Add access guards to UnsafeCell (#219)

This branch adds the ability to access an `UnsafeCell` by returning a
guard that tracks the lifetime of an `*mut T` or `*const T`. This allows
pointers to `UnsafeCell`s to be stored in data structures, or returned
as part of a guard in user code, while still participating in Loom's
access tracking.

The access guard API is *somewhat* limited, in that it cannot model
_all_ potentially safe accesses of an `UnsafeCell`. If a `ConstPtr`
exists to a given `UnsafeCell`, loom will consider it to be immutably
accessed for the lifespan of that `ConstPtr`; similarly with `MutPtr`.
Technically, if a `ConstPtr` is not dropped but is never accessed again
after a mutable access, this is sound; however, `loom` cannot easily
model this. This means that some technically sound access patterns will
be considered unsound by this API. This...seems fine, as it's clearly
documented that the checking performed by `ConstPtr`/`MutPtr` is
stricter than necessary, and it's better to disallow some sound patterns
than to allow unsound ones. The `with`/`with_mut` API is still available
for finer-grained access checking.

Closes  #116

Signed-off-by: Eliza Weisman <[email protected]>

src/cell/mod.rs

@@ -5,4 +5,4 @@ mod cell;
 mod unsafe_cell;
 
 pub use self::cell::Cell;
-pub use self::unsafe_cell::UnsafeCell;
+pub use self::unsafe_cell::{ConstPtr, MutPtr, UnsafeCell};