# VerilogLAVD: LLM-Aided Rule Generation for Vulnerability Detection in Verilog # <sup>1</sup>Xiang Long, <sup>2</sup>Yingjie Xia, <sup>1</sup>Xiyuan Chen, <sup>3</sup>Li Kuang <sup>1</sup>Hangzhou Dianzi University, <sup>2</sup>Zhejiang University, <sup>3</sup>Central South University #### **Abstract** Timely detection of hardware vulnerabilities during the early design stage is critical for reducing remediation costs. Existing early detection techniques often require specialized security expertise, limiting their usability. Recent efforts have explored the use of large language models (LLMs) for Verilog vulnerability detection. However, LLMs struggle to capture the structure in Verilog code, resulting in inconsistent detection results. To this end, we propose VerilogLAVD, the first LLM-aided graph traversal rule generation approach for Verilog vulnerability detection. Our approach introduces the Verilog Property Graph (VeriPG), a unified representation of Verilog code. It combines syntactic features extracted from the abstract syntax tree (AST) with semantic information derived from control flow and data dependency graphs. We leverage LLMs to generate VeriPG-based detection rules from Common Weakness Enumeration (CWE) descriptions. These rules guide the rule executor that traversal VeriPG for potential vulnerabilities. To evaluate VerilogLAVD, we build a dataset collected from open-source repositories and synthesized data. In our empirical evaluation on 77 Verilog designs encompassing 12 CWE types, VerilogLAVD achieves an F1-score of 0.54. Compared to the LLM-only and LLM with external knowledge baselines, VerilogLAVD improves F1-score by 0.31 and 0.27, respectively. #### Introduction Modern hardware architectures have grown significantly more complex. This increased design complexity complicates the application of traditional security verification techniques, such as formal verification and dynamic simulation, which often suffer from scalability limitations and incomplete state-space coverage (Akter, Khalil, and Bayoumi 2023). As a result, security vulnerabilities may remain undetected until the post-silicon validation stage, which substantially increases the cost and complexity of remediation (Karri et al. 2010). Therefore, ensuring compliance with security specifications during early design stages is essential to building trustworthy hardware systems. Existing tools for analyzing security at the RTL have major limitations. The verification process requires engineers to manually review the RTL code to define security rules, create matching SystemVerilog Assertion (SVA) and run tests Figure 1: (a) Static analysis requires substantial time and expertise, and the effectiveness depends on the expertise and experience of the analysts. (b) LLM+Knowledge tends to generate false positives. (c) VerilogLAVD reduces false positives by generating detection rules. during simulation (Orenes-Vera et al. 2021). Engineers analyze the SVA results to identify potential security vulnerabilities. It only functions with fully completed hardware designs, making it unsuitable for early development stages. The RTL designs analysis tools in the early stage of hardware design, like Spyglass (Synopsys 2015), they can identify vulnerabilities early by using expert-defined static analysis rules. This workflow requires substantial security expertise and intensive labor for code review. More critically, Current these tools mainly focus on checking functional correctness instead of security. Recently, large language models (LLMs) have become <sup>&</sup>lt;sup>1</sup>Code will be released upon paper acceptance. Figure 2: Overview of VerilogLAVD. VerilogLAVD consists of (a) *VeriPG Construction*, (b) *Validation-Based Rule Generation* and (c) *Vulnerability Rule Execute*. widely used across many industries because LLMs are good at understanding context and logical reasoning, especially in software development domains, like Github Copilot (Github 2021) and Cursor (Anysphere 2023). LLM is also applied in hardware security vulnerability detection, researchers use LLMs to find security weaknesses. Common methods create prompt templates that include both security knowledge and code structure information (Fang et al. 2025; Saha et al. 2024). These prompt templates help LLMs detect vulnerabilities in the early stage of hardware design. For LLM, there is an important problem in vulnerability detection. LLMs are trained to excel at logical reasoning in natural language, they have a weak understanding of Verilog code structure. This issue makes LLMs much more likely to output incorrect information, producing unreliable results with factual errors. Figure 1 illustrates the motivation of VerilogLAVD. As shown in Figure 1(a), traditional approaches rely on manually crafted static analysis rules, which require extensive security expertise and significant time. Moreover, the effectiveness of these methods is highly dependent on the engineer's professional knowledge. In contrast, methods based on LLMs combined with external knowledge perform vulnerability