How to Write Safe Abstractions Over Unsafe Code

Wrap unsafe operations in a safe function that validates inputs and isolates the `unsafe` block to prevent memory safety issues from leaking into your application.

Write a safe function that wraps the unsafe operation, using an unsafe block only for the specific low-level action while validating inputs and maintaining invariants in the safe API. This isolates the risk to a single, audited location and prevents unsafe code from leaking into the rest of your application.

pub fn safe_dereference(ptr: *const i32) -> Option<i32> {
    if ptr.is_null() {
        return None;
    }
    unsafe {
        Some(*ptr)
    }
}

In this pattern, the public safe_dereference function checks for null pointers before entering the unsafe block, ensuring that the raw pointer dereference is only performed when it is guaranteed to be valid.

You write a normal, safe function that acts as a gatekeeper for dangerous code. Inside this function, you put a tiny, marked section where you do the risky work, but only after you've checked that everything is safe to do. It's like having a safety inspector check a bridge before letting cars drive across the dangerous part.