This is effectively a pick of 2ebdcf82ee
and the subsequent fixup. However we also avoid setting WNOHANG unless
waitpid() indicates a process was reaped.
Fixes#5438
For some reason, we have two places where a variable can be read-only:
- By key in env.cpp:is_read_only(), which is checked via set*
- By flag on the actual env_var_t, which is checked e.g. in
parse_execution
The latter didn't happen for non-electric variables like hostname,
because they used the default constructor, because they were
constructed via operator[] (or some such C++-iness).
This caused for-loops to crash on an assert if they used a
non-electric read-only var like $hostname or $SHLVL.
Instead, we explicitly set the flag.
We might want to remove one of the two read-only checks, or something?
Fixes#5548.
Our is_hex_digit() was redundant, we can just use iswxdigit; the libc
implementation is a more efficient table lookup anyhow.
Do is_octal_digit() in terms of iswdigit instead of using wcschr.
This requires threading environment_t through many places, such as completions
and history. We introduce null_environment_t for when the environment isn't
important.
`xlocale.h` is not available on Linux, so we can't just universally
include it.
`HAVE_XLOCALE_H` was already being tested/set in the CMake script as a
possible requirement for `wcstod_l` support, this just adds it to
`config_cmake_h.in` and uses it in `wutil.h` to gate the include.
Removes the dependency on the current user's home directory, instead
overriding it to be within the current hierarchy.
Fixes the tests on Debian buildd, where the home directory is
deliberately unwriteable to pick up errors in builds.
Using `setlocale` is both not thread-safe and not correct, as
a) The global locale is usually stored in static storage, so
simultaneous calls to `setlocale` can result in corruption, and
b) `setlocale` changes the locale for the entire application, not
just the calling thread. This means that even if we wrapped the
`wcstod_l` in a mutex to prevent the previous point, the results
would still be incorrect because this would incorrectly influence the
results of locale-aware functions executed in other threads while
this thread is executing.
The previous comment mentioned that `uselocale` hadn't worked. I'm not
sure what the failing implementation looked like, but `uselocale` can be
tricky. The committed implementation passes the tests for me under Linux
and FreeBSD.
This was the actual issue leading to memory corruption under FreeBSD in
issue #5453, worked around by correcting the detection of `wcstod_l` so
that our version of the function is not called at all.
If we are 100% certain that `wcstod_l` does not exist, then then the
existing code is fine. But given that our checks have failed seperately
on two different platforms already (FreeBSD and Cygwin/newlib), it's a
good precaution to take.
This helps on netbsd, because enter_standout_mode et al are const
there.
These methods don't alter their argument, so they should have been
const to begin with.
This is non-const on macOS, but some of the args we pass are always
const on netbsd.
I have no idea why you'd ever want this to modify its argument, but whatever.
This is the more correct fix for #5447, as regardless of which process
in the job (be it the first or the last) finished first, once we have
waited on a process without ~WNOHANG we don't do that for any subsequent
processes in the job.
It is also a waste to call into the kernel to wait for a process we
already know is completed!
@ridiculousfish had introduced this in 3a45cad12e
to work around an issue with Coverity Scan where it couldn't tell the
mutex was correctly locked, but even with the `fish_mutex_t` hack, it
still emits the same warnings, so there's no pointing in keeping it.
This is necessary for the history race condition test to succeed.
(That test is permanently disabled under WSL (as it always fails) so I
didn't catch this on my end.)
Use `pthread_atfork()` to mark child processes as dirty when `fork()` is
invoked rather than needing to call into the kernel each time
`ASSERT_IS_NOT_FORKED_CHILD()` is called.
This makes simple test cases that hit `ASSERT_IS_NOT_FORKED_CHILD()` 1.8x faster.
