The process_t pointer sent to setup_child_process can actually be 0
without it being failure, as that is what fish sends when `exec` is run
(in the case of INTERNAL_EXEC).
This was causing exec to fail.
There is no more race condition between parent and child with
regards to setting the process groups. Each child sets it for themselves
and then blocks indefinitely until the parent does what it needs to for
them (having waited for them to set their process groups). They are not
SIGCONT'd until the next process in the chain (if any) starts so that
that process can join their process group and open the pipes.
In the last commit, we introduced an indiscriminate if !EXTERNAL check
that unblocks a previously SIGSTOP'd command (if any) to allow the main
loop in exec_job to read from it without deadlocking (since builtins and
functions read directly from input as an optimization, sometimes).
Now only unblocking where a fork will not happen to ensure that if a
builtin ends up forking, that fork'd process is guaranteed to be able to
join the previous process' process group and access its output pipes.
Setting the process group in a fork/exec scenario is a well-documented
race condition in pretty much any job control mechanism [0] [1]. The
Wikipedia article contradicts the glibc article and suggests that the
best approach is for the parent to wait for the child to become the
process group leader, while the glibc article suggests that both should
make it so (which is what fish did previously). However, I'm running
into cases where tcsetpgrp is causing an EPERM error, which it isn't
documented to do except if the session id for the calling process
differs from that of the target process group (which is never the case
in fish since they are all part of the same session), which should cause
a _different_ error (SIGTTOU to be sent to all members of the calling
process' group).
In all cases, this is easily remedied by checking if the process group
in question is already in control of the terimnal. There's still the
off-chance that in the time between we check that and the time that the
command completes that situation may have changed, but the parent
process is supposed to ignore the result of this call if it errors out.
[0]: https://en.wikipedia.org/wiki/Process_group
[1]: https://www.gnu.org/software/libc/manual/html_node/Launching-Jobs.html
We were having child processes SIGSTOP themselves immediately after
setting their process group and before launching their intended targets,
but they were not necessarily stopped by the time the next command was
being executed (so the opposite of the original race condition where
they might have finished executing by the time the next command came
around), and as a result when we sent them SIGCONT, that could never
reach. Now using waitpid to synchronize the SIGSTOP/SIGCONT between the
two.
If we had a good, unnamed inter-process event/semaphore, we could use
that to have a child process conditionally stop itself if the next
command in the job chain hadn't yet been started / setup, but this is
probably a lot more straightforward and less-confusing, which isn't a
bad thing.
Additionally, there was a bug caused by the fact that the main exec_job
loop actually blocks to read from previous commands in the job if the
current command is a built-in that doesn't need to fork.
With this waitpid code, I was able to finally add the SIGSTOP code to
all the fork'd processes in the main exec_job loop without introducing
deadlocks; it turns out that they should be treated just like the main
EXTERNAL fork, but they tend to execute faster causing the same deadlock
described above to occur more readily.
The only thing I'm not sure about is whether we should execute
unblock_pid undconditionally for all !EXTERNAL commands. It makes more
sense to *only* do that if a blocking read were about to be done in the
main loop, otherwise the original race condition could still appear
(though it is probably mitigated by whatever duration the SIGSTOP lasted
for, even if it is SIGCONT'd before the next command tries to join the
process group).
I hadn't realized that the for loop is called multiple times for a given
"single input" (anything that doesn't include semicolons, etc) to fish,
and so processes were being blocked but blocked_pid was lost by the time
that the next job (which was reading from the last process in the
previous job) came around.
Now using a static variable to store the last blocked PID. AFAICT, this
main job control loop is always executed from the same process and
thread, so this shouldn't need to be wrapped in atomics/mutexes, etc.
This code should be more portable, and certainly cleaner. We are
currently always sending SIGCONT to the last process (if it was part of
a job chain) regardless of whether it called SIGSTOP on itself or not,
which should be fine.
Need to explore whether or not the other forks in src/exec.cpp need to
be SIGSTOP'd on run or only the one that we included in this patch.
I'm not sure if this happens on all platforms, but under WSL with the
existing codebase, processes in the job chain that pipe their
stdout/stderr to the next process in the job could terminate before the
next job started (on fast enough machines for quick enough jobs).
