Cross-layer verification of peripherals in SystemC virtual prototypes (VPs) remains challenging—existing approaches either require kernel modifications or neglect cross-layer co-verification. Method: We propose two complementary solutions: CrosSym, which modifies the SystemC kernel to natively support symbolic execution, and SEFOS, which refactors the symbolic execution engine to operate on unmodified, original SystemC peripherals. Contribution/Results: To our knowledge, this is the first work enabling end-to-end, abstraction-agnostic co-verification from transaction-level modeling (TLM) down to register-transfer level (RTL) without model simplification. Experiments confirm that SEFOS fully preserves SystemC’s semantic integrity, while CrosSym achieves superior runtime efficiency—matching the performance of state-of-the-art TLM-only symbolic verifiers. Our approach successfully detected over 300 seeded mutants across multi-abstraction peripherals, significantly enhancing verification depth and trustworthiness for complex hardware designs.

Virtual Prototypes (VPs) are important tools in modern hardware development. At high abstractions, they are often implemented in SystemC and offer early analysis of increasingly complex designs. These complex designs often combine one or more processors, interconnects, and peripherals to perform tasks in hardware or interact with the environment. Verifying these subsystems is a well-suited task for VPs, as they allow reasoning across different abstraction levels. While modern verification techniques like symbolic execution can be seamlessly integrated into VP-based workflows, they require modifications in the SystemC kernel. Hence, existing approaches therefore modify and replace the SystemC kernel, or ignore the opportunity of cross-level scenarios completely, and would not allow focusing on special challenges of particular subsystems like peripherals. We propose CrosSym and SEFOS, two opposing approaches for a versatile symbolic execution of peripherals. CrosSym modifies the SystemC kernel, while SEFOS instead modifies a modern symbolic execution engine. Our extensive evaluation applies our tools to various peripherals on different levels of abstractions. Both tools extensive sets of features are demonstrated for (1) different verification scenarios, and (2) identifying 300+ mutants. In comparison with each other, SEFOS convinces with the unmodified SystemC kernel and peripheral, while CrosSym offers slightly better runtime and memory usage. In comparison to the state-of-the-art, that is limited to Transaction Level Modelling (TLM), our tools offered comparable runtime, while enabling cross-level verification with symbolic execution.