完整一组属性的生成 (Generation Of A Complete Set Of Properties)

One of the problems of formal verification is that it is not functionally complete due the incompleteness of specifications. An implementation meeting an incomplete specification may still have a lot of bugs. In testing, this issue is addressed by replacing functional completeness with $\mathit{structural}$ one. The latter is achieved by generating a set of tests probing every piece of a design implementation. We show that a similar approach can be used in formal verification. The idea here is to generate a property of the implementation at hand that is not implied by the specification. Finding such a property means that the specification is not complete. If this is an $\mathit{unwanted}$ property, the implementation is buggy. Otherwise, a new specification property needs to be added. Generation of implementation properties related to different parts of the design followed by adding new specification properties produces a $\mathit{structurally}$-$\mathit{complete\:specification}$. Implementation properties are built by $\mathit{partial\: quantifier\:elimination}$, a technique where only a part of the formula is taken out of the scope of quantifiers. An implementation property is generated by applying partial quantifier elimination to a formula defining the "truth table" of the implementation. We show how our approach works on specifications of combinational and sequential circuits.

翻译：正式核查的一个问题是,由于规格不完善,其功能不完整。执行规格不完全, 可能仍然有许多错误。在测试中, 解决这个问题的方法是用$\ mathit{ sequal} $ 来替换功能完整性。后者是通过生成一套测试来测试每个设计执行的每个部分来实现的。我们显示, 在正式核查中可以使用类似的方法。这里的想法是生成当前执行的属性, 而该规格不包含该规格。找到这样的属性意味着规格不完全。如果这是一个 $\ mathit{ unted} $ 属性, 则执行是错误的。否则, 需要添加新的规格属性。生成与设计的不同部分相关的属性, 添加新的规格属性后产生一个 $\ mathatt{ structural}- commatitt{ { complectration} $。执行属性由 $\\ taditititt: quitelection}$, 一种技术, 只能将公式的一部分用于“ 我们的公式的公式的公式执行范围。 ”