Merge branch 'main' into feature/distributed-erlang

bettio · bettio · commit 67f3706ed753 · 2025-05-04T11:05:01.000+02:00
diff --git a/.github/workflows/esp32-build.yaml b/.github/workflows/esp32-build.yaml
@@ -31,12 +31,17 @@ jobs:
   esp-idf:
     runs-on: ubuntu-24.04
     container: espressif/idf:${{ matrix.idf-version }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
 
     strategy:
       fail-fast: false
 
       matrix:
         esp-idf-target: ["esp32", "esp32c3"]
+        language: ['cpp']
         idf-version:
          - 'v5.0.7'
          - 'v5.1.5'
@@ -53,6 +58,16 @@ jobs:
     - name: Checkout repo
       uses: actions/checkout@v4
 
+    - name: "Git config safe.directory for codeql"
+      run: git config --global --add safe.directory /__w/AtomVM/AtomVM
+
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{matrix.language}}
+        build-mode: manual
+        queries: +./code-queries/term-to-non-term-func.ql,./code-queries/non-term-to-term-func.ql
+
     - name: Build with idf.py
       shell: bash
       working-directory: ./src/platforms/esp32/
@@ -69,6 +84,9 @@ jobs:
         . $IDF_PATH/export.sh
         idf.py size-components
 
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3
+
     - name: Install dependencies to build host AtomVM and run qemu
       run: |
         set -eu
diff --git a/.github/workflows/pico-build.yaml b/.github/workflows/pico-build.yaml
@@ -25,7 +25,9 @@ on:
       - 'src/libAtomVM/**'
 
 permissions:
+  actions: read
   contents: write
+  security-events: write
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref != 'refs/heads/main' && github.ref || github.run_id }}
@@ -37,6 +39,7 @@ jobs:
     strategy:
       matrix:
         board: ["pico", "pico_w", "pico2"]
+        language: ["cpp"]
 
     steps:
     - name: Checkout repo
@@ -52,6 +55,16 @@ jobs:
             libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib \
             erlang-base erlang-dev erlang-dialyzer erlang-eunit rebar3
 
+    - name: "Git config safe.directory for codeql"
+      run: git config --global --add safe.directory /__w/AtomVM/AtomVM
+
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{matrix.language}}
+        build-mode: manual
+        queries: +./code-queries/term-to-non-term-func.ql,./code-queries/non-term-to-term-func.ql
+
     - name: Build
       shell: bash
       working-directory: ./src/platforms/rp2/
@@ -62,6 +75,9 @@ jobs:
         cmake .. -G Ninja -DPICO_BOARD=${{ matrix.board }}
         ninja
 
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3
+
     - name: Install nvm and nodejs 20
       if: matrix.board != 'pico2'
       run: |
diff --git a/.github/workflows/stm32-build.yaml b/.github/workflows/stm32-build.yaml
@@ -27,6 +27,11 @@ concurrency:
 jobs:
   stm32:
     runs-on: ubuntu-24.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
     steps:
     - uses: actions/cache@v4
       id: builddeps-cache
@@ -63,6 +68,16 @@ jobs:
     - name: Checkout repo
       uses: actions/checkout@v4
 
+    - name: "Git config safe.directory for codeql"
+      run: git config --global --add safe.directory /__w/AtomVM/AtomVM
+
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: 'cpp'
+        build-mode: manual
+        queries: +./code-queries/term-to-non-term-func.ql,./code-queries/non-term-to-term-func.ql
+
     - name: Build
       shell: bash
       working-directory: ./src/platforms/stm32/
@@ -73,3 +88,6 @@ jobs:
         # -DAVM_WARNINGS_ARE_ERRORS=ON
         cmake .. -DCMAKE_TOOLCHAIN_FILE=cmake/arm-toolchain.cmake -DLIBOPENCM3_DIR=/home/runner/libopencm3
         make -j
+
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/wasm-build.yaml b/.github/workflows/wasm-build.yaml
@@ -30,16 +30,38 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+
   compile_tests:
+
     runs-on: ubuntu-24.04
     container: erlang:27
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["c-cpp"]
+
     steps:
     - name: Checkout repo
       uses: actions/checkout@v4
 
