Item 15: Avoid writing
The memory safety guarantees of Rust are its unique selling point; it is the Rust language feature that is not found in any other mainstream language. These guarantees come at a cost; writing Rust requires you to re-organize your code to mollify the borrow checker (Item 13), and to precisely specify the pointer types that you use (Item 8).
Unsafe Rust weakens some of those guarantees, in particular by allowing the use of raw pointers that work more like old-style C pointers. These pointers are not subject to the borrowing rules, and the programmer is responsible for ensuring that they still point to valid memory whenever they're used.
So at a superficial level, the advice of this Item is trivial: why move to Rust if you're just going to write C code in
Rust? However, there are occasions where
unsafe code is absolutely required – for low-level library code, or
for when your Rust code has to interface with code in other languages (Item 36).
The wording of this Item is quite precise, though: avoid writing
unsafe code. The emphasis is on the "writing",
because much of the time the
unsafe code you're likely to need has already been written for you.
The Rust standard libraries contain a lot of
unsafe code; a quick search finds around 1000 uses of
unsafe in the
alloc library, 1500 in
core and a further 2000 in
std. This code has been written by experts and is
battle-hardened by use in many thousands of Rust codebases.