A Flowchart Language for Quantum Programming

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. XX, NO. XX, XXXX 2010

1

A Flowchart Language for Quantum Programming Mingsheng Ying∗ and Yuan Feng

Abstract— Several high-level quantum programming languages have been proposed in the previous research. In this paper, we define a low-level flowchart language for quantum programming, which can be used in implementation of high-level quantum languages and in design of quantum compilers. The formal semantics of the flowchart language is given, and the notion of correctness for programs written in this language is introduced. A structured quantum programming theorem is presented, which provides a technique of translating quantum flowchart programs into programs written in a high-level language, namely a quantum extension of the while-language.

•

Index Terms— Quantum programming, flowchart language, while-language, structured programming

I. I NTRODUCTION Progress in the techniques of quantum devices has made people widely believe that large-scalable and functional quantum computers will be eventually built. Our experiences with classical computing suggest that once quantum computers become available in the future, quantum software will play a key role in exploiting their power. However, today’s software development techniques are not suited to quantum computers due to the essential differences between the nature of the classical world and that of the quantum world. Thus, it is critically essential to systematically develop quantum programming methodology, techniques and environments. Indeed, intensive research on quantum programming has been conducted in the last 15 years. The existing research can be roughly classified into the following categories. (Here, we only mentioned some works which we are familiar with; for a more systematic exposition we refer to two excellent survey papers [12], [23].) • Design of quantum programming languages: The first step was made by Knill [13] who introduced the Quantum Random Access Machine (QRAM) model for quantum computing and proposed a set of conventions for writing quantum pseudocode. Since then, several high-level quantum programming languages have been defined. The first quantum programming language, QCL, was designed by ¨ Omer [19]; he also implemented a simulator for this language. A quantum programming language in the style of Dijkstra’s guarded-command language, qGCL, was proposed by Sanders and Zuliani [21]. A quantum extension of C++ was proposed by Bettelli et al. [5], and implemented in the form of a C++ library. The first and now influential quantum This work was partly supported by the National Foundation of Natural Sciences of China (Grant No: 60736011). ∗ Corresponding author Manuscript received March 00, 2010; revised xxxx, 2010. The authors are with the Center of Quantum Computation and Intelligent Systems, Faculty of Engineering and Information Technology, University of Technology, Sydney, NSW 2007, Australia, and the State Key Laboratory of Intelligent Technology and Systems, Tsinghua National Laboratory for Information Science and Technology, Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China (email: [email protected], [email protected])

•

language of the functional programming paradigm, QPL, was defined by Selinger [22] based on the idea of classical control and quantum data. A quantum functional programming language QML with quantum control was introduced by Altenkirch and Grattage [2]. Tafliovich and Hehner [25], [26] defined a quantum extension of predicative programming language that supports the program development technique in which each programming step is proven correct when it is made. Semantics of quantum programming languages: Various semantics of quantum programming languages have been introduced. The operational or denotational semantics of some quantum programming languages were already provided when they were defined; for example qGCL, QPL and QML. Furthermore, D’Hondt and Panangaden [10] proposed the notion of quantum weakest precondition, and a predicate transformer semantics of quantum programs is presented in [30]. Abramsky and Coecke systematically developed a category-theoretic axiomatization of quantum mechanics which provides a high-level semantics of quantum computation and an effective method for verification of quantum communication protocols, including teleportation, logic-gate teleportation, and entanglement swapping [1]. An edited volume collecting the main semantic techniques in quantum computation was recently published [16]. Verification of quantum programs: Several proof systems for verification of quantum programs have been developed. Baltag and Smets [4] presented a dynamic logic formalism of information flows in quantum systems. Brunet and Jorrand [6] introduced a way of applying Birkhoff and von Neumann’s quantum logic in reasoning about quantum programs. Chadha, Mateus and Sernadas [7] proposed a Hoare-style proof system for reasoning about imperative quantum programs in which only bounded iterations are allowed. Some useful proof rules were proposed in [11] for purely quantum programs, and a full-fledged Hoare logic for both partial and total correctness of quantum programs was developed in [29].

The majority of previous research on quantum programming has been devoted to designing high-level languages. From a practical viewpoint of implementing high-level quantum programming languages and designing quantum compilers, we should also start with the lower levels in the hierarchy of programming languages and work upward. Some research in this direction has already been reported in the literature; for example, Svore et. al. [24] proposed a layered quantum software architecture which is indeed a four-phase design flow mapping a high-level language quantum program onto a quantum device through an intermediate quantum assembly language. Zuliani [33] designed a compiler for qGCL in which compilation is realized by algebraic transformation from a qGCL program into a normal form that can be directly executed by a target machine. Nagarajan, Papanikolaou


and Williams [18] defined a hybrid classical-quantum computer architecture - the Sequential Quantum Random Access Memory machine (SQRAM) - based on Knill’s QRAM, presented a set of templates for quantum assembly code, and developed a complier for a subset of Selinger’s QPL. All of these designs are based on the popular circuit model of quantum computation. Nevertheless, Danos, Kashefi and Panangaden [9] presented an elegant low-level language based on a novel and promising physical implementation model of quantum computation, namely measurement-based oneway quantum computer. One advantage of their language is that a standardization theorem was established, which enables us to transform all programs into a standard form executable in a novel physical architecture allowing performing all the entanglement in the beginning. This paper contributes further to understanding the behavior of quantum programs written in low-level languages and to clarifying the relationship between quantum programs in highlevel and low-level languages. In this paper, we define a quantum extension of a classical flowchart language considered in [15], which is assembly code. At the current stage, quantum computer hardware is still very limited and its architecture is uncertain, so it seems appropriate to choose a flowchart language as a low-level language. The language defined in this paper possesses two classes of program variables: classical variables and quantum variables. These classes of variables are separated, and a program state consists of a state of classical variables and a state of quantum variables. The language is obtained from the classical flowchart language by adding two kinds of commands for quantum operations, namely unitary transformations and measurements. The outcome of a measurement is assigned to a classical variable. So, measurement command provides a way of connecting classical and quantum variables. Only classical variables are allowed to occur in the test condition of a conditional jump. This embodies the idea of classical control and quantum data, and thus it is consistent with the QRAM model in [13]. This paper carefully examines the mathematical structure in the semantics of the quantum flowchart language. Some examples are given to illustrate various quantum program constructs and their semantics. To compare the expressibility of the quantum flowchart language with that of higher-level quantum programming languages, we introduce a quantum extension of while-language considered in [3] (see Chapter 3). In particular, we present a structured quantum programming theorem which gives a translation from quantum flowchart programs to quantum while-programs. This can be seen as a theoretical support to the structural programming paradigm for quantum computers pursued ¨ by Omer [19]. The paper is organized as follows. The syntax of the quantum flowchart language is presented in Sec. II. Its operational semantics is defined to be a probabilistic transition system in Sec. III, and its denotational semantics is given in Sec. IV. The notions of correctness and weakest precondition for quantum flowchart programs are introduced in Sec. V and VI, respectively. In Sec. VII, we define the quantum while-language and prove the structured quantum programming theorem. The example flowchart programs of teleportation and Grover algorithm are presented in Sec. VIII. A brief conclusion is drawn in Sec. IX. To understand the major part of this paper, the reader is required to be familiar with basics of quantum mechanics; for his convenience, a brief introduction to quantum theory is provided in Appendix

2

A. To increase readability of the paper, the proofs of all lemmas and propositions are put into Appendix B. II. S YNTAX We first define the syntax of our flowchart language for quantum programming. As in the case of classical flowcharts [15], the language is built upon a many-sorted first-order logical language with equality and a fixed interpretation of the first-order language. The alphabet of the first-order language consists of (1) a set F of function symbols; and (2) a set P of predicate symbols. For each F ∈ F, an arity ar(F ) ≥ 0 is assigned to it. If ar(F ) = n, then a type type(F ) of the form D1 , ..., Dn → D is assigned to F , where D1 , ..., Dn and D are interpreted as nonempty sets. Furthermore, F is interpreted as an n−ary function D1 × ... × Dn → D. In particular, if ar(F ) = 0, then F is a constant symbol and it is interpreted as an element in D. For each P ∈ P, an arity ar(P ) = n > 0 and a type type(P ) of the form D1 , ..., Dn are assigned to it, and P is interpreted to be an n−ary predicate P over D1 , ..., Dn , that is a subset of D1 × ... × Dn . We will use a set V of classical variables. For each x ∈ V , a type type(x) is assigned to it, and type(x) is interpreted as a set, that is the set of values over which x ranges. The terms are inductively defined as follows: (a) every variable is a term; and (b) if F ∈ F, type(F ) = D1 , ..., Dn → D, and t1 , ..., tn are terms with type(ti ) = Di for all 1 ≤ i ≤ n, then t ≡ F (t1 , ..., tn ) is also a term, and type(t) = D. If t1 and t2 are terms, and type(t1 ) = type(t2 ), then t1 = t2 is an atomic formula; and if P ∈ P has type(P ) = D1 , ..., Dn , and t1 , ..., tn are terms with type(ti ) = Di for all 1 ≤ i ≤ n, then P (t1 , ..., tn ) is an atomic formula. As usual, all first-order formulas can be defined from these atomic formulas by using quantifiers and connectives. Q A state of classical variables is defined to be an element of x∈V type(x), i.e. a S choice function σ : V → x∈V type(x) such that σ(x) ∈ type(x) for every x ∈ V . The semantics of first-order formulas can be defined in the familiar way. For each term t, we write σ(t) ∈ type(t) for the value of t in state σ , and for each first-order formula ϕ, we write σ(ϕ) ∈ {true, f alse} for the truth value of ϕ in state σ with respect to the fixed interpretation of the first-order language. A finite or countably infinite set QV of quantum variables is assumed. For each q ∈ QV , a type Hq is assigned to it, which is a Hilbert space. Intuitively, Hq stands for the state space of a quantum system denoted by q . We also assume a set L of labels with two distinguished elements written ‘begin’and ‘end’. Definition 2.1: A command has one of the following four forms: 1) Assignment: l1 : (x1 , ..., xn ) := (t1 , ..., tn ); goto l2 ,

where l1 , l2 ∈ L, l1 6= end, n ≥ 1, x1 , ..., xn are distinct classical variables, and t1 , ..., tn are terms with type(ti ) = type(xi ) for all 1 ≤ i ≤ n; 2) Unitary transformation: l1 : q1 , ..., qn := U [q1 , ..., qn ]; goto l2 ,

where l1 , l2 ∈ L, l1 6= end, n ≥ 1, q1 , ..., qn are distinct quantumN variables, and U is a unitary operator on the tensor product n i=1 Hqi ;


3) Measurement: l1 : x := M [q1 , ..., qn ]; goto l2 ,

where l1 , l2 ∈ L, l1 6= end, x is a classical variable, n ≥ 1, q1 , ..., qn are distinct quantum variables, M = {Mm } is a N measurement on n i=1 Hqi with spec(M ) ⊆ type(x), and spec(M ) = {m} is the set of indexes m of measurement operators Mm , called the spectrum of M (see Appendix A for its definition); 4) Conditional: l1 : if ϕ then goto l2 else goto l3 fi,

where l1 , l2 , l3 ∈ L, l1 6= end, l2 6= l3 , and ϕ is a first-order formula. The label at the beginning of a command is called the defining label of the command. A label that occurs immediately after a ‘goto’ in a command is called an applied label of the command. For a command C , we write Dl(C) for the defining label of C and Al(C) for the set of applied labels of C . From the above definition, we see that two kinds of commands are introduced to describe two basic quantum operations, namely unitary transformation and measurement. In a unitary transformation, only quantum variables occur. In a measurement, however, both a classical variable and a family of quantum variables are involved, and the outcome of the measurement performed on the quantum systems represented by these quantum variables is stored in a classical variable. Note that the outcome of the measurement will be used in the assignments and conditional testing in the later computation. The assignment and conditional commands are the same as in a classical flowchart language [15]. Classical computations occur within the evaluation of the terms t1 , ..., tn in an assignment (x1 , ..., xn ) = (t1 , ..., tn ) or in the terms appearing in the condition formula ϕ of a conditional if ϕ then goto l1 else goto l2 fi. It is possible that the outcome of a quantum measurement is assigned to a classical variable in these terms. So, the result of a previous quantum computation may participate in a classical computation. Definition 2.2: A flowchart quantum program is a finite set C1 , ..., Cn (n ≥ 1) of commands satisfying the following conditions: 1) ‘begin’ is the defining label of some command; 2) the defining labels of the commands are all different; 3) each applied label of any command except ‘end’ must be the defining label of some command. As in the case of classical computation, a flowchart quantum program can be visualized by a diagram. On the other hand, a quantum circuit can be easily transformed to a flowchart quantum program. We will present two examples in Sec. VIII to show how can quantum algorithms and communication protocols be written as flowchart programs. III. O PERATIONAL S EMANTICS We now present the operational semantics of our quantum flowchart language. By a classical-quantum state we mean a pair (σ, ρ), where σ is Na state of classical variables, and ρ is a density operator in q∈QV Hq . We write Ω for the set of classical-quantum states. A configuration G = (l, σ, ρ) consists of a label l ∈ L and

