Quantum Hoare Logic with Classical Variables

arXiv:2008.06812v2 [cs.LO] 30 Apr 2021 01AscainfrCmuigMachinery. Computing for Association 2021 © UNFENG, YUAN hc upr tnadlgcloeaini h lsia p classical the in operation logical standard support which C eeec Format: Reference ACM qua programming, Quantum Phrases: and Words Key Additional aeegneigwl o eraiyaalbei h erfuture, near the in available readily be not will engineering ware btatn ihcei spritd ocp tews,o republis or otherwise, copy To permitted. is credit with Abstracting Quantum for Centre Ying, Mingsheng [email protected]; Australia, XXXX/015AT$15.00 XXXX-XXXX/2021/5-ART 96 arwe l 09 hr19] oee,teqatmfea quantum the However, 1994]. Shor 2009; al. et Harrow 1996; with logic Hoare Quantum 2021. Ying. Mingsheng and Feng Yuan cec,Tigu nvriy ejn,Cia [email protected]. China, Beijing, University, Academ Tsinghua Chinese Science, Software, of Institute Australia, NSW, Sydney, ogy IGHN YING, MINGSHENG https://doi.org/10.1145/nnnnnnn.nnnnnnn perm from permissions Request fee. a and/or th permission of specific components prior for Copyrights comme page. or first f profit the work for on this distributed citation of or full part made the or not all are of copies copies that hard provided or digital make to Permission I and Software Quantum for Centre Feng, Yuan addresses: Authors’ variables classical with logic Hoare antum lsia rgas utemr,t ipiyraoigin reasoning sim simplify quite to is Furthermore, programs. system classical logic the assertions, wi corresponding Remarkably, and language. the in written programs quantum completenes whil of relative simple and a soundness for Its logic variables. Hoare quantum quantum a propose we variables paper, quantum this only support or completeness lack either probabilistic abo and classical reason of to verification the method in effective syntax-oriented a provides logic Hoare China University, Tsinghua and C ocps • Concepts: effec CCS the a show quantum to verified practical formally of are series factorisation, a Shor’s Finally, part. quantum the in logic loihscnb xctd rdtoa ehiussc ste as such techniques h traditional scalable executed, and be reliable can of algorithms lack the to due pro Furthermore, and no 2001]. algorithms and quantum of systems analysis make different also between operations, tum entanglement as such benefits, these 1992 [Bennett counterparts classical their with compared sp rity potential provide communication quantum and computing Quantum INTRODUCTION 1 https://doi.org/10.1145/nnnnnnn.nnnnnnn nlsso unu rgassesindispensable. seems programs quantum of analysis rga orcns Hae16] o lsia (non-probabi classical For 1969]. [Hoare correctness program mn te ehius or oi rvdsasyntax-oriented a provides logic Hoare techniques, other Among ; rga verification Program nvriyo ehooySde,Australia Sydney, Technology of University hoyo computation of Theory nvriyo ehooySde,Asrla hns Acade Chinese Australia, Sydney, Technology of University ; r-adpost-conditions and Pre- → eoainlsemantics Denotational rgas xsigpooasfrqatmHaelogic Hoare quantum for proposals Existing programs. elapiain,axlaypofrlsaeprovided are rules proof auxiliary applications, real r fasrin,ado ue-prtrapplication super-operator of and assertions, of art ; r rvnfrbt ata n oa correctness total and partial both for proven are s ieeso h logic. the of tiveness Assertions l n iia otetaiinlHaelgcfor logic Hoare traditional the to similar and ple hslmtn hi aaiiyi rcia s.In use. practical in capability their limiting thus , fSine,Biig hn,Dprmn fComputer of Department China, Beijing, Sciences, of y ,t oto evr rt eitiuet it,requires lists, to redistribute to honored. or servers be on must post ACM to than h, others by owned work is grtm,i atclrtewoeagrtmof algorithm whole the particular in lgorithms, frain nvriyo ehooySde,NSW, Sydney, Technology of University nformation, hnvldfiiin fcasclqatmstates classical-quantum of definitions novel th ca datg n htcpe erti oieand notice this bear copies that and advantage rcial rproa rcasomuei rne ihu fee without granted is use classroom or personal or tpormcretes n a enproven been has and correctness, program ut [email protected]. o.1 o ,Atce.Pbiaindt:My2021. May date: Publication . Article 1, No. 1, Vol. , agaewihivle ohcascland classical both involves which language e otaeadIfrain nvriyo Technol- of University Information, and Software tmwielanguage while ntum lsia aibe.1 My22) 4pages. 44 2021), (May 1 1, variables. classical rwr nwihpatclquantum practical which on ardware tn n eugn ncasclsoft- classical in debugging and sting ent n rsad18;Grover 1984; Brassard and Bennett ; itc rgas h orcns is correctness the programs, listic) . n omlmtosbsdstatic based methods formal and oosntrosydffiut[Mayers difficult notoriously tocols ue hc r epnil for responsible are which tures ; ro ytmt esnabout reason to system proof xoai semantics Axiomatic e-padehne secu- enhanced and eed-up -omttvt fquan- of n-commutativity yo cecs China, Sciences, of my ; Hoare 2 Yuan Feng and Mingsheng Ying expressed in the Hoare triple form % ( & where ( is a program, and % and & are first-order logic formulas called assertions that describe{ } { the} pre- and post-conditions of (, respectively. Intuitively, the triple claims that if ( is executed at a state (evaluation of program variables) satisfying % and it terminates, then & must hold in the final state. This is called partial correctness. If termination is further guaranteed in all states that satisfy %, then partial correctness becomes a total one. After decades of development, Hoare logic has been successfully applied in analysis of programs with non-determinism, recursion, parallel execution, etc. For a detailed survey, we refer to [Apt et al. 2010; Apt and Olderog 2019]. Hoare logic was also extended to programming languages with probabilistic features. As the program states for probabilistic languages are (sub)distributions over evaluations of program variables, the extension naturally follows two different approaches, depending on how assertions of probabilistic states are defined. The first one takes subsets of distributions as (qualitative) assertions, similar to the non-probabilistic case, and the satisfaction relation between distributions and assertions is thenjust theordinary membership[Barthe et al.2018;Chadha et al.2007;Den Hartog and de Vink 2002; Ramshaw 1979]. In contrast, the other approach takes non-negative functions on evaluations as (quantitative) assertions. Consequently, one is concerned with the expectation of a distribution satisfying an assertion [Kozen 1981, 1985; McIver et al. 2005; Morgan et al. 1996; Olmedo et al. 2016]. In recent years, Hoare logic and relational Hoare logic for quantum programs have been de- veloped, also following two different approaches similar to the probabilistic setting. Note that quantum (mixed) states are described mathematically by density operators in a Hilbert space. Assertions in the satisfaction-based logics proposed in [Chadha et al. 2006a; Kakutani 2009] extend the probabilistic counterparts in [Chadha et al. 2006b; Den Hartog and de Vink 2002] with the ability to reason about probabilities (or even the complex amplitudes) and expected values of measuring a quantum state. The satisfaction-based logics proposed in [Unruh 2019a,b; Zhou et al. 2019] regard subspaces of the Hilbert space as assertions, and a quantum state d satisfies an assertion % iff the support (the image space of linear operators) of d is included in %. In contrast, the expectation-based approaches [Barthe et al. 2019; Li and Unruh 2019; Ying 2012, 2016, 2019; Ying et al. 2018] take positive operators as assertions for quantum states, following the observation of [D’Hondt and Panangaden 2006], and the expectation of a quantum state d satisfying an assertion " is then defined to be tr "d . A comparison of the quantum Hoare logics in [Chadha et al. 2006a; Kakutani 2009; Ying 2012]( was) provided in [Rand 2019]. The logics proposed in [Chadha et al. 2006a; Kakutani 2009] support classical variables in the language. However, whether or not they are complete is still unknown. Completeness of the logic forapurely quantumlanguagein [Unruh2019a]hasnot beenestablished either. On the other hand, the quantum Hoare logics in [Ying 2012, 2016; Ying et al. 2018; Zhou et al. 2019] are complete, but the programming languages they consider do not natively support classical variables. Although infinite dimensional quantum variables are provided which are able to encode classical data like integers, in practice it is inconvenient (if possible) to specify and reason about properties in infinite dimensional Hilbert spaces. The subspace assertion in [Unruh 2019a; Zhou et al. 2019] makes it easy to describe and determine properties of quantum programs, but the expressive power of the assertions is limited: they only assert if a given quantum state lies completely within a subspace. Consequently, quantum algorithms which succeed with certain probability cannot be verified in their logics. Contribution of the current paper: Our main contribution is a sound and relatively complete Hoare logic for a simple while-language where both classical and quantum variables are involved. The expressiveness and effectiveness of our logic are demonstrated by formally specifying and verifying Shor’s factorisation algorithm [Shor 1994] and its related subroutines such as quantum

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 3

Fourier transform, phase estimation, and order finding algorithms. To the best of our knowledge, this is the first time quantum Hoare logic is applied on verification of the whole algorithm of Shor’s factorisation. Our work distinguishes itself from the works on quantum Hoare logic mentioned above in the following aspects: (1) Programming language. The language considered in this paper supports both classical variables with infinite domains (e.g. the set of integers) and quantum variables. In contrast, the programming languages in [Chadha et al. 2006a; Kakutani 2009] allow only a finite variant of integer-type (and bounded iteration for [Chadha et al. 2006a]), while only quantum variables are considered in [Barthe et al. 2019; Li and Unruh 2019; Unruh 2019a,b; Ying 2012, 2016, 2019; Ying et al. 2018; Zhou et al. 2019]. (2) Classical-quantum states. We define program states of our quantum language to be mappings from classical evaluations to partial density operators. This notion of positive-operator valued distribution is a direct extension of probability distribution in the probabilistic setting, and often simplifies both specification and verification of program correctness, compared with the way adopted in [Chadha et al. 2006a] of regarding probability distributions over pairs of classical evaluation and quantum pure state as classical-quantum states. Note also that if only boolean-type classical variables and qubit-type quantum variables are considered, our definition coincides with the one in [Selinger 2004]. (3) Classical-quantum assertions. Accordingly, assertions for the classical-quantum program states are defined to be mappings from classical evaluations to positive operators, analogous to discrete random variables in the probabilistic case [Morgan et al. 1996]. This follows the expectation-based approach in [Barthe et al. 2019; Li and Unruh 2019; Ying 2012, 2016, 2019; Ying et al. 2018]. However, we also require that the preimage of each positive operator under the mapping be characterised by a classical first-order logic formula. Thus our definition of assertions is essentially in a hybrid style, combining the satisfaction-based approach for the classical part and the expectation-based one for the quantum part. (4) A simpler quantum Hoare logic. Thanks to the novel definition of classical-quantum states and assertions, our quantum Hoare logic is much simpler and similar to the traditional Hoare logic, compared with those in [Chadha et al. 2006a; Kakutani 2009] for classical-quantum languages. Furthermore, since the language we consider includes probabilistic assignments, it provides a sound and relatively complete Hoare logic for probabilistic programs as a by- product. (5) Auxiliary rules. In addition to the sound and complete proof system, various auxiliary proof rules are provided to simplify reasoning in real applications. These include the standard disjunction, invariance, and existential quantifier introduction rules for the classical part of the assertions, and super-operator application for the quantum part. In particular, the (ProbComp) rule plays an essential role in verification of quantum algorithms which succeed with a certain probability. These rules turn out to be useful, as illustrated by a series of examples including Grover’s search algorithm and Shor’s factorisation algorithm. The paper is organised as follows. In the remainder of this section, related work on quantum Hoare logic is further discussed in detail. We review in Sec. 2 somebasic notions fromlinear algebra and quantum mechanics that will be used in this paper. Classical-quantum states and assertions, which serve as the basis for the semantics and correctness of quantum programs, are defined in Sec. 3. The quantum programming language that we are concerned with is introduced in Sec. 4. A structural operational semantics, a denotational semantics, and a weakest (liberal) precondition semantics are also defined there. Sec. 5 is devoted to a Hoare logic for quantum programs written

, Vol. 1, No. 1, Article . Publication date: May 2021. 4 Yuan Feng and Mingsheng Ying in our language, where proof rules for both partial and total correctness are proposed. These proof systems are shown to be both sound and relatively complete with respect to their corresponding correctness semantics. Auxiliary proof rules are presented in Sec. 6 to help reasoning in real applications. In addition to the running example of Grover’s algorithm, verification of quantum Fourier transform, phase estimation, order finding, and Shor’s algorithm are provided in Sec. 7 to illustrate the expressiveness of our language as well as the effectiveness of the proposed Hoare logic. Finally, Sec. 8 concludes the paper and points out some directions for future study.

1.1 Related work Although the first quantum programming languages traced back to [Bettelli et al. 2003; Ömer 1998; Sanders and Zuliani 2000], Selinger’s seminal paper [Selinger 2004] proposed for the first time a rigorous semantics for a simple quantum language QPL. The syntax of our language is heavily influenced by Selinger’s work. We also borrow from him the idea of using partial density operators (i.e., not normalising them at each computational step) to describe quantum states. This convention simplifies both notationally and conceptually the semantics of quantum languages, especially the description of non-termination. Our language excludes general recursion and procedure call from QPL, but includes Integer as a classical data type. Consequently, the semantic model in [Selinger 2004], which takes finite tuples (indexed by evaluations of Boolean variables in the program) of partial density operators as program states, does not apply directly to our language considered in this paper. Instead, we extend the ‘tuples of matrices’ notion to matrix-valued functions with countable supports to denote classical-quantum states; see Sec. 3.1 for details. An Ensemble Exogenous Quantum Propositional Logic (EEQPL) was proposed in [Chadha et al. 2006a] for a simple quantum language with bounded Integer type and bounded iteration. In contrast with Selinger’s approach, program states of the language are probability sub-distributions over pairs of classical evaluation and quantum pure state. EEQPL has the ability of reasoning about amplitudes of quantum states. This makes it very strong in expressiveness, but also hinders its use in applications such as debugging, as amplitudes of quantum states are not physically accessible through measurements. The soundness and (weak) completeness of EEQPL is proven in a special case where all real and complex values involved range over a finite set. General completeness result has not been reported. A qualitative Hoare logic called QHL for Selinger’s QPL (again, without general recursion and procedure call) was proposed in [Kakutani 2009]. The assertion language of QHL is an extended first-order logic with the primitives of applying a matrix on a set of qubits and computing the probability that a classical predicate is satisfied by the outcome of a quantum measurement. The proof system of QHL is sound, but no completeness result was established. The idea of taking hermitian operators as quantum assertions was first proposed in [D’Hondt and Panangaden 2006], which paves the way for expectation-based reasoning about quantum programs. The notion of quantum weakest precondition was also proposed in the same paper in a language-independent manner. Based on these notions, a sound and relatively complete Hoare logic was proposed in [Ying 2012] for a quantum while language where only quantum variables are involved. The operational semantics of our language, as well as the way the denotational one is derived from it, are inspired by [Ying 2012]. Some auxiliary proof rules presented in Sec. 6 are motivated by [Ying 2019]. The logic in [Ying 2012] does not natively support classical variables. Instead, it allows quantum variables to be of (countably) infinite dimension, thus providing a way to encode classical types like Integer into quantum states. In contrast, our language explicitly includes classical data types, but only allows dit (associated with a 3-dimensional Hilbert space, where 3 is an arbitrary but finite integer) for quantum variables. Including classical variables makes the description and verification of quantum algorithms easier and more natural, while excluding infinite dimensional quantum variables avoids the mathematical difficulties of dealing with infinite dimensional Hilbert

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 5 spaces. To illustrate this, one may compare the correctness proofs of Grover’s search algorithm in [Ying 2012] and the current paper. A restricted version of [Ying 2012], called applied quantum Hoare logic (aQHL), was proposed in [Zhou et al. 2019] where quantum predicates are restricted to be projections, instead of general hermitian operators, with the purpose of simplifying its use in debugging and testing. To reason about robustness of quantum programs in aQHL, the (qualitative) satisfaction relation of a quantum state d with respect to a projection % is extended to an approximate one d =n % for a given error bound n. However, this approximate satisfaction is quite diﬀerent from the quantitative| relation of [Ying 2012] (and that in the current paper) which is determined by the expectation tr %d : the former claims that d is n-close to some state in %, which is not physically checkable( by) a quantum measurement; while the latter is the expected value of measuring d using the projective measurement %, % . Thequantum{ Hoare− } logicin [Ying2012]has been implemented onIsabelle/HOL [Liu et al. 2019]. It was also used in [Hung et al. 2019] to reason about robustness of quantum programs against noise during execution, and extended in [Ying et al. 2018] for analysis of parallel quantum programs. A quantum Hoare logic with ghost variables is introduced in [Unruh 2019a]. Interestingly, by introducing the ghost variables, one can express properties such as a quantum variable is unen- tangled with others. The logic is shown to be sound, but again, no completeness result is provided.

2 PRELIMINARIES This section is devoted to ﬁxing some notations from linear algebra and quantum mechanics that will be used in this paper. For a thorough introduction of relevant backgrounds, we refer to [Nielsen and Chuang 2002, Chapter 2].

