Classical STE assertion viewed as path:
Want choice, unbounded (finite) length, etc. E.g., delay between write and read. 
GSTE Assertion Graphs

GSTE Assertion Graph:
Combines STE assertions and ∀-automata:
STE Usability: Natural, like a timing diagram STE Efficiency: Model checker exploits structure ∀-Automata Usability:
Reasoning about Assertion Graphs
Assertion graphs are a new spec formalism.
To verify large designs, need reasoning tools. GSTE lacks even very basic operations: Assertion graph implication:
Model check circuit C 0 |= G 2 , assuming G 1 . Want to exploit efficient GSTE model checking.
Assertion graphs are a new spec formalism. To verify large designs, need reasoning tools. GSTE lacks even very basic operations:
Assertion graph implication: One edge guesses C 1 rejects on that cycle. Other edge guesses C 1 accepts on that cycle. Consider only paths ending on accepting edges.
Proof Sketch
1-1 correspondance between original paths and new paths that guess correctly. Paths that guess wrong are ignored.
(antecedent failure) Only paths where C 1 accepts matter.
(Technicality: G 2 also takes care of initializing C 1 .)
GSTE under an Assumption
Check whether circuit
Basically, check the behaviors of C 0 against the assertion graph G 2 , but consider only the behaviors that obey G 1 .
GSTE w/ Assumption: Solution
The same trick works! Build monitor circuit C 1 from G 1 . Connect C 1 to C 0 as a non-interfering monitor. Call combined circuit C 01 . Modify G 2 into G 2 as before.
Same proof idea...
Example: Decomposing a Property
Verifying an industrial memory unit using assertion graph: 
