Common Unsafe Patterns in Rust and When They're Justified

Unsafe Rust is justified when you need to perform operations the borrow checker cannot verify, such as calling C functions, manipulating raw pointers, or accessing mutable static variables. You must wrap these operations in an unsafe block or function to explicitly acknowledge the risk of undefined behavior. Use unsafe only when you have manually verified the safety invariants, such as ensuring a raw pointer is valid and not dangling before dereferencing it.

unsafe fn read_raw_pointer(ptr: *const i32) -> i32 {
    // Manually verify ptr is valid before dereferencing
    *ptr
}

fn main() {
    let x = 10;
    let ptr = &x as *const i32;
    let value = unsafe { read_raw_pointer(ptr) };
    println!("Value: {}", value);
}

Unsafe Rust is like turning off the safety guards on a machine to perform a specific, high-risk task that the automatic safety systems don't allow. You use it when you absolutely need to do something low-level, like talking directly to hardware or other programming languages, but you must promise to be extra careful because the computer won't stop you from making a mistake. It is only justified when you know exactly what you are doing and have checked everything yourself.