2.1 Basic linear algebra Let be a Hilbert space. In the finite-dimensional case which we are concerned with here, it is merelyH a complex linear space equipped with an inner product. Consequently, it is isomorphic to C3 where 3 = dim , the dimension of . Following the tradition in quantum computing, vectors in are denoted(H) in the Dirac form kH. The inner product of k and q is written k q , and they areHorthogonal if k q = 0. The outer| i product of them, denoted| ki q ,| isi a rank-oneh linear| i h | i | ih | operator which maps any k ′ in to q k ′ k . The length of k is defined to be k , k k and it is called normalised| ifi k H = h1. A| seti| ofi vectors , | 8i : 8 in isk|orthonormalik h | ifi p each 8 is normalised and everyk| ik two of them are orthogonal. Furthermore{| i ∈ }, if theyH span the whole space| i ; that is, any vector in can be written as a linear combination of vectors in , then is calledH an orthonormal basis of H. Let be the set of linearH operators on , and 0 and the zero and identity operators L(H) H H H respectively. Let . The trace of is defined to be tr , 8 8 8 for some (or, ∈ L(H) ( ) ∈ h | | i equivalently, any) orthonormal basis 8 : 8 of . The adjoint of , denoted †, is the unique linear operator in such that k{|i q ∈= }q Hk for all k , q Í . Here for a complex L(H) h | | i h | † | i∗ | i | i∈H number I, I∗ denotes its conjugate. Operator is said to be normal if † = †, hermitian if † = , unitary if † = , and positive if for all k , k k 0. Obviously, hermitian operators are normal, and bothH unitary operators and| i∈H positiveh one| | si are ≥ hermitian. Any normal operator can be written into a spectral decomposition form = 8 _8 8 8 where 8 : 8 ∈ | ih | {| i ∈ } constitute some orthonormal basis of . Furthermore, if is hermitian, then all _8 ’s are real; if H Í is unitary, then all _8 ’s have unit length; if is positive, then all _8 ’s are non-negative. The Löwner (partial) order on the set of hermitian operators on is defined by letting iff is positive. ⊑H H ⊑H −

, Vol. 1, No. 1, Article . Publication date: May 2021. 6 Yuan Feng and Mingsheng Ying

Let 1 and 2 be two finite dimensional Hilbert spaces, and 1 2 their tensor product. Let H . TheH tensor product of and , denoted isH a linear⊗H operator in 8 ∈ L(H8) 1 2 1 ⊗ 2 L(H1 ⊗H2) such that 1 2 k1 k2 = 1 k1 2 k2 for all k8 8 . To simplify notations, we often write( k ⊗ k )|(for i⊗|k )ik .( Given| i)⊗(and | ,i) the partial| i∈H trace with respect to , denoted | 1i| 2i | 1i⊗| 2i H1 H2 H2 tr , is a linear mapping from 1 2 to 1 such that for any k8 , q8 8 , 8 = 1, 2, H2 L(H ⊗H ) L(H ) | i | i∈H tr k1 q1 q1 q2 = q2 q1 k1 q1 . H2 (| ih |⊗| ih |) h | i| ih | The definition is extended to by linearity. L(H1 ⊗H2) A linear operator from 1 to 2 is called a super-operator. It is said to be (1) positive if it maps positiveE operatorsL(H to) positiveL(H operators;) (2) completely positive if all the cylinder extension is positive for all finite dimensional Hilbert space , where is the identity super-operatorIH ⊗E on ; (3) trace-preserving (resp. trace-nonincreasingH) if tr IH = tr (resp. L(H) (E( )) ( ) = tr tr for any positive operator 1 ; (4) unital (resp. sub-unital) if 1 2 (resp.(E( )) ≤ ( ) ). From Kraus representation∈ L(H theorem) [Kraus et al. 1983], a super-operatorE( H ) H E( H1 ) ⊑H2 H2 E from 1 to 2 is completely positive iff there is some set of linear operators, called Kraus L(H ) L(H ) = operators, 8 : 8 from 1 to 2 such that 8 88† for all 1 . It is easy to check that{ the trace∈ } and partialH traceH operationsE( defined) above∈ are both completely∈ L(H ) positive and Í trace-preserving super-operators. Given a completely positive super-operator from 1 to with Kraus operators : 8 , the adjoint of , denoted , is a completelyE L(H positive) L(H2) { 8 ∈ } E E† super-operator from back to with Kraus operators † : 8 . Then we have L(H2) L(H1) { 8 ∈ } † † = , and is trace-preserving (resp. trace-nonincreasing) iff † is unital (resp. sub-unital). Furthermore,(E ) E forE any and , tr = tr E . ∈ L(H1) ∈ L(H2) (E( )· ) ( ·E† ( )) 2.2 Basic quantum mechanics According to von Neumann’s formalism of quantum mechanics [Von Neumann 1955], any quantum system with finite degrees of freedom is associated with a finite-dimensional Hilbert space called its state space. When dim = 2, we call such a system a qubit, the analogy of bit in Hclassical computing. A pure state of the(H) system is described by a normalised vector in . When the system is in one of an ensemble of states k : 8 with respective probabilitiesH? , we say it {| 8 i ∈ } 8 is in a mixed state, represented by the density operator 8 ?8 k8 k8 on . Obviously, a density operator is positive and has trace 1. Conversely, by spectral∈ decomposition,| ih | H any positive operator with unit trace corresponds to some (not necessarily unique)Í mixed state. The state space of a composite system (for example, a quantum system consisting of multiple qubits) is the tensor product of the state spaces of its components. For a mixed state d in , H1 ⊗H2 partial traces of d have explicit physical meanings: the density operators tr 1 d and tr 2 d are exactly the reduced quantum states of d on the second and the first componentH ( ) systems,H ( respec-) tively. Note that in general, the state of a composite system cannot be decomposed into tensor product of the reduced states on its component systems. A well-known example is the 2-qubit state Ψ = 1 00 11 . This kind of state is called entangled state, and usually is the key to | i √2 (| i+| i) many quantum information processing tasks such as teleportation [Bennett et al. 1993] and super- dense coding [Bennett and Wiesner 1992]. The evolution of a closed quantum system is described by a unitary operator on its state space: if the states of the system at times C1 and C2 are d1 and d2, respectively, then d2 = * d1* † for some unitary operator * which depends only on C1 and C2. In contrast, the general dynamics which can occur in a physical system is described by a completely positive and trace-preserving super- operator on its state space. Note that the unitary transformation * d , *d* † is such a super- operator. E ( )

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 7

Classical Probabilistic Quantum Classical-quantum

state probability (sub)distribution (partial) density operator cq-state f Σ ` Σ 0, 1 d Δ Σ ∈ ∈ → [ ] ∈ D(H) ∈ → D(H) countable support countable support assertion (discrete) random variable observable cq-assertion ? Σ 0, 1 5 Σ 0, 1 " Θ Σ ∈ → { } ∈ → [ ] ∈ P(H) ∈ → P(H) countableimage countableimage satisfaction expectation expectation expectation Δ Θ f = ? f ` ` f 5 f tr "d f Δ tr f f | ∈⌈ ⌉ ( ) ( ) ( ) ∈⌈ ⌉ [ ( ) ( )] Table 1. ComparisonÍ of the basic notions in diﬀerent languageÍ paradigms.

A quantum measurement is described by a collection "8 : 8 of linear operators on , where is the set of measurementM outcomes. It is required that{ the mea∈ }surement operators satisfyH = the completeness equation 8 "8†"8 . If the system is in state d, then the probability that ∈ H measurement result 8 occurs is given by ? = tr "†" d , and the state of the post-measurement Í 8 ( 8 8 ) system is d = " d"† ? whenever ? > 0. Note that the super-operator 8 8 8 / 8 8 : d ?8 d8 = "8 d"† EM 7→ 8 8 8 Õ∈ Õ∈ which maps the initial state to the final (mixed) one when the measurement outcome is ignored is completely positive and trace-preserving. A particular case of measurement is projective measurement which is usually represented by a hermitian operator " in called observable. Let L(H) " = <%< < spec " ∈ Õ( ) where spec " is the set of eigenvalues of ", and % the projection onto the eigenspace associated ( ) < with <. Obviously, the projectors %< : < B?42 " form a quantum measurement. In this paper, we are especially concerned{ ∈ with( the)} set , " : 0 " P(H) { ∈ L(H) H ⊑ ⊑ H } of observables whose eigenvalues lie between 0 and 1, where is the Löwner order on . Furthermore, following Selinger’s convention [Selinger 2004], we⊑ regard the set of partial densityL(H) operators , d : 0 d, tr d 1 D(H) { ∈ L(H) H ⊑ ( ) ≤ } as (unnormalised) quantum states. Intuitively, the partial density operator d means that the legit- imate quantum state d tr d is reached with probability tr d . As a matter of fact, we note that . / ( ) ( ) D(H) ⊆ P(H) 3 CLASSICAL-QUANTUM STATES AND ASSERTIONS In this section, the notions of program states and assertions are introduced for our quantum language where classical variables are involved. To motivate the definition, we first review the corresponding ones in classical (non-probabilistic), probabilistic, and purely quantum programs. A

, Vol. 1, No. 1, Article . Publication date: May 2021. 8 Yuan Feng and Mingsheng Ying brief summary of the comparison, which extends the one presented in [D’Hondt and Panangaden 2006], is depicted in Table 1. Let Σ be a non-empty set which serves as the state space of classical programs. An assertion ? for classical states is (semantically) a mapping from Σ to 0, 1 such that a state f satisfies ?, written f = ?, iff ? f = 1. In contrast, a state for probabilistic{ } programs is a probability sub- distribution| ` on Σ which( ) has countable support1; that is, ` f > 0 for at most countably infinite many f Σ. Accordingly, an assertion for probabilistic states( is) a discrete random variable 5 on Σ with countable∈ image; that is, 5 takes at most countably infinite many values. Finally, the ‘degree’ of a state satisfying an assertion corresponds naturally to the expected value of a random variable with respect to a probability distribution. In particular, when the assertion is a traditional one, meaning that its image set is 0, 1 , this expectation reduces to the probability of satisfaction. To motivate the corresponding{ notions} proposed in [D’Hondt and Panangaden 2006] for purely quantum programs where classical variables are excluded, note that for any partial density operator d in and any orthonormal basis 8 : 8 of , the function ` with ` 8 = 8 d 8 defines a probabilityD(H) sub-distribution over . Thus{| i the∈ set} H can naturally be taken( as) theh state| | i space for purely quantum programs. Similarly, for any observaD(H)ble " , 8 " 8 0, 1 for all 8 . Thus can be regarded as the quantum extension of probabilistic∈ P(H) h asse| rtions.| i∈[ Finally,] ∈ P(H) the degree of a state d satisfying an assertion " is the expected value 8 ` 8 8 " 8 , which, when 8 ’s are eigenstates of " or d, is exactly tr "d . Most remarkably, as tr "d( )his| the| i expected value of| i outcomes when the projective measurement( ) represented by " is appliedÍ( ) on state d, it can be physically estimated (instead of mathematically calculated) when multiple copies of d are available. This physical implementability is especially important in black box testing of quantum programs, where programs can be executed multiple times, but the implementation detail is not available. For programs where both quantum and classical variables are involved, we have to find a way to combine the notions for probabilistic programs and purely quantum ones. The following three subsections are devoted to this goal.

3.1 Classical-quantum states

We assume two basic types for classical variables: Boolean with the corresponding domain Boolean , true, false and Integer with , Z. For each integer 3 1, we assume a basic quantum { } Integer ≥ type dit with domain dit, which is a 3-dimensional Hilbert space with an orthonormal basis 0 ,..., 3 1 . In particular,H we denote the quantum type for 3 = 2 as bit. Let Var, ranged over{| i by G,~,| − i}, and qVar, ranged over by @,A, , be countably infinite sets of classical and quantum variables,··· respectively. Let Σ , Var ···be the (uncountably infinite) set of classical states, where , . We further→ require that states in Σ respect the types of classical Boolean ∪ Integer variables; that is, f G type G for all f Σ and G Var, where type G denotes the type of G. For any finite subset( +) ∈of qVar(, let) ∈ ∈ ( ) , , H+ H@ @ + Ì∈ where @ , type @ is the Hilbert space associated with @. For simplicity, we let , C. As we use subscriptsH H to distinguish( ) Hilbert spaces with different (sets of) quantum variables,H∅ their order in the tensor product is not essential. In this paper, when we refer to a subset of qVar, it is always assumed to be finite. Definition 3.1. Given + qVar, a classical-quantum state (cq-state for short) Δ over + is a function in Σ such⊆ that → D(H+ ) 1For simplicity, we only consider here probabilistic programs in which all random variables are taken discrete. The probabilities are not required to sum up to 1 in a probability sub-distribution, for the sake of describing non-termination.

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 9

Δ Δ Δ ≠ (1) the support of , denoted , is countable. That is, f 0 + for at most countably infinite many f Σ; ⌈ ⌉ ( ) H Δ ∈ Δ (2) tr , f Δ tr f 1. ( ) ∈⌈ ⌉ [ ( )] ≤ One may noteÍ the similarity of the above definition with probability sub-distributions. Actually, a probability sub-distribution is obtained by assuming that + = , as in this case = 0, 1 . ∅ D(H+ ) [ ] Recall also that in [Selinger 2004], the state for a quantum program with = bits 11,...,1= and = < qubits @1,...,@< is given by a 2 -tuple d0,...,d2= 1 of partial density matrices, each with dimension 2< 2<. Intuitively, each d denotes( the corresponding− ) state of the qubits when the state × 8 of the classical bits 11 ...1= constitute the binary representation of 8. Such a tuple can be described = by a cq-state Δ over @1,...,@< such that Δ f8 = d8,0 8 < 2 , where Var , 11,...,1= , and = = { = : = } ( ) ≤ { } f8 1: 8: with :=1 8: 2 − 8. ( ) Δ Δ = Sometimes it is convenient to denote a cq-state by the explicit form 8 f8, d8 where Í ∈ h i ⌈ ⌉ f8 : 8 and Δ f8 = d8 for each 8 . When Δ is a simple function such that Δ = f for { ∈ } ( ) ∈ É ⌈ ⌉ { } some f and Δ f = d, we denote Δ simply by f, d . Let Δ8 : 8 be a countable set of cq-states ( ) Δ h i { ∈ } Δ over + such that for any f, 8 8 f = df for some df + and 8 tr 8 1. Then the ∈ Δ( ) Δ ∈ D(H ) ∈ ( ) ≤Σ Δ summation of them, denoted 8 8, is a cq-state over + such that for any f , f = df . Δ Δ Í ∈ Í ∈ ( ) Obviously, = 8 8 . It is worth noting the difference between 8 f8, d8 , the summation ⌈ ⌉ ∈ ⌈ ⌉ Í ∈ h i of some (simple) cq-states, and 8 f8, d8 , the explicit form of a single one: in the latter f8’s must be distinct whileÐ in the former∈ theyh mayi not. Í Let be a completely positiveÉ and trace-nonincreasing super-operator from to . E L(H+ ) L(H, ) We extend it to + in a point-wise way: Δ f = Δ f for all f. Note that 0 = 0 S E( )( ) E( ( )) E( H+ ) H, and tr d tr d for all d + . Thus Δ is a valid cq-state provided that Δ is. In particular,(E( for)) ≤any +( ) @E Δ , the∈ D(H partial) trace trE( Δ) is a cq-state which maps any f Σ to ⊆ ( ) H+ ( ) ∈ tr Δ f . Furthermore, for any d , with , @E Δ = and tr d 1, Δ d is a H+ ( ( )) ∈ D(H ) ∩ ( ) ∅ ( ) ≤ ⊗ cq-state in @E Δ , which maps f to Δ f d. In the special case that , = , d becomes a real number in S0, 1( ,)∪ and we write dΔ for Δ ( )⊗d. ∅ [ ] ⊗ Example 3.2. To better understand the notion of cq-states, let us consider the output of quantum Teleportation algorithm [Bennett et al. 1993], where Alice would like to teleport an arbitrary state d to Bob, using a pre-shared Bell state 1 00 11 between them. Here @, @ , and @ are all @ √2 (| i+| )@1,@2 1 2 bit-type variables, and we use subscripts to indicate the quantum variables on which the states and operators are acting. Suppose f and d8,0 8 3, are the classical and final quantum states 8 ≤ ≤ (of @2), respectively, when the measurement outcome of Alice is 8. Then the cq-state output by the algorithm can be written as 1 Δ , f , 8 8 d8 . 8 4 @,@1 @2 0 8 3 | i h |⊗ Ê≤ ≤ Note that a more intuitive way to describe the cq-state Δ in Example 3.2 is to use a probability 1 8 distribution of classical-quantum state pairs: 4 f8, 8 @,@1 8 d@2 : 0 8 3 . We will explain why we decide not to do so in more detail at{ the( end| i of thish | ⊗ subsect) ion≤ after≤ more} notations are introduced. Let be the set of all cq-states over + , and the set of all cq-states; that is, S+ S , . S S+ + qVar ⊆Ø When Δ + , denote by @E Δ , + the set of quantum variables in Δ. We extend the Löwner order ∈for S point-wisely( ) to by letting Δ Δ iff @E Δ = @E Δ and for all f Σ, ⊑+ L(H+ ) S ⊑ ′ ( ) ( ′) ∈ Δ f @E Δ Δ′ f . Obviously, when both Δ and Δ′ are probability sub-distributions, i.e., @E Δ = ( ) ⊑ ( ) ( ) ( )

, Vol. 1, No. 1, Article . Publication date: May 2021. 10 Yuan Feng and Mingsheng Ying

@E Δ′ = , then Δ Δ′ iff they are related with the partial order defined in [Morgan et al. 1996] for( probability) ∅ sub-distributions.⊑ The following lemma shows that is an l-complete partial order (CPO) under . S ⊑ Lemma 3.3. For any + qVar, is a pointed l-CPO under , with the least element being the ⊆ S+ ⊑ constant 0 function, denoted + . Furthermore, as a whole is an l-CPO under . H+ ⊥ S ⊑ Proof. The result follows directly from the fact that for any + qVar, is an l-CPO ⊆ D(H+ ) under the Löwner order + , with 0 being its least element [Selinger 2004]. ⊑ H+ When Δ Δ′, there exists a unique Δ′′ @E Δ , denoted Δ′ Δ, such that Δ′′ Δ = Δ′. For ⊑ Δ , ∈ S Δ( ) Δ , − Δ + any real numbers _8, 8 , if both _8 >0 _8 8 and _8 <0 _8 8 are well-defined and Δ Δ ∈ +Δ Δ − Δ (− ) , then the linear-sum 8 _8 8 is defined to be . In the rest of this paper, whenever − ⊑ + Δ ∈ Í + − −Í we write 8 _8 8 we always assume that it is well-defined. ∈ Í ExampleÍ 3.4. Let f1 ≠ f2 Σ, @ qVar with type @ = bit, Δ , f1, 0.5 0 @ 0 f2, 0.25@ . and Δ , f , . Then∈ we have∈ the linear-sum( ) h | i h |i⊕h i ′ h 2 |+i@ h+|i Δ 0.25Δ′ = f , 0.5 0 0 f , 0.25 . − h 1 | i@ h |i⊕h 2 |−i@ h−|i To conclude this subsection, we would like to say a few words about the design decision we make in Definition 3.1. Recall that a partial density operator d encodes both the (normalised) quantum state d tr d and the probability tr d of reaching it. Thus the meaning of a cq-state Δ = / ( ) ( ) 8 f8, d8 is that with probability tr d8 , the classical and quantum systems are in states f8 ∈ h i ( ) and d8 tr d8 , respectively. This also explains why we have the requirement in Definition 3.1(2): the probabilitiesÉ/ ( ) of all possible state pairs sum up to at most 1. One may ask why we do not directly define cq-states as sub-distributions over such classical-quantum state pairs, just as in [Chadha et al. 2006a] (see also the comment below Example 3.2)? To see the reason, note that is a con- D(H+ ) vex set, and the quantum state 8 _8 d8 is indistinguishable from the ensemble that lies in d8 with probability _8 0, 8 _8 = 1. Thus we would have to introduce some auxiliary rules to equate the ≥ Í probability distribution 8 _8 f, d8 with the single state f, 8 _8 d8 , if cq-states had been defined as sub-distributionsÍ on classical-quantumh i state pairs. In coh ntrast, ini our framework these two cq- states are equal by definitionÍ , from the linear-sum form introducedÍ above. Finally, note that this difficulty does not appear in probabilistic programs, as the classical state space Σ is discrete, and there does not exist any algebraic structure in it.