detection through carefully designed prompts, as seen in Figure 1(b). However, these methods often suffer from a high rate of false positives. This is primarily due to LLMs' limited understanding of Verilog's structural semantics and their are misled by irrelevant information. This issue can be addressed by incorporating code graph structure analysis via static techniques. To address the above challenges, we propose VerilogLAVD, a novel LLM-aided graph traversal rule generation approach for Verilog vulnerability detection. Inspired by Code Property Graph (CPG) (Yamaguchi et al. 2014), we aim to model Verilog code in a similar way. However, due to the syntactic and concurrency differences between Verilog and the languages targeted by CPG, we construct VeriPG, a graph-based representation of Verilog, and design a rule executor for vulnerability detection. We also design a vulnerability detection rule generation flow. Within this approach, LLMs are responsible for generating VeriPG traversal-based detection rules from natural language descriptions of vulnerabilities, which avoids direct structural reasoning. However, as LLMs tend to cause API misuse in software code generation, they similarly exhibit misuse of traversal primitives during rule generation (Zhong and Wang 2024). We built a rule-validation tool to reduce the misuse of traversal primitive output by LLM. This tool monitors generated rules in real-time and gives instant feedback to LLMs to fix invalid rules. This tool reduces mistakes in vulnerability rules. Our key contributions are as follows. - **VeriPG:** We propose VeriPG, a unified Verilog representation integrating AST, CFG, and DDG to enhance vulnerability detection accuracy and extensibility in detecting various vulnerability types. - Validation-Based Rule Generation: We propose an improved generation method incorporating rule validation to verify rules, reducing rule misuse while improving correctness and stability. - Vulnerability Rule Executor: We develop a suit of optimized traversal approach with a dedicated rule executor, leveraging Verilog characteristics and vulnerability patterns to significantly improve efficiency. # **Preliminaries** #### The Verilog Language Verilog is a hardware description language (HDL) most commonly employed at the register transfer level (RTL), which describes the flow of data between registers and the logical operations performed on those data. In this paper, all Verilog code under discussion is situated at the RTL. Unlike software programming languages, Verilog describes the structure and behavior of hardware components that operate in parallel. However, due to the concurrency and timing sensitivity of hardware, static analysis and vulnerability detection in Verilog pose unique challenges distinct from traditional software security analysis. # Symbolic Definitions in VeriPG Formally, a Verilog module is represented as a directed graph $G=(V,E,A^V,A^E)$ , where V is AST node $(V_A)$ , E contains $E_A$ , $E_C$ and $E_D$ , $A^V$ is property of V, contains name, type, lineno and value, $A^E$ is property of E, contain type, condition. The traversal primitives are specialized traversal functions for VeriPG. The symbolic definition of traversal primitives is as follows: $P(m)=\{n|V_{property}^A(n)=t_1,V_{property}^E(m,n)=t_2\}$ , where m is the current node, n is the next node, $t_1$ nominates the type of n, $t_2$ nominates the type of edge between m and n. The graph construction is designed to preserve the structural, control flow, and data dependencies semantics of Verilog code, enabling precise traversal and reasoning for vulnerability detection. We will use this graph representation throughout the paper to define traversal primitives and vulnerability rules for CWE vulnerability detection. # Methodology #### Overview Figure 2 shows an overview of VerilogLAVD. We begin by analyzing the Verilog code to construct its corresponding VeriPG representation. Simultaneously, we step-by-step extract vulnerability rules from natural language descriptions of CWE vulnerabilities by using LLM. These generated rules be validated to ensure their correctness. Subsequently, the generated VeriPG representation and the validated vulnerability rules are input into the vulnerability rules executor. This executor systematically examines the VeriPG structure against the vulnerability rules to identify potential security vulnerabilities. # **VeriPG Construction** The VeriPG construction phase consists of three key steps: 1) *Syntax and Semantic Analysis*, 2) *Extraction of Common Nodes*, and 3) *Feature Combination*. We first analyzes Verilog code to generate three graph representations: AST, CFG and DDG. Subsequently, we identifies the common nodes in these structures. Finally, we merges the three graphs into a unified model by leveraging these common nodes. **Syntax and Semantic Analysis** We employ the PyVerilog toolkit to parse Verilog code and generate its AST. Custom scripts then perform semantic analysis on the AST to extract both CFG and DDG. We construct CFG in procedural block of