C++ modernisation followups: FFI thread safety, RAII, jthread migration

[benswift]

Summary

Follow-up to #419 covering three backlog items: TASK-040, partial TASK-039 and partial TASK-044. Based on cpp-modernisation so it only shows the follow-up work.

TASK-040 — FFI thread safety (done)

• s_ffiCount is now std::atomic<int> with fetch_add for slot assignment.
• s_ffiTable entries are std::atomic<foreign_func> with release/acquire pairing between mk_foreign_func and ffi_trampoline<N> — no mutex on the hot path.
• LLVM_SCHEME_FF_MAP is guarded with std::shared_mutex (shared on get, unique on set). The getter now uses find() rather than operator[], which also fixes a latent bug of inserting empty strings for unknown keys.

TASK-039 — RAII (partial)

• AudioDevice::m_threads[MAX_RT_AUDIO_THREADS] raw EXTThread* array → std::array<std::unique_ptr<EXTThread>, N>. Destructor detaches each running thread so unique_ptr destruction doesn't trip std::terminate (these threads intentionally run while(true) for the life of the process). The unused getMTThreads() accessor is removed.
• thread_local std::minstd_rand* → value-typed thread_local std::minstd_rand, seeded lazily with time(nullptr) on first access. No more heap allocation, no more per-call null check.

Remaining (kept on the backlog): SchemeProcess/REPL registries → Meyers singletons, and SchemeTask::m_ptr → std::variant.

TASK-044 — EXTThread → std::thread/jthread (partial)

• The primary delayed-connect thread and the linenoise REPL thread in Extempore.cpp were leaked new EXTThread(...). Now std::thread(...).detach(), matching the fire-and-forget intent.

Kept on EXTThread for documented reasons (RT priority, setSubsume, or xtlang FFI ABI): AudioDevice m_threads, SchemeProcess::m_threadTask/m_threadServer, and the xtlang thread_fork API.

Test plan

• cmake --build build --target extempore — clean
• ctest --label-regex \"libs-core|cpp-unit|compiler-unit\" — 19/19 pass
• ctest --label-regex \"libs-external\" — 1/1 pass
• cmake --build build --target aot_external_audio — builds
• ./extempore --batch \"(begin (println 'hello) (quit 0))\" — runs
• CI: Linux x64 / macOS arm64 / Windows x64 matrix

[benswift]

TSan run — 2026-04-19

Built with EXTEMPORE_SANITIZE=tsan and ran the full libs-core | cpp-unit | compiler-unit suite (11 tests, ~24min wall time). All tests pass.

Four unique races were reported, all pre-existing and untouched by this PR:

Location	Cause
SchemeS7.cpp:309 (scheme_load_file) ×11	reads UNIV::TIME on main thread while the scheduler writes it
SchemeS7.cpp:79 (begin_hook) ×2	same UNIV::TIME race
SchemeProcess.cpp:293 (taskImpl) ×2	m_libsLoaded bool read without synchronisation
stl_deque.h:273 ×1	SchemeTask queue iterator race (taskQueue access, matches TASK-042's this is a race :( comment)

These fall under existing backlog items: the UNIV::TIME and deque races belong to TASK-042 (audio thread dispatcher race conditions), and the m_libsLoaded bool should be added there.

Nothing reported on code this PR changed — the atomic s_ffiCount / s_ffiTable and shared_mutex-guarded LLVM_SCHEME_FF_MAP produced zero TSan warnings under load. Audio m_threads and the thread-local PRNG were also clean.