) memory initialization, (2) run of thequantum circuit, (3) measure of the memory to retrieve a classical piece of data.The quantum circuit is seen as a predictive tool that probabilistically gives some (classical)information from which one can infer the targeted result. The fact that the probability is highenough is a direct consequence of the mathematical properties of the unitary map described bythe quantum circuit. The essence of the quantum algorithm —and the reason for its efficiency—consists in describing an efficient circuit realizing this unitary map.
Obtaining guarantees on the families of circuits realized by quantum programs is therefore ofuttermost importance.
We use the following famous quantum algorithms throughout the article: • Phase Estimation algorithm (QPE) [17, 45]: takes as parameter a matrix U , an eigenvector | v ⟩ and answers the eigenvalue of U corresponding to | v ⟩ . While the algorithm answers in adeterministic way for some sub-cases, in general it only answers up to some probability. • Grover [34]’s search algorithm: given a sparse non-zero function f : { . . . n − } → { , } ,Grover’s algorithm outputs one value x such that f ( x ) = • Shor [66]’s factoring algorithm: We consider the quantum part of the algorithm: the OrderFinding algorithm.
We shall refer to it as Shor-OF . Concretely, given a non prime integer N and a co-prime x , it outputs a period for x modulo N , in time PolyLog ( N ) and probability of Christophe Chareton, Sébastien Bardin, François Bobot, Valentin Perrelle, and Benoit Valiron success O ( ) . It is based on an application of QPE with a modular multiplication operator asoracle. The stan-dard model for quantum computation is the quantum co-processor model : the quantum memoryis stored in a dedicated co-processor that the classical computer accesses through a dedicatedinterface. This distinction between purely classical computation and manipulation of quantumdata is well-suited for most of the existing quantum algorithms. Indeed, they usually consist intwo main parts: a classical part, for dealing with classical information and circuit-building, and aquantum part, where the circuit is sent to the quantum co-processor.Quantum programming languages follow this pattern: they usually come up as domain-specificlanguages embedded in a classical computing framework: The interaction with the quantum co-processor is handled through an interface allowing for qubit initializations, measurements andelementary quantum gates. Elementary quantum gates are usually buffered into circuits beforebeing sent to the co-processor. Each language then has its own design-choices on how to presentthe circuit to the programmer and which native circuit-manipulation library to offer.The bottom line is that, regardless of the language-design choices, the core of a quantumprogramming language is to offer circuit-building and circuit manipulation operators in order tobuild as naturally as possible the circuits given in the descriptions of quantum algorithms from theliterature.
Historically the semantics for quantum circuits has been givenin term of unitary matrices [54] acting on Hilbert spaces, that is, the canonical mathematicalformalism for quantum computation. If this semantics is well-adapted for representing simplehigh-level circuit combinators such as the action of control or inversion, it is cumbersome forspecifying the semantics of general circuits.Path sums [1, 2] is a recent symbolic representation that has been shown successful for proving equivalence of general quantum circuits. Its strength is to formalize the notation used in e.g. Figure 2.The path-sum of a unitary matrix U is then written as U : | x ⟩ (cid:55)→ PS ( x ) where x is a list of booleans. PS ( x ) is defined with the syntax of Figure 6. The P k ( x ) are called phase polynomials while the | ϕ k ( x )⟩ are basis-kets .This representation is closed under functional composition and Kronecker product. For instance,if V sends y to PS ′ ( y ) = √ n ′ (cid:205) n ′ − k = exp (cid:16) · π · i · P ′ k ( y ) m ′ (cid:17) | ϕ ′ k ( y )⟩ , then U ⊗ V sends | x ⟩ ⊗ | y ⟩ to1 √ n + n ′ n + n ′ − (cid:213) j = e · π · i ( m ′· Pj / n ( x ) + m · P ′ j %2 n ( y )) m + m ′ | ϕ j / n ( x )⟩ ⊗ | ϕ ′ j %2 n ( y )⟩ (1)that is in the form shown in Figure 6. However, if it has been shown successful to prove theequivalence of large circuit instances [2], its main limitation stands in the fact that path-sumonly address fixed-size circuits. Albeit a useful, compositional tool, it cannot be used for provingproperties of parametrized circuit-building quantum programs. This paper proposes an extension of path-sum semantics to address the parametric verification ofgeneral quantum programs.
Let us consider the n -indexed family of circuits consisting of n Hadamard gates, in sequence, asshown in Figure 7. Sequencing two Hadamard gates can easily be shown equivalent to the identityoperation. In other word, when fed with | ⟩ , if n is even the circuit outputs | ⟩ . Deductive Verification Framework for Circuit-building Quantum Programs 9 PS ( x ) :: = √ n n − (cid:213) k = e · π · i · Pk ( x ) m | ϕ k ( x )⟩ P k ( x ) :: = x i | n | P ( x ) · P ( x ) | P ( x ) + P ( x )| ϕ k ( x )⟩ :: = | b ( x )⟩ ⊗ . . . ⊗ | b n ( x )⟩ b i ( x ) :: = x i | ¬ b ( x ) | b ( x ) ∧ b ( x ) | b ( x ) ⊕ b ( x ) | true | false Fig. 6. Syntax for regular path-sums [1, 2]
Albeit small, this circuit family together with its simple specification exemplifies the typi-cal framework we aim at in the context of certification of circuit-building quantum programs:
A circuit C n defined as H H · · · H (cid:124) (cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32) (cid:123)(cid:122) (cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32) (cid:125) n gates Precondition: n ≥ (cid:26) C n sends | x ⟩ to | x ⟩ C n consists on n gates. Fig. 7. Motivating Example • The description of the circuit family is parametri-zed by a classical parameter (here, the non-negativeinteger n ); • The pre-condition imposes both constraints (here,the evenness of n ) and soundness conditions (here,the non-negativeness of n ) on the parameters; • The post-condition can both refer to the semanticsof the circuit result and to its form and shape (here,its size).
Shortcomings of existing approaches.
In order to prove program specifications, the literatureoffers several methods and tools, yet none of them fits our needs here.(1) In the expressive Qwire environment [58, 63] embedded in Coq, the semantics of quantumprograms is based on matrices over complex numbers. If this toy motivating example would bedefinable, the drawbacks of this approach is in general its lack of scalability and automation. (2)The quantum Hoare logic environment embedded in Isabelle/HOL [50] offers a high-level abstractview of quantum programs – especially it does not offer circuits per se . It is thus not well-suited todetail the fine-grained description of circuit-building implementations, in particular the proceduraldescription of a purely unitary circuit. Coding the toy example in Figure 7 would be extremelyad-hoc and complicated as the framework does not natively offer elementary gates nor iterationover classical integers. (3) The last possibility would be to use path-sums [2]: this framework isscalable and well-suited for sequence of gates, but limited to fixed-size circuits, while we targetprograms building families of circuits.It is to be noted that none of these approaches offer the possibility to reason about the size ofthe produced circuit: either there is no such notion of circuit [50], or the circuit is not an object onecan reason on [2, 58, 63].
By contrast, our own method allows to encode the Hadamard example in Qbricks with 2 lines of codesand 11 lines of specification. Our deduction verification engine then produces 18 proof obligations(ensuring the contract and circuit well-formedness) simple enough so that all of them are automaticallydischarged by automated provers.
The circuit family presented in Figure 7 will be used in the rest of the paper as a running, toyexample for Qbricks. In particular, we show in Example 5.1 how to code it in our framework andhow to express the specification in Example 6.2.
Target for Qbricks.
The goal of Qbricks is to offer a formal verification framework for realisticcircuit-building quantum programs, including parametric specification and proofs. We ultimatelydemonstrate this ability in Section 9 on implementations of Grover, QPE and Shor-OF – theexperimental data are discussed in Section 9.
A common way to describe quantum algorithms in the literature is to declare, or describe, eithersemi-formally or in natural language, a sequence of unitary operations to be implemented, inter-crossed with a sequence of formal assertions describing the evolution of the state of the system alongthe performance of these functions. The example in Figure 2 illustrates this case: it corresponds tothe exact description of the circuit for Shor’s algorithm at it is written in [54, p. 232]. The formaldescription of state, left column in Figure 2, is interpretable as specifications for the operationsdeclared in the right column. For example, operation create superposition is declared on the rightcolumn, line 1. We interpret the formal expression of line 1, left (framed in blue), as its preconditionand the one of line 2, left (framed in red), as its post-condition.
Our key observation is that standard quantum algorithm descriptions match perfectly with theprocess of deductive program verification [26, 39], a well established formal method.
Deductive program verification [5, 26, 27,39] is probably the oldest formal method technique, dating back to 1969 [39]. In this approach,programs are annotated with logical assertions , such as pre- and post-conditions for operations orloop invariants, then so-called proof obligations are automatically generated (e.g., by the weakestprecondition algorithm) in such a way that proving (a.k.a. discharging) them ensures that thelogical assertions hold along any execution of the program. These proof obligations are commonlyproven by help of proof assistants or automatic solvers.In more details, for any function f , annotations by precondition pre and postcondition post areto be understood as a contract for the implementation: the programmer commits to ensuring thatthe output of f satisfies post for any input satisfying pre , which, in essence, translates into ∀ x . pre ( x ) → post ( f ( x )) Suppose that the function f is defined, specified and verified. And suppose one defines and specifiesa further function д , using a call f ( a ) to f . This generates a new proof obligation . To fulfill it, thealready verified proof obligation for f is assumed as an hypothesis.This compositional reasoning method is particularly well-suited to the compositional nature ofcircuits. We adopt the methodology presented in Section 4.1and adapt the key ingredients of deductive verification to the case of circuit-building quantumprograms. Hence, Qbricks is equipped with: a domain specific language (DSL) for building circuitfamilies, a dedicated logical specification language, a novel symbolic representation (HOPS) and anew Hoare-style logic —called
Hybrid Quantum Hoare Logic (HQHL) . Circuit representation.
The language Qbricks-DSL is only aimed at implementing quantumalgorithms and specifications provided in the form of Figure 2. The circuits used in quantum algori-thms act in general on contiguous blocks of memory registers and consist of simple compositionsand hierarchical descriptions. Thus, unlike existing quantum programming languages such asQuipper [33] or Qwire [58], for Qbricks there is no need for complex wire manipulation.Following this analysis, the low-level circuit-representation we choose as a target Qbricks isakin to the one of qPCF [56]: a circuit is a simple compositional structure consisting of base gates
Deductive Verification Framework for Circuit-building Quantum Programs 11
Code+Specifications ProofobligationsHQHL
SMT solvers+ Commands , Fig. 8. Overview of Qbricks certified implementation process and circuit combinators such as sequential and parallel composition, control, inversion, etc. Theseconstructions are packaged withing a domain-specific language (DSL) aimed at describing familiesof circuits.
Symbolic representation of quantum circuits.
As mentioned in Section 2.5, if path-sums offera compositional specification framework, they address the case of fixed-size circuits. In particular,one cannot give specification to general, parametrized programs describing families of circuits.Qbricks proposes a solution to this limitation, by unifying what can be done with the matrixand the path-sum semantics. Our proposal is a higher-order path-sum semantics (HOPS) . On onehand, we keep the functional view on the action of circuits on quantum registers, making it suitablefor deductive verification. On the other hand, we extend its syntax to support parametric circuitconstruction, high-level circuit combinators and reference to Qbricks-DSL constructs.
Specification and verification.
It turns out that HOPS offer a very convenient specificationmechanism for quantum programs. They form the bedrock of the Qbricks-DSL specificationlanguage – together with a few other theories such as bit-vectors, integers or complex values.It also turns out that HOPS are convenient for verification purpose too: we design a proof-obligation generation procedure within HQHL dedicated to circuit-building quantum languages,yielding proof obligations in the Qbricks-DSL (first-order) logic.Finally, while part of the Qbricks-DSL logic can be directly handled by automated solvers (suchas SMT), we add dedicated equational theories and axioms for those parts of the logic (e.g., HOPSmanipulation or complex values).
Implementation.
We implement Qbricks as a domain-specific language embedded in the Why3deductive verification tool [11, 27], allowing to take advantage of its advanced programming,specification and verification features for classical programs. We add all quantum-related featureson top of it.An overview of Qbricks certified implementation process is depicted in Figure 8: the user writesa Qbricks-DSL programs together with Qbricks-Spec specifications. Our HQHL engine producesproof obligations in Qbricks-DSL logic. Taking advantage of the interface provided by Why3embedding, the user can either directly send these proof obligations to a series of SMT-solvers forvalidation, together with our circuits specifications equational theories, or facilitate solving by useof a series of interactive predicate transformation commands (such as introduction of lemmas orhypotheses, beta-reduction, etc).
Qbricks is structured as a domain-specific language (DSL), called Qbricks-DSL, and a domain-specific logical specification language called Qbricks-Spec. The language is targeted for circuitdescription : measurement is out of the scope of the language, and all Qbricks-DSL expressionsare terminating. We follow a very simple strategy for circuit building: we use a regular inductivedatatype for circuits, where the data constructors are elementary gates, sequential and parallelcomposition, and ancilla creation. In particular, unlike e.g. Quipper or Qwire, a quantum circuit isnot a function acting on qubits: it is a simple, static object. Nonetheless, for the sake of implementing Ph ( n ) H R z ( n ) CNOT
PAR ( M, N ) SEQ ( M, N ) MNM N
ANC ( M ) M | (cid:105) M M M M M M M M M M M M M M invert M M M M M M M ctl Fig. 9. Circuit combinators quantum circuits from the literature this does not restrict expressivity as they are usually preciselyrepresented as sequences of blocks.Even if the language does not feature measurement, it is nonetheless possible to reason onprobabilistic outputs of circuits, if we were to measure the result of a circuit. Indeed, this can beexpressed in a regular theory of real and complex numbers.Qbricks-DSL is designed as a first-order, functional language: for the purpose of circuit construc-tion, this is enough and designing a deductive system for it can then be done in a canonical way,following e.g. Why3 strategy. Similarly, the specification language Qbricks-Spec is a first-orderpredicate language, equipped with various equational theories. This makes proof-obligations moreeasily amenable to automated solvers.In the rest of this section, we present the language Qbricks-DSL. Section 6 is then devoted toQbricks-Spec while Section 7 to the deduction rules.
