1 Introduction

There has been extensive research on logics to reason about array data-types in programs. Arrays can concisely represent the values of an unbounded number of memory locations, and have been successfully applied to verify industrial-scale programs [11, 15, 29]. An array formula encoding the semantics of a program path is typically linear in the number of program statements. Much of the existing work focuses on one-dimensional arrays and uses nesting to handle the case of multiple dimensions.

Fig. 1.
figure 1

A quantum state.

Full size image

This paper studies a logic called Cartesian Array Logic (CaAL), in which multi-dimensional arrays are treated as first-class citizens. The motivation for designing this logic comes from developing a tailor-made theory for reasoning about quantum circuits or programs, which need a fundamentally different representation of states than classical programs. Quantum states exist in a superposition of classical states. Figure 1 gives an example of a 5-qubit quantum state, which can be interpreted as a probability distribution over \(2^5\) classical states; every classical state, which can be seen as a string of n bits, is associated with a probability of being observed.

Current SMT-based solutions for reasoning about quantum programs [3] encode program paths to a Satisfiability Modulo Theories (SMT) formula over the theory of real numbers. For a n-qubit quantum program, the direct encoding uses \(2^n\) variables to represent the execution of a quantum circuit, one variable per classical state. The formula representing a quantum circuit is exponential in the circuit size.

In the Cartesian Array Logic designed in this paper, one can instead encode an n-qubit quantum state as an array \(s:(\mathbb {B}^n\Rightarrow \mathbb {C})\) that maps each classical state to a complex number c encoding the probability of this classical state being observed. The squared absolute value \(|c|^2\) is the probability that the complex number c encodes. Quantum gates, the basic operating units of a quantum circuit, can be viewed as functions that transform one quantum state to another. We show that CaAL can concisely encode the semantics of quantum gates, so that a path formula becomes linear in the circuit size. The semantics of a quantum circuit is the composition of the gate encodings.

Structure of the Paper. The syntax and formal semantics of the CaAL logic will be given in Sect. 2. In the same section, we show that this logic is quite expressive, it can easily encode the satisfiability problem of a quantified Boolean formula (QBF). We show that deciding the logic is, in fact, NEXPTIME-hard by a polynomial reduction from the k-color problem of a succinct circuit representation of graphs [23]. As an application, in Sect. 3, we show that the logic can concisely encode the semantics of quantum circuits, using \(\mathbb {B}^n\) as the index type and \(\mathbb {C}\) as the value type. In Sect. 4, we present a decision procedure for CaAL, extending the classical approach of read-over-write propagation used for arrays. In the worst case, our procedure might perform an exponential number of such propagations; hence, if the underlying logic can be decided in NP, our logic can be decided in NEXPTIME. The preliminary experimental results of applying this decision for quantum circuit verification can be found in Sect. 5.

Contributions of the paper are (i) a new array logic, CaAL, with native support for multi-dimensional arrays; (ii) the proof the satisfiability problem of CaAL is NEXPTIME-hard; (iii) a linear encoding of the semantics of quantum circuits in CaAL; (iv) an NEXPTIME decision procedure for CaAL without nested array sorts; and (v) a preliminary evaluation of our approach using standard quantum circuits.

Related Work on Verification of Quantum Circuits. Although quantum states can be naturally represented as arrays, the connection between array theories and quantum circuit verification is novel, to the best of our knowledge. In the past, people have considered automated quantum circuit verification based on automata [7], various types of equivalence checking [1, 9, 19, 33], abstract interpretation [24, 34], and model checking [13, 21, 32]. However, techniques based on satisfiability modulo theories (SMT) are still lacking. The closest work to ours is a symbolic execution and verification framework of quantum circuits [3]. The work encodes quantum circuit verification problems into SMT with the theory of real numbers, using variables in trigonometric functions, e.g., \(\sin x\), which might lose precision in corner cases. As mentioned, their approach requires \(2^n\) variables to encode a n-qubit circuit in the worst case. As far as we know, our work is the first SMT-based approach that allows a precise and succinct encoding and verification of quantum circuits.

Related Work on Array Theories. There is a large body of research on array decision procedures for SMT, going back to the 1980s, and most SMT solvers implement at least the theory of extensional arrays (with operations read and write/store) in our paper, as standardized in SMT-LIB [2]. Stump et al. [29] presented a decision procedure for this theory and formed the basis for many later procedures. An extension of the theory, called Combinatorial Array Logic (CAL), with functions for constant arrays and for the point-wise extension of functions was presented by De Moura et al. [11]. CAL served as the main inspiration for our work and is in this paper extended further by adding projections and updates of sub-arrays. An extension of CAL with cardinality constraints was presented by Raya et al. [25]. Christ et al. [8] present an algorithm for the theory of arrays where lemmas are created lazily based on weak equivalences; this method was later extended to handle constant arrays [20].

There are also many more generalized decision procedures for arrays. For instance, Ganesh et al. [16] focus on the combined theory of arrays and bit-vectors and present a decision procedure based on pre-processing, bit-blasting, and linear arithmetic solving. Brummayer et al. present a decision procedure for the same theory that introduces lemmas lazily, guided by congruence closure [6]. An extended array theory tailored to software, including operations memset and memcpy, was presented by Falke et al. [12]. More recently, several theories of finite arrays were proposed. Bonacina et al. [5] extend the standard theory of arrays with an abstract notion of length, and present a decision procedure based on the CDSAT framework. Wang et al. [31] consider a logic extending CAL with a length function, as well as operations for concatenation, slicing, and repetition of arrays, and identify a decidable fragment. Sheng et al. [27] propose a theory of sequences that combines the standard array operations with a length function, concatenation, and slicing. All those logics cannot directly encode quantum circuits in a similar style as CaAL, however, since no projection operation is available.

