refactor(ffi): return null ptr instead of aborting in C API (#2478)

Make C API functions that return pointers return null in case of a
panic, instead of aborting.

Add ffi_fn! macro rules that enable default error values to be returned
by writing "?= <value>" after an ffi function's body.

src/ffi/macros.rs

@@ -1,5 +1,5 @@
 macro_rules! ffi_fn {
-    ($(#[$doc:meta])* fn $name:ident($($arg:ident: $arg_ty:ty),*) -> $ret:ty $body:block) => {
+    ($(#[$doc:meta])* fn $name:ident($($arg:ident: $arg_ty:ty),*) -> $ret:ty $body:block ?= $default:expr) => {
         $(#[$doc])*
         #[no_mangle]
         pub extern fn $name($($arg: $arg_ty),*) -> $ret {
@@ -8,15 +8,23 @@ macro_rules! ffi_fn {
             match panic::catch_unwind(AssertUnwindSafe(move || $body)) {
                 Ok(v) => v,
                 Err(_) => {
-                    // TODO: We shouldn't abort, but rather figure out how to
-                    // convert into the return type that the function errored.
-                    eprintln!("panic unwind caught, aborting");
-                    std::process::abort();
+                    $default
                 }
             }
         }
     };
 
+    ($(#[$doc:meta])* fn $name:ident($($arg:ident: $arg_ty:ty),*) -> $ret:ty $body:block) => {
+        ffi_fn!($(#[$doc])* fn $name($($arg: $arg_ty),*) -> $ret $body ?= {
+            eprintln!("panic unwind caught, aborting");
+            std::process::abort()
+        });
+    };
+
+    ($(#[$doc:meta])* fn $name:ident($($arg:ident: $arg_ty:ty),*) $body:block ?= $default:expr) => {
+        ffi_fn!($(#[$doc])* fn $name($($arg: $arg_ty),*) -> () $body ?= $default);
+    };
+
     ($(#[$doc:meta])* fn $name:ident($($arg:ident: $arg_ty:ty),*) $body:block) => {
         ffi_fn!($(#[$doc])* fn $name($($arg: $arg_ty),*) -> () $body);
     };