The DSL Qbricks-DSL is a small first-order functional, call-by-value language with a special datatype circ as the media to build and manipulate circuits. Thecore of Qbricks-DSL can be presented as a simply-typed calculus, presented in Figure 10. The basicdata constructors for circ are
CNOT , SWAP , ID , H , Ph ( e ) and R z ( e ) (see Table 16 in the Appendix fortheir semantics). The constructor for high-level circuit operations are sequential composition SEQ ,parallel composition
PAR and ancilla creation/termination
ANC (see Figure 9 for details).On top of circ , the type system of Qbricks-DSL features the type of integers int (with construc-tors n , one for each integer n ), booleans bool (with constructors tt and ff ), and n-ary products(with constructor ⟨ e , . . . , e n ⟩ ). This type system is not meant to be exhaustive and it can be ex-tended with usual constructs such as floats, lists and other user-defined inductive datatypes —its embedding into WhyML makes it easy to use such types. The term constructs are limited tofunction calls, let -style composition, test with if-then-else and simple iteration: iter f n a stands for f ( f (· · · f ( a ) · · · )) , with n calls to f . We again stress out that this could easily be extended— we just do not need it for our purpose.The language is essentially first-order: this is reflected by the types A of expressions. The type ofa function is given by the types of its arguments and the type of its output. By abuse of notation,the type of a function with inputs of types A i and output of type B is written A × · · · × A n → B .A function f is either a function f d defined with a declaration d or a constant function f c . Thefunctions defined by declarations must not be mutually recursive: this small, restricted languageonly features iteration. Constant functions consist in integer operators ( + , ∗ , − , etc ), booleanoperators ( ∧ , ∨ , ¬ , → , etc ), Comparison operators ( < , ≤ , ≥ , > , = , (cid:44) : int × int → bool ) andhigh-level circuit operators: ctl , invert : circ → circ for controlling and inverting circuits, and width , size : circ → int for counting the number of input and output wires, and the number Deductive Verification Framework for Circuit-building Quantum Programs 13
Expression e :: = x | c | f ( e , . . . , e n ) | let ⟨ x , . . . , x n ⟩ = e in e ′ | if e then e else e | iter f e e Data Constructor c :: = n | tt | ff | ⟨ e , . . . , e n ⟩ | CNOT | SWAP | ID | H | Ph ( e ) | R z ( e ) | ANC ( e ) | SEQ ( e , e ) | PAR ( e , e ) Function f :: = f d | f c Declaration d :: = let f d ( x , . . . , x n ) = e Type A :: = bool | int | ⊤ | A × · · · × A n | circ . Value v :: = x | n | tt | ff | ⟨ v , . . . , v n ⟩ | CNOT | SWAP | ID | H | Ph ( n ) | R z ( n ) | ANC ( v ) | SEQ ( v , v ) | PAR ( v , v ) Context C [−] :: = [−] | f ( v , . . . v i − , C [−] , e i + , . . . , e n ) | let ⟨ x , . . . , x n ⟩ = C [−] in e ′ | if C [−] then e else e | iter f C [−] e | iter f v C [−] | ⟨ v , . . . v i − , C [−] , e i + , . . . , e n ⟩ | CNOT | ID | H | Ph ( C [−]) | R z ( C [−]) | ANC ( C [−]) | SEQ ( C [−] , e ) | SEQ ( v , C [−]) | PAR ( C [−] , e ) | PAR ( v , C [−]) Fig. 10. Syntax for Qbricks-DSL Γ , x : A ⊢ x : A Γ ⊢ f : A × · · · × A n → B Γ ⊢ e i : A i Γ ⊢ f ( e , . . . , e n ) : B Γ ⊢ e i : A i Γ ⊢ ⟨ e , . . . , e n ⟩ : A × · · · × A n Γ ⊢ e : A × · · · × A n Γ , x : A , . . . , x n : A n ⊢ e : B Γ ⊢ let ⟨ x , . . . , x n ⟩ = e in e : B Γ ⊢ e : bool Γ ⊢ e : A Γ ⊢ e : A Γ ⊢ if e then e else e : A Γ ⊢ e : int Γ ⊢ e : A f : A → A Γ ⊢ iter f e e : A Fig. 11. Typing rules for Qbricks-DSL of gates (not counting ID nor SWAP ) in the circuit C , width ( C ) stands for the number of input andoutput wires of C , invert ( C ) stands for the invert of C and ctl ( C ) the control of C . See Figure 9for the intuitive definition of circuit combinators.Two very useful function declarations are the first and second projections fst : A × B → A and snd : A × B → B . For instance, the former is defined with let fst ( x ) = ( let ⟨ y , z ⟩ = x in y ) .The typing rules are the usual ones (summarized for convenience in Table 11). As any other regular functional programming language, Qbricks-DSL is equipped with an operational semantics based on beta-reduction and substitution. We definea notion of value and applicative context as in Table 10. We then define a rewriting strategy as therelation defined with C [ e ] → C [ e ′ ] whenever e → e ′ is one of the rule of Table 12. The table issplit into the rules for the language constructs and the rules defining the behavior of the constantfunctions. We only give a subset of the latter rules. For instance, the arithmetic operations aredefined in a canonical manner, and the boolean and comparison operators are defined in a similarmanner on values of type int and bool . The rules for the constant functions acting on circuitsare also for the most part straightforward: the size of a sequence is the sum of the sizes of thecompounds for instance. The rules which we do not provide are the ones for the control operation ctl : the intuition behind their definition can be found in Figure 9. For the elementary gates, anydefinition can be used (see e.g. [54]), as long as it can be written with the chosen set of gates.One just has to then adjust the lemmas referring to ctl in Qbricks-Spec. Similarly, the invert Language constructsAssuming that there is a declaration f ( x , . . . , x n ) ≜ e . f ( v , . . . , v n ) → e [ x : = v , . . . , x n : = v n ] let ⟨ x , . . . , x n ⟩ = ⟨ v , . . . , v n ⟩ in e → e [ x : = v , . . . , x n : = v n ] if tt then e else e → e if ff then e else e → e when n ≤ iter f n a → a when n > iter f n a → f ( iter f n − a ) Constant functions (subset of the rules) n + m → n + mn − m → n − mn ∗ m → n ∗ m size ( ID ) → size ( SWAP ) → size ( д ) → д other gate) size ( SEQ ( v , v )) → size ( v ) + size ( v ) size ( PAR ( v , v )) → size ( v ) + size ( v ) size ( ANC ( v )) → size ( v ) width ( CNOT ) → width ( SWAP ) → width ( д ) → д other gate) width ( SEQ ( v , v )) → width ( v ) width ( PAR ( v , v )) → width ( v ) + width ( v ) width ( ANC ( v )) → width ( v ) − invert ( SEQ ( v , v )) → SEQ ( invert ( v ) , invert ( v )) invert ( PAR ( v , v )) → PAR ( invert ( v ) , invert ( v )) invert ( ANC ( v )) → ANC ( invert ( v )) Table 12. Operational semantics for Qbricks-DSL of elementary gates are not given: we can choose the usual ones from the litterature —and thisdefinition is then parametrized by the choice of gates.
Note that the target low-level representation for an expression of type circ is a value made of the circuit data constructors. This is derived from the safety properties of thelanguage:Property 5.3.1 (Safety properties and normalization).
Provided that Γ ⊢ e : A and e → e ′ ,then Γ ⊢ e ′ : A . Provided that ⊢ e : A is a closed expression, and provided that all the function in e recursively admits (external) definitions, then either e is a value or it reduces. Finally, the reductionstrategy (→) is normalizing: there does not exist an infinite reduction sequence e → e → . . . □ Example 5.1.
The motivating example of Section 3 can be written in Qbricks-DSL as let aux ( x ) = SEQ ( x , H ) let main ( n ) = iter aux n ID The function aux inputs a circuit and append a Hadamard gate at the end. The function main theninput an integer parameter n and iterate the function aux to obtain n Hadamard in sequence. Inparticular, one can show that for instance main → ∗ SEQ ( SEQ ( SEQ ( SEQ ( ID , H ) , H ) , H ) , H ) , that is, a sequence of 4 Hadamard gates. In Qbricks-DSL, we use arestricted, small set of elementary circuit building blocks. For instance, we have not included theNOT-gate ( ) . This is a design choice: the chosen elementary gates are not meant to be convenientbut simple to specify yet forming a universal set of gates: A universal (resp. pseudo-universal ) setof elementary gates is such that they can be composed thanks to sequence or parallelism so as toperform (resp. approach arbitrarily close) any quantum unitary matrix. Deductive Verification Framework for Circuit-building Quantum Programs 15
Other, maybe more convenient gates can then be defined as macros on top of them. If one aimsat using Qbricks inside a verification compilation tool-chain, these macros can for instance be thegates of the targeted architecture.
A circuit is represented as a rigid rectangular shape with a fixed numberof input and output wires. In particular, there is a notion of validity: a circ object only makes senseprovided two constraints: • in SEQ ( C , C ) , the two circuits C and C should have the same number of wires (i.e. thesame size). For instance, SEQ ( CNOT , H ) is not valid: one cannot put in sequence a 2-qubit gateswith a 1-qubit gate. This is a simple syntactic constraint; • in ANC ( C ) , the circuit C should have n + | ⟩ , its output should also leave this qubit in state | ⟩ . This conditionis on the other hand a semantic constraint.Note that even the syntactic constraints cannot be checked by a simple typing procedure, because ofthe higher-order reasoning involved here: the constraints must hold for any value of the parameters.All these syntactic and semantic constraints are thus expressed in Qbricks-Spec, our domain-specific logical specification language, and meant to be sent as proof obligations to a proof engine. Example 5.2.
Note how the circuit generated by main in Example 5.1 is not necessarily a validcircuit (although in this case it is). This is one of the constraints that can be handled by Qbricks-Spec,as shown in Example 6.2.
As all expressions in Qbricks-DSL are terminating, one can useregular sets as denotational semantics for the language. In order to be able to handle the partialdefinitions coming up in Section 6, we include in the denotation of each type an “error” element ⊥ We therefore define the denotation of basic types as the set of their values: [| bool |] = { tt , ff , ⊥} , [| int |] = Z ∪ {⊥} and [| circ |] = { v | ⊢ v : circ } ∪ {⊥} . Product types are defined as theset-product: [| A × · · · × A n |] = ([| A |] × · · · × [| A n |]) ∪ {⊥} and [|⊤|] = { ⋆, ⊥} , the singleton set.Finally, functions are defined as set-functions from the input set to the output set. The denotation ofthe language constructs are the usual one in a semantics based on sets ; for the constant functions,the definitions are the canonical ones: arithmetic operations maps to arithmetic operations forinstance. In Qbricks-DSL, everything is well-defined and ⊥ is only attainable from ⊥ —so forinstance, ⊥ + x = ⊥ .Note that in the denotational semantics one can build non-valid circuits. For instance, the circuit SEQ ( CNOT , H ) is a member of [| circ |] . This is to be expected as we aim at the following property:Property 5.6.1 (Soundness). Provided that ⊢ e : A , we have [| e |] ∈ [| A |] \ {⊥} . Moreover, providedthat e → e ′ then we have [| e |] = [| e ′ |] . □ It is however possible to formalize the notion of syntactically valid circuits as a subset of [| circ |] . Definition 5.3.
We define the (syntactic) unary relation V syntax on [| circ |] as follows: Each one ofthe gate belongs to V syntax ; if C and C belongs to V syntax then so does PAR ( C , C ) and ANC ( C ) ; ifmoreover [| width |]( C ) = [| width |]( C ) then SEQ ( C , C ) belongs to V syntax . In term of semantics of quantum circuits, the main novelty of Qbricks is to be able to reasonon open terms seen as circuit description, parametrized programs. To do so, we build upon therecent proposal of path-sums [1, 2]. In Qbricks-Spec, we define the notion of higher-order path-sums (HOPS) . Original path-sums in [1] are fixed functionals, computed from concrete, fixed-sizecircuits. In HOPS, the phase polynomials, ranges and basis kets are instead written as open terms from Qbricks-DSL, parametrized with term variables. This correspondence. This integration withQbricks-DSL brings two decisive advantages compared to the original path-sums: • Parametricity and compositionality . Because of the sharing of term variables betweenQbricks-DSL terms and HOPS, Qbricks-Spec gives the ability to give specification to generalprograms describing families of circuits instead of fixed-size circuits. Qbricks-Spec openspath-sums to higher-order specification and verification while retaining the vertical andhorizontal compositional properties; • Versatility.
Thanks to the integration within a logical framework, Qbricks-Spec gives theability to define —and reason— upon logical macros asserting useful constraints related toprobabilities, eigenvalues, etc (See Section 7.4.
Qbricks-Spec consists of a set of dedicated relations and func-tions, together with a language of algebraic expressions on top of a first-order logic, together withlogical libraries to express constraints. We define Qbricks-Spec as a first-order, predicate logicwith the following syntax.Formula ϕ , ψ :: = ϕ ∨ ψ | ϕ ∧ ψ | ¬ ϕ | ϕ → ψ | R ( ˆ e , . . . , ˆ e n ) First-order expression ˆ e :: = x | c ( ˆ e , . . . , ˆ e n ) | f ( ˆ e , . . . , ˆ e n ) | f ℓ ( ˆ e , . . . , ˆ e n ) . The first-order expressions ˆ e form a subset of Qbricks-DSL: they are restricted to variables and(formal) function calls to other first-order expressions. Unlike regular, general expressions —meantto be computational vehicles— these first-order expressions only aim at being reasoned upon. Thefunctions names are then expanded with logic functions f ℓ with no computational content. Amongthese new functions, we introduce one function iter f : int × A → A for each function f : A → A ,standing for the equational counterpart of the iteration. The logic functions are defined equationallyin the logic: see Section 7 for details. The relation R ranges over a list of constant relations overfirst-order expressions. An important one is circ_valid : circ → bool , expressing the syntacticproperty V syntax of Definition 5.3. In Qbricks-Spec, we identify relations and functions of returntype bool . Constant relations are therefore simply constant functions of output type bool.The type system of Qbricks-Spec is extended with opaque types, equipped with constantfunctions and relations to reason upon them. They come with no computational content: the aim ispurely to be able to express and prove specification properties of programs. This is why we did notincorporate them in Qbricks-DSL’s type system.The opaque types we consider in Qbricks-Spec are complex , real , bitvector , hops and ket .The operators and relations for these new types are given in Table 13. Note that in the rest ofthe paper, by abuse of notation we shall omit the casting operations i_to_r and r_to_c . Weshall also use a declared exponentiation function [−] [−] overloaded by abuse of notation withtype complex × int → complex and real × int → real . The three types complex , real and bitvector are standard; the types hops and ket are novel and form the main reasoning vehicle inQbricks-Spec. hops and ket . In short, the type hops encodes our higher-order path sum (HOPS)representation for expressions of type circ in Qbricks-DSL, while ket encodes the notion ofket-vector. As these types are pure reasoning apparatus, we only need them in Qbricks-Spec andthey are defined uniquely though an equational theory.As shown in Figure 6, a regular path-sum is a static abstract object consisting of 4 pieces: a global range (the value n ), what we shall be calling its width , i.e. the size of the bit-vector x , and the phasepolynomial P k ( x ) m and the ket vector ϕ k ( x ) , functions of both the input x and the index k .To reflect this structure, the type hops is equipped with 4 constant functions acting on anHOPS (see Table 13): hops_width , yielding its width, hops_range , yielding its range, hops_angle , Deductive Verification Framework for Circuit-building Quantum Programs 17 complex and real i , π : complexi_to_r : int → real r_to_c : real → complexRe , Im , abs : complex → real e [] : complex → complex − c , + c , ∗ c , / c : complex × complex → complex − r , + r , ∗ r , / r : real × real → real √− : real → realbitvectorbv_length : bitvector → intbv_cst : int × bool → bitvectorbv_get : bitvector × int → boolbv_set : bitvector × int × bool → bitvector hopshops_width : hops → inthops_range : hops → inthops_angle : hops × bitvector × bitvector → realhops_ket : hops × bitvector × bitvector → bitvectorhops_equiv : hops × hops → boolcirc_to_hops : circ → hopshops_apply : hops × ket → ketketket_length : ket → intket_get : ket × bitvector → complexbv_to_ket : bitvector → ket + k , − k , ⊗ k : ket × ket → ket ∗ k : complex × ket → ket Table 13. Primary operators for Qbricks-Spec yielding the real number corresponding to P k ( x ) m , and hops_ket yielding the ket-vector ϕ k ( x ) . Notehow the two last functions also inputs two bit-vectors, corresponding to k and x . If path-sumscompose nicely, a given linear map does not have a unique representative path-sum (partly due tothe fact that phase polynomials are equal modulo 2 π ). To capture this equivalence, we introducethe constant relation hops_equiv . In order to relate circuits and HOPS, we introduce the constantfunction circ_to_hops : it returns one possible HOPS that represents the input circuit. The chosenHOPS is built in a constructive manner on the structure of the circuit. A useful relation is (− ▷ −) relating a circuit and a HOPS: it is defined as ( c ▷ h ) ≜ hops_equiv ( circ_to_hops ( c ) , h ) . Anotheruseful macro is the function circ_apply : circ × ket → ket , defined as circ_apply ( C , k ) ≜ hops_apply ( circ_to_hops ( C ) , k ) .The type ket is a handle to easily manipulate ket-vectors, and Table 13 presents the constantfunctions meant to manipulate it. bv_to_ket builds a basis ket-vector out of the input bit vector ; ket_length returns the number of qubits in the ket ; ket_get returns the amplitude of the cor-responding basis ket-vector. The other operations are the usual operations on vectors: addition,subtraction, tensors, scalar multiplication. Finally, the function hops_apply relates hops and ket :it identifies the input HOPS to a functional and applies it to the input ket-vector. The denotational semantics of real and complex are respectively the sets R ∪ {⊥} and C ∪ {⊥} , and the denotation of the operators are the canonicalones. As for Section 5, ⊥ maps to ⊥ , so for instance ⊥ + r x = ⊥ .The denotation of bitvector is defined as the set of all bit-vectors, together with the “error”element ⊥ . The constant functions are mapped to their natural candidate definition, using ⊥ as thedefault result when they should not be defined. So for instance, [| bv_cst |](− , tt ) = ⊥ .An element of ket is meant to be a ket-vector: we defined [| ket |] as the set of all possible ket-vectors (cid:205) n i = α n | b n ⟩ m , for all possible m , n ∈ N , α n ∈ C and bit-vectors b n of size m , together withthe error element ⊥ .Finally, hops is defined as the set of formal path-sums, as defined in Table 6, together with theerror element ⊥ . The denotation of the constant functions are defined as discussed in Section 6.2. Asan example, [| hops_range |] returns the range of the corresponding HOPS. The map circ_to_hops builds a valid HOPS out of the input circuit, or ⊥ if the circuit is not valid. The defined HOPS followsthe structure of the circuit. For instance, circ_to_hops ( SEQ ( C , C )) is the sequential compositionof the two HOPS circ_to_hops ( C ) and circ_to_hops ( C ) (as shown in Equation (1)). A regular path-sum is not parametric: it represents one fixedfunctional. So why did we chose [| hops |] to be a set of path-sums? Let us consider an example. Example 6.1.