2 A Theory of Cartesian Arrays

2.1 Preliminaries

We work in the setting of multi-sorted first-order logic with equality; see, e.g., [18]. A signature is a tuple \(\varSigma = (\varSigma ^S, \varSigma ^F, \varSigma ^P)\) consisting of a set \(\varSigma ^S\) of sorts, a set \(\varSigma ^F\) of function symbols, and a set \(\varSigma ^P\) of predicates. Predicates and functions have fixed arity and argument sorts, and functions have a fixed result sort. Given a signature \(\varSigma \) and a set \(\mathcal X\) of sorted variables, we define the usual notions of \(\varSigma \)-terms, \(\varSigma \)-atoms, \(\varSigma \)-literals, \(\varSigma \)-formulas, and \(\varSigma \)-sentences. Formulas are evaluated over \(\varSigma \)-structures \(M=(D,I)\) that interpret every sort \(\sigma \in \varSigma ^S\) as a non-empty domain \(I(\sigma ) \subseteq D\), predicates \(p \in \varSigma ^P\) as relations I(p), and functions \(f \in \varSigma ^F\) as set-theoretical functions I(f). We slightly abuse notation; we assume that also variables \(x \in \mathcal X\) are mapped to values I(x) by M. The evaluation of terms, formulas, etc., is defined as is common; the equality symbol \(=\) is assumed to be interpreted as the equality relation on D. A theory T over \(\varSigma \) is a set of \(\varSigma \)-sentences. A \(\varSigma \)-formula \(\phi \) is called T-satisfiable if there is a \(\varSigma \)-structure M satisfying both the T-axioms and \(\phi \).

2.2 Definition of the Theory of Cartesian Arrays

Cartesian arrays are introduced in the context of a base signature \(\varSigma _B\) and a base \(\varSigma _B\)-theory \(T_B\), which provides the index and value sorts for arrays. The signature \(\varSigma _{{\text {CaAL}}}= (\varSigma _{{\text {CaAL}}}^S, \varSigma _{{\text {CaAL}}}^F, \varSigma _{{\text {CaAL}}}^P)\) of CaAL is then defined as follows. The set of sorts is the least set \(\varSigma _{{\text {CaAL}}}^S\) such that (i) \(\varSigma _B^S \subseteq \varSigma _{{\text {CaAL}}}^S\), and (ii) \(\sigma , \tau \in \varSigma _{{\text {CaAL}}}^S\) and \(n \in \mathbbm {N}_{> 0}\) imply \((\sigma ^{n} \Rightarrow \tau ) \in \varSigma _{{\text {CaAL}}}^S\). A sort \((\sigma ^{n} \Rightarrow \tau )\) is an array sort of arity n with index sort \(\sigma \) and value sort \(\tau \).

Table 1. Operations included in \(\varSigma _{{\text {CaAL}}}^F\) for each sort \((\sigma ^{n} \Rightarrow \tau )\).
Full size table

The set \(\varSigma _{{\text {CaAL}}}^F\) includes \(\varSigma _B^S\), as well as the operations listed in Table 1 for every array sort \((\sigma ^{n} \Rightarrow \tau )\). The operators \(\cdot [\cdot , \ldots , \cdot ]\) and \( store \) are the functions for reading from and writing to arrays, as in the standard theory of arrays. K and \( map _f\) correspond to the functions introduced in CAL [11]; in particular, any base function \(f \in \varSigma _B^F\) is lifted to an operator on arrays using \( map _f\). The operators \( proj \) and \( arrayStore \) are specific to our theory CaAL, and can be used to project an n-dimensional array to an \((n-1)\)-dimensional sub-array by fixing the value of the k’th index, and to update the corresponding portion of the original array, respectively. The set \(\varSigma _{{\text {CaAL}}}^P\) coincides with \(\varSigma _B^P\). Semantics is defined by the axiom schemata in Table 2.

Table 2. Axioms of the Theory of Cartesian Arrays. As shorthand notation, we write \(\bar{i} : \sigma ^n\) for a vector of n index variables \(i_1 : \sigma , \ldots , i_n : \sigma \).
Full size table

Example 1

We illustrate the use of two-dimension arrays \(s, s':(\mathbb {B}^2 \Rightarrow \mathbb {C})\) to encode two-qubit quantum states. Suppose that s represents the state \(\frac{1}{\sqrt{2}}({|{00}\rangle }+{|{11}\rangle })\), and \(s'=X_2(s)\) is the quantum state after applying an X gate (the quantum version of a “not”-gate) on the 2nd qubit of s. The matrix representations of s and \(s'\) are as follows; note that the results of \(x_2=0\) and \(x_2=1\) are swapped in s and \(s'\).

figure a

The projection \( proj _{1}(s, k)\) maps the matrix s to its k’th column vector, specifically the column with \(x_1=k\). In CaAL, we can construct \(s'\) from s as \(s'= arrayStore _{2}( arrayStore _{2}(K(0), 1, proj _{2}(s, 0)), 0, proj _{2}(s, 1))\). To compute the sum of the two matrices, we use \( map _+(s, s')\), which is also utilized for other quantum gate operations.

Several extensions of the theory of Cartesian arrays are possible but beyond the scope of this paper. Those include (i) arrays with multiple different index sorts, as opposed to just n copies of the same index sort \(\sigma \); and (ii) a theory that also includes point-wise extensions of predicates.

