feat(port_std): do the boot phase in a UMS worker thread

This change has the following benefits:

 - Unmanaged interrupts can be taken during the boot phase like real
   hardware.
 - Graceful shutdown can be implemented without resorting to panicking.

Author: yvt

src/constance_port_std/src/lib.rs

@@ -174,12 +174,36 @@ impl State {
         }
     }
 
-    pub fn init<System: Kernel>(&self) {
+    /// Initialize the user-mode scheduling system and boot the kernel.
+    pub fn port_boot<System: Kernel>(&self) -> ! {
         // Create a UMS thread group.
         let (thread_group, join_handle) = ums::ThreadGroup::new(sched::SchedState::new::<System>());
 
         self.thread_group.set(thread_group).ok().unwrap();
         *self.join_handle.lock() = Some(join_handle);
+
+        // Create the initial UMS worker thread, where the boot phase of the
+        // kernel runs
+        let mut lock = self.thread_group.get().unwrap().lock();
+        let thread_id = lock.spawn(|_| {
+            // Safety: We are a port, so it's okay to call this
+            unsafe {
+                <System as PortToKernel>::boot();
+            }
+        });
+        log::trace!("startup thread = {:?}", thread_id);
+        lock.scheduler().task_thread = Some(thread_id);
+        lock.scheduler().recycle_thread(thread_id);
+        lock.preempt();
+        drop(lock);
+
+        // Wait until the thread group shuts down
+        let join_handle = self.join_handle.lock().take().unwrap();
+        if let Err(e) = join_handle.join() {
+            std::panic::resume_unwind(e);
+        }
+
+        panic!("the system has been shut down")
     }
 
     pub unsafe fn dispatch_first_task<System: PortInstance>(&'static self) -> !
@@ -211,17 +235,11 @@ impl State {
             self.thread_group.get().unwrap(),
             &mut lock
         ));
-        lock.preempt();
         drop(lock);
 
-        // Wait until the thread group shuts down
-        let join_handle = self.join_handle.lock().take().unwrap();
-        if let Err(e) = join_handle.join() {
-            std::panic::resume_unwind(e);
-        }
-
-        // TODO: Expose a function to shut down the system
-        panic!("the system has been shut down");
+        // Safety: The requirement of `dispatch_first_task` explicitly allows
+        // discarding the context.
+        unsafe { ums::exit_thread() };
     }
 
     extern "C" fn dispatch_handler<System: PortInstance>()
@@ -637,12 +655,7 @@ macro_rules! use_port {
 
             $crate::env_logger::init();
 
-            port_std_impl::PORT_STATE.init::<$sys>();
-
-            // Safety: We are a port, so it's okay to call these
-            unsafe {
-                <$sys as PortToKernel>::boot();
-            }
+            port_std_impl::PORT_STATE.port_boot::<$sys>();
         }
     };
 }

src/constance_port_std/src/sched.rs

@@ -134,7 +134,8 @@ impl ums::Scheduler for SchedState {
 /// Check for any pending interrupts that can be activated under the current
 /// condition. If there are one or more of them, activate them and return
 /// `true`, in which case the caller should call
-/// [`ums::ThreadGroupLockGuard::preempt`] or [`ums::yield_now`].
+/// [`ums::ThreadGroupLockGuard::preempt`], [`ums::yield_now`],
+/// [`ums::exit_thread`].
 ///
 /// This should be called after changing some properties of `SchedState` in a
 /// way that might cause interrupt handlers to activate, such as disabling

src/constance_port_std/tests/test_suite.rs

@@ -83,12 +83,7 @@ macro_rules! instantiate_kernel_tests {
             #[test]
             fn run() {
                 TEST_UTIL.run(|| {
-                    port_std_impl::PORT_STATE.init::<System>();
-
-                    // Safety: We are a port, so it's okay to call this
-                    unsafe {
-                        <System as constance::kernel::PortToKernel>::boot();
-                    }
+                    port_std_impl::PORT_STATE.port_boot::<System>();
                 });
             }
         }