ck VS ZLib

Maybe I'm missing something, but x is not volatile and the compiler is free to assume that it is not modified concurrently outside the bounds of C's memory model. Compilers can and do hoist out loop invariants, and https://github.com/concurrencykit/ck/commit/b54ae5c4ace9b94442bbb46858449069f566d269 seems like an example of compilers doing what you say they don't. What am I missing?

Recommend checking out http://concurrencykit.org instead.

If you're interested in how other approaches work, or how one achieves concurrency on shared mutable state without mutual exclusion, would recommend checking out concurrency kit.

There are plenty of practical solutions to the safe memory reclamation problem in C. The language just doesn't force one on you.

From epoch-based reclamation (https://github.com/concurrencykit/ck/blob/master/include/ck_..., especially with the multiplexing extension to Fraser's classic scheme), to quiescence schemes (https://liburcu.org/), or hazard pointers (https://github.com/facebook/folly/blob/master/folly/synchron..., or https://pvk.ca/Blog/2020/07/07/flatter-wait-free-hazard-poin...)... or even simple using a type-stable (https://www.usenix.org/legacy/publications/library/proceedin...) memory allocator.

In my experience, it's easier to write code that is resilient to hiccups in C than in Java. Solving SMR with GC only offers something close to lock-freedom when you can guarantee global GC pauses are short enough... and common techniques to bound pauses, like explicitly managed freelists land you back in the same problem space as C.

ck - Concurrency primitives, safe memory reclamation mechanisms and non-blocking data structures. BSD-2-Clause

Indeed they do, https://github.com/concurrencykit/ck

A fix has been checked into the upstream git repo: https://github.com/madler/zlib/pull/843 but a release has not yet been made including it.

So the real issue here is that the lack of tree validation before the tree construction, I believe. I'm surprised that this check was not yet implemented (I actually checked libwebp to make sure that I was missing one). Given this blind spot, an automated test based on the domain knowledge is likely useless to catch this bug.

[1] https://github.com/madler/zlib/blob/master/examples/enough.c

In the source code of the Node.js opensource project, lib folder contains JavaScript code, mostly wrappers over C++ and function definitions. On the contrary, src folder contains C++ implementations of the functions, which pulls dependencies from the V8 project, the libuv project, the zlib project, the llhttp project, and many more - which are all placed at the deps folder.

Seeing the text in red got me thinking for a moment, "wow, didn't realize pirates had such love for an open-source compression library"

cd "${srcdir}/zlib-$pkgver/contrib/minizip" make install DESTDIR="${pkgdir}" install -D -m644 "${srcdir}/zlib-$pkgver/LICENSE" "${pkgdir}/usr/share/licenses/minizip/LICENSE" # https://github.com/madler/zlib/pull/229 rm "${pkgdir}/usr/include/minizip/crypt.h"