New Fuel APIs for Store

[rockwotj]

In an effort to simplify the many fuel related APIs, simplify the
interface here to a single counter with get and set methods.
Additionally the async yield is reduced to an interval of the total fuel
instead of injecting fuel, so it's easy to still reason about how much
fuel is left even with yielding turned on.

Internally this works by keeping two counters - one the VM uses to
increment towards 0 for fuel, the other to track how much is in
"reserve". Then when we're out of gas, we pull from the reserve to
refuel and continue. We use the reserve in two cases: one for overflow
of the fuel (which is an i64 and the API expresses fuel as u64) and the
other for async yieling, which then the yield interval acts as a cap to
how much we can refuel with.

This also means that get_fuel can return the full range of u64
before this change it could only return up to i64::MAX. This is
important because this PR is removing the functionality to track fuel
consumption, and this makes the API less error prone for embedders to
track consumption themselves.

Careful to note that the VM counter that is stored as i64 can be
positive if an instruction "costs" multiple units of fuel when the fuel
ran out.

Fixes: #7255

I've implemented the APIs as documented in the strawman from the issue,
but I used Option<NonZeroU64> for the yield interval instead of trying
to figure out what to do if the yield interval is 0.

[github-actions]

Subscribe to Label Action

cc @fitzgen, @peterhuene

This issue or pull request has been labeled: "fuzzing", "wasmtime:api", "wasmtime:c-api"

Thus the following users have been cc'd because of the following labels:

• fitzgen: fuzzing
• peterhuene: wasmtime:api, wasmtime:c-api

To subscribe or unsubscribe from this label, edit the .github/subscribe-to-label.json configuration file.

Learn more.

[github-actions]

Label Messager: wasmtime:config

It looks like you are changing Wasmtime's configuration options. Make sure to
complete this check list:

• If you added a new Config method, you wrote extensive documentation for
  it.

  Our documentation should be of the following form:

  Short, simple summary sentence.
  
  More details. These details can be multiple paragraphs. There should be
  information about not just the method, but its parameters and results as
  well.
  
  Is this method fallible? If so, when can it return an error?
  
  Can this method panic? If so, when does it panic?
  
  # Example
  
  Optional example here.
  

• If you added a new Config method, or modified an existing one, you
  ensured that this configuration is exercised by the fuzz targets.

  For example, if you expose a new strategy for allocating the next instance
  slot inside the pooling allocator, you should ensure that at least one of our
  fuzz targets exercises that new strategy.

  Often, all that is required of you is to ensure that there is a knob for this
  configuration option in wasmtime_fuzzing::Config (or one
  of its nested structs).

  Rarely, this may require authoring a new fuzz target to specifically test this
  configuration. See our docs on fuzzing for more details.

• If you are enabling a configuration option by default, make sure that it
  has been fuzzed for at least two weeks before turning it on by default.

---

To modify this label's message, edit the .github/label-messager/wasmtime-config.md file.

To add new label messages or remove existing label messages, edit the
.github/label-messager.json configuration file.

Learn more.

[alexcrichton]

I'll take a look once CI is green, so feel free to ping me when that comes up. I'll check in every now and then as well.

[rockwotj]

@alexcrichton test are passing (no rush on a review, I wont be able to make updates until Monday anyways)

[alexcrichton]

Wow I really like how this all turned out, thank you for pushing on this!

I've got a few cosmetic-related concerns but otherwise I think this is good to go. If you're up for it as well it might be good to do a once-over of fuel-related documentation not only on Store but also Config and perhaps other locations since this is a somewhat significant departure from the prior model (but well worth it). For example running out of fuel now unconditionally panics and that cannot be configured, which may be lingering in a few locations (and if not then nothing to do yay!)

[alexcrichton]

While I think it definitely makes sense to store this as Option<NonZeroU64> taking that as a function parameter here may be a bit overkill in the sense that it's somewhat unergonomic to call. Could this instead take Option<u64> and return an error for Some(0)?

[rockwotj]

Thoughts on what to do for the C API in that case? Do we just translate the 0 there into None?

[alexcrichton]

Yeah I think that's reasonable to do for the C API as magical numbers like that are relatively common in C

[rockwotj]

Okay I've made this change then.

[rockwotj]

If you're up for it as well it might be good to do a once-over of fuel-related documentation not only on Store but also Config and perhaps other locations since this is a somewhat significant departure from the prior model (but well worth it). For example running out of fuel now unconditionally panics and that cannot be configured, which may be lingering in a few locations (and if not then nothing to do yay!)

I found one place in Config::consume_fuel so nice suggestion! A quick glance over the project via git grep fuel did not show any other usages.

[rockwotj]

Thoughts on what to do for the C API in that case? Do we just translate the 0 there into None?

[alexcrichton]

oops sorry queued up for merge a bit too soon there