The use of scan test patterns, generated at the gate level with automatic test pattern generation (ATPG) tools in design simulation, was proposed in our previous work to improve verification quality. A drawback of this method is the potential presence of illegal (or unreachable) states (ISEs) causing unwanted behavior and false error detection in the verification process. In this brief, we present a new automated tool that helps overcome this problem. The tool extracts functional constraints at the register transfer level on a VHDL description (it can be easily adapted to any other hardware description language). The constraints extracted are used in the ATPG process to generate pseudofunctional scan test patterns which avoid the ISEs. The whole verification environment incorporating the proposed tool is presented. Experimental results show the tool impact on the reduction of false error detection in verification. In addition, it shows the verification quality improvements with the proposed environment in terms of coverage, time, and complexity.
I. INTRODUCTION
Functional verification is an increasingly important step in IC design. As hardware complexity continues to follow Moore's law, verification complexity is also becoming even more challenging, with verification now estimated to be taking 50%-70% of the total time of a project [2] . In [1] , we introduced a new automated verification environment, it explores a test/verification combination, namely the use of structural (scan) test patterns generated by an automatic test pattern generation (ATPG) tool, in the simulation-based verification process. Results obtained by applying this methodology have confirmed its potential in terms of verification coverage and time improvements. However, in cases where the design under verification (DUV) and the reference model have different coding styles, some false errors may be detected. This can happen because a part of the state spaces of (sequential) ICs is functionally unused. Such states have been categorized as illegal states (ISEs); hence, when the generated test patterns used in the simulation correspond to an ISE, with the DUV and the reference model having different coding styles, the patterns may behave differently, inducing false error detection. To overcome this problem, we need to avoid ISEs, and therefore use test vectors that are close to functional vectors, sometimes called pseudofunctional tests. In pseudofunctional testing, a common method is to represent functional states or ISEs as functional constraints. These functional constraints help the ATPG tool producing more functional like test patterns. Let us consider the example in Fig. 1 design, and avoid ISEs, {10…15}, we define a Boolean constraint C as follows: C = c_s (3) .c_s (1) or c_s (3) .c_s (2) and we simply add the constraint C = 0 to the ATPG process when generating the test vectors. Thus, the set of test vectors generated will not contain the illegal values of c_s.
In this brief, we propose a new methodology for functional constraint extraction at the register transfer level (RTL). The end result of this brief is an automatic tool that performs hardware description language (HDL) parsing and analysis for legal states computation and functional constraints generation. This tool will be incorporated in the verification environment developed in [1] .
This brief is organized as follows. Section II presents some prior work. Section III describes the proposed VHDL parsing expression grammar (PEG). Section IV presents the proposed methodology. The complete verification environment is shown in Section V. Experimental results are presented in Section VI, and finally, several remarks complete this brief.
II. PREVIOUS WORK
Many techniques have been developed for functional test generation, with most focusing on constraining the ATPG according to design functionality. Work has been carried out in extracting functional constraints and ISEs at gate-level [6] , [7] , [10] , [11] , and in RT-level designs [8] , [12] - [16] . Some techniques at the gate level [6] , [7] , [10] are based on structural design analysis and equation solving. Lu et al. [6] , [7] use a sequential Boolean satisfiability SAT solver to justify whether a state is illegal. While theoretically, the SAT solver is able to find almost all unreachable states in a circuit, its computational complexity is extremely high [9] . Zhang et al. [10] propose an implication-based technique that generally involves complex analysis and computation. Some other gate-level techniques use simulation to identify ISEs [11] , these techniques used in sequential ATPGs are not practically viable for today's large ICs due to their extremely highcomputational complexity. In addition, their results are not always reliable since some legal noncovered states can be considered as ISEs. Extracting functional constraints at the RT level has the clear potential of reducing gate-level limitations. Giomi [8] presents a technique for RT-level finite-state machine (FSM) extraction, which extracts implicit and explicit sequential behaviors from a directed, cyclic, and nonseries/control flow graph. Thus, the extraction cannot be directly applied on the HDL code, but rather, on the directed graph representing the design (assuming that such a graph is already extracted). Automatic functional constraint extraction from VHDL 1063-8210 © 2014 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information. RTL using a tool called ATKET was proposed in [12] . One of the drawbacks of this method is that the test generation system must be custom designed. A novel functional test generation method was published in [13] and [14] , the extraction is automated with a tool called FALCON. However, it targets one module at a time, and thus the constraints due to structural connections and module hierarchy are modeled through the synthesis of the surrounding logic of each module, which may prove to be very complex. Therefore, a modified approach [15] , [16] was suggested, in which the constraints were hierarchically extracted and composed to provide the toplevel functional constraints. This involves many stages of analysis at different hierarchical levels, resulting in a time-consuming and complex methodology. In the following sections, we introduce a new automatic tool for functional constraint extraction. The tool is applied on an RTL model (VHDL), and can be expanded to any other HDL. The automation of the process, as well as the choice of the RT level for design analysis, minimize the complexity of the proposed methodology and make it suitable for large complex designs.