Verilog. The CFG construction involves identifying procedural blocks (e.g., Always blocks) and control blocks (such as IfStatement and ForStatement), followed by establishing control flow edges between them. Unlike the CFG of software program language, the CFG of Verilog requires handle parallel statements. For DDG generation, we analyze signal definitions, usages, dependency relationships, and construct corresponding dependency edges. This process yields three complementary representations of the Verilog code: AST, CFG and DDG. Common Node Extraction Our analysis of these structures begins with extracting appropriate syntactic identifiers from the AST to serve as common nodes for representation fusion. While CFG nodes $(V_C)$ and DDG nodes $(V_D)$ represent complete code statements, each containing distinctive identifiers or their combinations that indicate semantic types $(\exists v_{common} \in V_A, \exists v_C \in V_C, \exists v_D \in V_D, v_{common} \in v_C$ or $v_{common} \in v_D$ ), these identifiers maintain correspondence with their AST counterparts. We systematically extract these aligned identifiers as fusion anchors for subsequent feature integration $(V_{common} \cup V_A \rightarrow V)$ . Feature Combination The feature fusion process uses the AST as the foundational structure, augmented with control flow edges from the CFG and data dependency edges from the DDG. To prepare for fusion, we preprocess the AST by breaking the AST edges between common nodes ( $e_A \in E_A, e_A = (v^i_{common}, v^j_{common}) \rightarrow e_A = \varnothing$ ) and decomposing it into multiple syntax subtrees rooted at the identified common nodes, each subtree representing a code segment that corresponds to the CFG / DDG nodes. Semantic enrichment is achieved by incorporating the control edges of CFG and the dependency edges of DDG between the corresponding subtree nodes ( $\exists v^i_{common} \in v^i_C, \exists v^j_{common} \in v^j_C, e_C = (v^i_{co}, v^j_C) \rightarrow e_C = (v^i_{common}, v^i_{common})$ similarly $e_D = (v^m_{common}, v^n_{common})$ . This integrated representation, termed VeriPG, effectively combines the three structural code representations through their interconnected common nodes. #### Validation-Based Rule Generation To mitigate reliance on security experts in vulnerability analysis, we leverage LLMs to generate vulnerability rules through natural language descriptions of vulnerabilities. However, the inherent output randomness of LLMs introduces instability in rule generation. To address this, we propose a validation-based vulnerability rule generation methodology. We first extract the vulnerability conditions from the CWE descriptions by LLMs. Subsequently, we generate the VeriPG traversal rules for vulnerability detection using the rule validation tool. **VeriPG Traversal Primitive** We propose a set of fundamental traversal methods for VeriPG that synergistically consider Verilog syntax characteristics and common vulnerability patterns, achieving enhanced efficiency in vulnerability detection. These basic traversal methods are systematically combined through textual vulnerability descriptions, forming configurable vulnerability rules. The traversal primitives consist of three categories: 1) *Generic graph traversal*, contains fundamental traversals, like DFS, BFS, traversal along AST edge; These traversals are basic components Figure 3: An illustration of Rule Validation process. LLM (Left) generates traversal primitive step by step, Validation Tool (Right) validates traversal primitive and output result. of other traversal primitives. 2) Boolean operations, mainly involve the composition and computation of the results from other traversal primitives. 3) VeriPG-specific traversal, focuses on semantic-aware processing of Verilog syntax elements through direct indexing of critical syntax nodes and specialized traversal strategies. For instance, our conditional variable traversal for IfStatement nodes identifies variables affecting branch decisions, while rule analysis leverages CFG edges to determine execution rules under specific conditions. The assignment variable traversal utilizes DDG edges to track variable propagation. Generic graph traversal supplements these specialized methods with conventional graph operations including node type filtering and depth-first search along specific edge types. Boolean operations enable logical combinations of traversal results, supporting complex pattern detection through result transformation and filtering. Examples of two primitives (Node () and Branch()) are illustrated in Equations (1) and (2). $$Node(t) = \{n | V_{type}^A(n) = t\}$$ (1) where t is one kind of node type, $V_{type}^{A}(n)$ means obtaining type property value of n, this primitive returns all nodes with type t. $$\begin{aligned} \text{Branch}(m) &= \{ n \mid & V_{\text{type}}^A(m) = \text{IfStatement} \& \\ & V_{\text{type}}^E(m,n) = \text{CFG} \} \end{aligned} \tag{2}$$ where IfStatement is value of node type, CFG is value of edge type, $V_{type}^{E}(m,n)$ means get type property value of edge