This work proposes the first general-purpose static analysis framework for Verilog, addressing the long-standing lack of such infrastructure in the hardware domain that has hindered defect detection, security analysis, and program understanding. The framework features an analysis-oriented frontend, a hardware-customized intermediate representation (IR), and foundational analysis modules that systematically model key hardware semantics—including bit-vector operations and register synchronization—while supporting dataflow, control flow, and concurrency. Evaluated on nine real-world hardware projects, it uncovered nine previously unknown bugs (all confirmed by developers), detected 18 additional bugs missed by existing tools, and identified 16 security vulnerabilities. The authors have open-sourced over 100,000 lines of code, establishing a foundational platform for hardware static analysis.

In the past decades, static analysis has thrived in software, facilitating applications in bug detection, security, and program understanding. These advanced analyses are largely underpinned by general-purpose static analysis frameworks, which offer essential infrastructure to streamline their development. Conversely, hardware lacks such a framework, which overshadows the promising opportunities for sophisticated static analysis in hardware, hindering achievements akin to those witnessed in software. We thus introduce Qihe, the first general-purpose static analysis framework for Verilog -- a highly challenging endeavor given the absence of precedents in hardware. Qihe features an analysis-oriented front end, a Verilog-specific IR, and a suite of diverse fundamental analyses that capture essential hardware-specific characteristics -- such as bit-vector arithmetic, register synchronization, and digital component concurrency -- and enable the examination of intricate hardware data and control flows. These fundamental analyses are designed to support a wide array of hardware analysis clients. To validate Qihe's utility, we further developed a set of clients spanning bug detection, security, and program understanding. Our preliminary experimental results are highly promising; for example, Qihe uncovered 9 previously unknown bugs in popular real-world hardware projects (averaging 1.5K+ GitHub stars), all of which were confirmed by developers; moreover, Qihe successfully identified 18 bugs beyond the capabilities of existing static analyses for Verilog bug detection (i.e., linters), and detected 16 vulnerabilities in real-world hardware programs. By open-sourcing Qihe, which comprises over 100K lines of code, we aim to inspire further innovation and applications of sophisticated static analysis for hardware, aspiring to foster a similarly vibrant ecosystem that software analysis enjoys.