Be careful with don't cares

It is commonly expected that any correct implementation can replace its specification inside a larger design without violating the correctness of the whole design. This property (called replaceability) is automatically satisfied in the absence of don't cares because correctness' by definition implies that specification and implementation compute the identical function. However, don't cares allow an implementation to compute a different function, and thus make it difficult to ensure replaceability. Whether this problem occurs depends on the exact meaning of don't care' and the associated definition of correctness'. We will consider three meanings of don't care' and for each give conditions under which correct implementations may replace their specifications.