feat(platform-wallet)!: shared ThreadRegistry for coordinator lifecycle + shutdown UAF/data-loss fixes

packages/rs-dash-async/Cargo.toml

@@ -7,12 +7,20 @@ authors = ["Dash Core Team"]
 license = "MIT"
 description = "Async-sync bridging utilities for Dash Platform"
 
+[features]
+# Exposes cross-crate test seams (e.g. `ThreadRegistry::park_orphan_for_test`)
+# so downstream crates can drive registry regression tests without shipping
+# the seam in their production builds.
+test-util = []
+
 [dependencies]
 thiserror = "2.0"
 tracing = "0.1.41"
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 tokio = { version = "1.40", features = ["rt", "rt-multi-thread", "time", "net"] }
+tokio-util = { version = "0.7.12" }
+futures = { version = "0.3.30" }
 
 [dev-dependencies]
-tokio = { version = "1.40", features = ["macros", "rt-multi-thread", "sync"] }
+tokio = { version = "1.40", features = ["macros", "rt-multi-thread", "sync", "time"] }

packages/rs-dash-async/src/atomic.rs

@@ -0,0 +1,64 @@
+use std::sync::atomic::{AtomicBool, Ordering};
+
+/// RAII guard that clears an [`AtomicBool`] flag to `false` on drop.
+///
+/// Callers set the flag to `true` before constructing the guard (typically
+/// via a `compare_exchange`); the guard resets it on every exit path,
+/// including panics, so a panicked holder can never leave the flag wedged.
+///
+/// **Panic-strategy caveat:** the clear-on-panic guarantee relies on
+/// destructors running while the stack unwinds, so it holds under
+/// `panic = "unwind"` (the default). Under `panic = "abort"` — e.g. the
+/// iOS release profiles — a panic aborts the process immediately and no
+/// `Drop` runs; there is simply no "after" left for the flag to gate.
+#[must_use = "AtomicFlagGuard clears the flag on drop; binding to `_` or using as a statement drops it immediately"]
+pub struct AtomicFlagGuard<'a>(&'a AtomicBool);
+
+impl<'a> AtomicFlagGuard<'a> {
+    /// Wrap `flag`. Does **not** set it to `true` — the caller is
+    /// responsible for doing that before constructing the guard.
+    pub fn new(flag: &'a AtomicBool) -> Self {
+        Self(flag)
+    }
+}
+
+impl Drop for AtomicFlagGuard<'_> {
+    fn drop(&mut self) {
+        self.0.store(false, Ordering::Release);
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::panic::{catch_unwind, AssertUnwindSafe};
+
+    /// A guard constructed over a `true` flag holds it while in scope and
+    /// clears it to `false` on a normal scope exit.
+    #[test]
+    fn clears_flag_on_normal_drop() {
+        let flag = AtomicBool::new(true);
+        {
+            let _guard = AtomicFlagGuard::new(&flag);
+            assert!(flag.load(Ordering::Acquire), "flag stays set while held");
+        }
+        assert!(!flag.load(Ordering::Acquire), "flag cleared on drop");
+    }
+
+    /// The clear also runs while unwinding a panic — the load-bearing
+    /// property the sync coordinators lean on so a panicked pass can't
+    /// leave `is_syncing` latched and wedge `quiesce()`'s drain.
+    #[test]
+    fn clears_flag_while_unwinding_panic() {
+        let flag = AtomicBool::new(true);
+        let result = catch_unwind(AssertUnwindSafe(|| {
+            let _guard = AtomicFlagGuard::new(&flag);
+            panic!("boom while holding the guard");
+        }));
+        assert!(result.is_err(), "the panic propagated out of catch_unwind");
+        assert!(
+            !flag.load(Ordering::Acquire),
+            "Drop ran during unwinding and cleared the flag"
+        );
+    }
+}

packages/rs-dash-async/src/lib.rs

@@ -2,7 +2,20 @@
 //!
 //! Provides [`block_on`] -- a function that bridges async futures into sync code,
 //! handling multiple tokio runtime flavors (no runtime, current-thread, multi-thread).
+//!
+//! Also provides [`AtomicFlagGuard`] — a RAII guard for panic-safe `AtomicBool` flag resets,
+//! and [`ThreadRegistry`] — a shared lifecycle engine for background OS-thread / tokio-task
+//! workers (start, cancel, weight-ordered quiesce + join, orphan reap).
 
+mod atomic;
 mod block_on;
+#[cfg(not(target_arch = "wasm32"))]
+mod registry;
 
+pub use atomic::AtomicFlagGuard;
 pub use block_on::{block_on, AsyncError};
+#[cfg(not(target_arch = "wasm32"))]
+pub use registry::{
+    DrainHook, RegistryKey, ShutdownReport, ShutdownWeight, ThreadRegistry, WorkerConfig,
+    WorkerStatus, DEFAULT_JOIN_BUDGET, DEFAULT_REAP_BACKSTOP,
+};