2.3 Complexity of Satisfiability in CaAL

We now study the hardness of satisfiability of quantifier-free CaAL formulas. The quantified Boolean formula problem (QBF) generalizes the Boolean satisfiability problem by allowing existential and universal quantifiers to be applied to variables. Its satisfiability problem is PSPACE-complete [28]. Without loss of generality, we can assume that QBF formulas are in prenex normal form \(Q_1 x_1. Q_2 x_2.\cdots Q_n x_n. \phi \), which consists of a Boolean formula \(\phi \) over n Boolean variables \(x_1, \ldots , x_n\), and a prefix of quantifiers \(Q_1,Q_2,\ldots ,Q_n\in \{\forall , \exists \}\).

To reduce the satisfiability problem of QBF to CaAL, we assume that the base theory provides a sort \(\mathbb {B}\) with the standard operations. This sort will be used for both index and values. An array \(\textsf{toCaAL}(\phi ) : (\mathbb {B}^n \Rightarrow \mathbb {B})\) encoding the semantics of \(\phi \) is defined recursively as follows:

  • \(\textsf{toCaAL}(x_k)= arrayStore _{k}(K(0), 1, K(1))\).

  • \(\textsf{toCaAL}(\lnot \phi ) = map _\lnot (\textsf{toCaAL}(\phi ))\).

  • \(\textsf{toCaAL}(\phi _1\wedge \phi _2) = map _\wedge (\textsf{toCaAL}(\phi _1),\textsf{toCaAL}(\phi _2))\).

Observe that \( arrayStore _{k}(K(0), 1, K(1))[i_1,\ldots ,i_k,\ldots , i_n]=i_k\), and note that the size of \(\textsf{toCaAL}(\phi )\) is linear in the size of \(\phi \). We can construct a CaAL formula that is equisatisfiable with \(Q_1 x_1. \cdots Q_n x_n. \phi \) as follows:

$$\begin{aligned}&\textsf{QElim}(Q_1 x_1. \cdots Q_n x_n. \phi ) = \\&(q_1[0] \odot _1 q_1[1]) \wedge \bigwedge _{i = 2}^n q_{i-1} = map _{\odot _i}( proj _{i}(q_i, 0), proj _{i}(q_i, 1)) \wedge q_n = \textsf{toCaAL}(\phi ) \end{aligned}$$

where \(\odot _i=\wedge \) when \(Q_i=\forall \), and \(\odot _i=\vee \) otherwise. Note that the QBF formula \(Q_1 x_1. \cdots Q_n x_n. \phi \) is valid if and only if the CaAL formula \(\textsf{QElim}(Q_1 x_1. \cdots Q_n x_n. \phi )\) is satisfiable.

Theorem 1

The satisfiability problem of CaAL over \(\mathbb {B}\) is PSPACE-hard.

This lower bound can be improved, however. The k-colorability problem for graphs with succinct circuit representation is NEXPTIME-complete [23]. This problem can be reduced to the satisfiability problem of CaAL in polynomial time as well.

Consider an undirected graph with \(2^n\) nodes, and let \(\phi (\bar{x}, \bar{x'})\) be a Boolean circuit encoding the edge relation of the graph: \(\phi (\bar{x}, \bar{x'})\) evaluates to true whenever there is an edge \((\bar{x}) \rightarrow (\bar{x'})\) in the graph. The k-colorability of the graph can be characterized as the following formula, where \(c:(\mathbb {B}^n \rightarrow \mathbb {N})\) is an array representing the color of each node:

$$\begin{aligned} \forall \bar{x},\bar{x'}: \mathbb {B}^n .~ \phi (\bar{x},\bar{x'}) \rightarrow c[\bar{x}] \ne c[\bar{x'}] \wedge c[\bar{x}]< k \wedge c[\bar{x'}] < k~. \end{aligned}$$

In a similar way as for QBF, we encode \(\phi \) as an array formula \(\phi '\) of linear size, in which \(a_\phi :(\mathbb {B}^n \times \mathbb {B}^n\Rightarrow \mathbb {B})\) is an array variable representing the edge relation. We then create two intermediate arrays \(a,b:(\mathbb {B}^n \times \mathbb {B}^n\Rightarrow \mathbb {N})\) and use the following formula in CaAL to encode the relation \(\forall \bar{x},\bar{x'}: \mathbb {B}^n.~ a[\bar{x},\bar{x'}] = c[\bar{x}] \wedge b[\bar{x},\bar{x'}] = c[\bar{x'}]\):

$$\begin{aligned}&\textsf{EqColor}(a,b,c)\equiv \\&a=a_n \wedge c=a_0 ~\wedge ~ \bigwedge _{j =1}^n proj_{j+n}(a_j,0)= proj_{j+n}(a_j,1) =a_{j-1} \wedge \\&b=b_n \wedge c=b_0 ~\wedge ~ \bigwedge _{j = 1}^n proj_j(b_j,0)= proj_j(b_j,1) =b_{j-1} \end{aligned}$$

Then we encode the k-color problem with the following CaAL formula:

$$\begin{aligned}&\phi '\wedge \textsf{EqColor}(a,b,c)\wedge map _f(a_\phi ,a,b)=K(1) \\ \text {where}~~~&f(e, col1 , col2 ) ~\equiv ~ e \rightarrow ( col1 \ne col2 \wedge col1< k \wedge col2 < k). \end{aligned}$$

Theorem 2

The satisfiability problem of CaAL is NEXPTIME-hard.