------------------------
With a7998c4829 reverted but before this optimization:
```
mqudsi@ZBOOK ~/r/fish-shell> hyperfine -S build/fish 'for i in (seq 100000); test 1 = 1; end'
Benchmark #1: for i in (seq 100000); test 1 = 1; end
Time (mean ± σ): 717.8 ms ± 14.9 ms [User: 503.4 ms, System: 216.2 ms]
Range (min … max): 692.3 ms … 740.2 ms
```
With a7998c4829 reverted and with this optimization:
```
mqudsi@ZBOOK ~/r/fish-shell> hyperfine -S build/fish 'for i in (seq 100000); test 1 = 1; end'
Benchmark #1: for i in (seq 100000); test 1 = 1; end
Time (mean ± σ): 397.2 ms ± 22.3 ms [User: 322.1 ms, System: 79.3 ms]
Range (min … max): 376.0 ms … 444.0 ms
```
Without a7998c4829 reverted and with this optimization:
mqudsi@ZBOOK ~/r/fish-shell> hyperfine -S build/fish 'for i in (seq 100000); test 1 = 1; end'
Benchmark #1: for i in (seq 100000); test 1 = 1; end
Time (mean ± σ): 423.4 ms ± 51.6 ms [User: 363.2 ms, System: 61.3 ms]
Range (min … max): 378.4 ms … 541.1 ms
```
By using a user-land thread-local integer and lock-free (at least under
x86/x64) atomics, we can implement a safe `assert_is_main_thread()`
without calling into the kernel. Thread-local variables are part of
C++11.
This is called a lot in some performance-sensitive areas, so it is worth
optimizing.
This fixes#5438 by having fish block while waiting on a foreground job
via its individual processes by enumerating the procs in reverse order,
such that we hang waiting for the last job in the IO chain to terminate,
rather than the first.
If it's a foreground job, it is related to the currently running exec.
This fixes exec in functions, i.e.
function reload
exec fish
end
would previously always ask about the "function reload" job.
Fixes#5449.
Fixesoh-my-fish/oh-my-fish#664.
Mainly this removes the "TYPE_MASK" macro that just masks off the
higher bits, which I don't think were ever actually used.
Much of this seems like anticipation of future direction, but we're
going somewhere else.
This removes the need to run c-compilation on one file, and allows us
to in future c++-ify this a bit.
There's a lot of bit-fiddling here that is quite unnecessary, better
error-handling would be nice...
So far this removes a few more unused things (because I would have had
to port them), including:
- Functions with ARITY > 3 (even 3 isn't used, but just so we don't
get complacent)
- Variables
- Most functions moved out of the header, because only te_interp is used.
- The te_print function
The function `add_disowned_pgid` adds process *group* ids and not
process ids. It multiplies the value by negative 1 to indicate a wait
on a process group, so the original value must be positive.
If a job is disowned that, for some reason, has a pgid that is special
to waitpid, like 0 (process with pgid of the calling process), -1 (any
process), or our actual pgid, that would lead to us waiting for too
many processes when we later try to reap the disowned processes (to
stop zombies from appearing).
And that means we'd snag away the processes we actually do want to
wait for, which would end with us in a waiting loop.
This is tough to reproduce, the easiest I've found was
fish -ic 'sleep 5 &; disown; set -g __fish_git_prompt_showupstream auto; __fish_git_prompt'
in a git repo.
What we do is to not allow special pgids in the disowned_pids list.
That means we might leave a zombie around (though we probably wait on
0 somewhere), but that's preferable to infinitely looping.
See #5426.
Return STATUS_INVALID_ARGS when failing due to evaluation errors,
so we can tell the difference between an error and falseness.
Add a test for the ERANGE error
The rest of the high-numbered exit codes are not values used by scripts
or builtins, they are internal to fish and come out of
the parser for example.
Prior to adding STATUS_INVALID_ARGS, builtins were usually exiting 2
if they had a special exit status for the situation of bad arguments.
Set it to 2.
We were not parsing an in-range number when we claimed we were,
and were thus failing to error with invalid numbers and returned
a wrong test result. Fixed#5414
Also, provide the detail we can for the other error cases.
