[pointer] Improve soundness of invariant modeling

[joshlf]

This commit makes the following improvements:

• Removes the Inaccessible aliasing mode. This mode was not unsound,
  but it was unnecessary in practice.
• Replaces Unknown with Unaligned for alignment.
• Replaces Unknown with Uninit for validity.

Finally, with the exception of transparent_wrapper_into_inner, this
commit ensures that all Ptr methods which modify the type or validity
of a Ptr are sound.

Previously, we modeled validity as "knowledge" about the Ptr's
referent (see #1866 for a more in-depth explanation). In particular, we
assumed that it was always sound to "forget" information about a Ptr's
referent in the same way in which it is sound to "forget" that a Ptr
is validly-aligned, converting a Ptr<T, (_, Aligned, _)> to a
Ptr<T, (_, Unaligned, _)>.

The problem with this approach is that validity doesn't just specify
what bit patterns can be expected to be read from a Ptr's referent, it
also specifies what bit patterns are permitted to be written to the
referent. Thus, "forgetting" about validity and expanding the set of
expected bit patterns also expands the set of bit patterns which can be
written.

Consider, for example, "forgetting" that a Ptr<bool, (_, _, Valid)> is
bit-valid, and downgrading it to a Ptr<bool, (_, _, Initialized)>. If
the aliasing is Exclusive, then the resulting Ptr would permit
writing arbitrary u8s to the referent, violating the bit validity of
the bool.

This commit moves us in the direction of a new model, in which changes
to the referent type or the validity of a Ptr must abide by the
following rules:

• If the resulting Ptr permits mutation of its referent (either via
  interior mutation or Exclusive aliasing), then the set of allowed
  bit patterns in the referent may not expand
• If the original Ptr permits mutation of its referent while the
  resulting Ptr is also live (i.e., via interior mutation on a
  Shared Ptr), then the set of allowed bit patterns in the referent
  may not shrink

This commit does not fix transparent_wrapper_into_inner, which will
require an overhaul or replacement of the TransparentWrapper trait.

Makes progress on #2226, #1866

Co-authored-by: Jack Wrenn [email protected]

---

This PR is on branch v0.8.x-ptr-invariant-mapping.

• [pointer] Improve soundness of invariant modeling #2397

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 93.20388% with 14 lines in your changes missing coverage. Please review.

Project coverage is 87.48%. Comparing base (4173443) to head (fb585cd).

Files with missing lines	Patch %	Lines
src/util/macro_util.rs	74.07%	14 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2397      +/-   ##
==========================================
- Coverage   87.82%   87.48%   -0.35%     
==========================================
  Files          17       17              
  Lines        6200     6279      +79     
==========================================
+ Hits         5445     5493      +48     
- Misses        755      786      +31     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jswrenn]

Reviewed in-person.