Move MediaQuery classes off BlinkGC heap

This CL moves the following classes off the BlinkGC heap
MediaQueryExp
MediaQuery
MediaQuerySet
MediaQueryResult
in an effort to avoid the crasher crbug.com/699269.

BUG=699269
Review-Url: https://codereview.chromium.org/2837023005
Cr-Commit-Position: refs/heads/master@{#467331}
(cherry picked from commit d434dda

Review-Url: https://codereview.chromium.org/2873433003 .
Cr-Commit-Position: refs/branch-heads/3029@{#828}
Cr-Branched-From: 939b32e-refs/heads/master@{#454471}

Author: Keishi Hattori

third_party/WebKit/Source/core/css/CSSMediaRule.cpp

@@ -32,7 +32,7 @@ CSSMediaRule::CSSMediaRule(StyleRuleMedia* mediaRule, CSSStyleSheet* parent)
 
 CSSMediaRule::~CSSMediaRule() {}
 
-MediaQuerySet* CSSMediaRule::mediaQueries() const {
+RefPtr<MediaQuerySet> CSSMediaRule::mediaQueries() const {
   return toStyleRuleMedia(m_groupRule.get())->mediaQueries();
 }
 

third_party/WebKit/Source/core/css/CSSMediaRule.h

@@ -53,7 +53,7 @@ class CSSMediaRule final : public CSSConditionRule {
 
   CSSRule::Type type() const override { return kMediaRule; }
 
-  MediaQuerySet* mediaQueries() const;
+  RefPtr<MediaQuerySet> mediaQueries() const;
 
   mutable Member<MediaList> m_mediaCSSOMWrapper;
 };

third_party/WebKit/Source/core/css/CSSStyleSheet.cpp

@@ -202,8 +202,8 @@ void CSSStyleSheet::setDisabled(bool disabled) {
   didMutate();
 }
 
-void CSSStyleSheet::setMediaQueries(MediaQuerySet* mediaQueries) {
-  m_mediaQueries = mediaQueries;
+void CSSStyleSheet::setMediaQueries(RefPtr<MediaQuerySet> mediaQueries) {
+  m_mediaQueries = std::move(mediaQueries);
   if (m_mediaCSSOMWrapper && m_mediaQueries)
     m_mediaCSSOMWrapper->reattach(m_mediaQueries.get());
 }
@@ -214,7 +214,7 @@ bool CSSStyleSheet::matchesMediaQueries(const MediaQueryEvaluator& evaluator) {
 
   if (!m_mediaQueries)
     return true;
-  return evaluator.eval(m_mediaQueries, &m_viewportDependentMediaQueryResults,
+  return evaluator.eval(*m_mediaQueries, &m_viewportDependentMediaQueryResults,
                         &m_deviceDependentMediaQueryResults);
 }
 
@@ -444,9 +444,6 @@ void CSSStyleSheet::setText(const String& text) {
 
 DEFINE_TRACE(CSSStyleSheet) {
   visitor->trace(m_contents);
-  visitor->trace(m_mediaQueries);
-  visitor->trace(m_viewportDependentMediaQueryResults);
-  visitor->trace(m_deviceDependentMediaQueryResults);
   visitor->trace(m_ownerNode);
   visitor->trace(m_ownerRule);
   visitor->trace(m_mediaCSSOMWrapper);

third_party/WebKit/Source/core/css/CSSStyleSheet.h

@@ -100,8 +100,8 @@ class CORE_EXPORT CSSStyleSheet final : public StyleSheet {
 
   void clearOwnerRule() { m_ownerRule = nullptr; }
   Document* ownerDocument() const;
-  const MediaQuerySet* mediaQueries() const { return m_mediaQueries; }
-  void setMediaQueries(MediaQuerySet*);
+  const MediaQuerySet* mediaQueries() const { return m_mediaQueries.get(); }
+  void setMediaQueries(RefPtr<MediaQuerySet>);
   bool matchesMediaQueries(const MediaQueryEvaluator&);
   const MediaQueryResultList& viewportDependentMediaQueryResults() const {
     return m_viewportDependentMediaQueryResults;
@@ -164,7 +164,7 @@ class CORE_EXPORT CSSStyleSheet final : public StyleSheet {
   bool m_isDisabled = false;
   bool m_loadCompleted = false;
   String m_title;
-  Member<MediaQuerySet> m_mediaQueries;
+  RefPtr<MediaQuerySet> m_mediaQueries;
   MediaQueryResultList m_viewportDependentMediaQueryResults;
   MediaQueryResultList m_deviceDependentMediaQueryResults;
 

