Rollup merge of #144531 - Urgau:int_to_ptr_transmutes, r=jackh726

Add lint against integer to pointer transmutes

# `integer_to_ptr_transmutes`

*warn-by-default*

The `integer_to_ptr_transmutes` lint detects integer to pointer transmutes where the resulting pointers are undefined behavior to dereference.

### Example

```rust
fn foo(a: usize) -> *const u8 {
    unsafe {
        std::mem::transmute::<usize, *const u8>(a)
    }
}
```

```
warning: transmuting an integer to a pointer creates a pointer without provenance
   --> a.rs:1:9
    |
158 |         std::mem::transmute::<usize, *const u8>(a)
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = note: this is dangerous because dereferencing the resulting pointer is undefined behavior
    = note: exposed provenance semantics can be used to create a pointer based on some previously exposed provenance
    = help: if you truly mean to create a pointer without provenance, use `std::ptr::without_provenance_mut`
    = help: for more information about transmute, see <https://doc.rust-lang.org/std/mem/fn.transmute.html#transmutation-between-pointers-and-integers>
    = help: for more information about exposed provenance, see <https://doc.rust-lang.org/std/ptr/index.html#exposed-provenance>
    = note: `#[warn(integer_to_ptr_transmutes)]` on by default
help: use `std::ptr::with_exposed_provenance` instead to use a previously exposed provenance
    |
158 -     std::mem::transmute::<usize, *const u8>(a)
158 +     std::ptr::with_exposed_provenance::<u8>(a)
    |
```

### Explanation

Any attempt to use the resulting pointers are undefined behavior as the resulting pointers won't have any provenance.

Alternatively, `std::ptr::with_exposed_provenance` should be used, as they do not carry the provenance requirement or if the wanting to create pointers without provenance `std::ptr::without_provenance_mut` should be used.

See [std::mem::transmute] in the reference for more details.

[std::mem::transmute]: https://doc.rust-lang.org/std/mem/fn.transmute.html

--------

People are getting tripped up on this, see rust-lang/rust#128409 and rust-lang/rust#141220. There are >90 cases like these on [GitHub search](https://github.com/search?q=lang%3Arust+%2Ftransmute%3A%3A%3Cu%5B0-9%5D*.*%2C+%5C*const%2F&type=code).

Fixes rust-lang/rust-clippy#13140
Fixes rust-lang/rust#141220
Fixes rust-lang/rust#145523

`@rustbot` labels +I-lang-nominated +T-lang
cc `@traviscross`
r? compiler

Author: jhpratt

tests/fail/branchless-select-i128-pointer.rs

@@ -1,3 +1,5 @@
+#![allow(integer_to_ptr_transmutes)]
+
 use std::mem::transmute;
 
 #[cfg(target_pointer_width = "32")]

tests/fail/provenance/provenance_transmute.rs

@@ -1,5 +1,7 @@
 //@compile-flags: -Zmiri-permissive-provenance
 
+#![allow(integer_to_ptr_transmutes)]
+
 use std::mem;
 
 // This is the example from

tests/fail/validity/dangling_ref1.rs

@@ -1,5 +1,8 @@
 // Make sure we catch this even without Stacked Borrows
 //@compile-flags: -Zmiri-disable-stacked-borrows
+
+#![allow(integer_to_ptr_transmutes)]
+
 use std::mem;
 
 fn main() {

tests/panic/transmute_fat2.rs

@@ -1,3 +1,5 @@
+#![allow(integer_to_ptr_transmutes)]
+
 fn main() {
     #[cfg(all(target_endian = "little", target_pointer_width = "64"))]
     let bad = unsafe { std::mem::transmute::<u128, &[u8]>(42) };

tests/pass/binops.rs

@@ -32,6 +32,7 @@ fn test_bool() {
     assert_eq!(true ^ true, false);
 }
 
+#[allow(integer_to_ptr_transmutes)]
 fn test_ptr() {
     unsafe {
         let p1: *const u8 = ::std::mem::transmute(0_usize);

tests/pass/too-large-primval-write-problem.rs

@@ -7,6 +7,8 @@
 //
 // This is just intended as a regression test to make sure we don't reintroduce this problem.
 
+#![allow(integer_to_ptr_transmutes)]
+
 #[cfg(target_pointer_width = "32")]
 fn main() {
     use std::mem::transmute;