Update wasmi used in differential fuzzing

[alexcrichton]

Closes #4818
Closes #5102

[github-actions]

Subscribe to Label Action

cc @fitzgen

This issue or pull request has been labeled: "fuzzing"

Thus the following users have been cc'd because of the following labels:

• fitzgen: fuzzing

To subscribe or unsubscribe from this label, edit the .github/subscribe-to-label.json configuration file.

Learn more.

[Robbepop]

Very cool to see wasmi update in the Wasmtime fuzzing.

We have not yet integrated full fuzz testing for the newest wasmi engine ourselves (just very basic fuzzing so far) so my main worry is that this new fuzzy test might be a big noisy at start. If that's the case we will definitely fix found wasmi bugs asap.

Concerning cargo-vet the following crates must be registered to your database:

• wasmi: Well, this is a tough one tbh. I am the author of it but it contains plenty of unsafe code for optimization purposes. We (Parity) are going to use it in production very soon(TM). I am the author of that crate.
• wasmi_core: This is just a small utility crate and should be pretty boring. Also it has no unsafe code. I am the author of that crate.
• wasmi_arena: Similar to wasmi_core. Just defines some arena data structures for use in wasmi. I am the author of that crate.
• memory-units: Can be safely ignored since wasmi already removed it.
• indexmap-nostd: This again is interesting. It is a reimlpementation of the API of the well-known indexmap crate. It uses no unsafe Rust code and is implemented as simple as it gets. We use it in the wasmparser-nostd fork of wasmparser and it passes all wasm-tools tests as well as all of wasmi tests but has no tests on its own. I am the author of that crate.
• wasmparser-nostd: More or less trivial fork of wasmparser. The most interesting difference is the use of the aforementioned indexmap-nostd. I am the author of that fork.

[alexcrichton]

I've added cargo vet entries for all new dependencies added here, except for the wasmi crate itself. I've updated the exemption from 0.11.0 to 0.19.0 so we're not necessarily in much worse of a position, but othewise I'm not in a position to provide a "vet" of that crate in the official sense but I believe it's safe to run for fuzzing for us.

Otherwise thanks for the info @Robbepop, I've run the fuzzer for a number of hours locally and nothing has shown up, so if something pops up on oss-fuzz I'll forward along the issue.

[Robbepop]

Otherwise thanks for the info @Robbepop, I've run the fuzzer for a number of hours locally and nothing has shown up, so if something pops up on oss-fuzz I'll forward along the issue.

Oh wow, that's incredible news. Also looking forward to any forwarded bugs. :)