3.2 Classical-quantum assertions Recall that assertions for classical program states are usually represented as first order logic formulas over Var. For any classical assertion ?, denote by [[?]] , f Σ : f = ? the set of classical states that satisfy ?. Two assertions ? and ? are equivalent, written{ ∈ ? ?| , iff}[[?]] = [[? ]]. ′ ≡ ′ ′ Definition 3.5. Given + qVar, a classical-quantum assertion (cq-assertion for short) Θ over + is a function in Σ ⊆ such that → P(H+ ) (1) the image set Θ Σ of Θ is countable; ( ) 1 (2) for each " Θ Σ , the preimage Θ− " is definable by a classical assertion ? in the sense that [[?]] = ∈Θ 1(") . ( ) − ( ) Obviously, the above definition is a natural extension of discrete random variables when , P(H+ ) the set of operators between 0 + and + with respect to the Löwner order, is regarded as the quantum generalisation of 0, 1 . TheH secondH clause is introduced to guarantee a compact representation of cq-assertions. [ ]

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 11

For convenience, we do not distinguish ? and [[?]] when denoting a cq-assertion. Consequently, we write ? ," instead of [[? ]]," for a cq-assertion Θ whenever Θ Σ = " : 8 8 h 8 8 i 8 h 8 8 i ( ) { 8 ∈ and Θ 1 "∈ = [[? ]] for each 8 ∈. Note that this representation is not unique: the represen- } −É( 8 ) 8 É∈ tative assertion ?8 can be replaced by ?8′ whenever ?8 ?8′. Furthermore, the summand with zero Θ≡Σ = ≠ operator 0 + is always omitted. In particular, when 0 ," or " for some " 0 + , H 1 ( ) { H } { } H we simply denote Θ by ?," for some ? with Θ− " = [[?]]. Note that any observableh "i in corresponds( ) to some quantitative property of quantum P(H) states. Thus intuitively, a cq-assertion 8 ?8,"8 specifies that whenever the classical state ∈ h i satisfies ?8, the property "8 is checked on the corresponding quantum state. The average value of the satisfiability will be defined in the nextÉ subsection. Example 3.6. Back to the Teleportation algorithm in Example 3.2. The cq-assertion Θ = 1 , G 8, 8 @,@1 8 0 8 3h | i h |i Ê≤ ≤ where G is the classical variable used by Alice to store (and send to Bob) the measurement outcome, claims that the states of @ and @1 are both in the computational basis, and they together correspond to the measurement outcome of Alice. To be specific, it states that whenever G = 8, the corresponding quantum state of @ and @1 should be G0 @ G1 @1 where G0G1 is the binary representation of G. We will make it more rigorous in Example| 3.8.i | i Suppose the teleported state d = k k is a pure one. Then the cq-assertion | ih | Θ , true, k k , 2 h | i@2 h |i when applied on the output cq-state, actually computes the (average) precision of the Teleportation algorithm when k is taken as the input. Again, we refer to Example 3.8 for more details. | i Let be the set of all cq-assertions over + , and the set of all cq-assertions; that is, A+ A , . A A+ + qVar ⊆Ø When Θ + , denote by @E Θ , + the set of quantum variables in Θ. Again, we extend the Löwner order∈ A for point-wisely( ) to by letting Θ Θ iff @E Θ = @E Θ and for all ⊑+ L(H+ ) A ⊑ ′ ( ) ( ′) f Σ, Θ f @E Θ Θ′ f . It is easy to see that + is also a pointed l-CPO under , with the ∈ ( ) ⊑ ( ) ( ) A ⊑ least element being + . Furthermore, it has the largest element + , true, . If both Θ and ⊥ ⊤ h H+ i Θ′ are probabilistic assertions, i.e., @E Θ = @E Θ′ = , then Θ Θ′ iff they are related with the partial order defined in [Morgan et al.( 1996]) for( probabilisti) ∅ c assertions.⊑ When Θ Θ′, we denote by Θ′ Θ the unique Θ′′ @E Θ such that Θ′′ Θ = Θ′. With these notions, summation⊑ and linear-sum− of cq-assertions can∈ A be defined( ) similarly+ as for cq-states. Given a classical assertion ?, we denote by ? ⊲⊳ ? ," the cq-assertion ? ⊲⊳ ? ," (if it 8 h 8 8 i 8 h 8 8 i is valid) where ⊲⊳ can be any logic connective such as , , , , etc. As [[? ⊲⊳ ?1]] = [[? ⊲⊳ ?2]] provided that [[? ]] = [[? ]], these notations are well-defined.Í ∧ ∨ ⇒ Let⇔ be a completelyÍ positive and 1 2 F sub-unital linear map from + to , . We extend it to + in a point-wise way. Note = P(H ) P(H ) A Θ that 0 + 0 , and " + , for all " + . Thus is a valid F( H ) H F(Θ ) ⊑ F( H ) ⊑ H Θ ∈= P(HΘ ) F( ) cq-assertion provided that is. In particular, when @E , , , is a cq-assertion Σ Θ ( ) ∩ ∅ ⊗ H which maps any f to f , . Note that 1 is the identity operator on . Sometimes we also abuse the notation∈ a bit( to)⊗ writeH? for ?, 1 where ? is a classical assertion,H and∅ _ for true, _ where _ 0, 1 . h i h i The (lifted)∈ [ Löwner] order provides a natural way to compare cq-assertions over the same set of quantum variables. However, in later discussion of this paper, we sometimes need to compare cq-assertions acting on different quantum variables. To deal with this situation, we introduce a

, Vol. 1, No. 1, Article . Publication date: May 2021. 12 Yuan Feng and Mingsheng Ying pre-order . on the whole set of cq-assertions. To be specific, let +1,+2 be two subsets of qVar, Θ = AΘ . Θ Θ Θ and 8 +8 , 8 1, 2. We say 1 2 whenever 1 + + + + 2. Obviously, when ∈ A ⊗ H 2\ 1 ⊑ H 1\ 2 ⊗ restricted on some given set of quantum variables, . coincides with . Let h be the kernel of .. Then Θ h Θ iff there exists Θ such that Θ = Θ and Θ = Θ ⊑ for some + and , . 1 2 1 ⊗ + 2 ⊗ , 3.3 Expectation of satisfaction With the above notions, we are now ready to define the expectation (or degree) of a cq-state satisfying a cq-assertion.

Deﬁnition 3.7. Given a cq-state Δ and a cq-assertion Θ with @E Δ @E Θ , the expectation of Δ satisfying Θ is deﬁned to be ( ) ⊇ ( )

Exp Δ = Θ , tr Θ f Δ f = tr Θ f tr Δ f ( | ) ( )⊗ H+ · ( ) ( )· H+ ( ( )) f Δ f Δ Õ∈⌈ ⌉ Õ∈⌈ ⌉ where + = @E Δ @E Θ and the dot denotes matrix multiplication. ( )\ ( ) · Again, when both Δ and Θ are probabilistic, i.e., @E Δ = @E Θ = , then the expectation deﬁned above is exactly the expected value of Θ over Δ deﬁned( ) in [Morgan( ) ∅ et al. 1996] for probabilistic programs.

Example 3.8. Consider again the Teleportation algorithm. Let Δ be deﬁned as in Example 3.2, and Θ and Θ in Example 3.6. Note that f = G = 9 iﬀ 8 = 9. Thus 1 2 8 | ( ) 3 1 Δ = Θ = 8 = Exp 1 tr 8 @,@1 8 @2 8 @,@1 8 d@2 1, ( | ) = 4 (| i h |⊗ ·| i h |⊗ ) Õ8 0 meaning that with probability 1, G equals the value represented by the states of @ and @1. For Θ2, we compute

3 1 1 3 Δ = Θ = 8 = 8 Exp 2 tr @,@1 k @2 k 8 @,@1 8 d@2 k d k , ( | ) = 4 ( ⊗| i h |·| i h |⊗ ) 4 = h | | i Õ8 0 Õ8 0 which denotes the average ﬁdelity between the output states d8 and the ideal one k . | i We collect some properties of the Exp function in the following lemmas.

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 13

Proof. We only prove Clause (5); the others are easy from definitions. For simplicity, we assume + = , . Then Exp Δ = Θ = tr Θ f Δ f ( |? | ) ( )· |? ( ) f Δ ∈⌈Õ|? ⌉ = tr Θ f Δ f [ ( )· ( )] f Δ ,f =? ∈⌈Õ⌉ | = tr ? Θ f Δ f [( ∧ )( )· ( )] f Δ Õ∈⌈ ⌉ = Exp Δ = ? Θ ( | ∧ ) where the third inequality comes from the fact that for any f Σ, ? Θ f = Θ f if f = ?, and 0 otherwise. ∈ ( ∧ )( ) ( ) | H, Lemma 3.10. (1) For any cq-states Δ and Δ′ in + , if Δ Δ , then Exp Δ = Θ Exp Δ = ΘSfor all Θ with , + ; • ⊑ ′ ( | ) ≤ ( ′ | ) ∈ A, ⊆ conversely, if Exp Δ = Θ Exp Δ′ = Θ for all Θ + , then Δ Δ′. (2) •For any cq-assertions( Θ| and)Θ ≤ with(, |= @E) Θ @E Θ∈ A, ⊑ ′ ( ) ∪ ( ′) if Θ . Θ′, then Exp Δ = Θ Exp Δ = Θ′ for all Δ + with , + ; • conversely, if Exp Δ( = |Θ ) ≤Exp Δ( = |Θ for) all Δ ∈ S, then Θ . ⊆Θ . • ( | ) ≤ ( | ′) ∈ S, ′ Proof. We take the converse part of Clause (1) as an example. Suppose Δ Δ′. Then there exists a f Σ and k such that k Δ f k > k Δ f k . If we can find6⊑ a classical assertion ∈ | i ∈D(H+ ) h | ( )| i h | ′ ( )| i ? which distinguishes f from other states in Δ′ . Then obviously the cq-assertion ?, k + k serves as a counter-example for the assumption.⌈ ⌉ h | i h |i Note that the formula ? , G Var G = f G uniquely determines f. However, it is not a valid classical assertion, as∗ the set ∈Var(is infinite.( )) To convert it to a finite conjunction, let n , Ó k Δ f k k Δ′ f k . For this n, there exists a finite subset of Δ′ such that tr Δ′ > h |Δ ( )| i − h | ( )| i ≠ ⌈ ⌉ ≠ ( | ) tr ′ n. For any f ′ with f ′ f, there exists Gf′ Var such that f ′ Gf′ f Gf′ . Now ( ), − ∈ ≠ ∈ , =( ) ( ) let - Gf′ : f ′ , f ′ f . Then the classical assertion ? G - G f G distinguishes { ∈ } ∈ ( ( )) f from other states in . Finally, let Θ , ?, k + k . Then Exp Δ′ = Θ = k Δ′ f k , and Exp Δ Δ = Θ tr Δ Δ < n. Thush | i h |i (Ó | | ) h | ( )| i ( ′ − ′| | ) ≤ ( ′ − ′|) Exp Δ = Θ k Δ f k = k Δ′ f k n > Exp Δ′ = Θ , ( | ) ≥ h | ( )| i h | ( )| i+ ( | ) contradicting the assumption.

Lemma 3.11. For any cq-states Δ, Δ= + and cq-assertions Θ, Θ= , with , + , = = 1, 2, , ∈ S ∈ A ⊆ ··· Δ Θ Δ Θ Δ (1) Exp = 0 = = = sup= 0 Exp = = for increasing sequence = =; ( ≥ Δ | Θ) ≥ (Δ | Θ ) {Δ } (2) Exp = 0 = = = inf= 0 Exp = = for decreasing sequence = =; (ÔΔ ≥ | Θ ) ≥ ( Δ | Θ ) { Θ } (3) Exp = = 0 = = sup= 0 Exp = = for increasing sequence = =; (ÓΔ | ≥ Θ ) ≥ (Δ | Θ ) {Θ } (4) Exp = = 0 = = inf= 0 Exp = = for decreasing sequence = =. ( | Ô ≥ ) ≥ ( | ) { } Proof. Δ Δ We proveÓ (1) as an example; the others are similar. Let ∗ , = 0 =. First, from the Δ Δ Δ Θ Δ Θ ≥ fact that = ∗ for all =, Exp ∗ = sup= 0 Exp = = by Lemma 3.10(1). Furthermore, for any =, ⊑ ( | ) ≥ ≥ ( | ) Ô

Exp Δ∗ = Θ Exp Δ = Θ = Exp Δ∗ Δ = Θ ( | )− ( = | ) ( − = | ) Exp Δ∗ Δ = ≤ ( − = | ⊤, ) = tr Δ∗ Δ = tr Δ∗ tr Δ , ( − =) ( )− ( =)

, Vol. 1, No. 1, Article . Publication date: May 2021. 14 Yuan Feng and Mingsheng Ying where the first and second equalities are from Lemma 3.9, and the first inequality from Lemma 3.10(2). Δ Θ Δ Θ Δ Δ Thus Exp ∗ = = sup= 0 Exp = = from the fact that tr ∗ = sup= tr = . ( | ) ≥ ( | ) ( ) ( ) 3.4 Substitution and state update 2 Let 4 and 4 ′ be classical expressions , and G a classical variable with the same type of 4 ′. Denote by 4 4 ′ G the expression obtained by substituting G in 4 with 4 ′. Such substitution can be extended [ / ] Θ , to cq-assertions as follows. Given 8 ?8,"8 , we define ∈ h i Θ 4 ÉG , ? 4 G ," . [ / ] h 8 [ / ] 8 i 8 Ê∈

The well-definedness comes from the following two observations: (1) whenever [[?8 ]] [[? 9 ]] = , it holds [[? 4 G ]] [[? 4 G ]] = ; (2) whenever ? ? , it holds ? 4 G ? 4 G∩. Thus the∅ 8 [ / ] ∩ 9 [ / ] ∅ ≡ ′ [ / ] ≡ ′ [ / ] substitution is independent of the choice of the representative classical assertions ?8 in Θ. For classical state f and 3 type G , denote by f 3 G the updated state which maps G to 3, and other classical variables ~ to f∈ ~ . Similarly,( ) this updating[ / ] can be extended to cq-states by defining ( ) Δ 4 G , f f 4 G , d [ / ] h 8 [ 8 ( )/ ] 8i 8 Õ∈ Δ = Δ whenever 8 f8, d8 . Since substitution does not change the trace of the whole state, 4 G ∈ h i [ / ] is still a valid cq-state. Note that unlike cq-assertions, f8 f8 4 G and f9 f9 4 G can be equal É [ ( )/ ] [ ( )/ ] even when f8 ≠ f9 . Thus we have instead of here. Note that for any classical state f and assertion ?, we have the substitution rule: f = ? 4 G iff f f 4 G = ?. The next lemma showsÍ a similarÉ relation between substitutions for cq-states| [ / and] cq-assertions.[ ( )/ ] |

Lemma 3.12. For any cq-state Δ and cq-assertion Θ with @E Δ @E Θ , G Var, and classical expression 4 with the same type of G, ( ) ⊇ ( ) ∈

Exp Δ = Θ 4 G = Exp Δ 4 G = Θ . ( | [ / ]) ( [ / ] | ) Proof. Δ = Θ = Let 8 f8, d8 and 9 ? 9 ,"9 . Then ∈ h i ∈ h i É É Exp Δ = Θ 4 G = tr " d ( | [ / ]) ( 9 8) 8 9 ,f =? 4 G Õ∈ ∈ 8Õ| 9 [ / ] = tr " d , ( 9 8) 8 9 ,f f 4 G =? Õ∈ ∈ 8 [ Õ8 ( )/ ] | 9 which is exactly Exp Δ 4 G = Θ . Here we assume that @E Δ = @E Θ ; the general case can be proved similarly. ( [ / ] | ) ( ) ( )

4 A SIMPLE CLASSICAL-QUANTUM LANGUAGE This section is devoted to the syntax and various semantics of our core programming language which supports deterministic and probabilistic assignments, quantum measurements, quantum operations, conditionals, and while loops.

2We assume standard classical expressions (constructed inductively from Var and a ﬁxed set of function symbols) in this paper; the precise deﬁnition of them is omitted.

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 15

4.1 Syntax Our classical-quantum language is based on the one proposed in [Selinger 2004], extended with Integer type classical variables and probabilistic assignments, but excluding general recursion and procedure call. The syntax is defined as follows: ( ::= skip abort G := 4 G := 6 G := meas @¯ @ := 0 @¯ = * ( ; ( | | | $ | M[ ] | | ∗ | 0 1 | if 1 then ( else ( end while 1 do ( end 1 0 | where (,(0 and (1 denote classical-quantum programs (cq-programs for short), G a classical variable in Var, 4 a classical expression with the same type as G, 6 a discrete probability distribution over type G , 1 a Boolean-type expression, @ is a quantum variable and@ ¯ , @1,...,@= a (ordered) ( ) tuple of distinct quantum variables in qVar, a measurement and * a unitary operator on 3@¯- dimensional Hilbert space where M = = 3@¯ , dim @¯ dim @8 . (H ) = (H ) Ö8 1 Sometimes we also use@ ¯ to denote the (unordered) set @1,@2,...,@= . Let @¯ , = be the size of@ ¯. Let Prog be the set of all cq-programs. For any ( Prog{ , the quantum} variables| | that appear in ( is denoted @E ( . The set E0A ( (resp. 2ℎ0=64 ( )∈ of classical variables that appear in (resp. can be changed by)(( )are defined in( the) standard way.( ) Note that the only way to retrieve information from a quantum system is to measure it, a process which may change its state. Thus the notion of read-only quantum variables does not exist in cq-programs. In the purely quantum language presented in [Ying 2012], conditional branching is achieved by the program construct measure @¯ : (¯ where (¯ is a set of programs which one-to-one correspond to the measurement outcomesM[ of] . Intuitively, the quantum variables in@ ¯ are measured according to , and different subsequentM programs in (¯ will be executed depending on the measurement outcomes.M The while loop while @¯ = 1 do ( end where the outcome set of is 0, 1 N[ ] N { } is defined similarly. Let (¯ = (8 :1 8 = and the outcome set of is 1, 2,...,= . Then these constructs can be expressed{ in our≤ language≤ } in the following equivalentM form:{ } G := meas @¯ ; if G = 1 then ( else if G = 2 then ( else end end M[ ] 1 ( 2 ··· ) and G := meas @¯ ; while G = 1 do (; G := meas @¯ ; end (1) N[ ] N[ ] respectively, where G is a fresh classical variable which does not appear in (¯ or (. An advantage of having classical variables explicitly in the language is that we can avoid introducing infinite- dimensional quantum variables to encode classical data with infinite domains such as Integer. This will simplify the verification of real-world quantum programs. To conclude this subsection, we introduce some syntactic sugars for our language which make it easy to use in describing quantum algorithms. Let@ ¯ , @1,...,@=. Initialisation of multiple quantum variables.Let@ ¯ := 0 stand for @ := 0; ;@ := 0. • 1 ··· = Measurement according to the computational basis. We write G := meas@¯ for G := meas com @¯ • where , % , : : : 0 : < 3 is the projective measurement accordingM to the[ ] Mcom { : | ih | ≤ @¯} computational basis of @¯. We always write : for the product state :1 := , where = = H | i | i···| i : 8=1 :83@8 1 ...3@= . + Application of parametrised unitary operations. Let , *8 :1 8 , be a finite family • Í U { ≤ ≤ } of unitary operators on the 3@¯-dimensional Hilbert space, and 4 an Integer-typed expression.

