Unsafe block is overlooked

[DutchGhost]

I know this code horribly wrong, and it doesnt compile. Even when I expect it to compile:

#![feature(const_fn_union)]
#![feature(const_generics)]

union Transmute {
    example: Example,
    num: usize,
}
    
#[derive(Copy, Clone)]
#[repr(C)]
enum Example {
    field = 1,
}

const fn transpose(n: usize) -> Example {
    unsafe {
        Transmute { num: n }.example
    }
}


fn main() {
}

It complains that we need an unsafe block:

error[E0133]: access to union field is unsafe and requires unsafe function or block
  --> src/main.rs:17:9
   |
17 |         Transmute { num: n }.example
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ access to union field
   |
   = note: the field may not be properly initialized: using uninitialized data will cause undefined behavior

error: aborting due to previous error

but we wrapped it in an unsafe block!

Changing the function signature to const *unsafe* fn transpose(n: usize) -> Example does compile, and then we can leave out the inner unsafe block.

[Centril]

cc @oli-obk

[hellow554]

Slightly reduced:

#![feature(const_fn_union)]

union Transmute {
    e: u32,
}

pub const fn transpose() -> u32 {
    unsafe { Transmute { e: 0 }.e }
}

note that pub const unsafe fn transpose does work as expected

[oli-obk]

Changing the function signature to const unsafe fn transpose(n: usize) -> Example does compile, and then we can leave out the inner unsafe block.

oh oh. That's bad. That shouldn't happen. (As unions are not ok in const fn under any circumstances at thistime). Although const unsafe fn isn't really that bad, as you can't do anything weird with it I guess. cc @RalfJung

[oli-obk]

Note that with a feature gate you can get this without const unsafe fn: #51909

[RalfJung]

Yeah IIRC we wanted to ban union field accesses in all const fn including unsafe const fn. Why is that even a separate code path?

[oli-obk]

Oh.. wait, the const_fn_union feature gate is activated. Nevermind, sorry about the ping. This is just a bug in the feature gate not allowing enough.

[DutchGhost]

Related to #59729 maybe?

[RalfJung]

The code in the OP compiles in the latest nightly. Closing.