III. VHDL PARSING EXPRESSION GRAMMAR
The VHDL design, on which the proposed method is applied, is read, processed and analyzed to compute legal states and build functional constraints. This section describes the proposed VHDL PEG, on which the proposed syntactic and lexical analyses are based. For this purpose, we consider the VHDL example in Fig. 2 ; it is an implementation of the example given in Fig. 1 .
A PEG is a recognition-based formal foundation for language syntax. It describes the language syntax in terms of a set of rules [17] . A VHDL PEG was defined in [18] , but the grammar was not complete, as it did not cover different condition constructs and overlaps as well as design hierarchy. Based on the definition in [18] , we developed a more complete VHDL PEG described as follows.
1) = [keywords, symbols ('<=', '('…), operators]. In Fig. 2 cover the identification of the case constructs, the if and case overlaps, the when and with select constructs, and the component instantiation and port mapping. Therefore, the analysis performed based on the proposed VHDL PEG, is able to identify the majority of VHDL constructs except user defined types as well as subtypes, files, and loop constructs.
IV. PROPOSED METHODOLOGY
In this section, we present the proposed methodology for functional constraint extraction based on legal state identification. Here, it is important to specify that we consider two types of states: the high abstraction level state (HLS) and the low abstraction level or RTL state (simply called state in the rest of this brief) related to the state signals. We define a high-level state as the set of RTL state signal assignments associated with particular conditions within a process. Thus, if for a given condition, the value of a counter (state signal) is incremented, then the HLS contains all the possible values that this counter can have, but each incremented value of this same counter is considered as an RTL state. The resulting HLS corresponding to circuit in Figs. 1 and 2 are given in Fig. 3 . Working with HLS instead of RTL states minimizes the computation complexity and time. Instead of computing the corresponding results for each unique state value and each possible combination, which may increase the procedure time and complexity, we compute ranges of state signal values that can occur at the same time, defining an HLS. Fig. 4 shows the proposed approach and the related developed tool. This tool is automated, and the codes for these steps are written in Perl. This whole procedure can be described in five basic steps: 1) VHDL parsing and identification; 2) module legal HLS extraction; 3) design hierarchy analysis; 4) design legal HLS extraction; and 5) functional constraint extraction. The following will describe every step of the procedure in detail, and present the final results when applied on the VHDL, as shown in Fig. 2 . Note that detailed intermediate results are presented in [24] and [26] .
A. VHDL Parsing and Identification
Our first step in the methodology is a VHDL parsing and identification, which corresponds to a lexical and syntactic analysis of the VHDL code that helps identify different VHDL statements. The parsing is done line by line, based on the proposed VHDL PEG. The tool reads the HDL line and translates it into a stream of tokens: each token is a sequence of characters representing a symbol, such as an identifier, an operator, and so on. Therefore, based on the VHDL PEG finite set of parsing rules and the sequence of tokens, each statement is identified in its context, and corresponding data and dependencies are extracted and stored in the corresponding statement representation.
These data are used at several levels of the proposed methodology. During this step, initial state signal values are computed and the HLS sets are initially identified. Fig. 5 shows the VHDL parsing and identification step.
B. Module Legal HLS Extraction
The second step of our methodology consists of extracting the set of legal HLS values for each module in the design. The computation is done by evaluating all the identified conditions and signal assignment operations. In this methodology, we consider that the state encoding during synthesis is done linearly with the state values. In this subsection, we will describe the operation evaluation process. The procedure implementations used for the module legal HLS extraction is described in [24] .
1) Operation Evaluation: A VHDL operation consists of a set of arithmetic or logical operators whose inputs can be signals, variables, or constants. An operation on N different signals x j can be modeled as a function f as follows:
f (a 1 X 1 , . . . , a j X j , . . . , a N X N ), with j ∈ {1 . . . N} and a j = cte;
1) the function f corresponds to the set of operators;
2) the inputs of the function correspond to the operands; 3) the domain (D) of the function corresponds to the set of ranges of operand values
where j ∈ {1 . . . N} and a j = 0; 4) the range R of f is the set of all resulting outputs
(2)
Here . The function f and its inputs x j are extracted in the previous step. As for the domain, it is initially set to the initial state signal values (LV 0 ) computed based on the respective signal types, and is updated with every condition evaluation.
