A Quantum Interpretation of Bunched Logic for Quantum Separation Logic
Li Zhou, Gilles Barthe, Justin Hsu, Mingsheng Ying, Nengkun Yu
AA Quantum Interpretation of Bunched Logic for Quantum Separation Logic
Li Zhou
Max Planck Institute for Security and Privacy
Gilles Barthe
Max Planck Institute for Security and Privacy;IMDEA Software Institute
Justin Hsu
University of Wisconsin–Madison
Mingsheng Ying
University of Technology Sydney;Institute of Software, Chinese Academy of Sciences;Tsinghua University
Nengkun Yu
University of Technology Sydney
Abstract —We propose a model of the substructural logic ofBunched Implications (BI) that is suitable for reasoning aboutquantum states. In our model, the separating conjunction ofBI describes separable quantum states. We develop a programlogic where pre- and post-conditions are BI formulas describingquantum states—the program logic can be seen as a counter-part of separation logic for imperative quantum programs. Weexercise the logic for proving the security of quantum one-timepad and secret sharing, and we show how the program logiccan be used to discover a flaw in Google Cirq’s tutorial on theVariational Quantum Algorithm (VQA).
1. Introduction
The logic of Bunched Implications (BI) of O’Hearnand Pym [1], [2], [3] is a substructural logic that fea-tures resource-aware connectives. One such connective is ∗ ,known as separating conjunction: informally, an assertion φ ∗ ψ holds with respect to a resource R if the resource R can be split into resources R (cid:48) and R (cid:48)(cid:48) such that φ holds with respect to R (cid:48) and ψ holds with respect to R (cid:48)(cid:48) .This interpretation is particularly well suited for reasoningabout programs in settings where computations can haveinterfering effects. In particular, BI has found success as anassertion language for Separation Logic [4], [5], [6], a pro-gram logic for reasoning about programs with mutable state,and Concurrent Separation Logic [7], [8], a program logicfor reasoning about shared-memory concurrent processes.Recent works seek to extend the separation logic frame-work beyond memory-manipulating programs by consider-ing other notions of resources and other models of com-putation. Broadly speaking, separation logics are a good fitwhenever programs manipulate resources in a local fashion:that is, there is a natural notion of two resources being separate , and a program can operate on the first resourcewithout affecting the second. This idea underlies recent sep-aration logics for probabilistic programs, where separationis probabilistic independence [9]. Quantum computation is another domain where the ideasof separation logic seem relevant. Recent work [10], [11]suggests that reasoning about resources (in particular, entan-glement – a resource unique in the quantum world) can bringsimilar benefits to quantum computing and communications.Motivated by this broad perspective, we propose a quan-tum model of BI and develop a novel separation logic forquantum programs. Our development is guided by concreteexamples of quantum algorithms and security protocols. Motivating Local Reasoning for Quantum Programs :Quantum Machine Learning [12], [13] and VQAs (Vari-ational Quantum Algorithms) [14], [15] are new classesof quantum algorithms that emerged in recent years asa leading application of quantum computing. These algo-rithms solve problems by training parameterized quantumcircuits. The trained circuits are usually very large in termsof both their size and the required quantum resources,i.e., the number of involved quantum bits (qubits). Thismakes them particularly challenging to verify with exist-ing techniques such as quantum Hoare logic [16], [17]and verification based on operational semantics [18], sincethe dimension of the matrices used to represent assertionsincreases exponentially w.r.t. the number of qubits. Fortu-nately, these algorithms can benefit from local reasoning,since each of their operations is performed locally on asmall number of qubits. Consider for instance the quantumcircuit shown in Figure 1, that implements a VQA circuitwith × grid qubits. Instead of reasoning about thecircuit as a whole, we would like to reason about sub-circuits ProcC(1) , ProcC(2) , Proc(R)(1) , ProcR(2) sepa-rately, and then combine the results to establish the correct-ness of the whole program. This is precisely the kind ofreasoning enabled by Quantum Separation Logic (QSL forshort).
Technical Challenges and Contributions : QSL will bedeveloped by first developing a model of BI, where formulasdescribe quantum states and then building a separation logic1 a r X i v : . [ c s . L O ] J a n igure 1: VQA(2) with parameters taken in Sec. 5.3.using these assertions as pre- and post-conditions, introduc-ing proof rules to reason about quantum programs. BI and Its Quantum Interpretation : To characterize theproperties of quantum systems, we first identify a quantuminterpretation of BI appropriate for our target applications.We choose to interpret our separating conjunction ∗ asseparability of quantum states. Roughly speaking, φ ∗ φ holds in a quantum state ρ if ρ can be factored into twoquantum states ρ and ρ over disjoint registers satisfying φ and φ , respectively. Proof System for Program Logic : next, we definea program logic for a quantum while -language [16] (forsimplicity, we do not consider classical variables). Ourlanguage follows the “classical control and quantum data”paradigm. We develop a set of proof rules that are effectivefor verifying quantum programs over a large set of qubits.Our proof system has several novel ingredients:1)
Modification on BI formulas. The basic rule for assign-ments in classical program logics is defined using thesyntactic notion of substitution. Due to the non-cloninglaw of quantum information, the role of assignmentshas to be played by initialization q := | (cid:105) and unitarytransformations q := U [ q ] , and inference rules forthese operations involve a quantum operation (e.g.,[16], [17]). Unfortunately, the rules for initializationand unitary transformations are not simple adaptationsof the rule for assignment, because a quantum gen-eralization of substitution is not straightforward. Foratomic predicates, substitutions are not always defined.For composite formulas, a straightforward definition ofsubstitution is too weak for applications. We overcomethis hurdle by introducing a modification operation foratomic formulas (see Definition 3.4), which is essen-tially a quantum version of substitution. Extending thisoperation to composite formulas requires some care(see Definition 3.5).2) Frame rule : The frame rule is one of the most char-acteristic structural rules in separation logic. QSL alsoenjoys a frame rule F
RAME that is similar in spiritto frame rules from standard separation logics, butour new interpretation of separating conjunction meansthat the meaning of the rule is different. Furthermore,the frame rule can be generalized slightly: even ifthe standard side condition for frame rules does nothold, the frame rule still applies if the post-conditionis a supported assertion—a concept first proposed by Reynolds [19] in the context of standard separationlogic. This extra bit of freedom seems to be particularto the quantum setting, and we crucially use this featurewhen using the frame rule to establish uniformity. Thesoundness proof of our quantum frame rule requiresa nontrivial calculation based on purification , a fun-damental technique used in quantum information fortransforming mixed states to pure states by introducingreference systems [20].3) Reasoning about entangled predicates : The structuralrules F
RAME and C
ONST enable us to lift local rea-soning to global correctness of quantum algorithms only when no entanglement occur in the pre- andpost-conditions. However, entangled predicates play anessential role in revealing the non-local (global) proper-ties of a composite quantum system; for instance, someentangled predicates are used when reasoning about the(in)correctness of VQA (see Sec. 5.3). With the helpof auxiliary variables, we set up a new rule U N CRwhich enables us to prove the correctness of largequantum algorithms with respect to entangled pre- andpost-conditions. Intuitively, when the program (as theprincipal system) combined with auxiliary variables (asancillary systems), modification can be used to create(mathematically rather than physically) entanglementand rule U N CR is used to preserve correctness underthe modification on the auxiliary variables in the pre-and post-conditions (but not in the program). The keyidea behind was first proposed in [21] for reasoningabout parallel quantum programs; U N CR is its gener-alization tailored for our purpose.
Applications : To demonstrate the breadth of the applica-tion range of our logic QSL, we present several case studiesfrom two very different areas: • Our first example given in Section 5 is formal verifi-cation of Variational Quantum Algorithm (VQA) [14],[15] for finding the ground state of a quantum system,which has potential applications in quantum chemistryfor designing new materials and drugs. A typical VQAcan be split into different subprograms that are suitedto locally reasoning. Then the frame rules togetherwith U N CR are used to derive global correctness withentangled pre- and post-conditions.
In particular, ananalysis based on QSL reveals that the VQA presentedin the tutorial of Google’s Cirq [22] is incorrect . • In Section 6, we use QSL to verify the security ofquantum one-time pad (QOTP) [23], [24] and quantumsecret sharing (QSS) [25], [26]. Unlike previous work,the QSL verification of QOTP and QSS is scalable : in-creasing the number of registers that algorithms employdoes not complicate the verification. In particular, ruleF
RAME with the supported assertion (SP) enables us toavoid the very complicated mathematical calculationsused in earlier verifications of QOTP [27].
1. Here, entangled predicates refer to the projections that cannot befactored as a product of projections of its local constituents. . Preliminaries For the convenience of the reader, we briefly reviewbasic notions of quantum information and programming aswell as the logic of bunched implication.
The state space of a quantum system is a Hilbertspace H , which is essentially a vector space in the finite-dimensional case. A pure state of the system is a unit columnvector | ψ (cid:105) ∈ H . For example, the state space of a quantumbit (aka qubit) is a two-dimensional Hilbert space with basisstates | (cid:105) = (cid:20) (cid:21) and | (cid:105) = (cid:20) (cid:21) , and any pure state ofa qubit can be described in the form α | (cid:105) + β | (cid:105) = (cid:20) αβ (cid:21) satisfying normalization condition | α | + | β | = 1 . Whenthe state is not completely known but could be in one ofsome pure states | ψ i (cid:105) with respective probabilities p i , wecall { ( p i , | ψ i (cid:105) ) } an ensemble of pure states or a mixed state ,and the system is fully described by the density operator ρ = (cid:80) i p i | ψ i (cid:105)(cid:104) ψ i | . For example, the completely mixed stateof a qubit can be seen as ensemble { (0 . , | (cid:105) ) , (0 . , | (cid:105) ) } (i.e. the state is either | (cid:105) or | (cid:105) with the same probability0.5) or density matrix ( | (cid:105)(cid:104) | + | (cid:105)(cid:104) | ) = (cid:20) . . (cid:21) . The evolution of a quantum system is modelled by a unitary operator U ; i.e. a complex matrix with U U † = U † U being the identity operator, where † is conjugate transpose.In quantum computing, operators are often called quantumgates . For example, the Hadamard gate H = √ (cid:20) − (cid:21) maps | (cid:105) , | (cid:105) to their superpositions |±(cid:105) = √ ( | (cid:105) ± | (cid:105) ) .Unlike a classical system which can be observed directlywithout changing its state, we need to perform a quan-tum measurement to extract information from a quantumstate which inevitably leads to state collapse. Formally, a projective quantum measurement consists of a set of pro-jections , i.e., self-adjoint and idempotent linear operators, M , M , . . . , M n . When such a measurement is applied toa quantum state ρ , we obtain one of the classical outcome i ∈ { , , . . . , n } with probability p i = tr( M i ρ ) , and thepost-measurement state of the system is then M i ρM i p i .We use variables p, q, r, ... to denote quantum systems.Operations in quantum computing are often performed on acomposite system consisting of multiple qubits. To indicatewhich system a state describes or an operation acts on, weuse subscripts; for example, H p is the state space of system p , | (cid:105) p is the pure state | (cid:105) of the system p and | (cid:105) q (cid:104) | isthe density matrix of the system q . The composite systemis described by the tensor product of its subsystems; forexample, a composite system pq has the state space H p ⊗H q ,and | (cid:105) p ⊗| (cid:105) q (or, | (cid:105) p | (cid:105) q for short) is a pure state in which
2. That is, P : H → H is a projection over H iff P = P † = P . subsystem p is in state | (cid:105) and subsystem q is in state | (cid:105) .Due to the superposition principle, there exist states like | Φ (cid:105) pq = 1 √ | (cid:105) p | (cid:105) q + | (cid:105) p | (cid:105) q ) that cannot be written in the simple tensor form | φ (cid:105) p | ψ (cid:105) q ,which are called entangled states . These states play a crucialrole in applications of quantum computation and quantumcommunication.The state of a composite system fully determines thestate of each subsystem. Formally, given composite system pq in state ρ , subsystem q is then in state tr p ( ρ ) , where thepartial trace tr p ( · ) over p is a mapping from operators on H p ⊗ H q to operators on H q defined by: tr p ( | φ p (cid:105) p (cid:104) ψ p | ⊗ | φ q (cid:105) q (cid:104) ψ q | ) = (cid:104) ψ p | φ p (cid:105) · · · | φ q (cid:105) q (cid:104) ψ q | for all | φ p (cid:105) , | ψ p (cid:105) ∈ H p and | φ q (cid:105) , | ψ q (cid:105) ∈ H q together withlinearity. The state tr q ( ρ ) of subsystem q can be definedsymmetrically. We often use the notations ρ | p (cid:44) tr p ( ρ ) and ρ | q (cid:44) tr q ( ρ ) in order to explicitly indicate that ρ | p and ρ | q are states of p, q , respectively. Summary of Notations.
Let V be the set of all quantumvariables. A quantum register is a list of distinct variables q = q , . . . , q n . Each quantum variable q has a type H q ,which is the state Hilbert space of quantum system denotedby q . For a set of quantum variables S = { q , . . . , q n } ⊆ V (or a quantum register q = q , . . . , q n ), we fix followingnotations: • H S = (cid:78) ni =1 H q i : the Hilbert space of S . • dim( S ) : the dimension of H S . • D ( S ) : the set of all (mixed) quantum states (i.e. densitymatrices) of S . In particular, for any ρ ∈ D ( S ) ,its domain is defined as dom ( ρ ) (cid:44) S ; we write D (cid:44) (cid:83) S ⊆ V D ( S ) for the set of all states. • P ( S ) : the set of projections on H S . In particular, forany P ∈ P ( S ) , its domain is defined as free ( P ) (cid:44) S . Since there is a one-to-one correspondence betweenprojections and closed subspaces, we sometimes calledclosed subspaces of H S projections. We write P (cid:44) (cid:83) S ⊆ V P ( S ) for the set of all projections. • ρ | S (cid:44) tr dom ( ρ ) \ S ( ρ ) : the restriction of state ρ on S ,defined as a reduced density operator over S ∩ dom ( ρ ) . For simplicity of presentation, we consider a purelyquantum extension of while -language, namely the quantum while -language [16]—that is, we do not allow classicalvariables.
Definition 2.1 (Syntax [16]) . The quantum while -programsare defined by the grammar: C ::= skip | C ; C | q := | (cid:105) | q := U [ q ] | if ( (cid:3) m · M [ q ] = m → C m ) fi | while M [ q ] = 1 do C od q := | (cid:105) initializes the quantum variable q in a basis state | (cid:105) , and q := U [ q ] applies a unitarytransformation U to a sequence q of quantum variables. Thecase statement if · · · fi performs the projective measurement M = { M m } on q , and then chooses a subprogram C m toexecute according to measurement outcome m . In the loop while · · · od , the projective measurement M = { M , M } in the guard has only two possible outcomes , : if theoutcome is the loop terminates, and if the outcome is it executes the loop body C and enters the loop again.For simplicity of presentation, we will use the followingabbreviation: for i = 1 , · · · , N do C i od (cid:44) C ; · · · ; C N .For each program C , we write var ( C ) for the set ofall quantum variables in C . If V ⊇ var ( C ) is a set ofquantum variables, and ρ ∈ D ( V ) , then (cid:104) C , ρ (cid:105) is calleda configuration (of domain V ). Definition 2.2 (Operational Semantics [16]) . The oper-ational semantics of quantum programs is defined as atransition relation → by the following transition rules: (Sk) (cid:104) skip , ρ (cid:105) → (cid:104) E , ρ (cid:105) (In) (cid:104) q := | (cid:105) , ρ (cid:105) → (cid:104) E , ρ q (cid:105) (UT) (cid:104) q := U [ q ] , ρ (cid:105) → (cid:104) E , U ρU † (cid:105) (SC) (cid:104) C , ρ (cid:105) → (cid:104) C (cid:48) , ρ (cid:48) (cid:105)(cid:104) C ; C , ρ (cid:105) → (cid:104) C (cid:48) ; C , ρ (cid:48) (cid:105) (IF) (cid:104) if ( (cid:3) m · M [ q ] = m → C m ) fi , ρ (cid:105) → (cid:104) C m , M m ρM † m (cid:105) (L0) (cid:104) while M [ q ] = 1 do C od , ρ (cid:105) → (cid:104) E , M ρM † (cid:105) (L1) (cid:104) while M [ q ] = 1 do C od , ρ (cid:105)→ (cid:104) C ; while M [ q ] = 1 do C od , M ρM † (cid:105) E is the empty program. In (In), ρ q = (cid:80) n | (cid:105) q (cid:104) n | ρ | n (cid:105) q (cid:104) | .In (SC), we use the convention E ; C = C . In (IF), m ranges over every possible outcome of measurement M = { M m } . Transitions in rules (IF), (L0) and (L1) are essentiallyprobabilistic; but we adopt a convention from [28] topresent them as non-probabilistic transitions. For example,for each m , the transition in (IF) happens with probability p m = tr( M † m M m ρ ) and the program state ρ is changedto ρ m = M m ρM † m /p m . We can combine probability p m and density operator ρ m into a partial density operator M m ρM † m = p m ρ m . This convention significantly simplifiesthe presentation. Definition 2.3 (Denotational Semantics [16]) . Let V be aset of variables. Then for any quantum program C with var ( C ) ⊆ V , its semantic function of domain V is themapping (cid:74) C (cid:75) V : D ( V ) → D ( V ) defined by (cid:74) C (cid:75) V ( ρ ) = (cid:80) {| ρ (cid:48) : (cid:104) C , ρ (cid:105) → ∗ (cid:104) E , ρ (cid:48) (cid:105)|} for every ρ ∈ D ( V ) , where → ∗ is the reflexive and transitive closure of → , and {| · |} denotes a multi-set. Note that auxiliary variables in V \ var ( C ) are allowedin the above definition of semantic function (cid:74) C (cid:75) V . Thefollowing proposition shows that the denotational semanticsof a program C is independent of these auxiliary variables. Proposition 2.1 (Proposition 3.3.5 in [29]) . For any pro-gram C and any set V ⊇ var ( C ) of variables, the semanticfunction of domain V is a cylindric extension of the se-mantic function of domain var ( C ) : (cid:74) C (cid:75) V = (cid:74) C (cid:75) var ( C ) ⊗I V \ var ( C ) , where I V \ var ( C ) is the identity quantum opera-tion in H V \ var ( C ) . Next, we briefly review the logic of Bunched Impli-cations (BI) [1], [2]. BI is a sub-structural logic with thefollowing syntax: φ, ψ ::= p ∈ AP | (cid:62) | ⊥ | φ ∧ ψ | φ ∨ ψ | φ → ψ | φ ∗ ψ | φ −∗ ψ where p ranges over a set AP of atomic propositions.Besides standard propositional logic, BI contains a substruc-tural fragment – the separating conjunction ∗ and separatingimplication −∗ (“magic wand”). A distinction between ∗ and ∧ is that ∗ is not idempotent, i.e., P ∗ P (cid:54) = P . For example, inthe standard heap model of separation logic, the separatingconjunction P ∗ Q is true of a heap if it can be split intotwo heaplets, one of which makes P true and the other ofwhich makes Q true. The implication −∗ is adjoint to ∗ . Forexample, P −∗ Q holds in some heap if adding a separateheap satisfying P leads to a combined heap satisfying Q .The most general semantics of BI is given in terms ofa kind of Kripke structures, called BI frames. Standard BIframe is based on a pre-ordered commutative monoid: Definition 2.4 (BI frame [1]) . A BI frame is a tuple X =( X, ◦ , (cid:22) , e ) , where X is a set equipped with a preorder (cid:22) ,and ◦ : X × X → X is a partial binary operation with anunit element e and satisfying the following conditions:1) (Unit Existence) for all x , x = x ◦ e = e ◦ x ;2) (Commutativity) x ◦ y = y ◦ x ;3) (Associativity) x ◦ ( y ◦ z ) = ( x ◦ y ) ◦ z ;4) (Compatible with (cid:22) ) x (cid:22) x (cid:48) and y (cid:22) y (cid:48) and both x ◦ x (cid:48) and y ◦ y (cid:48) are defined, then x ◦ x (cid:48) (cid:22) y ◦ y (cid:48) .Above, equalities state that either both sides are defined andequal, or both sides are undefined. Intuitively, if we choose the collections of resources aspossible worlds, then ◦ can be interpreted as a commutativecombination of resources. The identity e is an empty re-source or lack of resource, and combine any resource x andempty resource e yields x itself. Based on the combination,a preorder is defined: if x is a combination of resources y and z , it should be “larger” than y since it contains y .The semantics of formulas depends on the semanticsof atomic propositions. A valuation is a mapping V : AP → ℘ ( X ) , and it is monotonic if x ∈ V ( p ) and y (cid:23) x implies y ∈ V ( p ) . A BI frame X together with a monotonicvaluation V gives a BI model M . Definition 2.5 (Satisfaction in BI models [1]) . Given a BIformula φ and a BI model M = ( X, ◦ , (cid:22) , e, V ) . For each x ∈ X , the relation x | = φ is defined by induction on φ : x | = M p iff x ∈ V ( p ) | = M (cid:62) : always x | = M ⊥ : never x | = M φ ∧ φ iff x | = M φ and x | = M φ x | = M φ ∨ φ iff x | = M φ or x | = M φ x | = M φ → φ iff ∀ x (cid:48) (cid:23) x, x (cid:48) | = M φ implies x (cid:48) | = M φ x | = M φ ∗ φ iff ∃ y, z s.t. y ◦ z is defined and x (cid:23) y ◦ z,y | = M φ and z | = M φ x | = M φ −∗ φ iff ∀ y s.t. x ◦ y is defined ,y | = M φ implies x ◦ y | = M φ . Following [2] (see also [11]), a sound and completeHilbert-style proof system of BI is presented in Supplemen-tary Material B.1.
3. Quantum Interpretation of BI Logic
Now, we are ready to present our quantum model ofBI, using the resource semantics of BI. After defining themodel, we introduce some atomic propositions. To lay thegroundwork for the separation logic, we explore a technicalproperty called restriction —which will be important for theframe rule—and we define a modification operation, ananalog of substitution that we will use for reasoning aboutinitialization and unitary transformations.
The basic idea of our model is to consider quantum statesover specific registers as resources. Then, the separating con-junction is introduced to model independent combinationsof spatially separate quantum resources (quantum states overdisjoint registers). Formally, we define:
Definition 3.1.
The partial binary functions ◦ : D ×D → D on quantum states is defined by: ρ ◦ ρ (cid:44) (cid:40) ρ ⊗ ρ : if dom ( ρ ) ∩ dom ( ρ ) = ∅ undefined : otherwise. Essentially, ◦ takes the tensor product of two quantumstates with disjoint domains. Note that in our setting, thetensor product ⊗ is commutative since every quantum state ρ ∈ D is tagged with its domain. For example, | (cid:105) p (cid:104) | ⊗| (cid:105) q (cid:104) | = | (cid:105) q (cid:104) | ⊗ | (cid:105) p (cid:104) | denote the same state in pq . Forthe partial order over quantum states, we take the following: Definition 3.2.
Let (cid:22) be the partial order over D : ρ (cid:22) ρ (cid:48) iff dom ( ρ ) ⊆ dom ( ρ (cid:48) ) and ρ = ρ (cid:48) | dom ( ρ ) . Intuitively, ρ (cid:22) ρ (cid:48) means that ρ describes a subsys-tem of ρ (cid:48) ; more precisely, if we discard the subsystem dom ( ρ (cid:48) ) \ dom ( ρ ) of ρ (cid:48) , then the remaining subsystem is instate ρ . Combining all of the ingredients defined, we have: Proposition 3.1. ( D , ◦ , (cid:22) , forms a BI frame, where scalarnumber is understood as the state over the empty register. To complete our description of the quantum BI logic,we introduce three atomic propositions and interpret them inquantum states. In general, we have a great deal of freedomin selecting these atomic propositions; the only requirementis that their interpretation must be monotone with respect tothe pre-order (cid:22) . Our atomic propositions are fairly general,but motivated by applications of our separation logic.
Propositions denoting free variables.
We first introduce aset of atomic propositions D [ S ] for each variable set S ∈ V with domain defined by free ( D [ S ]) (cid:44) S , and interpret it asthe state with domain at least S : (cid:74) D [ S ] (cid:75) (cid:44) { ρ ∈ D : S ⊆ dom ( ρ ) } . (1) Propositions for qualitative analysis.
For qualitative anal-ysis of quantum programs, we often use projection operatorsas atomic propositions. For a projection P ∈ P as an atomicproposition, its semantics (cid:74) P (cid:75) is defined as the following setof quantum states: (cid:74) P (cid:75) (cid:44) (cid:110) ρ ∈ D : free ( P ) ⊆ dom ( ρ ) & supp (cid:0) ρ | free ( P ) (cid:1) ⊆ P (cid:111) . (2)where the support of a state ρ ∈ D is the (topological)closure of the subspace spanned by its eigenvectors withnonzero eigenvalues, or equivalently, supp( ρ ) = {| φ (cid:105) ∈H dom ( ρ ) : (cid:104) φ | ρ | φ (cid:105) = 0 } ⊥ . Let us carefully explain thedefinition of (cid:74) P (cid:75) . In the case that ρ has the same domain of P , it is natural to define ρ ∈ (cid:74) P (cid:75) if its support supp( ρ ) liesin P , or equivalently, ρ is invariant under projection operator P . In the case where dom ( ρ ) and free ( P ) are not thesame, in order to make (cid:74) P (cid:75) upward-closed (i.e., monotonic): ρ ∈ (cid:74) P (cid:75) and ρ (cid:22) ρ (cid:48) imply ρ (cid:48) ∈ (cid:74) P (cid:75) , it is appropriate torequire that ρ ∈ (cid:74) P (cid:75) iff (i) dom ( ρ ) ⊇ free ( P ) ; and (ii) therestricted state of ρ on free ( P ) is in (cid:74) P (cid:75) . Atomic propositions expressing uniformity in quantumsecurity.
As is well-known, probabilistic uniformity is abasic property in verification of security protocols. To de-scribe uniformity in quantum protocols, we introduce anatomic proposition U [ S ] for each S ⊆ V denoting finite-dimensional quantum systems. Its domain is free ( U [ S ]) (cid:44) S . The semantics of U [ S ] is defined as the following set ofquantum states: (cid:74) U [ S ] (cid:75) (cid:44) (cid:26) ρ ∈ D : S ⊆ dom ( ρ ) & ρ | S = I S dim( S ) (cid:27) , (3)where I S is the identity density on the quantum system overregisters S . The intuition behind defining equation (3) isquite simple: for a state ρ in (cid:74) U [ S ] (cid:75) such that S ⊆ dom ( ρ ) ,its restriction on S should be the completely mixed state, I S dim( S ) , which means “uniformly distributed” over all or-thonormal bases of the system denoted by S . Axiom schema for atomic formulas.
With the interpreta-tion of atomic propositions, we have: ⊥ stands for ortho-complement. roposition 3.2.
1) For all S ⊆ V and identity operator I S over H S , wehave: | = D [ S ] ↔ I S .
2) For all
P, Q ∈ P with disjoint domains, we have: | = P ∧ Q ↔ ( P ⊗ Q );
3) If S ⊆ S , then | = U [ S ] → U [ S ] .4) If S , S are disjoint, then: | = ( U [ S ] ∗ U [ S ]) ↔ U [ S ∪ S ] . Note that ⊗ is not a connective in BI: instead, it stands forthe mathematical tensor product. Thus, P ⊗ Q is a projectionand can be considered as atomic formula. After choosing (the interpretation of) atomic proposi-tions in the quantum frame ( D , ◦ , (cid:22) , , the semantics ofall BI formulas can be defined using Definitions 2.5. As iswell-known, the frame rule plays an essential role in sepa-ration logic, and in turn it heavily relies on the restrictionproperty that satisfaction only depends on the free variablesappearing in a BI formula φ . The restriction property wasalso identified and generalized in prior work on probabilisticseparation logic [9]. However, the restriction property: ρ | = φ ⇒ ρ | free ( φ ) | = φ where free ( φ ) stands for the free variables occurring in φ , does not hold for our quantum setting, even for theordinary implication φ = φ → φ (see Definition 2.5for its semantics). Essentially, the validity of the restrictionproperty in the probabilistic setting can be attributed toa fundamental fact in probability theory—the existence ofextensions. Unfortunately, this does not always hold forquantum systems. Indeed, it is violated by the well-knownphenomenon of “Monogamy” – one of the most fundamentalproperties of entanglement. Since we wish to have a frame rule in QSL, we need torecover the restriction property to a certain extent. While notall formulas satisfy this property, we can identify a subsetof them that do satisfy it.
Definition 3.3.
The formulas generated by following gram-mar are denoted by
Res . φ, ψ ::= p ∈ AP | (cid:62) | ⊥ | φ ∧ ψ | φ ∨ ψ | φ ∗ ψ Proposition 3.3.
Any formula φ ∈ Res is restrictive; thatis, for any ρ | = φ , ρ | free ( φ ) | = φ . The above simple treatment of restriction property issufficient for the purpose of this paper. A more intrinsicway for recovering this property in the quantum setting willbe discussed in Section 7.
4. For two joint-distributions µ AB and µ BC over sets A, B and
B, C respectively, if they are consistent on B (with the same marginal on B )then there exists joint-distribution µ ABC over
A, B, C which takes µ AB and µ BC as marginals.5. If two qubits A and B is maximally correlated, then they cannot becorrelated at all with a third qubit C ; more precisely, if A and B are in amaximally entangled state, then A and C cannot be in any entangled state. In classical program logic, substitution is used in theinference rule about assignment statements. In the quan-tum setting, due to no-cloning of quantum data, the roleof assignment is played by two basic constructs: unitarytransformation and initialization. We conclude this sectionby defining a technique of modifying BI formulas, whichwe will need reasoning about these operations.
Definition 3.4 (Modification of atomic propositions) . Let C be a unitary transformation q := U [ q ] or an initialisation q := | (cid:105) . For any p ∈ AP , we write p [ C ] for the C -modification of p . For the three classes of atomic propo-sitions defined in Sec. 3.2, p [ C ] is defined as follows:1) For an atomic proposition D [ S ] defined in Eq. (1), D [ S ][ C ] (cid:44) D [ S ] ;2) For an atomic proposition P ∈ P as a projectiondefined in Eq. (2), P [ q := U [ q ]] (cid:44) P U [ q ] if q ⊆ free ( P ); P q ∩ free ( P ) = ∅ ;undefined otherwise; P [ q := | (cid:105) ] (cid:44) (cid:26) D [ q ] ∧ (cid:100) P (cid:101) q if q ∈ free ( P ); P otherwise; where projections P U [ q ] and (cid:100) P (cid:101) q are given as follows: P U [ q ] = ( U q † ⊗ I free ( P ) \ q ) P ( U q ⊗ I free ( P ) \ q ) , and (cid:100) P (cid:101) q = (cid:70) { closed subspaces T : | (cid:105) q (cid:104) | ⊗ T ⊆ P } ∈ P ( free ( P ) \ q ) . Here, (cid:116) is the disjunction ofprojections in quantum logic, that is, for projections P, Q with the same domain, P (cid:116) Q = span( P ∪ Q ) with “ · ” standing for (topological) closure.3) For any atomic proposition U [ S ] ∈ U for uniformitydefined in Eq.(3),a) If q ⊆ S or q ∩ S = ∅ , then U [ S ][ q := U [ q ]] (cid:44) U [ S ] ;otherwise, U [ S ][ q := U [ q ]] is undefined;b) If q / ∈ S , then U [ S ][ q := | (cid:105) ] (cid:44) U [ S ] ;otherwise, U [ S ][ q := | (cid:105) ] is undefined. The modification of some atomic propositions/BI formu-las may not exist; we write φ [ C ] ↓ whenever φ [ C ] is defined.The notion of modification can be easily extended to all BIformulae: Definition 3.5 (Modification of BI formulas) . Let C be uni-tary transformation q := U [ q ] or initialisation q := | (cid:105) . Themodification φ [ C ] of BI formula φ is defined by inductionon the structure of φ :1) if φ ≡ (cid:62) or ⊥ , then φ [ C ] (cid:44) φ ;2) if φ ≡ p ∈ AP , then φ [ C ] is defined according toDefinition 3.4;3) if φ ≡ φ (cid:52) φ where (cid:52) ∈ {∧ , ∨} and φ [ C ] ↓ and φ [ C ] ↓ , then φ [ C ] (cid:44) φ [ C ] (cid:52) φ [ C ] ;4) if φ ≡ φ ∗ φ , φ i [ C ] ↓ and q ⊆ free ( φ i ) or q ∩ free ( φ i ) = ∅ for i = 1 , , thena) if C ≡ q := U [ q ] , then φ [ C ] (cid:44) φ [ C ] ∗ φ [ C ] ;b) if C ≡ q := | (cid:105) , then if q / ∈ free ( φ ) ∪ free ( φ ) , φ [ C ] (cid:44) φ [ C ] ∗ φ [ C ] ; • if only one of q ∈ free ( φ ) , q ∈ free ( φ ) is satisfied, then φ [ C ] (cid:44) ( φ [ C ] ∧ φ [ C ]) ∧ ( D [ free ( φ ) \ q ] ∗ D [ free ( φ ) \ q ]) ;The reason for the complexity of this case will beseen in the program logic; roughly speaking, initial-ization on q is special because it can introduce inde-pendence: it makes q independent from all variables.5) otherwise, φ [ C ] is undefined. A close connection between the semantics of a BI for-mula φ and its modification φ [ C ] is shown in the following: Proposition 3.4.
Let C be unitary transformation q := U [ q ] or initialisation q := | (cid:105) , and φ be any BI formula. If itsmodification φ [ C ] is defined, then:1) φ and φ [ C ] have the same domain: free ( φ ) = free ( φ [ C ]) ;2) for all ρ ∈ D ( free ( φ ) ∪ var ( C )) , if ρ | = φ [ C ] , then (cid:74) C (cid:75) ( ρ ) | = φ .
4. Separation Logic for Quantum Programs
Now we are ready to present our separation logic forquantum programs, using quantum BI formulas as the as-sertion language.
Let us first define judgments (correctness formulas) inquantum separation logic. A judgment is a Hoare triple ofthe form { φ } C { ψ } with both precondition φ and postcon-dition ψ being restrictive BI formulas (cf. Definition 3.3).
Definition 4.1 (Validity) . Let V be a set of quantumvariables with free ( φ ) , free ( ψ ) , var ( C ) ⊆ V . Then a cor-rectness formula { φ } C { ψ } is true in the sense of partialcorrectness with respect to V , written V | = { φ } C { ψ } , ifwe have: ∀ ρ ∈ D ( V ) , ρ | = φ ⇒ (cid:74) C (cid:75) V ( ρ ) | = ψ. Here, satisfaction relation ρ | = φ and (cid:74) C (cid:75) V ( ρ ) | = ψ aredefined according to the quantum interpretation of BI logicgiven in Section 3. The following theorem indicates that satisfaction doesnot depends on auxiliary variables.
