mainline build failure due to 5d8c3e836fc2 ("drm/amd/display: fix array-bounds error in dc_stream_remove_writeback()")

Hamza Mahfooz hamza.mahfooz at amd.com
Thu Oct 6 19:51:46 UTC 2022 

Hey Linus,

On 2022-10-06 15:39, Linus Torvalds wrote:
> On Thu, Oct 6, 2022 at 1:51 AM Sudip Mukherjee (Codethink)
> <sudipm.mukherjee at gmail.com> wrote:
>>
>> This is only seen with gcc-11, gcc-12 builds are ok.
> 
> Hmm. This seems to be some odd gcc issue.
> 
> I *think* that what is going on is that the test
> 
>          j = 0 ; j < MAX_DWB_PIPES
> 
> makes gcc decide that "hey, j is in the range [0,MAX_DWB_PIPES[", and
> then since MAX_DWB_PIPES is 1, that simplifies to "j must be zero".
> Good range analysis so far.
> 
> But for 'i', we start off with that lower bound of 0, but the upper
> bound is not fixed (the test for "i" is: "i < stream->num_wb_info").
> 
> And then that "if (i != j)", so now gcc decides that it can simplify
> that to "if (i != 0)", and then simplifies *that* to "oh, the lower
> bound of 'i' in that code is actually 1.
> 
> So then it decides that "stream->writeback_info[i]" must be out of bounds.
> 
> Of course, the *reality* is that stream->num_wb_info should be <=
> MAX_DWB_PIPES, and as such (with the current MAX_DWB_PIPES value of 1)
> it's not that 'i' can be 1, it's that the code in question cannot be
> reached at all.
> 
> What confuses me is that error message ("array subscript [0, 0] is
> outside array bounds of 'struct dc_writeback_info[1]') which seems to
> be aware that the value is actually 0.
> 
> So this seems to be some gcc-11 range analysis bug, but I don't know
> what the fix is. I suspect some random code change would magically
> just make gcc realize it's ok after all, but since it all depends on
> random gcc confusion, I don't know what the random code change would
> be.
> 
> The fix *MAY* be to just add a '&& i < MAX_DWB_PIPES' to that loop
> too, and then gcc will see that both i and j are always 0, and that
> the code is unreachable and not warn about it. Hmm? Can you test that?
> 
> And the reason gcc-12 builds are ok probably isn't that gcc-12 gets
> this right, it's simply that gcc-12 gets so many *opther* things wrong
> that we already disabled -Warray-bounds with gcc-12 entirely.
> 
> If somebody cannot come up with a fix, I suspect the solution is "gcc
> array bounds analysis is terminally buggy" and we just need to disable
> it for gcc-11 too.

It seems that Stephen has a fix for this that works for multiple 
versions of GCC, see: 
https://lore.kernel.org/all/20221006191245.11bb0e2c@canb.auug.org.au/

> 
> Kees, any idea? Who else might be interested in fixing a -Warray-bounds issue?
> 
>                   Linus

-- 
Hamza

More information about the dri-devel mailing list