, Vol. 1, No. 1, Article . Publication date: May 2021. 16 Yuan Feng and Mingsheng Ying

We write@ ¯ = 4 for the statement which applies *8 on@ ¯ whenever 4 evaluates to 8 in the current classical∗ U( ) state. Formally, it denotes the following program: if 4 < 1 4 > then abort else ( ; ( ; ; ( end ∨ 1 2 ··· where for each 1 8 , ≤ ≤ ( , if 4 = 8 then @¯ = * else skip end. 8 ∗ 8 Note that the order of (8 ’s is actually irrelevant as there is at most one that will be executed. Application on selected variables in a quantum register. Let 1 : =, and 4 and 4 ’s be • ≤ ≤ 9 Integer-type expressions. The statement@ ¯ 41, ,4: = 4 , where is deﬁned as in the previous clause, applies * on quantum[ systems··· @] ∗, U(,@ ) wheneverU 4 evaluates to 8 8 81 ··· 8: and 4 9 evaluates to (distinct) 8 9 for 1 9 : in the current classical state. Formally, it denotes the following program: ≤ ≤

if 8. 48 < 1 48 > = 8, 9. 8 ≠ 9 48 = 4 9 then abort else (1; (2; ; ( ' end ∃ ( ∨ )∨∃ ( ∧ ) ··· | | where each (ℓ is of the form if 4 = 8 4 = 8 then @ , ,@ = 4 else skip end 1 1 ∧···∧ : : 81 ··· 8: ∗ U( ) and 8 , ,8 ranges over ( 1 ··· : ) ' , 8 , ,8 : 9.1 8 = and 8 ’s are distinct . {( 1 ··· : ) ∀ ≤ 9 ≤ 9 } Again, the order of (ℓ ’s is actually irrelevant as there is at most one that will be executed.

4.2 Operational and denotational semantics A configuration is a triple (,f,d where ( Prog , is a special symbol to denote termination, h i ∈ ∪{ } f Σ, and d + for some + subsuming @E ( . The operational semantics of programs in Prog∈ is defined∈ as D(H the smallest) transition relation ( on) configurations given in Table 2. Note that there is no transition rule for abort, meaning that the→ statement abort simply halts the computation with no proper state reached. The definition is rather standard and intuitive. We would only like to point out that motivated by [Ying 2012], the operational semantics of quantum measurements (and even probabilistic assignments) are described in a non-deterministic way, while the probabilities of different branches are encoded in the quantum part of the configurations. That is why we need to take partial density operators instead of the normalised density operators as the representation of quantum states. Similar to [Ying 2012], denotational semantics of cq-programs can be derived from the operational one by summing up all the cq-states obtained by terminating computations. Definition 4.1. Let ( Prog, and f, d with + @E ( . ∈ h i ∈ S+ ⊇ ( ) A computation of ( starting in f, d is a (finite or infinite) maximal sequence of configura- • tions ( , f , d , 8 1, such thath i h 8 8 8i ≥ (,f,d ( , f , d ( , f , d h i → h 1 1 1i → h 2 2 2i→··· and d8 ≠ 0 for all 8. H+ A computation of ( terminates in f ′, d ′ if it is finite and the last configuration is , f ′, d ′ ; • otherwise it is diverging. h i h i = = Let be the =-th composition of , and ∗ , = 0 . Then we have the following lemma. → → → ≥ → Lemma 4.2. Let ( Prog, and f, d + with + Ð @E ( . Then ∈ h i ∈ S ⊇ ( ) (1) the multi-set f , d : (,f,d = , f , d is countable for all = 0; {h ′ ′i h i → h ′ ′i} ≥

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 17

skip,f,d ,f,d G := 4,f,d , f f 4 G , d h i → h i h i → h [ ( )/ ] i

3@ 1 @ := 0,f,d ,f, − 0 8 d 8 0 @¯ = *,f,d ,f,* d* † h i → h 8=0 | i@ h | | i@ h |i h ∗ i → h @¯ @¯ i Í 3 type G = "8 : 8 ∈ ( ) M { ∈ } G :=$ 6, f, d , f 3 G ,6 3 d G := meas @¯ ,f,d , f 8 G ," d"† h i → h [ / ] ( )· i h M[ ] i → h [ / ] 8 8 i ( ,f,d ( , f , d h 0 i → h ′ ′ ′i where ; ( ( ( ; ( ,f,d ( ; ( , f , d 1 ≡ 1 h 0 1 i → h ′ 1 ′ ′i f = 1 f = 1 | | ¬ if 1 then ( else ( end,f,d ( ,f,d if 1 then ( else ( end,f,d ( ,f,d h 1 0 i → h 1 i h 1 0 i → h 0 i f = 1 f = 1 | ¬ | while 1 do ( end,f,d ,f,d while 1 do ( end,f,d (; while 1 do ( end,f,d h i → h i h i → h i Table 2. Operational semantics for cq-programs.

(2) the sequence of cq-states Δ : = 0 , where { = ≥ } : Δ , f ′, d ′ : (,f,d , f ′, d ′ for some : = , = h i h i → h i ≤ n o is increasing with respectÕ to . Here we assume Δ= to be + if the multi-set on the right-hand side is empty. Thus ⊑ ⊥

f ′, d ′ : (,f,d ∗ , f ′, d ′ = Δ=. {h i h i → h i} = 0 Õ Ü≥ Proof. The first clause is easy by induction. The second one is directly from the fact that any configuration with the form , f , d has no further transition. h ′ ′i With this lemma, we are able to define the denotational semantics of cq-programs using the operational one. Let @E ( , + @E ( + . S⊇ ( ) ⊇ ( ) S Definition 4.3. Let ( Prog. TheÐ denotational semantics of ( is a mapping ∈ [[(]] : @E ( @E ( S⊇ ( ) → S⊇ ( ) such that for any f, d with + @E ( , h i ∈ S+ ⊇ ( ) [[(]] f, d = f ′, d ′ : (,f,d ∗ , f ′, d ′ . ( ) {h i h i → h i} Δ = Õ Δ = Furthermore, let [[(]] 8 [[(]] f8, d8 whenever 8 f8, d8 . ( ) ∈ ( ) ∈ h i To simplify notation, weÍ always write f, d for f, d whenÉ f, d appears as a parameter of some function. The next lemma guarantees( the) well-definedness(h i) ofh Deifinition 4.3. Lemma 4.4. For any ( Prog and Δ with + @E ( , ∈ ∈ S+ ⊇ ( ) (1) tr [[(]] Δ tr Δ , and so [[(]] Δ + ; (2) [[((]] Δ( =)) ≤_ [[((]]) Δ whenever( Δ) ∈= S _ Δ . ( ) 8 8 ( 8 ) 8 8 8 Proof. ClauseÍ (2) is easy. For (1), we proveÍ by induction on = that tr Δ= tr d whenever ( ) ≤ ( ) Δ = f, d and Δ= is defined as in Lemma 4.2(2). Thus the result holds for simple cq-states. The generalh casei follows easily.

, Vol. 1, No. 1, Article . Publication date: May 2021. 18 Yuan Feng and Mingsheng Ying

To illustrate the concepts and techniques introduced in this paper, we take Grover’s search algorithm [Grover 1996] as a running example. More case studies are presented in Sec. 7. Example 4.5 (Grover’s algorithm). Suppose we are given an (unstructured) database with # items, of which are of our concern (called solutions) with 0 < < # 2. For simplicity, we assume # = 2= for some positive integer =. Let \ 0,c 2 such that / ∈ ( / ) \ 2= = cos −= , 2 r 2 c c and be the integer in 2\ 1, 2\ . Then Grover’s search algorithm can be described in our quantum language (with syntactic( − sugars)] as Grover , = @¯ := 0;@ ¯ = ⊗ ; G := 0; ∗ while G < do @¯ = ; G := G 1; ∗ + end ~ := meas @¯ where@ ¯ = @1,...,@= and each @8 has bit-type, = 0 1 is the Hadamard operator with , 1 0 1 and , 1 0 1 . = 2|+ihk k| + |−ih $ is| the Grover rotation where |+i √2 (| i+| i) |−i √2 (| i−| i) ( | ih |− ) 1 2= 1 k = − 8 and $ is the Grover oracle which maps 8 to 8 when 8 is a solution while to | i √2= 8=0 | i | i −| i 8 otherwise. Í | iThe (terminating) computations of Grover starting in any f, d are shown as follows. h i ∈ S@¯ Grover,f,d = h = i = = @¯ = ⊗ ; , f, 0⊗ 0⊗ → ∗ ··· | ih | = = G := 0; , f, ⊗ ⊗ → ··· |+ ih+ | = = while;~ := meas @,¯ f 0 G , ⊗ ⊗ → [ / ] |+ ih+ | = = @¯ = ; G := G 1; while;~ := meas @,¯ f 0 G , ⊗ ⊗ → ∗ + [ / ] |+ ih+ | = = G := G 1; while;~ := meas @,¯ f 0 G , ⊗ ⊗ † → + [ / ] |+ ih+ | = = while;~ := meas @,¯ f 1 G , ⊗ ⊗ † → [ / ] |+ ih+ |

→ ······ = = while;~ := meas @,¯ f G , ⊗ ⊗ † → [ / ] |+ ih+ | = = ~ := meas @,¯ f G , ⊗ ⊗ † → [ / ] |+ ih+ | = 2 , f G,8 ~ , 8 ⊗ 8 8 . → [ / / ] |h | |+ i| ·| ih | for all 0 8 < 2=. We write while for the while loop in the program. Consequently, ≤ 2= 1 − = 2 [[Grover]] f, d = f G,8 ~ , 8 ⊗ 8 8 . (2) ( ) 8=0 [ / / ] |h | |+ i| ·| ih | Õ Let (>; 0, , 2= 1 be the set of solutions, (>; = , and ⊆ { ··· − } | | 1 1 U = 8 , V = 8 . | i √ = | i | i √ | i 2 8∉(>; 8 (>; − Õ Õ∈

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 19

Then we have k = = = cos \ U sin \ V , | i |+⊗ i 2 | i+ 2 | i U = cos\ U sin \ V , V = sin \ U cos\ V . | i | i+ | i | i − | i+ | i That is, the eﬀect of in the two-dimensional real space spanned by U and V is a rotation with angle \ (note that U and V are orthogonal). Thus the success probability| i | ofi ﬁnding a solution by Grover’s algorithm,| i i.e. the| i probability of ~ (>; after its execution, can be computed as ∈ = 2 2 2 1 ? = 8 ⊗ = sin + \ . (3) succ h | |+ i 2 8 (>; Õ∈ Recall that c 1, c . Thus ∈ ( 2\ − 2\ ] 1 ? 2 1 \ c \. − succ ≤ |( + ) − | ≤ In other words, Grover’s algorithm succeeds with a probability at least 1 $ # , and runs − ( / ) in time $ # , achieving a quadratic speed-up over the best classical algorithmsp which run in $ # time.( / ) ( / ) p The following lemma presents the explicit form for denotational semantics of various program constructs.

Lemma 4.6. For any cq-state f, d in + where + contains all quantum variables of the corresponding program, h i S (1) [[skip]] f, d = f, d ; ( ) h i (2) [[abort]] f, d = + ; (3) [[G := 4]]( f, d) = ⊥f f 4 G , d ; [[ = ]]( ) =h [ ( )/ ] i (4) G : $ 6 f, d 3 type G f 3 G ,6 3 d ; ( ) ∈ ( ) h [ / ] ( )· i (5) [[G := meas @¯ ]] f, d = f 8 G ," d"† where " ’s are applied on @¯, and = " : Í 8 8 8 8 8 8 ; M[ ] ( ) ∈ h [ / ] i M { ∈ } 3 1 Í (6) [[@ := 0]] f, d = f, @− 0 8 d 8 0 ; ( ) h 8=0 | i@ h | | i@ h |ii (7) [[@¯ = * ]] f, d = f,* d* † ; ∗ ( ) h Í @¯ @¯ i (8) [[(0; (1]] f, d = [[(1]] [[(0]] f, d ; (9) [[ ( ; ( (; ( ]])= [[( ; ( ; ( ]]( ; )) ( 0 1) 2 0 ( 1 2) (10) [[if 1 then (1 else (0 end]] f, d = [[(1]] f, d if f = 1, and [[(0]] f, d otherwise; ( =) ( ) | ( ) 0 (11) [[while]] f, d = = [[ while ]] f, d , where while , while 1 do ( end, while , abort, and for any( = ) 0, ( ( ) ( )) ( ) ≥ Ô = 1 = while + , if 1 then (; while else skip end. ( ) ( ) Proof. We only prove (11) as an example; the others are simpler. For any f, d + with + @E while , let Π be the set of all terminating computations of while starting inh f,i d ∈. Furthermore,S ⊇ let(Π , ), and for = 1 let h i 0 ∅ ≥ Π , c Π :# 8 : prog c 8 = while = = { ∈ { ( [ ]) } ≤ } be the set of computations in Π in which the loop has iterated for no more than = times before termination. Here prog c 8 is the program (the ﬁrst component) of the 8-th conﬁguration of c. Π Π( [ ]) Obviously, = = 0 = and ≥ Ð [[while]] f, d = f , d = f , d ( ) h c c i h c c i c Π = 0 c Π Õ∈ Ü≥ Õ∈ =

, Vol. 1, No. 1, Article . Publication date: May 2021. 20 Yuan Feng and Mingsheng Ying where we assume each computation c Π ends with , fc , dc . The result then follows from the fact that ∈ h i [[ while =]] f, d = f , d ( ) ( ) h c c i c Π Õ∈ = which is easy to observe. The next lemma gives a recursive description of the semantics of while loops. Lemma 4.7. Let while , while 1 do ( end. For any Δ with + @E while and = 0, ∈ S+ ⊇ ( ) ≥ = 1 = [[ while + ]] Δ = Δ 1 [[ while ]] [[(]] Δ 1 ( ) ( ) |¬ + ( ) ( ( | )) Consequently, [[while]] Δ = Δ 1 [[while]] [[(]] Δ 1 . ( ) |¬ + ( ( | )) Proof. Easy from Lemma 4.6. Finally, we can easily compute the operational semantics of the syntactic sugars introduced in Sec. 4.1. Lemma 4.8. Let @¯ , @ ,..., Q , 1 : =, and , * :1 8 . For any cq-state f, d in 1 = ≤ ≤ U { 8 ≤ ≤ } h i + where + contains all quantum variables of the corresponding program, S 3 1 = = @¯ − (1) [[@¯ : 0]] f, d f, 8=0 0 @¯ 8 d 8 @¯ 0 ; ( ) h 3 | 1i h | | i h |ii (2) [[G := meas @¯]] f, d = @¯ − f 8 G , 8 8 d 8 8 ; ( )Í 8=0 h [ / ] | i@¯ h | | i@¯h |i (3) [[@¯ 41, ,4: = 4 ]] f, d = + if f 4 < 1, f 4 > , there exists 8 such that f 48 < 1 or f[ 4 ···> =,] or ∗f U(4 ’s)Í are( not) distinct;⊥ otherwise( ) it( equals) f,* d* where 8 = f 4 ( and) * ( 8 ) ( 9 ) h 8 8†i ( ) 8 is applied on @f 4 , ,@f 4 . ( 1) ··· ( : ) Proof. Routine, using Lemma 4.6.

4.3 Correctness formula As usual, program correctness is expressed by correctness formulas with the form Θ ( Ψ { } { } where ( is a cq-program, and Θ and Ψ are both cq-assertions. Note here that we do not put any requirement on the quantum variables which Θ and Ψ are acting on. In fact, the sets @E ( , @E Θ , and @E Ψ can be all different. ( ) ( ) The( following) definition is a direct extension of the corresponding one in [Ying 2012], with the new notions of cq-states and assertions. Definition 4.9. Let ( be a cq-program, and Θ and Ψ cq-assertions. (1) We say the correctness formula Θ ( Ψ is true in the sense of total correctness, written = Θ ( Ψ , if for any + @E{ (,} Θ, Ψ{ }and Δ , | tot { } { } ⊇ ( ) ∈ S+ Exp Δ = Θ Exp [[(]] Δ = Ψ . ( | ) ≤ ( ( ) | ) (2) We say the correctness formula Θ ( Ψ is true in the sense of partial correctness, written = Θ ( Ψ , if for any + {@E }(, Θ{, Ψ} and Δ , | par { } { } ⊇ ( ) ∈ S+ Exp Δ = Θ Exp [[(]] Δ = Ψ tr Δ tr [[(]] Δ . ( | ) ≤ ( ( ) | )+ ( )− ( ( )) The next lemma shows that the validity of correctness formulas can be checked on simple cq- states. Lemma 4.10. Let ( be a cq-program, Θ and Ψ be cq-assertions, and + , @E (, Θ, Ψ . Then ( )

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 21

(1) = Θ ( Ψ iff for any f, d with tr d = 1, | tot { } { } h i ∈ S+ ( ) Exp f, d = Θ Exp [[(]] f, d = Ψ . (h i | ) ≤ ( ( ) | ) (2) = Θ ( Ψ iff for any f, d with tr d = 1, | par { } { } h i ∈ S+ ( ) Exp f, d = Θ Exp [[(]] f, d = Ψ tr d tr [[(]] f, d . (h i | ) ≤ ( ( ) | )+ ( )− ( ( )) Proof. Easy from linearity of [[(]] for any cq-program (; see Lemma 4.4(2). Example 4.11. We have proven in Example 4.5 that no matter what the initial (classical and quantum) state is, the output (value of ~) of Grover’s algorithm lies in Sol with probability ?succ. This correctness can be stated in the following form = ? Grover ~ (>; , (4) | tot { succ} { ∈ } which claims that the postcondition ~ (>; can be established by Grover with probability ? . ∈ succ Recall that in Eq.(4), ?succ denotes true,?succ and ~ (>; denotes ~ (>;, 1 . Both the pre- and post-conditions being purely classicalh means thati the initial∈ and finalh quantum∈ i states are irrelevant. Note that @E Grover = @¯. For any f, d with tr d = 1, we have from Eq.(2) that ( ) h i ∈ S@¯ ( ) = 2 Exp [[Grover]] f, d = ~ (>; = 8 ⊗ ( ( ) | ∈ ) |h | |+ i| 8 (>; Õ∈ = ? = Exp f, d = ? . succ (h i | succ) Then Eq.(4) follows from Lemma 4.10. Finally, we show some basic facts about total and partial correctness as follows. Lemma 4.12. Let ( be a cq-program, Θ and Ψ be cq-assertions, and + qVar. ⊆ (1) If =tot Θ ( Ψ then =par Θ ( Ψ ; (2) = | { } ( {Ψ }; | { } { } | tot {⊥+ } { } (3) =par Θ ( + ; (4) If| = { Θ} ({⊤ Ψ} and _ 0 for 8 = 1, 2, then | tot { 8 } { 8 } 8 ≥ = _ Θ _ Θ ( _ Ψ _ Ψ . | tot { 1 1 + 2 2} { 1 1 + 2 2} The result also holds for partial correctness if _ _ = 1. 1 + 2 Proof. (1) follows from the definitions, (2) and (3) from Lemmas 3.9 and 3.10, and (4) from Lemma 3.9.