3

a classical-quantum state (σ, ρ). The operational semantics of quantum flowchart language will be given in terms of probabilistic transitions between configurations. Intuitively, a transition relation S,p

(l1 , σ1 , ρ1 ) ⇒ (l2 , σ2 , ρ2 )

means that if the current states of classical and quantum program variables are σ1 and ρ1 , respectively, and the command labeled by l1 in program S is executed, then with probability p, the states of classical and quantum variables will become σ2 and ρ2 , respectively, and the command labeled by l2 in S will be executed next. Let q1 , ..., qn N be distinct quantum variables. For any linear ..., qn ] to denote the operator A onN n i=1 Hqi , we use A[q1 , N operator A ⊗ q∈QV −{q1 ,...,qn } IHq on q∈QV Hq . That is, A[q1 , ..., qn ] is the cylindrical extension of A on the whole state space of all quantum variables, which acts on the state space of q1 , ..., qn as A and leaves the other quantum variables unchanged. This convention will be used in clauses 2) and 3) of the following definition. Definition 3.1: The operational semantics of a program S is S,p p defined to be the probabilistic transition relation ⇒ or simply ⇒ between configurations: p

(l1 , σ1 , ρ1 ) ⇒ (l2 , σ2 , ρ2 )

iff one of the following conditions holds: 1) A command in S is l1 : (x1 , ..., xn ) := (t1 , ..., tn ); goto l2 , σ2 = σ1 [σ1 (t1 )/x1 , ..., σ1 (tn )/xn ], ρ2 = ρ1 and p = 1; 2) A command in S is l1 : q1 , ..., qn := U [q1 , ..., qn ]; goto l2 , ρ2 = U [q1 , ..., qn ]ρ1 U † [q1 , ..., qn ], σ2 = σ1 , and p = 1; 3) A command in S is l1 : x := M [q1 , ..., qn ]; goto l2 , † p = tr(Mm [q1 , ..., qn ]Mm [q1 , ..., qn ]ρ),

ρ2 =

1 † Mm [q1 , ..., qn ]ρMm [q1 , ..., qn ], p

and σ2 = σ1 [m/x] for every m ∈ spec(M ); 4) A command in S is l1 : if ϕ then goto l2 else goto l3 fi

with σ1 (ϕ) = true, or l1 : if ϕ then goto l3 else goto l2 fi

with σ1 (ϕ) = f alse, σ2 = σ1 , ρ2 = ρ1 and p = 1. The transition rules for assignments and conditionals are the same as in a classical flowchart program. The transition rules for unitary transformation and measurement come directly from the corresponding postulates of quantum mechanics (see Appendix A). We observe that the transitions resulting from executing all commands except measurements are deterministic, that is, the transition probability p = 1. A probabilistic branching only happens when a measurement command is executed where different outcomes are returned with different probabilities.

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. XX, NO. XX, XXXX 2010 p

We simply write G1 ⇒ G2 for G1 ⇒ G2 when the probability p = 1. A computation sequence is of the form p1

p2

C = (l0 , σ0 , ρ0 ) ⇒ (l1 , σ1 , ρ1 ) ⇒ ... pk−1

Definition 4.2: The meaning function of a path α = l0 , l1 , ..., lk in a program S is a mapping JαK : Ω × Ω → [0, 1]: X 0 0 JαK(σ, ρ; σ , ρ ) =

pk

⇒ (lk−1 , σk−1 , ρk−1 ) ⇒ (lk , σk , ρk ).

The length of C is k. The label of C is the sequence Qn l(C) = l0 , l1 , ..., lk−1 , lk . The probability of C is p(C) = i=1 pi . We say that C starts in state (σ0 , ρ0 ) and ends in (σk , ρk ). If there is a computation sequence C whose initial and final configurations p

are (l, σ, ρ) and (l0 , σ 0 , ρ0 ), respectively, then we write (l, σ, ρ) ⇒k (l0 , σ 0 , ρ0 ), where p = p(C) and k is the length of C . Furthermore, p

p

4

we write (l, σ, ρ) ⇒∗ (l0 , σ 0 , ρ0 ) if (l, σ, ρ) ⇒k (l0 , σ 0 , ρ0 ) for some k ≥ 0. Two examples of computation sequence of quantum program are presented in Sec. VIII.

{|p(C) : l(C) = α and C starts in

(l0 , σ, ρ) and ends in (lk , σ 0 , ρ0 )|}

for any (σ, ρ), (σ 0 , ρ0 ) ∈ Ω. Intuitively, JαK(σ, ρ; σ 0 , ρ0 ) is the probability that the computation of S through α will terminate in state (σ 0 , ρ0 ) if it starts in state (σ, ρ). As in Definition 4.1, {| · |} is the notation for a multiset. The next lemma follows immediately from Definitions 4.1 and 4.2, and it establishes a connection between the meaning function of a program and the meaning functions of paths through it. Lemma 4.2: For any (σ, ρ), (σ 0 , ρ0 ) ∈ Ω, we have: X 0 0 0 0 JSK(σ, ρ; σ , ρ ) =

IV. D ENOTATIONAL S EMANTICS The denotational semantics can be given based on the operational semantics. It is defined to be a probabilistic relation between classical-quantum states. We first consider the denotational semantics of a program. Definition 4.1: The meaning function of a program S is a mapping from Ω × Ω → [0, 1]: JSK(σ, ρ; σ 0 , ρ0 ) =

X

p

{|p : (begin, σ, ρ) ⇒∗ (end, σ 0 , ρ0 )|}

for any (σ, ρ), (σ 0 , ρ0 ) ∈ Ω. Intuitively, JSK(σ, ρ; σ 0 , ρ0 ) stands for the probability that program S will terminate in state (σ 0 , ρ0 ) if it starts in state (σ, ρ). In its defining equation, the condition for probabilities p means that a computation of program S starts by executing the command labeled by ‘begin’ and terminates in a finite number of steps. The applied label of the last command executed in the computation is ‘end’. Since the probabilities of different computation can be the same, {| · |} stands for a multi-set. It is possible that in a computation some commands of S can be executed more than once but some others may never be executed. The following lemma shows that the above definition is reasonable since the probability that S terminates does not exceed 1. Lemma 4.1: For any (σ, ρ) ∈ Ω, we have: X JSK(σ, ρ; σ 0 , ρ0 ) ≤ 1. (1) (σ 0 ,ρ0 )∈Ω

The program S may run into a loop and thus not terminate when it starts in state (σ, ρ). So, it is possible that the left-hand side of Eq. (1) is smaller than 1. The quantity X 0 0 pN T (S; σ, ρ) = 1 −

JSK(σ, ρ; σ , ρ )

(σ 0 ,ρ0 )∈Ω

is the probability that S does not terminate from input (σ, ρ). We can also define the denotational semantics for a computational path in a program. A path in a program S from l to l0 is a sequence l0 , l1 , ..., lk of labels such that (1) l0 = l, lk = l0 ; and (2) li+1 is an applied label of the command with li as its defining label in S for all i ≤ k − 1. If l0 = lk and k ≥ 1, then the path l0 , l1 , ..., lk is a loop. A path through S is a path in S from ‘begin’ to ‘end’. We write path(S) for the set of all paths through S .

JαK(σ, ρ; σ , ρ ).

α∈path(S)

The above lemma shows that the probability that program S computes the result (σ 0 , ρ0 ) when it starts in (σ, ρ) is the summation of the probabilities that S computes the same result through all the possible paths. Intuitively, it means that a computation of program S from state (σ, ρ) to (σ 0 , ρ0 ) is always realized through a certain path connecting (σ, ρ) and (σ 0 , ρ0 ). We can give a more explicit characterization of nontermination. To this end, we introduce the following: Definition 4.3: Let α = l0 , l1 , ..., lk be a path in a program S . The probability pU D (α; σ, ρ) that the meaning of α starting in (σ, ρ) is undefined is defined by induction on the length k of α: 1) For k = 0, pU D (α; σ, ρ) = 0; 2) For k > 0, we write β = l0 , l1 , ..., lk−1 , and pU D (α; σ, ρ) = pU D (β; σ, ρ) + δ(α; σ, ρ), where  0 when lk−1 is not the defining label      of a conditional command;    P JβK(σ, ρ; σ 0 , ρ0 ) when l : δ(α; σ, ρ) =

σ 0 6|=ϕ

k−1

 if ϕ then goto lk else goto l fi;   P  0 0    σ 0 |=ϕ JβK(σ, ρ; σ , ρ ) when lk−1 :   if ϕ then goto l else goto lk fi.

In the induction step, clause 2), of the above definition, the defining equation of pU D (α; σ, ρ) indicates that undefinedness of the meaning of α can only come from two possibilities: (1) the meaning of the head β of α is already undefined; or (2) the head β reaches a state σ 0 of classical variables which makes the conditional jump labeled by lk−1 (the last label of β ) does not point to lk (the last label of α) as required by α. The following lemma means that for the computation through a given path, there are only two possibilities: either the computation is not well-defined, or it terminates in some state. Lemma 4.3: Let α be a path in a program S . Then for any (σ, ρ) ∈ Ω, we have: X pU D (α; σ, ρ) + JαK(σ, ρ; σ 0 , ρ0 ) = 1. (2) (σ 0 ,ρ0 )∈Ω

A link between the nontermination probability of a program and the probabilities that meanings of the paths through it are undefined can be obtained by combining Lemmas 4.2 and 4.3: X pN T (S; σ, ρ) = 1 −

[1 − pU D (α; σ, ρ)].

α∈path(S)


To conclude this section, we present a lemma which gives a convenient way to calculate the meaning function and the undefinedness probability of the meaning of a long path composed from several paths. Let α = l0 , l1 , ..., lk and β = r0 , r1 , ..., rs be two paths. If lk = r0 , then we write αβ = l0 , l1 , ..., lk , r1 , ..., rs for the concatenation of α and β . It is obvious that αβ is a path. Lemma 4.4: Let α, β be two paths in a program S . Then for any (σ, ρ) ∈ Ω, we have: 1) JαβK(σ, ρ; σ 00 , ρ00 )

JαK(σ, ρ; σ 0 , ρ0 )JβK(σ 0 , ρ0 ; σ 00 , ρ00 ).

X

=

5

for |=ptot {P }S{Q}, it is required that the probability that S terminates in a state (σ 0 , ρ0 ) satisfying Q is at least p. Secondly, we introduce the notion of correctness for a set of paths in a program. Definition 5.2: Let A be a set of paths in a program S , P, Q ⊆ Ω and p ∈ [0, 1]. 1) A is partially correct with respect to precondition P and postcondition Q, with at least probability p, written |=ppar {P }A{Q}, if for each (σ, ρ) ∈ P , there exists a family {pα : α ∈ A} of numbers in [0, 1] such that a) X p≤1−

(σ 0 ,ρ0 )∈Ω

(1 − pα );

α∈A

2)

b) pU D (αβ; σ, ρ) = pU D (α; σ, ρ) +

X

0

0

0

X

pα ≤ pU D (α; σ, ρ) +

0

JαK(σ, ρ; σ , ρ )pU D (β; σ , ρ ).

JαK(σ, ρ; σ 0 , ρ0 )

(σ 0 ,ρ0 )∈Q

(σ 0 ,ρ0 )∈Ω

The above lemma is a very useful tool in proving some important results about correctness and weakest preconditions of quantum programs (for example, Lemma 5.2 and Proposition 6.1 below). V. C ORRECTNESS Now the notion of correctness for quantum flowchart programs can be introduced based on the denotational semantics. It will be defined in the style of Hoare triple. We recall that in a Hoare triple of a classical program the precondition and the postcondition are two predicates over the states of program variables, which are interpreted as subsets of the set of all states of program variables. In our setting of quantum programming, the set of states of program variables is Ω, each element of which is a pair (σ, ρ) with σ a state of classical variables and ρ a (mixed) state of quantum variables. In this section, two kinds of predicates over Ω are considered to be the precondition and postcondition of a Hoare triple for a quantum program, namely classical predicates and probabilistic predicates.

for every α ∈ A. 2) A is totally correct with respect to precondition P and postcondition Q, with at least probability p, written |=ptot {P }A{Q}, if for each (σ, ρ) ∈ P , there exists a family {pα : α ∈ A} of numbers in [0, 1] such that a) X p≤

pα ;

α∈A

b) X

pα ≤

JαK(σ, ρ; σ 0 , ρ0 )

(σ 0 ,ρ0 )∈Q

for every α ∈ A. We usually drop p in the notations |=ppar and |=ptot when p = 1. If A is a singleton {α}, then we write |=ppar {P }α{Q} (resp. p |=tot {P }α{Q}) for |=ppar {P }A{Q} (resp. |=ptot {P }A{Q}). Obviously, |=ppar {P }α{Q} if and only if X 0 0 p ≤ pU D (α; σ, ρ) +

JαK(σ, ρ; σ , ρ ),

(σ 0 ,ρ0 )∈Q

A. Correctness with Classical Predicates A (classical) predicate is defined to be an ordinary subset of Ω. We first define the notions of partial and total correctness for

a program. Definition 5.1: Let S be a program, let p ∈ [0, 1], and let P, Q ⊆ Ω. 1) S is partially correct with respect to precondition P and postcondition Q, with at least probability p, written |=ppar {P }S{Q}, if for each (σ, ρ) ∈ P , it holds that

X

p ≤ pN T (S, σ, ρ) +

(σ 0 ,ρ0 )∈Q

JSK(σ, ρ; σ 0 , ρ0 ).

