[OneWingedShark]

While Ada does have `Unchecked_Deallocation` and `Unchecked_Conversion`, Ada out-of-the-box provides safety roughly on-par with the high-integrity C++ style-guide. For provable safety, the SPARK subset/provers are used.

There's a lot you can do in Ada without resorting to them, and even with using them it can be perfectly fine, such as (eg) "view conversion" of a register or memory-mapped location -- remember that a lot of APIs (and ABIs) have been kneecapped by catering to C's inabilities, so even if the idea is directly expressible in some higher level language it will be exposed at the lower level.

[adastra22]

And Rust out of the box is safe by default, and you never have to resort to using unsafe {} blocks in normal usage.

I'm not trying to fight some religious war here. You want to use Ada? Great! But don't pretend that the existence of the unsafe keyword somehow makes Rust unacceptably impure. The same escape hatches exist in every other "safe" language outside of the one toy example whose entire niche purpose was to avoid unsafe, and which no one uses now because the language is ossified and non-extensible.