Consider rust's strict_provenance?

[rujialiu]

Someone told me today that we should not assume C's size_t and rust's usize should be able to hold pointers because this is not the case on some emerging architectures (https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-947.pdf). Rust has a tracking issue on strict_provenance (rust-lang/rust#95228) that seems to be related to this kind of complexity, but it looks too complex to me, and it might be too early to consider this, but I think it's a good thing to make the code more clear/reliable and ready to new architectures. So I'm opening this issue in case anyone is interested in.

[rujialiu]

Looking at the projects that mentioned that rust issue, I found https://github.com/google/zerocopy quite interesting. The codes that I debugged a lot during porting to 32-bit, is somewhat similar to what zerocopy tries to do. While we don't neccesary need to use it directly, we can follow its development