2) HLS Computation: As mentioned earlier, an HLS is the set of state signal ranges of values that can appear simultaneously in the design under the same conditions. It corresponds to the values extracted from signal assignments, under the same conditions, as well as the actual condition values. Each HLS is, therefore, characterized by its constraints that consist of the set of conditions, and its effects that consist of the signal assignments under these conditions. Each HLS S id_hlstate identified during VHDL parsing has a set of assigned operations that can be grouped into two categories. a) Condition Operations: An operation in a condition statement can be described as: if (signal cond_operator operation). These operations model the state signal constraints; it models the HLS domain (D id_hlstate ), which is the domain of all the operations occurring in the same HLS. b) Signal Assignment Operations: An operation in a signal assignment can be described as: signal <= operation. These operations must be evaluated based on the corresponding HLS domain D id_hlstate . To compute the set of legal HLS values, we execute the following steps for each HLS. a) Compute its domain D id_hlstate by evaluating all conditions defining the HLS. This can be done by first evaluating the operation occurring in a condition, and then inferring the range 
where k ∈ [1, N] is the number of constrained signals in S id_hlstate . b) Evaluate all signal assignments based on the computed domain D id_hlstate . The resulting values are used to build Q id_module : set of legal HLS values of the module. Table II shows the resulting legal HLS of the example in Fig. 2 .
C. Design Hierarchy Analysis
The reachable state space of a module is defined not only by its behavior but also by its interface with the rest of the design. The third step in the process is a hierarchy analysis that is performed in two steps.
1) Module Connectivity Analysis: During syntactic and lexical analyses, port mapping is examined and connections with other instances are detected. Design hierarchy borders are crossed to take upper-level and lower-level instances into account. A data structure is built, where each instance is defined with its hierarchy level, its input dependencies as well as its output dependencies. 2) Flatten Model Built: A flatten model is built to represent direct relations among instances (see [26] for more details).
D. Design Legal HLS Extraction
To compute the final design set of legal HLS values, we need to combine the set of legal HLS of all the instantiated modules while considering instance connections and dependencies. The combination process is carried out based on the flatten model of the design that shows explicitly the instance dependencies and connections. All combined sets are built based on instance connections while respecting HLS dependencies and avoiding having ISEs built as follows: For each pair of connected instances (A and B) , we compute the resulting combined set of legal HLS values whose constraints may be narrowed, as compared with the initial sets. Once the whole set Q (A, B) is extracted, it will be combined to HLS sets of other instances that are connected to A and/or B. The process continues until all instances of the design have been checked. The resulting set of the whole process models the legal HLS values of the entire design, the detailed procedure is described in [24] and [26] .
E. Functional Constraint Extraction
Our objective is to construct one large functional constraint that models the design. To respect the ATPG tools requirements, the functional constraint should be a Boolean formula over signal nets, which is a list of Boolean operations involving several literals, with a literal being either a variable involved in the function or its negation. This is true for most commercial ATPG tools as well. Otherwise, if the ATPG expects a different syntax, our tool can easily be adapted to produce the corresponding output. After extracting the legal HLS set of the design, we proceed to constraint extraction. We first extract, from each legal HLS value, a constraint called the HLS constraint, which is a conjunction of individual constraints whose literals are the state signal bits. The following is an example of an individual constraint corresponding to the S 0 of the example in Fig. 2 C = c_s 0 , c_s 1 , c_s 2 , c_s 3 , in1.
Afterwards, we construct the global constraint, which is a disjunction of all the HLS constraints, and here, the circuit behavior must satisfy one of the group constraints at all times. The following is a description of a pseudocode for extracting functional constraints: 1) k = 1;//number of HLS; 2) While (k ≤ S){// individual constraints; 3) List(c ok ,…c nk ) =Create_individual_ constraints(S k ); 4) C k = c 0k and ... and ... c nk; //conjunction of individual constraints; 5) k = k + 1;}//end while; 6) //the design constraint is the disjunction of HLS constraints; 7) C = C 0 or . . . or C NG . These Boolean formulas are easily imposed in the ATPG process tools. If the constraints are too complex, we can perform an optional constraint minimization to reduce the size and complexity [19] .
