{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidjzmlykcxqo3h4up2dtdrjpqqpoixjyvp5nfi6zudcmojktrnfsq",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mendjeboe5d2"
  },
  "path": "/t/pre-rfc-rust-safety-standard/23963?page=4#post_73",
  "publishedAt": "2026-02-12T05:25:30.000Z",
  "site": "https://internals.rust-lang.org",
  "tags": [
    "@hxuhack"
  ],
  "textContent": "> In addition, I have added the **Principle of Least Unsound Scope** to emphasize that unsafe code should be confined to the smallest scope necessary, with safety enforced as early as possible.\n\n@hxuhack\n\nWhether this is a good idea is much-debated.\n\nIt is often not actually considered beneficial to constrain `unsafe {}` to the smallest possible scope if there are multiple successive `unsafe` operations, because often temporarily-broken invariants that must be restored for soundness before leaving the larger scope (e.g. the function) may be broken early in _that_ scope, and only restored after _all_ the `unsafe {}` operations. In this case, using multiple small `unsafe {}` is possible syntactically in the language but can be misleading as to where the unsoundness risks live and when what obligations are discharged.",
  "title": "Pre-RFC: Rust Safety Standard"
}