class ThreadStorage

This allocates everything and holds ownership in this object. If it

returns an error, some resources may now be owned but nothing more should

be done with the object but to destroy it (and thus reclaim them).

When this returns success, the remaining methods return useful values.

The machine stack, unsafe stack (for the SafeStack ABI, enabled on all

machines), and shadow call stack (enabled on some machines), are all

allocated with guard pages and all-zeroes contents. In the thread area:

* The unsafe stack pointer at $tp + ZX_TLS_UNSAFE_SP_OFFSET is set to

the top of the unsafe stack.

* If the machine's TLS ABI has *$tp = $tp (like x86), that is set.

* The ZX_TLS_STACK_GUARD_OFFSET word still must be set. For the initial

thread, the caller will choose random bits; for new threads, the caller

will copy the value found via its own $tp.

* All the ELF Initial Exec TLS data (static TLS) is initialized.

* The DTV for the dynamic TLS implementation is allocated and filled in.

TODO(https://fxbug.dev/397084454): The new //sdk/lib/dl TLS runtime

does not require a bespoke ABI contract for a DTV.

The name string will become the ZX_PROP_NAME used for the VMO, and must

not be empty. The VMAR handle is saved and used for destruction, so it

must remain valid for the lifetime of the object (it's just the long-lived

primary allocation / root VMAR handle, except in tests).

The returned Thread* points somewhere inside the thread area block owned

by this ThreadStorage object, which also contains the static TLS area

already initialized with all the Initial Exec TLS data. The ABI rules

govern where that is in relation to the thread pointer ($tp) and thereby,

indirectly, where the TCB lies relative to $tp. (Note that here we

consider the Fuchsia Compiler ABI

<zircon

/tls.h> fixed slots, as well as

the $tp->self pointer on x86, to be part of the TCB--at one end of it or

the other--though nothing else about the TCB is part of any public ABI.)

This frees just the blocks for all the stacks, leaving the thread block

(where the Thread object itself resides) intact until destruction.

This moves ownership of the ThreadStorage out of the Thread, making it

possible to destroy the Thread before destroying the ThreadStorage makes

its memory inaccessible. (When Thread becomes a true C++ type, this will

be replaced with plain move-construction from its ThreadStorage member.)

If take_thread_block is false, leave the thread block intact.

This moves ownership from this ThreadStorage into the Thread. (When

Thread becomes a true C++ type, this will be replaced with plain

move-assignment to its ThreadStorage member.)

This returns the initial value for the machine SP. This is always the

limit of the stack, where a push (`*--sp = ...`) will be the first thing

done. This makes it appropriate for a call site, and on most machines for

the entry to a C function. But on x86 it needs a return address pushed

before it can be used at a C function's entry point.

This returns the initial value for the unsafe SP. This is always the

limit of the stack, which is always the protocol for function entry.

(This is already stored at $tp + ZX_TLS_UNSAFE_SP_OFFSET, too.)

This returns the initial value for the shadow call stack pointer.

That stack grows up, so the next operation will be `*sp++ = ...`.

A handy stash of the unowned AllocationVmar() value passed to Allocate().

The thread block is implicitly destroyed last. **NOTE:** The Thread

object itself resides inside the thread block, so the block must not be

reclaimed until the ThreadStorage has been moved out of the Thread!

FreeStacks() can be called first to free up most of the storage while the

Thread object needs to stay alive (until join or detached final-exit).

This takes a pointer-to-data-member and all the members are private. It's

only used in implementation template code outside the class that's called

by method implementations.