Skip to content

Qualtran-L1: Objectstrings#1823

Merged
mpharrigan merged 14 commits intoquantumlib:mainfrom
mpharrigan:2025-07/l1-objectstring
Mar 9, 2026
Merged

Qualtran-L1: Objectstrings#1823
mpharrigan merged 14 commits intoquantumlib:mainfrom
mpharrigan:2025-07/l1-objectstring

Conversation

@mpharrigan
Copy link
Copy Markdown
Collaborator

@mpharrigan mpharrigan commented Mar 2, 2026

Qualtran defines bloq classes, but we need to provide compile-time classical parameters to instantiate those into bloq objects.

In principle, arbitrary Python values can be used as classical parameters, as long as they are immutable and hashable. For a human readable intermediate representation, qualtran.l1 implements a limited serialization syntax called objectstrings that roughly mimics standard Python object instantiation.

image

@review-notebook-app
Copy link
Copy Markdown

review-notebook-app Bot commented Mar 2, 2026

Check out this pull request on  ReviewNB

See visual diffs & provide feedback on Jupyter Notebooks.

Powered by ReviewNB

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Mar 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces objectstrings, a new serialization format for bloq classical parameters, along with the necessary parsing and evaluation infrastructure in a new qualtran.l1 package. A developer tool to generate a manifest of all bloqs using this format is also included. However, the implementation is vulnerable to insecure deserialization, which could lead to Remote Code Execution (RCE) if the 'safe' mode is disabled. The parser and evaluator also lack limits on nesting depth and array size, making them susceptible to Denial of Service (DoS) attacks via recursion depth exhaustion and memory exhaustion. Furthermore, a critical bug in the string parsing logic has been identified that could lead to incorrect behavior when handling strings with special characters.

Comment thread qualtran/l1/_eval.py
Comment thread qualtran/l1/_parse.py
Comment thread qualtran/l1/_parse.py
Comment thread qualtran/l1/_parse.py
Comment thread qualtran/l1/_eval.py
@mpharrigan mpharrigan merged commit 99fe289 into quantumlib:main Mar 9, 2026
9 checks passed
@mpharrigan mpharrigan mentioned this pull request Mar 9, 2026
Merged
mpharrigan added a commit that referenced this pull request Mar 16, 2026
@mpharrigan
Bloq namespacing and display (__str__) updates. (#1825)
857d6b5 
As part of #1824 , I want to be better about our convention for
importing bloqs and `__str__` representations in the qualtran standard
library (i.e. `qualtran.bloqs`). There's no additional restriction on
custom, user-authored bloqs. These changes make sure:

- bloqs are generally imported "one level up" from their file. e.g.
`ControlledAddOrSubtract` is defined in
`qualtran/bloqs/arithmetic/controlled_add_or_subtract.py` but it prefers
to be imported from `qualtran.bloqs.arithmetic`. This is codified in the
(existing) default `_pkg_(cls) -> str` classmethod. You can override it
if you want something different.
- The `__str__` representation looks like an object string (cc #1823).
This PR removes some special symbols in favor of more Python-looking
strings.

note that this causes more bloq examples to be loadable (visible in the
re-generated manifest)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

bloq_infra

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mpharrigan