from m to n, this primitive returns all nodes reachable from an IfStatement node along CFG edges. Vulnerability Detection Rule Vulnerability rules implement combinatorial logic through three core components: Functions, Filters, and Paths. Functions encapsulate basic traversal operations with configurable parameters and result filters. Filters apply Boolean logic (AND/OR) to combine multiple verification conditions, which can be either nested Functions or Paths. Paths define sequential execution chains where preceding Function outputs serve as subsequent Function inputs. For practical implementation, these rules are stored in JSON format with structured schema definitions. Vulnerability Condition Extraction Our solution try to bridge the significant semantic gap between natural language descriptions and formal vulnerability rules through a Chain-of-Thought (CoT) approach. CWE descriptions typically contain two critical components: vulnerability manifestations and root causes, which essentially define vulnerability types through specific conditional constraints. Our method systematically extracts these constraint from textual descriptions and converts them into vulnerability judgment conditions. Through iterative optimization of prompt engineering, we achieve stable and standardized LLM outputs. Rule Generation To address two key issues—(1) hallucinated rules that exceed VeriPG's structural constraints, and (2) invalid traversal primitives generated during rule synthesis—we implement a rule validation mechanism. This mechanism incorporates a VeriPG-based node state machine that continuously monitors transformation states throughout the rule generation process. It provides real-time feedback on node state transitions and validates transformation steps, enabling the LLM to dynamically correct erroneous outputs. The resulting validated vulnerability rules are directly applicable to the automated vulnerability rule executor. **Rule Validation** The rule validation tool uses a finite state machine built from the VeriPG's structure. We treat different VeriPG nodes as states and connections between nodes as state transitions. Some nodes have self-loop edges that show nested relationships, such as when one If statement contains another. The tool sets a start state and moves between states by traversal primitives. The process of rule validation begins at a common node decided by LLM, and state transitions are driven by traversal primitives. When multiple Table 1: Vulnerability categories (this work), their corresponding CWE types and number of designs in the dataset. | Category | CWEs | No. | |---------------------------|------------------------|-----| | Improper Access Control | 1231, 1243, 1244, 1280 | 17 | | Improper Resource Operate | 226, 1258, 1271 | 13 | | Improper Lock | 1232, 1234 | 11 | | Side Channel | 1255, 1300 | 11 | | Finite State Machine | 1245 | 7 | | Non-Vulnerability | None | 12 | Table 2: Vulnerability detection performance evaluation of recent LLMs and VerilogLAVD. F1 scores are shown in bold, and the best-performing metrics are highlighted with a green background. | Vulnerability Category | DeepSeek-V3 | | | DeepSeek-V3<br>+Knowledge | | | DeepSeek-V3<br>+VerilogLAVD | | | GPT-40 | | GPT-40<br>+Knowledge | | | GPT-40<br>+VerilogLAVD | | | | |---------------------------|-------------|-------|------|---------------------------|-------|------|-----------------------------|-------|------|--------|-------|----------------------|-------|-------|------------------------|-------|-------|------| | | P(%) | R(%) | F1 | P(%) | R(%) | F1 | P(%) | R(%) | F1 | P(%) | R(%) | F1 | P(%) | R(%) | F1 | P(%) | R(%) | F1 | | Improper Access Control | 15.07 | 64.71 | 0.24 | 25.71 | 52.94 | 0.35 | 48.15 | 76.47 | 0.59 | 11.71 | 76.47 | 0.20 | 14.85 | 88.24 | 0.25 | 60.87 | 82.35 | 0.70 | | Improper Resource Operate | 13.79 | 30.77 | 0.19 | 26.09 | 46.15 | 0.33 | 24.32 | 69.23 | 0.36 | 12.07 | 53.85 | 0.20 | 12.90 | 61.54 | 0.21 | 32.26 | 76.92 | 0.45 | | Improper Lock | 31.25 | 45.45 | 0.37 | 35.29 | 54.55 | 0.43 | 43.75 | 63.64 | 0.52 | 24.24 | 72.73 | 0.36 | 21.88 | 63.64 | 0.33 | 46.15 | 54.55 | 0.50 | | Side Channel | 18.75 | 27.27 | 0.22 | 26.67 | 36.36 | 0.31 | 83.88 | 45.45 | 0.59 | 8.16 | 36.36 | 0.13 | 12.50 | 72.73 | 0.21 | 53.85 | 63.64 | 0.58 | | Finite State Machine | 11.11 | 14.29 | 0.13 | 17.65 | 42.86 | 0.25 | 45.45 | 71.43 | 0.56 | 18.75 | 42.86 | 0.26 | 27.27 | 42.86 | 0.33 | 54.55 | 85.71 | 0.67 | | Total | 16.78 | 40.68 | 0.24 | 26.17 | 47.46 | 0.34 | 40.21 | 66.10 | 0.50 | 13.11 | 59.32 | 0.21 | 15.19 | 69.49 | 0.25 | 47.25 | 72.88 | 0.57 | valid transitions exist for a traversal primitive, the tool tracks all possible state transition branches, but illegal branches in successor state transition will be stopped tracking immediately. This method checks whether the LLM's traversal commands follow VeriPG's rules and provides real-time feedback, as shown in Figure 3. ## **Vulnerability Rule Executor** We design a rule executor to traverse the VeriPG by parsing vulnerability rules. By jointly optimizing traversal