This work addresses the challenge of accurately identifying and localizing semantic-level Common Weakness Enumerations (CWEs) in Verilog code generated by large language models (LLMs), a task where existing RTL vulnerability detection methods fall short. To overcome the limitations of traditional rule-based or structural analysis approaches, the paper proposes the first embedding-based, fine-grained detection framework that leverages deep semantic modeling for both module-level and line-level CWE classification. By introducing representation learning to RTL code at the line level—a novel application in this domain—the method achieves approximately 89% detection precision on representative weaknesses such as CWE-1244 and CWE-1245, with a line-level localization accuracy of 96%, substantially enhancing the capability to detect and pinpoint security-critical flaws in hardware designs.

Large Language Models (LLMs) have shown significant improvement in RTL code generation. Despite the advances, the generated code is often riddled with common vulnerabilities and weaknesses (CWEs) that can slip by untrained eyes. Attackers can often exploit these weaknesses to fulfill their nefarious motives. Existing RTL bug-detection techniques rely on rule-based checks, formal properties, or coarse-grained structural analysis, which either fail to capture semantic vulnerabilities or lack precise localization. In our work, we bridge this gap by proposing an embedding-based bug-detection framework that detects and classifies bugs at both module and line-level granularity. Our method achieves about 89% precision in identifying common CWEs such as CWE-1244 and CWE-1245, and 96% accuracy in detecting line-level bugs.