Countering the Path Explosion Problem in the Symbolic Execution of Hardware Designs

Symbolic execution is a powerful verification tool for hardware designs, but suffers from the path explosion problem. We introduce a new approach, piecewise composition, which leverages the modular structure of hardware to transfer the work of path exploration to SMT solvers. We present a symbolic execution engine implementing the technique. The engine operates directly over register transfer level (RTL) Verilog designs without requiring translation to a netlist or software simulation. In our evaluation, piecewise composition reduces the number of paths explored by an order of magnitude and reduces the runtime by 97%. Using 84 properties from the literature we find assertion violations in 5 open-source designs including an SoC and CPU.