2) S is totally correct with respect to precondition P and postcondition Q, with at least probability p, written |=ptot {P }S{Q}, if for each (σ, ρ) ∈ P , it holds that X 0 0 p≤

JSK(σ, ρ; σ , ρ ).

(σ 0 ,ρ0 )∈Q

Intuitively, |=ppar {P }S{Q} means that whenever program S starts in a classical-quantum state (σ, ρ) satisfying the precondition P , the probability that S does not terminate, or it terminates in a state (σ 0 , ρ0 ) satisfying the postcondition Q is at least p;

and |=ptot {P }α{Q} if and only if X p≤

(σ 0 ,ρ0 )∈Q

JαK(σ, ρ; σ 0 , ρ0 ).

It is worthy to examine more carefully the case where A contains at least two paths. In condition a) of both clauses 1) and 2) in the above definition, probability p is required to be “covered” by a family {pα : α ∈ A} of probabilities, each of which corresponds to a path in A. However, the ways of “covering” in clauses 1) and 2) are different: in clause 1) p is “covered” in the usual way, whereas the “covering” of p by {pα : α ∈ A} in clause 2) can be undersood as a negation-negation scheme. We use two different ways of “covering” mainly for a certain technical reason, which can be clearly seen from the proof of the next proposition. The next proposition gives a characterization of correctness of a program in terms of correctness of the family of paths through it. Proposition 5.1: Let S be a program, P, Q ⊆ Ω and p ∈ [0, 1]. Then 1) |=ppar {P }S{Q} if and only if |=ppar {P }path(S){Q}. 2) |=ptot {P }S{Q} if and only if |=ptot {P }path(S){Q}.


Indeed, the above proposition renders a way in which verification of a program can be done through examining the paths in the program. Corollary 5.1: 1) If there is a family {pα : α ∈ path(S)} of numbers in the unit interval [0, 1] such that

2) S is totally correct with respect to precondition P and postcondition Q, written |=tot {P }S{Q}, if for each (σ, ρ) ∈ Ω, it holds that X 0 0 0 0 P (σ, ρ) ≤

X

p≤1−

(1 − pα );

α∈path(S) α |=ppar p |=par

{P }α{Q} for every path α through S ,

then {P }S{Q}. 2) |=ptot {P }S{Q} if and only if there is a family {pα : α ∈ path(S)} of numbers in the unit interval [0, 1] such that

Definition 5.4: Let α be a path in a program S , and let P, Q be two probabilistic predicates. 1) α is partially correct with respect to precondition P and postcondition Q, written |=par {P }α{Q}, if for each (σ, ρ) ∈ Ω, it holds that P (σ, ρ) ≤ pU D (α; σ, ρ) (σ 0 ,ρ0 )∈Ω

X

p≤

pα ;

α∈path(S) α b) |=ptot {P }α{Q} for every path α through S . It is interesting to observe that in Proposition 5.1 the paths in a program are examined collectively, whereas in the above corollary they are examined individually. Obviously, verifying correctness of a family of paths collectively is much harder than verifying correctness of the members of the family individually. Unfortunately, there are examples showing that the inverse of the first part of the above corollary is not correct. However, the inverse can be recovered by introducing probabilistic predicates, as done in the next subsection.

B. Correctness with Probabilistic Predicates The notion of correctness defined above can be recast in a more general setting with probabilistic predicates as preconditions and postconditions. A probabilistic predicate is defined to be a real-valued function P on classical-quantum states Ω such that 0 ≤ P (σ, ρ) ≤ 1 for all (σ, ρ) ∈ Ω. The ordering and operations of probabilistic predicates can be defined in a natural way. Let P and Q be two probabilistic predicates, and let Pi (i ∈ I) be a family of probabilistic predicates. Here, the index set I is required to be finite or at most countably infinite. Then •

P ≤ Q if and only if P (σ, ρ) ≤ Q(σ, ρ) for all (σ, ρ) ∈ Ω. P P i∈I Pi is defined provided i∈I P (σ, ρ) ≤ 1 for all (σ, ρ) ∈ Ω, and

X

(

Pi )(σ, ρ) =

i∈I

•

Q(σ 0 , ρ0 )JαK(σ, ρ; σ 0 , ρ0 ).

X

+

a)

•

Q(σ , ρ )JSK(σ, ρ; σ , ρ ).

(σ 0 ,ρ0 )∈Ω

a)

b)

6

X

Pi (σ, ρ)

i∈I

for every (σ, ρ) ∈ Ω. P − Q is defined provided P (σ, ρ) − Q(σ, ρ) ≥ 0 for all (σ, ρ) ∈ Ω, and (P − Q)(σ, ρ) = P (σ, ρ) − Q(σ, ρ) for every (σ, ρ) ∈ Ω.

Definition 5.3: Let S be a program, and let P, Q be two probabilistic predicates. 1) S is partially correct with respect to precondition P and postcondition Q, written |=par {P }S{Q}, if for each (σ, ρ) ∈ Ω, it holds that P (σ, ρ) ≤ pN T (S; σ, ρ) +

X (σ 0 ,ρ0 )∈Ω

Q(σ 0 , ρ0 )JSK(σ, ρ; σ 0 , ρ0 ).

2) α is totally correct with respect to precondition P and postcondition Q, written |=tot {P }S{Q}, if for each (σ, ρ) ∈ Ω, it holds that X 0 0 0 0 P (σ, ρ) ≤

Q(σ , ρ )JαK(σ, ρ; σ , ρ ).

(σ 0 ,ρ0 )∈Ω

It worths comparing carefully Definitions 5.1 and 5.2 with Definitions 5.3 and 5.4. First, the correctness in Definition 5.4 is defined for a single path α, whereas the correctness in Definition 5.2 is defined for a set A of paths. Such a difference between correctness for classical and probabilistic predicates can be seen more clearly after comparing Proposition 5.1 and Corollary 5.1 with Proposition 5.2 below. Second, the probabilities p and pα in the left-hand side of the inequalities in Definitions 5.1 and 5.2 are constant with respect to state (σ, ρ) in Ω. But probabilities P (σ, ρ) in Definitions 5.3 and 5.4 can take different values in different states (σ, ρ). Third, for any classical predicate P ⊆ Ω, we do not distinguish it from its characteristic function: ( P (σ, ρ) =

1

if (σ, ρ) ∈ P,

0

otherwise.

Then the following lemma clearly shows that correctness defined in Definitions 5.3 and 5.4 is a generalization of that defined in Definitions 5.1 and 5.2. Lemma 5.1: Let P, Q ⊆ Ω and p ∈ [0, 1]. Then for any program S and for any path α in S , we have: 1) |=ppar {P }S{Q} if and only if |=par {pP }S{Q}. 2) |=ptot {P }S{Q} if and only if |=tot {pP }S{Q}. 3) |=ppar {P }α{Q} if and only if |=par {pP }α{Q}. 4) |=ptot {P }α{Q} if and only if |=tot {pP }α{Q}. We now establish some basic properties of correctness with probabilistic predicates. Transitivity of correctness of paths is presented in the next lemma. Lemma 5.2: 1) If |=par {P }α{Q} and |=par {Q}β{R}, then |=par {P }αβ{R}. 2) If |=tot {P }α{Q} and |=tot {Q}β{R}, then |=tot {P }αβ{R}.

The following proposition is a generalization of proposition 5.1, which shows a connection between correctness of a program and correctness of the paths through it. Proposition 5.2: Let S be a program, and let P, Q be two probabilistic predicates. Then 1) |=par {P }S{Q} if and only if there exists a family {Pα : α ∈ path(S)} of probabilistic predicates such that


a) X

P ≤1−

(1 − Pα );

α∈path(S)

b) |=par {Pα }α{Q} for every α ∈ path(S). 2) |=tot {P }S{Q} if and only if there exists a family {Pα : α ∈ path(S)} of probabilistic predicates such that a) X P ≤

Pα ;

α∈path(S)

b) |=tot {Pα }α{Q} for every α ∈ path(S). It is worth noting that correctness of paths is verified individually in condition b) of the above proposition. Thus, the inverse of Corollary 5.1 1) is regained by introducing probabilistic predicates. C. Discussion: Classical Predicates, Probabilistic Predicates and Quantum Predicates We now have a hierarchy of three notions of correctness for quantum programs, namely correctness with classical predicates and correctness with probabilistic predicates introduced in the above two subsections as well as correctness with quantum predicates defined by D’Hondt and Panangaden [10]. It is very interesting to carefully compare them. First, we notice that both a classical predicate and a probabilistic predicate are not a physical quantity and it is not subject to any physical manipulation such as measurement and unitary transformation. Instead, it will be used only in human (or computer-aided) reasoning about behavior of programs. On the other hand, a quantum predicate is defined to be an observable, which is a physical quantity and represented by a Hermitian operator according to the basic principles of quantum mechanics. Second, we argue that correctness with classical predicates will be more convenient in some real-world applications since it is likely that a user’s requirement will be expressed in terms of classical predicates, even when the user knows that the device of computation is a quantum computer. This can be seen from the two examples in Sec. VIII. On the other hand, we see that sometimes correctness with probabilistic predicates enjoys more elegant properties than correctness with classical predicates by comparing Corollary 5.1 with Proposition 5.2. As we will see in the next section, the notion of weakest precondition can be introduced in a natural way within the setting of probabilistic predicates. Also, a very elegant theory for correctness with quantum predicates was presented by D’Hondt and Panangaden [10]. However, it seems that for a programer quantum predicates are much harder than classical predicates to understand and to use in his specification language. So, it would be an interesting topic for future studies to further clarify the relationship among these three notions of correctness and thus to narrow the gap between the utility and elegance of the theory of correctness for quantum programs. VI. W EAKEST L IBERAL P RECONDITIONS AND W EAKEST P RECONDITIONS The notions of weakest liberal precondition and weakest precondition have been widely used to establish partial and total correctness, respectively, of classical programs. The aim of this section is to introduce their quantum extensions. We first give

7

an abstract definition of weakest liberal precondition and weakest precondition based on the notions of partial correctness and total correctness, respectively, with probabilistic predicates. Definition 6.1: Let α be a path in a program S , and let P, Q be two probabilistic predicates. Then P is the weakest liberal precondition (resp. weakest precondition) of α with respect to Q if 1) |=par {P }α{Q} (resp. |=tot {P }α{Q}); and 2) for any probabilistic predicate P 0 , |=par {P 0 }α{Q} (resp. |=tot {P 0 }α{Q}) implies P 0 ≤ P . Second, we present an induction definition of weakest liberal precondition and weakest precondition. Definition 6.2: Let α = l0 , l1 , ..., lk be a path in a program S , and let Q be a probabilistic predicate. Then 1) probabilistic predicate wlp(α, Q) is defined by induction on the length k of α. a) For k = 0, wlp(α, Q) = Q. b) For k > 0, let β be the path l1 , l2 , ..., lk , and assume that R = wlp(β, Q) is already defined. i) If l0 : (x1 , ..., xn ) := (t1 , ..., tn ); goto l1 , then for any (σ, ρ) ∈ Ω, wlp(α, Q)(σ, ρ) = R(σ[σ(t1 )/x1 , ..., σ(tn )/xn ], ρ).

ii) If l0 : q1 , ..., qn := U [q1 , ..., qn ]; goto l1 , then for any (σ, ρ) ∈ Ω, wlp(α, Q)(σ, ρ) = R(σ, U [q1 , ..., qn ]ρU † [q1 , ..., qn ].

iii) If l0 : x := M [q1 , ..., qn ]; goto l1 , then for any (σ, ρ) ∈ Ω, X wlp(α, Q)(σ, ρ) =

pm R(σ[m/x],

m∈Spec(M )

1 † Mm [q1 , ..., qn ]ρMm [q1 , ..., qn ]). pm † where pm = tr((Mm Mm )[q1 , ..., qn ]ρ). iv) If l0 : if ϕ then goto l1 else goto l0 fi, then for any (σ, ρ) ∈ Ω, (

wlp(α, Q)(σ, ρ) =

1

if σ 6|= ϕ,

R(σ, ρ)

otherwise

,

(3)

and if l0 : if ϕ then goto l0 else goto l1 fi, then for any (σ, ρ) ∈ Ω, ( wlp(α, Q)(σ, ρ) =

1

if σ |= ϕ,

R(σ, ρ)

otherwise

.