This caused issues like #4235 and possibly #3952, at least for external
commands. What was happening is that the first process was finishing
before the second process was fully set up. fish would then try to
assign (in both the child and the parent) the process group id belonging
to the process group leader to the new process; and if the first process
had already terminated, it would have ended its process group with it as
well before that happened.
I'm not sure if there was already a mechanism in place for ensuring that
a process remains running at least as long as it takes for the next
process in the chain to join its group, etc., but if that code was
there, it wasn't working in my test setup (WSL).
This patch definitely needs some review; I'm not sure how I should
handle non-external commands (and external commands executed via
posix_spawn). I don't know if they are affected by the race condition in
the first place, but when I tried to add the same "wait for next command
in chain to run before unblocking" that would cause black screens
requiring ctrl+c to bypass.
The "unblock previous command" code was originally run by the next child
to be forked, but was then moved to the shell code instead, making it
more-centrally located and less error-prone.
Note that additional headers may be required for the mmap system call on
other platforms.
This is the first step to implementing issue #4200 is to stop subclassing
env_var_t from wcstring. Not too surprisingly doing this identified
several places that were incorrectly treating env_var_t and wcstring as
interchangeable types. I'm not talking about those places that passed
an env_var_t instance to a function that takes a wcstring. I'm talking
about doing things like assigning the former to the latter type, relying
on the implicit conversion, and thus losing information.
We also rename `env_get_string()` to `env_get()` for symmetry with
`env_set()` and to make it clear the function does not return a string.
I decided this was just too useful not to include in our final fish 2.x
release. And since it does not modify any existing behavior it is safe
to include at this late date in the process of creating 2.7.
This makes command substitutions impose the same limit on the amount
of data they accept as the `read` builtin. It does not limit output of
external commands or builtins in other contexts.
Fixes#3822
This adds a new capability to the `set` command. It is similar to
running `set` with no other arguments but provides far more detail about
each variable. Such as whether it is set in each of the local, global,
and universal scopes. And the values in each scope. You can also ask for
specific variables to be shown.
Fixes#4265
Rewrite the `abbr` function to store each abbreviation in a separate
variable. This greatly improves the efficiency. For the common case
it is 5x faster. For pathological cases it is upwards of 100x faster.
Most people should be able to unconditionally define abbreviations in
their config.fish without a noticable slow down.
Fixes#4048
This takes a string that is then split upon like `string split`.
Unlike $IFS, the string is used as one piece, not a set of characters.
There is still a fallback to IFS if no delimiter is given, that
behaves exactly as before.
Fixes#4156.
This silences warnings from the compiler about ignoring return value of
‘ssize_t write(int, const void*, size_t)’, declared with attribute
warn_unused_result [-Wunused-result].
The class `completer_t` declares `complete_special_cd`, an unused method. I searched the entire source tree and this declaration seems to be the only instance of `complete_special_cd`. There is no definition or uses which likely means this is dead code.
PR #3691 made most calls to `signal_block()` and `signal_unblock()`
no-ops unless a magic env var is set when fish starts running. It's
been seven months since that change was made and no problems have been
reported. This finishes that work by removing those no-op function calls
and support for the magic env var in our next major release (which won't
happen till at least six months from now).
Introduce a -k/--keep-order switch to `complete` that can be used to
prevent fish from sorting/re-ordering the results provided by a completion
source.
In addition, this patch does so without doing away with deduplication
of completions by introducing a new unique_unsorted(..) helper function
that removes duplicates in-place without affecting the general order of
the vector/container.
Note that the code now uses a stable sort for completions, since the
behavior of is_naturally_less_than as of this patch now means that the
results are not necessarily _actually_ identical just because that function
repeatedly returns false for any ordering of any given two elements.
Fixes#361
This completes the refactoring of the `set` builtin. It also removes a
seemingly never used feature of the `set` command. It also eliminates all
the lint warnings about this module.
Fixes#4236
When reporting whether a boolean flag was seen report the actual flags
rather than a summary count. For example, if you have option spec `h/help`
and we parse `-h --help -h` don't do the equivalent of `set _flag_h 3`
do `set _flag_h -h --help -h`.
Partial fix for #4226
When executing a function, local-exported (`set -lx`) variables
previously were not accessible at all. This is weird e.g. in case of
aliases, since
```fish
set -lx PAGER cat
git something # which will call $PAGER
```
would not work if `git` were a function, even if that ends up calling
`command git`.
Now, we copy these variables, so functions get a local-exported copy.