Consider the motivating example of Section 3 and its instantiation in Example 5.1.The function main describes a family of circuits indexed by an integer parameter n . Now, considerthe typing judgment h : hops , n : int ⊢ ( main ( n ) ▷ h ) : bool . It can be regarded as a relationbetween HOPS h and integers n , valid whenever h represents main ( n ) . Technically, this relation isnot quite the graph of a function (since several HOPS might match the circuit main ( n ) ). Nonetheless,to each n is associated a different set of HOPS h : in this sense, one can say that h is “higher-order”,as it is parametrized by n . Thus the “HOPS” terminology. Formulas in Qbricks-Specare typed objects —and to a certain extent one can identify them with first-order expressions oftype bool . Due to this correspondence, we shall only say that logic judgments in Qbricks-Specare well-formed judgments of the form ∆ ⊢ ϕ where the well-formedness means that ∆ ⊢ ϕ : bool is a valid typing judgment in Qbricks-DSL. That being said, a well-formed judgment ∆ ⊢ ϕ is validwhenever it holds in the denotational semantics: for every instantiation σ sending x : A in ∆ to [| A |] ,the denotation [| ϕ |] σ is valid. In particular, the (free) variables of ϕ can be regarded as universallyquantified by the context ∆ .Another useful kind of judgment is one allowing equational reasoning on terms: if ∆ ⊢ e : A and ∆ ⊢ e : A are valid Qbricks − DSL typing judgments, the judgment ∆ ⊩ e = e : A is validwhenever for every instantiation σ sending x : B in ∆ to [| B |] , the denotations of e and e withrespect to σ are equal (as set-elements).In order to be able to express program specifications with pre- and post-conditions, we finallydefine a HQHL sequent of the form ∆ ⊩ { ϕ } e { ψ } : A (we omit the type A when irrelevant orclear). The formula ψ can make use of a reserved free variable result of type A . Such a sequentis then well-formed provided that ∆ ⊢ ϕ : bool , ∆ , result : A ⊢ ψ : bool and ∆ ⊢ e : A are validtyping judgments. Note how the reserved free variable result is being added to ∆ for typing ψ .For convenience, we also extend the notation to result i to stand for the i th projection of result when A is of the form A × · · · × A n .Then the point is that first, families of quantum circuits can be described in Qbricks-DSL andspecifications in Qbricks-Spec, and second, that one can come up with a set of meaningful axiomsthat are enough to derive these specifications. This is the goal of Section 7. Example 6.2.
Consider the motivating example of Section 3 and its instantiation in Example 5.1.We can now give a specification to the function main , as follows: n : int , m : int , x : ket ⊩ { n ≥ ∧ ket_length ( x ) = ∧ n = ∗ m } main ( n ) { circ_apply ( C , x ) = x } . The fact that circ_apply is well-defined implies that C is valid. Thanks to the logic judgments presented in Section 6.5, it is possible to reason with Qbricks-Specformulas on expressions written in Qbricks-DSL. If we showed how to give a semantical meaningto the validity of a judgment, we have not explained how to derive such a validity from firstprinciples. This is the purpose of the current section.Property 7.0.1 (Validity of the deduction rules).
All of the deduction rules that we add inthis section are sound with respect to the semantics. □ Deductive Verification Framework for Circuit-building Quantum Programs 19
Note that we do not aim in this section at being exhaustive: we only aim at giving an intuition asof how and why one can rely on an automated deductive system to derive Qbricks-Spec judgments.In particular, we show how to break down a program specification into a set of proof obligationsthat can be sent to an SMT solver to be automatically discharged.
In Example 6.2, we were able to state a HQHL judgment forthe motivating example of Section 3. Using a bottom-up strategy, it is possible to use the deductionrules of Figure 14 to break down the judgments into pieces reasoning on smaller terms. Along theway, there is the need for introducing invariants and assertions. As usual, some of these assertionscan be derived by computing the weakest-preconditions: we do not necessarily have to introduceevery single one.In the deduction rule ( iter ) of Figure 14, the first-order expression ˆ e is mechanically built from e by inlining function calls, replacing P [ if e then e − else e ] with the equivalent formulation ( e ∧ P [ e ]) ∨ (¬ e ∧ P [ e ]) , changing let ’s with calls to projections, and replacing each iter f a i with its functional counterpart iter f ( a , i ) . The deduction rule ( eq ) states that whenever one canshow that two expressions are equal one can substitute one for the other inside a HQHL judgment.Finally, we can derive from the semantics the usual substitution rules. For instance, provided that Γ , x : A ⊢ ψ and Γ ⊢ e : A then Γ ⊢ ψ [ x : = e ] .The rules of Figure 14 make it possible to break an expression down to a first-order expressionfrom Qbricks-Spec. When such a case is attained one can rely on the rule Γ ⊢ ϕ → ψ [ result : = ˆ e ] Γ ⊩ { ϕ } ˆ e { ψ } : A ( f-o ) to generate a proof obligation as a regular sequent in Qbricks-Spec. Of course, there is no guaranteethat any such proof-obligation can automatically be discharged. However, our work show that thisstrategy can successfully be applied, as exemplified by the non-trivial case studies we consideredin Section 9. hops . The main tools to relate circuits and HOPS are the constantfunction circ_to_hops , its relational counterpart (− ▷ −) , and the declared function circ_apply .They can be specified inductively on the structure of the input circuit. As an example of a lemma tobe added for reasoning on (− ▷ −) , consider the case of the Hadamard gate. The sequent Γ ⊢ ( H ▷ h ) can be derived from Γ , (cid:174) x , (cid:174) y : bitvector ⊢ ( bv_length ((cid:174) x ) = ∧ bv_length ((cid:174) y ) = ) → hops_width ( h ) = ∧ hops_range ( h ) = ∧ hops_angle ( h )((cid:174) x , (cid:174) y ) = (− ) (cid:174) x ∗(cid:174) y ∧ hops_ket ( h )((cid:174) x , (cid:174) y ) = (cid:174) y . This simply states that the HOPS of the Hadamard gate is of the form | x ⟩ (cid:55)→ (cid:205) j = (− ) (cid:174) x ∗(cid:174) y | y ⟩ .For the circuit combinator PAR , one can state the rule Γ ⊢ ( C ▷ h ) Γ ⊢ ( C ▷ h ) Γ , (cid:174) x , (cid:174) y : bitvector ⊢ hops_par ( h , h , h , (cid:174) x , (cid:174) y ) seq Γ ⊢ ( PAR ( C , C ) ▷ h ) where hops_par ( h , h , h , (cid:174) x , (cid:174) y ) is a formula encapsulating the relationship between the phasepolynomials, the kets, the ranges and the widths of h , h and h , as shown in Equation (1) inSection 2.5. The complete set of rules for (− ▷ −) can be found in Appendix C The SMT solvers we aim at using to discharge proof obligationsrequires equational theories describing how to reason on the constant functions that were intro-duced. Some of these equational theories are standard and well-known in verification: for instance,bit-vectors and algebraic fields. Together with a few properties on square-root, exponentiation, real Γ , x ⊩ { ϕ ∧ x ≤ } e { P [ x , result ]} Γ , x , y ⊩ { ϕ ∧ P [ x , y ]} f ( y ) { P [ x + , result ]} Γ ⊩ { ϕ } iter f e e { P [ ˆ e , result ]} ( iter ) Γ ⊩ { P } e { Q [ x i : = result i } Γ , x , . . . , x n ⊩ { Q } e { R } Γ ⊩ { P } let x , . . . , x n = e in e { R } ( let ) Γ ⊩ { P } e { Q [ x : = result } Γ , x ⊩ { Q ∧ x } e { R } Γ , x ⊩ { Q ∧ ¬ x } e { R } Γ ⊩ { P } if e then e [ x : = e ] else e [ x : = e ]{ R } ( if ) ∀ i · Γ ⊩ { P } e i { R i [ result ]} Γ ⊩ { P }⟨ e , . . . , e ⟩{ R [ result ] ∧ · · · ∧ R n [ result n ]} ( tuple ) f ( x , . . . , x n ) ≜ e Γ ⊩ { P } e [ x : = e , . . . , x n : = e n ]{ R } Γ ⊩ { P } f ( e , . . . , e n ){ R } ( decl ) Γ ⊢ P → P ′ Γ ⊩ { P ′ } e { Q ′ } : A Γ , result : A ⊢ Q ′ → Q Γ ⊩ { P } e { Q } : A ( weaken ) Γ ⊩ e = e : A Γ ⊩ { P [ e ]} e [ e ] { Q [ e ]} : A Γ ⊩ { P [ e ]} e [ e ] { Q [ e ]} : A ( eq ) Fig. 14. Deduction rules for Qbricks: HQHL rules for term constructs and imaginary parts, the latter is all we need for real and complex : in quantum computation, themanipulations of real and complex numbers turns out to be quite limited. In particular, we do notneed anything related to real or complex analysis.The main difficulty in the design of Qbricks has been to lay out equational theories and lemmasfor circ , hops and ket that can efficiently help in automatically discharging proof obligations.Many of these equations and lemmas are quite straightforward. For instance, we turn the rewritingrules of Table 12 into equations, such as ( x , y : circ ) ⊩ width ( PAR ( x , y )) = width ( x ) + width ( y ) ,or n : int ⊩ iter f ( a , n + ) = f ( iter f ( a , n )) . These equations maps the (syntactic) computationalbehavior of expressions into the logic. Other equations are expressing purely semantic properties.For instance, the equation Γ ⊩ circ_apply ( SEQ ( C , C ) , k ) = circ_apply ( circ_apply ( C , circ_apply ( C , k ))) is correct with respect to the semantics and is part of the equational theory. Circuit size.
An important equational theory that we need in Qbricks-Spec is one for reasoningon the size of circuits. Being able to reason on circuit size is one of the important feature forthe certifying an quantum algorithm implementation: one of its main point is for instance thepolynomiality of the number of gates over the size of the input. We again stress out that this aspectof certification is not addressed by existing approaches [1, 37, 50].As we discussed above, the equational theory for circuits reflects the rewrite rules. For instance,we have ( x , y : circ ) ⊩ size ( PAR ( x , y )) = size ( x ) + size ( y ) . A complete set of rules can be foundin Appendix, in Figure 18. Deductive Verification Framework for Circuit-building Quantum Programs 21
Example 7.1.
Consider the motivating example of Section 3 and its instantiation in Example 5.1.We can specify the size of the resulting circuit, as follows: n : int ⊩ { n ≥ } main ( n ) { size ( result ) = n } . For Qbricks we also derived more specialized, non-trivial librariesof lemmas. In particular:
Subclasses of circuits.
Shortcuts for reasoning on specific classes of circuits. Among them are, inparticular, the circuits with an hops of range (1). We call them flat circuits. Flat circuits enjoy anumber of simplifying properties that are exposed in Section D. Section D also introduce a furthersimplified subclass of circuits, called diagonal circuits.
Eigenvectors and eigenvalues.
One of the common need in the specification of quantum programs(and in particular in the case of QPE) is the need for asserting that a particular ket k is a eigenvectorof the unitary map described by some circuit c , with eigenvalue the complex number ρ . In Qbricks-Spec we define the relation eigen ( c , k , ρ ) as circ_apply ( c , k ) = ρ ∗ k k Probabilities.
A quantum program is usually a probabilistic program: it returns the desired resultwith a probability that depends on the problem parameters (number of iteration, structure of theproblem, etc). If one aims at fully specifying such programs, this probability therefore needs to beexpressible as post-condition.As recalled in Section 2.1, the probability of obtaining a result by a measurement is correlatedwith the amplitudes of the corresponding ket-basis vectors in the quantum state of the memory. InQbricks-Spec we define a relation proba_partial_measure : circ × |×⟩ bitvector → Re meaningthat when the input circuit is applied to the input ket, if we were to measure the result theprobability of obtaining the given vector would be the result of the function. We define it as proba_partial_measure ( c , k , x ) = ( abs ( ket_get ( circ_apply ( c , k ) , x ))) . In the specificationsof Grover, QPE and Shor-OF we define specialized functions based on proba_partial_measure specifying the constraints specific to each algorithm.
Algebraic operations on operators.
In the course of the proof of quantum specification, it is sometimesuseful to be able to manipulate algebraic expressions containing building blocks such as rotations or projectors . In Qbricks-Spec, with the use of HOPS it is possible to define such objects as macros,and then prove algebraic equalities between them, that we then add as auxiliary lemmas to beused by the automated provers. The use of HOPS gives us the possibility to specify —and prove—equalities parametrized by problem instances. This is for instance used extensively in the proof ofthe Grover specification. The Qbricks framework described so far is implemented as a DSL embedded inside the Why3deductive verification platform [11, 28], written in the WhyML programming language. Thisallows us to benefit from several strengths of Why3, such as efficient code extraction toward Ocaml,generation of proof obligations (to implement the HQHL mechanism) and access to several proofmeans. Indeed, a dedicated interface enables direct access to proof obligations and either send themto a set of automatic SMT-solvers (CBC4, Alt-Ergo, Z3, etc.), or enter a number of interactive prooftransformation commands (calls for lemmas or hypotheses, term substitutions, etc.) or even sendthem towards proof assistants (Coq, Isabelle/HOL) —we do not use this option in our case-studies.The development itself counts 17,000+ lines of code, including 400+ definitions and 1700+ lemmas,all proved within Why3. Most of the development concerns the (verified) mathematical libraries(14,000+ loc for a total of 17,000+ loc —see Table 23 in Appendix, Section E). They cover the Implementation statistics and description of mathematical libraries can be found in Appendix, Section E. mathematical structures at stake in quantum computing (complex, Kronecker product, bit-vectors,etc.), together with a formally verified collection of mathematical results concerning them. Theycount 14,000+ lines of code: 300+ definitions, 1600+ lemmas and 32 axiomatic definitions.
Thanks to our implementation of Qbricks, we could develop and prove parametric implementationsof several emblematic quantum algorithms, namely Grover search, QFT, QPE and Shor-OF. We alsoimplemented Deutsch-Jozsa for the sake of comparison with prior work.
Before discussing the experimental evaluation in Section 9.2, let us firstintroduce our implementations of QPE, Shor-OF and Grover algorithms . Quantum Phase Estimation (QPE).
