Unwinding can cause serious problems in Rust too, and is a persistent source of bugs in Rust libraries in my experience. However, Rust does mitigate this problem in a few ways:
-
ResultandOptionand?are the preferred method of dealing with recoverable errors, so panics in typical Rust code are rarer than exceptions in typical C++ code. - Rust discourages catching of panics in most cases, so it's less common that a program will continue after unwinding.
- The worst panic-safety bugs, like the ones in the link above, are only possible in unsafe Rust, so they affect less code and are easier to audit for. (The bugs above were found because people audited the unsafe code, not because they caused errors in production. One of them was found before it was even published to crates.io.)
- Rust doesn't have overridable copy constructors or move constructors, so simple operations like assignment are guaranteed not to panic. Values can be moved/copied without running arbitrary code. This helps library authors limit the places where they must guard against exceptions in user code.