3 Array Semantics of Quantum Circuits

As an application, we show that CaAL can encode the semantics of quantum circuits. Below, we only give a short overview of quantum circuits and define notations; for more details, see, e.g., the textbook of Nielsen and Chuang [22].

In a n-qubit quantum, a state is a superposition of computational basis states \(\{{|{j}\rangle }\mid j \in \{0,1\}^n\}\). For example, for a system with three qubits \(x_1\), \(x_2\), and \(x_3\), the computational basis state \({|{101}\rangle }\) (in Dirac notation) denotes a state in which both \(x_1\) and \(x_3\) are set to 1, and \(x_2\) is set to 0. A n-qubit quantum state s is then denoted as a formal sum \(\sum _{j \in \{0,1\}^n} c_j\cdot {|{j}\rangle }\), where \(c_0,c_1,\ldots ,c_{2^n-1} \in \mathbb {C}\) are complex probability amplitudes satisfying the constraint that \(\sum _{j \in \{0,1\}^n} |c_j|^2 =1\). Intuitively, \(|c_j|^2\) is the probability that when we measure the quantum state s in the computational basis, we obtain the basis state \({|{j}\rangle }\). The constraint \(\sum _{j \in \{0,1\}^n} |c_j|^2 =1\) states that probabilities need to sum up to 1 for all computational basis states.

We can record a quantum state as an array that maps a computational basis state to its complex probability amplitudes. The state s is represented as an array \(s: (\mathbb {B}^n \Rightarrow \mathbb {C})\) satisfying \(s[j]=c_j\) for all \(j \in \{0,1\}^n\); slightly abusing notation, we denote both the state and the array by s.

3.1 Quantum Circuits

Fig. 2.
figure 2

The EPR circuit, consisting of an H and a CX gate with control qubit ( ) and target qubit (\(\oplus \)).

Full size image

A quantum circuit consists of a sequence of quantum gates. Each quantum gate defines a specific transformation of quantum states. For example, the Pauli-X gate (the quantum version of classical “not” gate) on the k-th qubit transforms a state s to \(s'\) satisfying \(\forall i\in \{0,1\}^{k-1},b\in \{0,1\}, j\in \{0,1\}^{n-k}: s'[ibj] = s[i\bar{b}j]\), i.e., it negates the k-th index bit.

Another example is the Pauli-Z gate on the k-th qubit, which transforms a state s to \(s'\) satisfying \(\forall i\in \{0,1\}^{k-1},b\in \{0,1\}, j\in \{0,1\}^{n-k}: s'[ibj] = ite (b, -1\cdot s[ibj], s[ibj])\). Here, probability amplitudes are multiplied with \(-1\) when b is 1, and are unchanged otherwise.

Table 3. Semantics of quantum gates in Cartesian array logic. We use s and \(s'\) to denote the quantum state before and after executing the circuit.
Full size table

A H gate, or Hadamard gate, on the k-th qubit transforms a state s to \(s'\) satisfying \(\forall i\in \{0,1\}^{k-1},b\in \{0,1\}, j\in \{0,1\}^{n-k}:\)

$$s'[ibj] = ite (b, \frac{s[i0j] - s[i1j]}{\sqrt{2}}, \frac{s[i0j] + s[i1j]}{\sqrt{2}}).$$

Notice that the amplitude of a basis state of \(s'\) is affected by the amplitude of two basis states of s, enabling a more diverse superposition. The division with \(\sqrt{2}\) is for normalizing the probability sum.

A more advanced class of gates are multiple-qubit gates. The CX gate (“controlled-X”) on the control qubit c and target qubit t applies an X gate to t when c is 1, and is identity otherwise. Formally, assuming \(c<t\), the gate transforms a state s to \(s'\) satisfying \(\forall i_1\in \{0,1\}^{c-1},b_c\in \{0,1\}, i_2\in \{0,1\}^{t-c-1},b_t\in \{0,1\}, i_3\in \{0,1\}^{n-t}:\)

$$s'[i_1b_ci_2b_ti_3] = ite (b_c, s[i_1b_ci_2\bar{b_t}i_3], s[i_1b_ci_2b_ti_3]).$$

The Toffoli gate CCX (“controlled-controlled-X gate”) has two control qubit c, d and applies the X gate to the target qubit t only when \(c=d=1\).

We have introduced enough quantum gates to define the EPR circuit (Fig. 2), named after Einstein, Podolsky, and Rosen for constructing the Bell state, i.e., a 2-qubit circuit converting a basis state \({|{00}\rangle }\) to a maximally entangled state \(\frac{1}{\sqrt{2}}({|{00}\rangle }+{|{11}\rangle })\). Starting from a state s (represented s that maps 00 to 1 and others to 0, the circuit first applies H on the first qubit \(x_1\) (denoted \(H_1\) in this paper) to produce the quantum state \(s'\) with \(s'[00]=s'[10]=\frac{1}{\sqrt{2}}\) and \(s'[11]=s'[01]=0\). Then a \(CX_{1,2}\) converts it further to \(s''\) with \(s''[00]=s''[11]=\frac{1}{\sqrt{2}}\) and \(s''[01]=s''[10]=0\). Notice that \(CX_{1,2}\) converts \({|{10}\rangle }\) to \({|{11}\rangle }\), i.e., when \(x_1\) is 1, it negates \(x_2\).