Developed by Cleve et al. [17], Kitaev [45], this procedureinputs a unitary operator U and an eigenvector | v ⟩ of U and finds the eigenvalue e πi Φ v associatedwith | v ⟩ . It is a central piece in many emblematic algorithms, such as quantum simulation [30] orHHL algorithm [36] – resolution of linear systems of equations in time PolyLog. We implementedtwo different versions of QPE: • In the first case ( core case ) we assume that Φ v admits a binary writing with n bits. Then thereis φ v ∈ (cid:74) , n (cid:74) such that Φ v = φ v n , and the eigenvalue associated with | v ⟩ is e πi Φ v (alsowritten ω φ v n ). The goal is to seek this value φ v and the algorithm deterministically outputsthis value. • In the second version ( general case ), no assumption is made over Φ v which can take anyreal value such that 0 ≤ Φ <
1. The goal is to seek the value k ∈ (cid:74) , n (cid:74) that minimizes thedistance Φ − k n (modulo 1). The output of the algorithm is non deterministic. The provedspecification is that it outputs k with probability at least π . Shor [66]’s algorithm.
Certainly the most emblematic of all quantum algorithms, it implementsinteger factoring by polynomial reduction to Order Finding. The quantum circuit —the quantumpart of the algorithm, the one we are certifying— consists in an application of QPE to the unitaryoperator U : | y ⟩ → | x · y mod N ⟩ . We developed a certified concrete implementation following theimplementation proposed in [6] —a reference in term of complexity. Besides proving the functionalrequirements of the order-finding problem (including achieving it with probability O ( ) ), we alsoprove some appreciable complexity results : our implementation requires applying O ( Log ( N )) quantum gates and requires 4 Log ( N ) + Grover search algorithm.
Developed by Grover [34], in its first version, it enables to find adistinguished element in an unstructured data base with a quadratic speedup with regards to thebest known equivalent classical approaches. It was then generalized by Boyer et al. [13] to thesimilar problem with a parameterized number k of distinguished elements. We implemented thismost general case, without any restriction over k . In addition to QPE, Shor-OF and Grover algorithm, we also con-sider implementations of the Quantum Fourier Transform (QFT) and the Deutsch-Josza algorithm.
We have been successful on all the cases, providing the first verified parametric implementation ofQFT, QPE, Shor-OF and Grover . More details can be found in Appendix, Section F.1. A further refinement is possible by, as indicated in [6], using an hybrid version of the Quantum Fourier Transform, but itwould require adding effective measure operation and classical control to Qbricks.
Deductive Verification Framework for Circuit-building Quantum Programs 23
Different metrics about our formal developments are reported in Table 15 : lines of decoratedcode, lemmas, proof obligations (PO), automatically proven PO (within time limit 5 seconds),remaining POs and the number of interactive commands we entered to discharge them – this lastmetric is detailed in Table 29 in Appendix, Section F.2.Note that metrics for each implementation strictly concern the code that is proper to it (eg., QPEcontains calls to QFT but QPE line in Table 15 does not include the QFT implementation. Similarly,Shor-OF calls both QPE and QFT) – the whole Shor-OF development is reported in the “Shor-OFfull” row and row “Total” sums it with lines DJ and Grover. Table 15. Implementation & verification for case studies with Qbricks
Result.
Qbricks did allow us to implement and verify in a parametric manner the Shor-OF, QPE andGrover algorithms, at a rather smooth cost and with high proof automation (94% in average, 95% forfull Shor-OF).
Interestingly, it should be noted that while Grover relies on mechanisms and arguments signifi-cantly different from those of QPE or Shor-OF, we were able to implement, specify and prove itwithout adding anything new to Qbricks – demonstrating the genericity of our approach.A last interesting observation concerns the time we spent on the different implementationsof these case studies, given in chronological order: 1.5 person.year to build Qbricks and be ableto implement, specify and prove QFT and a restricted case of QPE – 1 person.day for DJ – 2person.weeks for each of QPE (full case) and Grover – and finally 10 person.days to add Shor-OFon top of QPE. Considering how significantly the initial development effort factorizes over furtherdevelopments, we have good reasons to believe that Qbricks provides a generic and convenientenvironment for specifying, developing and proving quantum programs in a reasonably fast andeasy way.
Table 30 in Appendix (Section F.2) provides a summary ofthe comparison with these preexisting formal verification efforts for quantum programs.
Regular path-sums.
Amy [1, 2] uses path sums for the verification of several circuits of complexitysimilar to that of QFT (QFT, Hidden shift, Toffoli generalized, etc). Yet, these experiments considerfixed circuits (up to 100 qubits) and the technique cannot be applied to parametric families ofcircuits or circuit-building languages. Experiments were run on Linux, on a PC equipped with an Intel(R) Core(TM) i7-7820HQ 2.90GHz and 15 GB RAM. Weused Why3 version 1.2.0 with solvers Alt-Ergo-2.2.0, CVC 3-2.4.1, CVC4-1.0, Z3-4.4.1.
QHL.
Liu et al. [50] report about the parametric verification of Grover search algorithm, on a restricted case and in the high-level algorithm description formalism of QHL – especially QHL hasno notion of circuit. Interestingly, the generic verification of our low-level implementation is 5 × smaller than theirs: 3184 total lines vs 583 total lines (416 lines + 167 commands). Qwire.
Finally, Hietala et al. [37] have presented in their 2019 preprint a fully verified parametric(circuit-building) implementation of the Deutsch-Josza algorithm in Coq. This implementation isgiven two independent correction proofs. As already pointed out, DJ is more a standard teachingexample (with no practical application) than a representative quantum algorithm – roughly speaking,10 × smaller than Grover and 20 × smaller than (full) Shor-OF. Moreover, our development requiressignificantly less efforts than theirs: less code (53 vs 74 lines) and 5.5 × less proof commands (39 vs222) for their textbook-style version – the one closest to our own version . It appears that Qbricks provides a powerful framework for the development offormally verified parametric implementations of realistic quantum algorithms, setting up a newbaseline in terms of quantum program formal proofs and achieving high scores in terms of proofautomation.
10 RELATED WORKS
Formal verification of quantum circuits.
In the last couple of years, several efforts have beenled toward introducing formal methods in quantum programming. Prior efforts regarding quantumcircuit verification [1, 2, 12, 29, 50, 58, 61, 63, 76] have been described throughout the paper,especially in Sections 1, 3 and 9.
We build on top of these seminal works and propose the first deductive verification framework forcircuit-building quantum programs – the current consensus in quantum programming languages,featuring clear separation between code & proof, parametric specifications & proofs and a high degreeof proof automation.
Especially, our technique is more automated than those based on interactive proving [37, 63]thanks to the new HQHL Hoare-style deduction system, borrows and extends the path sumrepresentation [2] to the parametric case, and do consider a circuit-building language rather than ahigh-level algorithm description language [50].
Quantum Languages and Deductive Verification.
Liu et al. [50] introduce Quantum HoareLogic for high-level description of quantum algorithms. QHL and our own HQHL are very different,as the underlying formalisms are very different. Combining the two approaches on a combinedformalism is an exciting research direction.
Optimized compilation of circuits.
Formal methods and other program analysis techniques arealso used in quantum compilation, in order to build highly optimized circuits [3, 8, 35, 38, 57, 62, 67].This is a crucial current research area. Indeed, the quantum hardware available in the near future isexpected to be highly constrained in terms of qubits, connectivity and quality: the so-called NISQera [55, 59, 71].Especially, the ZX-calculus [18] represents quantum circuits by diagrams, amenable to automaticsimplification through dedicated rewriting rules. This framework leads to a graphical proof assis-tant [44] geared at certifying the semantic equivalence between circuit diagrams, with applicationto circuit equivalence checking and certified circuit compilation and optimization [21, 22, 43]. Yet, Given a predicate value with k true value in (cid:74) , n (cid:74) , Grover algorithm outputs one of these true values with good probability.The case in [50, p. 232] concerns cases where k = j for a given integer j . We still have a strong gain over their optimized encoding in terms of proof commands (39 vs 112), while roughly equivalentfor code (53 vs 59 lines).
Deductive Verification Framework for Circuit-building Quantum Programs 25
ZX-calculus is restricted to fixed circuits and cannot handle parametrized families of circuits orcircuit-building languages.
Other quantum applications of formal methods.
Huang et al. [40, 41] proposes a “runtime-monitoring like” verification method for quantum circuits, with an annotation language restrictedto structural properties of interest (e.g., superposition or entanglement). Verification of theseassertions is led by statistical testing instead of formal proofs. The recent Silq language [10] alsorepresents an advance in the way toward automation in quantum programming. It automatizesuncomputation operations, enabling the programmer to abstract from low level implementationdetails. Another line of research is concerned with the development of specialized type systemsfor quantum programming languages. In particular, frameworks based on linear logic [48, 64, 65]and dependent types [56, 58] have been developed to tackle the non-duplicability of qubits and theconstraints on the structure of circuits. Finally, formal methods are also at stake for the verificationof protocols using quantum information, such as cryptographic protocols [14, 20, 31, 52, 53].
11 CONCLUSION
We have presented Qbricks, the first formal verification environment for circuit-building quantumprograms – featuring clear separation between code and proof, parametric specifications and proofs,high degree of proof automation and allowing to encode quantum programs in a natural way. Webuild on best practices of formal verification for the classical case and tailor them to the quantumcase. Especially, while relying on the general framework of deductive verification, we design a newdomain-specific circuit-building language Qbricks-DSL for quantum programs together with a newlogical specification language Qbricks-Spec and the novel Hybrid Quantum Hoare Logic. Finally,we introduce and intensively build upon higher-order path sums (HOPS), a symbolic representationconvenient for both specification (parametricity) and automation (closure).In order to demonstrate the interest of the full framework, we develop the first verified parametricimplementations of three famous non-trivial quantum algorithms (namely Shor-OF, QPE and Groversearch), proving by fact that applying formal verification to realistic (circuit-building) quantumprograms is possible and should be further developed.
REFERENCES [1] Matthew Amy. 2019.
Formal Methods in Quantum Circuit Design . Ph.D. Dissertation. University of Waterloo, Ontario,Canada. http://hdl.handle.net/10012/14480[2] Matthew Amy. 2019. Towards Large-scale Functional Verification of Universal Quantum Circuits. In
Proceedings 15thInternational Conference on Quantum Physics and Logic, QPL 2018 (Electronic Proceedings in Theoretical Computer Science) ,Peter Selinger and Giulio Chiribella (Eds.), Vol. 287. EPTCS, Halifax, Canada, 1–21. https://doi.org/10.4204/EPTCS.287.1[3] Matthew Amy, Martin Roetteler, and Krysta M. Svore. 2017. Verified Compilation of Space-Efficient Reversible Circuits.In
Proceedings of the 29th International Conference on Computer Aided Verification (CAV 2017), Part II (Lecture Notesin Computer Science) , Rupak Majumdar and Viktor Kuncak (Eds.), Vol. 10427. Springer, Heidelberg, Germany, 3–21.https://doi.org/10.1007/978-3-319-63390-9_1[4] Frank Arute, Kunal Arya, Ryan Babbush, Dave Bacon, Joseph C. Bardin, Rami Barends, Rupak Biswas, Sergio Boixo,Fernando G. S. L. Brandao, David A. Buell, et al. 2019. Quantum supremacy using a programmable superconductingprocessor.
Nature
Commun. ACM
54, 6 (2011), 81–91. https://doi.org/10.1145/1953122.1953145[6] Stephane Beauregard. 2002. Circuit for Shor’s algorithm using 2n+ 3 qubits. arXiv preprint quant-ph/0205095 (2002).[7] Patrick Behm, Paul Benoit, Alain Faivre, and Jean-Marc Meynadier. 1999. Météor: A Successful Application of B in aLarge Project. In
Proceedings of the World Congress on Formal Methods in the Development of Computing Systems (FM’99),Volume I (Lecture Notes in Computer Science) , Jeannette M. Wing, Jim Woodcock, and Jim Davies (Eds.), Vol. 1708.Springer, Toulouse, France, 369–387. https://doi.org/10.1007/3-540-48119-2_22[8] Debjyoti Bhattacharjee, Mathias Soeken, Srijit Dutta, Anupam Chattopadhyay, and Giovanni De Micheli. 2019.Reversible Pebble Games for Reducing Qubits in Hierarchical Quantum Circuit Synthesis. In
Proceedings of the49th IEEE International Symposium on Multiple-Valued Logic (ISMVL 2019) . IEEE, Fredericton, NB, Canada, 102–107.https://doi.org/10.1109/ISMVL.2019.00026[9] Jacob Biamonte, Peter Wittek, Nicola Pancotti, Patrick Rebentrost, Nathan Wiebe, and Seth Lloyd. 2017. Quantummachine learning.
Nature
Proceedings of the 41st ACM SIGPLAN International Conference onProgramming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020 , Alastair F. Donaldson andEmina Torlak (Eds.). ACM, 286–300. https://doi.org/10.1145/3385412.3386007[11] François Bobot, Jean-Christophe Filliâtre, Claude Marché, and Andrei Paskevich. 2011. Why3: Shepherd Your Herd ofProvers. In
Proceedings of Boogie 2011: First International Workshop on Intermediate Verification Languages , Wroclaw,Poland, 53–64. Available online as hal-00790310 .[12] Jaap Boender, Florian Kammüller, and Rajagopal Nagarajan. 2015. Formalization of Quantum Protocols using Coq.In
Proceedings of the 12th International Workshop on Quantum Physics and Logic (QPL 2015) (Electronic Proceedings inTheoretical Computer Science) , Chris Heunen, Peter Selinger, and Jamie Vicary (Eds.), Vol. 195. EPTCS, Oxford, UK,71–83. https://doi.org/10.4204/EPTCS.195.6[13] Michel Boyer, Gilles Brassard, Peter Høyer, and Alain Tapp. 1998. Tight bounds on quantum searching.
Fortschritte derPhysik: Progress of Physics
46, 4-5 (1998), 493–505.[14] Anne Broadbent. 2018. How to Verify a Quantum Computation.
Theory of Computing
14, 1 (2018), 1–37. https://doi.org/10.4086/toc.2018.v014a011[15] Isaac L Chuang, Neil Gershenfeld, and Mark Kubinec. 1998. Experimental implementation of fast quantum searching.
Physical review letters
80, 15 (1998), 3408. https://doi.org/10.1103/PhysRevLett.80.3408[16] Edmund M. Clarke and Jeannette M. Wing. 1996. Formal Methods: State of the Art and Future Directions.
ACMComputing Surveys (CSUR)
28, 4 (1996), 626–643. https://doi.org/10.1145/242223.242257[17] Richard Cleve, Artur Ekert, Chiara Macchiavello, and Michele Mosca. 1998. Quantum algorithms revisited.
Proceedingsof the Royal Society of London. Series A: Mathematical, Physical and Engineering Sciences
Picturing quantum processes . Cambridge University Press, Cambridge, UnitedKingdom.[19] Pascal Cuoq, Florent Kirchner, Nikolai Kosmatov, Virgile Prevosto, Julien Signoles, and Boris Yakobowski. 2012.Frama-C - A Software Analysis Perspective. In
Proceedings of the 10th International Conference on Software Engineeringand Formal Methods (SEFM 2012) (Lecture Notes in Computer Science) , George Eleftherakis, Mike Hinchey, and MikeHolcombe (Eds.), Vol. 7504. Springer, Thessaloniki, Greece, 233–247. https://doi.org/10.1007/978-3-642-33826-7_16[20] Timothy AS Davidson. 2012.
Formal verification techniques using quantum process calculus . Ph.D. Dissertation.University of Warwick.
