On Fri Aug 18 12:57:59 2023 +0000, Gabriel Ivăncescu wrote:
It's possible that an event task is still pending to be processed. Tasks don't hold ref to the XHR, but they do possibly grab it once processing starts. This wasn't an issue before because we called remove_target_tasks immediately when ref reached 0. But gecko's CC doesn't necessarily call unlink/delete_cycle_collectable immediately when ref reaches 0, it usually delays it. So a task could get processed between ref reaching 0 and the CC actually cleaning it.
It looks like we will need an equivalent of Gecko's `NS_IMPL_CYCLE_COLLECTING_RELEASE_WITH_LAST_RELEASE`. The problem with your patch is that if deletion happens, you're accessing a freed object. Gecko avoids that by explicitly requesting not to delete it with `shouldDelete` and does the deletion later if needed. Unfortunately, that would require Gecko interface extension.