Countering the Path Explosion Problem in the Symbolic Execution of Hardware Designs
Abstract
Symbolic execution is a powerful verification tool for hardware designs, but suffers from the path explosion problem. We introduce a new approach, piecewise composition, which leverages the modular structure of hardware to transfer the work of path exploration to SMT solvers. We present a symbolic execution engine implementing the technique. The engine operates directly over register transfer level (RTL) Verilog designs without requiring translation to a netlist or software simulation. In our evaluation, piecewise composition reduces the number of paths explored by an order of magnitude and reduces the runtime by 97%. Using 84 properties from the literature we find assertion violations in 5 open-source designs including an SoC and CPU.
- Publication:
-
arXiv e-prints
- Pub Date:
- April 2023
- DOI:
- 10.48550/arXiv.2304.05445
- arXiv:
- arXiv:2304.05445
- Bibcode:
- 2023arXiv230405445R
- Keywords:
-
- Computer Science - Cryptography and Security;
- B.5.3