api: test for UnwindSafe

It appears that using a trait object internally implies that the containing
type cannot be assumed to be UnwindSafe. This wasn't previously an
explicit API guarantee, but the AhoCorasick automaton in 0.6.x was
UnwindSafe and it's probably a good idea to keep that particular feature.
Here, we satisfy that by requiring Prefilter to be UnwindSafe, so that all
Prefilter trait objects are therefore also UnwindSafe.

In particular, this introduced a regression in regex that caused a regex
to not be UnwindSafe because it contained an AhoCorasick automaton.
See rust-lang/regex#568 for details.

Author: BurntSushi

src/ahocorasick.rs

@@ -2016,12 +2016,17 @@ mod tests {
 
     #[test]
     fn oibits() {
+        use std::panic::UnwindSafe;
+
         fn assert_send<T: Send>() {}
         fn assert_sync<T: Sync>() {}
+        fn assert_unwind_safe<T: UnwindSafe>() {}
 
         assert_send::<AhoCorasick>();
         assert_sync::<AhoCorasick>();
+        assert_unwind_safe::<AhoCorasick>();
         assert_send::<AhoCorasickBuilder>();
         assert_sync::<AhoCorasickBuilder>();
+        assert_unwind_safe::<AhoCorasickBuilder>();
     }
 }

src/prefilter.rs

@@ -1,11 +1,12 @@
 use std::fmt;
+use std::panic::UnwindSafe;
 
 use memchr::{memchr, memchr2, memchr3};
 
 /// A prefilter describes the behavior of fast literal scanners for quickly
 /// skipping past bytes in the haystack that we know cannot possibly
 /// participate in a match.
-pub trait Prefilter: Send + Sync + fmt::Debug {
+pub trait Prefilter: Send + Sync + UnwindSafe + fmt::Debug {
     /// Returns the next possible match candidate. This may yield false
     /// positives, so callers must "confirm" a match starting at the position
     /// returned. This, however, must never produce false negatives. That is,