The purpose of
unsafe code is to let you remove all checks and safety layers that stand between the developer and being able to write C code using Rust syntax (manipulating raw pointers, type punning, shared mutation without enforced synchronisation, data races, etc.).
If you want the safety checks then you'll use safe constructs that enforce safety (
The main reason we don't let people just "turn the checks off" is because a lot of safety is enforced statically at compile time (e.g. the type system enforces that you can't have multiple mutable borrows), so there's no "flag" to remove, per-se.
The compiler exposes
debug_assertions to let you do conditional compilation based on whether the user wants a debug or release build, but that's mainly intended for runtime assertions during development like integer overflow checks or sanity checks.
It would be frowned upon by the Rust community to change the statically enforced contracts in your API based on this (e.g. to remove lifetime annotations or switch from
UnsafeCell). Not to mention a maintenance nightmare.