dtolnay
commented
3 years ago I think both of those things (no-panic everything in crate, and turn-panic-into-error) are outside the scope of this crate. It may be interesting to tackle them in a separate crate.
In rawloader[1] I've taken the somewhat controversial decision of using a broad panic catcher at the API entry and turning it into an error. I did this because there's a narrow entry point to the library where this can be done cleanly and because by experience fuzzing through all these wacky formats to try and catch all possible panics is a fool's errand, so why go through that trouble when the compiler does it automatically for me. The only downside is that if you want to use rawloader in a
panic=abortcontext then you may get aborts on broken files.If I could instead verify that there are no possible aborts left then that changes things a bit as I don't need to fuzz to find problems. This crate is interesting for that. So I'm wondering if there is a way to just specify that all functions in my crate should not panic instead of having to annotate each by hand?
Even that would still require me to go and write by hand all the checks that the compiler is now introducing automatically. Is there any way to have a
#[turn-panic-into-error]annotation in functions that just turns the panic into a returned error that I can then bubble up normally?[1] https://github.com/pedrocr/rawloader/