Is a formal specification complete ?

- Does it fully-define an actual implementation (this is overly restrictive) ?
- Does it exactly prescribe all allowable, observable behaviours ?

By `formal' we mean a machine-readable description of what is correct
or incorrect behaviour. A **complete** specification might describe all allowable
behaviours and prohibit all remaining behaviours, but most formal definitions
today are not complete in this sense. For instance, a definition that consists of
a list of safety assertions and a few liveness assertions might still allow all
sorts of behaviours that the designer knows are wrong. He can go on adding
more assertions, but when does he stop ?

One might define a 'complete specification' as one that describes all observable behaviours. Such a specification does not restrict or prescribe the internal implementation in black box terms since this is not observable.

When evaluating an assertion-based test program for an IP block, we can compute assertion coverage in many ways: e.g. What percentage of rule disjuncts held as dominators (on their own) ?

Or, e.g. What percentage of reachable state space was spanned?

7: (C) 2008-13, DJ Greaves, University of Cambridge, Computer Laboratory. |