```fish
function x
echo $var
set var wurst
echo $var
end
set -lx var banana
x # prints "banana" and "wurst"
echo $var # prints "banana"
```
One weirdness here is that, if a variable is both local and global,
the local-copy takes precedence:
```fish
set -gx var banana
set -lx var pineapple
echo $var # prints "pineapple"
x # from above, prints "pineapple" and "wurst"
echo $var # still prints "pineapple"
set -el var # deletes local version
echo $var # "banana" again
```
I don't think there is any more consistent way to handle this - the
local version is the one that is accessed first, so it should also be
written to first.
Global-exported variables are _not_ copied, instead they still offer
full read-write access.
When reporting whether a boolean flag was seen report the actual flags
rather than a summary count. For example, if you have option spec `h/help`
and we parse `-h --help -h` don't do the equivalent of `set _flag_h 3`
do `set _flag_h -h --help -h`.
Partial fix for #4226
In the rare case that we don't inherit $HOME _and_ can't read it from
/etc/passwd, this makes it so instead of triggering an assert() $HOME
is set to the empty list.
Tilde-expansion expands to nothing in such a case (and a string-empty
$HOME), `cd` errors out.
Fixes#4229.
Fish 2.6.0 introduced a regression that keeps setting
`fish_escape_delay_ms` as a uvar from working. This also fixes a related
problem: callbacks generated from the initial loading of universal vars
were not being acted on.
Fixes#4196
Also stop special-casing `printf` as if it were a syntactical keyword
with respect to handling `printf --help`. It should use the same pattern
as every other builtin command.
The code for reporting parser errors needs a major overhaul. But rather
than do that I'm going to add another hack in the hope that this doesn't
introduce yet another problem.
Fixes#4221
While updating the `history` function to use `argparse` I realized it is
useful to define an option that can be used in three ways. First by
using the short flag; e.g., `-n NNN`. Second by using the long flag;
e.g., `--max NNN`. Third, as an implicit int flag; e.g., `-NNN`. This
use case is now supported by a spec of the form `n#max`.
This implements support for numeric flags without an associated short or
long flag name. This pattern is used by many commands. For example `head
-3 /a/file` to emit the first three lines of the file.
Fixes#4214
We've needed a fishy way to parse flags and arguments given to scripts
and functions for a very long time. In particular a manner that provides
the same behavior implemented by builtin commands. The long term goal is
to support DocOpt. But since it is unclear when that will happen so this
implements a `argparse` command. So named as homage to the excellent
Python module of the same name.
Fixes#4190
This fixes a stupid bug in my previous commit to standardize on a new
`list_to_array_val()` function. This adds a unit test to keep this from
regressing.
This is the first step in implementing a better abstraction for handling
fish script vars in the C++ code. It implements a new function (with two
signatures) to provide a standard method for construct the flag string
representation of a fish script array.
Partial fix for #4200
The count command should not treat any flag specially. Not even `-h` and
`--help`. It should simply return a count of the number of arguments it
received.
Fixes#4189
Completion strings, especially the description, might contain characters,
such as backspace, which make it impossible to calculate the width of
the string.
Fixes#4179
The `read` command `-m` and `--mode-name` vars are now deprecated and do
nothing other than result in a warning message. The `read` command now
honors the `FISH_HISTORY` var that is used to control where commands are
read from and written to. You can set that var to the empty string to
suppress the use of both history files. Or you can set it to a history
session ID in which case that will limit the `read` history that is
available.
Fixes#1504
Don't import the bash history if the user has specified that a non-default
fish history file should be used. Also, rename the var that specifies
the fish history session ID from `FISH_HISTFILE` to `FISH_HISTORY`.
Fixes#4172
Using the FISH_HISTFILE variable will let people customise the session
to use for the history file. The resulting history file is:
`$XDG_DATA_HOME/fish/name_history`
Where `name` is the name of the session. The default value is `fish`
which results in the current history file.
If it's set to an empty string, the history will not be stored to a
file.
Fixes#102
In order to allow the execution of commands before dropping to an
interactive prompt, a new switch, '-C' or '--init-command' has been
added to those switches that we accept.
The documentation has been updated correspondingly.
The original code only supported a single command list to be executed,
and this command list terminates the shell when it completes. To allow
the new command list to preceed the original one, both have been
wrapped in a new container class 'command_line_switches_t'. This is
then passed around in place of the list of strings we used previously.
