FMI specifies that when fmiFatal is returned from a function, "the slave is irreparably corrupted. [...] It is not possible to call any other function of the slave." (FMI for Co-simulation 1.0, Sec 3.1.2; emphasis mine. FMI 2.0 has a similar phrasing.).
In other words, after a function has returned fmiFatal, fmiFreeInstance() will never be called, which for CPPFMU means we have a memory leak.
In C++, destructors should always be safe to run, so I think the correct solution is to call fmiFreeInstance() from all FatalError handlers.
FMI specifies that when
fmiFatalis returned from a function, "the slave is irreparably corrupted. [...] It is not possible to call any other function of the slave." (FMI for Co-simulation 1.0, Sec 3.1.2; emphasis mine. FMI 2.0 has a similar phrasing.).In other words, after a function has returned
fmiFatal,fmiFreeInstance()will never be called, which for CPPFMU means we have a memory leak.In C++, destructors should always be safe to run, so I think the correct solution is to call
fmiFreeInstance()from allFatalErrorhandlers.