Return STATUS_INVALID_ARGS when failing due to evaluation errors,
so we can tell the difference between an error and falseness.
Add a test for the ERANGE error
The rest of the high-numbered exit codes are not values used by scripts
or builtins, they are internal to fish and come out of
the parser for example.
Prior to adding STATUS_INVALID_ARGS, builtins were usually exiting 2
if they had a special exit status for the situation of bad arguments.
Set it to 2.
Cleaned up the code to no longer replicate in fishscript what fish
already does (and caches to boot) in C++ in setting up the paths to the
user configuration directory.
Also introduced a `$__fish_user_data_dir` instead of the sporadic
definitions of `$userdatadir` that may or may not go through
`XDG_DATA_HOME`.
We were not parsing an in-range number when we claimed we were,
and were thus failing to error with invalid numbers and returned
a wrong test result. Fixed#5414
Also, provide the detail we can for the other error cases.
Just sets locale to "C" (because that's the only one we need), does
wcstod and resets the locale.
No idea why uselocale(loc) failed for me, but it did.
Fixes#5407.
This happens in firejail, and it means that we can't use it as an
argument to most pgid-taking functions.
E.g. `wait(0)` means to wait for the _current_ process group,
`tcsetpgrp(0)` doesn't work etc.
So we just stop doing this stuff and hope it works.
Fixes#5295.
This reverts commit 1cb8b2a87b.
argv[0] has the full path in it for a user when he executes it
out of $PATH. This is really annoying in the title which uses $_.
Also check if that is actually defined, not the cur_term proxy.
In #5371, we figured out that there are terminfo entries without this
capability, so this would do a NULL-dereference.
OCLINT was ignoring this, but we can just not do the bad thing.
Declare argc and argv const. These are in the stack, they can
be modified, but we won't.
Fix a typo
... rather than hard code it to "fish". This affects
what is found in $_ and improves the errors:
For example, if fish was ran with ./fish, instead of
something like:
fish: Expected 3 surprises, only got 2 surprises
we'll see:
./fish: Expected 3 surprises, only got 2 surprises
like most other shell utilities. It's just a tiny bit
of detail that can avoid confusion.
This broke fishtape, which did
somestuff | fish -c "source"
Because `source` didn't have a redirection, it refused to read from
stdin.
So, to keep the common issue of `source (command that does not print)`
from seeminly stopping fish, we instead actually check if stdin is a terminal.
This was causing problems if "fish" wasn't in exec_path, like
if the binary had been renamed.
I also noticed that even with 'fish' not renamed, only paths.data
was made relative to my source tree. paths.sysconf, paths.doc, and
paths.bin were all relative to /usr/local.
This had a bunch of "do_{backward,forward}" movements that differed
only in one argument.
Just keep them together, so it's less code, and less needs to be
changed.
If the user is in a directory which has been unlinked, it is possible
for the path .. to not exist, relative to the working directory.
Always pass in the working directory (potentially virtual) to
path_get_cdpath; this ensures we check absolute paths and are immune
from issues if the working directory has been unlinked.
Also introduce a new function path_normalize_for_cd which normalizes the
"join point" of a path and a working directory. This allows us to 'cd' out of
a non-existent directory, but not cd into such a directory.
Fixes#5341
realpath() will return NULL and sets errno if it fails.
We asserted that realpath(".") does not fail. We also didn't really
check that it was successful. Made sure we'll get a perror telling
us about what went wrong if something like this happens again.
Updated tests and added test case
Fixes#5351
If fish detects that it was started with a pgrp of 0 (which appears to
oddly be the case when run under firejail), create new process group for
fish and give it control of the terminal.
This selectively reverts 55b3c45 in cases where an invalid pgrp is
detected. Note that this is known to cause problems in other cases, such
as #3805 and Microsoft/WSL#1653, although the former may have been
ameliorated or even addressed by the recent job control overhaul, so
that's why we are careful to only assign fish to its own pgroup if an
invalid pgroup was detected and not as the normal case.