I had considered moving the interactive, login and other command line
switch states into this container, but doing so would change far more
of the code, moving the structure to be available globally, and I
wasn't confident of the impact. However, this might be a useful thing
to do in the future.
A new function, run_command_list, was lifted from the prior execution
code, and re-used for both the initial command and the regular command
execution.
We need a way to encode arbitrary strings into valid fish variable
names. It would also be nice if we could convert strings to valid URLs
without using the slow and hard to understand `__fish_urlencode` function.
In particular, eliminating the need to manipulate the locale.
Fixes#4150
As part of addressing #1310 I decided it makes more sense to replace
`current-function` with just `function`, etc., because I'm going to add
flags to let the user specify which stack level they are interested in.
With the default being zero or the "current" level.
This just removes every invalid index.
That means with `set foo a b c` and the "show" function from tests/expand.in:
- `show $foo[-5..-1]` prints "3 a b c"
- `show $foo[-10..1]` prints "1 a"
- `show $foo[2..5]` prints "2 b c"
- `show $foo[1 3 7 2]` prints "3 a c b"
and similar for command substitutions.
Fixes#826.
This is another step to resolving issue #1310. It makes
`fish_breakpoint_prompt` a replacement for `fish_prompt` if it is defined
and we're presenting a prompt in the context of a `breakpoint` command.
This implements `status is-breakpoint` that returns true if the current
shell prompt is displayed in the context of a `breakpoint` command.
This also fixes several bugs. Most notably making `breakpoint` a no-op if
the shell isn't interactive. Also, typing `breakpoint` at an interactive
prompt should be an error rather than creating a new nested debugging
context.
Partial fix for #1310
This does several things. It fixes `builtin_function()` so that errors it
emits are displayed. As part of doing that I've removed the unnecessary
`out_err` parameter to make the interface like every other builtin.
This also fixes a regression introduced by #4000 which was attempting to
fix a bug introduced by #3649.
Fixes#4139
Running the tests on travis revealed that some compilers (or at least
with some options) call the wrong struct constructor if there is more
than one struct with the same name but differing definitions.
Hoist the code for parsing flags out of each individual subcommand and
into a function shared by all the subcommands. This reduces duplication
and potential for error. More importantly it makes the code that
actually implements the subcommand more prominent.
The Haiku stdio library has a bug. If we set stdout to unbuffered and it
is attached to a tty it discards wide output. Given how we interact with
the tty it should be safe to replace the problematic `fputwc()` calls
with simple `write()` calls. This does depend on the rest of the fish
code that writes to the tty to ultimately call write() which is true at
this time and should remain true in the future.
Fixes#4100
This came up in the context of issue #4068. This change makes it more
likely that the correct translation from english to another language
will be done for the "Job ... has {ended,stopped}" message.
The problem was overlooking a `break` statement when refactoring a
`switch` block into a simpler `if...else...` block. This fixes the
behavior of the `history-token-search-backward` function and its forward
searching analog.
Fixes#4065
This started out as a refactoring to eliminate the lint warnings. Adding
unit tests revealed the current implementation does not behave as
implied. So this is a complete rewrite of the implementation. With the
addition of unit tests so that it doesn't break in the future and anyone
who thinks this new version behaves wrong can update the unit tests to
help ensure we're testing for the correct behavior.
Fixes#4027
Some platforms do not correctly define `struct dirent` so that its
`d_name` member is long enough for the longest file name. Work around
such broken definitions.
Fixes#4030
The LRU cache wants to store references from nodes back into the
lookup map, so that it is efficient to remove a node from the
map. However certain compilers refuse to form a std::map::iterator
with an incomplete type. Fix this by storing a pointer to the key
instead of the iterator.
Commit f10e4f8 causes some old compilers to complain about implicit
return from non-void function. A false positive error but make the
compiler happy so it stops complaining.
This suppresses lint warnings about using `getpwent()` because there is
only one context where fish uses it. Thus the fact it may not be thread
safe is not relevant to fish. This also improves that call site in
`completer_t::try_complete_user()` method by short-circuiting the loop
when a match is found.
This changes all of the builtins to behave like `string` to return
STATUS_INVALID_ARGS (121) if the args passed to the command don't make
sense. Also change several of the builtins to use the existing symbols
(e.g., STATUS_CMD_OK and STATUS_CMD_ERROR) rather than hardcoded "0"
and "1" for consistency and to make it easier to find such values in
the future.