Theorem 4.1.
For any two sets V and V (cid:48) containing allfree variables of φ, ψ and C , V | = { φ } C { ψ } if and only if V (cid:48) | = { φ } C { ψ } . As a consequence, we can drop V from V | = { φ } C { ψ } and simply write | = { φ } C { ψ } .In the remainder of this section, we gradually developthe proof system for our quantum separation logic. For betterreadability, this proof system is organised as several sets ofinference rules. S KIP { φ } skip { φ } I NIT φ [ q := | (cid:105) ] ↓{ φ [ q := | (cid:105) ] } q := | (cid:105){ φ } U NIT φ [ q := U [ q ]] ↓{ φ [ q := U [ q ]] } q := U [ q ] { φ } S EQ { φ } C { ψ } { ψ } C { µ }{ φ } C ; C { µ } RI F { φ ∗ M m } C m { ψ } for all m ψ ∈ CM { φ ∗ D ( q ) } if · · · fi { ψ } RL OOP { φ ∗ M } C { φ ∗ D ( q ) } φ ∈ CM { φ ∗ D ( q ) } while { φ ∧ M } Figure 2: Inference Rules for Program Constructs. In I
NIT and U
NIT , ↓ means the existence of modification. In RI F andRL OOP , if · · · fi and while are abbreviations of if ( (cid:3) m · M [ q ] = m → C m ) fi and while M [ q ] = 1 do C od respectively, and M , M , M m in assertions are regarded asprojective predicates acting on q . In P ERM , Perm ( q (cid:55)→ q (cid:48) )[ q ] stands for the unitary transformation which permutesthe variables from q to q (cid:48) (see Section 2.1 for details). The first set of our inference rules are designed forreasoning about basic quantum program constructs and dis-played in Fig. 2. Some of them deserve careful explanations: • Rules I NIT and U NIT : With the definition of modificationof BI formulas and Proposition 3.4 in mind, the rules I
NIT and U
NIT are similar to the (backwards) inference rule { φ [ e/x ] } x := e { φ } for assignment in classical programlogics. • Rules RI F and RL OOP : These two rules use the sep-arating conjunction to perform reasoning about differentexecution paths. Note that condition φ ∈ CM is imposedin the premises of the rules RI F and RL OOP .The set CM of assertions is formally defined as follows: Definition 4.2.
A formula φ is closed under mixtures (CM),written φ ∈ CM , if for any ρ, ρ (cid:48) , whenever dom ( ρ ) = dom ( ρ (cid:48) ) , ρ | = φ and ρ (cid:48) | = φ , we have: ∀ λ ∈ [0 , , λρ +(1 − λ ) ρ (cid:48) | = φ. Example 4.1.
For two projections P = | (cid:105)(cid:104) | and P = | (cid:105)(cid:104) | , P ∧ P is CM , but P ∨ P is not CM (bothstates | (cid:105)(cid:104) | and | (cid:105)(cid:104) | satisfies P ∨ P , but their affinecombination I = | (cid:105)(cid:104) | + | (cid:105)(cid:104) | does not satisfy P nor P and thus does not satisfy P ∨ P ). To see why the condition φ ∈ CM necessary, wenote that a quantum program can be executed in differentpaths with non-zero probabilities, and its semantic functionmaps the input to a weighted summation of the outputsfrom different execution paths. The condition φ ∈ CM isintroduced so that satisfaction relation is preserved under7 EAK φ → G φ (cid:48) { φ (cid:48) } C { ψ (cid:48) } ψ (cid:48) → G ψ { φ } C { ψ } C ONJ { φ } C { ψ } { φ } C { ψ }{ φ ∧ φ } C { ψ ∧ ψ } D ISJ { φ } C { ψ } { φ } C { ψ }{ φ ∨ φ } C { ψ ∨ ψ } C ONST { φ } C { ψ } free ( µ ) ∩ var ( C ) = ∅{ φ ∧ µ } C { ψ ∧ µ } F RAME { φ } C { ψ } free ( µ ) ∩ var ( C ) = ∅ free ( ψ ) ∪ var ( C ) ⊆ free ( φ ) or ψ ∈ SP { φ ∗ µ } C { ψ ∗ µ } Figure 3: Structural Rules. Since → G is strictly weaker than → , W EAK is stronger than ordinary weak rule.affine combination. The following proposition identifies aclass of formulas closed under mixture.
Proposition 4.1.
The formulas generated by followinggrammar are CM: φ, ψ ::= p ∈ AP | (cid:62) | ⊥ | φ ∧ ψ | U [ S ] ∗ φ We need to pay special attention on the application ofseparating conjunctions ∗ in R IF and RL OOP . Since thequantum measurement in the guards of if -statements and while loops may change the quantum state, we herebyconsider a special kind of inputs that satisfying φ ∗ I q .Thus the subsystem being measured is uncorrelated to thepart of the state described by φ , which ensures that thepost-measurement state still satisfies φ . In RL OOP , although φ ∗ M is satisfied for each path, it does not belong to CM ingeneral. Thus, only a weaker postcondition φ ∧ M ∈ CM can be achieved. The second set of rules consists of the structural rules,presented in Fig. 3. The rules C
ONJ and D
ISJ are similarto their counterparts in classical program logics. To explainthe other rules, let us fist define the global implication:
Definition 4.3 (Global implication) . For any BI formulas φ, ψ , the global implication φ → G ψ is defined as the abbre-viation of D [ free ( φ ) ∪ free ( ψ )] → ( φ → ψ ) . Trivially, → G is strictly weaker than → . The differenceis that, φ → G ψ is already enough to ensure that for any state ρ with dom ( ρ ) ⊇ free ( φ ) ∪ free ( ψ ) , ρ | = φ implies ρ | = ψ .For example, we have following proposition: Proposition 4.2.
For all φ ∈ Res and S ⊆ V , it holds that | = φ ↔ G φ ∧ D [ S ] . Now we are ready to carefully examine the remainingrules in Fig. 3. • Rules W EAK : This rule is also similar to its counterpartin classical program logics, but there is a subtle differencebetween them. Since only global states (i.e. the states whosedomain contains all free variables appearing in the assertionsand programs) are considered in defining the validity of theHoare triple, we use → G in the premise of the W EAK rulefor comparing assertions. It is easy to see that the rule isalso sound when using → , but the W EAK rule with → G isstronger. • Rules C ONST : This rule states that if any variable appear-ing in program C is not free in µ , then µ is preserved andthus can be conjoined to the pre- and post-conditions. Theprinciple behind is that µ is restrictive, i.e., the satisfactionof µ depends only on the reduced state over subsystem free ( µ ) , which trivially remains unchanged after executing C . An interesting application of this rule is proving productpredicates from local reasoning using Proposition 3.2. • Rules F RAME : The condition free ( µ ) ∩ var ( C ) = ∅ in thepremise ensures that µ can be conjoined with the pre- andpost-conditions. The condition free ( ψ ) ∪ var ( C ) ⊆ free ( φ ) guarantees that, if the input satisfies φ ∗ µ , which asserts thatsubsystems free ( φ ) and free ( µ ) are uncorrelated, then afterexecuting C , these two subsystems are still independentsince var ( C ) ⊆ free ( φ ) , and furthermore, by the downwardclosed property of independence, subsystems free ( ψ ) and free ( µ ) are uncorrelated as free ( ψ ) ⊆ free ( φ ) . It is par-ticularly interesting to note that the latter condition can bealtered by ψ ∈ SP defined in the following: Definition 4.4 (Supported Assertion, c.f. [19]) . A formula ψ is called supported, written ψ ∈ SP , if (cid:74) ψ (cid:75) is nonemptythen it has a least element, or equivalently, there exists a S ⊆ V such that 1. at most one ρ ∈ D ( S ) satisfies ψ and2. if σ | = ψ , σ (cid:23) ρ . Trivially, any uniformity proposition U [ S ] and anyatomic proposition defined by a projection of rank 1 arein SP; more examples of SP are given in the SupplementaryMaterial C.4. The frame rule with SP condition is non-trivial and it will be very useful in our later case studieson verification of quantum information-theoretic security;indeed, this application uncovered the condition ψ ∈ SP .Note that under this condition, the frame rule is sound evenwithout any restriction on free ( ψ ) , free ( φ ) and var ( C ) . Thisseems counter-intuitive; but in fact, the premise { φ } C { ψ } is much stronger than it looks at first sight, given that thepostcondition ψ ∈ SP . If the input satisfies precondition φ , then an execution of C is almost equivalent to firsterasing any information on subsystem free ( ψ ) (of course,it is now uncorrelated with the rest part of the wholesystem), and then regenerating the singleton that satisfiesthe postcondition ψ . Many quantum algorithms are designed following thesame pattern: start from a large entangled state, and thenoperate on various subsystems. Inevitably, entanglements8ften appear in the preconditions and/or postconditions ofHoare triples appropriate for specifying the correctness ofthese algorithms. But the frame rule itself is not strongenough to verify them. To see this more clearly, let usconsider the following simple example:
Example 4.2.
Let | Φ ± (cid:105) = √ ( | (cid:105)±| (cid:105) ) be two Bell states(entanglement). Define projections Φ ± = | Φ ± (cid:105)(cid:104) Φ ± | . Theprogram C ≡ √ Z [ q ]; √ Z [ q ] transforms one Bell statesto the other; that is, both { Φ + } C { Φ − } and { Φ − } C { Φ + } are true. However, they cannot be proved by using F RAME or C ONST to lift local correctness of √ Z [ q ] and √ Z [ q ] to global predicates Φ ± , since Φ ± cannot be written in theform of Φ ± (cid:54)≡ φ q ∗ ψ q or Φ ± (cid:54)≡ φ q ∧ ψ q . Fortunately, our frame rule can be combined with atechnique for reasoning about entangled predicates proposedin [21] to handle this problem. Originally, this technique wasintroduced for parallel quantum programs. Here, we need toreformulate it in a way convenient for our purpose. A combi-nation of this technique with the frame rule can significantlybroaden the range of applications of our quantum separationlogic. To this end, we need to generalise Definition 3.4 frommodification by a unitary transformation, and initialisationto modification by a general quantum operation. Definition 4.5 ( E -Modification) . Let E be quantum opera-tion on q . The E -Modification φ [ E [ q ]] acting on register q of a BI formula φ is defined inductively:1) (Atomic Proposition) For any P ∈ P , we have: a) if q ⊆ free ( P ) , P [ E [ q ]] (cid:44) (cid:0)(cid:0) E ∗ q ⊗ I free ( P ) \ q (cid:1) ( P ⊥ ) (cid:1) ⊥ ; b) if q ∩ free ( P ) = ∅ , P [ E [ q ]] (cid:44) P ;c) otherwise, P [ E [ q ]] is undefined;2) (Composite) Write φ [ E [ q ]] ↓ if φ [ E [ q ]] is defined.a) if φ ≡ (cid:62) or ⊥ , then φ [ E [ q ]] (cid:44) φ ;b) if φ ≡ p ∈ AP , then φ [ E [ q ]] is defined according toClause (1) ;c) if φ ≡ φ (cid:52) φ where (cid:52) ∈ {∧ , ∨} andboth φ [ E [ q ]] ↓ and φ [ E [ q ]] ↓ , then φ [ E [ q ]] (cid:44) φ [ E [ q ]] (cid:52) φ [ E [ q ]] d) otherwise, φ [ E [ q ]] is undefined. Intuitively, if φ [ E [ q ]] ↓ , then for any state ρ , E ( ρ ) | = φ ifand only if ρ | = φ [ E [ q ]] .Now we can introduce a new inference rule U N CR(stands for “uncorrelated”) in Fig. 4. This rule plays anessential role in the verification of VQA (see Section 5).
6. Quantum operation is used to describe the evolution of a (open)quantum system and can be characterized by an superoperator E , namely acompletely-positive and trace-non-increasing linear map from D to D . Forevery superoperator E , there exists a set of Kraus operators { E i } i (linearoperators that satisfy completeness condition (cid:80) i E † i E i = I ) such that E ( ρ ) = (cid:80) i E i ρE † i for any input ρ .7. Here ⊥ stands for the ortho-complement, for not only the projectionsbut Hermitian operators, in the sense that A ⊥ = span {| ψ (cid:105) ∈ H free ( A ) : A | ψ (cid:105) = 0 } . E ∗ is dual of E ; in detail, E ∗ ( A ) = (cid:80) i E † i AE i if E has theoperator-sum representation E ( ρ ) = (cid:80) i E i ρE † i . U N CR { φ } C { ψ } q ∩ var ( C ) = ∅ φ [ E [ q ]] ↓ ψ [ E [ q ]] ↓{ φ [ E [ q ]] } C { ψ [ E [ q ]] } Figure 4: Proof rule for dealing with entangled predicates. ↓ means the existence of modification.We divide VQA into several pieces and reason locally, butthe global predicate we desired is an entangled predicate thatcannot be constructed using F RAME . U N CR is the bridgefor structural reasoning from local to global predicates. Inaddition, a formal verification of Example 4.2 using U N CRcan be found in Supplementary Material C.9.
To conclude this section, we show that quantum sepa-ration logic QSL consisting of all the proof rules listed inFigure 2–4 are sound. The detailed proof can be found inthe Supplementary Material C.6.
Theorem 4.2 (Soundness of QSL) . A program C is al-most surely terminating if for all inputs ρ , tr( (cid:74) C (cid:75) ( ρ )) =tr( ρ ) . If C is a most surely terminating program, then (cid:96) { φ } C { ψ } implies | = { φ } C { ψ } .
5. Local Reasoning: Analysis of VariationalQuantum Algorithms
From now on we present a couple of examples todemonstrate applicability of our quantum separation logic.Variational quantum algorithms (VQA) are a class of hybridquantum/classical algorithms solving a fundamental prob-lem in quantum chemistry – determine the ground state ofa quantum system [14], [15]. It has been identified as oneof the first practical applications of near-term Noisy Inter-mediate Scale Quantum (NISQ) computers [30], and thuswere chosen as an example in the tutorials of several quan-tum programming platforms including Google’s Cirq [22].Surprisingly, using the inference rules presented in the lastsection, we are able to show that the implementation ofVQA in the tutorial of Cirq is actually incorrect; that is, theapproximation of ground energy computed by the quantumcircuit given there is sometimes far from the real one.
A typical VQA uses a hybrid computing system consist-ing of a QPU (quantum processing unit) and CPU to find agood approximation of the ground energy and ground stateof a given Hamiltonian of the form: H = (cid:88) i,α h iα σ iα + (cid:88) i,j,α,β h ijαβ σ iα σ jβ + · · · where h ’s are real numbers, and superscripts i, j, · · · identifythe subsystem and subscripts α, β, · · · ∈ { x, y, z } indicate9he appropriate Pauli operators. The algorithm can be de-scribed in four steps:1) Define a set of ansatz states | f ( θ ) (cid:105) , which are char-acterized by parameters θ = ( θ , θ , · · · , θ n ) and canbe efficiently prepared by a quantum circuit C ( θ ) . Thegoal of the algorithm is to find the optimal parameters θ min which minimize the energy (cid:104) f ( θ ) | H | f ( θ ) (cid:105) . Then (cid:104) f ( θ min ) | H | f ( θ min ) (cid:105) and | f ( θ min ) (cid:105) can be set as anapproximation of the ground energy and ground state,respectively.2) Use the QPU to execute the quantum computationrepresented as quantum circuit C ( θ ) in order to gen-erate state | f ( θ ) (cid:105) and compute the expectations of σ iα , σ iα σ jβ , · · · in all the terms of H ;3) Use the CPU to sum up the expectations of all theterms of H with the weights h ’s and thus evaluate (cid:104) f ( θ ) | H | f ( θ ) (cid:105) ;4) Feed (cid:104) f ( θ ) | H | f ( θ ) (cid:105) to an classical minimization al-gorithm. If the optimization is not completed, preparethe parameters θ for the next round and go to step (2);otherwise, terminate and return θ as output. The VQA presented in the tutorial of Google’s Cirq deals with a 2D + / − Ising model of size N × N withobjective Hamiltonian (observable) H = (cid:88) ( i,j ) h ij Z ij + (cid:88) ( i,j ; i (cid:48) ,j (cid:48) ) ∈ S J ij ; i (cid:48) j (cid:48) Z ij Z i (cid:48) j (cid:48) , where each index pair ( i, j ) is associated with a vertex in athe N × N grid, S is the set of all neighboring vertices inthe grid, and all h ij and J ij ; i (cid:48) j (cid:48) are either +1 or − . Thealgorithm for preparing the ansatz state with real parameters ( α, β, γ ) given in the tutorial of Cirq can be rewritten inthe quantum- while language with N × N grid of qubits asfollows: VQA( N ) ≡ for j = 1 , · · · , N do ProcC( j ) od ; for i = 1 , · · · , N do ProcR( i ) od . Here, subprogram
ProcC( j ) acts on the j th column ofqubits and ProcR( i ) acts on the i th row of qubits; each ofthem is a sequential composition of unitary transformations(see the Supplementary Material D.1 for detailed subpro-grams). As pointed out at the beginning of this section, we canuse our quantum separation logic to show that algorithm
VQA( N ) is indeed incorrect. Let us first describe its incor-rectness in our logical language. Suppose the Hamiltonian H has eigenvalues E , E , ... ranged in increasing order,
8. https://quantumai.google/cirq/tutorials/variational algorithm with corresponding eigenspaces (projections) Q , Q ... . Iffor each i ≤ n , we can find a precondition P i ∈ P suchthat | = { P i } VQA( N ) { − (cid:80) ik =0 Q i } ( i = 0 , , ..., n ) , thenby showing that | (cid:105) (the initial state of quantum circuit) isclose to P i ; that is, (cid:104) | P i | (cid:105) ≥ δ i , we can conclude thatthe approximate ground energy computed by VQA( N ) isat least: E + n (cid:88) i =1 ( E i +1 − E i ) δ i . (4)Therefore, whenever the quantity in (4) is far away from thereal ground energy E , then VQA( N ) is incorrect.To illustrate our idea more explicitly, let us consider thesimplest case of × grid ( N = 2 ) with parameters: h = (cid:20) − −
11 1 (cid:21) , Jc = (cid:20) − − (cid:21) , Jr = (cid:2) − (cid:3) and J ij ;( i +1) j = Jr ij and J ij ; i ( j +1) = Jc ij ; see Fig. 1 forits circuit model. The eigenvalues of the Hamiltonian H inthis case are E , · · · , E = − , − , − , , , with corre-sponding eigenspaces Q , Q , · · · , Q , respectively. UsingQSL, we are able to prove: (cid:96) { P i } VQA( N ) (cid:40) − i (cid:88) k =0 Q i (cid:41) ( i = 0 , where (cid:104) | P | (cid:105) = 1 −
116 sin( απ ) ≥ (cid:104) | P | (cid:105) = 1 −
132 (7 + cos(2 απ )) sin ( απ ) ≥ , by first reasoning about each subprogram ProcC(1) , ProcC(2) , Proc(R)(1) , ProcR(2) and then using C
ONST and U N CR to lift these local reasoning to global correctnessabove (details can be found in Supplementary Material D.3).Then it follows from (4) that the approximate ground energyof VQA is at least − . , which is much higher than the realground energy E = − .Our quantum separation logic can also apply to higherdimensionional versions of this program. In general, sincethe number of qubits in each subprogram of VQA is N ofthat of the entire system, there is no extra cost for localreasoning no matter how large N is. Besides revealing theincorrectness of ground energy, we can prove that param-eters β, γ are helpless for finding the ground energy inthe sense that the expectation of measurement outcome isindependent of β, γ .
6. Scalable Reasoning: Verification of Security
A major distinction between classical and quantum in-formation can be stated as the no-cloning theorem that itis impossible to create an identical copy of an arbitraryunknown quantum state. Exploiting this fundamental prop-erty among others, many quantum cryptographic protocols
9. The QPU executes
VQA( N ) and then measures each qubit in com-putational basis and feed the outcome to CPU. RAME U {(cid:62)} C { U [ S ] } S ∩ ( var ( C ) ∪ S ) = ∅{ U [ S ] } C { U [ S , S ] } . (5)This rule is derived by instantiating φ ≡ (cid:62) , ψ ≡ U [ S ] and µ ≡ U [ S ] in the frame rule F RAME and using axiomscheme (see Proposition 3.2 (4)).
Let us first verify the security of quantum one-time pad(QOTP) [23], [24], one of the basic quantum encryptionschemes in quantum cryptography. Similar to the classicalone-time pad, a one-time pre-shared secret key is employedto encrypt and decrypt the quantum data.
To warm up, we consider thesimplest case for protecting one-qubit data. The QOTPscheme consists of three parts: key generation
KeyGen ,encryption
Enc and decryption
Dec , which can be writtenas programs:
KeyGen [ a, b ] ≡ a := | (cid:105) ; b := | (cid:105) ; a := H [ a ]; b := H [ b ]; if M [ a, b ] = 00 → skip (cid:3) → skip (cid:3) → skip (cid:3) → skip fiEnc [ a, b, q ] ≡ if M [ a, b ] = 00 → skip (cid:3) → q = Z [ q ] (cid:3) → q = X [ q ] (cid:3) → q = Z [ q ]; q = X [ q ] fi QOTP[ a, b, q ] ≡ KeyGen [ a, b ]; Enc [ a, b, q ] Here, registers a and b are used as the secret key, andmeasurement M = { M = | (cid:105) ab (cid:104) | , M = | (cid:105) ab (cid:104) | ,M = | (cid:105) ab (cid:104) | , M = | (cid:105) ab (cid:104) |} is introduced to generate and detect the value of secret key,which returns a two-bit classical outcome with a certainprobability. Register q is the input quantum data which wewant to protect. H is the Hadamard gate and X, Z are Pauligates as usual.Security of QOTP for the single-qubit case can be spec-ified as the following uniformity: (cid:96) {(cid:62)}
QOTP[ a, b, q ] { U [ q ] } . (6)This fact has been formally verified using quantum Hoarelogic with ghost variables [31] and relational quantum Hoarelogic in [27]. Now we show howcan the verification for single-qubit be easily scaled up tothe multi-qubit case using the frame rule in our quantumseparation logic. The protocol for protecting n -qubit datastored in register q = q , · · · , q n can be written as: QOTP( n ) ≡ for i = 1 , · · · , n do QOTP[ a i , b i , q i ] od where a , b , · · · , a n , b n are secret key of size n . Its secu-rity can be stated as the following uniformity: (cid:96) {(cid:62)} QOTP( n ) { U [ q , · · · , q n ] } , (7)which shows that, no matter what is the plain text initialisedon q , after encryption, the cipher text is always uniform andthe eavesdropper cannot release any useful information. Thisjudgment is proved as follows. First, it follows from (6) that (cid:96) {(cid:62)} QOTP[ a i , b i , q i ] { U [ q i ] } ( i = 1 , ..., n ) . Using F
RAME
U we obtain for all i = 1 , ..., n : (cid:96) { U [ q , · · · , q i − ] } QOTP[ a i , b i , q i ] { U [ q , · · · , q i ] } Then (7) is derived by repeatedly using rule S EQ . A comparison between the security ver-ification of QOTP in quantum Hoare logic [27], [31] andin quantum separation logic presented above is interesting.Only the single-qubit case was considered in [31]. A crucialstep in the verification for the multi-qubit case given in[27] is based on a complicated transformation of quantumpredicates, which cannot be proved by the logic itself, but isderived from a mathematical result proved by quite involvedcalculations in the previous literature [24]. In contrast, theverification in quantum separation logic avoids such com-plicated calculations by using the frame rule F
RAME U. Now we turn to verify the security of another quantumcryptographic protocol: quantum security sharing. Similar toclassical secret sharing [32], [33], quantum secret sharingaddresses the problem of how to distribute a secret amongsta group of participants so that the secret can be reconstructedby a sufficient number of participants while any individualhas no information about it [25], [26]. For concreteness, letus focus on a typical scheme. (2 , Threshold Scheme.
The (2 , threshold scheme for sharing a single secret qutrit p (a -dimensional quantum state) takes p as the input and outputsthree qutrits p (cid:48) , q (cid:48) , r (cid:48) so that each of them has no informationabout the input secret while any two of them can recover theinput. Formally, it can be written as the following program: Enc [ p, q, r ] ≡ q := | (cid:105) ; r := | (cid:105) ; p, q, r := U enc [ p, q, r ] where unitary transformation U enc maps | i (cid:105)| (cid:105)| (cid:105) to | e i (cid:105) for i = 0 , , , where | e i (cid:105) are three orthonormal states: | e i (cid:105) = 1 √ (cid:88) k =0 | k (cid:105)| k ⊕ i (cid:105)| k ⊕ i (cid:105) ⊕ stands for the addition modulo 3. For secretlysharing information of multiple qutrits p = p , · · · , p n , thisscheme can simply be generalised to: QSS( n ) ≡ for i = 1 , · · · , n do Enc [ p i , q i , r i ] od . Quantum secret sharing isdesigned for against both dishonest agents and eavesdrop-pers [25], [26], [34]. Let us first consider the case withoutany eavesdropper during transmission. In this case, the secu-rity of
QSS( n ) can be specified as the following judgment: (cid:96) {(cid:62)} QSS( n ) { U [ q , · · · , q n ] } . (8)The above judgment can be easily proved in our quantumseparation logic. First, using rules U NIT , I
NIT and S EQ directly we obtain: (cid:96) {(cid:62)} Enc [ p, q, r ] { P S [ p, q, r ] } , (9)where projection P S = | e (cid:105)(cid:104) e | + | e (cid:105)(cid:104) e | + | e (cid:105)(cid:104) e | . It iseasy to check that | = P S [ p, q, r ] → ( U [ p ] ∧ U [ q ] ∧ U [ r ]) . Based on this we can conclude: (cid:96) {(cid:62)}
Enc [ p, q, r ] { U [ α ] } for α ∈ { p, q, r } . This proves the security for the case of asingle qutrit. To generalise it to the case of multiple qutrits,we can use F RAME
U to derive: (cid:96) { U [ q , · · · , q i − ] } Enc [ p i , q i , r i ] { U [ q , · · · , q i ] } from (cid:96) {(cid:62)} Enc [ p i , q i , r i ] { U [ q i ] } . Then by setting for-mulas φ i = U [ q , · · · , q i − ] and φ = (cid:62) , we have (cid:96) { φ i } Enc [ p i , q i , r i ] { φ i +1 } for all ≤ i ≤ n , and (8)is obtained by repeatedly using rule S EQ .
7. Discussion and Related Work
In this section, we briefly discuss an issue about restric-tion property left open in Subsection 3.3 as well as someprevious work on verification of quantum programs.
Our quantum interpretation of standard BI logic is suffi-cient for the applications discussed in this paper. However, ithas a drawback: the restriction property does not hold for allBI formulas, and thus the assertions in our QSL (QuantumSeparation Logic) are confined in a special class of BIformulas (see Def. 3.3), which do not include implicationand separating implication. One possible solution to thisissue is to redefine the BI logic so that the restrictionproperty becomes intrinsic – similar to the monotonicity.We can introduce a notion of domain into BI: the domain dom ( x ) of a state x is the set of variables specified bythe state. Then a basic idea in classical separation logic[5], [6], [7], [8], called the domain assumption for stack,can be adopted in defining satisfaction relation: x | = φ isdefined only when dom ( x ) ⊇ free ( φ ) , where free ( φ ) isthe set of free variables in a BI- formula φ . The domain assumption guarantees that the restriction property is trueeven when the extension of joint quantum states does notexist (see Sec. 3.3). In this way, BI is upgraded to BID (BIwith domain), and all BID formulas can be safely used asassertions in QSL. Details of this approach can be found inthe Supplementary Material F. Quantum programming has become an active researchfield in recent years after two decades of development[35]. Various analysis, verification, testing and debuggingmethodologies and techniques for quantum programs havebeen developed [29], [36], [37], [38], [39], [40], [41], [42],[43], [44], [45]. In particular, several quantum programlogics have been established, including quantum Hoarelogic [16], [17], [31] for verifying correctness of one quan-tum program and relational quantum Hoare logic [27], [46],[47] for verifying equivalence of two quantum programs.The frame rule plays a key role in our QSL. We shouldmention that a frame rule was also introduced in relationalquantum Hoare logic [27], [46], [47]. But it was definedusing the ordinary conjunction ∧ and thus is similar to ourC ONST . The frame rule in QSL is given using the separatingconjunction ∗ . Of course, the intuitions behind them arethe same—an assertion is preserved by a program if it isindependent of the program.The target applications of our SQL is verification oflarge-scale quantum programs, where the size of the rep-resentation of assertions and the complexity of the involvedcalculations can increase exponentially w.r.t the number ofqubits. Two different approaches to this issue were pro-posed in [18] and [48], essentially based on the opera-tional semantics. They have achieved obvious success, inparticular for those large-scale quantum programs with agood algebraic structure that can be inductively defined. Itseems that sometimes our QSL can be used in combinationwith them; for example, some larger VQAs (VariationalQuantum Algorithms) can be divided into several blocks,each of which has a good algebraic structure and thus canbe verified using the tools developed in [18], [48]. Then ourQSL can be employed to lift these local reasoning to theglobal correctness of VQAs.
8. Conclusion
In this paper, we have developed a quantum separationlogic QSL that enables local reasoning for scalable verifi-cation of quantum programs written in a simple quantumprogramming language, namely the quantum extension of while -language. The applicability of QSL has been demon-strated in the formal verification and analysis of severalpractical quantum algorithms and cryptographic protocols,including a VQA (Variational Quantum Algorithm), quan-tum one-time pad, and quantum secret sharing.There are several interesting topics for future researchalong this line:121) We would like to explore more applications of ourlogic QSL in the verification of those algorithms identifiedas practical applications of near-term Noisy IntermediateScale Quantum (NISQ) computers [30]; for example, quan-tum machine learning from quantum data. We will also tryto apply QSL in the security analysis of more quantumcryptographic protocols rather than those considered in thispaper, in particular QKD (Quantum Key Distribution).(2) Currently, QSL can only be used to quantum while -programs without indexed variables, like arrays. However,indexed variables has already been frequently used in writ-ing large quantum algorithms. We would like to extend ourlogic for a more sophisticated quantum program languagewith indexing.(3) Resource theory has been emerging as a subareaof quantum information theory in recent years. Roughlyspeaking, it aims at understanding how the resources withquantum advantage in computing and communication canbe generated and transformed (e.g. only using LOCC (localoperations and classical communication)) [49], [50], [51].As briefly mentioned in the Introduction, some connectionsbetween resource theory and the resource semantics of BIwere already noticed in [10], [11], [52]. We would like tosee how quantum separation logic can be used to reasonabout these quantum resources.
