Merge pull request #28 from sysprog21/static-analysis

CI: Add Clang Static Analyzer

Author: jserv

.ci/install-deps.sh

@@ -1,14 +1,36 @@
 #!/usr/bin/env bash
 
 # Install build dependencies for CI
-# Usage: .ci/install-deps.sh [sdl2|headless|format]
+# Usage: .ci/install-deps.sh [sdl2|headless|format|analysis]
 
 set -euo pipefail
 
 source "$(dirname "$0")/common.sh"
 
 MODE="${1:-sdl2}"
 
+# Setup LLVM 20 APT repository (shared by format and analysis modes)
+setup_llvm_repo() {
+	LLVM_KEYRING=/usr/share/keyrings/llvm-archive-keyring.gpg
+	LLVM_KEY_FP="6084F3CF814B57C1CF12EFD515CF4D18AF4F7421"
+	TMPKEY=$(mktemp)
+	download_to_file https://apt.llvm.org/llvm-snapshot.gpg.key "$TMPKEY"
+	ACTUAL_FP=$(gpg --with-fingerprint --with-colons "$TMPKEY" 2>/dev/null | grep fpr | head -1 | cut -d: -f10)
+	if [ "$ACTUAL_FP" != "$LLVM_KEY_FP" ]; then
+		print_error "LLVM key fingerprint mismatch!"
+		print_error "Expected: $LLVM_KEY_FP"
+		print_error "Got: $ACTUAL_FP"
+		rm -f "$TMPKEY"
+		exit 1
+	fi
+	sudo gpg --dearmor -o "$LLVM_KEYRING" <"$TMPKEY"
+	rm -f "$TMPKEY"
+
+	CODENAME=$(lsb_release -cs)
+	echo "deb [signed-by=${LLVM_KEYRING}] https://apt.llvm.org/${CODENAME}/ llvm-toolchain-${CODENAME}-20 main" | sudo tee /etc/apt/sources.list.d/llvm-20.list
+	sudo apt-get update -q=2
+}
+
 case "$MODE" in
 sdl2)
 	if [ "$OS_TYPE" = "Linux" ]; then
@@ -33,35 +55,25 @@ format)
 	fi
 	sudo apt-get update -q=2
 	sudo apt-get install -y -q=2 --no-install-recommends shfmt python3-pip gnupg ca-certificates lsb-release
-
-	# Install clang-format-20 from LLVM repository
-	# LLVM signing key fingerprint: 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421
-	LLVM_KEYRING=/usr/share/keyrings/llvm-archive-keyring.gpg
-	LLVM_KEY_FP="6084F3CF814B57C1CF12EFD515CF4D18AF4F7421"
-	TMPKEY=$(mktemp)
-	download_to_file https://apt.llvm.org/llvm-snapshot.gpg.key "$TMPKEY"
-	ACTUAL_FP=$(gpg --with-fingerprint --with-colons "$TMPKEY" 2>/dev/null | grep fpr | head -1 | cut -d: -f10)
-	if [ "$ACTUAL_FP" != "$LLVM_KEY_FP" ]; then
-		print_error "LLVM key fingerprint mismatch!"
-		print_error "Expected: $LLVM_KEY_FP"
-		print_error "Got: $ACTUAL_FP"
-		rm -f "$TMPKEY"
-		exit 1
-	fi
-	sudo gpg --dearmor -o "$LLVM_KEYRING" <"$TMPKEY"
-	rm -f "$TMPKEY"
-
-	CODENAME=$(lsb_release -cs)
-	echo "deb [signed-by=${LLVM_KEYRING}] https://apt.llvm.org/${CODENAME}/ llvm-toolchain-${CODENAME}-20 main" | sudo tee /etc/apt/sources.list.d/llvm-20.list
-	sudo apt-get update -q=2
+	setup_llvm_repo
 	sudo apt-get install -y -q=2 --no-install-recommends clang-format-20
 