This reverts commit 54050bd4c5.
Type job_list_t was changed from a list to a deque in
commit 54050bd4c5.
In process_clean_after_marking(), we remove jobs while iterating.
dequeues do not support that. Make it a list again.
This fixes the `~floam/` case, where the out_tail_idx pointer needs to
point to the "/", not the last letter.
The `~/` and `~floam` cases still work.
Unfortunately, I'm unsure of how to test this.
Fixes#5325.
Limit the fish_wcstod fast path to ASCII digits only, to fix the problem
observed in the discussion for a700acadfa
where LANG=de_DE.UTF-8 would cause `test` to interpret commas instead of
periods inside floating point values.
Now jobs are aware of their parent jobs, and can interrogate those jobs,
to determine if every job in the chain is fully constructed.
Remove flags and the static stacks that manipulated them.
The parent of a job is the parent pipeline that executed the function or
block corresponding to this job. This will help simplify
process_mark_finished_children().
Prior to this fix, cding into a symlink and then completing .. would complete
from the physical directory instead of the logical directory, which could not
actually be cd'd to. Teach cd completiond to use the logical directory.
select_try() returned IO_ERROR to indicate that there's no file descriptors
from which to read. Name this return value properly.
Also migrate this type into proc.cpp since it's not used outside of the
header.
This is an opposite case from the usual "pipe into grep-the-function"
where my `pbpaste` emitted a lot of content exceeding the OS pipe
buffer. The `block_on_fg` condition was just `send_sigcont` in the
original job control rewrite, and it was incorrect to sub it for
WAIT_BY_PROCESS on its own.
However, this requires always blocking when select_try returns an
interrupted/incomplete read or else fish doesn't block and stays running
in a tight loop in the background (and incorrectly writing to a terminal
it doesn't own under higher debug levels), which I *think* is OK.
Instantiate the std:locale instance used within the character comparison
callback outside the lambda and take a reference to it instead of
creating the locale object for each character in the sequence.
This is part of a very tight loop with lots of inputs during the
evaluation of fuzzy string matches for completions/autosuggestions and
is worth optimizing.
This was introduced in 1b1bc28c0a but did
not cause any problems until the job control refactor, which caused it
to attempt to signal the calling `exec` builtin's own (invalid) pgrp
with SIGHUP.
Also improved debugging for `j->signal()` failures by printing the
signal we tried sending in case of error, rename the function to
`hup_background_jobs`, and move it from `reader.h`/`reader.cpp` to
`proc.h`/`proc.cpp`.
When a function is encountered by exec_job, a new context is created for
its execution from the ground up, with a new job and all, ultimately
resulting in a recursive call to exec_job from the same (main) thread.
Since each time exec_job encounters a new job with external commands
that needs terminal control it creates a new pgrp and gives it control
of the terminal (tcsetpgrp & co), this effectively takes control away
from the previously spawned external commands which may be (and likely
are) expecting to still have terminal access.
This commit attempts to detect when such a situation arises by handling
recursive calls to exec_job (which can only happen if the pipeline
included a function) by borrowing the pgrp from the (necessarily still
active) parent job and spawning new external commands into it.
When a parent job spawns new jobs due to the evaluation of a new
function (which shouldn't be the case in the first place), we end up
with two distinct jobs sharing one pgrp (to fix#3952). This can lead to
early termination of a pgrp if finished parent job children are reaped
before future processes in either the parent or future child jobs can
join it.
While the parent job is under construction, require that waitpid(2)
calls for the child job be done by process id and not job pgrp.
Closes#3952.
Use SIGCHLD to determine whether or not waitpid(2) calls can be elided,
but only with extreme caution. If we receive SIGCHLD but are not able to
reap all jobs, we need to iterate through them again.
For this to work, we need to make sure that we reap all children that we
can reap after a SIGCHLD, i.e. it's not OK to just reap the first and
return or else we can never clear the dirty state flag.
