Hardware design suffers from challenges in localizing deep-rooted bugs, and existing spectrum-based fault localization (SFL) techniques often rely solely on a single failing test case, resulting in low precision. To address this, this paper proposes a trace-based fault localization method grounded in witness test case generation. Our core insight is to reformulate fault localization as the problem of automatically generating effective witness test cases that maximally expose behavioral discrepancies between correct and faulty implementations. We formally define the criteria for such witnesses and integrate execution spectrum difference analysis with directed mutation strategies to synthesize highly discriminative test cases. The resulting automated framework unifies spectrum analysis, mutation testing, and execution trace comparison. Evaluated on 41 benchmark hardware bugs, our approach achieves Top-1/Top-5/Top-10 localization accuracies of 49%, 73%, and 88%, respectively—substantially outperforming state-of-the-art methods. Further validation on 13 real-world open-source hardware defects confirms its robustness.

Debugging hardware designs requires significant manual effort during hardware development. After engineers identify a bug-triggering test case in simulation-based hardware verification, they usually spend considerable time analyzing the execution trace to localize the bug. Although numerous automated hardware debugging techniques exist, they are not applicable to large designs and deep bugs. A primary reason for their limitations is that these techniques only utilize the information of a single bug-triggering test case for bug localization, which prevents them from effectively analyzing intricate hardware systems and figure out the root cause of bugs. To solve this problem, in this paper, we transform the hardware bug localization problem into a test generation problem, aiming to find a set of effective witness test cases beyond the initial bug-triggering test case to enhance hardware bug localization. Witness test cases refer to the cases that do not trigger the bug in the faulty design. By analyzing the execution differences between passing and failing test cases with spectrum-based method, we can eliminate innocent design statements and localize the buggy ones. To further refine the suspicious area, we define the criteria for effective witness test cases and use a mutation-based strategy to generate such test cases. Based on this approach, we propose an automated hardware bug localization framework named Wit-HW. We evaluate Wit-HW on 41 bugs from various hardware designs. The experimental results show that Wit-HW effectively localize 49%, 73%, 88% bugs within Top-1, Top-5, Top-10 ranks, significantly outperforming state-of-the-art bug localization techniques. Additionally, we evaluate Wit-HW on 13 real-world bugs collected from open-source hardware projects, showcasing the robust performance of our method.