 	# Install Python formatter (version-pinned for reproducibility)
 	pip3 install --break-system-packages --only-binary=:all: black==25.1.0
 	;;
+analysis)
+	if [ "$OS_TYPE" != "Linux" ]; then
+		print_error "Static analysis only supported on Linux"
+		exit 1
+	fi
+	sudo apt-get update -q=2
+	sudo apt-get install -y -q=2 --no-install-recommends gnupg ca-certificates lsb-release libsdl2-dev
+	setup_llvm_repo
+	sudo apt-get install -y -q=2 --no-install-recommends clang-20 clang-tools-20
+	;;
 *)
 	print_error "Unknown mode: $MODE"
-	echo "Usage: $0 [sdl2|headless|format]"
+	echo "Usage: $0 [sdl2|headless|format|analysis]"
 	exit 1
 	;;
 esac

.github/workflows/main.yml

@@ -60,6 +60,43 @@ jobs:
       - name: Check code formatting
         run: .ci/check-format.sh
 
+  static-analysis:
+    needs: [detect-code-related-file-changes]
+    if: needs.detect-code-related-file-changes.outputs.has_code_related_changes == 'true'
+    timeout-minutes: 15
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v6
+      - name: Install dependencies
+        run: .ci/install-deps.sh analysis
+      - name: scan-build
+        run: |
+          make defconfig
+          make clean
+          scan-build-20 --status-bugs \
+            -o /tmp/scan-build-report \
+            make -j$(nproc)
+      - name: Upload scan-build report
+        if: failure()
+        uses: actions/upload-artifact@v7
+        with:
+          name: scan-build-report
+          path: /tmp/scan-build-report
+          retention-days: 7
+          if-no-files-found: ignore
+      - name: scan-build (alpha checkers, informational)
+        if: always()
+        continue-on-error: true
+        run: |
+          make clean
+          scan-build-20 \
+            -enable-checker alpha.deadcode.UnreachableCode \
+            -enable-checker alpha.unix.cstring.OutOfBounds \
+            -o /tmp/scan-build-alpha-report \
+            make -j$(nproc) 2>&1 | tee /tmp/alpha-output.txt
+          WARNINGS=$(grep -c "warning:" /tmp/alpha-output.txt || true)
+          echo "::notice::Alpha checkers found $WARNINGS warnings (informational only)"
+
   unit-tests:
     needs: [detect-code-related-file-changes]
     if: needs.detect-code-related-file-changes.outputs.has_code_related_changes == 'true'

include/iui.h

@@ -913,8 +913,8 @@ void iui_segmented(iui_context *ctx,
  */
 void iui_slider(iui_context *ctx,
                 const char *label,
-                float min,
-                float max,
+                float min_value,
+                float max_value,
                 float step,
                 float *value,
                 const char *fmt);
@@ -2031,7 +2031,7 @@ void iui_table_row_end(iui_context *ctx, iui_table_state *state);
  * @ctx:   current UI context
  * @state: table state from iui_table_begin
  */
-void iui_table_end(iui_context *ctx, iui_table_state *state);
+void iui_table_end(iui_context *ctx, const iui_table_state *state);
 
 /* Scrollable Container
  * Creates a scrollable viewport using the existing clip stack.
@@ -2189,7 +2189,7 @@ bool iui_nav_rail_item(iui_context *ctx,
                        int index);
 
 /* End navigation rail rendering */
-void iui_nav_rail_end(iui_context *ctx, iui_nav_rail_state *state);
+void iui_nav_rail_end(iui_context *ctx, const iui_nav_rail_state *state);
 
 /* Toggle rail expanded/collapsed state */
 void iui_nav_rail_toggle(iui_nav_rail_state *state);
@@ -2227,7 +2227,7 @@ bool iui_nav_bar_item(iui_context *ctx,
                       int index);
 
 /* End navigation bar rendering */
-void iui_nav_bar_end(iui_context *ctx, iui_nav_bar_state *state);
+void iui_nav_bar_end(iui_context *ctx, const iui_nav_bar_state *state);
 
