Private unsafe fields are a poorly motivated feature

tczajka:

Or should val be an unsafe field here, even though the module doesn't use it for memory safety?

I would respond that the example is poor.

It should clarify whether "guaranteed" is correctness or soundness, and then either

• make set_unchecked not be unsafe, or
• make val be unsafe, updating the new with a safety comment about why constructing it there is correct

Right now it's unclear to consumers whether they can soundly do std::num::NonZero::new_unchecked(your_nz.get()) or not, so even without this feature that should be clarified.

(Similarly, if set_unchecked is going to be unsafe fn then it should have a # Safety comment to state its preconditions.)