4.4 Weakest (liberal) precondition semantics Recall that in classical programming theory, the weakest (liberal) precondition of an assertion ? with respect to a given program ( characterises the largest set of states f which (upon termination) guarantee that the ﬁnal states [[(]] f satisfy ?. Consequently, a program can also be regarded as a predicate transformer which maps( any) postcondition to its weakest (liberal) precondition. In the following, we extend these semantics to our cq-programs. Let @E ( , + @E ( + . A⊇ ( ) ⊇ ( ) A Deﬁnition 4.13. Let ( Prog. The weakest precondition semantics F?.( Ðand weakest liberal precondition semantics F;?.(∈ of ( are both mappings

@E ( @E ( A⊇ ( ) → A⊇ ( ) deﬁned inductively in Table 3. To simplify notation, we use G? to denote both F? and F;? whenever it is applicable for both of them.

, Vol. 1, No. 1, Article . Publication date: May 2021. 22 Yuan Feng and Mingsheng Ying

G?.skip.Θ = Θ G?. G := 6 .Θ = 6 3 Θ 3 G ( $ ) ( )· [ / ] 3 type x ∈Õ ( ) G?. G := 4 .Θ = Θ 4 G G?. G := meas @¯ .Θ = "†Θ 8 G " ( ) [ / ] ( M[ ]) 8 [ / ] 8 8 3 1 Õ∈ @− = Θ = Θ = Θ = Θ G?. @¯ * . *@¯† *@¯ G?. @ : 0 . 8 @ 0 0 @ 8 ( ∗ ) ( ) = | i h | | i h | Õ8 0 G?. ( ; ( .Θ = G?.( . G?.( .Θ G?. if 1 then ( else ( end .Θ = 1 G?.( .Θ 1 G?.( .Θ ( 0 1) 0 ( 1 ) ( 1 0 ) ∧ 1 + ¬ ∧ 0 F;?.abort.Θ = F?.abort.Θ = ⊤+ ⊥+ Θ Θ Θ F;?. while 1 do ( end . = = 0 =, where 0 , + , and for any = 0, ( ) ≥ ⊤ ≥ Θ Θ Θ = 1 , Ó1 1 F;?.(. = . + ¬ ∧ + ∧ Θ Θ Θ F?. while 1 do ( end . = = 0 =, where 0 , + , and for any = 0, ( ) ≥ ⊥ ≥ Θ Θ Θ = 1 ,Ô 1 1 F?.(. = . + ¬ ∧ + ∧

Table 3. Weakest (liberal) precondition semantics for cq-programs, where G? F?,F;? . ∈ { }

We follow the standard notations F?.(.Θ and F;?.(.Θ to denote weakest (liberal) preconditions [Dijkstra et al. 1976; Morgan et al. 1996; Ying 2012]. The well-definedness of Definition 4.13 follows from the observation that G?.( is monotonic on + (with respect to + ; see Lemma 4.16(2) below) for any cq-program ( and + @E ( . The weakestH (liberal) precondition⊑ semantics in Ta- ble 3 is a natural extension of the corresponding⊇ ( ) semantics of both probabilistic [Morgan et al. 1996] and purely quantum [Ying 2012] programs. For example, the weakest precondition for conditional branching is defined in [Morgan et al. 1996] as F?. if 1 then ( else ( end .V , 1 F?.( .V 1 F?.( .V ( 1 0 ) × 1 + (¬ )× 0 where on the right-hand side 1 and 1 are regarded as 0, 1 -valued functions on the states space, and V is a probabilistic assertion (a non-negative¬ random{ variable;} see Table 1). This coincides with the corresponding definition in Table 3, as 1 Ψ is exactly 1 Ψ for Boolean-type expression 1 and probabilistic assertion Ψ. ∧ × The following lemma shows a duality relation between the denotational and weakest (liberal) precondition semantics of cq-programs. Lemma 4.14. Let ( be a cq-program, Δ a cq-state, and Θ a cq-assertion with @E Δ @E Θ @E ( . Then ( ) ⊇ ( ) ⊇ ( ) (1) @E F?.(.Θ = @E F;?.(.Θ = @E Θ ; (2) Exp( Δ = F?.(.) Θ( = Exp [[) (]] Δ( =) Θ ; (3) Exp(Δ |= F;?.(.Θ) = Exp( [[(]]( Δ) | = Θ) tr Δ tr [[(]] Δ . ( | ) ( ( ) | )+ ( )− ( ( )) Proof. We prove this lemma by induction on the structure of (. The basis cases are easy from the definition. We only show the following two cases for clause (2) as examples. Let ( , if 1 then ( else ( end. Then • 1 0 Exp Δ = F?.(.Θ = Exp Δ = 1 F?.( .Θ 1 F?.( .Θ ( | ) ( | ∧ 1 + ¬ ∧ 0 ) = Exp Δ 1 = F?.(1.Θ Exp Δ 1 = F?.(0.Θ ( | | )+ ( |¬ | ) = Exp [[(1]] Δ 1 = Θ Exp [[(0]] Δ 1 = Θ ( ( | ) | )+ ( ( |¬ ) | ) which is exactly Exp [[(]] Δ = Θ . ( ( ) | )

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 23

Let ( , while 1 do ( ′ end. Let + , @E Θ , Θ0 , + , and for any = 0, Θ= 1 , 1 Θ 1 • F?.( .Θ . First, we show by induction( that) for any⊥ = 0 and Δ ≥ , + ¬ ∧ + ∧ ′ = ≥ ′ ∈ S+ = Exp Δ′ = Θ = Exp [[( ]] Δ′ = Θ . ( | =) ( ( ) | ) The case of = = 0 follows from the deﬁnition. We further calculate from Lemmas 3.9 and 4.7 that

Exp Δ′ = Θ= 1 = Exp Δ′ = 1 Θ Exp Δ′ = 1 F?.( ′.Θ= ( | + ) ( | ¬ ∧ )+ ( | ∧ ) = Exp Δ′ 1 = Θ Exp Δ′ 1 = F?.( ′.Θ= ( |¬ | )+ ( | | ) = Exp Δ′ 1 = Θ Exp [[( ′]] Δ′ 1 = Θ= ( |¬ | )+ ( ( | ) | ) = = Exp Δ′ 1 = Θ Exp [[( ]] [[( ′]] Δ′ 1 = Θ ( |¬ | )+ ( ( ( | ) | )) = 1 = Exp [[( ]] Δ′ = Θ . ( + ( ) | ) Thus from Lemma 3.11,

Exp Δ = F?.(.Θ = Exp Δ = Θ= = Exp [[(]] Δ = Θ . ( | ) ( | = 0 ) ( ( ) | ) Ü≥

We can also compute the weakest (liberal) precondition semantics of the syntactic sugars introduced in Sec. 4.1. Lemma 4.15. Let @¯ , @ ,...,@ , 1 : =, , * : 1 8 , and G? F?,F;? . Let Θ 1 = ≤ ≤ U { 8 ≤ ≤ } ∈ { } be a cq-assertion in + with + containing all quantum variables of the corresponding cq-program. Then A 3 1 = Θ = @¯ − Θ (1) G?. @¯ : 0 . 8=0 8 @¯ 0 0 @¯ 8 ; ( ) | i3 h 1| | i h | (2) G?. G := meas @¯ .Θ = @¯ − 8 8 Θ 8 G 8 8 ; ( )Í 8=0 | i@¯h | [ / ]| i@¯h | (3) Let ( , @¯ 41, ,4: = 4 . Then [ ··· ] ∗ÍU( ) = : Θ 8 Θ G?.(. = 4 9 = 8 9 4 = 8 8 , ,8 ( )∧( ) ∧ U 1 ··· : ( ) 8 , ,8 =1,distinct 8=1 9=1 1 ··· :Õ Õ Û 8 Θ , Θ where 8 , ,8 *8† *8 and *8 is applied on @81 , ,@8: . U 1 ··· : ( ) ··· Proof. Direct from Lemmas 4.8 and 4.14.

The following collects some properties of the weakest (liberal) precondition semantics. Lemma 4.16. Let ( be a cq-program, Δ a cq-state, and Θ a cq-assertion with @E Δ @E Θ @E ( . Let G? F?,F;? . Then ( ) ⊇ ( ) ⊇ ( ) ∈ { } (1) F?.(.Θ F;?.(. @E Θ Θ = @E Θ ; + (⊤ ( ) − ) ⊤ ( ) (2) the function G?.( is monotonic; that is, for all Θ1 Θ2, G?.(.Θ1 G?.(.Θ2; (3) the function F?.( is linear; that is, for all Θ , Θ ⊑ , ⊑ 1 2 ∈ A+ F?.(. _ Θ _ Θ = _ F?.(.Θ _ F?.(.Θ ; ( 1 1 + 2 2) 1 1 + 2 2 (4) the function F;?.( is aﬃne-linear; that is, for all Θ , Θ and _ _ = 1, 1 2 ∈ A+ 1 + 2 F;?.(. _ Θ _ Θ = _ F;?.(.Θ _ F;?.(.Θ . ( 1 1 + 2 2) 1 1 + 2 2

, Vol. 1, No. 1, Article . Publication date: May 2021. 24 Yuan Feng and Mingsheng Ying

(5) if , @E Θ + @E Θ , + , @E ( = , and + , is a completely positive and sub-unital∩ ( super-operator,) ⊆ ⊆ ( then) ( ∪ ) ∩ ( ) ∅ F →

+ , F?.(.Θ = F?.(. + , Θ F → ( ) (F → ( )) and

+ , F;?.(.Θ F;?.(. + , Θ . F → ( ) ⊑ (F → ( )) The equality holds for F;? as well if + , is unital; F → Proof. We only prove (5) as an example; other cases are simpler. Let - , + , @E Θ . For any Δ , ∪ ∪ ( ) ∈ S- Exp Δ = F?.(. + , Θ = Exp [[(]] Δ = + , Θ !4<<0 4.14 1 ( | F → ( )) ( ( ) | F → ( ))( ( )) = [[ ]] Δ = Θ Exp ,† + ( !4<<0 3.9 6 (F → ( ( )) | )( ( )) = [[ ]] Δ = Θ = Exp ( ,† + + , @E ( ( (F → ( )) | )(( ∪ ) ∩ ( ) ∅) = Δ = Θ Exp ,† + F?.(. !4<<0 4.14 1 (F → ( ) | )( ( )) = Exp Δ = + , F?.(.Θ . !4<<0 3.9 6 ( | F → ( )) ( ( )) Thus F?.(. + , Θ = + , F?.(.Θ from the arbitrariness of Δ. For F;?,F let→. ,(@E) ΘF+→and( / , . ) , . Then from the assumption , @E Θ + we have . , = . Since is( sub-unital,)\ ∪ ∩ ( ) ⊆ ∩ ∅ F , + , + . F?.(. . - . ( −F → ( )) ⊗ (⊤ − ⊤ ) ⊒ ⊥ Note that + , + . = + , @E Θ . We have F → ( ) ⊗ ⊤ F → (⊤ ( ) ) / + , @E Θ , F?.(. . + , + F?.(. . ⊤ −F → (⊤ ( ) ) ⊒ ⊗ ⊤ −F → ( )⊗ ⊤ = F?.(. / + , F?.(. @E Θ ⊤ −F → ( ⊤ ( ) ) where the second equality follows from the assumption that + , @E ( = , and thus from clause (3), ( ∪ ) ∩ ( ) ∅

/ F?.(. / + , Θ + , @E Θ F?.(. @E Θ Θ . ⊤ − (⊤ −F → ( )⊒F → (⊤ ( ) − (⊤ ( ) − )) The result then follows from clause (1). It is easy to check that when is unital, the equality actually holds. F

Note that from Lemmas 4.14 and 3.10, if @E Θ = @E Ψ @E ( , then = Θ ( Ψ iﬀ ( ) ( ) ⊇ ( ) | tot { } { } Θ F?.(.Ψ, and =par Θ ( Ψ iﬀ Θ F;?.(.Ψ. To conclude this section, we extend this result (and⊑ a similar one| for partial{ } correctness){ } ⊑ to the general case. Lemma 4.17. Let ( be a cq-program, and Θ and Ψ are cq-assertions. Then

=tot Θ ( Ψ iff Θ . F?.(. Ψ @E ( @E Ψ | { } { } ( ⊗ ( )\ ( ) ) =par Θ ( Ψ iff Θ . F;?.(. Ψ @E ( @E Ψ . | { } { } ( ⊗ ( )\ ( ) ) Proof. Note that = Θ ( Ψ iff | tot { } { } =tot Θ @E (,Ψ @E Θ ( Ψ @E (,Θ @E Ψ . | ⊗ ( )\ ( ) ⊗ ( )\ ( ) Similar result holds for partial correctness as well. Then the lemma follows from Lemma 4.16(5).

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 25

5 HOARE LOGIC FOR CQ-PROGRAMS Thecore of Hoarelogic is a proof system consisting of axiomsand proof rules which enable syntax- oriented and modular reasoning of program correctness. In this section, we propose a Hoare logic for cq-programs.

5.1 Partial correctness We propose in Table 4 the proof system for partial correctness of cq-programs, which looks quite similar to the standard Hoare logic, thanks to the novel definition of cq-assertions. Several cases deserve explanation. The side conditions in rules (Init), (Unit), and (Meas) are introduced to guarantee the well-definedness of the corresponding preconditions. They can always be satisfied by introducing ‘dull’ quantum variables (i.e. tensor product with appropriate identity operators): if, say, @ ∉ @E Θ , then let Θ′ , Θ @ which is h-equivalent to Θ and @ @E Θ′ . An alternative way to deal( with) the case where @⊗∉ @E Θ in (Init) or@ ¯ @E Θ = in (Unit)∈ ( and) (Meas) is to use the corresponding auxiliary rules introduced( ) in Sec. 6. ∩ ( ) ∅ To use rule (If), we first split the precondition into two parts: Θ = 1 Θ 1 Θ. In the first ∧ + ¬ ∧ one, all the classical states satisfy 1, thus the first premise 1 Θ (1 Ψ is employed; in the second part, all classical states satisfy 1, thus the second premise{ ∧ is} employed.{ } As shown in Sec. 4.4, this rule is essentially a quantum¬ extension of the corresponding rule in the expectation-based probabilistic Hoare logic [Morgan et al. 1996]. In contrast, more sophisticated rules are introduced in satisfaction-based probabilistic Hoare logics [Chadha et al. 2007; Den Hartog and de Vink 2002; Ramshaw 1979; Rand and Zdancewic 2015] to deal with the case where probabilities of the two branches are different. This illustrates a benefit of adopting the expectation-based approach in reasoning about probabilistic and quantum programs: the quantitative assertions can encode probabilities in a natural way, making proof rules simpler than the satisfaction-based approach. The cq-assertion Θ in rule (While) plays asimilar role of ‘loopinvariant’ asin classical programs. Finally, as the pre- and post-conditions can act on different quantum variables, we need the pre- order . for rule (Imp) rather than the Löwner order in [Ying 2012] etc. Note also that in the rules in Table 4, substitutions (say, Θ 8 G in (Meas)) and Booleanoperations [ / ] (say, 1 Θ in (If))are applied on the classical partof Θ, while super-operators (say, * †Θ* in (Unit)) ∧ @¯ @¯ Θ , are on the quantum part only. For example, let : ?: , #: . Then rule (Meas) actually claims that if@ ¯ @E Θ , ∈ h i ⊆ ( ) É

? 8 G ,"†# " G := meas @¯ Θ . : [ / ] 8 : 8 M[ ]{ } ( 8 : ) Õ∈ Õ∈ D E We write par Θ ( Ψ if the correctness formula Θ ( Ψ can be derived using the axioms and rules⊢ presented{ } in{ Table} 4. { } { } Recall the proof rule for loop programs in [Ying 2012]:

0 1 " ( @¯ # @¯ " { } E ( )+E ( ) (5) n o 0 # 1 " while @¯ = 1 do ( end # E@¯ ( )+E@¯ ( ) M[ ] { } n 8 o where = " ," and , "†" , 8 = 0, 1. Now we show how this rule can be derived in M { 0 1} E@¯ ( ) 8 8 our proof system, when the assertions like " in Eq.(5) are replaced by cq-assertions of the form true," . That is, we are going to show h i true," ( true, 0 # 1 " (6) ⊢par {h i} E@¯ ( )+E@¯ ( ) nD Eo , Vol. 1, No. 1, Article . Publication date: May 2021. 26 Yuan Feng and Mingsheng Ying

(Skip) Θ skip Θ (Abort) abort { } { } {⊤+ } {⊥+ }

(Assn) Θ 4 G G := 4 Θ (Rassn) 6 3 Θ 3 G G := 6 Θ { [ / ]} { } ( )· [ / ] $ { } 3 type G   ∈ Õ ( )  @ @E Θ @¯ @E Θ (Init) ∈ ( ) (Unit)  ⊆ ( )  3@ 1   − 8 0 Θ 0 8 @ := 0 Θ * †Θ* @¯ = * Θ 8=0 | i@ h | | i@ h | { } @¯ @¯ ∗ { } n o n o Í@¯ @E Θ , = "8 : 8 Θ (0 Θ′ , Θ′ (1 Ψ (Meas) ⊆ ( ) M { ∈ } (Seq) { } Θ{ } { }Ψ { } Θ = Θ (0; (1 8 "8† 8 G "8 G : meas @¯ { } { } ∈ [ / ] M[ ] { } nÍ 1 Θ ( Ψ o, 1 Θ ( Ψ 1 Θ ( Θ (If) { ∧ } 1 { } {¬ ∧ } 0 { } (While) { ∧ } { } Θ if 1 then ( else ( end Ψ Θ while 1 do ( end 1 Θ { } 1 0 { } { } {¬ ∧ } Θ . Θ , Θ ( Ψ , Ψ . Ψ (Imp) ′ { ′} { ′} ′ Θ ( Ψ { } { } Table 4. Proof system for partial correctness.