Note on Complexity. Simulation of a quantum circuit is bounded-error quantum polynomial time (BQP) hard, a complexity class that is incomparable with NP, as it can compute exactly the probability amplitudes of a quantum state after executing a circuit. We will show that the Cartesian array logic can encode the semantics of quantum circuits, so one can also use the logic for quantum circuit simulation. Hence, exponential time is the best deterministic algorithm we can hope for when solving CaAL formulas.

3.2 Interpretation of Quantum Gates

We show the encoding of quantum gates in CaAL in Table 3. Notice that this gate set includes several universal gates (e.g., H, CX, and T [10]) that can approximate any quantum gate to an arbitrary precision requirement. Arbitrary degree rotation can also be supported using the theory of reals as the base theory. This paper presents a precise encoding that only requires a theory of integers. In the figure, we use s and \(s'\) to denote the quantum states (encoded as arrays) before and after executing a quantum gate. To encode \(s'=X_k(s)\), negating the k-th qubit, we use \( proj _k(s', 0) = proj _k(s, 1) \wedge proj _k(s', 1) = proj _k(s, 0)\): index \(k=0\) in \(s'\) equals the case of \(k=1\) in s. The handling of Z, S, and T gates is similar, using the \( map \) function to multiply the array values with different constants. Note that here we use \(\omega \) to represent \(e^{\frac{\pi i}{4}}=\cos \frac{\pi }{4}+i\sin \frac{\pi }{4}=\frac{1}{\sqrt{2}}+\frac{i}{\sqrt{2}}\), the unit vector that is at an angle of \(45^\circ \) to the positive real axis in the complex plane. Later we will show that this representation allows a precise algebraic representation of complex numbers using a five-tuple of integers. Observe that \(\omega ^4=-1\). The Y gate combines the two constructions; it negates the k-th index qubit and multiplies each projection with different constant coefficients. For the H, \(Rx(\frac{\pi }{2})\), and \(Ry(\frac{\pi }{2})\) gates, we use a binary \( map \) function to update the amplitudes. For the controlled gates, we use the projection function to classify the cases according to the control bits and apply the X or Z gate only when all controlled bits are 1.

Example 2

We use CaAL to verify the correctness of the EPR circuit Fig. 2: the circuit transforms the state \({|{00}\rangle }\) to \(\frac{1}{\sqrt{2}}({|{00}\rangle }+{|{11}\rangle })\). For this, the initial state of the circuit is encoded as an array expression, the H and CX gates are encoded according to Table 3, and the intended final state of the circuit is represented as a negated equation:

figure c

The formula is unsatisfiable if and only if the EPR circuit correctly performs the transformation.

Representation of Complex Numbers. To achieve accuracy with no loss of precision, in this paper, when working with \(\mathbb {C}\), we use a subset of the complex numbers that the following algebraic encoding can express (cf. [7, 30, 35]):

$$\begin{aligned} \mathchoice{\Big (\frac{1}{\sqrt{2}}\Big )}{\big (\frac{1}{\sqrt{2}}\big )}{TODO}{TODO}^k (a + b \omega +c \omega ^2 +d \omega ^3 ), \end{aligned}$$
(9)

where \(a,b,c,d,k \in \mathbb {Z}\). A complex number is then represented by a five-tuple (abcdk). Although the considered set of numbers is only a small subset of \(\mathbb {C}\), it is closed under the operations needed to encode quantum gates, and it can arbitrarily closely approximate any complex number. For this, note that (a, 0, c, 0, k) represents \(\frac{1}{\sqrt{2}^k}(a+c\omega ^2)=\frac{a}{\sqrt{2}^k}+\frac{ci}{\sqrt{2}^k}\), and pick suitable a, c, and k. The representation is also sufficient to describe a set of quantum gates that can implement universal quantum computation (Table 3).

Table 4. Tableau proof rules of the decision procedure for CaAL.
Full size table

4 A Decision Procedure for Cartesian Arrays

We now present a decision procedure for quantifier-free CaAL. Our calculus is an extension of the calculus for CAL [11] with rules for the \( proj \) and \( arrayStore \) operations. For the sake of presentation, we use the setting of analytic tableaux [14], although the same proof rules can be used also in a model-constructing calculus [11].

As a simplifying assumption, in this section we furthermore require that the index sorts \(\sigma \) of an array sort \((\sigma ^{n} \Rightarrow \tau )\) represent infinite domains. This assumption can be lifted in the same way as for CAL [11], but the details are orthogonal to the task of supporting the new array operations.

4.1 Preliminaries

A tableau [14] is a finite tree growing downwards, in which each node is labelled with a formula, the root is labelled with the formula to be refuted, and the children of each node are derived from the formulas on the branch leading to the node using one of the available proof rules. We assume a tableau calculus equipped with a set of standard rules [14]: (i) \(\alpha \)- and \(\beta \)-rules for eliminating Boolean connectives \(\wedge , \vee \); (ii) \(\delta \)-rules for eliminating existential quantifiers \(\exists \); (iii) rules for reasoning about positive and negative equalities \(x = y\) between variables, which include rules for closing proof branches; (iv) rules implementing a decision procedure for the base theory \(T_B\).

Our calculus operates on flat formulas, which are formulas in which functions f only occur in equations \(y = f(\bar{x})\) in positive positions, i.e., underneath an even number of negations, with \(y, \bar{x}\) being variables. Every formula can be converted to a flat formula by introducing a linear number of new variables.

We define proof rules using the following notation:

figure d

The rule is applicable if the premises \(\phi _1, \ldots , \phi _k\) occur on a proof branch, and has the effect of expanding the tableau: the proof branch is split into m new branches, to which the formulas \(\psi _1, \ldots , \psi _m\), respectively, are appended.

