https://code.google.com/p/chromium/issues/detail?id=270000 Fixed in Blink: https://chromium.googlesource.com/chromium/blink/+/8b4d1c4dee0fbe311d3541623f1c48df3582a867 This patch introduces the new reference graph for SVG*TearOffs to resolve Node leaks. The graph is illustrated below: https://docs.google.com/presentation/d/1cKqC9wc_Ca5UTSCNE0DHQeXRxEtkerIxnp1MIIK5Jqk/edit?usp=sharing In the new reference graph, references from parent to child are made strong ref, and references from child to parent are made weak ref. For V8 references against TearOffs, a hidden reference to the context V8SVGElement is added to its wrappers to ensure contextElement() is alive while TearOffs are alive. This patch also contains fixes for bugs exposed from the reference graph change. SVGAnimateElement will ensure stopAnimValAnimation call even if it is destructed while animation is active. SMILElement/SVGAnimateElement is modified to observe lifetime shadow tree instances in addition to the lifetime of original element. [Reland] The animatedProperties are now detached by SVGElement::cleanupAnimatedProperties, called just after the most-derived-classes-dtor, while their animatedProperties are alive. This detach was previously done inside ~SVGElement in previous patches and caused various problems by referencing dead members of derived classes.