In all cases, as expensive as a call to waitpid() may be, if a child
process is available for reaping it is always cheaper to wait on it then
reap it than to call select_try() and end up timing out.
The old code was rather haphazard with regards to error control, and
would make mutable changes before operations that could fail without any
viable error handling options.
Convert `select_try()` to return a well-defined enum describing its
state, and handle each of the three possible cases with clear reasons
why we are blocking or not blocking in each subsequent call to
`process_mark_finished_children()`.
* Use the newly-introduced signal_block_t RAII wrapper
* Remove EINTR loops as all signals are blocked
* Clean up control flow thanks to RAII wrappers
* Rename parameter to clarify what it does and update docs accordingly
* Update outdated comments referencing SIGSTOP code that was removed a
long time ago.
* Remove no-op CHECK_BLOCK() call
* Convert JOB_* enums to scoped enums
* Convert standalone job_is_* functions to member functions
* Convert standalone job_{promote, signal, continue} to member functions
* Convert standolen job_get{,_from_pid} to `job_t` static functions
* Reduce usage of JOB_* enums outside of proc.cpp by using new
`job_t::is_foo()` const helper methods instead.
This patch is only a refactor and should not change any functionality or
behavior (both observed and unobserved).
* Debug level 3: describe all commands being executed (this is, after all,
a shell and one can argue that this is the most important debug
information avaliable)
* Debug level 4: details of execution, mainly fork vs no-fork and io
handling
Also introduced j->preview() to print a short descriptor of the job
based on the head of the first process so we don't overwhelm with
needless repitition, but also so that we don't have to rely on
distinguishing between repeated, non-unique/non-monotonic job ids that
are often recycled within a single "execution cycle" (pressing enter
once).
Per @ridiculousfish's suggestions in #5219,
`process_mark_finished_children()` has been updated to work in an easier-
to-follow manner. Its behavior is now straight forward, it always checks
for finished processes but only blocks if `block_on_fg` is true.
We're not using the SIGCHLD count in s_sigchld_generation_cnt for
anything any more, as it's not actually a reliable metric since we can
experience one SIGCHLD as a result of two processes exiting (see #1768),
but only reap one of them if the other is in a not-fully-constructed job
(see #5219), a state we cannot possibly detect without calling
`waitpid()` on all child processes, which we are explicitly avoiding.
We never insert elements into the middle of a job list, only move
elements to the top. While that can be done "efficiently" with a list, it
can be done faster with a deque, which also won't thrash the cache when
enumerating over jobs.
This speeds up enumeration in the critical path in
`process_mark_finished_children()`.
* Instead of reaping all child processes when we receive a SIGCHLD, try
reaping only processes belonging to process groups from fully-
constructed jobs, which should eliminate the need for the keepalive
process entirely (WSL's lack of zombies not withstanding) as now
completed processes are not reaped until the job has been fully
constructed (i.e. all processes launched), which means their process
group should still be around for new processes to join.
* When `tcgetpgrp()` calls return 0, attempt to `tcsetpgrp()` before
invoking failure handling code.
* When forking a builtin and not running interactively, do not bail if
unable to set/restore terminal attributes.
Fixes#4178. Fixes#3805. Fixes#5210.
This is to avoid development versions of fish 3.0 freaking out when the
file format is changed. We now have better support for for future universal
variable formats so it's unlikely we'll have to change the file name again.
In private mode, access to previous history is blocked and new history
does not persist and is only available for the duration of the current
session.
This mode can be used when it is not desirable for commandline history
to leak into a session, e.g. via autocomplete or when it is desirable to
test the behavior of fish in the absence of history items without
permanently clearing the history.
I'm sure there are a lot more features that can be incorporated into
private mode, such as restricting access to certain user-specific
configuration files, etc.
This addresses a lot of the concerns raised in #1363 (which was later
changed to track mosh-specific problems). See also #102.