(4)

2) probabilistic predicate wp(α, Q) can be defined in a way similar to 1): We only need to replace “wlp” by “wp” in 1) and replace “1” by “0” in Eqs. (3) and (4). The advantage of the abstract definition of weakest precondition is that it enables us to further understand the relationship between precondition and correctness. But the induction definition provides us with a feasible method to calculate weakest preconditions. The following proposition indicates that the above two definitions coincide. Proposition 6.1: For any path α in a program S , and for any probabilistic predicate Q, wlp(α, Q) (resp. wp(α, Q)) is the


weakest liberal precondition (resp. weakest precondition) of α with respect to Q. Combining Propositions 5.2 and 6.1, we establish a link between partial correctness of a program and weakest liberal preconditions of paths through it as well as a link between total correctness of a program and weakest preconditions of paths through it. Corollary 6.1: Let P and Q be two probabilistic predicates and S a program. Then 1) |=par {P }S{Q} if and only if X P ≤1−

8

2) Semantics: We use E to denote the empty program so that we can express termination. A classical-quantum configuration is a triple hS, σ, ρi, where S is a program orN S = E , σ is a classical state, and ρ is a density operator in q∈QV Hq . The operational semantics of the quantum while-language is defined as a probabilistic transition relation between configurations by the transition rules presented in Fig. 1, where probability p in p transition hS, σ, ρi ⇒ hS 0 , σ 0 , ρ0 i is dropped whenever p = 1. p∗ We write hS, σ, ρi ⇒ hS 0 , σ 0 , ρ0 i if there is a sequence of transitions p1

p2

(1 − wlp(α, Q)).

pn

⇒ hS 0 , σ 0 , ρ0 i

α∈path(S)

2) |=tot {P }S{Q} if and only if X P ≤

wp(α, Q).

α∈path(S)

The next proposition exhibits linearity of weakest liberal precondition and liberal precondition. Proposition 6.2: If 0 ≤ λ, µ and λ + µ ≤ 1, then 1) wlp(α, λQ + µR) = λwlp(α, Q) + µwlp(α, R). 2) wp(α, λQ + µR) = λwp(α, Q) + µwp(α, R). Now we notice that the weakest liberal precondition and the weakest precondition of a path in a quantum program S can be calculated by using Definition 6.2, and Proposition 6.2 can be used to simplify such a calculation. Thus, Corollary 6.1 suggests a computational way of proving partial and total correctness of S . For the case that there are only a finite number of paths through S , the correctness of S can always be established in this way. However, whenever S contains loops, then there are infinitely many paths through S , and it is still an open problem to verify correctness of S by calculating weakest preconditions of paths through it. VII. S TRUCTURED Q UANTUM P ROGRAMMING The purpose of this section is to show the possibility of structured programming for quantum computer by providing a translation from quantum flowchart programs into structured quantum programs. We use a quantum extension of the whilelanguage defined in Chapter 3 of [3] as the target language of the translation.

Q such that n ≥ 0 and p = n i=1 pi . Now we are able to define the denotational semantics of the quantum while-language. Definition 7.1: Let S be a program. Then its semantic function JSK : Ω × Ω → [0, 1] is defined by X p∗ 0 0 0 0 JSK(σ, ρ; σ , ρ ) =

JskipK(σ, ρ; σ 0 , ρ0 ) =

=

0

otherwise.

  1

if σ 0 = σ[σ(t1 )/x1 , ..., σ(tn )/xn ]

 

otherwise.

and ρ0 = ρ,

0

3) Jq1 , ..., qn := U [q1 , ..., qn ]K(σ, ρ; σ 0 , ρ0 ) =

  1

if σ 0 = σ and

 

otherwise.

ρ0 = U [q1 , ..., qn ]ρU † [q1 , ..., qn ],

0

4) Jx := M [q1 , ..., qn ]K(σ, ρ; σ 0 , ρ0 ) =

 0  pm if σ = σ[m/x] and ρ0 =

 

0

† 1 pm Mm [q1 , ..., qn ]ρMm [q1 , ..., qn ],

otherwise.

† where pm = tr((Mm Mm )[q1 , ..., qn ]ρ).

5) JS1 ; S2 K(σ, ρ; σ 0 , ρ0 ) =

| x := M [q1 , ..., qn ] | S1 ; S2

The language is obtained from the classical while-language by adding two kinds of statements for the description of unitary transformations and measurements.

if σ = σ 0 and ρ = ρ0 ,

J(x1 , ...xn ) := (t1 , ..., tn )K(σ, ρ; σ 0 , ρ0 )

| q1 , ..., qn := U [q1 , ..., qn ]

| while ϕ do S od

1

2)

We first define the quantum while-language and its operational and denotational semantics. 1) Syntax: The quantum while-language is defined by the following syntax:

| if ϕ then S1 else S2 fi

{|p : hS, σ, ρi ⇒ hE, σ , ρ i|}

for all (σ, ρ), (σ 0 , ρ0 ) ∈ Ω. The intuitive meaning of JSK(σ, ρ; σ 0 , ρ0 ) is the probability that S will terminate in state (σ 0 , ρ0 ) if it starts in state (σ, ρ). The following proposition provides a structural representation of the semantic functions of programs. Proposition 7.1: 1) (

A. A While-Language for Quantum Programming

S ::= skip | (x1 , ..., xn ) := (t1 , ..., tn )

pn−1

hS, σ, ρi ⇒ hS1 , σ1 , ρ1 i ⇒ ... ⇒ hSn−1 , σn−1 , ρn−1 i

JS1 K(σ, ρ; σ 00 , ρ00 )JS2 K(σ 00 , ρ00 ; σ 0 , ρ0 ).

X

(σ 00 ,ρ00 )∈Ω

6) Jif ϕ then S1 else S2 fiK(σ, ρ; σ 0 , ρ0 )

(

=

JS1 K(σ, ρ; σ 0 , ρ0 )

JS2 K(σ, ρ; σ 0 , ρ0 )

if σ |= ϕ,

if σ |= ¬ϕ.


(SKIP)

9

hskip, σ, ρi → hE, σ, ρi

(ASSIGNMENT)

h(x1 , ..., xn ) := (t1 , ..., tn ), σ, ρi → hE, σ[σ(t1 )/x1 , ..., σ(tn )/xn ], ρi

(UNITARY TRANSFORMATION)

hq1 , ..., qn := U [q1 , ..., qn ], σ, ρi → hE, σ, U [q1 , ..., qn ]ρU † [q1 , ..., qn ]i

(MEASUREMENT)

pm

hx := M [q1 , ..., qn ], σ, ρi → hE, σ[m/x],

† 1 pm Mm [q1 , ..., qn ]ρMm [q1 , ..., qn ]i

† where pm = tr(Mm [q1 , ..., qn ]Mm [q1 , ..., qn ]ρ) for every m ∈ spec(M ).

hS1 , ρi → hS10 , ρ0 i hS1 ; S2 , ρi → hS10 ; S2 , ρi

(SEQUENTIAL COMPOSITION)

where we make the convention that E; S2 = S2 .

Fig. 1.

(CONDITIONAL 1)

σ |= ϕ hif ϕ then S1 else S2 fi, σ, ρi → hS1 , σ, ρi

(CONDITIONAL 2)

σ |= ¬ϕ hif ϕ then S1 else S2 fi, σ, ρi → hS2 , σ, ρi

(LOOP 1)

σ |= ¬ϕ hwhile ϕ do S od, σ, ρi → hE, σ, ρi

(LOOP 2)

σ |= ϕ hwhile ϕ do S od, σ, ρi → hS; while ϕ do S od, σ, ρi

Transitional Semantics of Quantum Programs

7) 0

0

Jwhile ϕ do S odK(σ, ρ; σ , ρ ) ∞

= sup J(while)n K(σ, ρ; σ 0 , ρ0 ), n=0

where 4

(while)0 = Ω = while true do skip od, (while)

n+1

n

= if ϕ then S; (while) else skip fi

for all n ≥ 0. The characterization of the semantic function of loop statement while ϕ do S od given in clause 7 of the above lemma is a straightforward probabilistic generalization of Lemma 3.6(v) in [3]. For a more elegant fixed-point treatment of probabilistic and quantum loop programs, we refer to Sec. 5.4.1 of [20] and [22], respectively. Some basic mathematical properties of quantum loop programs were presented in [31]. B. Translation from Flowchart Programs to While-Programs Now we are ready to show that it is always possible to translate quantum flowchart programs into quantum while-programs by introducing new Boolean variables.

Proposition 7.2: (Structured Programming) Let V be a set of classical variables and QV a set of quantum variables, and let B = {b0 , b1 , b2 , ...} be a countably infinite set of (auxiliary) Boolean variables such that V ∩B = ∅. Then for each flowchart program S over V and QV , there exists a while-program Sw over classical variables V ∪ B and quantum variables QV such that JSw K(σ, ρ; σV0 ∪B , ρ0 ) = JSK(σV , ρ; σ 0 , ρ0 )

(5)

for any classical state σ of V ∪ B , classical state σ 0 of V , and density operators ρ, ρ0 in HQV , where σV is the restriction of σ on V , σV0 ∪B (v) = σ 0 (v) for all v ∈ V , and   f alse if 0 ≤ i < |S|, σV0 ∪B (bi ) =

 

true

if i = |S|,

0

if i > |S|.

σ (bi )

Eq. (5) in the above proposition shows that the semantic functions of a flowchart program S and its translation Sw in the while-language coincide if the state of the auxiliary (Boolean) variables is ignored. In other words, Sw is a faithful (semantically equivalent) translation of S . From the proof of the above proposition presented in Appendix B.9, we see that some techniques from classical structured programming can be straightforwardly employed in the translation


from quantum flowchart programs to quantum while-programs. It is worthy to find out why these classical techniques can be used in the quantum case. Note that probabilities do not occur in the syntax of quantum flowchart programs defined in this paper, and they only appear in the semantics of programs. This is quite different from the case of probabilistic programming where probabilistic choices are explicitly introduced into the syntax of programs. Indeed, in the design of quantum programming languages in the previous literature, probabilities have been treated in two different ways: (1) probabilistic choices are included in the syntax; or (2) probabilities are only present in the semantics of measurement statements. For example, qGCL [21] is defined in the first way, and QPL [22] in the second way. It is interesting to observe that exactly the absence of probabilities in the syntax of quantum flowchart programs makes that the classical translation techniques from a low-level language to a high-level language still work in the quantum setting.

10

begin : q0 , q1 := CN OT [q0 , q1 ]; goto ham ham : q0 := H[q0 ]; goto measure measure : x := M [q0 , q1 ]; goto test t test t : if t(x) = 0 then goto test h else goto act x fi act x : q2 := X[q2 ]; goto test h test h : if h(x) = 0 then goto end else goto act z fi act z : q2 := Z[q2 ]; goto end Fig. 2.

Quantum protocol T eleportation

(begin, σ, |ψi|β00 i) → (ham, σ, |ϕ1 i) → (measure, σ, |ϕ2 i) 1 4   → G00 = (test t, σ[00/x], |00i(α|0i + β|1i))   1  4 → G = (test t, σ[01/x], |01i(α|1i + β|0i))

VIII. I LLUSTRATIVE E XAMPLES

01

We choose the teleportation protocol and Grover search algorithm to illustrate the program constructs defined in Sec. II and their semantics presented in Sec. III and IV as well as the notion of correctness introduced in Sec. V.

1  4  → G10 = (test t, σ[10/x], |10i(α|0i − β|1i))      14 → G11 = (test t, σ[11/x], |11i(α|1i − β|0i)),

G00 → (test h, σ[00/x], |00i|ψi) ≡ G000

A. Teleportation

→ (end, σ[00/x], |00i|ψi),

For convenience of the reader, we briefly recall the protocol of teleportation; for details, see [17]. Suppose Alice and Bob are far from each other, but they share an EPR pair of qubits q1 , q2 : |β00 i = √1 (|00i + |11i). Alice’s mission is to deliver a qubit 2 q0 to Bob, but she does not know the state |ψi = α|0i + β|1i of the qubit and is only allowed to send classical information. Alice’s mission can be realized by teleportation. The procedure is as follows: 1) Alice performs the controlled-Not operation CNOT on q0 , q1 , and then performs the Hadamard transformation H on q0 . 2) Alice measures q0 , q1 in the computational basis and sends the outcome x0 , x1 ∈ {0, 1} to Bob. 3) Bob performs the Pauli operation X x1 and then Z x0 on q2 and recovers the state |ψi at q2 . Let M be the measurement on H2⊗2 in the computational basis, and let h(x) and t(x) stand for the head and tail of x, respectively, for every x ∈ {0, 1}2 , i.e. h(x) = a and t(x) = b if x = ab and a, b ∈ {0, 1}. Put QV = {q0 , q1 , q2 }. Then teleportation can be written as a program in the flowchart language defined in Sec. II (see Fig. 2). We write 1 |ϕ1 i = √ [α|0i(|00i + |11i) + β|1i(|10i + |01i)], 2 1 |ϕ2 i = [α(|0i + |1i)(|00i + |11i) 2 + β(|0i − |1i)(|10i + |01i)].

