This is way, way, way too strong, since it prohibits things like panicking on integer overflow, which is already the case and very valuable.
(Also, all input values are valid values of their type, since otherwise one is already in the UB case, so the statement also means "one can never panic ever", which is clearly unhelpful.)
I really like the way <chrono> does this in C++, where you can choose your tradeoffs better.