Fixes#3985
This primarily replaces "STATUS_BUILTIN_OK" with "STATUS_CMD_OK" and
"STATUS_BUILTIN_ERROR" with "STATUS_CMD_ERROR". That is because we want
to make it clear these status codes are applicable to fish functions as
well as builtins. Future changes will make it easier to use these
symbols and values in functions.
Working on a related problem caused me to notice that if a fish script
was run via `nohup` it would die when receiving SIGHUP. This fixes the
code to handle that correctly so that fish scripts can be nohup'd.
Fixes#4007
Per discussion in PR#3998 to review adding a `--filter` flag to `string
replace` rename the same flag in the `string match` subcommand to avoid
confusion about the meaning of the flag.
Discussion in issue #3295 resulted in a decisions to rename the
functions --metadata flag to --details.
This also fixes a bug in the definition of the short flags for the
`functions` command. The `-e` flag does not take an argument and
therefore should not be defined as `e:`. Notice that the long form,
`--erase`, specifies `no_argument`. This discrepency happened to work
due to a quirk of how the flag parsing loop was written.
0 is not a good default PGID, because it's possible for a kernel process
to have the PGID of 0 under Linux.
This meant that job_get_from_pid could return incorrect jobs, as the PGID
for internal, non-forked jobs was the same as kernel processes.
Avoid this by using an invalid PGID as the initial PGID.
It is possible for fish to not be the process group leader; avoid
signalling the process group containing the current process by checking
with getpgrp() rather than assuming that getpid() is enough.
If fish is not the first process in a pipeline, and jobs are started
from the fish process, it is possible for fish and the OS to have
different ideas about what the process group of the jobs are.
This change confirms the current PGID, rather than assuming that it is
the same as the PID.
Defining aliases for existing symbols serves only to obscure the code.
So remove the following symbols and replace them with the primary
symbols:
enum { BUILTIN_TEST_SUCCESS = STATUS_BUILTIN_OK, BUILTIN_TEST_FAIL =
STATUS_BUILTIN_ERROR };
See issue #3985.
The bind mode names can be, and are, used in the construction of fish
variable names. So don't allow users to use names that are not legal as
a variable name. This should not break anything since, AFAICT, no
existing fish scripts, including those provided by Oh-My-Fish and
Fisherman define bind modes that would not be legal with this change.
Fixes#3965
This is the first step in addressing issue #3965. It renames some of the
functions involved in validating variable and function names to clarify
their purpose. It also augments the documentation to make the rules for
such identifiers clearly documented.
The recent change to improve the behavior of the `bg` command (commit
3edb7d538) resulted in the `send_to_bg()` no longer using the `name`
parameter it was given. This rectifies that lint warning by removing
that parameter as it never served a useful purpose.
Switch from null terminated arrays to `wcstring_list_t` for lists of
special env var names. Rename `list_contains_string` to `contains` and
modify the latter interface to not rely on a `#define`.
Rename `list_contains_string()` to `contains()` and eliminate the
current variadic implementation. Update all callers of the removed
version to use the string list version.
There are at least three env vars describing a sequence of paths to be
searched where an empty path element is implicitly equivalent to ".".
This change converts the implicit "." to explicit whenever the variable
is imported or set. This makes the variable much easier to use in fish
scripts.
Fixes#3914
- Error out if anything that is not a PID is given
- Otherwise background all matching existing jobs, even if not all
PIDs exist (but print a message for the non-existing ones)
Fixes#3909.
A call to default_vars_path() takes the environment variable
lock while the uvars lock is held. Ensure that doesn't happen by
deferring the uvars lock to later in the function.
cached_esc_sequences_t::find_entry was constructing a wcstring
from a c string, using lengths longer than the length of the cstring.
Detected with asan.
In the process of fixing the issue I decided it didn't make sense to
have two, incompatible, ways of converting variable strings to arrays.
Especially since the one I'm removing does not return empty array elements.
Fixes#2106
This is the next step in determining whether we can disable blocking
signals without a good reason to do so. This makes not blocking signals
the default behavior. If someone finds a problem they can add this to
their ~/config/fish/config.fish file:
set FISH_NO_SIGNAL_BLOCK 0
Alternatively set that env var before starting fish. I won't be surprised
if people report problems. Till now we have relied on people opting in
to this behavior to tell us whether it causes problems. This makes the
experimental behavior the default that has to be opted out of. This will
give us a lot more confidence this change doesn't cause problems before
the next minor release.