Then the computations starting in the state (σ, |ψi|β00 i) are given in Fig. 3. The unique computation sequence from (begin, σ, |ψi|β00 i) to (end, σ[00/x], |00i|ψi) is C00 = (begin, σ, |ψi|β00 i) → (ham, σ, |ϕ1 i) 1

4 G00 → G000 → (measure, σ, |ϕ2 i) →

→ (end, σ[00/x], |00i|ψi)

G01 → (act x, σ[01/x], |01i(α|1i + β|0i)) → (test h, σ[01/x], |01i|ψi) → (end, σ[01/x], |01i|ψi), G10 → (test h, σ[10/x], |10i(α|0i − β|1i)) → (act z, σ[10/x], |10i(α|0i − β|1i)) → (end, σ[10/x], |10i|ψi), G11 → (act x, σ[11/x], |11i(α|1i − β|0i)) → (test h, σ[11/x], |11i(α|0i − β|1i)) → (act z, σ[11/x], |11i(α|0i − β|1i)) → (end, σ[11/x], |11i|ψi). Fig. 3.

A computation of program T eleportation

and p(C00 ) = 1 × 1 × holds that

1 4

×1×1=

1 4.

Thus, by Definition 4.1 it

JT eleportationK(σ, |ψi|β00 i; σ[00/x], |abi|ψi) = p(C00 ) =

1 4

Similarly, we have JT eleportationK(σ, |ψi|β00 i; σ[ab/x], |abi|ψi) =

1 4

for (a, b) = (0, 1), (1, 0) or (1, 1). To simplify the presentation, we will use the following abbreviation: let qi1 , ..., qiki be a set of quantum variables and Nki |ψi i ∈ l=1 Hqil for 1 ≤ i ≤ m, and let {qi1 , ..., qiki } ∩ {qj1 , ..., qjkj } = ∅ whenever i 6= j . Then we write {q11 , ..., q1k1 = |ψ1 i; ...; qm1 , ..., qmkm = |ψm i} for the (classical) predicate thatN requires the state N of quantum variables is S within the subspace m span{|ψ i}⊗ Hq i i=1 q6∈ m i=1 {qi1 ,...,qiki } N of H , but puts no constrains on the state of classical q q∈QV variables.


Now let P = {q0 = |ψi; q1 , q2 = |β00 i} and Q = {q2 = |ψi}. The precondition P has two parts. The first part specifies the mission of Alice: the qubit q0 possessed by Alice is in the state |ψi that she wants to send to Bob, and the second part describes the resource provided to Alice and Bob: the qubit q1 belonging to Alice and q2 belonging to Bob are maximally entangled. The postcondition Q specifies the target of teleportation: the qubit q2 is in state |ψi. Then for each (σ, ρ) ∈ P , we have: X 0 0 (σ 0 ,ρ0 )∈Q

=

JT eleportationK(σ, ρ; σ , ρ )

X a,b∈{0,1}

=

Therefore

and cos θ2 =

•

2)

it

holds

that

|=tot

{P }T eleportation{Q}.

+ sin

We first recall the Grover algorithm for convenience of the reader. The exposition of the algorithm and its analysis are given according to [17]. Suppose that the search space consists of N elements, indexed by numbers 0, 1, ..., N −1, and suppose that the search problem has exactly M solutions with 1 ≤ M ≤ N 2 . ClasN sically, it requires O( M ) operations to find a solution. However, Grover q discovered a quantum search algorithm that requires only N ) operations. For convenience we may assume N = 2n , O( M so the index can be stored in n bits. We will not distinguish an integer 0 ≤ t < N from its binary representation t ∈ {0, 1}n . We define function f : {0, 1}n → {0, 1} by ( 1

if t is a solution,

0

otherwise.

We are supplied with a quantum oracle - a black box with the ability to recognize solutions to the search problem. The oracle can be represented by a unitary operator O on n + 1 qubits: O |ti|qi → |ti|q ⊕ f (t)i for all t ∈ {0, 1}n and q ∈ {0, 1}, where |ti is the index register, and |qi is the oracle qubit which is flipped if t is a solution, and is unchanged otherwise. It is easy to check O that |ti|−i → (−1)f (t) |ti|−i. Since the state of the (n+1)th qubit remains |−i throughout the search algorithm, we will omit it for simplicity. To further simplify the presentation, we use the Grover operator G. It consists of the following steps: 1) Apply the oracle O; 2) Apply the Hadamard transform H ⊗n ; 3) Perform a conditional phase shift P h: |0i → |0i, |ti → −|ti for all t 6= 0, that is P h = 2|0ih0| − I . 4) Apply the Hadamard transform H ⊗n . A routine calculation leads to G = (2|ψihψ| − I)O, where N −1 1 X |ψi = |+i⊗n = √ |ti. N t=0

|αi = √

≤

π 2 ).

Then it holds that

n

2.

We write:

θ 2

(0 ≤ θ 2 |βi,

1. |0i⊗n |1i 2 −1 1 X θ θ √ |ti|−i = (cos |αi + sin |βi)|−i, n 2 2 2 t=0

H ⊗(n+1)

→

B. Grover Search Algorithm

f (t) =

N −M N

Inputs: 1) Oracle O. 2) The first n qubits in the state |0i and the last qubit in the state |1i. Outputs: A solution x. Procedure:

•

5.1

θ 2 |αi

as follows:

JT eleportationK(σ, ρ; σ[ab/x], |abi|ψi)

Definition

q

O|αi = |αi and O|βi = −|βi. A tedious calculation yields G(cos δ|αi + sin δ|βi) = cos(θ + δ)|αi + sin(θ + δ)|βi. Geometrically, the Grover operator G is a rotation in the two-dimensional space spanned by |αi and |βi. G The rotation angle is θ: (cos δ, sin δ) → (cos(θ +δ), sin(θ +δ)) for all δ. Following [17], Grover search algorithm can be described |ψi = cos

•

1 1 1 1 + + + = 1. 4 4 4 4

by

11

1 N −M

1 |βi = √ M

Fig. 4.

measure the first n qubits in the computational basis

→

|ti,

|xi|−i

Grover search algorithm

Now we see how many times the Grover operator has to be applied in order to achieve a high success probability. We choose π π R to be an integer in the interval [ 2θ − 1, 2θ ]. Then q 1) Since 0 ≤ θ2 ≤ π2 , we have θ2 ≥ sin θ2 = M N . This implies q q N N π R ≤ 2θ ≤ π4 M . So, the algorithm requires O( M ) operations. π θ 2) It holds that π2 − θ2 ≤ 2R+1 2 θ ≤ 2 + 2 . Thus, the success probability of the algorithms is 2R + 1 θ) 2 θ N −M ≥ cos2 = . 2 N

p(t is a solution) = sin2 (

(6)

It is at least one-half because M ≤ N 2 . In particular, if M N , then the success probability is very high. Let x, k and l be three classical variables. In the following quantum search program, x will denote a solution, k will stand for the number of uses of the oracle, and l will be the number of steps. Let q0 , ..., qn−1 and q be quantum variables of type H2 . We write M for the measurement on H2⊗n in the computational basis. Then with the programming language introduced in Sec. II, Grover algorithm can be written as the program in Fig. 5. The unique computation Ct of the search program starting in the state (σ, |0i⊗ n |1i) that returns solution t is presented in Fig. 6, from which we see that p(Ct ) = p(t). Therefore, by Definition 4.1 we obtain JGroverK(σ, |0i⊗n |1i; σ[R/k, 2R + 1/l, t/x], |ti|−i) = p(t),

|ti,

t not solution

t solution

4.

2R + 1 2R + 1 θ)|αi + sin( θ)|βi]|−i 2 2

where

X

X

GR

3. → [cos(

( p(t) =

1 M

sin2 ( 2R+1 2 θ)

1 N −M

cos2 ( 2R+1 2 θ)

for every t ∈ {0, 1, ..., N − 1}.

if t is a solution, otherwise


12

begin : (k, l) := (0, 0); goto ham

(begin, σ, |0i⊗n |1i) → (ham, σ[0/k, 0/l], |0i⊗n |1i)

ham : l := l + 1; goto h0

→ (h0, σ[0/k, 1/l], |0i⊗n |1i)

h0 : q0 := H[q0 ]; goto h1

→ (h1, σ[0/k, 1/l], |+i|0i⊗(n−1) |1i)

h1 : q1 := H[q1 ]; goto h2

→ ......

........................

→ (h(n-1), σ[0/k, 1/l], |+i⊗(n−1) |0i|1i)

h(n-1) : qn−1 := H[qn−1 ]; goto branch1

→ (branch1, σ[0/k, 1/l], |ψi|1i)

branch1 : if l = 1 then goto h else goto branch2 fi

→ (h, σ[0/k, 1/l], |ψi|1i)

branch2 : if l = 0(mod 2) then goto phase else

→ (grover, σ[0/k, 1/l], |ψi|−i)

goto test fi

→ (oracle, σ[1/k, 1/l], |ψi|−i)

h : q := H[q]; goto grover

→ (ham, σ[1/k, 1/l], O|ψi|−i)

grover : k := k + 1; goto oracle

→ (h0, σ[1/k, 2/l], O|ψi|−i)

oracle : q0 , ..., qn−1 , q := O[q0 , ..., qn−1 , q]; goto ham

→ (h1, σ[1/k, 2/l], (H ⊗ I ⊗n )O|ψi|−i)

phase : q0 , ..., qn−1 := P h[q0 , ..., qn−1 ]; goto ham

→ ......

test : if k < R then goto grover else goto

→ (h(n-1), σ[1/k, 2/l], (H ⊗(n−1) ⊗ I ⊗2 )O|ψi|−i)

measure fi measure : x := M [q0 , ..., qn−1 ]; goto end Fig. 5.

→ (branch1, σ[1/k, 2/l], (H ⊗n ⊗ I)O|ψi|−i) → (branch2, σ[1/k, 2/l], (H ⊗n ⊗ I)O|ψi|−i) → (phase, σ[1/k, 2/l], (H ⊗n ⊗ I)O|ψi|−i)

Quantum search program Grover

→ (ham, σ[1/k, 2/l], P h(H ⊗n ⊗ I)O|ψi|−i)

We write P = {q0 = ... = qn−1 = |0i; q = |1i} and Q = {f (x) = 1}. Here Q stands for the predicate which requires that the state of classical variables satisfies the condition f (x) = 1 but puts no constraints on the state of quantum variables. Then for each (σ, ρ) ∈ P , it follows from Eq. (6) that X 0 0 JGroverK(σ, ρ; σ , ρ )

=

t solution

N −M , p(t) = p(t is a solution) ≥ N

and by Definition 5.1 2) it holds that p≥

N −M N .

|=ptot

→ (h1, σ[1/k, 3/l], (H ⊗ I ⊗n )P h(H ⊗n ⊗ I)O|ψi|−i) → ...... → (h(n-1), σ[1/k, 3/l], (H ⊗(n−1) ⊗ I ⊗2 ) P h(H ⊗n ⊗ I)O|ψi|−i) → (branch1, σ[1/k, 3/l], G|ψi|−i)

(σ 0 ,ρ0 )∈Q

X

→ (h0, σ[1/k, 3/l], P h(H ⊗n ⊗ I)O|ψi|−i)

{P }Grover{Q} with

C. Discussion: Errors in Quantum Programs The correctness of quantum programs in the above two examples is established under the assumption that no errors occur in these programs. Zuliani [34] initiated a study of formal methods for reasoning about faulty quantum programs. It is interesting to see whether the formal framework developed in this paper can be used in the case of faulty programs. Errors in quantum computation may occur in (1) initialization which prepares a quantum register for further computation; (2) quantum gates; or (3) quantum measurements. Indeed, if we adopt the model of faulty measurements considered in [34], then the notion of correctness defined in this paper may be directly used to reason about programs with faulty measurements. For example, if the error probability of the measurement in the teleportation program is 1 − q , i.e. the measurement returns the correct outcome with probability q , and it incorrectly returns one of the other possible outcomes with probability 1 − q , then we have |=qtot {P }T eleportation{Q}; and if the error probability of the measurement in the Grover program is 1 − q , then it holds that N −M |=pq tot {P }Grover{Q} with p ≥ N . However, it seems that errors in initialization and quantum gates cannot be dealt with in the setting of this paper. To see this more clearly, we consider total correctness |=ptot {P }S{Q} with classical predicates P and

→ (branch2, σ[1/k, 3/l], G|ψi|−i) → (test, σ[1/k, 3/l], G|ψi|−i) → ...... → (branch2, σ[R/k, 2R + 1/l], GR |ψi|−i) → (measure, σ[R/k, 2R + 1/l], GR |ψi|−i) p(t)

→ (end, σ[R/k, 2R + 1/l, t/x], |ti|−i).

Fig. 6.

