No-panic Alternatives

no-panic reviews and mentions

• no_panic causing errors in hello world?
  1 project | /r/rust | 2 Apr 2023

  I discovered a crate called no_panic that prevents a function from compiling, unless the compiler can proof that this function can't panic.

• Is there something like "super-safe" rust?
  8 projects | /r/rust | 25 Mar 2023

  /u/dtolnay has a no-panic macro, I don't know its limitations but in older comments they note it pretty much has to be used in release mode, as there are lots of panic codepaths which get optimised out.

• Is Rust really safe? How to identify functions that can potentially cause panic
  6 projects | /r/rust | 12 Mar 2023

  'Hacks' such as https://github.com/dtolnay/no-panic, https://crates.io/crates/no-panics-whatsoever that ensure any calls to panic handling will result in link errors. Not really reliable in terms of being able to abort instead, but a possible tool.

• US NGO Consumer Reports also reporting on C and C++ safety for product development.
  12 projects | /r/cpp | 24 Jan 2023

  nope. Unfortunately, no mainstream language has this yet. We need an Algebraic effects typesystem to do this properly. There are a few temporary band-aid solutions like https://github.com/dtolnay/no-panic

• Carefully exploring Rust as a Python developer
  9 projects | news.ycombinator.com | 13 Nov 2022

  This kind of already exists in the form of #[no_panic] [1]?

  > If the function does panic (or the compiler fails to prove that the function cannot panic), the program fails to compile with a linker error that identifies the function name.

  1: https://github.com/dtolnay/no-panic

• What I like about rust
  2 projects | /r/rust | 1 Nov 2022
• LKML: Linus Torvalds: Re: [PATCH v9 12/27] rust: add `kernel` crate
  4 projects | /r/rust | 2 Oct 2022

  I really think that Rust needs an official #[no_panic] macro that can validate these sort of things (like dtolnay’s crate, I’m not sure why it was archived)

• A pair of Linux kernel modules using Rust
  5 projects | news.ycombinator.com | 13 Sep 2022

  Because it's convenient and familiar to most programmers. Not providing bounds-checked indexing makes some kinds of code very hard to write.

  But note his problem also happens with integer division.

  In Rust, a[x] on an array or vec is really a roughly a shortand for a.get(x).unwrap() (with a different error message)

  Likewise, a / b on integers is a kind of a shortand for a.checked_div(b).unwrap()

  The thing is, if the index ever is out of bounds, or if the denominator is zero, the program has a bug, 100% of time. And if you catch a bug using an assertion there is seldom anything better than interrupting the execution (the only thing I can think of is restarting the program or the subsystem). If you continue execution past a programming error, you may sometimes corrupt data structures or introduce bizarre, hard to debug situations.

  Doing a pattern match on a.get(x) doesn't help because if it's ever None (and your program logic expects that x is in bounds) then you are kind of forced to bail.

  The downside here is that we aren't catching this bug at compile time. And it's true that sometimes we can rewrite the program to not have an indexing operation, usually using iterators (eliding the bounds check will make the program run faster, too). But in general this is not possible, at least not without bringing formal methods. But that's what tests are for, to ensure the correctness of stuff type errors can't catch.

  Now, there are some crates like https://github.com/dtolnay/no-panic or https://github.com/facebookexperimental/MIRAI that will check that your code is panic free. The first one is based on the fact that llvm optimizations can often remove dead code and thus remove the panic from a[x] or a / b - if it doesn't, then compilation fails. The second one employs formal methods to mathematically prove that there is no panic. I guess those techniques will eventually be ported to the kernel even if panics happen differently there (by hooking on the BUG mechanism or whatever)

• Redoing the runtime
  2 projects | /r/rust | 29 Jul 2021

  Hmm, yeah as you mentioned, looks like a surprising amount of stuff is already done in the rust for the linux kernel project: https://github.com/Rust-for-Linux/linux/tree/rust/rust/. It's also MIT/Apache licensed, but I was expecting gpl, so I can actually use it. It's still a lot to trim down on, so might be easier to just build up as needed. Additionally I just saw /u/dtolnay's #[no_panic] attribute which at least makes it a compiler error if it's accidentally done.

• [PATCH 00/13] [RFC] Rust support
  1 project | /r/kernel | 16 Apr 2021

  Obviously, in bare metal systems, in the kernel, etc, you always want to use the second style. In this patch series, the first type had been stubbed out to panic, but Linus doesn't want any chance of panicking, he wants it to be a compile time error if anyone tries to call these methods from within the kernel, for example by not providing the symbols and failing to link if someone did try to use them. There is already precedent for doing that in the Rust ecosystem, so it's planned to do that in this patch series, but the authors hadn't gotten to that yet.

• A note from our sponsor - SaaSHub
  www.saashub.com | 25 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →