[otbn] Widen prefetch_loop_end_addr to avoid overflow
There's an amusing bug that you can trigger if you have something like
loopi 123, 1025
The problem is that 1025 instructions (the loop body length) works out
as 4096 + 4 bytes, so the correct value of prefetch_loop_end_addr is
something like old_addr + 4096 + 4.
Unfortunately, 4096 is the size of IMEM so we were truncating this to
just old_addr + 4. This meant that the prefetch stage thought that the
following instruction was at the end of the loop and predicted a back
edge. Eventually, we failed the NoAddressMismatch assertion in
otbn_instruction_fetch.sv.
The fix is to pass one extra bit in the address, just like we already
do with the check in the loop controller itself.
Signed-off-by: Rupert Swarbrick <rswarbrick@lowrisc.org>
diff --git a/hw/ip/otbn/rtl/otbn_controller.sv b/hw/ip/otbn/rtl/otbn_controller.sv
index dab447d..5e2fd16 100644
--- a/hw/ip/otbn/rtl/otbn_controller.sv
+++ b/hw/ip/otbn/rtl/otbn_controller.sv
@@ -145,7 +145,7 @@
output logic prefetch_en_o,
output logic prefetch_loop_active_o,
output logic [31:0] prefetch_loop_iterations_o,
- output logic [ImemAddrWidth-1:0] prefetch_loop_end_addr_o,
+ output logic [ImemAddrWidth:0] prefetch_loop_end_addr_o,
output logic [ImemAddrWidth-1:0] prefetch_loop_jump_addr_o
);
otbn_state_e state_q, state_d;
