CONCEPT Cited by 1 source

panic=abort¶

Definition¶

panic=abort is Rust's abort-on-panic strategy: when panic!() fires, the process terminates immediately with no stack unwinding and no destructors run. Contrast with concepts/panic-unwind, which walks the stack and gives code the chance to recover.

The abort strategy is chosen for:

Smaller binary size (no unwinding tables, no landing pads).
Slightly faster hot paths where unwind machinery would cost instructions.
Targets that historically lack an unwinding primitive — notably wasm32-unknown-unknown, which defaults to panic=abort because the WebAssembly instruction set had no exception handling until the Exception Handling proposal reached wide engine support in 2023.

What abort looks like on WebAssembly¶

A Rust panic under panic=abort on Wasm traps with the unreachable instruction, exits back to the embedder with a WebAssembly.RuntimeError, and leaves the Wasm instance in an undefined state. Subsequent use of that instance is unsafe — any memory the panicking code partially mutated, any lock it partially acquired, any resource it was in the middle of allocating remains in an unknown condition. This is the concepts/sandbox-poisoning failure class.

In stock wasm-bindgen pre-2026-04, the embedder had no primitive for distinguishing recoverable Rust panics from genuine aborts, and no supported way to return the Wasm instance to a known-good state. "Panics were historically fatal, poisoning the instance and possibly even bricking the Worker for a period of time."

What survives: non-unwindable aborts¶

Even after concepts/panic-unwind support shipped for Rust-on-Wasm, aborts still happen — out-of-memory is the common cause. Aborts cannot unwind by definition. The complementary primitive is concepts/abort-recovery: detect the non-unwindable failure at the embedder boundary (via an Exception.Tag-marked recoverable shape vs raw abort shape), drop the invalidated instance state, and reinitialise.

Rust Workers lineage¶

workers-rs 0.6 — custom JS-side wrapper detects panics and reinitialises the Wasm module before handling subsequent requests. Solves the sandbox-poisoning symptom for panic=abort Rust Workers but lives platform-side, not in wasm-bindgen.
workers-rs 0.8.0 — --panic-unwind build flag opts into the full panic=unwind + set_on_abort recovery machinery. Users staying on panic=abort still benefit from the 0.6 wrapper.

Seen in¶

sources/2026-04-22-cloudflare-making-rust-workers-reliable-panic-and-abort-recovery-in-wasm-bindgen — canonical wiki instance of panic=abort on wasm32-unknown-unknown as a source of concepts/sandbox-poisoning and of the eventual upstream fix shape.

concepts/panic-unwind — the Rust-strategy contrast panic=abort is defined against.
concepts/sandbox-poisoning — the Wasm-specific failure class panic=abort produces on stock wasm-bindgen.
concepts/abort-recovery — the non-unwindable-failure complement to panic=unwind.
concepts/webassembly-exception-handling — the Wasm proposal that finally made panic=unwind possible and left panic=abort as a choice rather than a necessity.
systems/workers-rs / systems/wasm-bindgen / systems/webassembly.