class ThreadStorage

This allocates everything and holds ownership in this object. If it

returns an error, some resources may now be owned but nothing more should

be done with the object but to destroy it (and thus reclaim them).

When this returns success, the remaining methods return useful values.

The machine stack, unsafe stack (for the SafeStack ABI, enabled on all

machines), and shadow call stack (enabled on some machines), are all

allocated with guard pages and all-zeroes contents. In the thread area:

* The unsafe stack pointer at $tp + ZX_TLS_UNSAFE_SP_OFFSET is set to

the top of the unsafe stack.

* If the machine's TLS ABI has *$tp = $tp (like x86), that is set.

* The ZX_TLS_STACK_GUARD_OFFSET word still must be set. For the initial

thread, the caller will choose random bits; for new threads, the caller

will copy the value found via its own $tp.

* All the ELF Initial Exec TLS data (static TLS) is initialized.

* The DTV for the dynamic TLS implementation is allocated and filled in.

TODO(https://fxbug.dev/397084454): The new //sdk/lib/dl TLS runtime

does not require a bespoke ABI contract for a DTV.

The name string will become the ZX_PROP_NAME used for the VMO, and must

not be empty. The VMAR handles are saved and used for destruction, so

they must remain valid for the lifetime of the object.

The returned Thread* points somewhere inside the thread area block owned

by this ThreadStorage object, which also contains the static TLS area

already initialized with all the Initial Exec TLS data. The ABI rules

govern where that is in relation to the thread pointer ($tp) and thereby,

indirectly, where the TCB lies relative to $tp. (Note that here we

consider the Fuchsia Compiler ABI

<zircon

/tls.h> fixed slots, as well as

the $tp->self pointer on x86, to be part of the TCB--at one end of it or

the other--though nothing else about the TCB is part of any public ABI.)

This frees just the blocks for all the stacks, leaving the thread block

(where the Thread object itself resides) intact until destruction.

This moves ownership of the ThreadStorage out of the Thread, making it

possible to destroy the Thread before destroying the ThreadStorage makes

its memory inaccessible. (When Thread becomes a true C++ type, this will

be replaced with plain move-construction from its ThreadStorage member.)

If take_thread_block is false, leave the thread block intact.

This moves ownership from this ThreadStorage into the Thread. (When

Thread becomes a true C++ type, this will be replaced with plain

move-assignment to its ThreadStorage member.)

Assert that this ThreadStorage looks like the result of a successful

Allocate(), possibly after FreeStacks() has been called.

These recover those spans from a Thread without modifying it. (When

Thread becomes a true C++ type, these can be removed in favor of just

using the methods above on the ThreadStorage member in Thread.)

This returns the initial value for the machine SP. This is always the

limit of the stack, where a push (`*--sp = ...`) will be the first thing

done. This makes it appropriate for a call site, and on most machines for

the entry to a C function. But on x86 it needs a return address pushed

before it can be used at a C function's entry point.

This returns the initial value for the unsafe SP. This is always the

limit of the stack, which is always the protocol for function entry.

(This is already stored at $tp + ZX_TLS_UNSAFE_SP_OFFSET, too.)

This returns the initial value for the shadow call stack pointer.

That stack grows up, so the next operation will be `*sp++ = ...`.

These return each entire stack as a span.

This is only used inside the Allocate() implementation, but it's public so

it can be used in a concept.