There's no IDL class for ShadowRoot, hence there's no toV8(ShadowRoot*) overload, and the following lines in toV8Slow(Node*): http://trac.webkit.org/browser/trunk/Source/WebCore/bindings/v8/custom/V8NodeCustom.cpp?rev=84520#L168 case Node::SHADOW_ROOT_NODE: return toV8(static_cast<ShadowRoot*>(impl), forceNewObject); will resolve toV8() to toV8(Node*), which will invoke toV8Slow(Node*) etc. This isn't normally exposed, as we do not expose ShadowRoot nodes in bindings -- yet this popped up when I started adding shadow DOM support to inspector, as one can access last inspected node in console via $0.
Created attachment 92079 [details] patch
LGTM, maybe rearrange cases to have a fall-through to default case.
Comment on attachment 92079 [details] patch with antonm's suggestion.
(In reply to comment #3) > (From update of attachment 92079 [details]) > with antonm's suggestion. Manually committed r85606 (changed as per Anton's comment): http://trac.webkit.org/changeset/85606