References [1] P. W. O’Hearn and D. J. Pym, “The logic of bunched implications,”
The Bulletin of Symbolic Logic
The semantics and proof theory of the logic of bunched im-plications , ser. Applied Logic Series. Kluwer Academic Publishers,2002, vol. 26.[3] D. J. Pym, P. W. O’Hearn, and H. Yang, “Possible worldsand resources: the semantics of bi,”
Theoretical ComputerScience
Proceedings 17th Annual IEEE Symposium on Logicin Computer Science , 2002, pp. 55–74.[5] P. O’Hearn, J. Reynolds, and H. Yang, “Local reasoning aboutprograms that alter data structures,” in
Computer Science Logic ,L. Fribourg, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg,2001, pp. 1–19.[6] S. S. Ishtiaq and P. W. O’Hearn, “Bi as an assertion language formutable data structures,” in
Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages , ser.POPL ’01. New York, NY, USA: ACM, 2001, pp. 14–26. [Online].Available: http://doi.acm.org/10.1145/360204.375719[7] P. W. O’Hearn, “Resources, concurrency, and local reasoning,”
Theoretical Computer Science
TheoreticalComputer Science
Proc. ACM Program. Lang. , vol. 4, no. POPL, Dec. 2019. [Online].Available: https://doi.org/10.1145/3371123[10] B. Coecke, T. Fritz, and R. W. Spekkens, “A mathematical theoryof resources,”
Inf. Comput. , vol. 250, pp. 59–86, 2016. [Online].Available: https://doi.org/10.1016/j.ic.2016.02.008[11] S. R. Docherty, “Bunched logics: a uniform approach,” Ph.D.dissertation, UCL (University College London), 2019. [Online].Available: https://discovery.ucl.ac.uk/id/eprint/10073115/[12] J. Biamonte, P. Wittek, N. Pancotti, P. Rebentrost, N. Wiebe,and S. Lloyd, “Quantum machine learning,”
Nature , vol. 549,no. 7671, pp. 195–202, Sep 2017. [Online]. Available: https://doi.org/10.1038/nature23474[13] M. Broughton, G. Verdon, T. McCourt, A. J. Martinez, J. H. Yoo,S. V. Isakov, P. Massey, M. Y. Niu, R. Halavati, E. Peters, M. Leib,A. Skolik, M. Streif, D. V. Dollen, J. R. McClean, S. Boixo, D. Bacon,A. K. Ho, H. Neven, and M. Mohseni, “Tensorflow quantum: Asoftware framework for quantum machine learning,” 2020.[14] A. Peruzzo, J. McClean, P. Shadbolt, M.-H. Yung, X.-Q. Zhou,P. J. Love, A. Aspuru-Guzik, and J. L. O’Brien, “A variationaleigenvalue solver on a photonic quantum processor,”
NatureCommunications , vol. 5, no. 1, p. 4213, Jul 2014. [Online].Available: https://doi.org/10.1038/ncomms5213[15] J. R. McClean, J. Romero, R. Babbush, and A. Aspuru-Guzik,“The theory of variational hybrid quantum-classical algorithms,”
New Journal of Physics , vol. 18, no. 2, p. 023023, feb 2016.[Online]. Available: https://doi.org/10.1088%2F1367-2630%2F18%2F2%2F023023[16] M. Ying, “Floyd–hoare logic for quantum programs,”
ACM Transac-tions on Programming Languages and Systems (TOPLAS) , vol. 33,no. 6, pp. 19:1–19:49, 2011.[17] L. Zhou, N. Yu, and M. Ying, “An applied quantum hoarelogic,” in
Proceedings of the 40th ACM SIGPLAN Conferenceon Programming Language Design and Implementation , ser. PLDI2019. New York, NY, USA: Association for Computing Machinery,2019, p. 1149–1162. [Online]. Available: https://doi.org/10.1145/3314221.3314584[18] K. Hietala, R. Rand, S.-H. Hung, L. Li, and M. Hicks, “Provingquantum programs correct,” 2020.[19] J. C. Reynolds, “An introduction to separation logic (preliminarydraft),”
Course notes, October , 2008.[20] M. A. Nielsen and I. Chuang,
Quantum computation and quantuminformation . Cambridge University Press, 2002.[21] M. Ying, L. Zhou, and Y. Li, “Reasoning about parallel quantumprograms,” 2018.[22] The Cirq Developers, “quantumlib/cirq: A python framework forcreating, editing, and invoking noisy intermediate scale quantum(nisq) circuits,” 2018, https://github.com/quantumlib/Cirq.[23] P. O. Boykin and V. Roychowdhury, “Optimal encryption ofquantum bits,”
Phys. Rev. A , vol. 67, p. 042317, Apr 2003. [Online].Available: https://link.aps.org/doi/10.1103/PhysRevA.67.042317[24] M. Mosca, A. Tapp, and R. de Wolf, “Private quantum channelsand the cost of randomizing quantum information,” arXiv preprintquant-ph/0003101 , 2000. [Online]. Available: https://arxiv.org/abs/quant-ph/0003101[25] R. Cleve, D. Gottesman, and H.-K. Lo, “How to share a quantumsecret,”
Phys. Rev. Lett. , vol. 83, pp. 648–651, Jul 1999. [Online].Available: https://link.aps.org/doi/10.1103/PhysRevLett.83.648[26] M. Hillery, V. Buˇzek, and A. Berthiaume, “Quantum secret sharing,”
Phys. Rev. A , vol. 59, pp. 1829–1834, Mar 1999. [Online]. Available:https://link.aps.org/doi/10.1103/PhysRevA.59.1829[27] G. Barthe, J. Hsu, M. Ying, N. Yu, and L. Zhou, “Relational proofs forquantum programs,”
Proc. ACM Program. Lang. , vol. 4, no. POPL,Dec. 2019. [Online]. Available: https://doi.org/10.1145/3371089
28] P. Selinger, “Towards a quantum programming language,”
Mathemat-ical Structures in Computer Science , vol. 14, no. 4, pp. 527–586,2004.[29] M. Ying,
Foundations of Quantum Programming . Morgan Kauf-mann, 2016.[30] J. Preskill, “Quantum Computing in the NISQ era and beyond,”
Quantum , vol. 2, p. 79, Aug. 2018. [Online]. Available: https://doi.org/10.22331/q-2018-08-06-79[31] D. Unruh, “Quantum hoare logic with ghost variables,” in ,2019, pp. 1–13.[32] G. R. Blakley, “Safeguarding cryptographic keys,” in
ManagingRequirements Knowledge, International Workshop on . Los Alamitos,CA, USA: IEEE Computer Society, jun 1979, p. 313. [Online]. Avail-able: https://doi.ieeecomputersociety.org/10.1109/AFIPS.1979.98[33] A. Shamir, “How to share a secret,”
Commun. ACM , vol. 22,no. 11, p. 612–613, Nov. 1979. [Online]. Available: https://doi.org/10.1145/359168.359176[34] A. Karlsson, M. Koashi, and N. Imoto, “Quantum entanglementfor secret sharing and secret splitting,”
Phys. Rev. A , vol. 59, pp.162–168, Jan 1999. [Online]. Available: https://link.aps.org/doi/10.1103/PhysRevA.59.162[35] B. Heim, M. Soeken, S. Marshall, C. Granade, M. Roet-teler, A. Geller, M. Troyer, and K. Svore, “Quantumprogramming languages,”
Nature Reviews Physics
Mathematical Structures in Computer Science , vol. 16, no. 3, pp.429–451, 2006.[38] A. Baltag and S. Smets, “The logic of quantum programs,”in
Proceedings of the 2nd International Workshop on QuantumProgramming Languages (QPL 2004) ∼ selinger/qpl2004/PDFS/04Baltag-Smets.pdf[39] ——, “Lqp: the dynamic logic of quantum information,” Mathemat-ical Structures in Computer Science , vol. 16, no. 3, pp. 491–525,2006.[40] O. Brunet and P. Jorrand, “Dynamic quantum logic for quantumprograms,”
International Journal of Quantum Information , vol. 02,no. 01, pp. 45–54, 2004. [Online]. Available: https://doi.org/10.1142/S0219749904000067[41] R. Chadha, P. Mateus, and A. Sernadas, “Reasoning about impera-tive quantum programs,”
Electronic Notes in Theoretical ComputerScience , vol. 158, pp. 19–39, 2006.[42] Y. Kakutani, “A logic for formal verification of quantum programs,” in
Proceedings of the 13th Asian conference on Advances in ComputerScience: information Security and Privacy (ASIAN 2009) ∼ rrand/wpe.pdf[44] Y. Feng, R. Duan, Z. Ji, and M. Ying, “Proof rules for the correctnessof quantum programs,” Theoretical Computer Science , vol. 386, no.1-2, pp. 151–166, 2007.[45] M. Ying, R. Duan, Y. Feng, and Z. Ji, “Predicate transformer se-mantics of quantum programs,”
Semantic Techniques in QuantumComputation , no. 8, pp. 311–360, 2010.[46] D. Unruh, “Quantum relational hoare logic,”
Proc. ACM Program.Lang. , vol. 3, no. POPL, Jan. 2019. [Online]. Available: https://doi.org/10.1145/3290346 [47] Y. Li and D. Unruh, “Quantum relational hoare logic with expecta-tions,” 2019.[48] A. Bordg, H. Lachnitt, and Y. He, “Certified quantum computation inisabelle/hol,”
Journal of Automated Reasoning , Dec 2020. [Online].Available: https://doi.org/10.1007/s10817-020-09584-7[49] M. HORODECKI and J. OPPENHEIM, “(quantumness in thecontext of) resource theories,”
International Journal of ModernPhysics B , vol. 27, no. 01n03, p. 1345019, 2013. [Online]. Available:https://doi.org/10.1142/S0217979213450197[50] M. B. Plenio and S. S. Virmani,
An Introduction to EntanglementTheory . Cham: Springer International Publishing, 2014, pp. 173–209.[Online]. Available: https://doi.org/10.1007/978-3-319-04063-9 8[51] V. Veitch, S. A. H. Mousavian, D. Gottesman, and J. Emerson, “Theresource theory of stabilizer quantum computation,”
New Journal ofPhysics , vol. 16, no. 1, p. 013009, jan 2014. [Online]. Available:https://doi.org/10.1088/1367-2630/16/1/013009[52] T. FRITZ, “Resource convertibility and ordered commutativemonoids,”
Mathematical Structures in Computer Science , vol. 27,no. 6, p. 850–938, 2017.[53] M. Y. Siraichi, V. F. d. Santos, S. Collange, and F. M. Q.Pereira, “Qubit allocation,” in
Proceedings of the 2018 InternationalSymposium on Code Generation and Optimization , ser. CGO 2018.New York, NY, USA: Association for Computing Machinery, 2018,p. 113–125. [Online]. Available: https://doi.org/10.1145/3168822[54] G. Birkhoff and J. Von Neumann, “The logic of quantum mechanics,”
Annals of Mathematics , vol. 37, no. 4, pp. 823–843, 1936.[55] G. Kalmbach,
Orthomodular lattices . Academic Press, 1983, vol. 18.[56] N. Yu, C.-Y. Lai, and L. Zhou, “Protocols for packet quantum networkintercommunication,” 2019.[57] Q. Cao, S. Cuellar, and A. W. Appel, “Bringing order to the separationlogic jungle,” in
Programming Languages and Systems , B.-Y. E.Chang, Ed. Cham: Springer International Publishing, 2017, pp. 190–211. upplementary material and deferred proofs Appendix A.Preliminary
In the main text we give a brief introduction of quantum information (see Section 2.1). A extended introduction is givenhere for the convenience of reader.Quantum Information is built on the linear algebra. We first give the mathematical preliminary needed for understandingquantum information/computation.
A.1. Mathematical Preliminary
We write C for the set of complex numbers. For each complex number λ ∈ C , λ ∗ stands for the conjugate of λ . A(complex) vector space is a nonempty set H together with two operations: vector addition + : H × H → H and scalarmultiplication · : C × H → H , satisfying the following conditions:1) ( H , +) is an Abelian group, its zero element is called the zero vector;2) | ϕ (cid:105) = | ϕ (cid:105) ;3) λ ( µ | ϕ (cid:105) ) = λµ | ϕ (cid:105) ;4) ( λ + µ ) | ϕ (cid:105) = λ | ϕ (cid:105) + µ | ϕ (cid:105) ; and5) λ ( | ϕ (cid:105) + | ψ (cid:105) ) = λ | ϕ (cid:105) + λ | ψ (cid:105) for any λ, µ ∈ C and | ϕ (cid:105) , | ψ (cid:105) ∈ H .An inner product over a vector space H is a mapping (cid:104)·|·(cid:105) : H × H → C satisfying the following properties:1) (cid:104) ϕ | ϕ (cid:105) ≥ with equality if and only if | ϕ (cid:105) = 0 ;2) (cid:104) ϕ | ψ (cid:105) = (cid:104) ψ | ϕ (cid:105) ∗ ; and3) (cid:104) ϕ | ( λ | ψ (cid:105) + λ | ψ (cid:105) ) = λ (cid:104) ϕ | ψ (cid:105) + λ (cid:104) ϕ | ψ (cid:105) for any | ϕ (cid:105) , | ψ (cid:105) , | ψ (cid:105) , | ψ (cid:105) ∈ H and for any λ , λ ∈ C . Sometimes, we also write ( | ϕ (cid:105) , | ψ (cid:105) ) for the inner product (cid:104) ϕ | ψ (cid:105) of | ϕ (cid:105) and | ψ (cid:105) .For any vector | ψ (cid:105) in H , its length || ψ || is defined to be (cid:112) (cid:104) ψ | ψ (cid:105) . A vector | ψ (cid:105) is called a unit vector if || ψ || = 1 . Afamily {| ψ i (cid:105)} i ∈ I of unit vectors is called an orthonormal basis of H if1) | ψ i (cid:105) ⊥ | ψ j (cid:105) for any i, j ∈ I with i (cid:54) = j ; and2) | ψ (cid:105) = (cid:80) i ∈ I (cid:104) ψ i | ψ (cid:105)| ψ i (cid:105) for each | ψ (cid:105) ∈ H . In this case, the cardinality of I is called the dimension of H . We use dim( H ) to denote the dimension of H . A Hilbert space is defined to be a complete inner product space; that is, an inner product space in which each Cauchysequence of vectors has a limit. According to a basic postulate of quantum mechanics, the state space of an isolated quantumsystem is represented by a Hilbert space, and a pure state of the system is described by a unit vector in its state space.
Example A.1.
1) The state space of qubits is the − dimensional Hilbert space: H = { α | (cid:105) + β | (cid:105) : α, β ∈ C } . The inner product in H is defined by ( α | (cid:105) + β | (cid:105) , α (cid:48) | (cid:105) + β (cid:48) | (cid:105) ) = α ∗ α (cid:48) + β ∗ β (cid:48) for all α, α (cid:48) , β, β (cid:48) ∈ C . Then {| (cid:105) , | (cid:105)} is an orthonormal basis of H , called the computational basis.2) The space l of square summable sequences is H ∞ = (cid:110) ∞ (cid:88) n = −∞ α n | n (cid:105) : α n ∈ C for all n ∈ Z and ∞ (cid:88) n = −∞ | α n | < ∞ (cid:111) , where Z is the set of integers. The inner product in H ∞ is defined by (cid:16) ∞ (cid:88) n = −∞ α n | n (cid:105) , ∞ (cid:88) n = −∞ α (cid:48) n | n (cid:105) (cid:17) = ∞ (cid:88) n = −∞ α ∗ n α (cid:48) n for all α n , α (cid:48) n ∈ C , −∞ < n < ∞ . Then {| n (cid:105) : n ∈ Z } is an orthonormal basis of H ∞ , called the computationalbasis. A (linear) operator on a Hilbert space H is a mapping A : H → H satisfying the following conditions:15) A ( | ϕ (cid:105) + | ψ (cid:105) ) = A | ϕ (cid:105) + A | ψ (cid:105) ;2) A ( λ | ψ (cid:105) ) = λA | ψ (cid:105) for all | ϕ (cid:105) , | ψ ∈ H and λ ∈ C . If {| ψ i (cid:105)} is an orthonormal basis of H , then an operator A is uniquely determined by theimages { A | ψ i (cid:105)} of basis vectors {| ψ i (cid:105)} under A . In particular, A can be represented by matrix A = ( (cid:104) ψ i | A | ψ j (cid:105) ) ij when H is finite-dimensional. An operator A on H is said to be bounded if there is a constant c ≥ such that (cid:107) A | ψ (cid:105)(cid:107) ≤ c ·(cid:107) ψ (cid:107) for all | ψ (cid:105) ∈ H . In the paper, only bounded operators are considered and for simplicity, we omit “bounded”. The identityoperator on H is denoted I H , and the zero operator on H that maps every vector in H to the zero vector is denoted H .For any operator A on H , there exists a unique linear operator A † on H such that ( | ϕ (cid:105) , A | ψ (cid:105) ) = ( A † | ψ (cid:105) , | ϕ (cid:105) ) for all | ϕ (cid:105) , | ψ (cid:105) ∈ H . The operator A † is called the adjoint of A . Given the matrix form of A , A † is the conjugate transposeof A .Following are frequently used sets of operators:1) Hermitian operator : An operator M on H is said to be Hermitian if M † = M .2) Positive semi-definite operator : An Hermitian operator A on H is said to be positive semi-definite if (cid:104) ψ | A | ψ (cid:105) ≥ forall states | ψ (cid:105) ∈ H .3) Projection : An Hermitian operator P on H is a projection if P = P . There is a one-to-one correspondence betweenthe closed subspaces and projections: given projection P , its corresponding closed subspace is {| φ (cid:105) ∈ H : P | φ (cid:105) = | φ (cid:105)} ;and given closed subspace V ⊆ H , its corresponding projection is (cid:80) i | φ i (cid:105)(cid:104) φ i | where {| φ i (cid:105)} is an orthonormal basisof V .4) Unitary operator : An operator U on H is unitary if U U † = U † U = I where I is the identity operator on H .5) Density operator : An positive semi-definite operator with trace one.Following are frequently used concepts of operators:1)
Trace : The trace of an operator A on H is given by tr( A ) = (cid:88) i (cid:104) ψ i | A | ψ i (cid:105) where {| ψ i (cid:105)} is an orthonormal basis of H . In particular, trace is independent of the choice of the orthonormal basis.Given the matric form of A , tr( A ) is exactly the summation of diagonal entries of A .2) Support : The support of a Hermitian operator M on H is the (topological) closure of subspace spanned by itseigenvectors with nonzero eigenvalues. One can show that: supp( M ) = {| φ (cid:105) ∈ H : (cid:104) φ | ρ | φ (cid:105) = 0 } ⊥ , where ⊥ stands for ortho-complement.3) L¨owner Order : Given two Hermitian operator
A, B on H , we use the L¨owner order to compare them which is definedas follows: A (cid:118) B if and only if B − A is positive semi-definite ; that is, for any | φ (cid:105) ∈ H , (cid:104) φ | A | φ (cid:105) ≤ (cid:104) φ | B | φ (cid:105) . Whenever both A, B are projections, their L¨owner order is consistentwith the inclusion relation between the subspaces corresponding to
A, B .4) eigenspaces of eigenvalue 1 : For a Hermitian operator A on H , we define proj( A ) as the eigenspaces of eigenvalue 1: proj( A ) = {| φ (cid:105) ∈ H : A | φ (cid:105) = | φ (cid:105)} . A.2. Basics of Quantum Information, Extended Version
The state space of a quantum system is a Hilbert space H , which is essentially a vector space in the finite-dimensionalcase. A pure state of the system is a unit column vector | ψ (cid:105) ∈ H . For example, the state space of a quantum bit (aka qubit)is a two-dimensional Hilbert space H with basis states | (cid:105) = (cid:20) (cid:21) and | (cid:105) = (cid:20) (cid:21) , and any pure state of a qubit can be described in the form α | (cid:105) + β | (cid:105) = (cid:20) αβ (cid:21) | α | + | β | = 1 . The orthonormal basis is not unique, for example, the states | + (cid:105) = √ ( | (cid:105) + | (cid:105) ) and |−(cid:105) = √ ( | (cid:105) − | (cid:105) ) is another orthonormal basis of H .When the state is not completely known but could be in one of some pure states | ψ i (cid:105) with respective probabilities p i ,we call { ( p i , | ψ i (cid:105) ) } an ensemble of pure states or a mixed state , and the system is fully described by the density operator ρ = (cid:80) i p i | ψ i (cid:105)(cid:104) ψ i | , which mathematically, the positive semi-definite operator with unit trace. For example, the completelymixed state of a qubit can be seen as ensemble { (0 . , | (cid:105) ) , (0 . , | (cid:105) ) } (i.e. the state is either | (cid:105) or | (cid:105) with the sameprobability 0.5) or density matrix
12 ( | (cid:105)(cid:104) | + | (cid:105)(cid:104) | ) = (cid:20) . . (cid:21) ; if a state is in | (cid:105) with probability and in | + (cid:105) with probability , then it can be described by density operator ρ = 23 | (cid:105)(cid:104) | + 13 | + (cid:105)(cid:104) + | = 16 (cid:18) (cid:19) . (10)The evolution of a quantum system is modelled by a unitary operator U ; i.e. a complex matrix with U U † = U † U beingthe identity operator, where † is conjugate transpose. In quantum computing, operators are often called quantum gates . Forexample, the Hadamard gate H = √ (cid:20) − (cid:21) maps | (cid:105) , | (cid:105) to their superpositions | + (cid:105) and |−(cid:105) respectively: H | (cid:105) = 1 √ (cid:20) − (cid:21) · (cid:20) (cid:21) = 1 √ (cid:20) (cid:21) = | + (cid:105) ,H | (cid:105) = 1 √ (cid:20) − (cid:21) · (cid:20) (cid:21) = 1 √ (cid:20) − (cid:21) = |−(cid:105) . Unlike a classical system which can be observed directly without changing its state, we need to perform a quantummeasurement to extract information from a quantum state which inevitably leads to state collapse. Formally, a projectivequantum measurement consists of a set of projections , M , M , . . . , M n that satisfies the completeness condition: n (cid:88) i =0 M † i M i = n (cid:88) i =0 M i = I where I is the identity operator. When such a measurement is applied to a quantum state ρ , we obtain one of the classicaloutcome i ∈ { , , . . . , n } with probability p i = tr( M i ρ ) , and the post-measurement state of the system is then M i ρM i p i . Forinstance, consider the measurement defined by M = { M = | + (cid:105)(cid:104) + | , M = |−(cid:105)(cid:104)−|} , and if we perform M on a qubit in(mixed) state ρ given in equation (10), then the probability that we get outcome “ ” is p = tr ( M ρ ) = tr (cid:18) (cid:20) − − (cid:21) · (cid:20) (cid:21)(cid:19) = 112 · tr (cid:20) − (cid:21) = 13 and after that, the qubit’s state will change to |−(cid:105)(cid:104)−| : M ρM /p = 12 (cid:20) − − (cid:21) · (cid:20) (cid:21) · (cid:20) − − (cid:21) ÷
13 = 12 (cid:20) − − (cid:21) = |−(cid:105)(cid:104)−| . Similarly, the probability of outcome “ ” is p = , and then the state changes to | + (cid:105)(cid:104) + | .We use variables p, q, r, ... to denote quantum systems. Operations in quantum computing are often performed on acomposite system consisting of multiple qubits. To indicate which system a state describes or an operation acts on, we usesubscripts; for example, H p is the state space of system p , | (cid:105) p is the pure state | (cid:105) of the system p and | (cid:105) q (cid:104) | is thedensity matrix of the system q . The composite system is described by the tensor product of its subsystems; for example, acomposite system pq with p, q being single qubit systems has the state space H p ⊗ H q , and | (cid:105) p ⊗ | (cid:105) q = (cid:20) (cid:21) p ⊗ (cid:20) (cid:21) q = pq (or, | (cid:105) p | (cid:105) q for short) is a pure state in which subsystem p is in state | (cid:105) and subsystem q is in state | (cid:105) . Due to thesuperposition principle, there exist states like | Φ (cid:105) pq = 1 √ | (cid:105) p | (cid:105) q + | (cid:105) p | (cid:105) q ) = 1 √ pq (11)17hat cannot be written in the simple tensor form | φ (cid:105) p | ψ (cid:105) q , which are called entangled states . These states play a crucialrole in applications of quantum computation and quantum communication.The state of a composite system fully determines the state of each subsystem. Formally, given composite system pq instate ρ , subsystem q is then in state tr p ( ρ ) , where the partial trace tr p ( · ) over p is a mapping from operators on H p ⊗ H q to operators on H q defined by: tr p ( | φ p (cid:105) p (cid:104) ψ p | ⊗ | φ q (cid:105) q (cid:104) ψ q | ) = (cid:104) ψ p | φ p (cid:105) · · · | φ q (cid:105) q (cid:104) ψ q | for all | φ p (cid:105) , | ψ p (cid:105) ∈ H p and | φ q (cid:105) , | ψ q (cid:105) ∈ H q together with linearity. The state tr q ( ρ ) of subsystem q can be definedsymmetrically. We often use the notations ρ | p (cid:44) tr p ( ρ ) and ρ | q (cid:44) tr q ( ρ ) in order to explicitly indicate that ρ | p and ρ | q are states of p, q , respectively. For example, if the composite system pq is in state | Φ (cid:105) pq defined in Eqn. 11 or equivalentlyrepresented by density operator Φ pq Φ pq = | Φ (cid:105) pq (cid:104) Φ | = 12 ( | (cid:105) p (cid:104) |⊗| (cid:105) q (cid:104) | + | (cid:105) p (cid:104) |⊗| (cid:105) q (cid:104) | + | (cid:105) p (cid:104) |⊗| (cid:105) q (cid:104) | + | (cid:105) p (cid:104) |⊗| (cid:105) q (cid:104) | ) = 12 pq (12)then the partial traces Φ pq | q = tr p ( | Φ (cid:105) pq (cid:104) Φ | ) = ( | (cid:105) q (cid:104) | + | (cid:105) q (cid:104) | ) and Φ pq | p = tr q ( | Φ (cid:105) pq (cid:104) Φ | ) = ( | (cid:105) p (cid:104) | + | (cid:105) p (cid:104) | ) describe states of q and p , respectively. Summary of Notations.
Let V be the set of all quantum variables. A quantum register is a list of distinct variables q = q , . . . , q n . Each quantum variable q has a type H q , which is the state Hilbert space of quantum system denoted by q .For a set of quantum variables S = { q , . . . , q n } ⊆ V (or a quantum register q = q , . . . , q n ), we fix following notations: • H S = (cid:78) ni =1 H q i : the Hilbert space of S . • dim( S ) : the dimension of H S . • D ( S ) : the set of all mixed quantum states (i.e. density matrices) of S . In particular, for any ρ ∈ D ( S ) , its domain isdefined as dom ( ρ ) (cid:44) S ; we write D (cid:44) (cid:83) S ⊆ V D ( S ) for the set of all states. • P ( S ) : the set of projections on H S . In particular, for any P ∈ P ( S ) , its domain is defined as free ( P ) (cid:44) S . Sincethere is a one-to-one correspondence between projections and closed subspaces, we sometimes called closed subspacesof H S projections. We write P (cid:44) (cid:83) S ⊆ V P ( S ) for the set of all projections. • ρ | S (cid:44) tr dom ( ρ ) \ S ( ρ ) : the restriction of state ρ on S , defined as a reduced density operator over S ∩ dom ( ρ ) . Permutations of variables are frequently used in quantum computing, e.g., in qubit allocation [53]. We use
Perm ( q (cid:55)→ q (cid:48) ) to denote the operator that permutes a list q := q , q , · · · , q n of quantum variables to q (cid:48) = q i , q i , · · · , q i n . For example,if q and q are two different variables with same type and {| i (cid:105)} is an arbitrary orthonormal basis of H q (and H q ), thenthe swap gate SWAP[ q , q ] (cid:44) (cid:80) i,j | i (cid:105) q (cid:104) j | ⊗ | j (cid:105) q (cid:104) i | is the simplest permutation from q = q , q to q (cid:48) = q , q , that is,for any m, n : SWAP[ q , q ]( | m (cid:105) q | n (cid:105) q ) = (cid:88) i,j | i (cid:105) q (cid:104) j | ⊗ | j (cid:105) q (cid:104) i | ( | m (cid:105) q | n (cid:105) q ) = | n (cid:105) q | m (cid:105) q . Indeed, any permutation can be decomposed into a sequence of swap gates.
Meet and Join of Projections : There is a one-to-one correspondence between the closed subspaces of a Hilbert spaceand projections in it, and moreover, the inclusion between closed subspaces is coincident with the L¨owner order betweentheir projections. So, we do not distinguish a closed subspace from the projection onto it. Furthermore, let ⊥ stands for theorthocomplement, and for any P, Q ∈ P ( S ) , we define the meet (cid:117) and join (cid:116) : P (cid:117) Q = P ∩ Q, P (cid:116) Q = span( P ∪ Q ) where T stands for the closure of T and span( T ) for the subspace spanned by T . It is well-known that ( P ( S ) , (cid:117) , (cid:116) , ⊥ ) isan orthomodular lattice (or quantum logic) [54], [55], with inclusion ⊆ as its order. Appendix B.BI and its quantum interpretation, Deferred Proofs for Section 3
B.1. Hilbert-style rules for BI.
Hilbert-style rules for BI is shown in Fig. 5. 18 . φ (cid:96) φ . φ (cid:96) (cid:62) . ⊥ (cid:96) φ . µ (cid:96) φ µ (cid:96) ψµ (cid:96) φ ∧ ψ . φ (cid:96) ψ ∧ ψ φ (cid:96) ψ i . φ (cid:96) ψµ ∧ φ (cid:96) ψ . µ (cid:96) ψ φ (cid:96) ψµ ∨ φ (cid:96) ψ . φ (cid:96) ψ i φ (cid:96) ψ ∨ ψ . µ (cid:96) φ → ψ µ (cid:96) φµ (cid:96) ψ . µ ∧ φ (cid:96) ψµ (cid:96) φ → ψ . ξ (cid:96) φ µ (cid:96) ψξ ∗ µ (cid:96) φ ∗ ψ . µ ∗ φ (cid:96) ψµ (cid:96) φ −∗ ψ . ξ (cid:96) φ −∗ ψ µ (cid:96) φξ ∗ µ (cid:96) ψ . φ ∗ ψ (cid:96) ψ ∗ φ . ( φ ∗ ψ ) ∗ ξ (cid:96) φ ∗ ( ψ ∗ ξ ) 16 . φ ∗ (cid:62) (cid:97)(cid:96) φ Figure 5: Hilbert-style rules for BI [2], [11]. i = 1 or for rules 5 and 8. B.2. Proposition B.1
Proposition B.1 (Properties of Partial Trace) . ∀ S , S ⊆ V and ρ ∈ D : ( ρ | S ) (cid:12)(cid:12) S = ( ρ | S ) (cid:12)(cid:12) S = ρ | S ∩ S ;2) ∀ S ⊆ V , ρ , ρ ∈ D with dom ( ρ ) ∩ dom ( ρ ) = ∅ : ( ρ ⊗ ρ ) | S = ρ | S ⊗ ρ | S . Proof.
Trivial.
B.3. Proof of Proposition 3.1
Proposition B.2. ( D , ◦ , (cid:22) , forms a BI frame, where scalar number is understood as a state over the empty register.Proof. It is straightforward to check all the properties defined in Definition 2.4. • (Unit Existence): for all ρ ∈ D , note that scalar is of domain ∅ , so ρ ◦ ρ ⊗ ρ , and ◦ ρ = 1 ⊗ ρ = ρ . • (Commutativity): for all ρ, σ ∈ D , if their domains are overlap, i.e., dom ( ρ ) ∩ dom ( σ ) (cid:54) = ∅ , then neither ρ ◦ σ nor σ ◦ ρ is defined; if their domains are disjoint, i.e., dom ( ρ ) ∩ dom ( σ ) = ∅ , then ρ ◦ σ = σ ◦ ρ since both of them denote thetensor product state over system dom ( ρ ) ∪ dom ( σ ) with reduced state ρ over subsystem dom ( ρ ) and σ over subsystem dom ( σ ) . • (Associativity): for all ρ, σ, δ ∈ D , if their domains are pairwise disjoint, then ρ ◦ ( σ ◦ δ ) = ( σ ◦ ρ ) ◦ δ since standardtensor product are associative; otherwise, neither ρ ◦ ( σ ◦ δ ) nor ( σ ◦ ρ ) ◦ δ is defined. • (Compatible with (cid:22) ): it follows from the property of partial trace. Formally, for any ρ (cid:22) ρ (cid:48) and ρ (cid:22) ρ (cid:48) and both ρ ◦ ρ and ρ (cid:48) ◦ ρ (cid:48) are defined, then we know: – dom ( ρ ) ⊆ dom ( ρ (cid:48) ) , dom ( ρ ) ⊆ dom ( ρ (cid:48) ) , dom ( ρ (cid:48) ) ∩ dom ( ρ (cid:48) ) = ∅ ;let us use notations: S (cid:44) dom ( ρ ) , S (cid:48) (cid:44) dom ( ρ (cid:48) ) \ S , S (cid:44) dom ( ρ ) , S (cid:48) (cid:44) dom ( ρ (cid:48) ) \ S ; – ρ = tr dom ( ρ (cid:48) ) \ dom ( ρ ) ( ρ (cid:48) ) = tr S (cid:48) ( ρ (cid:48) ) and ρ = tr dom ( ρ (cid:48) ) \ dom ( ρ ) ( ρ (cid:48) ) = tr S (cid:48) ( ρ (cid:48) ) ;Rewrite ρ (cid:48) and ρ (cid:48) in the explicit forms: ρ (cid:48) = (cid:88) ii (cid:48) jj (cid:48) λ ii (cid:48) jj (cid:48) | i (cid:105) S (cid:104) i (cid:48) | ⊗ | j (cid:105) S (cid:48) (cid:104) j (cid:48) | , ρ (cid:48) = (cid:88) mm (cid:48) nn (cid:48) γ mm (cid:48) nn (cid:48) | m (cid:105) S (cid:104) m (cid:48) | ⊗ | n (cid:105) S (cid:48) (cid:104) n (cid:48) | where {| i (cid:105)} , {| j (cid:105)} , {| m (cid:105)} , {| n (cid:105)} are orthonormal basis of system S , S (cid:48) , S and S (cid:48) respectively, and λ ii (cid:48) jj (cid:48) , γ mm (cid:48) nn (cid:48) are complex numbers. By the definition of partial trace, we have: ρ = tr S (cid:48) ( ρ (cid:48) ) = tr S (cid:48) (cid:88) ii (cid:48) jj (cid:48) λ ii (cid:48) jj (cid:48) | i (cid:105) S (cid:104) i (cid:48) | ⊗ | j (cid:105) S (cid:48) (cid:104) j (cid:48) | = (cid:88) ii (cid:48) jj (cid:48) λ ii (cid:48) jj (cid:48) | i (cid:105) S (cid:104) i (cid:48) | · (cid:104) j (cid:48) | j (cid:105) = (cid:88) ii (cid:48) j λ ii (cid:48) jj | i (cid:105) S (cid:104) i (cid:48) | ρ = tr S (cid:48) ( ρ (cid:48) ) = tr S (cid:48) (cid:32) (cid:88) mm (cid:48) nn (cid:48) γ mm (cid:48) nn (cid:48) | m (cid:105) S (cid:104) m (cid:48) | ⊗ | n (cid:105) S (cid:48) (cid:104) n (cid:48) | (cid:33) = (cid:88) mm (cid:48) n γ mm (cid:48) nn | m (cid:105) S (cid:104) m (cid:48) | and we can calculate tr S (cid:48) ∪ S (cid:48) ( ρ (cid:48) ◦ ρ (cid:48) ) directly: tr S (cid:48) ∪ S (cid:48) ( ρ (cid:48) ◦ ρ (cid:48) ) = tr S (cid:48) ∪ S (cid:48) (cid:88) ii (cid:48) jj (cid:48) λ ii (cid:48) jj (cid:48) | i (cid:105) S (cid:104) i (cid:48) | ⊗ | j (cid:105) S (cid:48) (cid:104) j (cid:48) | ⊗ (cid:88) mm (cid:48) nn (cid:48) γ mm (cid:48) nn (cid:48) | m (cid:105) S (cid:104) m (cid:48) | ⊗ | n (cid:105) S (cid:48) (cid:104) n (cid:48) | = (cid:88) ii (cid:48) jj (cid:48) (cid:88) mm (cid:48) nn (cid:48) λ ii (cid:48) jj (cid:48) γ mm (cid:48) nn (cid:48) | i (cid:105) S (cid:104) i (cid:48) | ⊗ | m (cid:105) S (cid:104) m (cid:48) | · ( (cid:104) j (cid:48) | j (cid:105)(cid:104) n (cid:48) | n (cid:105) ) (cid:88) ii (cid:48) j (cid:88) mm (cid:48) n λ ii (cid:48) jj γ mm (cid:48) nn | i (cid:105) S (cid:104) i (cid:48) | ⊗ | m (cid:105) S (cid:104) m (cid:48) | = ρ ⊗ ρ = ρ ◦ ρ which leads to ρ ◦ ρ (cid:22) ρ (cid:48) ◦ ρ (cid:48) . B.4. Proposition B.3
Proposition B.3 (Monotonicity and restriction of atomic proposition) . For any p ∈ AP (atomic propositions defined in Sec.3.2) and ρ, σ ∈ D such that ρ (cid:22) σ and free ( p ) ⊆ dom ( ρ ) , ρ | = p if and only if σ | = p .Proof. Trivial by the definition and interpretation of atomic propositions defined in Sec. 3.2.
B.5. Proof of Proposition 3.2
Proposition B.4 (Proposition 3.2, Extended Version) .
1) For all S ⊆ V and identity operator I S over H S , | = D [ S ] ↔ I S .