Deductive Verification Framework for Circuit-building Quantum Programs 27 [21] Niel de Beaudrap, Ross Duncan, Dominic Horsman, and Simon Perdrix. 2019. Pauli Fusion: a computational model torealise quantum transformations from ZX terms. (2019). Available online as arXiv:1904.12817.[22] Andrew Fagan and Ross Duncan. 2018. Optimising Clifford Circuits with Quantomatic. In
Proceedings of the 15thInternational Conference on Quantum Physics and Logic (QPL 2018) (Electronic Notes In Theoretical Computer Science) ,Peter Selinger and Giulio Chiribella (Eds.), Vol. 287. EPTCS, Halifax, Canada, 85–105. https://doi.org/10.4204/EPTCS.287.5[23] Edward Farhi, Jeffrey Goldstone, and Sam Gutmann. 2014. A quantum approximate optimization algorithm. (2014).Available online as arXiv:1411.4028 .[24] Edward Farhi, Jeffrey Goldstone, Sam Gutmann, Joshua Lapan, Andrew Lundgren, and Daniel Preda. 2001. A quantumadiabatic evolution algorithm applied to random instances of an NP-complete problem.
Science
International Journal of Theoretical Physics
21, 6–7(1982), 467–488. https://doi.org/10.1007/BF02650179[26] Jean-Christophe Filliâtre. 2011. Deductive software verification.
STTT
13, 5 (2011), 397–403. https://doi.org/10.1007/s10009-011-0211-0[27] Jean-Christophe Filliâtre and Claude Marché. 2007. The Why/Krakatoa/Caduceus Platform for Deductive ProgramVerification. In
Proceedings of the 19th International Conference on Computer Aided Verification (CAV 2007) (LectureNotes in Computer Science) , Werner Damm and Holger Hermanns (Eds.), Vol. 4590. Springer, Berlin, Germany, 173–177.https://doi.org/10.1007/978-3-540-73368-3_21[28] Jean-Christophe Filliâtre and Andrei Paskevich. 2013. Why3 - Where Programs Meet Provers. In
Proceedings of the22nd European Symposium on Programming Languages and Systems (ESOP 2013), Held as Part of the European JointConferences on Theory and Practice of Software (ETAPS 2013) (Lecture Notes in Computer Science) , Matthias Felleisen andPhilippa Gardner (Eds.), Vol. 7792. Springer, Rome, Italy, 125–128. https://doi.org/10.1007/978-3-642-37036-6_8[29] Simon J. Gay, Rajagopal Nagarajan, and Nikolaos Papanikolaou. 2008. QMC: A Model Checker for Quantum Systems.In
Proceeding of the 20th International Conference on Computer Aided Verification (CAV 2008) (Lecture Notes in ComputerScience) , Aarti Gupta and Sharad Malik (Eds.), Vol. 5123. Springer, Princeton, NJ, USA, 543–547. https://doi.org/10.1007/978-3-540-70545-1_51[30] Iulia M Georgescu, Sahel Ashhab, and Franco Nori. 2014. Quantum Simulation.
Reviews of Modern Physics
86, 1 (2014),153. https://doi.org/10.1103/RevModPhys.86.153[31] Alexandru Gheorghiu, Theodoros Kapourniotis, and Elham Kashefi. 2019. Verification of quantum computation: Anoverview of existing approaches.
Theory of Computing Systems
63, 4 (2019), 715–808. https://doi.org/10.1007/s00224-018-9872-3[32] Georges Gonthier. 2008. Formal Proof — the Four-Color Theorem.
Notices of the AMS
Proceedings of the ACM SIGPLAN Conference on Programming Language Designand Implementation, (PLDI’13) , Hans-Juergen Boehm and Cormac Flanagan (Eds.). ACM, Seattle, WA, USA, 333–342.https://doi.org/10.1145/2491956.2462177[34] Lov K. Grover. 1996. A Fast Quantum Mechanical Algorithm for Database Search. In
Proceedings of the Twenty-EighthAnnual ACM Symposium on the Theory of Computing (STOC) , Gary L. Miller (Ed.). ACM, Philadelphia, Pennsylvania,USA, 212–219. https://doi.org/10.1145/237814.237866[35] W. Haaswijk, M. Soeken, A. Mishchenko, and G. De Micheli. 2019. SAT-Based Exact Synthesis: Encodings, TopologyFamilies, and Parallelism. (2019). To apprear in
IEEE Transactions on Computer-Aided Design of Integrated Circuits andSystems , https://doi,org/10.1109/TCAD.2019.2897703.[36] Aram W. Harrow, Avinatan Hassidim, and Seth Lloyd. 2009. Quantum Algorithm for Linear Systems of Equations.
Physical Review Letters
103 (Oct 2009), 150502. Issue 15. https://doi.org/10.1103/PhysRevLett.103.150502[37] Kesha Hietala, Robert Rand, Shih-Han Hung, Xiaodi Wu, and Michael Hicks. 2019. Verified Optimization in a QuantumIntermediate Representation. (2019). Available as arXiv:1904.06319.[38] Kesha Hietala, Robert Rand, Shih-Han Hung, Xiaodi Wu, and Michael Hicks. 2019. A Verified Optimizer for QuantumCircuits. (2019). Available as arXiv:1912.02250v1;.[39] C. A. R. Hoare. 1969. An Axiomatic Basis for Computer Programming.
Commun. ACM
12, 10 (1969), 576–580.https://doi.org/10.1145/363235.363259[40] Yipeng Huang and Margaret Martonosi. 2018. QDB: From Quantum Algorithms Towards Correct Quantum Programs.In
Proceedings of the 9th Workshop on Evaluation and Usability of Programming Languages and Tools (PLATEAU@SPLASH2018) (OpenAccess Series in Informatics (OASIcs)) , Titus Barik, Joshua Sunshine, and Sarah Chasins (Eds.), Vol. 67.Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Boston, Massachusetts, USA, 4:1–4:14. https://doi.org/10.4230/OASIcs.PLATEAU.2018.4 [41] Yipeng Huang and Margaret Martonosi. 2019. Statistical assertions for validating patterns and finding bugs in quantumprograms. In
Proceedings of the 46th International Symposium on Computer Architecture (ISCA 2019) , Srilatha BobbieManne, Hillery C. Hunter, and Erik R. Altman (Eds.). ACM, Phoenix, AZ, USA, 541–553. https://doi.org/10.1145/3307650.3322213[42] IBM Blog. 2019. On Quantum Supremacy. Blog Article .[43] Aleks Kissinger and John van de Wetering. 2019. Reducing T-count with the ZX-calculus. (2019). Available online asarXiv:1903.10477.[44] Aleks Kissinger and Vladimir Zamdzhiev. 2015. Quantomatic: A Proof Assistant for Diagrammatic Reasoning. In Proceedings for the 25th International Conference on Automated Deduction (CADE-25) (Lecture Notes in Computer Science) ,Amy P. Felty and Aart Middeldorp (Eds.), Vol. 9195. Springer, Berlin, Germany, 326–336. https://doi.org/10.1007/978-3-319-21401-6_22[45] A Yu Kitaev. 1995. Quantum measurements and the Abelian stabilizer problem. (1995). Available online as arXiv:quant-ph/9511026 .[46] Gerwin Klein, June Andronick, Kevin Elphinstone, Gernot Heiser, David Cock, Philip Derrin, Dhammika Elkaduwe,Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2010. seL4:formal verification of an operating-system kernel.
Communication of the ACM
53, 6 (2010), 107–115. https://doi.org/10.1145/1743546.1743574[47] Emmanuel Knill. 1996.
Conventions for quantum pseudocode . Technical Report. Los Alamos National Lab., NM (UnitedStates).[48] Ugo Dal Lago, Andrea Masini, and Margherita Zorzi. 2010. Quantum implicit computational complexity.
TheoreticalComputer Science
The CompCert verified compiler. Documentation and user’s manual . INRIA Paris-Rocquencourt.[50] Junyi Liu, Bohua Zhan, Shuling Wang, Shenggang Ying, Tao Liu, Yangjia Li, Mingsheng Ying, and Naijun Zhan. 2019.Formal Verification of Quantum Algorithms Using Quantum Hoare Logic. In
Computer Aided Verification , Isil Dilligand Serdar Tasiran (Eds.). Springer International Publishing, Cham, 187–207.[51] Tao Liu, Yangjia Li, Shuling Wang, Mingsheng Ying, and Naijun Zhan. 2016. A Theorem Prover for Quantum HoareLogic and Its Applications. (2016). Available as arXiv:1601.03835 .[52] Urmila Mahadev. 2018. Classical Verification of Quantum Computations. In
Proceedings of the 59th IEEE AnnualSymposium on Foundations of Computer Science (FOCS 2018) , Mikkel Thorup (Ed.). IEEE Computer Society, Paris, France,259–267. https://doi.org/10.1109/FOCS.2018.00033[53] Rajagopal Nagarajan and Simon Gay. 2002. Formal verification of quantum protocols. (2002). Available online as arXiv:quant-ph/0203086 .[54] Michael A. Nielsen and Isaac Chuang. 2002.
Quantum computation and quantum information . Cambridge UniversityPress, Cambridge, United Kingdom.[55] Alexandru Paler. 2017. On the Influence of Initial Qubit Placement During NISQ Circuit Compilation. In
Proceedingsof the First International Workshop on Quantum Technology and Optimization Problems (QTOPNetSys 2019) (LectureNotes in Computer Science) , Sebastian Feld and Claudia Linnhoff-Popien (Eds.), Vol. 11413. Springer, Munich, Germany,207–217. https://doi.org/10.1007/978-3-030-14082-3_18[56] Luca Paolini, Mauro Piccolo, and Margherita Zorzi. 2019. qPCF: Higher-Order Languages and Quantum Circuits.
Journal of Automated Reasoning
63, 4 (Dec 2019), 941–966. https://doi.org/10.1007/s10817-019-09518-y[57] Alex Parent, Martin Roetteler, and Krysta M. Svore. 2017. REVS: A Tool for Space-Optimized Reversible CircuitSynthesis. In
Proceedings of the 9th International Conference on Reversible Computation (RC 2017) (Lecture Notes inComputer Science) , Iain Phillips and Hafizur Rahaman (Eds.), Vol. 10301. Springer, Kolkata, India, 90–101. https://doi.org/10.1007/978-3-319-59936-6_7[58] Jennifer Paykin, Robert Rand, and Steve Zdancewic. 2017. QWIRE: a Core Language for Quantum Circuits. In
Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’17) , GiuseppeCastagna and Andrew D. Gordon (Eds.). ACM, Paris, France, 846–858. https://doi.org/10.1145/3009837.3009894[59] John Preskill. 2018. Quantum Computing in the NISQ era and beyond.
Quantum .[61] Robert Rand. 2018. Formally Verified Quantum Programming . Ph.D. Dissertation. University of Pennsylvania.[62] Robert Rand, Jennifer Paykin, Dong-Ho Lee, and Steve Zdancewic. 2018. ReQWIRE: Reasoning about ReversibleQuantum Circuits. In
Proceedings 15th International Conference on Quantum Physics and Logic (QPL 2018) (Electronic https://quantumcomputingreport.com/resources/tools/ Deductive Verification Framework for Circuit-building Quantum Programs 29
Proceedings in Theoretical Computer Science) , Peter Selinger and Giulio Chiribella (Eds.), Vol. 287. EPTCS, Halifax,Canada, 299–312. https://doi.org/10.4204/EPTCS.287.17[63] Robert Rand, Jennifer Paykin, and Steve Zdancewic. 2017. QWIRE Practice: Formal Verification of Quantum Circuitsin Coq. In
Proceedings 14th International Conference on Quantum Physics and Logic (QPL 2017) (Electronic Proceedings inTheoretical Computer Science) , Bob Coecke and Aleks Kissinger (Eds.), Vol. 266. EPTCS, Nijmegen, The Netherlands,119–132. https://doi.org/10.4204/EPTCS.266.8[64] Neil J. Ross. 2015.
Algebraic and Logical Methods in Quantum Computation . Ph.D. Dissertation. Dalhousie University.[65] Peter Selinger and Benoît Valiron. 2006. A Lambda Calculus for Quantum Computation with Classical Control.
Mathematical Structures in Computer Science
16 (2006), 527–552.[66] Peter W. Shor. 1994. Algorithms for Quantum Computation: Discrete Log and Factoring. In
Proceedings of the 35thAnnual Symposium on Foundations of Computer Science (FOCS’94) . IEEE, IEEE Computer Society Press, Santa Fe, NewMexico, US., 124–134. https://doi.org/10.1109/SFCS.1994.365700[67] Mathias Soeken, Thomas Häner, and Martin Roetteler. 2018. Programming Quantum Computers Using DesignAutomation. (2018). Available online as arXiv:1803.01022 .[68] Damian S. Steiger, Thomas Häner, and Matthias Troyer. 2018. ProjectQ: an open source software framework forquantum computing.
Quantum arXiv:1803.00652 .[70] Krysta M. Svore and Matthias Troyer. 2016. The Quantum Future of Computation.
IEEE Computer
49, 9 (2016), 21–030.https://doi.org/10.1109/MC.2016.293[71] Swamit S. Tannu and Moinuddin K. Qureshi. 2019. Not All Qubits Are Created Equal: A Case for Variability-AwarePolicies for NISQ-Era Quantum Computers. In
Proceedings of the Twenty-Fourth International Conference on ArchitecturalSupport for Programming Languages and Operating Systems, (ASPLOS 2019) , Iris Bahar, Maurice Herlihy, Emmett Witchel,and Alvin R. Lebeck (Eds.). ACM, Providence, RI, USA, 987–999. https://doi.org/10.1145/3297858.3304007[72] Benoît Valiron, Neil J. Ross, Peter Selinger, Dana Scott Alexander, and Jonathan M. Smith. 2015. Programming thequantum future.
Commun. ACM
58, 8 (2015), 52–61. https://doi.org/10.1145/2699415[73] Dave Wecker and Krysta M Svore. 2014. LIQUi |⟩ : A software design architecture and domain-specific language forquantum computing. (2014). Available online as arXiv:1402.4467 .[74] Mingsheng Ying. 2011. Floyd-hoare logic for quantum programs. ACM Transactions on Programming Languages andSystems (TOPLAS)
33, 6 (2011), 19:1–19:49. https://doi.org/10.1145/2049706.2049708[75] Mingsheng Ying. 2019. Toward automatic verification of quantum programs.
Formal Aspects of Computing
31, 1 (2019),3–25. https://doi.org/10.1007/s00165-018-0465-3[76] Mingsheng Ying, Yangjia Li, Nengkun Yu, and Yuan Feng. 2014. Model-Checking Linear-Time Properties of QuantumSystems.
ACM Transactions on Computational Logic
15, 3 (2014), 22:1–22:31. https://doi.org/10.1145/2629680[77] Mingsheng Ying, Shenggang Ying, and Xiaodi Wu. 2017. Invariants of quantum programs: characterisations andgeneration. In
Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2017) .ACM, Paris, France, 818–832. http://dl.acm.org/citation.cfm?id=3009840
A MATRIX SEMANTICS FOR GATES
The following Table gives the matrix semantics for gates that are used in this article, bringingcomplements to Section 5.1.
CNOT SWAP ID H Ph ( n ) R z ( n ) (cid:169)(cid:173)(cid:173)(cid:173)(cid:171) (cid:170)(cid:174)(cid:174)(cid:174)(cid:172) (cid:169)(cid:173)(cid:173)(cid:173)(cid:171) (cid:170)(cid:174)(cid:174)(cid:174)(cid:172) (cid:18) (cid:19) √ (cid:18) − (cid:19) (cid:32) e iπ n e iπ n (cid:33) (cid:32) e − iπ n e iπ n (cid:33) Table 16. Matrix semantics for gates
B COMPLETE DEDUCTION RULES FOR RELATION ( _ ▷ _ ) In this section we first introduce some additional definitions and notations about bit-vectors andkets, completing Section 6.1. Here and in the following we commit the abuse to treat boolean values tt and ff as, respectively, 0 and 1, omitting the call for the required cast function. B.1 Additional notations and definitions for bit-vectors and kets.
Bit vectors.
