Fix possible use-after-free calls in C#/Java bindings #405
Description
FFI wrappers (Java/C#) can cause use-after-free crashes when methods are called after shutdown(). Current design frees the wrapper memory in shutdown() instead of the finalizer.
Proposed Solution (2.0)
Add explicit shutdown message, separate from finalization
- Add a Shutdown variant to the MasterMsg enum
- Add a shutdown() method to dnp3::master::MasterChannel that sends this message
- Create separate FFI functions:
- master_channel_shutdown(): sends shutdown message, doesn't free wrapper
- master_channel_destroy(): only frees wrapper, only called by finalizer
- Update Java/C# shutdown() to call the new shutdown function instead of destroy
Why This Works
No leaks:
Finalizer always runs eventually and frees the wrapper. If shutdown is never called, dropping the Sender when finalizer runs will still terminate the task.
No extra synchronization:
Uses existing channel semantics. After shutdown message is sent, the task terminates and drops the receiver. Future operations fail cleanlywhen send detects the closed channel.
No use-after-free: Wrapper stays valid until finalizer runs. Methods can be called but fail with clear Shutdown errors.