primitives and adopting an extensible rule architecture, the executor achieves both high traversal efficiency and flexible support for new vulnerability types. The rule executor comprises three key components: the *Primitive Executor*, which serves as the core and entry point responsible for executing traversal primitives of rules on VeriPG; It first resolves its arguments (primitives or paths) by invoking the corresponding executor, then performs the traversal and applies a filter to extract results that meet the specified conditions; the *Filter Executor*, which applies filtering conditions during rule execution; and the *Path Executor*, which manages and interprets the traversal paths specified by the rules. ## **Experiments** ## **Experiments Setup** We evaluate VerilogLAVD in different aspects to answer the following research questions. RQ1: How effective is VerilogLAVD compared with LLM-only approaches across different categories of vulnerabilities? RQ2: How effective is Rule Validation of vulnerability detection rule generation? RQ3: How efficient is the vulnerability rule executor across Verilog designs of different scales? We introduce a representative case to prove the effectiveness of VerilogLAVD. **Dataset** Existing hardware CWE datasets cover only a limited range of vulnerability types, making it difficult to comprehensively evaluate our approach. To address this limitation, we constructed a customized dataset based on CWE classifications by using samples from the real-world opensource repository Hack@21 as seed data, while also accounting for the diverse code structures that can occur within the same CWE category. Our mutation strategies include: 1) *Name substitution*, where signal or register names related to the vulnerability are replaced; 2) *Process block extension*, where unrelated procedural blocks are inserted to increase code complexity and length; and 3) *Structural complication*, which involves extending the distance between vulnerable components within the source file or introducing additional branching and looping constructs. Using these methods, we generated 59 positive samples. We obtained 18 negative samples from the corresponding patched versions. The final dataset comprises 77 Verilog designs covering 12 CWE types, as shown in Table 1. Baseline Although several related studies and tools have achieved promising results on this task, we did not adopt them as direct baselines for the following reasons: 1) lack of publicly available code, 2) inconsistency in research objectives, and 3) heavy reliance on human expertise. Instead, we compare our approach against the LLM-only and LLM+Knowledge methods. In the LLM-only method, we provide the LLMs with the Verilog code along with a brief description of the corresponding CWE vulnerability. The LLM+Knowledge method extends this input by incorporating detailed CWE information retrieved from the official MITRE CWE database. In all methods, we using two representative LLMs: GPT-4o (OpenAI 2024) and DeepSeek-V3 (DeepSeek-AI 2024). GPT-4o is widely recognized for its strong performance and has served as a benchmark for many subsequent models since its release. DeepSeek-V3, by contrast, is an open-source model that offers a favorable balance between accuracy and computational efficiency, making it a practical option for a broad range of real-world applications. **Implementation Detail** We implemented the whole approach using Python 3.10, parsed the Verilog code into an AST using PyVerilog (Takamaeda-Yamazaki 2015), used neo4j (Webber 2012) to operate the VeriPG graph structure, and built the agent in the Vulnerability Rule generation Module using Autogen (Wu et al. 2024). **Evaluation Metrics** We choose precision (P), recall (R), and F1 score as our evaluation metrics, which are widely used in previous studies. For each individual CWE, the dataset contains an imbalanced number of positive and negative samples. Therefore, we avoid using accuracy as an evaluation metric, as it can be misleading under such conditions. Table 3: The results of ablation study. | Method | Traversal Primitive Misuse | | | | | | | | | |-----------------------|----------------------------|----------|-----------|--|--|--|--|--|--| | | IPTR (%) | IPMR (%) | Total (%) | | | | | | | | LLM+Knowledge | 27.04 | 13.83 | 40.87 | | | | | | | | VerilogLAVD (w/o PV) | 23.96 | 12.88 | 36.84 | | | | | | | | VerilogLAVD (with PV) | 3.49 | 6.61 | 10.10 | | | | | | | ### Effectiveness of VerilogLAVD (RQ1) To evaluate the effectiveness of VerilogLAVD in RTL vulnerability detection, we conducted a series of comparative experiments against representative baselines across different CWE vulnerability categories. We adopted the Pass@5 strategy to mitigate the randomness of LLM outputs. Each method was executed independently 5 times, and a Verilog sample was considered vulnerable if any of the 5 runs detected a vulnerability. This evaluation covered 12 types of CWE-defined vulnerabilities, which we grouped into 5 broader categories to facilitate analysis. Table 2 summarizes the performance