third_party/WebKit/Source/core/css/MediaList.cpp

@@ -21,7 +21,6 @@
 
 #include "bindings/core/v8/ExceptionState.h"
 #include "core/css/CSSStyleSheet.h"
-#include "core/css/MediaQuery.h"
 #include "core/css/MediaQueryExp.h"
 #include "core/css/parser/MediaQueryParser.h"
 #include "wtf/text/StringBuilder.h"
@@ -58,15 +57,15 @@ MediaQuerySet::MediaQuerySet(const MediaQuerySet& o)
     m_queries[i] = o.m_queries[i]->copy();
 }
 
-MediaQuerySet* MediaQuerySet::create(const String& mediaString) {
+RefPtr<MediaQuerySet> MediaQuerySet::create(const String& mediaString) {
   if (mediaString.isEmpty())
     return MediaQuerySet::create();
 
   return MediaQueryParser::parseMediaQuerySet(mediaString);
 }
 
 bool MediaQuerySet::set(const String& mediaString) {
-  MediaQuerySet* result = create(mediaString);
+  RefPtr<MediaQuerySet> result = create(mediaString);
   m_queries.swap(result->m_queries);
   return true;
 }
@@ -75,46 +74,46 @@ bool MediaQuerySet::add(const String& queryString) {
   // To "parse a media query" for a given string means to follow "the parse
   // a media query list" steps and return "null" if more than one media query
   // is returned, or else the returned media query.
-  MediaQuerySet* result = create(queryString);
+  RefPtr<MediaQuerySet> result = create(queryString);
 
   // Only continue if exactly one media query is found, as described above.
   if (result->m_queries.size() != 1)
     return true;
 
-  MediaQuery* newQuery = result->m_queries[0].release();
+  std::unique_ptr<MediaQuery> newQuery = std::move(result->m_queries[0]);
   ASSERT(newQuery);
 
   // If comparing with any of the media queries in the collection of media
   // queries returns true terminate these steps.
   for (size_t i = 0; i < m_queries.size(); ++i) {
-    MediaQuery* query = m_queries[i].get();
-    if (*query == *newQuery)
+    MediaQuery& query = *m_queries[i];
+    if (query == *newQuery)
       return true;
   }
 
-  m_queries.push_back(newQuery);
+  m_queries.push_back(std::move(newQuery));
   return true;
 }
 
 bool MediaQuerySet::remove(const String& queryStringToRemove) {
   // To "parse a media query" for a given string means to follow "the parse
   // a media query list" steps and return "null" if more than one media query
   // is returned, or else the returned media query.
-  MediaQuerySet* result = create(queryStringToRemove);
+  RefPtr<MediaQuerySet> result = create(queryStringToRemove);
 
   // Only continue if exactly one media query is found, as described above.
   if (result->m_queries.size() != 1)
     return true;
 
-  MediaQuery* newQuery = result->m_queries[0].release();
+  std::unique_ptr<MediaQuery> newQuery = std::move(result->m_queries[0]);
   ASSERT(newQuery);
 
   // Remove any media query from the collection of media queries for which
   // comparing with the media query returns true.
   bool found = false;
   for (size_t i = 0; i < m_queries.size(); ++i) {
-    MediaQuery* query = m_queries[i].get();
-    if (*query == *newQuery) {
+    MediaQuery& query = *m_queries[i];
+    if (query == *newQuery) {
       m_queries.remove(i);
       --i;
       found = true;
@@ -124,8 +123,8 @@ bool MediaQuerySet::remove(const String& queryStringToRemove) {
   return found;
 }
 
-void MediaQuerySet::addMediaQuery(MediaQuery* mediaQuery) {
-  m_queries.push_back(mediaQuery);
+void MediaQuerySet::addMediaQuery(std::unique_ptr<MediaQuery> mediaQuery) {
+  m_queries.push_back(std::move(mediaQuery));
 }
 
 String MediaQuerySet::mediaText() const {
@@ -142,16 +141,13 @@ String MediaQuerySet::mediaText() const {
   return text.toString();
 }
 
-DEFINE_TRACE(MediaQuerySet) {
-  visitor->trace(m_queries);
-}
-
-MediaList::MediaList(MediaQuerySet* mediaQueries, CSSStyleSheet* parentSheet)
+MediaList::MediaList(RefPtr<MediaQuerySet> mediaQueries,
+                     CSSStyleSheet* parentSheet)
     : m_mediaQueries(mediaQueries),
       m_parentStyleSheet(parentSheet),
       m_parentRule(nullptr) {}
 
