Conquest MAI — Microarchitectural Integrity Sign-Off

Conquest MAI datasheet
Conquest Sentry

Microarchitectural Integrity Sign-Off

Conquest MAI is the industry’s first microarchitectural integrity sign-off tool. Its quick setup and extremely fast performance enable designers to include it during RTL sign-off.

Conquest MAI automatically infers and identifies standard functional components (SFCs), even when they are distributed across the design hierarchy.

It then performs localized, automatic checks early in the design flow to verify microarchitectural integrity. These checks go beyond the scope of RTL linting, exceed practical formal verification capacity limits, and are difficult to target effectively using simulation.

Conquest MAI’s advanced debug capabilities enable visualization of the inferred functional intent of each SFC, supporting deep design understanding and exploration. For example, it generates FSM diagrams and SFC functional block schematics.

Microarchitectural integrity - Conquest MAI

Minimally Boolean: Enabling MAI sign-off during RTL sign-off

Static Sign-Off Abstract checking

Because simulation and formal verification methodologies rely heavily on Boolean analysis, they each have limitations. Formal is slow with significant capacity limits for exhaustive analysis, while simulation requires large resource investments.

Conquest MAI is only minimally dependent on Boolean methods. It primarily uses abstract checking methods rather than full Boolean state-space solving — applying custom solutions for specific problems. This approach:

  • Runs 10X–100X faster than formal, analyzing a million gates in minutes.
  • Exhaustively covers billions of gates in hours without black boxing.
  • Requires only hours for setup with out-of-the-box checks – no testbenches or assertions required.

This combination makes it practical for designers to start microarchitectural integrity checking during early RTL design — well before beginning simulation.

Inferring Functional Intent to Identify SFCs

Conquest MAI infers functional intent directly from RTL by identifying Standard Functional Components (SFCs) such as FSMs, multi-port RAMs, FIFOs, stacks, counters, and shifters. This process looks past RTL syntax to understand functional behavior, enabling SFC identification even when structure and intent are obscured by coding style, hierarchy, or distribution across modules.

Conquest MAI’s intent inference is:

  • Agnostic to coding style: Identifies components whether they are implemented using case statements, if-else logic, or conditional operators.
  • Cross-hierarchy: Infers components even when their logic is functionally split across multiple modules.
  • Semantic rather than syntactic: Does not rely on variable naming conventions (such as current_state/next_state); instead, it analyzes logic flow to recognize constructs even when they use obscure descriptors, as well as complex arrays and generate statements for multiple identical SFCs.

Microarchitectural integrity - infers SFC intent

Simulation and formal verification tools operate on explicitly written logic and Boolean behavior; they do not infer functional intent. Conquest MAI understands both the design’s implementation and its functional intent, establishing the foundation for microarchitectural integrity sign-off.

Leverages existing Meridian CDC or Meridian RDC setup

Conquest MAI requires minimal setup to ensure accuracy of analysis. The clocks and resets must be identified, as well as the mode configuration settings necessary for functional operation. Conquest MAI is able to use existing environment files from Meridian CDC and/or Meridian RDC. The tool can also automatically create an environment file template for review.

Microarchitectural integrity checks

Conquest MAI’s understanding of the functional components and its microarchitectural analysis technology enable it to run microarchitectural integrity checks on the SFCs that are not practical with other verification methods.

  • Simulation can show data corruption or data loss when the appropriate sequence of conditions are applied, but debug is tedious and lengthy
  • Formal typically has capacity issues and generally requires additional constraints for accuracy.
  • RTL linters cannot infer SFCs beyond basic FSMs

Below are a few examples of unique microarchitectural integrity checks that Conquest MAI can perform.

FIFO Read / Write Reset Mismatch

Check:  Verify that the read/write counters and their associated status signals (empty/full) use the same reset signal. A mismatch in reset sources between a pointer and its associated status flag will leave the FIFO in an inconsistent state, likely causing data corruption.

Violation: The reset signals driving the read or write control logic are mismatched. For example, the empty flag is reset by one signal while the read pointer is reset by a different signal, causing the two to potentially fall out of sync after a partial system reset.

Fix: Use a single, common reset signal for each read or write control path so that the pointer and its associated status signal are reset together. The read pointer must reset in sync with the empty flag, and the write pointer must reset in sync with the full flag.

Out-of-range counter usage

Check: Verify that counters are being compared against values that are within the inferred operational counter range. Comparing counter values with values outside of the counter range can signal an error in coding, either in the specified counter range or the usage.

Violation: These violations occur when the output of the counter is used outside of its range.

Fix: Enforce all comparisons to be within the valid range of the counter.

FSM State Hamming Distance / Weight

Check: Verify that FSM state encodings satisfy the required minimum Hamming weight and minimum Hamming distance constraints. Insufficient separation between state encodings can allow accidental or malicious bit flips to cause unintended state transitions, compromising functional correctness or security.

Violation: One or more FSM state encodings violate the configured Hamming weight or Hamming distance requirements. For example, a state encoding may contain too few 1s or too few 0s, or two states may differ by fewer bits than the specified minimum distance. As a result, the FSM includes state encodings that do not meet the required separation or balance constraints.

Fix: Reassign FSM state encodings to satisfy the required minimum Hamming weight and minimum Hamming distance constraints. Ensure that no valid state encoding falls below the specified weight and that every pair of valid states differs by at least the required number of bits.

Sentry Hardware Security Sign-Off >>

FIFO Overflow / Underflow

Check: Verify that FIFO control logic enforces valid access based on FIFO state: writes are blocked when the FIFO is full, and reads are blocked when the FIFO is empty. Overflow causes data loss by overwriting unread entries; underflow causes invalid or repeated data to be returned.

Violation: These violations occur when read and write enables are not properly gated by FIFO state and allow accesses that violate the intended full/empty semantics.

  • FIFO overflow: A write is permitted when the FIFO is already full (write pointer at its maximum state). This overwrites existing FIFO contents and results in data loss or memory corruption.
  • FIFO underflow: A read is permitted when the FIFO is empty (read pointer at its initial state). This returns stale, duplicated, or otherwise invalid data.

Fix: Enforce FIFO state awareness in the control logic to allow writes only when the FIFO is not full, and to allow reads only when the FIFO is not empty

Visualizing Inferred SFCs for Debug

Conquest MAI applies the same inferred intent analysis when identifying SFCs to generate visualizations that present the inferred structure and behavior of each SFC, independent of RTL coding style.

These graphical representations accelerate debug by making it easier to understand why a condition exists and how the observed behavior emerges from the design. Examples include:

  • Schematics show the implementation, including any module hierarchy
  • SFC functional block schematics that show SFC interfaces, and control relationships
  • FSM diagrams that show states, transitions, resets, and state conditions such as self-loops, unreachable paths, or illegal encodings, enabling rapid verification of state reachability and control flow

Microarchitectural Integrity -- FSM diagram

Conquest MAI uses inference to identify an FSM and generate a diagram

By visualizing inferred SFCs, Conquest MAI enables faster root-cause debug of detected issues, with clear validation of inferred intent versus designer intent. The result is confident exploration of complex or unfamiliar microarchitectural behavior.

Additionally, Conquest MAI contains an SFC viewer that provides a global view of the designs SFCs, along with details of each SFC.

What is Microarchitectural Integrity Sign-Off?

Microarchitectural Integrity Sign-Off is a static verification methodology that verifies the functional correctness of standard functional components (SFCs) within RTL designs. The methodology involves identifying SFCs, even when they are distributed across the design hierarchy, and subsequently checks to ensure their implementation and usage adheres to expected functional behavior and design intent.