Reducing Raw Pointer Footguns: Preventing Reference Aliasing Violations at Compile Time

The purpose of AliasingGuard is to wrap raw pointer usage before the raw pointer is actually used, then using with_mutable_pointer for the operation that use pointer

Not like this:

let mut leaked: *mut i32 = std::ptr::null_mut();

guard.with_mutable_pointer(|ptr| {
    leaked = ptr;
});

let r = guard.mutable_reference();

unsafe {
    *leaked = 123;
}

But like this:

let mut leaked: *mut i32 = std::ptr::null_mut();

guard.with_mutable_pointer(|ptr| {
    leaked = ptr;
});

let r = guard.mutable_reference();

guard.with_mutable_pointer(|ptr| {
    *ptr = 3;
});

Because once we wrap it, we opt into routing pointer operations through the guard whenever possible, which should cover the majority of cases

Maybe you could show examples of code that genuinely can not be expressed through the guard API, so we can investigate whether the code can be improved further. That way, we can gradually build a stronger safety around raw pointer usage. For now I'm trying to add sub guard :]

Meanwhile, unsafe as_ptr() exists to revert back to the unrestricted/raw style without the guard managing aliasing anymore. In other words, the guard explicitly steps aside because we requested to turn off the guard system entirely by escaping the pointer. It exists to support edge cases where with_mutable_pointer() is insufficient that is also not discovered yet where with_mutable_pointer() is not sufficient