-MediaList::MediaList(MediaQuerySet* mediaQueries, CSSRule* parentRule)
+MediaList::MediaList(RefPtr<MediaQuerySet> mediaQueries, CSSRule* parentRule)
     : m_mediaQueries(mediaQueries),
       m_parentStyleSheet(nullptr),
       m_parentRule(parentRule) {}
@@ -166,7 +162,8 @@ void MediaList::setMediaText(const String& value) {
 }
 
 String MediaList::item(unsigned index) const {
-  const HeapVector<Member<MediaQuery>>& queries = m_mediaQueries->queryVector();
+  const Vector<std::unique_ptr<MediaQuery>>& queries =
+      m_mediaQueries->queryVector();
   if (index < queries.size())
     return queries[index]->cssText();
   return String();
@@ -202,13 +199,12 @@ void MediaList::appendMedium(const String& medium,
     m_parentStyleSheet->didMutate();
 }
 
-void MediaList::reattach(MediaQuerySet* mediaQueries) {
+void MediaList::reattach(RefPtr<MediaQuerySet> mediaQueries) {
   ASSERT(mediaQueries);
   m_mediaQueries = mediaQueries;
 }
 
 DEFINE_TRACE(MediaList) {
-  visitor->trace(m_mediaQueries);
   visitor->trace(m_parentStyleSheet);
   visitor->trace(m_parentRule);
 }

third_party/WebKit/Source/core/css/MediaList.h

@@ -24,6 +24,7 @@
 
 #include "bindings/core/v8/ScriptWrappable.h"
 #include "core/CoreExport.h"
+#include "core/css/MediaQuery.h"
 #include "core/dom/ExceptionCode.h"
 #include "platform/heap/Handle.h"
 #include "wtf/Forward.h"
@@ -38,46 +39,51 @@ class ExceptionState;
 class MediaList;
 class MediaQuery;
 
-class CORE_EXPORT MediaQuerySet : public GarbageCollected<MediaQuerySet> {
+class CORE_EXPORT MediaQuerySet : public RefCounted<MediaQuerySet> {
  public:
-  static MediaQuerySet* create() { return new MediaQuerySet(); }
-  static MediaQuerySet* create(const String& mediaString);
+  static RefPtr<MediaQuerySet> create() {
+    return adoptRef(new MediaQuerySet());
+  }
+  static RefPtr<MediaQuerySet> create(const String& mediaString);
 
   bool set(const String&);
   bool add(const String&);
   bool remove(const String&);
 
-  void addMediaQuery(MediaQuery*);
+  void addMediaQuery(std::unique_ptr<MediaQuery>);
 
-  const HeapVector<Member<MediaQuery>>& queryVector() const {
+  const Vector<std::unique_ptr<MediaQuery>>& queryVector() const {
     return m_queries;
   }
 
   String mediaText() const;
 
-  MediaQuerySet* copy() const { return new MediaQuerySet(*this); }
+  RefPtr<MediaQuerySet> copy() const {
+    return adoptRef(new MediaQuerySet(*this));
+  }
 
   DECLARE_TRACE();
 
  private:
   MediaQuerySet();
   MediaQuerySet(const MediaQuerySet&);
 
-  HeapVector<Member<MediaQuery>> m_queries;
+  Vector<std::unique_ptr<MediaQuery>> m_queries;
 };
 
-class MediaList final : public GarbageCollected<MediaList>,
+class MediaList final : public GarbageCollectedFinalized<MediaList>,
                         public ScriptWrappable {
   DEFINE_WRAPPERTYPEINFO();
 
  public:
-  static MediaList* create(MediaQuerySet* mediaQueries,
+  static MediaList* create(RefPtr<MediaQuerySet> mediaQueries,
                            CSSStyleSheet* parentSheet) {
-    return new MediaList(mediaQueries, parentSheet);
+    return new MediaList(std::move(mediaQueries), parentSheet);
   }
 
-  static MediaList* create(MediaQuerySet* mediaQueries, CSSRule* parentRule) {
-    return new MediaList(mediaQueries, parentRule);
+  static MediaList* create(RefPtr<MediaQuerySet> mediaQueries,
+                           CSSRule* parentRule) {
+    return new MediaList(std::move(mediaQueries), parentRule);
   }
 
   unsigned length() const { return m_mediaQueries->queryVector().size(); }
@@ -94,15 +100,15 @@ class MediaList final : public GarbageCollected<MediaList>,
 
   const MediaQuerySet* queries() const { return m_mediaQueries.get(); }
 
-  void reattach(MediaQuerySet*);
+  void reattach(RefPtr<MediaQuerySet>);
 