Type bitvector is an opaque type with two operators bv_length : bitvector → intbv_get : bitvector → int → int and invariants Γ , (cid:174) x : bitvector ⊢ {⊤} bv_length ((cid:174) x ) { result ≥ } Γ , (cid:174) x : bitvector , i : int ⊢ { i ∈ (cid:74) , bv_length ((cid:174) x ) (cid:74) } bv_get ((cid:174) x , i ) { result ∈ (cid:74) , (cid:74) } We usually abbreviate bv_get ((cid:174) x , i ) by (cid:174) x i . Type bitvector is given with constructors bv_set and bv_cst Let f be an integer function with values in { , } and let n be a positive integer. Thenwe define make_bv ( f , n ) as the sequence ( f ( ))( f ( )) . . . ( f ( n − )) . Formally, let us first introducepredicate binary : Γ , f : int → int , i : int ⊢ def { i ∈ (cid:74) , s (cid:74) } binary s ( f ) { result = f ( i ) ∈ (cid:74) , (cid:74) } then: Γ , f int → int , i : int ⊢{ i ∈ (cid:74) , s (cid:74) , binary s ( f )} make_bv ( f , s ) { bv_length ( result ) = s ∧ result i = f ( i )} We also define concatenation of bit vectors (cid:174) x and (cid:174) y . It satisfies: Γ , (cid:174) x , (cid:174) y , i : int : bitvector ⊢ {⊤} concat ((cid:174) x , (cid:174) y ) (cid:26) bv_length ( result ) = bv_length ((cid:174) x ) + bv_length ((cid:174) y ) (cid:27) { i ∈ (cid:74) , bv_length ((cid:174) x ) (cid:74) } concat ((cid:174) x , (cid:174) y ) { result i = (cid:174) x i } (cid:26) i ∈ (cid:75) bv_length ((cid:174) x ) , bv_length ((cid:174) x ) + bv_length ((cid:174) y ) (cid:75) (cid:27) concat ((cid:174) x , (cid:174) y ) { result i = (cid:174) y i − bv_length ((cid:174) x ) } Let (cid:174) x be a bit vector and let i , j integers (cid:74) , bv_length ((cid:174) x ) such that i < j , then we introducesections of (cid:174) x in, respectively, (cid:74) , i (cid:74) , (cid:74) i + , bv_length (cid:174) x (cid:74) and (cid:74) i + , j (cid:74) . They satisfy the followingrules: Deductive Verification Framework for Circuit-building Quantum Programs 31 Γ , (cid:174) x : bitvector , i , j , k : int ⊢ (cid:110) j ∈ (cid:74) , bv_length ((cid:174) x ) (cid:74) k ∈ (cid:74) , bv_length ((cid:174) x − i ) (cid:74) (cid:111) (cid:174) x ↿ i (cid:110) bv_length ( result ) = (cid:174) x − i result k = (cid:174) x k + i (cid:111) , (cid:110) j ∈ (cid:74) , bv_length ((cid:174) x ) (cid:74) k ∈ (cid:74) , j (cid:74) (cid:111) (cid:174) x j ↾ (cid:110) bv_length ( result ) = j , result k = (cid:174) x k (cid:111)(cid:40) i ∈ (cid:74) , bv_length ((cid:174) x ) (cid:74) j ∈ (cid:74) i , bv_length ((cid:174) x ) (cid:74) k ∈ (cid:74) , bv_length ( j − i ) (cid:74) (cid:41) (cid:174) x ↿ i ; j ↾ (cid:110) bv_length ( result ) = i − j result k = (cid:174) x k + j (cid:111) At last we introduce two functions bv_to_int and int_to_bv , from bit vectors to integers andback, enabling the interpretation of a bit vector as a binary integer : Γ , x : bitvector ⊢{⊤} bv_to_int ((cid:174) x ) { result = (cid:205) bv_length ((cid:174) x )− k = (cid:174) x k ∗ bv_length ((cid:174) x )− k − } Γ , x : bitvector , k , n , i : int ⊢{ ≤ n , k ∈ (cid:74) , n (cid:74) , i ∈ (cid:74) , n (cid:74) } int_to_bv ( k , n ) (cid:110) bv_length ( result ) = n result i = div ( mod k n − i + ) (cid:111) B.2 Kets.
Type ket is an opaque type, similar as bit-vectors with complex values. Kets have anumber of cells equal to 2 n , for a positive integer n called its logarithmic length (also called, forsimplicity, its length). They are defined without norm restriction. Usually, we designate kets usingthe standard Dirac notation | v ⟩ n , with n being the logarithmic length of | v ⟩ . We drop this n indexwhen unnecessary.Dirac notation is also used as notation for functions casting integers and bit vectors to kets : let k , n be integers such that k ∈ (cid:74) , n (cid:74) and let (cid:174) x be a bit vector. Then: Γ , k , n , i : int ⊢ { ≤ n , k ∈ (cid:74) , n (cid:74) } | k ⟩ n { ket_length ( result ) = n }{ ≤ n , k ∈ (cid:74) , n (cid:74) } | k ⟩ n { ket_get ( result , k ) = }{ ≤ n , k ∈ (cid:74) , n (cid:74) i ∈ (cid:74) , n (cid:74) i <> k } | k ⟩ n { ket_get ( result , i ) = } Functions + , − , ⊗ are introduced and used the usual way over kets : Γ , | v ⟩ , | w ⟩ : ket , i : int ⊢ {⊤} | v ⟩ ⊗ | w ⟩ (cid:110) ket_length ( result ) = ket_length (| v ⟩) + ket_length (| w ⟩) (cid:111)(cid:110) i ∈ (cid:74) , ket_length (| v ⟩) + ket_length (| w ⟩) (cid:75) (cid:111) | v ⟩ ⊗ | w ⟩ (cid:110) ket_get ( result , i ) = ket_get (| v ⟩ , div i n ) ∗ ket_get (| w ⟩ , mod i n (cid:111) {⊤} | v ⟩ + | w ⟩ { ket_length ( result ) = ket_length (| v ⟩)} (cid:40) i ∈ (cid:74) , ket_length (| v ⟩) (cid:74) ket_length (| v ⟩) = ket_length (| w ⟩) (cid:41) | v ⟩ + | w ⟩ { ket_get ( result , i ) = ket_get (| v ⟩ , i ) + ket_get (| w ⟩ , i ) }{⊤} | v ⟩ − | w ⟩ { ket_length ( result ) = ket_length (| v ⟩)} (cid:40) i ∈ (cid:74) , ket_length (| v ⟩) (cid:74) ket_length (| v ⟩) = ket_length (| w ⟩) (cid:41) | v ⟩ − | w ⟩ { ket_get ( result , i ) = ket_get (| v ⟩ , i ) − ket_get (| w ⟩ , i ) } C DEDUCTIVE RULES FOR RELATION ( _ ▷ _ ) In this section, we complete the introduction of deductive rules for relation ( _ ▷ _ ) from Section 7.2.We first give rules for gates, then rules for composed circuits. C.1 Gates hops characterization predicates.
For any gate in the language, we first introducea specific predicate characterizing an hops for this gate. Predicate hops_had , for Hadamard gate,was given in Section 7.2, below are similar predicates for the additional gates; ID hops_id ( h , (cid:174) x , (cid:174) y ) : = bv_length ((cid:174) x ) = ∧ bv_length ((cid:174) y ) = ) → hops_width ( h ) = ∧ hops_range ( h ) = ∧ hops_angle ( h )((cid:174) x , (cid:174) y ) = ∧ hops_ket ( h )((cid:174) x , (cid:174) y ) = (cid:174) x SWAP hops_swap ( h , (cid:174) x , (cid:174) y ) : = bv_length ((cid:174) x ) = ∧ bv_length ((cid:174) y ) = ) → hops_width ( h ) = ∧ hops_range ( h ) = ∧ hops_angle ( h )((cid:174) x , (cid:174) y ) = ∧ hops_ket ( h )((cid:174) x , (cid:174) y ) = bv_set ( bv_get ((cid:174) x , ) , , bv_get ((cid:174) x , ))) Ph hops_phase ( h , n , (cid:174) x , (cid:174) y ) : = ≤ n ∧ bv_length ((cid:174) x ) = ∧ bv_length ((cid:174) y ) = ) → hops_width ( h ) = ∧ hops_range ( h ) = ∧ hops_angle ( h )((cid:174) x , (cid:174) y ) = e πi n ∧ hops_ket ( h )((cid:174) x , (cid:174) y ) = (cid:174) x Rz hops_rz ( h , n , (cid:174) x , (cid:174) y ) : = ≤ n ∧ bv_length ((cid:174) x ) = ∧ bv_length ((cid:174) y ) = ) → hops_width ( h ) = ∧ hops_range ( h ) = ∧ hops_angle ( h )((cid:174) x , (cid:174) y ) = e (− ) −(cid:174) x ∗ πi n ∧ hops_ket ( h )((cid:174) x , (cid:174) y ) = (cid:174) x CNOT hops_cnot ( h , (cid:174) x , (cid:174) y ) : = ( bv_length ((cid:174) x ) = ∧ bv_length ((cid:174) y ) = ) → hops_width ( h ) = ∧ hops_range ( h ) = ∧ hops_angle ( h )((cid:174) x , (cid:174) y ) = ∧ hops_ket ( h )((cid:174) x , (cid:174) y ) = (cid:174) x · (( − (cid:174) x )(cid:174) x + (cid:174) x ( − (cid:174) x )) C.2 Combining circuits.
We also introduce binary and ternary relations between hops , so as tocharacterize the conditions for relation ( _ ▷ _ ) in combined circuits. This induces one hops relationper circuit combinator: Deductive Verification Framework for Circuit-building Quantum Programs 33
Sequence composition hops_seq ( h , h , h , (cid:174) x , (cid:174) y ) : = (cid:169)(cid:173)(cid:171) bv_length ((cid:174) x ) = hops_width ( h ) , bv_length ((cid:174) y ) = hops_range ( h ) + hops_range ( h )∧ hops_width ( h ) = hops_width ( h )∧ (cid:170)(cid:174)(cid:172) → (cid:169)(cid:173)(cid:173)(cid:173)(cid:173)(cid:173)(cid:171) hops_width ( h ) = hops_width ( h )∧ hops_range ( h ) = hops_range ( h ) + hops_range ( h )∧ (cid:0) hops_angle ( h )((cid:174) x , (cid:174) y ) = hops_angle ( h )((cid:174) x , (cid:174) y hops_range ( h ) ↾ ) + a hops_angle ( h )( hops_ket ( h )((cid:174) x , (cid:174) y hops_range ( h ) ↾ ) , (cid:174) y ↿ hops_range ( h ) ) (cid:1) ∧ (cid:0) hops_ket ( h )((cid:174) x , (cid:174) y ) = hops_ket ( h )( hops_ket ( h )((cid:174) x , (cid:174) y hops_range ( h ) ↾ ) , (cid:174) y ↿ hops_range ( h ) ) (cid:1) (cid:170)(cid:174)(cid:174)(cid:174)(cid:174)(cid:174)(cid:172) Parallel composition hops_par ( h , h , h , (cid:174) x , (cid:174) y ) : = (cid:18) bv_length ((cid:174) x ) = hops_width ( h ) + hops_width ( h )∧ bv_length ((cid:174) y ) = hops_range ( h ) + hops_range ( h ) (cid:19) → (cid:169)(cid:173)(cid:173)(cid:173)(cid:173)(cid:173)(cid:173)(cid:173)(cid:171) hops_width ( h ) = hops_width ( h ) + hops_width ( h )∧ hops_range ( h ) = hops_range ( h ) + hops_range ( h )∧ (cid:0) hops_angle ( h )((cid:174) x , (cid:174) y ) = hops_angle ( h )((cid:174) x hops_width ( h ) ↾ , (cid:174) y hops_range ( h ) ↾ ) + a hops_angle ( h )((cid:174) x ↿ hops_width ( h ) , (cid:174) y ↿ hops_range ( h ) ) (cid:1) ∧ (cid:0) hops_ket ( h )((cid:174) x , (cid:174) y ) = hops_ket ( h )((cid:174) x hops_width ( h ) ↾ , (cid:174) y hops_range ( h ) ↾ )⊗ hops_ket ( h )((cid:174) x ↿ hops_width ( h ) , (cid:174) y ↿ hops_range ( h ) ) (cid:170)(cid:174)(cid:174)(cid:174)(cid:174)(cid:174)(cid:174)(cid:174)(cid:172) Control composition hops_ctl ( h , h , c , (cid:174) x , (cid:174) y ) : = (cid:0) bv_length ((cid:174) x ) = hops_width ( h ) + ∧ bv_length ((cid:174) y ) = hops_range ( h ) (cid:1) → (cid:169)(cid:173)(cid:171) hops_width ( h ) = hops_width ( h ) + ∧ hops_range ( h ) = hops_range ( h ) ∧ (cid:0) hops_angle ( h )((cid:174) x , (cid:174) y ) = (cid:174) x ∗ hops_angle ( h )((cid:174) x ↿ , (cid:174) y ) + ( − (cid:174) x ) (cid:1) ∧ (cid:0) hops_ket ( h )((cid:174) x , (cid:174) y ) = if (cid:174) x = then concat ( bv_cst ( , ) , hops_ket ( h )((cid:174) x ↿ , (cid:174) y )) else (cid:174) x (cid:170)(cid:174)(cid:172) Ancilla composition hops_ancilla ( h , h , (cid:174) x , (cid:174) y ) : = (cid:169)(cid:173)(cid:171) { hops_width ( h ) = hops_width ( h ) − ∧ bv_length ((cid:174) x ) = hops_width ( h ) ∧ bv_length ((cid:174) y ) = hops_range ( h )∧(cid:174) x hops_width ( h − ) = ) → ( hops_ket ( h )((cid:174) x , (cid:174) y )) hops_width ( h − ) = (cid:170)(cid:174)(cid:172) → (cid:169)(cid:173)(cid:171) hops_width ( h ) = hops_width ( h ) − ∧ hops_range ( h ) = hops_range ( h )∧ hops_angle ( h )((cid:174) x , (cid:174) y ) = hops_ket ( h )( concat ((cid:174) x , bv_cst ( , )) , (cid:174) y )∧ concat ( hops_ket ( h )((cid:174) x , (cid:174) y ) , bv_cst ( , )) = hops_angle ( h )( concat ((cid:174) x , bv_cst ( , )) , (cid:174) y ) (cid:170)(cid:174)(cid:172) C.3 Deduction rules.
As introduced in Section 7.2, the characterization predicates introducedso far serve as hypotheses for compositional deduction rules for relation ( ▷ ) . These rules are givenin Table 17. C.4 Circuit size deduction rules.