2) For all
P, Q ∈ P with same domain, | = P → Q if and only if P (cid:118) Q ;3) For all P, Q ∈ P with disjoint domains, then | = P ∧ Q ↔ ( P ⊗ Q ) ;4) If S ⊆ S , then | = U [ S ] → U [ S ] .5) If S , S are disjoint, then: | = ( U [ S ] ∗ U [ S ]) ↔ U [ S ∪ S ] .6) For all P ∈ P , S ⊆ free ( P ) and S ∩ free ( P ) = ∅ , if | = P → U [ S ] , then | = ( P ∧ U [ S ]) → U [ S ∪ S ] .Proof. • By definition, (cid:74) D [ S ] (cid:75) (cid:44) { ρ ∈ D : S ⊆ dom ( ρ ) } . On the other hand, free ( I S ) = S and for any ρ with dom ( ρ ) ⊇ S , supp( ρ | S ) ⊆ I S , so (cid:74) I S (cid:75) = { ρ ∈ D : S ⊆ dom ( ρ ) } . Therefore, | = D [ S ] ↔ I S . • Suppose free ( P ) = free ( Q ) = S . Then we have: | = P → Q iff ∀ ρ ∈ D ( S ) , ρ | = P implies ρ | = Q iff ∀ ρ ∈ D ( S ) , supp( ρ ) ⊆ P implies supp( ρ ) ⊆ Q (regarded as subspaces) iff subspaces P and Q have inclusion relation P ⊆ Q iff P (cid:118) Q (regarded as projections). • Suppose ρ | = P ⊗ Q , then dom ( ρ ) ⊇ free ( P ) ∪ free ( Q ) and supp( ρ | free ( P ) ∪ free ( Q ) ) ⊆ P ⊗ Q . Note that free ( P ) ∩ free ( Q ) = ∅ , so supp( ρ | free ( P ) ) ⊆ P and supp( ρ | free ( Q ) ) ⊆ Q ; that is, ρ | free ( P ) | = P and ρ | free ( Q ) | = Q , and thus ρ | = P ∧ Q .Suppose ρ | = P ∧ Q , then ρ | free ( P ) | = P and ρ | free ( Q ) | = Q . As free ( P ) ∩ free ( Q ) = ∅ , supp( ρ | free ( P ) ∪ free ( Q ) ) ⊆ P ⊗ Q ,or equivalently, ρ | = P ⊗ Q . • For any ρ | = U [ S ] , we must have: dom ( ρ ) ⊇ S ⊇ S , and ρ | S = I S dim( S ) . Take the partial trace over S , we obtain ρ | S = I S dim( S ) and thus ρ | = U [ S ] . • For any ρ | = ( U [ S ] ∗ U [ S ]) , dom ( ρ ) ⊇ S ∪ S and by Proposition B.3, ρ | S ∪ S | = ( U [ S ] ∗ U [ S ]) . Therefore, ρ | S | = U [ S ] and ρ | S | = U [ S ] and ρ | S ∪ S = ρ | S ⊗ ρ | S , and thus ρ | S ∪ S = I S dim( S ) ⊗ I S dim( S ) = I S ∪ S dim( S ∪ S ) which leads to ρ | = U [ S ∪ S ] .If ρ | = U [ S , S ] , then ρ | S ∪ S = I S ∪ S dim( S ∪ S ) = I S dim( S ) ⊗ I S dim( S ) | = U [ S ] ∗ U [ S ] and so ρ | = U [ S ] ∗ U [ S ] . • Suppose | = P → U [ S ] . Assume {| e i (cid:105)} is an orthonormal basis of P , {| k (cid:105)} an orthonormal basis of H free ( P ) \ S . First,it is trivial to realize for any i , | e i (cid:105)(cid:104) e i | | = P , so it must satisfy U [ S ] , that is, | e i (cid:105)(cid:104) e i || S = (cid:88) k (cid:104) k | e i (cid:105)(cid:104) e i | k (cid:105) = I S dim( S ) . Next, for any i (cid:54) = i (cid:48) , choose two states √ ( | e i (cid:105) + | e i (cid:48) (cid:105) ) and √ ( | e i (cid:105) + i | e i (cid:48) (cid:105) ) which also satisfy P and so U [ S ] , then (cid:88) k (cid:104) k | e i (cid:105)(cid:104) e i (cid:48) | k (cid:105) + 12 (cid:88) k (cid:104) k | e i (cid:48) (cid:105)(cid:104) e i | k (cid:105) = 0 i (cid:88) k (cid:104) k | e i (cid:105)(cid:104) e i (cid:48) | k (cid:105) + i (cid:88) k (cid:104) k | e i (cid:48) (cid:105)(cid:104) e i | k (cid:105) = 0 which lead to (cid:80) k (cid:104) k | e i (cid:105)(cid:104) e i (cid:48) | k (cid:105) = 0 . Now, for any ρ ∈ D ( free ( P ) ∪ S ) that satisfy P ∧ U [ S ] , it can be written in theform ρ = (cid:88) m (cid:32)(cid:88) i | e i (cid:105)| h im (cid:105) (cid:33) (cid:32)(cid:88) i (cid:48) (cid:104) e i (cid:48) |(cid:104) h i (cid:48) m | (cid:33) = (cid:88) ii (cid:48) m | e i (cid:105)(cid:104) e i (cid:48) | ⊗ | h im (cid:105)(cid:104) h i (cid:48) m | where the states | h im (cid:105) may not be unit vectors. By restriction, its reduced state ρ | S = (cid:80) im | h im (cid:105)(cid:104) h im | | = U [ S ] . Weobserve that: ρ | S ∪ S = (cid:88) k (cid:104) k | ρ | k (cid:105) = (cid:88) kii (cid:48) m (cid:104) k | e i (cid:105)(cid:104) e i (cid:48) | k (cid:105) ⊗ | h im (cid:105)(cid:104) h i (cid:48) m | = (cid:88) kim (cid:104) k | e i (cid:105)(cid:104) e i | k (cid:105) ⊗ | h im (cid:105)(cid:104) h im | = I S dim( S ) ⊗ (cid:88) im | h im (cid:105)(cid:104) h im | , and thus, ρ | S ∪ S | = U [ S ] ∗ U [ S ] . By , we know that ρ | S ∪ S | = U [ S ∪ S ] . Finally, by monotonicity andrestriction, this conclusion holds for all ρ ∈ D and thus finishes the proof. B.6. Nonexistence of Extension
As is well-known, the frame rule plays an essential role in separation logic, and in turn it heavily relies on the restrictionproperty that satisfaction only depends on the free variables appearing in a BI formula φ . The restriction property and framerule were successfully generalised into probabilistic separation logic in [9]. Essentially, the validity of the restriction propertyin the probabilistic setting can be attributed to a fundamental fact in probabilistic theory – existence of extension: for anythree random variables x, y, z , if joint distributions µ xy and µ yz coincide on y , then there exists a joint distribution µ xyz with µ xy and µ yz as its marginals. Unfortunately, existence of extension is not true for quantum systems as shown in thefollowing: Example B.1 (Non-existence of Extension) . Consider three qubits q , q , q and states ρ ∈ D ( q q ) , ρ ∈ D ( q q ) : ρ = . . , ρ = .
25 0 . . − . .
25 0 . − .
25 0 . . It is easy to see that tr q ( ρ ) = tr q ( ρ ) . But by SDP (Semi-definite Programming), we can prove that there is no ρ ∈ D ( q q q ) such that tr q ( ρ ) = ρ and tr q ( ρ ) = ρ . This shows that existence of extension does not holdeven for separable states ρ and/or ρ . B.7. Failure of the Restriction Property
As a consequence, the restriction property: ρ | = φ ⇒ ρ | free ( φ ) | = φ where free ( φ ) stands for the free variables occurringin φ , does not hold, even for the ordinary implication φ = φ → φ (see Definition 2.5 for its semantics). Example B.2 (Failure of the Restriction Property) . Consider three qubits q , q , q and maximally entanglement (Bell states) | Ψ ± ij (cid:105) = √ ( | (cid:105) q i | (cid:105) q j ± | (cid:105) q i | (cid:105) q j ) between q i and q j for ≤ i (cid:54) = j ≤ . Their density matrices are Ψ ± ij = | Ψ ± ij (cid:105)(cid:104) Ψ ± ij | . Set ρ = Ψ +12 ∈ D ( q , q ) . Let φ = Ψ +23 ∈ P ( q , q ) , φ = Ψ − ∈ P ( q , q ) . Then: • ρ | = φ → φ is valid because there does not exist ρ (cid:48) (cid:23) ρ such that ρ (cid:48) | = φ ; that is, no extension of Ψ +12 and Ψ +23 exists. • It is easy to see that ρ | free ( φ → φ ) = I q ∈ D ( q ) . Choose ρ (cid:48)(cid:48) = Ψ +23 ∈ D ( q , q ) . It holds that ρ (cid:48)(cid:48) (cid:23) ρ | free ( φ → φ ) .Note that ρ (cid:48)(cid:48) | = φ , but ρ (cid:48)(cid:48) | = φ is not true. Therefore, ρ | free ( φ → φ ) (cid:54)| = φ → φ . Problem in Program logic without Restriction
The following example shows that, without the domain assumption andrestriction property, local reasoning is not sound in program logic.21 roblem B.1.
For classical assignment rule { φ [ e/x ] } x := e { φ } , if φ do not contain free variable x , then { φ } x := e { φ } .However, such simple rule doesn’t hold for quantum case.Here is a simple example. Consider a three qubits system q , q , q , and let | Φ ± (cid:105) = | (cid:105) ± | (cid:105) , Φ ± = | Φ ± (cid:105)(cid:104) Φ ± | .Now, the state Φ +12 indeed satisfies the formula Φ +23 → Φ − because for any ρ (cid:23) Φ +12 , ρ (cid:54)| = Φ +23 . However, if we do aninitialization on q , which is disjoint of the domain of Φ +23 → Φ − (its domain is { q , q } ). Now the state Φ +12 is changedto | (cid:105) (cid:104) | ⊗ I , which violate Φ +23 → Φ − ( | (cid:105) (cid:104) | ⊗ Φ +23 (cid:23) | (cid:105) (cid:104) | ⊗ I , | (cid:105) (cid:104) | ⊗ Φ +23 | = Φ +23 but | (cid:105) (cid:104) | ⊗ Φ +23 (cid:54)| = Φ − )! B.8. Proof of Proposition 3.3
Proposition B.5.
Any formula φ ∈ Res is restrictive, i.e., for any ρ | = φ , ρ | free ( φ ) | = φ .Proof. It is straightforward to prove it by induction on the structure of φ . • φ ≡ p ∈ AP . By Proposition B.3. • φ ≡ (cid:62) or ⊥ . Trivial. • φ ≡ φ ∧ ( ∨ ) φ . If ρ | = φ ∧ ( ∨ ) φ , then ρ | = φ and(or) ρ | = φ , by induction hypotheses, we know ρ | free ( φ ) | = φ and(or) ρ | free ( φ ) | = φ and by monotonicity, ρ | free ( φ ∧ ( ∨ ) φ ) | = φ and(or) ρ | free ( φ ∧ ( ∨ ) φ ) | = φ , and thus, ρ | free ( φ ∧ ( ∨ ) φ ) | = φ ∧ ( ∨ ) φ . • φ ≡ φ ∗ φ . If ρ | = φ ∗ φ , then there exist ρ and ρ such that ρ (cid:23) ρ ⊗ ρ and ρ | = φ , ρ | = φ . By Proposition3.3 and a careful treatment of variable sets, we know that ρ | free ( φ ∗ φ ) = ρ | free ( φ ) ⊗ ρ | free ( φ ) , and by inductionhypotheses, ρ | free ( φ ) | = φ and ρ | free ( φ ) | = φ , thus ρ | free ( φ ∗ φ ) | = φ ∗ φ . B.9. Proposition B.6
Proposition B.6.
For any φ ∈ Res and ρ, σ ∈ D such that ρ (cid:22) σ and free ( φ ) ⊆ dom ( ρ ) , ρ | = φ if and only if σ | = φ .Proof. By monotonicity and Proposition 3.3.
B.10. Proof of Proposition 3.4
Proposition B.7.
Let C be unitary transformation q := U [ q ] or initialisation q := | (cid:105) , and φ be any BI formula. If itsmodification φ [ C ] is defined, then:1) φ and φ [ C ] have the same domain: free ( φ ) = free ( φ [ C ]) ;2) for all ρ ∈ D ( free ( φ ) ∪ var ( C )) , if ρ | = φ [ C ] , then (cid:74) C (cid:75) ( ρ ) | = φ .Proof. (1). Induction on the structure of φ .(2). We will introduce following lemmas which can be realized easily, and set variable set V = D ( free ( φ ) ∪ var ( C )) . Lemma B.1.
For any ρ ∈ D ( V ) and terminating program C , for any variable set S ⊆ V :1) if S ∩ var ( C ) = ∅ , then ρ | S = (cid:74) C (cid:75) ( ρ ) | S ;2) if S ⊇ var ( C ) , then (cid:74) C (cid:75) ( ρ | S ) = (cid:74) C (cid:75) ( ρ ) | S . Lemma B.2.
For any command C ≡ q := U [ q ] or q := | (cid:105) , and for any ρ , ρ ∈ D with disjoint domains and var ( C ) ⊆ dom ( ρ ) : (cid:74) C (cid:75) ( ρ ) ⊗ ρ = (cid:74) C (cid:75) ( ρ ⊗ ρ ) Lemma B.3.
For any ρ ∈ D ( V ) and any command C ≡ q := | (cid:105) and two disjoint sets S , S ⊆ V , (cid:74) C (cid:75) ( ρ ) (cid:23) (cid:74) C (cid:75) ( ρ ) | S ⊗ (cid:74) C (cid:75) ( ρ ) | S if and only if ρ (cid:23) ρ | S \ q ⊗ ρ | S \ q . Lemma B.4.
For any ρ ∈ D ( V ) and any command C ≡ q := U [ q ] and two disjoint sets S , S ⊆ V such that q ⊆ S or q ⊆ S or q ∩ ( S ∪ S ) = ∅ , (cid:74) C (cid:75) ( ρ ) (cid:23) (cid:74) C (cid:75) ( ρ ) | S ⊗ (cid:74) C (cid:75) ( ρ ) | S if and only if ρ (cid:23) ρ | S ⊗ ρ | S . Lemma B.5. ρ | = φ ∗ φ iff free ( φ ) ∩ free ( φ ) = ∅ , ρ | = φ , ρ | = φ and ρ (cid:23) ρ | free ( φ ) ⊗ ρ | free ( φ ) . Now we start to prove (2) by following two statements:
Statement 1:
For any ρ ∈ D ( V ) , if ρ | = φ [ q := | (cid:105) ] , then (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ .1) φ ≡ D [ S ] . By definition, D [ S ][ q := | (cid:105) ] = D [ S ] . If ρ | = D [ S ] , then dom ( ρ ) ⊇ S . Trivially, dom ( (cid:74) q := | (cid:105) (cid:75) ( ρ )) = dom ( ρ ) ⊇ S , so (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = D [ S ] .2) φ ≡ P ∈ P . There are two cases: 22ase 1: q ∈ free ( P ) , P [ q := | (cid:105) ] = I q ∧ (cid:100) P (cid:101) q . First observe that for any ρ ∈ D ( V ) , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( P ) = (cid:2) ( E q := | (cid:105) ⊗ I V \ var ( q := | (cid:105) ) )( ρ ) (cid:3)(cid:12)(cid:12) free ( P ) = ( E q := | (cid:105) ⊗ I free ( P ) \ q ) )( ρ | free ( P ) )= (cid:88) n ( | (cid:105) q (cid:104) n | ⊗ I free ( P ) \ q ) ) (cid:16) ρ | free ( P ) (cid:17) ( | n (cid:105) q (cid:104) | ⊗ I free ( P ) \ q ) )= | (cid:105) q (cid:104) | ⊗ ρ | free ( P ) \ q . If ρ | = P [ q := | (cid:105) ] , then ρ | free ( P ) | = I q ∧ (cid:100) P (cid:101) q , so supp( ρ | free ( P ) \ q ) ⊆ (cid:100) P (cid:101) q and supp( | (cid:105) q (cid:104) | ⊗ ρ | free ( P ) \ q ) ⊆ P bydefinition of (cid:100) P (cid:101) q , which implies (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( P ) | = P and thus (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = P as desired.Case 2: q / ∈ free ( P ) , P [ q := | (cid:105) ] = P . For any ρ ∈ D ( V ) , note that (cid:74) q := | (cid:105) (cid:75) is trace preserving and only applies on q , so free ( P ) ∩ var ( q := | (cid:105) ) = ∅ and therefore, ρ | free ( P ) = (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( P ) . Thus, ρ | = P [ q := | (cid:105) ] iff ρ | free ( P ) | = P iff (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( P ) | = P iff (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = P .3) φ ≡ U [ S ] . The only case U [ S ][ q := | (cid:105) ] being defined is that q / ∈ S and U [ S ][ q := | (cid:105) ] = U [ S ] . For any ρ ∈D ( V ) , since S ∩ var ( q := | (cid:105) ) = ∅ , so ρ | S = (cid:74) q := | (cid:105) (cid:75) ( ρ ) | S . Therefore, ρ | = U [ S ][ q := | (cid:105) ] iff ρ | S | = U [ S ] iff (cid:74) q := | (cid:105) (cid:75) ( ρ ) | S | = U [ S ] iff (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = U [ S ] .4) φ ≡ (cid:62) or ⊥ . Trivial.5) φ ≡ φ ∧ ( ∨ ) φ . For any ρ ∈ D ( V ) , first by induction hypothesis, ρ | = φ i [ q := | (cid:105) ] ⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ i for i = 1 , .Thus, ρ | = φ [ q := | (cid:105) ] ≡ φ [ q := | (cid:105) ] ∧ ( ∨ ) φ [ q := | (cid:105) ]= ⇒ ρ | = φ [ q := | (cid:105) ] and(or) ρ | = φ [ q := | (cid:105) ]= ⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ and(or) (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ = ⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ ∧ ( ∨ ) φ . φ ≡ φ ∗ φ . For any ρ ∈ D ( V ) , first by induction hypothesis, ρ | = φ i [ q := | (cid:105) ] ⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ i for i = 1 , . · Case 1: q / ∈ free ( φ ) ∪ free ( φ ) , and φ [ q := | (cid:105) ] ≡ φ [ q := | (cid:105) ] ∗ φ [ q := | (cid:105) ] . So, ρ | free ( φ ) ∪ free ( φ ) = (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ∪ free ( φ ) , then using induction hypothesis and Proposition 3.3 we have: ρ | = φ [ q := | (cid:105) ] ∗ φ [ q := | (cid:105) ]= ⇒ free ( φ [ q := | (cid:105) ]) ∩ free ( φ [ q := | (cid:105) ]) = ∅ , ρ | = φ [ q := | (cid:105) ] , ρ | = φ [ q := | (cid:105) ] and ρ (cid:23) ρ | free ( φ ) ⊗ ρ | free ( φ ) = ⇒ free ( φ ) ∩ free ( φ ) = ∅ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ and (cid:74) q := | (cid:105) (cid:75) ( ρ ) (cid:23) (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ⊗ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) = ⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ ∗ φ . · Case 2: q ∈ free ( φ ) and q / ∈ free ( φ ) , and φ [ q := | (cid:105) ] ≡ ( φ [ q := | (cid:105) ] ∧ φ [ q := | (cid:105) ]) ∧ ( D ( free ( φ ) \ q ) ∗ D ( free ( φ )) . Following by Lemma B.3, we have : ρ | = ( φ [ q := | (cid:105) ] ∧ φ [ q := | (cid:105) ]) ∧ ( D ( free ( φ ) \ q ) ∗ D ( free ( φ ))= ⇒ ( free ( φ ) \ q ) ∩ free ( φ ) = ∅ , ρ | = φ [ q := | (cid:105) ] , ρ | = φ [ q := | (cid:105) ] and ρ (cid:23) ρ | free ( φ ) \ q ⊗ ρ | free ( φ ) = ⇒ free ( φ ) ∩ free ( φ ) = ∅ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ and (cid:74) q := | (cid:105) (cid:75) ( ρ ) (cid:23) (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ⊗ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) = ⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ ∗ φ . Statement 2:
For any ρ ∈ D ( V ) , if ρ | = φ [ q := U [ q ]] , then (cid:74) q := U [ q ] (cid:75) ( ρ ) | = φ .1) φ ≡ D [ S ] . Similar to Statement 1 (1).2) φ ≡ P ∈ P . There are two cases:Case 1: q ⊆ free ( P ) , P [ q := U [ q ]] = ( U q † ⊗ I free ( P ) \ q ) P ( U q ⊗ I free ( P ) \ q ) . First observe that for any ρ ∈ D ( V ) , (cid:74) q := U [ q ] (cid:75) ( ρ ) | free ( P ) = (cid:2) ( E q := U [ q ] ⊗ I V \ var ( q := U [ q ]) )( ρ ) (cid:3)(cid:12)(cid:12) free ( P ) = ( E q := U [ q ] ⊗ I free ( P ) \ q ) )( ρ | free ( P ) ) ( U q ⊗ I free ( P ) \ q )( ρ | free ( P ) )( U q † ⊗ I free ( P ) \ q ) Therefore, we have ρ | = ( U q † ⊗ I free ( P ) \ q ) P ( U q ⊗ I free ( P ) \ q )= ⇒ ρ | free ( P ) | = ( U q † ⊗ I free ( P ) \ q ) P ( U q ⊗ I free ( P ) \ q )= ⇒ supp( ρ | free ( P ) ) ⊆ ( U q † ⊗ I free ( P ) \ q ) P ( U q ⊗ I free ( P ) \ q )= ⇒ supp (cid:0) ( U q ⊗ I free ( P ) \ q )( ρ | free ( P ) )( U q † ⊗ I free ( P ) \ q ) (cid:1) ⊆ P = ⇒ (cid:74) q := U [ q ] (cid:75) ( ρ ) | free ( P ) | = P = ⇒ (cid:74) q := U [ q ] (cid:75) ( ρ ) | = P Case 2: q ∩ free ( P ) = ∅ , P [ q := U [ q ]] = P . For any ρ ∈ D ( V ) , note that (cid:74) q := U [ q ] (cid:75) is trace preserving and var ( q := U [ q ]) = q , so free ( P ) ∩ var ( q := U [ q ]) = ∅ and therefore, ρ | free ( P ) = (cid:74) q := U [ q ] (cid:75) ( ρ ) | free ( P ) . Thus, ρ | = P [ q := U [ q ]] iff ρ | free ( P ) | = P iff (cid:74) q := U [ q ] (cid:75) ( ρ ) | free ( P ) | = P iff (cid:74) q := U [ q ] (cid:75) ( ρ ) | = P .3) φ ≡ U [ S ] . There are two cases:Case 1: q ⊆ S , U [ S ][ q := U [ q ]] = U [ S ] . Similar to above arguments, for any ρ ∈ D ( V ) , (cid:74) q := U [ q ] (cid:75) ( ρ ) | free ( P ) = ( U q ⊗ I free ( P ) \ q )( ρ | free ( P ) )( U q † ⊗ I free ( P ) \ q ) , and therefore, ρ | = U [ S ][ q := U [ q ]]= ⇒ ρ | S = I S dim( S )= ⇒ ( U q ⊗ I S \ q )( ρ | S )( U q † ⊗ I S \ q ) = I S dim( S )= ⇒ (cid:74) q := U [ q ] (cid:75) ( ρ ) | S | = U [ S ]= ⇒ (cid:74) q := U [ q ] (cid:75) ( ρ ) | = U [ S ] . Case 2: q ∩ S = ∅ . For any ρ ∈ D ( V ) , as S ∩ var ( q := U [ q ]) = ∅ , we have ρ | S = (cid:74) q := U [ q ] (cid:75) ( ρ ) | S , which leads to: ρ | = U [ S ][ q := U [ q ]] iff ρ | S | = U [ S ] iff (cid:74) q := U [ q ] (cid:75) ( ρ ) | S | = U [ S ] iff (cid:74) q := U [ q ] (cid:75) ( ρ ) | = U [ S ] .4) φ ≡ (cid:62) or ⊥ . Trivial.5) φ ≡ φ ∧ ( ∨ ) φ . Similar to Statement 1 (5).6) φ ≡ φ ∗ φ . Either q ⊆ free ( φ ) or q ⊆ free ( φ ) or q ∩ ( free ( φ ) ∪ free ( φ )) = ∅ . So according to Lemma B.4 andinduction hypothesis we have: ρ | = φ [ q := U [ q ]] ∗ φ [ q := U [ q ]]= ⇒ free ( φ [ q := U [ q ]]) ∩ free ( φ [ q := U [ q ]]) = ∅ , ρ | = φ [ q := U [ q ]] , ρ | = φ [ q := U [ q ]] and ρ (cid:23) ρ | free ( φ [ q := U [ q ]]) ⊗ ρ | free ( φ [ q := U [ q ]]) = ⇒ free ( φ ) ∩ free ( φ ) = ∅ , (cid:74) q := U [ q ] (cid:75) ( ρ ) | = φ , (cid:74) q := U [ q ] (cid:75) ( ρ ) | = φ and (cid:74) q := U [ q ] (cid:75) ( ρ ) (cid:23) (cid:74) q := U [ q ] (cid:75) ( ρ ) | free ( φ ) ⊗ (cid:74) q := U [ q ] (cid:75) ( ρ ) | free ( φ ) = ⇒ (cid:74) q := U [ q ] (cid:75) ( ρ ) | = φ ∗ φ . Appendix C.Separation Logic for Quantum Programs, Deferred Proofs for Section 4
C.1. Proof of Theorem 4.1
Theorem C.1 (Theorem 4.1) . For any two sets V and V (cid:48) containing all free variables of φ, ψ and C , V | = { φ } C { ψ } if and only if V (cid:48) | = { φ } C { ψ } . Proof.
Suppose V ⊆ V (cid:48) . 24Extension, ⇒ part): For any ρ ∈ D ( V (cid:48) ) , if ρ | = φ , then by Proposition B.6, ρ | V | = φ as free ( φ ) ⊆ V . Note that ρ | V ∈ D ( V ) , so by assumption, (cid:74) C (cid:75) ( ρ | V ) | = ψ . Observe that: (cid:74) C (cid:75) ( ρ | V ) = ( E C ⊗ I V \ var ( C ) )( ρ | V )= (cid:2) ( E C ⊗ I V \ var ( C ) ⊗ I V (cid:48) \ V )( ρ ) (cid:3)(cid:12)(cid:12) V = (cid:2) ( E C ⊗ I V (cid:48) \ var ( C ) )( ρ ) (cid:3)(cid:12)(cid:12) V = (cid:74) C (cid:75) ( ρ ) | V by using Proposition 2.1, therefore (cid:74) C (cid:75) ( ρ | V ) (cid:22) (cid:74) C (cid:75) ( ρ ) and (cid:74) C (cid:75) ( ρ ) | = ψ by Kripke monotonicity.(Restriction, ⇐ part): For any ρ ∈ D ( V ) , choose a ρ (cid:48) ∈ D ( V (cid:48) ) such that ρ (cid:22) ρ (cid:48) (so ρ = ρ (cid:48) | V ). If ρ | = φ , then ρ (cid:48) | = φ ,and by assumption, (cid:74) C (cid:75) ( ρ (cid:48) ) | = ψ . Observe that: (cid:74) C (cid:75) ( ρ ) = ( E C ⊗ I V \ var ( C ) )( ρ (cid:48) | V )= (cid:2) ( E C ⊗ I V \ var ( C ) ⊗ I V (cid:48) \ V )( ρ (cid:48) ) (cid:3)(cid:12)(cid:12) V = (cid:2) ( E C ⊗ I V (cid:48) \ var ( C ) )( ρ (cid:48) ) (cid:3)(cid:12)(cid:12) V = (cid:74) C (cid:75) ( ρ (cid:48) ) | V by using Proposition 2.1, therefore (cid:74) C (cid:75) ( ρ ) (cid:22) (cid:74) C (cid:75) ( ρ (cid:48) ) . As free ( ψ ) ⊆ V , and (cid:74) C (cid:75) ( ρ ) | = ψ by Proposition B.6. C.2. Proof of Proposition 4.1
Proposition C.1 (Proposition 4.1, Extended Version) . The formulas generated by following grammar are CM . φ, ψ ::= p ∈ AP | (cid:62) | ⊥ | φ ∧ ψ | φ ∈ SP | µ ∗ φ where µ ∈ SP .Proof. p ≡ D [ S ] . Trivial.2) p ≡ P ∈ P . Suppose ρ, ρ (cid:48) ∈ D with same domain and ρ | = P and ρ (cid:48) | = P , then supp (cid:16) ρ | free ( P ) (cid:17) ⊆ P, supp (cid:16) ρ (cid:48) | free ( P ) (cid:17) ⊆ P then for any λ ∈ [0 , , we have: supp (cid:16) ( λρ + (1 − λ ) ρ (cid:48) ) | free ( P ) (cid:17) = supp (cid:16) ( λρ ) | free ( P ) (cid:17) (cid:116) supp (cid:16) ((1 − λ ) ρ (cid:48) ) | free ( P ) (cid:17) ⊆ supp (cid:16) ρ | free ( P ) (cid:17) (cid:116) supp (cid:16) ρ (cid:48) | free ( P ) (cid:17) ⊆ P p ≡ U [ S ] . Suppose ρ, ρ (cid:48) ∈ D with same domain and ρ | = U [ S ] and ρ (cid:48) | = U [ S ] , then ρ | S = ρ (cid:48) | S = I S dim( S ) , and thus for any λ ∈ [0 , , we have: ( λρ + (1 − λ ) ρ (cid:48) ) | S = λ ρ | free ( S ) + (1 − λ ) ρ (cid:48) | free ( S ) = I S dim( S ) , and so, λρ + (1 − λ ) ρ (cid:48) | = U [ S ] .4) (cid:62) or ⊥ . Trivial.5) φ ∧ ψ . Suppose ρ, ρ (cid:48) ∈ D with same domain and ρ | = φ ∧ ψ and ρ (cid:48) | = φ ∧ ψ , then by induction hypothesis, for any λ ∈ [0 , , λρ + (1 − λ ) ρ (cid:48) | = φ, λρ + (1 − λ ) ρ (cid:48) | = ψ and thus, λρ + (1 − λ ) ρ (cid:48) | = φ ∧ ψ .6) φ ∈ SP . If (cid:74) φ (cid:75) = ∅ , then trivially φ ∈ CM . Otherwise, suppose σ is the least element of (cid:74) φ (cid:75) , and ρ, ρ (cid:48) ∈ D with samedomain and ρ | = φ and ρ (cid:48) | = φ , we must have: for any λ ∈ [0 , , ρ | free ( φ ) = ρ (cid:48) | free ( φ ) = σ ⇒ ( λρ + (1 − λ ) ρ (cid:48) ) | free ( φ ) = σ and so λρ + (1 − λ ) ρ (cid:48) | = φ . 25) µ ∗ φ . Suppose σ is the least element of (cid:74) φ (cid:75) , ρ, ρ (cid:48) ∈ D with same domain and ρ | = µ ∗ φ and ρ (cid:48) | = µ ∗ φ , then byinduction hypothesis and B.5, free ( µ ) ∩ free ( ψ ) = ∅ , for any λ ∈ [0 , , ρ | free ( µ ∗ φ ) = σ ⊗ ρ | free ( φ ) , ρ (cid:48) | free ( µ ∗ φ ) = σ ⊗ ρ (cid:48) | free ( φ ) , ρ | free ( φ ) , ρ (cid:48) | free ( φ ) | = φ ⇒ ( λρ + (1 − λ ) ρ (cid:48) ) | free ( µ ∗ φ ) = σ ⊗ (cid:16) λ ρ | free ( φ ) + (1 − λ ) ρ (cid:48) | free ( φ ) (cid:17) , λ ρ | free ( φ ) + (1 − λ ) ρ (cid:48) | free ( φ ) | = φ and thus, λρ + (1 − λ ) ρ (cid:48) | = µ ∗ φ . C.3. Proof of Proposition 4.2
Proposition C.2 (extended version) .
1) For all φ ∈ Res and S ⊆ V , | = φ ↔ G φ ∧ D [ S ] .2) For all φ, ψ , | = φ → ψ implies | = φ → G ψ .Proof.
1) By definition, it is sufficient to prove that for all ρ with dom ( ρ ) ⊇ free ( φ ) ∪ S , ρ | = φ if and only if ρ | = φ ∧ D [ S ] .This is trivial since ρ | = D [ S ] .2) Trivial by definition of global implication → G . C.4. Proof of Proposition C.3
Proposition C.3.
The formulas generated by following grammar are SP : φ, ψ ::= U [ S ] | p ∈ P of rank 1 | (cid:62) | ⊥ | φ ∗ ψ where P of rank 1 consists all rank 1 projections.Proof. U [ S ] . Trivially, I S dim( S ) is the least element of (cid:74) U [ S ] (cid:75) .2) P ∈ P of rank 1. Trivially, P itself (interpreted as a pure quantum state) is the least element of (cid:74) P (cid:75) .3) (cid:62) . Scalar number is the least element of (cid:74) (cid:62) (cid:75) .4) ⊥ . Trivial.5) φ ∗ ψ . Suppose σ φ and σ ψ are the least elements of (cid:74) φ (cid:75) and (cid:74) ψ (cid:75) respectively, then it is straightforward to show σ φ ⊗ σ ψ is the least element of φ ∗ ψ . C.5. Proposition C.4
Proposition C.4.
1) If φ [ E [ q ]] ↓ , free ( φ [ E [ q ]]) = free ( φ ) ;2) If φ [ E [ q ]] ↓ , then for any state ρ ∈ D ( free ( φ ) ⊇ q ) , E ( ρ ) | = φ if and only if ρ | = φ [ E [ q ]] .Proof. (1). Induction on the structure of φ .(2). We prove it by induction on the structure of φ .(a) φ ≡ (cid:62) or ⊥ . Trivial.(b) φ ≡ P ∈ P , there are two cases.Case 1. q ∩ free ( P ) = ∅ . For any ρ ∈ D ( q ∪ free ( P )) , ρ | free ( P ) = E ( ρ ) | free ( P ) and thus, E ( ρ ) | = φ if and only if ρ | = φ [ E [ q ]] since P [ E [ q ]] = P .Case 2. q ⊆ free ( P ) . For any ρ ∈ D ( free ( P )) , we observe: ρ | = P [ E [ q ]] ⇐⇒ ρ | = (cid:0)(cid:0) E ∗ q ⊗ I free ( P ) \ q (cid:1) ( P ⊥ ) (cid:1) ⊥ ⇐⇒ tr (cid:0) ρ (cid:0)(cid:0) E ∗ q ⊗ I free ( P ) \ q (cid:1) ( P ⊥ ) (cid:1)(cid:1) = 0 ⇐⇒ tr (cid:0)(cid:0) E q ⊗ I free ( P ) \ q (cid:1) ( ρ ) P ⊥ (cid:1) = 0 ⇐⇒ tr( E ( ρ ) P ) = 1 ⇐⇒ E ( ρ ) | = P. (c) φ ∧ ψ . By induction hypothesis, for any state ρ ∈ D ( free ( φ ∧ ψ ) ∪ q ) , E ( ρ ) | = φ ∧ ψ iff E ( ρ ) | = φ and E ( ρ ) | = ψ iff ρ | = φ [ E [ q ]] and ρ | = ψ [ E [ q ]] iff ρ | = φ [ E [ q ]] ∧ ψ [ E [ q ]] iff ρ | = ( φ ∧ ψ )[ E [ q ]] .(d) φ ∨ ψ . Similar to (c). 26 .6. Proof of Theorem 4.2 The global variable set is denoted by V , which contains all variables of programs and formulas. We first introducefollowing lemma for quantum measurement: Lemma C.1.
