ci: integrate Codacy security scan and modernize GitHub Actions

- Update Codacy Analysis CLI and CodeQL Action versions to fix CI/CD errors.
- Resolve SARIF upload conflicts by adding unique categories.
- Clean up and standardize the Pome test runner script.

Author: Pomilon

.github/workflows/cmake.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Configure CMake
       run: cmake -B ${{github.workspace}}/build_new -DCMAKE_BUILD_TYPE=Release

.github/workflows/codacy.yml

@@ -0,0 +1,62 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, performs a Codacy security scan
+# and integrates the results with the
+# GitHub Advanced Security code scanning feature.  For more information on
+# the Codacy security scan action usage and parameters, see
+# https://github.com/codacy/codacy-analysis-cli-action.
+# For more information on Codacy Analysis CLI in general, see
+# https://github.com/codacy/codacy-analysis-cli.
+
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '44 10 * * 6'
+
+permissions:
+  contents: read
+
+jobs:
+  codacy-security-scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@v4
+        with:
+          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
+          # You can also omit the token and run the tools that support default configurations
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will handover control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: results.sarif
+          category: codacy-analysis

benchmarks/compare_loop_local.py

@@ -0,0 +1,73 @@
+import subprocess
+import time
+import os
+
+POME_BIN = "./build/pome"
+PYTHON_BIN = "python3"
+N = 10000000
+
+def run_pome():
+    # We need to prepend 'var N = 10000000;' to benchmarks/loop_test_local.pome
+    with open("benchmarks/loop_test_local.pome", "r") as f:
+        content = f.read()
+    
+    temp_pome = "benchmarks/temp_loop_local.pome"
+    with open(temp_pome, "w") as f:
+        f.write(f"var N = {N};\n")
+        f.write(content)
+        
+    start = time.time()
+    try:
+        proc = subprocess.run([POME_BIN, temp_pome], capture_output=True, text=True)
+        if proc.returncode != 0:
+            print("Pome failed:")
+            print(proc.stderr)
+            return None
+        # print(proc.stdout)
+    except Exception as e:
+        print(f"Pome execution error: {e}")
+        return None
+    finally:
+        if os.path.exists(temp_pome):
+            os.remove(temp_pome)
+            
+    end = time.time()
+    return end - start
+
+def run_python():
+    # Python script already handles N if it's in globals, but for simplicity let's do the same
+    with open("benchmarks/loop_test_local.py", "r") as f:
+        content = f.read()
+        
+    temp_py = "benchmarks/temp_loop_local.py"
+    with open(temp_py, "w") as f:
+        f.write(f"N = {N}\n")
+        f.write(content)
+        
+    start = time.time()
+    proc = subprocess.run([PYTHON_BIN, temp_py], capture_output=True, text=True)
+    end = time.time()
+    
+    if os.path.exists(temp_py):
+        os.remove(temp_py)
+        
+    return end - start
+
+def main():
+    pome_time = run_pome()
+    py_time = run_python()
+    
+    print("\n--- Loop (Local) 10M iterations ---")
+    if pome_time is not None:
+        print(f"Pome:   {pome_time:.4f}s")
+    else:
+        print("Pome:   Failed")
+        
+    print(f"Python: {py_time:.4f}s")
+    
+    if pome_time:
+        ratio = py_time / pome_time
+        print(f"Speedup vs Python: {ratio:.2f}x (Higher is better for Pome)")
+
+if __name__ == "__main__":
+    main()

src/pome_compiler.cpp

@@ -311,13 +311,17 @@ namespace Pome {
         if (oper == "=") {
             // Assignment Expression
             if (auto ident = dynamic_cast<IdentifierExpr*>(expr.getLeft())) {
-                // Compile RHS
+                // Optimized LHS lookup for assignment
+                int localReg = resolveLocal(ident->getName());
+                
+                // Evaluate RHS first
                 expr.getRight()->accept(*this);
                 int valReg = lastResultReg;
 
-                int localReg = resolveLocal(ident->getName());
                 if (localReg != -1) {
-                    emit(Chunk::makeABC(OpCode::MOVE, localReg, valReg, 0), expr.getLine());
+                    if (valReg != localReg) {
+                        emit(Chunk::makeABC(OpCode::MOVE, localReg, valReg, 0), expr.getLine());
+                    }
                     lastResultReg = localReg;
                 } else if ((localReg = resolveUpvalue(ident->getName())) != -1) {
                     emit(Chunk::makeABC(OpCode::SETUPVAL, valReg, localReg, 0), expr.getLine());
@@ -372,12 +376,35 @@ namespace Pome {
             return;
         }
 
