Impact of Static Variables on API Soundness

hxuhack:

In the current implementation, I believe do_critical_task can be declared safe. Is this correct?

Yes.

hxuhack:

If PTR remains private, but additional invalid states become possible, then do_critical_task cannot be declared safe, correct?

If do_critical_task is crate-public and those additional invalid states are reachable from crate-public safe functions, then yes, do_critical_task cannot be safe.

hxuhack:

If PTR is made public (but not to other crates), meaning that additional invalid states could be introduced from outside the module, can do_critical_task still be declared safe?

If the same conditions as above hold, then no, do_critical_task cannot be safe. However, if one of those conditions do not hold, then it can be declared safe. It's just a matter of style (crates with multiple contributors like the standard library may prefer to declare it unsafe to avoid misunderstandings, but simple crates with a single author might not bother in order to keep call sites readable).