{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihsa7dpzabewdp6q6vxloiwmxwzqo7m6oty6mur4crad64u44gctq",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mlswbqy6u372"
  },
  "path": "/t/is-it-possible-to-define-various-level-for-safety/24299#post_1",
  "publishedAt": "2026-05-14T12:28:50.000Z",
  "site": "https://internals.rust-lang.org",
  "textContent": "A real-world app may have more than one unsafe level:\n\nlevel -1: unsafe operations, which may cause double free and various hardware related bug.\n\nlevel 0: safe operations that access user's password\n\nanother level 0: safe operations that send messages to a private LLM api (may waste a lot of money)\n\nlevel 1: publish comment into forums which could be redraw easily.\n\nRust could alert users very well if they misuse some unsafe code, but IMHO, use pure safe rust code to launch a nuclear missile is more dangerous than many unsafe operations.\n\nIs it possible to utilize the unsafe block to define more than just one unsafe sematics?\n\n\n    unsafe fn transmute() {}//transmute is always unsafe\n    unsafe(abort) fn panic() {\n        panic!(\"suppose you are calculating for 10 hours, and the program aborts\")\n    }\n    unsafe(any_custom_ident) fn launch_nuclear_weapon() {\n        // since we cannot cover all situations, define such a keyword is fine\n    }\n\n\nAny function which call any type of unsafe function should either:\n\n  1. use an unsafe block without any modifier.\n  2. use an unsafe block with the correct modifier, and put that modifier intofunction's signature.\n\n\n\n\n    fn trust_me() {\n     unsafe{/*I can call any function here, I said it is safe since.......*/}\n    }\n    unsafe (ptr) fn play_with_ptr() {\n        unsafe (ptr) {\n            play_with_ptr();\n        }\n    }\n\n\nrule 2 is a coloring rule, each function calling unsafe X must be X. To avoid this, a pure unsafe block is used.",
  "title": "Is it possible to define various level for safety?"
}