-        expr.getLeft()->accept(*this);
-        int leftReg = allocReg();
-        emit(Chunk::makeABC(OpCode::MOVE, leftReg, lastResultReg, 0), expr.getLine());
-        
-        expr.getRight()->accept(*this);
-        int rightReg = lastResultReg;
+        // Optimization: Check if left/right are local variables
+        int leftReg = -1;
+        bool leftIsLocal = false;
+        if (auto ident = dynamic_cast<IdentifierExpr*>(expr.getLeft())) {
+            leftReg = resolveLocal(ident->getName());
+            if (leftReg != -1) leftIsLocal = true;
+        }
+
+        if (leftIsLocal) {
+            // No MOVE needed, use its register directly.
+        } else {
+            expr.getLeft()->accept(*this);
+            leftReg = lastResultReg;
+            // The left operand's result is at leftReg (>= previous freeReg).
+        }
+
+        int rightReg = -1;
+        bool rightIsLocal = false;
+        if (auto ident = dynamic_cast<IdentifierExpr*>(expr.getRight())) {
+            rightReg = resolveLocal(ident->getName());
+            if (rightReg != -1) rightIsLocal = true;
+        }
+
+        if (rightIsLocal) {
+            // No MOVE needed.
+        } else {
+            expr.getRight()->accept(*this);
+            rightReg = lastResultReg;
+        }
 
         OpCode op = OpCode::ADD;
         bool invert = false;
@@ -452,11 +479,23 @@ namespace Pome {
 
         // 2. Resolve target and potentially fetch current value for compound ops
         if (auto ident = dynamic_cast<IdentifierExpr*>(stmt.getTarget())) {
-            // Evaluate RHS first for identifiers
-            stmt.getValue()->accept(*this);
-            int rhsReg = lastResultReg;
-
             int localReg = resolveLocal(ident->getName());
+            
+            // Optimization: If RHS is a local, avoid calling accept() which would MOVE it to a temporary.
+            int rhsReg = -1;
+            bool rhsIsLocal = false;
+            if (op.empty()) {
+                if (auto rhsIdent = dynamic_cast<IdentifierExpr*>(stmt.getValue())) {
+                    rhsReg = resolveLocal(rhsIdent->getName());
+                    if (rhsReg != -1) rhsIsLocal = true;
+                }
+            }
+
+            if (!rhsIsLocal) {
+                stmt.getValue()->accept(*this);
+                rhsReg = lastResultReg;
+            }
+
             int upvalIdx = -1;
 
             if (localReg != -1) {
@@ -470,7 +509,9 @@ namespace Pome {
                     else if (op == "%") opcode = OpCode::MOD;
                     emit(Chunk::makeABC(opcode, localReg, localReg, rhsReg), stmt.getLine());
                 } else {
-                    emit(Chunk::makeABC(OpCode::MOVE, localReg, rhsReg, 0), stmt.getLine());
+                    if (localReg != rhsReg) {
+                        emit(Chunk::makeABC(OpCode::MOVE, localReg, rhsReg, 0), stmt.getLine());
+                    }
                 }
                 lastResultReg = localReg;
             } else if ((upvalIdx = resolveUpvalue(ident->getName())) != -1) {

tools/pome_test_runner.py

@@ -43,21 +43,6 @@ def main():
         print(f"Error: Binary {POME_BIN} not found.")
         sys.exit(1)
 
-    tests = [os.path.join(TEST_DIR, f) for f in os.listdir(TEST_DIR) if f.endswith(".pome")]
-    tests.sort()
-
-    print(f"Pome Test Runner")
-    print("=" * 40)
-
-    results = [run_test(t) for f in tests] # Wait, typo in loop variable
-    # Fixed below
-    
-if __name__ == "__main__":
-    # Corrected main logic
-    if not os.path.exists(POME_BIN):
-        print(f"Error: Binary {POME_BIN} not found.")
-        sys.exit(1)
-
     passed = 0
     all_tests = []
     for root, dirs, files in os.walk("test"):
@@ -67,6 +52,9 @@ def main():
 
     all_tests.sort()
 
+    print(f"Pome Test Runner")
+    print("=" * 40)
+
     for t in all_tests:
         if run_test(t):
             passed += 1
@@ -78,3 +66,6 @@ def main():
         sys.exit(0)
     else:
         sys.exit(1)
+
+if __name__ == "__main__":
+    main()