Also started teaching it about toxcore's alloc/dealloc functions in
hopes of it catching some errors (it doesn't seem to be very good at
this, but maybe better than nothing?).
This mainly saves spam in test logs, but may save some packets here and
there, if nodes are randomly selected twice for GET_NODES and onion
routing packets.
Disabled a whole bunch of rules from the MISRA-C set. Some of them
should be fixed, but most of the ones we violate have good reasons. This
PR documents those reasons.
These were found by the new stronger type check in cimple. The one
bugfix is in `crypto_sha512_cmp`, which used to think `crypto_verify_32`
returns bool while actually it's -1/0/1.
Tokstyle no longer allows:
* Includes inside an `extern "C"`
* Comments on function definition and declaration to be different.
* Doxygen comments commenting on other doxygen comments.
Currently only `crypto_core_mem.c` needs this. We should try not to
depend on configure'd values. Also note: config.h is only created and
used in the autotools build. In CMake, we pass `-D` flags directly.
The android warnings are disabled now because they suggest using
linux-only extensions of libc. Useful for android indeed, but we're
targeting non-android and non-linux systems as well.
All for-loops must have an init-decl, a condition, and an increment
statement. Any loop that doesn't have one of these should be a while
loop (only 2 of these exist in toxav, none in toxcore).
https://github.com/TokTok/hs-tokstyle/pull/43 implements a validation for
this. We should avoid locally declaring functions from another
translation unit, and instead use header files to export/import them.
Tokstyle (check-cimple) will start enforcing comment formats at some
point. It will not support arbitrary stuff in comments, and will parse
them. The result can then be semantically analysed.
* Don't use anonymous enums (`typedef enum { ... } Name;`).
* Don't use macros to generate structs (too magical, hard to grep).
* Assign output parameter once, and don't access it a lot in the
function body.
* Don't pass type names as parameters to macros (this is C, we don't have
templates, sorry).
* All function-like macros must be do-while(0).
* `++i` instead of `i++`.
* No assignment-expressions.
* No void-casts.
"All rights reserved" was incorrect. The project was licensed under GPL3,
which means a lot of rights are licensed to everybody in the world, i.e.
not reserved to the "Tox Project".
It is still C code, so still compatible with C compilers as well. This
change lets us see more clearly where implicit conversions occur by
making them explicit.
- All global variables should be static unless they have an explicit
extern declaration in a header file.
- `to_compare` was not used in encryptsave and toxav tests.
- `break` in switch cases is not required directly after `return`,
`goto`, or a noreturn function like `abort`.
It now enforces a bit more formatting. In particular, padding inside
parentheses is removed. I would like it to remove padding after unary
operators, but there seems to be no option for that.