In the premises of a rule, we frequently include assumptions \(x \sim y\) that require that the equality \(x = y\) follows from positive equalities between variables on the proof branch. We also use premises \(x : \sigma \), stating that x is a variable of sort \(\sigma \) occurring on the proof branch.

4.2 Proof Rules

The rules of our calculus are shown in Table 4. The rules \(\textsf{idx}, \textsf{K}\!\Downarrow , \textsf{store}\!\Downarrow , \textsf{store}\!\Uparrow , \textsf{map}\!\Downarrow , \textsf{map}\!\Uparrow \) coincide with the rules used for CAL [11], and define the semantics of the operators \(K, store \), and \( map \). Extensionality is implemented by the rule \(\textsf{ext}\), which can be applied for any two array variables ab of the same type occurring on a branch.

The semantics of \( proj \) and \( arrayStore \) is defined, in a similar way as for \( store \), by upward and downward propagation of array reads. Since \( arrayStore _{k}(b, j, c)\) combines two arrays bc into a single new array, downward propagation has to route reads either to b or to c. Upward propagation from c is always possible, while reads on b can only be propagated if they are not overwritten by c.

For sake of presentation, we write the conclusion in the rules \(\textsf{map}\!\Downarrow , \textsf{map}\!\Uparrow \), and \(\textsf{ext}\) in non-flat form, and assume that the transformation to a flat formula happens implicitly by adding existentially quantified variables representing the sub-terms.

Congruence reasoning is necessary only for array reads, and implemented using the rule \(\textsf{readConq}\). For simplicity, in our formulation the rule splits over the cases \(\bar{i} \not = \bar{j}\) and \(\bar{i} = \bar{j}\), and effectively searches for an arrangement of the index variables satisfying a formula. An actual implementation could rely on equality propagation being performed by a theory combination procedure.

As one of the more tricky points, the completeness of the calculus sometimes requires new array reads to be generated. This aspect is covered by the rules \(\epsilon _{\not \simeq }\) and \(\epsilon \delta \) in CAL [11], which are rules that can, however, not directly be used in our setting of multi-dimensional arrays. To obtain completeness, our calculus sometimes has to construct reads by combining different index variables occurring on a branch, and sometimes invent index values that are distinct from all indexes occurring in a formula. The introduction of corresponding new reads is handled by the rules \(\textsf{freshIdx}\) and \(\textsf{read}\).

Example 3

Consider arrays \(a, b : (\mathbbm {Z}^2 \Rightarrow \mathbbm {Z})\), and the formulas

$$\begin{aligned} proj _{1}(a, i) = K(42) \wedge proj _{2}(a, j) = K(43) \end{aligned}$$
(10)
$$\begin{aligned} a = K(42) \wedge b = store (a, (i, i), 43) \wedge proj _{1}(b, i) = K(43) \end{aligned}$$
(11)

Both formulas are unsatisfiable, but cannot be refuted using the rules discussed so far. In (10), no reads \(a[\cdots ]\) exist, so that no propagations can be performed by any of the rules. It is necessary to identify the constraints on the value a[ij] as contradictory. The rule \(\textsf{read}\) can be used to introduce a new formula \(\exists v.\; v = a[i, j]\) on a proof branch, after which the rules \( proj \!\Uparrow \) and \(\textsf{K}\!\Downarrow \) can be applied.

To show that (11) is unsatisfiable, we need to consider a point (ij) with \(j \not = i\) and derive that \(a[i, j] = b[i, j] = 42\), and contradicting \( proj _{1}(b, i) = K(43)\). The introduction of a fresh index value j (different from i) is handled by the rule \(\textsf{freshIdx}\), which relies on the index sort \(\sigma \) representing an infinite domain. Once the existence of an index \(j \not = i\) has been asserted, the rule \(\textsf{read}\) can be used to introduce an equation \(v = a[i, j]\), and the contraction be derived.

4.3 Correctness and Complexity

Theorem 3

The presented tableau calculus is sound and complete for flat quantifier-free CaAL formulas: there is a closed tableau for a formula \(\phi \) if and only if \(\phi \) is unsatisfiable.

Proof

Soundness: As usual, we identify each proof branch with the conjunction of its formulas and a tableau with the disjunction of its proof branches. It can be shown that the tableau before expansion using a proof rule is equi-satisfiable to the tableau before the expansion, modulo the array axioms in Table 2.

Completeness: We make the simplifying assumption that \(\phi \) only contains arrays with (infinite) index sort \(\sigma \) and value sort \(\tau \), and in particular that array sorts are not nested. Completeness for the general case follows by recursively applying model construction.

Consider then the systematic construction of a tableau for a formula \(\phi \) by exhaustively applying proof rules under the following restrictions: (i) regularity, i.e., rules are only applied if they lead to new formulas being added to each generated branch; (ii) rule \(\textsf{freshIdx}\) can only be applied once on a branch, only after \(\textsf{ext}\) has been applied to all pairs ab of array variables on the branch, and choosing \(i_1, \ldots , i_k\) as the set of all variables of sort \(\sigma \) on the branch.

Observe that this systematic application of rules terminates: the calculus never introduces new array variables so that only finitely many applications of \(\textsf{ext}\) are possible. Note that \(\textsf{ext}\) and \(\textsf{freshIdx}\) are the only rules introducing new index variables. Since \(\textsf{freshIdx}\) is applied at most once on a branch, the set of index variables is bounded, and there is only a bounded number of array reads \(v = a[\bar{i}]\).