For any ρ ∈ D ( V ) and projective measurement M = { M m } , if ρ | = M qm , then performing the measurement M [ q ] will not change the state, and the outcome is m with certainty. As a consequence, for any if statement C ≡ if ( (cid:3) m · M [ q ] = m → C m ) fi , if the global state ρ | = M qm , then (cid:74) C (cid:75) ( ρ ) = (cid:74) C m (cid:75) ( ρ ) .Proof of Theorem 4.2. It is sufficient to show that each of the rules shown in Figure 2, 3 and 4 is sound.S
KIP { φ } skip { φ } I NIT φ [ q := | (cid:105) ] ↓{ φ [ q := | (cid:105) ] } q := | (cid:105){ φ } U NIT φ [ q := U [ q ]] ↓{ φ [ q := U [ q ]] } q := U [ q ] { φ } P ERM { φ [ q (cid:48) (cid:55)→ q ] } q := Perm ( q (cid:55)→ q (cid:48) )[ q ] { φ } S EQ { φ } C { ψ } { ψ } C { µ }{ φ } C ; C { µ } DI F { φ m } C m { ψ } for all m (cid:8) (cid:87) m ( M m ∧ φ m ) (cid:9) if · · · fi { ψ } DL OOP { φ } C { ( M ∧ ψ ) ∨ ( M ∧ φ ) }{ ( M ∧ ψ ) ∨ ( M ∧ φ ) } while { ψ } RI F { φ ∗ M m } C m { ψ } for all m ψ ∈ CM { φ ∗ I q } if · · · fi { ψ } RL OOP { φ ∗ M } C { φ ∗ I q } φ ∈ CM { φ ∗ I q } while { φ ∧ M } Figure 6: Proof System QSL. In DI F , DL OOP , RI F and RL OOP , if · · · fi and while are abbreviations of if ( (cid:3) m · M [ q ] = m → C m ) fi and while M [ q ] = 1 do C od respectively, and M , M , M m in assertions are regarded as projectivepredicates acting on q . In P ERM , Perm ( q (cid:55)→ q (cid:48) )[ q ] stands for the unitary transformation which permutes the variables from q to q (cid:48) (see Section 2.1 for details).– S KIP . Trivial as the state of quantum variables are unchanged when applying skip .– I
NIT . By Proposition 3.4.– U
NIT . By Proposition 3.4.– P
ERM . For any input ρ ∈ D ( V ) with matrix form ρ [ q, q r ] ( q r = V \ q ; i.e., ρ is a purely matrix and [ q, q r ] denotes the orderof basis; that is, ρ [ q, q r ] is interpreted as a matrix over H q ⊗ H q r ), the output state after performing the Perm [ q (cid:55)→ q (cid:48) ] : q := Perm [ q (cid:55)→ q (cid:48) ] has the matrix form ρ [ q (cid:48) , q r ] . Then it is not difficult to show ρ [ q, q r ] | = φ [ q (cid:48) (cid:55)→ q ] if and only if ρ [ q (cid:48) , q r ] | = φ .– S EQ . For any ρ ∈ D ( V ) , if ρ | = φ , then by assumptions, (cid:74) C (cid:75) ( ρ ) | = ψ and (cid:74) C (cid:75) ( (cid:74) C (cid:75) ( ρ )) | = µ . Note that (cid:74) C (cid:75) ( (cid:74) C (cid:75) ( ρ )) = (cid:74) C ; C (cid:75) ( ρ ) as ρ is a global state, so (cid:74) C ; C (cid:75) ( ρ ) | = µ .– DI F . For any ρ ∈ D ( V ) , if ρ | = (cid:87) m ( M qm ∧ φ m ) , then there exists at least one m such that ρ | = M qm ∧ φ m , and weassume it is n . As ρ | = M qn ∧ φ n , so ρ | = M qn and ρ | = φ n , by Lemma C.1, we have (cid:74) if ( (cid:3) m · M [ q ] = m → C m ) fi (cid:75) ( ρ ) = (cid:74) C n (cid:75) ( ρ ) , and by assumption { φ n } C n { ψ } , so (cid:74) C n (cid:75) ( ρ ) | = ψ , or equivalently, (cid:74) if ( (cid:3) m · M [ q ] = m → C m ) fi (cid:75) ( ρ ) | = ψ. – DL OOP . For any input ρ that satisfies ( M q ∧ ψ ) ∨ ( M q ∧ φ ) , with the premise { φ } C { ( M q ∧ ψ ) ∨ ( M q ∧ φ ) } , it is indeeda deterministic loop and the measurement M in guard never changes the current state (see Lemma C.1), i.e., the numberof iterations N ( ρ ) is deterministic and moreover, (cid:74) while M [ q ] = 1 do C od (cid:75) = (cid:74) C N ( ρ ) (cid:75) ( ρ ) where C k (cid:44) C ; · · · ; C is the k -fold sequential composition of C . Soundness follows by repeatedly using the inductionhypothesis. 27 RI F . For any input ρ ∈ D ( V ) such that ρ | = φ ∗ I q , it must have: ρ | free ( φ ) ∪ q = ρ | free ( φ ) ⊗ ρ | q . After the measurement M , with probability p m = tr( M qm ρM qm ) the outcome is m and the state changes to ρ m = M qm ρM qm p m . Observe that p m = tr( M qm ρ | q M qm ) and ρ m | free ( φ ) ∪ q = M qm ρ | free ( φ ) ∪ q M qm p m = M qm ρ | q ⊗ ρ | free ( φ ) M qm p m = M qm ρ | q M qm p m ⊗ ρ | free ( φ ) . Realizing that M qm ρ | q M qm p m | = M qm and ρ | free ( φ ) | = φ , we have ρ m | = φ ∗ M qm . By premise, (cid:74) C m (cid:75) ( ρ m ) | = ψ . Back to thesemantics of if statement, we know that (cid:74) if ( (cid:3) m · M [ q ] = m → C m ) fi (cid:75) ( ρ ) = (cid:88) m p m (cid:74) C m (cid:75) ( ρ m ) and by promise ψ ∈ CM , so (cid:74) if ( (cid:3) m · M [ q ] = m → C m ) fi (cid:75) ( ρ ) | = ψ .– RL OOP . We here use the notations similar to [29], Section 3.3. Set quantum operation (and its cylinder extension) E i ( · ) = M i ( · ) M † i for i = 0 , . We first claim: Statement: ρ | = φ ∗ I q implies E ( ρ ) | = φ ∗ M , E ( ρ ) | = φ ∗ M , (cid:74) C (cid:75) ◦ c E ( ρ ) | = φ ∗ I q by the premises and ◦ c denote the composition of quantum operations, i.e., ( E ◦ c F )( ρ ) = E ( F ( ρ )) . Next, by induction andthe statement, we have: for all i ≥ : ρ | = φ ∗ I q implies E ◦ c ( (cid:74) C (cid:75) ◦ c E ) i ( ρ ) | = φ ∗ M . Finally, it has been proved that (see [16]) (cid:74) while (cid:75) ( ρ ) = ∞ (cid:88) i =0 E ◦ c ( (cid:74) C (cid:75) ◦ c E ) i ( ρ ) and thus if ρ | = φ ∗ I q , then (cid:74) while (cid:75) ( ρ ) | = φ and (cid:74) while (cid:75) ( ρ ) | = M since φ, M ∈ CM . Therefore, (cid:74) while (cid:75) ( ρ ) | = φ ∧ M .W EAK φ → G φ (cid:48) { φ (cid:48) } C { ψ (cid:48) } ψ (cid:48) → G ψ { φ } C { ψ } C ONJ { φ } C { ψ } { φ } C { ψ }{ φ ∧ φ } C { ψ ∧ ψ } D ISJ { φ } C { ψ } { φ } C { ψ }{ φ ∨ φ } C { ψ ∨ ψ } C ONST { φ } C { ψ } free ( µ ) ∩ var ( C ) = ∅{ φ ∧ µ } C { ψ ∧ µ } F RAME { φ } C { ψ } free ( µ ) ∩ var ( C ) = ∅ free ( ψ ) ∪ var ( C ) ⊆ free ( φ ) or ψ ∈ SP { φ ∗ µ } C { ψ ∗ µ } Figure 7: Proof System QSL. SP : supported assertion, i.e., there is at most one element ρ ∈ D ( free ( ψ )) that satisfies ψ .– W EAK . By premise φ → G φ (cid:48) (cid:44) D [ free ( φ ) ∪ free ( φ (cid:48) )] → ( φ → φ (cid:48) ) , we know that for any input ρ ∈ D ( V ) that satisfies φ , it must also satisfy φ (cid:48) . By another premise { φ (cid:48) } C { ψ (cid:48) } , then (cid:74) C (cid:75) ( ρ ) | = ψ (cid:48) , and thus (cid:74) C (cid:75) ( ρ ) | = ψ by ψ → G ψ (cid:48) . The trickhere is that dom ( ρ ) = dom ( (cid:74) C (cid:75) ( ρ )) ⊇ free ( φ ) ∪ free ( φ (cid:48) ) ∪ free ( ψ ) ∪ free ( ψ (cid:48) ) .– C ONJ . For any input ρ ∈ D ( V ) such that ρ | = φ ∧ φ , then it must have ρ | = φ and ρ | = φ . By premise and inductionhypothesis, we obtain (cid:74) C (cid:75) ( ρ ) | = ψ and (cid:74) C (cid:75) ( ρ ) | = ψ and thus (cid:74) C (cid:75) ( ρ ) | = ψ ∧ ψ .28 C ASE . For any input ρ ∈ D ( V ) such that ρ | = φ ∨ φ , it must satisfy φ or φ . By premise and induction hypothesis,we know that (cid:74) C (cid:75) ( ρ ) | = ψ or (cid:74) C (cid:75) ( ρ ) | = ψ , that is, (cid:74) C (cid:75) ( ρ ) | = ψ ∨ ψ .– C ONST . For any input ρ ∈ D ( V ) such that ρ | = φ ∨ µ , it must satisfy φ and thus by premise and induction hypothesis, (cid:74) C (cid:75) ( ρ ) | = ψ . Moreover, ρ | = µ implies ρ | free ( µ ) | = µ , and note that free ( µ ) ∩ var ( C ) = ∅ , so ρ | free ( µ ) = (cid:74) C (cid:75) ( ρ ) | free ( µ ) byLemma B.1, which leads to (cid:74) C (cid:75) ( ρ ) | free ( µ ) | = µ and (cid:74) C (cid:75) ( ρ ) | = µ . Therefore, (cid:74) C (cid:75) ( ρ ) | = ψ ∧ µ .– F RAME (1), with premise free ( ψ ) ∪ var ( C ) ⊆ free ( φ ) . For any input ρ ∈ D ( V ) such that ρ | = φ ∗ µ , by Proposition B.5,then free ( φ ) ∩ free ( µ ) = ∅ , ρ | = φ ∧ µ , ρ | free ( φ ) ∪ free ( µ ) = ρ | free ( φ ) ⊗ ρ | free ( µ ) . Similar to C ONST , we have (cid:74) C (cid:75) ( ρ ) | = ψ ∧ µ by first two premises. Also free ( ψ ) ∩ free ( µ ) ⊆ free ( φ ) ∩ free ( µ ) = ∅ , so it is sufficient to show (cid:74) C (cid:75) ( ρ ) | free ( ψ ) ∪ free ( µ ) = (cid:74) C (cid:75) ( ρ ) | free ( ψ ) ⊗ (cid:74) C (cid:75) ( ρ ) | free ( µ ) . Observe following facts: (cid:74) C (cid:75) ( ρ ) | free ( φ ) ∪ free ( µ ) = (cid:74) C (cid:75) ( ρ | free ( φ ) ∪ free ( µ ) ) Lemma B.1 , var ( C ) ⊆ free ( φ )= ( E C ⊗ I free ( φ ) \ var ( C ) ⊗ I free ( µ ) )( ρ | free ( φ ) ⊗ ρ | free ( µ ) )= ( E C ⊗ I free ( φ ) \ var ( C ) )( ρ | free ( φ ) ) ⊗ ρ | free ( µ ) = (cid:74) C (cid:75) ( ρ | free ( φ ) ) ⊗ (cid:74) C (cid:75) ( ρ ) | free ( µ ) Lemma B.1 , var ( C ) ∩ free ( µ ) = ∅ = (cid:74) C (cid:75) ( ρ ) | free ( φ ) ⊗ (cid:74) C (cid:75) ( ρ ) | free ( µ ) Lemma B.1 , var ( C ) ⊆ free ( φ ) and by the downwards closed property of ◦ ( ⊗ ), using free ( ψ ) ⊆ free ( φ ) , we obtain (cid:74) C (cid:75) ( ρ ) | free ( ψ ) ∪ free ( µ ) = (cid:104) (cid:74) C (cid:75) ( ρ ) | free ( φ ) ∪ free ( µ ) (cid:105)(cid:12)(cid:12)(cid:12) free ( ψ ) ∪ free ( µ ) = (cid:104) (cid:74) C (cid:75) ( ρ ) | free ( φ ) ⊗ (cid:74) C (cid:75) ( ρ ) | free ( µ ) (cid:105)(cid:12)(cid:12)(cid:12) free ( ψ ) ∪ free ( µ ) = (cid:104) (cid:74) C (cid:75) ( ρ ) | free ( φ ) (cid:105)(cid:12)(cid:12)(cid:12) free ( ψ ) ⊗ (cid:74) C (cid:75) ( ρ ) | free ( µ ) = (cid:74) C (cid:75) ( ρ ) | free ( ψ ) ⊗ (cid:74) C (cid:75) ( ρ ) | free ( µ ) . – F RAME (2), with premise ψ ∈ SP . Unlike the previous proofs, this rule is highly nontrivial, at least in the sense of proofof itself. Given the output a singleton, there are many unreleased properties of the program C . One technique we used hereis the purification , which allows us to associate pure states with mixed states. Fact 1.
Given any density operator ρ A of the system A , and introduce another system R , often called the reference system.If the dimension of R is larger than or equal to A , then there exists a pure state | ψ (cid:105) AR over the composite system AR ,such that: tr R ( | ψ (cid:105) AR (cid:104) ψ | ) = ρ A . Generally, such purifications are not unique, but they are related by a local unitary of reference system R . In detail, forany purifications | ψ (cid:105) AR and | ψ (cid:48) (cid:105) AR of ρ A , there exists a unitary transformation U R acting on system R , such that: | ψ (cid:48) (cid:105) AR = ( I A ⊗ U R ) | ψ (cid:105) AR . Step 1 : Let us first reveal some variable information from the rule itself. If there exists some input satisfies φ ∗ µ , thenobviously, free ( φ ) ∩ free ( µ ) = ∅ ; otherwise, the rule is trivially sound. From the promise free ( µ ) ∩ var ( C ) = ∅ , we knowthat free ( µ ) ∩ ( free ( φ ) ∪ var ( C )) = ∅ , thus without loss of generality, we can assume free ( φ ) ⊆ var ( C ) , as we can alwaysadd all the variables in free ( φ ) \ var ( C ) to the program and left them unchanged.Moreover, as ψ is a singleton formula, we must have free ( ψ ) ⊆ free ( φ ) ∪ var ( C ) . To see this, suppose q ∈ free ( ψ ) \ ( free ( φ ) ∪ var ( C )) , then the input state is free on q and the state of q remains unchanged after executing C ,so the output state on q is not unique, which is contradictory to the premise that ψ is a singleton formula.In summary, it is sufficient to prove the soundness when free ( φ ) , free ( ψ ) ⊆ var ( C ) . To simply the representation, weuse A to denote free ( φ ) , A (cid:48) for free ( ψ ) , B for var ( C ) \ free ( φ ) , C for free ( µ ) , as illustrated in Figure 8. Step 2 : Extract hidden information from premise { φ } C { ψ } . In detail, we prove the following Lemma C.2.Let us first extend the system ABC with several mathematically ancilla system R A , R B , R C and R . The dimension of R A is the same as A and it is used for purify density matrix of A , and the similar for R B and R C . System R is used forrelated the semantics function (cid:74) C (cid:75) (a quantum operation acting on AB ) to a unitary transformation U RAB acting on
RAB ;in detail, for any input density operator ρ AB ∈ D ( AB ) , the output (cid:74) C (cid:75) ( ρ AB ) can be obtained by following step: 1. initialsystem R in | (cid:105) R ; 2. apply unitary transformation U RAB on RAB ; 3. trace out the system R ; or equivalently: (cid:74) C (cid:75) ( ρ AB ) = tr R (cid:16) U RAB ( | (cid:105) R (cid:104) | ⊗ ρ AB ) U † RAB (cid:17) . var ( C ) is the area in red frame, see step 1.The right one shows the auxiliary systems, including R A used for purify ρ A , R C used for purify ρ C , R A R B R C used forpurify the input ρ ABC , and R is the ancilla system with initial state | (cid:105) used to purify the quantum operation E AB , see step2 and step 3.Suppose ρ A ∈ D ( A ) is any state that satisfies φ , and σ A (cid:48) ∈ D ( A (cid:48) ) with diagonal decomposition σ A (cid:48) = (cid:80) i λ i | α i (cid:105) A (cid:48) (cid:104) α i | is the only state on A (cid:48) that satisfies ψ . Assuming | Ψ AR A (cid:105) ∈ H ( AR A ) is a purification of ρ A . We now prove that, Lemma C.2.
For any pure state | Ψ BR B CR C (cid:105) ∈ H ( BR B CR C ) , and any unitary transformation U R A BR B R C acting on R A BR B R C : (cid:110) (cid:74) C (cid:75) (cid:104) U R A BR B R C ( | Ψ AR A (cid:105)(cid:104) Ψ AR A | ⊗ | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | ) U † R A BR B R C (cid:105)(cid:111)(cid:12)(cid:12)(cid:12) A (cid:48) C (13) = (cid:110) U RAB U R A BR B R C ( | (cid:105) R (cid:104) | ⊗ | Ψ AR A (cid:105)(cid:104) Ψ AR A | ⊗ | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | ) U † R A BR B R C U † RAB (cid:111)(cid:12)(cid:12)(cid:12) A (cid:48) C (14) = σ A (cid:48) ⊗ σ C (15) where σ C = | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C || C . Realize that the input state indeed satisfies φ because (cid:104) U R A BR B R C ( | Ψ AR A (cid:105)(cid:104) Ψ AR A | ⊗ | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | ) U † R A BR B R C (cid:105)(cid:12)(cid:12)(cid:12) A = | Ψ AR A (cid:105)(cid:104) Ψ AR A || A = ρ A , so after applying C , the reduced state over A (cid:48) of the output must be σ A (cid:48) . That is: for fixed U R A BR B R C and | Ψ AR A (cid:105) , theoutput pure state must have the form U RAB U R A BR B R C ( | (cid:105) R | Ψ AR A (cid:105)| Ψ BR B CR C (cid:105) = (cid:88) i (cid:112) λ i | α i (cid:105) A (cid:48) X i ⊗ I C | Ψ BR B CR C (cid:105) where X i are isometries mapping from BR B R C to RR A B (cid:48) R B R C , and satisfies: ∀ i : (cid:107) X i ⊗ I C | Ψ BR B CR C (cid:105)(cid:107) = 1 , ∀ i (cid:54) = j : (cid:104) Ψ BR B CR C | ( X (cid:48) j ⊗ I C )( X i ⊗ I C ) | Ψ BR B CR C (cid:105) . Since | Ψ BR B CR C (cid:105) are freely chosen, so it can range over all pure state over H ( BR B CR C ) , we must have: ∀ i : X † i X i = I BR B R C , ∀ i (cid:54) = j : X † j X i = 0 . (16)Let {| e k (cid:105)} be an orthonormal basis of BR B R C , then X i has the explicit form: X i = (cid:88) k | β ik (cid:105)(cid:104) e k | where | β ik (cid:105) ∈ H ( RR A B (cid:48) R B R C ) and may not be normalized. However, by Eqn. (16), there are many constrains of | β ik (cid:105) : ∀ i : X † i X i = (cid:88) kk (cid:48) | e k (cid:48) (cid:105)(cid:104) e k | · (cid:104) β ik (cid:48) | β ik (cid:105) = (cid:88) k | e k (cid:105)(cid:104) e k | ⇒ ∀ i : (cid:104) β ik (cid:48) | β ik (cid:105) = (cid:26) k = k (cid:48) k (cid:54) = k (cid:48) ∀ i (cid:54) = j : X † j X i = (cid:88) kk (cid:48) | e k (cid:48) (cid:105)(cid:104) e k | · (cid:104) β jk (cid:48) | β ik (cid:105) = 0 ⇒ ∀ i (cid:54) = j, ∀ k, k (cid:48) : (cid:104) β jk (cid:48) | β ik (cid:105) = 0 . As a consequence, {| β ik (cid:105)} ik is a orthonormal set, and we may extend it as an orthonormal basis of RR A B (cid:48) R B R C : {| β ik (cid:105) , | f m (cid:105)} . Now, let us start to calculate the explicit form of output: (cid:110) U RAB U R A BR B R C ( | (cid:105) R (cid:104) | ⊗ | Ψ AR A (cid:105)(cid:104) Ψ AR A | ⊗ | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | ) U † R A BR B R C U † RAB (cid:111)(cid:12)(cid:12)(cid:12) A (cid:48) C tr RR A B (cid:48) R B R C (cid:40)(cid:88) ii (cid:48) (cid:88) kk (cid:48) (cid:112) λ i λ i (cid:48) | α i (cid:105) A (cid:48) (cid:104) α i (cid:48) | ⊗ | β ik (cid:105)(cid:104) e k | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | e k (cid:48) (cid:105)(cid:104) β i (cid:48) k (cid:48) | (cid:41) = (cid:88) i (cid:48)(cid:48) k (cid:48)(cid:48) (cid:104) β i (cid:48)(cid:48) k (cid:48)(cid:48) | (cid:40)(cid:88) ii (cid:48) (cid:88) kk (cid:48) (cid:112) λ i λ i (cid:48) | α i (cid:105) A (cid:48) (cid:104) α i (cid:48) | ⊗ | β ik (cid:105)(cid:104) e k | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | e k (cid:48) (cid:105)(cid:104) β i (cid:48) k (cid:48) | (cid:41) | β i (cid:48)(cid:48) k (cid:48)(cid:48) (cid:105) + (cid:88) m (cid:104) f m | (cid:40)(cid:88) ii (cid:48) (cid:88) kk (cid:48) (cid:112) λ i λ i (cid:48) | α i (cid:105) A (cid:48) (cid:104) α i (cid:48) | ⊗ | β ik (cid:105)(cid:104) e k | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | e k (cid:48) (cid:105)(cid:104) β i (cid:48) k (cid:48) | (cid:41) | f m (cid:105) = (cid:88) ik (cid:110)(cid:112) λ i λ i | α i (cid:105) A (cid:48) (cid:104) α i | ⊗ (cid:104) e k | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | e k (cid:105) (cid:111) + 0= (cid:32)(cid:88) i λ i | α i (cid:105) A (cid:48) (cid:104) α i | (cid:33) ⊗ (cid:32)(cid:88) k (cid:104) e k | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | e k (cid:105) (cid:33) = σ A (cid:48) ⊗ σ C Step 3 : purification of all possible input. In detail, we show that for any input state ρ ABC | = φ ∗ µ , it can must be writteninto the form of Lemma C.2; that is, there must exists | Ψ AR A (cid:105) ∈ H ( AR A ) , | Ψ BR B CR C (cid:105) ∈ H ( BR B CR C ) and unitarytransformation U R A BR B R C acting on R A BR B R C , such that (cid:104) U R A BR B R C ( | Ψ AR A (cid:105)(cid:104) Ψ AR A | ⊗ | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | ) U † R A BR B R C (cid:105)(cid:12)(cid:12)(cid:12) ABC = ρ ABC . This step is relatively simple if we realize the fact of freedom of purification. We use the notations ρ A =tr BC ( ρ ABC ) , ρ C = tr AB ( ρ ABC ) and ρ AC = tr B ( ρ ABC ) , and trivially ρ A | = φ and ρ C | = µ by restriction. First, therealways exists pure state | Ψ ABCR A R B R C (cid:105) that purify ρ ABC . Next, let us focus on system AC : note that ρ AC is a product statebetween A and C as ρ ABC | = φ ∗ µ (so ρ AC | = φ ∗ µ ), thus ρ AC = ρ A ⊗ ρ C , and set | Ψ AR A (cid:105) and | Ψ CR C (cid:105) being the purificationof ρ A and ρ C , then | Ψ AR A (cid:105)| Ψ CR C (cid:105) is also a purification of ρ AC . If we add | (cid:105) BR B , trivially | Ψ AR A (cid:105)| (cid:105) BR B | Ψ CR C (cid:105) isstill a purification of ρ AC . Since | Ψ ABCR A R B R C (cid:105) is a purification of ρ ABC , it is also a purification of ρ AC . Now, we havetwo purifications | Ψ AR A (cid:105)| (cid:105) BR B | Ψ CR C (cid:105) and | Ψ ABCR A R B R C (cid:105) with the same reference system R A BR B R C , and due to thefreedom of purification, there exists a local unitary transformation U R A BR B R C that related these two purifications, i.e., | Ψ ABCR A R B R C (cid:105) = U R A BR B R C | Ψ AR A (cid:105)| (cid:105) BR B | Ψ CR C (cid:105) . Set | Ψ BR B CR C (cid:105) = | (cid:105) BR B | Ψ CR C (cid:105) and we will obtain: ρ ABC = tr R A R B R C [ | Ψ ABCR A R B R C (cid:105)(cid:104) Ψ ABCR A R B R C | ]= (cid:104) U R A BR B R C ( | Ψ AR A (cid:105)(cid:104) Ψ AR A | ⊗ | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | ) U † R A BR B R C (cid:105)(cid:12)(cid:12)(cid:12) ABC as we desired.
Step 4 : Combine Step 2 and 3 to conclude the soundness. For any ρ ABC | = φ ∗ µ , we have the following equations: (cid:74) C (cid:75) ( ρ ABC ) | A (cid:48) C = (cid:110) (cid:74) C (cid:75) (cid:104) (cid:16) U R A BR B R C ( | Ψ AR A (cid:105)(cid:104) Ψ AR A | ⊗ | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | ) U † R A BR B R C (cid:17)(cid:12)(cid:12)(cid:12) ABC (cid:105)(cid:111)(cid:12)(cid:12)(cid:12) A (cid:48) C = (cid:110) (cid:74) C (cid:75) (cid:104) U R A BR B R C ( | Ψ AR A (cid:105)(cid:104) Ψ AR A | ⊗ | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C | ) U † R A BR B R C (cid:105)(cid:111)(cid:12)(cid:12)(cid:12) A (cid:48) C = σ A (cid:48) ⊗ ρ C by using Lemma B.1 , A (cid:48) C ⊆ ABC and σ C = | Ψ BR B CR C (cid:105)(cid:104) Ψ BR B CR C || C = ρ C . Since σ A (cid:48) | = ψ and ρ C | = µ , so (cid:74) C (cid:75) ( ρ ABC ) | = ψ ∗ µ as we desired.U N CR { φ } C { ψ } q ∩ var ( C ) = ∅ φ [ E [ q ]] ↓ ψ [ E [ q ]] ↓{ φ [ E [ q ]] } C { ψ [ E [ q ]] } Figure 9: Proof rule for dealing with entangled predicates.31 U N CR. For ρ ∈ D ( V ) such that ρ | = φ [ E [ q ]] , by Proposition C.4 (2), E ( ρ ) | = φ , by premise { φ } C { ψ } , (cid:74) C (cid:75) ( E ( ρ )) | = ψ .By the premise q ∩ var ( C ) = ∅ , (cid:74) C (cid:75) ( E ( ρ )) = E ( (cid:74) C (cid:75) ( ρ )) , and thus E ( (cid:74) C (cid:75) ( ρ )) | = ψ . Using Proposition C.4 (2) again, wehave (cid:74) C (cid:75) ( ρ ) | = ψ [ E [ q ]] . C.7. More explanations for reasoning about entangled predicates
The technique for reasoning about entangled predicates proposed in [21] can be described in following three steps:1)
Pushing out : Introduce auxiliary variables for local reasoning; To capture the behavior how a program affects theentanglement relations between other systems, it is needed to introduce auxiliary variables, at most the fresh copy ofeach quantum variable as auxiliary variables, in both pre- and post-conditions . Thanks to Theorem 4.1, this step canbe safely down in our logic.2) Modification : Choose appropriate quantum operation E and apply rule U N CR on the auxiliary variables; We use framerule to glue all preconditions (postcondition) derived by local reasoning together to obtain a valid judgment { φ } C { ψ } .Remember that φ and ψ contains the same set of auxiliary variables. Suppose E is an arbitrary quantum operationacting on auxiliary registers q (cid:48) and both E [ q (cid:48) ]( φ ) , E [ q (cid:48) ]( ψ ) are defined, for any ρ | = E [ q (cid:48) ]( φ ) , we know that: E ( ρ ) | = φ and so (cid:74) C (cid:75) ( E ( ρ )) | = ψ . Since (cid:74) C (cid:75) and E [ q (cid:48) ] are two quantum operations acting on disjoint registers (i.e., the primesystem and auxiliary system), (cid:74) C (cid:75) ( E ( ρ )) = E ( (cid:74) C (cid:75) ( ρ )) , and thus E ( (cid:74) C (cid:75) ( ρ )) | = ψ and hence (cid:74) C (cid:75) ( ρ ) | = E [ q (cid:48) ]( ψ ) . Insummary, the judgment {E [ q (cid:48) ]( φ ) } C {E [ q (cid:48) ]( ψ ) } is valid, which we named it rule U N CR.3)
Pulling back : Using certain equivalence predicates to link the principal and auxiliary variables and then trace out theauxiliary variables. There exist some BI formulas which have a globally equivalent form but with less variables, e.g.the cases of Proposition 4.2. Generally, this step is not feasible for all predicates; however, with a proper choice of E [ q (cid:48) ] , this step is suitable for lots of scenarios, in particular, it is feasible for all postcondition ψ being projection orobservable. C.8. PEPR: simplified rule for projections
When BI formula φ and ψ appeared in U N CR are projections, we can derive the following rule by combining the ideasof modification and pulling back:PEPR { Ψ } C { Φ } var ( C ) ⊆ q type( q ) = type( q (cid:48) ) q ∩ q (cid:48) = ∅ Ψ ∈ P ( q, q (cid:48) ) Φ ∈ MES( q, q (cid:48) ) Q ∈ P ( q ) { proj [dim( q ) · tr q (cid:48) (( Q q (cid:48) ⊗ I q )Ψ( Q q (cid:48) ⊗ I q ))] } C { Q } as an instance of rule U N CR, where
MES( q, q (cid:48) ) stands for the set of maximally entangled states of two disjoint registers q, q (cid:48) with the same type (i.e., the same dimension of their Hilbert space), and proj maps an observable to the projectiononto its eigenspace of eigenvalue 1 (see Section A). Proof.
The simplified rule PEPR is indeed a combination of Modification and Pulling back discussed in SectionC.7 whenever postcondition Q ∈ P ( q ) . Suppose Q has the diagonal decomposition Q = (cid:80) i λ i | β i (cid:105) q (cid:104) β i | , and set Q q (cid:48) = (cid:80) i λ i | β i (cid:105) q (cid:48) (cid:104) β i | , N = dim( q ) and Φ being the maximally entangled state | Φ (cid:105) = √ N (cid:80) j | j (cid:105) q | j (cid:105) q (cid:48) with {| j (cid:105)} being orthonormal basis of H q and choose quantum operation E ( ρ ) = N · (cid:88) ij λ i | β i (cid:105) q (cid:48) (cid:104) j | ρ | j (cid:105) q (cid:48) (cid:104) β i | , then Φ[ E [ q (cid:48) ]] = Q q ⊗ I q (cid:48) . First, follows by [21], | = { (cid:74) C (cid:75) ∗ (Φ) } C { Φ } and moreover, (cid:74) C (cid:75) ∗ (Φ) is the weakest preconditionto make it valid. By employing rule U N CR, we obtain { ( (cid:74) C (cid:75) ∗ (Φ))[ E [ q (cid:48) ]] } C { Φ[ E [ q (cid:48) ]] } or equvalently { ( (cid:74) C (cid:75) ∗ (Φ))[ E [ q (cid:48) ]] } C { Q q ⊗ I q (cid:48) } On the other hand, by premise { Ψ } C { Φ } , we have Ψ (cid:118) (cid:74) C (cid:75) ∗ (Φ) since (cid:74) C (cid:75) ∗ (Φ) is the weakest precondition and thus, proj [ N · tr q (cid:48) (( Q q (cid:48) ⊗ I q )Ψ( Q q (cid:48) ⊗ I q ))] ⊗ I q (cid:48)
10. It is not surprising a fresh copy of all variables is enough, since the semantic function is a quantum operation – quantum operation can be realizedby a unitary transformation acting on both prime system and environment as large as the prime system.11. E defined here is not a trace-preserving quantum operation, similar problems happens in this paragraph. However, it is always possible to add ascalar factor and this does not affect the conclusions. proj [ N · tr q (cid:48) (( Q q (cid:48) ⊗ I q ) (cid:74) C (cid:75) ∗ (Φ)( Q q (cid:48) ⊗ I q ))] ⊗ I q (cid:48) = N · ( Q q (cid:48) ⊗ I q ) (cid:74) C (cid:75) ∗ (Φ)( Q q (cid:48) ⊗ I q ) = ( (cid:74) C (cid:75) ∗ (Φ))[ E [ q (cid:48) ]] . or equivalently, proj [ N · tr q (cid:48) (( Q q (cid:48) ⊗ I q )Ψ( Q q (cid:48) ⊗ I q ))] ⊗ I q (cid:48) → ( (cid:74) C (cid:75) ∗ (Φ))[ E [ q (cid:48) ]] by Proposition B.4 (2). Then by ruleW EAK and Proposition C.2, we have (cid:96) { proj [ N · tr q (cid:48) (( Q q (cid:48) ⊗ I q )Ψ( Q q (cid:48) ⊗ I q ))] ⊗ I q (cid:48) } C { Q q ⊗ I q (cid:48) } According to Proposition B.4(3) and B.4(1) and applying rule W
EAK again, we conclude (cid:96) { proj [ N · tr q (cid:48) (( Q q (cid:48) ⊗ I q )Ψ( Q q (cid:48) ⊗ I q ))] } C { Q } . C.9. Verification of Example 4.2
First let us define the maximally entangled states Φ ± pq as | Φ (cid:105) pq = √ ( | (cid:105) p | (cid:105) q ± | (cid:105) p | (cid:105) q . The program C defined inExample 4.2 is: C ≡ √ Z [ q ]; √ Z [ q ] . We aim to prove { Φ + q q } C { Φ − q q } . As discussed above, our proof has following steps: • Local reasoning, pushing out. For subprogram √ Z [ q ] , let us introduce an auxiliary qubit q (cid:48) . Using rule U NIT , wehave: { Ψ q q (cid:48) }√ Z [ q ] { Φ + q q (cid:48) } with | Ψ (cid:105) pq = 1 √ | (cid:105) p | (cid:105) q − i | (cid:105) p | (cid:105) q ) . Similarly, we have { Ψ q q (cid:48) }√ Z [ q ] { Φ + q q (cid:48) } . With F RAME , S EQ and W EAK and Proposition 3.2, we obtain: (cid:96) { Ψ q q (cid:48) ⊗ Ψ q q (cid:48) }{ Ψ q q (cid:48) ∧ Ψ q q (cid:48) }√ Z [ q ] { Φ + q q (cid:48) ∧ Ψ q q (cid:48) }√ Z [ q ] { Φ + q q (cid:48) ∧ Φ + q q (cid:48) }{ Φ + q q (cid:48) ⊗ Φ + q q (cid:48) } . • modification and pulling back. Note that Φ + q q (cid:48) ⊗ Φ + q q (cid:48) ∈ MES[ q q , q (cid:48) q (cid:48) ] , we apply rule PEPR (an instance of U N CR,see Section C.8) to obtain: (cid:110) proj (cid:104) · tr q (cid:48) q (cid:48) (cid:16) (Φ − q (cid:48) q (cid:48) ⊗ I q q )Ψ(Φ − q (cid:48) q (cid:48) ⊗ I q q ) (cid:17)(cid:105)(cid:111) C { Φ − q q } . A careful calculation shows that the precondition is exactly Φ + q q as we desired. Appendix D.Local Reasoning: Analysis of Variational Quantum Algorithms, details for Section 5
D.1. VQA in the Tutorial of Cirq
The VQA presented in the tutorial of Cirq deals with a 2D + / − Ising model of size N × N with objective Hamiltonian(observable) H = (cid:88) ( i,j ) h ij Z ij + (cid:88) ( i,j ; i (cid:48) ,j (cid:48) ) ∈ S J ij ; i (cid:48) j (cid:48) Z ij Z i (cid:48) j (cid:48) , where each index pair ( i, j ) is associated with a vertex in a the N × N grid, S is the set of all neighboring vertices in thegrid, and all h ij and J ij ; i (cid:48) j (cid:48) are either +1 or − . The algorithm for preparing the ansatz state with real parameters ( α, β, γ ) given in the tutorial of Cirq can be rewritten in the quantum- while language as follows: VQA( N ) ≡ for j = 1 , · · · , N do ProcC( j ) od ; for i = 1 , · · · , N do ProcR( i ) od with following subprograms: ProcC( j ) ≡ for i = 1 , · · · , N do ProcR( i ) ≡ for j = 1 , · · · , N − do q ij = X α [ q ij ]; q ij = X ( Jc ij = − [ q ij ]; q ij = (cid:0) Z β (cid:1) ( h ij =1) [ q ij ] od ; q i ( j +1) = X ( Jc ij = − [ q i ( j +1) ]; for i = 1 , · · · , N − do q ij , q i ( j +1) = CZ γ [ q ij , q i ( j +1) ];
12. https://quantumai.google/cirq/tutorials/variational algorithm ij = X ( Jr ij = − [ q ij ]; q ij = X ( Jc ij = − [ q ij ]; q ( i +1) j = X ( Jr ij = − [ q ( i +1) j ]; q i ( j +1) = X ( Jc ij = − [ q i ( j +1) ]; q ij , q ( i +1) j = CZ γ [ q ij , q ( i +1) j ]; od ; q ij = X ( Jr ij = − [ q ij ]; q ( i +1) j = X ( Jr ij = − [ q ( i +1) j ] od ; where for simplicity, we write some logical judgments as superscripts; for example X ( Jc ij = − means that if Jc ij = − ,apply the X gate, and otherwise skip. Since the parameters h, Jc and Jr are given a priori, this notation should not leadto any confusion. D.2. Specifying Incorrectness in Quantum Separation Logic
As pointed out at the beginning of this section, we can use our quantum separation logic to show that algorithm
VQA( N ) is indeed incorrect. Let us first describe its incorrectness in our logical language. Suppose the Hamiltonian H has eigenvalues E , E , ... ranged in increasing order, with corresponding eigenspaces (projections) Q , Q ... . If for each i ≤ n , we can finda precondition P i ∈ P such that | = { P i } VQA( N ) { − (cid:80) ik =0 Q i } ( i = 0 , , ..., n ) , then by showing that | (cid:105) (the initial stateof quantum circuit) is close to P i ; that is, (cid:104) | P i | (cid:105) ≥ δ i , we can conclude that the approximate ground energy computedby VQA( N ) is at least E + n (cid:88) i =1 ( E i +1 − E i ) δ i . (17) Proof.