A computation of program Grover

Q for instance. This correctness is violated when program S terminates in a state (σ, ρ) not in Q even if ρ is very close to ρ0 with some (σ, ρ0 ) ∈ Q. The kind of faulty measurements that

we just considered in the teleportation and Grover programs only decrease the correctness probability. But errors in initialization and quantum gates change the final state of a computation. For example, if in the teleportation program the EPR pair shared by Alice and Bob is not perfectly prepared, or noise appears in the Hadamard gate or CNOT, then Bob may receive a state |ψ 0 i which is slightly different from the state |ψi sent by Alice. Thus, |=ptot {P }T eleportation{Q} does not hold for any p > 0. To describe errors in initialization or quantum gates, we have to introduce a generalization of |=tot {P }S{Q} as follows. Let > 0. Then |=p, tot {P }S{Q} if for each (σ, ρ) ∈ P , it holds that X 0 0 0 00 p≤

{|JSK(σ, ρ; σ ,ρ ) : F (ρ , ρ ) ≤

for some (σ 0 , ρ00 ) ∈ Q|}


where F (ρ0 , ρ00 ) is the fidelity of ρ0 and ρ00 (see [17], page p 409). Intuitively, |=p, tot {P }S{Q} means that |=tot {P }S{Q} approximately holds in the sense the error of computation does not exceed the threshold . A detailed discussion of this notion of approximate correctness is postponed to another paper. Some techniques for proving approximate correctness of classical and quantum concurrent programs were developed in [28] and [32]. IX. C ONCLUSION The main purpose of this paper is to understand the relationship between quantum programs written in a low-level language and in a high-level language. To this end, a quantum extension of flowchart programming language is defined as a low-level language in this paper. Since not too much research on lowlevel quantum programming languages has been reported in the previous literature, the operational and denotational semantics of the quantum flowchart language are formally defined. The notions of partial and total correctness are carefully introduced for quantum flowchart programs. Weakest liberal precondition and weakest precondition of quantum flowchart programs are proposed with the aim of helping to establish their correctness. On the other hand, a quantum extension of the while-language is introduced as a high-level language. As pointed out in Sec. I, the majority of the research on quantum programming is based on high-level languages. So, the semantics of the quantum whilelanguage is only briefly outlined. Several techniques for translating quantum programs in a high-level language into a lowlevel language have been proposed in the studies on quantum compilers. As a complement to these studies, this paper considers the translation in the inverse direction, that is, from low-level quantum programs to high-level quantum programs. A structured quantum programming theorem is proved, which shows that all quantum flowchart programs can be translated to a quantum while-programs and thus provides a theoretical support for structural quantum programming advocated in [19]. To conclude this paper, we would like to mention two problems for further studies. • As pointed out at the end of Sec. VI, we still do not have any effective method to prove correctness of a quantum flowchart program containing loops. The Floyd inductive assertions method [15] is a popular method for verifying classical flowchart programs with loops. An interesting problem is to generalize the Floyd method to the quantum case. This problem seems not easy to solve because some essential difficulties arise when the correctness probabilities of a set of quantum programs are considered collectively (see Definition 5.2 and Proposition 5.2). • Many strategies of deleting goto statements in classical flowchart programs have been developed [14]. So, another interesting problem is to examine the applicability of these strategies for quantum flowchart programs. A systematic research into this problem should considerably help us to understand the relationship between quantum programs written in high-level and low-level languages and will provide effective techniques of implementing high-level quantum programming languages.

Acknowledgement: The authors are very grateful to the three referees for their useful comments and instructive suggestions.

13

R EFERENCES [1] S. Abramsky and B. Coecke, A categorical semantics of quantum protocols, in: Proceedings of the 19th IEEE Symposium on Logic in Computer Science (LICS), 2004, pp. 415-425. [2] T. Altenkirch and J. Grattage, A functional quantum programming language, in: Proceedings of the 20th Annual IEEE Symposium on Logic in Computer Science (LICS), 2005, pp. 249-258. [3] K. R. Apt and E. -R. Olderog, Verification of Sequential and Concurrent Programs, Springer, New York, 1997. [4] A. Baltag and S. Smets, LQP: the dynamic logic of quantum information, Mathematical Structures in Computer Science, 16(2006)491-525. [5] S. Bettelli, T. Calarco and L. Serafini, Toward an architecture for quantum programming, The European Physical Journal D, 25(2003)181200. [6] O. Brunet and P. Jorrand, Dynamic quantum logic for quantum programs, International Journal of Quantum Information, 2(2004)45-54. [7] R. Chadha, P. Mateus and A. Sernadas, Reasoning about imperative quantum programs, Electronic Notes in Theoretical Computer Science, 158(2006)19-39. [8] D. C. Cooper, B¨ohm and Jacopini’s reduction of flow charts, Communications of the ACM, 10(1967)463, 473. [9] V. Danos, E. Kashefi and P. Panangaden, The measurement calculus, Journal of the ACM, 54(2007)8. [10] E. D’Hondt and P. Panangaden, Quantum weakest preconditions, Mathematical Structures in Computer Science, 16(2006)429-451. [11] Y. Feng, R. Y. Duan, Z. F. Ji and M. S. Ying, Proof rules for the correctness of quantum programs, Theoretical Computer Science, 386(2007)151-166. [12] S. J. Gay. Quantum programming languages: survey and bibliography, Mathematical Structures in Computer Science, 16(2006)581-600. [13] E. H. Knill, Conventions for quantum pseudocode, Technical Report LAUR-96-2724, Los Alamos National Laboratory, 1996. [14] D. E. Knuth, Structured programming with go to statements, ACM Computing Surveys, 6(1974)261-301. [15] J. Loeckx and K. Sieber, The Foundations of Program Verification, John Wiley, Chichester, 1987. [16] I. Mackie and S. Gay (eds.), Semantic Techniques in Quantum Computation, Cambridge University Press, 2010. [17] Nielsen, M. A. and Chuang, I. L. Quantum Computation and Quantum Information, Cambridge University Press, Cambridge, 2000. [18] R. Nagarajan, N. Papanikolaou and D. Williams, Simulating and compiling code for the sequential quantum random access machine, Electronic Notes in Theoretical Computer Science, 170 (2007)101124. ¨ [19] B. Omer, Structural quantum programming, Ph.D. Thesis, Technical University of Vienna, 2003. [20] P. Panangaden, Labelled Markov Processes, World Scientific, Singapore, 2009. [21] J. W. Sanders and P. Zuliani, Quantum programming, in: Proceedings, Mathematics of Program Construction, LNCS 1837, Springer-Verlag, 2000, pp. 88-99. [22] P. Selinger, Towards a quantum programming language, Mathematical Structures in Computer Science, 14(2004)527-586. [23] P. Selinger, A brief survey of quantum programming languages, in: Proceedings of the 7th International Symposium on Functional and Logic Programming, LNCS 2998, Springer, 2004, pp. 1-6. [24] K. M. Svore, A. V. Aho, A. W. Cross, I. L. Chuang, I. L. Markov, A layered software architecture for quantum computing design tools, IEEE Computer, 39(2006)74-83. [25] A. Tafliovich and E. C. R. Hehner, Quantum predicative programming, in: Proceedings of the 8th International Conference on Mathematics of Program Construction (MPC), LNCS 4014, Springer, pp. 433-454. [26] A.Tafliovich, E.C.R.Hehner: Programming with quantum communication, Electronic Notes in Theoretical Computer Science, 253(2009)99118. [27] J. von Neumann, On infinite direct product, Compos. Math., 6(1938)177. [28] M. S. Ying, Topology in Process Calculus: Approximate Correctness and Infinite Evolution of Concurrent Programs, Springer, New York 2001. [29] M. S. Ying, Hoare logic for quantum programs, http://xxx.lanl.gov/abs/0906.4586. [30] M. S. Ying, R. Y. Duan, Y. Feng and Z. F. Ji, Predicate transformer semantics of quantum programs, in [16], pp. 311-360. [31] M. S. Ying and Y. Feng, Quantum loop programs, Acta Informatica, 47(2010)221-250. [32] M. S. Ying, Y. Feng, R. Y. Duan and Z. F. Ji, An algebra of quantum processes, ACM Transactions on Computational Logic, 10(2009)19


[33] P. Zuliani, Compiling quantum programs, Acta Informatica, 41(2005)435-473. [34] P. Zuliani, Reasoning about faulty quantum programs, Acta Informatica, 46(2009)403-432

Mingsheng Ying graduated from Fuzhou Teachers College, Jiangxi, China, in 1981. He is Distinguished Professor with the Center of Quantum Computation and Intelligent Systems, Faculty of Engineering and PLACE Information Technology, University of Technology, PHOTO Sydney, Australia, and Cheung Kong Professor with HERE the State Key Laboratory of Intelligent Technology and Systems, Department of Computer Science and Technology, Tsinghua University, Beijing, China. His research interests are quantum computation and quantum information, formal methods and logics in computer science, and foundations of artificial intelligence. He has published more 100 papers in various international journals. He is the author of the book Topology in Process Calculus: Approximate Correctness and Infinite Evolution of Concurrent Programs (Springer-Verlag, 2001).

14

A PPENDIX A: BASICS OF Q UANTUM T HEORY In this Appendix, we briefly review some notions from quantum theory used in the main body of this paper; for details we refer to a standard textbook [17]. According to a basic postulate of quantum mechanics, the state space of an isolated quantum system is represented by a Hilbert space, and a pure state of the system is described by a unit vector in its state space. Recall that a complex vector space is a nonempty set H together with two operations: vector addition + : H × H → H and scalar multiplication · : C × H → H, satisfying the following conditions: (1) (H, +) is an abelian group, its zero element 0 is called the zero vector; (2) 1|ϕi = |ϕi; (3) λ(µ|ϕi) = λµ|ϕi; (4) (λ + µ)|ϕi = λ|ϕi + µ|ϕi; and (5) λ(|ϕi + |ψi) = λ|ϕi + λ|ψi for any λ, µ ∈ C and |ϕi, |ψi ∈ H, where C is the field of complex numbers. An inner product over a vector space H is a mapping h·|·i : H × H → C satisfying the following properties: (1) hϕ|ϕi ≥ 0 with equality if and only if |ϕi = 0; (2) hϕ|ψi = hψ|ϕi∗ ; and (3) hϕ|λ1 ψ1 + λ2 ψ2 i = λ1 hϕ|ψ1 i + λ2 hϕ|ψ2 i for any |ϕi, |ψi, |ψ1 i, |ψ2 i ∈ H and for any λ1 , λ2 ∈ C, where (and in the sequel) x∗ stands for the conjugate of a complex number x. We often write (|ϕi, |ψi) for the product of |ϕi p and |ψi. For any vector |ψi in H, its length ||ψ|| is defined to be hψ|ψi. A vector |ψi is called a unit vector if ||ψ|| = 1. Let {|ψn i} be a sequence of vectors in H and |ψi ∈ H. If for any > 0, there exists a positive integer N such that ||ψm − ψn || < for all m, n ≥ N , then {|ψn i} is called a Cauchy sequence. If for any > 0, there exists a positive integer N such that ||ψn −ψ|| < for all n ≥ N , then |ψi is called a limit of {|ψn i} and we write |ψi = limn→∞ |ψn i. A Hilbert space is then defined to be a complete inner product space; that is, an inner product space in which each Cauchy sequence of vectors has a limit. The two Hilbert spaces presented in the following examples are of special interest in quantum programming. Example A1: The state space of qubits is the 2−dimensional Hilbert space: H2 = {α|0i + β|1i : α, β ∈ C}

The inner product in H2 is defined as follows: (α|0i + β|1i, α0 |0i + β 0 |1i) = α∗ α0 + β ∗ β 0

for all α, β, α0 , β 0 ∈ C. Example A2: The space of square summable sequences is H∞ = {

∞ X

αn |ni : αn ∈C for all n ∈ Z

n=−∞

and

∞ X

|αn |2 < ∞}

n=−∞

Yuan Feng Yuan Feng is currently an associate professor at Centre for Quantum Computation and Intelligent Systems (QCIS), University of Technology, Sydney, Australia, with research interests mainly in PLACE quantum information and quantum computation. He PHOTO received his BS and PhD degrees from the DepartHERE ment of Applied Mathematics and the Department of Computer Science and Technology, Tsinghua University, in 1999 and 2004, respectively. Before joining UTS, he was an associate professor at the Department of Computer Science and Technology, Tsinghua University, China.

where Z is the set of integers. The inner product in H∞ is defined by ∞ ∞ ∞ X X X 0 ∗ 0 αn |ni,

(

n=−∞

αn |ni) =

n=−∞

αn αn

n=−∞

0 for all αn , αn ∈ C, −∞ < n < ∞. Two vectors |ϕi and |ψi are said to be orthogonal, written |ϕi⊥|ψi if hϕ|ψi = 0. Let {|ψi i}i∈I be a family of vectors and |ψi a vector. If for any > 0 there is a finite subset J of I such that P ||ψ − i∈K ψi || < for all subsets K of of I containing J , then P |ψi is called the sum of {|ψi i}i∈I , and we write |ψi = i∈I |ψi i. A family {|ψi i}i∈I is called an orthonormal basis of a Hilbert


space P H if (1) |ψi i⊥|ψj i for all i, j ∈ I with i 6= j ; and (2) |ψi = i∈I hψi |ψi|ψi i for all |ψi ∈ H. In this case, the cardinality of I is called the dimension of H. If H is n−dimensional, and an orthonormal basis {|ψi i}n−1 i=0 is chosen, then each element |ψi of H can be represented by a complex vector in Cn :    |ψi =  

a0 a1 ...

