A Faithful Semantics for Generalised Symbolic Trajectory Evaluation

Generalised Symbolic Trajectory Evaluation (GSTE) is a high-capacity formal verification technique for hardware. GSTE is an extension of Symbolic Trajectory Evaluation (STE). The difference is that STE is limited to properties ranging over finite time-intervals whereas GSTE can deal with properties over unbounded time. GSTE uses abstraction, meaning that details of the circuit behaviour are removed from the circuit model. This improves the capacity of the method, but has as down-side that certain properties cannot be proven if the wrong abstraction is chosen. A semantics for GSTE can be used to predict and understand why certain circuit properties can or cannot be proven by GSTE. Several semantics have been described for GSTE by Yang and Seger. These semantics, however, are not faithful to the proving power of GSTE-algorithms, that is, the GSTE-algorithms are incomplete with respect to the semantics. The reason is that these semantics do not capture the abstraction used in GSTE precisely. The abstraction used in GSTE makes it hard to understand why a specific property can, or cannot, be proven by GSTE. The semantics mentioned above cannot help the user in doing so. So, in the current situation, users of GSTE often have to revert to the GSTE algorithm to understand why a property can or cannot be proven by GSTE. The contribution of this paper is a faithful semantics for GSTE. That is, we give a simple formal theory that deems a property to be true if-and-only-if the property can be proven by a GSTE-model checker. We prove that the GSTE algorithm is sound and complete with respect to this semantics. Furthermore, we show that our semantics for GSTE is a generalisation of the semantics for STE and give a number of additional properties relating the two semantics. 1998 ACM Subject Classification: B.6.3, F.3.2, F.4.3.