For input ρ = | (cid:105)(cid:104) | , the output is σ = (cid:74) VQA( N ) (cid:75) ( ρ ) . We have following observations of the energy of output byrealizing E i is an increasing sequence and (cid:80) i ≥ Q i = I : tr( Hσ ) = tr (cid:88) i ≥ E i Q i σ ≥ tr (cid:32) n (cid:88) i =0 E i Q i σ (cid:33) + tr E n +1 (cid:88) i ≥ n +1 Q i σ = tr( E σ ) + n (cid:88) i =0 tr (cid:32) ( E i +1 − E i ) (cid:32) − i (cid:88) k =0 Q i (cid:33) σ (cid:33) . On the other hand, suppose | = { P i } VQA( N ) { − (cid:80) ik =0 Q i } ( i = 0 , , ..., n ) . According to the lifting principle (see[17] Theorem 3.2), we know that, for any two projections P and Q , if { P } C { Q } is valid, then for any input state ρ , tr( P ρ ) ≤ tr( Q (cid:74) C (cid:75) )( ρ ) . Thus, we obtain: tr( P i ρ ) ≤ tr (cid:32)(cid:32) − i (cid:88) k =0 Q i (cid:33) σ (cid:33) which implies that the energy of output tr( Hσ ) ≥ tr( E σ ) + n (cid:88) i =0 tr (( E i +1 − E i ) P i ρ ) = E + n (cid:88) i =0 ( E i +1 − E i ) (cid:104) | P i | (cid:105) ≥ E + n (cid:88) i =0 ( E i +1 − E i ) δ i if (cid:104) | P i | (cid:105) ≥ δ i for all ≤ i ≤ n , as we desired.Therefore, whenever the quantity in (4) is far away from the real ground energy E , then VQA( N ) is incorrect.To illustrate our idea more explicitly, let us consider the simplest case of × grid ( N = 2 ) with parameters: h = (cid:20) − −
11 1 (cid:21) , Jc = (cid:20) − − (cid:21) , Jr = (cid:2) − (cid:3) and J ij ;( i +1) j = Jr ij and J ij ; i ( j +1) = Jc ij . The eigenvalues of the Hamiltonian H in this case are E , · · · , E = − , − , − , , , with corresponding eigenspaces Q , Q , · · · , Q , respectively. If we can find preconditions P and P satisfying: | = { P i } VQA( N ) (cid:110) − (cid:80) ik =0 Q i (cid:111) ( i = 0 , , (cid:104) | P | (cid:105) = 1 − sin ( απ ) ≥ , (cid:104) | P | (cid:105) = 1 − (7 + cos(2 απ )) sin ( απ ) ≥ , (18)then it follows from (4) that the approximate ground energy of VQA is at least − . , which is much higher than the realground energy E = − . 34 .3. Verifying Incorrectness in Quantum Separation Logic Now we use the inference rules of quantum separation logic to derive preconditions P and P required in (18) and thusshow that VQA( N ) is indeed incorrect. The derivation is given following the three steps outlined at the end of Subsection4.4. Pushing out : This step is essentially local reasoning . For each subprogram
ProcC( j ) or ProcR( i ) , We derive a certainprecondition of it with (the projection onto the one-dimensional subspace spanned by) the maximally entanglement as theirpostconditions, which plays the role of pushing out to connect the variables in the subprogram with some auxiliary variables.For example, consider: ProcR(1) ≡ q = X [ q ]; q = X [ q ]; q , q = CZ γ [ q , q ]; q = X [ q ]; q = X [ q ] We introduce auxiliary variables q (cid:48) , q (cid:48) with the same types as q , q . For postcondition Φ R = | Φ R (cid:105)(cid:104) Φ R | with | Φ R (cid:105) = (cid:80) i,j ∈{ , } | i (cid:105) q | j (cid:105) q | i (cid:105) q (cid:48) | j (cid:105) q (cid:48) , we can use rules U NIT and S EQ to derive precondition Ψ R = | Ψ R (cid:105)(cid:104) Ψ R | with | Ψ R (cid:105) = X q X q CZ γq ,q X q X q | Φ R (cid:105) such that (cid:96) { Ψ R } ProcR(1) { Φ R } . Similarly, we can derive preconditions Ψ R , Ψ C , Ψ C such that (cid:96) { Ψ R } ProcR(2) { Φ R } , (cid:96) { Ψ C } ProcC(1) { Φ C } , (cid:96) { Ψ C } ProcC(2) { Φ C } . Modification and pulling back:
Now we apply PEPR (which is an instance of U N CR, see Section C.8) to VQA. WithF
RAME , S EQ and W EAK and Proposition 3.2, we obtain: (cid:96) { Ψ R ⊗ Ψ R }{ Ψ R ∧ Ψ R } ProcR(1) { Φ R ∧ Ψ R } ProcR(2) { Φ R ∧ Φ R }{ Φ R ⊗ Φ R } , Note that ⊗ is the tensor product in mathematics and Ψ R ⊗ Ψ R and Φ R ⊗ Φ R are still projections. Similarly, it holdsthat (cid:96) { Ψ C ⊗ Ψ C } ProcC(1); ProcC(2) { Φ C ⊗ Φ C } . Realizing the fact that the tensor product of maximally entangledstate is still a maximally entangled state, i.e., Φ ∈ MES( q , q (cid:48) ) and Φ ∈ MES( q , q (cid:48) ) imply Φ ⊗ Φ ∈ MES( q q , q (cid:48) q (cid:48) ) ,we can use rule PEPR to derive: (cid:96) { R } ProcR(1); ProcR(2) { Q } , R (cid:44) proj (cid:2) · tr q (cid:48) (cid:0) ( Q q (cid:48) ⊗ I q )(Ψ R ⊗ Ψ R )( Q q (cid:48) ⊗ I q ) (cid:1)(cid:3) where q = q , q , q , q and q (cid:48) = q (cid:48) , q (cid:48) , q (cid:48) , q (cid:48) . Similarly, we have: (cid:96) { P } ProcC(1); ProcC(2) { R } , P (cid:44) proj (cid:2) · tr q (cid:48) (cid:0) ( R q (cid:48) ⊗ I q )(Ψ C ⊗ Ψ C )( R q (cid:48) ⊗ I q ) (cid:1)(cid:3) . The explicit expressions of
P, Q, R are involved. Here, we only display the closed form of ( P ) and ( P ) for Q = I − Q and I − Q − Q respectively: ( P ) = 1 − sin ( απ ) , ( P ) = 1 −
132 (7 + cos(2 απ )) sin ( απ ) , since (cid:104) | P i | (cid:105) = ( P i ) is what actually needed in (18). Appendix E.Scalable Reasoning: Verification of Security, Details for Section 6
E.1. Security of Quantum Secret Sharing
We here prove the validity of | = P S [ p, q, r ] → ( U [ p ] ∧ U [ q ] ∧ U [ r ]) (see Section 6.2.2). First, for any pure state | ψ (cid:105) pqr ∈ P S [ p, q, r ] , it can be written as: | ψ (cid:105) pqr = (cid:88) i =0 λ i | e i (cid:105) pqr , with complex numbers λ i satisfies (cid:80) i =0 | λ i | = 1 . Then a straightforward calculation shows that: ( | ψ (cid:105) pqr (cid:104) ψ | ) | p = I p , which implies | ψ (cid:105) pqr (cid:104) ψ | | = U [ p ] . Next, note that U [ p ] ∈ CM , so for any ρ | = P S [ p, q, r ] , ρ | = U [ p ] , or equivalently, | = P S [ p, q, r ] → U [ p ] . Similarly for U [ q ] and U [ r ] . 35 .2. Security against Eavesdropper As one can imagine, verification of quantum secret sharing with eavesdroppers is harder. Let us consider a slightly morecomplicated situation than its original design in [25], [26], [34]: the quantum secret is unknown for the sender and thuscannot be re-prepared by the sender. A protocol for secret transmission in this case was recently proposed in [56], and aninstance of it can be written as the following program:
QSS E( n ) ≡ for i = 1 , · · · , n do C [ p, q, r, h i ] ≡ p, h i := Perm ( p, h i (cid:55)→ h i , p )[ p, h i ]; Enc [ p, q, r ]; q, r := U rec [ q, r ]; c := | (cid:105) ; c := H [ c ]; p, q := Perm ( p, q (cid:55)→ q, p )[ p, q ]; if M [ c ] = 0 → C [ p, q, r, h i ] (cid:3) → C [ p, q, r, h i ]; fi C [ p, q, r, h i ] ≡ q, h i := Perm ( q, h i (cid:55)→ h i , q )[ q, h i ]; od p, r := Perm ( p, r (cid:55)→ r, p )[ p, r ]; This is a n + 1 -round protocol: in each round, Alice encodes a qutrit to p, q, r , and Eva tosses the fresh coin c by Hadamardgate H and measures it by computational basis M to decide which qutrit he is going to steal; Alice first tries to send p toBob and then q to Charlie. If the coin is head (0), then Eva steals p and stores it in her own register h i , and Alice recoversthe message from q, r and sets it as the secret for next round; and if the coin is tail (1), then Eva steals q and stores in h i ,and Alice sets r as the secret for next round. It can be shown at the end if Eva doesn’t steal p and q at the n + 1 round,the qutrit(s) that Bob and Charlie get are indeed what they want (anyone has no information about secret but they togethercan recover the secret).The security of QSS E( n ) can be expressed as the uniformity: (cid:96) {(cid:62)} QSS E( n ) { U [ h , · · · , h n ] } , (19)which means that all qutrits Eva stolen are in fact useless. We show how (19) can be proved in our quantum separationlogic. First, by the frame rule C ONST and (9), we have for all i = 1 , · · · , n : (cid:96) { U [ h , · · · , h i − ] } p, q, r = Enc [ p, q, r ] { P S [ p, q, r ] ∧ U [ h , · · · , h i − ] } . Next, we consider the first branch of the if -statement in QSS E( n ) and obtain: (cid:96){ P S [ p, q, r ] ∧ U [ h , · · · , h i − ] }• Perm ( p, h i (cid:55)→ h i , p )[ p, h i ]; P ERM { P S [ h i , q, r ] ∧ U [ h , · · · , h i − ] } W EAK { U [ h , · · · , h i ] } (20) • q, r := U rec [ q, r ]; p, q := Perm ( p, q (cid:55)→ q, p )[ p, q ]; U NIT , F RAME { U [ h , · · · , h i ] } Note that ( P S [ h i , q, r ] ∧ U [ h , · · · , h i − ]) → U [ h , · · · , h i ] in assertion logic is derived from Proposition B.4 (5). Similarlywe have: (cid:96) { P S [ h i , q, r ] ∧ U [ h , · · · , h i − ] } C [ p, q, r, h i ] { U [ h , · · · , h i ] } (21)the second branch of the if -statement in QSS E( n ) . Now, using rule RI F we can combine (20) and (21) to derived thefollowing for the if -statement in QSS E( n ) : (cid:96) { ( P S [ p, q, r ] ∧ U [ h , · · · , h i − ]) ∗ I c } if · · · fi { U [ h , · · · , h i ] } . Finally, we use W
EAK and S EQ repeatedly to glue the above judgments together: (cid:96){(cid:62)}• for i = 1 , · · · , n do S EQ { U [ h , · · · , h i − ] }• p, q, r = Enc [ p, q, r ]; { P S [ p, q, r ] ∧ U [ h , · · · , h i − ] } W EAK (cid:8)(cid:2) ( P S [ p, q, r ] ∧ U [ h , · · · , h i − ]) ∧ I c (cid:3) ∧ ( I pqrh ··· h i − ∗ I ∅ ) (cid:9) • c := | (cid:105) ; c := H [ c ]; U NIT , F RAME { ( P S [ p, q, r ] ∧ U [ h , · · · , h i − ]) ∗ I c } if M [ c ] = 0 → C [ p, q, r, h i ] (cid:3) → C [ p, q, r, h i ] fi { U [ h , · · · , h i ] }• od { U [ h , · · · , h n ] } . Appendix F.BI with domain - Constructing 2-BID Logic
As discussed in Section 3.3, the failure of existence of extensions makes some BI formulas nonrestrictive – satisfactionrelation ρ | = φ depends on the variables outside free ( φ ) . On the other hands, restriction property is so important in programlogic that we need to focus on those restrictive BI formulas when we establish QSL.Pointed out in Section 7, a possible way is to modify the BI frame to make restriction property intrinsic. Here and thefollowing context focus on the aim, along the line that first introduce 2-BID logic, and then construct QSL based on 2-BID.As the first step, we define the assertion language as an extension of BI-logic, tailored for specifying properties ofquantum states, with a special consideration of accommodating entanglement and separation together. F.1. BI-Logic with nondeterministic composition
Here, we give an alternative definition of BI frame with nondeterministic composition, i.e., x ◦ y is a set of worlds ratherthan a single world. Definition F.1 (BI frame [1], [11]) . A BI frame is a tuple X = ( X, ◦ , (cid:22) , e ) , where X is a set equipped with a preorder (cid:22) ,and ◦ : X × X → ℘ ( X ) is a binary operation mapping to the power set of X with an unit element e and satisfying thefollowing conditions:1) (Commutativity) z ∈ x ◦ y ⇒ z ∈ y ◦ x ;2) (Unit Existence) x ∈ x ◦ e ;3) (Coherence) x ∈ y ◦ z ⇒ x (cid:23) y ;4) (Associativity) t (cid:48) (cid:23) t ∈ x ◦ y ∧ w ∈ t (cid:48) ◦ z ⇒ ∃ s, s (cid:48) , w (cid:48) ( s (cid:48) (cid:23) s ∈ y ◦ z ∧ w (cid:23) w (cid:48) ∈ x ◦ s (cid:48) ) .Moreover, a BI frame is said to be Downwards Closed (DC) if it satisfies(5) (Downwards Closed) z ∈ x ◦ y ∧ x (cid:48) (cid:22) x ∧ y (cid:48) (cid:22) y ⇒ ∃ z (cid:48) ( z (cid:48) ∈ x (cid:48) ◦ y (cid:48) ∧ z (cid:48) (cid:22) z ) The downwards closed property was identified in [57] to simplify the semantics of magic wand −∗ ; we also find it usefulfor proving the restriction property of ∗ .A valuation is a mapping V : AP → ℘ ( X ) , and it is monotonic if x ∈ V ( p ) and y (cid:23) x implies y ∈ V ( p ) . A BI frame X together with a monotonic valuation V gives a BI model M . Definition F.2 (Satisfaction in BI models [1], [11]) . Given a BI formula φ and a BI model M = ( X, ◦ , (cid:22) , e, V ) . For each x ∈ X , satisfaction relation x | = M φ is defined by induction on φ : x | = M p iff x ∈ V ( p ) x | = M (cid:62) : always x | = M ⊥ : never x | = M φ ∧ φ iff x | = M φ and x | = M φ x | = M φ ∨ φ iff x | = M φ or x | = M φ x | = M φ → φ iff for all x (cid:48) (cid:23) x, x (cid:48) | = M φ implies x (cid:48) | = M φ x | = M φ ∗ φ iff exists x (cid:48) , y, z s.t. x (cid:23) x (cid:48) ∈ y ◦ z, y | = M φ and z | = M φ x | = M φ −∗ φ iff for all x (cid:48) , y, z s.t. x (cid:48) (cid:23) x and z ∈ x (cid:48) ◦ y, y | = M φ implies z | = M φ . The judgment φ | = M ψ asserts that for every x ∈ X , whenever x | = M φ , it follows x | = M ψ . We write φ | = ψ iff φ | = M ψ holds for all models, and we say φ is valid, written | = φ , iff (cid:62) | = φ .Though the nondeterministic composition is considered and the definition of BI frame and BI model are somewhatdifferent from standard ones (see Section 2.3), it enjoys the same proof system in Hilbert-style is presented in Fig. 5. Inparticular, it not only sound but also complete. We use φ (cid:96) ψ to denote provability. In particular, we say φ is provable if (cid:62) (cid:96) φ is provable. Theorem F.1 (Soundness and Completeness of BI, c.f. [1], [11]) . For BI formulas φ and ψ , φ | = ψ iff φ (cid:96) ψ in Hilbertsystem shown in Fig. 5. (cid:48) . ξ (cid:96) φ µ (cid:96) ψ free ( φ ) ⊆ free ( ξ ) free ( ψ ) ⊆ free ( µ ) ξ ∗ µ (cid:96) φ ∗ ψ (cid:48) . µ ∗ φ (cid:96) ψ free ( µ ) ⊆ free ( ψ ) \ free ( φ ) µ (cid:96) φ −∗ ψ (cid:48) . ξ (cid:96) φ −∗ ψ µ (cid:96) φ free ( ψ ) \ free ( φ ) ⊆ free ( ξ ) free ( φ ) ⊆ free ( µ ) ξ ∗ µ (cid:96) ψ . free ( µ ) ⊆ free ( φ )( φ ∗ ψ ) ∧ µ (cid:96) ( φ ∧ µ ) ∗ ψ Figure 10: Hilbert-style rules for BID.
F.2. BID: BI with Domains
As discussed before, restriction property is not intrinsic in a standard BI logic. To preserve the restriction property ofimplication in the quantum setting, we need to introduce domains for both states (i.e. elements of a BI-frame) and atomicpropositions in order to explicitly specify the (quantum) variables under consideration.
Definition F.3 (BID frame) . A BID frame (a BI frame with domains) is a downwards closed
BI frame X = ( X, ◦ , (cid:22) , e ) together with a domain function dom : X → ℘ ( Y ) , where Y is a nonempty set of (quantum) variables, that satisfies:1) (Monotonicity) x (cid:22) y implies dom ( x ) ⊆ dom ( y ) ;2) (Restriction) For any S ⊆ Y and x ∈ X , there is exactly one x | S ∈ X such that x | S (cid:22) x and dom ( x | S ) = S ∩ dom ( x ) ;3) (Extension) For any S ⊆ Y and x ∈ X such that dom ( x ) ⊆ S , there exists y ∈ X such that x (cid:22) y and dom ( y ) = S ;4) (Union) z ∈ x ◦ y implies dom ( z ) = dom ( x ) ∪ dom ( y ) . Definition F.4 (BID model) . A BID model M is a tuple M = ( X, ◦ , (cid:22) , e, dom , free , V ) , where ( X, ◦ , (cid:22) , e, dom , V ) is aBID model, and free : AP → ℘ ( Y ) is a domain function for atomic propositions, such that for any x, y ∈ X and p ∈ AP ,1) (Monotonicity) x (cid:22) y and x ∈ V ( p ) implies y ∈ V ( p ) ;2) (Restriction) x ∈ V ( p ) implies free ( p ) ⊆ dom ( x ) and x | free ( p ) ∈ V ( p ) . Intuitively, free ( p ) defines the minimal domain of atomic proposition p , in the sense that the domain of any state x ∈ V ( p ) must contain free ( p ) . The domain function free can be extended from atomic propositions to all BI formula as follows:1) if φ ≡ (cid:62) or ⊥ , then free ( φ ) = ∅ ;2) if φ ≡ φ ∧ φ , φ ∨ φ , φ → φ , φ ∗ φ , then free ( φ ) = free ( φ ) ∪ free ( φ ) ;3) if φ ≡ φ −∗ φ , then free ( φ ) = free ( φ ) \ free ( φ ) .Now we can define satisfaction of BI-formulas in BID models. Here, we adopt a basic idea in classical separation logic[5], [6], [7], [8]: satisfaction x | = φ is only defined when dom ( x ) ⊇ free ( φ ) . Definition F.5 (Satisfaction in BID models) . Given a BID model M = ( X, ◦ , (cid:22) , e, V , dom , free ) . Let x ∈ X and φ be aBI-formula with dom ( x ) ⊇ free ( φ ) . Then satisfaction relation x | = M φ is defined by induction on φ :1) x | = M φ is defined in the same way as in Definition F.2 if φ = p, (cid:62) , ⊥ , φ ∧ φ , φ ∨ φ , φ → φ , φ ∗ φ ;2) x | = M φ −∗ φ iff for all x (cid:48) , y, z s.t. x (cid:48) (cid:23) x | free ( φ −∗ φ ) and z ∈ x (cid:48) ◦ y , y | = M φ implies z | = M φ . Accordingly, judgment φ | = M ψ now asserts that for every x ∈ X such that dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) , whenever x | = M φ , it holds that x | = M ψ . Moreover, φ | = ψ means that φ | = M ψ holds for all BID models, and φ is valid iff (cid:62) | = ψ holds.It is particularly important to see that monotonicity and the restriction property hold for satisfaction in BID models withthe downwards closed property. Proposition F.1 (Monotonicity and Restriction) . Given a BID model M , for all x, y ∈ X and BI-formula φ such that x (cid:22) y and free ( φ ) ⊆ dom ( x ) , x | = M φ if and only if y | = M φ . A proof system (for reasoning about validity of BI-logical formulas in BID models) can be obtained by modifying theproof system of BI-logic with appropriate domain assumptions. More precisely, it consists of rules 1–10 and 14–16 in Fig.5 together with rules 11 (cid:48) –13 (cid:48) and 17 in Fig. 10. Note that rule 17 is introduced so that the ordinary conjunction ∧ can bepulled into the separation conjunction ∗ (under certain domain conditions). Theorem F.2 (Soundness of BID) . For any BI-formulas φ and ψ , if φ (cid:96) ψ is provable in the BID proof system, then φ | = ψ for BID models. It should be pointed out that the interpretation of separation implication −∗ in BID (see Definition F.5) is different fromthat in BI (see Definition F.2). Thus, rules 11–13 are in general not sound for BID, and the domain assumptions in 11 (cid:48) –13 (cid:48) are necessary for soundness of these rules. Moreover, soundness of rule 17 is ensured by the restriction property.38 .3. 2-BID The BID models defined in the above subsection are still not strong enough for description of quantum states withentanglement resides between subsystems. In order to distinguish separable quantum states and entangled quantum states,we use ∗ in BI-logic as an uncorrelated conjunction and introduce (cid:5) as a general (possibly entangled) conjunction (a detaileddiscussion why (cid:5) is employed can be found in Section G.3): Definition F.6 (Syntax of 2-BID) . The 2-BID formulas are generated by the following syntax: φ, ψ ::= p ∈ AP | (cid:62) | ⊥ | φ ∧ ψ | φ ∨ ψ | φ → ψ | φ ∗ ψ | φ −∗ ψ | φ (cid:5) ψ | φ −(cid:5) ψ. Entanglement can now be expressed as a 2-BID formula of the form ( φ (cid:5) ψ ) ∧ ¬ χ , where χ describes the probabilisticcombination of a family of formulas φ i ∗ ψ i with φ i and ψ i depicting certain properties of the subsystems. To define thesemantics of 2-BID formulas, we propose a 2-BID frame as a tuple X = ( X, ◦ , • , (cid:22) , e, dom : X → ℘ ( Y )) , where both ( X, ◦ , (cid:22) , e, dom ) and ( X, • , (cid:22) , e, dom ) are BID frames and they are related by the following condition:(Weakening) z ∈ x ◦ y → z ∈ x • y .Various syntactic and semantic notions defined in the previous subsections can be straightforwardly generalised to 2-BID. First, a domain function free : AP → ℘ ( V ) for atomic propositions can be extended to all 2-BID formulas with thefollowing additional clauses for (cid:5) and −(cid:5) :1) if φ ≡ φ (cid:5) φ , then free ( φ ) = free ( φ ) ∪ free ( φ ) ;2) if φ ≡ φ −(cid:5) φ , then free ( φ ) = free ( φ ) \ free ( φ ) .Next, the satisfaction relation x | = M φ for states x in a 2-BID model M with dom ( x ) ⊇ free ( φ ) can be added by introducingthe following additional clauses:1) x | = φ (cid:5) φ iff exists x (cid:48) , x , x s.t. x (cid:23) x (cid:48) ∈ x • x , x | = φ and x | = φ ;2) x | = φ −(cid:5) φ iff for all x (cid:48) , x , x s.t. x (cid:48) (cid:23) x | free ( φ −(cid:5) φ ) and x ∈ x (cid:48) • x , x | = φ implies x | = φ .We write | = φ when φ holds for all state x such that dom ( x ) ⊇ free ( φ ) . As ( D , ◦ , (cid:22) , , dom ) and ( D , • , (cid:22) , , dom ) are bothBID frames, all properties of BID models automatically hold for 2-BID models. In particular, Proposition F.1 (monotonicityand the restriction property) is still true for 2-BID.A Hilbert-style proof system for 2-BID can be introduced as a combination of two subsystems, one for ∗ , −∗ and onefor (cid:5) , −(cid:5) , related by a rule defining the entailment between ∗ and (cid:5) . More precisely, it comprises all BID rules for (i.e.rules 1-10, 11 (cid:48) –13 (cid:48) and 14–17 in Fig. 5 and 10) and their variants for (cid:5) , −(cid:5) as well as the following additional rule: (Conjunction Weakening) . φ ∗ ψ (cid:96) φ (cid:5) ψ . The soundness of this proof system for 2-BID is a direct corollary of Theorem F.2 together with a trivial checking of therule (Conjunction Weakening). For convenience, we present several useful derived rules in the following:
Proposition F.2.
1) If | = φ → ψ and | = ψ → µ , then | = φ → µ .2) | = ( φ ∧ ψ ) ∗ µ → ( φ ∗ µ ) ∧ ( ψ ∗ µ ) , | = ( φ ∧ ψ ) (cid:5) µ → ( φ (cid:5) µ ) ∧ ( ψ (cid:5) µ ); | = φ ∗ ψ → φ (cid:5) ψ, | = φ (cid:5) ψ → φ ∧ ψ ; | = φ ∗ ψ → φ, | = φ (cid:5) ψ → φ ;5) If | = φ ↔ ψ and free ( φ ) = free ( ψ ) , then for any µ , | = µ ↔ µ [ φ/ψ ] where µ [ φ/ψ ] is obtained by replacing all ψ in µ by φ . Appendix G.Quantum Interpretation of 2-BID Logic
As said before, 2-BID logic is designed as the assertion language of our quantum separation logic. More precisely, it isused to describe properties of the states of quantum programs. An abstract semantics of 2-BID was defined in the previoussection in terms of 2-BID frames. In this section, this semantics will be concretised by defining a quantum frame.
G.1. 2-BID Frame of Quantum States
Basically, we consider the quantum states over specific registers as resources. Then two kinds of conjunction shouldbe introduced to model combinations of spatially separate quantum resources (quantum states over disjoint registers): auncorrelated conjunction “tensor product” ◦ and a general conjunction “coupling” • . Formally, they are defined as follows: Definition G.1.
The binary function ◦ and • : D × D → ℘ ( D ) mapping each pair of quantum states to a set of quantumstates are defined by: ) ρ ◦ ρ (cid:44) { ρ ⊗ ρ } if dom ( ρ ) ∩ dom ( ρ ) = ∅ ; otherwise, ρ ◦ ρ (cid:44) ∅ ;2) ρ • ρ (cid:44) (cid:8) ρ ∈ D ( dom ( ρ ) ∪ dom ( ρ )) (cid:12)(cid:12) ρ | dom ( ρ ) = ρ , ρ | dom ( ρ ) = ρ (cid:9) if dom ( ρ ) ∩ dom ( ρ ) = ∅ ; otherwise, ρ • ρ (cid:44) ∅ ;where dom is the domain function which specifies the quantum register that a quantum state lies on. The functions ◦ and • are used to collect the tensor product and the couplings of two quantum states, respectively,whenever they exist. If the domains of ρ and ρ have a nonempty overlap, then their tensor product and couplings are notwell-defined and thus ρ ◦ ρ and ρ • ρ return the empty set. As a comparison, ◦ defined here and in Definition 3.1 arethe same in principle.A partial order over quantum states considered as resources is the same as we defined in main text (Section 3, Definition3.2). The partial order (cid:22) is preserved under restriction: Proposition G.1.
1) For any S ⊆ V and ρ ∈ D , ρ | S (cid:22) ρ . Indeed, ρ | S is the unique quantum state with domain S ∩ dom ( ρ ) and ρ | S (cid:22) ρ .2) For any S ⊆ V and ρ, ρ (cid:48) ∈ D , if ρ (cid:22) ρ (cid:48) , then ρ | S (cid:22) ρ (cid:48) | S . Combining all of the ingredients defined above, we obtain:
Proposition G.2. ( D , ◦ , • , (cid:22) , , dom ) forms a 2-BID frame, where scalar number is understood as a state over the emptyregister, and dom denotes for the domain of quantum states. G.2. Atomic Propositions about Quantum States
Now we can interpret 2-BID logic in the quantum frame ( D , ◦ , • , (cid:22) , , dom ) . As a common practice, we need to choosedifferent sets of atomic propositions in different applications of our 2-BID logic. But the following assumptions about atomicpropositions should be satisfied:1) The domain function for atomic propositions free : AP → ℘ ( V ) is defined so that for each atomic proposition p ∈ AP , free ( p ) is a family of sets of quantum variables;2) The interpretation (cid:74) − (cid:75) : AP → ℘ ( D ) of atomic propositions is given so that for each atomic proposition p ∈ AP , (cid:74) p (cid:75) is a set of quantum states that is upward-closed and closed under restriction: for any ρ, σ ∈ D and p ∈ AP ,a) ρ (cid:22) σ and ρ ∈ (cid:74) p (cid:75) implies σ ∈ (cid:74) p (cid:75) ;b) ρ ∈ (cid:74) p (cid:75) implies free ( p ) ⊆ dom ( ρ ) and ρ | free ( p ) ∈ (cid:74) p (cid:75) . G.3. Quantum Interpretation of 2-BID Connectives
We saw in Section F.3 that the main difference between BI logic and 2-BID logic comes from spatial (separating)conjunctions and implications. Now we can further examine the difference in terms of their quantum interpretations withthe domain assumption.