Note that there are still a few places where we force blocking of
signals. Primarily to keep SIGTSTP from interfering with the shell in
response to manipulating the controlling tty. Bash is more selective
in the signals it blocks around the problematic syscalls (c.f., its
`git_terminal_to()` function). However, I don't see any value in that
refinement.
There should be just one place that calls `setupterm()`. While refactoring
the code I also decided to not make initializing the curses subsystem a
fatal error. We now try two fallback terminal names ("ansi" and "dumb")
and if those can't be used we still end up with a usable shell.
Fixes#3850
Before defining fallback functions of wcsdup(), wcscasecmp() and
wcsncasecmp(), use the std:: namespace functions instead if they exist.
0019c12af3 fixed the build on Solaris 10, but broke it on Solaris 11.
This reverts commit e30f3fee88.
Not sure why I didn't notice this before merging it but the change I'm
reverting makes it impossible to start a login shell.
This is the next step in determining whether we can disable blocking
signals without a good reason to do so. This makes not blocking signals
the default behavior. If someone finds a problem they can add this to
their ~/config/fish/config.fish file:
set FISH_NO_SIGNAL_BLOCK 0
Alternatively set that env var before starting fish. I won't be surprised
if people report problems. Till now we have relied on people opting in
to this behavior to tell us whether it causes problems. This makes the
experimental behavior the default that has to be opted out of. This will
give is a lot more confidence this change doesn't cause major problems
prior to the next minor release.
The previous change neglected to consider that numbers too large for the
long long datatype will result in calling strerror(ERANGE) whose return
value can vary depending on the platform. Which breaks the unit test.
The primary pupose of this change is to make OpenSUSE builds happy by
adding a `DIE()` call so its build toolchain knows we won't fall off the
end of function `selection_direction_is_cardinal()`.
I recently upgraded the software on my macOS server and was dismayed to
see that cppcheck reported a huge number of format string errors due to
mismatches between the format string and its arguments from calls to
`assert()`. It turns out they are due to the macOS header using `%lu`
for the line number which is obviously wrong since it is using the C
preprocessor `__LINE__` symbol which evaluates to a signed int.
I also noticed that the macOS implementation writes to stdout, rather
than stderr. It also uses `printf()` which can be a problem on some
platforms if the stream is already in wide mode which is the normal case
for fish.
So implement our own `assert()` implementation. This also eliminates
double-negative warnings that we get from some of our calls to
`assert()` on some platforms by oclint.
Also reimplement the `DIE()` macro in terms of our internal
implementation.
Rewrite `assert(0 && msg)` statements to `DIE(msg)` for clarity and to
eliminate oclint warnings about constant expressions.
Fixes#3276, albeit not in the fashion I originally envisioned.
I'm starting to wonder if IWYU is worth the effort. Nonetheless, this
makes it lint clean on macOS and reduces the number of warnings on
FreeBSD and Linux.
This puts a hard upper bound of 10 MiB on the amount of data that read
will consume. This is to avoid having the shell consume an unreasonable
amount of memory, possibly causing the system to enter a OOM condition,
if the user does something non-sensical.
Fixes#3712
* color: make brgrey really grey
The 0055 value is actually 0x2d which isn't 0x55 mentioned further and is probably a typo
* color.cpp: reformat color table
Tidy color table up and also fix hex number case for grey color. This should ease spotting errors like one from previous commit.
We now are stingier with taking history file locks - if the lock
is held too long we may just break it. But the current file save
architecture holds the lock for the duration of the save. It also
has some not-quite-right checks that can cause spurious failures in
the history stress test.
Reimplement the history save to retry. Rather than holding the lock,
rewrite the file to a temporary location and then take the lock. If
the history file has changed, start all over.
This is going to be slower under contention, but the advantage is that
the lock is only held for a brief period (stat + rename) rather than
across calls to write().
Some updated logic also fixes spurious failures that were easy to observe
when tsan was enabled. These failures were due to failing to check if the
file at the path was the same file we opened.
The next step is to move the history file saving to a background thread
to reduce the chances of it impacting user's typing.
Allow retrying, fix an issue where we trip over our own changes
by thinking the file has changed when we are responsible for changing
it, and improve some commenting
