Yes, I would go a bit further and say
unsafe wasn't the best way to show what is happening.
unsafe plays two roles, when applied to function and trait definitions, it states that they are unsafe to call/implement. When applied to a block, it says trust me, I've checked this code. Very different meanings. I would have opted for two different words for this.
unsafe is fine for function and trait definitions, but something like
verified would have been nicer for blocks.
unsafe means that the function or trait has some additional invariants that must be ensured before calling/implementing. Just one meaning. Having a
verified block means that you have done the necessary checks to maintain said invariants, as to ensure soundness.
Now, this is exactly what
unsafe means right now, just that the two different meanings are conflated.
The implication here is that having an entirely safe crate, that has 0 unsafe blocks and only has unsafe functions/traits (which do not call any unsafe functions or do anything intrinsically unsafe like raw pointer deref) means that none of those unsafe functions will actually induce unsoundess. This is because all of those functions are technically sound* no matter what inputs you give them. And there are no implementations of
unsafe traits, so there is no way to go wrong there either.
But, as soon as you introduce a single
verified block, anything that can influence this
verified block is suspect. This could be as limited as a single function, or as wide as a whole crate, usually no more than that.
All this being said, it is far too late to introduce
verified or anything like it. We will just have to document the double roles that
* note: even if it is technically sound to call these functions, you shouldn't before reading the documentation and following the safety guidelines in the docs. If there are no safety guidelines, then you aren't allowed to call the function, because there is no way of knowing what inputs it is safe on, (as that could change in the future, introducing unsoundness in a patch update)