Also started teaching it about toxcore's alloc/dealloc functions in
hopes of it catching some errors (it doesn't seem to be very good at
this, but maybe better than nothing?).
We now depend on libsodium unconditionally. Future work will require
functions from libsodium, and nobody we're aware of uses the nacl build
for anything other than making sure it still works on CI.
It doesn't work at all, because we're missing something in the net code
to do with endian conversions. I haven't investigated, yet, but at least
now we have a failing test that can be investigated.
Also moved to cmake 3.5 at minimum. CMake will stop supporting lower
versions than that, soon.
Also moved to C11 from C99 to get `static_assert`.
Also made a network ERROR into a WARNING. It triggers on FreeBSD.
Disabled a whole bunch of rules from the MISRA-C set. Some of them
should be fixed, but most of the ones we violate have good reasons. This
PR documents those reasons.
Needed for the build afterwards.
Also added the cflite Dockerfile to automatic CI builds so changes to it
are checked in pull requests.
Also fixed the tokstyle docker image. It needs clang instead of gcc now.
Instead of synchronously handling events as they happen in
`tox_iterate`, this first collects all events in a structure and then
lets the client process them. This allows clients to process events in
parallel, since the data structure returned is mostly immutable.
This also makes toxcore compatible with languages that don't (easily)
support callbacks from C into the non-C language.
If we remove the callbacks, this allows us to add fields to the events
without breaking the API.
Most system headers contain functions (e.g. `memcpy` in `string.h`)
which aren't needed in our own header files. For the most part, our own
headers should only include types needed to declare our own types and
functions. We now enforce this so we think twice about which headers we
really need in the .h files.
Use of `strcpy` in these particular cases was safe, but it's hard to
tell and also useless. `strcpy` would effectively need to do another
`strlen` which we already did.
Also removed sprintf, which was also safe in this case but it's easier to
be "obviously safe", especially for static analysers.
We can't run this on pull requests because it needs access to the
`SONAR_TOKEN` secret. Perhaps in the future we can make it a
`pull_request_target` workflow, but then we can't use cmake to initialise
the environment, meaning we need to specify the inputs manually.
Also added a valgrind build to run it on every pull request. I've had to
disable a few tests because valgrind makes those run infinitely slowly,
consistently timing them out.