2011-03-11 Anton Muhin <antonm@chromium.org>

        Reviewed by Adam Barth.

        [v8] Change the way group id for CSS objects is calculated
        https://bugs.webkit.org/show_bug.cgi?id=56117

        Do not treat CSSStyleDeclarations under not CSSRule as belonging to the same object group
        as they should not be reachable in JavaScript.

        Covered by existing layout tests.  Fact of absence of retention is not trivial to prove.

        * bindings/v8/V8GCController.cpp:
        (WebCore::calculateGroupId):
        (WebCore::DOMObjectGrouperVisitor::visitDOMWrapper):

git-svn-id: svn://svn.chromium.org/blink/trunk@80842 bbb929c8-8fbe-4397-9dbb-9b2b20218538

third_party/WebKit/Source/WebCore/ChangeLog

+2011-03-11  Anton Muhin  <antonm@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        [v8] Change the way group id for CSS objects is calculated
+        https://bugs.webkit.org/show_bug.cgi?id=56117
+
+        Do not treat CSSStyleDeclarations under not CSSRule as belonging to the same object group
+        as they should not be reachable in JavaScript.
+
+        Covered by existing layout tests.  Fact of absence of retention is not trivial to prove.
+
+        * bindings/v8/V8GCController.cpp:
+        (WebCore::calculateGroupId):
+        (WebCore::DOMObjectGrouperVisitor::visitDOMWrapper):
+
 2011-03-11  Alexander Pavlov  <apavlov@chromium.org>
 
         Reviewed by Yury Semikhatsky.

third_party/WebKit/Source/WebCore/bindings/v8/V8GCController.cpp

@@ -329,6 +329,38 @@ private:
     }
 };
 
+static uintptr_t calculateGroupId(StyleBase* styleBase)
+{
+    ASSERT(styleBase);
+    StyleBase* current = styleBase;
+    StyleSheet* styleSheet = 0;
+    while (true) {
+        // Special case: CSSStyleDeclarations should have CSSRule as a parent
+        // to proceed with parent traversal, otherwise they are coming from
+        // inlined style declaration and should be treated as a root.
+        if (current->isMutableStyleDeclaration()) {
+            CSSMutableStyleDeclaration* cssMutableStyleDeclaration = static_cast<CSSMutableStyleDeclaration*>(current);
+            if (CSSRule* parentRule = cssMutableStyleDeclaration->parentRule())
+                current = parentRule;
+            else
+                return reinterpret_cast<uintptr_t>(cssMutableStyleDeclaration);
+        }
+
+        if (current->isStyleSheet())
+            styleSheet = static_cast<StyleSheet*>(current);
+
+        StyleBase* parent = current->parent();
+        if (!parent)
+            break;
+        current = parent;
+    }
+
+    if (styleSheet)
+        return reinterpret_cast<uintptr_t>(styleSheet);
+
+    return reinterpret_cast<uintptr_t>(current);
+}
+
 class DOMObjectGrouperVisitor : public DOMWrapperMap<void>::Visitor {
 public:
     DOMObjectGrouperVisitor()
@@ -360,18 +392,7 @@ public:
             || V8CSSMediaRule::info.equals(typeInfo)) {
             StyleBase* styleBase = static_cast<StyleBase*>(object);
 
-            // We put the whole tree of style elements into a single object group.
-            // To achieve that we group elements by the roots of their trees.
-            StyleBase* root = styleBase;
-            ASSERT(root);
-            while (true) {
-                StyleBase* parent = root->parent();
-                if (!parent)
-                    break;
-                root = parent;
-            }
-            // Group id is an address of the root.
-            uintptr_t groupId = reinterpret_cast<uintptr_t>(root);
+            uintptr_t groupId = calculateGroupId(styleBase);
             m_grouper.append(GrouperItem(groupId, wrapper));
 
             if (V8CSSStyleDeclaration::info.equals(typeInfo)) {