LASHED: LLMs And Static Hardware Analysis for Early Detection of RTL Bugs
Baleegh Ahmad, Hammond Pearce, Ramesh Karri, Benjamin Tan
TL;DR
LASHED tackles the challenge of detecting hardware RTL security bugs early by blending Large Language Models (LLMs) with static analysis. The framework uses LLMs for assets identification, pruning false positives, and explaining violations, while static analysis (linting or formal verification) provides verification and structure, guided by MITRE hardware CWEs. Through four open-source SoCs and five CWEs, LASHED demonstrates that prompting strategies with in-context learning and thinking-again prompts can achieve high precision, up to around 0.88 in certain configurations, with an overall notable improvement over baselines. The work suggests that integrating LLM reasoning with formal and lint-based checks can offer scalable, actionable pre-silicon security diagnostics for complex RTL designs, with practical implications for hardware verification workflows.
Abstract
While static analysis is useful in detecting early-stage hardware security bugs, its efficacy is limited because it requires information to form checks and is often unable to explain the security impact of a detected vulnerability. Large Language Models can be useful in filling these gaps by identifying relevant assets, removing false violations flagged by static analysis tools, and explaining the reported violations. LASHED combines the two approaches (LLMs and Static Analysis) to overcome each other's limitations for hardware security bug detection. We investigate our approach on four open-source SoCs for five Common Weakness Enumerations (CWEs) and present strategies for improvement with better prompt engineering. We find that 87.5% of instances flagged by our recommended scheme are plausible CWEs. In-context learning and asking the model to 'think again' improves LASHED's precision.