Assume now that a tableau for \(\phi \) cannot be closed, i.e., has at least one branch B that cannot be closed, although all possible rule applications have been performed. We extract a model of \(\phi \) from B. Suppose that \(M_T=(D_T,I_T)\) is a model that interprets the non-array-variables (including index variables), satisfying all literals on B that do not contain array variables, and denote the equivalence class of an array variable a on B by \([a] = \{ b \mid a \sim b \}\). Extending \(I_T\), we construct an interpretation I with \(I((\sigma ^{n} \Rightarrow \tau )) = I_T(\sigma )^n \rightarrow I_T(\tau )\) being a function space, and the theory functions \(\cdot [ \cdot ], store , K, map _f, proj \) and \( arrayStore \) having their expected meaning. I is constructed in such a way that all array literals on B are satisfied; the satisfaction of compound formulas on B, and in particular of \(\phi \), then follows like in the standard Hintikka construction [14].

The interpretation I(a) of an array variable \(a : (\sigma ^{n} \Rightarrow \tau )\) is derived from the array reads on [a] occurring on B. The main difficulty is to consistently interpret the (infinitely many) elements of the array that are not mentioned explicitly on B. For this, denote the index variable introduced by the unique \(\textsf{freshIdx}\) application on B by \(\epsilon \), and observe that its value \(I_T(\epsilon )\) is distinct from the value of all other index variables. We will use values read from \(I_T(\epsilon )\)-locations as default values for the arrays. Let

$$\begin{aligned} R_a = \{ (\langle I_T(i_1), \ldots , I_T(i_n) \rangle , I_T(v)) \mid v = b[\bar{i}] \text { occurs on } B \text { and } a \sim b\} \end{aligned}$$

be the set of array reads for \(a : (\sigma ^{n} \Rightarrow \tau )\). The relation \(R_a\) describes a non-empty, consistent (but partial) valuation of the array elements, due to the exhaustive application of rules \(\textsf{read}\) and \(\textsf{readCong}\).

The gaps in \(R_a\) will be filled with default values introduced by \(\epsilon \). For this, we define a precedence ordering \(\preceq \;\subseteq I_T(\sigma )^* \times I_T(\sigma )^*\) over index vectors; intuitively, \(\bar{c} \preceq \bar{d}\) if \(\bar{c}\) and \(\bar{d}\) agree in all components, unless \(d_k = I_T(\epsilon )\), which is interpreted as don’t-care:

$$\begin{aligned} \langle c_1, \ldots , c_k \rangle \preceq \langle d_1, \ldots , d_m \rangle \text { iff } k = m \text { and } \forall i \in \{1, \ldots , k\} :~ c_i = d_i \vee d_i = I_T(\epsilon ) \end{aligned}$$

The value of array variable \(I(a) \in I((\sigma ^{n} \Rightarrow \tau ))\) is then:

$$\begin{aligned} I(a) = \left\{ (\bar{c}, x) \mid \begin{array}{l} (\bar{d}, x) \in R_a, \text { where } \bar{c} \preceq \bar{d} \\ \text {and for all } (\bar{d}', x') \in R_a: \text { if } \bar{c} \preceq \bar{d}' \text { then } \bar{d} \preceq \bar{d}' \end{array}\right\} \end{aligned}$$

To see that I(a) is functionally consistent, note that whenever \((\bar{d}, x)\) and \((\bar{d}', x')\) exist in \(R_a\) such that \(\bar{c} \preceq \bar{d}\) and \(\bar{c} \preceq \bar{d}'\), then there is also some \((\bar{d}'', x'') \in R_a\) such that \(\bar{c} \preceq \bar{d}'' \preceq \bar{d}, \bar{d}'\). This is because the rule \(\textsf{read}\) has been applied exhaustively.

It remains to be shown that I satisfies all array literals. By construction, equations \(a = b\) will be satisfied. To see that equations \(v = a[\bar{i}]\) hold, note that \(I(a) \supseteq R_a\). Equations \(a \not = b\) are satisfied due to the exhaustive application of \(\textsf{ext}\): there has to be some vector \(\bar{i}\) of index variables such that \(a[\bar{i}] \not = b[\bar{i}]\).

All other array literals are positive equations of the form \(x = f(\bar{y})\), and hold because exhaustive propagation of read atoms was performed. As an example, consider an equation \(a = proj _{k}(b, j)\); it has to be shown that \(I(a) = \{ (\langle c_1, \ldots , c_{k-1}, c_{k+1}, \ldots , c_n\rangle , x) \mid (\bar{c}, x) \in I(b), c_k = I_T(j) \}\). Observe that \(R_a = \{ (\langle c_1, \ldots , c_{k-1}, c_{k+1}, \ldots , c_n\rangle , x) \mid (\bar{c}, x) \in R_b , c_k = I_T(j) \}\) due to the rules \( proj \!\Downarrow \) and \( proj \!\Uparrow \). Consider then a point \((\bar{c}, x) \in I(a)\), defined by \((\bar{d}, x) \in R_a\), and the corresponding index vectors \(\bar{c}' = \langle c_1, \ldots , c_{k-1}, I_T(j), c_k, \ldots , c_{n-1}\rangle \) and \(\bar{d}' = \langle d_1, \ldots , d_{k-1}, I_T(j), d_k, \ldots , d_{n-1}\rangle \) in \(R_b\), and show that \((\bar{c}', x) \in I(b)\) is defined by \((\bar{d}', x) \in R_b\).    \(\square \)

The proof of the theorem highlights the restrictions necessary to obtain a decision procedure for CaAL: all rules should be applied under the condition of regularity, and the rule \(\textsf{freshIdx}\) has to be restricted to at most one application per branch, and only after applications of \(\textsf{ext}\) have been performed.

