From cc36c29ad35cb2ed194c8567475221da5ab25bd9 Mon Sep 17 00:00:00 2001
From: Felipe Torrezan <felipe.torrezan@iar.com>
Date: Wed, 3 Sep 2025 09:54:44 +0200
Subject: [PATCH] cmake: sca: iar: Add IAR C-STAT

This commit adds support for IAR C-STAT Static Analysis
in the Zephyr's SCA Framework.

By specifying -DZEPHYR_SCA_VARIANT=iar in west, a SQLite
database file will be generated under build/sca/iar.

Signed-off-by: Felipe Torrezan <felipe.torrezan@iar.com>
---
 cmake/sca/iar/sca.cmake   | 71 +++++++++++++++++++++++++++++++++++++++
 doc/develop/sca/iar.rst   | 51 ++++++++++++++++++++++++++++
 doc/develop/sca/index.rst |  1 +
 3 files changed, 123 insertions(+)
 create mode 100644 cmake/sca/iar/sca.cmake
 create mode 100644 doc/develop/sca/iar.rst

diff --git a/cmake/sca/iar/sca.cmake b/cmake/sca/iar/sca.cmake
new file mode 100644
index 0000000000000..5ac932bfd1d44
--- /dev/null
+++ b/cmake/sca/iar/sca.cmake
@@ -0,0 +1,71 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+# Copyright (c) 2025, IAR Systems AB.
+
+cmake_minimum_required(VERSION 4.1.0)
+
+include(extensions)
+include(west)
+
+# Get IAR C-STAT
+cmake_path(GET CMAKE_C_COMPILER PARENT_PATH IAR_COMPILER_DIR)
+find_program(IAR_CSTAT icstat
+  HINTS ${IAR_COMPILER_DIR}
+  REQUIRED
+)
+message(STATUS "Found SCA: IAR C-STAT Static Analysis (${IAR_CSTAT})")
+find_program(IAR_CHECKS ichecks
+  HINTS ${IAR_COMPILER_DIR}
+  REQUIRED
+)
+
+zephyr_get(CSTAT_RULESET)
+zephyr_get(CSTAT_ANALYZE_THREADS)
+zephyr_get(CSTAT_ANALYZE_OPTS)
+zephyr_get(CSTAT_DB)
+zephyr_get(CSTAT_CLEANUP)
+
+# Create an output directory for IAR C-STAT
+set(output_dir ${CMAKE_BINARY_DIR}/sca/iar)
+file(MAKE_DIRECTORY ${output_dir})
+
+# Set the IAR C-STAT ruleset
+set(iar_checks_arg --output=${output_dir}/cstat_sel_checks.txt)
+if(CSTAT_RULESET MATCHES "^(cert|security|misrac2004|misrac\\+\\+2008|misrac2012)")
+  set(iar_checks_arg ${iar_checks_arg} --default=${CSTAT_RULESET})
+elseif(CSTAT_RULESET MATCHES "^all")
+  set(iar_checks_arg ${iar_checks_arg} --all)
+else()
+  set(iar_checks_arg ${iar_checks_arg} --default=stdchecks)
+endif()
+execute_process(COMMAND ${IAR_CHECKS} ${iar_checks_arg})
+
+# Forwards the ruleset manifest file to icstat
+set(output_arg --checks=${output_dir}/cstat_sel_checks.txt)
+
+# Analsys parallelization
+if(CSTAT_ANALYZE_THREADS)
+  set(output_arg ${output_arg};--parallel=${CSTAT_ANALYZE_THREADS})
+endif()
+
+# Entrypoint for additional C-STAT options
+if(CSTAT_ANALYZE_OPTS)
+  set(output_arg ${output_arg};${CSTAT_ANALYZE_OPTS})
+endif()
+
+# Full path to the C-STAT SQLite database
+if(CSTAT_DB)
+  set(CSTAT_DB_PATH ${CSTAT_DB})
+else()
+  set(CSTAT_DB_PATH ${output_dir}/cstat.db)
+endif()
+set(output_arg ${output_arg};--db=${CSTAT_DB_PATH})
+
+# Clean-up C-STAT SQLite database
+if(CSTAT_CLEANUP)
+  execute_process(COMMAND ${IAR_CSTAT} clear --db=${CSTAT_DB_PATH})
+endif()
+
+# Enable IAR C-STAT Static Analysis (requires CMake v4.1+)
+set(CMAKE_C_ICSTAT ${IAR_CSTAT};${output_arg} CACHE INTERNAL "")
+set(CMAKE_CXX_ICSTAT ${IAR_CSTAT};${output_arg} CACHE INTERNAL "")
diff --git a/doc/develop/sca/iar.rst b/doc/develop/sca/iar.rst
new file mode 100644
index 0000000000000..f112346457398
--- /dev/null
+++ b/doc/develop/sca/iar.rst
@@ -0,0 +1,51 @@
+.. _icstat:
+
+IAR C-STAT support
+##################
+
+`IAR C-STAT <https://iar.com/cstat>`__ is a comprehensive static analysis tool for
+C/C++ source code. It can find errors and vulnerabilities supporting a number of
+coding standards such as MISRA C, MISRA C++, CERT C/C++ and CWE.
+
+Installing IAR C-STAT
+*********************
+
+IAR C-STAT comes pre-installed with the IAR Build Tools and with the IAR Embedded
+Workbench. Refer to your respective product's documentation for details.
+
+Building with IAR C-STAT
+************************
+
+To run IAR C-STAT, :ref:`west build <west-building>` should be called with
+a ``-DZEPHYR_SCA_VARIANT=iar`` parameter, e.g.
+
+.. zephyr-app-commands::
+   :zephyr-app: samples/basic/blinky
+   :board: stm32f429ii_aca
+   :gen-args: -DZEPHYR_SCA_VARIANT=iar
+   :goals: build
+   :compact:
+
+Configuring IAR C-STAT
+***********************
+
+The IAR C-STAT accepts parameters for customizing the analysis.
+The following table lists the supported options.
+
+.. list-table::
+   :header-rows: 1
+
+   * - Parameter
+     - Description
+   * - ``CSTAT_RULESET``
+     - The pre-defined ruleset to be used. (default: ``stdchecks``, accepted values: ``all,cert,misrac2004,misrac2012,misrac++2008,stdchecks,security``)
+   * - ``CSTAT_ANALYZE_THREADS``
+     - The number of threads to use in analysis. (default: <CPU count>)
+   * - ``CSTAT_ANALYZE_OPTS``
+     - Arguments passed to the ``analyze`` command directly. (e.g. ``--timeout=900;--deterministic;--fpe``)
+   * - ``CSTAT_DB``
+     - Override the default location of the C-STAT SQLite database. (e.g. ``/home/user/cstat.db``)
+   * - ``CSTAT_CLEANUP``
+     - Perform a cleanup of the C-STAT SQLite database. (e.g. ``true``)
+
+These parameters can be passed on the command line, or be set as environment variables.
diff --git a/doc/develop/sca/index.rst b/doc/develop/sca/index.rst
index 0019b10c74ad3..c7e3e4eacc9a8 100644
--- a/doc/develop/sca/index.rst
+++ b/doc/develop/sca/index.rst
@@ -69,3 +69,4 @@ The following is a list of SCA tools natively supported by Zephyr build system.
    eclair
    polyspace
    coverity
+   iar