The methods which manipulates integer port name and message buffers directly are marked with "throws Unsafe" to prevent them from being used advertently. Methods which encapsulate the low-level code and expose only type-safe abstractions to the user catch the Unsafe pseudo-exception. This is similar in principle to the "semantic regimes" of org.vmmagic. Unfortunately using a pseudo-exception in this way introduces some quirks, as we have to silence compiler warning and "handle" the exception which is never actually thrown. Ideally this would be done with annotations instead (@Unsafe, @AssertSafe) and checked by a custom annotation processor. A third option would be to simply make unsafe methods package-private. Drawbacks are disallowing users access to these methods (even if they know what they're doing), and the lack of check for encapsulation of low-level abstractions.