In the past decades, static analysis has thrived in software, facilitating applications in bug detection, security, and program understanding. These advanced analyses are largely underpinned by general-purpose static analysis frameworks, which offer essential infrastructure to streamline their development. Conversely, hardware lacks such a framework, which overshadows the promising opportunities for sophisticated static analysis in hardware, hindering achievements akin to those witnessed in software. We thus introduce Qihe, the first general-purpose static analysis framework for Verilog -- a highly challenging endeavor given the absence of precedents in hardware. Qihe features an analysis-oriented front end, a Verilog-specific IR, and a suite of diverse fundamental analyses that capture essential hardware-specific characteristics -- such as bit-vector arithmetic, register synchronization, and digital component concurrency -- and enable the examination of intricate hardware data and control flows. These fundamental analyses are designed to support a wide array of hardware analysis clients. To validate Qihe's utility, we further developed a set of clients spanning bug detection, security, and program understanding. Our preliminary experimental results are highly promising; for example, Qihe uncovered 9 previously unknown bugs in popular real-world hardware projects (averaging 1.5K+ GitHub stars), all of which were confirmed by developers; moreover, Qihe successfully identified 18 bugs beyond the capabilities of existing static analyses for Verilog bug detection (i.e., linters), and detected 16 vulnerabilities in real-world hardware programs. By open-sourcing Qihe, which comprises over 100K lines of code, we aim to inspire further innovation and applications of sophisticated static analysis for hardware, aspiring to foster a similarly vibrant ecosystem that software analysis enjoys.

翻译：过去数十年间，静态分析技术在软件领域蓬勃发展，有力支撑了缺陷检测、安全验证与程序理解等应用。这些高级分析技术主要依托于通用静态分析框架所提供的核心基础设施，从而显著降低了开发复杂度。相比之下，硬件领域却长期缺乏此类框架，这既制约了复杂静态分析技术在硬件领域的应用前景，也阻碍了其取得类似软件领域的显著成就。为此，我们提出启阖（Qihe）——首个面向Verilog的通用静态分析框架。鉴于硬件领域尚无先例可循，此项工作极具挑战性。启阖框架包含三大核心组件：面向分析的前端处理器、专为Verilog设计的中间表示（IR），以及一系列捕捉硬件关键特性的基础分析模块。这些基础分析模块能够处理位向量运算、寄存器同步、数字组件并发等硬件特有性质，并支持对复杂硬件数据流与控制流的深入解析。所有基础分析模块均设计为可支撑多样化的硬件分析客户端。为验证启阖的实用性，我们进一步开发了涵盖缺陷检测、安全验证与程序理解三大领域的客户端工具集。初步实验结果令人鼓舞：启阖在主流实际硬件项目（平均GitHub星标数超过1.5K）中发现了9个此前未知的缺陷，且均获开发者确认；同时，启阖成功检测出现有Verilog静态缺陷检测工具（如linter）无法发现的18个缺陷，并在实际硬件程序中识别出16个安全漏洞。我们现已开源包含逾10万行代码的启阖框架，旨在激发硬件领域复杂静态分析技术的创新与应用，期望推动硬件分析生态达到软件分析领域的繁荣水平。