@@ -284,10 +284,10 @@ impl<'a, 'tcx> UnsafetyChecker<'a, 'tcx> {
284284 unsafe_blocks : & [ ( ast:: NodeId , bool ) ] ) {
285285 let safety = self . source_scope_local_data [ self . source_info . scope ] . safety ;
286286 let within_unsafe = match ( safety, self . min_const_fn ) {
287- // FIXME: erring on the safe side here and disallowing builtin unsafety in const fn
287+ // Erring on the safe side, pun intended
288288 ( Safety :: BuiltinUnsafe , true ) |
289- // `unsafe` blocks are required even in `const unsafe fn`
290- ( Safety :: FnUnsafe , true ) |
289+ // mir building encodes const fn bodies as safe, even for `const unsafe fn`
290+ ( Safety :: FnUnsafe , true ) => bug ! ( "const unsafe fn body treated as inherently unsafe" ) ,
291291 // `unsafe` blocks are required in safe code
292292 ( Safety :: Safe , _) => {
293293 for violation in violations {
@@ -305,8 +305,10 @@ impl<'a, 'tcx> UnsafetyChecker<'a, 'tcx> {
305305 }
306306 false
307307 }
308+ // regular `unsafe` function bodies allow unsafe without additional unsafe blocks
308309 ( Safety :: BuiltinUnsafe , false ) | ( Safety :: FnUnsafe , false ) => true ,
309310 ( Safety :: ExplicitUnsafe ( node_id) , _) => {
311+ // mark unsafe block as used if there are any unsafe operations inside
310312 if !violations. is_empty ( ) {
311313 self . used_unsafe . insert ( node_id) ;
312314 }
@@ -316,6 +318,7 @@ impl<'a, 'tcx> UnsafetyChecker<'a, 'tcx> {
316318 match violation. kind {
317319 // these are allowed
318320 UnsafetyViolationKind :: MinConstFn
321+ // if `#![feature(min_const_unsafe_fn)]` is active
319322 if self . tcx . sess . features_untracked ( ) . min_const_unsafe_fn => { } ,
320323 _ => {
321324 let mut violation = violation. clone ( ) ;
0 commit comments