Open ethindp opened 4 months ago
Oh, also, one last suggestion: run a static analyzer over your entire project. Something like clang-tidy will do (once you've done all the above steps). Clang-tidy isn't perfect, and some of what it recommends might be redundant or not useful, but it will give you tips on modernizing your code and preventing vulnerabilities.
hello,
in addition, dependabot can also help to avoid many of the errors
also in code, there are some libraries like poco's library and so on.
if someone wants to compile the code with another compiler (lets say clang over msvc), they might get into abi incompatibilities, and/or crashes, or rebuild the libraries themselves.
having cmake and making ngt depend on those libs will solve this problem.
also beside vcpkg submodules can be considered.
the same is true with angelscript, openssl and so on and so forth
going to encryption side of things, libtomcrypt can be used instead of openssl. it is way way smaller in size.
about calling c libraries, the same is true with some of the C++ stuff. (in bytecode stream reader memcpy is used with std::vector together). although it works, but using only c functions or c++ ones makes the code more readable. instead of std::vector
@brightening-eyes Honestly I don't think the maintainer of this project cares all that much about our suggestions. He still hasn't done the majority of what others and I recommended, and though he's sort-of organized the repository, there's still a bunch of stuff that shouldn't be there. And the more functionality that's added, the harder that reorganizing this and restructuring it is going to become.
another big thing is exception handling suppose in script someone does something wrong and C++ gives an exception. if those are not handled, the app crashes in the worst case. runtime errors are one of those things. in each and every function that may throw C++ exceptions, you should call in try/catch (and then forward the exception to the engine to handle). another issue is that winforms.cpp is there, but I havent seen its usage anywhere. (dont worry, the linker gets rid of it but something to keep in mind when maintaining the code). and as the window management is handled by sdl, I don't get why this is here. when watching the code again, the keycodes should be handled as enums, not a typedef to int. this is because the engine can check for the values and if they are out of range, instead of sdl, the engine will manage it and errors about it. @ethindp there are a lot to do, but I suppose implementing features is the concern for the maintainer. because there are lots and lots of vcxproj stuff there like backups and remotes (which is not needed even and should be placed in .gitignore) I also found some object files there (the code should be compiled without them but I do not get why they are here).
I mean, adding features can come later, @m1maker needs to focus on fixing the bugs and cleaning up stuff first. They shouldn't be in any rush to make something as fast as possible. That's a horrible idea and we all know where that goes.
So, a few things need to be done, ASAP, before you go adding anything else:
All of this needs to be done. As it currently stands, this repository is an utter mess, and so is the code, and if you want this to get off the ground then it needs to be maintainable, easy to work with, reusable, and well-organized. Using CMake and the template above to get you going is going to go a long way towards that goal. Using platform abstractions will dramatically reduce the amount of code you need to write, and will make your project a lot easier to understand because your intent will be far more obvious. You should only use raw platform APIs if you have no other option. If you do use raw platform APIs, abstract them so that your code is reusable and people who want to use them don't need to worry about how it works under the hood.