   DECLARE_TRACE();
 
  private:
-  MediaList(MediaQuerySet*, CSSStyleSheet* parentSheet);
-  MediaList(MediaQuerySet*, CSSRule* parentRule);
+  MediaList(RefPtr<MediaQuerySet>, CSSStyleSheet* parentSheet);
+  MediaList(RefPtr<MediaQuerySet>, CSSRule* parentRule);
 
-  Member<MediaQuerySet> m_mediaQueries;
+  RefPtr<MediaQuerySet> m_mediaQueries;
   // Cleared in ~CSSStyleSheet destructor when oilpan is not enabled.
   Member<CSSStyleSheet> m_parentStyleSheet;
   // Cleared in the ~CSSMediaRule and ~CSSImportRule destructors when oilpan is

third_party/WebKit/Source/core/css/MediaQuery.cpp

@@ -61,29 +61,29 @@ String MediaQuery::serialize() const {
     result.append(" and ");
   }
 
-  result.append(m_expressions.at(0)->serialize());
+  result.append(m_expressions.at(0).serialize());
   for (size_t i = 1; i < m_expressions.size(); ++i) {
     result.append(" and ");
-    result.append(m_expressions.at(i)->serialize());
+    result.append(m_expressions.at(i).serialize());
   }
   return result.toString();
 }
 
-static bool expressionCompare(const Member<MediaQueryExp>& a,
-                              const Member<MediaQueryExp>& b) {
-  return codePointCompare(a->serialize(), b->serialize()) < 0;
+static bool expressionCompare(const MediaQueryExp& a, const MediaQueryExp& b) {
+  return codePointCompare(a.serialize(), b.serialize()) < 0;
 }
 
-MediaQuery* MediaQuery::createNotAll() {
-  return new MediaQuery(MediaQuery::Not, MediaTypeNames::all,
-                        ExpressionHeapVector());
+std::unique_ptr<MediaQuery> MediaQuery::createNotAll() {
+  return WTF::makeUnique<MediaQuery>(MediaQuery::Not, MediaTypeNames::all,
+                                     ExpressionHeapVector());
 }
 
-MediaQuery* MediaQuery::create(RestrictorType restrictor,
-                               String mediaType,
-                               ExpressionHeapVector expressions) {
-  return new MediaQuery(restrictor, std::move(mediaType),
-                        std::move(expressions));
+std::unique_ptr<MediaQuery> MediaQuery::create(
+    RestrictorType restrictor,
+    String mediaType,
+    ExpressionHeapVector expressions) {
+  return WTF::makeUnique<MediaQuery>(restrictor, std::move(mediaType),
+                                     std::move(expressions));
 }
 
 MediaQuery::MediaQuery(RestrictorType restrictor,
@@ -95,11 +95,11 @@ MediaQuery::MediaQuery(RestrictorType restrictor,
   nonCopyingSort(m_expressions.begin(), m_expressions.end(), expressionCompare);
 
   // Remove all duplicated expressions.
-  MediaQueryExp* key = 0;
+  MediaQueryExp key = MediaQueryExp::invalid();
   for (int i = m_expressions.size() - 1; i >= 0; --i) {
-    MediaQueryExp* exp = m_expressions.at(i).get();
+    MediaQueryExp exp = m_expressions.at(i);
 
-    if (key && *exp == *key)
+    if (exp == key)
       m_expressions.remove(i);
     else
       key = exp;
@@ -112,7 +112,7 @@ MediaQuery::MediaQuery(const MediaQuery& o)
       m_serializationCache(o.m_serializationCache) {
   m_expressions.reserveInitialCapacity(o.m_expressions.size());
   for (unsigned i = 0; i < o.m_expressions.size(); ++i)
-    m_expressions.push_back(o.m_expressions[i]->copy());
+    m_expressions.push_back(o.m_expressions[i]);
 }
 
 MediaQuery::~MediaQuery() {}
@@ -130,8 +130,4 @@ String MediaQuery::cssText() const {
   return m_serializationCache;
 }
 
-DEFINE_TRACE(MediaQuery) {
-  visitor->trace(m_expressions);
-}
-
 }  // namespace blink