We end up this section by providing the compositionaldeduction rules for circuit sizes, in Figure 18 :
SWAP and ID gates have size 0, the other gates havesize 1, composing two circuits either in sequence or in parallel adds up their sizes, controlling a Γ , (cid:174) x , (cid:174) y : bitvector ⊢ hops_id ( h , (cid:174) x , (cid:174) y ) id Γ ⊢ ( ID ▷ h ) Γ , (cid:174) x , (cid:174) y : bitvector ⊢ hops_swap ( h , (cid:174) x , (cid:174) y ) swap Γ ⊢ ( SWAP ▷ h ) Γ , (cid:174) x , (cid:174) y : bitvector ⊢ hops_had ( h , (cid:174) x , (cid:174) y ) had Γ ⊢ ( H ▷ h ) Γ , (cid:174) x , (cid:174) y : bitvector ⊢ hops_phase ( p , h , (cid:174) x , (cid:174) y ) phase Γ ⊢ ( Ph ( p ) ▷ h ) Γ , (cid:174) x , (cid:174) y : bitvector ⊢ hops_rz ( p , h , (cid:174) x , (cid:174) y ) rz Γ ⊢ ( R z ( p ) ▷ h ) Γ , (cid:174) x , (cid:174) y : bitvector ⊢ hops_cnot ( h , (cid:174) x , (cid:174) y ) cnot Γ ⊢ ( CNOT ▷ h ) Γ ⊢ ( C ▷ h ) Γ ⊢ ( C ▷ h ) Γ , (cid:174) x , (cid:174) y : bitvector ⊢ hops_seq ( h , h , h , (cid:174) x , (cid:174) y ) seq Γ ⊢ ( SEQ ( C , C ) ▷ h ) Γ ⊢ ( C ▷ h ) Γ ⊢ ( C ▷ h ) Γ , (cid:174) x , (cid:174) y : bitvector ⊢ hops_par ( h , h , h , (cid:174) x , (cid:174) y ) par Γ ⊢ ( PAR ( C , C ) ▷ h ) Γ ⊢ ( C ▷ h ) Γ , ((cid:174) x , (cid:174) y : bitvector ) ⊢ hops_ctl ( h , h , (cid:174) x , (cid:174) y ) ctl Γ ( CTL ( C ) ▷ h ) Γ ⊢ ( C ▷ h ) Γ , ((cid:174) x , (cid:174) y : bitvector ) ⊢ hops_ancilla ( h , h , k , (cid:174) x , (cid:174) y ) ancilla Γ ⊢ ( ANC ( C ) ▷ h ) Γ ⊢ ( C ▷ h ) Γ ⊢ hopsequiv ( h , h ) hosp_subst Γ ⊢ ( C ▷ h ) Fig. 17. Deduction rules for relation ( _ ▷ _ ) circuit raises its size by factor at most constant ctl-size-const and discarding an ancilla qubitdoes not affect the size of a circuit. D REASONING ABOUT HOPS: SPECIAL CIRCUIT SUBCLASSES
In this section, we complement Section 7.4 by presenting reasoning rules dedicated to specific casesof circuits, namely flat and diagonal circuits.
D.1 Flat circuits.
Observe from definitions in Section C.1 that all gates but Hadamard have acorrect hops with hops_range equal to 0. We call an hops with range 0 an hop , and we call thecircuit property of admitting a correct hop being flat .One easily observes that flatness is stable through sequence , parallel , control and ancilla composition. In an hop h , function hops_apply is a pseudo-sum of one term, indexed by the onlybit-vector (cid:174) y of length 0 (written ( (cid:174)· )). Then we defined functions flat_h_ket and flat_h_angle Deductive Verification Framework for Circuit-building Quantum Programs 35 C ∈ { ID,SWAP } Id-SWAP-sizewidth ( C ) = C ∈ { H , Ph ( n ) , R z ( n )} gate-sizesize ( C ) = Γ ⊢ size ( C ) = n Γ ⊢ size ( C ) = n Γ ⊢ width ( C ) = width ( C ) seq-size Γ ⊢ size (( SEQ ( C , C ))) = n + n Γ ⊢ size ( C ) = n Γ ⊢ size ( C ) = n par-size Γ ⊢ size (( PAR ( C , C ))) = n + n Γ ⊢ ≤ k , k + width ( C ) < n , ≤ c < qsize ( GC ) , k ≤ c → i + width ( G ) < c Γ ⊢ size ( C ) = n ctl-size Γ ⊢ size ( CTL ( C , c , k , n )) ≤ ctl-size-const ∗ n Γ ⊢ ( C ▷ H ) Γ ⊢ hops_ancilla ( H , H , k ) anc-size Γ ⊢ size ( ANC ( C , k ) = size ( C ) Fig. 18. Deduction rules for Qbricks: size (number of gates) over hop . They ensure Γ , x : bitvector , h : hops ⊢ bv_length ((cid:174) x ) = hops_width ( h )∧ bv_length ((cid:174) y ) = ∧ hops_range ( h = ) flat_h_angle ( h , (cid:174) x ) { result = hops_angle ( h )((cid:174) x , (cid:174) y )} , bv_length ((cid:174) x ) = hops_width ( h ) ∧ bv_length ((cid:174) y ) = ∧ hops_range ( h = ) flat_h_ket ( h , (cid:174) x ) { result = hops_ket ( h )((cid:174) x , (cid:174) y )} and we have: Γ , x : bitvector , h : hops ⊢ (cid:26) bv_length ((cid:174) x ) = hops_width ( h ) , hops_range ( h ) = (cid:27) hops_apply ( h , | (cid:174) x ⟩) (cid:26) result = flat_h_angle ( h , (cid:174) x )| flat_h_ket ( h , (cid:174) x )⟩ (cid:27) Furthermore, for any given flat circuit C , functions flat_h_angle and flat_h_ket are actuallyindependent of the choice of an hop correct for C . Formally, we have the following theorem : Γ , h , h : hops , C : circ , (cid:174) x : bitvector ⊢ hops_range ( h ) = , hops_range ( h ) = , ( h ▷ C ) , ( h ▷ C ) h (cid:26) flat_h_ket ( result , (cid:174) x ) = flat_h_ket ( h , (cid:174) y ) , flat_h_angle ( result , (cid:174) x ) = flat_h_angle ( h , (cid:174) y ) , (cid:27) Thus, we can directly use functions flat_angle : circ → bitvector → complex and flat_ket : circ → bitvector → ket for flat circuits: Γ , C : circ , (cid:174) x , h : hops : bitvector ⊢ bv_length ((cid:174) x ) = width ( C ) , hops_range ( h ) = , ( h ▷ C ) flat_angle ( C , (cid:174) x ) { result = flat_h_angle ( h , (cid:174) x )} , bv_length ((cid:174) x ) = width ( C ) , hops_range ( h ) = , ( h ▷ C ) flat_ket ( C , (cid:174) x ) { result = flat_h_ket ( h , (cid:174) x )} Hence, for the semantics of flat circuits, one can reason directly with functions flat_angle and flat_ket , along the rules given in Figures 19 (flat gates), 20 (flat combined circuits) and 21(interpreting flat_ket and flat_angle characterizations in terms of hops ). id-flat Γ , (cid:174) x : bitvector ⊢ (cid:8) bv_length ( (cid:174) x ) = (cid:9) ID flat ( result ) , width ( result ) = , flat_ket ( result , (cid:174) x ) = (cid:174) x , flat_angle ( result , (cid:174) x ) = swap-flat Γ , (cid:174) x : bitvector ⊢ (cid:8) bv_length ( (cid:174) x ) = (cid:9) SWAP flat ( result ) , width ( result ) = , flat_ket ( result , (cid:174) x ) = bv_set ( bv_get ( (cid:174) x , ) , , bv_get ( (cid:174) x , ))) , flat_angle ( result , (cid:174) x ) = phase-flat Γ , (cid:174) x : bitvector , n : int ⊢ (cid:26) bv_length ( (cid:174) x ) = ≤ n (cid:27) Ph ( n ) flat ( result ) , width ( result ) = , flat_ket ( result , (cid:174) x ) = (cid:174) x , flat_angle ( result , (cid:174) x ) = e πi n rz-flat Γ , (cid:174) x : bitvector , n : int ⊢ (cid:26) bv_length ( (cid:174) x ) = ≤ n (cid:27) R z ( n ) flat ( result ) , width ( result ) = , flat_ket ( result , (cid:174) x ) = (cid:174) x , flat_angle ( result , (cid:174) x ) = e (− ) −(cid:174) x π i p cnot-flat Γ , (cid:174) x : bitvector ⊢ (cid:8) bv_length ( (cid:174) x ) = (cid:9) CNOT flat ( result ) , width ( result ) = , flat_ket ( result , (cid:174) x ) , = (cid:174) x · (( − (cid:174) x ) (cid:174) x + (cid:174) x ( − (cid:174) x )) , flat_angle ( result , (cid:174) x ) = Fig. 19. Deduction rules for Qbricks: Flat gates
D.2 Diagonal circuits.
A further refinement of the semantics is possible for flat circuits whosefunction flat_ket behaves as the identity. These circuits are called diagonal circuits. Since this
Deductive Verification Framework for Circuit-building Quantum Programs 37 Γ ⊢ flat ( C ) Γ ⊢ flat ( C ) seq-flat Γ , x : bitvector , ⊢ (cid:8) width ( C ) = width ( C ) , bv_length ( x ) = width ( C ) (cid:9) SEQ ( C , C ) flat ( result ) ∧ width ( result ) = width ( C )∧ flat_angle ( result , (cid:174) x ) = flat_angle ( C , (cid:174) x ) + flat_angle ( C , flat_ket ( C , x ))∧ flat_ket ( result , (cid:174) x ) = flat_ket ( C , flat_ket ( C , x )) Γ ⊢ flat ( C ) Γ ⊢ flat ( C ) par-flat Γ , x : bitvector ⊢ { bv_length ( x ) = width ( C ) + width ( C )} PAR ( C , C ) flat ( result ) ∧ width ( result ) = width ( C ) + width ( C )∧ flat_angle ( result , (cid:174) x ) = flat_angle ( C , (cid:174) x width ( C ) ↾ ) ∗ flat_angle ( C , (cid:174) x ↿ width ( C ) )∧ flat_ket ( result , (cid:174) x ) = concat ( flat_ket ( C , (cid:174) x width ( C ) ↾ )( flat_ket ( C , (cid:174) x ↿ width ( C ) ) Γ ⊢ flat ( C ) ctl-flat Γ , x : bitvector ⊢ (cid:8) bv_length ( x ) = width ( C ) + (cid:9) CTL ( C ) flat ( result ) ∧ width ( result ) = width ( C ) + ∧ flat_angle ( result , (cid:174) x ) = (cid:174) x ∗ flat_angle ( C , (cid:174) x ↿ ) + ( − x ) ∧ flat_ket ( result , (cid:174) x ) = if (cid:174) x = then concat ( bv_cst ( , ) , flat_ket ( C , (cid:174) x ↿ )) else (cid:174) x Γ , ( x : bitvector ) ⊢ (cid:8) bv_length ( x ) = width ( C ) , (cid:174) x i = (cid:9) C (cid:26) flat ( result ) ∧ flat_ket ( result , (cid:174) x ) i = (cid:27) anc-flat Γ , ( (cid:174) x : bitvector ) ⊢ (cid:8) bv_length ( x ) = width ( C ) − (cid:9) ANC ( C ) flat ( result ) ∧ width ( result ) = n − ∧ flat_angle ( result , (cid:174) x ) = flat_angle ( C , ( concat ( (cid:174) x , bv_cst ( , )))) concat ( flat_ket ( result , (cid:174) x ))( bv_cst ( , )) = (cid:0) flat_ket ( C , concat ( (cid:174) x , bv_cst ( , ))) (cid:1) ) Fig. 20. Deduction rules for Qbricks: Flat circuits Γ ⊢ ( C ▷ h ) Γ ⊢ {⊤} h { hops_range ( result ) = } flat-by-hops Γ ⊢ (cid:8) bv_length ( x ) = width ( C ) (cid:9) C flat ( result ) flat_angle ( result , (cid:174) x ) = hops_angle ( h )( (cid:174) x , (cid:174)· ) flat_ket ( result , (cid:174) x ) = hops_ket ( h )( (cid:174) x , (cid:174)· ) Γ ⊢ flat ( C ) Γ ⊢ (cid:8) bv_length ( (cid:174) x ) = width ( C ) (cid:9) h hops_range ( result ) = , hops_width ( result ) = width ( C ) hops_angle ( result )( (cid:174) x , (cid:174)· ) = flat_angle ( C , (cid:174) x ) hops_ket ( result )( (cid:174) x , (cid:174)· ) = flat_ket ( C , (cid:174) x ) flat-to-hops Γ ⊢ ( C ▷ h ) Fig. 21. Deduction rules for Qbricks: hop property is again preserved through sequence , parallel , control and ancilla composition, wecan reason about the semantics of diagonal circuits without care for function flat_ket . E IMPLEMENTATION: MORE DETAILS
We provide here more details about the implementation, complementing Section 8.
E.1 Framework overview.
The overall Qbricks verification chain is depicted in Figure 22.
Implementation.
The first step concerns the design of an algorithm A with parameters −→ p thanksto Qbricks-DSL and Qbricks-Spec. Qbricks is embedded in the Why3 programming language(called WhyML). We provide for it a set of mathematical libraries, enabling reasoning about Qbricks-Spec formulas (see Section E.2 below for further details about these). Note that specifications areinserted within the implementation, as decorations for functions. The specification material mayalso contain, still within the implementation, intermediary lemmas and ghost material (either ghostdefinition for functions objects that are used exclusively for the specifications, or ghost elementsinserted as parameters for non-ghost functions). Code extraction, PO generation.
Next, we can perform two different Why3 compilation opera-tions: • Code extraction, which basically consists in deleting all the ghost material from the imple-mentation. It results in a simple Ocaml implementation of A with parameters −→ p . • Compilation of the specification code, generating: – first order logic proof obligations (POs). – first order logic axioms, formalizing definitions from the algorithm implementation. Theycontribute to the logical context to evaluate PO satisfaction, together with, for any function f , specifications for functions above f or from imported files. Solving.
Then Qbricks takes advantage of various means to prove the generated POs modulo ourequational theories. A dedicated interface enables to directly access them and either send them toa set of automatic SMT-solvers (CVC4, Alt-Ergo, Z3, etc.), or enter a number of interactive prooftransformation commands (calls for lemmas or hypotheses, term substitutions, etc.) or even toproof assistants (Coq, Isabelle/HOL) – we do not use this option in our case-studies.Statistics about Qbricks implementation are given in Table 23. The development itself counts17,000+ lines of code, including 400+ definitions and 1700+ lemmas – all proved within Why3 but 32axioms in the mathematical libraries (see next section). Notice the volume of (verified) mathematicallibraries in the overall development (14,695 loc for a total of 17,313 loc). These libraries are describedin the next section.
E.2 Mathematical libraries.