  

an−1

P where ai (0 ≤ i < n) are defined by |ψi = n−1 i=0 ai |ψi i, i.e. ai = hψi |ψi for 0 ≤ i < n. For example, it is easy to see that Boolean values {|0i, |1i} form an orthonormal basis of H2 , and integers {|ni : n ∈ Z} form an orthonormal basis of H∞ . (Here we identify a value n with its corresponding vector |ni.) They are called the computational bases of H2 and H∞ , respectively. The computational bases are often adopted when unspecified. In fact, H2 and H∞ are the quantum counterparts of the basic data types Booleans and integers, respectively. An essential difference between quantum data and classical data is that the former can be in a superposition of the latter. For instance, a qubit can be in basis states of H2 : |0i =

1 0

0 1

, |1i =

and it can also be in a superposition of the basis states: α|0i + β|1i =

α β

15

A on H, if there exists a linear operator A† on H such that (|ϕi, A|ψi) = (A† |ϕi, |ψi) for all |ϕi, |ψi ∈ H, then A† is called the adjoint of A. An operator A on H is said to be positive if hψ|A|ψi ≥ 0 for all states |ψi ∈ P H. The trace tr(A) of an operator A is defined to be tr(A) = i hψi |A|ψi i where {|ψi i} is an orthonormal basis of H.

The state of a quantum system can be described as a density operator when it is not completely known. Let {|ψi i} be a family of states in P H. If a system is in state |ψi i with probability pi for each i, and P i pi = 1, then the state of the system is represented by ρ = i pi |ψi ihψi |, where |ψi ihψi | is an operator defined by (|ψi ihψi |)|ϕi = hψi |ϕi|ψi i for each |ϕi ∈ H. We say that ρ is a mixed state generated by the ensemble {(pi , |ψi i)} of pure states. A density operator ρ on a Hilbert space H is defined to be a positive operator with tr(ρ) = 1. An operator is a density operator if and only if it can be generated by an ensemble of pure states. In particular, we identify a pure state |ψi with the density operator |ψihψ|. An example of the mixed state of a qubit is 2 1 1 5 1 ρ = |0ih0| + |+ih+| = (7) 3

X=

1 1 1 −1

i=1

H(i) = {

X

1 0

0 i

, Y =

αj1 ...jn |ψ1j1 i...|ψnjn i :

j1 ,...,jn

αj1 ...jn ∈ C for all j1 , ..., jn }

Nn (i) In particular, if H(i) = H for all 1 ≤ i ≤ n, then i=1 H will be abbreviated to H⊗n . The notion of tensor product can be generalized to the case of an infinite family of Hilbert spaces [27]. For example, the state space of n qubits is H2⊗n , and a two-qubit system can be in an EPR pair (or a maximally entangled state) |β00 i = √1 (|00i + |11i). 2 Linear operators are basic mathematical tools in quantum mechanics. A (linear) operator on a Hilbert space H is a mapping A : H → H satisfying the following conditions: (1) A(|ϕi + |ψi) = A|ϕi + A|ψi; (2) A(λ|ψi) = λA|ψi for all |ϕi, |ψi ∈ H and λ ∈ C. The identity operator on H is denoted IH . If {|ii}n−1 i=0 is a (fixed) orthonormal basis of an n−dimensional Hilbert space H, then an operator A on H can be represented by n × n matrix A = (Aij ) where the entries Aij is defined P by A|ii = n−1 j=0 Aji |ji for every 0 ≤ i < n. For any operator

−i 0

1

1 1

, Z= 1 −1

1  0 CN OT =   0 0

0 1 0 0

1 0

0 −1

and the controlled-NOT on two qubits: 

The state space of a composite system is defined to be the tensor product of the state spaces of its subsystems. Let H(i) be a Hilbert space with {|ψij i} as an orthonormal basis for each 1 ≤ i ≤ n. Then the tensor product of H(i) (1 ≤ i ≤ n) is the Hilbert space with {|ψ1j1 i...|ψnjn i} as an orthonormal basis, i.e. n O

0 1

1 H= √ 2

1 1 |+i = √ (|0i + |1i) = √ 2 2

1

6

A basic operation on a quantum system is a unitary transformation. An operator U on H is called a unitary transformation if U † U = IH . The unitary operators used in Sec. VIII include the Pauli operators and Hadamard operator on one qubit:

where |α|2 + |β|2 = 1, such as

1 1 |−i = √ (|0i − |1i) = √ 2 2

3



0 0 0 1

0 0   1  0

The basic postulate of quantum mechanics about evolution of systems may be stated as follows: Suppose that the states of a closed quantum system at times t0 and t are |ψ0 i and |ψi, respectively. Then they are related to each other by a unitary operator U which depends only on the times t0 and t: |ψi = U |ψ0 i. This postulate can be reformulated in the language of density operators as follows. The state ρ of a closed quantum system at time t is related to its state ρ0 at time t0 by a unitary operator U which depends only on the times t and t0 : ρ = U ρ0 U † . A unitary operator is seen as a gate in a quantum circuit. A unitary transformation of a state in a finite-dimensional Hilbert space can be calculated by matrix multiplication. For example, the Hadamard gate H transforms the basis states |0i and |1i to their superpositions: 1 H|0i = √ 2

1 H|1i = √ 2

1 1

1 −1

1 1

1 −1

1 0

0 1

= |+i

= |−i

and the CNOT gate can produce entanglement: CN OT (|+i|0i) = |β00 i.

To acquire information about a quantum system, a measurement must be performed on it. In quantum computation, measurement is usually used to read out a computational result. Mathematically,


a quantum measurement on a system with state space H is described by a collection {Mm } of operators on H satisfying P † m Mm Mm = IH , where Mm are called measurement operators, and the indices m stand for the measurement outcomes that may occur in the experiment. The set of the indices m is called the spectrum of M and it is denoted spec(M ). If the state of a quantum system is |ψi immediately before the measurement, then † the probability that result m occurs is: p(m) = hψ|Mm Mm |ψi and the state of the system after the measurement is Mm |ψi

|ψm i = p

p(m)

M0 = |0ih0| =

0 0

1 6

1 0

0 0

0 0

, M1 = |1ih1| =

1 1

1 p(i)

JαK(σ, ρ; σ , ρ ) +

(σ 0 ,ρ0 )∈Ω

JβK(σ, ρ; σ , ρ )

σ 00 6|=ϕ

JβK(σ, ρ; σ 00 , ρ00 ).

X

3) For lk−1 : if ϕ then goto l else goto lk fi, we have: X X 0 0 00 00 JαK(σ, ρ; σ , ρ ) +

(σ 0 ,ρ0 )∈Ω

JβK(σ, ρ; σ , ρ )

σ 00 |=ϕ

JβK(σ, ρ; σ 00 , ρ00 ).

X

=

= tr

0 0

6

0

These statements can be summarized as follows: X 0 0

JαK(σ, ρ; σ , ρ ) + δ(α; σ, ρ)

(σ 0 ,ρ0 )∈Ω

JβK(σ, ρ; σ 00 , ρ00 ).

X

=

0 1

(8)

(σ 00 ,ρ00 )∈Ω

=

5 6

and the probability of outcome 1 is p(1) = 16 . Furthermore, we consider a system of two qubits. The measurement on the first qubit in the computational basis is N = {N0 , N1 }, where N0 = M0 ⊗ I and N1 = M1 ⊗ I , and I is the 2 × 2 identity matrix. If we perform N on a state of two qubits |ψi = a00 |00i + a01 |01i + a10 |10i + a11 |11i, where |a00 |2 + |a01 |2 + |a10 |2 + |a11 |2 = 1, then the probability that the outcome is i is p(i) = |ai0 |2 + |ai1 |2 , and the state of the second qubit after the measurement is p

2) For lk−1 : if ϕ then goto lk else goto l fi, we have: X X 0 0 00 00

(σ 00 ,ρ00 )∈Ω

† Mm ρMm . p(m)

5 1

JβK(σ, ρ; σ , ρ ).

(σ 00 ,ρ00 )∈Ω

(σ 00 ,ρ00 )∈Ω

If we perform M on a qubit in (mixed) state ρ given in Eq. (7), then the probability that we get outcome 0 is 5 p(0) = tr

JαK(σ, ρ; σ , ρ ) =

(σ 0 ,ρ0 )∈Ω

.

For example, the measurement on a qubit in the computational basis is M = {M0 , M1 }, where 1 0

1) If lk−1 is not the defining label of a conditional command, then X X 0 0 00 00

=

We can also formulate the quantum measurement postulate in the language of density operators. If the state of a quantum system was ρ immediately before measurement {Mm } is performed on it, † then the probability that result m occur is: p(m) = tr(Mm Mm ρ), and the state of the system after the measurement is ρm =

16

(ai0 |0i + ai1 |1i)

for i = 0, 1.

Therefore, by Definition 4.3, Eq. (8) and the induction hypothesis on β we obtain: LHS of Eq. (2) = pU D (β; σ, ρ) + δ(α; σ, ρ)+ JαK(σ, ρ; σ 0 , ρ0 )

X

(σ 0 ,ρ0 )∈Ω

JβK(σ, ρ; σ 00 , ρ00 ) = 1.

X

= pU D (β; σ, ρ) +

(σ 00 ,ρ00 )∈Ω

B.3: Proof of Lemma 4.4 Part 1) can be proved simply by definition. For part 2), we proceed by induction on the length s of β = r0 , r1 , ..., rs . It is trivial for the case of s = 0. In general, we write β1 = r0 , r1 , ..., rs−1 . First, we observe: X δ(αβ; σ, ρ) = JαK(σ, ρ; σ 0 , ρ0 )δ(β; σ 0 , ρ0 ). (9) (σ 0 ,ρ0 )∈Ω

A PPENDIX B: P ROOFS OF THE M AIN R ESULTS B.1: Proof of Lemma 4.1 We write X

p(k) =

p

{|p : (begin, σ, ρ) ⇒m (end, σ 0 , ρ0 )

In fact, if rs−1 is not the defining label of a conditional command, then δ(αβ; σ, ρ) = δ(β; σ 0 , ρ0 ) = 0 for all (σ 0 , ρ0 ) ∈ Ω, and Eq. (9) is clearly valid. For the case of rs−1 : if ϕ then goto rs else goto r fi, it follows from part 1) that X 00 00 δ(αβ; σ, ρ) =

0

0

with m ≤ k and (σ , ρ ) ∈ Ω|}.

By induction on k, it can be proved all k. P that p(k) ≤ 1 for 0 0 Then it suffices to observe that JSK(σ, ρ; σ , ρ ) = (σ 0 ,ρ0 )∈Ω limk→∞ p(k).

Jαβ1 K(σ, ρ; σ , ρ )

σ 00 6|=ϕ

=

X

X

σ 00 6|=ϕ (σ 0 ,ρ0 )∈Ω

=

X

JαK(σ, ρ; σ 0 , ρ0 )Jβ1 K(σ 0 , ρ0 ; σ 00 , ρ00 )

JαK(σ, ρ; σ 0 , ρ0 )[

(σ 0 ,ρ0 )∈Ω

B.2: Proof of Lemma 4.3 We proceed by induction on the length k of α. It is easy to see Eq. (2) for k = 0. For k > 0, we adopt the notations in Definition 4.3. It is routine to prove the following statements:

=

X

X

Jβ1 K(σ 0 , ρ0 ; σ 00 , ρ00 )]

σ 00 6|=ϕ

0

0

JαK(σ, ρ; σ , ρ )δ(β; σ 0 , ρ0 ).

(σ 0 ,ρ0 )∈Ω

Similarly, we can prove Eq. (9) for the case of rs−1 : if ϕ then goto r else goto rs fi. Now, by the induction


hypothesis we get:

17

B.5: Proof of Lemma 5.2

pU D (αβ; σ, ρ) = pU D (αβ1 ; σ, ρ) + δ(αβ; σ, ρ) 0

X

= pU D (α; σ, ρ) +

0

0

0

JαK(σ, ρ; σ , ρ )pU D (β1 ; σ , ρ )

(σ 0 ,ρ0 )∈Ω

0

X

+

0

0

P (σ, ρ) ≤ pU D (α; σ, ρ) +

0

JαK(σ, ρ; σ , ρ )δ(β; σ , ρ )

(σ 0 ,ρ0 )∈Ω

(σ 0 ,ρ0 )∈Ω

(σ 00 ,ρ00 )∈Ω

JαK(σ, ρ; σ 0 , ρ0 )pU D (β; σ 0 , ρ0 ).