To evaluate runtime, like in the proof of Theorem 3 we make the assumption that there are no nested array sorts, i.e., index and value sorts are themselves not arrays. To avoid degenerate cases when evaluating runtime, we assume that a formula \(\phi \) cannot be smaller than the maximum arity of occurring array variables. We then get:

Lemma 1

The satisfiability problem of quantifier-free CaAL formulas \(\phi \) without nested array sorts is in NEXPTIME, assuming that the satisfiability problem of the base theory is in NP.

Proof

This follows from the proof of Theorem 3. On every branch, the rule \(\textsf{ext}\) can be applied at most quadratically often, and the number of index variables occurring on a branch is polynomial in the size of the input formula \(\phi \). The number of distinct read atoms \(v = a[\bar{i}]\) that can be introduced on a branch, and therefore the number of rule applications altogether is then polynomially bounded by the number of variables in \(\phi \), and exponentially bounded in the maximum arity of array variables in \(\phi \). After exhaustive application of the rules in Table 4, solving an at most exponential number of base theory formulas (with at most exponential size) on a branch is in NEXPTIME.    \(\square \)

4.4 Optimizations

The calculus and decision procedure are primarily designed with simplicity in mind, rather than focusing on practical efficiency. Although the procedure’s complexity may not be reduced below NEXPTIME, incorporating various optimizations can yield significant practical improvements. Two obvious improvements to be considered are: (i) The detection of linear array variables, which are essentially variables that are assigned to at most once in array literals [11]. It is enough to perform upward propagation (rules \(\Uparrow \)) only for non-linear variables. (ii) The restriction of the number of reads introduced using the rule \(\textsf{read}\). In practice, only a few of the generated equations are actually needed to ensure completeness. Instead of generating all possible reads eagerly, a procedure could focus on the other rules first, and only introduce additional reads when it is detected that default values are missing for some sub-arrays. We believe that other refinements presented in [11] can be carried over to our decision procedure as well.

Table 5. Experimental results. We list the circuit name, the number of qubits and gates in the circuit, the verification result, and the execution time.
Full size table

5 Preliminary Experimental Result

We have implemented the decision procedure proposed for CaAL, the encoding of quantum gates using array operations, and of complex numbers as five-tuples of integers in the SMT solver Princess [26]. The implementation is still a proof of concept and largely unoptimized, so that the results reported in this section should be considered preliminary. We evaluate the performance of CaAL based on a set of benchmarks for quantum circuit verification. All experiments were conducted on a server with an AMD EPYC 7742 64-core processor (1.5 GHz), 1,152 GiB of RAM, and a 1 TB SSD running Ubuntu 20.04.5 LTS but were run with only one core for the sake of fairness. Files to reproduce the experiment can be found in https://zenodo.org/record/7970588. The experimental results are shown in Table 5. Specifically, we tested four different verification problems with different circuit sizes.

  • H\(^2\): Two consecutive H gates equal to identity.

  • BV: The (complex) amplitudes of the output quantum state from a Bernstein-Vazirani’s [4] circuit have no imaginary parts.

  • Grover\(_{\text {XXX-Comp}}\): The Grover’s [17] circuit has a probability of \(90\%\) to find the correct answer.

  • Grover\(_{\text {XXX-Iter}}\): Each Grover iteration [17] increases the possibility of finding the correct answer.

For Grover’s algorithm, XXX = Single means we check the correctness of the circuit against a specific oracle, and XXX = All means we check against all possible oracles. We manually injected two bugs (by altering one gate) into two examples to demonstrate bug-catching capability. With a timeout of 60min, our implementation can analyze circuits with at most 7 qubits and at most 85 gates, which are still relatively small circuits. Analyzing the results, we discovered that, in particular, the H gates used to create a superposition state at the beginning of a circuit are challenging for the array decision procedure, as they lead to an exponential number of array reads being created.

6 Conclusions

We have presented CaAL, an expressive logic of extensional arrays, with operations for reading and storing values, creating constant arrays, a point-wise extension of functions on array values to arrays, projection of arrays, and updating array slices. We have established that checking the satisfiability of quantifier-free CaAL formulas is NEXPTIME-complete, for a base theory in NP and non-nested arrays. The root cause for the complexity of CaAL (as opposed to the NP complexity of CAL and the standard theory of arrays) is that formulas can be constructed in which a cell in one array has dependencies to an exponential number of cells in another array. In our decision procedure, such situations lead to an exponential number of reads generated during propagation. High degrees of dependency are typical, however, for quantum circuits.

We believe that CaAL is a suitable framework for reasoning about quantum circuits. Due to the expressiveness of the logic, the encoding of quantum gates becomes remarkably succinct and elegant (Table 3), and easily understandable both for researchers in quantum circuit verification and people in automated reasoning. While theoretically optimal, we consider the decision procedure proposed for CaAL only as a first step: the high complexity of CaAL implies that brute-force approaches like saturation are unlikely to scale to interesting instances. As future work, we therefore plan to explore the use of abstraction methods and of more succinct array representations in the decision procedure, thus making it possible to exploit the highly structured nature of typical quantum circuits in the solving process. We also plan to investigate whether interesting fragments of CaAL with lower complexity can be identified.