 /* Navigation Drawer Component
  * Side panel navigation for larger screens
@@ -2267,7 +2267,7 @@ bool iui_nav_drawer_item(iui_context *ctx,
 void iui_nav_drawer_divider(iui_context *ctx);
 
 /* End navigation drawer rendering */
-void iui_nav_drawer_end(iui_context *ctx, iui_nav_drawer_state *state);
+void iui_nav_drawer_end(iui_context *ctx, const iui_nav_drawer_state *state);
 
 /* Open/close drawer */
 void iui_nav_drawer_open(iui_nav_drawer_state *state);
@@ -2339,7 +2339,8 @@ bool iui_bottom_sheet_begin(iui_context *ctx,
                             float screen_height);
 
 /* End bottom sheet rendering */
-void iui_bottom_sheet_end(iui_context *ctx, iui_bottom_sheet_state *state);
+void iui_bottom_sheet_end(iui_context *ctx,
+                          const iui_bottom_sheet_state *state);
 
 /* Open/close bottom sheet */
 void iui_bottom_sheet_open(iui_bottom_sheet_state *state);
@@ -2387,12 +2388,13 @@ bool iui_bottom_app_bar_action(iui_context *ctx,
 
 /* Add FAB (right side). Returns true if clicked */
 bool iui_bottom_app_bar_fab(iui_context *ctx,
-                            iui_bottom_app_bar_state *state,
+                            const iui_bottom_app_bar_state *state,
                             const char *icon,
                             iui_fab_size_t size);
 
 /* End bottom app bar rendering */
-void iui_bottom_app_bar_end(iui_context *ctx, iui_bottom_app_bar_state *state);
+void iui_bottom_app_bar_end(iui_context *ctx,
+                            const iui_bottom_app_bar_state *state);
 
 /* Menu Component
  * Vertical dropdown menu with support for icons, shortcuts, dividers, and

ports/headless.c

@@ -710,7 +710,7 @@ const uint32_t *iui_headless_get_framebuffer(iui_port_ctx *ctx)
 /*
  * Get framebuffer dimensions.
  */
-void iui_headless_get_framebuffer_size(iui_port_ctx *ctx,
+void iui_headless_get_framebuffer_size(const iui_port_ctx *ctx,
                                        int *width,
                                        int *height)
 {
@@ -1165,7 +1165,7 @@ void iui_headless_process_shm_events(iui_port_ctx *ctx)
     /* Process all pending events */
     while (hdr->event_read_idx != hdr->event_write_idx) {
         uint32_t idx = hdr->event_read_idx % IUI_SHM_EVENT_RING_SIZE;
-        iui_shm_event_t *ev = &events[idx];
+        const iui_shm_event_t *ev = &events[idx];
 
         switch (ev->type) {
         case IUI_SHM_EVENT_MOUSE_MOVE:

ports/headless.h

@@ -83,7 +83,7 @@ void iui_headless_inject_text(iui_port_ctx *ctx, uint32_t codepoint);
 const uint32_t *iui_headless_get_framebuffer(iui_port_ctx *ctx);
 
 /* Get framebuffer dimensions */
-void iui_headless_get_framebuffer_size(iui_port_ctx *ctx,
+void iui_headless_get_framebuffer_size(const iui_port_ctx *ctx,
                                        int *width,
                                        int *height);
 

src/basic.c

@@ -113,12 +113,10 @@ void iui_segmented(iui_context *ctx,
         uint32_t text_color = is_selected ? ctx->colors.on_secondary_container
                                           : ctx->colors.on_surface;
 
-        /* Draw checkmark icon on selected segment */
-        float icon_size = IUI_SEGMENTED_ICON_SIZE,
-              text_w = iui_get_text_width(ctx, entries[i]);
-
         if (is_selected) {
             /* Calculate total content width: checkmark + gap + text */
+            float icon_size = IUI_SEGMENTED_ICON_SIZE,
+                  text_w = iui_get_text_width(ctx, entries[i]);
             float gap = 8.f, content_width = icon_size + gap + text_w,
                   content_x = seg_x + (seg_width - content_width) / 2.f,
                   icon_cx = content_x + icon_size / 2.f,

src/container.c

@@ -655,7 +655,7 @@ bool iui_bottom_sheet_begin(iui_context *ctx,
     return true;
 }
 
