Remove exceptions from 'Parent' interface

Issue #5245

repos/base/include/base/child.h

@@ -853,9 +853,9 @@ class Genode::Child : protected Rpc_object<Parent>,
 
 		void announce(Service_name const &) override;
 		void session_sigh(Signal_context_capability) override;
-		Session_capability session(Client::Id, Service_name const &,
-		                           Session_args const &, Affinity const &) override;
-		Session_capability session_cap(Client::Id) override;
+		Session_result session(Client::Id, Service_name const &,
+		                       Session_args const &, Affinity const &) override;
+		Session_cap_result session_cap(Client::Id) override;
 		Upgrade_result upgrade(Client::Id, Upgrade_args const &) override;
 		Close_result close(Client::Id) override;
 		void exit(int) override;

repos/base/include/parent/client.h

@@ -33,13 +33,13 @@ struct Genode::Parent_client : Rpc_client<Parent>
 	void session_sigh(Signal_context_capability sigh) override {
 		call<Rpc_session_sigh>(sigh); }
 
-	Session_capability session(Client::Id          id,
-	                           Service_name const &service,
-	                           Session_args const &args,
-	                           Affinity     const &affinity) override {
+	Session_result session(Client::Id          id,
+	                       Service_name const &service,
+	                       Session_args const &args,
+	                       Affinity     const &affinity) override {
 		return call<Rpc_session>(id, service, args, affinity); }
 
-	Session_capability session_cap(Client::Id id) override {
+	Session_cap_result session_cap(Client::Id id) override {
 		return call<Rpc_session_cap>(id); }
 
 	Upgrade_result upgrade(Client::Id to_session, Upgrade_args const &args) override {

repos/base/include/parent/parent.h

@@ -14,7 +14,7 @@
 #ifndef _INCLUDE__PARENT__PARENT_H_
 #define _INCLUDE__PARENT__PARENT_H_
 
-#include <base/exception.h>
+#include <util/attempt.h>
 #include <base/rpc.h>
 #include <base/rpc_args.h>
 #include <base/thread.h>
@@ -143,6 +143,16 @@ class Genode::Parent
 		 */
 		virtual void session_sigh(Signal_context_capability) = 0;
 
+		enum class Session_error {
+			OUT_OF_RAM,             /* session RAM quota exceeds our resources */
+			OUT_OF_CAPS,            /* session CAP quota exceeds our resources */
+			INSUFFICIENT_RAM_QUOTA, /* RAM donation does not suffice */
+			INSUFFICIENT_CAP_QUOTA, /* CAP donation does not suffice */
+			DENIED,                 /* parent or server denies request */
+		};
+
+		using Session_result = Attempt<Capability<Session>, Session_error>;
+
 		/**
 		 * Create session to a service
 		 *
@@ -151,39 +161,35 @@ class Genode::Parent
 		 * \param args             session constructor arguments
 		 * \param affinity         preferred CPU affinity for the session
 		 *
-		 * \throw Service_denied          parent denies session request
-		 * \throw Insufficient_cap_quota  donated cap quota does not suffice
-		 * \throw Insufficient_ram_quota  donated RAM quota does not suffice
-		 * \throw Out_of_caps             session CAP quota exceeds our resources
-		 * \throw Out_of_ram              session RAM quota exceeds our resources
-		 *
 		 * \return session capability if the new session is immediately
-		 *         available, or an invalid capability
+		 *         available, or an invalid capability, or an error of
+		 *         type 'Session_error'.
 		 *
 		 * If the returned capability is invalid, the request is pending at the
 		 * server. The parent delivers a signal to the handler as registered
 		 * via 'session_sigh' once the server responded to the request. Now the
 		 * session capability can be picked up by calling 'session_cap'.
 		 */
-		virtual Session_capability session(Client::Id          id,
-		                                   Service_name const &service_name,
-		                                   Session_args const &args,
-		                                   Affinity     const &affinity = Affinity()) = 0;
+		virtual Session_result session(Client::Id          id,
+		                               Service_name const &service_name,
+		                               Session_args const &args,
+		                               Affinity     const &affinity = Affinity()) = 0;
+
+		enum class Session_cap_error { INSUFFICIENT_RAM_QUOTA,
+		                               INSUFFICIENT_CAP_QUOTA, DENIED, };
+
+		using Session_cap_result = Attempt<Capability<Session>, Session_cap_error>;
 
 		/**
 		 * Request session capability
 		 *
-		 * \throw Service_denied
-		 * \throw Insufficient_cap_quota
-		 * \throw Insufficient_ram_quota
-		 *
 		 * See 'session' for more documentation.
 		 *
-		 * In the exception case, the parent implicitly closes the session.
+		 * In the error case, the parent implicitly closes the session.
 		 */
-		virtual Session_capability session_cap(Client::Id id) = 0;
+		virtual Session_cap_result session_cap(Client::Id id) = 0;
 
-		enum Upgrade_result { UPGRADE_DONE, UPGRADE_PENDING };
+		enum class Upgrade_result { OK, PENDING, OUT_OF_RAM, OUT_OF_CAPS };
 
 		/**
 		 * Transfer our quota to the server that provides the specified session
@@ -191,16 +197,13 @@ class Genode::Parent
 		 * \param id         ID of recipient session
 		 * \param args       description of the amount of quota to transfer
 		 *
-		 * \throw Out_of_caps
-		 * \throw Out_of_ram
-		 *
 		 * The 'args' argument has the same principle format as the 'args'
 		 * argument of the 'session' operation.
 		 */
 		virtual Upgrade_result upgrade(Client::Id to_session,
 		                               Upgrade_args const &args) = 0;
 
-		enum [[nodiscard]] Close_result { CLOSE_DONE, CLOSE_PENDING };
+		enum class [[nodiscard]] Close_result { DONE, PENDING };
 
 		/**
 		 * Close session
@@ -308,19 +311,11 @@ class Genode::Parent
 		GENODE_RPC(Rpc_announce, void, announce,
 		           Service_name const &);
 		GENODE_RPC(Rpc_session_sigh, void, session_sigh, Signal_context_capability);
-		GENODE_RPC_THROW(Rpc_session, Session_capability, session,
-		                 GENODE_TYPE_LIST(Service_denied, Out_of_caps,
-		                                  Out_of_ram, Insufficient_cap_quota,
-		                                  Insufficient_ram_quota),
-		                 Client::Id, Service_name const &, Session_args const &,
-		                 Affinity const &);
-		GENODE_RPC_THROW(Rpc_session_cap, Session_capability, session_cap,
-		                 GENODE_TYPE_LIST(Service_denied, Insufficient_cap_quota,
-		                                  Insufficient_ram_quota),
-		                 Client::Id);
-		GENODE_RPC_THROW(Rpc_upgrade, Upgrade_result, upgrade,
-		                 GENODE_TYPE_LIST(Out_of_ram, Out_of_caps),
-		                 Client::Id, Upgrade_args const &);
+		GENODE_RPC(Rpc_session, Session_result, session,
+		           Client::Id, Service_name const &, Session_args const &,
+		           Affinity const &);
+		GENODE_RPC(Rpc_session_cap, Session_cap_result, session_cap, Client::Id);
+		GENODE_RPC(Rpc_upgrade, Upgrade_result, upgrade, Client::Id, Upgrade_args const &);
 		GENODE_RPC(Rpc_close, Close_result, close, Client::Id);
 		GENODE_RPC(Rpc_session_response, void, session_response,
 		           Server::Id, Session_response);