Spatial Conjunctions : Only one spatial conjunction is needed in both classical and probabilistic separation logic. However,entanglement between quantum systems forces us to consider two different spatial conjunctions.First, independence between registers in probabilistic separation logic [9] can be naturally generalised into the quantumsetting: for two formulas φ and φ with disjoint domains, φ ∗ φ holds in quantum state ρ if ρ can be split into twouncorrelated states ρ and ρ that satisfy φ and φ , respectively. Formally, ρ | = φ ∗ φ if and only if there exist two states ρ and ρ such that ρ (cid:23) ρ ◦ ρ and ρ i | = φ i for i = 1 , (see Definition G.1 for operation ◦ ).To enable local reasoning in the presence of entanglement, we here introduce an additional spatial conjunction (cid:5) . Onemight question why no (cid:5) is employed in main text (see Section 3), basically there are two reasons: 1. (cid:5) can be encodedby ∧ and a side condition for free variables, i.e., φ (cid:5) ψ ↔ φ ∧ ψ if we assume free ( φ ) ∩ free ( ψ ) = ∅ ; 2. the side conditionfor free variables can be easily checked syntactically if no subscripting/aliasing is allowed in program logic; however, aswe point out in Conclusion (Section 8), we aim to verify programs with subscripting/aliasing, which would make checkingside conditions for free variables difficult, at least syntacticlly difficult. Therefore, we introduce (cid:5) rather than use ∧ . Fortwo formulas φ and φ with disjoint domains, a quantum state ρ ∈ D ( S ) satisfies φ (cid:5) φ if its restrictions on twodisjoint subsystems S , S ⊆ S , ρ | S and ρ | S satisfy φ and φ , respectively. Note that unlike in the case of independentconjunction ∗ , here state ρ can be entangled. This enables (cid:5) to be used in a situation where a program can be divided intoseveral parts acting on different registers, but its input is often entangled between these subsystems. In fact, many of theexisting quantum algorithms are designed in such a way. Spatial Implications : Usually, an implication is linked to its corresponding conjuction through a Galois connection. InBI-logic, the semantics of spatial −∗ corresponding to spatial conjunction ∗ is defined as follows: ρ | = φ −∗ φ iff for all ρ (cid:48) , ρ , ρ s.t. ρ (cid:22) ρ (cid:48) and ρ ∈ ρ (cid:48) ◦ ρ : ρ | = φ implies ρ | = φ (22)40n 2-BID logic, however, we have to reconsider the above definition with the domain assumption. It is reasonable to set thedomain of spatial implication free ( φ −∗ φ ) = free ( φ ) \ free ( φ ) . If we still adopt equation (22) to define the semantics of −∗ , then the restriction property will be violated. We choose to modify defining equation (22) as follows: ρ | = φ −∗ φ iff for all ρ (cid:48) , ρ , ρ s.t. ρ (cid:48) (cid:23) ρ | free ( φ −∗ φ ) and ρ ∈ ρ (cid:48) ◦ ρ , ρ | = φ implies ρ | = φ . (23)Note that in equation (23) ρ (cid:48) is required to range over all states (cid:23) ρ | free ( φ −∗ φ ) . Thus, the restriction property is automaticallysatisfied by −∗ .The above discussion also applies to the spatial implication −(cid:5) corresponding to conjunction (cid:5) . G.4. Quantum Modification of 2-BID Formulas
We conclude this section by presenting a technique of modifying 2-BID formulas, similar to the modification of BIformulas (see Section 3.4) but much more general since implication and separating implications are considered.
Definition G.2 (Modification of atomic propositions) . Let C be a unitary transformation q := U [ q ] or an initialisation q := | (cid:105) . For any atomic proposition p ∈ AP , if there exists a 2-BID formula φ such that:1) p and φ have the same domain: free ( p ) = free ( φ ) ;2) for all ρ ∈ D ( free ( p ) ∪ var ( C )) , ρ | = φ if and only if (cid:74) C (cid:75) ( ρ ) | = p ;then we say that φ is an C -modification of p and write p [ C ] (cid:44) φ . The modification of some atomic propositions may not exists. We write φ [ C ] ↓ whenever φ [ C ] is defined. The followingexamples give the modifications of those atomic propositions needed in the applications of quantum separation logicconsidered in this paper.The notion of modification can be easily extended to all 2-BID formulae: Definition G.3 (Modification of 2-BID formulas) . Let C be unitary transformation q := U [ q ] or initialisation q := | (cid:105) . Themodification φ [ C ] of 2-BID formula φ is defined by induction on the structure of φ :1) if φ ≡ (cid:62) or ⊥ , then φ [ C ] ≡ φ ;2) if φ ≡ p ∈ AP , then φ [ C ] is defined according to Definition G.2;3) if φ ≡ φ (cid:52) φ where (cid:52) ∈ {∧ , ∨ , → , (cid:5)} and φ [ C ] ↓ and φ [ C ] ↓ , then φ [ C ] ≡ φ [ C ] (cid:52) φ [ C ] ;4) if φ ≡ φ ∗ φ , thena) if C ≡ q := U [ q ] and φ i [ C ] ↓ and q ⊆ free ( φ i ) or q ∩ free ( φ i ) = ∅ for i = 1 , , then φ [ C ] ≡ φ [ C ] ∗ φ [ C ] ;b) if C ≡ q := | (cid:105) , then φ [ C ] ≡ (cid:26) ( φ [ C ] (cid:5) φ [ C ]) ∧ ( I free ( φ ) \ q ∗ I free ( φ ) \ q ) if q ∈ free ( φ ) ∪ free ( φ ) , φ [ C ] ↓ and φ [ C ] ↓ φ if q / ∈ free ( φ ) ∪ free ( φ )
5) if φ ≡ φ (cid:52) φ where (cid:52) ∈ {−(cid:5) , −∗} and C ≡ q := U [ q ] or q := | (cid:105) , then φ [ C ] ≡ (cid:26) φ (cid:52) φ [ C ] if var ( C ) ⊆ free ( φ ) \ free ( φ ) and φ [ C ] ↓ φ if var ( C ) ∩ free ( φ ) \ free ( φ ) = ∅ The modification of 2-BID formula is not as convention. Since implication is considered, it is necessary to find theweakest precondition of φ , to make the proof rules I NIT and U
NIT sound. For example, an initialization command q := | (cid:105) makes q uncorrelated with all other registers. As a consequence, the postcondition I q ∗ I q (cid:48) which asserts that two registers q and q (cid:48) are independent does not imply the precondition should assert the independence of q and q (cid:48) , e.g., I q ∗ I q (cid:48) , evenif I q [ q := | (cid:105) ] = I q and I q (cid:48) [ q := | (cid:105) ] = I q (cid:48) . In addition, the assumption of command variables and domains is declared formodification of −(cid:5) and −∗ , since we failed to derive the modified formula for the case var ( C ) ⊃ free ( φ ) \ free ( φ ) .A close connection between the semantics of a 2-BID formula φ and its modification φ [ C ] is shown in the following: Proposition G.3.
Let C be unitary transformation q := U [ q ] or initialisation q := | (cid:105) , and φ be any 2-BID formula. If itsmodification φ [ C ] is defined, then:1) φ and φ [ C ] have the same domain: free ( φ ) = free ( φ [ C ]) ;2) for all ρ ∈ D ( free ( φ ) ∪ var ( C )) , ρ | = φ [ C ] if and only if (cid:74) C (cid:75) ( ρ ) | = φ . We can also generalize the concept of modification to quantum operation. Formally, we define the E -Modification asfollows: φ [ C ] (cid:52) φ [ C ] also works for this case, but it is weaker since additional φ [ C ] ↓ should be assumed. ERM { φ [ q (cid:48) (cid:55)→ q ] } q := Perm ( q (cid:55)→ q (cid:48) )[ q ] { φ } RL OOP (cid:48) { φ ∗ M } C { φ ∗ I q } φ ∈ CM { φ ∗ I q } while { φ (cid:5) M } W EAK (cid:48) φ → φ (cid:48) { φ (cid:48) } C { ψ (cid:48) } ψ (cid:48) → ψ { φ } C { ψ } F RAME E { φ } C { ψ } free ( µ ) ∩ var ( C ) = ∅ free ( ψ ) ⊆ free ( φ ) ∪ var ( C ) { φ (cid:5) µ } C { ψ (cid:5) µ } Figure 11: Inference Rules for QSL of 2-BID. In RL
OOP , while is the abbreviation of while M [ q ] = 1 do C od , and M , M in assertions are regarded as projective predicates acting on q . In P ERM , Perm ( q (cid:55)→ q (cid:48) )[ q ] stands for the unitarytransformation which permutes the variables from q to q (cid:48) (see Section A for details). Definition G.4 ( E -Modification) . Let E be quantum operation on q . The E -Modification of a 2-BID formula φ is definedinductively:1) (Atomic Propositions) For atomic proposition p ∈ AP , if there exists 2-BID formula ψ such that:a) p and ψ have the same domain: free ( p ) = free ( ψ ) ;b) for all ρ ∈ D ( free ( p ) ∪ q ) , ρ | = ψ if and only if E ( ρ ) | = p ;then we say that ψ is an E -modification of p and write p [ E [ q ]] (cid:44) ψ .2) (Induction step) We write φ [ E [ q ]] ↓ if φ [ E [ q ]] is defined.a) if φ ≡ (cid:62) or ⊥ , then φ [ E [ q ]] ≡ φ ;b) if φ ≡ p ∈ AP , then φ [ E [ q ]] is defined according to Clause (1) ;c) if φ ≡ φ (cid:52) φ where (cid:52) ∈ {∧ , ∨ , → , (cid:5)} and both φ [ E [ q ]] ↓ and φ [ E [ q ]] ↓ , then φ [ E [ q ]] ≡ φ [ E [ q ]] (cid:52) φ [ E [ q ]] . Intuitively, if E [ q ]( φ ) ↓ , then for any state ρ , E ( ρ ) | = φ if and only if ρ | = E [ q ]( φ ) . Appendix H.Separation Logic for Quantum Programs with 2-BID as assertion logic
Now we are ready to present our separation logic for quantum programs with 2-BID logic interpreted in the quantumframe defined in the last section as the assertion language.Since all 2-BID formulas are restrictive, in contrast to Section 4, now a judgment is a Hoare triple of the form { φ } C { ψ } with both precondition φ and postcondition ψ being 2-BID formulas. Definition H.1 (Validity) . Let V be a set of quantum variables with free ( φ ) , free ( ψ ) , var ( C ) ⊆ V . Then a correctnessformula { φ } C { ψ } is true in the sense of partial correctness with respect to V , written V | = { φ } C { ψ } , if we have: ∀ ρ ∈ D ( V ) , ρ | = φ ⇒ (cid:74) C (cid:75) V ( ρ ) | = ψ. Here, satisfaction relation ρ | = φ and (cid:74) C (cid:75) V ( ρ ) | = ψ are defined according to the quantum interpretation of 2-BID logicgiven in Section G. Similarly, satisfaction does not depends on auxiliary variables.
Theorem H.1.
For any two sets V and V (cid:48) of variables, V | = { φ } C { ψ } if and only if V (cid:48) | = { φ } C { ψ } . As a consequence, we can drop V from V | = { φ } C { ψ } and simply write | = { φ } C { ψ } . H.1. Inference Rules
Most of the inference rules shown in main text (see Section 4, Figs. 2, 3 and 4) are sound. We list the different ruleshere and comment them in a few words. • Rule P ERM : At the first glance, one may think that this rule is a special case of rule U
NIT because permutation isa unitary transformation. Indeed, it is strictly stronger that what can be derived from U
NIT because entanglement isnot invariant under a permutation between quantum registers; in particular when the 2-BID formulas describing theinvolved quantum systems contain independence conjunction ∗ and implication −∗ . • Rules RL OOP (cid:48) : This one is slightly different than the one shown in Fig. 2 since if fact, φ and M have the disjointdomains, which leads to φ ∧ M equivalent to φ (cid:5) M . 42 Rules W EAK (cid:48) : note that the satisfaction relation for implication in 2-BID is different from it in BI, the φ → ψ isexactly equivalent to φ → G ψ . Thus, we can directly use the → . • Rules F RAME
E: The conditions free ( µ ) ∩ var ( C ) = ∅ and free ( ψ ) ⊆ free ( φ ) ∪ var ( C ) in the premise ensur that(1) satisfaction of µ is unchanged after executing C ; and (2) if φ (cid:5) µ has a non-empty interpretation, then ψ (cid:5) µ iswell-defined in the sense that the domains of ψ and µ do not overlap: free ( ψ ) ∩ free ( µ ) = ∅ .Since all formulas considered here are 2-BID formulas, the set of CM and SP (see Definition 4.2 and 4.4) can begeneralized to larger sets: Proposition H.1.
The formulas generated by following grammar are CM . φ, ψ ::= p ∈ P ∪ U ∪ U p | (cid:62) | ⊥ | φ ∧ ψ | φ (cid:5) ψ | µ −∗ ψ | φ ∈ SP | µ ∗ φ where µ is an arbitrary 2-BID formula, and µ ∈ SP . Proposition H.2.
The formulas generated by following grammar are SP : φ, ψ ::= p ∈ U | p ∈ P of rank 1 | (cid:62) | ⊥ | φ ∗ ψ | µ −∗ φ | µ −(cid:5) φ where P of rank 1 consists all rank 1 projections, and µ is formula with non-empty interpretation. To conclude this section, we show that quantum separation logic QSL consisting of all the proof rules listed in Figure2, 3 and 4 and 11 (RL
OOP and W
EAK are replaced by RL
OOP (cid:48) and W
EAK (cid:48) , respectively) are sound.
Theorem H.2 (Soundness of QSL) . The proof system QSL of 2-BID is sound for terminating programs; that is,if C is a terminating program, then (cid:96) { φ } C { ψ } implies | = { φ } C { ψ } . Appendix I.Deferred Proofs for Section F G and H
Most of the proofs in this part are tedious, and some of them are similar to previous proofs. Please find the proofsif needed.Proposition I.1.
Suppose X = ( X, ◦ , (cid:22) , e, dom : X (cid:55)→ ℘ ( Y )) is a BI frame with domain. Then the following statementshold:1) for any x, x (cid:48) ∈ X and S ⊆ Y , if x (cid:48) (cid:22) x and S ⊆ dom ( x (cid:48) ) , then x (cid:48) | S = x | S .2) for any S ⊆ Y and x ∈ X such that S ⊆ dom ( x ) , x | S is the unique least element of set { x (cid:48) | x (cid:48) (cid:22) x and S ⊆ dom ( x (cid:48) ) } .3) for any x, x (cid:48) ∈ X and S ⊆ Y , if x (cid:48) (cid:22) x , then x (cid:48) | S (cid:22) x | S .4) for any x ∈ X and S (cid:48) ⊆ S ⊆ Y , x | S (cid:48) (cid:22) x | S .Proof.
1. Note that x (cid:48) | S (cid:22) x (cid:48) (cid:22) x and dom ( x (cid:48) | S ) = S , so x (cid:48) | S = x | S according to the uniqueness of domain restriction.2. For any x (cid:48) such that x (cid:48) (cid:22) x and S ⊆ dom ( x (cid:48) ) , x | S = x (cid:48) | S (cid:22) x (cid:48) , so x | S is a least element of the set. Moreover,suppose y is another least element of the set, then x | S (cid:22) y and y (cid:22) x | S , by domain monotonicity, dom ( y ) = dom ( x | S ) = S ,so y = x | S according to the uniqueness of domain restriction. Therefore, x | S is the unique least element of the set.3. x (cid:48) (cid:22) x implies dom ( x (cid:48) ) ⊆ dom ( x ) . Note that dom ( x (cid:48) | S ) = dom ( x (cid:48) ) ∩ S ⊆ dom ( x ) ∩ S = dom ( x | S ) , and x (cid:48) | S (cid:22) x (cid:48) (cid:22) x , x | S (cid:22) x , so x (cid:48) | S (cid:22) x | S according to 2.4. Note that dom ( x | S (cid:48) ) = dom ( x ) ∩ S (cid:48) ⊆ dom ( x ) ∩ S = dom ( x | S ) , and x | S (cid:48) (cid:22) x , x | S (cid:22) x , so x | S (cid:48) (cid:22) x | S accordingto 2. Claim 1. φ | = M ψ if and only if | = M φ → ψ .Proof. At first, by the definition of domain for BI formula, free ( φ → ψ ) = free ( φ ) ∪ free ( ψ ) .(if part). For any x such that dom ( x ) ⊇ free ( φ → ψ ) and x (cid:48) (cid:23) x , note that by domain monotonicity (see Definition F.3(1)), dom ( x (cid:48) ) ⊇ dom ( x ) ⊇ free ( φ → ψ ) , thus by assumption, x (cid:48) | = M φ implies x (cid:48) | = M ψ , which leads to | = M φ → ψ .(only if part). If | = M φ → ψ , then for any x such that dom ( x ) ⊇ free ( φ → ψ ) , x | = M φ → ψ . Note that x (cid:23) x byreflexivity of preorder, so by the definition of satisfaction relation, x | = M φ implies x | = M ψ . Proof of Proposition F.1Proposition I.2 (Monotonicity and Restriction, Proposition F.1) . Given a BID model M , for all x, y ∈ X and BI-formula φ such that x (cid:22) y and free ( φ ) ⊆ dom ( x ) , x | = M φ if and only if y | = M φ . roof. The monotonicity holds as usual.
Lemma I.1 (Monotonicity) . Monotonicity extends to all formulas with respect to BID semantics. That is, for all BI-formula φ and x, y ∈ X , x (cid:22) y and x | = M φ implies y | = M φ . Moreover, with the downwards closed property, we can prove the restriction lemma for a BID model.
Lemma I.2 (Restriction) . Given a BID model M , for all x ∈ X and BI-formula φ , x | = M φ implies for any x (cid:48) (cid:22) x suchthat dom ( x (cid:48) ) ⊇ free ( φ ) , x (cid:48) | = M φ . Proof of Lemma I.1It is a corollary of the case for original BI [1], [2]. We prove it here by induction on the structure of the formulas.– φ ≡ p ∈ AP . x | = M p implies dom ( x ) ⊇ free ( p ) and x ∈ V ( p ) , so dom ( y ) ⊇ free ( p ) and y ∈ V ( p ) due to themonotonicity of domain and V , or equivalently, y | = M p .– φ ≡ (cid:62) ( ⊥ ) . Trivial.– φ ≡ φ ∧ ( ∨ ) φ . x | = M φ ∧ ( ∨ ) φ implies dom ( x ) ⊇ free ( φ ∧ ( ∨ ) φ ) and x | = M φ and(or) x | = M φ , byinduction hypothesis and monotonicity of domain, dom ( y ) ⊇ free ( φ ∧ ( ∨ ) φ ) and y | = M φ and(or) y | = M φ , so y | = M φ ∧ ( ∨ ) φ .– φ ≡ φ → φ . x | = M φ → φ implies that, dom ( x ) ⊇ free ( φ → φ ) and for all x (cid:22) x (cid:48) , x (cid:48) | = M φ implies x (cid:48) | = M φ . By monotonicity of domain, dom ( y ) ⊇ free ( φ → φ ) . Moreover, for any y (cid:22) y (cid:48) , y (cid:48) must satisfy x (cid:22) y (cid:48) ,therefore, y (cid:48) | = M φ implies y (cid:48) | = M φ , which concludes y | = M φ → φ .– φ ≡ φ ∗ φ . x | = M φ ∗ φ implies that, dom ( x ) ⊇ free ( φ ∗ φ ) and there exists x (cid:48) , x , x such that x (cid:23) x (cid:48) ∈ x ◦ x , x | = M φ and x | = M φ . Note that dom ( y ) ⊇ dom ( x ) ⊇ free ( φ ∗ φ ) and y (cid:23) x (cid:23) x (cid:48) , so y | = M φ ∗ φ .– φ ≡ φ −∗ φ . x | = M φ −∗ φ implies that, dom ( x ) ⊇ free ( φ −∗ φ ) and for all x (cid:48) , x (cid:48)(cid:48) , z s.t. x (cid:48) (cid:23) x | free ( φ −∗ φ ) and z ∈ x (cid:48) ◦ x (cid:48)(cid:48) , x (cid:48)(cid:48) | = M φ ⇒ z | = M φ . As y (cid:23) x , so dom ( y ) ⊇ free ( φ −∗ φ ) and y | free ( φ −∗ φ ) (cid:23) x | free ( φ −∗ φ ) , andthen trivially y | = M φ −∗ φ .Proof of Lemma I.2We prove this by induction on the structure of φ . Suppose x | = M φ , due to Proposition I.1 and monotonicity (LemmaI.1), it is sufficient to show x | free ( φ ) | = M φ (note that x | = M φ implies dom ( x ) ⊇ free ( φ ) , so x | free ( φ ) is well-defined).– φ ≡ p ∈ AP . By the restriction property of V .– φ ≡ (cid:62) ( ⊥ ) . Trivial.– φ ≡ φ ∧ ( ∨ ) φ . x | = M φ ∧ ( ∨ ) φ implies dom ( x ) ⊇ free ( φ ∧ ( ∨ ) φ ) and x | = M φ and(or) x | = M φ . Byinduction hypothesis, x | free ( φ ) | = M φ and(or) x | free ( φ ) | = M φ . By Proposition I.1, x | free ( φ ∧ ( ∨ ) φ ) (cid:23) x | free ( φ ) and x | free ( φ ∧ ( ∨ ) φ ) (cid:23) x | free ( φ ) , by monotonicity, x | free ( φ ∧ ( ∨ ) φ ) | = M φ and(or) x | free ( φ ∧ ( ∨ ) φ ) | = M φ , or equivalently, x | free ( φ ∧ ( ∨ ) φ ) | = M φ ∧ ( ∨ ) φ .– φ ≡ φ → φ . x | = M φ → φ implies dom ( x ) ⊇ free ( φ → φ ) = free ( φ ) ∪ free ( φ ) and x | = M φ ⇒ x | = M φ .So dom (cid:16) x | free ( φ → φ ) (cid:17) ⊇ free ( φ → φ ) . For any x (cid:48) (cid:23) x | free ( φ → φ ) , note that x (cid:48) | free ( φ ) = (cid:16) x | free ( φ → φ ) (cid:17)(cid:12)(cid:12)(cid:12) free ( φ ) = x | free ( φ ) and similarly x (cid:48) | free ( φ ) = x | free ( φ ) according to Proposition I.1. By inductive hypothesis and monotonicity, x (cid:48) | = M φ ⇔ x (cid:48) | free ( φ ) | = M φ ⇔ x | free ( φ ) | = M φ ⇔ x | = M φ and similarly x (cid:48) | = M φ ⇔ x | = M φ , thus x (cid:48) | = M φ ⇒ x (cid:48) | = M φ . In summary, x | free ( φ → φ ) | = M φ → φ . – φ ≡ φ ∗ φ . x | = M φ ∗ φ implies that, dom ( x ) ⊇ free ( φ ∗ φ ) = free ( φ ) ∪ free ( φ ) and there exists x (cid:48) , x , x suchthat x (cid:23) x (cid:48) ∈ x ◦ x , x | = M φ and x | = M φ . By inductive hypothesis and monotonicity, x | free ( φ ) | = M φ and x | free ( φ ) | = M φ . Note that x (cid:48) ∈ x ◦ x and x | free ( φ ) (cid:22) x and x | free ( φ ) (cid:22) x , by downwards closed property of ◦ , there exists z ∈ x | free ( φ ) ◦ x | free ( φ ) such that z (cid:22) x (cid:48) (cid:22) x , and obviously, z | = M φ ∗ φ . Moreover, by domainunion of ◦ , dom ( z ) = dom (cid:16) x | free ( φ ) (cid:17) ∪ dom (cid:16) x | free ( φ ) (cid:17) = free ( φ ) ∪ free ( φ ) , and by the uniqueness of domainrestriction, z = x | free ( φ ) ∪ free ( φ ) = x | free ( φ ∗ φ ) , therefore, x | free ( φ ∗ φ ) | = M φ ∗ φ .– φ ≡ φ −∗ φ . x | = M φ −∗ φ implies dom ( x ) ⊇ free ( φ −∗ φ ) , and thus dom (cid:16) x | free ( φ −∗ φ ) (cid:17) ⊇ free ( φ −∗ φ ) . Bydefinition, x | free ( φ −∗ φ ) | = M φ −∗ φ if we realize (cid:16) x | free ( φ −∗ φ ) (cid:17)(cid:12)(cid:12)(cid:12) free ( φ −∗ φ ) = x | free ( φ −∗ φ ) . Theorem I.1 (Deduction Theorem for BID) . For any BI formulas φ and ψ , φ (cid:96) ψ is provable iff φ → ψ is provable. roof of Theorem I.1 Indeed, with Hilbert rule 1, 2, 6, 9, 10 shown in Figure 5, the deduction theorem holds. For example, we may take thefollowing proofs:(only if part): φ (cid:96) ψ , (cid:62) ∧ φ (cid:96) ψ (6), (cid:62) (cid:96) φ → ψ (10).(if part): (cid:62) (cid:96) φ → ψ , φ ∧ (cid:62) (cid:96) φ → ψ (6), φ (cid:96) (cid:62) → ( φ → ψ ) (10), φ (cid:96) (cid:62) (2), φ (cid:96) φ → ψ (9), φ (cid:96) φ (1), φ (cid:96) ψ (10). Proof of Theorem F.2Theorem I.2 (Soundness of BID, Theorem F.2) . For any BI-formulas φ and ψ , if φ (cid:96) ψ is provable in the BID proofsystem, then φ | = ψ for BID models. . φ (cid:96) φ . φ (cid:96) (cid:62) . ⊥ (cid:96) φ . µ (cid:96) φ µ (cid:96) ψµ (cid:96) φ ∧ ψ . φ (cid:96) ψ ∧ ψ φ (cid:96) ψ i . φ (cid:96) ψµ ∧ φ (cid:96) ψ . µ (cid:96) ψ φ (cid:96) ψµ ∨ φ (cid:96) ψ . φ (cid:96) ψ i φ (cid:96) ψ ∨ ψ . µ (cid:96) φ → ψ µ (cid:96) φµ (cid:96) ψ . µ ∧ φ (cid:96) ψµ (cid:96) φ → ψ (cid:48) . ξ (cid:96) φ µ (cid:96) ψ free ( φ ) ⊆ free ( ξ ) free ( ψ ) ⊆ free ( µ ) ξ ∗ µ (cid:96) φ ∗ ψ (cid:48) . µ ∗ φ (cid:96) ψ free ( µ ) ⊆ free ( ψ ) \ free ( φ ) µ (cid:96) φ −∗ ψ (cid:48) . ξ (cid:96) φ −∗ ψ µ (cid:96) φ free ( ψ ) \ free ( φ ) ⊆ free ( ξ ) free ( φ ) ⊆ free ( µ ) ξ ∗ µ (cid:96) ψ . φ ∗ ψ (cid:96) ψ ∗ φ . ( φ ∗ ψ ) ∗ ξ (cid:96) φ ∗ ( ψ ∗ ξ ) 16 . φ ∗ (cid:62) (cid:97)(cid:96) φ . free ( µ ) ⊆ free ( φ )( φ ∗ ψ ) ∧ µ (cid:96) ( φ ∧ µ ) ∗ ψ Figure 12: Hilbert-style rules for BID. i = 1 or for rules 5 and 8. Proof.
Due to the domain assumption, we write φ | = M ψ iff for all x such that dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) , x | = M φ implies x | = M ψ . Indeed, in [6], the authors explained φ | = M ψ in the same way, see Section 3.2.It is enough to show the soundness of each rule shown in Figure 10. Suppose M is an arbitrary 2-BID model and let x be an arbitrary state in M . As shown in Definition F.5, we will use the fact: φ | = M ψ (cid:44) | = M φ → ψ iff for all x ∈ X such that dom ( x ) ⊇ free ( φ → ψ ) = free ( φ ) ∪ free ( ψ ) , x | = M φ implies x | = M ψ .– rules 1-3: obvious.– rule 4: by assumptions, 1. ∀ x : dom ( x ) ⊇ free ( µ ) ∪ free ( φ ) , x | = M µ ⇒ x | = M φ and 2. ∀ x : dom ( x ) ⊇ free ( µ ) ∪ free ( ψ ) , x | = M µ ⇒ x | = M ψ . So for any x such that dom ( x ) ⊇ free ( µ ) ∪ free ( φ ) ∪ free ( ψ ) , if x | = M µ ,then x | = M φ and x | = M ψ , or equivalently, x | = M φ ∧ ψ .– rule 5: by assumptions, ∀ x : dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) ∪ free ( ψ ) , x | = M φ ⇒ x | = M ψ and x | = M ψ .For any x such that dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) , by existence of domain extension, there exists y (cid:23) x such that dom ( y ) ⊇ free ( φ ) ∪ free ( ψ ) ∪ free ( ψ ) . If x | = M φ , by Proposition F.1, y | = M φ , by assumption, y | = M ψ , so x | = M ψ . Similar for φ (cid:96) ψ .– rule 6: by assumptions, ∀ x : dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) , x | = M φ ⇒ x | = M ψ . For any x such that dom ( x ) ⊇ free ( µ ) ∪ free ( φ ) ∪ free ( ψ ) , if x | = M µ ∧ φ , then x | = M φ , by assumption, x | = M ψ .– rule 7: by assumptions, 1. ∀ x : dom ( x ) ⊇ free ( µ ) ∪ free ( ψ ) , x | = M µ ⇒ x | = M ψ and 2. ∀ x : dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) , x | = M φ ⇒ x | = M ψ . So for any x such that dom ( x ) ⊇ free ( µ ) ∪ free ( φ ) ∪ free ( ψ ) , if x | = M µ ∨ φ ,then x | = M µ or x | = M ψ , by assumption, either of them implies x | = M ψ .– rule 8: suppose φ | = M ψ , then ∀ x : dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) , x | = M φ ⇒ x | = M ψ . So for any x such that dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) ∪ free ( ψ ) , if x | = M φ , then by assumption, x | = M ψ , so x | = M ψ ∨ ψ .– rule 9: by assumptions, 1. ∀ x : dom ( x ) ⊇ free ( µ ) ∪ free ( φ ) ∪ free ( ψ ) , x | = M µ ⇒ x | = M φ → ψ and 2. ∀ x : dom ( x ) ⊇ free ( µ ) ∪ free ( φ ) , x | = M µ ⇒ x | = M φ . For any x such that dom ( x ) ⊇ free ( µ ) ∪ free ( ψ ) , by existenceof domain extension, there exists y (cid:23) x such that dom ( y ) ⊇ free ( µ ) ∪ free ( φ ) ∪ free ( ψ ) . If x | = M µ , by PropositionF.1, y | = M µ , by assumptions, y | = M φ , y | = M φ → ψ , and note y (cid:22) y , so y | = M ψ by definition, thus, x | = M ψ asdesired.– rule 10: by assumption, ∀ x : dom ( x ) ⊇ free ( µ ) ∪ free ( φ ) ∪ free ( ψ ) , x | = M µ ∧ φ ⇒ x | = M ψ . For any x such that dom ( x ) ⊇ free ( µ ) ∪ free ( φ ) ∪ free ( ψ ) , if x | = M µ , then for all x (cid:48) (cid:23) x , if x (cid:48) | = M φ , then by monotonicity, x (cid:48) | = M µ ,so x (cid:48) | = M µ ∧ φ , by assumption, x (cid:48) | = M ψ , therefore, x | = M φ → ψ .– rule 11 (cid:48) : by assumptions, 1. ∀ x : dom ( x ) ⊇ free ( ξ ) ∪ free ( φ ) = free ( ξ ) , x | = M ξ ⇒ x | = M φ and 2. ∀ x : dom ( x ) ⊇ free ( µ ) ∪ free ( ψ ) = free ( µ ) , x | = M µ ⇒ x | = M ψ . For any x such that dom ( x ) ⊇ free ( ξ ) ∪ free ( µ ) ∪ free ( φ ) ∪ free ( ψ ) = free ( ξ ) ∪ free ( µ ) , if x | = M ξ ∗ µ , then there exists x (cid:48) , x , x such that x (cid:23) x (cid:48) ∈ x ◦ x , x | = M ξ and x | = M µ .Note that dom ( x ) ⊇ free ( ξ ) , so x | = M φ , and similarly, x | = M ψ , therefore, x | = M φ ∗ ψ .45 rule 12 (cid:48) : by assumption, 1. free ( µ ) ⊆ free ( ψ ) \ free ( φ ) = free ( φ −∗ ψ ) , and so 2. free ( µ ) ∪ free ( φ ) ∪ free ( ψ ) = free ( φ ) ∪ free ( ψ ) , and 3. ∀ x : dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) , x | = M µ ∗ φ ⇒ x | = M ψ . For any x such that dom ( x ) ⊇ free ( µ ) ∪ free ( φ −∗ ψ ) = free ( φ −∗ ψ ) , if x | = M µ , then for any x (cid:48) (cid:23) x | free ( φ −∗ ψ ) , note that x | free ( φ −∗ ψ ) (cid:23) x | free ( µ ) by Proposition I.1, so according to Proposition F.1, we have x | = M µ ⇔ x | free ( µ ) | = M µ ⇔ x | free ( φ −∗ ψ ) | = M µ ⇔ x (cid:48) | = M µ . For any y | = M φ and z ∈ x (cid:48) ◦ y , by definition, z | = M µ ∗ φ , and note that dom ( z ) = dom ( x (cid:48) ) ∪ dom ( y ) ⊇ free ( φ −∗ ψ ) ∪ free ( φ ) = free ( ψ ) ∪ free ( φ ) , so z | = M ψ . Thus, we have µ | = M φ −∗ ψ .– rule 13 (cid:48) : for any x such that dom ( x ) ⊇ free ( ξ ∗ µ ) ∪ free ( φ ) , suppose x | = M ξ ∗ µ , then there exist x (cid:48) , y, z suchthat x (cid:23) x (cid:48) ∈ y ◦ z , y | = M ξ , z | = M µ . On the one hand, by assumptions µ | = M φ and free ( φ ) ⊆ free ( µ ) , so dom ( z ) ⊇ free ( µ ) = free ( µ ) ∪ free ( φ ) , and z | = M φ . On the other hand, by another two assumptions, we realizethat dom ( y ) ⊇ free ( ξ ) = free ( ξ ) ∪ ( free ( ψ ) \ free ( φ )) = free ( ξ ) ∪ free ( φ −∗ ψ ) and thus y | = M φ −∗ ψ . Recall that y (cid:23) y | free ( φ −∗ ψ ) , so z | = M µ and x (cid:48) ∈ y ◦ z imply x (cid:48) | = M ψ . Finally by monotonicity, x | = M ψ .– rule 14: for any x such that dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) , if x | = M φ ∗ ψ , then there exists x (cid:48) , x , x such that x (cid:23) x (cid:48) ∈ x ◦ x , x | = M φ and x | = M ψ . The commutativity of ◦ ensures that x (cid:48) ∈ x ◦ x , therefore, x | = M ψ ∗ φ .– rule 15: For any x such that dom ( x ) ⊇ free ( φ ) ∪ free ( ψ ) ∪ free ( ξ ) , x | = M ( φ ∗ ψ ) ∗ ξ , then there exists x (cid:48) , y, z s.t. x (cid:23) x (cid:48) ∈ y ◦ z , y | = M φ ∗ ψ , z | = M ξ , then there exists y (cid:48) , w, t s.t. y (cid:23) y (cid:48) ∈ w ◦ t , w | = M φ , t | = M ψ . Note that x (cid:48) ∈ y ◦ z and y (cid:23) y (cid:48) ∈ w ◦ t , by associativity, there exists s, s (cid:48) , w (cid:48) , such that s (cid:48) (cid:23) s ∈ t ◦ z and x (cid:48) (cid:23) w (cid:48) ∈ w ◦ s (cid:48) . So, s | = M ψ ∗ ξ and by monotonicity, s (cid:48) | = M ψ ∗ ξ , and thus, x (cid:48) | = M φ ∗ ( ψ ∗ ξ ) , again by monotonicity, we conclude x | = M φ ∗ ( ψ ∗ ξ ) as desired.– rule 16: ( (cid:96) ) For any x such that dom ( x ) ⊇ free ( φ ) , if x | = M φ ∗ (cid:62) , so there exists x (cid:48) , x , x such that x (cid:23) x (cid:48) ∈ x ◦ x , x | = M φ and x | = M (cid:62) . Coherence property of ◦ ensures that x (cid:23) x (cid:48) (cid:23) x , and by Proposition F.1, x | = M φ .( (cid:97) ) For any x such that dom ( x ) ⊇ free ( φ ) , if x | = M φ , the existence of unit of ◦ ensures that, x (cid:23) x ∈ x ◦ e , and notethat e | = M (cid:62) , so x | = M φ ∗ (cid:62) .– rule 17: For any x such that x | = M ( φ ∗ ψ ) ∧ µ , there exists x (cid:48) , x , x such that x (cid:23) x (cid:48) ∈ x ◦ x such that x | = M φ and x | = M ψ . Note that, dom ( x ) ⊇ free ( φ ) ⊇ free ( µ ) , and x (cid:23) x (cid:48) (cid:23) x by coherence of ◦ , thus x | = M µ byProposition F.1, so x | = M φ ∧ µ which leads to x | = M ( φ ∧ µ ) ∗ ψ . Proof of Proposition F.2Proposition I.3 (Proposition F.2) .
