coq-club AT inria.fr
Subject: The Coq mailing list
List archive
- From: Robert Rand <rrand AT seas.upenn.edu>
- To: josephcmac AT gmail.com, coq-club AT inria.fr
- Subject: Re: [Coq-Club] Why Qwire was verified precisely in Coq?
- Date: Fri, 21 Dec 2018 14:08:23 -0500
- Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=rrand AT seas.upenn.edu; spf=Pass smtp.mailfrom=rrand AT seas.upenn.edu; spf=None smtp.helo=postmaster AT mx0b-000c2a01.pphosted.com
- Ironport-phdr: 9a23:YUGh8B18IFf6SbKMsmDT+DRfVm0co7zxezQtwd8Zse0eKPad9pjvdHbS+e9qxAeQG9mDu7Qc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPYAhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vza/4KdxUBLnhykHODw5/m/ZicJ+kbxVrw66qhNl34LZepuYOOZicq7fe94RWGpPXtxWVyxEGo6yc4wPAPEfMuZCs4n2ukcAogG4BQaxGejizSVIhmXs0q08zussChrG0xI6ENIVqnjUsc31O7kUUeCz1qXH0yjMb+5P1Dr79YPGfBchofSWUrJxd8rc0VQvFwbYgVmKt4PqIi6V2+IQuGaY9+ptTf+jhmEkpg1rvzSix8khhpPUio8Vyl3I7yt0zYctKdGmVEJ2ZcSoHZhQui2AKod7Q8IvT3totSokzLANpIS1czIQyJs9wh7Sc/yHfJaM4hLkTOuRJDh5iG5+d76mmxq+7VSsxfHiWsauzFpGszBJksHUtnAN0BzT8dSHReVg8Uu7xTmP0AXT5vlFIUAyi6XbN4YszqM/m5cQq0jPAy77lUvsgKOLdkgp+vKk5urmb7n+o5+TLY50igXwMqQ0ncy/BPw1MhIUX2eB/+Szyabu/VbnT7pQlf06iLTZsIjEKsQdoK61GRFa3Zs+6xqnFTepzMwYnWUbLFJCYB+Ik4/pO0jXLP/kCfe/nk+jnSxwx/HGO73hGo/CImLCkLfnZ7Z96lRTxBA9zdBFtNpoDeQDJ+n+Qk/6sdXTJhA8Og2whe3gDZE13YQHHGmLH6WxMaXIsFbO6Ph8DfOLYdovvzzwMeRt3ffogTdtg0UUe6WBxpYeczalBvlgJQOUbWe60YRJKnsDogdrFL+is1aFSzMGPy/jDZJ53SkyDcedNamGQ4mshLKb2yLiQM9Na2ldTE2UHHHuMYiIRqVVMX7AEopaijUBEIOZZco5zxj36l3hxrN8aPfM9yse85/vyYotvrCBpVQJ7TVxSv+l/SSNQmVzxDNaQi9u1uUn+RR2kF7biO5gm/xfDsBe67VCVQJobZM=
Hi José,
I'd say that the reason for the choice of Coq was its dependent types for programming, rather than the power of its logic.
Dependent types allow us to define precise circuit families. Consider for instance the type signature for the quantum fourier transform from our POPL paper (http://www.cs.umd.edu/~rrand/popl_2017.pdf, section 6.2, which discusses this choice):
fourier : Π(n:Nat). CIRC(n ⨂ qubit, n ⨂ qubit)
The argument n here is both used in the QFT and precisely specifies the arity of the circuit. When taking the denotation, then, we know that the QFT takes a density matrix of size 2^n by 2^n to another matrix of the same size, which helps in verification.
(In general, there's a pretty strong argument that matrices should be dependently typed, as the Mathematical Components/SSReflect matrices are, though in the context of QWIRE we had to make some trade-offs discussed here: http://www.cs.umd.edu/~rrand/coqpl_2018.pdf.)
We're not the first to argue for dependent types in quantum programs: The idea is present in the Quipper papers and discussed at length in Alexander Green's thesis (which also does some verification in Agda).
I'm curious, though, about prior uses of Isabelle/HOL for quantum computing. I'm only familiar with two works in that category (Liu et al's Theorem Prover for Quantum Hoare Logic and Its Applications and Unruh's Quantum Relational Hoare Logic) and both are in early stages (in terms of verification in Isabelle).
Best,
Robert
On Thu, Dec 20, 2018 at 11:54 PM José Manuel Rodriguez Caballero <josephcmac AT gmail.com> wrote:
Hello,In Robert Rand's PhD thesisquantum programs were verified using a tool known as Qwire. The semantics of Qwire was verified in Coq. Other authors have previously used Isabelle/HOL in order to verify semantical structures related to Quantum Computing. My question is rather type-theoretical:Does Calculus of Inductive Constructions have some advantages over Simple Type Theory in order to formally verify quantum programs?In other words:Was the verification of Qwire in Coq an arbitrary choice among all the proof assistants available right now or are there deep theoretical reasons for this precise choice?Kind Regards,José M.
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, (continued)
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, Robbert Krebbers, 12/19/2018
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, Thorsten Altenkirch, 12/19/2018
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, Klaus Ostermann, 12/19/2018
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, Xuanrui Qi, 12/19/2018
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, Xuanrui Qi, 12/19/2018
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, Jan Bessai, 12/19/2018
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, Thorsten Altenkirch, 12/19/2018
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, Jan Bessai, 12/19/2018
- Re: [Coq-Club] Example of terminating function that are not accepted by Coq, Jean-Francois Monin, 12/19/2018
- [Coq-Club] Why Qwire was verified precisely in Coq?, José Manuel Rodriguez Caballero, 12/21/2018
- Re: [Coq-Club] Why Qwire was verified precisely in Coq?, Robert Rand, 12/21/2018
- Re: [Coq-Club] Why Qwire was verified precisely in Coq?, José Manuel Rodriguez Caballero, 12/21/2018
- Re: [Coq-Club] Why Qwire was verified precisely in Coq?, Robert Rand, 12/21/2018
- [Coq-Club] Why Qwire was verified precisely in Coq?, José Manuel Rodriguez Caballero, 12/21/2018
Archive powered by MHonArc 2.6.18.