     - name: Install required packages
       run: apt update && apt install -y gperf zlib1g-dev cmake ninja-build
 
+    - name: "Git config safe.directory for codeql"
+      run: git config --global --add safe.directory /__w/AtomVM/AtomVM
+
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{matrix.language}}
+        build-mode: manual
+        queries: +./code-queries/term-to-non-term-func.ql,./code-queries/non-term-to-term-func.ql
+
     - name: Compile AtomVM and test modules
       run: |
         set -e
@@ -49,6 +71,9 @@ jobs:
         # test_eavmlib does not work with wasm due to http + ssl test
         ninja AtomVM atomvmlib erlang_test_modules test_etest test_alisp test_estdlib hello_world run_script call_cast html5_events wasm_webserver
 
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3
+
     - name: Upload AtomVM and test modules
       uses: actions/upload-artifact@v4
       with:
@@ -80,6 +105,7 @@ jobs:
     needs: compile_tests
     runs-on: ubuntu-24.04
     container: emscripten/emsdk
+
     steps:
     - name: Checkout repo
       uses: actions/checkout@v4
@@ -145,13 +171,30 @@ jobs:
   wasm_build_web:
     runs-on: ubuntu-24.04
     container: emscripten/emsdk
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript-typescript"]
+
     steps:
     - name: Checkout repo
       uses: actions/checkout@v4
 
     - name: "Install deps"
       run: sudo apt update -y && sudo apt install -y cmake gperf
 
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{matrix.language}}
+        build-mode: none
+        db-location: '${{ github.runner_temp }}/codeql_js_database'
+
     - name: Build wasm build for web
       shell: bash
       working-directory: ./src/platforms/emscripten/
@@ -162,6 +205,9 @@ jobs:
         emcmake cmake .. -DAVM_EMSCRIPTEN_ENV=web
         emmake make -j
 
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3
+
     - name: Upload wasm build for web
       uses: actions/upload-artifact@v4
       with:
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -45,6 +45,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added several `io_lib` functions including `io_lib:fwrite/2` and `io_lib:write_atom/1`
 - Added `init:get_argument/1`, `init:get_plain_arguments/0` and `init:notify_when_started/1`
 - Added `application:get_env/2`
+- Added CodeQL analysis to esp32, stm32, pico, and wasm workflows
 
 ### Changed
 
diff --git a/LICENSES/LicenseRef-Proprietary.txt b/LICENSES/LicenseRef-Proprietary.txt
@@ -0,0 +1 @@
+This file is proprietary. Please contact the copyright holder for more information about its licensing and use.
diff --git a/README.Md b/README.Md
@@ -112,7 +112,7 @@ All of these limitations are going to be fixed in a reasonable amount of time.
 About This Project
 ==================
 This project has been created by [Davide Bettio](https://github.com/bettio/), and now is developed
-from a growing number of contributors.
+from a growing number of [contributors](https://github.com/atomvm/AtomVM/graphs/contributors).
 
 How to Contribute
 -----------------
@@ -123,3 +123,18 @@ of the [organization](https://github.com/atomvm) repositories.
 License
 -------
 This project is under the terms of the Apache 2.0 license.
+
+❤️ Acknowledgements
+-------------------
+
+AtomVM is made possible thanks to the dedication of a vibrant community of individual contributors
+who have generously shared their time and expertise. We are deeply grateful for their ongoing
+support and passion over the years.
+
+We also want to extend a special thank you to the following companies for supporting the development
+of AtomVM:
+
+[![Dashbit](doc/assets/dashbit-logo.png)](https://dashbit.co/)
+[![Software Mansion](doc/assets/sw-mansion-logo.png)](https://swmansion.com/)
+
+Thank you all for being part of this journey! 🙌
diff --git a/doc/assets/dashbit-logo.png b/doc/assets/dashbit-logo.png
diff --git a/doc/assets/dashbit-logo.png.license b/doc/assets/dashbit-logo.png.license
@@ -0,0 +1,2 @@
+SPDX-FileCopyrightText: (C) Dashbit
+SPDX-License-Identifier: LicenseRef-Proprietary
diff --git a/doc/assets/sw-mansion-logo.png b/doc/assets/sw-mansion-logo.png
diff --git a/doc/assets/sw-mansion-logo.png.license b/doc/assets/sw-mansion-logo.png.license
@@ -0,0 +1,2 @@
+SPDX-FileCopyrightText: (C) Software Mansion
+SPDX-License-Identifier: LicenseRef-Proprietary
diff --git a/src/platforms/esp32/components/avm_builtins/gpio_driver.c b/src/platforms/esp32/components/avm_builtins/gpio_driver.c
@@ -630,7 +630,7 @@ static NativeHandlerResult consume_gpio_mailbox(Context *ctx)
     }
 