-void iui_bottom_sheet_end(iui_context *ctx, iui_bottom_sheet_state *state)
+void iui_bottom_sheet_end(iui_context *ctx, const iui_bottom_sheet_state *state)
 {
     if (!ctx || !state)
         return;
@@ -1186,7 +1186,7 @@ void iui_table_row_end(iui_context *ctx, iui_table_state *state)
         0.f, ctx->colors.outline_variant, ctx->renderer.user);
 }
 
-void iui_table_end(iui_context *ctx, iui_table_state *state)
+void iui_table_end(iui_context *ctx, const iui_table_state *state)
 {
     if (!ctx || !ctx->current_window || !state)
         return;

src/core.c

@@ -1515,7 +1515,7 @@ void iui_pop_layer(iui_context *ctx)
         ctx->input_layer.current_z_order = 0;
     } else {
         /* Restore to previous stack entry */
-        iui_layer_entry_t *prev =
+        const iui_layer_entry_t *prev =
             &ctx->input_layer.layer_stack[ctx->input_layer.layer_depth - 1];
         ctx->input_layer.current_layer_id = prev->layer_id;
         ctx->input_layer.current_z_order = prev->z_order;
@@ -1665,7 +1665,7 @@ void iui_register_textfield(iui_context *ctx, void *buffer)
 
     /* Probe entire table until finding empty slot or duplicate */
     for (int probe = 0; probe < IUI_MAX_TRACKED_TEXTFIELDS; probe++) {
-        void *cached = ctx->field_tracking.textfield_ids[idx];
+        const void *cached = ctx->field_tracking.textfield_ids[idx];
         if (!cached) {
             /* Found empty slot, insert here */
             ctx->field_tracking.textfield_ids[idx] = buffer;
@@ -1715,7 +1715,7 @@ bool iui_textfield_is_registered(const iui_context *ctx, const void *buffer)
 
     /* Probe entire table looking for match or empty slot */
     for (int probe = 0; probe < IUI_MAX_TRACKED_TEXTFIELDS; probe++) {
-        void *cached = ctx->field_tracking.textfield_ids[idx];
+        const void *cached = ctx->field_tracking.textfield_ids[idx];
         if (cached == buffer)
             return true;
         if (!cached)
@@ -1725,7 +1725,7 @@ bool iui_textfield_is_registered(const iui_context *ctx, const void *buffer)
     return false;
 }
 
-bool iui_slider_is_registered(const iui_context *ctx, uint32_t slider_id)
+static bool iui_slider_is_registered(const iui_context *ctx, uint32_t slider_id)
 {
     if (slider_id == 0)
         return false;

src/fab.c

@@ -77,9 +77,9 @@ static bool iui_fab_internal(iui_context *ctx,
         iui_internal_draw_text(ctx, content_x, label_y, label, content_color);
     } else {
         /* Standard FAB: centered icon only */
-        float icon_cx = x + fab_w * 0.5f;
-        float icon_cy = center_y;
         if (icon) {
+            float icon_cx = x + fab_w * 0.5f;
+            float icon_cy = center_y;
             iui_draw_fab_icon(ctx, icon_cx, icon_cy, icon_size, icon,
                               content_color);
         }

src/input.c

@@ -459,11 +459,11 @@ static void textfield_move_left(const char *buffer,
             state->cursor = prev;
         }
         while (state->cursor > 0) {
-            size_t prev = iui_utf8_prev(buffer, state->cursor);
-            uint32_t cp = iui_utf8_decode(buffer, prev, len);
+            size_t prev2 = iui_utf8_prev(buffer, state->cursor);
+            uint32_t cp = iui_utf8_decode(buffer, prev2, len);
             if (!iui_utf8_is_word_char(cp))
                 break;
-            state->cursor = prev;
+            state->cursor = prev2;
         }
     } else {
         state->cursor = iui_utf8_prev(buffer, state->cursor);