JαK(σ, ρ; σ 0 , ρ0 )pU D (β; σ 0 , ρ0 )

X

= pU D (α; σ, ρ) +

(σ 0 ,ρ0 )∈Ω

(σ 0 ,ρ0 )∈Ω

B.4: Proof of Proposition 5.1 We only prove part 1), and part 2) can be proved in a similar way. (⇐) For any (σ, ρ) ∈ P , since |=ppar {P }path(S){Q} , there is a P family {pα : α ∈ path(S)} such that p ≤ 1− α∈path(S) (1−pα ) and X 0 0 pα ≤ pU D (α; σ, ρ) +

R(σ 00 , ρ00 )JβK(σ 0 , ρ0 ; σ 00 , ρ00 )]

X

+

+ δ(β; σ 0 , ρ0 )] = pU D (α; σ, ρ) +

JαK(σ, ρ; σ 0 , ρ0 )[pU D (β; σ 0 , ρ0 )

X

≤ pU D (α; σ, ρ) +

(σ 0 ,ρ0 )∈Ω

X

Q(σ , ρ )JαK(σ, ρ; σ , ρ )

(σ 0 ,ρ0 )∈Ω

JαK(σ, ρ; σ 0 , ρ0 )[pU D (β1 ; σ 0 , ρ0 )

X

= pU D (α; σ, ρ) +

We only prove part 1), and part 2) is similar. By Lemma 4.4 we obtain: X 0 0 0 0

JαK(σ, ρ; σ , ρ )

X

+

R(σ 00 , ρ00 )

X

(σ 0 ,ρ0 )∈Ω (σ 00 ,ρ00 )∈Ω

JαK(σ, ρ; σ 0 , ρ0 )JβK(σ 0 , ρ0 ; σ 00 , ρ00 )]

R(σ 00 , ρ00 )JαβK(σ, ρ; σ 00 , ρ00 )

X

= pU D (αβ; σ, ρ) +

(σ 00 ,ρ00 )∈Ω

for any (σ, ρ) ∈ Ω.

(σ 0 ,ρ0 )∈Q

for all α ∈ path(S). Therefore, with Lemmas 4.2 and 4.3 we obtain: X 0 0 pN T (S; α, ρ) +


(σ 0 ,ρ0 )∈Q

= [1 −

JSK(σ, ρ; σ 0 , ρ0 )] +

X

(σ 0 ,ρ0 )∈Ω

0

X

=1−

(σ 0 ,ρ0 )∈Ω−Q

(σ 0 ,ρ0 )∈Q

pN T (S; σ, ρ) +

JSK(σ, ρ; σ 0 , ρ0 )

=1−

[

α∈path(S)

+

−

(σ 0 ,ρ0 )∈Ω

=1−

JSK(σ, ρ; σ 0 , ρ0 )

≥1−

=1− 0

JSK(σ, ρ; σ , ρ )]}

=1+

(1 − pα )

JαK(σ, ρ; σ 0 , ρ0 )

X

X

α∈path(S)

(σ 0 ,ρ0 )∈Ω−Q

0

X

= [1 −

0

JSK(σ, ρ; σ , ρ )] +

(σ 0 ,ρ0 )∈Ω

= pN T (S; σ, ρ) +

X

Q(σ 0 , ρ0 )JαK(σ, ρ; σ 0 , ρ0 )

X

{pU D (α; σ, ρ)

α∈path(S)

X

+

Q(σ 0 , ρ0 )JαK(σ, ρ; σ 0 , ρ0 ) − 1}

(σ 0 ,ρ0 )∈Ω

(10) P(⇐) From 0b) 0 we have 0 Pα0 (σ, ρ) ≤ pU D (α; σ, ρ) + (σ 0 ,ρ0 )∈Ω Q(σ , ρ )JαK(σ, ρ; σ , ρ ) for all α ∈ path(S). Then it follows from a) and Eq. (10) that X 0 0 0 0 Q(σ , ρ )JSK(σ, ρ; σ , ρ )

(σ 0 ,ρ0 )∈Ω

≥1+

X

0

0


(σ 0 ,ρ0 )∈Q

JSK(σ, ρ; σ 0 , ρ0 ) ≥ p.

(σ 0 ,ρ0 )∈Q

X

pN T (S; σ, ρ) +

JSK(σ, ρ; σ , ρ ) 0

[1 − pU D (α; σ, ρ)]

0

(σ 0 ,ρ0 )∈Ω−Q

X

Q(σ 0 , ρ0 )JαK(σ, ρ; σ 0 , ρ0 )

X

α∈path(S) (σ 0 ,ρ0 )∈Ω

(1 − pα ) ≥ p,

α∈path(S)

=1−

X

X

α∈path(S)

=1−

X

α∈path(S)

that is, |=ppar {P }S{Q}. (⇒) Assume that |=ppar {P }S{Q}. For (σ, ρ) ∈ P , and for , we put pα = pU D (α; σ, ρ) + P any α ∈ path(S) 0 0 JαK(σ, ρ; σ , ρ ). Then it holds that 0 0 (σ ,ρ )∈Q X 1−

JαK(σ, ρ; σ 0 , ρ0 )


0

(σ 0 ,ρ0 )∈Q

X

+

JSK(σ, ρ; σ 0 , ρ0 )]

= 1 − {1 − [pU D (α; σ, ρ) +

X

X


(σ 0 ,ρ0 )∈Q

X

Q(σ 0 , ρ0 )JSK(σ, ρ; σ 0 , ρ0 )

X

(σ 0 ,ρ0 )∈Ω

X

JSK(σ, ρ; σ 0 , ρ0 )

X

=1−

(σ 0 ,ρ0 )∈Ω

α∈path(S) (σ 0 ,ρ0 )∈Ω−Q

X

Q(σ , ρ )JSK(σ, ρ; σ , ρ )

(σ 0 ,ρ0 )∈Ω

0

JαK(σ, ρ; σ 0 , ρ0 )

X

X

We only prove part 1), and part 2) may be proved in a similar way. For each (σ, ρ) ∈ Ω, by Lemmas 4.2 and 4.3 we obtain: X 0 0 0 0


X

=1−

X

B.6: Proof of Proposition 5.2

X

(Pα (σ, ρ) − 1)

α∈path(S)

=1−

X α∈path(S)

that is, |=par {P }S{Q}.

(1 − Pα (σ, ρ)) ≥ P (σ, ρ),


(⇒) For each α ∈ path(S), we define probabilistic predicate Pα as follows:

18

that RHS of Eq. (11)

X

= Q(σ 0 , ρ0 )JαK(σ, ρ; σ 0 , ρ0 )

X

Pα (σ, ρ) = pU D (α; σ, ρ) +

pm pU D (β; σ[m/x],

m∈spec(M )



(σ 0 ,ρ0 )∈Ω

X

+

0

0

X

Q(σ , ρ ) 

(σ 0 ,ρ0 )∈Ω

m∈spec(M )

(σ[m/x],

pm pU D (β; σ[m/x],

m∈spec(M )

1−

(1 − Pα (σ, ρ)) = 1 +

α∈path(S)

= pN T (S; σ, ρ) +

1 † Mm ρMm ) pm



(Pα (σ, ρ) − 1)

X

+

α∈path(S)

(σ 0 ,ρ0 )∈Ω

Q(σ 0 , ρ0 )JSK(σ, ρ; σ 0 , ρ0 ) ≥ P (σ, ρ).

X

1 † Mm ρMm ; σ 0 , ρ0 ) pm

X

=

X

pm JβK

for every (σ, ρ) ∈ Ω. It holds automatically that |=par {Pα }α{Q} for all α ∈ path(S). On the other hand, it follows from Eq. (10) and |=par {P }S{Q} that

X

1 † Mm ρMm ) pm

X

=

(σ 0 ,ρ0 )∈Ω

1 † Q(σ 0 , ρ0 )JβK(σ[m/x], Mm ρMm ; σ 0 , ρ0 ) pm pm wlp(β, Q)(σ[m/x],

m∈spec(M )

1 † Mm ρMm ) pm

= wlp(α, Q)(σ, ρ)

•

B.7: Proof of Proposition 6.1

† where pm = tr(Mm Mm ρ). Case 4. l0 : if ϕ then goto l1 else goto l0 fi. If σ |= ϕ, then pU D (α; σ, ρ) = pU D (β; σ, ρ) and JαK(σ, ρ; σ 0 , ρ0 ) = JβK(σ, ρ; σ 0 , ρ0 ) for all (σ 0 , ρ0 ) ∈ Ω. Consequently,

RHS of Eq. (11)

We only consider the case of weakest liberal precondition, the case of weakest precondition is similar. With Definitions 5.4 1) and 6.1, it suffices to prove the following equation:

X

= pU D (β; σ, ρ) +

Q(σ 0 , ρ0 )JβK(σ, ρ; σ 0 , ρ0 )

(σ 0 ,ρ0 )∈Ω

= wlp(β, Q)(σ, ρ) = wlp(α, Q)(σ, ρ).

If |6 = ϕ, then pU D (α; σ, ρ) = 1 and JαK(σ, ρ; σ 0 , ρ0 ) = 0 for all (σ 0 , ρ0 ) ∈ Ω. Thus, RHS of Eq. (11) = 1 =

wlp(α, Q)(σ, ρ)

X

= pU D (α; σ, ρ) +

Q(σ 0 , ρ0 )JαK(σ, ρ; σ 0 , ρ0 )

(11)

(σ 0 ,ρ0 )∈Ω

•

wlp(α, Q)(σ, ρ). Case 5. l0 : if ϕ then goto l0 else goto l1 fi. Similar to

Case 4. for any (σ, ρ) ∈ Ω. We proceed by induction on the length k of α. For the case of k = 0, it is obvious. If k > 0, then we write β for the path l1 , l2 , ..., lk and consider the following cases: •

Case 1. l0 : (x1 , ..., xn ) := (t1 , ..., tn ); goto l1 . By Lemma 4.4, the induction hypothesis on β and Definition 6.2 we obtain:

B.8: Proof of Proposition 7.1 Clauses 1) - 6) can be easily proved by definition. Here we only outline the proof of clause 7). We simply write while for while ϕ do S od. First, we can show that J(while)n K(σ, ρ; σ 0 , ρ0 ) ≤ JwhileK(σ, ρ; σ 0 , ρ0 )

for all n ≥ 0 by induction on n. Then it follows that ∞

RHS of Eq. (11) = pU D (β; σ[σ(t1 )/x1 , ..., σ(tn )/xn ], ρ) +

X

Q(σ 0 , ρ0 )JβK

(σ 0 ,ρ0 )∈Ω

(σ[σ(t1 )/x1 , ..., σ(tn )/xn ], ρ; σ 0 , ρ0 ) = wlp(β, Q)(σ[σ(t1 )/x1 , ..., σ(tn )/xn ], ρ) = wlp(α, Q)(σ, ρ).

sup J(while)n K(σ, ρ; σ 0 , ρ0 ) ≤ JwhileK(σ, ρ; σ 0 , ρ0 ).

n=0

Secondly, we put p

pm =

X

{|p : hwhile, σ, ρi ⇒k hE, σ 0 , ρ0 i for some k ≤ m|}

for all m ≥ 0. We can show that ∞

pm ≤ sup J(while)n K(σ, ρ; σ 0 , ρ0 ) n=0

by induction on m. Thus, • •

Case 2. l0 : q1 , ..., qn := U [q1 , ..., qn ]; goto l1 . Similar to Case 1. Case 3. l0 : x := M [q1 , ..., qn ]; goto l1 . It follows from Lemma 4.4, the induction hypothesis on β and Definition 6.2

JwhileK(σ, ρ; σ 0 , ρ0 ) = lim pm n→∞ ∞

≤ sup J(while)n K(σ, ρ; σ 0 , ρ0 ). n=0


B.9: Proof of Proposition 7.2 Cooper’s translation from flowchart programs to whileprograms [8] applies well to the quantum case considered in this paper. More precisely, suppose that S consists of m commands whose defining labels are l0 , l1 , ..., lm−1 , respectively. We assume that l0 = begin and write lm for the label ‘end’. Furthermore, we define a family Pii0 (0 ≤ i, i0 ≤ m) of first-order formulas and a family Sii0 (0 ≤ i, i0 ≤ n) of simple while-programs as follows: 1) If li : (x1 , ..., xn ) := (t1 , ..., tn ); goto lj , then ( Pii0 =

true

if i0 = j,

f alse

otherwise,

and Sii0 = (x1 , ..., xn ) := (t1 , ..., tn ). 2) If li : q1 , ..., qn := U [q1 , ..., qn ]; goto lj , then Pii0 are as in (1), and Sii0 = q1 , ..., qn := U [q1 , ..., qn ]. 3) If li : x := M [q1 , ..., qn ]; goto lj , then Pii0 are as in (1), and Sii0 = x := M [q1 , ..., qn ]. 4) If li : if ϕ then goto lj else goto lk fi, then   if i0 = j, ϕ Pii0 =

 

¬ϕ

if i0 = k,

f alse

otherwise,

and Sii0 = skip. Now let Sw to be the while-program given in Fig. 7. Then it p∗ is easy to see that hbegin, σ, ρi → hend, σV0 ∪B , ρ0 i in S if and p∗ only if hSw , σV , ρi → hE, σ 0 , ρ0 i, and Eq. (5) follows.

19


b0 := true; b1 := f alse; ...; bm := f alse; while ¬bm do if b0 ∧ P00 then b0 := f alse; S00 ; b0 := true else ............ if bi ∧ Pij then bi := f alse; Sij ; bj := true else ............ if bn−1 ∧ P(n−1)n then bn−1 := f alse; S(n−1)n ; bn := true fi od Fig. 7.

Cooper’s translation

20