implies

true, 0 # 1 " G := meas @¯ ; whileG = 1 do (; G := meas @¯ ; end true, # . ⊢par E@¯ ( )+E@¯ ( ) M[ ] M[ ] {h i} nD Eo (7) First we have G = 1," {h i} true," Imp {h i} ( ) (; true, 0 # 1 " Eq. 6 E@¯ ( )+E@¯ ( ) ( ) nD Eo 0 = 1, 0 " 0 ≠ 1, 0 # 1 = 1, 1 " 1 ≠ 1, 1 # Imp E@¯ ( ) + E@¯ ( ) + E@¯ ( ) + E@¯ ( ) ( ) GnD:= meas @¯E; D E D E D Eo M[ ] G = 1," G ≠ 1, # . Meas {h i + h i} ( ) Then, using the (While) rule, G = 1," G ≠ 1, # while G = 1 do (; G := meas @¯ ; end G ≠ 1, # . ⊢par {h i + h i} M[ ] {h i} Finally, the following reasoning

true, 0 # 1 " E@¯( )+E@¯ ( ) GnD:= meas @¯ ; Eo M[ ] G = 1," G ≠ 1, # Meas, Imp {h i + h i} ( ) while G = 1 do (; G := meas @¯ ; end M[ ] G ≠ 1, # {h i} true, # Imp {h i} ( )

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 27 gives us the proof of Eq.(7) as desired. Now we show the soundness and (relative) completeness of the proof system in the sense of partial correctness. Theorem 5.1. The proof system in Table 4 is both sound and complete with respect to the partial correctness of cq-programs. Proof. Soundness: We need only to show that each rule in Table 4 is valid in the sense of partial correctness. Take the rule (While) as an example; the others are simpler. Let =par 1 Θ ( Θ . Without loss of generality, we assume @E ( @E Θ . Then 1 Θ F;?.(.Θ| . We{ now∧ prove} { by} ( ) ⊆ ( ) ∧ ⊑ induction on = that Θ Θ= for any = 0, where Θ= is deﬁned as in Table 3 for the F;? semantics of while 1 do ( end when⊑ the postcondition≥ is 1 Θ. The case when = = 0 is trivial. Then we calculate ¬ ∧

Θ= 1 = 1 1 Θ 1 F;?.(.Θ= + ¬ ∧ (¬ ∧ )+ ∧ 1 Θ 1 F;?.(.Θ ⊒ ¬ ∧ + ∧ 1 Θ 1 1 Θ = Θ, ⊒ ¬ ∧ + ∧( ∧ ) where the ﬁrst inequality follows from the induction hypothesis and Lemma 4.16(2). Thus Θ F;?. while 1 do ( end . 1 Θ , ⊑ ( ) (¬ ∧ ) and so = Θ while 1 do ( end 1 Θ | par { } {¬ ∧ } as desired. Completeness: By Lemma 4.17 and the (Imp) rule, it suﬃces to show that for any Θ and ( ′ with @E ( @E Θ , ( ′) ⊆ ( ) F;?.( ′.Θ ( ′ Θ . ⊢par { } { } Again,wetakethecaseforloopsasanexample.Let while , while1 do ( end and Ψ , F;?.while.Θ. By induction, we have F;?.(.Ψ ( Ψ . Note that ⊢par { } { } Ψ = 1 Θ 1 F;?.(.Ψ. ¬ ∧ + ∧ Thus 1 Ψ = 1 F;?.(.Ψ F;?.(.Ψ and so 1 Ψ ( Ψ by the (Imp) rule. Now using ∧ ∧ ⊑ ⊢par { ∧ } { } (While) we have par Ψ while 1 Ψ and the result follows from the fact that 1 Ψ = 1 Θ Θ. ⊢ { } {¬ ∧ } ¬ ∧ ¬ ∧ ⊑ 5.2 Total correctness Ranking functions play a central role in proving total correctness of while loop programs. Recall that in the classical case, a ranking function maps each reachable state in the loop body to an element of a well-ordered set (say, the set N of non-negative integers), such that the value decreases strictly after each iteration of the loop. Our proof rule for total correctness of while loops also heavily relies on the notion of ranking assertions.

Deﬁnition 5.2. Let Θ + . A decreasing sequence (w.r.t. ) of cq-assertions Θ= : = 0 in are Θ-ranking assertions∈ A for while 1 do ( end if ⊑ { ≥ } A+ (1) Θ Θ and Θ = ; ⊑ 0 = = ⊥+ (2) for any = 0 and Δ @E ( + , ≥ Ó ∈ S ( )∪ Exp [[(]] Δ 1 = Θ= Exp Δ = Θ= 1 . ( ( | ) | ) ≤ ( | + )

, Vol. 1, No. 1, Article . Publication date: May 2021. 28 Yuan Feng and Mingsheng Ying

An alternative definition of Θ-ranking assertions, which uses the weakest precondition semantics instead of the denotational one, is to replace the second clause above by 1 F?.(.Θ= Θ= 1. It is easy to show that these two definitions are equivalent. ∧ ⊑ + With the notion of ranking assertions, we can state the proof rule for while loops in total correctness as follows: 1 Θ ( Θ Θ{ -ranking∧ } assertions{ } exist for while 1 do ( end WhileT ( ) Θ while 1 do ( end 1 Θ { } {¬ ∧ } The proof system for total correctness is then defined as for partial correctness, except that the rule (While) is replaced by (WhileT), and rule (Abort) replaced by AbortT abort . ( ) {⊥+ } {⊥+ } We write tot Θ ( Ψ if the correctness formula Θ ( Ψ can be derived using the proof system for⊢ total{ correctness.} { } { } { } Recall that in [Ying 2012], a notion of bound function is proposed for proving total correctness of purely quantum programs. Let " and n > 0. A function ∈ P(H) C : N D(H) → is called ",n -bound for the loop while @¯ = 1 do ( end where = "0,"1 if for any d ( , ) M[ ] M { } ∈ D(H) (1) C [[(]] 1 d C d , ( (E@¯ ( ))) ≤ ( ) (2) if tr "d n then C [[(]] 1 d < C d . ( ) ≥ ( (E@¯ ( ))) ( ) With the bound functions, the proof rule for total correctness of quantum loops in [Ying 2012] reads as follows:

0 1 " ( @¯ # @¯ " { } E ( )+E ( )1 for eachnn > 0, Cn is a o " ,n -bound function for while @¯ = 1 do ( end (E@¯ ( ) ) M[ ] 0 # 1 " while @¯ = 1 do ( end # E@¯ ( )+E@¯ ( ) M[ ] { } n o As our ranking assertions are essentially linear functions on , they normally have a more compact representation, and hopefully are easier to use in applD(H)ications than the bound functions in [Ying 2012]. Again, we can prove the soundness and (relative) completeness of the proof system for total correctness. Theorem 5.3. The proof system for total correctness is both sound and complete with respect to the total correctness of cq-programs. Proof. Soundness: We need only to show that each rule of the proof system is valid in the sense of total correctness. Take rule (WhileT) as an example. Let while , while @ do ( end, = 1 Θ ( Θ , (8) | tot { ∧ } { } and Θ= : = 0 be a sequence of Θ-ranking assertions for while. Assume without loss of generality{@E ( ≥@E}Θ . We prove by induction on = that ( ) ⊆ ( ) Θ Θ Ψ ⊑ = + =

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 29 for any = 0, where Ψ0 , @E Θ , and for any = 0, Ψ= 1 , 1 Θ 1 F?.(.Ψ= . The case when = = 0 is from≥ the assumption⊥ that( ) Θ Θ . For = ≥ 0, we+ calculate¬ ∧ + ∧ ⊑ 0 ≥ 1 Θ F?.(.Θ F?.(.Θ F?.(.Ψ ∧ ⊑ ⊑ = + = where the first inequality follows from Eq.(8), and the second one from the induction hypothesis and Lemma 4.16(3). Thus Θ = 1 Θ 1 Θ ∧ + ¬ ∧ 1 Θ= 1 1 F?.(.Ψ= 1 Θ ⊑ ∧ + + ∧ + ¬ ∧ Θ= 1 Ψ= 1, ⊑ + + + where the first inequality follows from the definition of ranking assertions, and the second one from that of Ψ= 1. Thus + Θ F?. while 1 do ( end . 1 Θ ⊑ ( Θ Ψ ) (¬ ∧ Θ) by noting that F?. while 1 do ( end . 1 = = = and = = = , and so ( ) (¬ ∧ ) ⊥H = Θ while 1 do ( end 1 Θ | tot { } Ô {¬ Ó∧ } as desired. Completeness: By the (Imp) rule, it suffices to show that for any Θ and ( with @E ( @E Θ , ′ ( ′) ⊆ ( ) F?.( ′.Θ ( ′ Θ . ⊢tot { } { } Again, we take the case for while loops as an example. Let while , while 1 do ( end and Ψ , F?.while.Θ. By induction, we have F?.(.Ψ ( Ψ . Note that ⊢tot { } { } Ψ = 1 Θ 1 F?.(.Ψ. ¬ ∧ + ∧ Thus 1 Ψ = 1 F?.(.Ψ F?.(.Ψ, and so 1 Ψ ( Ψ by rule (Imp). ∧ ∧ ⊑ ⊢tot { ∧ } { } Let Θ0 = F?.while. @E Θ and Θ= 1 = 1 F?.(.Θ= . We are going to show that Θ= : = 0 are Θ-ranking assertions for⊤ while( ) . First,+ note∧ that { ≥ }

Θ1 = 1 F?.(.Θ0 1 @E Θ 1 F?.(.Θ0 = Θ0. ∧ ⊑ ¬ ∧ ⊤ ( ) + ∧ So Θ= : = 0 is decreasing by easy induction, using Lemma 4.16(2). Next, as Θ @E Θ , we { ≥ } ⊑ ⊤ ( ) have Ψ Θ0. ⊑ Θ Finally, we prove that = = = @E Θ . We show by induction on = that for any = 0 and ⊥ ( ) ≥ Δ @E Θ,while , ∈ S ( ) ExpÓΔ = Θ = tr [[while]] Δ tr [[while=]] Δ . (9) ( | =) ( ( )) − ( ( )) The case when = = 0 is direct from Lemmas 3.9 and 4.14. We further calculate that

Exp Δ = Θ= 1 = Exp Δ = 1 F?.(.Θ= ( | + ) ( | ∧ ) = Exp Δ = F?.(.Θ ( |1 | = ) = Exp [[(]] Δ = Θ ( ( |1) | =) = tr [[while]] [[(]] Δ tr [[while=]] [[(]] Δ ( ( ( |1))) − ( ( ( |1))) = 1 = tr [[while]] Δ tr [[while + ]] Δ . ( ( )) − ( ( )) Here the second last equality is from induction hypothesis, and the last one from Lemma 4.7. Note that the second term of the r.h.s of Eq.(9) converges to the ﬁrst one when = goes to inﬁnity. Thus Δ Θ Θ Δ lim= Exp = = = 0, and so = = = @E Θ from the arbitrariness of and Lemma 3.11. Now ( | ) ⊥ ( ) using rule (WhileT), we have tot Ψ while 1 Ψ and the result follows from the fact that 1 Ψ = 1 Θ Θ. ⊢Ó { } {¬ ∧ } ¬ ∧ ¬ ∧ ⊑ To conclude this section, let us point out an alternative statement for the (WhileT) rule.

, Vol. 1, No. 1, Article . Publication date: May 2021. 30 Yuan Feng and Mingsheng Ying

Lemma 5.4. Let Θ + . The loop while 1 do ( end has Θ-ranking assertions iff there is an increasing sequence Ψ∈: A= 0 of cq-assertions in such that { = ≥ } A+ (1) Θ Ψ and Ψ = ; ⊑ ⊤+ − 0 = = ⊤+ (2) =par 1 Ψ= 1 ( Ψ= . | { ∧ + } Ô{ } Proof. Let Θ= : = 0 be a sequence of Θ-ranking assertions for while 1 do ( end. Let Ψ , Θ , {8 0. Then≥ clause} (1) holds trivially. To prove clause (2), note that 8 ⊤+ − 8 ≥ 1 F?.(.Θ= Θ= 1 ∧ ⊑ + iff F?.(.Θ= 1 Θ= 1 1 + ⊑ ∧ + + ¬ ∧ ⊤ iff 1 + Θ= 1 + F?.(.Θ= ∧ (⊤ − + ) ⊑ ⊤ − iff 1 Ψ= 1 F;?.(.Ψ= ∧ + ⊑ where the last equivalence is from Lemma 4.16(1).

With the above lemma, we can restate rule WhileT as follows: ( ) 1 Θ ( Θ {Θ∧: =} 0{ increasing} , Θ Θ , Θ = { = ≥ } ⊑ ⊤+ − 0 = = ⊤+ par 1 Θ= 1 ( Θ= WhileT′ ⊢ { ∧ + } { } Ô ( ) Θ while 1 do ( end 1 Θ { } {¬ ∧ } Interestingly, proof of partial correctness is also employed in this new rule for total correctness. Note that however, there are inﬁnitely many premises in the rule which might not be convenient for automated reasoning, unless parametrised reasoning is supported somehow.

6 AUXILIARY RULES We have provided sound and relatively complete proof systems for both partial and total correctness of cq-programs. Thus in principle, these proof rules are sufficient for proving desired properties as long as they can be described faithfully with Hoare triple formulas. However, in practice, using these rules directly might be complicated. To simplify reasoning, in this section we introduce some auxiliary proof rules which are listed in Table 5. For the sake of convenience, we write ?, k for ?, k k , and ? for ? . h The| ii rulesh (Top)| ih and|i (Bot) deals∧ with ⊤ special cq-assertions. Rules (Init0), (Meas0), and (Unit0) simplify the corresponding ones in Table 4 when the evolved quantum variables do not appear in the postcondition. Extended commands with syntactic sugars are also considered in these rules, as well as in the rule (Param). Rule (SupOper) essentially says that any valid operation applied on the quantum variables not involved in ( does not affect the correctness of (. Note that a weaker version of this rule, where + and , are taken equal, was presented in [Ying 2019]. However, the current version is much more expressive, evidenced by the fact that (SupPos), (L-Sum), (Tens), and (Trace) are all its special cases. Rule (SupPos) deals with superposition of quantum states, and it is useful in proving the correctness of quantum circuits which consist of solely unitary operators. As unitary operators are linear, a natural question is: can we verify such circuits by only checking each pure state from an orthonormal basis? Specifically, let + = @E ( , and q8 : 1 8 3 and k8 : 1 8 3 are both orthonormal bases of . If ?, q ( ) ( {|? , ik ≤ for≤ all}8, can{| wei deduce≤ ≤ } H+ ⊢ {h | 8i+ i} {h ′ | 8 i+ i} 3 3 ?, U8 q8 + ( ? ′, U8 k8 + ⊢ (* = | i +) (* = | i +) Õ8 1 Õ8 1 , Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 31

@¯ @E Θ = (Top) ( (Bot) ( (Init0) ∩ ( ) ∅ {⊤+ } {⊤+ } {⊥+ } {⊥+ } Θ @¯ := 0 Θ { } { }

@¯ @E Θ = , = "8 : 8 @¯ @E Θ = (Meas0) ∩ ( ) ∅ M { ∈ } (Unit0) Θ∩ ( ) Θ∅ Θ = Θ @¯ = * 8 8 G "8†"8 G : meas @¯ { } ∗ { } ∈ [ / ]⊗ M[ ] { } n @¯ : o Í | | 8 Θ Θ (Param) 4 9 = 8 9 4 = 8 8 , ,8 @¯ 41, ,4: = 4 ( )∧( ) ∧ U 1 ··· : ( ) [ ··· ] ∗ U( ) { } (8 , ,8 =1,distinct 8=1 9=1 ) 1 ··· :Õ Õ Û

, 8 Θ , Θ where *8 :1 8 , 8 , ,8 *8† *8, and *8 is applied on @81, ,@8: . U { ≤ ≤ } U 1 ··· : ( ) ···

Θ ( Ψ ,, @E Θ + @E Θ ,, @E Ψ + @E Ψ , + , @E ( = (SupOper) { } { } ∩ ( ) ⊆ ⊆ ( ) ∩ ( ) ⊆ ⊆ ( ) ( ∪ ) ∩ ( ) ∅ + , Θ ( + , Ψ {F → ( )} {F → ( )}

where + , is a completely positive and sub-unital super-operator from + to , . F → L(H ) L(H ) 1 3 1 3 ?, q8 + 8 , ( ? ′, k8 + 8 , ,@E ( + (* √3 8=1 | i | i +) (* √3 8=1 | i | i +) ( ) ⊆ (SupPos) Õ Õ 3 3 ?, U8 q8 + ( ? ′, U8 k8 + (* = | i +) (* = | i +) Õ8 1 Õ8 1 where 8 ’s, q ’s, and k ’s are all sets of orthonormal states, U C, and 3 U 2 = 1. | i | 8i | 8 i 8 ∈ 8=1 | 8 | 3 Θ 3 Ψ Θ Ψ Í 8=1 8 8 , 8 ( 8=1 8 8 , 8 , , @E (, 8, 8 = (L-Sum) ⊗| i h | ⊗| i h | ∩ ( ) ∅ nÍ o 3nÍ Θ 3 o Ψ 8=1 _8 8 ( 8=1 _8 8 nÍ o nÍ o where 8 ’s are orthonormal states in , _ 0, and 3 _ 1. | i H, 8 ≥ 8=1 8 ≤ Í Θ ( Ψ , , @E (, Θ, Ψ = Θ ( Ψ ,+ @E Θ @E Ψ ,+ @E ( = (Tens) { } { } ∩ ( ) ∅ (Trace) { } { } ⊆ ( ) ∩ ( ) ∩ ( ) ∅ ", Θ ( ", Ψ 1 Θ 1 Ψ { ⊗ } { ⊗ } dim tr+ ( dim tr+ (H+ ) ( ) (H+ ) ( ) n o n o ?," ( Ψ , G ∉ E0A ( free Ψ Θ ( Ψ , free ? change ( = (Exist) {h i} { } ( ) ∪ ( ) (Inv) { } { } ( ) ∩ ( ) ∅ G.?," ( Ψ ? Θ ( ? Ψ {h∃ i} { } { ∧ } { ∧ } ?," ( Ψ , ? ," ( Ψ ?," ( Ψ , ? , # ( Ψ , ? ? (Disj) {h i} { } {h ′ i} { } (Sum) {h i} { } {h ′ i} { } ′ → ¬ ? ? ," ( Ψ ?," ? , # ( Ψ {h ∨ ′ i} { } {h i + h ′ i} { } Θ ( Ψ , _ 0 ? ′ (1 ?, k @¯ k , ?,"@¯ (2 Ψ (Linear) { 8 } { 8 } 8 ≥ (ProbComp) { } | i h | { } _ Θ ( _ Ψ k " k ? ( ; ( Ψ { 8 8 8 } { 8 8 8 } {h | | i · ′} 1 2 { } Í 1 Í Θ ( Θ , 1 ? C = I ( C < I , ? C 0 (C-WhileT) { ∧ } { } { ∧ ∧ } { } → ≥ Θ while 1 do ( end 1 Θ { } {¬ ∧ } = = ∉ Θ = , where type I type C Integer, I E0A ?,1,C,( , 8 ?8,"8 and ? 8 ?8 . ( ) ( ) ( ) ∈ h i ∈ Table 5. Auxiliary rules. É Ô