1) If | = φ → ψ and | = ψ → µ , then | = φ → µ .2) | = ( φ ∧ ψ ) ∗ µ → ( φ ∗ µ ) ∧ ( ψ ∗ µ ) , | = ( φ ∧ ψ ) (cid:5) µ → ( φ (cid:5) µ ) ∧ ( ψ (cid:5) µ ); | = φ ∗ ψ → φ, | = φ (cid:5) ψ → φ ;4) | = φ ∗ ψ → φ (cid:5) ψ, | = φ (cid:5) ψ → φ ∧ ψ ;
5) If | = φ ↔ ψ and free ( φ ) = free ( ψ ) , then for any µ , | = µ ↔ µ [ φ/ψ ] where µ [ φ/ψ ] is obtained by replacing all ψ in µ by φ .Proof.
1) Trivially using rules 6, 9 and 10.2) By rule 11 (cid:48) , | = ( φ ∧ ψ ) ∗ µ → φ ∗ µ and | = ( φ ∧ ψ ) ∗ µ → ψ ∗ µ , then by rule 4, | = ( φ ∧ ψ ) ∗ µ → ( φ ∗ µ ) ∧ ( ψ ∗ µ ) .Same for (cid:5) .3) By rule 11 (cid:48) , φ (cid:5) ψ | = φ (cid:5) (cid:62) and by rule 16, φ (cid:5) ψ | = φ .4) | = φ ∗ ψ → φ (cid:5) ψ followed by rule Conjunction Weakening. By (3) and rule 4, it is straightforward that φ (cid:5) ψ | = φ ∧ ψ .5) Since | = φ ↔ ψ and free ( φ ) = free ( ψ ) , we can realize that (cid:74) φ (cid:75) = (cid:74) ψ (cid:75) , and thus | = µ ↔ µ [ φ/ψ ] is straightforward.Mathematically, it can be proved by induction on the structure of µ and we omit it here.Since we fixed the quantum interpretation of 2-BID, we have the following proposition which is convenient for uses. Proposition I.4 (Equivalent forms) . We introduce the following proposition for some satisfaction relations based on thedefinitions of • and ◦ as they are more convenient in use. . (a) ρ | = φ (cid:5) ψ iff (b) dom ( ρ ) ⊇ free ( φ ) ∪ free ( ψ ) and exists disjoint S , S ⊆ dom ( ρ ) such that ρ | S | = φ and ρ | S | = ψ iff (c) dom ( ρ ) ⊇ free ( φ ) ∪ free ( ψ ) and free ( φ ) ∩ free ( ψ ) = ∅ , ρ | = φ , ρ | = ψ . . (a) ρ | = φ ∗ ψ iff (b) dom ( ρ ) ⊇ free ( φ ) ∪ free ( ψ ) and free ( φ ) ∩ free ( ψ ) = ∅ , ρ | = φ , ρ | = ψ , ρ (cid:23) ρ | free ( φ ) ⊗ ρ | free ( ψ ) . . (a) ρ | = φ −(cid:5) ψ iff (b) ∀ ρ , ρ such that dom ( ρ ) = free ( φ ) and ρ ∈ ρ | free ( φ −(cid:5) ψ ) • ρ , ρ | = φ implies ρ | = ψ . . (a) ρ | = φ −∗ ψ iff (b) ∀ ρ such that dom ( ρ ) = free ( φ ) , ρ | = φ implies ρ | free ( φ −(cid:5) ψ ) ⊗ ρ | = ψ . . (a) ρ | = φ → ψ iff (b) dom ( ρ ) ⊇ free ( φ → ψ ) , and ρ | = φ implies ρ | = ψ . Remark I.1.
One might question why we set (cid:5) as a primitive connective in assertion logic since by 1. (c), the domainconditions free ( φ ) ∩ free ( ψ ) = ∅ can be checked syntactically and the rest conditions ρ | = φ , ρ | = ψ can be explained by | = φ ∧ ψ . An important consideration for (cid:5) is the possible extension of our logic when subscripting/aliasing is allowed inquantum programming languages, since subscripts and aliases are widely used for large quantum programs in most of thecurrent quantum programming platforms. Similar to the motivation of pointer separation logic, the domain side condition free ( φ ) ∩ free ( ψ ) = ∅ can no longer be syntactically checked when subscripting/aliasing is allowed and then the separationconjunction (cid:5) is helpful and necessary: spatial separation can be encoded in (cid:5) and thus some involving domain checkingmay be handled easier elsewhere.Proof. . If (a), then dom ( ρ ) ⊇ free ( φ ) ∪ free ( ψ ) and exists ρ (cid:48) , ρ , ρ s.t. ρ (cid:23) ρ (cid:48) ∈ ρ • ρ , ρ | = φ and ρ | = φ . Set S = dom ( ρ ) and S = dom ( ρ ) , so S , S ⊆ dom ( ρ ) , S ∩ S = ∅ , ρ | S = ρ , ρ | S = ρ , ρ | S | = φ and ρ | S | = ψ ,which implies (b).If (b), then dom ( ρ ) ⊇ free ( φ ) ∪ free ( ψ ) , S ⊇ free ( φ ) , S ⊇ free ( ψ ) , free ( φ ) ∩ free ( ψ ) = ∅ , and by Kripke monotonicity, ρ | = φ , ρ | = ψ , which is just (c).If (c), then set ρ = ρ | free ( φ ) and ρ = ρ | free ( ψ ) , as their domain are disjoint, so ρ (cid:48) (cid:44) ρ | free ( φ ) ∪ free ( ψ ) ∈ ρ • ρ and ρ (cid:23) ρ (cid:48) , by Proposition F.1, ρ | = φ , ρ | = ψ , which is (a).Therefore, (a) iff (b) iff (c). . If (a), by definition, there exists ρ (cid:48) , ρ , ρ such that ρ (cid:23) ρ (cid:48) ∈ ρ ◦ ρ and ρ | = φ , ρ | = ψ . Note that if ρ ◦ ρ isnot empty, then ρ (cid:48) = ρ ⊗ ρ is the only element. By monotonicity, ρ | = φ , ρ | = ψ , and downwards closed property, ρ (cid:23) ρ (cid:48) = ρ ⊗ ρ (cid:23) ρ | free ( φ ) ⊗ ρ | free ( ψ ) if we realize that ρ (cid:23) ρ (cid:23) ρ | free ( φ ) and ρ (cid:23) ρ (cid:23) ρ | free ( ψ ) .If (b), by Proposition F.1, ρ | free ( φ ) | = φ and ρ | free ( ψ ) | = ψ , and ρ (cid:23) ρ | free ( φ ) ⊗ ρ | free ( ψ ) ∈ ρ | free ( φ ) ◦ ρ | free ( ψ ) . Theselead to (a).Thus, (a) iff (b). . If (a), then by definition, (b) trivially holds.If (b), for all ρ (cid:48) , ρ (cid:48) , ρ (cid:48) such that ρ (cid:48) (cid:23) ρ | free ( φ −(cid:5) ψ ) and ρ (cid:48) ∈ ρ (cid:48) • ρ (cid:48) , and suppose ρ (cid:48) | = φ . Set ρ = ρ (cid:48) | free ( φ ) , andas ρ (cid:48) | = φ , so dom ( ρ (cid:48) ) ⊇ free ( φ ) and ρ = free ( φ ) , and ρ (cid:22) ρ (cid:48) , dom ( ρ ) | = φ by Proposition F.1. Moreover, bydownwards closed property, we know that there exists ρ such that ρ ∈ ρ | free ( φ −(cid:5) ψ ) • ρ and ρ (cid:22) ρ (cid:48) . By (b), weknow that ρ | = ψ , which leads to ρ (cid:48) | = ψ . Therefore, ρ | = φ −(cid:5) ψ .In summary, (a) iff (b). . Similar to arguments of , and realize the set of σ ◦ σ is a empty set or singleton (only element σ ⊗ σ ). . Trivial by Proposition F.1. In fact, once monotonicity and restriction are assumed, the interpretation of → in intuitionisticlogic are equivalent to its in classical logic. Remarks for Definition G.3Remark I.2.
Indeed, we can use the conventional modification (3) for also −(cid:5) and −∗ when C ≡ q := U [ q ] . However, (5)is strictly more powerful in the sense that, 1) when φ [ C ] is not defined but φ [ C ] ↓ , (5) gives a valid modification but (3)gives an undefined one and 2) when both φ [ C ] ↓ and φ [ C ] ↓ , (3) is derivable from (5) by using Proposition I.6. Remark I.3.
As implication is considered, to make the proof rule (Init) sound, it is necessary to find the weakest preconditionof φ . That is why the modification for ∗ is somewhat different: if (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ∪ free ( φ ) is a tensor product statebetween free ( φ ) and free ( φ ) and if q ∈ free ( φ ) , then the input state ρ only need to be a tensor product state between free ( φ ) \ q and free ( φ ) . In fact, the initialization of q makes q separable from all other variables, so the input ρ is notnecessary to be a tensor product state between free ( φ ) and free ( φ ) . Proof of Proposition G.3Proposition I.5.
Let C be unitary transformation q := U [ q ] or initialisation q := | (cid:105) , and φ be any 2-BID formula. If itsmodification φ [ C ] is defined according to Definition G.2 and G.3, then:1) φ and φ [ C ] have the same domain: free ( φ ) = free ( φ [ C ]) ;2) for all ρ ∈ D ( free ( φ ) ∪ var ( C )) , ρ | = φ [ C ] if and only if (cid:74) C (cid:75) ( ρ ) | = φ .Proof. (1). Induction on the structure of φ .(2). We will introduce following lemmas which can be realized easily, and set variable set V = D ( free ( φ ) ∪ var ( C )) .Now we start to prove (2) by following two statements: Statement 1:
For any ρ ∈ D ( V ) , ρ | = φ [ q := | (cid:105) ] if and only if (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ .1) φ ∈ AP . By Definition G.2.2) φ ≡ (cid:62) or ⊥ . Trivial. 47) φ ≡ φ ∧ ( ∨ ) φ . For any ρ ∈ D ( V ) , first by induction hypothesis, ρ | = φ i [ q := | (cid:105) ] ⇔ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ i for i = 1 , .Thus, ρ | = φ [ q := | (cid:105) ] ≡ φ [ q := | (cid:105) ] ∧ ( ∨ ) φ [ q := | (cid:105) ] ⇐⇒ ρ | = φ [ q := | (cid:105) ] and(or) ρ | = φ [ q := | (cid:105) ] ⇐⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ and(or) (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ ⇐⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ ∧ ( ∨ ) φ . φ ≡ φ → φ . For any ρ ∈ D ( V ) , first by induction hypothesis, ρ | = φ i [ q := | (cid:105) ] ⇔ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ i for i = 1 , .Thus, ρ | = φ [ q := | (cid:105) ] ≡ φ [ q := | (cid:105) ] → φ [ q := | (cid:105) ] ⇐⇒ ρ | = φ [ q := | (cid:105) ] implies ρ | = φ [ q := | (cid:105) ] ⇐⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ implies (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ ⇐⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ → φ . φ ≡ φ (cid:5) φ . For any ρ ∈ D ( V ) , first by induction hypothesis, ρ | = φ i [ q := | (cid:105) ] ⇔ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ i for i = 1 , .Thus, by Proposition I.4, ρ | = φ [ q := | (cid:105) ] ≡ φ [ q := | (cid:105) ] (cid:5) φ [ q := | (cid:105) ] ⇐⇒ free ( φ [ q := | (cid:105) ]) ∩ free ( φ [ q := | (cid:105) ]) = ∅ , ρ | = φ [ q := | (cid:105) ] and ρ | = φ [ q := | (cid:105) ] ⇐⇒ free ( φ ) ∩ free ( φ ) = ∅ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ and (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ ⇐⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ (cid:5) φ . φ ≡ φ ∗ φ . For any ρ ∈ D ( V ) , first by induction hypothesis, ρ | = φ i [ q := | (cid:105) ] ⇔ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ i for i = 1 , . · Case 1: q ∈ free ( φ ) ∪ free ( φ ) and φ [ q := | (cid:105) ] ≡ ( φ [ q := | (cid:105) ] (cid:5) φ [ q := | (cid:105) ]) ∧ ( I free ( φ ) \ q ∗ I free ( φ ) \ q ) . Followingby Proposition I.4 and Lemma B.3, we have : ρ | = ( φ [ q := | (cid:105) ] (cid:5) φ [ q := | (cid:105) ]) ∧ ( I free ( φ ) \ q ∗ I free ( φ ) \ q ) ⇐⇒ free ( φ [ q := | (cid:105) ]) ∩ free ( φ [ q := | (cid:105) ]) = ∅ , ρ | = φ [ q := | (cid:105) ] , ρ | = φ [ q := | (cid:105) ] and ρ (cid:23) ρ | free ( φ ) \ q ⊗ ρ | free ( φ ) \ q ⇐⇒ free ( φ ) ∩ free ( φ ) = ∅ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ and (cid:74) q := | (cid:105) (cid:75) ( ρ ) (cid:23) (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ⊗ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ⇐⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ ∗ φ . · Case 2: q / ∈ free ( φ ) ∪ free ( φ ) , and φ [ q := | (cid:105) ] ≡ φ [ q := | (cid:105) ] ∗ φ [ q := | (cid:105) ] . So, ρ | free ( φ ) ∪ free ( φ ) = (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ∪ free ( φ ) , then using induction hypothesis we have: ρ | = φ [ q := | (cid:105) ] ∗ φ [ q := | (cid:105) ] ⇐⇒ free ( φ [ q := | (cid:105) ]) ∩ free ( φ [ q := | (cid:105) ]) = ∅ , ρ | = φ [ q := | (cid:105) ] , ρ | = φ [ q := | (cid:105) ] and ρ (cid:23) ρ | free ( φ ) ⊗ ρ | free ( φ ) ⇐⇒ free ( φ ) ∩ free ( φ ) = ∅ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ and (cid:74) q := | (cid:105) (cid:75) ( ρ ) (cid:23) (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ⊗ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ⇐⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ ∗ φ . φ ≡ φ −(cid:5) φ . For any ρ ∈ D ( V ) , we consider following two cases: · Case 1: q / ∈ free ( φ ) \ free ( φ ) , φ [ q := | (cid:105) ] ≡ φ . Note that free ( φ ) = free ( φ ) \ free ( φ ) , so by Lemma B.1, ρ | free ( φ ) = (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) , and then ρ | = φ [ q := | (cid:105) ] ⇔ ρ | free ( φ ) | = φ ⇔ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) | = φ ⇔ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ . · Case 2: q ∈ free ( φ ) \ free ( φ ) , φ [ q := | (cid:105) ] ≡ φ −(cid:5) φ [ q := | (cid:105) ] . We proof the following two directions byProposition I.4.- If ρ | = φ [ q := | (cid:105) ] , then (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ .First we have ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ∀ ρ ∈ ρ | free ( φ ) • ρ , ρ | = φ ⇒ ρ | = φ [ q := | (cid:105) ] .Then, ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ∀ ρ ∈ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) • ρ , note that (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) = (cid:74) q := | (cid:105) (cid:75) ( ρ | free ( φ ) ) , by Lemma B.2, ∃ ρ ∈ ρ | free ( φ ) • ρ s.t. (cid:74) q := | (cid:105) (cid:75) ( ρ ) = ρ . If ρ | = φ , then48 | = φ [ q := | (cid:105) ] , by induction hypothesis, (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ , or equivalently, ρ | = φ . So, (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ −(cid:5) φ ≡ φ .- If (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ , then ρ | = φ [ q := | (cid:105) ] .First we have ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ∀ ρ ∈ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) • ρ , ρ | = φ ⇒ ρ | = φ .Then, ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ∀ ρ ∈ ρ | free ( φ ) • ρ , by Lemma B.2, ∃ ρ ∈ (cid:74) q := | (cid:105) (cid:75) ( ρ | free ( φ ) ) • ρ s.t. (cid:74) q := | (cid:105) (cid:75) ( ρ ) = ρ . Note that (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) = (cid:74) q := | (cid:105) (cid:75) ( ρ | free ( φ ) ) , so ρ ∈ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) • ρ .If ρ | = φ , then ρ | = φ , (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ , by induction hypothesis, ρ | = φ [ q := | (cid:105) ] . So, ρ | = φ −(cid:5) φ [ q := | (cid:105) ] ≡ φ [ q := | (cid:105) ] .8) φ ≡ φ −∗ φ . For any ρ ∈ D ( V ) , we consider following two cases: · Case 1: q / ∈ free ( φ ) \ free ( φ ) , φ [ q := | (cid:105) ] ≡ φ . Note that free ( φ ) = free ( φ ) \ free ( φ ) , so by Lemma B.1, ρ | free ( φ ) = (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) , and then ρ | = φ [ q := | (cid:105) ] ⇔ ρ | free ( φ ) | = φ ⇔ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) | = φ ⇔ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ . · Case 2: q ∈ free ( φ ) \ free ( φ ) , φ [ q := | (cid:105) ] ≡ φ −∗ φ [ q := | (cid:105) ] . By Proposition I.4 and Lemma B.1, B.2, weobserve: ρ | = φ [ q := | (cid:105) ] ≡ φ −∗ φ [ q := | (cid:105) ] ⇐⇒ ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ρ | = φ ⇒ ρ | free ( φ ) ⊗ ρ | = φ [ q := | (cid:105) ] ⇐⇒ ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ρ | = φ ⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ | free ( φ ) ⊗ ρ ) | = φ ⇐⇒ ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ρ | = φ ⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | free ( φ ) ⊗ ρ | = φ ⇐⇒ (cid:74) q := | (cid:105) (cid:75) ( ρ ) | = φ −∗ φ ≡ φ Statement 2:
For any ρ ∈ D ( V ) , ρ | = φ [ q := U [ q ]] if and only if (cid:74) q := U [ q ] (cid:75) ( ρ ) | = φ .1) φ ∈ AP . By Definition G.2.2) φ ≡ (cid:62) or ⊥ . Trivial.3) φ ≡ φ ∧ ( ∨ ) φ . Similar to Statement 1 (3).4) φ ≡ φ → φ . Similar to Statement 1 (4).5) φ ≡ φ (cid:5) φ . Similar to Statement 1 (5).6) φ ≡ φ ∗ φ . By assumption q ∈ P v ( φ ) , either q ⊆ free ( φ ) or q ⊆ free ( φ ) or q ∩ ( free ( φ ) ∪ free ( φ )) = ∅ . Soaccording to Lemma B.4 and induction hypothesis we have: ρ | = φ [ q := U [ q ]] ∗ φ [ q := U [ q ]] ⇐⇒ free ( φ [ q := U [ q ]]) ∩ free ( φ [ q := U [ q ]]) = ∅ , ρ | = φ [ q := U [ q ]] , ρ | = φ [ q := U [ q ]] and ρ (cid:23) ρ | free ( φ [ q := U [ q ]]) ⊗ ρ | free ( φ [ q := U [ q ]]) ⇐⇒ free ( φ ) ∩ free ( φ ) = ∅ , (cid:74) q := U [ q ] (cid:75) ( ρ ) | = φ , (cid:74) q := U [ q ] (cid:75) ( ρ ) | = φ and (cid:74) q := U [ q ] (cid:75) ( ρ ) (cid:23) (cid:74) q := U [ q ] (cid:75) ( ρ ) | free ( φ ) ⊗ (cid:74) q := U [ q ] (cid:75) ( ρ ) | free ( φ ) ⇐⇒ (cid:74) q := U [ q ] (cid:75) ( ρ ) | = φ ∗ φ . φ ≡ φ −(cid:5) φ . Similar to Statement 1 (7).8) φ ≡ φ −∗ φ . Similar to Statement 1 (8). Proof of Proposition I.6Proposition I.6.
For any φ , φ and any command C ≡ q := U [ q ] and φ [ C ] ↓ and φ [ C ] ↓ , then:1) If q ∩ free ( φ ) = ∅ , | = ( φ − ? φ ) ↔ ( φ [ C ] − ? φ ) ;2) If q ∩ free ( φ ) \ free ( φ ) = ∅ , | = ( φ − ? φ ) ↔ ( φ [ C ] − ? φ [ C ]) ;where − ? stands for −(cid:5) or −∗ .Proof. According to Proposition G.3, we have the following statement: if φ [ q := U [ q ]] ↓ , then Statement:
For any ρ ∈ D ( V ) , ρ | = φ [ q := U [ q ]] if and only if (cid:74) q := U [ q ] (cid:75) ( ρ ) | = φ .By restriction lemma and the existence of domain extension, we directly have:– if q ⊆ free ( φ ) , then ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ρ | = φ [ q := U [ q ]] ⇔ ( U q ⊗ I free ( φ ) \ q ) ρ ( U q † ⊗ I free ( φ ) \ q ) | = φ. – if q ∩ free ( φ ) = ∅ , then ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ρ | = φ [ q := U [ q ]] ⇔ ρ | = φ. −(cid:5) , and it is similar for −∗ . For statements , using Proposition I.4 weobserve: ρ | = φ −(cid:5) φ ⇐⇒ ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ∀ ρ ∈ ρ | free ( φ ) \ free ( φ ) • ρ , ρ | = φ ⇒ ρ | = φ ⇐⇒ ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ∀ ρ ∈ ρ | free ( φ ) \ free ( φ ) • ρ , ρ | = φ [ q := U [ q ]] ⇒ ρ | = φ ⇐⇒ ρ | = φ [ q := U [ q ]] −(cid:5) φ . For statement , there are two cases: · Case 1: q ⊆ free ( φ ) . We have: ρ | = φ [ q := U [ q ]] −(cid:5) φ [ q := U [ q ]] ⇐⇒ ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ∀ ρ ∈ ρ | free ( φ ) \ free ( φ ) • ρ , ρ | = φ [ q := U [ q ]] ⇒ ρ | = φ [ q := U [ q ]] ⇐⇒ ∀ ρ (cid:48) s.t. dom ( ρ ) = free ( φ ) , ∀ ρ (cid:48) ∈ ρ | free ( φ ) \ free ( φ ) • ρ (cid:48) , ρ (cid:48) | = φ ⇒ ρ (cid:48) | = φ ⇐⇒ ρ | = φ −(cid:5) φ . by realizing that there is one-to-one correspondence between ρ and ρ (cid:48) (cid:44) ( U q ⊗ I dom ( ρ ) \ q ) ρ ( U q † ⊗ I dom ( ρ ) \ q ) , andbetween ρ and ρ (cid:48) (cid:44) ( U q ⊗ I dom ( ρ ) \ q ) ρ ( U q † ⊗ I dom ( ρ ) \ q ) ; moreover, ρ ∈ ρ | free ( φ ) \ free ( φ ) • ρ if and only if ρ (cid:48) ∈ ρ | free ( φ ) \ free ( φ ) • ρ (cid:48) . These facts come from the reversibility of unitary transformations. · Case 2: q ∩ free ( φ ) = ∅ . So q ∩ ( free ( φ ) ∪ free ( φ )) = ∅ . Then obviously, ρ | = φ −(cid:5) φ ⇐⇒ ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ∀ ρ ∈ ρ | free ( φ ) \ free ( φ ) • ρ , ρ | = φ ⇒ ρ | = φ ⇐⇒ ∀ ρ s.t. dom ( ρ ) = free ( φ ) , ∀ ρ ∈ ρ | free ( φ ) \ free ( φ ) • ρ , ρ | = φ [ q := U [ q ]] ⇒ ρ | = φ [ q := U [ q ]] ⇐⇒ ρ | = φ [ q := U [ q ]] −(cid:5) φ [ q := U [ q ]] . Proof of Theorem H.1Theorem I.3 (Theorem H.1) . For any two sets V and V (cid:48) of variables, V | = { φ } C { ψ } if and only if V (cid:48) | = { φ } C { ψ } . Proof.
Similar to the proof of Theorem 4.1 by employing Proposition F.1.
Proof of Proposition H.1Proposition I.7 (Proposition H.1, Extended Version) . The formulas generated by following grammar are CM . φ, ψ ::= p ∈ AP | (cid:62) | ⊥ | φ ∧ ψ | φ (cid:5) ψ | µ −∗ ψ | φ ∈ SP | µ ∗ φ where µ is an arbitrary 2-BID formula, and µ ∈ SP .Proof. p ≡ P ∈ AP . Similar to the proof of Proposition 4.1.2) (cid:62) or ⊥ . Trivial.3) φ ∧ ψ . Suppose ρ, ρ (cid:48) ∈ D with same domain and ρ | = φ ∧ ψ and ρ (cid:48) | = φ ∧ ψ , then by induction hypothesis, for any λ ∈ [0 , , λρ + (1 − λ ) ρ (cid:48) | = φ, λρ + (1 − λ ) ρ (cid:48) | = ψ and thus, λρ + (1 − λ ) ρ (cid:48) | = φ ∧ ψ .4) φ (cid:5) ψ . Suppose ρ, ρ (cid:48) ∈ D with same domain and ρ | = φ (cid:5) ψ and ρ (cid:48) | = φ (cid:5) ψ , then by induction hypothesis and PropositionF.2 (3) and I.4 (1.c), free ( φ ) ∩ free ( ψ ) = ∅ , for any λ ∈ [0 , , λρ + (1 − λ ) ρ (cid:48) | = φ, λρ + (1 − λ ) ρ (cid:48) | = ψ and thus, λρ + (1 − λ ) ρ (cid:48) | = φ (cid:5) ψ .5) µ −∗ ψ . Suppose ρ, ρ (cid:48) ∈ D with same domain and ρ | = µ −∗ ψ and ρ (cid:48) | = µ −∗ ψ , then by induction hypothesis andProposition I.4 (4), we have for any σ ∈ D ( free ( µ )) such that σ | = µ , and for any λ ∈ [0 , , σ ⊗ ρ | free ( ψ ) | = ψ, σ ⊗ ρ (cid:48) | free ( ψ ) | = ψ λσ ⊗ ρ | free ( ψ ) + (1 − λ ) σ ⊗ ρ (cid:48) | free ( ψ ) | = ψ ⇒ σ ⊗ ( λρ + (1 − λ ) ρ (cid:48) ) | free ( ψ ) | = ψ which implies λρ + (1 − λ ) ρ (cid:48) | = µ −∗ ψ .6) φ ∈ SP . If (cid:74) φ (cid:75) = ∅ , then trivially φ ∈ CM . Otherwise, suppose σ is the least element of (cid:74) φ (cid:75) , and ρ, ρ (cid:48) ∈ D with samedomain and ρ | = φ and ρ (cid:48) | = φ , we must have: for any λ ∈ [0 , , ρ | free ( φ ) = ρ (cid:48) | free ( φ ) = σ ⇒ ( λρ + (1 − λ ) ρ (cid:48) ) | free ( φ ) = σ and so λρ + (1 − λ ) ρ (cid:48) | = φ .7) µ ∗ φ . Suppose σ is the least element of (cid:74) φ (cid:75) , ρ, ρ (cid:48) ∈ D with same domain and ρ | = µ ∗ φ and ρ (cid:48) | = µ ∗ φ , then byinduction hypothesis and I.4 (2), free ( µ ) ∩ free ( ψ ) = ∅ , for any λ ∈ [0 , , ρ | free ( µ ∗ φ ) = σ ⊗ ρ | free ( φ ) , ρ (cid:48) | free ( µ ∗ φ ) = σ ⊗ ρ (cid:48) | free ( φ ) , ρ | free ( φ ) , ρ (cid:48) | free ( φ ) | = φ ⇒ ( λρ + (1 − λ ) ρ (cid:48) ) | free ( µ ∗ φ ) = σ ⊗ (cid:16) λ ρ | free ( φ ) + (1 − λ ) ρ (cid:48) | free ( φ ) (cid:17) , λ ρ | free ( φ ) + (1 − λ ) ρ (cid:48) | free ( φ ) | = φ and thus, λρ + (1 − λ ) ρ (cid:48) | = µ ∗ φ . Proof of Proposition H.2Proposition I.8.
The formulas generated by following grammar are SP : φ, ψ ::= U [ S ] | p ∈ P of rank 1 | (cid:62) | ⊥ | φ ∗ ψ | µ −∗ φ | µ −(cid:5) φ where P of rank 1 consists all rank 1 projections, and µ is formula with non-empty interpretation.Proof. U [ S ] . Trivially, I S dim( S ) is the least element of (cid:74) U [ S ] (cid:75) .2) P ∈ P of rank 1. Trivially, P itself (interpreted as a pure quantum state) is the least element of (cid:74) P (cid:75) .3) (cid:62) . Scalar number is the least element of (cid:74) (cid:62) (cid:75) .4) ⊥ . Trivial.5) φ ∗ ψ . Suppose σ φ and σ ψ are the least elements of (cid:74) φ (cid:75) and (cid:74) ψ (cid:75) respectively, then it is straightforward to show σ φ ⊗ σ ψ is the least element of φ ∗ ψ .6) µ −∗ φ . If (cid:74) µ −∗ φ (cid:75) is nonempty, and since (cid:74) µ (cid:75) is also nonempty, (cid:74) φ (cid:75) must be nonempty, and suppose σ is the leastelement of (cid:74) φ (cid:75) , then it is not difficult to realize that σ | free ( φ ) \ free ( µ ) is the least element of (cid:74) µ −∗ φ (cid:75) .7) µ −(cid:5) φ . Similar to (6). Proof of Proposition I.9Proposition I.9.
1) If φ [ E [ q ]] ↓ , free ( φ [ E [ q ]]) = free ( φ ) ;2) If φ [ E [ q ]] ↓ , then for any state ρ ∈ D ( free ( φ ) ⊇ q ) , E ( ρ ) | = φ if and only if ρ | = φ [ E [ q ]] .Proof. (1). Induction on the structure of φ .(2). We prove it by induction on the structure of φ .(a) φ ≡ (cid:62) or ⊥ . Trivial.(b) φ ≡ p ∈ AP , trivial by the Definition G.4 Clause 1.(c) φ ∧ ψ . By induction hypothesis, for any state ρ ∈ D ( free ( φ ∧ ψ ) ∪ q ) , E ( ρ ) | = φ ∧ ψ iff E ( ρ ) | = φ and E ( ρ ) | = ψ iff ρ | = φ [ E [ q ]] and ρ | = ψ [ E [ q ]] iff ρ | = φ [ E [ q ]] ∧ ψ [ E [ q ]] iff ρ | = ( φ ∧ ψ )[ E [ q ]] .(d) φ ∨ ψ . Similar to (c).(e) φ → ψ . By Proposition I.4 (5) and induction hypothesis, for any state ρ ∈ D ( free ( φ ∧ ψ ) ∪ q ) , E ( ρ ) | = φ → ψ iff E ( ρ ) | = φ implies E ( ρ ) | = ψ iff ρ | = φ [ E [ q ]] implies ρ | = ψ [ E [ q ]] iff ρ | = φ [ E [ q ]] → ψ [ E [ q ]] iff ρ | = ( φ → ψ )[ E [ q ]] .(f) φ (cid:5) ψ . Similar to (c) by using Proposition I.4 (1) and statement (1). Proof of Theorem H.2
The global variable set is denoted by V , which contains all variables of programs and formulas.51t is sufficient to show that each of the rules shown in Figure 11 is sound, the proof of other rules are the same as inProof of Theorem 4.2.– P ERM . Also proved in Proof of Theorem 4.2.– RL
OOP (cid:48) . We here use the notations similar to [29], Section 3.3. Set quantum operation (and its cylinder extension) E i ( · ) = M i ( · ) M † i for i = 0 , . We first claim: Statement: ρ | = φ ∗ I q implies E ( ρ ) | = φ ∗ M , E ( ρ ) | = φ ∗ M , (cid:74) C (cid:75) ◦ c E ( ρ ) | = φ ∗ I q by the premises and ◦ c denote the composition of quantum operations, i.e., ( E ◦ c F )( ρ ) = E ( F ( ρ )) . Next, by induction andthe statement, we have: for all i ≥ : ρ | = φ ∗ I q implies E ◦ c ( (cid:74) C (cid:75) ◦ c E ) i ( ρ ) | = φ ∗ M . Finally, it has been proved that (see [16]) (cid:74) while (cid:75) ( ρ ) = ∞ (cid:88) i =0 E ◦ c ( (cid:74) C (cid:75) ◦ c E ) i ( ρ ) and thus if ρ | = φ ∗ I q , then (cid:74) while (cid:75) ( ρ ) | = φ and (cid:74) while (cid:75) ( ρ ) | = M since φ, M ∈ CM . And note that free ( φ ) ∩ free ( M ) = ∅ , so (cid:74) while (cid:75) ( ρ ) | = φ (cid:5) M .– W EAK . By premise | = ( φ → φ (cid:48) ) ∧ ( ψ (cid:48) → ψ ) , we know that for any input ρ ∈ D ( V ) that satisfies φ , it must also satisfy φ (cid:48) . By another premise { φ (cid:48) } C { ψ (cid:48) } , then (cid:74) C (cid:75) ( ρ ) | = ψ (cid:48) , and thus (cid:74) C (cid:75) ( ρ ) | = ψ .– F RAME
E. For any input ρ ∈ D ( V ) such that ρ | = φ (cid:5) µ , we must have ρ | = φ ∧ µ and free ( φ ) ∩ free ( µ ) = ∅ . Similar toC ONST , we have (cid:74) C (cid:75) ( ρ ) | = ψ ∧ µ by first two premises. Moreover, notice that free ( ψ ) ∩ free ( µ ) ⊆ ( free ( φ ) ∪ var ( C )) ∩ free ( µ ) = ∅ , thus by Proposition I.4, (cid:74) C (cid:75) ( ρ ) | = ψ (cid:5) µµ