Is there some way to get automated guidance when writing unsafe blocks? Some unsafe things are certainly more unsafe than others, and once one opens Pandora's box by deciding to use unsafe code for something, it seems like there's no help other than "do your own research" about how to ensure that the unsafe block turns out safe.
For example, I was going to use transmute to cast a slice with one element type to a slice with another where I know the element types have identical representations - or actually, I only know that because I looked at the source, and they do. But then I find out that the Rust compiler is free to implement slices with different element types differently. So I need to use slice::from_raw_parts. But then it occurs to me that I'm just trusting that the element types stay having identical representations, with no safety net about that.
What I'd like to do is somehow write something that walks the Rust compiler through the individual steps in the conversion in such a way were the Rust compiler can produce an error when any step fails to uphold its underlying assumption. And know that I've done that and not left an "unsafety gap".
One case of this would be the ability to assert that for 2 sets of instantiations, certain code fully obeys parametric polymorphism, at least with respect to decisions made by the current Rust compiler, under all optimization levels (or even just certain specified optimization levels). Another case would be asserting that two types have bit-wise compatible underlying representations. Another would be that the following unsafe manipulations cannot lead to dangling references. Compile-time pre and post condition checks? Something that asserts that the unsafe block hasn't manufactured a lifetime out of hole cloth?
I've had experience with proof assistants - so I have that model in mind: the Rust compiler has certain automation to prove safety, and the automation relies on the user adhering to rules that give the Rust compiler a not-too computationally complex way to do those proofs. That's great! But, as soon as some code needs to do something that does not adhere to those rules, is there anything the user can do that still results in a verified safety guarantee under current compiled conditions?