comparison between VerilogLAVD and the LLM+Knowledge baseline using different backbone models. The results indicate that VerilogLAVD consistently outperforms the knowledge-augmented approach, demonstrating greater robustness across diverse model architectures. For instance, DeepSeek-V3+VerilogLAVD achieved a 44.12% improvement in F1 score over DeepSeek-V3+Knowledge, while GPT-4o+VerilogLAVD showed a 133.33% increase compared to GPT-4o+Knowledge. These findings confirm the effectiveness of VerilogLAVD in accurately identifying RTL security vulnerabilities and highlight its potential as a generalizable framework that surpasses conventional LLM finetuning and prompt engineering methods. #### **Impact of Rule Validation (RQ2)** To assess the impact of rule validation on vulnerability rule generation, particularly in mitigating traversal primitive misuse, we conduct a series of ablation experiments using the DeepSeek-V3 backbone model. We compare three configurations: 1) *LLM+Knowledge (DeepSeek-V3)*, 2) *Rule Extraction without Rule Validation*, and 3) *Rule Generation with Rule Validation*. All configurations use the same inputs: CWE descriptions, VeriPG structural information, traversal primitives, and example rule. In the first configuration, the LLM directly receives these inputs as a prompt. The second converts CWE descriptions into rules through step-by-step reasoning. The third further refines these rules by applying a rule validation tool iteratively, halting upon success or after 50 iterations. Each method runs five times per CWE type across all 12 categories. The resulting rules are manually examined for two types of traversal primitive misuse: Illegal rules, where a primitive is incorrectly applied to an unrelated node, and Illegal parameters, involving invalid parameter counts or types. We define two metrics: the illegal rule Figure 4: Variation of number of executed primitives and rule execution time with the lines of Verilog code. rate and illegal parameter rate, calculated as the proportion of violations among all generated primitives. Table 3 presents the results. The rule validation configuration significantly lowers the overall misuse rate to 10.10%, compared to 40.87% for the baseline and 36.84% for the no-validation method. Specifically, it reduces the illegal rule rate to 3.49%, representing decreases of 87.10% and 85.43%, respectively. The illegal parameter rate also drops to 6.61%, yielding reductions of 52.21% and 48.68% over the two other methods. These findings demonstrate that rule validation substantially reduces misuse, particularly illegal traversal rules, thereby improving the structural integrity and reliability of generated vulnerability rules. #### Efficiency Across Verilog Design Scales (RO3) To evaluate the performance of the vulnerability rule executor on single-module Verilog code of varying lengths, we conducted experiments using our dataset. As shown in Figure 4, we observe that as the number of code lines increases, neither the number of executed traversal primitives nor the rule execution time exhibits a clear upward trend. This suggests that the executor's performance is not directly correlated with code length. Notably, the number of traversal primitives closely aligns with execution time, indicating that primitive execution dominates the overall scanning process. Interestingly, in some cases, longer Verilog files yield shorter execution times, suggesting that the scanner is largely insensitive to irrelevant code and can maintain high performance even on lengthy designs. #### **Case Study** We present a representative RTL vulnerability case in which data-flow analysis is critical for accurate detection. Specifically, detecting CWE-1280 requires analyzing data dependencies: this vulnerability arises when an access control condition is used before being properly initialized, potentially leading to nondeterministic execution behavior, as shown in Figure 5a. To efficiently detect such issues, our approach uses customized traversal primitives for the CFG and DDG. ``` ... always @ (posedge clk or negedge rst_n) begin if (!rst_n) data_out = 0; else data_out = (grant_access) ? data_in : data_out; grant_access = (usr_id == 3'h4) ? 1'b1 : 1'b0; end ... ``` (a) Verilog Code with Vulnerability (b) Vulnerability Rule Figure 5: (a) A Verilog code with CWE-1280. The code containing vulnerabilities is highlighted with a red background. (b) The fragment of CWE-1280 vulnerability rule. As shown in Figure 5b, the corresponding vulnerability rule consists of four key steps: 1) Use the Variable primitive to collect all signals in the module, then apply a Filter to select relevant ones; 2) Traverse from each selected signal to its usage via LoadStatement, following data dependency edges; 3) Move from the usage point to the corresponding blocking assignment using AssignStatement along the DDG; 4) Apply the Exist primitive to check whether the identified pattern exists and return a boolean result. This rule demonstrates how VeriPG utilizes data dependency information for graph-based traversal, emphasizing its essential role in enabling semantic-level vulnerability detection. More details/results are referred to the appendix. #### **Related Work** Traditional Hardware Security Verification With the increasing complexity of hardware design, a variety of hardware security verification methods have emerged. 