From 906a49eef27c927ff73ed5712d5cd663b06d8963 Mon Sep 17 00:00:00 2001 From: Oliver Scherer Date: Sat, 3 Nov 2018 11:09:52 +0100 Subject: [PATCH] Document unsafe rules with comments and `bug!` calls --- src/librustc_mir/transform/check_unsafety.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/librustc_mir/transform/check_unsafety.rs b/src/librustc_mir/transform/check_unsafety.rs index d096bb32d9586..0547e4476cbe4 100644 --- a/src/librustc_mir/transform/check_unsafety.rs +++ b/src/librustc_mir/transform/check_unsafety.rs @@ -284,10 +284,10 @@ impl<'a, 'tcx> UnsafetyChecker<'a, 'tcx> { unsafe_blocks: &[(ast::NodeId, bool)]) { let safety = self.source_scope_local_data[self.source_info.scope].safety; let within_unsafe = match (safety, self.min_const_fn) { - // FIXME: erring on the safe side here and disallowing builtin unsafety in const fn + // Erring on the safe side, pun intended (Safety::BuiltinUnsafe, true) | - // `unsafe` blocks are required even in `const unsafe fn` - (Safety::FnUnsafe, true) | + // mir building encodes const fn bodies as safe, even for `const unsafe fn` + (Safety::FnUnsafe, true) => bug!("const unsafe fn body treated as inherently unsafe"), // `unsafe` blocks are required in safe code (Safety::Safe, _) => { for violation in violations { @@ -305,8 +305,10 @@ impl<'a, 'tcx> UnsafetyChecker<'a, 'tcx> { } false } + // regular `unsafe` function bodies allow unsafe without additional unsafe blocks (Safety::BuiltinUnsafe, false) | (Safety::FnUnsafe, false) => true, (Safety::ExplicitUnsafe(node_id), _) => { + // mark unsafe block as used if there are any unsafe operations inside if !violations.is_empty() { self.used_unsafe.insert(node_id); } @@ -316,6 +318,7 @@ impl<'a, 'tcx> UnsafetyChecker<'a, 'tcx> { match violation.kind { // these are allowed UnsafetyViolationKind::MinConstFn + // if `#![feature(min_const_unsafe_fn)]` is active if self.tcx.sess.features_untracked().min_const_unsafe_fn => {}, _ => { let mut violation = violation.clone();