On Wed, Dec 3, 2025 at 12:54 PM Alexandre Courbot <[email protected]> wrote: > > I know it's a very edge case, and clearly indicates a bug, but the > general rule is: don't panic the kernel. And in Rust, if possible, don't > even let me compiler insert panic-handling code. If you don't want to > change the return type of the method, then maybe use `unwrap_or` and > `inspect_err` to print an error before returning e.g. `0`.
In general, indeed, but if it is truly something that cannot ever happen (as in one can prove it due to how the local code looks like), then adding error paths for it isn't good, especially if they change a signature. In any case, if it is decided to continue execution (either with an error or with a "default" value etc.), then please use EB, i.e. adding `debug_assert!` and possibly `pr_warn!` (or perhaps `pr_warn_once!` once available). Thanks! > But others have already thought "naah, that's never gonna happen" and > got burnt very publicly [1], so let's learn from that. :P That sounded to me like a higher-level design issue, not so much about `unwrap()`. Cheers, Miguel