1) Simulation-based Validation depends on manually crafted test cases to assess hardware security (Dessouky et al. 2019; Rajendran et al. 2023); however, this method is laborintensive, inefficient, and suffers from limited coverage. 2) Fuzzing Testing and Penetration Testing employ automated test case generation via mutation and feedback mechanisms (Hossain et al. 2023; Al-Shaikh et al. 2023), but they require extensive testing to achieve sufficient coverage. 3) Assertion-based Formal Verification expresses security properties using SVAs and checks them with formal tools (Aftabjahani et al. 2021; Orenes-Vera et al. 2021); despite its rigor, this approach often encounters state space explosion in complex designs and demands considerable expertise to construct accurate SVAs. 4) Security Analysis based on RTL Code Structure leverages RTL code structure scanning with problem-specific detectors (Ahmad et al. 2022). While effective for certain issues, it requires custom analyzer development for different vulnerability types, heavily relying on domain-specific knowledge. 5) Information Flow Tracking (IFT) monitors the propagation of sensitive data to identify unauthorized flows (Solt, Gras, and Razavi 2022; Zhao et al. 2024), but it introduces significant computational overhead. 6) Machine Learning-based Verification, including methods based on graph neural network (GNN), strives to automate the validation process (Fan et al. 2024; Yasaei et al. 2022); however, the absence of large-scale labeled datasets limits the generalization capability of these models. LLM-aided Hardware Security Verification Recent advances have explored the application of LLMs in various aspects of hardware security verification. 1) LLM-based Logical Verification utilizes LLMs to reason about and identify issues in RTL code logic (Akyash and Kamali 2024; Pearce et al. 2025; Zhang et al. 2024b); however, the inherent complexity and structural characteristics of RTL present significant challenges for accurate comprehension by LLMs. 2) LLM-aided Formal Verification employs LLMs to generate SVAs, aiming to lower the barrier to writing formal properties (Orenes-Vera, Martonosi, and Wentzlaff 2023). However, due to the intricate nature of SVAs and the ambiguity often found in security specifications, the generated results frequently exhibit instability. 3) LLM-aided IFT improves the efficiency and scalability of IFT by dynamically inferring security properties (Mashnoor et al. 2025). Despite these promising directions, prior work has not investigated the integration of LLMs with RTL-structure-based security analysis. Leveraging LLMs to generate analysis rules can reduce the manual effort involved in rule construction, thereby enhancing the scalability of RTL structural analysis and facilitating early-stage security assessment during hardware design. ## **Conclusion and Future Work** In this paper, we proposed the first LLM-aided graph traversal rule generation approach for Verilog vulnerability detection. Our method introduces VeriPG, a unified intermediate representation that integrates syntactic and semantic information from ASTs, CFGs, and DDGs. Using LLMs, we analyze vulnerability patterns and generate graph traversal rule for structured vulnerability matching. VerilogLAVD achieving an F1 score improvement of 0.31 and 0.25 over LLM-only and LLM+knowledge baselines, respectively. During the course of this study, we observed that Verilog vulnerabilities tend to be concentrated within specific functional modules. However, our current approach does not incorporate functional context into the detection process. In future work, we plan to explore integrating functional module information to improve vulnerability localization and detection accuracy. ## References Aftabjahani, S.; Kastner, R.; Tehranipoor, M.; Farahmandi, F.; Oberg, J.; Nordstrom, A.; Fern, N.; and Althoff, A. 2021. - Special session: Cad for hardware security-automation is key to adoption of solutions. In 2021 IEEE 39th VLSI Test Symposium (VTS), 1–10. IEEE. - Ahmad, B.; Liu, W.-K.; Collini, L.; Pearce, H.; Fung, J. M.; Valamehr, J.; Bidmeshki, M.; Sapiecha, P.; Brown, S.; Chakrabarty, K.; et al. 2022. Don't CWEAT it: Toward CWE analysis techniques in early stages of hardware design. In *Proceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design*, 1–9. - Akter, S.; Khalil, K.; and Bayoumi, M. 2023. A Survey on Hardware Security: Current Trends and Challenges. *IEEE Access*, 11: 77543–77565. - Akyash, M.; and Kamali, H. M. 2024. Self-hwdebug: Automation of llm self-instructing for hardware security verification. In 2024 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 391–396. IEEE. - Al-Shaikh, H.; Vafaei, A.; Rahman, M. M. M.; Azar, K. Z.; Rahman, F.; Farahmandi, F.; and Tehranipoor, M. 2023. Sharpen: Soc security verification by hardware penetration test. In *Proceedings of the 28th Asia and South Pacific Design Automation Conference*, 579–584. - Anysphere. 