V. PROPOSED VERIFICATION ENVIRONMENT
As mentioned before, we proposed in [1] an automatic verification environment based on the use of structural test patterns as simulation patterns; more specifically, the use of launch-on-capture transition test vectors with emulated scan registers in RTL simulation. To obtain these automatically generated test patterns, regular steps of the design flow must be performed in a preliminary way, namely synthesis, scan insertion, and ATPG. This may seem counterintuitive as those steps are generally accomplished once the verification of the RTL model is considered satisfactory. By preliminary, we mean without any particular constraints (e.g., frequency, area, and coverage), as these steps have to be redone once the verification of the RTL model is fully completed. Consequently, this environment does not aim at verifying if the scan insertion is properly performed. Once the test patterns are generated (at the gate level), the proposed approach emulates the presence of scan register chains during RTL simulation-based verification, by associating them to state signals forcing, and resulting in controllability improvements. In addition, the use of launch-on-capture transition as fault model helps simulate and exercise the most efficiently the design functionality [4] . In adition to the ATPG is used in full scan mode. The methodology proposed [1] improved verification quality in terms of coverage, effort, and time. However, as underlined earlier, a drawback of this methodology is the potential presence of ISEs; when the generated test patterns used in the simulation contains an ISE signal value, with the DUV and the reference model having different coding styles, the designs may behave differently, and inducing false error detection. To overcome this obstacle, we introduced the constraint extractor tool proposed in this brief in the verification environment. Fig. 6 shows the complete verification environment. We assume that a reference model is available. Note that such a model is also required to apply most common verification methodologies, such as the constrainedbased and pseudorandom methodologies. In this brief, the golden model used has the same level of detail as the RTL model verified. The proposed environment is fully automated and incorporates three complementary tools: 1) functional constraint extractor described in this brief; 2) testbench generator that adapt and apply structural test patterns in the RTL simulation; and 3) error detector [1] that monitors the DUV and the reference model responses for possible errors. We implemented the proposed environment on a Pentium, Dual-Core CPU, 2.2 GHz processor machine, with 1.99 G of RAM. Experiments were run on some ITC'99 benchmark circuits [20] . Experimental results are presented under two different angles: 1) the effectiveness of the overall verification environment in terms of coverage, when compared with other verification methodologies and 2) the effectiveness of the proposed constraint extraction methodology in avoiding false errors.
VI. EXPERIMENTAL RESULTS

A. Coverage and Time Results
We aimed to evaluate the effectiveness of the proposed verification environment (PA) by comparing it to two well-known and widely used simulation-based verification techniques, the pseudorandom approach (PRA) and the constrained random approach (CRA) [22] . Table III shows a first class of results based on the FSM metrics (states, transitions) provided by Modelsim. To reflect the thoroughness of design error detection, we proceeded to fault simulation and obtained the results shown in Table IV . Design errors were injected based on RTL fault models [23] . The fault injection was performed manually, which limited the number of injected faults. Based on the experimental results, we first can deduce that the proposed approach outperforms the PRA, and presents comparable and often higher coverage than CRA. In addition, in Table IV (rightmost column) shows that in these experiments, we could cover with the PA the errors already covered by other approaches, and others that were not. This is mainly due to the fact that, the ATPG structural test patterns are generated based on advanced algorithms that seek high test coverage. As for the CRA, stimuli are generated based on constraints modeling the design functionality, which results in highquality testbenches capable of covering most design functionalities. However, the CRA approach requires considerable effort and time to understand the design, build the constraints, write the testbenches and setup the environment. With the proposed approach, no effort is required either to generate the patterns or to understand the code. All experiments but the b18 were done in less than half an hour. Consequently, our approach provides a faster way to reach coverage that is at least as good as but very often even higher than the one obtained with the CRA. Note that the b18 circuit is a more complex design composed of thousands of lines of code. Reading and understanding the code and its functionality, and setting up its testbench would take several months. Therefore, we only used our automated approach to apply the structural test patterns, estimate the coverage, and compare it to the pseudorandom-based approach. Finally, note that it took less than 3 h to apply our complete methodology on the b18 circuit.
B. False Errors
To show that the extracted constraints are useful for avoiding false error detection in our simulation-based verification approach [1] , we ran simulations using generated patterns, on the VHDL models (and on their reference models). The DUV and reference model are fault free, they only differ in their coding styles. Despite the difference in the coding styles between the two models, no false errors were detected during the simulation with test patterns generated with constraints, whereas, for the simulation using patterns generated without any constraints, many errors were detected, as shown in Table V .
VII. CONCLUSION
In this brief, we have presented a new methodology for legal HLS values extraction and functional constraints built to avoid ISEs in generated test patterns used for verification. The proposed methodology aims to reduce complexity and avoid heavy computation as compared with the techniques presented in the literature. Therefore, it is fully automated, and works at the RT level, in addition to computing ranges of values and defining HLS instead of low level states. The whole process is executed in just a few seconds to a few minutes, and the tool can easily be adapted to cover any other HDL. Furthermore, the resulting tool is used in a new automated verification environment based on the use of structural test patterns in RTL simulation. Experimental results showed that the complete proposed environment could help improve verification quality in terms of coverage, time, and complexity. It also showed the effectiveness of the proposed functional constraints extraction approach in avoiding false error detection during RTL simulation.
