Make Module::new perform validation. (#621)

* Make `Module::new` perform validation.

As noticed in #602, `Module::new` did not perform validation, which
turns out to be error-prone in practice. Rename it to
`Module::new_unchecked`, and add a new `Module::new` which does
perform validation.

Preserve wasm-c-api's `wasm_module_new`'s behavior by using
`Module::new_unchecked`, and implement `wasm_module_validate`.

* Change `validate`'s store argument to `&HostRef<Store>`.

* Enable multi-value in validation.

crates/api/src/wasm.rs

@@ -722,6 +722,8 @@ impl wasm_name_t {
     }
 }
 
+/// Note that this function does not perform validation on the wasm
+/// binary. To perform validation, use `wasm_module_validate`.
 #[no_mangle]
 pub unsafe extern "C" fn wasm_module_new(
     store: *mut wasm_store_t,
@@ -729,7 +731,7 @@ pub unsafe extern "C" fn wasm_module_new(
 ) -> *mut wasm_module_t {
     let binary = (*binary).as_slice();
     let store = &(*store).store;
-    let module = Module::new(store, binary).expect("module");
+    let module = Module::new_unchecked(store, binary).expect("module");
     let imports = module
         .imports()
         .iter()
@@ -756,6 +758,16 @@ pub unsafe extern "C" fn wasm_module_new(
     Box::into_raw(module)
 }
 
+#[no_mangle]
+pub unsafe extern "C" fn wasm_module_validate(
+    store: *mut wasm_store_t,
+    binary: *const wasm_byte_vec_t,
+) -> bool {
+    let binary = (*binary).as_slice();
+    let store = &(*store).store;
+    Module::validate(store, binary).is_ok()
+}
+
 #[no_mangle]
 pub unsafe extern "C" fn wasm_store_delete(store: *mut wasm_store_t) {
     let _ = Box::from_raw(store);