3 3 for any superposed states 8=1 U8 q8 and 8=1 U8 k8 ? This is, however, not correct. For example, let type @ = bit. Then | i | i ( ) Í Í true, 0 @ = / true, 0 and true, 1 @ = / true, 1 | i@ ∗ | i@ | i@ ∗ | i@ , Vol. 1, No. 1, Article . Publication date: May 2021. 32 Yuan Feng and Mingsheng Ying since / 1 = 1 and 1 1 = 1 1 . However, true, @ @ = / true, @ is certainly| i not true.−| i The reason(−| i)(−h is that|) observables| ih | (thus cq-assertions)|+i cannot∗ distinguish quantum|+i states like 1 and 1 which differ only in the global phases. To overcome this difficul ty, in rule | i −| i 1 3 (SupPos) we combine all the states q8 + into a single (entangled) one = q8 + 8 , in a larger | i √3 8 1 | i | i Hilbert space (Intuitively, we use the orthonormal states 8 in to index q ). In H+ ⊗H, | i ÍH, | 8 i+ this way, the global phases caused by applying ( on q8 + ’s become local and detectable. Rules (Exist) and (Inv) are merely classical ones where| i the logic operations are performed on the classical part of the cq-assertions. The three rules (Disj), (Sum), and (Linear) all extend the rule ? ( ? , ? ( ? { 1} 1′ { 2} 2′ ? ? ( ? ? { 1 ∨ 2} 1′ ∨ 2′ in classical Hoare logic dealing with disjunction of assertio ns. In the first two rules, the disjunction is applied only on the classical part: rule (Disj) allows disjunction of any classical assertions ? and ? ′, but their quantum part must be the same; rule (Sum) allows different quantum parts, but the classical assertions must be mutually exclusive. For the general case, a weighted sum (for both the pre- and the postconditions) is used in (Linear). Rule (ProbComp) reasons about sequential composition of two programs (1 and (2. Note that rule (Seq) in Table 4 assumes the postcondition of (1 is the same as, or stronger than, when (Imp) is employed, the precondition of (2. In contrast, rule (ProbComp) can handle the case where such an assumption does not hold. As can be seen from the case studies, this rule is very useful in calculating the success probability of quantum algorithms. Finally, we present rule (C-WhileT) for the special case when a classical ranking function can be found to guarantee the (finite) termination of cq-programs. As shown in the case studies in Sec. 7, this rule is useful in simplifying the analysis of many practical quantum algorithms. Theorem 6.1. (1) All the auxiliary rules presented in Table 5, except (Top), are sound with respect to total correctness. (2) If we require 8 _8 1 in (Linear), then all the auxiliary rules presented in Table 5, except (ProbComp), (SupPos)≤ and (C-WhileT), are sound with respect to partial correctness. Í Proof. The rules (Top) and (Bot) are from Lemma 4.12. We note from (Meas) that whenever @¯ @E Θ = , ∩ ( ) ∅

Θ 8 G "†" G := meas @¯ Θ . [ / ]⊗ 8 8 M[ ]{ ⊗ @¯} ( 8 ) Õ∈ Then (Meas0) follows by (Imp). The proofs for (Init0) and (Unit0) are similar. (Param) follows from Lemma 4.15(4). (SupOper): From = Θ ( Ψ , we have Θ . F?.(.Ψ by Lemma 4.17. Then | tot { } { } =tot + , Θ ( + , Ψ | {F → ( )} {F → ( )} from Lemma 4.16(5). The case for partial correctness is similar. For (SupPos), we ﬁrst let be deﬁned as F

, Θ′ = k ∗ Θ′ k ∗ F →∅ ( ) h | | i for any Θ , where k = 3 U 8 . Then we have from (SupOper) that ′ ∈ A, | ∗i 8=1 8∗| i, 1 Í3 1 3 =tot ?, q8 + 8 , ( ? ′, k8 + 8 , | (* √3 = | i | i +) (* √3 = | i | i +) Õ8 1 Õ8 1 , Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 33 implies 1 3 1 3 =tot ?, U8 q8 + ( ? ′, U8 k8 + . | (* √3 = | i +) (* √3 = | i +) Õ8 1 Õ8 1 The desired result follows from (Linear) by multiplying both pre- and post-conditions with 3. Sim- Θ 3 Θ Θ ilarly, (L-Sum) follows from (SupOper) by taking , ′ = 8=1 _8 8 ′ 8 for any ′ , . F →∅ ( ) h | | i ∈ A (Tens) follows from (SupOper) by taking + = and + , 1 = ". Conversely, in (Trace) we take , = and ∅ F → (Í) ∅ 1 + , Θ = 8 + Θ 8 + F → ( ) dim h | | i + 8 (H ) Õ∈ where 8 : 8 is an orthonormal basis of + . The rules{| i (Exist),∈ } (Inv), (Disj), (Sum), and (Linear)H are all easy from deﬁnition. Note that to prove (Linear) for partial correctness, we have to require _ 1. 8 8 ≤ (ProbComp): For any f and d with f = ? ′ and tr d = 1, let Δ′ , [[(1]] f, d and Δ′′ , [[(2]] Δ′ . We ﬁrst have from = ? ( ?, k| k that( Í) ( ) ( ) | tot { ′} 1 h | i@¯ h |i

1 = Exp f, d = ? ′ k Δ′ f ′ k tr Δ′ 1. (h i | ) ≤ h | ( )| i ≤ ( ) ≤ f Δ ,f =? ′ ∈⌈Õ′ ⌉ ′ | Δ Δ Thus for any f ′ ′ , f ′ = ? and ′ f ′ = 2f k k for some 2f 0 with f Δ 2f = 1. ∈ ⌈ ⌉ | ( ) ′ | ih | ′ ≥ ′ ∈⌈ ′ ⌉ ′ Furthermore, by = ?," ( Ψ , we have | tot h @¯i 2 { } Í

2 k " k = Exp Δ′ = ?," Exp Δ′′ = Ψ . f′ h | | i ( | h @¯i) ≤ ( | ) f Δ ′Õ∈⌈ ′ ⌉ The result then follows from the observation that

Exp f, d = k " k ? ′ = k " k . (h i | h | | i · ) h | | i (C-WhileT): ﬁrst note that = 1 ? C = I ( C < I implies for any f = 1 ? C = I, | tot { ∧ ∧ } { } | ∧ ∧ and any f ′ in the support of [[(]] f, d , we have f ′ = C < I. Then an argument similar to that for classical programs leads to the( conclusion) that all| computations from while 1 do ( end,f,d terminates within f C steps, provided that f = ?. h i ( ) | 7 CASE STUDIES To illustrate the eﬀectiveness of the proof systems proposed in the previous sections, we employ them to verify Grover’s search algorithm presented in Example 4.5 and Shor’s factorisation algorithm with its subroutines.

7.1 Grover’s search algorithm We have proved in Examples 4.5 and 4.11, by employing the denotational semantics and the deﬁ- nition of correctness formulas respectively, that Grover’s algorithm succeeds in ﬁnding a desired solution with probability ?succ shown in Eq.(3). We now re-prove this result using the proof rules for total correctness. As stated in Example 4.11, the goal is to show ? Grover ~ (>; . (10) ⊢tot { succ} { ∈ } < Θ Ψ Ψ Let 1 , G and , = G = :, : , where : = k: k: and : 0h − i | ih | c c Ík = cos :\ U sin :\ V . | : i 2 − | i+ 2 − | i , Vol. 1, No. 1, Article . Publication date: May 2021. 34 Yuan Feng and Mingsheng Ying

Note that k0 = V and k: = k: 1 . Intuitively, Θ records the quantum states at each iteration. We show that| i it serves| i as an| invarianti | − ofi the while loop in Grover’s algorithm. Observe from (Unit) and (Assn) that

1 1 − − tot G = :, Ψ : @¯ = ; G := G 1; G = : 1, Ψ : 1 − − − ⊢ ( = h i) ∗ + ( = h + i) Õ: 0 Õ: 0 Together with the fact

1 − G = : 1, Ψ : 1 = G = :, Ψ : Θ, − − − = h + i = h i ⊑ Õ: 0 Õ: 1 we deduce from rule (Imp) that tot 1 Θ @¯ = ; G := G 1; Θ . Let I ∉ G,~ , C , G, and ? , 0 G . Then ? ⊢C {0,∧ and}C serves∗ as a classical+ { ranking} function.{ } Thus by rule− (C-WhileT),( ≤ ≤ ) → ≥ Θ while 1 do @¯ = ; G := G 1; end 1 Θ . (11) ⊢tot { } ∗ + {¬ ∧ } Furthermore, we have

= 2 ⊗ k h+| | i = @¯n := 0;@ ¯ = o⊗ ; ∗ true, Ψ Init, Unit {h i} ( ) G := 0;

G = :, Ψ : Assn, Imp − ( = h i) ( ) Õ: 0 while 1 do @¯ = ; G := G 1; end ∗ + G = , Ψ @. 11 {h 0i} ( ) true, 8 8 Imp | ih | ( ) (* 8 (>; +) Õ∈ ~ := meas @¯ ~ (>; Meas0 { ∈ } ( ) Finally, it is easy to show that = k 2 = ? , from which Eq.(10) follows. |h+| ⊗ | i| succ 7.2 antum Fourier Transform In the rest of the paper, all quantum variables are assumed to have bit type. Recall that the =-qubit quantum Fourier transform (QFT) is a unitary mapping such that for any integer 9,0 9 2= 1, ≤ ≤ − 2= 1 1 1 − 2c89: 2= 9 k 9 , 4 / : = 0.9 9 = : ··· = | i→| i √2 = | i = |+ i Õ: 0 Ì: = 2c80.9 9 where 91 ...9= is the binary representation of 9, and 0.9 9 , 0 4 : ··· = 1 √2. In partic- |+ : ··· = i (| i+ | i/ ular, 0 = . QFT serves as an important part for Shor’s factorisation and many other quantum algorithms.|+ i |+i

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 35

The QFT algorithm for = qubits can be described in our cq-language (with syntactic sugars) as follows: QFT = , ( ) G := 1; while G = do ≤ @¯ G = ; ~ := G 1; [ ] ∗ + while ~ = do ≤ @¯ ~, G = CR ~ G 1 ; ~ := ~ 1; [ ] ∗ ( − + ) + end G := G 1; + end @¯ = SWAP ∗ = where ' , ' :1 : = and for each :, ' is the controlled-' operator with { : ≤ ≤ } : : 2c8 2: ' = 0 0 4 / 1 1 , : | ih |+ | ih | and SWAP reverses the order of a list of = qubits; that is, SWAP 8 , ,8 = 8 , ,8 for all = = | 1 ··· =i@¯ | = ··· 1i@¯ 8 . The correctness of QFT = is stated as follows: for any U C, U 2 = 1, | 9 i∈H@ 9 ( ) 9 ∈ 9 | 9 | Í tot true, U 9 9 @¯ QFT = true, U 9 k 9 @¯ . ⊢ (* | i +) ( ) (* | i +) Õ9 Õ9 With the help of rule (SupPos), it suﬃces to prove true, U QFT n true, V ⊢tot | i@,¯ @¯′ ( ) | i@,¯ @¯′ 1 2= 1 where @¯ = @¯ , U , − 9 9 is a maximally entangled state in , and V , | ′| | | | i √2= 9=0 | i| i H@¯ ⊗ H@¯′ | i 1 2= 1 − k 9 . √2= 9=0 | 9 i| i Í The proof is rather involved. Due to the limit of space, we sketch the main ideas instead. Í (1) Let while′ be the inner loop. We show that = = 1 2= 1 ℓ 1 = + 1 − − Ψ , = = G ℓ ~ <, 0.9: 9= 0.9; 9< 1 9: 9 @¯′ ∧ √2= |+ ··· i⊗|+ ··· − i | i | i ℓ=1 <=ℓ 1 * 9=0 " :=1 :=ℓ 1 #@¯ + Õ Õ+ Õ Ì Ì+ serves as an invariant for while′. Furthermore, let ? , 1 G = G 1 ~ = 1 . ( ≤ ≤ )∧( + ≤ ≤ + ) Then C , = 1 ~ serves as a classical ranking function for while′. Thus we have from (C-WhileT) + − Ψ while′ ~ > = Ψ . ⊢tot { } { ∧ } (2) Let while be the outer while-loop, and = 1 2= 1 ℓ 1 = + 1 − − Θ , G = ℓ, 0.9 9 9: 9 @¯ . = : ··· = ′ = * √2 = " = |+ i⊗ = | i# | i + Õℓ 1 Õ9 0 Ì: 1 Ì: ℓ @¯ Then it can be shown that Θ is an invariant for while. Again, it is easy to construct a classical ranking function (C , = 1 G), so + − Θ while G > = Θ . (12) ⊢tot { } { ∧ }

, Vol. 1, No. 1, Article . Publication date: May 2021. 36 Yuan Feng and Mingsheng Ying

(3) For the whole program, we have

true, U | i@,¯ @¯′ = G : 1; = 1 2= 1 ℓ 1 = + 1 − − G = ℓ, 0.9 9 9: 9 @¯ Assn √ = |+ : ··· = i⊗ | i | i ′ ( )  ℓ=1 * 2 9=0 " :=1 :=ℓ # + Õ Õ Ì Ì @¯  while    2= 1 =  1 − G = = 1, 0.9 9 9 @¯ Eq. 12 + √ = |+ : ··· = i | i ′ ( ) * 2 9=0 " :=1 # +  Õ Ì @¯  @¯ = SWAP ∗ =   2= 1   1 −  true, k 9 @¯ 9 @¯ . Unit, Imp = ′ (* √2 = | i | i +) ( ) Õ9 0 7.3 Phase Estimation Given (the controlled version of) a unitary operator * acting on < qubits and one of its eigenstate D with * D = 42c8i D for some i 0, 1 . The phase estimation algorithm computes an =-bit approximation| i | i i ˜ of i with| i success probability∈ [ ) at least 1 n, where = and n are two given parameters. Let C , = log 2 1 . The algorithm is detailed as follows:− +⌈ ( + 2n )⌉ PE , A¯ := 0;A ¯ = U ;@ ¯ := 0; G := 1; ∗ u while G C do ≤ @¯ G = ; ~ := 0; [ ] ∗ C G while ~ < 2 − do @¯ G , A¯ = CU; ~ := ~ 1; [ ] ∗ + end G := G 1; + end

@¯ = QFT C †; ∗ ( ) I := meas @¯ where @¯ = C, A¯ = <, U is a unitary operator to prepare D from 0 , CU is the controlled-* | | | | u | i | i operator, and QFT C † is the inverse quantum Fourier transform on C qubits. The correctness( of) PE can be stated as

C = ? PE i I 2 < 2− (13) ⊢tot { PE } | − / | with ?PE 1 n. Let while be the outer while-loop and while′ be the inner one. The proof consists of three phases.≥ −

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 37

C : (1) For the body of while′, we have for any 1 : C and 0 ℓ < 2 , ≤ ≤ ≤ − G = : ~ = ℓ, D ∧ |+ℓi i@: | iA¯ @¯ G ,A = CU; ~ := ~ 1; [ ] ∗ + = = G : ~ ℓ 1, ℓ 1 i @: D A¯ Unit, Assn ∧ + |+( + ) i | i ( ) 2c80 where 0 , 0 4 1 √2 for any 0 R, and in particular, 0 = . Furthermore, |+ i (| i+ | i)/ ∈ C G |+ i |+i it is easy to construct a classical ranking function 2 − ~. Thus we have from (Linear) and (C-WhileT), − C G tot Ψ while′ Ψ ~ 2 − (14) C : ⊢ { } ∧ ≥ Ψ , 2 − = = where ℓ=0 G : ~ ℓ, ℓi @: D A¯ . (2) For the body of while, we∧ have for|+ anyi 1| i : C, Í ≤ ≤ G = :, 0 D | i@: | iA¯ @¯ G = ; ~ := 0; [ ] ∗ C : 2 − Ψ G = : ~ = ℓ, D Unit, Assn ≡ ∧ |+ℓi i@: | iA¯ ( )  ℓ=0   Õ  while  ′   C G  Ψ ~ 2 − G = :, C : @ D A¯ Eq. 14 ∧ ≥ ≡ |+2 − i i : | i ( ) G := G 1; + G = : 1, C : @ D A¯ Assn + |+2 − i i : | i ( ) Furthermore, it is easy to construct a classical ranking function C 1 G. Thus from (Tens), (Linear), and (C-WhileT) we have + − Θ while Θ G > C (15) ⊢tot { } { ∧ } where C 1 : 1 + − C : 1 Θ , = C 9 G :, 2 − i 0 ⊗( − + ) D A¯ . = * = |+ i⊗| i | i + Õ: 1 Ì9 1 (3) For the whole program, we have

{⊤} A¯ := 0;¯A = U ;@ ¯ := 0; ∗ u C true, 0 ⊗ D Init, Unit | i | iA¯ ( ) = G : 1; C 1 : 1 + − C : 1 = C 9 G :, 2 − i 0 ⊗( − + ) D A¯ Assn ( = * = |+ i⊗| i | i +) ( ) Õ: 1 Ì9 1 while C

= C 9 G C 1, 2 − i D A¯ Eq. 15 (* + = |+ i| i +) ( ) Ì9 1 2C 1 1 − true, 42c8:i : Imp C (* √2 = | i+) ( ) Õ: 0

, Vol. 1, No. 1, Article . Publication date: May 2021. 38 Yuan Feng and Mingsheng Ying

Furthermore, let C C = , 0 < < 2 : i 2− < < 2− (16) ≤ − C 2C 1 2c89< 2C and for each <, k< , 1 √2 9=−0 4 / 9 . Then we have | i / | i Í true, k k |

Lemma 7.1. , 1 Let i 0, 1 , n 0, 1 , = 1, C = log 2 2n , and be deﬁned in Eq. (16). Then ∈ [ ) ∈ ( ) ≥ + ⌈ ( + )⌉ 2 2C 1 1 − C exp 2c89 i 2− < 1 n. 2C ( − ) ≥ − < 9=0 Õ∈ Õ Proof. See page 224 of [Nielsen and Chuang 2002].

