Re: [RFC v2 0/2] add kconfirm

[Demi Marie Obenour]

On 5/9/26 16:38, Julian Braha wrote:
> Hi all,
> 
> kconfirm is a tool to detect misusage of Kconfig. It detects dead code,
> constant conditions, and invalid (reverse) ranges. There are also optional
> checks to detect config options that select visible config options, and to
> check for dead links in the help texts.
> 
> The full patchset (with the vendored dependencies) is available in my
> linux fork, git branch 'kconfirm_rfc2', and is based on linux v7.1-rc2:
> https://github.com/julianbraha/linux/tree/kconfirm_rfc2
> 
> The patches sent here with the RFC include everything other than the
> vendored dependencies, including the tool's code, the documentation, and
> the makefile changes.
> 
> Following this discussion:
> https://lore.kernel.org/all/20260405122749.4990dcb538d457769a3276e0@xxxxxxxxxxxxxxxxxxxx/
> in which Andrew brought up the possibility of moving kconfirm in-tree,
> I've prepared this RFC to do so. See also kconfirm's introduction to the
> mailing list:
> https://lore.kernel.org/all/6ec4df6d-1445-48ca-8f54-1d1a83c4716d@xxxxxxxxx/
> 
> False Alarms:
> kconfirm aims for zero false-positives, which is currently true for the
> default checks (as far as I'm aware - but there are hundreds to go
> through); this is not really possible for dead link checks, as this
> depends on an internet connection, and we do not attempt to bypass bot
> blocks. For this reason, dead link checking is disabled by default, but
> I've provided an example below of how to enable it. Additionally, you can
> view my previous message to the mailing list with hand-verified dead links
> here:
> https://lore.kernel.org/all/6732bf08-41ee-40c4-83b2-4ae8bc0da7cf@xxxxxxxxx/
> 
> Additionally, there is an optional check to detect config options that
> select visible config options, as requested by Jani during the review of
> the first version of this RFC:
> https://lore.kernel.org/all/dcb7439832f0bb35598fba653d922b5f6a4d0058@xxxxxxxxx/
> 
> Even after deduplicating across architectures, there are well over 1,000
> instances of these select-visible cases, and I suspect that, despite the
> Kconfig documentation saying select-visible should be avoided, some
> exceptions will be made. So, I have left this check disabled by default,
> keeping in line with the goal of having a low-noise checker. If interested
> in using it, I have included an example below of how to enable this check.
> 
> Current State of Alarms:
> On Linux v7.1-rc2 (which this RFC is based), there are 489 alarms coming
> from the default set of checks, and an additional 1,789 alarms if enabling
> the optional select-visible check. These counts are with deduplication
> across architectures, a change that was made to the tool's CLI from RFC v1
> to RFC v2. The last time I checked linux-next (next-20260427), there were
> 81 unique dead links.
> 
> The most critical check is the dead default statements, which has surfaced
> a few misconfiguration bugs (fortunately, just for kunit tests), see
> examples:
> https://lore.kernel.org/all/20260323124118.1414913-1-julianbraha@xxxxxxxxx/
> and:
> https://lore.kernel.org/all/20260323123536.1413732-1-julianbraha@xxxxxxxxx/
> 
> But hopefully kconfirm can ease maintenance and we can prevent more of
> these from making it into the tree in the future.
> 
> Use it:
> You can test out kconfirm with this patch series by compiling and running
> kconfirm like this:
> 
> `make kconfirm`
> 
> To enable the select-visible check:
> `KCONFIRM_ARGS="--enable select_visible" make kconfirm`
> 
> And to enable dead link checks in the help texts:
> `KCONFIRM_ARGS="--enable dead_links" make kconfirm`
> 
> Note that it is not architecture-specific; it runs tree-wide. Any alarms
> that are specific to one or more architectures will have a tag using the
> config option(s) of the architecture(s), for example: [X86] or [X86, ARM]
> 
> The dependencies are vendored in scripts/kconfirm/vendor so that no
> internet connection is needed to compile the code. The total size of the
> tool with dependencies is 49mb, making it a large amount of code, though
> still in the ballpark of perf, at 42mb. 
> 
> I managed to reduce the size of the vendored dependencies from 264mb by
> taking multiple approaches:
> 1. Removed 'rustls' for TLS and instead use the user's system OpenSSL
> 2. Replaced the 'reqwest' crate with the smaller 'ureq' crate
> 3. Disabled the default features of the dependencies, and only enabled
>    whatever is needed by kconfirm
> 3. Filtered out various things from the vendored dependencies unneeded for
>    compilation (e.g. docs & tests for dependencies)
> 4. Filtered out platform-specific code that isn't needed for linux
> developers (e.g. Nintendo 3DS)
> 
> The script I ran to generate the vendored dependencies with filtering is
> available in scripts/kconfirm/vendor_dependencies.sh 
>  
> Requested feedback:
> 1. I would like to know if anyone thinks that the select-visible check
>    should be enabled by default. 
> 2. The only "person" that commented on `make clean` deleting the compiled
> kconfirm binary/artifacts was sashiko-bot. Now, there is just
> `make kconfirmclean` for deleting 'scripts/kconfirm/release/', and
> `make clean` no longer touches kconfirm. Please let me know if anyone has
> requested changes on the integration with Make.
> 
> Thanks,
> Julian Braha
> ---
> Changes since v1:
> - vendored dependencies instead of requiring an internet connection
> - removed Cargo.lock
> - replaced reqwest dependency with smaller ureq
> - removed rustls, expect user to have openssl instead
> - added select-visible check based on Jani's feature request
> - added invalid (reverse) range check
> - deduplicating alarms that appear for multiple architectures
> - `make clean` no longer deletes kconfirm's build artifacts
> - typo fixes in documentation
> - added patch description for the main "add kconfirm" patch (patch 1/2)
> 
> Link to v1:
> https://lore.kernel.org/all/20260427174429.779474-1-julianbraha@xxxxxxxxx/
> ---

This adds too many dependencies.

Some suggestions:

- Use system libcurl instead of ureq.
- Use libc getopt_long instead of clap.
- Use manual FFI bindings instead of third-party crates.
- Use the C Kconfig parser instead of a third-party library.

Ideally, this shouldn't need any dependencies from crates.io
at all.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature