I am always confused by this particular doc comment on catch_unwind:
... Finally, be careful in how you drop the result of this function. If it is Err, it contains the panic payload, and dropping that may in turn panic! ...
I definitely understand that the payload's Drop implementation might panic, like any other, but obviously when calling catch_unwind in the first place I most often expect not to panic.
I am confused because the doc specifically highlights the possibility here but doesn't provide any hint to how one is supposed to handle this, so I think it should be clarified what a careful drop of the payload actually means.
Ways I can think of seem obvious bad ideas to me:
leak the payload altogether with mem::forget
recursively catch_unwind on explicit calls to drop (using AssertUnwindSafe wrapper as the payload is not UnwindSafe)
There's also the option to std::process::abort or panic = abort but then, why catch_unwind in the first place?
I think the reason this situation looks confusing is because it wasn’t really considered in the original design. It's still open issue #86027 to do something about it. So, you’re getting the warning but not a recommended solution or a better function to use.
You can put these together into a good strategy (not technically recursive):
catch_unwind() the main thing.
If it panics, catch_unwind() dropping the payload.
If that panics, leak the payload, or just abort.
(You could also use an "abort in Drop" guard instead of the second catch_unwind().)
But remember that this only matters if your goal is to handle a situation where unwinding past the catch location would be unsound (e.g. FFI, or situations where you really need to keep the parent stack frame existing, like scoped threads). If you are simply using catch_unwind() to reduce the blast radius of unexpected failures, then it’s okay to let the second panic propagate, because the panic payload panicking means something very weird is going on — you’re no longer in the field of reasonable situations to recover from. (Most panic payloads are String or &'static str.)