7.4 Order-finding Given positive co-prime integers G and # , the order of G modulo # is the least positive integer A A such that G # 1, where # denotes equality modulo # . Let ! , log # , n 0, 1 , and , ≡ 1 ≡ ⌈ ( )⌉ ∈ ( ) 3 C 2! 1 log 2 2n . The order-ﬁnding algorithm computes the order A of G by using $ ! operations,+ +⌈ with( success+ )⌉ probability at least 1 n 2log # . The algorithm goes as follows:( ) ( − )/( ( )) OF G, # , ( ) C @¯ := 0;@ ¯ = ⊗ ; ∗ @¯′ := 0;@ ¯′ = * 1; ∗ + @,¯ @¯′ = CU; ∗ @¯ = QFT C †; ∗ ( ) I′ := meas @¯; C I := 5 I′ 2 ( / ) = = = where @¯ C, @¯′ !, * 1 is a unitary operator on @¯′ such that * 1 0 1 , 5 G is the continued| | fractions| | algorithm+ which computes all convergentsH < = of the+ | continuedi | i fraction( ) for G with < = G < 1 2=2 and returns the minimal = if there is any,/ and CU is the controlled-* operator| on/ − | /(such) that CU 9 ~ = 9 * 9 ~ , where for each 0 ~ < 2!, H@¯ ⊗H@¯′ | i@¯| i@¯′ | i@¯ | i@¯′ ≤ G~ mod # if ~ < # * ~ = | i (17) | i ~ otherwise. | i

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 39

Note that * can be implemented using $ !3 basic quantum gates by employing the technique of modular exponentiation [Shor 1997]. For( the) sake of simplicity, we omit the detailed implementation of * in the description of OF G, # . The correctness of OF G, # can be( stated) as ( ) ? gcd G, # = 1 OF G, # I = A (18) ⊢tot { OF ·( ( ) )} ( ){ } for some ? 1 n 2log # . For each 0 B < A, let OF ≥ ( − )/( ( )) ≤ A 1 1 − 2c8B: A : DB , 4− / G mod # . | i √A = | i Õ: 0 2c8B A A 1 Then D ’s are orthonormal, * D = 4 D , and 1 √A − D = 1 . We compute | B i | B i / | B i / B=0 | B i | i gcd G, # = 1 Í { ( ) } C @¯ := 0;@ ¯ = ⊗ ;@ ¯′ := 0;@ ¯′ = * 1; ∗ ∗ + C gcd G, # = 1, ⊗ 1 Init, Unit ( ) |+ i@¯ | i@¯′ ( ) A 1 2C 1 1 − − gcd G, # = 1, 9 @¯ DB @¯ Imp C ′ (* ( ) √A2 = = | i | i +) ( ) ÕB 0 Õ9 0 @,¯ @¯′ = CU; ∗ A 1 2C 1 1 − − 2c89B A gcd G, # = 1, 4 / 9 @¯ DB @¯ Unit C ′ (* ( ) √A2 = = | i | i +) ( ) ÕB 0 Õ9 0 @¯ = QFT C †; ∗ ( ) A 1 2C 1 2C 1 1 − − − B : gcd G, # = 1, exp 2c89 : D Unit C C @¯ B @¯′ (* ( ) √A2 = = = A − 2 | i | i +) ( ) ÕB 0 Õ: 0 Õ9 0 Furthermore, for any 0 B < A with gcd B,A = 1, let ≤ ( ) B : 1 , 0 : < 2C : < . B ≤ A − 2C 22! 1 +

Then from [Nielsen and Chuang 2002, Theorem 5.1] and [Hardy and Wright 1979], for each : B the continued fractions algorithm 5 in OF G, # computes 5 : 2C = A. Thus ∈ ( ) ( / )

gcd G, # = 1, : : D D ( ) | i@¯ h |⊗| B i@¯′ h B | * B:gcd B,A =1 : B +  Õ( ) Õ∈  A 1 2C 1  − −   5 : 2C = A, : : D D  Imp  ( / ) | i@¯ h |⊗| B i@¯′ h B |  ( ) ( B=0 :=0 ) Õ Õ I′ := meas @¯; C 5 I′ 2 = A Meas0, Imp { ( / ) } ( ) C I := 5 I′ 2 ( / ) I = A Assn { } ( )

, Vol. 1, No. 1, Article . Publication date: May 2021. 40 Yuan Feng and Mingsheng Ying

Then by (ProbComp), Eq.(18) holds where 2 2C 1 1 1 − B : = ?OF C exp 2c89 C A 2 = A − 2 B:gcd B,A =1 : B 9 0 Õ( ) Õ∈ Õ 1 1 n 1 n − ≥ A ( − ) ≥ 2log # B:gcd B,A =1 Õ( ) ( ) where the ﬁrst inequality is from Lemma 7.1 and the last one from the fact that there are at least A 2log A prime numbers less than A # . /(Note thatwe( )) can checkeasily (in $ !3≤ time using, say, modular exponentiation) whether or not an output of OF G, # is indeed the order( ) of G modulo # . By repeating the above algorithm $ ! times we can further( increase) the success probability to 1 n. Actually, the 1 n success probability( ) can be achieved without introducing the $ ! overhead,− by only repeating−OF G, # a constant number of times and taking the least common( ) multiple of the outputs [Nielsen and( Chuang) 2002].

7.5 Shor’s factorisation algorithm Given a positive integer # which is composite, the factorisation problem asks to find all the factors of # . No classical algorithm can solve this problem in polynomial (in log # , the number of bits to encode # ) time. The difficulty of this problem is at the heart of many⌈ wide( ly)⌉ used cryptographic algorithms such as RSA [Rivest et al. 1978]. One of the killer apps of quantum computing is Shor’s algorithm [Shor 1994], which solves the factorisation problem (actually, a polynomial-time equivalent one which finds a non-trivial factor of # ) in $ log3 # time, achieving an exponential speed-up over the best classical algorithms. Shor’s algorithm( ( uses)) the order-finding algorithm as a subroutine in an inline manner, and is depicted in Table 6 (left column), where Unif 1, # 1 is the uniform distribution over 1, , # 1 . ( − ) { ··· − }Let ~ , ~ is a non-trivial factor of # 1 < ~ < # ~38E # , and ( ) ( )≡[ ∧( )] 2 2 # is odd and composite # ≠ 01 for any integers 0 and 1 > 1 . ( ) ( ∧ ∧ ) Here we assume # tobeoddandnotoftheform 01 for simplicity; otherwise, the non-trivial factor 2 or 0 of # can be easily found. Then the correctness of Shor # can be stated as ( ) ? 2 0 be a composite integer. 2 (1) If B is a non-trivial solution to the equation B # 1, then at least one of gcd B 1, # and gcd B 1, # is a non-trivial factor of # . ≡ ( − ) (2) Let <( +be the) number of prime factors of # and # is odd. If G is chosen uniformly at random from the set 1,...,# 1 . Then the conditional probability { − } 1 = Pr G gcd G, # 1 1 < 1 . [ ( ) | ( ) ] ≥ − 2 −

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 41

Shor # , ? 1 1 2< 1 2 1−then) 2 1 then gcd G, # (Imp) ( ) { ( ( ))} else ( ) ~ := gcd G, # ~ ( ) { ( )} OF G, # ; else ( ) I 2 if I is even G / .# 1 then ?OF 2

A 2 Since AG is the order of G modulo # , we have G G / .# 1. Thus the ﬁrst clause of Lemma 7.2 implies A 2 A 2 2 1 . Then from the second clause of Lemma 7.2 we have { − } ( ( ) ) Pr gcd G, # > 1 ? Pr gcd G, # = 1 G [ ( ) ]+ OF · [ ( ) ∧ ( )] 1 1 _ ? 1 _ 1 ? 1 , (21) ≥ + OF ·( − ) − 2< 1 ≥ OF · − 2< 1 − − and so 1 ? 1 OF − 2< 1 − # 1 − 1 ? gcd =, # > 1, gcd =, # = 1 = , OF Eq. 21 , Imp ( = ( ) # 1 + ( ) ∧ ( ) # 1 ) ( ) ( ) Õ= 1 − D − E G := Unif 1, # 1 $ ( − ) gcd G, # > 1 gcd G, # = 1 G ,? . Rassn {( ( ) ) + h ( ) ∧ ( ) OF i} ( ) The rest of the proof is sketched in the right column of Table 6, where Θ , gcd G, # > 1 gcd G, # = 1 G ,? . ( ( ) ) + h ( ) ∧ ( ) OF i < 1 Thus we have Eq. (19) with ?Shor = ?OF 1 1 2 − ?OF 2, by noting that 2 1. Furthermore, as stated in the previous( subsection,− / ) this ≥ prob/ ability can be further( increased) to 1 n without increasing the time complexity of the algorithm. −

, Vol. 1, No. 1, Article . Publication date: May 2021. 42 Yuan Feng and Mingsheng Ying

8 CONCLUSION We studied in this paper a simple quantum while-language where classical variables are explicitly involved. This language supports deterministic and probabilistic assignments of classical variables; initialisation, unitary transformation, and measurements of quantum variables; conditionals and while loops. Simultaneous initialisation of multiple quantum variables, and application of parametrised unitary operations on selected variables in a quantum register are also supported as syntactic sugars. These features make the description of practical quantum algorithms easy and compact, as shown by various examples. With novel definition of cq-states and assertions, we defined for our language a small-step structural operational semantics, and based on it, a denotational one. Partial and total correctness of cq-programs were then introduced in the form of Hoare triples. We proposed Hoare-type logic systems for partial and total correctness respectively, and showed their soundness and relative completeness. Case studies including Grover’s algorithm, quantum Fourier transformation, phase estimation, order finding, and Shor’s algorithm illustrate the expressiveness of our language as well as the capability of the Hoare logic. As future work, we would like to develop a software tool to implement the proof systems proposed in this paper, and use it to analyse more quantum algorithms and protocols from the area of quantum computation and communication. Another direction we are going to pursue is to extend our Hoare logic to classical-quantum languages with general recursion and procedure call. Finally, techniques of constructing invariants and ranking assertions for quantum loops are also interesting and important topics for further investigation.

ACKNOWLEDGMENTS This work is partially supported by the National Key R&D Programof China(Grant No:2018YFA0306 701) and the Australian Research Council (Grant No: DP180100691). Y. F. also acknowledges the support of Center for Quantum Computing, Peng Cheng Laboratory, Shenzhen during his visit.

REFERENCES Krzysztof Apt, Frank S De Boer, and Ernst-Rüdiger Olderog. 2010. Veriﬁcation of sequential and concurrent programs. Springer Science & Business Media. Krzysztof R Apt and Ernst-Rüdiger Olderog. 2019. Fifty years of Hoare’s logic. Formal Aspects of Computing 31, 6 (2019), 751–807. Gilles Barthe, Thomas Espitau, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2018. An Assertion- Based Program Logic for Probabilistic Programs. In European Symposium on Programming. Springer, Cham, 117–144. Gilles Barthe, Justin Hsu, Mingsheng Ying, Nengkun Yu, and Li Zhou. 2019. Relational proofs for quantum programs. Proceedings of the ACM on Programming Languages 4, POPL (2019), 1–29. Charles H Bennett. 1992. Quantum cryptography using any two nonorthogonal states. Physical review letters 68, 21 (1992), 3121. Charles H Bennett and Gilles Brassard. 1984. Quantum cryptography: Public key distribution and coin tossing. In Proceed- ings of the International Conference on Computers, Systems and Signal Processing. Charles H Bennett, Gilles Brassard, Claude Crépeau, Richard Jozsa, Asher Peres, and William K Wootters. 1993. Teleporting an unknown quantum state via dual classical and Einstein-Podolsky-Rosen channels. Physical review letters 70, 13 (1993), 1895. Charles H Bennett and Stephen J Wiesner. 1992. Communication via one-and two-particle operators on Einstein-Podolsky- Rosen states. Physical review letters 69, 20 (1992), 2881. Stefano Bettelli, Tommaso Calarco, and Luciano Seraﬁni. 2003. Toward an architecture for quantum programming. The European Physical Journal D-Atomic, Molecular, Optical and Plasma Physics 25, 2 (2003), 181–200. Rohit Chadha, Luís Cruz-Filipe, Paulo Mateus, and Amílcar Sernadas. 2007. Reasoning about probabilistic sequential programs. Theoretical Computer Science 379, 1-2 (2007), 142–165. Rohit Chadha, Paulo Mateus, and Amílcar Sernadas. 2006a. Reasoning about imperative quantum programs. Electronic Notes in Theoretical Computer Science 158 (2006), 19–39.

, Vol. 1, No. 1, Article . Publication date: May 2021. antum Hoare logic with classical variables 43

Rohit Chadha, Paulo Mateus, and Amílcar Sernadas. 2006b. Reasoning about states of probabilistic sequential programs. In International Workshop on Computer Science Logic. Springer, 240–255. JI Den Hartog and Erik P de Vink. 2002. Verifying probabilistic programs using a Hoare like logic. International journal of foundations of computer science 13, 03 (2002), 315–340. Ellie D’Hondt and Prakash Panangaden. 2006. Quantum weakest preconditions. Mathematical Structures in Computer Science 16, 3 (2006), 429–451. Edsger Wybe Dijkstra, Edsger Wybe Dijkstra, Edsger Wybe Dijkstra, Etats-Unis Informaticien, and Edsger Wybe Dijkstra. 1976. A discipline of programming. Vol. 613924118. Prentice-Hall Englewood Cliffs. Artur Ekert and Richard Jozsa. 1996. Quantum computation and Shor’s factoring algorithm. Reviews of Modern Physics 68, 3 (1996), 733. Lov K Grover. 1996. A fast quantum mechanical algorithm for database search. In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing. 212–219. Godfrey Harold Hardy and Edward Maitland Wright. 1979. An introduction to the theory of numbers. Oxford university press. Aram W Harrow, Avinatan Hassidim, and Seth Lloyd. 2009. Quantum algorithm for linear systems of equations. Physical review letters 103, 15 (2009), 150502. Charles Antony Richard Hoare. 1969. An axiomatic basis for computer programming. Commun. ACM 12, 10 (1969), 576– 580. Shih-Han Hung, Kesha Hietala, Shaopeng Zhu, Mingsheng Ying, Michael Hicks, and Xiaodi Wu. 2019. Quantitative robustness analysis of quantum programs. Proceedings of the ACM on Programming Languages 3, POPL (2019), 1–29. Yoshihiko Kakutani. 2009. A Logic for Formal Verification of Quantum Programs. Lecture Notes in Computer Science (2009), 79–93. https://doi.org/10.1007/978-3-642-10622-4_7 Dexter Kozen. 1981. Semantics of Probabilistic Programs. J. Comput. System Sci. 22 (1981), 328–350. Dexter Kozen. 1985. A probabilistic PDL. J. Comput. System Sci. 30, 2 (1985), 162–178. Karl Kraus, Arno Böhm, John D Dollard, and WH Wootters. 1983. States, effects, and operations: fundamental notions of quantum theory. Lecture notes in physics 190 (1983). Yangjia Li and Dominique Unruh. 2019. Quantum Relational Hoare Logic with Expectations. arXiv preprint arXiv:1903.08357 (2019). Junyi Liu, Bohua Zhan, Shuling Wang, Shenggang Ying, Tao Liu, Yangjia Li, Mingsheng Ying, and Naijun Zhan. 2019. Formal verification of quantum algorithms using quantum Hoare logic. In International conference on computer aided verification. Springer, 187–207. Dominic Mayers. 2001. Unconditional security in quantum cryptography. Journal of the ACM (JACM) 48, 3 (2001), 351–406. Annabelle McIver, Carroll Morgan, and Charles Carroll Morgan. 2005. Abstraction, refinement and proof for probabilistic systems. Springer Science & Business Media. Carroll Morgan, Annabelle McIver, and Karen Seidel. 1996. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems (TOPLAS) 18, 3 (1996), 325–353. Michael A Nielsen and Isaac Chuang. 2002. Quantum computation and quantum information. Federico Olmedo, Benjamin Lucien Kaminski, Joost-Pieter Katoen, and Christoph Matheja. 2016. Reasoning about recursive probabilistic programs. In 2016 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS). IEEE, 1–10. Bernhard Ömer. 1998. A procedural formalism for quantum computing. Master thesis. Lyle Harold Ramshaw. 1979. Formalizing the analysis of algorithms. Technical Report. STANFORD UNIV CA DEPT OF COMPUTER SCIENCE. Robert Rand. 2019. Verification logics for quantum programs. arXiv preprint arXiv:1904.04304 (2019). Robert Rand and Steve Zdancewic. 2015. VPHL: A verified partial-correctness logic for probabilistic programs. Electronic Notes in Theoretical Computer Science 319 (2015), 351–367. Ronald L Rivest, Adi Shamir, and Leonard Adleman. 1978. A method for obtaining digital signatures and public-key cryp- tosystems. Commun. ACM 21, 2 (1978), 120–126. Jeff W Sanders and Paolo Zuliani. 2000. Quantum programming. In International Conference on Mathematics of Program Construction. Springer, 80–99. Peter Selinger. 2004. Towards a quantum programming language. Mathematical Structures in Computer Science 14, 4 (2004), 527–586. Peter W Shor. 1994. Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th annual symposium on foundations of computer science. IEEE, 124–134. Peter W. Shor. 1997. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Com- puter. SIAM J. Comput. 26, 5 (1997), 1484–1509. Dominique Unruh. 2019a. Quantum hoare logic with ghost variables. In 2019 34th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS). IEEE, 1–13.

, Vol. 1, No. 1, Article . Publication date: May 2021. 44 Yuan Feng and Mingsheng Ying

Dominique Unruh. 2019b. Quantum relational Hoare logic. Proceedings of the ACM on Programming Languages 3, POPL (2019), 1–31. John Von Neumann. 1955. Mathematical Foundations of Quantum Mechanics. Princeton University Press, Princeton, NJ. Mingsheng Ying. 2012. Floyd–Hoare logic for quantum programs. ACM Transactions on Programming Languages and Systems (TOPLAS) 33, 6 (2012), 1–49. Mingsheng Ying. 2016. Foundations of Quantum Programming. Morgan Kaufmann. Mingsheng Ying. 2019. Toward automatic veriﬁcation of quantum programs. Formal Aspects of Computing 31, 1 (2019), 3–25. Mingsheng Ying, Li Zhou, and Yangjia Li. 2018. Reasoning about parallel quantum programs. arXiv preprint arXiv:1810.11334 (2018). Li Zhou, Nengkun Yu, and Mingsheng Ying. 2019. An applied quantum Hoare logic. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 1149–1162.

, Vol. 1, No. 1, Article . Publication date: May 2021.