     term ret_msg;
-    if (UNLIKELY(memory_ensure_free_with_roots(ctx, 3, 1, &ret, MEMORY_CAN_SHRINK) != MEMORY_GC_OK)) {
+    if (UNLIKELY(memory_ensure_free_with_roots(ctx, TUPLE_SIZE(2), 1, &ret, MEMORY_CAN_SHRINK) != MEMORY_GC_OK)) {
         ret_msg = OUT_OF_MEMORY_ATOM;
     } else {
         ret_msg = create_pair(ctx, gen_message.ref, ret);
diff --git a/src/platforms/esp32/components/avm_builtins/spi_driver.c b/src/platforms/esp32/components/avm_builtins/spi_driver.c
@@ -655,14 +655,14 @@ static NativeHandlerResult spidriver_consume_mailbox(Context *ctx)
         default:
             TRACE("spi: error: unrecognized command.\n");
             if (UNLIKELY(memory_ensure_free(ctx, TUPLE_SIZE(2)) != MEMORY_GC_OK)) {
-                return OUT_OF_MEMORY_ATOM;
+                ret = OUT_OF_MEMORY_ATOM;
             }
             term unkn_a = globalcontext_make_atom(ctx->global, ATOM_STR("\xF", "unknown_command"));
-            return create_pair(ctx, ERROR_ATOM, esp_err_to_term(ctx->global, unkn_a));
+            ret = create_pair(ctx, ERROR_ATOM, esp_err_to_term(ctx->global, unkn_a));
     }
 
     term ret_msg;
-    if (UNLIKELY(memory_ensure_free_with_roots(ctx, 3, 1, &ret, MEMORY_CAN_SHRINK) != MEMORY_GC_OK)) {
+    if (UNLIKELY(memory_ensure_free_with_roots(ctx, TUPLE_SIZE(2), 1, &ret, MEMORY_CAN_SHRINK) != MEMORY_GC_OK)) {
         ret_msg = OUT_OF_MEMORY_ATOM;
     } else {
         ret_msg = create_pair(ctx, gen_message.ref, ret);
diff --git a/src/platforms/rp2/pico_sdk_import.cmake b/src/platforms/rp2/pico_sdk_import.cmake
@@ -27,10 +27,11 @@
 # This can be dropped into an external project to help locate this SDK
 # It should be include()ed prior to project()
 
-if (DEFINED ENV{PICO_SDK_PATH} AND (NOT PICO_SDK_PATH))
-    set(PICO_SDK_PATH $ENV{PICO_SDK_PATH})
-    message("Using PICO_SDK_PATH from environment ('${PICO_SDK_PATH}')")
-endif ()
+# Commented to ensure fork is picked up as we need some changes that are not available upstream yet
+# if (DEFINED ENV{PICO_SDK_PATH} AND (NOT PICO_SDK_PATH))
+#     set(PICO_SDK_PATH $ENV{PICO_SDK_PATH})
+#     message("Using PICO_SDK_PATH from environment ('${PICO_SDK_PATH}')")
+# endif ()
 
 if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT} AND (NOT PICO_SDK_FETCH_FROM_GIT))
     set(PICO_SDK_FETCH_FROM_GIT $ENV{PICO_SDK_FETCH_FROM_GIT})

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+This file is proprietary. Please contact the copyright holder for more information about its licensing and use.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+SPDX-FileCopyrightText: (C) Dashbit`
	`2`	`+SPDX-License-Identifier: LicenseRef-Proprietary`