Fixed-length lists, host side

[cpetig]

Replace the todo's with proper code and add a host side test case.

Implements #12279

Includes all the commits on #10619 , so that one should be merged first.

[github-actions]

Subscribe to Label Action

cc @fitzgen

Details

This issue or pull request has been labeled: "fuzzing", "wasmtime:api", "wasmtime:c-api", "wasmtime:config"

Thus the following users have been cc'd because of the following labels:

• fitzgen: fuzzing

To subscribe or unsubscribe from this label, edit the .github/subscribe-to-label.json configuration file.

Learn more.

[github-actions]

Label Messager: wasmtime:config

It looks like you are changing Wasmtime's configuration options. Make sure to
complete this check list:

• If you added a new Config method, you wrote extensive documentation for
  it.

  Details

  Our documentation should be of the following form:

  Short, simple summary sentence.
  
  More details. These details can be multiple paragraphs. There should be
  information about not just the method, but its parameters and results as
  well.
  
  Is this method fallible? If so, when can it return an error?
  
  Can this method panic? If so, when does it panic?
  
  # Example
  
  Optional example here.
  

• If you added a new Config method, or modified an existing one, you
  ensured that this configuration is exercised by the fuzz targets.

  Details

  For example, if you expose a new strategy for allocating the next instance
  slot inside the pooling allocator, you should ensure that at least one of our
  fuzz targets exercises that new strategy.

  Often, all that is required of you is to ensure that there is a knob for this
  configuration option in wasmtime_fuzzing::Config (or one
  of its nested structs).

  Rarely, this may require authoring a new fuzz target to specifically test this
  configuration. See our docs on fuzzing for more details.

• If you are enabling a configuration option by default, make sure that it
  has been fuzzed for at least two weeks before turning it on by default.

---

Details

To modify this label's message, edit the .github/label-messager/wasmtime-config.md file.

To add new label messages or remove existing label messages, edit the
.github/label-messager.json configuration file.

Learn more.

[cpetig]

TODO: Check whether the standard name fixed-length lists is used over fixed size lists.

[AlbertMarashi]

What's remaining for this?

[cpetig]

What's remaining for this?

I didn't find the time to add a proper test case. And I (non-blockingly) wait for a new wasm-tools release to do the renaming in one row.

[cpetig]

I am not sure whether the O(n) constraint applies to the host side as the user always controls the data types (and dimensions) added on the host side, but if so I will gladly investigate into a different solution.

[cpetig]

@Felix-El

[alexcrichton]

I've got some miscellaneous concerns about this function, so I'm going to list them here:

• This is more-or-less duplicated with new_fixed_length_list_type in types_builder.rs. Could that call this function (or a similar signature?)
• I'm worried about the unchecked multiplication here because the host could declare [SomeBigStruct; HUGE_NUMBER] which exceeds 4GiB of data, and I'd want that to be a panic/error/something as opposed to the silent wrap here.
• I think the saturating_mul here should be checked_mul, and I also don't think the conversion here to u8 is right. If c is 1 and count is 256 then flat_count should be None, not Some(255).
• I'm a little worried that in Rust below we've got N: usize where the parameter count: u32 has a different type here. Could there be a separate entrypoint which takes count: usize and performs a fallible/panicking conversion asserting that the count is less than u32::MAX?

[cpetig]

I thought about how to remove the duplication but this gets more difficult because one of the functions is const (this also makes the implementation less elegant as traits (and_then, try_from) don't work) and I didn't identify an obvious common dependency which is not core but component model specific.

I think I addressed all other concerns.

[alexcrichton]

Could this be moved to crates/core/src/array.rs so this could get miri-testing there, and additionally enable adding #[test] for this? Additionally, this doesn't currently handle panics of cb (leaks intermediate results) and a few more casts than I think are necessary.

I sketched out what I'm thinking here and feel free to copy that into this PR

[cpetig]

Sadly that implementation is only possible with 1.95 up (AsMut on Uninit array, see https://doc.rust-lang.org/beta/core/mem/union.MaybeUninit.html#impl-AsMut%3C%5BMaybeUninit%3CT%3E%5D%3E-for-MaybeUninit%3C%5BT;+N%5D%3E )
🤔

[cpetig]

I found a way which still feels sound to me, hopefully you agree ...