Memory leak checker misses pointers stored as integers

[RalfJung]

Our memory leak checker works by figuring out which memory is reachable from global statics (or any pointer passed to miri_static_root) when the program finishes, and considering all unreachable memory "leaked". Reachability is determined by looking for proper pointers, i.e., pointer provenance needs to be intact so that we can distinguish them from integers.

But this means when some piece of memory is only reachable through a pointer that is only stored as an integer without provenance, we will miss that pointer and consider the memory leaked.

I have no good idea for how to improve the situation -- I don't think we want to cast all integers to pointers in the hope that they are an actual allocation; that would be extremely expensive and also rather hacky. miri_static_root can sometimes be used to work around this, but it is not a great solution either. Absent any ideas how to improve this, I am inclined to just say "works as intended", but people are going to run into this problem so it seems worth tracking.

[RalfJung]

#1574 is a special case of this (AtomicPtr) that actually has some chance of being fixed by avoiding ptr-int-casts in AtomicPtr. This here is for cases where int-ptr casts still exist and cannot be reasonably avoided. (I am not sure if such cases exist, they might be very rare.)

[oli-obk]

One thing we can do is to do a type-based walking of statics where everything that walks and quacks like a pointer is attempted to get cast to an allocation. This would be less hacky than just casting everything we see.

I agree that we should wait for real world cases to get reported though and not try to proactively invent cases.