Make rekillable consistent with unkillable

As for now, rekillable is an unsafe function, instead, it should behave
just like unkillable by encapsulating unsafe code within an unsafe
block.

This patch does that and removes unsafe blocks that were encapsulating
rekillable calls throughout rust's libs.

Fixes #8232

src/libextra/sync.rs

@@ -135,9 +135,7 @@ impl<Q:Send> Sem<Q> {
         do task::unkillable {
             do (|| {
                 self.acquire();
-                unsafe {
                 do task::rekillable { blk() }
-                }
             }).finally {
                 self.release();
             }
@@ -234,11 +232,9 @@ impl<'self> Condvar<'self> {
                 // signaller already sent -- I mean 'unconditionally' in contrast
                 // with acquire().)
                 do (|| {
-                    unsafe {
                     do task::rekillable {
                         let _ = WaitEnd.take_unwrap().recv();
                     }
-                    }
                 }).finally {
                     // Reacquire the condvar. Note this is back in the unkillable
                     // section; it needs to succeed, instead of itself dying.
@@ -516,7 +512,6 @@ impl RWLock {
      * 'write' from other tasks will run concurrently with this one.
      */
     pub fn write<U>(&self, blk: &fn() -> U) -> U {
-        unsafe {
         do task::unkillable {
             (&self.order_lock).acquire();
             do (&self.access_lock).access {
@@ -527,7 +522,6 @@ impl RWLock {
             }
         }
     }
-    }
 
     /**
      * As write(), but also with a handle to a condvar. Waiting on this
@@ -562,7 +556,6 @@ impl RWLock {
         // which can't happen until T2 finishes the downgrade-read entirely.
         // The astute reader will also note that making waking writers use the
         // order_lock is better for not starving readers.
-        unsafe {
         do task::unkillable {
             (&self.order_lock).acquire();
             do (&self.access_lock).access_cond |cond| {
@@ -575,7 +568,6 @@ impl RWLock {
             }
         }
     }
-    }
 
     /**
      * As write(), but with the ability to atomically 'downgrade' the lock;
@@ -606,11 +598,9 @@ impl RWLock {
             (&self.access_lock).acquire();
             (&self.order_lock).release();
             do (|| {
-                unsafe {
                 do task::rekillable {
                     blk(RWLockWriteMode { lock: self, token: NonCopyable::new() })
                 }
-                }
             }).finally {
                 let writer_or_last_reader;
                 // Check if we're releasing from read mode or from write mode.

src/libstd/task/mod.rs

@@ -597,10 +597,22 @@ pub fn unkillable<U>(f: &fn() -> U) -> U {
     }
 }
 
-/// The inverse of unkillable. Only ever to be used nested in unkillable().
-pub unsafe fn rekillable<U>(f: &fn() -> U) -> U {
+/**
+ * Makes killable a task marked as unkillable
+ *
+ * # Example
+ *
+ * ~~~
+ * do task::unkillable {
+ *     do task::rekillable {
+ *          // Task is killable
+ *     }
+ * }
+ */
+pub fn rekillable<U>(f: &fn() -> U) -> U {
     use rt::task::Task;
 
+    unsafe {
         if in_green_task_context() {
             let t = Local::unsafe_borrow::<Task>();
             do (|| {
@@ -613,6 +625,7 @@ pub unsafe fn rekillable<U>(f: &fn() -> U) -> U {
             // FIXME(#3095): As in unkillable().
             f()
         }
+    }
 }
 
 #[ignore(reason = "linked failure")]
@@ -646,14 +659,12 @@ fn test_kill_rekillable_task() {
     do run_in_newsched_task {
         do task::try {
             do task::unkillable {
-                unsafe {
                 do task::rekillable {
                     do task::spawn {
                         fail!();
                     }
                 }
             }
-            }
         };
     }
 }