LASHED: LLMs And Static Hardware Analysis for Early Detection of RTL Bugs
By: Baleegh Ahmad , Hammond Pearce , Ramesh Karri and more
Potential Business Impact:
Finds hidden computer chip security flaws.
While static analysis is useful in detecting early-stage hardware security bugs, its efficacy is limited because it requires information to form checks and is often unable to explain the security impact of a detected vulnerability. Large Language Models can be useful in filling these gaps by identifying relevant assets, removing false violations flagged by static analysis tools, and explaining the reported violations. LASHED combines the two approaches (LLMs and Static Analysis) to overcome each other's limitations for hardware security bug detection. We investigate our approach on four open-source SoCs for five Common Weakness Enumerations (CWEs) and present strategies for improvement with better prompt engineering. We find that 87.5% of instances flagged by our recommended scheme are plausible CWEs. In-context learning and asking the model to 'think again' improves LASHED's precision.
Similar Papers
The Hitchhiker's Guide to Program Analysis, Part II: Deep Thoughts by LLMs
Software Engineering
Finds software bugs better by checking code carefully.
BugWhisperer: Fine-Tuning LLMs for SoC Hardware Vulnerability Detection
Cryptography and Security
Finds computer chip security flaws automatically.
Large Language Model (LLM) for Software Security: Code Analysis, Malware Analysis, Reverse Engineering
Cryptography and Security
Helps computers find computer viruses faster.