2023. The AI Code Editor. https://cursor.com/. Accessed: 2025-07-11. - DeepSeek-AI. 2024. DeepSeek-V3 Technical Report. arXiv:2412.19437. - Dessouky, G.; Gens, D.; Haney, P.; Persyn, G.; Kanuparthi, A.; Khattri, H.; Fung, J. M.; Sadeghi, A.-R.; and Rajendran, J. 2019. {HardFails}: insights into {software-exploitable} hardware bugs. In 28th USENIX Security Symposium (USENIX Security 19), 213–230. - Fan, R.; Tang, Y.; Sun, H.; Liu, J.; and Li, H. 2024. An efficient ml-based hardware trojan localization framework for rtl security analysis. In *Proceedings of the 2024 ACM/IEEE International Symposium on Machine Learning for CAD*, 1–7. - Fang, Z.; Chen, R.; Yang, Z.; Guo, Y.; Dai, H.; and Wang, L. 2025. Lintllm: An open-source verilog linting framework based on large language models. *arXiv preprint arXiv:2502.10815*. - Github. 2021. Introducing GitHub Copilot: your AI pair programmer. https://github.blog/news-insights/product-news/introducing-github-copilot-ai-pair-programmer/. Accessed: 2025-07-11. - Hossain, M. M.; Vafaei, A.; Azar, K. Z.; Rahman, F.; Farahmandi, F.; and Tehranipoor, M. 2023. Socfuzzer: Soc vulnerability detection using cost function enabled fuzz testing. In 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE), 1–6. IEEE. - Karri, R.; Rajendran, J.; Rosenfeld, K.; and Tehranipoor, M. 2010. Trustworthy hardware: Identifying and classifying hardware trojans. *Computer*, 43(10): 39–46. - Mashnoor, N.; Akyash, M.; Kamali, H.; and Azar, K. 2025. LLM-IFT: LLM-Powered Information Flow Tracking for Secure Hardware. In 2025 IEEE 43rd VLSI Test Symposium (VTS), 1–5. IEEE. - OpenAI. 2024. Hello GPT-4o. https://openai.com/index/hello-gpt-4o/. Accessed: 2025-07-11. - Orenes-Vera, M.; Manocha, A.; Wentzlaff, D.; and Martonosi, M. 2021. Autosva: Democratizing formal verification of rtl module interactions. In 2021 58th ACM/IEEE Design Automation Conference (DAC), 535–540. IEEE. - Orenes-Vera, M.; Martonosi, M.; and Wentzlaff, D. 2023. Using llms to facilitate formal verification of rtl. *arXiv* preprint *arXiv*:2309.09437. - Pearce, H.; Ahmad, B.; Tan, B.; Dolan-Gavitt, B.; and Karri, R. 2025. Asleep at the keyboard? assessing the security of github copilot's code contributions. *Communications of the ACM*, 68(2): 96–105. - Rajendran, S. R.; Tarek, S.; Hicks, B. M.; Kamali, H. M.; Farahmandi, F.; and Tehranipoor, M. 2023. Hunter: Hardware underneath trigger for exploiting soc-level vulnerabilities. In 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE), 1–6. IEEE. - Saha, D.; Yahyaei, K.; Saha, S. K.; Tehranipoor, M.; and Farahmandi, F. 2024. Empowering hardware security with Ilm: The development of a vulnerable hardware database. In 2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 233–243. IEEE. - Solt, F.; Gras, B.; and Razavi, K. 2022. {CellIFT}: Leveraging cells for scalable and precise dynamic information flow tracking in {RTL}. In *31st USENIX Security Symposium (USENIX Security 22)*, 2549–2566. - Synopsys. 2015. SpyGlass: Early Design Analysis Tools for SoCs. https://www.synopsys.com/verification/static-and-formal-verification/spyglass.html. Accessed: 2025-07-11. - Takamaeda-Yamazaki, S. 2015. Pyverilog: A python-based hardware design processing toolkit for verilog hdl. In *Applied Reconfigurable Computing: 11th International Symposium, ARC 2015, Bochum, Germany, April 13-17, 2015, Proceedings 11*, 451–460. Springer. - Webber, J. 2012. A programmatic introduction to Neo4j. In *Proceedings of the 3rd Annual Conference on Systems, Programming, and Applications: Software for Humanity*, SPLASH '12, 217–218. New York, NY, USA: Association for Computing Machinery. ISBN 9781450315630. - Wu, Q.; Bansal, G.; Zhang, J.; Wu, Y.; Li, B.; Zhu, E.; Jiang, L.; Zhang, X.; Zhang, S.; Liu, J.; et al. 2024. Autogen: Enabling next-gen LLM applications via multi-agent conversations. In *First Conference on Language Modeling*. - Yamaguchi, F.; Golde, N.; Arp, D.; and Rieck, K. 2014. Modeling and discovering vulnerabilities with code property graphs. In *2014 IEEE symposium on security and privacy*, 590–604. IEEE. - Yasaei, R.; Chen, L.; Yu, S.-Y.; and Al Faruque, M. A. 2022. Hardware trojan detection using graph neural networks. *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, 44(1): 25–38. - Zhang, J.; Wang, C.; Li, A.; Sun, W.; Zhang, C.; Ma, W.; and Liu, Y. 2024b. An empirical study of automated vulnerability localization with large language models. *arXiv preprint arXiv:2404.00287*. Zhao, Y.; Qu, G.; Zhang, Q.; Li, Y.; Li, Z.; and He, J. 2024. Static gate-level information flow for hardware information security with bounded model checking. In 2024 IEEE 42nd VLSI Test Symposium (VTS), 1–7. IEEE. Zhong, L.; and Wang, Z. 2024. Can llm replace stack overflow? a study on robustness and reliability of large language model code generation. In *Proceedings of the AAAI conference on artificial intelligence*, volume 38, 21841–21849.