When we began developing Qbricks, there was no native auto-mated support for data-types commonly manipulated in quantum, such as complex numbers, angles,matrices, kets, vectors, etc. Hence, aside the implementation of Qbricks-DSL and Qbricks-Spec,Qbricks development also required the development of a WhyML library for these data-types inthe quantum context .The goal, for this specific part, was to provide the mathematical structures at stake in quantumcomputing, together with a formally verified collection of mathematical results concerning them.Then these developments are led as mathematical theories, elaborating proofs from a restrictednumber of axiomatic definitions.As shown Table 23, this library contains 14,000+ lines of code: 300+ definitions, 1600+ lemmasand 32 axioms. Most of the axioms are actually axiomatic definitions giving structure for data typescomplex and angle. These are listed in Table 24:
Deductive Verification Framework for Circuit-building Quantum Programs 39 designimplementationWhy3-compilationproof supportcertificationA ( −→ ps )Qbricks − DSL Qbricks − SpecWhyMLimplementation FOLSpecifications MathematicallibrariesQbricks-DSLlibraries Proofobligations (POs)GeneratedOcaml implementation SMT Solvers • Alt-Ergo • CVC3 • CVC4 • Z3 • etc Proof assistants • Coq • Isabelle HOLProofcertificates simplifies
HandwrittenQbricks implementationAutomatically generatedExternal toolUnused feature implementsgeneratesusescertifies
Fig. 22. Implementation of Qbricks within Why3 • Complex numbers are given a field structure. We introduce a casting function r_to_c from theWhy3 standard library type real to complex . It preserves the field structure. Then constant i is introduced and any complex x is uniquely identified as the addition of a real value Re ( x ) and a pure imaginary value i ∗ Im ( x ) . Real numbers ordering are imported for pure realcomplexes (with Im =
0) and π is introduced as a positive constant. At last we axiomaticallydefine integer exponentiation of complexes and the standard complex exponentiation ofconstant e . • Angles are given a group structure. A casting function c_to_a from complex to angles isintroduced. Given value x , it builds the angle of measure 2 iπ ∗ x radians. Conversely, functiona_to_c, given an angle θ , computes the complex value corresponding to θ on the unity circle.Mind that angles are uniquely determined by this complex value. At last, we introduce asingle division over 2 operation for angles.Qbricks-Spec libraries use two additional axioms : the matrix data type is a record type withtwo positive integer arguments (for the number of rows and the number of columns of the matrix)and a value function of type ( int × int ) → complex . An axiom identifies matrices if they sharethe same number of rows r and columns c , and their value coincide for positive integers boundedby r and c . . Kets are introduced as matrices respecting certain conditions (to have 2 n rows, for a Lines of code Lemmas Modules Definitions
Mathematics libraries
Qbricks core
Semantics reasoning
744 55 3 35
Generic functions
517 12 5 34Total 17313 1731 78 410
Table 23. Metrics about Qbricks implementation
Complex numbersField:
Type c (− , + , ∗ , , ) , is a field ∗ r_to_c. : r → c r_to_c ( . ) = ∀ x , y : r . r_to_c ( x ∗ y ) = x ∗ y r_to_c ( . ) = ∀ x , y : r . r_to_c ( x + y ) = x + y ∀ x : r . r_to_c (− x ) = − r_to_c ( x ) ∀ x , y : r . y (cid:44) . → r_to_c ( x / y ) = x / yi : t i ∗ i = − Re , Im : c → c ∀ x , y : c . Re ( x + y ) = Re ( x ) + Re ( y ) ∀ x , y : c . Im ( x + y ) = Im ( x ) + Im ( y ) ∀ x : c . x = Re ( x ) + i ∗ Im ( x ) ∀ x : c . ∀ y , z : c . x = y + i ∗ z → y = Re ( x ) ∧ z = Im ( x ) π : t < π [] [] : c × int → c ∀ x : c . x = ∀ x : c . ∀ i , j : int . x ( i + j ) = x i ∗ x j ∀ x : c . x = x ∀ x : c . x (cid:44) → x = e [] : c → c ∀ x : c . e x (cid:44) e = e iπ / = √ ( + i ) e = e ∀ x , y : c . e ( x + y ) = e x ∗ e y Angles
Type a ( + a , − a , a ) , is a group ∗ c_to_a : c → a ∀ x , y : c . Im ( x ) = → Im ( y ) = → c_to_a ( x + y ) = c_to_a ( x ) + a c_to_a ( y ) ∀ x : c _ r . Im ( x ) = → c_to_a (− x ) = − a c_to_a ( x ) a_to_c : a → c a_to_c ( a ) = ∀ θ , θ ′ : a . θ = θ ′ ↔ a_to_c ( θ ) = a_to_c ( θ ′ ) ∀ x : c . Im ( x ) = → a_to_c ( c_to_a ( x )) = e iπ ∗ x []/ a a → a ∀ θ : a . θ / a + a θ / a = θ (∗) : theory cloned from the algebra Why3 standard library
Table 24. Axiomatic definitions introduced in Qbricks-Spec libraries given positive integer n , and 1 column). Similarly, the bitvector opaque data-type is introducedwith parameter a positive integer length and value from int to { , } . And we identify, by use of alast axiom, bit vectors that share the same length and whose value coincide up to this bound. Deductive Verification Framework for Circuit-building Quantum Programs 41
F EXPERIMENTAL EVALUATION: MORE DETAILS
This section complements Section 9, with both more detailed commented descriptions of case-studies (Section F.1) and additional statistics (Section F.2).
F.1 Case studies: description and comments.
This section complements Section 9.1. Weintroduce and comment the specifications for our implementations of QPE, Shor-OF, Deutsch-Joszaand Grover search algorithms.
Quantum Phase Estimation.
All the eigenvalues of a unitary operator U are equal to e πi Φ fora given real Φ such that 0 ≤ Φ <
1. Phase estimation (QPE) [17, 45] is a procedure that, given aunitary operator U and an eigenvector | v ⟩ of U , finds the eigenvalue e πi Φ v associated with | v ⟩ .It is a central piece in many emblematic algorithms, such as quantum simulation [30] or HHLalgorithm [36] – resolution of linear systems of equations in time PolyLog. | ⟩ . . . H s s s s . . .. . . | ⟩ . . . H . . .. . .. . .. . .. . . U U U n − QFT − ( n )• • •| v ⟩| ⟩ . . . H . . .. . .. . .. . .. . . U U U n − QFT − ( n )• • •| v ⟩ Fig. 25. The circuit for QPE
An overall view on the circuit for QPE is given on Figure 25 and the successive intermediaryregister states are given in Table 26. It uses two registers, one of size n and initialized to | ⟩ n andone of size s and initially in state | v ⟩ s : First, we superpose the first register of the entry state, byapplying an Hadamard gate H to each of its qubits. It results in state s . s = | ⟩ n ⊗ | v ⟩ s s = (cid:16) √ n (cid:205) n − k = | k ⟩ n (cid:17) ⊗ | v ⟩ s s = (cid:18) √ n (cid:205) n − j = e πi ∗←→ j ϕv n | j ⟩ n (cid:19) ⊗ | v ⟩ s s = (cid:18) n (cid:205) n − j = (cid:205) n − l = e πi ∗←→ j ( l − φv ) n | i ⟩ n (cid:19) ⊗ | v ⟩ Fig. 26. Successive states of the register along QPE circuit
Then we perform, on the second register, a sequence of U circuits elevated to the successivepowers of 2 and controlled by qubits from the first register. It results in state s . At last, we applythe reversed quantum Fourier transformation, QFT − ( n ) , to the first register and get state s .The specifications for this algorithm are given in Figure 27. It inputs an oracle HOPS f togetherwith a circuit C implementing it, an eigenvector | v ⟩ of f together with the associated ghosteigenvalue e πi ∗ θ and two register length parameters k and n . The first postcondition then certifiesthat, in the general case, the probability to find an x such that x − θ < n + after applying circuit QPE ( C , k , n ) on entry | ⟩ k | v ⟩ and measuring qubits 0 to n is at least π . The second postconditionconcerns the particular case when θ is a multiple of n . Then this probability rises to 1. Shor-OF. [66]’s Order Finding is the central procedure in Shor’s integer prime factor decompositionalgorithm. It consists in a particular instantiation of QPE. This algorithm is certainly the most Γ , ( f : hops ) , ( C : circ ) , (| v ⟩ : ket ) , ( k , n : int ) , ( ghost θ : real ) , ( j : ghost int ) ⊢ (cid:0) ( C ▷ f ) ∧ width ( C ) = n ∧ < k ∧ Eigen ( f , | v ⟩ , e πi ∗ θ ) (cid:1) QPE ( C , k , n ) (cid:18) proba_partial_measure_p ( result , k | v ⟩ , error < k + ) ≥ π ∧ θ = j k → proba_partial_measure ( result , | v ⟩ , | j ⟩ k ) = (cid:19) Fig. 27. Specification for our implementation of Quantum Phase estimation famous of all quantum computing existing algorithm, raising worldwide interest for the domain.Given a non prime integer N , it outputs a factor of it in time PolyLog ( N ) . Its most spectacularapplication is that it enables to break the RSA encryption protocol in polynomial time.As a result from Bézout’s identity, for any integer a < N co-prime with N , if r is the modularorder of a in N (that is the least integer such that mod a r N =
1) and if r is even (which happenswith probability O( ) ), then either gcd ( a r / − ) or gcd ( a r / + ) divides N . Furthermore, if U is anunitary implementing the multiplication modulo N then for any k ≤ r , e − iπ ∗ skr is an eigenvalue of U . The quantum part of Shor-OF algorithm then consists in: • implementing, for each j < k , the circuit U j , • applying quantum phase estimation, with oracle these U j , on input ket | ⟩ n (which is theuniform superposition of U eigenstates).Note the importance of the implementation of U j circuits. In particular, a naive implementationof them as iterative sequences of 2 j instances of U would introduce an exponential complexityfactor and loose any advantage of using a quantum computer. Hence, the functional correction ofan implementation is not enough. In the case of Shor-OF for example, a relevant implementationmust also certify the PolyLog complexity requirement.We implemented the version of the oracle U j described in the reference implementation [6]. Theoverall specification for our implementation is given in Figure 25. Γ ( a , b , n : int ) , ( j : ghost int ) ⊢ (cid:0) co_prime ( a , b ) ∧ ≤ b < n ∧ ≤ j < b ∧ mod a j b = (cid:1) Shor-circ ( a , b , n ) (cid:169)(cid:173)(cid:173)(cid:171) proba_partial_measure_p (cid:0) | ⟩ n , error ≤ n + (cid:1) ≥ π ∧ size ( result ) = Shor-poly ( n ) ∧ ancillas ( result ) = n + ∧ width ( result ) = ∗ n (cid:170)(cid:174)(cid:174)(cid:172) Fig. 28. Specification for our implementation of Shor-OF algorithm (1) As for QPE, the probability that the measurement will give an output close to an eigenvalueis more than π . In this case, recovering the actual value e − iπ ∗ skr requires another classicalmanipulation, the continuous fraction expansion ,(2) the second postcondition concerns the size of the circuit, proved by use of rules from Fig-ure 18. Note that the specification is not given as a complexity class (such as O( n ) ), butgives the actual polynomial Shor-poly ( n ) . It is equal to ( n + ) ( ctl-size-const + ctl-size-const ) + ( n + ) ( ctl-size-const + ) + n + ctl-size-const +
3. Fur-thermore, the implementation of oracles in [6] uses several instances of the QFT. For them, it
Deductive Verification Framework for Circuit-building Quantum Programs 43 leaves open the possibility to use approximations for QFT with k max gates. Hence the authorprovides a size bound that is in O( n ) and linear in k max . In our implementation we used thestandard exact implementation of QFT, with number of gates bounded by ( n ) .(3) The third and fourth postcondition specify the width of the circuit and the number ofadditional ancilla qubits it requires. For the final application of QFT − (that appearing inFigure 25), [6] uses a semi-classical version of QFT − , which makes use of a single qubitinstead of 2 ∗ n . Since Qbricks does not contain classical data operations, here also weimplemented the standard version of QFT − , so that the whole circuit has width 3 ∗ n anduses an additional n + Deutsch-Josza algorithm.
Deutsch-Josza algorithm is a toy algorithm, mainly used in introductorycourses as an illustration of quantum state superposition. Given a positive integer n , given a function f from int to bool that is guaranteed to be either constant or balanced on (cid:74) , n (cid:74) and given acircuit C implementing f , Deutsch-Josza algorithm decides, in time linear in n , whether f isconstant or balanced on (cid:74) , n (cid:74) . Its complete specifications is given as: Γ , ( C : circ ) , ( f : int → bool ) , ( n : int ) ⊢ (cid:18) implements ( C , f ) ∧ < n ∧(¬ constant ( f , n ) → balanced ( f , n )) (cid:19) Deutsch-Jozsa ( C , n ) (cid:169)(cid:173)(cid:173)(cid:173)(cid:173)(cid:173)(cid:173)(cid:173)(cid:171) constant ( f , n ) → proba_partial_measure ( result , concat ( bv_cst ( n , ))( bv_cst ( , ))) = ∧ balanced ( f , n ) → proba_partial_measure ( result , concat ( bv_cst ( n , ))( bv_cst ( , )) , bv_cst ( n , )) = ∧ size ( result ) = ∗ n + size ( C ) + ∧ width ( result ) = n + ∧ ancillas ( result = ancillas ( C )) (cid:170)(cid:174)(cid:174)(cid:174)(cid:174)(cid:174)(cid:174)(cid:174)(cid:172) Hence, the two first postconditions ensures that the partial measurement outputs | ⟩ exactly whenthe function f is constant, the third postcondition gives a size bound for the circuit (that is linearin both n and the size of the oracle implementation), and last line states that the width of the circuitis n + C . Grover algorithm.
Grover algorithm enables to search distinguished elements in a non-structureddata base. It notably provides a quadratic acceleration in the resolution of NP-hard problems.Given positive integers n and k such that k ∈ (cid:74) , n (cid:74) , given a function f from int to bool thatis guaranteed to be satisfied by exactly k elements in (cid:74) , n (cid:74) and given a circuit C implementing f and a positive index i , the algorithm consists in an iterative sequence of i times a sequencecombination of a specific operator (called Grover diffusion operator ) and oracle U . It is such that theprobability to obtain, after measurement, a result satisfying f , is equal to sin (cid:16) arcsin (cid:16) k n (cid:17) (cid:219)( + i ) (cid:17) .This specification is formalized below together with the size of the circuit (that is linear in both n and the number of iterations i ) and the width of the circuit (equal to n ). which formally means that for any bit vectors x of length n and y of length 1, circuit_io ( C , | x ⟩ ⊗ | y ⟩ = | x ⟩ ⊗ | y ⊕ f ( bv_to_int ( x ))⟩ Γ , ( C : circ ) , ( f : int → bool ) , ( n , i , k : int ) ⊢ (cid:18) implements ( C , f ) ∧ < n ∧ ≤ k < n − ∧ ≤ i ∧ Card ({ j | ≤ j < n ∧ f ( j ) = true }) = k (cid:19) Grover ( C , k , n ) (cid:169)(cid:173)(cid:173)(cid:171) proba_partial_measure f ( result , bv_cst ( n , ) , f ) = sin (cid:16) arcsin (cid:16) k n (cid:17) (cid:219)( + i ) (cid:17) ∧ size ( result ) = i ∗ ( size ( C ) ∗ O( n ))∧ width ( result ) = n ∧ ancillas ( result ) = (cid:170)(cid:174)(cid:174)(cid:172) In this specification, we used expression proba_partial_measure f ( result , bv_cst ( n , ) , f ) as a syntactic sugar for (cid:213) j ∈ (cid:74) , n (cid:74) f ( j ) = tt proba_partial_measure ( result , bv_cst ( n , ) , int_to_bv ( n , i )) F.2 Case studies: metrics.
This section complements Section 9.2.
Details on interactive proof commands.
Table 29 reports a classification of the interactive (proof)commands used in our case-studies to discharge the remaining PO. Interactive commands dividemainly into: • calls for deduction rules (Rules), • calls for hypotheses from the context (Hyp.), • β − reductions, • splitting commands (splitting conjunction in either goal or context and elimination of casedistinctions), • and substitutions (Subst).Column Misc. contains introduction of constant values for existential quantification, case distinc-tions and intermediate assertions. β -red. Total
DJ 17 9 10 2 1 0 Grover 91 26 23 12 15 0
QFT 15 14 5 3 0 0 QPE 66 36 17 15 19 2
Shor-OF 93 62 25 57 19 8
Shor-OF (full) 174 112 47 75 38 10
Total 282 147 80 89 54 10
Table 29. Verification for case studies: repartition of interactive commands
As a complement to these figures, it should be mentioned that the specifications for thesealgorithms all contain some pure mathematical proofs which are not directly linked to circuitcomposition. For example, 198 out of the 321 lines of decorated code declared for QPE in Table 15concerns rewriting lemmas for the measurement outcomes. Also, our implementation for Groverfollows the standard algorithm explanation. Doing so, it introduces, in addition to circuit buildingand hops specifications, vectorial space embedding and geometry material which, again, actuallyrepresents the major part of the proof effort.
Deductive Verification Framework for Circuit-building Quantum Programs 45
Prior work.
Table 30 gives a summary of anterior efforts for the verification of quantum programs.
Circuit building Parameters Restrictions Size AutomationQbricks DJ U , n None 53LoC + 39Cmd PartialGrover U , k , n None 416 LoC+ 167 Cmd PartialQFT n None 65 LoC + 37 Cmd PartialQPE U , n , | v ⟩ None 319 LoC + 155 Cmd PartialShor-OF n , a , b None 809 LoC + 264 Cmd PartialPath-sums QFT Not parameterized Only instances Unknown FullOthersQwire DJ U , n None 74 LoC + 222Cmd †
59 LoC + 112Cmd † NoneOthersQHL Grover None U , k , n ∃ j . k = j + LoC ‡ PartialOthers U : circuit oracle – n : width of the input register | v ⟩ eigen vector of U – a , b , k : further integer parameters Table 30. Comparison with quantum formal verification from the literature † : The authors provide two proofs: the textbook-style proof and a new clever proof. The proof in Qbricks corresponds totextbook style. ‡‡