In the continuous effort of better handling OOM in the kernel,
we want to move away from all AK::String usage. One of the final
pieces left to accomplish this goal is replacing all of the usages
of `String::formatted` with something that can actually propagate
failure.
The StringBuilder API was enhanced in the recent past to propagate
failure and thus a slightly modified version of what exists in
`AK::format` will work well for implementing failable format with
`KString`.
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace!
This was a slightly tedious refactoring that took a long time, so it's
not unlikely that some bugs crept in.
Nevertheless, it does pass basic functionality testing, and it's just
real nice to finally see the same pattern in all contexts. :^)
The C++ standard says that it's legal to call the `delete` operator with
a null pointer argument, in which case it should be a no-op. I
encountered this issue when running a kernel that's compiled with Clang.
I assume this fact was used for some kind of optimization.
This doesn't change anything because our global operator delete also
calls kfree() - however instead of relying on this implementation
detail this makes this dependency more explicit.
There are a bunch of places like drivers which for all intense and
purposes can't really fail allocation during boot, and if they do
fail we should crash immediately.
This change adds `KString::must_create_uninitialized(..)` as well as
`KString::must_create(..)` for use during early boot initialization of
the Kernel. They enforce that they are only used during early boot.
This is a simple string class for use in the kernel. It encapsulates
a length + character array in a single-allocation object.
Main differences from AK::String:
- Single-owner (no reference counting.)
- Allocation failures are exposed, not hidden.
The basic idea is to allow better and more precise string management
in the kernel.